background image

DGS-6604 

m

CLI Reference Guide

      

 3

ip telnet service-port — 324

ip trusted-host — 325

login — 406

logout — 407

password encryption — 471

show history — 609

show ip trusted-host — 699

show username — 773

show user-session — 774

telnet — 892

terminal length — 897

terminal timeout — 898

terminal width — 899

username — 916

Basic IPv4

arp — 53

arp timeout — 54

clear arp-cache — 90

ip address — 226

show arp — 578

show ip interface — 651

Basic IPv6

clear ipv6 neighbors — 106

default ipv6 nd prefix — 150

ipv6 address — 330

ipv6 enable — 340

ipv6 hop-limit — 341

ipv6 nd managed-config-flag — 342

Summary of Contents for DGS-6600 Series

Page 1: ...0 9 3 ...

Page 2: ...elease 2 10 011 Date March 1 2012 Copyright Statement D Link Corporation 2011 2012 All rights reserved Without our written permission this document may not be excerpted reproduced transmitted or otherwise in all or part by any party by any means ...

Page 3: ...ich will be generally referred to as the switch within this manual This manual is written in a way that assumes that you already have the experience and knowledge of Ethernet and modern networking principles for Local Area Networks Document Organization Other Documentation The documents below are a further source of information in regards to configuring and troubleshooting the switch All the docum...

Page 4: ...ed to be used with the command Square brackets enclose an optional value or set of optional arguments a b c Braces enclose alternative keywords separated by vertical bars Generally one of the keywords in the separated list can be chosen a b c Optional values or arguments are enclosed in square brackets and separated by vertical bars Generally one of the vales or arguments in the separated list can...

Page 5: ...in the command line interface CLI The set of commands available to the user depends on both the mode the user is currently in and their privilege level For each case the user can see all the commands that are available in a particular command mode by entering a question mark at the system prompt The command line interface has four privilege levels Basic User Privilege Level 1 This user account lev...

Page 6: ...istrator level user accounts As for sub configuration modes a subset of those can only be accessed by users who have the highest secure administrator level privileges In user EXEC mode at advanced user level the user is allowed to enter privileged EXEC mode by entering the enable password In privileged EXEC mode the user is allowed to exit to the user EXEC mode at advanced user level by entering t...

Page 7: ...t basic user level except that a user in this mode and at this level can enter privileged EXEC mode by entering the enable command Privileged EXEC mode at Power User level For changing both local and global terminal settings monitoring and performing certain system administration tasks The system administration tasks that can be performed at this level includes the clearing of system configuration...

Page 8: ...nced user in privileged EXEC mode and uses the disable command to return to user EXEC mode at advanced user level Privileged EXEC Mode at Power User Level Users logged into the Switch in privileged EXEC mode at this level can change both local and global terminal settings monitor and perform system administration tasks like clearing configuration settings except for security related information su...

Page 9: ... a privilege level of 15 The second method requires a user to login to the Switch in as a user with an advanced user or power user level and and use the enable privilege LEVEL command In this command mode the user can return to user EXEC mode at an advanced user level by entering the disable command In the following example the user is currently logged in as an administrator in privileged EXEC mod...

Page 10: ...The exit command is used to exit global configuration mode and return to privileged EXEC mode The procedures to enter the different sub configuration modes can be found in the related chapters in this Configuration Guide The command modes are used to configure the individual functions Interface Configuration Mode Interface configuration mode is used to configure the parameters for an interface or ...

Page 11: ...st vlan 174 dot1x initialize 176 dot1x max req 177 dot1x pae authenticator 178 dot1x port control 179 dot1x re authenticate 180 dot1x re authentication 181 dot1x system auth control 182 dot1x timeout 183 dot1x user 184 show dot1x 596 show dot1x user 600 show dot1x vlan 599 AAA aaa authentication 27 aaa authorization 29 aaa group server 30 server 541 show aaa 572 show aaa group server 575 ...

Page 12: ...ny ip access list 473 permit deny ipv6 access list 476 permit deny mac access list 478 resequence access list 527 show access group 576 show access list 577 show time range 770 time range 905 Access Management banner login 57 command prompt 122 configure terminal 124 disable 159 enable 186 enable password 187 end 188 exit 189 help 216 ip http server 264 ip http service port 265 ip telnet server 32...

Page 13: ...ow username 773 show user session 774 telnet 892 terminal length 897 terminal timeout 898 terminal width 899 username 916 Basic IPv4 arp 53 arp timeout 54 clear arp cache 90 ip address 226 show arp 578 show ip interface 651 Basic IPv6 clear ipv6 neighbors 106 default ipv6 nd prefix 150 ipv6 address 330 ipv6 enable 340 ipv6 hop limit 341 ipv6 nd managed config flag 342 ...

Page 14: ...rface 706 show ipv6 interface brief 707 show ipv6 neighbors 708 Basic Switch show environment 603 show system 766 show unit 772 show version 775 BGP address family ipv4 37 aggregate address 38 bgp always compare med 67 bgp asnotation dot 68 bgp bestpath as path ignore 70 bgp bestpath compare routerid 72 bgp default ipv4 unicast 73 bgp default local preference 74 bgp deterministic med 75 bgp enforc...

Page 15: ...advertisement interval 444 neighbor description 445 neighbor filter list 446 neighbor peer group create group 447 neighbor peer group add group member 448 neighbor remote as 449 neighbor route map 450 neighbor send community 451 neighbor shutdown 452 neighbor timers 453 neighbor update source 454 neighbor weight 455 network BGP 460 redistribute 517 router bgp 532 set as path 549 set community 550 ...

Page 16: ...bgp 904 Broadcast Storm show storm control 764 storm control Interface 878 storm control action Interface 879 storm control level Interface 881 storm control timer Global 883 Chassis reboot 516 Digital Diagnostic Monitoring DDM ddm log 137 ddm state 138 ddm shutdown 139 ddm temperature 140 ddm voltage 141 ddm bias current 142 ddm tx power 143 ddm rx power 144 show ddm 590 show ddm status 591 show ...

Page 17: ...l prefix 704 DHCP Relay IPv4 ip dhcp relay 253 ip dhcp relay address 254 ip dhcp relay hops 255 ip dhcp relay information check 256 ip dhcp relay information option 257 ip dhcp relay information policy 259 ip dhcp relay information trust all 260 ip dhcp relay information trusted 261 show ip dhcp relay 629 show ip dhcp relay information trusted sources 630 DHCP Relay IPv6 ipv6 dhcp relay destinatio...

Page 18: ...clear ip dhcp conflict 101 clear ip dhcp server statistics 103 default router 155 dns server 162 domain name 163 ip address list 229 ip dhcp ping packets 250 ip dhcp ping timeout 251 ip dhcp pool 252 lease 381 netbios node type 456 netbios scope id 457 netbios wins server 458 next server 462 service dhcp 543 show ip dhcp binding 623 show ip dhcp conflict 625 show ip dhcp pool 626 show ip dhcp serv...

Page 19: ...tion option 234 ip dhcp snooping trust 235 ip dhcp snooping verify MAC address 247 ip dhcp snooping vlan 248 show ip dhcp snooping 634 show ip dhcp snooping binding 792 show ip dhcp snooping database 795 DoS Prevention clear dos prevention counter 92 dos_prevention action 164 dos_prevention type 165 show dos_prevention 594 DVMRP ip dvmrp 262 ip dvmrp metric 263 show ip dvmrp interface 635 show ip ...

Page 20: ...rps domain 796 show erps erpi 798 Errdisable errdisable recovery 205 show errdisable recovery 601 File System delete 156 dir 158 GVRP clear gvrp statistics interface 94 gvrp Global 209 gvrp Interface 210 gvrp advertise Interface 211 gvrp advertise VLAN 212 gvrp dynamic vlan creation 213 gvrp forbidden 214 gvrp timer 215 show gvrp configuration 606 show gvrp statistics 608 IGMP ip igmp access group...

Page 21: ...2 ip igmp snooping multicast router 274 ip igmp snooping immediate leave 276 ip igmp snooping querier 277 ip igmp snooping static group 278 show ip igmp snooping 645 show ip igmp snooping group 647 show ip igmp snooping mrouter 650 Interface clear counters 91 description 157 interface 221 interface range 222 show interface 610 show interface status err disabled 612 IP Utility ping 480 traceroute 9...

Page 22: ...n dhcp snooping 241 ip source binding 242 show ip source binding 808 show ip verify source 810 IPv6 Tunnel interface tunnel 223 ipv6 nd suppress ra 349 tunnel destination 913 tunnel mode 914 tunnel source 915 Jumbo Frame ip mtu 283 max rcv frame size 428 mtu 439 L2 FDB clear mac address table 112 mac address table aging destination hit 415 mac address table aging time 416 mac address table static ...

Page 23: ...lldp med clear lldp statistics 110 clear lldp neighbors 109 lldp dot1 tlv select 382 lldp dot3 tlv select 385 lldp fast count 387 lldp hold multiplier 388 lldp management address 389 lldp med tlv select 391 lldp receive 393 lldp reinit 394 lldp run 395 lldp tlv select 396 lldp transmit 398 lldp tx delay 399 lldp tx interval 400 show lldp 814 show lldp interface 816 show lldp local interface 818 sh...

Page 24: ...detection 725 Management Port ddm log 137 ip address management port 228 ip mtu management port 284 ipv6 address management port 333 ipv6 default gateway management port 334 mgmt if 430 show mgmt if 734 shutdown Management Port 790 Mirror monitor session 431 monitor session destination remote vlan 433 monitor session source remote vlan 437 remote span 526 show monitor session 735 MSTP instance 220...

Page 25: ...lt cost 39 area nssa 41 area range 43 area stub 45 area virtual link 47 auto cost reference bandwidth 55 clear ip ospf 104 default information originate BGP 146 default metric OSPF 151 host area 217 ip ospf authentication 286 ip ospf authentication key 287 ip ospf cost 288 ip ospf dead interval 289 ip ospf hello interval 290 ip ospf message digest key 291 ip ospf priority 292 ip ospf retransmit in...

Page 26: ...l 663 show ip ospf database network 664 show ip ospf database nssa external 666 show ip ospf database router 668 show ip ospf database summary 671 show ip ospf host route 673 show ip ospf interface 674 show ip ospf neighbor 676 show ip ospf virtual links 677 OSPFv3 area default cost IPv6 40 area range IPv6 44 area stub IPv6 46 area virtual link IPv6 51 auto cost reference bandwidth IPv6 56 clear i...

Page 27: ...pf area 368 passive interface IPv6 OSPF 464 redistribute IPv6 OSPF 520 router id IPv6 534 router ipv6 ospf 536 show ipv6 ospf 709 show ipv6 ospf border routers 711 show ipv6 ospf database 712 show ipv6 ospf interface 713 show ipv6 ospf neighbor 714 show ipv6 ospf route 715 show ipv6 ospf virtual links 716 show ipv6 protocols 717 Password Recovery password recovery 467 PIM ip pim 297 ip pim accept ...

Page 28: ...n interval 310 show ip pim 679 show ip pim bsr 680 show ip pim interface 681 show ip pim mroute 683 show ip pim neighbor 685 show ip pim rp mapping 687 show ip pim rp hash 688 POE poe port priority 482 poe port description 483 poe service policy 484 poe power inline 485 show poe power system 833 show poe power inline 835 Policy based Route ip policy route map 311 show ip policy 804 Port Security c...

Page 29: ...show ip protocols 689 show ip route 693 show ip route summary 697 QoS class 86 class map 87 color aware 121 match 419 police 487 police aggregate 492 police cir 493 policy map 497 qos aggregate policer 502 qos bandwidth 505 qos cos 506 qos deficit round robin 507 qos dscp mutation 510 qos map cos color 511 qos map dscp color 512 qos map dscp cos 513 qos map dscp mutation 514 ...

Page 30: ...nel 781 show vlan tunnel ctag mapping 784 vlan encapsulation 920 vlan remarking 922 vlan tunnel 924 vlan tunnel ctag mapping dynamic 925 vlan tunnel ctag mapping static 926 vlan tunnel ingress checking 927 vlan tunnel interface type 928 vlan tunnel remove inner tag 929 vlan tunnel tpid 930 RIP accept lifetime 34 default information originate RIP 148 default metric RIP 153 ip rip authentication key...

Page 31: ... 653 show ip rip database 691 show ip rip interface 692 timers 901 version 918 RIPng clear ipv6 rip 108 default information originate RIP IPv6 149 default metric RIP IPv6 154 ipv6 rip metric offset 358 ipv6 rip split horizon 359 ipv6 rip split horizon poisoned 360 ipv6 router rip 369 neighbor RIP IPv6 443 passive interface RIP IPv6 466 redistribute RIP IPv6 524 router ipv6 rip 535 show ipv6 protoc...

Page 32: ...ace 556 set ip default next hop 559 set ipv6 next hop 561 set default interface 563 set ipv6 default next hop 557 show route map 748 Safeguard clear cpu protect counters 93 cpu protect type 132 cpu protect safeguard 130 cpu protect sub interface 135 show cpu protect safeguard 586 show cpu protect type 587 show cpu protect sub interface 589 sFlow sflow 566 sflow receiver 567 sflow sampler 569 sflow...

Page 33: ...p 846 snmp server engineID local 848 snmp server group 849 snmp server host 851 snmp server location 853 snmp server user 854 snmp server view 856 system name 891 SSH crypto key 136 ip ssh 321 show ip ssh 698 show ssh 762 ssh 838 STP clear spanning tree detected protocols 115 show spanning tree 757 spanning tree Global configuration 859 spanning tree Interface configuration 860 spanning tree timer...

Page 34: ...tree tcnfilter 874 spanning tree transmit hold count 875 Switch Port duplex 185 flowcontrol 207 media type 429 shutdown interface 789 speed 876 Syslog clear logging 111 logging file 401 logging host 402 logging level 404 logging on 405 show logging 727 System File Management boot config 79 boot image 82 clear running config factory defaults 114 copy 125 show boot 579 show running config 749 show s...

Page 35: ...tation 771 traffic segmentation forward 910 VLAN access vlan 36 acceptable frame 33 dot1v binding protocol group 167 dot1v protocol group 168 hybrid vlan VLAN ID 218 ingress checking 219 mac base VLAN 418 pvid VLAN ID 501 show dot1v 595 show vlan 776 subnet base VLAN 885 trunk allowed vlan 912 vlan 919 vlan name 921 VRRP show vrrp 785 show vrrp brief 788 vrrp critical ip 935 vrrp ip 937 ...

Page 36: ...eference Guide 26 vrrp preempt 938 vrrp priority 940 vrrp shutdown 942 vrrp timers advertise 943 Voice Vlan show vlan voice vlan 801 switchport voice vlan state 840 voice vlan 931 voice vlan cos 932 voice vlan oui 933 ...

Page 37: ...ax Description login Optional Enable authentication for normal login mode Enter the console telnet or http keyword If neither login nor enable are specified both login and enable are implied enable Optional Enable authentication for normal enable mode Enter the console telnet or http keyword If neither login nor enable are specified both login and enable are implied console Optional Specifies that...

Page 38: ...to 2 defined methods The process continues until either the user is authenticated successfully or all methods listed are exhausted Note that if at any point access is denied by an authentication method employed the authentication process is stopped no more methods are eligible and no other attempts to authenticate are made The local method for authentication uses locally configured login and enabl...

Page 39: ... will use configuration settings authorized by the RADIUS server in addition to the RADIUS server authentication function Settings can include VLAN assignment user priority assignment and bandwidth assignment If AAA authorization is disabled the system only accepts the authentication function from the RADIUS server and ignore any additional configuration settings supplied by the RADIUS server Exam...

Page 40: ...up server command to enter AAA group server mode If the group name specified does not exist the switch creates the new group Once in AAA group server mode use the server command to define and configure servers added to the group Example The following example shows the network access server configured to recognize several RADIUS host entries The second host entry configured acts as fail over backup...

Page 41: ...HCP server validates the value to ensure it matches the hardware type and client hardware address If the values match the DHCP server provides service to the client If the values do not match the DHCP server does not respond to the client s request If the command is used to set the validation to not check the DHCP Client Identifier value sent by the client then the DHCP server only checks the matc...

Page 42: ...the command If only the circuit id or remote id is specified it implies that it only accepts DHCP packets containing either only a circuit id or a remote id Examples The following example sets DHCP pool1 to accept circuit id and remote id relay agent information The following example sets DHCP pool1 to not accept remote id relay agent information Syntax Description circuit id Optional Agent Circui...

Page 43: ...e frame type is tagged only only tagged packets of incoming packets will be received by the interface and untagged packets will be dropped If untagged only only untagged packets will be received and tagged packets will be dropped If admit all all packets will be received Example This example shows how to set the acceptable frame type to tagged only of eth3 1 Verify the settings by entering the sho...

Page 44: ...pecified by the key command is valid to be received The syntax can be either of the following HH MM SS MONTH DATE YEAR HH MM SS DATE MONTH YEAR HH hours MM minutes SS seconds MONTH first three letters of the month DATE date 1 31 YEAR year four digits The default start time and the earliest acceptable date is January 1 1993 infinite Key is valid to be received from the start time value on END TIME ...

Page 45: ...h config if exit Switch config router rip Switch config router network 172 19 0 0 8 Switch config router version 2 Switch config router exit Switch config key chain chain1 Switch config keychain key 1 Switch config keychain key key string forkey1string Switch config keychain key accept lifetime 13 30 00 Jan 25 2009 duration 7200 Switch config keychain key send lifetime 14 00 00 Jan 25 2009 duratio...

Page 46: ...default the port has access VLAN 1 The following applies to access VLANs An interface can be specified with only one access VLAN The succeed ing command overwrites the previous command When this command is applied the port will change to Access mode If the port has been configured for other modes Access mode will overwrite the previous mode The port s PVID is changed to the specified VLAN Examples...

Page 47: ...ghbor remote as command unless the no bgp default ipv4 unicast command is used before configuring the neighbor remote as command For all settings configured for IPv4 unicast the settings also appear in BGP router configuration mode That is for address family associated settings the settings defined in IPv4 unicast address family mode is equivalent to the settings defined in the router configuratio...

Page 48: ...ic routes to all neighbors The as set parameter creates an aggregate entry advertising the path for this route consisting of all elements contained in all paths being summarized Use the as set parameter to reduce the size of the path information by listing the AS number only once even if it was included in multiple paths that were aggregated The as set parameter is useful when aggregation of infor...

Page 49: ...l routers and access servers attached to the stub area the area should be configured as a stub area using the area stub option the area default cost command is used only on an ABR attached to the stub area The default cost provides the metric for the summary default route generated by the ABR into the stub area Example The following example assigns a default cost of 20 to stub network 10 0 0 0 Ver...

Page 50: ...rea command Use the area default cost command only on an ABR attached to the stub area The default cost option provides the metric for the summary default route generated by the ABR into the stub area Examples The following example assigns a default cost of 10 to stub area 1 Syntax Description AREA ID Identifier of the area about which routes are to be summarized It can be specified as either a de...

Page 51: ...A The identifier can be specified as either a decimal value or an IP address no redistribution Optional Type 7 external routes will not be re distributed to the NSSA When the user specifies to redistribute routes to the OSPF process external routes will always be redistributed to the normal area This function only takes effect when the router is an autonomous system boundary router ASBR default in...

Page 52: ...R NSSA re distribution external routes will only be redistributed to the NSSA when redistribution is configured for the associated OSPF process The external routes from other areas within the same AS will not be injected to the NSSA For an ASBR a Type 7 default route will be generated into the NSSA when it exists in the redistributed routes For an ABR when this option is specified the type 7 defau...

Page 53: ... for many different sets of address ranges For the same area this command can also be specified multiple times Example This example shows how to set one summary route to be advertised by the ABR to other areas for all subnets on network 192 168 0 0 Verify the settings by entering the show ip ospf command Syntax Description AREA ID Specifies the identifier of the area for which routes are summarize...

Page 54: ...ch address range Examples The following example specifies one summary route to be advertised by the Area Border Routers to other areas for IPv6 prefix 2001 0DB8 0 1 64 and for the Router ID 20 0 1 10 Syntax Description AREA ID Identifier of the area for which routes are to be summarized It can be specified as either a decimal value or as an IPv4 prefix IPv6 PREFIX IPv6 prefix PREFIX LENGTH IPv6 pr...

Page 55: ...to the stub area configure the area using the area stub command Use the area default cost command only for ABRs attached to the stub area To prevent advertising LSA summaries into a stub area use the no summary option on ABRs attached to the stub area The area is defined as a totally stubby area using the area stub no summary command on the ABR The default summary route Type 3 will be generated to...

Page 56: ...te generated by the ABR into the stub area Use the no summary argument with this command to define a totally stubby area When routers in the area do not require to learn about summary LSAs from other areas then a totally stubby area should be defined To define a totally stubby area configure the ABR of that area using the area stub no summary command Examples In the following example the area stub...

Page 57: ...ing is 1 65535 dead interval SECONDS Specifies the interval in seconds during which no packets are received and after which a neighbor is regarded as off line The valid setting is 1 65535 transmit delay SECONDS The interval the router waits before it transmits a packet The valid setting is 1 65535 retransmit interval SECONDS The interval the router waits before it retransmits a packet The valid se...

Page 58: ...s attached to a common network A short hello interval results in the router detecting topological changes faster but also an increase in the routing traffic As with the hello interval the value of dead interval must be the same for all routers and access servers attached to a common network The retransmit interval is the expected round trip delay between any two routers in a network Set the value ...

Page 59: ... the first one authenticated by key 100 and the second one authenticated by key 101 Rollover allows neighboring routers to continue communication while the network administrator is updating them with the new key Rollover stops once the local system finds that all its neighbors know the new key The system detects that a neighbor has the new key when it receives packets from the neighbor authenticat...

Page 60: ...settings by entering the show ip ospf virtual links command Switch configure terminal Switch config router ospf 1 Switch config router area virtual link 192 168 255 1 authentication key yourpass Switch config router area 1 virtual link 192 168 255 1 authentication ...

Page 61: ...hich the virtual link is configured is known as a transit area and it must have the full routing information The transit area cannot be a stub area Syntax Description AREA ID Specifies the area ID assigned to the virtual link This can be either a decimal value or a valid IPv4 address There is no default ROUTER ID Specifies the router ID associated with the virtual link neighbor This can be either ...

Page 62: ...ue of dead interval must be the same for all routers and access servers attached to a common network The retransmit interval is the expected round trip delay between any two routers in a network Set the value to be greater than the expected round trip delay to avoid needless retransmissions The transmit delay is the time taken to transmit a link state update packet on the interface Before transmis...

Page 63: ...ore the IP addresses and the corresponding MAC address so that the addresses will not have to be repeatedly resolved Static and permanent entries are used for devices that exchange data on a regular basis To remove all non static entries from the ARP cache use the clear arp cache command Example This example shows how to add static ARP entry for a typical Ethernet host Verify the settings by enter...

Page 64: ... VLAN interfaces are valid for this command Example This example shows how to set the ARP timeout to 12000 seconds to allow entries to time out faster than the default setting Verify the settings by using show ip interface command Syntax Description SECONDS Number of seconds that dynamic entries will remain in the ARP table before being deleted valid values are from 0 to 65535 Switch config interf...

Page 65: ...dth is 100Mbps For example a 100Mbps will have a metric of 1 and a 64K link will have a metric of 1562 The auto cost command is used to differentiate high bandwidth links For multiple links with high bandwidth specify a larger reference bandwidth value to differentiate costs on those links Before the cost is changed to the manual configuration mode the cost must be configured in advance Example Th...

Page 66: ...Default MBPS 100 Command Mode Router configuration Usage Guideline The IPv6 OSPF metric is calculated as the Mbps value divided by the bandwidth with Mbps equal to 100 by default and bandwidth determined by the bandwidth command The calculation gives Fast Ethernet a metric of 1 Examples The following example sets the auto cost reference bandwidth to 1000 Mbps Syntax Description MBPS MBPS Rate in M...

Page 67: ...Enter the banner login command followed by a desired display string and then execute the command by pressing ENTER to complete the modification When a multiple lines banner is needed use special character sequences such as n which represents a new line and r which represents a carriage return However if n or r is required to be displayed as part of the string in the line then both n and r must be ...

Page 68: ...de 58 Example This example shows how to modify the banner login message Switch 12 config banner login DGS 6604 Chassis Ethernet Switch Command Line Interface Access for authorized users only Please enter your username and password Switch 12 ...

Page 69: ... the DHCP server validates the value to ensure the client identifier optional field matches the configured Client Identifier If the values match the DHCP server provides service to the client If the values do not match the DHCP server does not respond to the client s request Multiple based on client id commands create a list of client ids for the DHCP address pool When any request has a match in t...

Page 70: ... VIDs created by based on c vid commands take effect on the corresponding DHCP address pool However this command will be combined with logical AND operations with the other rules set by other based on commands For example if the first rule is based on c vid 100 and there is another based on s vid 200 command then the address pool will only assign an IP address to the client with C VID 100 and S VI...

Page 71: ...ion Usage Guideline An additional rule can be set for a DHCP address pool based on interface IP address All of the DHCP IP address assignment rules take effect on the corresponding DHCP address pool A based on command will be combined using logical AND operations with the other rules set by all other based on commands Examples The following example sets a rule used for the IP address assignment DH...

Page 72: ...rations with the other rules is set by all other based on commands For example if the first rule is based on mac address 00 80 00 11 22 00 00 80 00 11 22 FF and there is another based on c vid 200 command the address pool will only assign an IP address to the client with a MAC address in range of 00 80 11 22 xx and with its C VID 200 Other than that no IP address is offered from the corresponding ...

Page 73: ...eline An additional rule can be set for DHCP address pool for each relay IP address All of the DHCP IP address assignment rules take effect to the corresponding DHCP address pool All of the based on commands will be combined using logical AND operations with other rules set by all the other based on commands Examples The following example sets a rule used for IP address assignment DHCP IP address ...

Page 74: ... all of S VID created by based on s vid commands take effect on the corresponding DHCP address pools However this command will be combined using logical AND operations with the other rules set by other based on commands For example if the first rule is based on s vid 100 and there is another based on c vid 200 command then the address pool will only assign an IP address to the client with C VID 20...

Page 75: ...rations with the other rules set by all the other based on commands For example if the first rule is based on user class alpha and there is another based on c vid 200 command the address pool will only assign an IP address to the client which has C VID 200 and user class as alpha Examples The following sets a rule used for IP address assignment based on the user class alpha from DHCP address pool1...

Page 76: ...ID string is compared with the specified string If the received string is longer than the specified string then the excess characters are ignored For example specifying MSFT will match both Win98SE ME and 2000 XP This command will be combined using logical AND operations with the other rules set by all the other based on commands For example if the first rule is based on vendor class string MSFT 5...

Page 77: ...f the parameters that is considered when selecting the best path among many alternative paths The path with a lower MED is preferred over a path with a higher MED During the best path selection process MED comparison is done only among paths from the same autonomous system The bgp always compare med command is used to change this behavior by enforcing MED comparisons between all paths regardless o...

Page 78: ...AS numbers in the range from 65536 to 4294967295 RFC 5396 documents three methods of representing autonomous system numbers BGP has implemented the following two methods Asplain Decimal value notation where both 2 byte and 4 byte AS num bers are represented by their decimal value For example 65525 is a 2 byte AS number and 65545 is a 4 byte autonomous system number Asdot Autonomous system dot nota...

Page 79: ...0 65636 80 i Total Entries 2 entries 2 routes Switch config terminal Switch config router bgp 1 6553465636 Switch config router bgp asnotation dot Switch config router end Switch clear ip bgp Switch show ip bgp BGP table version is 30 local router ID is 10 10 11 50 Status codes s suppressed d damped h history valid best i internal S Stale Origin codes i IGP e EGP incomplete Network Next Hop Metric...

Page 80: ... determination then the largest LOCAL_PREF is used to determine the preferred route 4 If the preferred route can still not be determined then the route with the short est AS_PATH list is preferred 5 If the preferred route can still not be determined then lowest origin type is preferred 6 If the preferred route can still not be determined then the lowest MED is pre ferred 7 If the preferred route c...

Page 81: ...ignore bgp bestpath compare router id or bgp default local preference to customize the path selection process Example This example shows how to configure to ignore the AS path as the best path for autonomous system 65534 Switch config router bgp 65534 Switch config router bgp bestpath as path ignore ...

Page 82: ...ne When comparing similar routes from peers the BGP router does not consider the router ID of the routes By default it selects the first received route Use this command to include the router ID in the selection process When enabled similar routes are compared and the route with the lowest router ID is selected Unless manually defined the router ID is the highest IP address on the router with prefe...

Page 83: ...on bgp default ipv4 unicast no bgp default ipv4 unicast Syntax None Default bgp default ipv4 unicast Command Mode Router configuration Usage Guideline The bgp default ipv4 unicast command is used to enable the automatic exchange of IPv4 address family prefixes Example This example shows how to configure BGP defaults and activate ipv4 unicast of a peer by default for autonomous system 65534 Switch ...

Page 84: ... used to apply a degree of preference to a route during the BGP best path selection process This attribute is exchanged only between iBGP peers and used to determine local policy The route with the highest local preference becomes the preferred route Example This example shows how to configure default value of the local preference to 200 for autonomous system 65534 Verify the settings by entering ...

Page 85: ...us system will be grouped together and sorted by the ascending MED value received only paths are ignored and not grouped or sorted The best path selection algorithm then picks the best paths using the existing rules the comparison is first made on a per neighbor autonomous system basis and then on a global basis The grouping and sorting of paths occurs immediately after this command is entered For...

Page 86: ...al neighbor that do not have the neighbor s configured Autonomous System AS at the beginning of the AS path in the received update must be denied Enabling this feature adds to the security of the BGP network by not allowing traffic from unauthorized systems Example This example shows how to enable the security of the BGP network for autonomous system 65534 All incoming updates from eBGP peers are ...

Page 87: ...hbor resets might indicate high error rates or high packet loss in the network and should be investigated The neighbor status change messages are not tracked if the bgp log neighbor changes command is not enabled The exception to this is for a reset reason which is always available as output of the show ip bgp neighbors and show bgp ipv6 neighbors commands The logs for BGP neighbor changes will di...

Page 88: ...a physical interface Command Mode Router configuration Address family configuration Usage Guideline The bgp router id command is used to configure a fixed router ID for a BGP routing The router ID specified must be unique within the network This command resets all active BGP peering sessions Example This example shows how to change the router ID with 192 168 1 1 Syntax Description IP ADDRESS Confi...

Page 89: ...pdate and an error message to be displayed During initialization the factory default configuration is used when the boot config setting does not exist or when it is null such as at a first time start up If the software detects a problem with the boot config file the device uses the factory default configuration for system boot up When using the no form of this command the boot configuration resets...

Page 90: ...as the startup configuration file Verify the settings by entering the show boot command The following example shows the result of specifying the incorrectly formed file yyy config as the startup configuration file T Switch configure terminal Switch config boot config flash switch config Switch config end Switch configure terminal Switch config boot config flash yyy config exe Illegal configuration...

Page 91: ... the default boot image for a Dynamic Host Configuration Protocol DHCP client The boot image can be located in the same DHCP server or other network servers Examples The following example specifies mdubootfile as the name of the boot file for DHCP pool1 Syntax Description URL Specifies the path name and file name of the file that is used as a boot image The maximum allowed string length is 127 cha...

Page 92: ... user to check a new image file format to verify whether it is suitable to be a boot image or not The option verfies and displays information such as the file name content version number time stamp it any checksum file size etc The check option compares the information with that in the current boot image file If the storage media for the specified URL filename does not exist an error message is di...

Page 93: ... Guide 83 Verify the settings by entering the show boot command Switch configure terminal Switch config boot image flash images switch_image1 had Checking image at local flash images switch_image1 had Done Update bootlist Done Success ...

Page 94: ...sical port interface is allowed to specify the channel group The no command removes the interface from the channel group If the channel group has no member port left after removal it is deleted automatically Configuration of a channel group has the following limitations If dot1x port security IP MAC Port binding MAC AC or WAC are enabled for a port the port cannot be specified as a channel group m...

Page 95: ...ce speed setting in the same channel group LACP protocol behavior will choose the members that have the same speed to for the link aggregation Example This example shows how to configure a channel group It assigns the eth3 4 to 3 5 to port channel 3 with the LACP mode active Verify the settings by entering the show channel group command Switch config interface range eth3 4 3 5 Switch config if cha...

Page 96: ...ommand and police command to define the QoS policy for the class class default is the reserved name for the default class All the traffic that does not match any defined class will be classified to class default Examples This example shows how to define a policy map policy1 which defines policies for class class dscp red The packet that matches DSCP 10 12 or 14 will be set to new DSCP 10 and polic...

Page 97: ...ed against the match criteria for a class map to determine if the packets belong to that class When configuring a class map use one or more match commands to specify multiple match criteria For example use the match access list command the match protocol command the match vlan command the match dscp command the match precedence command or the match cos command When configuring multiple match comma...

Page 98: ...user or match ipv6 protocol will be included in class_home_user Verify the settings by entering the show class map command Switch config class map match any class_home_user Switch config cmap match access list acl_home_user Switch config cmap match protocol ipv6 Switch config cmap exit Switch config ...

Page 99: ...be put onto the locked out list This command can be used to unlock the locked out users If the USERNAME you specified doesn t exist an error message will be shown Example This example shows how to unlock a fictional user called jane whom has been locked out You can verify your settings by entering the show aaa user locked command Syntax Description USERNAME Specify the name of the user who you wan...

Page 100: ...ommand is used to delete dynamic entries from the ARP cache The user can select to delete all dynamic entries specific dynamic entries or dynamic entries that are associated with a specific IP interface Example This example shows how to removes all dynamic entries from the ARP cache Syntax Description INTERFACE ID Optional Removes only the ARP table entries associated with this interface such as f...

Page 101: ...les This example shows how to clear counters of interface eth3 10 The following example will clear all of physical ports statistic counters The following example will clear eth 3 1 3 24 physical port s statistic counters Syntax Description INTERFACE ID Optional Specifies the interface ID If no interface is specified all counters on applicable interfaces physical ports will be cleared Switch clear ...

Page 102: ...DoS prevention to zero Examples This example shows how to clear counters Below is an example of using the show dos_prevention command to display the DoS frame counts Switch config clear dos_prevention counter Switch config Switch config show dos_prevention DoS Prevention Information Action Drop Frame Counts 242 DoS Type State Land Attack Enabled Blat Attack Enabled Smurf Attack Enabled TCP Null En...

Page 103: ... following example shows how to clear all cpu protect related statistics Syntax Description sub interface manage protocol route Option Clear the cpu protect related counters of all sub interfaces if no sub interface name is specified Specify the sub interface name to clear the counter of the specific sub interface type PROTOCOL NAME Optional Clear the cpu protect related counters of all protocols ...

Page 104: ...mand clears the GVRP counters If the interface ID is not specified all GVRP counters for all interfaces will be cleared Example This example shows how to clear the GVRP statistics on all interfaces Syntax Description INTERFACE ID Optional Specifies the interface to be cleared If no interface is specified the statistics on all interfaces will be cleared Optional Specifies a series of interfaces or ...

Page 105: ...ound neighbor sessions will not be reset Use this form of the command in the following situations Additions or modifications are made to the BGP related access lists Modifying the BGP related weights Modifying the BGP related distribution lists Modifying the BGP related route maps Syntax Description Specifies that all current BGP sessions will be reset AUTONOMOUS SYSTEM NUMBER Specifies that sessi...

Page 106: ...situations Additions or modifications to BGP related access lists Modifying the BGP related weights Modifying the BGP related distribution lists Modifying the BGP related route maps If inbound routing tables are reset all BGP routers must support route refresh capability RFC 2918 Example In the following example the BGP session is reset for BGP neighbor 172 5 78 12 Switch clear ip bgp 172 5 78 12 ...

Page 107: ...onfigured for inbound or outbound sessions Use this command whenever any of the following changes occur Additions or modifications to the BGP related access lists Modifications to BGP related weights Modifications to BGP related distribution lists Modifications to BGP related route maps The route refresh capability as defined in RFC 2918 allows the local router to reset inbound routing tables dyna...

Page 108: ...capability use the clear ip bgp peer group command with the in keyword It is not necessary to use the soft keyword because soft reset is automatically assumed when the route refresh capability is supported Examples In the following example all members of the BGP peer group named INTERNAL are reset In the following example a soft reconfiguration is initiated for the inbound session with members of ...

Page 109: ...f both the pool NAME option and the ADDRESS option are not specified it is assumed that all bindings in all pools are to be deleted If the pool NAME option is specified without the ADDRESS option being specified then all the bindings in the specified pool will only be cleared If the pool NAME option and an IP ADDRESS is specified the specified binding will be deleted from the specified pool Exampl...

Page 110: ...LI Reference Guide 100 The following example deletes address binding 10 13 2 99 from the address pool named pool2 Verify the settings by entering the show ip dhcp binding command switch clear ip dhcp pool pool2 binding 10 13 2 99 switch ...

Page 111: ...P ADDRESS is speci fied the system parses all the DHCP pools for the address of the speci fied conflict If the pool NAME option is not specified and no IP ADDRESS is speci fied then the system deletes all address conflicts from all DHCP pools If the pool NAME option is specified but no IP ADDRESS is specified then all conflicts in the specified pool will only be cleared If both the pool NAME optio...

Page 112: ...DGS 6604 m clear ip dhcp conflict CLI Reference Guide 102 The following example deletes all the address conflicts from the address pool named pool1 switch clear ip dhcp conflict pool pool1 switch ...

Page 113: ...n Protocol DHCP server counters clear ip dhcp server statistics Syntax None Default None Command Mode Privileged EXEC Usage Guideline This command clears all of the DHCP statistic counters That is all of counters will be initialized or set to zero Example The following example resets all DHCP counters to zero switch clear ip dhcp server statistics switch ...

Page 114: ...start the OSPF routing process The following is a situation where this command can be used When a new route ID is configured it will not take effect until next time the switch is booted When the OSPF process is restarted by this com mand the new router ID will take effect immediately without having to reboot the switch Example This example shows how to restart all of OSPF processes Switch enable S...

Page 115: ...mand restarts DHCP for an IPv6 client on a specified interface after first releasing and un configuring the previously acquired prefixes and other configuration options for example Domain Name System DNS servers Example The following example restarts the DHCPv6 client for interface vlan1 Syntax Description INTERFACE NAME Specifies the identifier of the switch interface on which to restart the DHCP...

Page 116: ... IPv6 neighbor information clear ipv6 neighbors IFNAME Syntax None Default None Command Mode Privileged EXEC Usage Guideline The command clear ipv6 neighbors will only clear dynamic entries Example This example shows how to clear instances of IPv6 neighbors Switch enable Switch clear ipv6 neighbors vlan1 Switch ...

Page 117: ...d repopulated the SPF algorithm will be performed Use the PROCESS ID option to clear only one IPv6 OSPF process If the PROCESS ID option is not specified all IPv6 OSPF processes are cleared Example The following example restarts the SPF algorithm by clearing the IPv6 OSPF processes from the database Syntax Description PROCESS ID Optional Internally used identification parameter for an IPv6 OSPF ro...

Page 118: ...the IPv6 RIP routing table use the clear ipv6 rip command clear ipv6 rip Syntax None Default None Command Mode Privileged EXEC Usage Guideline All IPv6 RIP routes are deleted Examples The following example deletes all the IPv6 routes for the RIP process Switch enable Switch clear ipv6 rip ...

Page 119: ...thout interface keyword all neighboring information on all interfaces will be deleted Example This example shows how to delete all neighboring information on all interfaces Syntax Description INTERFACE ID Optional Delete LLDP neighboring information for a specific interface Valid interfaces are physical interfaces Optional Specifies a series of physical interfaces No space before or after the comm...

Page 120: ...ce s If the command clear lldp statistics is issued without interface keyword only global LLDP statistics will be cleared Example This example shows how to reset all LLDP statistics Syntax Description interface INTERFACE ID Optional Specifies the interface to clear LLDP neighboring information Valid interfaces are physical interfaces optional Specifies a series of physical interfaces No space befo...

Page 121: ...ages from the system logging buffer clear logging Syntax None Default None Command Mode Privileged EXEC Usage Guideline Use this command to clear log messages from the logging buffer Example The following example to show how to clear log messages in buffer Switch enable Switch clear logging Switch ...

Page 122: ...mand Mode Privileged EXEC Usage Guideline When using the address MAC ADDR argument only the dynamic entries will be cleared Example This example shows how to remove a specific MAC address from the dynamic address table Verify the information was deleted by entering the show mac address table command Syntax Description address MAC ADDR Delete the specified dynamic MAC address interface INTERFACE ID...

Page 123: ... addresses from the MAC address table If the clear port security interface INTERFACE ID command is entered all the secure MAC addresses auto learned on the specified interface are removed from the MAC address table Example This example shows how to remove a specific secure address from the MAC address table This example shows how to remove all the secure MAC addresses auto learned on a specific in...

