D-Link DXS-3600 Series Cli Reference Manual Download Page 93 | Manualshive

Page: 93 / 1456

D-Link DXS-3600 Series Cli Reference Manual Download Page 93

DXS-3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide

88

6.

ARP Spoofing Prevention Commands

6-1 ip arp spoofing-prevention

This command is used to configure an ARP Spoofing Prevention (ASP) entry of the gateway used for
preventing ARP poisoning attacks. Use the

no

form of the command to delete an ARP spoofing

prevention entry.

ip arp spoofing-prevention GATEWAY-IP GATEWAY-MAC interface INTERFACE-ID [,|-]

no ip arp spoofing-prevention GATEWAY-IP [interface INTERFACE-ID [,|-] ]

Parameters

GATEWAY-IP

Specifies the IP address of the gateway.

GATEWAY-MAC

Specifies the MAC address of the gateway. The MAC address setting
will replace the last configuration for the same gateway IP address.

INTERFACE-ID

Specifies the interface that will be activated or removed from active
interface list (in the

no

form of this command). An ARP entry won't be

checked, if the receiving port is not included in the specified interface
list.

,

(Optional) Specifies a number of interfaces or separate a range of
interfaces from a previous range. No space before and after the
comma.

-

(Optional) Specifies a range of interfaces. No space before and after
the hyphen.

Default

By default, no entries exist.

Command Mode

Global Configuration Mode.

Command Default Level

Level: 12.

Usage Guideline

This command is used to configure the ARP spoofing prevention (ASP) entry to prevent spoofing of the
MAC address of the protected gateway. When an entry is created, ARP packets whose sender IP
address matches the gateway IP address, of an entry, but its sender MAC address field does not match
the gateway MAC address, of the entry, will be dropped by the system. The ASP will bypass the ARP
packets whose sender IP address doesn’t match the configured gateway IP address.

If an ARP address matches a configured gateway’s IP address, MAC address, and port list, then bypass
the Dynamic ARP Inspection (DAI) check no matter if the receiving port is ARP ‘trusted’ or ‘untrusted’.

Only physical ports and port channel interfaces are valid interface to be specified.

Example

This example shows how to configure an ARP spoofing prevention entry with an IP address of
10.254.254.251 and MAC address of 00-00-00-11-11-11 and activate the entry at port Ethernet 1/0/10.

Switch#configure terminal

Switch(config)# ip arp spoofing-prevention 10.254.254.251 00-00-00-11-11-11 interface
ethernet 1/0/10

«
...
91
92
93
94
95
...
»

Summary of Contents for DXS-3600 Series

Page 1: ......

Page 2: ...Control List ACL Commands 299 17 CPU Port Statistics Commands 303 18 Debug Commands 306 19 DHCP Auto Configuration Commands 316 20 DHCP Client Commands 318 21 DHCP Relay Commands 322 22 DHCP Server Commands 342 23 DHCP Server Screening Commands 370 24 DHCP Snooping Commands 376 25 DHCPv6 Client Commands 390 26 DHCPv6 Guard Commands 393 27 DHCPv6 Relay Commands 397 28 DHCPv6 Server Commands 403 29 ...

Page 3: ...89 57 IPv6 Source Guard Commands 694 58 Jumbo Frame Commands 700 59 Layer 2 Protocol Tunnel L2PT Commands 701 60 Link Aggregation Control Protocol LACP Commands 708 61 Link Layer Discovery Protocol LLDP Commands 715 62 Loopback Detection LBD Commands 746 63 MAC Authentication Commands 752 64 Mirror Commands 756 65 MLD Proxy Commands 765 66 MLD Snooping Commands 771 67 Multicast Listener Discovery ...

Page 4: ...Generation RIPng Commands 1165 95 Safeguard Engine Commands 1176 96 Secure File Transfer Protocol SFTP Server Commands 1184 97 Secure Shell SSH Commands 1187 98 Secure Sockets Layer SSL Commands 1195 99 sFlow Commands 1203 100 Simple Mail Transfer Protocol SMTP Commands 1209 101 Simple Network Management Protocol SNMP Commands 1214 102 Single IP Management SIM Commands 1236 103 Spanning Tree Proto...

Page 5: ...tual Routing and Forwarding Lite VRF lite Commands 1385 121 Web Authentication Commands 1392 122 Weighted Random Early Detection WRED Commands 1397 Appendix A Password Recovery Procedure 1404 Appendix B System Log Entries 1405 Appendix C Trap Entries 1437 Appendix D RADIUS Attributes Assignment 1447 Appendix E IETF RADIUS Attributes Support 1450 ...

Page 6: ...m the D Link website Other documents related to this switch are DXS 3600 Series Hardware Installation Guide DXS 3600 Series Web UI Reference Guide Conventions Convention Description Boldface Font Commands command options and keywords are printed in boldface Keywords in the command line are to be entered exactly as they are displayed UPPERCASE ITALICS Font Parameters or values that must be specifie...

Page 7: ...value or administrative state of the switch then any default settings i e without issuing the command of the configuration is shown here Command Mode The mode in which the command can be issued These modes are described in the section titled Command Modes below Command Default Level The user privilege level in which the command can be issued Usage Guideline If necessary a detailed description of t...

Page 8: ...e the User EXEC Mode can operate at a basic user level and the Privileged EXEC Mode can operate at the advanced user power user operator or administrator levels The user can only enter the Global Configuration Mode from the Privileged EXEC Mode The Global Configuration Mode can be accessed by users who have operator or administrator level user accounts As for sub configuration modes a subset of th...

Page 9: ...ers to change the local terminal session settings and carrying out basic network connectivity verification One limitation of this command mode is that it cannot be used to display information related to security This command mode can be entered by logging in as an advanced user Privileged EXEC Mode at Power User Level User logged into the switch in privileged EXEC mode at this level can execute fe...

Page 10: ...or other virtual interface Thus interface configuration mode is distinguished further according to the type of interface The command prompt for each type of interface is slightly different VLAN Interface Configuration Mode VLAN interface configuration mode is one of the available interface modes and is used to configure the parameters of a VLAN interface To access VLAN interface configuration mode...

Page 11: ...the running configuration to the start up configuration Switch copy running config startup config Destination filename startup config y n y Saving all configurations to NV RAM Done Switch After the switch was rebooted or when the users logs out and back in the newly created username and password must be entered to access the CLI interface again as seen below DXS 3600 32S TenGigabit Ethernet Switch...

Page 12: ...ysical port number 1 Error Messages When the users issue a command that the switch does not recognize error messages will be generated to assist users with basic information about the mistake that was made A list of possible error messages are found in the table below Error Message Meaning Ambiguous command Not enough keywords were entered for the switch to recognize the command Incomplete command...

Page 13: ...e a command Space Scrolls down to display the next page ESC Escapes from the displaying page Display Result Output Modifiers Results displayed by show commands can be filtered using the following parameters begin FILTER STRING This parameter is used to start the display with the first line that matches the filter string include FILTER STRING This parameter is used to display all the lines that mat...

Page 14: ...ng configuration Current configuration 56102 bytes DXS 3600 32S TenGigabit Ethernet Switch Configuration Firmware Build 2 40 041 Copyright C 2015 D Link Corporation All rights reserved STACK stacking config information Box Prio ID Type Exist rity 1 DXS 3600 32S exist 32 2 DXS 3600 16S no 3 NOT_EXIST no 4 NOT_EXIST no end end configure terminal end AAA configure terminal AAA START no aaa new model ...

Page 15: ...d arguments associated with a command enter a question mark in place of a keyword or argument on the command line This form of help is called the command syntax help because it lists the keywords or arguments that apply based on the command keywords and arguments already entered Example This example shows how the help command is used to display a brief description of the help system Switch help Th...

Page 16: ...he user to continue entering the command Switch ip access list standard 1 1999 Standard IP access list number WORD Access list name Switch ip access list standard 2 2 enable This command is used to enter the Privileged EXEC Mode enable PRIVILEGE LEVEL Parameters PRIVILEGE LEVEL Optional Specifies to set the privilege level for the user The privilege level is between 1 and 15 If not specified level...

Page 17: ...sed Default None Command Mode User EXEC Mode Privilege EXEC Mode Command Default Level Level 1 Usage Guideline Use this command to enter the privilege level which is lower than the current level When using this command to enter the privilege level that has a password configured no password is needed Example This example shows how to logout Switch disable Switch logout 2 4 configure terminal This c...

Page 18: ...mand Mode User EXEC Mode Privileged EXEC Mode Command Default Level Level 1 Usage Guideline Use this command to change the login account Three attempts are allowed to login to the switch s interface When using Telnet if all attempts fail access will return to the command prompt If no information is entered within 60 seconds the session will return to the state when logged out Example This example ...

Page 19: ...and the session will be closed When the username and password option is selected enter the username and password configured by the username command For SSH access there are three authentication types SSH public key Host based authentication and Password authentication The SSH public key and host based authentication types are independent from the login command in the line mode If the authenticatio...

Page 20: ...ample shows how to create a username useraccount with the password of pass123 and use Privilege 12 Switch configure terminal Switch config username useraccount privilege 12 password 0 pass123 Switch config This example shows how to configure the login method as login local Switch configure terminal Switch config line console Switch config line login local Switch config line 2 7 logout This command...

Page 21: ... Usage Guideline Executing this command will return access to the highest mode in the CLI hierarchy regardless of what configuration mode or configuration sub mode currently located at Example This example shows how to end the Interface Configuration Mode and go back to the Privileged EXEC Mode Switch configure terminal Switch config interface ethernet 1 1 Switch config if end Switch 2 9 exit This...

Page 22: ...n show history Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Commands entered are recorded by the system A recorded command can be recalled by pressing CTRL P or the Up Arrow key which will recall previous commands in sequence The history buffer size is fixed at 20 commands The function key instructions below displays ho...

Page 23: ...follow the confirmation prompt message to recover the password related settings Password recovery basically does the following three things Update an existing user account by entering the username of an existing user and its new password or add a new user account with a privileged level of 15 The new user account cannot be created if the maximum number of user accounts is exceeded Update the enabl...

Page 24: ...l Specifies to display the switch power detailed status temperature Optional Specifies to display the switch temperature detailed status Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline If a specific type is not specified all types of environment information will be displayed Example This example shows how to display fan temperature power ...

Page 25: ...y the unit to display Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays information about the system modules If no option is specified then all of units information will be displayed Example This example shows how to display the information about units on a system Switch show unit Unit Model Descr Model Name 1 24P tenG...

Page 26: ...Usage Guideline This command displays the system s CPU utilization information in 5 second 1 minute and 5 minute intervals Example This example shows how to display the information about CPU utilization Switch show cpu utilization CPU Utilization Five seconds 8 One minute 8 Five minutes 8 Switch 2 15 show version This command is used to display the switch s software version information show versio...

Page 27: ...hreshold unit UNIT ID thermal THREMAL ID high VALUE low VALUE no environment temperature threshold unit UNIT ID thermal THREMAL ID high low Parameters unit UNIT ID Specifies the unit ID thermal THERMAL ID Specifies the thermal sensor s ID high Optional Specifies the high threshold of the temperature in Celsius The range is from 100 to 200 low Optional Specifies the low threshold of the temperature...

Page 28: ...rver enable traps environment fan power temperature Parameters fan Optional Specifies to enable the switch s fan trap state for warning fan events fan failed or fan recover power Optional Specifies to enable the switch s power trap state for warning power events power failure or power recovery temperature Optional Specifies to enable the switch s temperature trap state for warning temperature even...

Page 29: ...e a range of interfaces from a previous range No space is allowed before and after the comma Optional Specifies a range of interfaces No space is allowed before and after the hyphen Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline This command is used to clear 802 1X counters diagnostics statistics and session statistics Example This example shows how t...

Page 30: ... to auto If the control direction is set to both then the port can receive and transmit EAPOL packets only All user traffic is blocked before authentication If the control direction is set to in then in addition to receiving and transmitting EAPOL packets the port can transmit user traffic but not receive user traffic before authentication Example This example shows how to configure the controlled...

Page 31: ...s set as auto Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command takes effect only when IEEE 802 1X PAE authenticator is globally enabled by the dot1x system auth control command and is enabled for a specific port by using the dot1x PAE authenticator This command is only available for physical port interface configuration If the port control is se...

Page 32: ...setting Example This example shows how to configure the forwarding of the dot1x PDU Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if dot1x forward pdu Switch config if 3 6 dot1x initialize This command is used to initialize the authenticator state machine on a specific port or associated with a specific MAC address dot1x initialize interface INTERFACE ID mac addres...

Page 33: ...rting the authentication process Use the no form of the command to reset to the default setting dot1x max req TIMES no dot1x max req Parameters TIMES Specifies the number of times that the switch retransmits an EAP frame to the supplicant before restarting the authentication process The range is 1 to 10 Default By default this value is 2 Command Mode Interface Configuration Mode Command Default Le...

Page 34: ...entication on the switch by using the dot1x system auth control command When IEEE 802 1X authentication is enabled the system will authenticate the 802 1X user based on the method list configured by the aaa authentication dot1x default command Example This example shows how to configure Ethernet port 1 0 1 as an IEEE 802 1X PAE authenticator Switch configure terminal Switch config interface ethern...

Page 35: ...t None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline This command is used to re authenticate a specific port or a specific MAC address Example This example shows how to re authenticate Ethernet port 1 0 1 Switch dot1x re authenticate interface ethernet 1 0 1 Switch 3 10 dot1x system auth control This command is used to globally enable IEEE 802 1X authentication o...

Page 36: ...ecifies the number of seconds that the switch will wait for the request from the authentication server before timing out the server On timeout authenticator will send EAP Request packet to client The range is 1 to 65535 supp timeout SECONDS Specifies the number of seconds that the switch will wait for the response from the supplicant before timing out the supplicant messages other than EAP request...

Page 37: ...ge of interfaces from a previous range No space is allowed before and after the comma Optional Specifies a range of interfaces No space is allowed before and after the hyphen Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command can be used to display the global configuration or interface configuration If the configuration command ...

Page 38: ... interfaces or separate a range of interfaces from a previous range No space is allowed before and after the comma Optional Specifies a range of interfaces No space is allowed before and after the hyphen Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command can be used to display 802 1X diagnostics Using this command without parame...

Page 39: ... interface INTERFACE ID Optional Specifies to display the dot1x diagnostics on the specified interface or range of interfaces If not specified information about all interfaces will be displayed Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No space is allowed before and after the comma Optional Specifies a range of interfaces No space is allowed ...

Page 40: ... Parameters interface INTERFACE ID Optional Specifies to display the dot1x diagnostics on the specified interface or range of interfaces If not specified information about all interfaces will be displayed Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No space is allowed before and after the comma Optional Specifies a range of interfaces No space ...

Page 41: ...serName Switch 3 16 snmp server enable traps dot1x This command is used to enable the sending of SNMP notifications for 802 1X authentication Use the no command to disable the sending of SNMP notifications snmp server enable traps dot1x no snmp server enable traps dot1x Parameters None Default By default this feature is disabled Command Mode Global Configuration Mode Command Default Level Level 12...

Page 42: ... number is 10 The default increment is 10 Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This feature allows the user to re sequence the entries of a specified access list with an initial sequence number determined by the STARTING SEQUENCE NUMBER parameter and continuing in the increments determined by the INCREMENT parameter If the highest sequence number ex...

Page 43: ... 10 100 1 2 7 permit icmp any any Switch config 4 2 acl hardware counter This command is used to enable the ACL hardware counter of the specified access list name for access group functions or access map for the VLAN filter function Use the no form of the command to disable the ACL hardware counter function acl hardware counter access group ACCESS LIST NAME ACCESS LIST NUMBER vlan filter ACCESS MA...

Page 44: ...t action action forward drop redirect INTERFACE ID no action Parameters forward Specifies to forward the packet when matched drop Specifies to drop the packet when matched redirect INTERFACE ID Specifies the interface ID for the redirection action Only physical ports are allowed to be specified Default By default the action is forward Command Mode VLAN Access map Sub map Configuration Mode Command...

Page 45: ...s list to be cleared access group ACCESS LIST NUMBER Specifies the number of the access list to be configured vlan filter ACCESS MAP NAME Specifies the name of the access map to be cleared Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline If no access list name or number is specified with the parameter access group all access group hardware counters will...

Page 46: ...lied later will overwrite the previous setting Only one access list of the same type can be applied to the same interface but access lists of different types can be applied to the same interface Example This example shows how to apply an expert ACL to an interface The purpose is to apply the ACL exp_acl on the Ethernet port 1 0 2 to filter the incoming packets Switch configure terminal Switch conf...

Page 47: ... example shows how to create an extended expert ACL Switch configure terminal Switch config expert access list extended exp_acl Switch config exp nacl end Switch show access list Access List Name Type exp_acl ID 8999 expert ext acl Total Entries 1 Switch 4 7 ip access group This command is used to specify the IP access list to be applied to an interface Use the no form of this command to remove an...

Page 48: ...the IP access list Strict Control as an IP access group for an Ethernet port 6 0 2 Switch configure terminal Switch config interface eth6 0 2 Switch config if gi ip access group Strict Control The remaining applicable IP related access entries are 2500 The remaining applicable port operators are 10 Switch config if gi 4 8 ip access list This command is used to create or modify an IP access list Th...

Page 49: ... 10 20 0 0 255 255 0 0 Switch config ip ext acl exit Switch config ip access list pim srcfilter Switch config ip acl permit host 172 16 65 193 any Switch config ip acl 4 9 ipv6 access group This command is used to specify the IPv6 access list to be applied to an interface Use the no command to remove an IPv6 access list ipv6 access group NAME NUMBER in out no ipv6 access group NAME NUMBER in out P...

Page 50: ...pv6 access list This command is used to create or modify an IPv6 access list This command will enter into IPv6 access list configuration mode Use the no form of this command to remove an IPv6 access list ipv6 access list extended NAME NUMBER no ipv6 access list extended NAME NUMBER Parameters NAME Specifies the name of the IPv6 access list to be configured The maximum length is 32 characters NUMBE...

Page 51: ...he specified ACL Use the no command to delete the remarks list remark TEXT no list remark Parameters TEXT Specifies the remark information The information can be up to 256 characters long Default None Command Mode Access list Configuration Mode Command Default Level Level 12 Usage Guideline This command is available in the MAC IP IPv6 and Expert Access list Configure mode Example This example show...

Page 52: ...f MAC access group is already configured on the interface the command applied later will overwrite the previous setting MAC access groups will only check non IP packets Only one access list of the same type can be applied to the same interface but access lists of different types can be applied to the same interface The association of an access group with an interface will consume the filtering ent...

Page 53: ... all access lists The characters of the name are case sensitive If the access list number is not specified the biggest unused number in the range of the MAC access list numbers will be assigned automatically Example This example shows how to enter the MAC access list configuration mode for a MAC access list named daily profile Switch configure terminal Switch config mac access list extended daily ...

Page 54: ... Switch config vlan access map vlan map 20 Switch config access map match ip address sp1 Switch config access map end Switch show vlan access map VLAN access map vlan map 20 match ip address sp1 ID 1999 action forward Switch 4 15 match ipv6 address This command is used to associate IPv6 access lists for the configured sub maps The no form of this command removes the match entry match ipv6 address ...

Page 55: ...ciate MAC access lists for the configured sub maps The no form of this command removes the match entry match mac address ACL NAME ACL NUMBER no match mac address Parameters ACL NAME Specifies the name of the ACL MAC access list to be configured The name can be up to 32 characters ACL NUMBER Specifies the number of the ACL MAC access list to be configured Default None Command Mode VLAN Access map S...

Page 56: ...ny eq lt gt neq PORT range MIN PORT MAX PORT TCP FLAG cos OUTER COS inner INNER COS vlan OUTER VLAN inner INNER VLAN precedence PRECEDENCE tos TOS dscp DSCP time range PROFILE NAME SEQUENCE NUMBER permit deny udp SRC IP ADDR SRC IP WILDCARD host SRC IP ADDR any SRC MAC ADDR SRC MAC WILDCARD host SRC MAC ADDR any eq lt gt neq PORT range MIN PORT MAX PORT DST IP ADDR DST IP WILDCARD host DST IP ADDR...

Page 57: ... by using a wildcard bitmap The bit corresponding to the bit value 1 will be ignored The bit corresponding to the bit value 0 will be checked precedence PRECEDENCE Optional Specifies that packets can be filtered by precedence level as specified by a number from 0 to 7 tos TOS Optional Specifies that packets can be filtered by type of service level as specified by a number from 0 to 15 dscp DSCP Op...

Page 58: ... sequence to change the start sequence number and increment number for the specified access list After the command is applied the new rule without specified sequence number will be assigned sequence based new sequence setting of the specified access list When you manually assign the sequence number it is better to have a reserved interval for future lower sequence number entries Otherwise it will ...

Page 59: ... NUMBER permit deny any host SRC IP ADDR SRC IP ADDR SRC IP WILDCARD any host DST IP ADDR DST IP ADDR DST IP WILDCARD fragments precedence PRECEDENCE tos TOS dscp DSCP time range PROFILE NAME Standard IP Access List SEQUENCE NUMBER permit deny any host SRC IP ADDR SRC IP ADDR SRC IP WILDCARD any host DST IP ADDR DST IP ADDR DST IP WILDCARD no SEQUENCE NUMBER Parameters SEQUENCE NUMBER Specifies th...

Page 60: ... the protocol ID The valid value is from 0 to 255 ICMP TYPE Optional Specifies the ICMP message type The valid number for the message type is from 0 to 255 ICMP CODE Optional Specifies the ICMP message code The valid number for the message code is from 0 to 255 ICMP MESSAGE Optional Specifies the ICMP message The pre defined parameters are available for selection administratively prohibited altern...

Page 61: ...ss list Strict Control Switch config ip ext acl permit tcp any 10 20 0 0 0 0 255 255 Switch config ip ext acl permit tcp any host 10 100 1 2 Switch config ip ext acl permit tcp any any eq 80 Switch config ip ext acl permit icmp any any Switch config ip ext acl This example shows how to create two entries for an IP standard access list named std ip These entries are permit IP packets destined to ne...

Page 62: ...ress DST IPV6 ADDR PREFIX LENGTH Specifies a destination IPv6 network tcp udp icmp esp pcp sctp Specifies the Layer 4 protocol type dscp VALUE Optional Specifies the matching traffic class value in IPv6 header The range is from 0 to 63 or select the following DSCP name af11 001010 af12 001100 af13 001110 af21 010010 af22 010100 af23 010110 af31 011010 af32 011100 af33 011110 af41 100010 af42 10010...

Page 63: ...igned a sequence number that is 10 greater than the largest sequence number in that access list and is placed at the end of the list The user can use the command access list sequence to change the start sequence number and increment number for the specified access list After the command is applied the new rule without specified sequence number will be assigned sequence based new sequence setting o...

Page 64: ...MAC address or any destination MAC address host SRC MAC ADDR Specifies a specific source host MAC address SRC MAC ADDR SRC MAC WILDCARD Specifies a group of source MAC addresses by using a wildcard bitmap The bit corresponding to the bit value 1 will be ignored The bit corresponding to the bit value 0 will be checked host DST MAC ADDR Specifies a specific destination host MAC address DST MAC ADDR ...

Page 65: ...erwise it will create extra effort to insert an entry with a lower sequence number The sequence number must be unique in the domain of an access list If you enter a sequence number that is already present an error message will be displayed Multiple entries can be added to the list and you can use permit for one entry and use deny for the other entry Different permit and deny commands can match dif...

Page 66: ...s mac Optional Specifies to display a listing of all MAC access lists ipv6 Optional Specifies to display a listing of all IPv6 access lists expert Optional Specifies to display a listing of all expert access lists NAME NUMBER Specifies to display the contents of the specified access list arp Specifies to display the ARP access list Default None Command Mode User EXEC or Any Configuration Mode Comm...

Page 67: ...ow to display the content for the access list if its hardware counter is enabled Switch show access list ip simple ip acl IP access list simple ip acl ID 3994 10 permit tcp any 10 20 0 0 0 0 255 255 Ing 12410 packets Egr 85201 packets 20 permit tcp any host 10 100 1 2 Ing 6532 packets Egr 0 packets 30 permit icmp any any Ing 8758 packets Egr 4214 packets Counter enable on following port s Ingress ...

Page 68: ...st stp_ip1 ID 1888 action forward VLAN access map vlan map 20 match mac access list ext_mac ID 6995 action redirect eth1 0 5 Switch This example shows how to display the contents of the VLAN access map if its hardware counter is enabled Switch show vlan access map VLAN access map vlan map 10 match ip access list stp_ip1 ID 1888 action forward Counter enable on VLAN s 1 2 match count 8541 packets V...

Page 69: ... shows how to display VLAN filter information Switch show vlan filter VLAN Map aa Configured on VLANs 5 127 221 333 VLAN Map bb Configured on VLANs 1111 1222 Switch Switch show vlan filter vlan 5 VLAN ID 5 VLAN Access Map aa Switch 4 25 vlan access map This command is used to create a sub map of a VLAN access map and enter the VLAN access map sub map configure mode The no form of this command used...

Page 70: ...by the associated access list will take the action specified for the sub map No further check against the next sub maps is done If the packet does not match a sub map then the next sub map will be checked Using the no form of this command without specify sequence numbers will delete all sub map information of the specified access map Example This example shows how to create a VLAN access map Switc...

Page 71: ...nly be associated with one VLAN access map Example This example shows how to apply the VLAN access map vlan map in VLAN 5 Switch configure terminal Switch config vlan filter vlan map vlan list 5 Switch config access map end Switch show vlan filter VLAN Map vlan map Configured on VLANs 5 Switch ...

Page 72: ...st two access lists can be applied to a line If two access lists are already applied an attempt to apply a new access list will be rejected until an applied access list is removed by the no form of this command Example This example shows how a standard IP access list is created and is specified as the access list to restrict access via Telnet Only the host 226 1 1 1 is allowed to access the server...

Page 73: ...g character need to be input then press enter to complete the type To configure the login banner contents to default use no banner login command in global configuration mode Note The typed additional characters after the end delimiting character are invalid These characters will be discarded by the system The delimiting character cannot be used in the login banner text Example This example shows h...

Page 74: ... character of the prompt The character is defined as follows Represents user level Represents privileged user level Example This example shows how to change the prompt to BRANCH A using administrator Switch configure terminal Switch config prompt BRANCH sA BRANCH A config 5 4 enable password This command is used to setup enable password to enter different privileged levels and use the no to return...

Page 75: ... Mode Command Default Level Level 15 Usage Guideline The exact password for a specific level needs to be used to enter the privilege level Each level has only one password to enter the level Example This example shows how to create an enable password at the privilege level 15 of MyEnablePassword Switch configure terminal Switch config enable password MyEnablePassword Switch disable Switch enable P...

Page 76: ...ME Optional Specifies the SSL service policy name Use this ssl service policy keyword only if you have already declared an SSL service policy using the ssl service policy command When no keyword is specified a built in local certificate will be used for HTTPS Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This comman...

Page 77: ... to HTTP Example This example shows how a standard IP access list is created and is specified as the access list to access the HTTP server Only the host 2265 1 1 1 is allowed to access the server Switch configure terminal Switch config ip access list http filter Switch config ip acl permit 226 1 1 1 255 255 255 255 Switch config ip acl exit Switch config ip http access class http filter Switch con...

Page 78: ...out policy idle INT no ip http timeout policy idle Parameters INT Specifies the idle timeout value The valid range is from 60 to 36000 seconds Default By default this value is 180 seconds Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command configures the idle timeout value of the HTTP server connection Example This example shows how to configure the i...

Page 79: ...e Telnet server Switch configure terminal Switch config ip telnet server Switch config 5 11 ip telnet service port This command is used to specify the service port for Telnet Use the no command to return the service port to 23 ip telnet service port TCP PORT no ip telnet service port Parameters TCP PORT Specifies the TCP port number TCP ports are numbered between 1 and 65535 The well known TCP por...

Page 80: ...ters INTERFACE ID Specifies the interface whose IP address will be used as the source address of packets that initiates a Telnet connection Default The IP address of the closest interface will be used Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to specify the interface IP address source address packets that initiates a Telnet connection Ex...

Page 81: ...terminal Switch config line ssh Switch config line access class vty filter Switch config line 5 14 service password recovery This command is used to enable or disable the backdoor password recovery feature Use the no form of the command to disable the backdoor password recovery feature service password recovery no service password recovery Parameters None Default By default this option is enabled ...

Page 82: ...sword encryption option is disabled and the password is specified in the plain text form the password will be in plain text form However if the password is specified in the encrypted form or if the password has been converted to the encrypted form by the last enable password encryption command the password will still be in the encrypted form It cannot be reverted back to plain text The password af...

Page 83: ...arameter settings for the current terminal line Switch show terminal Terminal Settings Length 24 lines Width 80 columns Default Length 24 lines Default Width 80 columns Baud rate 9600 bps Switch 5 17 show ip http server This command is used to display information about the HTTP server s status show ip http server Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command...

Page 84: ...Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display information about the SSL feature s status Example This example shows how to display information about the SSL feature s status Switch show ip http secure server ip http secure server state disable Switch 5 19 show users This command is used to display informa...

Page 85: ...IPV6 ADDRESS TCP PORT Parameters VRF NAME Specifies the name of the routing forwarding instance IP ADDRESS Specifies the IPv4 address of the host IPV6 ADDRESS Specifies the IPv6 address of the host TCP PORT Specifies the TCP port number TCP ports are numbered between 0 and 65535 The well known TCP port for the Telnet protocol is 23 Default None Command Mode EXEC Mode Command Default Level Level 1 ...

Page 86: ...nterface Firmware Build 2 40 041 Copyright C 2015 D Link Corporation All rights reserved Password required but none set Switch This example shows how to Telnet through port 23 to 10 90 90 91 and the connection failed Try using port 3500 instead to login into the management interface Switch telnet 10 90 90 91 ERROR Could not open a connection to host on server port 23 Switch telnet 10 90 90 91 3500...

Page 87: ...ault is 24 lines A selection of 0 s instructs the Switch to scroll continuously no pausing Output from a single command that overflows a single display screen is followed by the More prompt At the More prompt press CTRL C q Q or ESC to interrupt the output and return to the prompt Press the Spacebar to display an additional screen of output or press Return to display one more line of output Settin...

Page 88: ...ch configure terminal Switch config terminal speed 9600 Switch config 5 23 session timeout This command is used to configure the line session timeout value Use the no form of the command to reset it to the default settings session timeout MINUTES no session timeout Parameters MINUTES Specifies the timeout length in minutes 0 represents never timeout Default By default this value is 3 minutes Comma...

Page 89: ...or the terminal width default command Usage Guideline By default the switch s system terminal provides a screen display width of 80 characters The terminal width command changes the terminal width value which applies only to the current session When changing the value in a session the value applies only to that session When the no form of this command is used the number of lines in the terminal di...

Page 90: ...ust be between 1 and 15 nopassword Specifies that there will be no password associated with this account password Specifies the password for the user 0 Specifies the password in clear plain text The password length is between 1 and 32 characters and can contain embedded spaces It is case sensitive If the password syntax cannot be specified the syntax remains plain text 7 Specifies the encrypted pa...

Page 91: ...evel 1 The user can further enter the Privileged EXEC Mode using the enable command Example This example shows how to create an administrative username called admin and a password called mypassword Switch configure terminal Switch config username admin privilege 15 password 0 mypassword Switch config This example shows how to remove the user account with the username admin Switch configure termina...

Page 92: ...ine 5 27 clear line This command is used to disconnect a connection session clear line LINE ID Parameters LINE ID Specifies the line ID of the connection session that will be disconnected Default None Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline The clear line command is used to disconnect an active session on the switch The line ID is assigned by line when the ...

Page 93: ...onal Specifies a range of interfaces No space before and after the hyphen Default By default no entries exist Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to configure the ARP spoofing prevention ASP entry to prevent spoofing of the MAC address of the protected gateway When an entry is created ARP packets whose sender IP address matches...

Page 94: ...ny Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display all ARP spoofing prevention entries Example This example shows how to display all ARP spoofing prevention entries Switch show ip arp spoofing prevention IP MAC Interfaces 10 254 254 251 00 00 00 11 11 11 ethernet 1 0 10 Total Entries 1 Switch Display Parameters IP The IP address of the gateway MAC The M...

Page 95: ...aracters long METHOD1 METHOD2 Specifies the list of methods that the accounting algorithm tries in the given sequence Enter at least one method or enter up to four methods The following are keywords that can be used to specify a method group tacacs Specifies to use the servers defined by the TACACS server host command group GROUP NAME Specifies to use the server groups defined by the aaa group ser...

Page 96: ...s Specifies to use the servers defined by the RADIUS server host command group tacacs Specifies to use the servers defined by the TACACS server host command group GROUP NAME Specifies to use the server groups defined by the AAA group server command none Specifies not to perform accounting Default No AAA accounting method is configured Command Mode Global Configuration Mode Command Default Level Le...

Page 97: ...rs defined by the TACACS server host command group GROUP NAME Specifies to use the server groups defined by the AAA group server command none Specifies no to perform accounting Default No AAA accounting method is configured Command Mode Global Configuration Mode Command Default Level Level 15 Usage Guideline Use this command to configure the accounting method list for network access fees For the d...

Page 98: ...E Specifies to use the server groups defined by the AAA group server command none Specifies no to perform accounting Default No AAA accounting method is configured Command Mode Global Configuration Mode Command Default Level Level 15 Usage Guideline Use this command to configure the accounting method list for system events such as reboot reset events For the default method list to take effect enab...

Page 99: ...ration Mode Command Default Level Level 15 Usage Guideline Use this command to configure the default authentication method list for determining access to the privileged EXEC level when users issue the enable privilege LEVEL command The authentication with the RADIUS server will be based on the privilege level and take either enable12 or enable15 as the user name Example This example shows how to s...

Page 100: ... This example shows how to set the default methods list for authenticating dot1X users Switch configure terminal Switch config aaa authentication dot1x default group radius Switch config 7 7 aaa authentication login This command is used to configure the method list used for login authentication Use the no command to remove a login method list aaa authentication login default LIST NAME METHOD1 METH...

Page 101: ...to designate one or more security protocols to be used for authentication thus ensuring a backup system for authentication in case the initial method fails The switch system uses the first listed method to authenticate users If that method fails to respond the switch system selects the next authentication method listed in the method list This process continues until there is successful communicati...

Page 102: ...method list for MAC authentication Initially the default method list is not configured The authentication of MAC request will be performed based on the local database Example This example shows how to set the default methods list for authenticating mac auth users Switch configure terminal Switch config aaa authentication mac auth default group radius Switch config 7 9 aaa authentication web auth T...

Page 103: ...ating web auth users Switch configure terminal Switch config aaa authentication web auth default group radius Switch config 7 10 aaa group server radius This command is used to enter the RADIUS group server configuration mode to associate server hosts with the group Use the no form of the command to remove a RADIUS server group aaa group server radius GROUP NAME no aaa group server radius GROUP NA...

Page 104: ...up server tacacs GROUP NAME no aaa group server tacacs GROUP NAME Parameters GROUP NAME Specifies the name of the server group This name can be up to 32 characters long The syntax is a general string that does not allow spaces Default There is no AAA group server Command Mode Global Configuration Mode Command Default Level Level 15 Usage Guideline Use this command to enter the TACACS group server ...

Page 105: ...username command The enable password will be authenticated via the local table which is defined via the enable password command Example This example shows how to enable the AAA function Switch configure terminal Switch config aaa new model Switch config 7 13 accounting commands This command is used to configure the method list used for command accounting via a specific line Use the no form of the ...

Page 106: ...line accounting commands 15 cmd 15 Switch config line 7 14 accounting exec This command is used to configure the method list used for EXEC accounting for a specific line Use the no form of the command to disable the accounting EXEC option accounting exec default METHOD LIST no accounting exec Parameters default Specifies to use the default method list METHOD LIST Specifies the name of the method l...

Page 107: ...IPV6 ADDRESS Specifies to clear server counter information related to a RADIUS IPv6 host radius all Specifies to clear server counter information related to all RADIUS hosts tacacs IP ADDRESS Specifies to clear server counter information related to a TACACS IPv4 host tacacs all Specifies to clear server counter information related to all TACACS hosts sg NAME Specifies to clear server counter infor...

Page 108: ...vel 15 Usage Guideline For authentication via the method list to take effect enable AAA first by using the aaa new model command Create the method list first by using the aaa authentication login command If the method list does not exist the command does not take effect and the authentication will be done via the default login method list Example This example shows how to configure HTTP sessions t...

Page 109: ... for accounting for HTTP server users The AAA accounting method is configured as the RADIUS accounting method Switch configure terminal Switch config aaa accounting exec list 1 start stop group radius Switch config ip http accounting exec list 1 Switch config 7 18 ip radius source interface This command is used to specify the interface whose IP address will be used as the source IP address for sen...

Page 110: ...ress for sending TACACS packets To revert to the default setting use the no form of this command ip tacacs source interface INTERFACE ID no ip tacacs source interface Parameters INTERFACE_ID Specifies the interface whose IP address will be used as the source IP address for sending TACACS packets Default The IP address of the closest interface will be used Command Mode Global Configuration Mode Ser...

Page 111: ...p Configuration Mode Command Default Level Level 15 Usage Guideline Use this command to specify a VRF for an AAA RADIUS or TACACS server group This command enables access users to utilize AAA servers in different routing domains Example This example shows how to specify the VRF for a RADIUS server group Switch configure terminal Switch config aaa group server radius_global Switch config sg radius ...

Page 112: ... take precedence When the server is located at the Out Of Band Management Port the user should specify the interface ID of Out Of Band Management Port as the source interface in order to send the request packet to the management port Example This example shows how to set VLAN100 whose IPv6 address will be used as the source IPv6 address for sending RADIUS packets Switch configure terminal Switch c...

Page 113: ...address from the RADIUS attribute 4 address use the no command radius server attribute 4 IP ADDRESS no radius server attribute 4 IP ADDRESS Parameters IP ADDRESS Specifies the IP address to be configured as the RADIUS attribute 4 address inside RADIUS packets Default By default the RADIUS NAS IP Address attribute will be the IP address on the interface that connects the Network Access Server NAS t...

Page 114: ...0 the unresponsive server will not be marked as dead Default By default this value is 0 Command Mode Global Configuration Mode Command Default Level Level 15 Usage Guideline This command can be used to improve the authentication processing time by setting the dead time to skip the unresponsive server host entries When the system performs authentication with the authentication server it attempts on...

Page 115: ...d 255 seconds If not specified the default value is 5 seconds retransmit COUNT Optional Specifies the retransmit times of requests to the server when no response is received The value is from 0 to 20 Use 0 to disable the retransmission If not specified the default value is 2 0 Optional Specifies the password in clear text form This is the default option 7 Optional Specifies the password in the enc...

Page 116: ...efined server group can be specified as the method list for authentication or accounting via the aaa authentication and aaa accounting commands Use the radius server host command to create a server host entry A host entry is identified by IP Address Example This example shows how to create two RADIUS server hosts with the different IP addresses A server group is then created with the two server ho...

Page 117: ...oup will be attempted in the configured order Use the tacacs server host command to create a server host entry A host entry is identified by the IP Address Example This example shows how to create two TACACS server hosts A server group is then created with the two server hosts Switch configure terminal Switch config tacacs server host 172 19 10 100 port 1500 timeout 8 key ABCDE Switch config tacac...

Page 118: ...er is 49 The range is 1 to 65535 timeout SECONDS Optional Specifies the time out value This value must be between 1 and 255 seconds The default value is 5 seconds 0 Optional Specifies the password in the clear text form This is the default option 7 Optional Specifies the password in the encrypted form key KEY STRING Specifies the key used to communicate with the server The key can be from 1 to 254...

Page 119: ...line Use this command to display statistics counters related to servers Example This example shows how to display the server related statistics counters Switch show radius statistics RADIUS Server 172 19 192 80 Auth Port 1645 Acct Port 1646 State is UP Auth Acct Round Trip Time 10 10 Access Requests 4 NA Access Accepts 0 NA Access Rejects 4 NA Access Challenges 0 NA Acct Request NA 3 Acct Response...

Page 120: ...es The number of malformed RADIUS Response packets received from this server Malformed packets include packets with an invalid length Bad authenticators or Signature attributes or unknown types are not included as malformed responses Bad Authenticators The number of RADIUS Response packets containing invalid authenticators or Signature attributes received from this server Pending Requests The numb...

Page 121: ...s statistics TACACS Server 172 19 192 80 49 State is UP Socket Opens 0 Socket Closes 0 Total Packets Sent 0 Total Packets Recv 0 Reference Count 0 Display Parameters TACACS Server IP address of the TACACS server Socket Opens Number of successful TCP socket connections to the TACACS server Socket Closes Number of successfully closed TCP socket attempts Total Packets Sent Number of packets sent to t...

Page 122: ...AC address a 48 bit address Default No static entries are installed in the ARP cache Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The ARP table keeps the network layer IP address to local data link MAC address association The association is kept so that the addresses will not have to be repeatedly resolved Use this command to add static ARP entries Example ...

Page 123: ...ws how to set the ARP timeout to 60 minutes to allow entries to time out more quickly than the default setting Switch configure terminal Switch config interface vlan1 Switch config if arp timeout 60 Switch config if 8 3 clear arp cache This command is used to clear the dynamic ARP entries from the table clear arp cache vrf VRF NAME all interface INTERFACE ID IP ADDRESS Parameters VRF NAME Optional...

Page 124: ...condary IP address If this keyword is not specified the configured address is the primary IP address dhcp Specifies to acquire an IP address configuration on an interface from the DHCP protocol Default The default IP address for VLAN 1 is 10 90 90 90 8 Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The IPv4 address of an interface can be either manually as...

Page 125: ... Level 12 Usage Guideline Use this command to configure the proxy ARP state for an interface When proxy ARP is enabled the system will respond to ARP requests for IP addresses within the local connected subnets Proxy ARP can be used in the network where hosts have no default gateway configured Example This example shows how to enable proxy the ARP feature on the interface of VLAN 100 Switch config...

Page 126: ...how to enable local proxy ARP on VLAN100 Switch configure terminal Switch config interface vlan100 Switch config if ip local proxy arp Switch config if 8 7 ip arp elevation This command is used to assign a higher priority to all ARP packets to this switch than other ARP packets ip arp elevation no ip arp elevation Parameters None Default By default all ARP packets have the same priority Command Mo...

Page 127: ...Switch configure terminal Switch config interface vlan4 Switch config if ip mtu 6000 Switch config if 8 9 show arp This command is used to display the Address Resolution Protocol ARP cache show arp vrf VRF NAME ARP TYPE IP ADDRESS MASK INTERFACE ID HARDWARE ADDRESS Parameters VRF NAME Optional Specifies the VRF instance name ARP TYPE Optional Specifies the ARP type dynamic Specifies to display onl...

Page 128: ...re Addr IP Interface Age min S 10 108 42 112 00 00 a7 10 4b af vlan100 forever 10 108 42 114 00 00 a7 10 85 9b vlan200 forever 10 108 42 121 00 00 a7 10 68 cd vlan300 125 Total Entries 3 Switch 8 10 show arp timeout This command is used to display the aging time of Address Resolution Protocol ARP cache show arp timeout interface INTERFACE ID Parameters INTERFACE ID Specifies the interface ID Defau...

Page 129: ...erface brief Optional Specifies to display a summary of the IP interface information Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline If no parameter is specified information for all the interfaces will be displayed Example This example shows how to display the brief information of the IP interface Switch show ip interface brief Interface ...

Page 130: ...10 0 0 1 24 Manual Total Entries 1 Switch 8 12 ip directed broadcast This command is used to enable the conversion of IP directed broadcasts received by the interface to physical broadcasts when the destination network is directly connected to the switch Use the no command to disable the conversion ip directed broadcast no ip directed broadcast Parameters None Default By default this option is dis...

Page 131: ...roadcast option is enabled then these packets are translated to broadcast and forwarded to all the hosts in the destination subnet The forwarded interface can be the receiving interface or other interfaces of the switch Example This example shows how to enable the IP directed broadcast feature on the interface of VLAN 100 Switch configure terminal Switch config interface vlan100 Switch config if i...

Page 132: ...only clear dynamic neighbor cache entries Example This example shows how to clear IPv6 neighbor cache entries associated with interface VLAN 1 Switch clear ipv6 neighbors vlan1 Switch 9 2 ipv6 address This command is used to manually configure an IPv6 addresses on the interface Use the no form of the command to delete a manually configured IPv6 address ipv6 address IPV6 ADDRESS PREFIX LENGTH PREFI...

Page 133: ...ty of mechanisms including manual configuration stateless address configuration and stateful address configuration However within the same prefix only one IPv6 address can be configured When the IPv6 address is configured on an interface IPv6 processing is enabled for the interface The prefix of the configured IPv6 address will automatically be advertised as prefix in the RA messages transmitted o...

Page 134: ...on the interface enables IPv6 processing and the router advertisement containing an assigned global address prefix will be received on this interface from an IPv6 router Then the resulting address that is a combination of the prefix and the interface identifier will be assigned to the interface When this option is disabled the obtained global unicast address will be removed from the interface If t...

Page 135: ...Pv6 ISTAP tunnel the last 32 bits of the interface ID are constructed using the source IPv4 address of the tunnel Example This example shows how to add an IPv6 address incidence Switch configure terminal Switch config interface vlan1 Switch config if ipv6 address 3ffe 501 ffff 0 64 eui 64 Switch config if 9 5 ipv6 address dhcp This command is used to configure an interface using DHCPv6 to get an I...

Page 136: ...ssing on interfaces that have no IPv6 address explicitly configured Use the no form of the command to disable IPv6 processing on interfaces that have no IPv6 address explicitly configured ipv6 enable no ipv6 enable Parameters None Default By default this option is disabled Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline When the IPv6 address is explicitly c...

Page 137: ... Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to configure the hop limit to be advertised in RA messages The IPv6 packet originated at the system will also use this value as the initial hop limit Example This example shows how to configure the IPv6 hop limit value Switch configure terminal Switch config interface vlan1 Switch config if i...

Page 138: ...ssing Example This example shows how to set the IPv6 MTU value as 6000 bytes at VLAN 4 Switch configure terminal Switch config interface vlan4 Switch config if ipv6 mtu 6000 Switch config if exit Switch config This example shows how to restore the default IPv6 MTU value Switch configure terminal Switch config interface vlan4 Switch config if no ipv6 mtu Switch config if 9 9 ipv6 nd managed config ...

Page 139: ... other config flag no ipv6 nd other config flag Parameters None Default By default this feature is disabled Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline By setting the other configuration flag on the router instructs the connected hosts to use a stateful configuration protocol to obtain auto configuration information other than the IPv6 address Example T...

Page 140: ...wing combinations Combination 1 Both the off link and no autoconfig options are not specified o The prefix is inserted in the routing table L bit 1 A bit 1 Combination 2 The no autoconfig option is specified o The prefix is inserted in the routing table L bit 1 A bit 0 Combination 3 The off link option is specified o The prefix is not inserted in the routing table L bit 0 A bit 1 For a prefix the ...

Page 141: ...d range is from 3 to 1350 seconds Default The default maximum interval is 200 seconds Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The minimum interval time will never be less than 3 seconds Example This example shows how to configure the IPv6 RA interval timer value Switch configure terminal Switch config interface vlan1 Switch config if ipv6 nd ra inte...

Page 142: ...is used to disable the sending of RA messages on the interface Use the no command to enable sending of RA messages ipv6 nd suppress ra no ipv6 nd suppress ra Parameters None Default RA is not disabled on the VLAN interface RA is disabled on the tunnel interface Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline Use the ipv6 nd suppress ra command to disable se...

Page 143: ...l 12 Usage Guideline The configured time is used by the router on the interface and is also advertised in the RA message If the specified time is 0 the router will use 1200 seconds on the interface and advertise 1200 unspecified in the RA message The reachable time is used by the IPv6 node in determining the reachability of the neighbor nodes Example This example shows how to configure the reachab...

Page 144: ... This example shows how to configure the IPv6 NS message retransmission interval to 6 seconds Switch configure terminal Switch config interface vlan1 Switch config if ipv6 nd ns interval 6000 Switch config if 9 17 ipv6 neighbor This command is used to create a static ipv6 neighbor entry Use the no form of this command to delete a static IPv6 neighbor entry ipv6 neighbor IPV6 ADDRESS INTERFACE ID M...

Page 145: ...r fe80 1 vlan1 00 01 80 11 22 99 Switch config 9 18 show ipv6 general prefix This command is used to display IPv6 general prefix information show ipv6 general prefix PREFIX NAME Parameters PREFIX NAME Optional Specifies the name of the general prefix to be displayed If the general prefix name is not specified all general prefixes will be displayed The general prefix name can be up to 32 characters...

Page 146: ...SATAP tunnel will be displayed Example This example shows how to display IPv6 interface information Switch show ipv6 interface vlan2 vlan2 is up Link status is down IPv6 is enabled link local address FE80 201 1FF FE02 305 Global unicast address 200 2 64 DHCPv6 PD IP MTU is 1500 bytes RA messages are sent between 66 to 200 seconds RA advertised reachable time is 1200000 milliseconds RA advertised r...

Page 147: ...ameters IPV6 ADDRESS Specifies the IPv6 address to display its IPv6 neighbor cache entry INTERFACE ID Specifies the interface to display IPv6 neighbor cache entry Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the IPv6 neighbor cache entry Example This example shows how to display the IPv6 neighbor cache entry...

Page 148: ...ing neighbor advertisement message has not yet been received REACH Reachable Corresponding neighbor advertisement message was received and the reachable time in milliseconds has not elapsed yet It indicates that the neighbor was functioning properly STALE More than the reachable time in milliseconds have elapsed since the last confirmation was received PROBE Sending the neighbor solicitation messa...

Page 149: ...BFD on the routing protocol enable BFD first before configuring the routing protocol Example This example shows how to enable the BFD function Switch configure terminal Switch config bfd enable Switch config 10 2 bfd interval This command is used to configure the parameters of the BFD function Use no command to restore these parameters to the default values bfd interval VALUE min_rx VALUE multipli...

Page 150: ...This command is used to change the BFD parameters Configuring the interval value too small may cause stability issues in the system Example This example shows how to configure the BFD parameters Switch configure terminal Switch config interface vlan1 Switch config if bfd interval 400 Switch config if bfd min_rx 100 Switch config if bfd multiplier 5 Switch config if 10 3 bfd slow timers This comman...

Page 151: ...ional Specifies to display BFD information on the specified interface Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display the BFD global state and settings on each interface Example This example shows how to display BFD information on all interfaces Switch show bfd BFD Global State Disabled BFD Interface Settin...

Page 152: ...Level Level 1 Usage Guideline This command is used to display BFD neighbor information Example This example shows how to display BFD neighbor information Switch show bfd neighbor BFD Neighbor Table Local Discr Local Discriminator Remote Discr Remote Discriminator Neighbor Address Interface Name Local Discr Remote Discr Detect Time ms Status 10 0 0 3 System 1 1 100 UP Total Entries 1 Switch show bf...

Page 153: ...rnet Switch CLI Reference Guide 148 10 0 0 3 System 1 1 100 UP Local Diagnostic No Diagnostic Poll Bit Not set Remote Minimum RX Interval 50 ms Remote Minimum TX Interval 50 ms Remote Multiplier 3 Register Protocol OSPF VRRP Total Entries 1 Switch ...

Page 154: ... to different address family enter the address family configuration mode to configure the command For all command settings that are configured in the IPv4 unicast address family mode is equivalent to the command settings configured in the router configuration mode Use the exit command to leave the address family configuration mode and return to router configuration mode without removing the existi...

Page 155: ...se the exit command to leave the address family configuration mode and return to the router configuration mode without removing the existing configuration Example This example shows how to enter the VPN4 address family and activate a BGP peer Switch configure terminal Switch config router bgp 120 Switch config router address family vpnv4 Switch config router af neighbor 10 2 2 5 activate Switch co...

Page 156: ...e atomic aggregation flag is set to indicate that the AS path information of the more specific route information might be lost from the aggregated entry If the summary only option is not specified the aggregated route together with its more specific routes is advertised If specified the more specific routes are not advertised When the as set option is specified the AS number information of those m...

Page 157: ...ction for paths that are advertised from neighbors in either the same or different autonomous systems Use the no command to use MED only for paths that are advertised from neighbors in the same autonomous system bgp always compare med no bgp always compare med Parameters None Default By default this option is disabled Command Mode Router Configuration Mode Command Default Level Level 12 Usage Guid...

Page 158: ...h the highest weight is preferred The path with the highest local preference is preferred The local routes generated by network command redistribute command and aggregate command is preferred over other routes The routes generated by network and redistribute command has higher preference than aggregate route The path with shorter AS path is preferred The origin attribute is compared IGP is preferr...

Page 159: ...P process will compare the confederation AS path length of the routes received The shorter the confederation AS path length the better the route is Example This example shows how to enable BGP process to compare the AS path which contains some confederation as numbers Switch configure terminal Switch config router bgp 100 Switch config router bgp bestpath compare confed aspath 11 8 bgp bestpath co...

Page 160: ...o configure a BGP routing process to compare the Multi Exit Discriminator MED between paths learned from confederation peers Use the no form of the command to disable MED comparison of paths received from confederation peers bgp bestpath med confed no bgp bestpath med confed Parameters None Default By default MEDs are not compared between paths from confederation peers Command Mode Router Configur...

Page 161: ...ult in the remote peer The remote peer will not pass the MED value with routes for further path advertisement The lower MED value is preferred than the larger MED value By default MED 0 is assigned to a route if missing MED missing Use the bgp bestpath med missing as worst command to configure the BGP router to assign a largest MED value to a route if missing MED Example This example shows how to ...

Page 162: ...shed then use the no bgp client to client reflection command to disable client to client reflection because route reflection is not required Example This example shows how to configure the local router is a route reflector with three neighbors as the clients The client to client reflection is enabled to enable the route reflection Switch configure terminal Switch config router bgp 100 Switch confi...

Page 163: ...how to configure the cluster has multiple route reflectors and the local router as one of the route reflectors It is configured with cluster ID 10 1 10 1 Switch configure terminal Switch config router bgp 100 Switch config router bgp cluster id 10 1 10 1 11 13 bgp confederation identifier This command is used to specify a BGP confederation identifier Use the no form of this command to remove the c...

Page 164: ...mand Default Level Level 12 Usage Guideline In a large scale BGP network confederation is a mechanism used to reduce the needs of fully mesh of iBGP sessions With confederation an autonomous system can be partitioned into a number of a sub AS To the routers outside the group of sub AS appear as a single AS identified by the confederation ID Each sub AS is fully meshed within the sub AS and is conn...

Page 165: ...eshold the route will become a dampening route and will not be advertised The range is from 1 to 20000 MAX SUPPRESS TIME Optional Specifies the maximum time in minutes that a route can be in the dampened state The range is from 1 to 255 The default is 4 times the half life UN REACHABILITY HALF LIFE Specifies the time in minutes after which the penalty of the unreachable routes will be down by half...

Page 166: ...s 10000 The BGP dampening values are set to 20 minutes for the half life 2500 for the reuse value 8000 for the suppress value and 80 minutes for the maximum suppress time Switch configure terminal Switch config router bgp 10000 Switch config router bgp dampening 20 2500 8000 80 20 11 16 bgp default ipv4 unicast This command is used to enable the exchange of IPv4 unicast routing information Use the...

Page 167: ...tination network The local preference will be sent with the route advertised to the iBGP peers If an external route is both reachable via the local router and an iBGP peer router the local preference value determines the preferred exit point to reach the external route Use the bgp default local preference command to specify the default local preference to be associated with the routes received by ...

Page 168: ...rmed right after the command is entered The best path selection algorithm will then pick the best paths using the existing rules the comparison is made on a per neighbor autonomous system basis and then global basis If the bgp deterministic med command is disabled the paths will not be grouped and sorted Example This example shows how to enable the compare MED value for autonomous system 65534 Swi...

Page 169: ...fast external failover bgp fast external failover no bgp fast external failover Parameters None Default By default this option is enabled Command Mode Router Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to globally disable or enable fast external failover of BGP sessions for the directly connected external peers When fast external failover is enabled the s...

Page 170: ...you explicitly override it by configuring the corresponding value on the neighbor The stalepath time parameter is used to set the maximum time to preserve stale paths from a gracefully restarted neighbor All stale paths unless reinstated by the neighbor after a re establishment will be deleted at the expiration of this timer When adjusting the timer values the restart timer should not be set to a ...

Page 171: ...h configure terminal Switch config router bgp 65100 Switch config router bgp router id 192 168 1 1 11 23 bgp scan time This command is used to configure the BGP scan timer value The BGP router will periodically check whether the next hop is reachable from the BGP route Use the no form of command to reset to default setting bgp scan time SCAN INTERVAL no bgp scan time Parameters SCAN INTERVAL Speci...

Page 172: ...ons with peers in the specified AS will be reset NEIGHBOR ADDRESS Specifies to issue reset of the specified neighbor session PEER_GROUP NAME Specifies to issue reset of the peer group sessions in Optional Specifies to issue the inbound reconfiguration If neither in nor out keyword is specified both inbound and outbound sessions are reconfigured prefix filter Optional Specifies to clear the existin...

Page 173: ...ps When the inbound session is soft reset with the prefix filter option if the capability ORF prefix list is enabled in the receive mode the local BGP will notify the remote neighbor to send the updated prefix filter Example This example shows how to configure a soft reconfiguration that is initiated for the inbound sessions with the neighbor 10 100 0 1 and the outbound session is unaffected Switc...

Page 174: ... IPv4 unicast address family prefixes Switch clear ip bgp dampening Switch 11 26 clear ip bgp external This command is used to reset external Border Gateway Protocol eBGP peering sessions using hard or soft reconfiguration clear ip bgp ipv4 unicast external soft in prefix filter out Parameters ipv4 Specifies to issue the reset of eBGP peering sessions for IPv4 address family unicast Specifies to i...

Page 175: ... unicast vpnv4 vrf VRF NAME flap statistics IP ADDRESS MASK LENGTH Parameters ipv4 Specifies to clear an IPv4 address family routing entry unicast Specifies to clear a unicast address family routing entry vrf VRF NAME Specifies the VRF address family routing entry vpnv4 Specifies the IPv4 VPN address family routing entry MASK LENGTH Optional Specifies the mask length for the IP address Default Non...

Page 176: ...RF Mode Command Default Level Level 12 Usage Guideline User can use the distance bgp command to set the administrative distance for routes learned from eBGP peers and iBGP peers The distance bgp command acts as the distance command for other routing protocol determines which routes will be installed in routing information base Numerically an administrative distance is an integer from 1 to 255 In g...

Page 177: ...the route is permitted If the matched rule is a deny rule then the route is denied Use the match as path command to match an access list in a route map entry definition To match a route map entry all match statements must be satisfied To match an AS path access list if an entry in the access list matches the route then no further check will be done against the remaining entries in the access list ...

Page 178: ...egular expressions can be used only with expanded community lists Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The community attribute is used for implementing policy routing It is an optional transitive attribute and facilitates transfer of local policies through different autonomous systems A community attribute is represented by a 32 bits in...

Page 179: ...w spaces permit Specifies the extended community to accept deny Specifies the extended community to reject EXTCOMMUNITY Specifies the EXT COMMUNITY This consists of an RT value or an SOO value It can accept 12 values for one entry There are two different types for the RT value or SOO value IP address number The IP address should be a global IP address that is assigned to the user and the number is...

Page 180: ...ommunity list expanded myexpcom permit _20 0 9 11 32 match as path This command is used to define a BGP AS path access list match condition in a route map rule To delete a match statement use the no form of this command match as path ACCESS LIST NAME no match as path Parameters ACCESS LIST NAME Specifies an AS path access list name Default No match statements in the route map Command Mode Route ma...

Page 181: ...p can contain multiple route map entries which is either a permit entry or a deny entry When a route is checked against a route map the entry in the route map will be checked whether match the route based on its sequence number in the route map If an entry is found matched the action associated with the entry will be taken and no further check will be done against the remaining entry in the route ...

Page 182: ...ighbor IP ADDRESS PEER GROUP NAME activate Parameters IP ADDRESS Specifies the IP address of the neighbor peer PEER GROUP NAME Specifies the name of the BGP peer group Default The exchange of the IPv4 unicast address family is enabled by default The exchange for all other address families is disabled Command Mode Router Configuration Mode Address Family Configuration Mode IPv4 unicast VPNv4 and VR...

Page 183: ...mum interval in seconds between the sending of update messages This value must be between 0 and 600 Default 30 seconds for external peers 5 seconds for internal peers Command Mode Router Configuration Mode Address Family Configuration Mode VRF Command Default Level Level 12 Usage Guideline If a BGP peer group is specified for the command all the members of the peer group will inherit the setting c...

Page 184: ...loop and the packets will be discarded If the allowas in setting is enabled the BGP router s own AS is allowed in the AS path list Example This example shows how to set the number of times that the local router s own AS is allowed to appear in the update packets received from the neighbors 100 16 5 4 to 5 Switch configure terminal Switch config router bgp 65100 Switch config router neighbor 100 16...

Page 185: ...nfigure the minimum interval value when sending these routes Example This example shows how to set the AS origination interval of 15 1 1 52 to 100 Switch configure terminal Switch config router bgp 65100 Switch config router neighbor 15 1 1 52 as origination interval 100 11 38 neighbor as override This command is used to enable to override the AS number of a site with the provider s AS number on a...

Page 186: ...and is used to configure the router to advertise the graceful restart capability to the neighbors Use the no form of this command to configure the switch so it does not advertise the graceful restart capability to its neighbor neighbor IP ADDRESS PEER GROUP NAME capability graceful restart no neighbor IP ADDRESS PEER GROUP NAME capability graceful restart Parameters IP ADDRESS Specifies the IP add...

Page 187: ...Family Configuration Mode IPv4 unicast VPNv4 and VRF Command Default Level Level 12 Usage Guideline The user can use the BGP ORF Outbound Route Filtering capability to reduce the number of prefixes exchanged with the peer Typically the command must be configured in pair on the local router and the remote router The function can operate in one direction or in both directions When it operates in one...

Page 188: ...hbor IP ADDRESS PEER GROUP NAME default originate Parameters IP ADDRESS Specifies the IP address of the neighbor peer PEER GROUP NAME Specifies the name of the BGP peer group route map MAP NAME Optional Specifies the name of a route map to achieve conditional injection of default route Default No default route is sent to the neighbor Command Mode Router Configuration Mode Address Family Configurat...

Page 189: ...imum of 80 characters The syntax is a general string that allows spaces Default None Command Mode Router Configuration Mode Address Family Configuration Mode VRF Command Default Level Level 12 Usage Guideline If you specify a BGP peer group for the command all the members of the peer group will inherit the setting configured with this command Example This example shows how to configure a descripti...

Page 190: ... eBGP peer 172 16 10 10 that is not directly connected to the local peer Switch configure terminal Switch config router bgp 65100 Switch config router network 10 108 0 0 Switch config router neighbor 172 16 1 1 ebgp multihop 11 44 neighbor filter list This command is used to set up a BGP filter for the exchange of routing information with the specified neighbor Use the no command to disable this f...

Page 191: ...nfig ip as path access list myacl deny 123 Switch config ip as path access list myacl permit Switch config router bgp 65100 Switch config router neighbor 192 168 6 6 remote as 123 Switch config router neighbor 172 16 1 1 remote as 47 Switch config router neighbor 172 16 1 1 filter list myacl out 11 45 neighbor maximum prefix This command is used to specify the maximum number of prefixes that can b...

Page 192: ...ill be generated to notify the user of the event If the warning only option is specified a system message will be generated to notify the user of the event If a session is terminated due to exceeding of the maximum prefixes the session will not be rebuilt unless the clear ip bgp command is issued to do a hard reset on the session Example This example shows how to set the maximum prefixes that will...

Page 193: ...f Router config router 11 47 neighbor password This command is used to enable Message Digest 5 MD5 authentication and set the password on a TCP connection between two BGP peers Use the no command to disable this function neighbor IP ADDRESS PEER GROUP NAME password PASSWORD no neighbor IP ADDRESS PEER GROUP NAME password Parameters IP ADDRESS Specifies the IP address of the BGP peer PEER GROUP NAM...

Page 194: ... PEER GROUP NAME peer group no neighbor PEER GROUP NAME peer group Parameters PEER GROUP NAME Specifies the name of the BGP peer group Default By default no peer group is created Command Mode Router Configuration Mode Address Family Configuration VRF Mode Command Default Level Level 12 Usage Guideline In many cases multiple remote neighbors may share the same attribute settings To simplify the tas...

Page 195: ...ember that has no remote AS configured is not allowed to join this peer group The group member can have its own configured remote AS If remote AS is set for the peer group later all group member s remote AS will be changed to the same remote AS After a neighbor joined a peer group the following command will be prohibited to be configured on the individual neighbor neighbor timers neighbor filter l...

Page 196: ...re distributed to BGP neighbor Command Mode Router Configuration Mode Address Family Configuration IPv4 unicast VPNv4 and VRF Mode Command Default Level Level 12 Usage Guideline The neighbor prefix list command can be specified per address family When specified in the router configuration mode the prefix list is applied to the IPv4 unicast address family only The user can specify one prefix list p...