Page 124: ...the system When the clear running config factory defaults command is entered the system resets the running configuration with the factory default settings Since the command clears all of system configuration settings including IP parameters any remote management applications will loose their connections Therefore before proceeding a confirmation should be applied In addition it is suggested to rel...

Page 125: ...2 1D BPDUs on one of its ports when it is connected to a legacy bridge An MST bridge can detect that a port is at the boundary of a region when it receives a legacy BPDU or an MST BPDU that is associated with a different region These mechanisms are not always able to revert to the most efficient mode For example an RSTP bridge that is designated for a legacy 802 1D stays in 802 1D mode even after ...

Page 126: ...gs between a customer VLAN tag and source IP in the switch software When the setting of a VLAN tunnel is changed as for example its interface type or TPID then the new setting could for example cause the system to send out control packets with the wrong customer VLAN tag In this situation use this command to clear the incorrect dynamically learned mapping entries to re learn the correct customer V...

Page 127: ...e configured clock will not be stored in the configuration file If the clock is manually set and the SNTP server is configured the system will still try to sync the clock with the server If time sync is successful the SNTP server set time replaces the manually set time If the SNTP state changes from enabled to disabled the system clock continues operations but no longer attempts to sync time with ...

Page 128: ...ek day week and month Use the date mode to make the time change begin and end on specified calender dates The syntax for both modes uses the first portion of the parameter to express the beginning of the time adjustment period while the ending of the period is expressed in the second portion Syntax Description recurring Indicates that a summer seasonal time change should start and end on the speci...

Page 129: ...specify that summer time starts on the first Sunday in April at 2 a m and ends on the last Sunday in October at 2 a m Verify the settings by entering the show clock command Switch configure terminal Switch config clock summer time recurring 1 sun April 2 00 last sun October 2 00 Switch config end ...

Page 130: ...er refers to the UTC time The local time will be calculated based on UTC time time zone and the daylight saving configuration Example The following example shows how to set the time zone to Pacific Standard Time PST which is 8 hours behind UTC Verify the settings by entering the show clock command Syntax Description means time to be added to the UTC means time to be subtracted from the UTC HOURS O...

Page 131: ...S based on the CoS to color map If the configured policer operates in color blind mode then the policer metering result determines the final color Examples The following example creates the policy map pcolor map1 and configures the policy of running color aware mode and two rate policing for the class1 class in the policy map The following example attach the pcolor map1 policy map to eth3 1 and se...

Page 132: ... in the prompt Either one or both settings can be changed If the user selects to use the product name or the system name as the prompt only the first 8 characters are taken The prompt will be changed immediately after the command is executed Examples This example shows how to change the prompt to use the system name The following example shows how to set the command prompt back to default setting ...

Page 133: ...123 The following example shows how to hide the privilege information from the console prompt This example shows define alpha as the console prompt DGS 6600 15 command prompt no level DGS 6600 DGS 6600 15 command prompt level string alpha alpha 15 ...

Page 134: ...igure terminal Syntax None Default None Command Mode Privileged EXEC Usage Guideline Entering into the configuration mode allows configuration settings of the switch to be entered or modified i e performing switch configuration Example This example shows how to enter into the configuration mode Switch configure terminal Switch config ...

Page 135: ...up configuration If the system log is specified as the SOURCE URL the system log can be retrieved to TFTP server If the startup config is specified as the SOURCE URL the purpose is to upload the startup configuration and save it as a file in the file system or as the running configuration DESTINATION URL Specifies the destination URL as the target for the copied file The URL has two forms One of t...

Page 136: ... Notice If the source is a system log and the destination is a file the current system log information is saved to NVRAM with the specified name Be aware that any copy running config action does not imply any system log copy or saving action To represent a file in the remote TFTP server the URL must be prefixed with tftp If the SOURCE URL or DESTINATION URL is a tftp server it uses switch port to ...

Page 137: ... memory and use it for the next boot configuration Switch copy tftp 10 1 1 254 config switch config txt running config Configure using 10 1 1 254 config switch config txt y n n y Finished network download 134 bytes Apply to system configuration Completed Switch Switch copy running config tftp 10 1 1 254 config switch config txt Upload configuration to tftp 10 1 1 254 config switch config txt y n n...

Page 138: ...e VLAN remarking Syntax Description NEW COS Specifies the new COS value to be added into the outer priority tag for VLAN encapsulation Alternatively it is used to replace the priority tag for VLAN remarking The available value is 0 7 C VID Optional Specifies the receiving packet with the inner VLAN customer VLAN ID CVID in this list it will use the new COS value and it will be added into the outer...

Page 139: ...kets at Ethernet 4 1 as priority of 7 4 Remark C VID 101 packet priority as 3 and others use priority 7 remarking 5 Change the interface as CoS trusted That is C VID 101 will be priority remarking C VID 102 104 still remained in customer CoS trusted state and interface has been set as Customer CoS trusted 6 The system will trust all of incoming packets CoS because C VID is set as Customer CoS trus...

Page 140: ...way to limit the bandwidth is project dependent You can use the command cpu protect safeguard to configure the threshold and enable the Safeguard Engine The command no cpu protect safeguard is used to disable Safeguard Engine The command no cpu protect safeguard will reset both the rising and falling thresholds and disable the state of Safeguard Engine Example The following example shows how to co...

Page 141: ...CLI Reference Guide 131 The following example shows how to disable Safeguard Engine and reset threshold to default value You can verify your settings by entering show cpu protect safeguard command Switch config no cpu protect safeguard ...

Page 142: ... the reference for the supported protocols for the cpu protect type command According to the purpose of packets destined to CPU the router creates three virtual sub interfaces to process the packets manage The packets are destined to one of the router interfaces via the interactive access protocol such as Telnet and SSH protocol The packets are protocol control packets which can be identi fied by ...

Page 143: ...ol icmp Internet Control Message Protocol IPv4 protocol icmpv6 ndp ICMP Neighbor Discover Protocol NS NA RS RA Redirect IPv6 protocol icmpv6 other ICMP except NDP NS NA RS RA Redirect IPv6 protocol igmp Internet Group Management Protocol IPv4 protocol lacp Link Aggregation Control Protocol protocol ospf Open Shortest Path First IPv4 protocol ospfv3 Open Shortest Path First IPv6 protocol pim Protoc...

Page 144: ... cpu protect type CLI Reference Guide 134 The following example shows how to remove threshold of OSPF protocol packet Verifying the settings by show cpu protect type command Switch config no cpu protect type ospf ...

Page 145: ...dress or default route is not specified some packets will be sent to CPU for software routing The user can use this command to limit the rate of routed packets to avoid CPU spending too much time for routing packets The classification of each protocol type lists at Table 1 When the no form of this command is configured the related counter will reset to zero Example The following example shows how ...

Page 146: ...equired to specify the size of the key pair Example This example shows how to create an RSA key 1024 bits Syntax Description rsa Configure an RSA key pair dsa Configure a DSA key pair NBITS Specifies the size of the key pair s For RSA the valid values are 512 768 1024 and 2048 For DSA the valid values are 512 768 and 1024 For SSH version 2 the minimum recommended key size is 768 bits A key size wi...

Page 147: ...g Syntax Description none Default disable Command Mode Global configuration Usage Guideline Users can enable this configuration than a log message will be generated when the system detects the SFP s abnormal status or recovery from an abnormal status Example The following example shows how to disable logging for ddm switch configure terminal switch config no ddm log ...

Page 148: ... status even if the configuration on the port DDM state is enabled When the DDM supported SFP inserts into a port which is configured as DDM disabled the system will not detect the SFP s abnormal status but the user can still check its current status by the show dmm status command Example The following example shows how to disable ddm on interface eth3 1 Syntax Description enable When the state is...

Page 149: ...y The port shutdown is controlled by the error disable module without a recovery timer it is possible to force enable the port by the command shutdown then no shutdown Users can verify error disabled interfaces by show interface status err disabled command Example The following example shows how to configure interface eth3 1 to be shutdown when a ddm alarm is detected Syntax Description none The p...

Page 150: ...l status detection will be performed by software instead of the SFP s alarm warning flag fields Be careful to configure threshold values please reference the SFP module vendor s data sheet for default values and recommended values Example The following example shows how to configure temperature high alarm threshold as 127 994 on interface eth3 1 Syntax Description high High threshold command When ...

Page 151: ...rmal status detection will be performed by software instead of the SFP s alarm warning flag fields Be careful to configure threshold values please reference the SFP module vendor s data sheet for default values and recommended values Example The following example shows how to configure voltage low alarm threshold as 0 005 on interface eth3 1 Syntax Description high High threshold command When the ...

Page 152: ...abnormal status detection will be performed by software instead of the SFP s alarm warning flag fields Be careful to configure threshold values please reference the SFP module vendor s data sheet for default values and recommended values Example The following example shows how to configure bias current high warning threshold as 10 237 on interface eth3 1 Syntax Description high High threshold comm...

Page 153: ...mal status detection will be performed by software instead of the SFP s alarm warning flag fields Be careful to configure threshold values please reference the SFP module vendor s data sheet for default values and recommended values Example The following example shows how to configure tx power low warning threshold as 0 181 on interface eth3 1 Syntax Description high High threshold command When th...

Page 154: ... status detection will be performed by software instead of the SFP s alarm warning flag fields Be careful to configure threshold values please reference the SFP module vendor s data sheet for default values and recommended values Example The following example shows how to configure rx power low warning threshold as 0 181 on interface eth3 1 Syntax Description high High threshold command When the o...

Page 155: ... 0 0 0 Command Mode Management interface Usage Guideline The management port will send out IP packets for other IP subnets through this IP address Example This example shows how to set 10 1 1 254 as the IP address of the default gateway Verify the settings by entering the show mgmt if command Syntax Description IP ADDRESS IP address in four part dotted decimal format switch configure terminal swit...

Page 156: ...rocess to advertise a default route network 0 0 0 0 A redistribution statement must also be configured to complete this configuration or the default route will not be advertised The configuration of the default information originate command in BGP is similar to the configuration of the network BGP command The default information originate command however requires explicit redistribution of the rou...

Page 157: ...nd the default route exists in the redistributed routes Example This example shows how to advertise the default route regardless whether a default route exists in the configuration or not Syntax Description always Optional Always advertise the default route regardless whether a default route exists in the configuration or not metric METRIC VALUE Optional If metric is not specified the default metr...

Page 158: ...d default information originate no default information originate Syntax None Default Disabled Command Mode Router configuration Usage Guideline Issuing this command generates a default route into RIP The metric will always be one Example The following example shows how to generate a default route into RIP Verify the settings by entering the show running config command Switch configure terminal Swi...

Page 159: ...e Default Disabled Command Mode Router configuration Usage Guideline Originating a default IPv6 route into RIP also forces the advertisement of the route in router updates sent on the interface The advertisement of the route occurs regardless of whether the route is present in the IPv6 routing table Example The following example originates a default IPv6 route into RIP and advertises the default r...

Page 160: ...y must be created first Example This example shows how to default the IPv6 nd prefix instance Syntax Description X X X X M IPv6 network address This argument must be in the form documented in RFC2373 where the address is specified in hexadecimal using 16 bit value between colons X X X X IPv6 address M IPv6 prefix length Switch enable Switch configure terminal Switch config interface vlan1 Switch c...

Page 161: ... default metric helps solve the problem of redistributing routes with an incompatible metric Whenever a metric does not convert using a default metric provides a reasonable substitute and enables the redistribution to proceed The setting precedence that determines the metric is metric in redistributed command default metric setting Example The following example shows a router redistributing RIP de...

Page 162: ...e metric value for all redistributed routes A default metric helps solve the problem of redistributing routes with an incompatible metric Whenever a metric does not convert using a default metric provides a reasonable substitute and enables the redistribution to proceed The order of the setting precedence to determine the metric is set metric in redistributed command default metric setting Example...

Page 163: ...s A default metric helps solve the problem of redistributing routes with an incompatible metric Whenever a metric does not convert using a default metric provides a reasonable substitute and enables the redistribution to proceed Example The following example shows how to configure the default metric 5 to redistribute the OSPF routes In other words it assigns the OSPF derived routes a RIP metric of...

Page 164: ...use the current routing protocol to use the same metric value for all redistributed routes A default metric helps solve the problem of redistributing routes with an incompatible metric Whenever a metric cannot convert using a default metric provides a reasonable substitute and enables the redistribution to proceed Example The following example shows IPv6 RIP redistributing routes from OSPF All red...

Page 165: ...t as the client subnet If the number of servers is more than one then execute this command multiple times with different server IP addresses Routers are listed in order of preference address1 is the most preferred router address2 is the next most preferred router and so on Example This example shows how to specify 10 1 1 1 as the IP address of default router in DHCP address pool Syntax Description...

Page 166: ... from the Flash card inserted in cf1 If the file to be deleted is used as boot up image or configuration file then it cannot be deleted and an error message will be displayed Syntax Description FILE SYSTEM Specifies the file system The valid values are flash or cf1 flash represents the Compact FLASH storage of the control management unit cf1 represents the first open slot of compact FLASH storage ...

Page 167: ...ult None Command Mode Interface configuration Usage Guideline None Example This example shows how to add a description for interface eth 3 10 Verify the settings by entering the show interface command G Syntax Description DESCRIPTION Add a description for an interface up to 128 characters The syntax is a general string that allows spaces Switch config interface eth3 10 Switch config if description...

Page 168: ...f the file system on the system s cf1 flash Syntax Description FILES SYSTEM Specifies the file system The valid values are flash and cf1 where flash represents the compact FLASH CF storage of the control management unit and cf1 represents the compact FLASH storage card inserted in the left slot from the front of the CM module PATH NAME Optional Specifies the name of the directory Switch dir cf1 lo...

Page 169: ...he Privileged EXEC mode disable Syntax None Default None Command Mode Privileged EXEC Usage Guideline The command will go to the User EXEC level from the power user level Example This example shows how to logout after executing the disable command to return to the User EXEC mode Switch disable Switch logout ...

Page 170: ...strative distance of 255 means that the routing information source cannot be trusted at all and should be ignored Use the distance command to set the administrative distance for all the routes that fall in the range of the specified networks prefix That is if the route is in the range of the networks prefix the distance specified for the network prefix will be applied to this route Syntax Descript...

Page 171: ...found has failed then this route will be automatically deactivated and the route with the next lower distance will be the active route If the switch is operated in the multi path enabled mode then routes with the same distances will be active at the same time Note 1 BGP Protocol does not support this command Note 2 OSPF does not support the parameter NETWORK PREFIX PREFIX LENGTH Examples This exam...

Page 172: ...the IP address list of DNS servers available to DHCP clients under the DHCP pool configuration mode Servers are listed in order of preference If the number of servers is more than 1 then execute this command multiple times with different server IP addresses Example This example shows how to specify 10 1 1 1 as the IP address of DNS server in DHCP address pool Syntax Description IP ADDRESS Specifie...

Page 173: ... DOMAIN no domain name Default None Command Mode DHCP pool configuration Usage Guideline This command configures the domain name for a DHCP client Example This example shows how to specify domain name as dlink com in a DHCP address pool Syntax Description DOMAIN Specifies the domain name switch configure terminal switch config ip dhcp pool pool1 switch config dhcp domain name dlink com ...

Page 174: ...able action trap_log The following example shows how to remove action trap_log Syntax Description action ACTION Specify the action the device should take when an attacking event occurs User can specify multiple actions The no form of this command can remove specific actions or all actions By default drop is enabled and cannot be disabled or enabled by user trap_log The device can be configured to ...

Page 175: ... It may cause a target device to reply to itself continuously blat_attack This type of attack will send packets with TCP UDP source ports equal to destination ports of the target device It may cause a target device to respond to itself Caution use of the blat_attack type option results in suppression of RIP advertisements being transmitted smurf_attack An Attacker sends a large amount of ICMP requ...

Page 176: ...example shows how to enable the DoS prevention mechanism for a land_attack The following example shows how to enable the DoS prevention mechanism for all supported types The following example shows how to disable the DoS prevention mechanism for all supported types Syntax Description continued all All of the above types Switch configure terminal Switch config dos_prevention type land_attack Switch...

Page 177: ...ind a protocol VLAN group with a VLAN ID As a result the packet that matches the specified protocol group will be associated with the VLAN binding with this group The VLAN does not need to exist for the command to succeed If the GROUP ID is not specified when using the command no dot1v binding protocol group the switch will remove all the protocol group and VLAN bindings at the specified interface...

Page 178: ...e an existing protocol VLAN group If a specific protocol is specified with the no command then this specific protocol will be removed from the specified group Example This example shows how to create a protocol VLAN group with id 10 and bind protocol IPv6 frame type is ethernet2 value is 0x86dd Verify the settings by entering the show dot1v protocol group command Syntax Description GROUP ID Specif...

Page 179: ... the show dot1x auth configuration command Syntax Description port based Specifies the authentication mode as port based When in the port based mode if one supplicant is successfully authenticated other hosts that are connected to the same port are allowed to access the port Each port implements one authenticator state machine host based Specifies the authentication mode as host based When in the ...

Page 180: ... command on page 184 to create new user accounts If radius is specified a RADIUS server should be configured for authentication Please refer to the server command on page 541 in AAA Feature Commands on page 1 Example The following example shows how to specify the authentication method as RADIUS Verify the settings by entering the show dot1x command on page 596 Syntax Description local Specifies lo...

Page 181: ...s controlled based on this command When the port is in force authorized or authorized state the traffic is allowed in both directions Example The following example shows how to specifies the direction of the traffic through port eth4 1 as unidirectional Verify the settings by entering the show dot1x auth configuration command Syntax Description both Enable bidirectional control Both incoming and o...

Page 182: ...ransmit an EAP request frame to the supplicant before restarting the authentication process is 2 The quiet period reauth period server timeout supp timeout and tx period are 60 3600 30 30 and 30 seconds respectively Periodic re authentication is disabled Command Mode Interface configuration Usage Guideline This command is only valid on physical port interface Example The following example shows ho...

Page 183: ...d Mode Interface configuration Usage Guideline This command is only valid for physical port interface When the 802 1X functionality is disabled and dot1x forward pdu is configured for a port the received 1x BPDU on the port will be flooded to the ports where forward pdu is enabled and that are in the same VLAN Example This example shows how to enable 802 1X forward pdu on a given interface Verify ...

Page 184: ...est VLAN is enabled and the authentication state is unauthor ized the port belongs to the guest VLAN If the guest VLAN is enabled with the authentication state authorized and if RADIUS is authorizing VLAN access then the configured port will belong to the VLAN assigned by RADIUS server else the port belong to the VLAN configured in the VLAN module If guest VLAN is disabled and the authentication s...

Page 185: ...e the guest VLAN Verify the settings by entering show do1x auth configuration and show vlan interface command Switch configure terminal Switch config interface eth4 1 Switch config if dot1x guest vlan 99 Switch configure terminal Switch config interface eth4 1 Switch config if no dot1x guest vlan ...

Page 186: ...thentication state machine on eth4 1 This example shows how to initialize the authentication state machine associated with MAC address 00 40 10 28 19 78 on eth4 1 Syntax Description interface INTERFACE ID Optional Specifies a physical interface to initialize In port based mode initialize the authenticator state machine of a port In host based mode initialize all authenticator state machines of ass...

Page 187: ... Usage Guideline This command is only valid for physical port interface Example This example shows how to set the maximum number of retransmit times on port eth4 1 to be 3 Verify the settings with the show dot1x auth configuration command Syntax Description max req TIMES Number of times that the switch retransmits an EAP frame to the client before restarting the authentication process The range is...

Page 188: ...nable global 802 1x function before enabling 802 1X authentication on a specific port A port can be configured as a 1x enable port only if the port is not a member port of a port channel or a destination port of a port mirroring session Examples This example shows how to configure port eth4 1 as a 1X enabled port This example shows how to disable 802 1x authentication on port eth4 1 Syntax Descrip...

Page 189: ... a specific port Example This example shows how to deny all access on eth4 1 Verify the settings with the show dot1x auth configuration command Syntax Description auto The state authorized or unauthorized for a specific port is determined according to the outcome of the authentication force authorized Specifies to force the port to change to the authorized state The port allows access and all auth...

Page 190: ...or all MAC addresses associated with 1x enabled port in the host based mode Examples This example shows how to re authenticate eth4 1 This example shows how to re authenticate MAC address 00 40 10 28 19 78 on eth4 1 Syntax Description interface INTERFACE ID Optional Specifies a port to re authenticate This option is only valid for physical port interface mac address MAC ADDRESS Optional Specifies ...

Page 191: ...physical port interface The number of seconds between re authentication attempts can be configured using the dot1x timeout command on page 183 with the reauth period keyword Examples This example enables periodic re authentication on eth4 1 This example shows how to disable periodic re authentication Verify the settings by entering the show dot1x auth configuration command Switch configure termina...

Page 192: ...dot1x system auth control Syntax None Default Disabled Command Mode Global configuration Usage Guideline None Examples This example shows how to globally enable 802 1X authentication on a switch This example shows how to disable 802 1x authentication globally on a switch Verify the settings by entering the show dot1x auth configuration command Switch configure terminal Switch config dot1x system a...

Page 193: ...ion quiet period SECONDS Number of seconds that the switch remains in the quiet state following a failed authentication exchange with the client The range is 0 to 65535 reauth period SECONDS Number of seconds between re authentication attempts The range is 1 to 65535 server timeout SECONDS Number of seconds that the switch will wait when it does not receive notification from the authentication ser...

Page 194: ...s is project dependent Examples This example creates a local account with a user name yourname and password yourpass This example deletes a local account with a user name as yourname Verify the settings by entering the show dot1x user command Syntax Description NAME Specifies the name of a local account used for authentication The valid length is from 1 to 32 The syntax is general string that does...

Page 195: ... duplex is set to auto then only duplex mode is negotiated The advertised capability will be both full and half duplex mode combined with the configured speeds For combo port interfaces users must assign the medium type for this configuration Before adding ports to a Port Channel please verify that all settings are identical on the candidate ports otherwise the port members of a Port Channel with ...

Page 196: ...C mode from the power user level The command only accepts level 12 and 15 An error message will appear if other levels are specified If the enable password is configured for a level the user will be requested to enter the password for the specified privileged level Example This example shows how to enter the Privileged EXEC mode Syntax Description privilege LEVEL Optional Sets the privilege level ...

Page 197: ... password for privilege level 15 with MyEnablePassword Verify the settings by entering the show enable password command Syntax Description privilege LEVEL Sets the privilege level the password will protect The privilege level is either 12 or 15 If this argument is not specified in the command or in the no form of the command the privilege level defaults to 15 the traditional enable privileges plai...

Page 198: ...ommand Mode Any configuration mode Usage Guideline Using this command will end the configuration task in any configuration mode and go back to the Privileged EXEC mode If the current mode in any of the EXEC mode this command will logout the session Example This example shows how to end the interface configuration and go back to privileged mode Switch config if end Switch ...

Page 199: ... Default None Command Mode Any Usage Guideline The user can exit the current configuration mode and go back to the last mode used When the user is in User EXEC mode this command will logout the session Example This example shows how to exit from the interface configuration mode and return to the global configuration mode Switch config if exit Switch config ...

Page 200: ... configuration mode Usage Guideline Enable ERPS function globally will also enable all ERP instances which state are enabled by using erpi enable command And disable ERPS function globally will disable all ERP instances Example The following example shows how to enable ERPS function globally The following example shows how to disable ERPS function globally Switch config erps Switch config Switch c...

Page 201: ... Global configuration mode Usage Guideline Use the erps domain command to create or modify an ERPS domain and enter the ERPS domain configuration mode Example The following example shows how to create ERPS domain campus The following example shows how to delete ERPS domain campus Syntax Description DOMAIN NAME Specifies the name of ERPS domain with a maximum of 32 characters Only allow character s...

Page 202: ...al disabled state 1 The configured R APS controlled VLAN does not exist 2 The configured ring ports are not the tag member port of the R APS controlled VLAN In addition to R APS controlled VLAN and ring ports the configuration of service protected VLANs and RPL related settings are fundamental for the setup of an ERP instance Example The following example shows how to enable ERP instance 1 in ERPS...

Page 203: ...ANs protected by one instance is a subset of the set of VLANs protected by another instance If multiple ERP instances are configured then one of them should be the major instance and the rest of them are sub instances The ID of ERP instances in different domains are global significant To change the type of an instance remove the instance first and re create the instance Example The following examp...

Page 204: ...DGS 6604 m erpi type CLI Reference Guide 194 Switch config erps domain no erpi 1 Switch config erps domain ...

Page 205: ...ed to exist to configure the command If user removes the R APS controlled VLAN when the ERP instance is in operation the ERP instance will enter operational disabled state Different ERP instances can not use the same R APS controlled VLAN Example The following example shows how to configure R APS controlled VLAN to 2 of ERP instance 1 The following example shows how to remove R APS controlled VLAN...

Page 206: ...or all ring nodes of an ERP instance should be the same Example The following example shows how to configure ring MEL value to 6 of ERP instance 1 The following example shows how to return ring MEL value to default value of ERP instance 1 Syntax Description INSTANCE ID Specifies the identifier of the ERP instance The valid range is 1 to 4095 MEL VALUE Specifies the ring MEL value of the ERP instan...

Page 207: ...rface eth3 1 as the east ring port of ERP instance 1 The following example shows how to configure interface eth3 2 as the west ring port of ERP instance 1 The following example shows how to configure interface port channel1 as the east ring port of ERP instance 1 Syntax Description INTERFACE ID Specifies the identifier of the ERP instance The valid range is 1 to 4095 east Specifies the port as the...

Page 208: ...port to shared ring port of ERP instance 2 sub ERP instance The following example shows how to remove shared ring port of ERP instance 2 sub ERP instance Switch config erps domain no erpi 1 ring port east Switch config erps domain Switch config erps domain erpi 2 ring port east shared Switch config erps domain Switch config erps domain no erpi 2 ring port shared Switch config erps domain ...

Page 209: ...e The following example shows how to enable RPL owner and configure RPL port to east ring port of ERP instance 1 The following example shows how to enable RPL owner and configure RPL port to west ring port non shared of ERP instance 2 The following example shows how to disable RPL owner of ERP instance 1 Syntax Description INSTANCE ID Specifies the identifier of ERP instance The valid range is 1 t...

Page 210: ...nstances generally the VLANs protected by them should be consistent Example The following example shows how to configure service protected VLAN as 3 of ERP instance 1 The following example shows how to add service protected VLANs 4 6 of ERP instance 1 The following example shows how to add service protected VLANs 7 9 of ERP instance 1 The following example shows how to remove service protected VLA...

Page 211: ... 201 The following example shows how to remove all service protected VLANs of ERP instance 1 Switch config erps domain erpi 1 protected vlan remove 3 Switch config erps domain Switch config erps domain no erpi 1 protected vlan Switch config erps domain ...

Page 212: ...ws how to configure guard timer to 700 milliseconds hold off timer to 100 milliseconds of ERP instance 1 The following example shows how to configure WTR timer to 1 minutes of ERP instance 1 Syntax Description INSTANCE ID Specifies the identifier of the ERP instance The valid range is1 to 4095 guard MILLI SECONDS Specifies the guard timer in milliseconds The valid range is 10 to 2000 The value sho...

Page 213: ... erpi timer CLI Reference Guide 203 The following example shows how to configure hold off timer as default time value of ERP instance 1 Switch config erps domain no erpi 1 timer hold off Switch config erps domain ...

Page 214: ...he command setting only takes effect for the sub ERP instance Example The following example shows how to enable tc propagation state of sub ERP instance 2 in ERPS domain 1 The following example shows how to disable tc propagation state of sub ERP instance 2 in ERPS domain 1 Syntax Description INSTANCE ID Specifies the identifier of the sub ERP instance The valid range is 1 to 4095 Switch config er...

Page 215: ...or receive any packets An error disabled port can be either manual recovered or automatically restored by using this command The user can enter shutdown and then no shutdown commands to recover an interface manually from the error disabled state If auto recovery is enabled for a specific cause the port error disabled by that caused will be auto recovered once the cause have timed out Example This ...

Page 216: ... following example shows how to enable the auto recovery for loopback detection You can verify your settings by entering the show errdisable recovery command Switch configure terminal Switch config errdisable recovery cause loopback detection Switch config end ...

Page 217: ... then the final flow control setting will be determined by the configured flow control setting If auto negotiation is enabled i e the speed or duplex setting is set to auto the final flow control setting will be based on the negotiated result between local side setting and the partner side setting The configured flow control setting here is the local side setting If no option is selected for the d...

Page 218: ...is example shows how to turn on the flow control send capability of interface eth3 1 Verify the settings by entering the show interface command Switch configure terminal Switch config interface eth3 1 Switch config if flowcontrol send on Switch config if end ...

Page 219: ...se the no gvrp command to disable the GVRP function globally gvrp no gvrp Syntax None Default Disabled Command Mode Global configuration Usage Guideline None Example This example shows how to enable the GVRP protocol global state Verify the settings by entering the show gvrp configuration command Switch config gvrp Switch config ...

Page 220: ...guration command to enable disable the GVRP protocol state Both physical port and port channel interfaces are valid for this command If a physical port is member of a port channel then this command should return an error message to indicate it The GVRP function cannot be enabled when the interface is at access mode Example This example shows how to enable Ethernet eth3 1 GVRP protocol state Verify...

Page 221: ...Ns to which the specified interface belongs will be enabled Both physical port and port channel interfaces are valid for this command If a physical port is member of a port channel then this command should return an error message to indicate it The GVRP advertise function cannot be enabled when the interface is in access mode Example This example shows how to enabled advertise function of VLAN 100...

Page 222: ...AN has been configured to be advertised under the config VLAN mode GVRP protocol will advertise this VLAN if it has any member ports However the command takes effect only in the running configuration it is not stored in NV RAM for the next start up configuration In the interface mode the command is stored in NV RAM for next startup system configuration mode Example This example shows how to config...

Page 223: ... creation Syntax None Default Disabled Command Mode Global configuration Usage Guideline When gvrp dynamic vlan creation is enabled and a port learns a new VLAN membership where the VLAN does not exist the VLAN will be created automatically Otherwise the newly learned VLAN will not be created Example This example shows how to enable dynamic VLAN creation for GVRP Verify the settings by entering th...

Page 224: ...nterfaces are specified the command can be executed partially Error messages are sent if the interfaces fail to execute this command When the gvrp forbidden command is configured all VLANs will be forbidden except the default VLAN 1 of this port If some VLANs have already been defined as allowable VLANs for the port then these VLAN memberships will be removed when issuing the gvrp forbidden comman...

Page 225: ...ER Example This example shows how to set the leave all timer to 5 seconds using the value 500 hundredths of a second Verify the settings by entering the show gvrp configuration interface command Syntax Description join Set the timer for joining the group The unit is hundredths of a second leave Set the timer for leaving a group The unit is hundredths of a second leave all Set the time for leaving ...

Page 226: ...ist the keywords and arguments associated with a command enter a question mark in place of a keyword or argument on the command line This form of help is called command syntax help because it lists the keywords or arguments that apply based on the command keywords and arguments that have already been entered Example In the following example the help command is used to display a brief description o...

Page 227: ...dvertised in the router LSA as stub link Example This following example shows how to configure a stub host 172 16 10 100 at area 1 Verify the settings by entering the show ip ospf host route command Syntax Description IP ADDRESS Specifies IP address of the host AREA ID Specifies the identifier of the area for which authentication is to be enabled The identifier can be specified as either an IP add...

Page 228: ...tagged VLAN applying this command in un tagged VLAN mode will remove that membership If a VLAN has already been defined as a un tagged VLAN applying this command in tagged VLAN mode will remove that membership When using the no hybrid vlan command without specifying a VLAN ID then the port s membership will be removed from all VLANs Example This example shows how to set an interface port 3 1 as a ...

Page 229: ... command are physical ports Use the ingress checking interface command to enable ingress checking at the switch interfaces When ingress checking is enabled if the port is not a member port of the VLAN associated with the incoming frames the frames will be dropped Use the no ingress checking interface command to disable this function of a port Example This example shows how to set ingress checking ...

Page 230: ...ny unmapped VLAN is mapped to the CIST instance Examples This example shows how to map a range of VLANs to instance 2 This example shows how to map a VLAN to instance 5 Verify the settings by entering the show spanning tree mst configuration command Syntax Description INSTANCE ID Instance to which the specified VLANs are mapped valid values are from 1 to 63 vlans VLANDID Specifies the number of th...

Page 231: ...on Usage Guideline The interface command puts the command line interface into interface configuration mode for a specified interface For the port channel interface it must be an existing channel group For the VLAN interface it must be a previously created VLAN Example This example shows how to enter the interface configuration mode for eth2 5 Syntax Description INTERFACE ID The interface can be a ...

Page 232: ...on mode for the specified range of interfaces The interfaces specified in a range can be different types such as eth2 1 2 5 vlan100 200 Example This example shows how to enter the interface configuration mode for a range of ports from eth2 1 2 5 Syntax Description INTERFACE ID The interface can be physical port port channel or IP interface Specifies a series of interface or separate a range of int...

Page 233: ...nterface tunnel tunnel ID Default None Command Mode Global configuration Usage Guideline None Examples The following example will add a tunnel of 2 and then enter into the interface configuration mode The following example will remove IPv6 tunnel 2 Syntax Description tunnel ID Specifies the ID of the tunnel to be added removed or configured The valid tunnel ID range is 1 127 Switch config interfac...

Page 234: ... the command is applied successfully the number of remaining entries is displayed If the access group contains a rule with a port operator e g gt lt operator the number of remaining rules for the port operator is displayed If the resource is insufficient to commit the command an error message is displayed There is a limitation on the number of port selectors that can be applied If the maximum numb...

Page 235: ... An IP access list can not be deleted if it is applied at an interface An IP extended access list can only be grouped with an interface but not any other S W modules such as PIM DM etc Examples This example shows how configure an extended IP access list named Strict Control and an IP access list named pim srcfilter Verify the settings by entering the show access list command Syntax Description ext...

Page 236: ...treated like the primary address except that the system does not generate datagrams other than a routing update packet with secondary source addresses For example an SNMP trap is always generated with the primary address However the system can respond to a packet sent to the secondary address For now only VLAN interfaces can be configured by this command If a VLAN interface has been configured wit...

Page 237: ...how ip interface command Switch configure terminal Switch config interface vlan100 Switch config if ip address 10 108 1 27 255 255 255 0 Switch config if ip address 192 31 7 17 255 255 255 0 secondary Switch config if ip address 192 31 8 17 255 255 255 0 secondary Switch config end ...

Page 238: ...onfiguration Usage Guideline This is the IP address used for management access to the system Use no ip address command to restore the default IP address 10 90 90 90 8 Example This example shows how to set 10 1 1 1 as the IP address of the Management Port Verify the settings by entering the show mgmt if command Syntax Description IP ADDRESS IP address to be configured for the Management Port PREFIX...

Page 239: ...et for the all IP addresses Specify a host by specifying the IP address explicitly or specify a range of IP addresses using a hyphen between the start IP address and end IP address Both the host and the range of IP addresses can be mixed together Verify and confirm that the IP addresses chosen are part of the same network Example This example shows how to configure the IP address range for pool1 i...

Page 240: ...rver screening function If a port is configured to enable DHCP server screening function it will deny all DHCP server packets UDP source port 67 You can add a permit binding rule by command ip dhcp screening Example The following example enable the DHCP server screening function on port eth4 1 and eth5 3 Syntax Description INTERFACE ID The interface should be a physical port or port channel Specif...

Page 241: ...e The user needs turn on the port s DHCP Server Screening to make all DHCP server packets are denied by default by command ip dhcp screening ports If a port s DHCP Server Screening doesn t turn on the permit rule is not effective Example The following example configures a permit rule to allow DHCP server packet with source IP address 10 1 1 1 and client MAC address 00 08 01 02 03 04 on eth4 1 4 34...

Page 242: ...ax None Default Disabled Command Mode Global configuration mode Usage Guideline Use this command to enable the function of trap log It will log illegal server IP address ingress port and send trap if any DHCP server packet is not authorized and dropped if user turns on this function Example The following example shows to enable trap log function of DHCP screening switch configure terminal switch c...

Page 243: ... enabled VLAN The binding database provides IP and MAC binding information that can be further used by the IP source guard and dynamic ARP inspection process Use the ip dhcp snooping command to globally enable DHCP snooping Use the ip dhcp snooping vlan command to enable DHCP snooping for a VLAN DHCP snooping process occurs during the relay agent relays the packet To enable the DHCP relay service ...

Page 244: ...CP packets when it arrives at the port on the VLAN that is enabled for DHCP snooping By default the validation process will drop the packet If gateway address 0 or option 82 is present Use the ip dhcp snooping information option allow untrusted command to allow the packet with relay option 82 arriving at the un trusted interface Example This example shows how to enable DHCP snooping option 82 allo...

Page 245: ...sage should be all sent by the client If the message is sent by the DHCP server the message will be dropped 2 If ip dhcp snooping verify mac address is enabled the source MAC in the Ethernet header must be the same as the DHCP client hardware address to pass the validation 3 For the received release and decline packets the received port is also checked against the binding database entry The packet...

Page 246: ...guration mode Usage Guideline Use this command to set the interval that device will send trap when illegal DHCP server is detected The same illegal DHCP server IP address detected just is send once to the trap receivers within the specified ceasing unauthorized duration Example The following example shows to specify the suppress time to 20 minutes Syntax Description SUPPRESS TIME The monitoring in...

Page 247: ...de Usage Guideline The command is available for physical port configuration When an interface is in ip arp inspection trust state the ARP packets arriving at the interface will not be inspected When an interface is in ip arp inspection untrust state the ARP packets arriving at the port and belong to the VLAN that is enabled for inspection will be inspected Example This example shows how to configu...

Page 248: ...urce MAC validation This example shows how to disable source MAC validation Syntax Description src mac Optional Specify to check for both ARP request response packets the consistency of the source MAC address in the Ethernet header against the sender MAC address in the ARP payload dst mac Optional Specify to check for ARP response packets the consistency of the destination MAC address in the Ether...

Page 249: ...DGS 6604 ip arp inspection validate CLI Reference Guide 239 Switch configure terminal Switch config no ip arp inspection validate src mac Switch config ...

Page 250: ...N arriving at the un trusted interface will be validated If the IP to MAC address binding pair the source MAC address and the source IP address in the Ethernet header is not permitted by the ARP ACL or the DHCP snooping binding database the ARP packet will be dropped Example This example shows how to enable ARP inspection on VLAN2 Syntax Description vlan VLAN ID Specify the VLAN to enable or disab...

Page 251: ...P source guard the IP packet arrives at the port will be validated via port ACL Port ACL is a hardware mechanism and its entry can come from either the manual configured entry or the DHCP snooping binding database The packet fails to pass the validation will be dropped The validation is based on both the source MAC address and IP address The IP to MAC address binding pair must match the entries in...

Page 252: ...y already exist the existing binding entry is updated The interface specified for the command can be a physical port interface Example This example shows how to configure an IP Source Guard entry with IP address 10 1 1 1 and MAC address 00 01 02 03 04 05 at VLAN 2 on interface eth3 10 Syntax Description MAC ADDRESS Specifies the MAC address of the IP to MAC address binding entry vlan VLAN ID Speci...

Page 253: ...ws how to delete an IP Source Guard entry with IP address 10 1 1 1 and MAC address 00 01 02 03 04 05 at VLAN 2 on interface eth3 10 Switch configure terminal Switch config no ip source binding 00 01 02 03 04 05 vlan 2 10 1 1 1 interface eth3 10 Switch ...

Page 254: ... or deny condition applies Use this command to define the BGP access list globally use the neighbor filter list command in the router configuration mode to apply a specific access list Multiple commands can be applied to a list name Example This example shows how to define an AS path access list named mylist to deny access to the neighbor with AS number 65535 Verify the settings by entering the sh...

Page 255: ...stems It includes community values that are 32 bits long This command can be applied multiple times In the command no ip community access list COMMUNITY LIST NAME if a permit or deny keyword is not specified then all community lists bonded at the specified access list will be removed Example This example on the next page shows how to configure a community list Syntax Description COMMUNITY LIST NAM...

Page 256: ...CLI Reference Guide 246 named mycommlist that permit routes from network 10 in autonomous system 50000 Verify the settings by entering the show ip community list command Switch config ip community list mycommlist permit 50000 10 ...

Page 257: ...obal configuration Usage Guideline The DHCP snooping function validates the DHCP packets when it arrives at the port on the VLAN that is enabled for DHCP snooping By default DHCP snooping will verify that the source MAC in the Ethernet header be the same as the DHCP client hardware address to pass the validation Use the no ip dhcp snooping verify mac address to disable the check for the MAC addres...

Page 258: ... packets that come from an un trusted interface can be validated and a DHCP binding database will be constructed for the DHCP snooping enabled VLAN The binding database provides IP and MAC binding information that can be further used by the IP source guard and dynamic ARP inspection process The DHCP snooping enabled status for a secondary VLAN follows the status for its primary VLAN Thus the DHCP ...