Page 197: ...neighbor A neighbor must have a remote AS specified in order to configure other neighbor commands The remote AS of a neighbor is specified by either the remote as setting for the neighbor or by the remote as setting for the peer group that the neighbor joined By default neighbors that are defined using the neighbor remote as command in router configuration mode exchange only unicast address prefix...

Page 198: ...us system number for the IPv4 unicast address family prefixes sent to 172 16 2 33 Switch configure terminal Switch config router bgp 100 Switch config router neighbor 10 108 1 1 description peer with private as Switch config router neighbor 10 108 1 1 remote as 65001 Switch config router neighbor 10 108 1 1 remove private as Switch config router neighbor 172 16 2 33 remote as 2051 Switch config ro...

Page 199: ...ing route from 172 16 70 24 Switch configure terminal Switch config router bgp 5 Switch config neighbor 172 16 70 24 route map internal map out Switch config route map internal map Switch config route map match as path 1 Switch config route map set local preference 100 Switch config route map 11 54 neighbor route reflector client This command is used to configure the router as a BGP route reflecto...

Page 200: ...s more than on route reflector Use the no bgp client to client reflection command to disable the route reflection when the connections between clients are already fully meshed Example This example shows how to add a neighbor as the route reflector client Switch configure terminal Switch config router bgp 50 Switch config address family ipv4 Switch config router af neighbor 10 20 10 2 remote as 50 ...

Page 201: ...4 4 send community both 11 56 neighbor shutdown This command is used to disable a neighbor or a peer group Use the no form of this command to re enable a neighbor or a peer group neighbor IP ADDRESS PEER GROUP NAME shutdown no neighbor IP ADDRESS PEER GROUP NAME shutdown Parameters IP ADDRESS Specifies the IP address of the neighbor peer PEER GROUP NAME Specifies the name of the BGP peer group Def...

Page 202: ... inbound is disabled then the local router will send the route refresh request to the neighbor to ask for the route refresh If soft reconfiguration inbound is enabled then the routing table can be rebuilt based on the stored route updates information Enabling of the soft reconfiguration feature will consume extra system resource to store the route The user can use the show ip bgp neighbors command...

Page 203: ... Mode Command Default Level Level 12 Usage Guideline Use this command to set the SoO value for a BGP neighbor or a peer group The SoO extended community is BGP extended communities attribute that is used to identify routes that have originated from a site so that the re advertisement of that prefix back to the source site can be prevented The SoO extended community uniquely identifies the site fro...

Page 204: ... Example This example shows how to set the connect time of 14 1 1 52 to 90 seconds Switch configure terminal Switch config router bgp 65100 Switch config router neighbor 14 1 1 52 tcp reconnect 90 Switch config router 11 60 neighbor timers This command is used to configure the BGP timers for a specific BGP peer or a peer group Use the no form of this command to remove the timers setting neighbor I...

Page 205: ...72 16 10 10 timers 120 360 11 61 neighbor unsuppress map This command is used to selectively advertise routes that are previously suppressed by the aggregate address command Use the no form of this command to remove the unsuppressed route map neighbor IP ADDRESS PEER GROUP NAME unsuppress map MAP NAME no neighbor IP ADDRESS PEER GROUP NAME unsuppress map Parameters IP ADDRESS Specifies the IP addr...

Page 206: ... the name of the BGP peer group INTERFACE TYPE Specifies the type of the interface The supporting types are VLAN interface and loopback interface INTERFACE NUMBER Specifies the number of the interface The interface number s range is from 1 to 8 for the loopback interface and from 1 to 4094 for the VLAN interface Default The best local address is used Command Mode Router Configuration Mode Address ...

Page 207: ...by the local router to affect the best path selection on the local router Use this command to specify the weight to be associated the routes learned from the specified neighbor The route with highest weight will be chosen as the preferred route If route map set weight to a route then the route map specified weight will override the weight specified by the neighbor weight command Weight is an attri...

Page 208: ...tonomous system and adds it to the BGP routing table For exterior protocols the network command controls which networks are advertised Interior protocols use the network command to determine where to send updates Example This example shows how to set up network 10 108 0 0 to be included in the BGP updates for AS number is 65100 Switch configure terminal Switch config router bgp 65100 Switch config...

Page 209: ...e map MAP NAME Optional Specifies the identifier of a route map used to filter the networks to be redistributed If not specified all networks are redistributed Default By default route redistribution is disabled Command Mode Router Configuration Mode Address Family Configuration IPv4 unicast and VRF Mode Command Default Level Level 12 Usage Guideline This command can be used to redistribute the pr...

Page 210: ...re in the range from 64512 to 65534 65535 is reserved for special use Private autonomous system numbers can be used for internal routing domains but must be translated for traffic that is routed out to the Internet BGP routers should not be configured to advertise private autonomous system numbers to external networks Use this command to enter BGP router configuration mode for the specified routin...

Page 211: ... config route map set as path prepend 1 10 100 200 11 68 set community This command is used to set the BGP communities attribute To delete an entry use the no form of this command set community COMMUNITY NUMBER WELL KNOWN COMMUNITY additive no set community Parameters COMMUNITY NUMBER Specifies the community number is a four bytes integer It is presented in a AA NN format and the AA and the NN bot...

Page 212: ...path ACL1 Switch config route map set community 1 1 Switch config route map 11 69 set dampening This command is used to specify the dampening parameters of routes Use the no form of this command to delete this set command set dampening HALF LIFE REUSE SUPPRESS MAX SUPPRESS TIME UN REACHABILITY HALF LIFE no set dampening Parameters HALF LIFE Specifies the time in minutes after which the penalty of ...

Page 213: ...e MED value for the route matched by the route map Use the no form of this command to remove setting of the MED value set metric VALUE no set metric Parameters VALUE Specifies the MED value set for the matched route Default There is no set metric statement Command Mode Route map Configuration Mode Command Default Level Level 12 Usage Guideline MED is an attribute specified by a local peer and adve...

Page 214: ...erence Parameters VALUE Specifies to set the local preference for the matched route Default There is no set statement Command Mode Route map Configuration Mode Command Default Level Level 12 Usage Guideline The local preference number is used to control the preferred exit point from the local AS to the same destination network The local preference will be sent with the route advertised to the iBGP...

Page 215: ...ommand is to set origin code for the redistributed route The origin code ORIGIN is a well known mandatory attribute that indicates the origin of the prefix The origin code has three values IGP indicates that the prefix is originated from an Interior Gateway Protocol EGP indicates that the prefix is originated from an Exterior Gateway Protocol INCOMPLETE indicates that the prefix is originated from...

Page 216: ... can also be set in route map to associate the weight with the ingress route When a route s weight is set by both the neighbor weight command and the set weight command the setting set by the set weight command will override the setting set by the neighbor weight command You can verify your settings by entering the show route map command Example This example shows how to define a route map myPolic...

Page 217: ...LENGTH longer prefixes route map NAME Parameters ipv4 Optional Specifies to display the IPv4 address family routing entries vpnv4 Optional Specifies to display the VPNv4 address family routing entries unicast Specifies to display unicast address family routing entries all Specifies to display all the VPNv4 routing entries rd RD VALUE Specifies to display the VPNv4 routing entries that match the sp...

Page 218: ... 2 local router ID is 20 1 1 1 Status codes s suppressed d damped h history valid best i internal Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 89 1 1 0 24 10 1 1 4 0 0 5 i 89 1 2 0 24 10 1 1 4 0 0 5 i 89 1 3 0 24 10 1 1 4 0 0 5 i 89 1 4 0 24 10 1 1 4 0 0 5 i 89 1 5 0 24 10 1 1 4 0 0 5 i 99 1 1 0 24 10 1 1 4 1 100 32768 i Switch In the following example all paths a...

Page 219: ...is a history path The path is valid The entry is the best path to that network i The path was learned via an iBGP session Origin codes The origin of the path It can be one of the following values i Path originated from IGP e Entry originated from EGP Origin of the path is not clear Network The IP address of a network Next Hop The IP address of the next router to forward the packet Metric The value...

Page 220: ...ow to display aggregate entries Switch show ip bgp aggregate Network Address Options 100 0 0 0 8 200 0 0 0 10 summary only Total Aggregate Address Number 2 Switch show ip bgp vpnv4 vrf VPN A aggregate Network Address VRF Name Options 5 5 5 0 24 VPN A 100 0 0 0 8 VPN A summary only Total Aggregate Address Number 2 Switch 11 77 show ip bgp cidr only This command is used to display the CIDR classless...

Page 221: ...cal router ID is 10 1 1 99 Status codes s suppressed d damped h history valid best i internal Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 10 10 10 0 24 172 16 10 1 0 300 10 i 10 10 20 0 24 172 16 10 1 0 300 10 i 10 20 10 0 24 172 16 10 1 0 0 300 10 i dh 30 10 1 1 24 172 3 3 2 100 50 200 20 i Switch Display Parameters BGP table version The version number of the ta...

Page 222: ...ecifies to display all the VPNv4 routing entries rd RD VALUE Optional Specifies to display the VPNv4 routing entries that match the specified RD vrf VRF NAME Optional Specifies to display the VPNv4 routing entries associated with the VRF COMMUNITY Specifies the community as a 32 bit integer It can be a user specified number represented by AA NN where AA AS number is the upper part of the word and ...

Page 223: ... 10 1 0 300 10 i 10 20 10 0 24 172 16 10 1 0 300 10 i Switch Display Parameters BGP table version The version number of the table This number is incremented whenever the table changes local router ID The IP address of the router Status codes The status of the path It can be one of the following values s The path is suppressed d The path is dampened h The entry is a history path The path is valid T...

Page 224: ...s example shows how to display the detail of the confederation configured Switch show ip bgp confederation BGP AS Number 65501 Confederation Identifier 10 Confederation Peer 65502 65503 Neighbor List IP Address Remote AS Number 10 1 1 1 65501 172 18 1 1 65503 192 168 1 1 65502 Switch 11 80 show ip bgp community list This command is used to display routes that are permitted by the Border Gateway Pr...

Page 225: ...to display the routes that match the specified community list If no option is specified for the command the information for IPv4 unicast address family will be displayed Example This example shows how to display the routes that match the Marketing community list Switch show ip bgp community list Marketing BGP table version is 716977 local router ID is 192 168 32 1 Status codes s suppressed d dampe...

Page 226: ...IP address of a network Next Hop The IP address of the next router IP address of the next router to forward the packet Metric The value of the inter autonomous system metric LocPrf The local preference value Weight The weight of the route Path The AS path to the destination network 11 81 show ip bgp dampening dampened paths This command is used to display the dampened paths in the routing table sh...

Page 227: ...nted whenever the table changes local router ID The IP address of the router Status codes The status of the path It can be one of the following values s The path is suppressed d The path is dampened h The entry is a history path The path is valid The entry is the best path to that network i The path was learned via an iBGP session Origin codes The origin of the path It can be one of the following ...

Page 228: ...ing table Switch show ip bgp dampening flap statistics BGP table version is 1538 local router ID is 172 29 232 182 Status codes s suppressed d damped h history valid best i internal Origin codes i IGP e EGP incomplete Network From Flaps Duration Reuse Path d 10 10 0 0 8 172 33 22 77 6 00 15 41 00 28 10 100i d 10 20 0 0 16 172 339 22 77 6 00 02 43 00 23 20 100i Switch Display Parameters BGP table v...

Page 229: ...nal Specifies to display setting for the IPv4 address vpnv4 Optional Specifies to display setting for the VPNv4 address family unicast Specifies to display setting for the unicast address family vrf VRF NAME Specify to display setting for the VRF address family Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display BP...

Page 230: ...ies to display the VPNv4 routing entries that match the specified RD vrf VRF NAME Optional Specifies to display the VPNv4 routing entries associated with the VRF ACCESS LIST NAME Specifies an AS path access list and only the routes match the access list are displayed Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to ...

Page 231: ...e version number of the table This number is incremented whenever the table changes local router ID The IP address of the router Status codes The status of the path It can be one of the following values s The path is suppressed d The path is dampened h The entry is a history path The path is valid The entry is the best path to that network i The path was learned via an iBGP session Origin codes Th...

Page 232: ...ated with the VRF Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the routes which have inconsistent as originating autonomous systems Example This example shows how to display the routes which have inconsistent as originating autonomous systems Switch show ip bgp inconsistent as BGP table version is 1738 BGP L...

Page 233: ... This example shows how to display the BGP private labels of the routes that match the RD 1 1 Switch show ip bgp rd 1 1 labels BGP table version is 1738 BGP Local Router ID is 11 11 11 11 Status codes s suppressed d damped h history valid best i internal Origin codes i IGP e EGP incomplete Network From In Label Out Label Route Distinguisher 1 1 default for VRF my 88 1 2 0 24 100 1 1 2 1000 no 88 1...

Page 234: ...es advertised to a BGP neighbor received prefix filter Optional Specifies to display the prefix list received from the specified neighbor received routes Optional Specifies to display the routes received from a BGP neighbor routes Optional Specifies to display the routes that are received and accepted from a neighbor The accepted routes are a subset of the received routes Default None Command Mode...

Page 235: ...on 1 Index 1 Offset 0 Mask 0x2 Community attribute sent to this neighbor extended 0 accepted prefixes maximum limit 12000 Threshold for warning message 75 1 announced prefixes Connections established 1 dropped 0 Local host 10 90 90 90 Local port 179 Foreign host 10 1 1 3 Foreign port 33334 Nexthop 10 90 90 90 BGP neighbor 10 1 1 4 remote AS 5 external link Member of peer group my for session param...

Page 236: ...tory valid best i internal Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path i10 0 0 0 172 16 232 179 0 100 0 10 20 2 0 10 0 0 0 0 32768 i Switch This example shows how to display a prefix list that filters all routes in the 10 0 0 0 network has been received from the 192 168 20 72 neighbor Switch show ip bgp neighbors 192 168 20 72 received prefix filter Address famil...

Page 237: ... Use this command to display the networks advertised by BGP Example This example shows how to display the networks advertised by BGP Switch show ip bgp network Network Address Route Map 20 0 0 0 24 Total Network Number 1 Switch show ip bgp vpnv4 vrf VPN A network Network Address VRF Name Route Map 20 0 0 0 8 VPN A Total Network Number 1 Switch 11 89 show ip bgp parameters This command is used to d...

Page 238: ...bled Compare Router ID Disabled MED Missing as Worst Disabled Compare Confederation Path Disabled Fast External Failover Enabled Aggregate Next Hop Check Disabled Default IPv4 Unicast Enabled Switch 11 90 show ip bgp peer group This command is used to display information about the peer group of BGP show ip bgp ipv4 unicast vpnv4 all rd RD VALUE vrf VRF NAME peer group PEER GROUP NAME Parameters ip...

Page 239: ...imum time between AS origination advertisement runs is 15 seconds For address family IPv4 Unicast BGP neighbor is mygroup peer group external members 10 1 1 4 Index 0 Offset 0 Mask 0x0 Maximum Prefix limit 12000 Threshold for warning message 75 Switch 11 91 show ip bgp quote regexp This command is used to display routes matching the regular expression show ip bgp ipv4 unicast vpnv4 all rd RD VALUE...

Page 240: ...mped h history valid best i internal Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path s 172 16 0 0 24 172 16 72 30 0 100 108 100 s 172 16 0 0 24 172 16 72 30 0 100 108 100 172 16 1 0 24 172 16 72 30 0 100 108 100 172 16 11 0 24 172 16 72 30 0 100 108 100 172 16 14 0 24 172 16 72 30 0 100 108 100 172 16 15 0 24 172 16 72 30 0 100 108 100 172 16 16 0 24 172 16 72 30 0 1...

Page 241: ...bute Route Redistribution Settings Source Destination Type Metric RouteMapName Protocol Protocol LOCAL BGP All 0 N A Total Entries 1 Switch show ip bgp vpnv4 vrf VPN A redistribute Route Redistribution Settings For VRF VPN A Source Destination Type Metric RouteMapName Protocol Protocol LOCAL BGP All 0 N A Total Entries 1 Switch 11 93 show ip bgp reflection This command is used to display the route...

Page 242: ...2 18 10 5 Switch 11 94 show ip bgp summary This command is used to display BGP summary information show ip bgp ipv4 unicast vpnv4 all rd RD VALUE vrf VRF NAME summary Parameters ipv4 Optional Specifies the IPv4 address family The type of address family determines the routing table that is displayed unicast Specifies to display the unicast address family vrf VRF NAME Optional Specifies the VRF fami...

Page 243: ...Rcd 10 1 1 3 4 1 27 30 00 12 28 0 10 1 1 4 4 5 28 27 00 12 21 5 10 10 10 10 4 1 0 0 never Connect Total Number of Neighbors 3 Switch Display Parameters Neighbor The IPv4 address of the neighbor Ver The version of BGP used to talk to the neighbor AS The neighbor s autonomous number MsgRcvd The number of received messages MsgSent The number of sent messages Up Down The length of time that the neighb...

Page 244: ...example shows how to display all of the configured IP community lists Switch show ip community list Standard community list C1 permit internet Standard community list C2 permit internet Total Entries 2 Switch 11 96 show ip extcommunity list This command is used to display the configured extended community lists show ip extcommunity list EXTCOMMUNITY LIST NAME Parameters EXTCOMMUNITY LIST NAME Opti...

Page 245: ...l BGP support for Simple Network Management Protocol SNMP operations Use the no form of this command to disable it snmp server enable traps bgp established backward trans no snmp server enable traps bgp established backward trans Parameters established Specifies to enable or disable the sending of the peer established trap backward trans Specifies to enable or disable the sending of the peer idle ...

Page 246: ...se a route to an external neighbor unless the route is a local route or the BGP speaker has learned the route by IGP Example This example shows how to enable synchronization for the BGP process Switch configure terminal Switch config router bgp 65121 Switch config router synchronization Switch config router 11 99 timers bgp This command is used to configure BGP network timers Use the no form of th...

Page 247: ...only be established when the remote peer is equal to or greater than the minimum hold time Example This example shows how to change the keep alive timer value to 50 seconds the hold time timer value to 150 seconds and the minimum acceptable hold time value is 20 seconds Switch configure terminal Switch config router bgp 65100 Switch config router timers bgp 50 150 11 100 debug ip bgp This command ...

Page 248: ...ebug function is turned on Use the command debug ip bgp to turn on BGP debug function Example This example shows how to turn on the BGP FSM event debug switch option Switch debug ip bgp fsm event Switch 10 1 1 4 Outgoing FSM AS Origination Timer Expiry 33 33 33 33 Outgoing FSM Routeadv Timer Expiry 10 1 1 3 Outgoing FSM Routeadv Timer Expiry 100 1 1 2 Outgoing FSM Routeadv Timer Expiry 100 1 1 2 O...

Page 249: ...P received packet debug switch option Switch debug ip bgp packet receive Switch BGP Peer 100 1 1 2 RCV UPDATE withdraw NLRI 88 1 1 0 24 88 1 2 0 24 88 1 3 0 24 88 1 4 0 24 88 1 5 0 24 100 1 1 2 Outgoing DECODE Update Withdrawn Len 20 100 1 1 2 Outgoing RIB Withdraw Prefix 88 1 1 0 BGP Peer 10 1 1 3 RCV KEEPAVLIVE 10 1 1 3 Outgoing DECODE KAlive Received BGP Peer 100 1 1 2 RCV UPDATE attr Orign i A...

Page 250: ... 1 0 24 Deny 11 104 debug ip bgp prefix list This command is used to turn on the BGP IP prefix list debug switch option Use the no form of this command to turn off the BGP IP prefix list debug switch option debug ip bgp prefix list no debug ip bgp prefix list Parameters None Default By default the BGP IP prefix list debug switch option is turned off Command Mode Privileged EXEC Mode Command Defaul...

Page 251: ...nal Specifies to display global parameters in the address family of VPNv4 Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to check internal status and detailed information of BGP If there is no parameter specified then IPv4 global information will be displayed If the parameter is VRF followed by a VRF name VRF global info...

Page 252: ...ay internal detailed information about BGP neighbors debug ip bgp show neighbors vrf VRF NAME vpnv4 Parameters vrf VRF NAME Optional Specifies the VRF name This name can be up to 12 characters long vpnv4 Optional Specifies to display global parameters in the address family of VPNv4 Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this ...

Page 253: ...ihop 255 Weight 0 Update Source loopback1 Next Hop Self Disabled Remove Private As Disabled Allowas In Disabled Address Family IPv4 Unicast IPv4 Unicast Advertised and Received Soft Reconfiguration Inbound Disabled Community Sent to this Neighbor None Default Originate Disabled Outbound Route Filter ORF type 64 Prefix list Send Mode Disabled Receive Mode Disabled Pass Word null Prefix Count 0 Send...

Page 254: ...rs 10 1 1 3 Remote AS Not Set Holdtime Interval 180 seconds Keepalive Interval 60 seconds Advertisement Interval 0 seconds AS Origination Interval 0 Seconds Connect Retry Interval 0 Seconds EBGP Multihop 255 Weight 0 Update Source loopback1 Next Hop Self Disabled Remove Private As Disabled Allowas In Disabled Soft Reconfiguration Inbound Disabled Community Sent to this Neighbor None Default Origin...

Page 255: ...xample This example shows how to display internal detailed information about the BGP network of the address family of IPv4 Switch debug ip bgp show network Network Route Map 192 168 0 0 16 172 16 0 0 16 map1 Total Entries 2 Switch debug ip bgp show network vrf vrf 1 Network Route Map 172 16 0 0 16 map1 Total Entries 1 Switch 11 109 debug ip bgp show aggregate This command is used to display intern...

Page 256: ...h debug ip bgp show aggregate Network Summary Only AS Set SuppressCount 192 168 0 0 16 YES NO 0 172 16 0 0 16 NO NO 2 Total Entries 2 Switch debug ip bgp show aggregate vrf vrf 1 Network Summary Only AS Set SuppressCount 50 0 0 0 8 NO NO 0 60 0 0 0 8 NO NO 0 Total Entries 2 Switch 11 110 debug ip bgp show damp This command is used to display internal detailed information about BGP route damping de...

Page 257: ...Reuse List Size 256 Reuse Offset 19 Current dampened routes Damp Hinfo 484d9be8 index ptr event penalty binfo rn f5 484d9be8 1 1392 484d9ad8 484d9a90 f5 484d9b98 1 1392 484d9a00 484d99b8 f5 484d8080 1 1392 484d9928 484d98e0 f5 484d7fe8 1 1392 484d9808 484d9738 Damp Reuse List Info reuse_index index ptr penalty flap start_time t_updated suppress_time evt 245 1 484d9be8 5010 6 428 448 437 1 245 2 48...

Page 258: ...and detailed information of the BGP interface Example This example shows how to display internal detailed information about the BGP interface Switch debug ip bgp show interface Interface Information Name index network Flags Status VRF System 0001 10 1 1 2 24 5 Up None if3 0002 30 1 1 5 8 5 Up None if10 0003 100 1 1 1 8 5 Up VPNA if11 0004 10 1 1 1 8 5 Up VPNB if2 0005 44 1 1 21 8 5 Down None loopb...

Page 259: ...Node Time Func 481f9ef8 1 80ca052c 480f4410 1 80ca052c 48135368 1 80ca052c 481760c8 1 80ca052c 481b6e28 1 80ca052c 481f7b88 1 80ca052c 481fdf14 1 80c98f34 481f9f14 1 80ca0710 480f442c 1 80ca0710 48135384 1 80ca0710 481760e4 1 80ca0710 Switch 11 113 debug ip bgp show redistribution This command is used to display internal detailed information about BGP route redistribution debug ip bgp show redistr...

Page 260: ... 21 0 3 0 24 RIP 10 2 2 2 21 0 4 0 24 RIP 10 2 2 2 Total Entries 6 Redist list information No redist list exist Switch 11 114 debug ip bgp show as path access list This command is used to display internal detailed information about the BGP path access list debug ip bgp show as path access list Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level...

Page 261: ...e BGP community list debug ip bgp show community list Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to check the internal status and detailed information of the BGP community list Example This example shows how to display internal detailed information about the BGP community list Switch debug ip bgp show...

Page 262: ...rom receiving BPDU packets The port where the BPDU protection function is enabled will enter a protection state drop block shutdown when it receives a STP BPDU packet There are 3 mode behaviors when the switch detects BPDU attacks Drop The switch drops received STP BPDU packets only and the port is placed in the normal state Block The switch drops all received BPDU packets and bock all data and th...

Page 263: ...This command is available for the port and port channel interface configuration Example This example shows how to enable the BPDU Protection function with block mode on interface Ethernet 1 0 1 Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if spanning tree bpdu protection block Switch config if 12 3 show spanning tree bpdu protection This command is used to display...

Page 264: ...tdown Under Attack Switch This example shows how to display the BPDU protection status of interface Ethernet 1 0 1 Switch show bpdu protection interface ethernet 1 0 1 Interface State Mode Status eth1 0 1 Enabled Shutdown Under Attack Switch Display Parameters Interface Indicates the interface that has BPDU protection enabled State Indicates the interface s configuration state Mode Indicates the o...

Page 265: ...ault this feature is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline None Example This example shows how to enable the sending of SNMP notifications for BPDU protection Switch configure terminal Switch config snmp server enable traps stp bpdu protection Switch config ...

Page 266: ...ort has connectivity problems Use the test cable diagnostics command to start the test The copper port can be in one of the following status Open The cable in the error pair does not have a connection at the specified position Short The cable in the error pair has a short problem at the specified position Open or Short The cable has an open or short problem but the PHY has no capability to disting...

Page 267: ...to display the test results for the cable diagnostics Example This example shows how to display the test results for the cable diagnostics Switch show cable diagnostics Port Type Link Status Test Result Cable Length M eth1 1 1 1000BASE T Link Up OK 65 eth1 1 2 1000BASE T Link Up OK eth1 1 3 1000BASE T Link Down Shutdown 25 eth1 1 4 1000BASE T Link Down Shutdown eth1 1 5 1000BASE T Link Down Unknow...

Page 268: ...faces or separate a range of interfaces from a previous range No space before and after the comma Optional Specifies a range of interfaces No space before and after the hyphen Default None Command Mode EXEC Mode Command Default Level Level 1 Usage Guideline This command is used to clear the test results for the cable diagnostics If the test is running on the interface an error message will be disp...

Page 269: ...have successfully been configured to the switch via the command line interface The requirement is to log the command itself along with information about the user account that entered the command into the system log Commands that do not cause a change in the switch configuration or operation such as show will not be logged Information about saving or viewing the system log is described in the sys l...

Page 270: ...o defined parameter it will enable the CFM AIS function This default client maintenance domain level is not a fixed value It may change when creating or deleting a higher level maintenance domain and MA on the device Upon detecting a defect condition the MEP can immediately start transmitting periodic frames with ETH AIS information at a configured client level A MEP continues to transmit periodic...

Page 271: ...ult The default value of the MEP alarm delay time is 250 The default value of the MEP alarm reset time is 1000 Command Mode CFM MEP Configuration Mode Command Default Level Level 12 Usage Guideline This command defines the time period to control when a fault alarm will be sent since a defect is detected That s to say if a MEP detects a defect the corresponding fault alarm will be sent only when th...

Page 272: ...d to enable or disable the CFM CCM function Example This example shows how to enable the CFM CCM function Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if cfm mep mepid 1 ma name op1 domain op domain Switch config cfm mep ccm enable Switch config cfm mep 15 4 ccm interval This command is used to configure the CCM interval for a Maintenance Association MA Use the no...

Page 273: ...xample This example shows how to configure the CCM interval for an MA Switch configure terminal Switch config cfm domain op domain level 2 Switch config cfm md cfm ma name op1 vlan 2 Switch config cfm ma ccm interval 10sec Switch config cfm ma 15 5 cfm domain This command is used to define an MD To delete an MD use the no command cfm domain DOMAIN NAME level LEVEL no cfm domain DOMAIN NAME Paramet...

Page 274: ...ased on it is also deleted Example This example shows how to define the maintenance domain called op domain with maintenance domain level of 2 Switch configure terminal Switch config cfm domain op domain level 2 Switch config cfm md 15 6 cfm global enable This command is used to enable the CFM function globally To disable the CFM function globally use the no command cfm global enable no cfm global...

Page 275: ...h configure terminal Switch config interface ethernet 1 0 1 Switch config if cfm enable Switch config if 15 8 cfm lck start This command is used to start the CFM management lock action To stop the CFM management lock action use the cfm lck stop command cfm lck start mepid MEP ID ma name MA NAME domain DOMAIN NAME cfm lck stop mepid MEP ID ma name MA NAME domain DOMAIN NAME Parameters mepid MEP ID ...

Page 276: ...ME ttl TTL pdu priority COS VALUE Parameters MAC ADDR Specifies the destination MAC address mep MEP ID Specifies the MEP ID to initiate the link trace function name MA NAME Specifies the MA name as the identifier domain DOMAIN NAME Specifies the MD name as the identifier It is a string type of maximum length 22 ttl TTL Specifies the link trace message s TTL value The range is from 2 to 255 The def...

Page 277: ...o1500 The default is 0 pattern STRING Specifies an arbitrary amount of data to be included in a Data TLV along with an indication whether the Data TLV is to be included It is a string type with maximum 1500 No space can be embedded pdu priority COS VALUE Specifies the 802 1p priority to be set in the transmitted LBMs If not specified it uses the same priority as the CCMs sent by the MEP Default No...

Page 278: ... ma name MA NAME Parameters name MA NAME Specifies the MA with a name as the identifier vlan VLAN ID Specifies the primary VLAN ID of the maintenance association Default None Command Mode CFM MD Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to define or delete a maintenance association and enter the CFM MA Configuration Mode Each maintenance association in ...

Page 279: ... the MEP should be specified If not specified it means to enter the CFM MEP Configuration Mode for an existed MEP Default None Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to define a maintenance association end point Each MEP configured in the same MA must have a unique MEP ID The MEP on different MA can have the same MEPID Before c...

Page 280: ...s how to clear the CCM packet counters of all MEPs Switch clear cfm counter ccm Switch 15 14 clear cfm linktrace This command is used to delete received link trace responses clear cfm linktrace mepid MEP ID ma name MA NAME domain DOMAIN NAME all Parameters all Specifies to clear all link trace information for all MEPs mepid MEP ID Specifies the MEP ID name MA NAME Specifies the MA name as the iden...

Page 281: ... of interfaces from a previous range No space before and after the comma Optional Specifies a range of interfaces No space before and after the hyphen rx Optional Specifies the RX counters of the specified physical interface tx Optional Specifies the TX counters of the specified physical interface all Specifies to clear all interface s CFM counters Default None Command Mode Privileged EXEC Mode Co...

Page 282: ...pecifies that only the fault alarms whose priority is equal to or higher than Error CCM Received will be sent xcon ccm Specifies that only the fault alarms whose priority is equal to or higher than Cross connect CCM Received will be sent Default By default this option is none Command Mode CFM MEP Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to control the ...

Page 283: ...IPs and MEPs exist on This default client maintenance domain level is not a fixed value It may change when creating or deleting higher level maintenance domain and MA on the device When the most immediate client layer MIPs and MEPs do not exist the default client maintenance domain level cannot be calculated If the default client maintenance domain level cannot be calculated and the user does not ...

Page 284: ... creation cfm md configuration This command is used to configure the default MIP creation in a maintenance domain To reset the configuration of the MIP creation to the default setting use no command mip creation none auto explicit no mip creation Parameters none Specifies not to create the MIP for a maintenance domain auto Specifies that MIPs will always be created on any port in this maintenance ...

Page 285: ...icit defer no mip creation Parameters none Specifies not to create the MIP on ports in an MA auto Specifies that MIPs can always be created on any port in an MA if that port is not configured with an MEP of this MA For an intermediate switch in an MA the setting must be automatic in order for the MIPs to be created on this device explicit Specifies that MIPs can be created on ports which has an ex...

Page 286: ...ble Parameters None Default By default this option is disabled Command Mode CFM MEP Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to enable and disable MEP state Example This example shows how to enable the MEP state Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if cfm mep mepid 1 ma name op1 domain op domain Switch config c...

Page 287: ...inal Switch config interface ethernet 1 0 1 Switch config if cfm mep mepid 1 ma name op1 domain op domain Switch config cfm mep pdu priority 2 Switch config cfm mep 15 23 sender id cfm md configuration This command is used to configure the default transmission of the sender ID TLV by MPs in a maintenance domain To reset the configuration of the transmission of the sender ID TLV to the default sett...

Page 288: ...nd is used to configure the transmission of the sender ID TLV by MPs for an MA To reset the configuration of the transmission of the sender ID TLV to default setting use the no command sender id none chassis manage chassis manage defer no sender id Parameters none Specifies not to transmit the sender ID TLV In the CFM hardware mode the value is fixed to none chassis Specifies to transmit the sende...