Page 259: ...g on range of VLAN This example shows how to disable DHCP snooping on range of VLAN Switch configure terminal Switch config no ip dhcp snooping vlan 10 Switch config Switch configure terminal Switch config ip dhcp snooping vlan 10 15 18 Switch config Switch configure terminal Switch config no ip dhcp snooping vlan 10 15 18 Switch config ...

Page 260: ...n Usage Guideline Before a DHCP server attempts to assign a pool address a to client it tries to ping the specific pool address If the ping packet is unanswered the DHCP server assumes this pool address is currently available and is safe to assign to a requesting client Example The following is a sample of configuring the number of ping packets as 3 Syntax Description COUNT The number of ping pack...

Page 261: ...ore the DHCP server attempts to assign a pool address to a client it tries to ping the specific pool address If the ping packet is unanswered the DHCP server assumes this pool address is currently available and is safe to assign to the requesting client This command sets the time that the DHCP server will wait for a reply from the address that it pinged Example The following is sample of configuri...

Page 262: ... In this mode the administrator can configure pool parameters for example the IP subnet number and default router list Note that the DHCP pool name can play an important role if the DHCP host requests meet the IP address offering criteria of more than one DHCP pool The pool name with the shortest name and lowest alphabet is the only pool allowed to offer the correct IP address to the host Example ...

Page 263: ...isable DHCP relay agent features ip dhcp relay no ip dhcp relay Syntax None Default Disabled Command Mode Global configuration Usage Guideline Use this command to enable DHCP relay function The DHCP relay function is disabled by default Example Enable DHCP relay function Verify the settings by entering the show ip dhcp relay command Switch enable Switch configure terminal Switch config ip dhcp rel...

Page 264: ...erface is an IP interface For layer 2 devices the DHCP servers need to be specified on the system IP interface All the DHCP request packets received by a device will be relayed to these DHCP servers For layer 3 devices all the DHCP request packets received by the IP interfaces will be relayed to the DHCP servers configured on this interface If there are no DHCP servers configured on an IP interfac...

Page 265: ...ets can traverse Example This example shows how to set maximum number of router relay hops 5 Verify the settings by entering the show ip dhcp relay command Syntax Description HOP COUNT The number of relay hops that the DHCP packets can traverse The valid setting is 1 16 Every time that a DHCP packet is relayed the relay hop count will be increment by 1 If the relay hop count in the received packet...

Page 266: ...k for the reply packet is enabled the device will check that the option 82 field in DHCP reply packets it receives from the DHCP server is valid If an invalid message is received the relay agent drops it If a valid message is received the relay agent removes the option 82 field and forwards the packet If the check is disabled a packet with an invalid option 82 field will be directly forwarded Exam...

Page 267: ...on 82 contains 2 sub options circuit ID and remote ID sub options If the switch is standalone then the module field within the circuit ID sub option is always set to zero The following describes the format of the Circuit and Remote ID sub option formats Circuit ID suboption format VLAN ID The incoming VLAN ID of DHCP client packet Module For a standalone switch Module is always 0 For a stackable s...

Page 268: ...uide 258 Example This example shows how to enable insertion of the option 82 field during the relay of DHCP request packets Verify the settings by entering the show ip dhcp relay command Switch configure terminal Switch config ip dhcp relay information option ...

Page 269: ... IP address of the predecessor DHCP relay agent Example This example shows how to set the policy to drop the DHCP request packet that is relayed by other DHCP relay agent and already has option 82 inserted Verify the settings by entering the show ip dhcp relay command Syntax Description drop Discards the packet that already has the relay option This packet represents a packet that is relayed by a ...

Page 270: ...elay agent information option is present in the packet then the DHCP relay agent will accept the packet When the packet is not trusted then it will be discarded This command is under global configuration it will enable disable all existing VLANs DHCP Relay Agent trusted relay agent information However the command takes effect only in the running configuration and is not kept in NVRAM for the next ...

Page 271: ...ed Command Mode VLAN interface configuration Usage Guideline When IP DHCP relay information is trusted if the gateway address in the DHCP request packet is set to all zeros but the relay agent information option is already present in the packet the DHCP relay agent will accept the packet If it is un trusted then the packet will be discarded Example This example shows how to enabled interface vlan1...

Page 272: ...abled Before enabling DVMRP function on an interface it is necessary to enable IP multicast routing with the ip multicast routing command in global configuration mode Only one multicast routing protocol can be enabled on an interface make sure no other multicast routing protocol is configured before DVMRP is enabled If another protocol is enabled an error message is displayed Example This example ...

Page 273: ...the source network DVMRP uses the infinite or unreachable metric which is defined to be 32 This limits the breadth across the entire DVMRP network and is necessary to place an upper boundary on the convergence time of the protocol By default a metric value of 1 is associated with each DVMRP route Use the command to modify the metric value Example This example shows how to change the metric value t...

Page 274: ... HTTP server function ip http server no ip http server Syntax None Default HTTP interface is enabled Command Mode Global configuration Usage Guideline This command enables HTTP server function Example This example will disable the http server Verify the settings by entering the show system protocol state command Switch config no ip http server ...

Page 275: ...service port Default Port 80 Command Mode Global configuration Usage Guideline This command configures the TCP port number for HTTP Example This example set HTTP TCP port number to 100 Verify the settings by entering the show system protocol state command Syntax Description TCP PORT TCP port number TCP ports are numbered between 1 and 65535 The well known TCP port for the HTTP protocol is 80 Switc...

Page 276: ...to membership of only those S G channels that are permitted by an IP basic access list An IGMP access list accepts only an IP basic access list allowing membership reports to be filtered based only on multicast group addresses IGMPv3 allows multicast receivers not only to join to groups but to groups based on including or excluding sources For appropriate access control it is therefore necessary t...

Page 277: ...he show ip igmp interface command Switch configure terminal Switch config ip access list igmp_filter Switch config ip acl permit any 226 1 1 1 255 255 255 255 Switch config ip acl exit Switch config interface vlan1000 Switch config if ip igmp access group igmp_filter Switch config if end ...

Page 278: ...l will be carried within IGMP group specific queries or group source specific with IGMP Version 3 query messages The last member query count will have the same value as the robustness variable When IGMP is disabled but IGMP snooping is enabled at the interface then the IGMP last member query interval value set with this command is used for IGMP snooping If the command ip igmp snooping immediate le...

Page 279: ...t packets for specific groups that is indicating that the host wants to become a member of the group IGMP query messages are addressed to the all hosts multicast group which has the address 224 0 0 1 and has an IP time to live TTL value of 1 The igmp query interval is also used for igmp snooping as IGMP is disabled but igmp snooping is enabled at the interface Example This example shows how to con...

Page 280: ...mmand applies to interfaces configured for both IGMP Layer 3 multicast protocols and IGMP Snooping L2 mode and the interface function as a querier The group membership interval is equal to query interval robustness max response time Example This example shows how to configure IGMP max query response time to 10 seconds on VLAN 1000 Verify the settings by entering the show ip igmp interface command ...

Page 281: ...alue to 5 on interface VLAN 1000 Verify the settings by entering the show ip igmp interface command Syntax Description VALUE Provides fine tuning to allow for expected packet loss on a subnet The value of the robustness variable is used in calculating the following IGMP message intervals Group membership interval Amount of time that must pass before a multicast router decides there are no more mem...

Page 282: ...When the user executes the command under global configuration it will enable disable all existing VLAN IGMP snooping function However the command takes effect only in the running configuration and it will not be kept in NVRAM for the next start up configuration For a VLAN interface the command can be kept in NVRAM for the next startup system configuration mode To disable IGMP snooping on a VLAN in...

Page 283: ...MP Snooping for all existing VLANs This example shows how to enable IGMP Snooping on VLAN1 Verify the settings by entering the show ip igmp snooping command Switch config ip igmp snooping Switch config end Switch Switch config interface vlan1 Switch config if ip igmp snooping Switch config if end Switch ...

Page 284: ... and DVMRP packet to identify whether the partner device is a multicast router To add a multicast router port statically use the ip igmp snooping mrouter designate configuration On the opposite side it is also possible to use ip igmp snooping mrouter not allowed to configure those ports that cannot become multicast router ports even the port has received IP multicast control protocol message The m...

Page 285: ...interface is not eligible to be designated as a multicast router interface Verify the settings by entering the show ip igmp snooping mrouter command Switch configure terminal Switch config interface vlan1 Switch config if ip igmp snooping mrouter designate interface eth3 1 Switch config if exit Switch config Switch config interface vlan5 Switch config if ip igmp snooping mrouter designate interfac...

Page 286: ...abled Command Mode VLAN Interface configuration Usage Guideline The ip igmp snooping immediate leave command allows IGMP Snooping membership of an interface to be removed immediately without any further confirmation mechanism such as time out when the interface receives an IGMP leave message from the IGMP client Example This example shows how to enable IGMP Snooping immediate leave on VLAN 1 Verif...

Page 287: ...nstructs the client to report within the time period specified If the IGMP snooping entity does not receive a report from a client for a specific group after a specific time period the port is removed from the member port list of the specific group This specific time period is referred to as the group membership interval The group membership interval is equal to query interval robustness variable ...

Page 288: ...as port or port channel interface does not belong to the VLAN where this command is going to apply the specified interfaces then the system returns an error message to indicate that the command is ignored The command creates an IGMP snooping static group If an igmp snooping static group configuration exists in the switch then the switch has to respond to the IGMP query for these configured static ...

Page 289: ...ds for IGMP Snooping Verify the settings by entering the show ip igmp snooping group command Switch configure terminal Switch config interface vlan1 Switch config if ip igmp snooping static group 226 1 2 3 interface eth3 5 Switch config if exit Switch config interface vlan1 Switch config if ip igmp snooping static group 226 1 2 6 source 10 1 2 3 interface eth3 5 ...

Page 290: ...rt Leave messages are ignored This version will apply to both IGMP and IGMP snooping operation Example This example shows how to configure IGMP version It configures the IGMP version to 3 Verify the settings by entering the show ip igmp interface command Syntax Description 1 Configure the Switch to run IGMP version 1 2 Configure the Switch to run IGMP version 2 3 Configure the Switch to run IGMP v...

Page 291: ...multicast data source within network 192 168 7 0 24 to be accessible with the neighbor router 10 1 1 1 and with the distance value of 100 The following example configures the multicast data source within a network number 192 168 8 0 24 to be discarded Syntax Description SOURCE NETWORK Network address of the multicast source Format A B C D M RPF ADDRESS RPF neighbor address for the multicast route ...

Page 292: ...oute CLI Reference Guide 282 The following example removes a previously configured ip mroute entry of 192 168 8 0 24 Verify the settings using the show running config command Switch config no ip mroute 192 168 8 0 24 ...

Page 293: ...ls such as OSPF will use this value to advertise routing updates Examples This example shows how to set ip mtu as 6000 bytes at vlan 4 This example shows how to restore the default ip mtu Verify the settings by entering the show interface command Syntax Description BYTES Set the IP MTU value in TCP IP stack The range is 1280 to 9692 bytes Switch configure terminal Switch config interface vlan4 Swi...

Page 294: ...mand Mode Management interface configuration Usage Guideline IP packets sent by the device will be fragmented based on this value Example This example shows how to set the ip mtu of the Management Port to 1600 bytes Verify the settings by entering the show mgmt if command Syntax Description BYTES The maximum transfer unit in bytes The range is 1500 to 9180 bytes Switch configure terminal Switch co...

Page 295: ...st routing no ip multicast routing Syntax None Default Disabled Command Mode Global configuration Usage Guideline If the no ip multicast routing command is used the device stops routing multicast packets even when the protocols are enabled Example This example shows how to enable IP multicast routing Verify the settings by the show system protocol state command Switch config ip multicast routing ...

Page 296: ...message digest key for authentication When it is specified to use the authentication key but the key is not configured then null key will be used When it is specified to use the message digest but the digest key is not configured then the null key will be used Example In the following example shows how to enable message authentication on interface VLAN 1 Verify the settings by entering the show ip...

Page 297: ...ord exchange OSPF routing data Use the ip ospf authentication command to enable authentication Simple password authentication allows a password to be configured for each interface Configure the routers in the same routing domain with the same password Example In the following example an authentication key test is created on interface VLAN 1 in area 0 Note that first authentication is enabled for a...

Page 298: ...he bandwidth of an interface The cost can be either manually assigned or be automatically determined By default the cost of an interface is calculated based on the bandwidth 10E8 bandwidth use the ip ospf cost command to set the cost manually If the cost is explicitly assigned the assigned cost will override the auto determined cost Otherwise the auto determined cost will be adopted Example The fo...

Page 299: ...lo packet from a neighbor before declaring the neighbor down This value is advertised in the router s hello packets It must be the same for all routers on a specific network Specifying a smaller dead interval in seconds will give faster detection of a neighbor being down and improve convergence but it may cause additional routing instability Example The following example shows configuring dead int...

Page 300: ...val for all routers on a specific network A shorter hello interval ensures faster detection of topological changes but results in more routing traffic When configuring the hello interval if the hello interval 4 65535 then the dead interval will be automatically updated to hello interval 4 Example The following example shows setting the hello interval to 3 seconds on interface VLAN 1 Verify the set...

Page 301: ...tinue communication while the network administrator is updating them with a new password The router will stop sending duplicate packets once it detects that all of its neighbors have adopted the new password Maintain only one password per interface removing the old password whenever a new one is added This prevents the local system from continuing to communicate with the system that is using the o...

Page 302: ...e higher router priority becomes the DR If the router priority is the same for two routers the router with the higher router ID takes precedence Only routers with nonzero router priority values are eligible to become the designated or backup designated router Configure router priority for multi access networks not point to point only Example The following example shows setting the OSPF priority va...

Page 303: ...SA until it receives an acknowledgement In case the router does not receive an acknowledgement during the set time the retransmit interval value it retransmits the LSA Set the retransmission interval value conservatively to avoid needless retransmission The interval should be greater than the expected round trip delay between two routers Example The following example shows setting the ospf retrans...

Page 304: ...to place the OSPF protocol on a specific interface into shutdown mode If no interface is specified with this command the entire protocol will shutdown in the least disruptive manner and notify its neighbors that it is not available Traffic that can follow another route through the network will be directed to that alternate path Example The following example shows how to initiate an OSPF protocol s...

Page 305: ...ime to the age field of an update If the delay is not added the time in which the LSA transmits over the link is not considered This command is especially useful for low speed links Remember to add transmission and propagation delays when setting the transmit delay value Example The following example shows setting the OSPF transmit delay to 10 seconds on the VLAN 1 interface Verify the settings by...

Page 306: ...etection is enabled Command Mode Interface configuration Usage Guideline OSPF checks whether neighbors are using the same MTU on a common interface This check is performed when neighbors exchange Database Descriptor DBD packets If the receiving MTU in the DBD packet is higher than the IP MTU configured on the incoming interface OSPF adjacency will not be established Example The following example d...

Page 307: ...ticast routing protocol can be enabled on one interface When the command ip pim dense mode is issued PIM dense mode will be configured on the interface Therefore when the command ip pim sparse mode is issued attempting to execute sparse mode on the interface the system will reply with an error message because PIM dense mode is already configured on that interface Enabling PIM on an interface also ...

Page 308: ...thorized sources from registering with the RP If an unauthorized source sends a register message to the RP the RP will immediately send back a register stop message Example The following example shows how to restrict the RP from allowing sources in the Source Specific Multicast SSM range of addresses to register with the RP These statements need to be configured only on the RP Verify the settings ...

Page 309: ...SR Functionality of hash mask is defined in RFC4601 4 7 2 The hash function is used by all routers within a domain to map a group to one of the RPs from the matching set of group range to RP mappings all of this set has the same longest mask length and the same highest priority The algorithm takes as input the group address and the addresses of the candidate RPs from the mappings and gives as outp...

Page 310: ...e following example shows how to configure the IP address of the router on VLAN 1 to be a candidate BSR with hash mask length of 20 and priority of 192 Verify the settings by using the show ip pim command Switch config ip pim bsr candidate vlan1 20 192 Switch config ...

Page 311: ...ted as the DR If this priority value is the same on multiple routers then the router with the highest IP address configured on an interface will be elected as the DR If a router does not advertise a priority value in its hello messages the router is regarded as having the highest priority and will be elected as the DR If there are multiple routers with this priority status then the router with the...

Page 312: ...the period would be longer for lower speed links or for routers in the center of the network that expect to have a larger number of entries For SM mode the router will periodically send the join message based on this interval The hold time in a Join Prune message is 3 5 join prune interval The receiving router will start a timer based on this hold time and prune the interface if no join message is...

Page 313: ... limit timer which limits the Pruning rate on a LAN It is only used when the Upstream S G state machine is in the Pruned state A Prune cannot be sent if this timer is running This timer is normally set to default value 210 seconds Example The following example configures interface VLAN 1 with the PIM prune limit timer interval set to 120 seconds Verify the settings by entering the show ip pim inte...

Page 314: ... PIM hello messages to detect PIM routers For SM hello messages are also used to determine which router will be the designated router for each LAN segment If the router has interfaces operating in the SM mode the designated router will send Registration messages to the rendezvous point RP Example The following example changes the PIM hello interval to 45 seconds Verify the settings by entering the...

Page 315: ... with other manufacturer devices per the following This command is used to inter operate with some legacy CISCO manufactured routers using older CISCO IOS versions This command is needed for the first hop router for encapsulation of the register packet This function needs to be enabled in order to inter operate with legacy CISCO devices using older IOS versions If group list is not specified then ...

Page 316: ... should be configured on the designated router Note the parameter Register Probe Time in RFC 4601 is fixed to 5 not configurable It is fixed to 5 because the value of the Register Probe Time must be less than half the value of the Register Suppression Time to prevent a possible negative value in the setting of the Register Stop Timer The minimal value for Register Suppression Time is 11 Example Th...

Page 317: ...mmand needs to be configured across all of the routers in the PIM domain Multiple RP addresses can be specified by the command Only one access list can be specified for an RP The new setting overrides the old one Example The following example sets the PIM RP address to 10 90 90 90 for multicast group 225 2 2 2 only Verify the settings by using the show ip pim command Syntax Description IP ADDRESS ...

Page 318: ...s of the PIM domain That is a stub router that relies on an on demand dialup link to connect to the rest of the PIM domain is not a good candidate RP Example The following example on the next page shows how to configure the router to advertise itself as a candidate RP to the BSR in its PIM domain A basic IP access list named PIM Control which specifies the group prefix 239 0 0 0 8 is Syntax Descri...

Page 319: ... identified by VLAN interface 1 and with priority 3 Verify the settings by using the show ip pim command Switch config ip access list PIM Control Switch config ip acl permit any 239 0 0 0 255 0 0 0 Switch config ip acl exit Switch config ip pim rp candidate vlan1 group list PIM Control priority 3 ...

Page 320: ...urpose of this message is to reduce overhead spent on the cycle in flooding and pruning of traffic For each state refresh origination interval the first hop router will initiate this message and send it to the down stream hops Thus the down stream routers can do an action similar to prune On receiving this prune the upstream will refresh the Prune timer and thus not flood the traffic to the corres...

Page 321: ...fic characteristics If IP access list is used with the match ip address command all of the matching criteria in the access list will be checked The packet that matches that permit statement will be acted based on the route map The packet that is denied by the access list will be routed based on routing table Use the following set command to define the action to take for policy based routing set ip...

Page 322: ...r acl to next hop 20 1 1 254 You can verify your settings by entering show ip policy command Switch config route map pbr map Switch config route map match ip address pbr acl Switch config route map set ip next hop 20 1 1 254 Switch config route map exit Switch config Switch config interface vlan100 Switch config if ip policy route map pbr map Switch config if exit ...

Page 323: ...command ip rip authentication key chain NAME OF KEY no ip rip authentication key chain Default No authentication is provided for RIP packets Command Mode Interface configuration Usage Guideline If no key is configured with the key chain command no authentication is performed on the interface This command also specifies that the interface will use the key chain for authentication Syntax Description...

Page 324: ...ication mode text Switch config if exit Switch config router rip Switch config router network 172 19 0 0 8 Switch config router version 2 Switch config router exit Switch config key chain chain1 Switch config keychain key 1 Switch config keychain key key string forkey1string Switch config keychain key accept lifetime 13 30 00 Jan 25 2009 duration 7200 Switch config keychain key send lifetime 14 00...

Page 325: ...text authentication text Command Mode Interface configuration Usage Guideline Only VLAN interfaces at which IP addresses are configured are valid interfaces for this command RIP Version 1 does not support authentication This command only affects RIPv2 Example The following example shows how to configure the authentication mode of the interface to md5 at interface VLAN 2 Verify the settings by ente...

Page 326: ...on 1 and Version 2 packets The following example shows how to configure the interface VLAN 1 to only accept RIP Version 1 packets Verify the settings by entering the show ip rip interface command Syntax Description VERSION ID The Version ID can be either 1 or 2 That is RIP accepts only RIP Version 1 packets on the interface or accepts only RIP Version 2 packets on the interface It also can be a li...

Page 327: ...Version 2 packets The following example shows how to configure the interface VLAN 100 to send only RIP Version 2 packets Verify the settings by entering the show ip rip interface command Syntax Description VERSION ID The RIP Version ID can be either 1 or 2 That is send out only RIP Version 1 packets on the interface or send out only RIP Version 2 packets on the RIP enabled interface It also can be...

Page 328: ...do not listen to multicast broadcasts Version 2 updates requests and responses will be sent to the IP broadcast address e g 10 70 89 255 instead of the IP multicast address 224 0 0 9 In order to reduce unnecessary load on those hosts that are not listening to RIP Version 2 broadcasts the system uses an IP multicast address for periodic broadcasts The IP multicast address is 224 0 0 9 This command ...

Page 329: ...es are equidistant then one of them must be chosen as the active route For the single path mode the route with the best distance and route type is selected as the primary active path the other distances are available as backup paths The active path is always considered the path with the best route type selected from the reachable paths with the best distance Examples This example shows how to add ...

Page 330: ...the route operation mode multi path or not to select the routes that will be active For the no command it disables the multiple path function Only one of the multiple paths will be active Note The active path may change from one path to the other under multiple paths mode as long as the available route with a greater priority becomes reachable Examples This example shows how to enable multiple pat...

Page 331: ...rver does not receive any messages from the client the session will be released The SSH server can be configured with extra authentication retries for setting up an SSH session The connection will be failed when the number of authentication attempts equals the maximum number of authentication attempts retries allowable Syntax Description timeout SECONDS Optional The time interval that the switch w...

Page 332: ...mber of authentication retries reaches 2 tries without success This example shows how to change the service port to 3000 The SSH client must connect using this service port number Verify the settings by entering the show ip ssh command Switch configure terminal Switch config ip ssh Switch configure terminal Switch config ip ssh timeout 160 Switch configure terminal Switch config ip ssh authenticat...

Page 333: ...l used on the Internet or local area networks to provide a general bidirectional interactive communications facility Using the Telnet protocol users can control a device through a TCP connection which transmits data in plain text This command is used to enable disable the IP TELNET server function The SSH access interface is separated controlled through SSH commands Example This example shows how ...

Page 334: ...iguration Usage Guideline This command configures the TCP port number for the TELNET server The Telnet server listens on port number 23 for connection requests in the default configuration Example This example shows how to change the service port to 3000 Verify the settings by entering the show system protocol state command Syntax Description TCP PORT The TCP port number TCP ports are numbered bet...

Page 335: ...onfigured trusted hosts are allowed access to the access interfaces associated with their entry If an access interface is not specified in the trusted host list then all access to that access interface will be blocked The number of trusted hosts is project dependent For the no command when the host is not specified all hosts will be deleted for the specified access interface If no access interface...

Page 336: ...e Guide 326 This example shows how to remove the trusted host with IP address 163 10 50 126 for all access interfaces You can verify your settings by entering the show ip trusted host command Switch config no ip trusted host 163 10 50 126 ...

Page 337: ...port operator gt lt operator the number of remaining port operators will be displayed If the resources are insufficient to commit the command an error message will be displayed There is limitation on the number of port operator resources The maximum number is project dependent If the commit of the command will exceed the maximum number of available port selectors an error message will be displayed...

Page 338: ...e 328 Example This example shows how to specify the IPv6 access list ip6 control as an IPv6 access group for eth3 3 Verify the settings by entering show access group Switch config interface eth3 3 Switch config if ipv6 access group ip6 control in ...

Page 339: ... the allowed number is exceeded after the execution of the command An IPv6 access list can not be deleted if it is applied to interfaces The access list is always terminated by an implicit deny statement for all traffic Examples This example shows how to configure an IPv6 extended access list named ip6 control This example shows how configure an IPv6 extended access list named ip6 std control Veri...

Page 340: ...ddress is configured When using the no ipv6 address command without other parameters it removes all ipv6 global addresses configured on this interface Example This example shows how to add an IPv6 address to a VLAN interface Syntax Description X X X X M IPv6 network address This argument must be in the form documented in RFC2373 where the address is specified in hexadecimal format using a 16 bit v...

Page 341: ...ost bits In this case the leading bits of the address are defined in a general prefix which is globally configured or learned for example through use of DHCP PD and then applied using the prefix name argument The sub prefix bits and host bits are defined using the sub bits argument Syntax Description IPV6 ADDRESS The IPv6 address to be used PREFIX LENGTH The length of the IPv6 prefix A decimal val...

Page 342: ...ove a general prefix named my prefix on the interface The following example shows how to manually configure a global address After the command is entered the global address 3ffe 22 22 22 2 64 will be immediately set The following example shows how to manually remove a global address from the configuration After the command is entered the global address 3ffe 22 22 22 2 64 will be immediately remove...

Page 343: ...ss Default Default IPv6 address is 0 Command Mode Management interface configuration Usage Guideline Users can manage the system by accessing this IPv6 address Use the no ipv6 address command to restore the default IPv6 address Example This example shows how to set 2000 1 64 as the IPv6 address of the Management Port Verify the settings by entering the show mgmt if command Syntax Description IPv6 ...

Page 344: ...default gateway IPv6 ADDRESS no ipv6 default gateway Default Command Mode Management interface configuration Usage Guideline The management port will send out IPv6 packets destined for other IP subnets using this IPv6 address as the gateway router Example This example shows how to set 2000 2 as the IPv6 address of the default gateway Verify the settings by entering the show mgmt if command Syntax ...

Page 345: ...in several situations In unstable environments where unexpected changes are likely to occur For planned changes including renumbering an administrator can grad ually decrease the time as the planned event nears Limit the amount of time before new services or servers are available to the client such as the addition of a new Simple Network Time Protocol SNTP server or a change of address for a Domai...

Page 346: ...es the configuration of an IPv6 prefix That prefix will be included in DHCHv6 solicit and request messages sent by the interface s IPv6 client DHCP The included prefixes in the messages are sent as a hint for the prefix delegating routers Only one prefix can be configured for each delegation hint request message Re configuring prefix hint will change the hint setting and setting no ipv6 dhcp clien...

Page 347: ...inal Switch config interface vlan2 Switch config if ipv6 address dhcp prefix 0 0 0 7272 72 64 Switch config if exit Switch config interface vlan1 Switch config if ipv6 dhcp client pd dhcp prefix Switch enable Switch configure terminal Switch config interface vlan1 Switch config if ipv6 dhcp client pd hint 2001 0DB8 1 48 Switch enable Switch configure terminal Switch config interface vlan1 Switch c...

Page 348: ...ation addresses A link scoped unicast or multicast IPv6 address for which a user must specify an output interface A global or site scoped unicast or multicast IPv6 address for which a user CANNOT specify the output interface The output interface will determined by routing table If no output interface is configured for a destination the output interface is determined by routing tables In this case ...

Page 349: ...ervice is disabled on the interface DHCP for the IPv6 client server and relay functions is mutually exclusive on an interface When one of these functions is already enabled and a user tries to configure a different function on the same interface one of the following messages is displayed Interface is in DHCP client mode Interface is in DHCP server mode or Interface is in DHCP relay mode One VLAN i...

Page 350: ...ace must be created before Usage Guideline The interface must be created before used ipv6 enable command When the interface up ipv6 enable will also add link local address to the interface and vice versa When global address had existed in the interface and using the no ipv6 enable command it will take no effect link local address should not be removed Example This example shows how to enable the I...

Page 351: ...ault Hop limit 64 Command Mode VLAN interface configuration Usage Guideline The VLAN interface must be created first before this command can be used Example This example shows how to configure IPv6 hop limit setting Syntax Description 0 255 The IPv6 hop limit range 0 means not specified on this interface and to use the default value to send a packet Switch enable Switch configure terminal Switch c...

Page 352: ...and turns off this flag ipv6 nd managed config flag no ipv6 nd managed config flag Syntax None Default Off Command Mode VLAN interface configuration Usage Guideline The VLAN interface must be created first before this command can be used Example This example shows how to configure IPv6 manage config flag setting Switch enable Switch configure terminal Switch config interface vlan1 Switch config if...

Page 353: ...this flag ipv6 nd other config flag no ipv6 nd other config flag Syntax None Default other configure flag off Command Mode VLAN interface configuration Usage Guideline The VLAN interface must be created first before this command can be used Example This example shows how to configure IPv6 other configure flag incidence Switch enable Switch configure terminal Switch config interface vlan1 Switch co...

Page 354: ...on Usage Guideline The VLAN interface must be created first before this command can be used Example This example shows how to configure IPv6 prefix information incidence Syntax Description X X X X M IPv6 network address This argument must be in the form documented in RFC2373 where the address is specified in hexadecimal format using a 16 bit value between colons X X X X IPv6 address M IPv6 prefix ...

Page 355: ...ommand can be used If the minimum interval value is not configured the minimum interval value will be automatically assigned per the following rules 1 If maximum timer 9 seconds then it is configured to the maximum value 0 33 2 If maximum timer 9 seconds then it is configured to the maximum value Example This example shows how to configure the IPv6 RA interval timer setting Syntax Description 4 18...

Page 356: ...fetime 0 9000 no ipv6 nd ra lifetime Default 1800 Command Mode VLAN interface configuration Usage Guideline The VLAN interface must be created first before this command can be used Example This example shows how to configure IPv6 ra lifetime incidence Syntax Description 0 9000 The IPv6 router advertisement lifetime range in seconds Switch enable Switch configure terminal Switch config interface vl...

Page 357: ...onfiguration Usage Guideline The VLAN interface must be created first before this command can be used When the reachable time is set to the default value or set to 0 the system will run for 30 seconds on this interface but the RA packet will be set to 0 Example This example shows how to configure the IPv6 reachable time setting Syntax Description 0 3600000 The IPv6 router advertisement reachable t...

Page 358: ...nfiguration Usage Guideline The VLAN interface must be created first before this command can be used When the reachable time is set to the default value or set to 0 the system will use 1 second for this interface but the RA packet will be set to 0 Example This example shows how to configure the IPv6 retrans timer setting Syntax Description 0 4294967295 The IPv6 router advertisement retrans timer r...

Page 359: ...v6 nd suppress ra Syntax None Default Suppress RA Sending of IPv6 router advertisements is disabled by default on an ISATAP tunnel interface Command Mode VLAN interface configuration Usage Guideline The VLAN interface must be created first before this command can be used ISATAP tunnel interfaces are valid for this command Other types of tunnel interfaces are invalid Example This example shows how ...

Page 360: ...guration Usage Guideline None Example This example shows how to configure an IPv6 neighbor entry Syntax Description X X X X IPv6 address This argument must be in the form documented by RFC2373 where the address is specified in hexadecimal using a 16 bit value between colons XXXX IPv6 address IFNAME The IP Interface name MAC The MAC address in XX XX XX XX XX XX format Switch enable Switch configure...

Page 361: ... the metric manually using the ipv6 ospf cost command Using the bandwidth command changes the link cost as long as the ipv6 ospf cost command is not used The link state metric is advertised as the link cost in the router link advertisement Example The following example sets the interface cost value to 65 Syntax Description COST Unsigned integer value expressed as the link state metric It can be a ...

Page 362: ...erface configuration Usage Guideline The interval is advertised in router hello packets This value must be the same for all routers and access servers on a specific network Example The following example sets the IPv6 OSPF dead interval to 60 seconds Syntax Description SECONDS Specifies the interval in seconds The value must be the same for all nodes on a specific network It can be a value in the r...

Page 363: ... The shorter the hello interval the earlier topological changes will be detected but more routing traffic will ensue This value must be the same for all routers and access servers on a specific network Example The following example sets the interval between hello packets to 15 seconds Syntax Description SECONDS Specifies the interval in seconds The value must be the same for all nodes on a specifi...

Page 364: ...uter with the higher router priority becomes the DR If the router priority is the same for two routers the router with the higher router ID takes precedence Only routers with non zero router priority values are eligible to become the designated or backup designated router Configure router priority for multi access networks not point to point only Example The following example sets the router prior...

Page 365: ...outer does not receive an acknowledgement during the set time the retransmit interval value it retransmits the LSA Set the retransmission interval value conservatively to avoid needless retransmissions The interval should be greater than the expected round trip delay between two routers Example The following example sets the retransmit interval value to 6 seconds Syntax Description SECONDS The int...

Page 366: ... will shutdown the protocol in the least disruptive manner and notify its neighbors that it is leaving All traffic that has another path through the network will be directed to that alternate path Note When this command is used to shutdown IPv6 OSPF on all interfaces then at this time the device will clear the LSDBs and leave them empty This behavior is not the same as with the IPv4 OSPF protocol ...

Page 367: ...mentally changed by the amounts specified in the seconds The value assigned should take into account the transmission and propagation delays for the interface If the delay is not added before transmission over a link the time in which LSAs propagate over the link will not be considered This setting has more significance on very low speed links Example The following example sets the transmit delay ...

Page 368: ...rip metric offset command is added before the route is inserted into the routing table Increasing the IPv6 RIP metric value of an interface will increase the metric value of IPv6 RIP routes received over the interface Use the ipv6 rip metric offset command to influence which routes are used The IPv6 RIP metric is in the hop count Example The following example configures a metric increment of 10 fo...

Page 369: ...r updates If split horizon is configured on interfaces where the networks are learned then the advertisement of networks sent out from those same interfaces is suppressed When both split horizon and poison reverse are configured then split horizon behavior is replaced by poison reverse behavior routes The poison reverse behavior routes are learned via RIP and are advertised out the interface over ...

Page 370: ...d Mode Interface configuration Usage Guideline This command configures poison reverse processing of IPv6 RIP router updates When poison reverse is configured routes learned via RIP are advertised with an unreachable metric out from the interface over which they were learned If both poison reverse and split horizon are configured then simple split horizon behavior is replaced by poison reverse beha...

Page 371: ...mand Mode Interface configuration mode Usage Guideline IPv6 OSPF checks whether neighbors are using the same MTU on a common interface This check is performed when neighbors exchange DBD packets If the receiving MTU in the DBD packet is higher than the IP MTU configured on the incoming interface IPv6 OSPF adjacency will not be established Example The following example disables MTU mismatch detecti...

Page 372: ...ext hop that can be used to reach the specified network Note An interface must be specified when using a link local address as the next hop the link local next hop must also be an adjacent router If an interface is specified a global IPv6 address cannot be used as the next hop address This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16 bi...

Page 373: ...nected IPv6 nodes to communicate with nodes on Internet This example shows how to create a default route After configuring the default route the edge router will forward the unknown IPv6 traffic to the core router By doing this users connected to the edge router can connect to the world WAN internet This example shows how to delete an existing default route Configuring a General Static Route To es...

Page 374: ...e IP traffic to this address if there is no matched forwarding rule by default Examples Imagine the topology as illustrated below There is a proxy server to access the Intranet All the users on the Intranet are required to setup this same proxy to communicate with the WEB servers outside the Intranet However there is a default gateway configured on the edge route The HTTP communication from users ...

Page 375: ...utes can also be allowed to back up static routes since each route in a system has its own distance To establish floating static IPv6 routes use the ipv6 route command in global configuration mode To remove a previously configured floating static route use the no form of this command Default No floating static routes are configured Switch enable Switch show ipv6 route IPv6 Routing Table Codes K ke...

Page 376: ... the same destination as an existing static route However an operator would like to select the calculation of the best route to choose from the routing protocols first To do that the operator needs to change the priority of the static route since the default priority of static routes is usually higher than dynamic routes This example shows how to create floating static routes The System will ultim...

Page 377: ... After CMD enable users cannot add static routes with longer prefix when the check ACL table is full Default No static routes are established Examples This example shows how to create a static route with long prefix This example shows error message when create a static route with long prefix and ACL table full Switch enable Switch configure terminal Switch config no ipv6 route 2001 0DB8 32 vlan 1 ...

Page 378: ...mands that can be used on the router At least two interfaces must be configured for IPv6 OSPF to run If the configuration is based on a specific process then the no form of the command must include the process information Example The following example enables IPv6 OSPF on an interface Syntax Description AREA ID The identifier of the area for which the vlan interface is to be enabled It can be spec...

Page 379: ...ult Disabled Command Mode Interface configuration Usage Guideline The ipv6 router rip interface configuration command is used to enable IPv6 RIP explicitly on required interfaces In IPv4 the network network number router configuration command is used to implicitly specify the interfaces on which to run IPv4 RIP Example The following example enables the IPv6 RIP routing process on VLAN 1 Switch ena...

Page 380: ... Guideline If the log is enabled When an IPv6 route with a prefix longer than 64 bits won t work due to an ACL configuration table failure a syslog will be recorded When an IPv6 route configured to an ACL table goes from a fail to success it will log this information also Example The following is a sample output from the ip6 route longprefix log enable command The following is a sample output from...

Page 381: ... prefix longer than 64 bits to configure the ACL table This is an enhancement feature This command does not support ECMP routes When ECMP routes with a prefix longer than 64 bits it will only allow one path to be added to the ACL table When traffic matches the long prefix route and the Policy Based route in the ACL table at the same time traffic will follow the Policy Base Route configuration and ...

Page 382: ...s a sample for an error message output from an ipv6 route longprefix enable command when the ACL table is full Switch enable Switch configure terminal Switch config ipv6 unicast routing long prefix There is no enough ACL resource to support IPv6 route with long prefix Switch config ...

Page 383: ...ave multiple keys on a key chain so that the software can sequence through the keys as they become invalid over a period of time This is based on the accept lifetime send lifetime and key chain key command settings If the last key expires authentication will be invalid If there was a discrepancy in the set time of the router s keys the first valid key will be chosen To remove all keys remove the k...

Page 384: ... Switch config if exit Switch config router rip Switch config router network 172 19 0 0 8 Switch config router version 2 Switch config router exit Switch config key chain chain1 Switch config keychain key 1 Switch config keychain key key string forkey1string Switch config keychain key accept lifetime 13 30 00 Jan 25 2009 duration 7200 Switch config keychain key send lifetime 14 00 00 Jan 25 2009 d...

Page 385: ...configured Command Mode Global configuration Usage Guideline Routing Information Protocol RIP Version 2 uses key chains for authentication To enable authentication a key chain with named keys must first be created It is recommended that only one key chain be configured per interface Syntax Description NAME OF KEY The name used for a key chain a string that can be displayed The maximum string lengt...

Page 386: ...ext Switch config if exit Switch config router rip Switch config router network 172 19 0 0 8 Switch config router version 2 Switch config router exit Switch config key chain chain1 Switch config keychain key 1 Switch config keychain key key string forkey1string Switch config keychain key accept lifetime 13 30 00 Jan 25 2009 duration 7200 Switch config keychain key send lifetime 14 00 00 Jan 25 200...

Page 387: ...ult No key chains are configured Command Mode key chain key configuration Usage Guideline Routing Information Protocol RIP Version 2 uses key chains for authentication Each key can have only one key string Syntax Description TEXT The required authentication string sent and received in packets using the routing protocol being authenticated The string can consist of 1 to 16 alphanumeric characters t...

Page 388: ...ntication mode text Switch config if exit Switch config router rip Switch config router network 172 19 0 0 8 Switch config router version 2 Switch config key chain chain1 Switch config keychain key 1 Switch config keychain key key string forkey1string Switch config keychain key accept lifetime 13 30 00 Jan 25 2009 duration 7200 Switch config keychain key send lifetime 14 00 00 Jan 25 2009 duration...

Page 389: ...y which ports can join a port channel and which ports are specified to be in backup mode In a port priority comparison a numerically lower value has a higher priority If two or more ports have the same priority the port number determines the priority Example This example shows how to configure the port priority to 20000 on interface eth3 4 to eth3 5 Verify the settings with the show channel group ...

Page 390: ... switch uses port priority to determine whether the port status will be in backup mode or active mode The LACP system priority determines which switch controls the port priority for the aggregated link The port priorities of the other switch are ignored In a system priority comparison a numerically lower value has a higher priority If two switches have the same system priority the LACP system ID M...

Page 391: ...les The following is a sample of configuring the lease in address pool pool1 to 1 day The following is sample of configuring the lease in address pool pool1 to 1 hour Syntax Description DAYS Specifies the duration of the lease in number of days HOURS Optional Specifies the number of hours in the lease The DAYS value must be configured prior to HOURS MINUTES Optional Specifies the number of minutes...

Page 392: ...he Port And Protocol VLAN ID PPVID TLV to send The Port and Protocol VLAN ID TLV is an optional TLV that allows a bridge port to advertise a port and protocol VLAN ID VLAN ID Specify the ID of the VLAN in the PPVID TLV The VLAN ID range is 1 to 4094 Separate nonconsecutive VLAN ID with a comma use a hyphen to designate a range of VLAN ID In no form of this command the VLAN ID is optional If no VLA...

Page 393: ...guration of protocol vlan on that interface and the VLAN exists then the PPVID TLV for that VLAN will be sent Only when the interface is a member port of the configured VLAN ID the VLAN will be advertised in VLAN Name TLV Example This example shows how to enable advertising Port VLAN ID TLV The following example disables advertising Port VLAN ID TLV This example shows how to enable advertising Por...

Page 394: ... vlan3 This example shows how to enable LACP Protocol Identify TLV advertisement This example shows how to disable LACP Protocol Identify TLV advertisement Switch config if lldp dot1 tlv select protocol vlan 1 3 Switch config if no lldp dot1 tlv select protocol vlan 1 3 Switch config if lldp dot1 tlv select vlan name 1 3 Switch config if no lldp dot1 tlv select vlan name 1 3 Switch config if lldp ...

Page 395: ...of the sending IEEE 802 3 LAN node link aggregation Optional Specify the Link Aggregation TLV to send The Link Aggregation TLV indicates contains the following information Whether the link is capable of being aggregated Whether the link is currently in an aggregation The aggregated port channel ID of the port If the port is not aggregated then the ID is 0 power Optional Specify the Power via MDI T...

Page 396: ...the optional IEEE 802 3 Organizationally Specific TLVs The respective TLV will be encapsulated in LLDPDU and sent to other devices if the advertisement state is enabled Example This example shows how to enable advertising MAC PHY Configuration Status TLV This example shows how to disable advertising MAC PHY Configuration Status TLV Switch config if lldp dot3 tlv select mac phy cfg Switch config if...

Page 397: ...imes Command Mode Global configuration mode Usage Guideline When an LLDP MED Capabilities TLV is detected the application layer shall start fast start mechanism This command is used to configure the fast start repeat count which indicates the number of LLDP message transmissions for one complete fast start interval Example This example shows how to set LLDP MED fast start repeat count Syntax Descr...

Page 398: ... the TTL value in an LLDPDU The lifetime is determined by hold multiplier times tx interval and up to 65535 At the partner switch when the time to live for a given advertisement expires the advertised data is deleted from the neighbor switch s MIB Example This example shows how to set LLDP hold multiplier to 3 This example shows how to set LLDP hold multiplier to default value Syntax Description V...

Page 399: ...dress no management address TLV will be advertised Once user configures an address no matters what it is IP or IPv6 address both of the default IP and IPv6 management address become inactive and won t be sen t The default IP or IPv6 address will be active again when the configured address is removed Multiple IP IPv6 management addresses can be config ured by setting this command multiple times Use...

Page 400: ...le shows how to delete all management address es on eth3 5 and then no Management Address TLV will be sent on eth3 5 Switch config interface range eth3 3 3 4 Switch config if range lldp management address FE80 250 A2FF FEBF A056 Switch config interface range eth3 1 3 2 Switch config if range no lldp management address 10 1 1 1 Switch config interface range eth3 3 3 4 Switch config if range no lldp...

Page 401: ...om the interface If you disable transmitting Capabilities TLV LLDP MED on the physical interface will be disabled at the same time In other words all LLDP MED TLVs will not be sent even other LLDP MED TLVs are enabled to transmit By default the switch only sends LLDP packets until it receives LLDP MED packets from the end device The switch continues to send LLDP MED packets until it only receives ...

Page 402: ...le shows how to enable transmitting LLDP MED TLVs and LLDP MED Capabilities TLV will be sent This example shows how to enable transmitting LLDP MED Inventory Management TLV Switch config if lldp med tlv select Switch config if lldp med tlv select capabilities Switch config if lldp med tlv select inventory management ...

Page 403: ... is enabled on all supported interfaces Command Mode Interface Configuration mode Usage Guideline This command is used to enable a physical interface to receive LLDP mes sage When LLDP is not running when the command no lldp run is issued on global configuration mode the switch doesn t receive LLDP message Example This example shows how to enable a physical interface to receive LLDP message This e...

Page 404: ... Global configuration Usage Guideline A re enabled LLDP physical interface will wait for re initialization delay after last disable command before re initializing Example This example shows how to set the re init delay interval to 5 seconds This example shows how to set the re init delay interval to default value Syntax Description SECONDS Specifies a delay for LLDP initialization on an interface ...

Page 405: ...tart to transmit LLDP packets and receive and process the LLDP packets However the transmission and receiving of LLDP can be controlled respectively by the command lldp transmit and lldp receive in interface configuration mode LLDP takes effect on a physical interface only when it is enabled both globally and on the physical interface By advertising LLDP packets the switch announces the informatio...

Page 406: ...rted optional 802 1AB basic management TLVs This example shows how to enable advertising System Name TLV This example shows how to disable advertising System Name TLV Syntax Description port description Optional specify the Port description TLV to send the Port description TLV allows network management to advertise the IEEE 802 LAN station s port description system capabilities Optional Specify th...

Page 407: ...DGS 6604 m lldp tlv select CLI Reference Guide 397 Switch config if no lldp tlv select system name ...

Page 408: ...eywords Default LLDP transmit is enabled on all supported interfaces Command Mode Interface Configuration mode Usage Guideline This command is used to enable LLDP transmission on a physical interface When LLDP is not running when the command no lldp run is issued on global configuration mode the router doesn t transmit LLDP message Example This example shows how to enable LLDP transmission This ex...

Page 409: ...d Mode Global configuration Usage Guideline The LLDP transmission interval tx interval must be greater than or equal to four times of transmission delay timer Example This example shows how to set the transmission delay timer to 8 seconds The following example configures the transmission delay timer to default value Syntax Description SECONDS Specifies a delay for sending successive LLDPDU on an i...

Page 410: ... Mode Global configuration Usage Guideline This interval controls the rate at which LLDP packets are sent Examples This example shows how to set LLDP updates are sent every 50 seconds This example shows how to set LLDP transmission interval to default value Syntax Description SECONDS Specifies the interval between consecutive transmissions of LLDP advertisements on each physical interface The rang...

Page 411: ...to FLASH memory from the logging buffer logging file Syntax None Default None Command Mode Global configuration Usage Guideline Use this command to save log messages from the logging buffer to flash Example The example below sets log messages to be saved to flash Switch enable Switch configure terminal Switch config logging file ...

Page 412: ...4 and IPv6 address are supported port UDP PORT Optional The UDP port number to be used for the syslog server Valid values are 514 or any value from 1024 to 65535 severity optional Specifies the severity of log messages that will be sent to the server emergency System is unusable alert Action must be taken immediately critical critical condition error error conditions warning warning condition noti...

Page 413: ...level For example if the severity is debugging all logs in the Syslog daemon are sent to the log server host If the level of log is alert then only alert and emergency logs are sent The keyword facility specifies the syslog facility in the SYSLOG messages which are sent to the server For the no command if the IP address is not specified all logging hosts will be deleted Example The below example s...

Page 414: ... emergency logs will be logged to buffer Example The below example limits logs with severity alert and emergency to be logged to buffer for all facilities Verify the settings by entering the show logging command Syntax Description all All facilities SEVERITY Value for the severity level of system messages to capture Severity level definitions are shown in the following table Severity Level Severit...

Page 415: ...logging on Syntax None Default Logging of system messages is on Command Mode Global configuration Usage Guideline To enable logging of system messages use the logging on command in global configuration mode Example To set logging of system messages to on execute the below commands Verify the settings with the show logging command Switch enable switch configure terminal Switch config logging on ...

Page 416: ...a TELNET connection if all of the attempts fail the connection will be returned to the logout state For a direct console connection the session will also be returned to the logout state Example This example shows how to login with username user1 Switch login User Access Verification Username user1 Password DGS 6604 Chassis based High Speed Switch Command Line Interface Firmware 2 01 001 Copyright ...

Page 417: ...e terminal session by logging off the switch logout Syntax None Default None Command Mode User EXEC Usage Guideline Close an active terminal session by logging off the device using the logout command Example This example shows how to logout from the switch Switch disable Switch logout ...

Page 418: ... to which this port belonged When the switch detects that a CTP packet sent out by the port has been looped back to the packet originating port it will put this port into error disabled state or block the traffic which belong to this VLAN according to the detection mode user configured There are two kinds of recovery mechanisms provide user can bring it out of this state by entering the errdisable...

Page 419: ...DGS 6604 m loopback detection interface CLI Reference Guide 409 You can verify your settings by entering the show loopback detection command ...

Page 420: ...ged member of VLAN then this port will send out the tagged packet with one of the VLAN ID to which this port belonged When the switch detects that a CTP packet sent out by the port has been looped back to the packet originating port it will put this port into error disabled state or block the traffic which belong to this VLAN according to the detection mode user configured There are two kinds of r...

Page 421: ...TP packets periodically per port On the other side vlan based mode makes switch will per port per VLAN send the CTP packets periodically This mode can detect loopback based on VLAN If switch detects loopback on a VLAN LBD will only block the traffic which belongs to this VLAN Other VLANs traffic should not be affected on this port Example This example shows how to choose the loopback detection ope...

Page 422: ...iodically to detect a loop back event If the loopback detection mode is port based LBD will per port send the CTP packets Oppositely LBD will per port per VLAN send the CTP packets periodically on VLAN base mode Example This example shows how to configure the time interval You can verify your settings by entering the show loopback detection command Syntax Description interval time SECONDS The time...

Page 423: ... error message will be displayed The keyword in specifies the ingress direction check One MAC access list one IP access list and one IPv6 access list can be applied to the same interface The association of an access group with an interface will consume the filtering entry resource in the switch controller If the command is applied successfully the number of remaining max entries will be displayed ...

Page 424: ...ue among access lists Access list names are case sensitive A configured access list is always terminated by an implicit deny statement for all addresses An error message will appears if the allowed number of lists is exceeded If both a MAC access list and an IP access list or IPv6 access list are applied to an interface the packet will be processed using the MAC access list first If the packet is ...

Page 425: ...gered update function is always enabled When a user enables the destination MAC address triggered update function by entering the mac address table aging destination hit command the hit bit of MAC address entries will be updated It will be updated for either the destination MAC addresses or the source MAC addresses when the forwarding packet is matched The destination MAC address triggered update ...

Page 426: ...bal configuration Usage Guideline Set the aging time to 0 to disable the MAC address table aging out function Example This example shows how to set the aging time to 200 seconds Verify the setting by entering the show mac address table aging time command Syntax Description SECONDS Aging time in seconds The valid range is 0 or 10 to 1000000 seconds 0 means that the aging function is disabled so ent...

Page 427: ...st MAC entry will be removed An error message will appear if the entry to be removed does not exist Example This example shows how to add static address C2 F3 22 0A 12 F4 to the MAC address table When a packet is received in VLAN 4 with this MAC address as its destination the packet is forwarded to the specified interface Verify the setting by entering the show mac address table command Syntax Des...

Page 428: ...Guideline Use the mac base command to create a MAC based VLAN ID assignment entry Any frame with a source MAC address matching the entry is classified as a member of the VLAN associated with the entry Example This example shows how to create a MAC based VLAN ID entry Verify the settings with the show vlan command Syntax Description MAC ADDRESS Specifies the MAC address for the entry VLAN ID Specif...

Page 429: ... basis of a Layer 2 class of service CoS marking use the match cos command in class map configuration mode To remove a specific Layer 2 CoS marking as a match criterion use the no form of this command To identify one or more differentiated service code point DSCP use the match dscp command in class map configuration mode To remove a specific DSCP Syntax Description access list ACCESS LIST NAME Nam...

Page 430: ...a class map on the basis of the specified protocol use the match protocol command in class map configuration mode To remove protocol based match criterion from a class map use the no form of this command To match and classify traffic on the basis of the virtual local area network VLAN identification number use the match vlan command in class map configuration mode To remove a previously specified ...

Page 431: ...me user and configures the access list named acl home user to be used as the match criteria for that class ssh Secured shell telnet Telnet tftp Trivial File Transfer Protocol Protocol Description Switch config class map class home user Switch config cmap match access list acl home user Switch config cmap exit ...

Page 432: ...ass Verify the settings by entering the show class map command Switch config class map voice Switch config cmap match cos 7 Switch config cmap exit Switch config class map video n data Switch config cmap match cos 5 Switch config cmap exit Switch config policy map cos based treatment Switch config pmap class voice Switch config pmap c police 8000 1000 exceed action drop Switch config pmap c exit S...

Page 433: ...e map can have several parts Any route that does not match at least one match clause relating to a route map command will be ignored that is the route will not be advertised for outbound route maps and will not be accepted for inbound route maps To modify only a portion of the data a second route map section must be configured with an explicit match statement match means that the AS path list exac...

Page 434: ...GP When exact is specified the communities of the route must be exactly the same as the permitted communities specified in the community list by the command ip community list When exact is not specified at least one community of the route must match one of the permitted communities in the community list and that community does not match any deny community Example In the following example routes th...

Page 435: ...to define rule for matching routes against IP standard access list Example The following example create an IP access list myacl first and create a route map entry to match against the create IP access list You can verify your settings by entering the show route map command Syntax Description ACCESS LIST NAME Specify a standard or an extended IP access list name Switch config ip access list myacl S...

Page 436: ... mode to define rule for matching routes against IP standard access list Example The following example create an IP access list aclv6cfg first and create a route map entry to match against the create IP access list You can verify your settings by entering the show route map command Syntax Description IPv6 ACCESS LIST NAME Specify an IPv6 access list name Switch config ipv6 access list extended acl...

Page 437: ...ER PATHS 6 Command Mode Global configuration Usage Guideline None Example The following example shows how to allow a maximum of 8 paths to a destination for an Open Shortest Path First OSPF routing process Verify the settings by entering the show ip route summary command Syntax Description NUMBER PATHS Maximum number of parallel routes that an IP routing protocol installs in a routing table valid ...

Page 438: ...ystem to optimize server to server performance When a port is removed from the port channel member list the max rcv frame size setting for the port will be reset to the default setting Examples This example shows how to set max rcv frame size as 6000 bytes at eth4 1 This example shows how to restore the default max rcv frame size Verify the settings by entering the show interface command Syntax De...

Page 439: ... primary medium no matter what the link status and the other medium will be inactive Auto failover function can t work when the copper medium is linked with copper configured as the primary medium and speed 1000 with auto negotiation disabled Because 1000 forced mode is out of standard it will be forced to send or wait for signals to negotiate clock The copper medium will be selected even if the l...

Page 440: ...ds entered in this mode will be applied to the management port mgmt if Syntax None Default None Command Mode Global configuration Usage Guideline None Example The following example displays how to enter the management interface mode Verify the settings using the show mgmt if command Switch config mgmt if Switch mgmt if ...

Page 441: ... as a monitor source port or destination port For a monitor session multiple source interfaces can be specified How ever only one destination interface can be specified An interface cannot be a source interface of one session and destination port of another ses sion simultaneously For a destination port all the layer 2 settings configured for this port are all ineffective Syntax Description SESSIO...

Page 442: ...physical port eth3 1 as a destination port and three source physical ports eth3 2 eth3 3 and eth3 4 as mirrored ports This example shows how to remove two source ports from a created port mirroring session with session number 1 Verify the settings by entering the show monitor session command Switch configure terminal Switch config monitor session 1 destination interface eth3 1 Switch config monito...

Page 443: ...sical port or a port channel Use the monitor session source interface command to configure the source ports whose packets will be monitored Use the remote span command in vlan config mode to specify a VLAN as a RSPAN VLAN When a VLAN is specified as a RSPAN VLAN the access member port of the VLAN will become inactive The monitor packet will be tunneled over the trunk member port of the RSPAN VLAN ...

Page 444: ...how monitor session command Switch configure terminal Switch config vlan 100 Switch config vlan remote span Switch config vlan exit Switch config monitor session 2 source interface eth2 2 2 4 Switch config monitor session 2 destination remote vlan 100 interface eth3 6 Switch config ...

Page 445: ...ce can be configured as destination interface of multiple sessions but it can be a source interface of only one session If direction is not specified both transmitted and received traffic are monitored If no monitor session is entered without specifying a session number all port monitor sessions are deleted Example This example shows how to create a port monitor session with session number 1 It as...

Page 446: ...n 1 You can verify your settings by entering the show monitor session command Switch configure terminal Switch config monitor session 1 destination interface eth2 1 Switch config monitor session 1 source interface eth2 2 2 4 Switch config Switch configure terminal Switch config no monitor session 1 source interface eth2 2 eth2 4 Switch config ...

Page 447: ... Use the monitor session destination interface command to configure the destination port Use the remote span command in vlan config mode to specify a VLAN as a RSPAN VLAN When a VLAN is specified as a RSPAN VLAN the access member port of the VLAN except the destination interface will become inactive Example This example shows how to create a RSPAN session on the destination switch It assigns VLAN ...

Page 448: ... span Switch config vlan exit Switch config interface eth2 1 Switch config vlan trunk allowed vlan 100 Switch config vlan exit Switch config interface eth2 4 Switch config vlan access vlan 100 Switch config vlan exit Switch config monitor session 2 source remote vlan 100 Switch config monitor session 2 destination interface eth2 4 Switch config ...

Page 449: ... removed from the port channel member list the MTU setting for the port will be reset to the default setting One should set appropriate values to these MTUs to avoid unexpected results In the general case max rcv frame size is larger than the ip mtu and mtu to cover L2 header size mtu is set as the same value as ip mtu Examples This example shows how to set mtu as 6000 bytes at eth4 1 This example...

Page 450: ...ple This example shows how to set the multicast filtering mode to filter unregistered Verify the setting by entering the show multicast filtering mode command Syntax Description forward all Flood all multicast packets based on VLAN domain forward unregistered Forward the registered multicast packet based on forwarding table and flood all un registered multicast packets based on VLAN domain filter ...

Page 451: ...ifferent Use the name command to differentiate MST regions Caution Use care when the name command is used to set the name of an MST region A mistake can put the switch in a wrong or different region The MST region name is a case sensitive parameter Example This example shows how to configure the MSTP configuration name to alpha Verify the settings by entering the show spanning tree mst configurati...

Page 452: ...uting information can be exchanged between a subset of routers and access servers on a LAN Example In the following example RIP updates are sent to all interfaces except vlan1 on network 10 0 0 0 8 However in this case a neighbor router configuration command is included This command permits routing updates to be sent to specific neighbors One copy of the routing update is generated per neighbor Ve...

Page 453: ...n it is used in combination with the passive interface router configuration command routing information can be exchanged between a subset of routers and access servers on a LAN Example In the following example RIPng updates are sent to a specified interface vlan1 on fe80 1 This command permits routing updates to be sent to specific neighbors One copy of the routing update is generated per neighbor...

Page 454: ...nfiguration Usage Guideline When a BGP peer group is specified using the PEER GROUP NAME argument all the members of the peer group inherit the characteristic configured with this command Example The following address family configuration mode example sets the minimum time between sending BGP routing updates to 15 seconds Verify the settings by entering the show ip bgp neighbor command Syntax Desc...

Page 455: ...ME argument all the members of the peer group inherit the characteristics configured with this command Example The following example shows how to configure a description for the neighbor 172 16 10 10 Verify the settings by entering the show ip bgp neighbor command Syntax Description IP ADDRESS Specifies IP address prefixes PEER GROUP NAME Name of a Border Gateway Protocol BGP peer group TEXT Speci...

Page 456: ... with IP address 172 16 1 1 to not send advertisements about any path which is through or from the adjacent autonomous system 123 Verify the settings in User Exec Mode by entering the show ip protocols bgp command Syntax Description IP ADDRESS Specifies the IP address prefix PEER GROUP NAME The name of a Border Gateway Protocol BGP peer group AS PATH LIST NAME The name of an autonomous system path...

Page 457: ...eline Often in a BGP or multi protocol BGP speaker multiple neighbors are configured with the same update policies that is the same outbound route maps distribution lists filter lists update source and so on Neighbors with the same update policies can be grouped into peer groups to simplify configuration and make update calculations more efficient Example This example shows how to create a peer gr...

Page 458: ...ion Address family configuration Usage Guideline The neighbor at the specified IP address inherits all the configured options of the peer group Example This example shows how to add a group member 10 1 1 254 to the peer group named ALPHA GROUP Verify the settings by entering the show ip bgp neighbor command in User EXEC mode Syntax Description IP ADDRESS IP address of the neighbor PEER GROUP NAME ...

Page 459: ...ystem Otherwise the neighbor will be considered as external When a BGP peer group is specified using the PEER GROUP NAME argument all the members of the peer group inherit the characteristics configured with this command By default neighbors that are defined using the neighbor remote as command in router configuration mode exchange only unicast address prefixes Example This example shows how to sp...

Page 460: ...n of the route map When a BGP peer group is specified using the PEER GROUP NAME argument all the members of the peer group inherit the characteristic configured with this command Specifying the command for a neighbor overrides the inbound policy that is inherited from the peer group Example The following example in router configuration mode applies a route map named internal map to a BGP outgoing ...

Page 461: ...f the peer group inherit the characteristics configured with this command Example The following example using the address family configuration mode sets the send community with the both option standard and extended Verify the settings by entering the show ip bgp neighbor command Syntax Description IP ADDRESS Specifies IP address prefixes PEER GROUP NAME Name of a Border Gateway Protocol BGP peer g...

Page 462: ...inate any active session for the specified neighbor or peer group and remove all associated routing information In the case of a peer group a large number of peering sessions could be suddenly terminated Example The following example shows how to disable any active session for the neighbor 172 16 10 10 Verify the settings by entering the show ip bgp neighbor command Syntax Description IP ADDRESS S...

Page 463: ...Example The following example shows how to configure the KEEP ALIVE timer to 120 seconds and the HOLD TIME timer to 360 seconds for the neighbor 172 16 10 10 Verify the settings by entering the show ip bgp neighbor command Syntax Description IP ADDRESS Specifies IP address prefixes PEER GROUP NAME Name of a Border Gateway Protocol BGP peer group KEEP ALIVE The frequency in seconds that specifies h...

Page 464: ...fault The best local address is used Command Mode Router configuration Usage Guideline Use this command in conjunction with any specified interface on the router Example The following example shows how to configure the internal BGP sessions to use VLAN 1 for the neighbor 172 16 10 10 Verify the settings by entering the show ip bgp neighbor command Syntax Description IP ADDRESS Specifies IP address...

Page 465: ...uration Router configuration Usage Guideline The weight specified by this command determines the weight to be associated with the routes learned from a specified neighbor Example The following address family configuration mode example sets the weight of the neighbor 10 4 4 4 to 10000 Verify the settings by entering the show ip bgp neighbor command Syntax Description IP ADDRESS Specifies IP address...

Page 466: ...s will use to register and resolve names b node The broadcast system uses broadcasts p node A p node system uses only point to point name queries to a name server WINS m node An m node system broadcasts first and then queries the name server Hybrid A hybrid system queries the name server first and then broad casts Resolution through LMHOSTS and or Domain Name Service DNS if enabled will follow the...

Page 467: ...configuration Usage Guideline The Scope ID is a character string which is appended to the NetBIOS name for all NetBIOS communications over TCP IP It provides a method to isolate a collection of computers that can then only communicate with each other Example The following is sample of configuring the NetBIOS Scope ID as the string alpha Syntax Description STRING A character string The maximum leng...

Page 468: ...gure a primary and secondary WINS server The primary preference is the old WINS The maximum number of configurable WINS servers is dependent on each project Examples The following example configures a primary WINS server as 10 1 1 100 The following example configures a secondary WINS server as 10 1 1 200 The following example removes the WINS server 10 1 1 100 so that 10 1 1 200 becomes the primar...

Page 469: ...network will not be advertised in any RIP update Example The following example shows how to define RIP as the routing protocol to be used on all interfaces connected to networks 192 168 70 0 24 and network 10 99 0 0 16 Verify the settings by entering the show ip protocols rip command Syntax Description NETWORK PREFIX MASK The network prefix and the prefix length specify the destination network in ...

Page 470: ... and from static route sources Use this command to specify a network as local to this autonomous system this will then add it to the BGP routing table For exterior protocols the network command controls which networks are advertised Interior protocols use the network command to determine where to send updates When the synchronized state is enabled BGP advertises a network entry if the router has t...

Page 471: ...bled per IPv4 subnet basis Each subnet can belong to one particular OSPF area Network addresses can be defined using the prefix length or a wild card mask If there are conflicts error messages will be returned Example The following example shows how to define OSPF area 3 for the interfaces belonging to 10 0 0 0 8 Verify the settings with the show ip ospf command Syntax Description SUBNET PREFIX Sp...

Page 472: ...sses of next server are used as a boot server in the DHCP client s boot process Typically servers are Trivial File Transfer Protocol TFTP servers and are listed in order of preference Example The following is a sample of configuring 10 1 1 1 as the IP address of next server in the DHCP client s boot process in pool named pool1 Syntax Description IP ADDRESS The IP address of next server in a DHCP c...

Page 473: ...d interface for this configuration is VLAN If an interface is passive no adjacency can be formed on the passive interface and the OSPF protocol packets are not sent or received through the specified interface However the network of the passive interface will be advertised through another non passive interface Example This command shows how to set interface VLAN 1 to the passive mode Verify the set...

Page 474: ... sending of routing updates is disabled on an interface the particular address prefix will continue to be advertised to other interfaces and updates from other routers on that interface continue to be received and processed IPv6 OSPF routing information is neither sent nor received through the specified router interface The specified interface address appears as a stub network in the IPv6 OSPF dom...

Page 475: ...ng of routing updates is disabled on an interface the particular subnet will continue to be advertised to other interfaces In addition updates from other routers on that interface will continue to be received and processed Examples The following example shows how to disable sending routing updates on the interface VLAN 1 Verify the settings by entering the show ip rip interface command Syntax Desc...

Page 476: ...the sending of routing updates is disabled on an interface the particular subnet will continue to be advertised to other interfaces In addition updates from other routers on that interface will continue to be received and processed Example The following example shows how to disable sending routing updates on the interface VLAN 1 Verify the settings by entering the show ipv6 rip interface command S...

Page 477: ...n the username prompt or command prompt is shown When the specific key is inputted user can enter reset configuration mode In this mode user can use the command password recovery to 1 Update the configuration for user account update new password for existed user or add a user account 2 Force AAA module to switch the user authentication for console type to local authentication in case fail to conne...

Page 478: ... input user account alex Please input user password Do you want to update privilege password y n n y Please input privilege password Do you want to force switching authentication function of AAA modules to do local authentication for console type y n n y Switch reset config logout User Access Verification Username alex Password Chassis based High Speed Switch Command Line Interface Firmware 2 01 0...

Page 479: ...message will be prompt Switch reset config show username Password Encryption Disabled Username Access Level Password Encrypted aaa 15 123456 bbb 15 123456 ccc 15 123456 ddd 15 123456 Total Entries 4 Switch reset config Switch reset config password recovery This command will guide you to do the password recovery procedure Do you want to update the user account y n n y Please input user account appl...

Page 480: ...eset config show aaa Console Session Login authentication Local Authentication yes Enable authentication Local Authentication yes Telnet Session Login authentication Local Authentication yes Enable authentication Local Authentication yes Ssh Session Login authentication Local Authentication yes Enable authentication Local Authentication yes Http Session Login authentication Local Authentication ye...

Page 481: ... in the configuration file and can be applied to the system later If the password encryption is enabled the password will be in encrypted form When password encryption is disabled and the user specifies the password in plain text form the password will be in plain text form However if the user specifies the password in encrypted form or if the password has been converted to encrypted form by the l...

Page 482: ...ring the show time range command Syntax Description daily HH MM to HH MM Specifies the time of day with an hour minute format HH MM using a 24 hour clock for example 14 30 The first HH MM time entered must be earlier than the second HH MM Note The HH range is 00 23 The MM range is 00 59 weekly WEEKLY DAY HH MM to WEEKLY DAY HH MM Specifies the day of the week and time of day in the format day HH M...

Page 483: ...DDR SRC IP ADDR MASK OPERATOR PORT any host DST IP ADDR DST IP ADDR MASK OPERATOR PORT precedence PRECEDENCE tos TOS dscp DSCP time range no permit deny udp any host SRC IP ADDR SRC IP ADDR MASK OPERATOR PORT any host DST IP ADDR DST IP ADDR MASK OPERATOR PORT precedence PRECEDENCE tos TOS dscp DSCP time range no permit deny gre esp eigrp icmp igmp ospf pim vrrp protocol id PROTOCOL ID any host SR...

Page 484: ...time range or priority The priority value must be unique in the domain of an access list If a priority value that is already present is entered an error message will be shown Example This example shows create three entries for an ip access list named Strict Control The three entries are tcp packets destined to network 10 20 0 0 16 tcp packets destined to host 10 100 1 2 and all icmp packets OPERAT...

Page 485: ...y entering the show access list command Switch config ip access list extended Strict Control Switch config ip ext acl permit tcp any 10 20 0 0 255 255 0 0 Switch config ip ext acl permit tcp any host 10 100 1 2 Switch config ip ext acl permit icmp any any Switch config ip ext acl exit ...

Page 486: ...R MASK any host DST IPV6 ADDR DST IPV6 ADDR MASK traffic class TRAFFIC CLASS time range Syntax Description Any An abbreviation for the IPv6 prefix 0 host SRC IPV6 ADDR Specifies a specific source IPv6 address SRC IPV6 ADDR MASK Specifies a source IPv6 addresses by using a mask host DST IPV6 ADDR Specifies a specific destination IPv6 address DST IPV6 ADDR MASK Specifies a group of destination IPv6 ...

Page 487: ...priority The priority value must be unique in the domain of an access list If a priority value entered is already present an error message will be shown Example This example shows create three entries for an ipv6 extended access list named ipv6 control The three entries are permit tcp packets destined to network ff02 0 2 16 permit tcp packets destined to host ff02 1 2 and permit all icmp packets V...

Page 488: ...address or any destination MAC address host SRC MAC ADDR Specifies a specific source MAC address SRC MAC ADDR MASK Specifies a group of source MAC addresses using a mask host DST MAC ADDR Specifies a specific destination MAC address DST MAC ADDR MASK Specifies a group of destination MAC addresses by using mask ethernet type TYPE Optional Specifies that the protocol type for the Ethernet II packet ...

Page 489: ...cludes all optional parameters but time range and priority are excluded The time range option in no form of this command means to remove the time range association from this entry To update the time range or priority specify the entry with the same value of all differentiating arguments which are configured and the update value for time range or priority The priority value must be unique in the do...

Page 490: ...sending each packet Default is to wait one second between each packet This option is incompatible with A option and it will be ignored when it is along with A option Q TOS Set Quality of Service on ICMP data grams s PACKETSIZE Specifies the number of data bytes to be sent Default is 56 which translates into 64 ICMP data bytes when combined with the 8 bytes of ICMP header data It does not include a...

Page 491: ... the host with IPv6 address 2001 e10 5c00 2 101 150 Switch ping 172 50 71 123 PING 172 50 71 123 172 50 71 123 56 84 data bytes 64 bytes from 172 50 71 123 icmp_seq 1 ttl 128 time 0 226 ms 64 bytes from 172 50 71 123 icmp_seq 2 ttl 128 time 0 184 ms 172 50 71 123 ping statistics packets transmitted 2 received 2 packet loss 0 0 round trip times min avg max mdev 0 184 0 205 0 226 0 021 ms Switch Swi...

Page 492: ...ll get power first Then there is a possibility low priority port power could be cut off because of a new higher priority port is connected with a PD and power budget is limited The relinquishment of PoE port power can cross unit by the management of PoE supervisor system that means if there are multiple ports have been assigned with same priority then these ports will be powered off when system po...

Page 493: ...o length string Command Mode Interface configuration Usage Guideline This command could be used to configure a per port description to indicate the type of powered device that is connected to the port Example This example shows how to configure the PoE port description Syntax Description description String that describes the PoE ports specific information The maximum length is 128 characters The s...

Page 494: ... power management as long as its priority is higher than all other serviced ports In the situation of containing units which is not PoE capable in the system there will be a message displayed for reminding those units will not take effect with this command Example This example shows how to configure POE system power service policy as non preemptive mode You can verify your settings by entering the...

Page 495: ...16 2W for class 0 class 1 class 2 and class 3 respectively These threshold value will also used as the allocated power for that port The maximum power threshold value in static mode is designed as 17W The reason is the actual voltage which PSE side output and the actual current which PD drains will both have the tolerance inaccuracy Generally the tolerance is 5 Thought in the worst case the actual...

Page 496: ...to enable detection of a powered device and to automatically power a PoE port for interface eth3 1 3 5 The following is an example showing how to configure a PoE interface eth3 1 allows class 1 or a class 2 powered device under 7000mw This example shows how to disable powered device detection and to not power a PoE port eth3 1 This example shows how to combine a time range profile rd_time with PoE...

Page 497: ...values are project dependent min 4KB max 16MB default 4KB Unit is KB police BPS BURST NORMAL BURST MAX exceed action ACTION violate action ACTION For the above case the explicit BURST NORMAL BURST MAX values are used police BPS BURST MAX exceed action ACTION violate action ACTION For the above case the default BURST NORMAL and explicit BURST MAX values are used police BPS exceed action ACTION viol...

Page 498: ...rming packet They will not be applied to the exceeding packet and the violating packets Note Either one of police command and police cir command can be activated for the refereed traffic class The latter command will overwrite the previous policer command setting within the same traffic class The following example show the precedence between police command and police cir commands create a policy m...

Page 499: ...lly set to the full size the full size is the number of bytes specified as the normal burst size When a packet of a given size for example B bytes arrives at specific time time T the following actions occur Tokens are updated in the conform bucket If the previous arrival of the packet was at T1 and the current time is T the bucket is updated with T T1 worth of bits based on the token arrival rate ...

Page 500: ...licer rate 8 bytes The policer rate here is average rate BPS If the number of bytes in the conform bucket is greater than or equal to B the packet conforms and the conform action is taken on the packet If the packet conforms B bytes are removed from the conform bucket and the conform action is taken The exceed bucket is unaffected in this scenario If the number of bytes in the conform bucket is le...

Page 501: ...ify the settings by entering the show policy map command Switch config class map access match Switch config cmap match access list acl_rd Switch config cmap exit Switch config policy map police setting Switch config pmap class access match Switch config pmap c police 8000 1000 exceed action drop Switch config pmap c exit Switch config pmap exit Switch config interface eth3 1 Switch config if servi...

Page 502: ... policy map Example This example shows how to configure a named aggregate policer parameters and apply the policer to multiple classes in a policy map An aggregate policer with single rate policing named agg_policer1 is created This policer is configured as the policy for traffic class class1 class2 and class3 Verify the settings by entering the show policy map command Syntax Description NAME Spec...

Page 503: ... the peak information rate in bits per second The peak information rate is the second token bucket for the two rate metering min 64KB max 32GB CONFORM BURST Specifies the burst size for the first token bucket in bytes Valid values are project dependent min 4KB max 16MB default 4KB PEAK BURST Specifies the burst size for the second token bucket in bytes Valid values are project dependent min 4KB ma...

Page 504: ...and setting within the same traffic class The following example show the precedence between police and police cir comands create a policy map police map1 and have a traffic class class movie with a two rate policer police cir command Later it is realized that a single rate policer should be applied to class movie traffic and singe rate policer police cir command is added The newer police command w...

Page 505: ... in this scenario the token buckets are updated as follows Tc t min CIR t t1 Tc t1 Bc Tp t min PIR t t1 Tp t1 Be Marking Traffic The two rate policer marks packets as either conforming exceeding or violating a specified rate The following points using a packet of B bytes illustrate how a packet is marked If B Tp t the packet is marked as violating the specified rate If B Tc t the packet is marked ...

Page 506: ...ap command Switch config class map police Switch config cmap match access list 101 Switch config cmap policy map policy1 Switch config pmap class police Switch config pmap c police cir 64 bc 128 pir 128 be 256 exceed action drop violate action drop Switch config pmap c exit Switch config pmap exit Switch config interface eth3 1 Switch config if service policy policy1 Switch config if end Switch sh...

Page 507: ...nfigure class policies in a policy map only if the classes have match criteria defined for them Use the class map and match commands to configure the match criteria for a class Because a maximum of 32 class maps is allowed a policy map cannot contain more than 32 class policies A single policy map can be attached to more than one interface concurrently Policy maps contain traffic classes Traffic c...

Page 508: ...the settings by entering the show policy map command Switch config class map class1 Switch config cmap match access list acl_rd Switch config cmap exit Switch config policy map policy Switch config pmap class class1 Switch config pmap c set ip dscp 46 Switch config pmap c exit Switch config pmap class class default Switch config pmap c set ip dscp 00 Switch config pmap c exit ...

Page 509: ...m can be specified Example This example shows how to configure load balance algorithm for src ip Verify the settings by entering the show channel group load balance EXEC command Syntax Description dst ip Indicates that the switch should examine the IP destination address dst mac Indicates that the switch should examine the MAC destination address src dst ip Indicates that the switch should examine...

Page 510: ...n The PHY Power Saving function could be enabled or disabled per system base There are two operation modes low power mode and normal mode When power saving is enabled the chips automatically enter low power mode if the signal from a copper link partner is lost They will go to normal mode when a signal is detected If PHY Power Saving function is disabled PHY will always be in normal mode no matter ...

Page 511: ...sed to change PVID of Trunk or Hybrid port When an interface is Access mode use the access VLAN command to change its PVID instead of this command This command does not affect the VLAN membership and the port s tag handling mode Access Hybrid or Trunk Use the trunk allowed VLAN or hybrid VLAN command to add the port to the VLAN by the requirement The specified VLAN does not need to exist to make t...

Page 512: ... to 32 characters is case sensitive and may include a z A Z 0 9 the dash character the underscore character _ and the period character The policer names must start with an alphabetic character not a digit and must be unique across all aggregate policers BPS Average rate in bits per second min 64KB max 32GB BURST NORMAL Optional Normal burst size in bytes Valid values are project dependent min 4KB ...

Page 513: ... aggregate policer NAME setting once the reference aggregator name are the same PEAK BURST PEAK BURST Specifies the burst size for the second token bucket in bytes min 4KB max 16MB default 4KB exceed action Specifies action to take on packets that exceed the rate limit violation action Optional Specifies action to take on packets that violate the normal and maximum burst sizes for singe rate polic...

Page 514: ... and class2 traffic class in the policy2 policy map Verify the settings by entering the show qos aggregate policer command Switch config qos aggregate policer agg policer5 10000 128 exceed action drop Switch config policy map policy2 Switch config pmap class class1 Switch config pmap c police aggregate agg policer5 Switch config pmap c exit Switch config pmap class class2 Switch config pmap c poli...

Page 515: ...or this command The specified limitation should not exceed the maximum speed of the specified interface For ingress bandwidth limitation the ingress will send pause frame or flow control frame when the received traffic exceeds the limitation Example In the following example bandwidth limitations are configured on eth 2 5 The ingress bandwidth is limited to 128 Kbps and the egress bandwidth is limi...

Page 516: ...Mode Interface configuration Usage Guideline Only physical ports are valid Example In the following example default COS of eth3 1 is set to 3 Verify the settings by entering the show qos interface cos command Syntax Description COS VALUE Assigns a default CoS value to a port This CoS will be with the incoming CoS of the un tagged packet received by the port Switch config interface eth3 1 switch co...

Page 517: ...rvice to the higher CoS classes of traffic DRR operates by serving a mount of backlogged credits into the transmit queue in round robin order Initially each queue sets its credit counter to a configurable quantum value Every time a packet from a CoS queue is sent the size of the packet is subtracted from the corresponding credit counter When the credit counter drops below 0 the queue is no longer ...

Page 518: ...ext lower priority CoS queue is serviced in turn All queues are serviced until their weight is zero and a packet is transmitted completely As this condition happens the weights are replenished When the weights are replenished weight is added to each CoS queue credit counter The weight for each CoS queue may different based on the user configuration Examples In the following example deficit round r...

Page 519: ...s by entering the show qos interface command Switch config interface eth3 1 Switch config if qos weight round robin 0 weight 2 Switch config if qos weight round robin 2 weight 2 Switch config if qos weight round robin 3 weight 2 Switch config if qos weight round robin 4 weight 4 Switch config if qos weight round robin 5 weight 0 Switch config if qos weight round robin 6 weight 0 Switch config if q...