Page 289: ...rminal Switch config cfm domain op domain level 2 Switch config cfm md cfm ma name op ma1 vlan 2 Switch config cfm ma sender id chassis Switch config cfm ma 15 25 show cfm This command is used to display the CFM global state show cfm Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display the CFM gl...

Page 290: ...ow cfm counter ccm CCM counters MEPID 1 VID 1 Level 2 Direction up Port eth1 0 1 XCON 9 Error 8 Normal 100 MEPID 2 VID 1 Level 2 Direction up Port eth1 0 11 XCON 9 Error 8 Normal 100 Total XCON 18 Error 16 Normal 200 Switch Display Parameters XCON It indicates that one or more cross connect CCMs has been received Error It indicates that one or more invalid CCMs have been received Normal It indicat...

Page 291: ...Switch show cfm domain md5 Domain Name md5 Domain Level 5 MIP Creation Auto SenderID TLV Chassis MA Name ma5 Switch 15 28 show cfm interface This command is used to display the CFM state on the specified physical interface show cfm interface INTERFACE ID Parameters interface INTERFACE ID Optional Specifies the interface ID to display The allowed interfaces only include physical interfaces Optional...

Page 292: ... 10 MEPID 2 Direction down Domain Name md6 Level 6 MA Name ma6 VID 10 MEPID MIP Switch 15 29 show cfm linktrace This command is used to display the link trace responses show cfm linktrace mepid MEP ID ma name MA NAME domain DOMAIN NAME trans id ID Parameters mepid MEP ID Specifies the MEP ID name MA NAME Specifies the MA name as the identifier domain DOMAIN NAME Specifies the MD name as the identi...

Page 293: ...1B Forwarded Yes Relay Action FDB Hop 2 MEPID 2 Ingress MAC Address 00 07 00 00 00 1C Egress MAC Address 00 00 00 00 00 00 Forwarded No Relay Action Hit Switch Display Parameters Relay Action Hit The LTM reached an MP whose MAC address matches the target MAC address FDB The Egress Port was determined by consulting the Filtering Database MPDB The Egress Port was determined by consulting the MIP CCM...

Page 294: ...seconds SenderID TLV Chassis MEPID List 1 2 MEPID 1 Port eth1 0 2 Direction up Switch Display Parameters MEPID The MEP already created in the MA Port The MEP port Direction The MEP direction up or down 15 31 show cfm mep This command is used to display the MEPs that have configurations show cfm mepid MEP ID ma name MA NAME domain DOMAIN NAME Parameters mepid MEP ID Specifies the MEP ID The range i...

Page 295: ...LCK State Disabled LCK Period 1 Second LCK Client Level Invalid LCK Status Not Detected LCK Action Stop Out of Sequence CCMs Received 0 Cross connect CCMs Received 0 Error CCMs Received 0 Normal CCMs Received 0 Port Status CCMs Received 0 If Status CCMs Received 0 CCMs transmitted 14813 In order LBRs Received 0 Out of order LBRs Received 0 Next LTM Trans ID 0 Unexpected LTRs Received 0 LBMs Transm...

Page 296: ...ting an error status Some Remote MEP Down This MEP is not receiving CCMs from some other MEP in its configured list Error CCM Received This MEP is receiving invalid CCMs which may be caused by configuration error Cross connect CCM Received This MEP is receiving CCMs that could be from some other MA Disabled The fault alarm function is disabled 15 32 show cfm mep fault This command is used to displ...

Page 297: ...ted that the remote MEP s associated MAC is reporting an error status Some Remote MEP Down This MEP is not receiving CCMs from some other MEP in its configured list Error CCM Received This MEP is receiving invalid CCMs which may be caused by configuration error Cross connect CCM Received This MEP is receiving CCMs that could be from some other MA AIS Status AIS received Indicates the AIS have been...

Page 298: ...mmand is used to display the remote MEP information show cfm remote mep mepid LOCAL MEP ID ma name MA NAME domain DOMAIN NAME remote mepid REMOTE MEPID Parameters mepid MEP ID Specifies the MEP ID name MA NAME Specifies the MA name as the identifier domain DOMAIN NAME Specifies the MD name as the identifier It is a string type of maximum length 22 remote mepid REMOTE MEPID Optional Specifies the r...

Page 299: ...m remote mep mepid 1 ma name op ma domain op domain remote mepid 2 Remote MEPID 2 MAC Address 00 11 22 33 44 02 Status OK RDI Yes Port State Up Interface Status No Last CCM Serial Number 1000 Sender Chassis ID None Sender Management Address 10 90 90 90 161 Detect Time 2013 11 01 17 00 00 Switch Display Parameters Status Idle The momentary state during reset Start The timer has not expired since th...

Page 300: ...n due to state of the lower layer interfaces 15 35 show cfm pkt cnt interface This command is used to display the CFM packet s RX TX counters of the specified physical interface show cfm pkt cnt interface INTERFACE ID rx tx Parameters INTERFACE ID Optional Specifies the interface ID to display The allowed interfaces only include physical interfaces Optional Specifies a series of interfaces or sepa...

Page 301: ...oDrop 0 CFM TX Statistics AllPkt 0 CCM 0 LBR 0 LBM 0 LTR 0 LTM 0 Switch This example shows how to display RX packet counters of eth 1 0 1 Switch show cfm pkt cnt interface ethernet 1 0 1 rx eth1 0 1 CFM RX Statistics AllPkt 0 CCM 0 LBR 0 LBM 0 LTR 0 LTM 0 VidDrop 0 OpcoDrop 0 Switch This example shows how to display TX packet counters of eth 1 0 1 Switch show cfm pkt cnt interface ethernet 1 0 1 t...

Page 302: ...rding to IEEE 802 1ag a Bridge replies with one LTR to an LTM This command can make all MPs on an LTM s forwarding path reply with LTRs whether they are on the same Bridge or not Example This example shows how to enable this function Switch configure terminal Switch config cfm mp ltr all Switch config 15 37 show cfm mp ltr all This command is used to display the MPs reply LTRs configuration show c...

Page 303: ... enabled once an ETH AIS event occurs or an ETH AIS event clears a trap will be sent out lck Optional Specifies the LCK trap status that will be configured If the trap status of LCK is enabled once an ETH LCK event occurs or an ETH LCK event clears a trap will be sent out Default By default this feature is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideli...

Page 304: ...Level 12 Usage Guideline Use this command to enter into the software ACL filter map configuration mode to associate some pre defined ACL access list s to filter packets received at CPU Multiple software ACL filter maps can be configured Example This example shows how to create a software ACL filter map named cpu_filter Switch configure terminal Switch config soft acl filter map cpu_filter Switch c...

Page 305: ...r precedence If the associated access list with same sequence number exists they are processed in the following order expert access list MAC access list IP access list IPv6 access list Example This example shows how to attach an IP access list named cpu acl and MAC access list named mac4001 to the software ACL filter map cpu_filter Switch configure terminal Switch config ip access list cpu acl Swi...

Page 306: ...r checking sequence is used The rule with a smaller sequence number takes higher precedence Once match is found others will be ignored Finally if no match is found the packet will be permitted and it can be continually processed by other functions If the matching action is permit it will be passed to other functions Else if the action is drop the packet will be dropped In other words the action of...

Page 307: ... Mode Command Default Level Level 1 Usage Guideline Use the command to display the specified software ACL filter map If no name is specified all software ACL filter maps will be displayed Example This example shows how to display the software ACL filter map Switch show soft acl filter map Software ACL Filter Map cpu_filter Match Access list s IP 2 Ext ip MAC 3 mac4001 Match Ingress Interface s eth...

Page 308: ...nicast routing and Layer 3 application control packets multicast Specifies to display statistic counters of Layer 3 multicast routing control packets protocol NAME Optional Specifies the name of protocol It is case sensitive Default None Command Mode Privileged EXEC Mode or Any Configuration Mode Command Default Level Level 15 Usage Guideline This command is use to display statistics for Layer 2 a...

Page 309: ... 0 0 0 Unknown IPv4 IPMC 0 0 0 Unknown IPv6 IPMC 0 0 0 ARP 0 241 237 ICMP 0 0 0 NDP 0 0 0 ICMPv6 0 0 0 SNTP 0 0 0 DNS 0 0 0 TFTP 0 0 0 RCP 0 0 0 SMTP 0 0 0 Telnet 0 0 0 UDP Helper 0 0 0 VRRP 0 0 0 ISIS 0 0 0 Switch 17 2 debug clear cpu port This command is used to reset all counters for Layer 2 or Layer 3 control packets that are trapped to the CPU debug clear cpu port Parameters None Default None...

Page 310: ...witch CLI Reference Guide 305 Usage Guideline This command is used to reset all counters for Layer 2 or Layer 3 control packets that are trapped to the CPU Example This example shows how to clear all statistics counters Switch debug clear cpu port Switch ...

Page 311: ...on Example This example shows how to enable and then disable the debug message output option Switch config debug enable Switch config no debug enable Switch config 18 2 debug output This command is used to specify the output for the debug messages of individual modules debug output module MODULE LIST all buffer console no debug output module MODULE LIST all Parameters MODULE LIST Specifies the mod...

Page 312: ...enable command is enabled Example This example shows how to configure all the module s debug messages to output to the debug buffer Switch debug output all buffer Switch 18 3 debug reboot on error This command is used to set the switch to reboot when a fatal error occurs Use the no form of this command to set the switch not to reboot when a fatal error occurs debug reboot on error no debug reboot ...

Page 313: ...cifies to copy the technical support information LOCATION Specifies the IPv4 or IPv6 address of the TFTP FTP RCP server USER NAME Specifies the user name on the FTP RCP server PASSWORD Specifies the password for the user VRF NAME Specifies the name of the VRF instance which the TFTP FTP RCP server belongs to Default None Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guidel...

Page 314: ...hows how to clear the debug buffer information Switch debug clear buffer Switch 18 6 debug clear error log This command is used to clear the error log information debug clear error log Parameters None Default None Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command to clear the error log information Example This example shows how to clear the error log...

Page 315: ...e Command Default Level Level 15 Usage Guideline Use this command to display the content of the debug buffer or utilization information of the debug buffer Example This example shows how to display the debug buffer information Switch debug show buffer Debug buffer is empty Switch This example shows how to display the debug buffer utilization Switch debug show buffer utilization Debug buffer is all...

Page 316: ...ion of the modules Switch debug show output Debug Global State Disabled Module name Output Enabled DHCPv6_CLIENT buffer No DHCPv6_RELAY buffer No OSPFV2 buffer No BGP buffer No VRRP buffer No RIPNG buffer No Switch 18 9 debug show error log This command is used to display error log information debug show error log Parameters None Default None Command Mode Privileged EXEC Mode Command Default Level...

Page 317: ...02ACE98 8018C814 8028FF44 8028352C 801D703C 8013B8A4 802AE754 802A5E0C 802A5D6C debug log 2 level fatal clock 10000ms time 2013 03 11 15 00 00 SOFTWARE FATAL ERROR CLI_UTL_AllocateMemory Fail Current TASK CLI TASK STACKTRACE 802ACE98 802B4498 802B4B00 802BD140 802BCB08 Total Log 2 Output truncated 18 10 debug show tech support This command is used to display the information required by technical s...

Page 318: ...on Firmware Build 2 40 041 Copyright C 2015 D Link Corporation All rights reserved Basic System Information SYS 2015 9 8 08 59 20 Boot Time 8 Sep 2013 08 54 00 RTC Time 2013 09 08 08 59 20 Boot PROM Version Build 1 10 008 Firmware Version Build 2 40 041 Hardware Version MAC Address 00 01 02 03 04 05 MAC Address Number 0A2G System Log SYS_LOG 2013 9 8 08 59 20 Index Date Time Level Log Text 4 2013 ...

Page 319: ...47 Output truncated 18 11 debug show cpu utilization This command is used to display the total CPU utilization and the CPU utilization per process debug show cpu utilization Parameters None Default None Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command to display the information about CPU and task utilization Example This example shows how to display...

Page 320: ...rnet Switch CLI Reference Guide 315 Five seconds 8 One minute 8 Five minutes 13 Process Name 5Sec 1Min 5Min OS_UTIL 96 93 81 SYS_Ctr 9 2 2 FAN_Pooling 4 3 2 bcmRX 3 3 3 bcmL2X 0 2 2 2 bcmCNTR 0 2 2 2 ST_PERI 2 1 1 ST_RxPkt 1 1 1 HISR1 1 1 1 Switch ...

Page 321: ...and the TFTP server IP address from the DHCP server if the DHCP server has the TFTP server IP address and configuration file name and be configured to deliver this information in the data field of the DHCP reply packet The switch will then download the configuration file from the TFTP server to configure the system if the TFTP server is running and have the requested configuration file in its base...

Page 322: ...ommand Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display the status of the auto configuration Example This example shows how to display the status of the auto configuration Switch show autoconfig Autoconfig State Disabled Switch ...

Page 323: ...with the DHCP discover message This specification only applies to the subsequent sending of the DHCP discover messages The setting only takes effect when the DHCP client is enabled on the interface to acquire the IP address from the DHCP server The vendor class identifier specifies the type of device that is requesting an IP address Option 60 will not be sent with discover messages unless the clas...

Page 324: ...e to acquire the IP address from the DHCP server One interface can be specified as the client identifier Example This example shows how to configure the MAC address of VLAN 100 as the client ID sent in the discover message for VLAN 100 Switch configure terminal Switch config interface vlan 100 Switch config if ip dhcp client client id vlan 100 Switch config if 20 3 ip dhcp client hostname This com...

Page 325: ...se This command is used to specify the preferred lease time for the IP address to request from the DHCP server Use the no form of this command to disable sending of the lease option ip dhcp client lease DAYS HOURS MINUTES no ip dhcp client lease Parameters DAYS Specifies the day duration of the lease The range is from 0 to 10000 days HOURS Optional Specifies the hour duration of the lease The rang...

Page 326: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 321 Switch config if ...

Page 327: ...iving a DHCP request packet if the subnet that the packet comes from matches the relay source of a relay pool the packet will be relayed based on the matched relay pool Otherwise the packet is relayed based on the IP helper address configured on the received interface To relay based on the relay pool if the request packet is a relayed packet the Gateway IP Address GIADDR of the packet is the sourc...

Page 328: ...n check reply command is configured for an interface the interface setting takes effect When the check for Option 82 of the reply packet is enabled the device will check the validity of the Option 82 field in DHCP reply packets it receives from the DHCP server If the Option 82 field in the received packet is not present or the option is not the original option inserted by the agent by checking the...

Page 329: ...nt or the option is not the original option inserted by the agent by checking the remote ID sub option the relay agent drops the packet Otherwise the relay agent removes the Option 82 field and forwards the packet If the check is disabled the packet will be directly forwarded Example This example shows how to disable the global DHCP relay agent check but enables the DHCP relay agent check for the ...

Page 330: ...ch config 21 5 ip dhcp relay information option insert This command is used to enable or disable the insertion of Option 82 for an interface during the relay of DHCP request packets Use the no command to remove the configuration of the insert function for the interface ip dhcp relay information option insert none no ip dhcp relay information option insert none Parameters none Optional Specifies to...

Page 331: ...fault this option is replace Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The command only takes effect when the DHCP service is enabled Use this command to configure the global policy for the insertion of Option 82 on packets that already have Option 82 Example This example shows how to configure the relay agent option re forwarding policy to keep If the i...

Page 332: ...warding policy to keep and set the policy to drop for VLAN 100 The effective relay agent option re forwarding policy for VLAN 100 is drop and the effective relay agent option re forwarding policy for the remaining interfaces are set as keep Switch configure terminal Switch config ip dhcp relay information policy keep Switch config interface vlan 100 Switch config if ip dhcp relay information polic...

Page 333: ...ode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to select different vendor s remote ID format or configures a user defined string of ASCII characters to be the remote ID Example This example shows how to use vendor2 as the remote ID Switch configure terminal Switch config ip dhcp relay information option Switch config ip dhcp relay information opti...

Page 334: ...d be 4 e The VLAN ID S VID f Module ID For stand alone switch this is 0 For stacked switch this is the box ID g Port ID Port number for each box SENTENCE Specifies to use a user defined string as the circuit ID Space characters are allowed in the string a b c d e 2 n 2 1 n User defined 1 byte 1 byte 1 byte 1 byte Max 32 bytes vendor1 Specifies to use vender1 If configured the circuit ID will use t...

Page 335: ...cuit ID Switch configure terminal Switch config ip dhcp relay information option Switch config ip dhcp relay information option format circuit id vendor1 Switch config This example shows how to configure a user defined string abcd as the circuit ID Switch configure terminal Switch config ip dhcp relay information option Switch config ip dhcp relay information option format circuit id string abcd S...

Page 336: ...ormation trust all Switch config 21 11 ip dhcp relay information trusted This command is used to enable the DHCP relay agent to trust the relay information for the interface Use the no command to disable the trusting of relay information for the interface ip dhcp relay information trusted no ip dhcp relay information trusted Parameters None Default By default information is not trusted Command Mod...

Page 337: ...o space is allowed before and after the comma Optional Specifies a range of VLANs No space is allowed before and after the hyphen Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The local relay relays the DHCP message to all local VLAN member ports based on the relay option setting The local relay does not change the ...

Page 338: ...ecified in a pool If a packet matches anyone of the relay sources the packet will be forwarded to all of the relay destinations When receiving a DHCP request packet if the subnet that the packet comes from matches the relay source of a relay pool the packet will be relayed based on this relay pool Otherwise the packet is relayed based on the IP helper address configured for the received interface ...

Page 339: ... Otherwise the packet is relayed based on the IP helper address configured on the received interface To relay a packet based on the relay pool if the request packet is a relayed packet the GIADDR of the packet is the source of the request If the request packet is not a relayed packet the subnet of the received interface is the source of the packet In a DHCP relay pool administrators can further us...

Page 340: ...no class defined then the request will be relayed to the relay destination of the matched relay pool Multiple relay target commands can be specified for a class If a packet matches the class the packet will be forwarded to all of the relay targets If the relay target command is not configured for a class the relay target follows the relay destination specified for the pool The DHCP packet will not...

Page 341: ...ources Note that the display output does not list the individual interfaces Switch show ip dhcp relay information trusted sources All interfaces are trusted source of relay agent information option Switch 21 17 show ip dhcp relay information option format type This command is used to display the interface option format configuration show ip dhcp relay information option format type interface INTER...

Page 342: ...tring3 Circuit ID vendor string string4 Total Entries 3 switch 21 18 show ip dhcp relay information option insert This command is used to display the relay option insert configuration show ip dhcp relay information option insert interface INTERFACE ID Parameters interface INTERFACE ID Optional Specifies to display information related to the interface specified here Enter the interface s ID after t...

Page 343: ...p relay information policy action This command is used to display the relay option policy action configuration show ip dhcp relay information policy action interface INTERFACE ID Parameters interface INTERFACE ID Optional Specifies to display information related to the interface specified here Enter the interface s ID after the keyword here If no interface ID is specified then information related ...

Page 344: ...ets issue the no command ip dhcp relay unicast no ip dhcp relay unicast Parameters None Default By default DHCP client unicast packets will be relayed Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to enable or disable the DHCP relay and local relay agent to process DHCP unicast packets Unicast includes all DHCP client message types like ...

Page 345: ... insert none command to disable the insertion of DHCP VPN related sub options for the interface The ip dhcp relay information option command and the ip dhcp relay information option vpnid command together determine the VPN related sub option s insertion state effective for an interface If ip dhcp relay information option vpnid is not configured for an interface the global setting takes effect If i...

Page 346: ...mation option vpnid Parameters None Default Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to display the VPN related sub options configuration Example This example shows how to display the VPN related sub options configuration Switch show ip dhcp relay information option vpnid Interface VPN Option vlan1 Enabled vlan2 Disabled vlan3 Not C...

Page 347: ...ed on the class from this address pool if the IP DHCP use class setting is enabled When the server attempts to allocate an address from an address pool and if the address pool has classes defined the server will check first whether the pool contains the subnet appropriate for the request If the subnet of the address pool contains the GIADDR if not zero or the subnet of the received interface then ...

Page 348: ...fies the location of the server where the boot file resides Example This example shows how to specify mdubootfile bin as the name of the boot file for DHCP pool 1 Switch configure terminal Switch config ip dhcp pool pool1 Switch config dhcp pool bootfile bootimage mdubootfile bin Switch config dhcp pool 22 3 clear ip dhcp binding This command is used to delete the address binding entry from the DH...

Page 349: ...w to delete the address binding 10 12 1 99 from the DHCP server database Switch clear ip dhcp all binding 10 12 1 99 Switch This example shows how to delete all bindings from all pools Switch clear ip dhcp all binding Switch This example shows how to delete address binding 10 13 2 99 from the address pool named pool 2 Switch clear ip dhcp pool pool2 binding 10 13 2 99 Switch 22 4 clear ip dhcp con...

Page 350: ...re specified then the specified conflict entry specific to the specific pool will be cleared Example This example shows how to clear an address conflict of 10 12 1 99 from the DHCP server database Switch clear ip dhcp all conflict 10 12 1 99 Switch This example shows how to delete the all conflict addresses from the DHCP server database Switch clear ip dhcp all conflict Switch This example shows h...

Page 351: ...d on the DHCP option value of the request If an address pool has classes defined the allocation of addresses from this address pool will based on the class if the IP DHCP use class setting is enabled In a DHCP relay pool the user can further use the class command to associate a DHCP pool class and then use relay targets to set a list of relay target addresses for DHCP packet forwarding If the clie...

Page 352: ... The class Default class is associated with the relay target 10 2 1 32 Switch configure terminal Switch config ip dhcp class Service A Switch config dhcp class option 60 hex 112233 Switch config dhcp class option 60 hex 102030 Switch config dhcp class exit Switch config ip dhcp class Service B Switch config dhcp class option 60 hex 556677 Switch config dhcp class option 60 hex 506070 Switch config...

Page 353: ...entifier in the DHCP packet Example This example shows how a DHCP address pool pool1 is created with a manual binding entry which binds the IP address 10 1 2 3 24 with client ID 0x01524153203124 Switch configure terminal Switch config ip dhcp pool pool1 Switch config dhcp pool client identifier 01524153203124 Switch config dhcp pool host 10 1 2 3 24 Switch config dhcp pool 22 8 default router This...

Page 354: ...router 10 1 1 1 22 9 domain name This command is used to specify the domain name for a DHCP client Use the no form of this command to remove the domain name domain name NAME no domain name Parameters NAME Specifies the domain name This name can be up to 64 characters long Default None Command Mode DHCP Pool Configuration Mode Command Default Level Level 12 Usage Guideline This command configures t...

Page 355: ...ervers can be specified Servers are listed in the order of preference If DNS servers are already configured the DNS servers configured later will be added to the DNS server list Example This example shows how to specify 10 1 1 1 as the IP address of the DNS server in the DHCP address pool Switch configure terminal Switch config ip dhcp pool pool1 Switch config dhcp pool dns server 10 1 1 1 22 11 h...

Page 356: ...ntry which binds the IP address 10 1 2 100 24 with the MAC address C2 F3 22 0A 12 F4 Switch configure terminal Switch config ip dhcp pool pool1 Switch config dhcp pool hardware address C2F3 220A 12F4 Switch config dhcp pool host 10 1 2 100 24 Switch config dhcp pool 22 12 host This command is used to specify the IP address of the manual binding entry in a DHCP address pool Use the no command to re...

Page 357: ...erver This command is used to define a DHCP class and enter the DHCP class configuration mode Use the no form of the command to remove a DHCP class ip dhcp class NAME no ip dhcp class NAME Parameters NAME Specifies the DHCP class name This name can be up to 32 characters long Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to ente...

Page 358: ...lt Level Level 12 Usage Guideline The DHCP server automatically allocates addresses in DHCP address pools to DHCP clients All the addresses except the interface s IP address on the router and the excluded address specified by the ip dhcp excluded address command are available for allocation Multiple ranges of addresses can be excluded To remove a range of excluded addresses administrators must spe...

Page 359: ...ckets 3 Switch config 22 16 ip dhcp ping timeout This command is used to specify the time the DHCP server should wait for the ping reply packet Use the no form of this command to restore the default value ip dhcp ping timeout MILLI SECONDS no ip dhcp ping timeout Parameters MILLI SECONDS Specifies the interval of time the DHCP server will wait for the ping reply The maximum timeout is 10000 millis...

Page 360: ...s requests from DHCP clients and services and then allocates an IP address from the address pool and replies the address to the client An address pool can either contain a network of IP addresses or a single IP address Use the network command in the DHCP Pool Configuration Mode to specify a network for the address pool or use the client identifier or hardware address command with the host command ...

Page 361: ... class is disabled Switch configure terminal Switch config no ip dhcp use class Switch config 22 19 lease This command is used to configure the duration of the lease for an IP address that is assigned from the address pool Use the no form of this command to restore the default setting lease DAYS HOURS MINUTES infinite no lease Parameters DAYS Specifies the number of days for the duration of the le...

Page 362: ...ents Use the no form of this command to remove the configuration of the NetBIOS node type netbios node type NTYPE no netbios node type Parameters NTYPE Specifies the NetBIOS node type of the Microsoft client The following are the valid types b node Broadcast p node Peer to peer m node Mixed h node Hybrid Default None Command Mode DHCP Pool Configuration Mode Command Default Level Level 12 Usage Gu...

Page 363: ...s Up to eight servers can be specified Default None Command Mode DHCP Pool Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to configure the WINS name server IP addresses that that are available to the Microsoft client Up to eight servers can be specified Servers are listed in the order of preference If name servers are already configured the name server configure...

Page 364: ...xt server in the DHCP client s boot process in the pool named pool1 Switch configure terminal Switch config ip dhcp pool pool1 Switch config dhcp pool next server 10 1 1 1 22 23 network This command is used to configure the network with its associated mask for a DHCP address pool Use the no command to remove the network network NETWORK ADDRESS MASK NETWORK ADDRESS PREFIX LENGTH no network Paramete...

Page 365: ...ed as the network mask to the user The network configured for a DHCP address pool can be a natural network or a sub network The configured DHCP address pools are organized as a tree The root of the tree is the address pool that contains the natural network The address pools that contain the sub network are branches under the root and the address pools that contain the manual binding entry is the l...

Page 366: ...onfigured by the network Option 3 Router Option configured by the default router Option 6 Domain Name Server configured by the DNS server Option 15 Domain Name configured by the domain name Option 44 NetBIOS Name Server configured by the NetBIOS name server Option 46 NetBIOS Node Type configured by the NetBIOS node type Option 51 IP Address Lease Time configured by the lease Option 58 Renewal T1 T...

Page 367: ... bit mask for the masking of the pattern The masked pattern bits will be matched If the mask is not specified all the bits specified by the pattern will be checked The bit set as 1 will be checked The input format should be the same as the pattern Default None Command Mode DHCP Class Configuration Mode Command Default Level Level 12 Usage Guideline The user can use the ip dhcp class command with t...

Page 368: ...tch config dhcp class option 60 hex 5060 Switch config dhcp class exit Switch config ip dhcp class Service B Switch config dhcp class 22 26 service dhcp This command is used to enable the DHCP server and relay service on the switch Use the no form of this command to disable the DHCP server and relay service service dhcp no service dhcp Parameters None Default By default the state is disabled Comma...

Page 369: ...s lease start and lease expiration of the entry will be displayed Example This example shows how to display the binding status of al bound IP addresses Switch show ip dhcp binding VRF Name vrf1 IP address Client ID Lease expiration Type Hardware address 10 1 1 1 0100b810863212 Oct 23 2013 09 12 AM Automatic 10 1 9 1 0100b7443dc224 Oct 23 2013 01 12 AM Automatic 10 1 11 10 0100b22291226d infinite M...

Page 370: ...the ping operation If a conflict address is found then this IP address will be removed from the address pool and marked as a conflict The conflict address will not be assigned until the network administrator clears the conflict address Example This example shows how to display the conflict status of the IP address 10 1 1 1 Switch show ip dhcp conflict 10 1 1 1 IP address Detected Method Detection ...

Page 371: ... this command to examine the configuration settings of the pool or all the pools if the name parameter is not used Example This example shows how to display the DHCP pool pool1 configuration information Switch show ip dhcp pool pool1 Pool name pool1 VRF Name vrf1 Network 172 28 5 0 24 Boot file boot bin Default router 10 1 2 1 DNS server 10 1 2 1 NetBIOS server 10 1 2 3 Domain name alphanetworks c...

Page 372: ...and to display the DHCP server status and user configured address pool Example This example shows how to display the status of the DHCP server Switch show ip dhcp server DHCP Service Disable Ping packets number 3 Ping timeout 500 ms Excluded Addresses 10 1 1 1 10 1 1 255 List of DHCP server configured address pool pool1 pool2 pool3 pool4 pool5 pool6 pool7 pool8 pool9 pool10 pool11 pool12 Switch 22...

Page 373: ...QUEST 12 DHCPDISCOVER 200 DHCPREQUEST 178 DHCPDECLINE 0 DHCPRELEASE 0 DHCPINFORM 0 Message Sent BOOTREPLY 12 DHCPOFFER 190 DHCPACK 172 DHCPNAK 6 Switch Display Parameters Address pools The number of configured address pools in the DHCP database Malformed messages The number of truncated or corrupted messages that were received by the DHCP server Renew messages The number of renewed messages for a ...

Page 374: ...default the address pool is defined for the global routing domain Associating a pool with a VRF allows overlapping addresses of other pools that are not on the same VRF Only one pool can be associated with each VRF If the address pool is associated with a VRF the DHCP server will only assign an IP address from the address pool when the associated VRF matches the VRF of the DHCP request Example Thi...

Page 375: ...rict that only specific servers are allowed to offer addresses to service specific clients If a binding entry is defined without the client s MAC address then the server message with the specified server IP address in the payload will be permitted These binding entries restrict that only specific servers are allowed to offer DHCP server services Example This example shows how to configure a DHCP s...

Page 376: ...h clear ip dhcp snooping server screen log Switch 23 3 dhcp server screen profile This command is used to define a server screen profile and enter the server screen configure mode dhcp server screen profile PROFILE NAME no dhcp server screen profile PROFILE NAME Parameters PROFILE NAME Specifies the profile name with a maximum of 32 characters Default None Command Mode Global Configuration Mode Co...

Page 377: ...er screen on a specific interface will filter all DHCP server packets from the interface and only forward trusted server packets If a server screen entry is defined with a profile that contains a client MAC address then the server message with the server IP address and the client addresses contained in the profile is forwarded If an entry is defined without the client s MAC address then the server...

Page 378: ...acks of the information of packets that did not pass the screening The first packet that violates the check will be sent to the log module and recorded in the server screen log buffer The subsequent packets belonging to the same session will not be sent to log module unless its record in the log buffer is cleared If the log buffer is full but more violation events occur packets will be discarded b...

Page 379: ...0 20 1 1 00 20 30 40 50 60 06 30 37 2013 02 07 100 10 58 2 30 10 22 33 44 50 60 06 31 42 2013 02 07 Total Entries 2 Switch 23 7 snmp server enable traps dhcp server screen This command is used to enable the sending of SNMP notifications for forged DHCP server attacking Use the no command to disable the sending of SNMP notifications snmp server enable traps dhcp server screen no snmp server enable ...

Page 380: ...0Gigabit Ethernet Switch CLI Reference Guide 375 Example This example shows how to enable the sending of traps for DHCP server screening Switch configure terminal Switch config snmp server enable traps dhcp server screen Switch config ...

Page 381: ...he untrusted interface can be validated and a DHCP binding database will be constructed for the DHCP snooping enabled VLAN The binding database provides IP and MAC binding information that can be further used by the IP source guard and dynamic ARP inspection process Example This example shows how to enable DHCP snooping Switch configure terminal Switch config ip dhcp snooping Switch config 24 2 ip...

Page 382: ...4 3 ip dhcp snooping database This command is used to configure the storing of DHCP snooping binding entries to the local flash or a remote site Use the no command to disable the storing or reset the parameters to the default setting ip dhcp snooping database URL write delay SECONDS no ip dhcp snooping database write delay Parameters URL Specifies the URL in one of the following forms ftp username...

Page 383: ...e time will continue to be counted while the entry is provisioned Example This example shows how to store the binding entry to a file in the file system Switch configure terminal Switch config ip dhcp snooping database tftp 10 0 0 2 store dhcp snp bind Switch config 24 4 clear ip dhcp snooping database statistics This command is used to clear the DHCP binding database statistics clear ip dhcp snoo...