Page 520: ...and Use this command to attach an ingress DSCP mutation table to a physical port interface Use the qos map dscp mutation on page 514 to configure an ingress DSCP mutation table The ingress DSCP mutation will mutate the DSCP value right after the packet is received by the physical port interface Example This example shows how to map DSCP 30 to mutated DSCP value 8 and then attach the ingress DSCP m...

Page 521: ...e colored based on either the DSCP to color map as the port is trust DSP or CoS to color map as the port is trust CoS Use the qos map cos color command in interface configuration mode to configure the CoS to color map If the ingress port is trust CoS the received packet will be initialized to color based on this map Example The following example defines CoS 1 7 as red color 0 as green color at eth...

Page 522: ...s the port is trust CoS Use the qos map dscp color command in interface configuration mode to configure the DSCP to color map If the ingress port is set to trust DSCP the received IP packet will be initialized to a color based on this map The non IP packet will be initialized to a color based on the CoS to color map Example The following example defines DSCP61 63 as yellow color others are green c...

Page 523: ... CoS to queue map configured by the qos map cos command Only physical ports are valid for this command All of the DSCP to CoS maps are globally defined The map applies to all ports Example This example configures the DSCP to CoS map for mapping DSCP 12 16 18 to CoS 1 for eth2 6 Use the show qos interface map privileged EXEC command to verify the settings Syntax Description dscp cos DSCP LIST to CO...

Page 524: ...ach mutated DSCP value Up to 15 ingress DSCP mutation maps can be configured to mutate the incoming DSCP value before any QoS operation After the ingress DSCP mutation map creation use qos dscp mutation command to attach the ingress DSCP mutation map to physical interfaces The DSCP CoS map and DSCP color map will still base on packet s original DSCP All the subsequent operations will base on mutat...

Page 525: ...f the arriving packet is a non IP packet the CoS is trusted When the interface is in trust CoS state the CoS of the coming packet will be the internal CoS and determine the CoS queue based on the CoS to queue map When a packet is received by the ingress port it will be initialized to a color based on the qos map dscp color if the receipt port is trust DSCP or qos map cos color if the receipt port ...

Page 526: ... privilege level 15 and above This command can be used to reboot a module in a specific slot If no unit ID is specified all of the modules in the system will be rebooted If the CM module is specified to be reboot then the entire system all modules will reboot Note Example The following example reboots the whole system Syntax Description UNIT ID Specifies the unit id DGS 6600 15 reboot Warning This...

Page 527: ...the OSPF process routes into BGP process You can verify your settings by entering the show ip protocols bgp command Syntax Description PROTOCOL Specifies the protocol whose routes are to be redistributed It can be one of the following keywords connected ospf rip static The static keyword means to redistribute IP static routes The connected keyword refers to routes that are established automaticall...

Page 528: ...rder 1 If the redistribute metric is specified use the user specified value 2 If the redistribute route is default route the metric will be 1 3 If default metric is configured use the specified value Syntax Description PROTOCOL The source protocol from which routes are being redistributed from It can be one of the following keywords bgp connected static or rip The static keyword is used to redistr...

Page 529: ...P the metric will be 20 BGP RIP can be redistributed to OSPF If a metric is not specified OSPF puts a default value of 20 and redistributes routes from all other protocols except Border Gateway Example This example shows how to BGP routes are redistributed into a OSPF domain Verify the settings by entering the show ip protocols ospf command Switch config router ospf Switch config router redistribu...

Page 530: ...are redistributed into IPv6 OSPF from protocols other than IPv6 OSPF and no metric has been specified with the metric type keyword and type value argument IPv6 OSPF will use 20 as the default metric When intra area and inter area routes are redistributed between IPv6 OSPF processes the internal OSPF metric from the redistribution source process is advertised as the external metric in the redistrib...

Page 531: ... cannot be used to affect the metric used to advertise connected routes Example In the example IPv6 OSPF redistributes any prefixes that have been learned through IPv6 Switch enable Switch configure terminal Switch config router ipv6 ospf Switch config router redistribute rip metric 10 ...

Page 532: ...he redistributed route from other protocols to RIP process will be determined by the value of the default met ric command Syntax Description PROTOCOL Source protocol from which routes are being redistributed It can be one of the following keywords bgp connected ospf static The static keyword is used to redistribute IP static routes The connected keyword refers to routes that are established automa...

Page 533: ...etric value specified in the redistributed command supersedes the metric value specified using the default metric command Examples This example shows OSPF routes are redistributed into a RIP domain The following example causes the specified OSPF routes to be redistributed into an RIP domain The OSPF derived metric will be remapped to 11 Verify the settings by entering the show ip protocols rip com...

Page 534: ...static route or connected route will be 1 2 If the metric is not specified the metric for the redistributed route from other protocols to RIP process will be determined by the value of the default met ric command 3 If the metric is specified as 0 the metric for the redistributed route from other protocols to RIP process will be 1 Also if the default metric is not specified then the original metric...

Page 535: ...mple The following example causes the specified OSPF process routes to be redistributed into an RIPng domain The metric will be remapped to 10 Switch enable Switch configure terminal Switch config router ipv6 rip Switch config router redistribute ospf metric 10 ...

Page 536: ...involved in the RSPAN session For the middle switch involved in a RSPAN session the port that the monitored packet arrives from and the port that the monitored packets will be sent out need to configured as tag member port of the RSPAN VLAN Example This example assigns VLAN 100 as the RSPAN VLAN in the middle switch of RSPAN session Supposed that eth3 1 is where the monitored packets arrive and et...

Page 537: ...st priority value with least priority in that access list and is placed at the end of the list Example This example shows how to re sequence the priority of IP access list named R D Syntax Description NAME The name of the MAC IP or IPv6 access list to be configured It can accept up to 32 characters The syntax is a general string that does not allow space STARTING SEQUENCE NUMBER Access list entrie...

Page 538: ...then they are considered to be part of two different regions Caution Be careful when using the revision command to set the revision number of the MST configuration because a mistake can put the switch in a different region Example This example shows how to configure the revision level of MSTP configuration to 2 Verify the settings by entering the show spanning tree mst configuration command Syntax...

Page 539: ...tatistical information about the traffic for the interface The administrator can also perform operations on the supported MIB RMON groups Examples This example shows how to create two RMON entries on Ethernet interface 3 2 This example shows how to disable the RMON entry on Ethernet interface 3 2 Syntax Description ENTRY NUMBER Remote Network Monitoring RMON table index The range is 1 to 65535 own...

Page 540: ...is specified with no SEQUENCE NUM argument the entire route map is deleted Syntax Description MAP NAME A meaningful name for the route map Multiple route maps may share the same map tag name permit Optional If the match criteria is met for this route map and the permit keyword is specified the route is redistributed as controlled by the set actions In the case of policy routing the packet is polic...

Page 541: ...add the policy routing entry with name myPolicy Verify the settings by entering the show running config command Switch config route map myPolicy permit 1 Switch config route map match community Mycommunity Switch config route map set weight 1000 Switch config route map end Switch ...

Page 542: ...ial use The AS Number size is defined as 2 bytes in RFC1771 and RFC4271 Private autonomous system numbers can be used for internal routing domains but must be translated for traffic that is routed out to the Internet BGP should not be configured to advertise private autonomous system numbers to external networks Use this command to enter router configuration mode for the specified routing process ...

Page 543: ...e OSPF protocol This number uniquely identifies the router within an Autonomous System Each router must be configured with a unique router id If this command is used on an active OSPF router process already has neighbors the new router ID will not take effect immediately It will be used at the next reload or at a manual OSPF process restart Example This example shows how to configure router id to ...

Page 544: ...deline Router ID is a 32 bit number assigned to each router running the IPv6 OSPF protocol This number uniquely identifies the router within an Autonomous System Each router must be configured with a unique router id If this command is used on an active IPv6 OSPF router process already has neighbors the new router ID will not take effect immediately It is used at the next reload or at a manual res...

Page 545: ...outer ipv6 rip command is similar to the router rip command except that it is IPv6 specific Use this command to enable an IPv6 RIP routing process globally Using this command places the router in router configuration mode for the IPv6 RIP routing process The router prompt changes to Switch config router Example The following example configures the IPv6 RIP routing process and places the router int...

Page 546: ...ation Usage Guideline Use this command to enter the router configuration mode of IPv6 OSPF In this mode there are other setting of IPv6 OSPF that can be configured Example The following example enables router OSPF for IPv6 configuration mode Syntax Description PROCESS ID Optional Internally used identification parameter for an OSPF routing process It is locally assigned and can be any positive int...

Page 547: ...r ospf Syntax None Default Not configured Command Mode Global configuration Usage Guideline This command is used to enable OSPF routing processes and enter into router configuration mode then other OSPF related settings can be configured Example This example shows how to enable ospf and enter the ospf router configuration mode Verify the settings by entering the show ip protocols ospf command Swit...

Page 548: ... Mode Global configuration Usage Guideline This command is used to enable the RIP function and enter the Router configuration mode of RIP protocol Executing the no form of the command will remove the configuration in the router mode Example The following example shows how to begin the RIP routing process Verify the settings by entering the show ip protocols rip command Switch configure terminal Sw...

Page 549: ... keys during a specific period of time then no authentication will be performed Syntax Description START TIME The beginning time that the key specified by the key command is valid to be received The syntax can be either of the following HH MM SS MONTH DATE YEAR HH MM SS DATE MONTH YEAR HH hours MM minutes SS seconds MONTH first three letters of the month DATE date 1 31 YEAR year four digits The de...

Page 550: ... config if exit Switch config router rip Switch config router network 172 19 0 0 8 Switch config router version 2 Switch config router exit Switch config key chain chain1 Switch config keychain key 1 Switch config keychain key key string forkey1string Switch config keychain key accept lifetime 13 30 00 Jan 25 2009 duration 7200 Switch config keychain key send lifetime 14 00 00 Jan 25 2009 duration...

Page 551: ...s project Syntax Description tacacs Specifies tacacs authentication xtacacs Specifies xtacacs authentication tacacs Specifies tacacs authentication radius Specifies radius authentication IP ADDRESS Specifies the IP address of the authentication sever auth port PORT NUMBER Optional Specifies theTCP or UDP destination port for authentication requests The port number argument specifies the port numbe...

Page 552: ... privilege level in TACACS RADIUS server is not configured the system will give the default privilege level of 2 Example The following example shows the network access server configured to recognize two RADIUS host entries The second host entry configured acts as fail over backup to the first one the RADIUS host entries are tried in the order in which they are configured Verify the settings by ent...

Page 553: ...the no form of this command to disable DHCP server features service dhcp no service dhcp Syntax None Default Disabled Command Mode Global configuration Usage Guideline Use this command to enable DHCP server function The DHCP server function is disabled by default Example Enable DHCP server function switch enable switch configure terminal switch config service dhcp ...

Page 554: ...t2 classes For cust1 classes gold is configured to use CoS Queue 6 and policed by a single rate policer with an average rate set to 64 Kbits per second and a normal burst size set to 128 Kbytes Silver is configured to use CoS queue 5 and policed by a single rate policer with an average rate set to 64 Kbits per second and the normal burst size set to 128 Kbytes Bronze is configured to use CoS queue...

Page 555: ...g policy map cust1 classes Swtich config pmap class gold Switch config pmap c police 64 128 exceed action set dscp transmit 0 Switch config pmap c exit Switch config pmap class silver Switch config pmap c police 64 128 exceed action set dscp transmit 0 Switch config pmap c exit Switch config pmap class bronze Switch config pmap c police 64 128 exceed action set dscp transmit 0 Switch config pmap c...

Page 556: ...ld Switch config pmap c police 128 256 exceed action set dscp transmit 0 Switch config pmap c exit Switch config pmap class silver Switch config pmap c police 128 256 exceed action set dscp transmit 0 Switch config pmap c exit Switch config pmap class bronze Switch config pmap c police 128 256 exceed action set dscp transmit 0 Switch config pmap c exit Switch config pmap exit Switch config interfa...

Page 557: ...eld of the outgoing packet If the policer is applied as the policy for the traffic class the set actions configured by this command will be applied to the conforming packets They will not be applied to the exceeding packet and the violating packet Example In the following example the policy map policy1 is configured with the policy for the class1 class The packets that are included in the class1 c...

Page 558: ...econd and the normal burst size set to 256 Kbytes Verify the settings by entering the show policy map command Switch config policy map policy1 Switch config pmap class class1 Switch config pmap c set ip dscp 10 Switch config pmap c police 128 256 exceed action set dscp transmit 3 Switch config pmap c exit Switch config pmap exit ...

Page 559: ...tem path string to be pre pended to BGP routes Usually the local autonomous system number is pre pended multiple times increasing the autonomous system path length When as path is not modified by the route map by default the local AS will be pre pended in the access list Example This example shows how to set the as path list 1 10 100 200 with route map entry myPolicy Verify the settings by enterin...

Page 560: ...defined communities in the route will be replaced User defined community is transitive Well known community is not transitive This command is useful for routes received from EBGP and to be transmitted to IBGP Syntax Description COMMUNITY NUMBER The community number value It is presented in a AA NN format and the AA and the NN both are numbers from 0 to 65535 WELL KNOWN COMMUNITY Optional Well know...

Page 561: ...e This example shows how to set a community 0 1 to the route map entry with name myPolicy Verify the settings by entering the show route map command Switch config route map myPolicy permit 1 Switch config route map set community 0 1 Switch config route map ...

Page 562: ...is ordering the set next hop clauses and the set interface clauses will be evaluated before look up of the routing table If route cannot be found for the packets the set ip default next hop and set default interface command will be evaluated Examples The following example sends packets with the destination IP address specified by access list name IPACL 01 and for which the software has no explicit...

Page 563: ...lauses and the set interface clauses will be evaluated before look up of the routing table If route cannot be found for the packets the set ip default next hop and set default interface command will be evaluated Example In the following example PBR will change the next hop setting when the source ip is 10 1 1 0 24 and vlan is vlan100 We want to set next hop of this route entry to 120 1 2 2 The ste...

Page 564: ... list Strict Control Switch config ip acl permit 10 1 1 0 255 255 255 0 any Switch config ip acl exit Switch config route map myPolicy permit 1 Switch config route map match ip address Strict Control Switch config route map set ip next hop 120 1 2 2 Switch config route map exit Switch config interface vlan100 Switch config router ip policy route map myPolicy ...

Page 565: ...name Example The following example sets the IP Precedence value to 5 critical for packets that pass the route map match You can verify your settings by entering the show route map privileged EXEC command Syntax Description NUMBER NAME Specify one of the following numbers or names to set the precedence value in the IP header Number Name 0 routine 1 priority 2 immediate 3 flash 4 flash override 5 cr...

Page 566: ... this ordering the set next hop clauses and the set interface clauses will be evaluated before look up of the routing table If route cannot be found for the packets the set ip default next hop and set default interface command will be evaluated Example The following example sends packets with the destination IP address specified by access list name IPACL 01 are output to Vlan200 You can verify you...

Page 567: ...face With this ordering the set interface clauses and the set interface clauses will be evaluated before look up of the routing table If route cannot be found for the packets the set ip default next hop and set default interface command will be evaluated Examples In the following example PBR will change the next hop setting when the source ip is 2000 16 and vlan is vlan100 and can not found the de...

Page 568: ...extended Strict Control Switch config ip acl permit 2000 3 4 ffff 0 any Switch config ip acl exit Switch config route map myPolicy permit 1 Switch config route map match ipv6 address Strict Control Switch config route map set ipv6 default next hop 100 BEAE C5FF FE9A Switch config route map exit Switch config interface vlan100 Switch config router ip policy route map myPolicy ...

Page 569: ...terface With this ordering the set next hop clauses and the set interface clauses will be evaluated before look up of the routing table If route cannot be found for the packets the set ip default next hop and set default interface command will be evaluated Example In the following example PBR will change the next hop setting when the source ip is 10 1 1 0 24 vlan is vlan100 and can not found the d...

Page 570: ...ow route map privileged EXEC command Switch config ip access list Strict Control Switch config ip acl permit 10 1 1 0 255 255 255 0 any Switch config ip acl exit Switch config route map myPolicy permit 1 Switch config route map match ip address Strict Control Switch config route map set ip default next hop 120 1 2 2 Switch config route map exit Switch config interface vlan100 Switch config router ...

Page 571: ...et next hop clauses and the set interface clauses will be evaluated before look up of the routing table If route cannot be found for the packets the set ip default next hop and set default interface command will be evaluated Example In the following example PBR will change the next hop setting when the source ip is 2000 16 and vlan is vlan100 We want to set next hop of this route entry to 100 BEAE...

Page 572: ...e map privileged EXEC command Switch config ipv6 access list extended Strict Control Switch config ip acl permit 2000 3 4 ffff 0 any Switch config ip acl exit Switch config route map myPolicy permit 1 Switch config route map match ipv6 address Strict Control Switch config route map set ipv6 next hop 100 BEAE C5FF FE9A Switch config route map exit Switch config interface vlan100 Switch config route...

Page 573: ...t next hop 4 set default interface With this ordering the set next hop clauses and the set interface clauses will be evaluated before look up of the routing table If route cannot be found for the packets the set ip default next hop and set default interface command will be evaluated Example The following example sends packets with the destination IP address specified by access list name IPACL 01 a...

Page 574: ...the match commands are met The no route map command deletes the route map The set route map configuration commands specify the redistribution set actions to be performed when all of the match criteria of a route map are met When all match criteria are met all set actions are performed The origin code ORIGIN is a well known mandatory attribute that indicates the origin of the prefix or rather the w...

Page 575: ... is matched override the weights assigned by global neighbor commands In other words the weights assigned with the set weight route map configuration command override the weights assigned using the neighbor weight command Example This example shows how to add the policy routing entry with name myPolicy and set the weight to 30 when it match the as path access list with PATH_ACL Verify the settings...

Page 576: ...le sFlow functions sflow no sflow Syntax None Default sFlow is disabled by default Command Mode Global configuration mode Usage Guideline When sFlow is disabled Receivers stop to countdown and do not send sFlow datagrams User can still configure sFlow objects Example This example shows how to enable sFlow functions switch config sflow ...

Page 577: ...r can not configure the owner name as an empty string Once the owner is configured it cannot be changed directly It can only be reset by the no sflow receiver command Syntax Description INDEX Index of the Receivers The Maximum number is project dependant owner NAME Optional Specify the owner name of the Receiver It can accept up to 32 characters The syntax is a general string that does not allow s...

Page 578: ...piration timer starts to count down when its value is configured The user cannot configure the expiry timer as 0 Example This example shows how to configure the Receiver of INDEX 1 with owner name as collector1 TIMEOUT as 86400 seconds SIZE as 1400 bytes sFlow collector s IP ADDRESS as 10 1 1 2 and PORT as 6343 switch config sflow receiver 1 owner collector1 expiry 86400 max datagram size 1400 hos...

Page 579: ... cause the system to sample one packet for every N packets arriving on the monitored interface The sampled packet is sent to the sFlow Receiver Setting the sampling rate to 0 will disable the sampling The granularity of the sampling rate is project dependent An interface can be configured with multiple samplers If multiple samplers are configured the configured sampling rate can be different Howev...

Page 580: ...DGS 6604 m sflow sampler CLI Reference Guide 570 switch config if sflow sampler 1 receiver 1 sampling rate 1024 max header size 128 ...

Page 581: ... to delete all Pollers The user can only specify a Receiver that has its owner name setup If the Receiver associated with the Poller has its owner name is reset the Poller will be reset to the default setting Setting the polling interval to 0 disables the polling An interface can be configured with multiple Pollers Example This example shows how to create configure the Poller of INSTANCE 1 with RE...

Page 582: ...erver list of the associating method list will be skipped Syntax Description login Optional Displays the login authentication information enable Optional Displays the enable authentication information console Optional Displays the console authentication information telnet Optional Displays the telnet authentication information http Optional Displays the http authentication information ssh Optional...

Page 583: ...1 RADIUS 1812 5 2 Telnet Session Login authentication Group Name serverlist1 Local Authentication no IP Address Protocol Port Timeout Retransmit Key 122 248 150 251 RADIUS 1812 5 2 Enable authentication Local Authentication yes Ssh Session Login authentication Group Name serverlist1 Local Authentication no IP Address Protocol Port Timeout Retransmit Key 122 248 150 251 RADIUS 1812 5 2 Enable authe...

Page 584: ...ef Application Method Server group Local console login yes console enable serverlist1 no telnet login serverlist1 no telnet enable yes ssh login serverlist1 no ssh enable yes http login yes http enable yes DGS 6604 15 DGS 6604 15 show aaa enable brief Application Method Server group Local console enable serverlist1 no telnet enable yes ssh enable yes http enable yes DGS 6604 15 show aaa enable tel...

Page 585: ...oups This example shows how to display an authentication server group named authserv Syntax Description GROUP NAME Optional Specifies the name of the server method list to be displayed The valid length for server group is 1 to 32 Switch 15 show aaa group server Group Name IP Address Protocol Port Timeout Retransmit Key serverlist1 122 248 150 251 RADIUS 1812 5 2 serverlist1 122 248 150 100 RADIUS ...

Page 586: ...E ID Optional Specifies the interface to be displayed If not specified the access groups for all interfaces will be displayed ip Optional Specifies that only the ip access group on the specified interface s will be displayed mac Optional Specifies that only the mac access group on the specified interface s will be displayed ipv6 Optional Specifies that only the ipv6 access group on the specified i...

Page 587: ...ss list R D Syntax Description ip Optional Specifies to display a listing for all ip access lists mac Optional Specifies to display a listing for all mac access lists ipv6 Optional Specifies to display a listing for all ipv6 access lists NAME Specifies to display the content of the access list identified by this NAME string Up to 32 characters are allowed Switch show access list access list name a...

Page 588: ...This example shows how to display the ARP cache The field of IP Interface is indicated with the Interface ID Syntax Description ARP MODE Optional Displays the entries that are in a specific ARP mode This argument can be replaced by one of the following keywords dynamic Displays only dynamic ARP entries A dynamic ARP entry is learned through an ARP request and completed with the MAC address of the ...

Page 589: ...e next boot image file show boot Syntax None Default None Command Mode User EXEC Usage Guideline None Example The following example shows the display information for the system boot information Switch show boot Boot loader version 1 00 004 Boot image flash switch image1 had flash switch image2 had Boot config flash switch config Switch ...

Page 590: ...hannel group information will be shown Examples This example shows how to display the neighbor information for port channel 3 Syntax Description CHANNEL NO Channel group ID channel Optional Display information for specified port channels detail Optional Display detailed channel group information neighbor Optional Display neighbor information protocol Optional Display the protocol static or LACP th...

Page 591: ...sive mode LACP state bndl Port is attached to an aggregator and bundled with other ports hot sby Port is in a hot standby state indep Port is in an independent state not bundled but able to switch data traffic down Port is down Channel Group 1 Member Ports 2 Maxports 16 Protocol LACP LACP Port Port Port Flags State Priority Number eth3 10 SA bndl 32768 10 eth3 11 SA bndl 32768 11 Channel Group 2 M...

Page 592: ...ol information for all port channels This example shows how to display the load balance information for all channel groups Switch show channel group channel protocol Group Protocol 1 LACP 2 Static Total Entries 2 Switch Switch show channel group load balance load balance algorithm src dst mac Switch ...

Page 593: ...r information This example shows how to display the information of all the port channels in brief format Switch show channel group sys id 32765 00 02 4b 29 3a 00 Switch Switch show channel group Group Protocol 1 LACP 2 Static Total Entries 2 load balance algorithm src dst mac system ID 32765 00 02 4b 29 3a 00 ...

Page 594: ...ass map and its matching criteria will be displayed Example In the following example two class maps are defined Packets that match access list acl_home_user belong to class c3 IP packets belong to class c2 The output from the show class map command shows the default class class default and two defined class maps Syntax Description NAME Optional Name of the class map The class map name can be a max...

Page 595: ...age Guideline This command will also indicate the clock source The clock source can be one of No Time Source or SNTP Example The following example shows how to display the current time Switch show clock Current Time Source No Time Source Current Time 19 14 16 2010 12 06 Time Zone UTC 08 00 Daylight Saving Time Recurring Offset in Minutes 60 Recurring From Apr 2nd Tue 15 00 To Oct 2nd Wed 15 30 Swi...

Page 596: ...efault none Command Mode Privileged EXEC mode Usage Guideline The command show cpu protect safeguard is used to display the settings and status of Safeguard Engine Example The following example shows how to display the settings and current status of Safeguard Engine Switch show cpu protect safeguard Safeguard Engine State Disabled Safeguard Engine Status Normal Utilization Thresholds Rising 50 Fal...

Page 597: ...e following example is a sample output of the show cpu protect type arp command The configured rate is 300 pps and there exists one IO card on slot 3 Syntax Description PROTOCOL NAME UNIT ID the configured rate limit and statistics of the specified protocol on CM Card and all existing IO Cards will be displayed if the optional UNIT ID is not specified Otherwise only the information on the specifie...

Page 598: ...DGS 6604 m show cpu protect type CLI Reference Guide 588 Switch show cpu protect type arp Type arp Pps 300 Slot Total Drop 1 CM card 30 0 3 30 0 Switch ...

Page 599: ...tput of the show cpu protect sub interface manage command The configured rate is 300 packets per second and there exists one IO card on slot 3 The following is a sample output of the show cpu protect sub interface protocol command The Pps is N A which means no rate limit is applied to route sub interface Syntax Description UNIT ID Optional Specify the unit id that you want to display the rate limi...

Page 600: ...ting show ddm Syntax None Default None Command Mode EXEC mode or any configuration mode Usage Guideline It is possible to use this command to verify the global setting of DDM Example The following example shows how to display DDM global setting Switch show ddm DDM Log Enabled DDM Trap Disabled ...

Page 601: ...es of the SFP module for the specified ports Example The following example shows how to display DDM statuses of all valid ports Syntax Description INTERFACE ID It is possible to specify multiple interfaces for DDM status displays If no INTERFACE ID is specified DDM statuses on all valid interfaces are displayed Switch show ddm status Temperature Voltage Bias Current TX Power RX Power port Celsius ...

Page 602: ...om eth3 23 to eth3 26 eth3 23 with non DDM SFP module eth3 24 with empty port slot and SFP modules supported DDM are inserted in eth3 25 and eth3 26 Syntax Description INTERFACE ID It is possible to specify multiple interfaces for DDM status displays If no INTERFACE ID is specified DDM configuration on all valid interfaces are displayed Switch show ddm configuration eth3 23 3 26 Interface eth3 23 ...

Page 603: ...sius V mA mW mW High Alarm 75 000 3 630 10 500 1 4125 1 5849 High Warning 70 000 3 465 9 000 0 7079 0 7943 Low Warning 0 000 3 135 2 500 0 1862 0 1023 Low Alarm 5 000 2 970 2 000 0 0741 0 0407 Interface eth3 26 DDM state Enabled Shutdown None Temperature Voltage Bias Current TX Power RX Power Threshold Celsius V mA mW mW High Alarm 75 000 3 630 10 500 1 4125 1 5849 High Warning 70 000 3 465 9 000 ...

Page 604: ...lease note that enable dos prevention to block blat_attack may block the Syslog packets The Action row shows users have enabled Drop Log actions The original received attacking packets of Land Attack Blat Attack will be dropped Each packet dropped by DoS module will cause Frame Count increasing by 1 For every five minutes DoS module will add one log to system log if any attacking packet is receive...

Page 605: ...ample This example shows how to display protocol VLAN binding of interface ports 3 1 to 3 3 Syntax Description protocol group Show the protocol VLAN table entry information GROUP ID Specifies the dot1v protocol table entry number interface Show the protocol VLAN group binding information of the ports INTERFACE ID Specifies the interface to display Optional Specifies a series of interfaces or GROUP...

Page 606: ...to display the authentication state configuration statistics diagnostics or session statistics This option is only valid for a physical port interface auth state Display information of 802 1X state auth configuration Display information of 802 1X configuration statistics Display information of 802 1X statistics diagnostics Display information of 802 1X diagnostics session statistics Display inform...

Page 607: ...face eth4 1 statistics eth4 1 EAPOL Frames RX 0 EAPOL Frames TX 0 EAPOL Start Frames RX 0 EAPOL Logoff Frames RX 0 EAPOL Resp Id Frames RX 0 EAPOL Resp Frames RX 0 EAPOL Req Id Frames TX 0 EAPOL Req Frames TX 0 Invalid EAPOL Frames RX 0 EAP Length Error Frames RX 0 Last EAPOL Frame Version 0 Last EAPOL Frame Source 00 00 00 00 00 00 Total Entries 1 ...

Page 608: ...sWhileAuthenticating 0 ReauthsWhileAuthenticating 0 EAP StartsWhileAuthenticating 0 EAP LogoffsWhileAuthenticating 0 ReauthsWhileAuthenticated 0 EAP StartsWhileAuthenticated 0 EAP LogoffsWhileAuthenticated 0 BackendResponses 0 BackendAccessChallenges 0 BackendNonNakResponsesFromSupplicant 0 BackendAuthSuccesses 0 BackendAuthFails 0 Total Entries 1 Switch show dot1x interface eth4 1 session statist...

Page 609: ...to show the vlan assigned by dot1x module show dot1x vlan Syntax None Default None Command Mode EXEC mode or any configuration mode Usage Guideline None Example This example shows the output of this command Switch show dot1x vlan Port VID eth3 17 100 eth3 18 101 Total Entries 2 Switch ...

Page 610: ...cal accounts for 802 1x authentication show dot1x user Syntax None Default None Command Mode User EXEC or any configuration mode Usage Guideline None Example This example shows the output of this command Switch show dot1x user Username Password yourname1 yourpass1 yourname2 yourpass2 Total Entries 2 ...

Page 611: ...age Guideline You can use this command to verify the setting of error disable recovery timer Example This example shows how to display the setting of error disable recovery timer Switch show errdisable recovery ErrDisable Reason Timer Status Timer Interval loopback detection enabled 200 seconds digital diagnostic disabled Interfaces that will be recovered at the next timeout Interface Errdisable R...

Page 612: ... at privilege level 15 Usage Guideline Issuing this command will display the password of the privilege enable function for either or both privilege level 12 or 15 Example This example shows how to display all of the enable passwords Syntax Description privilege LEVEL Optional Specifies the privilege level Switch show enable password Password Encryption Disabled Access Level Password 12 mypassword ...

Page 613: ... power temperature Default None Command Mode User EXEC or any configuration mode Usage Guideline If a specific environment type is not specified then all types of environment information will be displayed Syntax Description fan Optional Display the detail and status of the switch fans power Optional Display the detail and status of the switch power temperature Optional Display the detail and statu...

Page 614: ...ent operation range current operation range current operation range 1 35 C 0 75 C 35 C 0 75 C N A 2 42 C 0 70 C 38 C 0 80 C 38 C 0 80 C 3 37 C 0 76 C 36 C 0 77 C 43 C 0 75 C 4 42 C 0 76 C 36 C 0 77 C 38 C 0 75 C Status code temperature is out of operation range Fans are operation in normal speed Failed Fans None Power module 1 2 3 4 Power status in operation empty empty empty Max power 850 W Used ...

Page 615: ... the display for the power module Field Description Max power The configured maximum power for the unit Used power The allocated power for the unit Power status In operation The power rectifier is in normal operation mode failed The power rectifier can t work normally empty The power rectifier is not installed ...

Page 616: ...ly displays GVRP related configuration information Example This example shows how to display gvrp configuration Syntax Description interface Display the gvrp settings of the interface INTERFACE ID Optional Specifies the interface to display Optional Specifies a series of interfaces or separate a range of interfaces from a previous range Optional Specifies a range of interfaces Switch show gvrp con...

Page 617: ... Switch show gvrp configuration interface eth3 5 6 Port GVRP Status Join Leave Leave All 1 100 Secs eth3 5 Enabled 20 60 1000 eth3 6 Enabled 20 60 1000 Total Entries 2 Port based Forbidden VLAN Configuration Port Forbidden VLANs eth3 5 3 5 eth3 6 5 8 Port based Advertising VLAN Configuration Port Advertising VLANs eth3 5 1 3 eth3 6 1 9 Switch ...

Page 618: ... how to display statistics for a range of gvrp ports Syntax Description INTERFACE ID Optional Specifies the interface to display If no interface is specified the statistics on all interfaces will be shown Optional Specifies a series of interfaces or separate a range of interfaces from a previous range Optional Specifies a range of interfaces Switch show gvrp statistics interface eth3 5 3 6 Port Jo...

Page 619: ...he switch saves a record of the commands that the user entered The recorded commands can be recalled to the screen prompt by pressing the following key CTRL P or Up Arrow key They will both recall the commands in a backward sequence CTRL N or Down Arrow key will recall the commands in a forward sequence The history buffer size is fixed at 20 commands Example This example shows how to show the comm...

Page 620: ...2 03 04 00 bia 00 01 02 03 04 00 Description Full duplex 100Mb s medium type is Fiber GBIC type is 100BASE FX admin Send flow control is off receive flow control is off oper Send flow control is off receive flow control is off max rcv frame size 1536bytes MTU 1500bytes RX rate 9599876 bytes sec TX rate 2399537 bytes sec RX Bytes 146264046 TX Bytes 44013446 RX rate 141597 packets sec TX rate 37650 ...

Page 621: ...how interface port channel1 port channel1 is down line protocol is down notconnect Hardware is Ethernet address is 00 00 00 00 00 00 bia 00 00 00 00 00 00 Description Members in this channel 2 Member 0 eth4 3 down Member 1 eth4 4 down Switch show interface vlan1 vlan1 is up line protocol is up connected Hardware is VLAN address is 08 01 02 38 00 01 bia 08 01 02 38 00 01 Description IP MTU 1500byte...

Page 622: ...escription None Default None Command Mode EXEC mode or any configuration mode Usage Guideline You can use this command to verify which interfaces has been disabled because of an error condition Example This example shows how to display the information about the error disable recovery timer Switch show interface status err disabled Interface Status Reason eth2 8 err disabled loopback detection eth4...

Page 623: ...arguments are specified this command will display all as path access lists However the as path ACCESS LIST NAME can be specified when entering the show ip as path access list command This option is useful for filtering the output of this command and verifying a single named as path access list Example This example shows how to display the content of IP AS path access list Syntax Description ACCESS...

Page 624: ...P address entered to filter the output to display only a particular host or network in the BGP routing table MASK LENGTH Optional Mask length to filter or match hosts that are part of the specified network It can be in decimal format i e 8 longer prefixes Optional Displays the specified route and all other specific routes route map NAME Optional Filters the output based on the specified route map ...

Page 625: ...internal S Stale Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 201 0 1 0 24 11 0 9 1 0 0 1701 i 201 0 2 0 24 11 0 9 1 0 0 1701 i 11 0 9 2 0 0 101 i 201 0 3 0 24 11 0 9 1 0 0 1701 i 201 0 4 0 24 11 0 9 1 0 0 1701 i Total Entries 4 entries 5 routes Switch config Switch config show ip bgp 121 0 2 0 24 BGP routing table entry for 121 0 2 0 24 Paths 1 available best 1 t...

Page 626: ...ist MarketingCoommunity BGP table version is 716977 local router ID is 192 168 32 1 Status codes s suppressed valid best i internal S Stale Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path i10 3 0 0 10 0 22 1 0 100 0 1800 1239 i 10 0 16 1 0 100 0 1800 1239 i10 6 0 0 10 0 22 1 0 100 0 1800 690 568 i 10 0 16 1 0 100 0 1800 690 568 i10 7 0 0 10 0 22 1 0 100 0 1800 701 35...

Page 627: ... Entry originated from an Interior Gateway Protocol IGP and was advertised with a network router configuration command e Entry originated from an Exterior Gateway Protocol EGP Origin of the path is not clear Usually this is a router that is redistributed into BGP from an IGP Network IP address of a network entity Next Hop IP address of the next system that is used when forwarding a packet to the d...

Page 628: ...is 172 16 72 24 Status codes s suppressed valid best i internal Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 172 16 0 0 172 16 72 30 0 109 108 172 16 1 0 172 16 72 30 0 109 108 172 16 11 0 172 16 72 30 0 109 108 172 16 14 0 172 16 72 30 0 109 108 172 16 15 0 172 16 72 30 0 109 108 172 16 16 0 172 16 72 30 0 109 108 172 16 17 0 172 16 72 30 0 109 108 172 16 18 0 17...

Page 629: ...blishment and maintenance When BGP neighbors use multiple levels of peer templates it can be difficult to determine which policies are applied to the neighbor The output of this command displays all address family information if the keyword ipv4 is not specified Specify the IP address of a neighbor to display information about the specific neighbor Syntax Description ipv4 Optional Specifies the ad...

Page 630: ... capabilities Route refresh advertised and received old and new 4 Byte AS number advertised and received AS TRANS Address family IPv4 Unicast advertised and received Received 0 in queue Sent 0 in queue Sent Received Opens 1 0 Notifications 1 0 Updates 2 2 Keepalives 47 45 Route Refresh 0 0 Dynamic Capability 0 0 Total 51 47 Connect retry time is 120 seconds In update elapsed time is 2367 seconds M...

Page 631: ...10 50 71 254 Last Reset 0DT0H39M28S due to BGP Notification sent Notification Error Message Cease Unspecified Error Subcode Switch Switch show ip bgp neighbors 172 16 232 178 advertised routes BGP table version 27 local router ID 172 16 232 181 Status codes s suppressed d damped h history valid best i internal Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path i10 0 0 0...

Page 632: ...will display all community lists However the community list name can be specified when entering the show ip community list command This option can be useful for filtering the output of this command and verifying a single named community list Example This example shows how to display the content of all community lists Syntax Description COMMUNITY LIST NAME Optional Community list name The community...

Page 633: ...l be displayed If no IP address is specified all bound IP addresses are applied for this command pool NAME Optional Specifies the pool name for the conflict IP address If no pool name is specified all of the pools are applied for this command switch show ip dhcp binding Pool Name pool1 IP address Hardware address Lease start Lease expiration 10 1 1 1 00b8 3493 32b5 18 38 56 2010 09 30 18 38 56 201...

Page 634: ... following example shows the binding status of IP address 10 1 1 1 in DHCP address pool pool1 switch show ip dhcp binding pool pool1 10 1 1 1 IP address Hardware address Lease start Lease expiration 10 1 1 1 00b8 3493 32b5 18 38 56 2010 09 30 18 38 56 2010 10 1 ...

Page 635: ... IP address is detected by the DHCP server the Detection Method will be marked as ping and if the duplicate IP address is detected by the DHCP client the Detection Method will be marked as Gratuitous ARP Example The following example shows the conflict status of IP address 10 1 1 1 The following example shows the conflict status of all DHCP IP address pools Syntax Description ADDRESS Optional Spec...

Page 636: ...and Mode User EXEC or any configuration mode Usage Guideline Use this command to examine the current utilization level and configuration setting of the address pool If the NAME argument is not used then the information for all the pools will be displayed Syntax Description NAME Optional Displays information about a specific address pool If not specified displays information about all address pools...

Page 637: ...anetworks com Lease 3600 seconds NetBIOS node type hybrid NetBIOS scpoe ID alpha Next server 10 1 2 1 Subnet 255 255 0 0 Based on mac address 00 01 02 03 04 05 00 01 02 03 04 FF Based on mac address 00 08 02 03 04 05 Based on mac address 00 09 02 03 04 05 Based on client ID 0x01000102030405 Based on C VID 2 Based on C VID 10 20 Based on S VID 100 Based on S VID 300 400 Based on interface ip addres...

Page 638: ...f DNS server available to DHCP clients NetBIOS node type the NetBIOS node type NetBIOS scpoe ID the NetBIOS scope id WINS server The IP address of WINS server Based on mac address The address binding rule based on MAC Based on client ID The address binding rule based on Client ID Based on C VID The address binding rule based on customer vlan id Based on S VID The address binding rule based on serv...

Page 639: ...iguration Example This example shows how to display the DHCP relay agent configuration Switch show ip dhcp relay DHCP Relay Enabled Relay Hop Count 4 DHCP Relay Information Option Enabled DHCP Relay Information Policy keep DHCP Relay Information Check Reply Enabled DHCP Relay Information Trusted Enabled VLAN100 Relay IP Addresses 10 1 1 1 10 1 1 2 10 1 1 3 0 0 0 0 List of Trusted sources of relay ...

Page 640: ...p relay information trusted sources Syntax None Default None Command Mode User EXEC or any configuration mode Usage Guideline Display the DHCP relay agent configuration Example The following is sample output when the ip dhcp relay information trusted command is configured Note that the display output lists the interfaces that are configured to be trusted sources Switch show ip dhcp relay informati...

Page 641: ... Command Mode Privileged EXEC Usage Guideline Display the DHCP server status and user configured pool Example This example shows how to display the status of DHCP server Switch show ip dhcp server DHCP server Disable Ping packets number 3 Ping timeout 500 ms List of DHCP server configured address pool pool1 pool2 pool3 pool4 pool5 pool6 pool7 pool8 pool9 pool10 pool11 pool12 ...