Page 384: ...o clear the DHCP binding entry including the manually configured binding entry Example This example shows how to clear all snooping binding entries Switch clear ip dhcp snooping binding Switch 24 6 renew ip dhcp snooping database This command is used to renew the DHCP binding database renew ip dhcp snooping database URL Parameters URL Specifies load the bind entry database from the URL and add the...

Page 385: ... or delete a binding entry SECONDS Specifies the interval after which bindings are no longer valid This value must be between 60 and 4294967295 seconds MAC ADDRESS Specifies the MAC address of the entry to add or delete Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Use this command to create a dynamic DHCP snooping entry Example This example shows ho...

Page 386: ...switch port receives a packet such as a DHCPOFFER DHCPACK DHCPNAK or DHCPLEASEQUERY packet from a DHCP server outside the firewall If ip dhcp snooping verify mac address is enabled the source MAC in the Ethernet header must be the same as the DHCP client hardware address to pass the validation The untrusted interface receives a DHCP packet that includes a relay agent IP address that is not 0 0 0 0...

Page 387: ...or physical port and port channel interface configuration This command only takes effect on untrusted interfaces The system will stop learning binding entries associated with the port if the maximums number is exceeded Example This example shows how to configure the limit on binding entries allowed on port Ethernet 1 0 1 to 100 Switch configure terminal Switch config interface ethernet 1 0 3 Switc...

Page 388: ...dhcp snooping station move deny This command is used to disable the DHCP snooping station move state Use the no command to enable the DHCP snooping roaming state ip dhcp snooping station move deny no ip dhcp snooping station move deny Parameters None Default By default this option is enabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline When DHCP snooping st...

Page 389: ...hen they arrive at the port on the VLAN that is enabled for DHCP snooping By default DHCP snooping will verify that the source MAC address in the Ethernet header is the same as the DHCP client hardware address to pass the validation Example This example shows how to enable the verification that the source MAC address in a DHCP packet matches the client hardware address Switch configure terminal Sw...

Page 390: ... snooping With this function the DHCP packets come from the untrusted interface can be validated and a DHCP binding database will be constructed for the DHCP snooping enabled VLAN The binding database provides IP and MAC binding information that can be further used by the IP source guard and dynamic ARP inspection process Example This example shows how to enable DHCP snooping on VLAN 10 Switch con...

Page 391: ...display DHCP snooping binding entries show ip dhcp snooping binding IP ADDRESS MAC ADDRESS vlan VLAN ID interface INTERFACE ID Parameters IP ADDRESS Optional Specifies to display the binding entry based on the IP address MAC ADDRESS Optional Specifies to display the binding entry based on the MAC address vlan VLAN ID Optional Specifies to display the binding entry based on the VLAN interface INTER...

Page 392: ...ding 10 1 1 1 MAC Address IP Address Lease seconds Type VLAN Interface 00 01 02 03 04 05 10 1 1 1 1500 dhcp snooping 100 eth1 0 5 Total Entries 1 Switch This example shows how to display DHCP snooping binding entries by IP 10 1 1 11 and MAC 00 01 02 00 00 05 Switch show ip dhcp snooping binding 10 1 1 11 00 01 02 00 00 05 MAC Address IP Address Lease seconds Type VLAN Interface 00 01 02 00 00 05 1...

Page 393: ...dhcp snooping binding interface ethernet 1 0 5 MAC Address IP Address Lease seconds Type VLAN Interface 00 01 02 03 04 05 10 1 1 10 1500 dhcp snooping 100 eth1 0 5 00 01 02 00 00 05 10 1 1 11 495 dhcp snooping 100 eth1 0 5 Total Entries 2 Switch Display Parameters MAC Address The client hardware MAC address IP Address The client IP address assigned from the DHCP server Lease seconds The IP address...

Page 394: ...s Binding collisions 0 Expired lease 0 Invalid interfaces 0 Unsupported vlans 0 Parse failures 0 Checksum errors 0 Switch Display Parameters Binding Collisions The number of entries that created collisions with exiting entries in DHCP snooping database Expired leases The number of entries that expired in the DHCP snooping database Invalid interfaces The number of interfaces that received the DHCP ...

Page 395: ...for interface VLAN 1 Switch clear ipv6 dhcp client vlan1 Switch 25 2 ipv6 dhcp client pd This command is used to enable the Dynamic Host Configuration Protocol DHCP IPv6 client process to request the prefix delegation through a specified interface Use the no form of this command to disable the request ipv6 dhcp client pd PREFIX NAME hint IPV6 PREFIX rapid commit no ipv6 dhcp client pd Parameters P...

Page 396: ...ded in the transmitted solicit or request message as a hint to the prefix delegation server Only one hint prefix can be configured When the client receives advertisement from multiple servers the client will take the server with best preference value The client can accept multiple prefixes delegated from a server The DHCP for IPv6 client server and relay functions are mutually exclusive on an inte...

Page 397: ...ow ipv6 dhcp This device s DUID is 0001000111A8040D001FC6D1D47B Switch This example shows how to display the DHCPv6 setting for interface VLAN 1 when VLAN 1 is DHCPv6 disabled Switch show ipv6 dhcp interface vlan1 vlan1 is not in DHCPv6 mode Switch This example shows how to display the DHCPv6 setting for all VLANs Only VLANs that are DHCPv6 enabled are displayed Switch show ipv6 dhcp interface vla...

Page 398: ...icy This command will enter into the DHCPv6 guard configuration mode DHCPv6 guard policies can be used to block DHCPv6 reply and advertisement messages that come from unauthorized servers Client messages are not blocked After the DHCPv6 guard policy was created use the ipv6 dhcp guard attach policy command to apply the policy on a specific interface Example This example shows how to create a DHCPv...

Page 399: ...uard policy and set the device s role as the server Switch configure terminal Switch config ipv6 dhcp guard policy dhcpguard1 Switch config dhcp guard device role server Switch config dhcp guard 26 3 match ipv6 access list This command is used to verify the sender s IPv6 address in server messages Use the no form of the command to disable the verification match ipv6 access list IPV6 ACCESS LIST NA...

Page 400: ...CY NAME Optional Specifies the DHCPv6 guard policy name Default By default this option is disabled Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to apply a DHCPv6 policy to an interface DHCPv6 guard policies can be used to block DHCPv6 server messages or filter server messages based on sender IP address If the policy name is not speci...

Page 401: ...name is not specified information is displayed for all policies Example This example shows how to displayed for all policies Switch show ipv6 dhcp guard policy DHCP guard policy default Device Role DHCP client Target eth1 0 3 DHCP guard policy test1 Device Role DHCP server Source Address Match Access List acl1 Target eth1 0 1 Switch Display Parameters Device Role The role of the device The role is...

Page 402: ...es are removed the relay function is disabled The incoming DHCPv6 messages being relayed can come from a client may be already relayed by a relay agent The destination address to be relayed can be a DHCPv6 server or another DHCPv6 relay agent The destination address can be a unicast or a multicast address both can be a link scoped address or a global scoped address For link scoped addresses the in...

Page 403: ...nd is used to configure the sub type of the Remote ID option Example This example shows how to configure the sub type of the remote ID to cid with user define Switch configure terminal Switch config ipv6 dhcp relay remote id format cid with user define Switch config 27 3 ipv6 dhcp relay remote id option This command is used to enable the insertion of the relay agent remote ID Option 37 during the ...

Page 404: ...st packet that already has the relay agent Remote ID option is left unchanged and directly relayed to the DHCPv6 server Default By default this option is keep Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to configure the global policy for packets that already have Option 37 If the drop policy is selected relay agent s Remote ID option that ...

Page 405: ... to configure the UDF for the Remote ID Example This example shows how to configure the UDF to the ASCII string PARADISE001 Switch configure terminal Switch config ipv6 dhcp relay remote id udf ascii PARADISE001 Switch config This example shows how to configure the UDF to the hexadecimal string 010c08 Switch configure terminal Switch config ipv6 dhcp relay remote id udf hex 010c08 Switch config 27...

Page 406: ... vlan1 is in relay mode Relay destinations FE80 20A BBFF FECC 102 via vlan2 Switch This example shows how to display DHCPv6 information for the interface VLAN 1 when VLAN 1 is not in the DHCPv6 mode Switch show ipv6 dhcp interface vlan1 Vlan1 is not in DHCPv6 mode Switch 27 7 show ipv6 dhcp relay information option This command is used to display settings of the DHCPv6 relay information options sh...

Page 407: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 402 IPv6 DHCP relay remote id Policy drop Format user define UDF is ascii string userstring Switch ...

Page 408: ... in seconds This value must be between 60 and 4294967295 or infinite If the lifetime value is not specified the default lifetime value is 604800 seconds 7 days Default None Command Mode DHCPv6 Pool Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to configure an address prefix in an IPv6 DHCP pool configuration Only one address prefix can be configured for a DHCPv...

Page 409: ...ween 60 and 4294967295 or infinite If the lifetime is not specified the default preferred lifetime is the pool s preferred lifetime Default None Command Mode DHCPv6 Pool Configuration Mode Command Default Level Level 12 Usage Guideline Use the command to configure a static binding address entry to specify the address to be assigned to specific client When the server receives a request from a clien...

Page 410: ... ipv6 dhcp binding all IPV6 PREFIX Parameters all Specifies to clear all binding entries IPV6 PREFIX Specifies the binding entry by prefix to be cleared Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Use the command to clear the DHCPv6 server binding entries If an IPv6 prefix is specified for the command the binding entry corresponding to the specifie...

Page 411: ...This example shows how to configure the domain name in a DHCPv6 server pool named pool1 Switch configure terminal Switch config ipv6 dhcp pool pool1 Switch config dhcp domain name v6domain Switch config dhcp 28 5 dns server This command is used to configure the DNS IPv6 server list to be assigned to the requesting IPv6 client Use the no form of this command to remove a DNS server from the server l...

Page 412: ... excluded address LOW ADDRESS HIGH ADDRESS Parameters LOW ADDRESS Specifies the excluded IPv6 address or first IPv6 address in an excluded address range HIGH ADDRESS Optional Specifies the last IPv6 address in the excluded address range Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The DHCPv6 server assumes that all addresses excluding the switc...

Page 413: ...erminal Switch config ipv6 dhcp pool pool1 Switch config dhcp 28 8 ipv6 dhcp server This command is used to enable the DHCP IPv6 server service on an interface Use the no form of this command to disable the DHCP Ipv6 server service on an interface ipv6 dhcp server POOL NAME rapid commit preference VALUE allow hint no ipv6 dhcp server Parameters POOL NAME Specifies the name of the IPv6 DHCP pool us...

Page 414: ...ue of 0 A higher preference represents a higher precedence If the command is configured with the allow hint option the server will delegate the prefix based on prefix hint by client Otherwise the prefix hint by client is ignored Example This example shows how to create the DHCP pool pool1 enable the DHCP IPv6 server service on the interface VLAN 100 using the DHCP pool pool1 to delegate the prefix...

Page 415: ...mand to remove the static binding prefix prefix delegation IPV6 PREFIX PREFIX LENGTH CLIENT DUID iaid IAID lifetime VALID LIFETIME PREFERRED LIFETIME no prefix delegation IPV6 PREFIX PREFIX LENGTH Parameters IPV6 PREFIX Specifies the IPv6 prefix to delegate to the specific client PREFIX LENGTH Specifies the length of the IPv6 prefix CLIENT DUID Specifies the DHCP unique identifier DUID of the clie...

Page 416: ... IPv6 prefix pool specified in the IPv6 DHCP pool Example This example shows how to configure a static binding prefix entry in a IPv6 DHCP pool named pool1 and associates the IPv6 DHCP pool with VLAN 100 Switch configure terminal Switch config ipv6 dhcp pool pool1 Switch config dhcp prefix delegation 2001 0DB8 64 000300010506BBCCDDEE Switch config dhcp exit Switch config interface vlan100 Switch c...

Page 417: ...cal IPv6 prefix pool specified for the IPv6 DHCP pool Example This example shows how to configure a local IPv6 prefix pool named prefix pool specify the pool in an IPv6 DHCP pool named pool1 and associate the IPv6 DHCP pool with VLAN 100 Switch configure terminal Switch config ipv6 local pool prefix pool 3004 DB8 48 64 Switch config ipv6 dhcp pool pool1 Switch config dhcp prefix delegation pool pr...

Page 418: ...cifies the VLAN interface to display the DHCPv6 related setting Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the device s DHCPv6 DUID or use the show ipv6 dhcp interface command to display the DHCPv6 related settings for interfaces If the interface ID is not specified all interfaces that are enabled with the...

Page 419: ...age Guideline This command displays all DHCPv6 client prefix bindings from the binding table if the IPV6 prefix parameter is not given If the IPV6 prefix parameter is given it only displays the specific client prefix binding for the prefix Example This example shows how to display the IPv6 prefix binding entry Switch show ipv6 dhcp binding Client DUID 00010002 Prefix 2004 64 preferred lifetime 60 ...

Page 420: ...the DHCPv6 pool information Switch show ipv6 dhcp pool DHCPv6 pool abc Static bindings Binding for client 00030006000000001111 IA PD IA ID not specified Prefix 2000 0 200 48 preferred lifetime 1000 valid lifetime 2000 Prefix delegation pool aaa preferred lifetime 1000 valid lifetime 2000 DNS server Domain name Active clients 0 DHCPv6 pool test Static bindings Binding for client 0003000600000000111...

Page 421: ...lient DNS server The DNS server address list Domain name The configured DNS domain list Active clients The total number of active clients 28 16 show ipv6 excluded address This command is used to display the IPv6 excluded address configuration information show ipv6 excluded address Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guid...

Page 422: ...uideline Use this command to display the settings for a specific local IPv6 prefix pool or the setting for all prefix if the pool name parameter is not specified Example This example shows how to display the local pool information without the pool name specified Switch show ipv6 local pool Pool Prefix Free In use aaa 2000 32 65536 0 Total Entries 2 Switch This example shows how to display the info...

Page 423: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 418 ...

Page 424: ...omma Optional Specifies a range of interfaces No spaces are allowed before and after the hyphen detail Optional Specifies to display more detailed information Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the current SFP SFP QSFP module operating transceiver monitoring parameters values for specified ports Ex...

Page 425: ...watts A The threshold is administratively configured eth1 0 28 Transceiver Monitoring is enabled Transceiver Monitoring shutdown action Alarm Current High Alarm High Warning Low Warning Low Alarm Temperature C 30 090 75 000 A 70 000 0 000 5 000 Voltage v 3 353 3 630 3 465 3 135 2 970 Bias Current mA 16 794 10 500 9 000 2 500 2 000 TX Power mW 0 258 1 413 0 708 0 186 0 074 dbm 5 900 1 500 1 500 7 3...

Page 426: ...g Optional Specifies to enable or disable the sending of warning level notifications Default By default this feature is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Issuing this command with no parameters will enable or disable all transceiver monitoring SNMP notifications Example This example shows how to enable the sending of warning level notifi...

Page 427: ...y using the shutdown command and then the no shutdown command Example This example shows how to configure the shutdown interface Ethernet 1 0 1 when an alarm event is detected Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if transceiver monitoring action shutdown alarm Switch config if 29 4 transceiver monitoring bias current This command is used to configure the t...

Page 428: ...value defined by vendors The no form of this command has the effect to clear the configured threshold stored in the system It does not change the threshold stored in the SFP SFP QSFP transceivers Use the no form of the command to prevent threshold values on newly inserted SFP SFP QSFP transceivers from being altered Example This example shows how to configure the bias current high warning threshol...

Page 429: ...e transceiver monitoring on interface Ethernet 1 0 1 Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if transceiver monitoring enable Switch config if 29 6 transceiver monitoring rx power This command is used to configure the thresholds of the input power for the specified port Use the no form of the command to remove the configuration transceiver monitoring rx power...

Page 430: ...prevent threshold values in newly inserted SFP SFP QSFP transceivers from being altered Example This example shows how to configure the RX power low warning threshold as 0 135 mW on interface Ethernet 1 0 1 Switch configure terminal Switch config transceiver monitoring rx power ethernet 1 0 1 low warning mwatt 0 135 Switch config 29 7 transceiver monitoring temperature This command is used to conf...

Page 431: ...ansceivers from being altered Example This example shows how to configure the temperature high alarm threshold as 127 994 on interface Ethernet 1 0 1 Switch configure terminal Switch config transceiver monitoring temperature ethernet 1 0 1 high alarm 127 994 WARNING A closer value of 127 992 is chosen according to the transceiver monitoring precision definition Switch config 29 8 transceiver monit...

Page 432: ...QSFP transceivers Use the no form of the command to prevent threshold values in newly inserted SFP SFP QSFP transceivers from being altered Example This example shows how to configure the TX power low warning threshold to 0 181 mW on interface Ethernet 1 0 1 Switch configure terminal Switch config transceiver monitoring tx power ethernet 1 0 1 low warning mwatt 0 181 Switch config 29 9 transceiver...

Page 433: ...pport the threshold change the user configured threshold is just stored in the system and the displayed value will be the user configured threshold If there is no user configured threshold the displayed value will always reflect the factory preset value defined by the vendor The no form of this command has the effect to clear the configured threshold stored in system It does not change the thresho...

Page 434: ... multicast routing by using the ip multicast routing command in the global configuration mode At most one multicast routing protocol can be enabled on one interface Make sure no other multicast routing protocol is enabled before enabling DVMRP otherwise an error message will be shown Example This example shows how to enable the DVMRP protocol on the interface VLAN 1 Switch configure terminal Switc...

Page 435: ... This example shows how to change the metric value to 2 of an interface Switch configure terminal Switch config interface vlan1 Switch config if ip dvmrp metric 2 30 3 ip dvmrp neighbor timeout This command is used to configure the DVMRP neighbor lifetime value Use the no form of the command to return to the default value ip dvmrp neighbor timeout SECONDS no ip dvmrp neighbor timeout Parameters SE...

Page 436: ...ds Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to specify the interval time that the DVMRP router uses to send DVMRP Probe messages Example This example shows how to change the probe time to 20 seconds of an interface Switch configure terminal Switch config interface vlan1 Switch config if ip dvmrp probe time 20 30 5 show ip dvmrp inter...

Page 437: ...figure information for interface vlan1000 Switch show ip dvmrp interface vlan1000 NT Neighbor Timeout Interface Address NT Probe Metric Generation ID State vlan1000 10 0 0 254 35 10 1 1234567890 Enabled Total Entries 1 Switch 30 6 show ip dvmrp neighbor This command is used to display DVMRP neighbor information show ip dvmrp neighbor INTERFACE ID IP ADDRESS Parameters INTERFACE ID Optional Specifi...

Page 438: ...router has restarted a non decreasing number is placed in the periodic probe message called the generation ID When a change in the generation ID is detected any prune information received from the router is no longer valid and should be flushed ExpTime The neighbor timeout interval should be set at 35 seconds This allows fairly early detection of a lost neighbor yet provides tolerance for busy mul...

Page 439: ...urce network Upstream neighbor The next hop router to the source network Use 0 0 0 0 since this route is a local interface entry and does not enable DVMRP If the interface is a local entry then the up stream neighbor displays the interface IP address Learned Indicates this route entry is a local interface The other condition is dynamically learned Interface The interface to the source network Stat...

Page 440: ...e feature options that are enabled on the switch License keys are sold in the market It may be printed on a physical package or be displayed in an e mail or a portal The user needs register the license key on the Global Registration Portal to get the activation code Install the proper activation code rather than license key to activate unlock some features This command is used to install the activ...

Page 441: ...nit is not specified license information of current switch will be displayed Example This example shows how to display the installed DLMS license information on the switch Switch show dlms license Device Default License SI Current Active License EI License Model Activation Code Time Remaining DXS 3600 32S SE LIC xBc7vNWsSpchuQkGZsTfPwAcb 33 weeks DXS 3600 32S SE LIC xBc7vNWsSpchuQkGZsTfPwAcc DXS 3...

Page 442: ... Current active license specifies the feature options that are enabled on the switch EI indicates Enhance License License Model The license model name for the installed license Activation Code The activation code for the installed license Time Remaining The time remaining for the installed license If there is no description and an asterisk is appended to the activation code the license has expired...

Page 443: ...nism to detect a unidirectional point to point Ethernet link without PHY support OAM vendor specific messages are used in the detection The detection process is started after OAM discovery was started but does not complete the negotiation in the configured discovery time Example This example shows how to enable and then disable Ethernet OAM unidirectional link detection on interface 1 0 1 Switch c...

Page 444: ...ch config if 32 3 duld discovery time This command is used to configure Ethernet OAM unidirectional link detection discovery time duld discovery time SECONDS no duld discovery time Parameters SECONDS Specifies the discovery time The valid range is 5 to 65535 Default By default this value is 5 seconds Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline If the OA...

Page 445: ...fies a series of interfaces or separate a range of interfaces from a previous range No spaces before and after the comma Optional Specifies a range of interfaces No spaces before and after the hyphen Default None Command Mode EXEC Mode Command Default Level Level 1 Usage Guideline This command used to display the information of DULD Example This example shows how to display Ethernet OAM unidirecti...

Page 446: ...earned host entry Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Use this command to delete a host entry or all host entries which are dynamically learned by the DNS resolver or caching server Example This example shows how to delete the dynamically entry www abc com from the host table Switch clear host www abc com Switch 33 2 ip dns server This comm...

Page 447: ...ries ip dns lookup static cache no ip dns lookup static cache Parameters static Optional Specifies to enable or disable the lookup of static entries before asking the name server cache Optional Specifies to enable or disable the lookup of the dynamic cache before asking the name server Default Enable lookup static and cache Command Mode Global Configuration Mode Command Default Level Level 12 Usag...

Page 448: ...uery to the configured name server The answer replied by the name server will be cached for answering the subsequent requests Example This example shows how to enable the DNS domain name resolution function Switch configure terminal Switch config ip domain lookup Switch config 33 5 ip host This command is used to configure the static mapping entry for the host name and the IP address in the host t...

Page 449: ...ch config 33 6 ip name server This command is used to configure the IP address of a domain name server Use the no form of this command to delete the configured domain name server ip name server vrf VRF NAME IP ADDRESS IPV6 ADDRESS IP ADDRESS2 IPV6 ADDRESS2 no ip name server vrf VRF NAME IP ADDRESS IPV6 ADDRESS IP ADDRESS2 IPV6 ADDRESS2 Parameters VRF NAME Optional Specifies the name of the VRF ins...

Page 450: ...er timeout This command is used to configure the timeout value for the name server Use the no form of this command to revert it to the default value ip name server timeout SECONDS Parameters SECONDS Specifies the maximum time to wait for a response from a specified name server This value must be between 1 and 60 Default By default this value is 3 seconds Command Mode Global Configuration Mode Comm...

Page 451: ...is example shows how to display DNS related configuration information Switch show hosts Number of Static Entries 2 Number of Dynamic Entries 1 Host Name www yes com IP Address 10 0 0 88 IPv6 Address 2001 1 1 Age 1334minutes Host Name www abc com IP Address 10 0 0 10 Age forever Host Name www greet com IPV6 Address 2001 2 1 Age forever Switch 33 9 show ip name_server This command is used to display...

Page 452: ... Command Default Level Level 1 Usage Guideline Use this command to display the DNS related configuration information Example This example shows how to display the DNS related configuration information Switch show ip name_server Name servers are 1 1 1 1 Name servers are 1000 1 Name servers are 2 2 2 2 Name servers are 2000 2 Switch ...

Page 453: ...device respond to itself Land A LAND attack involves with IP packets where the source and destination address are set to address of the target device It may cause the target device reply to itself continuously TCP NULL scan Port scanning by using specific packets which contain a sequence number of 0 and no flags TCP SYN fin Port scanning by using specific packets which contain SYN and FIN flags TC...

Page 454: ...terminal Switch config dos prevention all Switch config This example shows how to disable the DoS prevention mechanism for all supported types Switch configure terminal Switch config no dos prevention all Switch config 34 2 show dos prevention This command is used to display the DoS prevention status and related drop counters show dos prevention DOS ATTACK TYPE Parameters DOS ATTACK TYPE Optional ...

Page 455: ... server enable traps dos prevention This command is used to enable the sending of SNMP notifications for DoS attacking Use the no command to disable the sending of SNMP notifications snmp server enable traps dos prevention no snmp server enable traps dos prevention Parameters None Default By default this feature is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usag...

Page 456: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 451 Switch configure terminal Switch config snmp server enable traps dos prevention Switch config ...

Page 457: ...al Configuration Mode Command Default Level Level 12 Usage Guideline The name must be unique among all access lists The characters used in the name are case sensitive There is an implicit deny statement at the end of an access list Example This example shows how to configure an ARP access list with two permit entries Switch configure terminal Switch config arp access list static arp list Switch co...

Page 458: ...D Parameters vlan VLAN ID Optional Specifies the VLAN or range of VLANs Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline This command is used to clear the Dynamic ARP Inspection DAI statistics Example This example shows how to clear the DAI statistics from VLAN 1 Switch clear ip arp inspection statistics vlan 1 Switch 35 4 ip arp inspection filter vlan ...

Page 459: ...ource MAC address of the packet is valid The validation process will match the address binging against the entries of the DHCP snooping database If the command is configured the validation process will match the address binging against the access list entries and the DHCP snooping database ARP ACLs take precedence over entries in the DHCP snooping binding database If the packet is explicitly denie...

Page 460: ...ect for both trusted and un trusted interfaces When the rate of the ARP packet per second exceeds the limitation and the condition sustained for the configured burst duration the port will be put in the error disable state Example This example shows how to limit the rate of the incoming ARP requests to 30 packets per second and to set the interface monitoring interval to 5 consecutive seconds Swit...

Page 461: ...number to 64 Switch configure terminal Switch config ip arp inspection log buffer entries 64 Switch config 35 7 ip arp inspection trust This command is used to trust an interface for dynamic ARP inspection Use the no form of the command to disable the trust state ip arp inspection trust no ip arp inspection trust Parameters None Default By default this option is disabled Command Mode Interface Con...

Page 462: ... validated Packets destined for the IP addresses 0 0 0 0 255 255 255 255 and all IP multicast addresses are dropped Sender IP addresses are checked in all ARP requests and responses and target IP addresses are checked only in ARP responses Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to specify the...

Page 463: ...not permitted by the ARP ACL or the DHCP snooping binding database the ARP packet will be dropped In addition to the address binding check the additional check defined by the IP ARP inspection validate command will also be checked Example This example shows how to enable ARP inspection on VLAN 2 Switch configure terminal Switch config ip arp inspection vlan 2 Switch config 35 10 ip arp inspection ...

Page 464: ...age Guideline Use the no form of this command to reset some of the logging criteria to their defaults If not specified all the logging types are reset to log on when the ARP packets are denied Example This example shows how to configure an ARP inspection on VLAN 1 to add packets to a log that matches the ACLs Switch configure terminal Switch config ip arp inspection vlan 1 logging acl match all Sw...

Page 465: ...P access list with two permit entries Switch configure terminal Switch config arp access list static arp list Switch config arp nacl permit ip 10 20 0 0 255 255 0 0 mac any Switch config arp nacl permit ip 10 30 0 0 255 255 0 0 mac any Switch config arp nacl 35 12 show ip arp inspection This command is used to display the status of DAI for a specific range of VLANs show ip arp inspection interface...

Page 466: ...46 145261 145261 0 VLAN DHCP Permits ACL Permits Source MAC Failures 10 21546 0 0 VLAN Dest MAC Failures IP Validation Failures 10 0 0 Switch This example shows how to display the statistics of packets that have been processed by DAI for all active VLANs Switch show ip arp inspection statistics VLAN Forwarded Dropped DHCP Drops ACL Drops 1 0 0 0 0 2 0 0 0 0 10 21546 145261 145261 0 100 0 0 0 0 200...

Page 467: ...Dest MAC Failures The number of ARP packets that fail destination MAC validation IP Validation Failures The number of ARP packets that fail the IP address validation Example This example shows how to display the configuration and operating state of DAI Switch show ip arp inspection Source MAC Validation Disabled Destination MAC Validation Disabled IP Address Validation Disabled VLAN State ACL Matc...

Page 468: ...le shows how to display the trust state of interface Ethernet 1 0 3 Switch show ip arp inspection interfaces ethernet 1 0 3 Interface Trust State Rate pps Burst Interval eth1 0 3 untrusted 30 5 Switch This example shows how to display the trust state of interfaces on the switch Switch show ip arp inspection interfaces Interface Trust State Rate pps Burst Interval eth1 0 1 untrusted 30 1 eth1 0 2 u...

Page 469: ...figuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the content of the inspection log buffer Example This example shows how to display the inspection log buffer Switch show ip arp inspection log Total log buffer size 64 Interface VLAN Sender IP Sender MAC Occurrence eth1 0 1 100 10 20 1 1 00 20 30 40 50 60 1 2013 12 28 23 08 66 eth1 0 2 100 10 5 10 16 55 66 20...

Page 470: ...ries Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 465 Sender MAC The logging ARP s sender MAC address Occurrence The counter of logging entries occurred and the last time of logging entry occurred ...

Page 471: ...ta Center Bridge DCB devices to exchange configuration information with directly connected peers The protocol may also be used for misconfiguration detection and for configuration of the peer The willing mode indicates that the local port has been administratively configured to accept configurations from the remote device Example This example shows how to enable the ETS willing option at interface...

Page 472: ...d bandwidth is 4 7 11 14 18 21 and 25 in percentage for traffic classes 0 to 6 respectively 0 for traffic class 7 means the recommended transmission selection algorithm is strict priority The default priority CoS to traffic class mapping is 0 to 2 1 to 0 2 to 1 3 to 3 4 to 4 5 to 5 6 to 6 and 7 to 7 Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline Use this c...

Page 473: ...splay the ETS recommendation information of a given interface or all interfaces Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays the ETS settings and status on the specified interface s Example This example shows how to display recommendation information for interface Ethernet 1 0 1 Switch show ets interface ethernet ...

Page 474: ...tion for an error port caused by ARP rate limiting dhcp rate Specifies to enable the auto recovery option for an error port caused by DHCP rate limiting loopback detect Specifies to enable the auto recovery option for an error port caused by loop detection l2pt guard Specifies to enable the auto recovery option for an error port caused by Layer 2 protocol tunneling interval SECONDS Specifies the t...

Page 475: ...isable recovery timer related settings show errdisable recovery Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to verify the settings of the error disable recovery timer Example This example shows how to display the settings of the error disable recovery timer Switch show errdisable recovery ErrDisable Ca...

Page 476: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 471 Port1 4 psecure violation 179 Switch ...

Page 477: ...art OAM discovery If the OAM mode of this interface is active it initiates the discovery Otherwise it reacts to the discovery received from the peer Example This example shows how to enable Ethernet OAM on interface Ethernet 1 0 1 Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if ethernet oam Switch config if 38 2 ethernet oam mode This command is used to configure ...

Page 478: ... to disable notifying the event and return the parameters to default value ethernet oam link monitor error symbol threshold NUMBER window DECISECONDS no ethernet oam link monitor error symbol threshold window Parameters threshold NUMBER Specifies a number of symbol errors If symbol errors occur in the specified window and it exceeds the threshold value then the event is generated The range is 0 to...

Page 479: ...AM error symbol monitor threshold to 100 Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if ethernet oam link monitor error symbol threshold 100 Switch config if This example shows how to configure the interface Ethernet 1 0 1 Ethernet OAM error symbol monitor window to 100 deciseconds Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if ...

Page 480: ... Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The link monitoring function counts the number of error frames detected during the specified window period This event is generated if the error frame count is equal to or greater than the specified threshold for that period Example This example shows how to enable notifying an Ethernet OAM error frame event o...

Page 481: ...r frame seconds threshold window Parameters threshold NUMBER Specifies the number of error frames in seconds If the number of the error frames occur in the specified window and exceeds the threshold value then the frame event is triggered The range is 1 to 900 window MILLISECONDS Specifies the amount of time over which the threshold is defined If threshold frame errors occur within the period an e...

Page 482: ...shold 100 Switch config if This example shows how to configure interface Ethernet 1 0 1 Ethernet OAM error frame seconds monitor window to 100 deciseconds Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if ethernet oam link monitor error frame seconds window 100 Switch config if This example shows how to configure interface Ethernet 1 0 1 Ethernet OAM error frame sec...

Page 483: ...tion Mode Command Default Level Level 12 Usage Guideline The link monitoring function counts the number of error frames detected during the specified period The period is specified by a number of received frames This event is generated if the error frame count is greater than or equal to the specified threshold for that period Example This example shows how to enable notifying an Ethernet OAM erro...

Page 484: ... remote failure dying gasp no ethernet oam remote failure dying gasp Parameters None Default The Ethernet OAM dying gasp event will be notified by default Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command used to configure the capability of the dying gasp event If the capability for the dying gasp event is disabled the port will never send out OA...

Page 485: ...hernet 1 0 1 Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if ethernet oam remote failure critical event Switch config if 38 9 ethernet oam remote loopback This command is used to set the action of the remote loopback on the specified port ethernet oam remote loopback start stop interface INTERFACE ID Parameters start Specifies to request the peer to change to the ...

Page 486: ...s how to start the Ethernet OAM remote loopback on interface Ethernet 1 0 1 Switch ethernet oam remote loopback start interface ethernet 1 0 1 Switch 38 10 ethernet oam received remote loopback This command is used to configure the behavior of the received remote loopback requirement from the peer on the specified port To return to the default settings use the no form of this command ethernet oam ...

Page 487: ...tional Specifies a series of interfaces or separate a range of interfaces from a previous range No spaces before and after the comma Optional Specifies a range of interfaces No spaces before and after the hyphen Default None Command Mode EXEC Mode Command Default Level Level 1 Usage Guideline The command is used to display port Ethernet OAM configurations Example This example shows how to displays...

Page 488: ...rs interface INTERFACE ID Specifies the interface ID to display The allowed interfaces only include physical ports Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No spaces before and after the comma Optional Specifies a range of interfaces No spaces before and after the hyphen Default None Command Mode EXEC Mode Command Default Level Level 1 Usage...

Page 489: ...e peer SendLocalAndRemoteOk The local device agrees the OAM peer entity PeeringLocallyRejected The local OAM entity rejects the remote peer OAM entity PeeringRemotelyRejected The remote OAM entity rejects the local device Operational The local OAM entity learns that both it and the remote OAM entity have accepted the peering NonOperHalfDuplex Since Ethernet OAM functions are not designed to work c...

Page 490: ...nterface INTERFACE ID Specifies the interface ID to display The allowed interfaces only include physical ports Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No spaces before and after the comma Optional Specifies a range of interfaces No spaces before and after the hyphen Default None Command Mode EXEC Mode Command Default Level Level 1 Usage Gui...

Page 491: ...tatistics all interface INTERFACE ID Parameters all Specifies to clear statistics of all interfaces interface INTERFACE ID Specifies the interface ID to clear The allowed interfaces only include physical ports Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No spaces before and after the comma Optional Specifies a range of interfaces No spaces befo...

Page 492: ...tional Specifies a range of interfaces No spaces before and after the hyphen Default None Command Mode EXEC Mode Command Default Level Level 1 Usage Guideline This command is used to display a port s Ethernet OAM event log Example This example shows how to display the Ethernet OAM event log of interface Ethernet 1 0 1 Switch show ethernet oam event log interface ethernet 1 0 1 Ethernet1 0 1 Local ...

Page 493: ...of 100ms intervals Threshold The number of detected error frames in the period is required to be equal to or greater than in order for the event to be generated Accumulated errors The sum of error records that have been detected in this event since the OAM sub layer was reset 38 16 clear ethernet oam event log This command is used to clear the event log of the Ethernet OAM function clear ethernet ...

Page 494: ...Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline This command is used to clear a port s Ethernet OAM event log Example This example shows how to clear the Ethernet OAM event log of interface Ethernet 1 0 1 Switch clear ethernet oam event log interface ethernet 1 0 1 Switch ...

Page 495: ...mmand to set the description string for an ERP instance Example This example shows how to create an ERP instance 1 in the physical ring named major ring and add a description for the instance Switch configure terminal Switch config ethernet ring g8032 major ring Switch config erp instance 1 Switch config erp instance description major ring instance 1 Switch config erp instance 39 2 ethernet ring g...

Page 496: ...ofile and enter the G 8032 profile configuration mode Use the no form of this command to delete a G 8032 profile ethernet ring g8032 profile PROFILE NAME no ethernet ring g8032 profile PROFILE NAME Parameters PROFILE NAME Specifies the name of the G 8032 profile with a maximum of 32 characters Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use th...

Page 497: ... Use this command to enable the propagation of topology change notifications from the sub ring instance to other ring instances Example This example shows how to enable the TCN propagation state for the G 8032 profile campus Switch configure terminal Switch config ethernet ring g8032 profile campus Switch config g8032 ring profile tcn propagation Switch config g8032 ring profile 39 5 r aps channel...

Page 498: ...nfigure terminal Switch config ethernet ring g8032 ring2 Switch config erp exit Switch config ethernet ring g8032 ring1 Switch config erp sub ring ring2 Switch config ethernet ring g8032 ring2 Switch config erp port0 interface ethernet 1 0 1 Switch config erp port1 none Switch config erp instance 1 Switch config erp instance r aps channel vlan 2 Switch config erp instance 39 6 inclusion list vlan ...

Page 499: ...g ring2 Switch config erps exit Switch config ethernet ring g8032 ring2 Switch config erp port0 interface ethernet 1 0 1 Switch config erp port1 none Switch config erp instance 1 Switch config erp instance r aps channel vlan 20 Switch config erp instance inclusion list vlan ids 100 200 Switch config erp instance 39 7 instance This command is used to create an ERP instance and enter the ERP Instanc...

Page 500: ...the no form of this command to return to the default setting level MEL VALUE no level Parameters MEL VALUE Specifies the ring MEL value of the ERP instance The valid range is from 0 to 7 Default By default this value is 1 Command Mode ERP Instance Configuration Mode Command Default Level Level 12 Usage Guideline The configured ring MEL value of all ring nodes participating in the same ERP instance...

Page 501: ...g connected to another ring This command is applied on the interconnection node Example This example shows how to configure the physical ring named ring2 as a sub ring of ring1 Switch configure terminal Switch config ethernet ring g8032 ring2 Switch config erp exit Switch config ethernet ring g8032 ring1 Switch config erp sub ring ring2 Switch config erp 39 10 sub ring instance This command is use...

Page 502: ...witch config erp instance 2 Switch config erp instance sub ring instance 1 Switch config erp instance 39 11 profile This command is used to associate an ERP instance with a G 8032 profile Use the no form of the command to remove the association profile PROFILE NAME no profile PROFILE NAME Parameters PROFILE NAME Specifies the name of the G 8032 profile to be associated with the ERP instance Defaul...

Page 503: ... Switch config erp instance exit Switch config erp ring exit Switch config ethernet ring g8032 ring2 Switch config erp ring exit Switch config ethernet ring g8032 ring1 Switch config erp ring sub ring ring2 Switch config erp ring exit Switch config ethernet ring g8032 ring2 Switch config erp ring port0 interface ethernet 3 0 3 Switch config erp ring port1 none Switch config erp ring instance 2 Swi...

Page 504: ...g port It can be a physical port or port channel interface none Specifies none to indicate that the interconnect node is a local node endpoint of an open ring Default None Command Mode ERP Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to configure the second ring port of a physical ring Use the port1 none command to indicate that the interconnect node is a loca...

Page 505: ...ed after a switch link defect condition has cleared Since in Ethernet ring protection the working transport entity resources may be more optimized in some cases it is desirable to revert to this working transport entity once all ring links are available This is performed at the expense of an additional traffic interruption In some cases there may be no advantage to revert to the working transport ...

Page 506: ...nable the RPL owner and configure port 0 as the RPL port of ERP instance 1 Switch configure terminal Switch config ethernet ring g8032 major ring Switch config erp port0 interface ethernet 1 0 1 Switch config erp port1 interface ethernet 1 0 2 Switch config erp instance 1 Switch config erp instance rpl port0 owner Switch config erp instance 39 16 show ethernet ring g8032 This command is used to di...

Page 507: ...ernet 1 0 2 Ring Type Major_ring Ring ID 1 Instance 1 Instance Status Idle R APS Channel 2 Protected VLAN 10 20 Port0 eth1 0 1 Blocking Port1 eth1 0 2 forwarding Profile Campus Description Guard timer 500 milliseconds Hold Off Timer 0 milliseconds WTR Timer 5 minutes Non revertive MEL 1 RPL role Owner RPL Port Port0 Sub ring instance none Instance 2 Instance Status Idle R APS Channel 2 Protected V...

Page 508: ...liseconds Hold off Timer 0 milliseconds WTR Timer 5 minutes Non revertive MEL 1 RPL role Owner RPL Port Port0 Sub ring instance none Instance 2 Instance Status Idle R APS Channel 2 Protected VLAN 10 20 Port0 eth1 0 1 Blocking Port1 eth1 0 2 forwarding Profile Campus Description Guard Timer 500 milliseconds Hold off timer 0 milliseconds WTR Timer 5 minutes Non revertive MEL 1 RPL role Owner RPL Por...

Page 509: ...mer 5 minutes Revertive MEL 1 RPL Role None RPL Port Sub Ring Instance none Switch This example shows how to display brief information of the ERP physical ring ring1 Switch show ethernet ring g8032 brief ring1 ERPS Version G 8032v2 Ring InstID Status Port State ring1 1 Deactivated p0 eth1 0 1 Forwarding p1 eth1 0 2 Forwarding Switch This example shows how to display brief information of the ERP ph...

Page 510: ...Owner Neighbor None Port0 Port1 The current config running config ring port role Interface_id none RPL Port The current config running RPL port0 port1 none Ring port0 port1 state The state for ring ports of the ERP instance Forwarding Blocked Signal Fail Signal Fail Blocked virtual_channel RingType Indicates either major ring or sub ring 39 17 activate This command is used to activate an ERP insta...

Page 511: ...S Optional Specifies the guard timer in milliseconds The valid range is from 10 to 2000 The value should be multiples of 10 hold off SECONDS Optional Specifies the hold off timer in seconds The valid range is from 0 to 10 wtr MINUTES Optional Specifies the WTR timer in minutes The valid range is from 1 to 12 Default The default guard timer is 500 milliseconds The default hold off timer is 0 The de...

Page 512: ...pecifies the identifier of a physical ring The valid range is from 1 to 239 Default None Command Mode ERP Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to configure the ring ID of a physical ring Example This example shows how to configure the ring value 2 of the G8032 ring ring2 Switch configure terminal Switch config ethernet ring g8032 ring2 Switch config er...

Page 513: ...g ethernet ring g8032 ring2 Switch config erps ring_type sub ring Switch config erps 39 21 erps force switch ring_port This command is used to block an ERP instance port erps force switch ring_port port0 port1 Parameters port0 Specifies that port0 will be blocked port1 Specifies that port1 will be blocked Default None Command Mode ERP Instance Configuration Mode Command Default Level Level 12 Usag...

Page 514: ...ck ERPS instance port1 Default None Command Mode ERP Instance Configuration Mode Command Default Level Level 12 Usage Guideline This command forcibly blocks a port on which MS is configured when link failures and FS conditions are absent Example This example shows how to manually block the major ring instance 1 port0 Switch configure terminal Switch config ethernet ring g8032 major ring Switch con...

Page 515: ...h configure terminal Switch config ethernet ring g8032 major ring Switch config erp instance 1 Switch config erp instance erps manual switch ring_port port0 Switch config erp instance clear Switch config erp instance 39 24 erps version This command is used to configure the ERP version Use the no command to return this to the default option erps version g 8032v1 g 8032v2 no erps version Parameters ...

Page 516: ...not exist Physical rings have only one instance Example This example shows how to set the ERPS version Switch configure terminal Switch config erps version G 8032v1 Switch config 39 25 snmp server enable traps erps This command is used to enable the sending of SNMP notifications for ERPS state changes Use the no command to disable the sending of SNMP notifications snmp server enable traps erps no ...

Page 517: ...ge Guideline This command is available for the DXS 3600 EM 4QXS expansion module Use this command to configure the port to one 40GBASE CR4 port or four 10GBASE R ports Example This example shows how to configure the 2nd port on unit 2 to four 10GBASE R ports Switch configure terminal Switch config port mode unit 2 2nd_port 4 10giga Switch config 40 2 show module info This command is used to displa...

Page 518: ...w to display the expansion module s information Switch show module info Unit 1 Boot UP Expansion Module SN 212131652424190 Boot UP Expansion Module 1 DXS 3600 EM 4QXS 1st port mode 4 10G 2nd port mode 4 10G 3rd port mode 40G 4th port mode 40G Equipped Expansion Module SN 2345003344443 Equipped Expansion Module 1 DXS 3600 EM 4QXS 1st port mode 40G 2nd port mode 40G 3rd port mode 40G 4th port mode 4...

Page 519: ... Managed 10Gigabit Ethernet Switch CLI Reference Guide 514 2nd port mode 4 10G 3rd port mode 40G 4th port mode 40G 4QXS Port Mode Configuration 1st port mode 40G 2nd port mode 4 10G 3rd port mode 40G 4th port mode 40G Switch ...

Page 520: ...fault Level Level 1 Usage Guideline If the URL is not specified then the current directory is not changed Example This example shows how to change the current directory to the directory log on file system c Switch dir Directory of c 1 d 0 Dec 29 2013 17 49 36 images 2 d 0 Jan 02 2013 18 42 53 configurations 3 d 0 Jan 02 2013 18 42 53 log 4 639 Jan 03 2013 12 09 32 new_config cfg 20578304 bytes tot...

Page 521: ...e firmware image or the configuration file that is specified as the boot up file cannot be deleted Example This example shows how to delete the file named test txt from file system on the local flash Switch delete c test txt Delete test txt y n n y File is deleted Switch 41 3 dir This command is used to display the information for a file or the listing of files in the specified path name dir URL P...

Page 522: ... media command Example This example shows how to display the root directory in a standalone switch Switch dir Directory of 1 d 0 Jun 31 2013 17 49 36 c 2 d 0 Jun 31 2013 18 42 53 d 0 bytes total 0 bytes free Switch 41 4 format This command is used to format the external storage device format FILE SYSTEM fat32 fat16 Parameters FILE SYSTEM Specifies the file system fat32 Optional Specifies to format...

Page 523: ...ORY NAME Parameters DIRECTORY NAME Specifies the name of the directory Default None Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command to make a directory in the current directory Example This example shows how to create a directory named newdir under the current directory Switch mkdir newdir Switch 41 6 more This command is used to display the conten...

Page 524: ...re unreadable characters or even blank spaces Example This example shows how to display the contents of file usr_def conf Switch more c configuration usr_def conf DXS 3600 Firmware Version 2 40 041 Slot Model 1 DXS 3600 32S 2 3 DXS 3600 32S 4 DXS 3600 32S ip igmp snooping vlan 1 end Switch 41 7 rename This command is used to rename a file rename FILE URL1 FILE URL2 Parameters FILE URL1 Specifies t...

Page 525: ...y in the file system rmdir DIRECTORY NAME Parameters DIRECTORY NAME Specifies the name of the directory Default None Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command to remove a directory in the working directory Example This example shows how to remove a directory called newdir under the current directory Switch rmdir newdir Remove directory newdir...

Page 526: ...r EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the information of the storage media available on the system Example This example shows how to display the information of the storage media on all units Switch show storage_media_info Unit Drive Media Type Size FS Type Label 1 c FLASH 31M FFS 2 c FLASH 31M FFS 2 d SD Card 256M FAT32 test 3 c ...

Page 527: ...terface that the MAC address will be deleted from The specified interface can be a physical port or a port channel vlan VLAN ID Specifies the VLAN ID The valid values are from 1 to 4094 Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Using this command only clears dynamic MAC address entries Only the dynamic unicast address entry will be cleared Exampl...

Page 528: ...le the destination MAC address triggered updated function mac address table aging destination hit no mac address table aging destination hit Parameters None Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The source MAC address triggered update function is always enabled The hit bit of MAC address entries correspondin...

Page 529: ...es or separate a range of interfaces from a previous range No spaces before and after the comma Optional Specifies a range of interfaces No spaces before and after the hyphen Default By default this option is enabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this commands to enable or disable MAC address learning on a physical port Example This examp...

Page 530: ...ed The MAC notification history table stores the MAC address learned or deleted on each interface for which the trap is enabled Events are not generated for multicast addresses Example This example shows how to enable MAC address change notification and set the interval to 10 seconds and set the history size value to 500 entries Switch configure terminal Switch config mac address table notificatio...

Page 531: ... there is no need to specify the interface ID To delete a multicast MAC address entry if an interface ID is specified only this interface will be removed Otherwise the entire multicast MAC entry will be removed The option drop can only be specified for a unicast MAC address entry Example This example shows how to add the static address C2 F3 22 0A 12 F4 to the MAC address table It also specifies t...

Page 532: ... configure terminal Switch config vlan 100 Switch config vlan multicast filtering mode filter unregistered Switch config vlan 42 8 show mac address table This command is used to display a specific MAC address entry or the MAC address entries for a specific interface or VLAN show mac address table dynamic static address MAC ADDR interface INTERFACE ID vlan VLAN ID Parameters dynamic Optional Specif...

Page 533: ...xample shows how to display all the static MAC address table entries Switch show mac address table static VLAN MAC Address Type Ports 1 00 02 4B 28 C4 82 Static CPU 2 00 02 4B 28 C4 83 Static CPU 4 00 01 00 02 00 04 Static eth1 0 2 4 C2 F3 22 0A 12 F4 Static port channel2 6 00 01 00 02 00 07 Static eth1 0 1 6 00 01 00 02 00 10 Static Drop Total Entries 6 Switch This example shows how to display al...

Page 534: ...dress table aging time Aging Time is 300 seconds Switch 42 10 show mac address table learning This command is used to display the MAC address learning state show mac address table learning interface INTERFACE ID Parameters INTERFACE ID Optional Specifies the interface to be display Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No spaces before an...

Page 535: ... address notification configuration or history content show mac address table notification change interface INTERFACE ID history Parameters interface INTERFACE ID Optional Specifies the interface to display history Optional Specifies to display the MAC address notification change history Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline If ...

Page 536: ...eth1 0 21 Disabled Disabled eth1 0 22 Disabled Disabled eth1 0 23 Disabled Disabled eth1 0 24 Disabled Disabled Switch This example shows how to display the MAC address notification global configuration Switch show mac address table notification change MAC Notification Change Feature Disabled Interval between Notification Traps 1 seconds Maximum Number of Entries Configured in History Table 1 Curr...

Page 537: ...ommand Default Level Level 1 Usage Guideline Example This example shows how to display the multicast filtering mode configuration for all VLANs Switch show multicast filtering mode Interface Layer 2 Multicast Filtering Mode default forward unregistered Total Entries 1 Switch 42 13 snmp server enable traps mac notification change This command is used to enable the sending of SNMP MAC notification t...

Page 538: ...mp trap mac notification change added removed Parameters added Specifies to enable the MAC change notification when a MAC address is added on the interface removed Specifies to enable the MAC change notification when a MAC address is removed from the interface Default The traps for both address addition and address removal are disabled Command Mode Interface Configuration Mode Command Default Leve...

Page 539: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 534 Switch config if ...

Page 540: ...interfaces Specify a single interface a range of interfaces separated by a hyphen or a series of interfaces separated by comma Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Use this command to clear the GVRP counters Example This example shows how to clear statistics for all interfaces Switch clear gvrp statistics all Switch 43 2 gvrp global This com...

Page 541: ... on a port Use the no command to disable the GVRP function on a port gvrp enable no gvrp enable Parameters None Default By default this option is disabled Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is available for both physical ports and port channel interface configuration This command only takes effect for hybrid mode and trunk mode Thi...

Page 542: ...es a series of VLANs or separate a range of VLANs from a previous range No spaces are required before and after the comma Optional Specifies a range of VLANs No spaces are required before and after the hyphen Default By default no VLANs are advertised Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The command is available for both physical ports and port c...

Page 543: ...itch config 43 6 gvrp forbidden This command is used to specify a port as being a forbidden member of the specified VLAN Use the no command to remove the port as a forbidden member of all VLANs gvrp forbidden all add remove VLAN ID no gvrp forbidden Parameters all Specifies that all VLANs except VLAN 1 are forbidden on the interface add Optional Specifies a VLAN or a list of VLANs to be added to t...

Page 544: ... example shows how to configure the interface Ethernet 1 0 1 as a forbidden port of VLAN 1000 via the GVRP operation Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if gvrp forbidden 1000 Switch config if 43 7 gvrp timer This command is used to configure the GVRP timer value on a port Use the no form of the command to revert the timer to the default setting gvrp time...

Page 545: ...Use the no form of the command to reset it to the default setting gvrp nni bpdu address dot1d dot1ad no gvrp nni bpdu address Parameters dot1d Specifies to set the GVRP BPDU protocol address to 802 1d GVRP address 01 80 C2 00 00 21 dot1ad Specifies to set the GVRP BPDU protocol address to 802 1ad GVRP address 01 80 C2 00 00 0D Default Dot1d GVRP address Command Mode Global Configuration Mode Comma...

Page 546: ...aces used to display the configuration Specify a single interface or a range of interfaces separated by a hyphen or a series of interfaces separated by comma Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command only displays GVRP related configurations Example This example shows how to display the GVRP configuration for the global...

Page 547: ...es the interfaces Specify a single interface a range of interfaces separated by a hyphen or a series of interfaces separated by commas Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command only displays the ports which have the GVRP state enabled Example This example shows how to display statistics for GVRP interfaces ethernet 1 0 ...

Page 548: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 543 ...

Page 549: ...Command Default Level Level 12 15 Usage Guideline The system will learn gratuitous ARP packets in the ARP cache table by default Example This example shows how to disable the learning of gratuitous ARP request packets Switch configure terminal Switch config no ip arp gratuitous Switch config 44 2 ip gratuitous arps This command is used to enable the transmission of gratuitous ARP request packets T...

Page 550: ...end out the packet while a duplicate IP address is detected Example This example shows how to sending of gratuitous ARP messages Switch configure terminal Switch config ip gratuitous arps dad reply Switch config 44 3 arp gratuitous send This command is used to set the interval for regularly sending of gratuitous ARP request messages on the interface Use no command to disable this function on the i...

Page 551: ...yer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 546 Switch configure terminal Switch config ip gratuitous arps Switch config interface vlan100 Switch config if arp gratuitous send interval 1 Switch config if ...

Page 552: ...y When receiving IGMP report packets from a downstream interface IGMP proxy will update its membership database which is generated by the merger of all subscriptions on any downstream interface If the database is changed the proxy device will send unsolicited reports or leaves from upstream interface It can also send membership reports from the upstream interface when queried Example This example ...

Page 553: ...This command is used to configure an interface as a downstream in IGMP proxy Use the no form of this command to disable the IGMP proxy downstream function on the interface ip igmp proxy downstream no ip igmp proxy downstream Parameters None Default None Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline Multiple downstream interfaces can be configured on an IG...

Page 554: ...xy uses the IGMP querier election to elect a single forwarder on a LAN Use this command to make a non querier device a forwarder Use the configuration in the appropriate topology Improper usage may cause local loops or redundant traffic The command does not take effect if the interface is not set as the downstream interface or set as the upstream interface Example This example shows how to enable ...

Page 555: ... ip igmp proxy group This command is used to display multicast groups learned by the IGMP proxy function show ip igmp proxy group GROUP ADDRESS Parameters GROUP ADDRESS Specifies the IPv4 multicast address Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display all group information by not specifying the group address ...

Page 556: ...multicast address Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display all proxy forwarding information by not specifying the group address Example This example shows how to display the forwarding information created by the IGMP proxy function Switch show ip igmp proxy forwarding 237 1 1 0 100 52 1 10 vlan52 outgoin...

Page 557: ...ID Specifies a port to clear the IP IGMP snooping statistics Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline This command is used to clear the IGMP snooping related statistics Example This example shows how to clear all IGMP Snooping statistics Switch clear ip igmp snooping statistics all Switch 46 2 ip igmp snooping This command is used to enable the ...

Page 558: ...P snooping operation on VLANs that are IGMP snooping enabled Switch configure terminal Switch config ip igmp snooping Switch config This example shows how to disable IGMP snooping on a VLAN1 Switch configure terminal Switch config vlan 1 Switch config vlan no ip igmp snooping Switch config vlan 46 3 ip igmp snooping access group This command is used to restrict the receivers on a subnet to only jo...

Page 559: ...erface Ethernet 1 0 1 Switch configure terminal Switch config ip access list igmp_filter Switch config ip acl permit any host 226 1 1 1 Switch config ip acl end Switch config interface ethernet 1 0 1 Switch config if ip igmp snooping access group igmp_filter Switch config if 46 4 ip igmp snooping fast leave This command is used to configure IGMP Snooping fast leave on the interface Use the no form...

Page 560: ... Usage Guideline This command is only available for VLAN interface configuration An IGMP snooping switch is aware of link layer topology changes caused by the Spanning Tree operation When a port is enabled or disabled by the Spanning Tree a General Query will be sent on all active non router ports in order to reduce network convergence time Use this command to make IGMP snooping ignore the topolog...

Page 561: ...n 1000 Switch config vlan ip igmp snooping last member query interval 3 Switch config vlan 46 7 ip igmp snooping limit This command is used to set the limitation on the number of IGMP cache entries that can be created Use the no form of this command to remove the limitation ip igmp snooping limit NUMBER exceed action drop replace except ACCESS LIST NAME vlan VLAN ID no ip igmp snooping limit vlan ...

Page 562: ...t 25 exceed action drop Switch config if This example shows how to set the limit number of IGMP snooping groups that Ethernet 1 0 5 which is a trunk port can join to Switch configure terminal Switch config interface ethernet 1 0 5 Switch config if ip igmp snooping limit 100 vlan 2 Switch config if This example shows how to set the limit number of IGMP snooping groups that eth4 0 3 which is a hybri...

Page 563: ...a separate a range of interfaces from a previous range No space is allowed before and after the comma Optional Specifies a range of interfaces No space is allowed before and after the hyphen Default No IGMP snooping multicast router port is configured Auto learning is enabled Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is only available for...

Page 564: ... IGMP report or leave packets for a specific S G will be integrated into one report before being sent to the router port Proxy reporting source IP will be used as source IP of the report Zero IP address will be used when the proxy reporting source IP is not set Interface MAC will be used as source MAC of the report If the VLAN has no IP address configured then system MAC will be used Example This ...

Page 565: ...able the IGMP snooping querier on VLAN 1 Switch configure terminal Switch config vlan 1 Switch config vlan ip igmp snooping querier Switch config vlan 46 11 ip igmp snooping query interval This command is used to configure the interval at which the IGMP snooping querier sends IGMP general query messages periodically Use the no form of the command to revert to the default setting ip igmp snooping q...

Page 566: ... IGMP snooping queries The range is 1 to 25 Default By default this value is 10 seconds Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is only available for VLAN interface configuration This command configures the period of which the group member can respond to an IGMP query message before the IGMP Snooping deletes the membership Example This ...

Page 567: ...ting if any IGMPv2 or IGMPv3 query packet is received When receiving an IGMPv1 query packet IGMP snooping won t initiate a new querier electing Example This example shows how to configure the query version to be 2 on VLAN 1000 Switch configure terminal Switch config vlan 1000 Switch config vlan ip igmp snooping query version 2 Switch config vlan 46 14 ip igmp snooping rate limit This command is us...

Page 568: ...lt this option is disabled Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is only available for VLAN interface configuration The report suppression function only works for IGMPv1 and IGMPv2 traffic When report suppression is enabled the switch suppresses the duplicate reports sent by hosts The suppression for the same group report or leave wil...

Page 569: ... present interval The amount of time that must pass before a multicast router decides that there is no longer another multicast router that is the querier This interval is calculated as follows robustness variable x query interval 0 5 x query response interval Last member query count The number of group specific queries sent before the router assumes there are no local members of a group The defau...

Page 570: ... to statically add group membership entries and or source records The ip igmp snooping static group command allows the user to create an IGMP snooping static group in case that the attached host does not support the IGMP protocol Example This example shows how to statically add a group and source records for IGMP snooping Switch configure terminal Switch config vlan 1 Switch config vlan ip igmp sn...

Page 571: ...o configure the minimum version of IGMP hosts that is allowed on the interface Use the no form of this command to remove the restriction from the interface ip igmp snooping minimum version 2 3 no ip igmp snooping minimum version Parameters 2 Specifies to filter out IGMPv1 messages 3 Specifies to filter out IGMPv1 and IGMPv2 messages Default By default there is no limit on the minimum version Comma...

Page 572: ... snooping vlan VLAN ID Parameters VLAN ID Specifies the VLAN to be displayed Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display IGMP snooping information for all VLANs where IGMP snooping is enabled Example This example shows how to display IGMP snooping configurations Switch show ip igmp snooping IGMP snooping gl...

Page 573: ...ed If no VLAN is specified IGMP snooping group information of all VLANs will be displayed at which IGMP Snooping is enabled IP ADDRESS Optional Specifies the group IP address to be displayed If no IP address is specified all IGMP group information will be displayed Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to displa...

Page 574: ...ne Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the IGMP snooping limit and access group information Example This example shows how to display IGMP snooping filter information when no interface is specified Switch show ip igmp snooping filter eth1 0 1 Rate limit 30pps Access group igmp_filter Groups Channel Limit 25 Exce...

Page 575: ...ion learned and configured on the switch show ip igmp snooping mrouter vlan VLAN ID Parameters vlan VLAN ID Optional Specifies the VLAN If no VLAN is specified IGMP snooping information on all VLANs will be displayed of which IGMP snooping is enabled Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display dynamically l...

Page 576: ...rs vlan VLAN ID Specifies the VLAN ID to display VLAN statistics Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays the IGMP snooping related statistics information Example This example shows how to display IGMP snooping statistics information Switch show ip igmp snooping statistics vlan 1 VLAN 1 Statistics IGMPv1 Rx Re...

Page 577: ...series of interfaces or separate a range of interfaces from a previous range No spaces are allowed before and after the comma Optional Specifies a range of interfaces No spaces are allowed before and after the hyphen Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Use this command to clear counters for a physical port interface Example This example sho...

Page 578: ...guration mode for a single interface Use the no form of the command to remove an interface interface INTERFACE ID no interface INTERFACE ID Parameters INTERFACE ID Specifies the ID of the interface The interface ID is formed by interface type and interface number with no spaces in between Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This comman...

Page 579: ...rface has the channel group command configured for it Use the no interface Port channel command to remove a port channel For a null interface the null0 interface is supported and can t be removed For a loopback interface or a tunnel interface the interface command is used to create the interface or modify the interface setting Use the no form of the command to remove the interface L2vlan and L2vc ...

Page 580: ...aces are allowed before and after the comma Optional Specifies a range of interfaces No spaces are allowed before and after the hyphen Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command enters the interface configuration mode for the specified range of interfaces Commands configured in the interface range mode applies to interfaces in th...

Page 581: ...face ethernet 1 0 1 eth1 0 1 counters rxHCTotalPkts 0 txHCTotalPkts 0 rxHCUnicastPkts 0 txHCUnicastPkts 0 rxHCMulticastPkts 0 txHCMulticastPkts 0 rxHCBroadcastPkts 0 txHCBroadcastPkts 0 rxHCOctets 0 txHCOctets 0 rxHCPkt64Octets 0 rxHCPkt65to127Octets 0 rxHCPkt128to255Octets 0 rxHCPkt256to511Octets 0 rxHCPkt512to1023Octets 0 rxHCPkt1024to1518Octets 0 rxHCPkt1519to1522Octets 0 rxHCPkt1519to2047Octet...

Page 582: ...sions 0 dot3StatsExcessiveCollisions 0 dot3StatsInternalMacTransmitErrors 0 dot3StatsCarrierSenseErrors 0 dot3StatsFrameTooLongs 0 dot3StatsInternalMacReceiveErrors 0 linkChange 0 Switch 47 6 show interfaces This command is used to display the interface information show interfaces INTERFACE ID Parameters INTERFACE ID Optional Specifies that the interface can be a physical port VLAN loopback interf...

Page 583: ...s loopback1 loopback1 is enabled link status is up Interface type Loopback Interface description Loopback 1 for MIS Switch This example shows how to display the NULL interface information for interface null0 Switch show interfaces null0 Null0 is enabled link status is up Interface type Null Interface description Null0 for MIS Switch This example shows how to display the interface information for E...

Page 584: ...face type Management port Interface description mgmt_ipif for MIS Switch 47 7 show interfaces counters This command is used to display counters on specified interfaces show interfaces INTERFACE ID counters errors Parameters INTERFACE ID Optional Specifies that the interface can be a physical port or VLAN interfaces If no interface is specified the counters on all interfaces will be displayed Optio...

Page 585: ... counters Port InOctets InMcastPkts InUcastPkts InBcastPkts eth1 0 1 1834520 629 9234 338 eth1 0 2 0 0 0 0 eth1 0 3 0 0 0 0 eth1 0 4 0 0 0 0 eth1 0 5 0 0 0 0 eth1 0 6 0 0 0 0 eth1 0 7 0 0 0 0 eth1 0 8 0 0 0 0 Port OutOctets OutMcastPkts OutUcastPkts OutBcastPkts eth1 0 1 5387265 0 9381 0 eth1 0 2 0 0 0 0 eth1 0 3 0 0 0 0 eth1 0 4 0 0 0 0 eth1 0 5 0 0 0 0 eth1 0 6 0 0 0 0 eth1 0 7 0 0 0 0 eth1 0 8 ...