Page 642: ...ers to zero The table below describes the significant fields in the display Display Field Descriptions Significant field descriptions for command show ip dhcp server statistics switch show ip dhcp server statistics Address pools 2 Malformed messages 0 Renew messages 0 Message Received BOOTREQUEST 12 DHCPDISCOVER 200 DHCPREQUEST 178 DHCPDECLINE 0 DHCPRELEASE 0 DHCPINFORM 0 Message Sent BOOTREPLY 12...

Page 643: ...e counter is incrementally increased when a new renew message has arrived after the first renew message Message The DHCP message type that was received by the DHCP server Received The number of DHCP messages that were received by the DHCP server Sent The number of DHCP messages that were sent by the DHCP server Field Description ...

Page 644: ...able Command Mode EXEC mode or any configuration mode Usage Guideline Use the command to display DHCP snooping configuration setting Example This example shows how to display DHCP Snooping configuration Switch show ip dhcp snooping DHCP Snooping is enabled DHCP Snooping is enabled on VLANs Vlan10 vlan15 18 Information option not allowed Interface Trusted Rate Limit eth3 1 no 10 eth3 8 no 50 eth3 9...

Page 645: ... Optional Specifies a single interface a range of interfaces separated by a hyphen or a series of interfaces separated by a comma If no interface is specified the switch displays DVRMP information on all interfaces at which DVMRP is enabled That is for all of DVMRP enabled interfaces Only VLAN interface are allowed to be specified for this command Optional Specifies a series of interfaces or separ...

Page 646: ...tional The IP address of the neighbor detail Optional Show the neighbor information in detail Switch show ip dvmrp neighbor Interface Neighbor Address Generation ID ExpTime vlan1 10 10 10 11 0035ef6d 0DT0H0M29S Total Entries 1 Display Field Description Interface The interface refers to the routing interface which is mapped to a VLAN interface Neighbor Address Once a system has received a Probe fro...

Page 647: ... show ip dvmrp neighbor detail Capability Flags N Network S SNMP M MTRACE G GENID P PRUNE L LEAF Neighbor address 10 10 10 11 Interface vlan1 UpTime 0DT0H23M49S ExpTime 0DT0H0M30S Generation ID 0035ef6d Major Version 3 Minor Version 255 Capabilities e Flags M G P Number of bad routes Received 0 Number of routes Received 0 Number of PROBE Received 144 Number of REPORT Received 1 Number of PRUNE Rec...

Page 648: ...able Generation ID If a DVMRP router is restarted it will not be aware of any previous prunes that it had sent or received In order for the neighbor to detect that the router has restarted a non decreasing number is placed in the periodic probe message called the generation ID When a change in the generation ID is detected any prune information received from the router is no longer valid and shoul...

Page 649: ...250 P 0DT1H45M44S Off 10 0 7 131 32 239 255 255 250 P 0DT1H47M30S Off 10 1 52 99 32 229 55 150 208 P N 0DT1H44M36S 0DT0H3M50S Total Entries 3 Display Field Description Source Network The address of the source IP address or source network Group Address The IP group address State P The upstream state is in Prune state D The entry is in Hold Down state In this state a negative multicast forwarding ca...

Page 650: ...ghbor Metric Learned Interface State ExpTime 10 0 0 0 8 10 78 62 51 1 Local vlan99 Total Entries 1 DGS 6600 15 Display Field Description Source Network The address of the source IP address or source network Upstream neighbor The Next hop router to the source network 0 0 0 0 This route is a local interface entry and therefore it does not enable DVMRP If the interface is a local entry then the upstr...

Page 651: ...y Field Descriptions show ip igmp group Field Descriptions Syntax Description IP ADDRESS Optional Specifies the Group IP address to display If no IP address is specified all IGMP group information will be displayed interface INTERFACE ID Optional Specifies the interface to display If no interface is specified IGMP group information of all interfaces where IGMP is enabled will be displayed detail O...

Page 652: ...t will not be displayed Switch show ip igmp group 224 1 1 1 detail Interface vlan1000 Group 224 1 1 1 Uptime 0DT0H0M42S Expires stopped Group mode Include dynamic Last reporter 192 168 50 111 Group source list Source Address Uptime v3 Exp Forward 192 168 55 55 0DT0H0M42S 0DT0H3M38S Yes 192 168 10 55 0DT0H0M10S 0DT0H3M38S Yes Interface vlan2000 Group 224 1 1 1 Uptime 0DT0H0M42S Expires 0DT0H3M38S G...

Page 653: ...etermined by this expire timer If the router is in Include mode for a group then the whole group entry times out after the last source entry has timed out unless the mode is changed to Exclude mode before it times out Group mode Include or Exclude The group mode is based on the type of membership reports that are received on the interface for the group dynamic If this port or port channel interfac...

Page 654: ...1000 Syntax Description INTERFACE ID Optional Specifies a single interface a range of interfaces separated by a hyphen or a series of interface separated by a comma If no interface is specified the switch displays IGMP information for all interfaces where IGMP is enabled that is for all of IGMP enabled interfaces Note only a VLAN interface type is allowed for this command Optional Specifies a seri...

Page 655: ...isplay IGMP Snooping configurations Syntax Description VLAN VLAN ID Optional Specifies a VLAN The VLAN ID range is 1 to 4094 If no VLAN is specified then this command shows IGMP Snooping Information for all VLANs where IGMP Snooping is enabled i e all IGMP Snooping enabled VLAN interfaces Switch show ip igmp snooping IGMP Snooping is enabled in the following VLANs Codes v3 IGMP v3 host compatibili...

Page 656: ...e system will immediately remove the port from the multicast group membership Disable IGMP Snooping immediate leave response function is disabled which means the member port of the VLAN interface will receive the IGMP leave message the system will not remove the port from the multicast group membership instead the system will follow IGMP interaction process to confirm the multicast membership Host...

Page 657: ...yntax Description IP ADDRESS Optional Specifies the Group IP address to display If no IP address is specified all IGMP Snooping group information will be displayed VLAN VLAN ID Optional Specifies the VLAN interface to display If no VLAN is specified the command shows IGMP snooping group information about all VLANs where IGMP Snooping is enabled detail Optional Specifies to show the additional info...

Page 658: ...splayed Switch show ip igmp snooping group 224 1 1 1 detail IGMP version V3 Interface vlan1000 Group 224 1 1 1 Port eth3 12 Uptime 0DT0H0M42S Expires stopped Group mode Include dynamic Last reporter 192 168 50 111 Source Address Uptime v3 Exp Forward 192 168 55 55 0DT0H0M42S 0DT0H3M38S yes 192 168 55 66 0DT0H0M42S 0DT0H3M38S no IGMP version V2 Interface vlan2000 Group 224 1 1 1 Port eth3 2 Uptime ...

Page 659: ...e time out because a local receiver is on the router for this entry stopped indicates that the time out of this entry is not determined by this expire timer If the router is set to Include mode for a group then the whole group entry times out after the last source entry has timed out unless the mode is changed to Exclude mode before it times out Group mode Include or Exclude The group mode is base...

Page 660: ...nate auto and not allowed interfaces are displayed When the specified VLAN does not exist or the specified VLAN is without IGMP snooping enabled a warning message will appear indicating this Example This example shows how to display IGMP snooping mrouter information Syntax Description vlan VLAN ID Optional Specifies a VLAN The VLAN ID range is 1 to 4094 If no VLAN is specified this command shows I...

Page 661: ...terface type is specified then information for that specific interface is displayed This command only supports VLAN interface types If no optional arguments are specified then information for all the interfaces is displayed If the interface hardware is usable the interface is marked up For an interface to be usable both the interface hardware and line protocol must be up Example This example shows...

Page 662: ...le shows how to display the ip interface information for VLAN 1 Switch show ip interface vlan1 vlan1 is up Internet address is 100 0 0 1 24 Internet address is 110 0 0 1 24 secondary MAC Address is 08 01 02 24 00 01 ARP timeout is 14400 seconds IP MTU is 1500 bytes ...

Page 663: ...hain Syntax Description NAME OF KEY Optional Specifies the name of a key chain to display Switch show ip key chain Key Chain tree Key 1 text stringforkey1 accept lifetime 13 30 00 Jan 25 2008 15 29 59 Jan 25 2008 send lifetime 14 30 00 Jan 25 2008 16 29 59 Jan 25 2008 Key 2 text stringforkey2 accept lifetime 14 30 00 Jan 25 2008 always valid Send lifetime 14 30 00 Jan 25 2008 duration 3600 Key Cha...

Page 664: ...for the multicast data stream The Expires timer value is based on either the PIM Sparse and Dense Mode RFCs RFC 4601 and RFC 3973 or DVMRP If the multicast data continues to arrive at the device the timer will renew itself If network address is specified the switch displays the entries with source addresses that match the specified address Syntax Description group addr GROUP ADDRESS Optional Speci...

Page 665: ...DM S PIM SM V DVMRP Timers Uptime Expires 10 10 1 52 224 0 1 3 vlan1 0DT0H1M32S 0DT0H3M20S Flags D Switch show ip mroute IP Multicast Routing Table 1 entry Flags D PIM DM S PIM SM V DVMRP Timers Uptime Expires 10 10 1 52 224 0 1 3 uptime 0DT5H29M15S expires 0DT0H2M59S flags D Incoming interface vlan1 Outgoing interface list vlan2 vlan3 Switch show ip mroute static Mroute 192 168 6 0 24 RPF neighbo...

Page 666: ...pf Syntax None Default None Command Mode User EXEC Usage Guideline Display general OSPF protocol information It provides system wide statistics and per area statistics for OSPF The LSDB database overflow limit is the capacity for the LSA table size It is project dependent Example On the following page is a sample output from the show ip ospf command ...

Page 667: ...of LSA originated 138 Number of LSA received 1441 Number of current LSA 1426 LSDB database overflow limit is 24576 Number of areas attached to this router 5 Area 0 0 0 0 BACKBONE Number of interfaces in this area is 5 active interface number is 5 Number of fully adjacent neighbors in this area is 5 SPF algorithm last executed 0DT0H9M46S ago SPF algorithm executed 9 times Number of LSA 66 Network 4...

Page 668: ...f border routers command Switch show ip ospf border routers OSPF process internal Routing Table Codes i Intra area route I Inter area route i 10 47 65 181 1 via 47 65 51 2 vlan51 ABR ASBR TransitArea 0 0 0 1 i 10 47 65 182 1 via 47 65 52 2 vlan52 ABR ASBR TransitArea 0 0 0 1 i 10 47 65 183 1 via 47 65 53 2 vlan53 ABR ASBR TransitArea 0 0 0 2 i 10 47 65 184 1 via 47 65 54 2 vlan54 ABR ASBR TransitA...

Page 669: ...nd to display a database summary for OSPF information show ip ospf database Syntax None Default None Command Mode User EXEC Usage Guideline Display information about the database summary for OSPF information Example The following page shows a sample output from the show ip ospf database command ...

Page 670: ...Link States Area 0 0 0 0 Link ID ADV Router Age Seq CkSum 10 47 65 160 10 47 65 181 1786 0x80000003 0xb756 Router Link States Area 0 0 0 61 NSSA Link ID ADV Router Age Seq CkSum Link count 10 47 65 160 10 47 65 160 77 0x80000004 0x24bb 1 Summary Link States Area 0 0 0 61 NSSA Link ID ADV Router Age Seq CkSum Route 2 1 1 0 10 47 65 160 57 0x80000002 0xff3e 2 1 1 0 24 NSSA external Link States Area ...

Page 671: ...inate adv router IP ADDRESS Default None Command Mode User EXEC Usage Guideline Displays information about the Autonomous System Boundary Router ASBR summary LSAs Example The following page shows a sample output from the show ip ospf database asbr summary command Syntax Description LINK STATE ID Link State ID as an IP address self originate Self originated link states adv router Displays all the L...

Page 672: ... 65 160 AS Boundary Router address Advertising Router 10 47 65 181 LS Seq Number 80000003 Checksum 0xb756 Length 28 Network Mask 0 TOS 0 Metric 1 ASBR Summary Link States Area 0 0 0 1 LS age 927 Options 0x2 E LS Type ASBR summary LSA Link State ID 10 47 65 183 AS Boundary Router address Advertising Router 10 47 65 160 LS Seq Number 80000001 Checksum 0x53ba Length 28 Network Mask 0 TOS 0 Metric 1 T...

Page 673: ...ow ip ospf database external command Syntax Description LINK STATE ID Link State ID as an IP address self originate Self originated link states adv router Displays all the LSAs of the specified router IP ADDRESS Advertise router IP address Switch show ip ospf database external AS External Link States LS age 1056 Options 0x2 E LS Type AS external LSA Link State ID 1 0 0 0 External Network Number Ad...

Page 674: ...e adv router IP ADDRESS Default None Command Mode User EXEC Usage Guideline Display information about the network LSAs Example This is a sample output on the next page from the show ip ospf database network command Syntax Description LINK STATE ID Link State ID as an IP address self originate Self originated link states adv router Displays all the LSAs of the specified router IP ADDRESS Advertise ...

Page 675: ...uter 47 65 49 111 LS Seq Number 80000001 Checksum 0x33da Length 32 Network Mask 24 Attached Router 47 65 49 111 Attached Router 10 47 65 160 Net Link States Area 0 0 0 1 LS age 1015 Options 0x2 E LS Type network LSA Link State ID 47 65 51 2 address of Designated Router Advertising Router 10 47 65 181 LS Seq Number 80000001 Checksum 0x9ea1 Length 32 Network Mask 29 Attached Router 10 47 65 181 Atta...

Page 676: ...ginate adv router IP ADDRESS Default None Command Mode User EXEC Usage Guideline Display information about the nssa external LSAs Example This is a sample output on the next page from the show ip ospf database nssa external command Syntax Description LINK STATE ID Link State ID as an IP address self originate Self originated link states adv router Displays all the LSAs of the specified router IP A...

Page 677: ... 80000001 Checksum 0x82e6 Length 36 Network Mask 24 Metric Type 2 Larger than any link state path TOS 0 Metric 20 NSSA Forward Address 110 201 0 1 External Route Tag 0 LS age 1097 Options 0x0 LS Type AS NSSA LSA Link State ID 47 65 55 0 External Network Number For NSSA Advertising Router 10 47 65 160 LS Seq Number 80000001 Checksum 0xbb07 Length 36 Network Mask 24 Metric Type 2 Larger than any lin...

Page 678: ...adv router IP ADDRESS Default None Command Mode User EXEC Usage Guideline Display information about the router LSAs Example The following pages shows a sample output from the show ip ospf database router command Syntax Description LINK STATE ID Link State ID as an IP address self originate Self originated link states adv router Displays all the LSAs of the specified router IP ADDRESS Advertise rou...

Page 679: ...ddress 47 65 49 111 Link Data Router Interface address 47 65 49 1 Number of TOS metrics 0 TOS 0 Metric 1 Link connected to a Virtual Link Link ID Neighboring Router ID 10 47 65 181 Link Data Router Interface address 47 65 51 1 Number of TOS metrics 0 TOS 0 Metric 1 Link connected to a Virtual Link Link ID Neighboring Router ID 10 47 65 182 Link Data Router Interface address 47 65 52 1 Number of TO...

Page 680: ...ics 0 TOS 0 Metric 0 LS age 1063 Options 0x2 E Flags 0x3 ABR ASBR LS Type router LSA Link State ID 10 47 65 181 Advertising Router 10 47 65 181 LS Seq Number 80000006 Checksum 0xb55d Length 48 Number of Links 2 Link connected to a Virtual Link Link ID Neighboring Router ID 10 47 65 160 Link Data Router Interface address 47 65 51 2 Number of TOS metrics 0 TOS 0 Metric 1 Link connected to a Virtual ...

Page 681: ... adv router IP ADDRESS Default None Command Mode User EXEC Usage Guideline Display information about the summary LSAs Example The following page shows a sample output from the show ip ospf database summary command Syntax Description LINK STATE ID Link State ID as an IP address self originate Self originated link states adv router Displays all the LSAs of the specified router IP ADDRESS Advertise r...

Page 682: ...Link State ID 2 1 1 0 summary Network Number Advertising Router 10 47 65 160 LS Seq Number 80000001 Checksum 0xe359 Length 28 Network Mask 24 TOS 0 Metric 1 LS age 1225 Options 0x2 E LS Type summary LSA Link State ID 2 1 2 0 summary Network Number Advertising Router 10 47 65 160 LS Seq Number 80000001 Checksum 0xd863 Length 28 Network Mask 24 TOS 0 Metric 1 Total Entries 2 Switch ...

Page 683: ...r OSPF show ip ospf host route Syntax None Default None Command Mode User EXEC Usage Guideline Use this command to display host route information for OSPF Example The following is a sample output of this command Switch show ip ospf host route Host IP AreaID Cost 10 3 3 3 0 0 0 5 2 10 3 3 4 0 0 0 1 3 20 3 3 3 0 0 0 25 58 Total Entries 3 ...

Page 684: ...e Command Mode User EXEC Usage Guideline Use this command to display interface information for OSPF If no IFNAME is specified the OSPF information for all interfaces will be displayed Example The following example on the next page is a sample output of this command Syntax Description IFNAME Optional Specifies the interface type of the interfaces to display the OSPF information for ...

Page 685: ... LS Upd received 2 sent 947 LS Ack received 588 sent 3 Discarded 0 Current Authentication Type none vlan51 is up line protocol is up Internet Address 47 65 51 1 29 Area 0 0 0 1 MTU 1500 Router ID 10 47 65 160 Network Type BROADCAST Cost 1 Transmit Delay is 1 sec State BDR Priority 2 Designated Router ID 10 47 65 181 Interface Address 47 65 51 2 Backup Designated Router ID 10 47 65 160 Interface Ad...

Page 686: ...cription IFNAME Optional Specifies the type of the interface to display the neighbor information for NEIGHBOR ID Optional Neighbor ID detail Optional Detail of neighbors Switch show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 47 65 49 111 2 Full DR 0DT0H1M11S 47 65 49 111 vlan49 Total Entries 1 Switch Switch Switch show ip ospf neighbor detail Neighbor 47 65 49 111 interface...

Page 687: ...l links Use this command to display virtual link information show ip ospf virtual links Syntax None Default None Command Mode User EXEC Usage Guideline Use this command to display virtual link information Example The following pages show sample outputs from the show ip ospf neighbor ...

Page 688: ...ency state Full Current Authentication Type simple text Authentication Key Configuration Authentication type simple text Authentication key 12345678 Virtual Link to router 10 47 65 183 is up Transit area 0 0 0 2 via interface vlan53 Local address 47 65 53 1 32 Remote address 47 65 53 2 32 Transmit Delay is 1 sec State Point To Point Timer intervals configured Hello 10 Dead 40 Retransmit 5 Hello du...

Page 689: ...to display the global information of PIM Example The following example displays PIM global information Switch show ip pim PIM Configurations Register Checksum Include Data Disabled group list None Register Suppression Time 60 seconds Accept Register Group list pim acp reg RP Address 90 1 1 1 group list static rp RP Candidate vlan100 group list rp cand interval 60 priority 192 BSR Candidate vlan100...

Page 690: ... on a BSR router with the Candidate RP information on the router s interface vlan100 The following example displays the BSR information on a non BSR router with Candidate RP information on the router s interface Switch show ip pim bsr PIMv2 Bootstrap information This system is the Bootstrap Router BSR BSR address 90 1 1 3 Uptime 0DT0H18M50S BSR Priority 3 Hash mask length 30 Next bootstrap message...

Page 691: ...rfaces will be shown Examples The following example displays interface information On the following page is an example which displays the interface information in detail Syntax Description INTERFACE ID Optional Specifies the interface to display the interface information for Only VLAN interface IDs are applicable detail Optional Use to display the interface information in detail switch show ip pim...

Page 692: ...l 3000 milliseconds Effect Propag Delay 1000 milliseconds Effect Override Interval 3000 milliseconds Join Suppression Enabled Enabled Bidir Capable False vlan200 Address 50 111 111 111 Mode Dense Neighbor Count 1 DR 0 0 0 0 Generation ID 375693 Hello Interval 30 seconds Triggered Hello Interval 5 seconds Hello Hold time 105 seconds Stub Interface False Lan Delay Enabled Enabled Propagation Delay 5...

Page 693: ...outing table The switch populates the multicast routing table by creating source group S G entries from star group G entries The star refers to all source addresses the S refers to a single source address and the G is the destination multicast group address When creating S G entries the software uses the best path to that destination group which is found in the unicast routing table that is throug...

Page 694: ...ighbor None RPF Interface None Register State Pruned Register Stop Timer 20 secs Upstream Interface Join State Joined Join Timer off KAT 22 secs Downstream Interface List Vlan2 JP State No Info ET 20 secs PPT Off Assert State No Info AT Off Assert Winer 0 0 0 0 Metric 0 Pref 0 70 233 235 100 239 1 1 1 rpt Uptime 0DT0H3M8S flags S RP 70 1 1 3 RPF neighbor None RPF interface None Upstream Interface ...

Page 695: ...neighbor information for If INTERFACE ID is not specified the information on all interfaces will be displayed Switch show ip pim neighbor Mode B Bidir Capable DR Designated Router N Default DR Priority S State Refresh Capable Neighbor Interface Uptime Expires Ver DR Pri Mode 10 10 0 9 vlan1 0DT0H55M33S 0DT0H1M44S v2 1 10 10 0 136 vlan1 0DT0H55M20S 0DT0H1M25S v2 1 10 10 0 172 vlan1 0DT0H55M33S 0DT0...

Page 696: ...nal mode neighbor is using the Bidirectional PIM Capable option DR indicates the neighbor is the Designated Neighbor If an empty string is displayed it indicates the neighbor is not a DR S State Refresh Capable The neighbor is using the State Refresh Capable option This option is used only by PIM DM ...

Page 697: ...ield Descriptions The table below shows the ip pim rp mapping detailed field descriptions Switch show ip pim rp mapping PIM Group to RP Mappings Group s 224 0 0 0 4 RP 90 1 1 3 Info source 90 1 1 3 via bootstrap priority 0 Uptime 0DT16H52M39S expires 0DT0H2M50S Field Descriptions RP Address of the RP for the group specified Info source Indicates from which system the router learned this RP informa...

Page 698: ... also shows whether this RP was selected by Auto RP or the PIM Version 2 bootstrap mechanism Example The following is sample output from the show ip pim rp hash command with the group address 239 1 1 1 specified Please refer to the table in the description of command show ip pim rp mapping for the field descriptions Syntax Description GROUP ADDRESS Specifies the Group Address to display the select...

Page 699: ...is displayed ospf Optional Display OSPF global settings which are related to the overall IP routing function bgp Optional Display entries in the Border Gateway Protocol BGP routing table Specifies the autonomous system to be displayed Switch show ip protocols rip Routing Protocol is rip Sending updates every 30 0 to 5 seconds next due in 19 seconds Timeout after 180 seconds garbage collect after 1...

Page 700: ...on will be thrown flushed out Default version control Specifies the version of RIP packets that are sent and received Redistributing Lists the protocol that is being redistributed Routing Specifies the networks for which the routing process is currently injecting routes Routing Information Sources Lists all the routing sources the operating system software is using to build its routing table For e...

Page 701: ...ificant display fields Switch Show ip rip database Codes R RIP Rc RIP connected Rs RIP static K Kernel C Connected S Static O OSPF I IS IS B BGP Network Next Hop Metric From If Time Rc 10 0 0 0 8 1 vlan1 Rc 20 0 0 0 8 1 vlan2 R 30 0 0 0 8 20 33 24 1 2 20 33 24 1 vlan2 0DT0H2M44S 40 33 24 8 5 40 33 24 2 vlan3 0DT0H2M30S Total Entries 3 entries 4 routes Switch Display Field Description Rc 10 0 0 0 8...

Page 702: ...E ID Optional Specifies the interface ID to display the RIP information for If no INTERFACE ID is specified the RIP information on all interfaces will be shown Switch Show ip rip interface vlan1 is up line protocol is up Routing Protocol RIP Receive RIP packets Send RIP packets Send v2 broadcast Disabled Authentication Mode text Passive interface Disabled Split horizon Enabled with Poisoned Revers...

Page 703: ...ies Display all active static routes with both the show ip route and show ip route static commands Syntax Description IP ADDRESS Optional Address about which routing information should be displayed MASK Optional Argument specifying a subnet mask PROTOCOL Optional The name of a routing protocol specifying a routing protocol use one of the following keywords bgp ospf and rip database Optional Specif...

Page 704: ...te default S static B Border Gateway Protocol BGP derived E2 Type of route It can be one of the following values Indicates the last path used when a packet was forwarded It pertains only to the nonfast switched packets However it does not indicate which path will be used next when forwarding a nonfast switched packet except when the paths are equal cost IA OSPF interarea route E1 OSPF external typ...

Page 705: ... RIP B BGP O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2 ia IS IS inter area candidate default C 10 0 0 0 8 is directly connected vlan10 O 10 50 71 253 32 110 0 is a summary Null 0DT1H5M46S C 11 0 0 0 8 is directly connected vlan110 O E1 11 0 1 0 24 110 1 via 11 50 71 200...

Page 706: ...connected vlan10 O 10 50 71 253 32 110 0 is a summary Null 0DT1H7M18S C 11 0 0 0 8 is directly connected vlan110 O E1 11 0 1 0 24 110 1 via 11 50 71 200 vlan110 0DT1H6M19S C 12 0 0 0 8 is directly connected vlan111 C 20 0 0 0 8 is directly connected vlan111 O E1 20 0 1 0 24 110 1 via 11 50 71 200 vlan110 0DT1H6M19S B 50 0 0 0 8 200 0 via 10 50 71 253 0DT1H5M21S O IA 50 0 0 0 8 110 2 via 10 50 71 2...

Page 707: ...ommand Mode User EXEC or any configuration mode Usage Guideline None Example The following is sample output from the show ip route summary command Switch show ip route summary IP routing table name is Default IP Routing Table 0 IP routing table multi paths state is enabled IP routing table configured maximum paths is 6 IP routing table maximum paths is 6 Route Source Networks connected 2 rip 1 bgp...

Page 708: ...any configuration mode Usage Guideline Use the show ip ssh command to view the status of configured options such as retries and timeouts This command displays if SSH is enabled or disabled Example This example shows how to display the SSH configuration settings Switch show ip ssh SSH Enabled SSH server mode V2 Service port 22 Authentication timeout 120 Authentication retries 3 Switch ...

Page 709: ...ine This command displays the trusted host information Example This example shows how to display trusted hosts information for all access interfaces Syntax Description snmp http https telnet ssh Optional Specifies which access interface which is to be displayed If no access interface is specified the trusted hosts at all access interfaces will be displayed Switch show ip trusted host Hosts Valid t...

Page 710: ... the DHCPv6 client s DUID The following example shows the DHCPv6 client for interface vlan1 when vlan1 is DHCPv6 client disabled Syntax Description interface Specifies to show the interface DHCPv6 Client configuration and running information If interface is not entered the command will show the device DUID INTERFACE NAME Specifies the identifier of the interface on the device to show the DHCPv6 cl...

Page 711: ...n1 Interface vlan1 is in DHCPv6 client mode General prefix aaa State REQUEST Server IP N A Server DUID N A Preference 0 Event expire 10 IA is not acquired Switch enable Switch show ipv6 dhcp interface vlan1 Interface vlan1 is in DHCPv6 client mode General prefix aaa State ACTIVE Server IP fe80 21d 92ff fe2b af48 vlan1 Server DUID 0001000611D6EE73001D922BAF48 Preference 87 IA Type PD IA ID 0003 T1 ...

Page 712: ...r IP fe80 21d 92ff fe2b af48 eth0 Server DUID 0001000611D6EE73001D922BAF48 Preference 87 Event expire 17 IA Type PD IA ID 0003 T1 300 T2 800 Prefer Lifetime 3600 Valid Lifetime 7200 Prefix 3000 1 2 48 IA expire 219 Addr expire 5119 Switch enable Switch show ipv6 dhcp interface vlan1 Interface vlan1 is in DHCPv6 client mode General prefix aaa State REBIND Server IP fe80 21d 92ff fe2b af48 eth0 Serv...

Page 713: ...de Usage Guideline The show ipv6 dhcp relay command shows the DHCP for IPv6 relay configuration and running information of the specified VLAN interface Example The following example shows the DHCPv6 client for interface vlan1 when vlan1 DHCPv6 relay enabled Syntax Description VLAN interface Specific VLAN interface name Switch enable Switch show ipv6 dhcp relay interface vlan1 Listen interface name...

Page 714: ... The following example shows how to display all IPv6 general prefixes on the switch Syntax Description PREFIX NAME The name of the general prefix to be showed If the general prefix name is not specified then all general prefixes on the system will be showed The general prefix name can be 1 16 characters Switch enable Switch show ipv6 general prefix IPv6 prefix dhcp prefix Acquired via DHCP Client ...

Page 715: ...he following example shows how to display information for a specified general prefix named my prefix Switch enable Switch show ipv6 general prefix my prefix IPv6 prefix my prefix Acquired via Manual configuration 3ffe 1 1 48 Apply to interface vlan2 1 1 1 1 1 64 ...

Page 716: ...e link local address is fe80 a01 2ff fe39 1 global unicast address is 3ffe 501 ffff 100 a01 2ff fe39 1 64 DAD check fail MAC Address is 08 01 02 39 00 01 IP MTU is 1500 bytes IPv6 Hop Limit is 64 ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled number of DAD attempts 1 ND reachable time is 30000 milliseconds ND advertised is sending ND advertis...

Page 717: ...ved from the routing table Removing the entry allows the software to use dynamic routing protocols to determine backup routes to the network If you specify an optional interface type you see information for that specific interface At current stage the supporting interface type is VLAN If you specify no optional arguments you see information on all the interfaces If the interface hardware is usable...

Page 718: ...he last ReachableTime in milliseconds that the forward path to the neighbor was properly functioning While in the REACH state the device takes no special action as packets are sent STALE More than the ReachableTime in milliseconds has elapsed since the last positive confirmation was received that the forward path was properly functioning While in the STALE state the device takes no action until a ...

Page 719: ...eline The information displayed by the show ipv6 ospf command is useful in debugging OSPF routing operations Example The following is sample output from the show ipv6 ospf command The output after executing this command is as follows on the next page Syntax Description PROCESS ID Optional Internally used identification parameter for an IPv6 OSPF routing process It is locally assigned and can be an...

Page 720: ...8 Number of LSA received 13 Number of current LSA 31 LSDB database overflow limit is 12288 Number of areas in this router is 3 Area 0 0 0 0 BACKBONE active Number of interfaces in this area is 1 active interface number is 1 Number of fully adjacent virtual neighbors through this area is 0 SPF algorithm last executed 0DT0H12M39S SPF algorithm executed 4 times Number of LSA 13 Checksum Sum 0x616B2 A...

Page 721: ...l IPv6 OSPF processes Example This is a sample output from the show ipv6 ospf border routers command The result after executing this command is as follows Syntax Description PROCESS ID Optional Internally used identification parameter for an IPv6 OSPF routing process It is locally assigned and can be any positive integer A unique value is assigned for each IPv6 OSPF routing process Switch enable S...

Page 722: ...tabase command to provide more detailed information If the PROCESS ID argument is not specified display all IPv6 OSPF processes Example The following is sample output from the show ipv6 ospf database command when no arguments or keywords are used Syntax Description PROCESS ID Optional Internally used identification parameter for an IPv6 OSPF routing process It is locally assigned and can be any po...

Page 723: ...re IPv6 OSPF process Switch enable Switch show ipv6 ospf interface vlan2 is up line protocol is up Interface ID 1026 IPv6 Prefixes fe80 a01 2ff fe36 2 64 Link Local Address 3ffe 4 30 64 OSPFv3 Process null Area 0 0 0 1 active MTU 1500 Instance ID 0 Router ID 10 76 37 30 Network Type BROADCAST Cost 1 default Transmit Delay is 1 sec State BDR Priority 1 Designated Router ID 10 76 37 3 Interface Addr...

Page 724: ...ows Syntax Description PROCESS ID Optional Internally used identification parameter for an IPv6 OSPF routing process It is locally assigned and can be any positive integer A unique value is assigned for each IPv6 OSPF routing process IFNAME Optional Interface type and number If no option is specified the command applies to the entire IPv6 OSPF process NEIGHBOR ID Optional Neighbor ID It can be spe...

Page 725: ...used identification parameter for an IPv6 OSPF routing process It is locally assigned and can be any positive integer A unique value is assigned for each IPv6 OSPF routing process Switch enable Switch show ipv6 ospf route OSPFv3 Process null Codes C connected D Discard O OSPF IA OSPF inter area E1 OSPF external type 1 E2 OSPF external type 2 Destination Metric Next hop O 3ffe 1 64 11 via fe80 219 ...

Page 726: ...OSPF processes Example The following is sample output from the show ipv6 ospf virtual links command Syntax Description PROCESS ID Optional Internally used identification parameter for an IPv6 OSPF routing process It is locally assigned and can be any positive integer A unique value is assigned for each IPv6 OSPF routing process Switch enable Switch show ipv6 ospf virtual links Virtual Link VLINK1 ...

Page 727: ...uting information Examples The following is sample output from the show ipv6 protocols ospf command Syntax Description rip Optional Herein RIPng protocol information is displayed ospf Optional Display OSPFv3 global settings which are related to the overall IP routing function It can show the OSPFv3 global setting for the specific process ID when the input OSPFv3 process tag is in the command Switc...

Page 728: ...uting Protocol is ripng Sending updates every 30 seconds with 50 next due in 20 seconds Timeout after 180 seconds garbage collect after 120 seconds Outgoing update filter list for all interface is not set Incoming update filter list for all interface is not set Default redistribute metric is 1 Redistributing connected static ospf Interface vlan51 vlan54 Routing for Networks ...

Page 729: ...s sample output from the show ipv6 rip database command The result after executing this command is as follows Syntax Description database If specified the command displays the details of the entries in the specified RIP IPv6 routing table Switch enable Switch show ipv6 rip database Codes R RIP Rc RIP connected Rs RIP static K Kernel C Connected S Static O OSPF I IS IS B BGP Network Next Hop If Met...

Page 730: ...sses The show ipv6 rip interface command also displays the parameters that IPv6 RIP is using on this interface including any configured features If the argument IFNAME is not used then all IPv6 RIP interfaces are displayed Example The following is sample output in vlan1 from the show ipv6 rip interface command Syntax Description IFNAME The specified interface type and interface number Switch enabl...

Page 731: ...e IPv6 network that is the destination of the static route PREFIX LENGTH Optional The length of the IPv6 prefix A decimal value that indicates how many of the high order contiguous bits of the address comprise the prefix the network portion of the address A slash mark must precede the decimal value IPV6 ADDRESS Optional Displays routing information for a specific IPv6 address PROTOCOL Optional The...

Page 732: ...2 S 192 0 244 2 64 1 0 via 20 50 71 1 2 S a100 64 1 0 via fe80 250 baff fe91 bb28 vlan111 1 0 via fe80 a00 1ff fe02 6 vlan10 Total Entries 8 entries 10 routes Switch Switch enable Switch show ipv6 route database IPv6 Routing Table Codes K kernel route C connected S static R RIP O OSPF I IS IS B BGP X add to ACL table fail selected route FIB route p stale info S 0 1 0 via 192 0 7 2 2 O 20 50 71 1 6...

Page 733: ...d Mode User EXEC or any configuration mode Usage Guideline None Example The following is sample output from the show ipv6 route summary command Swtich show ipv6 route summary IPv6 routing table name is Default IPv6 Routing Table 0 IPv6 routing table multi paths state is enabled IPv6 routing table configured maximum paths is 6 IPv6 routing table maximum paths is 6 Route Source Networks connected 2 ...

Page 734: ...a prefix of more than 64 bits show ipv6 unicast routing long prefix status Syntax None Default None Command Mode User EXEC or any configuration mode Usage Guideline None Example The following displays the settings of IPv6 routes with a long prefix from the ip6 route longprefix status command Switch show ipv6 unicast routing long prefix status State Enabled Log Disabled Switch ...

Page 735: ...Syntax Description cr To show all the loopback detection protocol information interface INTERFACE ID Specify the interface ID which you want to display Optional Specify a series of interfaces or separate a range of interfaces from a previous range No space before and after the comma Optional Specify a range of interfaces no space before and after the hyphen detail Optional Displays detailed inform...

Page 736: ...opback detection Status Enabled Mode VLAN Based Interval 20 sec Interface LoopDetect State Result Time Left sec eth3 1 Enabled Normal eth3 8 Enabled Normal eth4 5 Enabled Loop on Vlan 2 120 Loop on Vlan 3 115 Switch show loopback detection interface Interface Loopdetect Mode Loop Status Time Left sec eth3 1 Enabled Normal eth3 8 Enabled Normal eth4 5 Enabled Loop 20 Total Entries 3 Switch ...

Page 737: ...le of the command show logging with the keyword host Syntax Description host Optional Displays the logging hosts buffer Optional Only display the content of system logging buffer START INDEX Optional The logging index number to start the display from STOP INDEX Optional The logging index number to stop the display at If both the START INDEX and STOP INDEX are not specified all logs in the system l...

Page 738: ...30 65 45 34 informational local7 514 35 4 56 2 critical local4 1300 DGS 6600 15 show logging buffer 3 Total logs 401 Index Date Log Text 3 12 12 04 2010 08 14 Interface eth4 47 is up 2 12 12 04 2010 08 14 Interface vlan99 is up 1 12 11 47 2010 08 14 System is cold started DGS 6600 15 show logging buffer 3 Total logs 401 Index Date Log Text 401 06 26 45 1993 01 03 Successfully login to the system b...

Page 739: ...08 53 14 2010 09 20 Interface vlan1 is up 257 08 45 08 2010 09 20 eth4 1 state change from LRN to FWD for MSTID 0 256 08 45 08 2010 09 20 eth4 1 state change from BLK to LRN for MSTID 0 255 08 45 07 2010 09 20 eth4 43 state change from LRN to FWD for MSTID 0 254 08 45 07 2010 09 20 eth4 43 state change from BLK to LRN for MSTID 0 253 08 45 05 2010 09 20 Interface eth4 1 is up 252 08 45 05 2010 09 ...

Page 740: ...ine None Examples This is an example of output from the show mac address table address command Syntax Description dynamic Optional Displays dynamic MAC address table entries only static Optional Displays static MAC address table entries only address MAC ADDR Specifies the 48 bit MAC address the valid format is XX XX XX XX XX XX interface INTERFACE ID Display information for a specific interface Va...

Page 741: ...table static Vlan Mac Address Type Ports 1 01 00 0c cc cc cc Static CPU 1 01 80 c2 00 00 00 Static CPU 1 01 00 0c cc cc cd Static CPU 1 01 80 c2 00 00 01 Static CPU 1 01 80 c2 00 00 04 Static CPU 1 01 80 c2 00 00 05 Static CPU 4 00 01 00 02 00 04 Static eth3 2 6 00 01 00 02 00 07 Static eth3 1 Total Entries 8 Switch Switch show mac address table vlan 1 Vlan Mac Address Type Ports 1 00 02 4B 28 C4 ...

Page 742: ...status of destination MAC address triggered update function show mac address table aging destination hit Syntax None Default None Command Mode User EXEC or any configuration mode Usage Guideline None Examples This is an example of output from the show mac address table aging destination hit command Switch show mac address table aging destination hit Mac address table aging destination hit is enabl...

Page 743: ...ble aging time command to display the aging time show mac address table aging time Syntax None Default None Command Mode User EXEC or any configuration mode Usage Guideline None Example This is an example of output from the show mac address table aging time command Switch show mac address table aging time Aging Time is 300 seconds ...

Page 744: ...and Mode User EXEC management interface mode or any configuration mode Usage Guideline None Example This example shows how to display the status of the management port Switch show mgmt if Management Interface Admin Status Down IPv4 Address 10 1 1 1 8 IPv4 Default Gateway 10 1 1 254 IPv6 Global Address 6600 66 64 IPv6 Link local Address fe80 40b ff fe19 0 64 IPv6 Default Gateway IP MTU 1600 Link St...

Page 745: ...sions are displayed Examples This example shows how to display a created port mirroring session with session number 1 This example shows how to display all the created port mirroring sessions Syntax Description SESSION NUMBER Optional Specify the session number which you want to display local Optional Specify to display a local session remote Optional Specify to display remote RSPAN session Switch...

Page 746: ...1 2 4 RX eth1 5 TX eth1 7 Session 2 Session type local session Destination Port eth2 1 Source Ports Both eth2 2 4 RX eth1 5 TX eth1 7 Session 3 Session type remote source session Destination remote VLAN VLAN 100 Source Ports Both eth2 2 4 RX eth1 5 TX eth1 7 Session 4 Session type remote destination session source remote VLAN VLAN 100 destination Ports eth2 5 Switch ...