Page 586: ... Runts eth1 0 1 0 0 0 0 0 0 0 eth1 0 2 0 0 0 0 0 0 0 eth1 0 3 0 0 0 0 0 0 0 eth1 0 4 0 0 0 0 0 0 0 eth1 0 5 0 0 0 0 0 0 0 eth1 0 6 0 0 0 0 0 0 0 eth1 0 7 0 0 0 0 0 0 0 eth1 0 8 0 0 0 0 0 0 0 eth1 0 14 0 0 0 0 0 0 0 Port Giants Symbol Err SQETest Err DeferredTx IntMacTx IntMacRx eth1 0 1 0 0 0 0 0 0 0 eth1 0 2 0 0 0 0 0 0 0 eth1 0 3 0 0 0 0 0 0 0 eth1 0 4 0 0 0 0 0 0 0 eth1 0 5 0 0 0 0 0 0 0 eth1 0...

Page 587: ...o display the switch s port connection status Switch show interfaces ethernet 1 0 1 8 1 0 14 status Port Status VLAN Duplex Speed Type eth1 0 1 not connected 1 auto auto 10GBASE R eth1 0 2 not connected 1 auto auto 10GBASE R eth1 0 3 not connected 1 auto auto 10GBASE R eth1 0 4 not connected 1 auto auto 10GBASE R eth1 0 5 not connected 1 auto auto 10GBASE R eth1 0 6 not connected 1 auto auto 10GBA...

Page 588: ...ical port utilization Example This example shows how to display the switch s port utilization Switch show interfaces utilization Port TX packets sec RX packets sec Utilization eth1 0 1 0 0 0 eth1 0 2 1488109 0 50 eth1 0 3 0 0 0 eth1 0 4 0 1488109 50 eth1 0 5 0 0 0 eth1 0 6 0 0 0 eth1 0 7 0 0 0 eth1 0 8 0 0 0 Total Entries 8 Switch 47 10 show interfaces gbic This command is used to display GBIC sta...

Page 589: ...Type 10GBASE R Laser Identifier SFP Connector Type LC Ethernet Compliance Code 10G Base SR Encoding 64B 66B Vendor Name Vendor Vendor OUI 0 90 65 Vendor PN PN1234568790 Vendor Rev A2 Vendor SN SN1234567890 Date Code 110303 Received Power Measurements Type Average Power Compatibility Single Mode SM 10300Mbd 850nm Transfer Distance 50 125 um OM2 fiber 80m 62 5 125 um OM1 fiber 30m 50 125 um OM3 fibe...

Page 590: ...pecifies the interface ID If no interface is specified the auto negotiation information on all physical port interfaces will be displayed Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No spaces are allowed before and after the comma Optional Specifies a range of interfaces No spaces are allowed before and after the hyphen auto negotiation Specifi...

Page 591: ...e interface ID If no interface is specified then information related to all interfaces will be displayed Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No spaces are allowed before and after the comma Optional Specifies a range of interfaces No spaces are allowed before and after the hyphen description Specifies to display the description and link...

Page 592: ...h1 0 15 down enabled eth1 0 16 down enabled eth1 0 17 down enabled eth1 0 18 down enabled eth1 0 19 down enabled eth1 0 20 down enabled eth1 0 21 down enabled eth1 0 22 down enabled eth1 0 23 down enabled eth1 0 24 down enabled mgmt down enabled L2VLAN 1 up enabled Interface vlan1 up enabled Total Entries 27 Switch 47 13 shutdown This command is used to disable an interface Use the no form of the ...

Page 593: ...e the port to enter the disabled state Under the disabled state the port will not be able to receive or transmit any packets Using the no shutdown command will put the port back into the enabled state When a port is shut down the link status will also be turned off Example This example shows how to enter the shutdown command to disable the port state of interface port 1 0 1 Switch configure termin...

Page 594: ...arameters unicast Optional Specifies to use IPv6 unicast address prefixes This is the default Default None Command Mode Router Configuration Mode Command Default Level Level 12 Usage Guideline None Example This example shows how to enter the address family configuration mode for the IPv6 address family Switch configure terminal Switch config router isis Switch config router address family ipv6 Swi...

Page 595: ...h config router no adjacency check Switch config router 48 3 area password This command is used to configure the IS IS area authentication password Use the no command to remove the password area password PASSWORD authenticate snp validate send only no area password Parameters PASSWORD Enter the 16 byte plain text password here authenticate snp Optional Specifies to insert the password into sequenc...

Page 596: ...d is used generate a default route into an IS IS routing domain Use the no command to disable this function default information originate no default information originate Parameters None Default By default this feature is disabled Command Mode Router Configuration Mode Address Family Configuration Mode Command Default Level Level 12 Usage Guideline If this command is specified IS IS will generate ...

Page 597: ...g of trustworthiness is Example This example shows how to configure the IS IS distance to 122 Switch configure terminal Switch config router isis Switch config router distance 122 Switch config router 48 6 domain password This command is used to configure the IS IS routing domain authentication password Use the no command to remove the password domain password PASSWORD authenticate snp validate se...

Page 598: ...entication password to the routing domain Switch configure terminal Switch config router isis Switch config router domain password domain1 Switch config router 48 7 exit address family This command is used exit the address family configuration mode exit address family Parameters None Default None Command Mode Address Family Configuration Mode Command Default Level Level 12 Usage Guideline This com...

Page 599: ...e routers The dynamic hostname mechanism uses Link State Protocol LSP flooding to distribute the router name to system ID mapping information across the entire network Every router on the network will try to install the system ID to router name mapping information in its routing table If a router that has been advertising the dynamic name Type Length Value TLV on the network suddenly stops the adv...

Page 600: ...er the network non functional use this command to ignore these LSPs rather than purge the packets Example This example shows how to enable to ignore LSPs errors Switch configure terminal Switch config router isis Switch config router ignore lsp errors Switch config router 48 10 ip router isis This command is used to enable the IS IS routing protocol for IP on an interface Use the no command to dis...

Page 601: ...n which the IP interface is enabled Default By default the IS IS routing protocol for IPv6 is disabled on each interface Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to enable the IS IS routing protocol for IPv6 on specific interfaces Example This example shows how to enable the IS IS routing protocol for IPv6 on interface VLAN 1 Switch ...

Page 602: ...process Example This example shows how to configure the IS IS routing process to perform only Level 2 routing Switch configure terminal Switch config router isis Switch config router is type level 2 only Switch config router 48 13 isis circuit type This command is used to configure the type of adjacency Use the no command to restore this feature to the default setting isis circuit type level 1 lev...

Page 603: ...nterval of time between transmissions of CSNPs This interval only applies to the designated router The range is from 1 to 65535 level 1 Optional Specifies to configure the interval of time between transmissions of Level 1 CSNPs independently level 2 Optional Specifies to configure the interval of time between transmissions of Level 2 CSNPs independently Default By default this value is 10 seconds ...

Page 604: ...IS IS and 3 3 seconds for DIS interfaces Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The hello interval multiplied by the hello multiplier equals the hold time The hello interval can be configured independently for Level 1 and Level 2 except on point to point interfaces Example This example shows how to configure the interface VLAN 1 to advertise level ...

Page 605: ...h is advertised in IS IS hello packets Using a smaller hello multiplier will get fast convergence But it can result in more routing instability When network stability is needed set the hello multiplier to a larger value Example This example shows how to configure the level 1 hello multiplier to 5 on interface VLAN 1 Switch configure terminal Switch config interface vlan 1 Switch config if isis hel...

Page 606: ... 48 18 isis mesh group This command is used to optimize Link State Packet LSP flooding on point to point networks Use the no command to remove the interface from a mesh group isis mesh group NUMBER blocked no isis mesh group Parameters NUMBER Specifies the number identifying the mesh group of which this interface is a member blocked Specifies that no LSP flooding will take place on this interface ...

Page 607: ...uting Default By default this value is 10 Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to configure the IS IS metric on specific interfaces Level 1 and Level 2 routing metrics can be configured separately If no optional keyword is specified the metric is enabled on routing Level 1 and Level 2 Example This example shows how to configure i...

Page 608: ... 48 21 isis password This command is used to configure the authentication password for an interface Use the no command to disable authentication isis password PASSWORD level 1 level 2 no isis password level 1 level 2 Parameters PASSWORD Enter the 16 byte plain text password here level 1 Optional Specifies the authentication password for level 1 independently level 2 Optional Specifies the authenti...

Page 609: ...vel 2 Optional Specifies the priority for level 2 independently Default By default this value is 64 Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The priority can be configured for level 1 and level 2 independently The priority is used to determine which router on a LAN will be the DIS The priority is advertised in the hello packets The device with the hi...

Page 610: ...ransmissions occur only when LSPs are dropped Setting the time to a higher value has little effect on convergence Example This example shows how to configure interface VLAN 1 for retransmission of IS IS LSPs every 10 seconds Switch configure terminal Switch config interface vlan 1 Switch config if isis network point to point Switch config if isis retransmit interval 10 Switch config if 48 24 isis ...

Page 611: ...1 and level 2 Example This example shows how to configure interface VLAN 1 s IS IS wider metric to 200 for level 2 routing Switch configure terminal Switch config interface vlan 1 Switch config if isis wide metric 200 level 2 Switch config if 48 25 lsp gen interval This command is used to configure the interval of link state packet generation Use the no command to restore this to the default value...

Page 612: ...65535 seconds Default By default this value is 900 seconds Command Mode Router Configuration Mode Command Default Level Level 12 Usage Guideline LSPs must be periodically refreshed before their lifetimes expire The value configured using the lsp refresh interval command should be less than the value configured using the max lsp lifetime command otherwise LSPs will time out before they are refreshe...

Page 613: ...ring additional manual addresses The number of manual addresses that you want to add can be specified by entering the max area addresses command and you assign a NET address to create each manual address by entering the net command Example This example shows how to configure the maximum area addresses to 5 Switch configure terminal Switch config router isis Switch config router max area addresses ...

Page 614: ...able this feature metric style narrow wide transition transition level 1 level 1 2 level 2 no metric style narrow wide transition level 1 level 1 2 level 2 Parameters narrow Specifies to generate old style metric TLVs wide Specifies to generate new style metric TLVs transition Specifies to generate both old and new style metric TLVs or specifies to accept both old and new style metric TLVs level 1...

Page 615: ... Intermediate System IS is identified by an address known as the NSAP The NSAP is divided up into three parts as specified by ISO 10589 A NET is an NSAP where the last byte is always the n selector and is always zero A NET can be from 8 to 20 bytes in length Multiple NETs can be configured to merge or split areas This implementation is just for IP routing only so the NET must be configured to defi...

Page 616: ...ith external metrics route map MAP NAME Optional Specifies the route map used to filter which route should be redistributed level 1 Optional Specifies redistribute routes into level 1 areas only level 1 2 Optional Specifies redistribute routes into level 1 and level 2 areas level 2 Optional Specifies redistribute routes into level 2 areas only Default By default no redistribution is configured Com...

Page 617: ...s Family Configuration Mode Command Default Level Level 12 Usage Guideline In IS IS all areas are stub areas which means that no routing information is leaked from the backbone Level 2 into areas Level 1 Level 1 only routers use default routing to the closest Level 1 2 router in their area This redistribution enables Level 1 only routers to pick the best path for an IP prefix to get out of the are...

Page 618: ...ter isis Switch config router net 49 0001 0001 0001 0001 00 Switch config router 48 34 set overload bit This command is used to configure the system to signal other routers not to use it as an intermediate hop in their Shortest Path First SPF calculations Use the no command to remove the designation set overload bit on startup SECONDS suppress interlevel external no set overload bit Parameters on ...

Page 619: ...refix advertisements from LSPs For example allowing IP prefix propagation between level 1 and level 2 effectively makes a node a transit node for IP traffic which might be undesirable The suppress keyword used with the interlevel or external keyword or both accomplishes that suppression while the overload bit is set Example This example shows how to configure the overload bit upon startup and supp...

Page 620: ... other routing domain L1 The route is an area route L2 The route is an inter area route ia The route is imported from a L2 route D The route is discarded e The route has an external metric Area The IS IS instance area tag Destination The IP address of a network Metric The cost of reaching the destination Next Hop The IP address of the next router to forward the packet Interface The interface trans...

Page 621: ...ted from other routing domain L1 The route is an area route L2 The route is an inter area route ia The route is imported from a L2 route D The route is discarded e The route has an external metric Area The IS IS instance area tag 48 37 show ipv6 isis topology This command is used to display the IS IS path to the Intermediate System for IPv6 show ipv6 isis AREA TAG topology l1 l2 level 1 level 2 Pa...

Page 622: ... the router Next Hop The System ID of the next router to the designated router Interface The out interface of reaching the router SNPA The link layer address of the router 48 38 show isis database This command is used to display the IS IS LSPs database show isis AREA TAG database detail verbose l1 l2 level 1 level 2 LSP ID Parameters AREA TAG Optional Specifies the tag of a routing process detail ...

Page 623: ...S IS level 2 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT P OL RA 00 00 0x00000006 0xE8AD 767 0 0 0 RB 00 00 0x00000005 0x7E6A 1001 0 0 0 RC 00 00 0x00000004 0x2EAD 898 0 0 0 RC 01 00 0x00000004 0xBBFF 812 0 0 0 Switch Display Parameters Area The IS IS instance area tag LSPID The LSP ID of the LSP LSP Seq Num The LSP sequence number LSP Checksum The checksum of the LSP LSP H...

Page 624: ... Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display the IS IS path to the Intermediate System Example This example shows how to display the IS IS level 2 path Switch show isis topology l2 Area null IS IS path to level 2 routers System Id Metric Next Hop Interface SNPA RA RD 10 RD vlan1 ca01 0f28 0000 Switch 48 40 show isis interface This command is use...

Page 625: ... 1 Metric 10 Priority 64 Circuit ID 0001 0001 0002 01 Number of active level 1 adjacencies 1 Level 2 Metric 10 Priority 64 Circuit ID 0001 0001 0002 01 Number of active level 2 adjacencies 1 Next IS IS LAN Level 1 Hello in 2 seconds Next IS IS LAN Level 2 Hello in 5 seconds Switch 48 41 show isis hostname This command is used to display the router name to system ID mapping table entries for IS IS ...

Page 626: ...used to display the IS IS neighbors information show isis neighbors detail Parameters detail Optional Specifies to display more detailed information for IS IS neighbors Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display the IS IS neighbors information Example This example shows how to display the IS IS neighbo...

Page 627: ...spf interval level 1 level 2 SECONDS no spf interval Parameters level 1 Optional Specifies that the intervals apply to level 1 areas only level 2 Optional Specifies that the intervals apply to level 2 areas only SECONDS Specifies the maximum interval in seconds between two consecutive SPF calculations The range is from 1 to 120 seconds Default By default this value is 10 seconds Command Mode Route...

Page 628: ...By default no aggregation is configured Command Mode Router Configuration Mode Command Default Level Level 12 Usage Guideline Multiple groups of addresses can be summarized for a given level Routes learned from other routing protocols can also be summarized The metric used to advertise the summary is the smallest metric of all the more specific routes This command helps reduce the size of the rout...

Page 629: ...refixes can be summarized for a given level Routes learned from other routing protocols can also be summarized The metric used to advertise the summary is the smallest metric of all the more specific routes This command helps reduce the size of the routing table This command also reduces the size of the link state packets LSPs and thus the link state database LSDB It also helps network stability b...

Page 630: ...hould be removed Example This example shows how to associate with a VRF instance Switch configure terminal Switch config ip vrf vrf1 switch config vrf exit Switch config router isis Switch config router vrf vrf1 Switch config router 48 47 debug isis This command is used turn on the IS IS debug function Use the no command to turn off the IS IS debug function debug isis no debug isis Parameters None...

Page 631: ...nd Default Level Level 15 Usage Guideline Use this command to turn on or turn off the IS IS interface state debug switch When IS IS interface state changes or some events happen to change the interface state debug information will print if the IS IS debug function is turned on Use the debug isis command to turn on the IS IS debug function Example This example shows how to turn on the IS IS interfa...

Page 632: ...te debug switch Switch debug isis neighbors Switch 48 50 debug isis packets This command is used to turn on the IS IS packet debug switch Use the no command to turn off the IS IS packet debug switch debug isis packets no debug isis packets Parameters None Default By default this function is turned off Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command...

Page 633: ... the IS IS LSPs debug switch When IS IS LSPs were received or generated debug information will print if the IS IS debug function is turned on Use the debug isis command to turn on the IS IS debug function Example This example shows how to turn on the IS IS LSPs debug switch Switch debug isis lsp Switch 48 52 debug isis spf This command is used to turn on the IS IS SPF debug switch Use the no comma...

Page 634: ... Use the no command to turn off the IS IS event debug switch debug isis event no debug isis event Parameters None Default By default this function is turned off Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command to turn on or turn off the IS IS event debug switch When some events happened debug information will print if the IS IS debug function is tur...

Page 635: ...IS IS Debug Status On Interface Debug is On Switch 48 55 debug isis show counter This command is used to display the counters of IS IS debug isis show counter Parameters None Default None Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command to display the counters of IS IS Example This example shows how to display the counters of IS IS Switch debug isis...

Page 636: ...loads 0 isisSysStatManAddrDropFromAreas 0 isisSysStatAttmptToExMaxSeqNums 0 isisSysStatSeqNumSkips 0 isisSysStatOwnLSPPurges 0 isisSysStatIDFieldLenMismatches 0 isisSysStatMaxAreaAddrMismatches 0 isisSysStatPartChanges 0 isisSysStatSPFRuns 0 Switch 48 56 debug isis show interface counter This command is used to display the counters of IS IS interfaces debug isis show interface counter Parameters N...

Page 637: ...sCircInitFails 0 isisCircRejAdjs 0 isisCircIDFieldLenMismatches 0 isisCircMaxAreaAddrMismatches 0 isisCircAuthTypeFails 0 isisCircAuthFails 0 isisCircLanDesISChanges IS IS Level 1 isisPacketCounterEntry isisPacketCountIIHello in out 10 30 isisPacketCountLSP in out 1 2 isisPacketCountCSNP in out 1 10 isisPacketCountPSNP in out 1 1 isisPacketCountUnknown in out 0 0 Switch ...

Page 638: ... Command Default Level Level 12 Usage Guideline The IGMP buffer includes a list that contains the dynamic multicast groups that the hosts in the direct subnet join Use this command to clear the dynamic group information To delete all the dynamic group entries from the IGMP buffer use the clear ip igmp groups all command Example This example shows how to clear all entries from the IGMP cache Switch...

Page 639: ...ce IP is in the same network as the interface If they are not in the same network the message information won t be learned by the IGMP protocol Use the ip igmp ignore subscriber ip check command to disable the source IP check If the check is disabled the IGMP report or leave message with any source IP will be processed by the IGMP protocol Example This example shows how to disable the subscriber s...

Page 640: ... The range is from 1 to 25 Default By default this value is 1 second Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline When the router receives a leave message from a receiver to claim leave from a group or a channel the router will send the group specific query or group source specific query message to the receiver interface The IGMP last member query interv...

Page 641: ...deline Use this command to configure the IGMP group member query interval The IGMP querier sends IGMP query messages at the interval specified by ip igmp query interval command to discover the receivers attached to the interface interested in joining to multicast groups Hosts respond to the query with IGMP report messages to indicate the multicast group they are interested to join the membership E...

Page 642: ...qual to the query interval times the robustness plus the maximum response time Example This example shows how to configure the IGMP maximum query response time to 10 seconds on VLAN 1000 Switch configure terminal Switch config interface vlan1000 Switch config if ip igmp query max response time 10 Switch config if 49 7 ip igmp robustness variable This command is used to configure the robustness var...

Page 643: ...specific queries sent before the router assumes there are no local members of a group The default number is the value of the robustness variable Example This example shows how to configure the robustness variable to be 3 on interface VLAN 1000 Switch configure terminal Switch config interface vlan1000 Switch config if ip igmp robustness variable 3 Switch config if 49 8 ip igmp ssm map enable This ...

Page 644: ...G on receiving a S G INCLUDE mode request that falls in the SSM range from the attached IGMPv3 hosts There are cases that the attached host is IGMPv1 or IGMPv2 hosts which only issue G requests With the SSM mapping if the multicast group being requested that falls in the SSM range the router is able to map the G to a S G requests based on the group address to source address mapping defined by the ...

Page 645: ...ESS Parameters GROUP ADDRESS Specifies the IP multicast group address Default None Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command allows the user to create an IGMP static group in case that when the attached host does not support the IGMP protocol Once configured the group member entry is added to the IGMP cache Example This example shows how ...

Page 646: ...ample This example shows how to configure the IGMP version to 3 Switch configure terminal Switch config interface vlan1000 Switch config if ip igmp enable Switch config if ip igmp version 3 Switch config if 49 12 show ip igmp groups This command is used to display IGMP group information on an interface show ip igmp groups IP ADDRESS interface INTERFACE ID detail static Parameters IP ADDRESS Option...

Page 647: ...0 10 0 91 Total Entries 1 Switch This example shows how to display IGMP group detailed information of group 224 1 1 1 Switch show ip igmp groups 224 1 1 1 detail Interface vlan1000 Group 224 1 1 1 Uptime 0DT00H00M42S Expires Stopped Group mode Include Last reporter 192 168 50 111 Group source list Source Address v3 Exp 192 168 55 55 0DT00H03M38S 192 168 10 55 0DT00H03M38S Total Source Entries 2 In...

Page 648: ...nd is used to display IGMP configuration information on an interface show ip igmp interface INTERFACE ID Parameters INTERFACE ID Optional Specifies a single interface a range of interface separated by a hyphen or a series of interface separated by a comma If no interface is specified the switch displays IGMP information on all interfaces on which IGMP is enabled Note that only VLAN interfaces can ...

Page 649: ...e the source IP check 49 14 show ip igmp ssm mapping This command is used to display the SSM mapping configuration show ip igmp ssm mapping GROUP ADDRESS Parameters GROUP ADDRESS Specifies the multicast group to be displayed Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the SSM source address mapping for a sp...

Page 650: ...nabled Group address 232 1 1 1 Source address 10 1 1 1 Switch Display Parameters SSM Mapping Enabled Disabled Indicates that the SSM mapping function is enabled or disabled Group address The SSM group address Source address The source address which will be used to transfer the G to a S G requests ...

Page 651: ...r the multicast protocol packet statistics counter on the switch If no parameters are specified all IP multicast protocol statistics counter are cleared Example This example shows how to clear the multicast protocol packet statistics counter Switch clear ip multicast statistics Switch 50 2 ip multicast table lookup mode This command is used to configure the IP multicast forwarding lookup mode Use ...

Page 652: ...m of this command to disable IP multicast routing ip multicast routing no ip multicast routing Parameters None Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline When IP multicast routing is disabled the system will stop routing multicast packets even though the multicast routing protocol is enabled Example This example ...

Page 653: ...denied G or S G entries Default By default this feature is disabled Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The command only takes effect on interfaces that are PIM enabled Only one access list can be specified for each direction The filtering setting for in direction filters the multicast user traffic arriving at the interface based on the specifie...

Page 654: ... determine the reverse path forwarding interface to reach a network Use this command to configure the static multicast route to specify the RPF address for a network If null is specified then the RPF check will always fail for the source network specified by the command If the RPF address is specified for the route a lookup in the routing table will be done to resolve the RPF interface Example Thi...

Page 655: ...face information If the keyword interface is not specified the global state of IP multicast routing will be displayed If the keyword interface is specified but the interface ID is not specified this command will display the information for all interfaces Example This example shows how to display the global state of IP multicast routing Switch show ip multicast IP multicast routing global state Ena...

Page 656: ...vel 1 Usage Guideline Display the content of the IP multicast table The uptime timer describes the time that the entry has been created The expires timer is a keep alive timer of the multicast data stream The expires timer value is based on either the PIM Sparse or Dense Mode If multicast data continues to arrive at the device the timer will refresh If the network address is specified the switch d...

Page 657: ...de route entry Switch show ip mroute sparse 10 10 1 52 224 0 1 3 0DT05H29M15S 0DT00H02M59S flags ST Incoming interface vlan1 RPF neighbor 10 3 4 5 Outgoing interface list vlan126 Forwarding 0DT00H00M03S 0DT00H04M07S vlan127 Forwarding 0DT00H00M03S 0DT00H04M11S Total Entries 1 Switch This example shows how to display the static configured multicast route Switch show ip mroute static Mroute 192 168 ...

Page 658: ...le from the IP multicast route table IGMP snooping group member table and multicast router ports Example This example shows how to display the IP multicast routing forwarding cache Switch show ip mroute forwarding cache 10 1 1 1 239 0 0 0 VLAN0060 Outgoing interface list 1 0 1 T2 225 0 0 0 VLAN0070 Outgoing interface list 1 0 1 1 0 2 10 1 1 1 239 0 0 1 VLAN0060 Outgoing interface list 1 0 1 2 0 2 ...

Page 659: ... interface vlan11 RPF type unicast Metric 10 Switch This example shows how to display RPF information for the unicast host with the IP address of 1 3 3 3 Switch show ip rpf 1 3 3 3 RPF information for 1 3 3 3 RPF neighbor 2 1 5 1 RPF type static Switch This example shows how to display RPF information for the unicast host with the IP address of 3 2 2 2 Switch show ip rpf 3 2 2 2 RPF information fo...

Page 660: ...ecifies to display both received and sent DVMRP packets counter Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display the counters of both received and sent multicast protocol packets on the switch according to the message type Example This example shows how to display the multicast protocol packets counter on th...

Page 661: ...10Gigabit Ethernet Switch CLI Reference Guide 656 PIM State Refresh 0 0 Unknown PIM 0 0 DVMRP Packets Counter Received Sent DVMRP Probe 0 0 DVMRP Report 0 0 DVMRP Prune 0 0 DVMRP Graft 0 0 DVMRP Graft Ack 0 0 Unknown DVMRP 0 0 Switch ...

Page 662: ...ource guard the IP packet that arrives at the port will be validated via the port ACL Port ACL is a hardware mechanism and its entry can come from either a manual configured entry or the DHCP snooping binding database The packet that fails to pass the validation will be dropped There are two types of validations If the option ip mac is not specified the validation is based on the source IP address...

Page 663: ...r IP source guard checking Use the no command to delete a static binding entry The parameters specified for the command must exactly match the configured parameters to be deleted If the MAC address and the VLAN for the configured entry already exist the existing binding entry is updated The interface specified for the command can be a physical port or a port channel interface Example This example ...

Page 664: ...d binding entry based on ports Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No spaces are allowed before and after the comma Optional Specifies a range of interfaces No spaces are allowed before and after the hyphen Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline IP source guard binding...

Page 665: ... Address The client s hardware MAC address IP Address The client s IP address assigned from the DHCP server or configured by the user Lease sec The IP address lease time Type The binding type Static bindings are configured manually Dynamic binding are learned from DHCP snooping VLAN The VLAN number of the client interface Interface The interface that connects to the DHCP client host 51 4 show ip v...

Page 666: ...y all 101 120 Total Entries 2 Switch This example shows how to display when the interface has an IP source filter mode that is configured as IP MAC and an existing IP MAC that binds IP address 10 1 1 10 to MAC address 00 01 01 01 01 01 on VLAN 100 and IP address 10 1 1 11 to MAC address 00 01 01 01 01 10 on VLAN 101 Switch show ip verify source interface eth1 0 3 Interface Filter type Filter mode ...

Page 667: ... verification active inactive no snooping vlan No DHCP snooping VLAN configured with no IP source entry verification active IP address The client s IP address assigned from the DHCP server or configured by the user MAC address The client s MAC address VLAN The VLAN number of the client interface ...

Page 668: ...evel Level 12 Usage Guideline This command is used to create a tunnel and enter the interface configuration mode Example This example shows how to create a tunnel interface with ID 2 and enter the interface configuration mode Switch configure terminal Switch config interface tunnel 2 Switch config if 52 2 tunnel source This command is used to specify the source IPv4 address or IPv6 address for the...

Page 669: ...the received tunnel based on the destination IPv4 address of the received packet Example This example shows how to specify the source IPv4 address for tunnel interface 2 as 10 0 0 1 Switch configure terminal Switch config interface tunnel 2 Switch config if tunnel source 10 0 0 1 Switch config if This example shows how to specify the source IPv6 address for tunnel interface 2 as 1000 1 Switch conf...

Page 670: ...rface tunnel 2 Switch config if tunnel destination 1000 2 Switch config if 52 4 tunnel mode This command is used to define the type of the IPv6 tunnel interface tunnel mode ipv6ip 6to4 isatap gre ip ipv6 Parameters 6to4 Specifies that the interface is a 6to4 tunnel interface isatap Specifies that the interface is an ISATAP tunnel interface gre ip Specifies that the interface is a GRE tunnel interf...

Page 671: ...Pv4 address For packets that are forwarded to an ISATAP tunnel the destination address of the packet must be an ISATAP address The IPv4 address in the destination IPv6 address of the packet will be the destination IPv4 address for the tunneled packet Example This example shows how to specify tunnel 2 as an IPv6 manual tunnel Switch configure terminal Switch config interface tunnel 2 Switch config ...

Page 672: ...ow ipv6 interface This command is used to display IPv6 interface information show ipv6 interface INTERFACE ID Parameters INTERFACE ID Specifies the interface that will be displayed Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline If an interface is not specified then all existing interfaces will be displayed Example This example shows how ...

Page 673: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 668 ...

Page 674: ...used for the ping packet The specified IP address must one of the IP address configured for the switch The destination address and the source IP must be the same type of address both are IPv4 or IPv6 Default By default the count value is 5 count packets By default the timeout value is 1 second Command Mode EXEC Mode Command Default Level Level 1 Usage Guideline Use this command to verify the reach...

Page 675: ...ransmitted 5 received 5 packet loss 0 0 round trip times min avg max mdev 1 648 1 726 1 840 0 076 ms Switch 53 2 ping access class This command is used to specify an access list to restrict the access via ping Use the no form of the command to remove the access list check ping access class IP ACL no ping access class Parameters IP ACL Specifies a standard IP access list The source address field of...

Page 676: ...tion port number used in outgoing datagrams This value is incremented each time a datagram is sent The allowed range for the destination port is from 1 to 65535 Use this option in the unlikely event that the destination host is listening to a port in the default trace route port range Default By default three 40 byte UDP datagrams with an Initial TTL of 1 is sent By default the maximum TTL value i...

Page 677: ...the host 172 50 71 123 Switch traceroute 172 50 71 123 traceroute to 172 50 71 123 172 50 71 123 30 hops max 40 byte packets 1 172 50 72 16 0 847 ms 0 344 ms 0 376 ms Switch This example shows how to trace route to the host 172 50 71 123 but the router does not reply Switch traceroute 172 50 71 123 traceroute to 172 50 71 123 172 50 71 123 30 hops max 40 byte packets 1 Switch This example shows ho...

Page 678: ...s the following restriction The destination MAC address must be a broadcast address The destination IP address must be an all one broadcast The packets are IPv4 UDP packets The IP TTL value must be greater than or equal to 2 The VRF name option uses the address associated with the VRF name regardless of the VRF of the incoming interface If the VRF name is configured and later the VRF is deleted fr...

Page 679: ...ay Default ports are Trivial File Transfer Protocol TFTP port 69 Domain Naming System DNS port 53 Time service port 37 NetBIOS Name Server port 137 NetBIOS Datagram Server port 138 TACACS service port 49 IEN 116 Name Service port 42 Example This example shows how the IP helper address is configured to 172 50 71 123 for VLAN 100 IP helper forwarding of UDP port 53 DNS is disabled Switch configure t...

Page 680: ...F vlan1 10 10 10 10 20 20 20 20 vpn a 20 20 20 20 vpn b 20 20 20 30 vpn a 30 30 30 30 vpn b vlan3 12 12 12 12 66 66 66 66 vpn b Switch 53 7 show ip forward protocol udp This command is used to display all specified UDP ports information show ip forward protocol udp Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This comma...

Page 681: ... Managed 10Gigabit Ethernet Switch CLI Reference Guide 676 Application UDP Port Time Service 37 IEN 116 Name Service 42 TACACS 49 DNS 53 TFTP 69 NetBIOS NS 137 NetBIOS DS 138 User App1 200 User App2 2000 User App3 1230 Switch ...

Page 682: ...ode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Use the command to delete the IMPB violation entry from the filtering database Example This example shows how to clear the entry blocked on interface Ethernet 1 0 4 Switch clear ip ip mac port binding violation interface ethernet 1 0 4 Switch 54 2 ip ip mac port binding This command is used to enable the IMPB access control fo...

Page 683: ...ding check the source IP address source MAC address VLAN ID and arrival port must match any of the entries defined by either the IP source guard static binding entry or the DHCP snooping learned dynamic binding entry Example This example shows how to enable the strict mode IMPB access control on Ethernet 1 0 10 Switch configure terminal Switch config interface ethernet 1 0 10 Switch config if ip i...

Page 684: ...00 0c cc cc cc eth1 0 3 1 01 80 c2 00 00 00 eth1 0 4 1 01 00 0c cc cc cd eth1 0 4 1 01 80 c2 00 00 01 Total Entries 4 Switch This example shows how to display the IMPB configuration for all ports Switch show ip ip mac port binding Port Mode eth1 0 1 Strict eth1 0 2 Strict eth1 0 3 Loose eth1 0 4 Loose Total Entries 4 Switch 54 4 snmp server enable traps ip mac port binding This command is used to ...

Page 685: ... Binding notifies that state is enabled the switch will send violation traps if any violation packet is received Use this command to enable or disable the sending of SNMP notifications for such events Example This example shows how to enable the sending of traps for IP MAC Port Binding Switch configure terminal Switch config snmp server enable traps ip mac port binding Switch config ...

Page 686: ...g protocol is enabled Example This example shows how to enable IPv6 multicast routing Switch configure terminal Switch Config ipv6 multicast routing Switch Config 55 2 ipv6 mroute This command is used to create a static IPv6 multicast route mroute Use the no form of this command to delete the route ipv6 mroute IPV6 PREFIX PREFIX LENGTH RPF IPV6ADDRESS INTERFACE ID RPF IPV6ADDRESS null no ipv6 mrou...

Page 687: ...g interface to reach a network The user can use the ipv6 mroute command to configure static multicast routes to specify the RPF address for a network Example This example shows how to configure the static route for multicast RPF checks Switch configure terminal Switch config ipv6 mroute 2000 64 6 6 Switch config This example shows how to configure the multicast data source within a network number ...

Page 688: ... command will display the information for all IPv6 interfaces Example This example shows how to display the state of IPv6 multicast routing Switch show ipv6 multicast IPv6 multicast routing global state Enabled Switch This example shows how to display IPv6 multicast interface information Switch show ipv6 multicast interface Interface Owner Module vlan100 PIM SM vlan200 PIM SM Total Entries 2 Switc...

Page 689: ...s timer will refresh If the network address is specified the switch displays the entries with source addresses that match the specified address If no optional keyword is specified all dynamic multicast routes will be displayed Example This example shows how to display multicast route brief information Switch show ipv6 mroute summary IPv6 Multicast Routing Table 2 entries Flags S Sparse Timers Upti...

Page 690: ...es through which packets will be forwarded For S G entries this list will not include the interfaces inherited from the G entry 55 5 show ipv6 mroute forwarding cache This command is used to display the content of the IPv6 multicast routing forwarding cache database show ipv6 mroute forwarding cache group addr GROUP ADDRESS source addr SOURCE ADDRESS Parameters group addr GROUP ADDRESS Optional Sp...

Page 691: ...routes show ipv6 mroute static Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display IPv6 static configured multicast routes Example This example shows how to o display IPv6 static configured multicast routes Switch show ipv6 mroute static Mroute 2000 64 RPF nbr 2000 1001 0101 Mroute 2001 64 RPF nbr 2...

Page 692: ...s command displays how IPv6 multicast routing performs RPF Because the router can find RPF information from multiple routing tables for example Unicast Routing Information Base or static mroutes this command displays the source from which the information is retrieved Example This example shows how to display RPF information for the unicast host with the IPv6 address of 2001 1 1 3 Switch show ipv6 ...

Page 693: ... 2000 3000 301 RPF interface vlan10 RPF neighbor FE80 200 FF FE26 666C RPF route mask 3002 64 RPF Type static Switch Display Parameters RPF neighbor The IPv6 address of the upstream router to the RP or source This field is optional if the neighbor does not exist RPF type unicast RPF information is obtained from the unicast routing table static RPF information is obtained from the static multicast ...

Page 694: ...ine This command is used to create an IPv6 snooping policy After an IPv6 snooping policy has been created use the ipv6 snooping attach policy command to apply the policy on a specific interface Example This example shows how to create an IPv6 snooping policy named policy1 Switch configure terminal Switch config ipv6 snooping policy policy1 Switch config ipv6 snooping 56 2 protocol This command is ...

Page 695: ...id IPv6 address DHCPv6 snooping creates its binding database Example This example shows how to enable DHCPv6 snooping Switch configure terminal Switch config ipv6 snooping policy policy1 Switch config ipv6 snooping protocol dhcp Switch config ipv6 snooping 56 3 limit address count This command is used to limit the maximum number of IPv6 snooping binding entries Use the no command to reset it to de...

Page 696: ...ng policy is applied Command Mode VLAN Configuration Mode Command Default Level Level 12 Usage Guideline After an IPv6 snooping policy has been created use this command to apply the policy on a specific VLAN Example This example shows how to enable IPv6 snooping on VLAN 200 Switch configure terminal Switch config ipv6 snooping policy policy1 Switch config ipv6 snooping limit address count 100 Swit...

Page 697: ...process on a new interface Example This example shows how to deny the station move function Switch configure terminal Switch config ipv6 snooping station move deny Switch config 56 6 show ipv6 snooping policy This command is used to display DHCPv6 guard information show ipv6 snooping policy POLICY NAME Parameters POLICY NAME Optional Specifies the DHCPv6 guard policy name Default None Command Mode...

Page 698: ...nooping policy test1 Protocol DHCP NDP Limit Address Count 30 Target VLAN 100 200 210 4000 Switch Display Parameters Protocol The protocol used for snooping Limit Address Count The maximum number of this IPv6 Snooping policy Target VLAN The name of the target The target is a VLAN list ...

Page 699: ...cifies the interface number of the manual binding entry Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The command is used to set the static manual binding entry of the binding table Example This example shows how to configure an IPv6 Source Guard entry with the IPv6 address of 2000 1 and MAC address of 00 01 02 03 04 05 at VLAN 2 on interface Et...

Page 700: ...toconfig This command is used to deny auto configured traffic Use the no form of this command to disable this function deny global autoconfig no deny global autoconfig Parameters None Default By default this option is disabled Command Mode Source guard Policy Configuration Mode Command Default Level Level 12 Usage Guideline The command is used to deny data traffic from auto configured global addre...

Page 701: ... command is used to enable hardware to permit data traffic sent by the link local address Example This example shows how to allow all data traffic that is send by the link local address Switch configure terminal Switch config ipv6 source guard policy policy1 Switch config source guard permit link local Switch config source guard 57 5 ipv6 source guard attach policy This command is used to apply IP...

Page 702: ...ple shows how to apply the IPv6 source guard policy pol1 to interface Ethernet 1 0 3 Switch configure terminal Switch config interface ethernet 1 0 3 Switch config if ipv6 source guard attach policy pol1 Switch config if 57 6 show ipv6 source guard policy This command is used to display the IPv6 source guard policy configuration show ipv6 source guard policy POLICY NAME Parameters POLICY NAME Spec...

Page 703: ...s the binding entries that match the specified MAC address Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline The command is used to display the entries of the binding table Example This example shows how to display the specified entries of the binding table Switch show ipv6 neighbor binding Codes D DHCPv6 Snooping S Static N ND Snooping IPv...

Page 704: ... DHCPv6 Snooping S Static N ND Snooping IPv6 address The IPv6 address of the binding entry MAC address The MAC address of the binding entry Interface The interface number of the binding entry VLAN The VLAN of the binding entry Time left The rest time for aging the binding entry It is the inactivity for the static binding entry ...

Page 705: ...is value is 1536 bytes Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is available for physical ports configuration Oversize frames will be dropped and checks are carried out on ingress ports Use this command to transfer large frames or jumbo frames through the switch system to optimize server to server performance Example This example shows h...

Page 706: ...terface Only the physical port and port channel interface can be specified for the command Example This example shows how to clear L2PT counters for all L2PT ports Switch clear l2protocol tunnel counters all Switch 59 2 l2protocol tunnel This command is used to enable the protocol tunneling for the specified protocols To disable the protocol tunneling use the no form of the command l2protocol tunn...

Page 707: ...t to the remote site via a trunk port the tunneled packet will be tagged with service VLAN The packet can also be forwarded to other ports at the local site which are enabled for protocol tunnel Normally protocol tunneling encapsulates the protocol packet by replacing the destination MAC address of the packet with a vendor specific multicast address However if the port being forwarded is Layer 2 p...

Page 708: ...al Switch config l2protocol tunnel cos 7 Switch config 59 4 l2protocol tunnel drop threshold This command is used to specify the threshold in tunneling of the specified Layer 2 protocol packets received by a port before it is dropped Use the no form of the command to reset to the default setting l2protocol tunnel drop threshold gvrp stp protocol mac 01 00 0c cc cc cc 01 00 0c cc cc cd PPS no l2pro...

Page 709: ...down threshold value Example This example shows how to configure the drop threshold for the STP protocol Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if l2protocol tunnel drop threshold stp 2000 Switch config if 59 5 l2protocol tunnel global drop threshold This command is used to specify the maximum number of Layer 2 protocol packets that can be processed by the s...

Page 710: ...rotocol mac 01 00 0c cc cc cc 01 00 0c cc cc cd Parameters gvrp Optional Specifies GVRP tunneling stp Optional Specifies STP tunneling 01 00 0c cc cc cc Optional Specifies the protocol packets with this destination DA 01 00 0c cc cc cd Optional Specifies the protocol packets with this destination DA PPS Specifies the threshold in number of packets per second This value must be between 1 and 4096 p...

Page 711: ...eters interface INTERFACE ID Optional Specifies the interface to display Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the Layer 2 protocol tunnel related settings status and counters Example This example shows how to display the protocols that are tunneled on all interfaces Switch show l2protocol tunnel CoS ...

Page 712: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 707 Switch ...

Page 713: ...e for physical port interface configuration The system will automatically create the port channel when a physical port first joins a channel group An interface can only join one channel group If the mode on is specified in the command the channel group type is static If the mode active or passive is specified in the command the channel group type is LACP A channel group can only consist of either ...

Page 714: ...rt number determines the priority Example This example shows how to configure the port priority to 20000 on interfaces 1 0 4 to 1 0 5 Switch configure terminal Switch config interface range ethernet 1 0 4 1 0 5 Switch config if lacp port priority 20000 Switch config if 60 3 lacp timeout This command is used to configure the LACP long or short timer Use the no form of this command to return to the ...

Page 715: ... system priority Parameters PRIORITY Specifies the system priority The range is 1 to 65535 Default The default LACP system priority is 32768 Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline During LACP negotiation the system priority and port priority of the local partner will be exchanged with the remote partner The switch will use port priority to determine w...

Page 716: ... address and IP destination address src dst mac Specifies that the switch should examine the MAC source and MAC destination address src ip Specifies that the switch should examine the IP source address src mac Specifies that the switch should examine the MAC source address dst l4 port Specifies that the switch should examine the Layer 4 destination TCP UDP port src dst l4 port Specifies that the s...

Page 717: ...C or Any Configuration Mode Command Default Level Level 1 Usage Guideline If a port channel number is not specified all port channels will be displayed If the channel load balance and sys id keywords are not specified with the show channel group command only summary channel group information will be displayed Example This example shows how to display the detailed information of all port channels S...

Page 718: ...rt is in Passive mode Channel Group 3 Partner Partner Partner Partner Port System ID PortNo Flags Port_Pri eth1 0 1 32768 00 07 eb 49 5e 80 12 SP 32768 eth1 0 2 32768 00 07 eb 49 5e 80 13 SP 32768 Switch This example shows how to display the load balance information for all channel groups Switch show channel group load balance load balance algorithm src dst mac Switch This example shows how to dis...

Page 719: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 714 1 LACP 2 Static Switch ...

Page 720: ...a range of physical interfaces No spaces before and after the hyphen Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Use this command with the interface keyword to reset LLDP statistics of the specified interface s If the command clear lldp counters is issued with the all keyword to clear global LLDP statistics and the LLDP statistics on all interfaces...

Page 721: ... encapsulated in the LLDPDUs and sent to neighbor devices To disable the transmission of TLVs use the no form of this command lldp dot1 tlv select port vlan protocol vlan VLAN ID vlan name VLAN ID protocol identity PROTOCOL NAME no lldp dot1 tlv select port vlan protocol vlan VLAN ID vlan name VLAN ID protocol identity PROTOCOL NAME Parameters port vlan Specifies the port VLAN ID TLV to send The P...

Page 722: ...orm of the command Default No IEEE 802 1 Organizationally Specific TLV is selected Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is available for physical port configurations If the optional TLVs advertisement state is enabled they will be encapsulated in LLDPDUs and sent to other devices The protocol identity TLV optional data type indicates...

Page 723: ...LLDPDUs and sent to neighbor devices To disable the transmission of TLVs use the no form of this command lldp dot1 tlv select dcbx ets configuration ets recommendation pfc configuration no lldp dot1 tlv select dcbx ets configuration ets recommendation pfc configuration Parameters ets configuration Optional Specifies the Enhanced Transmission Selection Configuration TLV to send The Enhanced Transmi...

Page 724: ...PDU A DCBX peer port is a LLDP peer port that is sending DCBX TLVs If ETS or PFC is disabled the corresponding TLV won t be sent even if the corresponding TLV is selected Example This example shows how to disable the Priority based Flow Control TLV advertisement Switch configure terminal Switch config no lldp dot1 tlv select dcbx pfc configuration Switch config if 61 5 lldp dot3 tlv select This co...

Page 725: ...onally Specific TLVs The respective TLV will be encapsulated in LLDPDU and sent to other devices if the advertisement state is enabled Example This example shows how to enable the advertising MAC PHY Configuration Status TLV Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if lldp dot3 tlv select mac phy config Switch config if 61 6 lldp fast count This command is use...

Page 726: ...LUE Specifies the multiplier on the LLDPDUs transmission interval that used to compute the TTL value of an LLDPDU This value must be between 2 and 10 Default By default this value is 4 Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This parameter is a multiplier on the LLDPDUs transmission interval that is used to compute the TTL value in an LLDPDU The lifeti...

Page 727: ...V will be advertised Once the administrator configures an address both of the default IPv4 and IPv6 management address will become inactive and won t be sent The default IPv4 or IPv6 address will be active again when all the configured addresses are removed Multiple IPv4 IPv6 management addresses can be configured by using this command multiple times Use the no lldp management address command with...

Page 728: ...med tlv select This command is used to specify which optional LLDP MED TLV will be transmitted and encapsulated in the LLDPDUs and sent to neighbor devices To disable the transmission of the TLVs use the no form of this command lldp med tlv select capabilities inventory management no lldp med tlv select capabilities inventory management Parameters capabilities Optional Specifies to transmit the LL...

Page 729: ... lldp receive This command is used to enable a physical interface to receive LLDP messages Use the no form of this command to disable receiving LLDP messages lldp receive no lldp receive Parameters None Default LLDP is enabled on all supported interfaces Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is available for physical port configuratio...

Page 730: ...sical interface will wait for the re initialization delay after the last disable command before reinitializing Example This example shows how to configure the re initialization delay interval to 5 seconds Switch configure terminal Switch config lldp reinit 5 Switch config 61 12 lldp run This command is used to enable the Link Layer Discovery Protocol LLDP globally Use the no form of this command t...

Page 731: ...ple shows how to enable LLDP Switch configure terminal Switch config lldp run Switch config 61 13 lldp forward This command is used to enable the LLDP forwarding state Use the no form of this command to revert to the default settings lldp forward no lldp forward Parameters None Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Gu...

Page 732: ...re system name Optional Specifies the system name TLV to send The system name should be the system s fully qualified domain name Default No optional 802 1AB basic management TLV is selected Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is available for physical port configuration This command is used to select the optional TLVs to be transmit...

Page 733: ...witch configure terminal Switch config interface ethernet 1 0 1 Switch config if lldp transmit Switch config if 61 16 lldp tx delay This command is used to configure the transmission delay timer This delay timer defines the minimum interval between the sending of LLDP messages due to constantly changing MIB content Use the no form of this command to return to the default settings lldp tx delay SEC...

Page 734: ...o the default settings lldp tx interval SECONDS no lldp tx interval Parameters SECONDS Specifies the interval between consecutive transmissions of LLDP advertisements on each physical interface The range is from 5 to 32768 seconds Default By default this value is 30 seconds Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This interval controls the rate at whic...

Page 735: ...le the LLDP MED trap Switch configure terminal Switch config snmp server enable traps lldp med Switch config 61 19 lldp notification enable This command is used to enable the sending of LLDP and LLDP MED notifications for the interface Use the no form of the command to disable the sending lldp med notification enable no lldp med notification enable Parameters med Optional Specifies to enable the L...

Page 736: ...will be encoded with the MAC address local Specifies the subtype of the port ID TLV to use Locally assigned 7 and the field of port ID will be encoded with the port number Default The subtype of port ID TLV is local port number Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to specify the subtype of LLDP TLV s A port ID subtype is used to ...

Page 737: ...stem Description TenGigabit Ethernet Switch System Capabilities Supported Repeater Bridge System Capabilities Enabled Repeater Bridge LLDP MED System Information Device Class Network Connectivity Device Hardware Revision B1 Firmware Revision 1 10 008 Software Revision 2 40 041 Serial Number D1234567890 Manufacturer Name D Link Model Name DXS 3600 16S TenGigabit Ethernet Asset ID LLDP Configuration...

Page 738: ...vel Level 1 Usage Guideline This command displays the LLDP information of each physical interface Example This example shows how to display a specific physical interface s LLDP configuration Switch show lldp interface ethernet 1 0 1 Port ID eth1 0 1 Port ID eth1 0 1 Admin Status TX and RX Notification Disabled Basic Management TLVs Port Description Disabled System Name Disabled System Description ...

Page 739: ...list is the configured enabled VLANs If there is no configured PPVID VLAN the string is None Enabled VLAN Name This indicating string is shown when there are enabled VLANs for sending VLAN Name TLVs The VLAN list includes the configured enabled VLANs If there is no configured VLAN for the VLAN Name TLV the string is None Enabled Protocol Identity Displays the enabled protocol string for protocol i...

Page 740: ...hows how to display the local information of port 1 in detailed mode Switch show lldp local interface ethernet 1 0 1 detail Port ID eth1 0 1 Port ID Subtype Local Port ID eth1 0 1 Port Description D Link Corporation DXS 3600 32S 2 40 042 Port 1 on Unit 1 Port PVID 1 Management Address Count 2 Address 1 default Subtype IPv4 Address 10 90 90 90 IF Type IfIndex OID 1 3 6 1 4 1 171 10 127 1 Address 2 ...

Page 741: ...ower Via MDI PD Not Support Inventory Support ETS Basic Configuration Credit Based Shaper Support Disabled Traffic Classes Supported 8 Willing Disabled ETS Configuration Priority Assignment priority0 2 priority1 0 priority2 1 priority3 3 priority4 4 priority5 5 priority6 6 priority7 7 ETS Configuration Traffic Class Bandwidth TC0 4 TC1 7 TC2 11 TC3 14 TC4 18 TC5 21 TC6 25 TC7 0 ETS Configuration T...

Page 742: ...C capability 8 PFC Enable priority0 Disabled priority1 Disabled priority2 Disabled priority3 Disabled priority4 Disabled priority5 Disabled priority6 Disabled priority7 Disabled Switch This example shows how to display the local information of port 1 in normal mode Switch show lldp local interface ethernet 1 0 1 Port ID eth1 0 1 Port ID Subtype Local Port ID eth1 0 1 Port Description D Link Corpor...

Page 743: ...show lldp management address This command is used to display the management address information show lldp management address IP ADDRESS IPV6 ADDRESS Parameters IP ADDRESS Optional Specifies to display the LLDP management information for a specific IPv4 address IPV6 ADDRESS Optional Specifies to display the LLDP management information for a specific IPv6 address Default None Command Mode User EXEC ...

Page 744: ...CE ID brief detail Parameters INTERFACE ID Specifies the interface ID Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No spaces before and after the comma Optional Specifies a range of interfaces No spaces before and after the hyphen brief Optional Specifies to display the information in brief mode detail Optional Specifies to display the informati...

Page 745: ...t Address Count 0 None Port VLAN ID 0 PPVID Entries Count 0 None VLAN Name Entries Count 0 None Protocol ID Entries Count 0 None MAC PHY Configuration Status None Power Via MDI None Link Aggregation None Maximum Frame Size 0 Unknown TLVs Count 0 None LLDP MED capabilities LLDP MED device class Endpoint device class III LLDP MED capabilities support LLDP MED capabilities Support Network Policy Supp...

Page 746: ...bled Repeater Bridge Management Address Count 1 Port VLAN ID 1 PPVID Entries Count 5 VLAN Name Entries Count 3 Protocol ID Entries Count 2 MAC PHY Configuration Status See Detail Power Via MDI See Detail Link Aggregation See Detail Maximum Frame Size 1536 LLDP MED capabilities See Detail Network policy See Detail Extended Power Via MDI See Detail Inventory Management See Detail Unknown TLVs Count ...

Page 747: ...nt 2 Entity 1 Chassis ID Subtype MAC Address Chassis ID 00 01 02 03 04 01 Port ID Subtype Local Port ID eth1 0 1 Port Description RMON Port 1 on Unit 3 Entity 2 Chassis ID Subtype MAC Address Chassis ID 00 01 02 03 04 02 Port ID Subtype Local Port ID eth1 0 2 Port Description RMON Port 1 on Unit 4 Port ID eth1 0 2 Remote Entities Count 3 Entity 1 Chassis ID Subtype MAC Address Chassis ID 00 01 02 ...

Page 748: ...mple shows how to display global LLDP traffic information Switch show lldp traffic Last Change Time 7958183 Total Inserts 7 Total Deletes 0 Total Drops 0 Total Ageouts 0 Switch Display Parameters Last Change Time The amount of time since the last update to the remote table in days hours minutes and seconds Total Inserts Total number of inserts to the remote data table Total Deletes Total number of...

Page 749: ... the hyphen Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays LLDP traffic on each physical interface Example This example shows how to display statistics information of port 1 Switch show lldp traffic interface ethernet 1 0 1 Port ID eth1 0 1 Total Transmits 0 Total Discards 0 Total Errors 0 Total Receives 0 Total TLV...

Page 750: ...ived on the port Total TLV Discards The number of TLVs discarded Total TLV Unknowns The total number of LLDP TLVs received on the port where the type value is in the reserved range and not recognized Total Ageouts The total number of times a complete remote data entry was deleted for the port because the Time to Live interval expired ...

Page 751: ... an LBD enabled port detects a loop condition packet transmitting and receiving is disabled at the port When doing VLAN based detection the port will periodically send VLAN based LBD packets for each VLAN that the port has membership of the VLAN is enabled for loop detection If the port is a tagged member of the detecting VLAN tagged LBD packets are sent If the port is an untagged member of the de...

Page 752: ...to enable the loopback detection function for an interface Use no form of the command to disable the function for an interface loopback detection no loopback detection Parameters None Default By default this option is disabled Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to enable the loopback detection function on an interface This comm...

Page 753: ...le shows how to configure the time interval to 20 seconds Switch configure terminal Switch config loopback detection interval 20 Switch config 62 4 loopback detection vlan This command is used to configure the VLANs to be enabled for loop detection Use no command to return to the default settings loopback detection vlan VLAN LIST no loopback detection vlan VLAN LIST Parameters VLAN LIST Optional S...

Page 754: ...back detection This command is used to display the current loopback detection control settings show loopback detection interface INTERFACE ID Parameters interface INTERFACE ID Optional Specifies the interface s ID to be displayed Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No spaces are allowed before and after the comma Optional Specifies a ra...

Page 755: ...led Normal eth1 0 20 Disabled Normal eth1 0 21 Disabled Normal eth1 0 22 Disabled Normal eth1 0 23 Disabled Normal eth1 0 24 Disabled Normal Switch This example shows how to displays the loopback detection status for port 1 0 1 Switch show loopback detection interface ethernet 1 0 1 Interface State Result Time Left sec eth1 0 1 Disabled Normal Switch Display Parameters Interface Indicates the port...

Page 756: ...abled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to enable the sending of SNMP notifications for loopback detection Use the no command to return to the default settings Example This example shows how to enable the sending of SNMP notifications for loopback detection Switch configure terminal Switch config snmp server enable traps loop...

Page 757: ...re designed to authenticate a user by MAC address when the user is trying to access the network via the switch The switch itself can perform the authentication based on a local database or be a RADIUS client and perform the authentication process via the RADIUS protocol with a remote RADIUS server Example This example shows how to enable MAC authentication globally Switch configure terminal Switch...

Page 758: ...ig if 63 3 mac auth password This command is used to configure the password of authentication for local and RADIUS authentication Use the no form of this command to reset the password to the default setting mac auth password 0 7 STRING no mac auth password Parameters 0 Optional Specifies the password in the clear text form If neither 0 nor 7 are specified the default form will be clear text 7 Opti...

Page 759: ...the string cannot be over 16 characters Default By default the username is the client s MAC address Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to configure the username used in the authentication of MAC address users The username is used in the authentication via both the local database and remote servers If the command is not configu...

Page 760: ...arameters None Default By default this feature is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline None Example This example shows how to enable the sending of traps for MAC authentication Switch configure terminal Switch config snmp server enable traps mac auth Switch config ...

Page 761: ...PAN session Both physical ports and port channels are valid as destination interfaces for monitor sessions For a monitor session multiple source interfaces can be specified but only one destination interface can be specified An interface cannot be a source interface of one session and destination port of another session simultaneously An interface can be configured as the destination interface of ...

Page 762: ...t from the destination port on a RSPAN source switch The valid range is from 1 to 4094 Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command on the source switch of an RSPAN session The monitor session destination remote vlan command configures the destination port used to transmit the monitor packets and the RSPAN VLAN used to tag the ...

Page 763: ...SSION NUMBER Specifies the session number for the monitor session The valid range is 1 to 4 interface INTERFACE ID Specifies the source interface for a monitor session Optional Specifies the number of interfaces or separate a range of interfaces from a previous range No spaces before and after the comma Optional Specifies a range of interfaces No spaces before and after the hyphen both Optional Sp...

Page 764: ...rce interface ethernet 1 0 2 4 Switch config 64 4 monitor session source acl This command is used to configure an access list for flow based monitoring Use the no form of this command to remove an access list for flow based monitoring monitor session SESSION NUMBER source acl ACCESS LIST NAME no monitor session SESSION NUMBER source acl ACCESS LIST NAME Parameters SESSION NUMBER Specifies the sess...

Page 765: ...stination switch of an RSPAN session The monitor session source remote vlan command configures the VLAN that the monitored source packets are tunneled to the switch from the remote site Use the monitor session destination interface command to configure the destination port to transmit the monitored packet Each session should be configured with a unique RSPAN VLAN Use the remote span command in the...

Page 766: ...nitoring The valid range is from 1 to 4094 Optional Specifies the number of VLANs or separate a range of interfaces from a previous range No spaces before and after the comma Optional Specifies a range of VLANs No spaces before and after the hyphen rx Specifies to monitor the packets received on the VLAN Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guide...

Page 767: ...nvolved in a RSPAN session the port that the monitored packet arrives and the port that the monitored packets will be transmitted need to be configured as tagged member ports of the RSPAN VLAN Example This example shows how to assign VLAN 100 as the RSPAN VLAN in the middle switch of the RSPAN session Interface Ethernet3 0 1 is where the monitored packets arrive and Ethernet3 0 5 is where the moni...

Page 768: ...tor session with session number 1 Switch configure terminal Switch config no monitor session 1 Switch config 64 9 show monitor session This command is used to display all or a specific monitor session show monitor session SESSION NUMBER remote local Parameters SESSION NUMBER Optional Specifies the session number which you want to display local Optional Specifies to display the local session remote...

Page 769: ...how to display a created port monitor session with the session number 1 Switch show monitor session 1 Session 1 Session Type local session Destination Port Ethernet 1 0 1 Source Ports Both Ethernet 1 0 2 only for TX forwarding Ethernet 1 0 3 only for TX forwarding Ethernet 1 0 4 Total Entries 1 Switch ...

Page 770: ...n receiving MLD report packet from a downstream interface MLD proxy will update its membership database which is generated by the merger of all subscriptions on any downstream interface If the database is changed the proxy device will send unsolicited reports or leaves from upstream interface It can also send membership reports from the upstream interface when queried Example This example shows ho...

Page 771: ... mld proxy downstream This command is used to configure an interface as a downstream in MLD proxy Use the no form of this command to disable the proxy function on the interface ipv6 mld proxy downstream no ipv6 mld proxy downstream Parameters None Default None Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command only takes effect when the interface ...

Page 772: ...c for links that are considered downstream links by multiple MLD based forwarders MLD proxy uses the MLD querier election to elect a single forwarder on a LAN Administrators can use this command to make a non querier device to be forwarder Use the configuration in the appropriate topology Improper usage may cause local loops or redundant traffic This command does not take effect if the interface i...

Page 773: ...terface vlan11 vlan12 DF vlan13 DF Switch 65 6 show ipv6 mld proxy group This command is used to display multicast groups learned by the MLD proxy function show ipv6 mld proxy group GROUP ADDRESS Parameters GROUP ADDRESS Specifies the IPv6 multicast address Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display all gr...

Page 774: ... MLD proxy function show ipv6 mld proxy forwarding GROUP ADDRESS Parameters GROUP ADDRESS Specifies the IPv6 multicast address Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display all MLD proxy forwarding information by not specifying the group address Example This example shows how to display the forwarding informa...

Page 775: ...Switch CLI Reference Guide 770 Switch This example shows how to display detailed information of the group FF1E 330E 32 Switch show ipv6 mld proxy forwarding FF1E 330E 32 FF1E 330E 32 2000 2 vlan52 outgoing interface vlan20 vlan30 Total Entries 1 Switch ...

Page 776: ...AN is specified statistics for all VLANs are cleared interface INTERFACE ID Specifies the interface used Default None Command Mode Privilege EXEC Mode Command Default Level Level 12 Usage Guideline This command is used to clear the statistic counter of the switch Example This example shows how to clear all MLD snooping statistics Switch clear ipv6 mld snooping statistics all Switch 66 2 ipv6 mld s...

Page 777: ...ch config no ipv6 mld snooping Switch config This example shows how to enable MLD snooping operation on VLANs that are MLD snooping enabled Switch configure terminal Switch config ipv6 mld snooping Switch config This example shows how to enable MLD snooping on VLAN 1 Switch configure terminal Switch config vlan 1 Switch config vlan ipv6 mld snooping Switch config vlan 66 3 ipv6 mld snooping fast l...

Page 778: ... and send an STP triggered query on the specified interface ipv6 mld snooping ignore topology change notification no ipv6 mld snooping ignore topology change notification Parameters None Default By default this option is disabled Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is only available for VLAN interface configuration An MLD snooping s...

Page 779: ...re are no local members on the interface if there are no reports received after the response time Users can lower this interval to reduce the amount of time it takes a switch to detect the loss of the last member of a group Example This example shows how to configure the last listener query interval time to be 3 seconds Switch configure terminal Switch config vlan 1000 Switch config vlan ipv6 mld ...

Page 780: ...ast router port can be either dynamically learned or statically configured into an MLD snooping entity With the dynamic learning the MLD snooping entity will listen to MLD and PIMv6 packet to identify whether the partner device is a router Example This example shows how to configure Ethernet 1 0 1 as an MLD snooping multicast router port and eth1 2 as an MLD snooping forbidden multicast router por...

Page 781: ...rce MAC of the report If the VLAN has no IP address configured then system MAC will be used Example This example shows how to enable MLD snooping proxy reporting on VLAN 1 Switch configure terminal Switch config vlan 1 Switch config vlan ipv6 mld snooping proxy reporting Switch config vlan 66 8 ipv6 mld snooping querier This command is used to enable the MLD snooping querier on the switch Use the ...

Page 782: ...ECONDS no ipv6 mld snooping query interval Parameters SECONDS Specifies to configure the interval at which the designated router sends MLD general query messages The range is 1 to 31744 Default By default this value is 125 seconds Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The command is only available for VLAN interface configuration The query interva...

Page 783: ...e MLD Snooping deletes the membership Example This example shows how to configure the maximum response time to 20 seconds on an interface Switch configure terminal Switch config vlan 1000 Switch config vlan ipv6 mld snooping query max response time 20 Switch config vlan 66 11 ipv6 mld snooping query version This command is used to configure the general query packet version sent by the MLD snooping...

Page 784: ...d to disable the rate limit ipv6 mld snooping rate limit NUMBER no ipv6 mld snooping