Page 747: ...erfaces This is an example of output from the show multicast filtering mode for the vlan 1 interface Syntax Description INTERFACE ID Optional Specifies the interface to display the filtering mode on only VLAN interfaces are supported Switch show multicast filtering mode Interface Multicast Filtering Mode VLAN1 filter unregistered VLAN2 filter unregistered VLAN3 filter unregistered VLAN4 filter unr...

Page 748: ...ow policy map command As shown below in the policy map called policy1 two rate traffic policing has been configured for the class called police Two rate traffic policing has been configured to limit traffic to an average committed rate of 500 Mbps and a peak rate of 1 Gbps Syntax Description INTERFACE ID Optional Module and port number POLICY NAME Optional Specifies the name of the policy map If n...

Page 749: ...at eth3 1 Switch show policy map policy1 Policy Map policy1 Class police police tr tcm cir 500000 bc 10000 pir 1000000 be 10000 exceed action set dscp transmit 2 violate action drop Total Entries 1 Switch show policy map interface eth3 1 Policy Map policy1 Class police police tr tcm cir 500000 bc 10000 pir 1000000 be 10000 exceed action set dscp transmit 2 violate action drop Total Entries 1 ...

Page 750: ...cified with show port security command all of the port security information is displayed Examples This example shows how to display the port security setting of interface port eth4 1 Syntax Description INTEFACE ID Optional Specifies the ID of interfaces to display Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No space before and after the comma O...

Page 751: ...to display the power saving information show power saving Default None Command Mode User EXEC or any configuration mode Usage Guideline None Example The following example shows how to display power saving information DGS 6600 2 show power saving Power saving status phy power saving Enabled ...

Page 752: ...nfiguration mode Usage Guideline None Example This example shows how to display the aggregate policer Syntax Description NAME Optional Specifies the name of the aggregate policer Switch show qos aggregate policer QoS policy aggregate agg policer5 rate 64 burst normal 128 exceed action drop QoS policy aggregate agg policer6 tr tcm cir 64 bc 128 pir 256 be 512 exceed action set dscp transmit 2 viola...

Page 753: ...iption interface INTERFACE ID Specifies the interface ID to display Specify multiple interface IDs which are separated by a comma or hyphen No space is before or after the comma or hyphen cos Displays the port default CoS deficit round robin Displays the DRR configuration trust Displays the port trust state bandwidth Displays the bandwidth limitation configured for the port dscp mutation Displays ...

Page 754: ...ts eth3 1 to 3 2 Switch show qos interface eth3 2 3 5 trust Interface Trust State eth3 2 trust DSCP eth3 3 trust CoS eth3 4 trust DSCP eth3 5 trust CoS Total Entries 4 Switch Switch show qos interface eth3 1 3 2 deficit round robin eth3 2 CoS Quantum Kbytes 0 16 1 32 2 16 3 32 4 16 5 64 6 64 7 strict priority eth3 2 DRR is disabled Switch Switch show qos interface eth3 1 3 2 dscp mutation Interfac...

Page 755: ...dith Control Table Interface Ingress Rate Kbps Egress Rate Kbps eth3 1 64 qos 128 qos eth3 2 256 dot1x 256 dot1x Total Entries 2 Switch show qos interface eth3 1 3 2 map dscp color eth3 1 DSCP 0 7 44 63 are mapped to Green DSCP 41 43 are mapped to Yellow DSCP 8 40 are mapped to Red eth3 2 DSCP 0 63 are mapped to Green Total Entries 2 Switch show qos interface eth3 3 3 4 map cos color eth3 3 CoS 0 ...

Page 756: ...p for ports eth3 1 Switch show qos interface eth3 1 map dscp cos eth3 1 0 1 2 3 4 5 6 7 8 9 00 00 00 00 00 00 00 00 00 01 01 10 01 01 01 01 01 01 02 02 02 02 20 02 02 02 02 03 03 03 03 03 01 30 03 03 04 04 04 04 04 04 04 04 40 05 05 05 05 05 05 05 05 06 06 50 06 06 06 06 06 06 07 07 07 07 60 07 07 07 07 ...

Page 757: ...xample displays the global DSCP mutation map Syntax Description MAP NAME Optional Specifies the name of the DSCP mutation map to display Switch show qos map dscp mutation DSCP Mutation mutemapl Attaching interface eth2 1 eth2 2 eth2 3 eth2 4 eth2 5 eth3 1 eth3 2 eth3 3 eth3 4 eth3 5 eth3 6 eth3 7 eth3 8 eth3 9 eth3 10 0 1 2 3 4 5 6 7 8 9 00 00 01 02 03 04 05 06 07 08 09 10 10 11 12 13 14 15 16 17 ...

Page 758: ...rmation that pertains to the route map in the same display without having to execute a show route map command to display each ACL that is associated with the route map Example This example shows how to display static route maps for the entry myPolicy Syntax Description MAP NAME Optional Name of a specific route map Switch show route map myPolicy route map myPolicy permit sequence 10 Match clauses ...

Page 759: ...lege EXEC at level 15 Usage Guideline The show running config command output for the current running system configuration Example The following example shows how to display the contents of the current running configuration file Switch 15 config show running config Building configuration Current configuration version 1 00 001 Slot Module Type Model 1 Management Control Module CMU Card 2 3 4 48 port...

Page 760: ...ple output from the command show snmp host Syntax Description community Display SNMP community information host Display SNMP trap recipient information view Display SNMP view information group Display SNMP group information engineID Display SNMP local engine ID information Switch show snmp community Codes ro read only rw ReadWrite rw System ro public ro Develop rw private Total Entries 4 Switch Sw...

Page 761: ...uded CommunityView 1 3 6 1 6 3 1 Included Total Entries 8 Switch Switch show snmp group groupname ILMI security model v1 readview ilmi writeview ilmi notifyview no notifyview specified row status active groupname ILMI security model v2c readview ilmi writeview ilmi notifyview no notifyview specified row status active groupname public security model v1 readview no readview specified writeview no wr...

Page 762: ...DGS 6604 m show snmp CLI Reference Guide 752 This example is sample output from the command show snmp engineID Switch show snmp engineID Local SNMP engineID 00000009020000000C025808 Switch ...

Page 763: ...cified the state control for all trap notifications will be shown Examples This example shows how to display the SNMP server configuration This example shows how to display the state control for all traps notification Syntax Description traps Optional Display the control for all trap notifications Switch show snmp server SNMP Server Enabled System Name DES XXXXS Stackable Switch Location HQ 15F Co...

Page 764: ...d Mode Privileged EXEC or global configuration Usage Guideline An SNMP user must be part of an SNMP group as configured using the snmp server user USER NAME GROUP NAME command When the username argument is not entered the show snmp user command displays information about all configured users Syntax Description USER NAME Optional Name of a specific user or users about which to display SNMP informat...

Page 765: ...ies 1 Display Field Description User Name A string identifying the name of the SNMP user Engine ID Per snmp user s engineID is copied from the local system engineID Authentication Protocol Identifies which authentication protocol is used Options are message digest algorithm 5 MD5 Secure Hash Algorithm SHA packet authentication or None Privacy protocol Indicates whether Data Encryption Standard DES...

Page 766: ...erver show sntp Syntax None Default None Command Mode User EXEC or any configuration mode Usage Guideline None Example The following example shows how to display the SNTP information Switch show sntp SNTP server Version Last Receive 171 69 118 9 5 00 01 02 172 21 28 34 4 00 00 36 Synced Total Entries 2 Switch ...

Page 767: ... STP compatible mode Issuing the command without any argument displays all the spanning tree protocol information An error message will appear when the operating mode is MSTP Examples The example on the next page shows how to display the spanning information Syntax Description interface INTERFACE ID Specifies the INTERFACE ID which to display information for Optional Specifies a series of interfac...

Page 768: ...igured as enabled Configured link type A Auto P point to point S shared Priority Link Interface Role State Cost Port Type Edge FA eth3 3 designated forwarding 20000 128 3 p2p edge FA eth3 5 backup blocking 200000 128 5 p2p non edge A eth3 6 backup blocking 200000 128 6 shared edge P eth3 7 root forwarding 2000 128 9 p2p edge Total Entries 4 Switch Switch show spanning tree interface eth4 7 eth4 7 ...

Page 769: ... example shows how to MSTP summary information Syntax Description configuration Specifies to display a table of the mapping relationship between VLANs and MSTP Instances digest Specifies to display the MD5 digest included in the current MST configuration identifier MSTCI instance INSTANCE ID Specifies to show the MSTP information for the designated instance only Multiple instances can be defined U...

Page 770: ...ype A Auto S Shared P Point to point Priority Link Interface Role State Cost Port Type Edge FA eth3 3 designated forwarding 20000 128 3 p2p edge FA eth3 5 backup blocking 200000 128 5 p2p non edge A eth3 6 backup blocking 200000 128 6 shared edge A eth3 7 root forwarding 2000 128 9 p2p edge MST2 vlans mapped 2 3 Bridge address 00 12 d9 87 47 00 priority 32770 32768 sysid 2 Designated Root this swi...

Page 771: ...CLI Reference Guide 761 This example shows how to display the MSTP MD5 digest information Switch show spanning tree mst digest Name region1 Revision 2 Instances configured 3 Digest 3C 60 DB F2 4B 03 EB F0 9C 59 22 F4 56 D1 8A 03 Switch ...

Page 772: ...ion information such as timeouts and retries Example This example shows how to display SSH connections information Display Field Descriptions Description of significant display fields Switch show ssh SID Ver Cipher Userid Host 0 V2 aes256 cbc hmac sha1 admin 126 100 51 22 Switch Display Field Description SID A unique number that identifies the SSH session Ver Indicates the SSH version of this sess...

Page 773: ...command to display the system configuration contents of the file which is specified with the boot config command If no boot config command is applied the factory default system configuration content is displayed Example The following example shows how to display the content of the startup system configuration file Switch 15 config show startup config Boot configuration file flash configurations de...

Page 774: ...ear If no traffic type is specified then all types of storm control settings will appear If there is no configuration on the interface specified the interface will not be displayed Examples This example shows the current Broadcast storm control setting Syntax Description INTERFACE ID Interface name id broadcast Displays the current Broadcast storm setting multicast Displays the current Multicast s...

Page 775: ...ge 80 eth3 1 Unicast Drop percentage 80 eth3 2 Broadcast Shutdown percentage 90 eth3 2 Multicast Drop percentage 80 eth3 3 Broadcast Shutdown percentage 85 Total Entries 6 Switch show storm control interface eth3 1 3 2 Interface Storm Action Type Threshold eth3 1 Broadcast Drop pps 500 eth3 1 Multicast Drop percentage 80 eth3 1 Unicast Drop percentage 80 eth3 2 Broadcast Shutdown percentage 90 eth...

Page 776: ...splays information about the overall Switch system Use keyword of protocol state to show the information about the administrative and operational state of the supported protocols Example This example on the following page shows how to display the Switch information Syntax Description cpu Optional Shows the information about the CPU utilization of the management control unit protocol state Optional...

Page 777: ...ss es 1 Slot 2 Hardware Version 0A0 2 Bootloader Version 1 00 002 Firmware Version 1 00 018 S N QT101AC000001 Model Name DGS 6600 48P First MAC Address 08 03 04 37 00 00 Number of MAC Address es 48 Slot 3 Hardware Version 0A0 1 Bootloader Version 1 00 002 Firmware Version 1 00 018 S N QT111AC000001 Model Name DGS 6600 48TS First MAC Address 08 03 05 21 00 00 Number of MAC Address es 48 Slot 4 Hard...

Page 778: ...DGS 6604 m show system CLI Reference Guide 768 The following shows the output for the command show system protocol state command ...

Page 779: ...bled RIP Disabled OSPF Disabled BGP Disabled Multicast Routing Disabled DVMRP Enabled PIM DM Enabled PIM SM Enabled IGMP Snooping Enabled IGMP Enabled DHCPv4 Relay Disabled DHCPv4 Client Enabled DHCPv4 Server Disabled AAA Authorization Disabled VLAN Tunnel Disabled Voice VLAN Disabled RIPng Disabled OSPFv3 Disabled IPv6 DHCP Relay Enabled IPv6 DHCP Client Enabled VRRP Enabled sFlow Disabled Loopba...

Page 780: ...ple shows how to display the content of the configured time range profile named trange1 Syntax Description NAME Optional The name of the time range profile to be displayed If no NAME argument is specified all time range profiles will be displayed Up to 32 characters are allowed Switch config show time range trange1 time range name trange1 09 00 12 00 every day 00 00 23 59 every Sat 00 00 23 59 eve...

Page 781: ...ation for all ports is displayed Otherwise only the specified interface s traffic segmentation is shown Example This example shows the configuration of traffic segmentation for eth3 1 Syntax Description interface INTERFACE ID Optional Specifies the ID of an interface The allowable interfaces are either physical ports or port channels Optional Specifies a series of interfaces or separate a range of...

Page 782: ...The display text and format may differ depending on the SW release Display Field Descriptions Description of significant display fields Syntax Description UNIT ID Optional Slot ID to indicate which slot module the information is going to be displayed for Slot Model Status Up Time 1 DGS 6600 CM ok 0DT0H2M49S 2 3 4 DGS 6600 8XG ok 0DT0H2M17S Slot Model Description 1 DGS 6600 CM CPU Fabric Management...

Page 783: ...to display all of the usernames configured in the switch The table below describes the significant fields shown in the display Syntax Description NAME Optional A specified name of a user account Only one word is allowed for the name argument If no NAME is specified all user accounts will be displayed Switch show username Password Encryption Disabled Username Access Level Password Encrypted Admin 1...

Page 784: ...ng all interfaces will be displayed Example This example shows how to display all session information Syntax Description console Optional displays the information of the current console users telnet Optional displays the information of the current telnet users ssh Optional displays the information of the current ssh users http Optional displays the information of the current http users https Optio...

Page 785: ... about the Switch Example This example shows how to display the software and hardware versions on a DGS 6604 switch Switch show version GS 6604 System Version Backplane H W version 0A1G PCBA version 0 CPLD version 15 Serial 123456789 123456789 123456789 0123456789 Slot Module Type Versions 1 DGS 6600 CM Serial P4Z21A9000001 H W 0A1G Bootloader 1 00 001 PCBA 0 Runtime 1 00 021 CPLD ver 0 2 3 4 DGS ...

Page 786: ...ion Syntax Description VLAN ID Optional Display information about a single VLAN identified by VLAN id number The VLAN id range is 1 to 4094 Separate non consecutive VLAN IDs with a comma use a hyphen to designate a range of VLAN ID interface Optional Displays the interface port s PVID ingress checking acceptable frame type information INTERFACE ID Specifies the port to display Optional Specifies a...

Page 787: ...1 Configuration using an access VLAN command 2 VLAN assignment from a RADIUS server Use the command show vlan subnet base mac base to display a Subnet based VLAN or MAC based VLAN respectively If no optional key word is specified all of VLAN configurations are displayed Examples This example shows how to display all current VLAN entries ...

Page 788: ...eth4 19 eth4 20 eth4 21 eth4 22 eth4 23 eth4 24 eth4 25 eth4 26 eth4 27 eth4 28 eth4 29 eth4 30 eth4 31 eth4 32 eth4 33 eth4 34 eth4 35 eth4 36 eth4 37 eth4 38 eth4 39 eth4 40 eth4 41 eth4 42 eth4 44 eth4 45 eth4 46 eth4 48 port channel1 GVRP Advertise Ports eth4 1 eth4 48 port channel1 Forbidden Ports None VLAN 20 Name VLAN0020 GVRP advertisement yes Static Tag Member Ports eth4 47 Static Untag M...

Page 789: ... 1 4 3 eth4 1 PVID 99 GVRP State Disabled Ingress checked Enabled Access VLAN 99 Advertise VLAN 1 4094 Forbidden VLAN Acceptable frame types admit all eth4 2 PVID 1 GVRP State Disabled Ingress checked Enabled Access VLAN 1 Advertise VLAN 1 4094 Forbidden VLAN Acceptable frame types admit all eth4 3 PVID 1 GVRP State Disabled Ingress checked Enabled Access VLAN 1 Advertise VLAN 1 4094 Forbidden VLA...

Page 790: ...base VLAN table Switch config show vlan mac base MAC Address VLAN ID 00 80 cc 00 00 11 100 00 80 cc 00 00 21 100 00 80 cc 00 00 12 200 00 80 cc 00 00 31 300 00 80 cc 00 00 33 300 Total Entries 5 Switch config Switch config show vlan subnet base Subnet VLAN ID 20 0 1 0 8 100 192 0 1 0 8 100 20 0 2 0 8 200 20 0 3 0 8 300 Total Entries 4 Switch config ...

Page 791: ...cific interface s in the VLAN translation table If no argument is specified only the status of VLAN tunnel mode will be shown Syntax Description INTERFACE ID Optional Multiple interfaces can be specified to be displayed The multiple interface numbers are separated by comma or hyphen No spaces before and after the comma or hyphen If no INTERFACE ID is specified VLAN tunnel settings on all interface...

Page 792: ...CoS encapsulation 1001 2002 5 2003 5 2004 5 encapsulation 1002 1002 5 2003 5 3004 6 remarking 2 102 4 remarking 3 103 5 remarking 4 104 5 eth4 2 NNI port TPID 0x88a8 eth4 3 UNI port CoS remarking disabled ingress checking enabled remove inner tag disabled VLAN S VID C VID CoS encapsulation 1001 2002 trusted 2003 trusted 2004 trusted encapsulation 1002 1002 4 2003 5 3004 6 remarking 2 102 4 remarki...

Page 793: ...tion and remarking pairs S VID C VID Indicates the service provider VLAN ID and customer VLAN ID of the VLAN tunneling pair CoS The CoS remarking setting for the VLAN tunneling pair Field Description Switch show vlan tunnel eth4 1 VLAN tunneling disabled eth4 1 UNI port CoS remarking 5 ingress checking disabled remove inner tag disabled VLAN S VID CVID CoS encapsulation 1001 2002 5 2003 5 2004 5 e...

Page 794: ...ctag mapping static command to show each static customer VLAN tag mapping entries that user configured Examples This example shows how to display the state of dynamic learned customer VLAN tag mechanism This example shows how to display the VLAN tunnel static customer VLAN tag mapping entries Syntax Description dynamic state Display the state of dynamic learned customer VLAN tag mechanism static D...

Page 795: ...gured in the interface vlan1 a VRID 5 configured in interface vlan2 and a VRID 1 configured in interface vlan3 Syntax Description INTERFACE ID Optional The interface name of a configured IP interface When the INTERFACE ID is specified the VRRP information that is related to the interface will be displayed VRID Optional A configured virtual router identifier When both INTERFACE ID and VRID are spec...

Page 796: ...on disabled Priority is 200 Critical IP address is 0 0 0 0 Master router is 20 0 1 1 local Master Down interval is 3 218 sec vlan2 VRID 5 State is Initialize Virtual IP address is 30 1 1 254 Virtual MAC address is 00 00 5e 00 01 05 Advertisement interval is 1 sec Preemption enable Priority is 100 Critical IP address is 70 5 1 1 Master router is unknown Master Down interval is 3 609 sec vlan3 VRID ...

Page 797: ...ce vlan1 and VRID 8 Switch show vrrp interface vlan1 8 vlan1 VRID 8 State is Master Virtual IP address is 20 1 1 2 Virtual MAC address is 00 00 5e 00 01 08 Advertisement interval is 1 sec Preemption disabled Priority is 200 Critical IP address is 0 0 0 0 Master router is 20 0 1 1 Master Down interval is 3 218 sec ...

Page 798: ...all virtual routers including virtual routers in a shutdown state Switch show vrrp brief Interface VRID Prio Time Own Pre State Master Addr VRouter Addr vlan1 7 255 3 003 Y Y Master 20 0 1 1 20 0 1 1 vlan1 8 200 3 218 Y Master 20 0 1 1 20 1 1 2 vlan2 5 100 3 609 Y Init 0 0 0 0 30 1 1 254 vlan3 1 80 3 687 Y Backup 50 0 1 2 50 1 1 254 Field Description Interface Interface name VRID Virtual router id...

Page 799: ...port interfaces are valid for this configuration The command will change the state of a port to be disabled In the disabled state the port will not be able to receive or transmit any packets Using the no shutdown command the port will set the port to the enabled state When a port is shutdown disabled the link status will also be off Examples Below demonstrates using the shutdown command to set int...

Page 800: ...o shutdown Syntax None Default Enabled Command Mode Management interface Usage Guideline This command will disable the management port Users cannot access or manage the system using the management port until the no shutdown command is executed Example Use the shutdown command to disable the Management Port Verify the settings by entering the show mgmt if command Switch config mgmt if Switch mgmt i...

Page 801: ...y configuration mode Usage Guideline Use the command to display DHCP snooping configuration setting Example This example shows how to display DHCP Snooping configuration Switch show ip dhcp snooping DHCP Snooping is enabled DHCP Snooping is enabled on VLANs vlan10 vlan15 vlan16 vlan17 vlan18 Verify MAC address is Enabled Information option not allowed Interface Trusted eth3 1 no eth3 8 no eth3 9 y...

Page 802: ...DRESS Optional Display the binding entry based on IP address MAC ADDRESS Optional Display the binding entry based on MAC address vlan VLAN ID Optional Display the binding entry based on VLAN interface INTERFACE ID Optional Display the binding entry based on port ID Optional Specifies a series of interfaces or separates a range of interfaces from a previous range No space before and after the comma...

Page 803: ...AC 00 01 02 00 00 05 Switch show ip dhcp snooping binding 10 1 1 1 Mac Address IP Address Lease seconds Type VLAN Interface 00 01 02 03 04 05 10 1 1 1 1500 dhcp snooping 100 eth3 5 Total Entry 1 Switch Switch show ip dhcp snooping binding 10 1 1 11 00 01 02 00 00 05 Mac Address IP Address Lease seconds Type VLAN Interface 00 01 02 00 00 05 10 1 1 1 1495 dhcp snooping 100 eth3 5 Total Entry 1 Switc...

Page 804: ...ss Lease seconds Type VLAN Interface 00 01 02 03 04 05 10 1 1 1 1500 dhcp snooping 100 eth3 5 Total Entry 1 Switch Switch show ip dhcp snooping binding vlan 100 Mac Address IP Address Lease seconds Type VLAN Interface 00 01 02 03 04 05 10 1 1 10 1500 dhcp snooping 100 eth3 5 00 01 02 00 00 05 10 1 1 11 1495 dhcp snooping 100 eth3 5 Total Entries 2 Switch Switch show ip dhcp snooping binding interf...

Page 805: ...Syntax None Default Not applicable Command Mode EXEC mode or any configuration mode Usage Guideline User can use this command to display DHCP snooping database statistics Example This example shows how to display DHCP snooping database statistics Switch show ip dhcp snooping database Successful Transfer 0 Failed Transfer 0 Binding Collisions 0 Expired lease 0 Invalid interfaces 0 Parse failures 0 ...

Page 806: ...d displays brief instance information of all created ERP instances in an ERPS domain on a device Example The following example displays instance information of all created ERPS domains when ERPS is globally disabled The following example displays instance information of all created ERPS domains Syntax Description DOMAIN NAME Specifies the name of ERPS domain with a maximum of 32 characters Only al...

Page 807: ...dle East Blocked West Forwarding campus1 2 Sub Protection East Virtual Channel West Forwarding campus2 3 Major Disabled East West Total ERPS domains 2 Total ERP instances 3 Switch Switch show erps domain campus1 Domain ERPI Type Status Port State ID campus1 1 Major Idle East Blocked West Forwarding campus1 2 Sub Protection East Virtual Channel West Forwarding Total ERP instances in domain campus1 ...

Page 808: ...eter INSTANCE ID and it will also display sub ring information for the sub ERP instance For the enabled ERP instance it will display operational value of parameters but if the operational and configured values of parameters are different it will display both values And for disabled ERP instance it will only display configured values of parameters Example The following example displays detailed inf...

Page 809: ...RP instance 1 Domain name campus1 Instance type Major Instance state Enabled Instance status Idle R APS controlled VLAN 2 Ring MEL 1 East ring port eth3 1 East ring port state Blocked West ring port eth3 2 West ring port state Forwarding RPL owner port East Service protected VLANs 10 20 Guard timer 500 milliseconds Hold Off timer 0 milliseconds WTR timer 5 minutes Switch ...

Page 810: ...S controlled VLAN 3 Ring MEL 1 East ring port eth3 2 Shared East ring port state West ring port eth3 3 West ring port state RPL owner port Not configured Service protected VLANs 15 25 Guard Timer 500 milliseconds Hold Off Timer 0 milliseconds WTR Timer 5 minutes R APS controlled virtual channel State Enabled R APS controlled virtual channel VLAN 3 Topology change propagation state Enabled Switch ...

Page 811: ...tings Syntax Description oui Optional Display OUI information of voice VLAN interface Optional Display voice VLAN port information INTERFACE ID Optional Specify the port to display Optional Specifies a series of ports or separates a range of ports from a previous range No space before or after the comma Optional Specifies a range of ports No space before or after the hyphen lldp med Optional Displ...

Page 812: ...f ff 00 00 00 Avaya 00 0f e2 00 00 00 ff ff ff 00 00 00 Huawei 3COM 00 60 b9 00 00 00 ff ff ff 00 00 00 NEC Philips 00 d0 1e 00 00 00 ff ff ff 00 00 00 Pingtel 00 e0 75 00 00 00 ff ff ff 00 00 00 Veritel 00 e0 bb 00 00 00 ff ff ff 00 00 00 3COM 01 02 03 04 05 06 ff ff ff ff ff ff UserDefined Total Entries 9 Switch Switch show vlan voice vlan interface eth3 1 3 5 Interface Status Mode eth3 1 Enable...

Page 813: ... eth3 1 00 03 6b 00 00 02 eth3 1 00 03 6b 00 00 05 eth3 2 00 03 6b 00 00 09 eth3 2 00 03 6b 00 00 0a Total Entries 5 Switch Switch show vlan voice vlan lldp med device Interface eth3 1 Chassis ID Subtype MAC Address Chassis ID 00 E0 BB 00 00 11 Port ID Subtype Network Address Port ID 10 10 1 1 Create Time 10 09 05 2011 05 20 Remain Time 120 Seconds Interface eth3 5 Chassis ID Subtype MAC Address C...

Page 814: ...olicy Syntax Not applicable Default Not applicable Command Mode EXEC mode Usage Guideline The user can use the command to display the policy based routing configured on interfaces Example The following is sample output from the show ip policy command Switch show ip policy Interface Route map vlan1 pbr map1 Vlan2 pbr map2 Vlan100 pbr map3 Switch ...

Page 815: ...in the system are displayed Example This example shows how to display the statistics of packets that have been processed by DAI for VLAN 10 Syntax Description interfaces PORT Specifies a port a range of ports or all ports to configure Optional Specifies a series of interfaces or separates a range of interfaces from a previous range No spaces before of after the comma Optional Specifies a range of ...

Page 816: ...nspection statistics VLAN Forwarded Dropped DHCP Drops 1 0 0 0 2 0 0 0 10 21546 145261 145261 100 0 0 0 200 0 0 0 1024 0 0 0 VLAN DHCP Permits Source MAC Failures 1 0 0 2 0 0 10 21546 0 100 0 0 200 0 0 1024 0 0 VLAN Dest MAC Failures IP Validation Failures 1 0 0 2 0 0 10 0 0 100 0 0 200 0 0 1024 0 0 Switch Switch show ip arp inspection Source MAC Validation Disabled Destination Mac Validation Disa...

Page 817: ... to display the trust state of interfaces on the switch Switch show ip arp inspection interfaces eth3 3 Interface Trust State eth3 3 untrusted Switch Switch show ip arp inspection interfaces Interface Trust State eth3 1 untrusted eth3 2 untrusted eth3 3 untrusted eth3 5 Trusted eth3 6 untrusted eth3 7 untrusted eth3 8 untrusted Total Entries 7 Switch ...

Page 818: ...ADDRESS Optional Display the IP source guard binding entry based in IP address MAC ADDRESS Optional Display the IP source guard binding entry based on MAC address dhcp snooping Optional Display IP source guard binding entry learned by DHSCP binding snooping static Optional Display IP source guard binding entry that is manually configured vlan VLAN ID optional Display IP source guard binding entry ...

Page 819: ...ing by DHCP snooping Switch show ip source binding 10 1 1 11 MAC Address IP Address Lease sec Type VLAN Interface 00 01 01 01 01 01 10 1 1 11 infinite static 100 eth3 3 Total Entry 1 Switch Switch show ip source binding 10 1 1 11 00 01 01 01 01 10 dhcp snooping vlan 100 interface eth3 3 MAC Address IP Address Lease sec Type VLAN Interface 00 01 01 01 01 10 10 1 1 11 3564 dhcp snooping 100 eth3 3 T...

Page 820: ...C binds 10 1 1 10 MAC address 00 01 01 01 01 01 on VLAN 100 and 10 1 1 11 MAC address 00 01 01 01 01 10 on VLAN 101 Syntax Description INTERFACE ID Specifies a port or a range of ports to configure Optional Specify a series of interfaces or separates a range of interfaces from a previous range No spaces before or after the comma Optional Specify a range of interfaces No spaces before or after the ...

Page 821: ...CP server screening Example The following example shows the configuration which enables functions on port range from eth4 1 to eth4 23 and adds a binding composed of server IP 10 1 1 1 and client MAC address 00 08 01 02 03 04 on port from eth4 1 to 4 23 switch show ip dhcp screening Enable ports eth4 1 4 23 Filter DHCP Server Trap_Log State Disabled Illegal Server Log Suppress Duration 1 minutes F...

Page 822: ...y all types of sFlow objects information The flow samples and counter samples of eth3 1 are sent to 10 1 1 2 The flow samples and counter samples of eth3 2 are sent to both 10 1 1 2 and 10 1 1 3 Syntax Description agent Optional Display the sFlow agent information receiver Optional Display the information of all receivers sampler Optional Display the information of all samplers poller Optional Dis...

Page 823: ...untdown Time 0 Max Datagram Size 1400 Address 0 0 0 0 Port 6343 Datagram Version 5 Index 4 Owner NULL Current Countdown Time 0 Max Datagram Size 1400 Address 0 0 0 0 Port 6343 Datagram Version 5 Samplers Information Interface Instance Receiver Sampling Rate Max Header Size eth3 1 1 1 256 128 eth3 2 1 1 256 128 eth3 2 2 2 512 256 Pollers Information Interface Instance Receiver Interval eth3 1 1 1 1...

Page 824: ...e show lldp command show lldp Syntax This command has no arguments or keywords Default Not applicable Command Mode EXEC mode or any configuration mode Usage Guideline This command is used to show LLDP system global configurations Example This example shows how to display the LLDP system global configuration status ...

Page 825: ...LDP MED System Information Device Class Network Connectivity Device Hardware Revision 0A Firmware Revision XXXXXXXXXX Software Revision XXXXXXXXXX Serial Number 123456789 123456789 123456789 01 Manufacturer Name D Link Corporation Model Name DGS 6604 Asset ID XXXXXXXXXX PoE Device Type PSE Device PoE PSE Power Source Primary LLDP Configuration LLDP State Disabled Message Tx Interval 30 Message Tx ...

Page 826: ... command displays the LLDP each physical interface configuration for advertisement options Examples The following is sample output from the show lldp interface command To display a specific physical interface configuration Syntax Description INTERFACE ID Displays LLDP configuration for a specific interface Valid interfaces are physical Optional Specifies a series of physical interfaces No spaces a...

Page 827: ...ress 3ffe 501 ffff 100 a01 2ff fe39 1 FE80 250 A2FF FEBF A056 IEEE 802 1 Organizationally Specific TLVs Port VLAN ID Disabled Enabled Port and Protocol VLAN ID 6 7 Enabled VLAN Name 1 5 8 10 Enabled Protocol Identity EAPOL GVRP IEEE 802 3 Organizationally Specific TLVs MAC PHY Configuration Status Disabled Power Via MDI Disabled Link Aggregation Disabled Maximum Frame Size Disabled LLDP MED Organi...

Page 828: ... g System Name use the command show lldp to get them Example The following is sample output from the show lldp local interface command to display outbound LLDP advertisements for eth4 4 in detailed mode Syntax Description INTERFACE ID Displays the current available information advertised for LLDP specific interfaces Valid interfaces must be physical optional Specify a series of interfaces or separ...

Page 829: ...ent Address Count 2 Subtype IPv4 Address 10 1 1 1 IF Type IfIndex OID 1 3 6 1 4 1 171 10 36 1 11 Subtype IPv6 Address FE80 250 A2FF FEBF A056 IF Type IfIndex OID 1 3 6 1 4 1 171 10 36 1 11 PPVID Entries Count 2 Entry 1 Port and Protocol VLAN ID 4 PPVID Supported Supported PPVID Enable Enabled Entry 2 Port and Protocol VLAN ID 5 PPVID Supported Supported PPVID Enable Enabled VLAN Name Entries Count...

Page 830: ...tion Operational MAU Type 0000 hex Power Via MDI Port Class PES PSE MDI Power Support Supported PSE MDI Power State Enable PSE Pairs Control Ability Uncontrollable PSE Power Pair 0 Power Class 2 Link Aggregation Supported Aggregation Capability Aggregated Aggregation Status Not Currently in Aggregation Aggregation Port ID 0 Maximum Frame Size 1536 LLDP MED Capabilities Support Capabilities Support...

Page 831: ...ents for eth3 1 in brief mode Inventory Support Network Policy Application type Voice VLAN ID 100 Priority 7 DSCP 0 Unknown False Tagged True Extended Power Via MDI TLV Power priority High Power value 30 Watts Switch Switch show local interface eth3 1 brief Port ID eth3 1 Port ID Subtype MAC Address Port ID 06 48 D0 11 00 17 Port Description RMON Port 1 on Unit 1 Switch ...

Page 832: ... 17 00 03 Port Description RMON Port 1 on Unit 3 Port VLAN ID 1 Management Address Count 2 PPVID Entries Count 3 VLAN Name Entries Count 3 Protocol Identity Entries Count 2 MAC PHY Configuration Status See Detail Link Aggregation See Detail Maximum Frame Sixe 1000 LLDP MED capabilities See Detail Extended Poer via MDI See Detail Network policy See Detail Switch ...

Page 833: ...ess es will be displayed Example The following is sample output from the show lldp management address command to display the LLDP management address information for 192 168 254 10 This example shows how to display all management address information Syntax Description IP ADDRESS Optional Display the LLDP management for specific IPv4 addresses IPV6 ADDRESS Optional Display the LLDP management inform...

Page 834: ... 10 118 3 Advertising Ports eth3 1 3 3 Address 2 Subtype IPv4 Address 10 90 90 90 IF Type IfIndex OID 1 3 6 1 4 1 171 10 118 3 Advertising Ports eth3 4 Address 3 Subtype IPv4 Address 172 18 1 1 IF Type IfIndex OID 1 3 6 1 4 1 171 10 118 3 Advertising Ports Address 4 default Subtype IPv6 Address IF Type IfIndex OID 1 3 6 1 4 1 171 10 118 3 Advertising Ports eth3 6 Total Entries 4 Switch ...

Page 835: ...e This command display the information learned from the neighbor devices Syntax Description INTERFACE ID Valid interfaces must be physical Optional Specifies a series of interfaces or separate a range of interfaces from previous ranges No spaces before or after the comma are permitted Optional Specifies a range of interfaces No spaces are permitted before or after the hyphen brief Optional Display...

Page 836: ... 1 Chassis ID Subtype MAC Address Chassis ID 00 01 02 03 04 05 Port ID Subtype Local Port ID 1 5 Port Description RMON Port System Name Switch1 System Description Stackable Ethernet Switch System Capabilities Supported Repeater Bridge System Capabilities Enabled Repeater Bridge Management Address Count 0 None Port VLAN ID 0 PPVID Entries Count 0 None VLAN Name Entries Count 0 None Protocol ID Entr...

Page 837: ...Not Support Extended power via MDI Support Inventory Support LLDP MED capabilities enabled LLDP MED capabilities Enabled Network Policy Enabled Location identification Enabled Extended power via MDI Enabled Inventory Enabled Extended power via MDI Power device type PD device Power source from PSE Power request 8 watts Network policy Application type Voice VLAN ID Priority DSCP Unknown True Tagged ...

Page 838: ...em Description Stackable Ethernet Switch System Capabilities Supported Repeater Bridge System Capabilities Enabled Repeater Bridge Management Address Count 1 Port VLAN ID 1 PPVID Entries Count 5 VLAN Name Entries Count 3 Protocol ID Entries Count 2 MAC PHY Configuration Status See Detail Power Via MDI See Detail Link Aggregation See Detail Maximum Frame Size 1536 LLDP MED capabilities See Detail N...

Page 839: ...nit 2 System Name Switch2 System Description Stackable Ethernet Switch System Capabilities Supported Repeater Bridge System Capabilities Enabled Repeater Bridge Management Address Count 2 Port VLAN ID 1 PPVID Entries Count 5 VLAN Name Entries Count 3 Protocol Id Entries Count 2 MAC PHY Configuration Status See Detail Power Via MDI See Detail Link Aggregation See Detail Maximum Frame Size 1536 LLDP...

Page 840: ...3 04 02 Port ID Subtype Local Port ID eth1 4 Port Description RMON Port 1 on Unit 4 Port ID eth3 2 Remote Entities Count 3 Entity 1 Chassis ID Subtype MAC Address Chassis ID 00 01 02 03 04 03 Port ID Subtype Local Port ID eth2 1 Port Description RMON Port 2 on Unit 1 Entity 2 Chassis ID Subtype MAC Address Chassis ID 00 01 02 03 04 04 Port ID Subtype Local Port ID eth2 2 Port Description RMON Port...

Page 841: ...tatistics command show lldp statistics Syntax This command has no arguments or keywords Default Not applicable Command Mode EXEC mode or any configuration mode Usage Guideline EXEC mode or any configuration mode Example To display global statistics information Switch show lldp statistics Last Change Time 0DT0H2M24S Total Inserts 1 Total Deletes 0 Total Drops 0 Total Ageouts 0 Interface PoE interfa...

Page 842: ... command displays each physical interface LLDP statistics Example To display statistics information of eth3 1 Syntax Description INTERFACE ID Valid interfaces must be physical Optional Specifies a series of interfaces or separates a range of interfaces from a previous range No spaces are permitted before of after the comma Optional Specifies a range of interfaces no spaces are permitted before or ...

Page 843: ...and the format of the list will be 2 4 If you just want to check some units specifically like unit 3 and unit 4 which is not continuously arranged and the comma sign can be used Example This example shows how to display PoE power system s power information Syntax Description Unit UNIT ID Optional Specifies the unit to be displayed If no specified unit all supported PoE units are displayed The valu...

Page 844: ...stem service policy preemptive unit priority allocated W consumed W remaining W 2 1st 750 740 3 2nd 630 115 4 3rd 120 14 Total 1500 869 900 Switch show poe power system unit 2 4 parameters unit max ports device ID SW version EEPROM status config status 2 48 E101 4 0 1 2 0 update done 1 dirty 3 48 E101 4 0 1 2 0 update done 0 saved 4 48 E101 4 0 1 2 1 process update 0 saved Switch show poe power sy...

Page 845: ...ill be shown As list of an INTERFACE ID list is specified and not all of ports in the list are PoE capable only the PoE capable interfaces are displayed If there is a non PoE capable port listed in the INTERFACE ID a warning message will be displayed to indicate this situation Example This is an example of output from the show poe power inline status command Syntax Description INTERFACE ID Optiona...

Page 846: ... mW Used W Time Range 3 1 1st on delivering auto class 1 4000 3 5 3 2 1st on delivering auto class 2 7000 6 7 rdtime 4 1 1st on delivering static class 3 15400 15 0 4 2 1st on delivering auto class 3 15400 12 4 4 3 2nd off searching never class 0 15400 0 daytime 4 4 2nd off searching static class 0 11000 0 switch show poe power inline statistic Interface MPS Absent Overload Short Power Denied Inva...

Page 847: ...I Reference Guide 837 switch show poe power inline measurement Interface Voltage V Current mA Temp C Power W 3 1 54 2 109 2 35 5 9 3 2 55 196 1 38 10 8 4 1 54 6 197 7 32 10 7 4 2 54 8 286 2 36 15 7 4 3 n a n a n a n a 4 4 n a n a n a n a ...

Page 848: ...rt you should use ssh command under management interface mode by entering mgmt if command first Example The following example shows how to ssh to the ip address 20 74 19 200 with default port 22 optional port parameter is provided The ip address of 20 74 19 200 is management interface which allows user to long in Syntax Description c 3des aes128 cbc aes256 cbc Optional Specifies the crypto algorit...

Page 849: ...admin 20 74 19 200 admin 20 74 19 200 s password Chassis based High Speed Switch Command Line Interface Firmware 2 10 001 Copyright c 2007 D Link Corporation All rights reserved Switch Switch ssh c aes128 cbc m hmac sha1 96 l admin 20 74 19 200 admin 20 74 19 200 s password Chassis based High Speed Switch Command Line Interface Firmware 2 10 001 Copyright c 2007 D Link Corporation All rights reser...

Page 850: ...le disable the voice VLAN function on ports The command is available for physical port and port channel interface configuration Example This example shows how to enable voice VLAN function on physical port eth3 1 You can verify your settings by entering show vlan voice vlan interface command Syntax Description enable Enable the voice VLAN function on ports disable Disable the voice VLAN function o...

Page 851: ...nfiguration Usage Guideline The remote SNMP manager sends SNMP requests to agents and receives SNMP responses and notifications from agents When the SNMP agent is enabled the remote SNMP manager can query SNMP agents and send SNMP traps Examples This example shows how to enable the SNMP server This example shows how to disable the SNMP server Verify the settings by entering the show snmp server co...

Page 852: ...nt to CommunityView a default view than a new view will be created The other command that the user can use to create a community string is the snmp server user command A community string is unable to be deleted if it has been associated with an snmp server host Examples This example shows how to set the read write community string to comaccess in the mib2 view Syntax Description COMMUNITY STRING D...

Page 853: ...nmp server community CLI Reference Guide 843 This example shows how to remove the community comaccess Verify the settings by entering the show snmp community command Switch config no snmp server community comaccess ...

Page 854: ... Usage Guideline Configures the system s snmp contact information on the switch Example This example shows how to set the system s snmp contact information as the string MIS Department II Verify the settings by entering the show snmp server command Syntax Description contact TEXT String that describes the system contact information The maximum length is 255 characters please refer to RFC1213 for t...

Page 855: ...r host traps command To configure the router to send these SNMP notifications enter at least one snmp server enable traps command When entering the command with no keywords all notification types are enabled When entering the command with a keyword only the notification type related to that keyword is enabled see snmp server enable traps snmp on page 846 To enable multiple types of notifications i...

Page 856: ...nding of SNMP authentication failure notifications An authenticationFailure 4 trap signifies that the sending device is the addressee of a protocol message that is not properly authenticated The authentication method depends on the version of SNMP being used For SNMPv1 or SNMPv2c authentication failure occurs for packets with an incorrect community string For SNMPv3 authentication failure occurs f...

Page 857: ...st 10 9 18 100 using the community string defined as public The following example shows the enabling all SNMP trap types then the disabling of only the linkUp and linkDown trap This example shows how to enable the SNMP authentication traps Verify the settings by entering the show snmp server traps command Switch config snmp server enable traps snmp Switch config snmp server host 10 9 18 100 Switch...

Page 858: ...specify a manually configured ID note that it is not necessary to specify the entire 24 character engine ID if the ID specified contains trailing zeros Specify only the portion of the Engine ID up until the point where only zeros remain in the value For example to configure an engine ID of 123456789A00000000000000 specify an snmp server engineID local as 123456789A For a single SNMP engine system ...

Page 859: ...characters The syntax is a general string that does not allow space v1 Specifies that SNMPv1 the least secure of the possible SNMP security models should be used for the group v2c Specifies that SNMPv2c should be used for the group v3 Specifies that SNMPv3 should be used for the group SMNPv3 is the most secure of the supported security models as it allow explicit configuration of the authenticatio...

Page 860: ... binding objects that are associated with the notification packet If the trap manager does not own the notification view to the binding objects then the notification will not be sent to a trap manager Examples This example shows how to create the SNMP server group public with SNMP v3 This example shows how to remove the SNMP server group public from the configuration This example shows how to set ...

Page 861: ...ntax Description IP ADDRESS Name IPv4 or IPv6 address of the SNMP notification host version Optional Version of the SNMP used to send the traps The default is 1 If you use the version keyword one of the following keywords must be specified 1 SNMPv1 This option is not available with informs 2c SNMPv2C 3 SNMPv3 The most secure model because it allows packet encryption with the priv keyword One of th...

Page 862: ... an error message displayed if user inputs a user name as WORD option To create an SNMP host the community string for user must be created first An error message will be generated to indicate if it is not created If the host version is different from the group version defined for the host from the access control list option in the command snmp server group it will fail because the version is not m...

Page 863: ... Mode Global configuration Usage Guideline Configure the system location information on the switch Example This example shows how to set up the system location information with string HQ 15F Verify the settings by entering the show snmp server command Syntax Description location TEXT A string that describes the system location information The maximum length is 255 characters please refer to RFC121...

Page 864: ...he encrypted and or auth keywords encrypted Optional Specifies whether the password appears in encrypted format a series of digits masking the true characters of the string auth Optional Specifies which authentication level should be used md5 The HMAC MD5 96 authentication level sha The HMAC SHA 96 authentication level AUTH PASSWORD The password used for authentication For plain text form the pass...

Page 865: ... for a password is one character although it is recommended to use at least eight characters for security If a password is forgotten it cannot be recovered and it and will need to manually reconfigured Either a plain text password or a localized message digest 5 MD5 digest can be specified When using a localized MD5 or SHA digest the string can be specified instead of the plain text password The d...

Page 866: ... at privilege level 15 Usage Guideline Use this command to create a view for the MIB object trees The view needs to be specified when the snmp server group command is used to define a user group Syntax Description VIEW NAME Label for the view record that being updating or created The name is used to reference the record The valid length for VIEW NAME is 1 to 32 characters The syntax is a general s...

Page 867: ...e shows how to set the access rights for a group called guestgroup to SNMPv3 authentication read mode Verify the settings by entering the show snmp view command Switch config snmp server view interfacesMibView 1 3 6 1 2 1 2 included Switch config Switch config snmp server group guestgroup v3 auth read interfacesMibView Switch config ...

Page 868: ...e but it does not provide the complex filtering and statistical mechanisms of NTP In addition SNTP does not authenticate traffic although it can be configured with extended access lists to provide some protection Enter this command once for each NTP server The switch must be configured with this global configuration command in order to enable SNTP Create multiple SNTP servers by entering this comm...

Page 869: ...ne Default Disable Command Mode Global configuration Usage Guideline When the no spanning tree command is used globally to disable STP an STP BPDU will be treated as a normal multicast packet and it will be flooded to the other VLAN member ports Example This example shows how to enable STP and MSTP mode as the default mode Verify the settings by entering the show spanning tree command Switch confi...

Page 870: ...y port state calculation If the global spanning tree state is disabled no matter STP is disabled enabled at the interface then STP BPDU is treated as a normal multicast packet and will be flooded to the other VLAN member ports If the global spanning tree state is enabled then the STP state at the interface must be enabled then the interface can participate in the STP calculation Both physical port...

Page 871: ...satisfied This configuration will take effect on STP version and RSTP version only In MSTP mode Use the command spanning tree mst timers to configure the MSTP timers Example This example shows how to configure the STP timers Verify the settings by entering the show spanning tree command Syntax Description hello time SECONDS Specifies the time interval to send one BPDU at the Designated Port The ra...

Page 872: ...his command In RSTP STP Compatible mode the administrative path cost is used by the single spanning tree when accumulating the path cost to reach the Root In MSTP mode the administrative path cost is used by the CIST regional root when accumulating the path cost to reach the CIST root Example This example shows how to configure the port cost to 20000 for eth3 7 Verify the settings by entering the ...

Page 873: ...stations otherwise an accidental topology loop could cause a data packet loop and disrupt the switch and network operations During linkup when an interface with fast forwarding mode enabled is moved directly to the spanning tree forwarding state then it is not necessary to wait for the standard forward time delay This command has two states spanning tree fast forwarding This command enables fast f...

Page 874: ...ical port and port channel interfaces Usage Guideline This feature is used in a service provider environment where the network administrator needs to prevent a low speed port becoming a root port for the local bridge networks This configuration will take effect on all the spanning tree versions Example This example shows how to configure eth3 1 to prevent if from becoming a root port Verify the se...

Page 875: ...ve a point to point connection whereas conversely a half duplex port is considered to have a shared connection The port cannot transit into forwarding state rapidly by setting the link type to shared media Hence auto determination of the link type by the STP module is recommended This configuration will take effect on all the spanning tree modes Example This example shows how to configure the link...

Page 876: ...will restart again therefore all of the stable spanning tree port states will transit into discarding states Caution Be careful when using the spanning tree mode command to switch between STP RSTP and MSTP modes When entering the command all spanning tree instances are stopped for the previous mode and are restarted in the new mode Using this command may cause disruption of the user traffic Exampl...

Page 877: ... higher costs When entering the cost do not include a comma in the entry for example enter 1000 not 1 000 Smaller port priority PRIORITY values indicate higher priorities Examples This example shows how to set the interface path cost This example shows how to set the interface port priority Syntax Description INSTANCE ID MSTP instance identifier valid values are from 0 to 63 the number of supporte...

Page 878: ... 2 Bridge_Forward_Delay 1 0 seconds Bridge_Max_Age Bridge_Max_Age 2 Bridge_Hello_Time 1 0 seconds Example This example shows how to configure bridge timers for MSTP version Syntax Description forward time SECONDS The maximum delay time in seconds for one BPDU to be transmitted by a bridge and received from another bridge The range is 4 to 30 seconds max age SECONDS Used to determine if a BPDU is v...

Page 879: ... The MST configuration consists of three main parameters Instance VLAN mapping See the instance command Region name See the name MST configuration submode command Configuration revision number See the revision command The exit command is used to leave MST configuration submode Changing an MST configuration submode parameter can cause connectivity loss To reduce service disruptions when entering th...

Page 880: ...uideline The MSTP hello time is only referenced in MSTP mode Both physical ports and port channel interfaces are valid for this command Example This example shows how to configure the port hello time to 1 for port 2 1 Verify the settings by entering the show spanning tree mst interface command Syntax Description SECONDS Used to determine the time interval to send one BPDU at the designated Port Th...

Page 881: ...on as the spanning tree priority on page 873 within the STP command set but it can specify different priorities for each distinct MSTP instance Example This example shows how to configure bridge priority for the MSTP instance 2 Verify the settings by entering the show spanning tree mst command Syntax Description INSTANCE ID Specifies the MSTP instance identifier Valid values are from 0 to 63 The n...

Page 882: ...t will be used in the computation of the port s role This parameter is used only in RSTP STP Compatible mode only The port priority value must be divisible by 16 and a lower priority value number represents a higher priority Both of the physical port or port channel interfaces are valid interfaces for configuration An error message will be returned if the priority is not a valid value Example This...

Page 883: ... The bridge priority value must be divisible by 4096 and a lower priority value number represents a higher priority This configuration will take effect only when using STP version and RSTP mode In MSTP mode use the command spanning tree mst priority on page 871 to configure the priority for an MSTP instance Example This example shows how to configure the STP bridge priority to 4096 Verify the sett...

Page 884: ...e Interface configuration Usage Guideline Both physical ports and port channel interfaces are valid for this command TCN filtering can be set to enabled or disabled If set to enabled it stops the port from propagating received topology change notifications and topology changes to other ports This configuration takes effect on any spanning tree mode types Example This example shows how to configure...

Page 885: ... if the counter reaches the transmit hold count This parameter will be is used in common by STP RSTP and MSTP Changing this parameter to a higher value may have a significant impact on CPU utilization especially in MSTP mode Lowering this parameter could slow convergence in some scenarios We recommend that to not change the value from the default setting Example This example shows how to configure...

Page 886: ... all possible speeds If speed is to set to a fixed speed and Syntax Description 10 Specifies to set the port speed to transmit at 10 Mbps 100 Specifies to set the port speed to transmit at 100 Mbps 1000 master slave Specifies to set the port speed to transmit at 1000 Mbps copper port If the speed is set to 1000 Mbps then the port must be manually set as either a master or a slave port fiber port 1...

Page 887: ...s necessary Although a command was provided to disable auto negotiation for 1000Base T setting it to enable is recommended to prevent an unexpected link status For combo port interfaces the user must assign the medium type for the configuration Example This example shows how to configure interface eth3 24 to force the settings to a speed of 100Mbits and auto negotiate to the duplex mode This examp...

Page 888: ... control if the storm control action is to drop then packets exceeding the level will be dropped If the storm control action is set to shutdown then the interface will be shutdown whenever the packets exceed the threshold Examples This example shows how to enable Broadcast storm control on interface eth3 1 This example shows how to disable Broadcast storm control on interface eth3 1 Verify the set...

Page 889: ... The Shutdown action is only available for broadcast and multicast storm control For unicast storm control the software level is unable to identify unknown unicast DLF storm events due to the hardware chip being unable support this function Therefore if unknown unicast packets exceed the set level they will always be dropped Examples This example shows how to configure Broadcast storm control acti...

Page 890: ...rol action on interface eth3 1 Verify the settings by entering the show storm control interface command Switch configure terminal Switch config interface eth3 1 Switch config if storm control broadcast action shutdown Switch config if storm control broadcast level pps 900 Switch config if show storm control interface broadcast Interface Storm Action Type Threshold eth3 1 Broadcast shutdown pps 900...

Page 891: ...is 1512 bytes Examples This example shows how to configure Broadcast storm control LEVEL by pps mode It assigns the pps threshold level of interface eth3 1 for incoming broadcast packets to 500 and drops the packets that exceed the threshold Syntax Description Broadcast Set Broadcast rate limiting Multicast Set Multicast rate limiting Unicast Set Unicast DLF rate limiting level LEVEL Specifies the...

Page 892: ... control level on interface eth3 1 Verify the settings by entering the show storm control interface command Switch configure terminal Switch config interface eth3 1 Switch config if storm control broadcast level 90 Switch config if show storm control interface broadcast Interface Storm Action Type Threshold eth3 1 Broadcast Drop percentage 90 Switch configure terminal Switch config interface eth3 ...

Page 893: ... mode if the receiving rate is higher than the falling threshold 80 of the threshold and lower than the threshold the port will exit the shutdown mode after a period of time and the timer will then be half of the countdown timer Furthermore if the receiving rate is lower than the falling threshold the port will be recovered immediately If the auto_recover_time value is non zero the port will be au...

Page 894: ... count of 180 seconds then the port will be changed to shutdown forever mode This example shows how to configure the auto recovery timer When a port is in shutdown forever mode it will be automatically recovered to normal operation after 300 seconds Verify the settings by entering the show storm control command Switch configure terminal Switch config storm control time interval 15 Switch config Sw...

Page 895: ...d on a port its source IP address will be used to match the subnet VLAN entries If the source IP matches the subnet of an entry the packet will be classified to the VLAN of this entry The number of subnet based VLAN entries is project dependent Example This example shows how to create a subnet based VLAN entry Verify the settings by entering the show vlan command Syntax Description NETWORK PREFIX ...

Page 896: ...erver is uses to assign to DHCP clients It is valid for the associated DHCP address pools only Examples The following is an example of configuring 255 0 0 0 as the DHCP pool s subnet mask Syntax Description MASK The bit combination of the addresses in the DHCP address pool determines which part of the address refers to the network or subnet and which part refers to the host It is in the format of ...

Page 897: ...xist for the command to succeed When the mode is permanent the learned entries will be stored automatically and restored after a reboot Syntax Description maximum VALUE Optional Specifies the maximum allowable number of secure MAC addresses users The range for the VALUE is project dependent violation protect shutdown Optional Specifies the action to be taken when a security violation is detected p...

Page 898: ...trictions The port security function cannot be enabled simultaneously with dot1x which provides more advanced secure capability A port which is in private vlan mode can not enable port security If a port is specified as the destination port for the mirroring feature then the port security function can not be enabled If a port is the member port of a channel group then it cannot be enabled with the...

Page 899: ... This example shows how to set the action to be taken when a security violation is detected Verify the settings by entering the show port security command Switch configure terminal Switch config interface eth3 1 Switch config if switchport port security mode permanent Switch config if switchport port security maximum 5 Switch config if range end Switch configure terminal Switch config interface et...

Page 900: ...eaker does not advertise a route to an external neighbor unless that route is local or exists in the IGP By default synchronization between BGP and an IGP is disabled to allow the switch to advertise a network route without waiting for route validation from the IGP This feature allows routers and access servers within an autonomous system to have the route before BGP makes it available to other au...

Page 901: ... Usage Guideline Configure the system name information on the switch Example This example shows how to set up the system name information with the string DES xxxxs Stackable switch Verify the settings by entering the show snmp server command Syntax Description TEXT Specifies the string that describes the system name information The maximum length is 255 characters The syntax is a general string th...

Page 902: ...eneric terminal control functions to operating system specific functions To issue a special Telnet command enter the escape sequence and then a command character The default escape sequence is Ctrl _ press and hold the Ctrl and Shift keys and the _ key the underscore The special Telnet commands will be displayed as follows Supported commands are e terminate the current Telnet session If any other ...

Page 903: ...he management interface and logs in successfully Switch telnet 20 74 19 200 Connecting to 20 74 19 200 Connected to 20 74 19 200 Escape character is Ctrl _ Telnet connecting Chassis based High Speed Switch Command Line Interface Firmware 2 10 001 Copyright c 2010 D Link Corporation All rights reserved Switch Switch telnet 20 74 19 200 Connecting to 20 74 19 200 Could not open connection to the hos...

Page 904: ...tch telnet 10 74 19 2 Connecting to 10 74 19 2 Could not open connection to the host on port 23 Network is unreachable Switch Switch configure terminal Switch config mgmt if Switch mgmt if telnet 20 74 19 200 Connecting to 20 74 19 200 Connected to 20 74 19 200 Escape character is Ctrl _ Telnet connecting Chassis based High Speed Switch Command Line Interface Firmware 2 10 001 Copyright c 2010 D L...

Page 905: ...n Switch telnet 20 74 19 200 Connecting to 20 74 19 200 Connected to 20 74 19 200 Escape character is Ctrl _ Telnet connecting Chassis based High Speed Switch Command Line Interface Firmware 2 10 001 Copyright c 2010 D Link Corporation All rights reserved Switch Supported commands are e terminate the current Telnet session If other key is pressed the terminal will return to the original active Tel...

Page 906: ...onnecting Escape character is Ctrl _ Telnet connecting Chassis based High Speed Switch Command Line Interface Firmware 2 10 001 Copyright c 2010 D Link Corporation All rights reserved Switch Supported commands are e terminate the current Telnet session If other key is pressed the terminal will return to the original active Telnet session continuing Switch Switch telnet 2001 e10 5c00 2 101 253 3500...

Page 907: ...More prompt At the More prompt press Ctrl C q or Q to interrupt the output and return to the prompt press the Spacebar to display an additional screen of output or press Return to display one more line of output Setting the terminal length to 0 turns off the scrolling stop feature and causes the entire output to display at once continuously Unless the default keyword is specified changing the term...

Page 908: ...ect serial connection telnet connection or SSH connection Examples This example shows how to setup the terminal session to never timeout Verify the settings by entering the show running config command Syntax Description never Specifies that the terminal session will never timeout the default setting 2_minutes Specifies that when the session is idle over 2 minutes the terminal will auto logout 5_mi...

Page 909: ...ss such as Telnet the auto negotiation result of terminal width will take precedence over the global configuration if the negotiation is successful Otherwise the global configuration takes effect After that adjust the line and width for the current session this change will not be saved in the system configuration for the next system restart This will not affect other sessions or the global configu...

Page 910: ...Guide 900 The following example shows how to adjust the terminal session width to 120 as the system configuration setting for terminal width This setting will affect all subsequently opened terminal sessions Switch terminal width 120 default ...

Page 911: ...mmand Syntax Description update SECONDS Specifies the rate in seconds at which updates are sent This is the fundamental timing parameter of the RIP routing protocol The default is 30 seconds The range is 5 to 2147483647 signed long invalid SECONDS Specifies the Interval of time in seconds after which a route is declared invalid It should be at least three times the value of the update argument A r...

Page 912: ...he routing table The basic timing parameters for IPv6 RIP are adjustable IPv6 RIP is executing a distributed asynchronous routing algorithm therefore it is important that these timers be the same for all routers and access servers in the network Examples The following example on the next page sets updates every 5 seconds If a route is not heard from in 15 seconds the route is declared invalid Assu...

Page 913: ...DGS 6604 m timers basic CLI Reference Guide 903 Switch enable Switch configure terminal Switch config router ipv6 rip Switch config router timers basic 5 15 30 ...

Page 914: ...ession is established only if the remote peer is advertising a HOLD TIME that is equal to or greater than the minimum acceptable HOLD TIME interval If the minimum acceptable HOLD TIME interval is greater than the configured HOLD TIME the next time the remote session tries to establish it will fail and the local router will send a notification stating unacceptable hold time Example This example sho...

Page 915: ...or message will be shown as below Warning The time range can not be deleted because it is in use Examples This example shows how to enter the time range configuration mode for the time range profile named trange1 This example shows how to remove time range profile named offtime which has been associated to an IP access list Sales Verify the settings by entering the show time range command Syntax D...

Page 916: ...he maximum TTL value for outgoing ICMP datagrams The allowed range for MAX_TTL is from 1 to 255 p DEST_PORT Optionally used to specify the base UDP destination port number used in traceroute datagrams This value is incrementally altered each time a datagram is sent The allowed range for DEST_PORT is from 1 to 65535 Use this option in the unlikely event that the destination host is listening to a p...

Page 917: ...gram to the next router The second router sees a TTL value of 1 discards the datagram and returns the time exceeded message to the source This process continues until the TTL is incrementally increased to a value large enough for the datagram to reach the destination host or until the maximum TTL is reached To determine when a datagram has reached its destination traceroute sets the UDP destinatio...

Page 918: ...604 m traceroute CLI Reference Guide 908 Switch traceroute 172 50 71 123 traceroute to 172 50 71 123 172 50 71 123 30 hops max 40 byte packets 1 172 50 71 123 172 50 71 123 0 847 ms 0 344 ms 0 376 ms Switch ...

Page 919: ...ess of this router 30 hops max 40 byte packets Maximum TTL value and the size of the ICMP datagrams being sent 0 847 ms 0 344 ms 0 376 ms Total time in milliseconds for each ICMP datagram three ICMP probes per TTL for this case to reach the router or host plus the time it took for the ICMP time exceeded message to return to the host Switch traceroute 2001 238 f8a 77 7c10 41c0 6ddd ecab traceroute ...

Page 920: ...ation forward member list The traffic segmentation member list can be comprised of different interface types for example eth3 1 can be with a port channel in the same traffic segmentation list If the forwarding interfaces specified by the command include a port channel all the member ports of this port channel will be the forwarding interface in operation If the specified port of the traffic segme...

Page 921: ...example shows how to configure traffic segmentation It restricts the flooding domain of eth3 1 to a set of ports which are eth4 1 4 6 This example shows how to remove some ports eth4 2 4 3 from the forwarding port list Verify the settings by entering the show traffic segmentation command Switch configure terminal Switch config interface eth3 1 Switch config if traffic segmentation forward interfac...

Page 922: ...e VLANs If the VLAN does not exist an error message will return to indicate it When this command is applied the port will change to trunk mode If the mode is changed the setting for the previous mode will disappear When using the no trunk allowed vlan command without specifying a VLAN ID then the port will have its tagging memberships removed from all VLANs Example This example shows how to set an...

Page 923: ...rface Tunnel interfaces are valid for this command Only manually configured tunnels need to set the tunnel destination Examples This example shows how to add the destination IPv4 address for the tunnel interface 2 This example shows how to remove the destination IPv4 address for the tunnel interface 2 Verify the settings by entering the show interface command Syntax Description IPv4 ADDRESS Specif...

Page 924: ...d in the IPv6 address is used to locate the far end of the automatic tunnel The IPv4 address of the border router is extracted from the IPv6 address that as an example starts with the prefix 2002 16 where the format is 2002 IPv4 address 48 The ISATAP tunnel uses a unicast address that includes a 64 bit IPv6 prefix and a 64 bit interface identifier The IPv4 address is encoded in the last 32 bits of...

Page 925: ...o configure the source IPv4 address for a tunnel interface Tunnel interfaces are valid for this command Examples This example shows how to add the source IPv4 address for the tunnel interface 2 This example shows how to remove the source IPv4 address for the tunnel interface 2 Verify the settings by entering the show interface command Syntax Description IPv4 ADDRESS IPv4 address Switch config inte...

Page 926: ...er the Privileged EXEC mode The Privileged EXEC mode can be either level 12 or 15 The user can specify the password in encrypted form or in plain text form If it is in plain text form but password encryption is enabled then the password will be converted to encrypted form Syntax Description NAME Specifies the Username Only one word can be used for the name argument The length is 1 to 32 characters...

Page 927: ...ode using the enable password If the enable password is not set then the user only needs to use the command enable on page 186 Examples This example shows how to create a username and password pair It assigns a username of admin with the password mypassword This example shows how to remove a user account with the username admin Verify the settings by entering the show username command Switch confi...

Page 928: ...tly specified for the interface for example interface command ip rip receive version on page 316 Example The following example shows how to configure the RIP version to version 2 Verify the settings by entering the show ip protocols rip command Syntax Description 1 Only RIP Version 1 packets are received and transmitted 2 Only RIP Version 2 packets are received and transmitted Switch configure ter...

Page 929: ... ports later The no vlan global configuration command must be used to remove VLANs When removing a non existing VLAN an error message will be sent Default VLAN with VLAN ID 1 cannot be removed Removing a VLAN will automatically remove all port memberships that belong to the VLAN However if a VLAN is being associated to a port s access VLAN throught the access VLAN command it can not be deleted Exa...

Page 930: ...ag is decided by following the following conditions 1 If the there is a CoS remarking pair for the customer VLAN the priority tag value of the outer VLAN value is set to the same value as the cos remarking 2 Otherwise the priority tag value of the outer tag is replicated from the user inner priority tag Examples In the example shown here eth4 1 is configured as COS value of 3 and CoS value of 1 fo...

Page 931: ...name The VLAN name length must be 1 to 32 and it must be unique within the administrative domain The error message will be returned if an invalid name or a duplicated name is specified Use no vlan name config VLAN command to reset the VLAN name to the default VLAN name Example This example shows how to set a VLAN name of VLAN 1000 Verify the settings by entering the show vlan command Syntax Descri...

Page 932: ...riority by the cos remarking command the priority tag value of the outgoing tag is decided by the configuration associated with the ingress port and inner VID 2 Otherwise the priority tag value of the outer VLAN value is retained as the original CoS priority tag value Example This example shows how to create VLAN translation entries The created VLAN translation relationships are C VLAN 200 will be...

Page 933: ...or VID 200 and 103 104 that is because when C VID is not specified with COS rearming policy explicitly its COS is changed according to cos remarking NEW COS or no cos remarking commands but remark COS as 3 for C VID 101 102 7 Verify the settings by entering show vlan tunnel interface command Switch config if vlan remarking 1002 200 Switch config if cos remarking 7 Switch config if cos remarking 3 ...

Page 934: ...ng mode is applied with the following setting 1 All interfaces are set as Network to Network Interfaces NNI port 2 All existing static VLANs will run as SP VLANs All dynamically learned L2 addresses will be cleared 3 All dynamically registered VLAN entries will be cleared 4 IIn order to run GVRP on the switch enable GVRP manually In VLAN tunnel mode the SP VLAN GVRP Address 01 80 C2 00 00 0D will ...

Page 935: ...ckets When a Layer 3 control packet is sent and its destination IP is the same value as the source IP of dynamic learned customer VLAN tag mapping entry then the control packet will be added to the matched customer VLAN tag If VLAN tunneling mode is disabled the mechanism will not work even it is enabled Examples This example shows how to enable the VLAN tunnel dynamic customer VLAN tag learning m...

Page 936: ... IP subnet Examples This example shows how to add a static customer VLAN tag mapping entry Using the following configuration the C VID 500 is used to add the out going control packet which has destination IP equal to 10 90 90 1 24 subnet Verify the settings by entering show vlan tunnel ctag mapping static command Syntax Description A B C D M Specifies the destination IPv4 network address A B C D I...

Page 937: ...ncapsulation and VLAN remarking is searched using the packet VLAN ID and the ingress port If there is an entry missing then the packet can optionally be dropped or have a SP VLAN service provider VLAN tag added based on the VLAN lookup tables MAC Subnet Protocol Port VLAN ID When VLAN tunnel ingress filtering is enabled the translation missed packets are dropped If it has an SP VLAN tag added to t...

Page 938: ...e This command sets the interface type at the port used by the VLAN tunnel application uni User to Network Interface nni Networks to Network Interface Example This example shows how to set Ethernet eth3 1 NNI port Verify the settings by entering show vlan tunnel command Syntax Description nni uni Specifies the interface type for the interface port channel or ethernet port nni Network to Network In...

Page 939: ...t Disabled Command Mode Interface configuration only available for UNI ports only Usage Guideline The command is available only for a UNI port If an incoming packet has an inner tag C TAG and the packet is forwarded to a UNI port which is configured as remove inner tag enabled then the packet s inner tag is removed Example This example shows how to enable the vlan tunnel remove inner tag in Ethern...

Page 940: ...TPID specified by the vlan tunnel tpid command is used for the S tag outer tag TPID b As a packet is transmitted at an NNI port for VLAN remarking replace ment a TPID specified by the vlan tunnel tpid command is used for the VLAN tag TPID 2 Packet received at an NNI port a As a packet is received at an NNI port the TPID specified by the vlan tunnel tpid command is used to identify whether or not t...

Page 941: ...will add a VLAN tag with the specified voice VLAN ID and the specified priority to the received un tagged voice packets The received packets are determined as voice packets if the source MAC addresses of packets comply with the organizationally unique identifier OUI addresses configured by the switch The specified voice VLAN does not need to exist to apply the command Example The following example...

Page 942: ...deline The voice VLAN priority will be the priority associated with the voice VLAN traffic to distinguish the QoS of the voice traffic from data traffic Example The example shows how to configure the priority of the voice VLAN to be seven You can verify your settings by entering show vlan voice vlan command Syntax Description COS VALUE Specify the priority of voice VLAN The available value is 0 7 ...

Page 943: ...tify the voice traffic if voice VLAN is enabled If the source MAC addresses of received packets comply with the configured OUI addresses the received packets are determined as voice packets The default OUI cannot be deleted Example This example shows how to add a user defined OUI of voice device Syntax Description MAC ADDRESS Specify the OUI MAC address MASK Specify the OUI MAC address mask descri...

Page 944: ...GS 6604 m voice vlan oui CLI Reference Guide 934 You can verify your settings by show vlan voice vlan oui command Switch config voice vlan oui 01 02 03 04 05 06 ff ff ff ff ff ff Switch config end Switch ...

Page 945: ...face IP address on Router X that connects to Router 1 is 60 5 1 1 IP address 60 5 1 1 is the critical IP address for the master router Configure the critical IP address on the master router and the master router will monitor the ARP cache of the critical IP address Once the ARP cache of critical IP is gone from the ARP table the master router will give up its master status Syntax Description VRID ...

Page 946: ... with priority 200 on interface vlan1 The following example shows how to remove the critical ip address for virtual router 7 on interface vlan1 Switch config interface vlan1 Switch config if vrrp 7 ip 20 1 1 5 Switch config if vrrp 7 priority 200 Switch config if vrrp 7 critical ip 60 5 1 1 Switch config interface vlan1 Switch config if no vrrp 7 critical ip ...

Page 947: ...ter A master will be elected in a group of virtual routers which have the same virtual router identifier for forwarding the packets from the host that sends to this virtual router Examples The following example shows how to enable VRRP on vlan1 The virtual router identifier is 7 and 10 1 1 1 is the IP address of the virtual router The following example shows how to remove the IP address of the vir...

Page 948: ...l router if it has a higher priority than the current master router After using the no form of this command the preempt mode changes to disabled and the backup router will not attempt to preempt the master router even if it has a higher priority than the master router One exception is that the router that is the virtual IP address owner always preempts regardless of the setting of this command Exa...

Page 949: ... 6604 m vrrp preempt CLI Reference Guide 939 The following example shows how to configure the router to disable preempt of a virtual router Switch config interface vlan1 Switch config if no vrrp 7 preempt ...

Page 950: ...tly configured to have the same highest priority then one of them will become the master which depends on which one of them sends the advertisement packet out first If the advertisement packets are sent out at the same time the primary IP address see Note 1 will be compared The router with greater primary IP address becomes the master Note 1 the primary IP address is the interface IP address that ...

Page 951: ...DGS 6604 m vrrp priority CLI Reference Guide 941 The following example shows how to restore the default priority of the virtual router Switch config interface vlan1 Switch config if no vrrp 7 priority ...

Page 952: ...The following example shows how to disable one VRRP VRID 7 on interface vlan1 while retaining the VRRP VRID 8 The following example shows how to re activate VRRP protocol on VRID 7 of interface vlan1 Syntax Description VRID Specifies the virtual router identifier the number identifying the virtual router that the shutdown is being configured for The virtual router identifier is configured with the...

Page 953: ...the master router to be down All routers in a VRRP group must use the same timer values Examples The following example shows how to configure the router to send advertisements every 10 seconds The following example shows how to configure the advertisement interval to default Syntax Description VRID Specifies the virtual router identifier which is the number identifying the virtual router that the ...

Page 954: ...Challenge Handshake Authentication Protocol CIR Committed Information Rate CIST Common and Internal Spanning Tree CLI Command Line Interface CLNS Connection Less Network Service CoS Class of Service CPLD Complex Programmable Logic Device CRC Cyclic Redundancy Check DHCP Dynamic Host Configuration Protocol DM Dense Mode PIM DNS Domain Name System DoS Denial of Service ...

Page 955: ...n Table FIB Forwarding Information Base FTP File Transfer Protocol GARP General Attribute Registration Protocol GBIC Gigabit Interface Converter GMRP GARP Multicast Registration Protocol GVRP GARP VLAN Registration Protocol ICMP Internet Control Message Protocol IGMP Internet Group Management Protocol IGMPv2 IGMP version 2 IGMPv3 IGMP version 3 IGRP Interior Gateway Routing Protocol ...

Page 956: ... of Standardization LACP Link Aggregation Control Protocol LACPDU Link Aggregation Control Protocol data unit LAN Local Area Network LAPB Link Access Procedure Balanced LCP Link Control Protocol LLC Logical Link Control MAC Media Access Control MD5 Message Digest 5 MED Multi Exit Discriminator MIB Management Information Base mroute multicast route mrouter multicast router MST Multiple Spanning Tre...

Page 957: ...ork Service Access Point NSF Non Stop Forwarding NTP Network Time Protocol NVRAM Non Volatile RAM OAM Operation Administration and Maintenance OSI Open System Interconnection OSPF Open Shortest Path First PAE Port Access Entity PDU Protocol Data Unit PHY Physical sublayer PIM Protocol Independent Multicast PIM SM Protocol Independent Multicast Sparse Mode PPP Point to Point Protocol ...

Page 958: ...vice RADIUS Remote Access Dial In User Service RAM Random Access Memory RIB Routing Information Base RMON Remote Network Monitor ROM Read Only Memory RP Route Processor RSTP Rapid Spanning Tree Protocol RTP Real Time Transport Protocol SM Sparse Mode PIM ...

Page 959: ...ence bandwidth 55 auto cost reference bandwidth IPv6 56 banner login 57 based on client id 59 based on c vid 60 based on interface ip address 61 based on mac address 62 based on relay ip address 63 based on s vid 64 based on user class 65 based on vendor class 66 bgp always compare med 67 bgp asnotation dot 68 bgp bestpath as path ignore 70 bgp bestpath compare routerid 72 bgp default ipv4 unicast...

Page 960: ...fig factory defaults 114 clear spanning tree detected protocols 115 clear vlan tunnel ctag mapping dynamic 116 clock set 117 clock summer time 118 clock timezone 120 color aware 121 command prompt 122 configure terminal 124 copy 125 cos remarking 128 cpu protect safeguard 130 cpu protect type 132 cpu protect sub interface 135 crypto key 136 ddm log 137 ddm state 138 ddm shutdown 139 ddm temperatur...

Page 961: ...default 172 dot1x forward pdu 173 dot1x guest vlan 174 dot1x initialize 176 dot1x max req 177 dot1x pae authenticator 178 dot1x port control 179 dot1x re authenticate 180 dot1x re authentication 181 dot1x system auth control 182 dot1x timeout 183 dot1x user 184 duplex 185 enable 186 enable password 187 end 188 exit 189 erps 190 erps domain 191 erpi enable 192 erpi type 193 erpi raps vlan 195 erpi ...

Page 962: ...235 ip dhcp screening suppress duration 236 ip arp inspection trust 237 ip arp inspection validate 238 ip arp inspection vlan 240 ip verify source vlan dhcp snooping 241 ip source binding 242 ip as path access list 244 ip community list 245 ip dhcp snooping verify MAC address 247 ip dhcp snooping vlan 248 ip dhcp ping packets 250 ip dhcp ping timeout 251 ip dhcp pool 252 ip dhcp relay 253 ip dhcp ...

Page 963: ...f priority 292 ip ospf retransmit interval 293 ip ospf shutdown 294 ip ospf transmit delay 295 ip ospf mtu ignore 296 ip pim 297 ip pim accept register 298 ip pim bsr candidate 299 ip pim dr priority 301 ip pim join prune interval 302 ip pim prune limit interval 303 ip pim query interval 304 ip pim register checksum include data 305 ip pim register suppresion 306 ip pim rp address 307 ip pim rp ca...

Page 964: ...st 351 ipv6 ospf dead interval 352 ipv6 ospf hello interval 353 ipv6 ospf priority 354 ipv6 ospf retransmit interval 355 ipv6 ospf shutdown 356 ipv6 ospf transmit delay 357 ipv6 rip metric offset 358 ipv6 rip split horizon 359 ipv6 rip split horizon poisoned 360 ipv6 ospf mtu ignore 361 ipv6 route 362 ipv6 router ospf area 368 ipv6 router rip 369 ipv6 route long prefix log enable 370 ipv6 unicast ...

Page 965: ...th 423 match community 424 match ip address 425 match ipv6 address 426 maximum paths 427 max rcv frame size 428 media type 429 mgmt if 430 monitor session 431 monitor session destination remote vlan 433 monitor session source interface 435 monitor session source remote vlan 437 mtu 439 multicast filtering mode 440 name 441 neighbor 442 neighbor RIP IPv6 443 neighbor advertisement interval 444 neig...

Page 966: ...y 482 poe port description 483 poe service policy 484 poe power inline 485 police 487 police aggregate 492 police cir 493 policy map 497 port channel load balance 499 power saving 500 pvid VLAN ID 501 qos aggregate policer 502 qos bandwidth 505 qos cos 506 qos deficit round robin 507 qos dscp mutation 510 qos map cos color 511 qos map dscp color 512 qos map dscp cos 513 qos map dscp mutation 514 q...

Page 967: ...op 561 set default interface 563 set origin 564 set weight 565 sflow 566 sflow receiver 567 sflow sampler 569 sflow poller 571 show aaa 572 show aaa group server 575 show access group 576 show access list 577 show arp 578 show boot 579 show channel group 580 show class map 584 show clock 585 show cpu protect safeguard 586 show cpu protect type 587 show cpu protect sub interface 589 show ddm 590 sh...

Page 968: ...dvmrp neighbor 636 show ip dvmrp prune 639 show ip dvmrp route 640 show ip igmp group 641 show ip igmp interface 644 show ip igmp snooping 645 show ip igmp snooping group 647 show ip igmp snooping mrouter 650 show ip interface 651 show ip key chain 653 show ip mroute 654 show ip ospf 656 show ip ospf border routers 658 show ip ospf database 659 show ip ospf database asbr summary 661 show ip ospf d...

Page 969: ...show ipv6 ospf virtual links 716 show ipv6 protocols 717 show ipv6 rip database 719 show ipv6 rip interface 720 show ipv6 route 721 show ipv6 route summary 723 show ipv6 unicast routing long prefix status 724 show loopback detection 725 show logging 727 show mac address table 730 show mac address table aging destination hit 732 show mac address table aging time 733 show mgmt if 734 show monitor se...

Page 970: ...ow ip policy 804 show ip arp inspection 805 show ip source binding 808 show ip verify source 810 show ip dhcp screening 811 show sflow 812 show lldp 814 show lldp interface 816 show lldp local interface 818 show lldp management address 823 show lldp neighbor interface 825 show lldp statistics 831 show lldp statistics interface 832 show poe power system 833 show poe power inline 835 ssh 838 switchp...

Page 971: ...873 spanning tree tcnfilter 874 spanning tree transmit hold count 875 speed 876 storm control Interface 878 storm control action Interface 879 storm control level Interface 881 storm control timer Global 883 subnet base VLAN 885 subnet mask 886 switchport port security 887 synchronization 890 system name 891 telnet 892 terminal length 897 terminal timeout 898 terminal width 899 timers 901 timers b...

Page 972: ...checking 927 vlan tunnel interface type 928 vlan tunnel remove inner tag 929 vlan tunnel tpid 930 voice vlan 931 voice vlan cos 932 voice vlan oui 933 vrrp critical ip 935 vrrp ip 937 vrrp preempt 938 vrrp priority 940 vrrp shutdown 942 vrrp timers advertise 943 ...

Reviews: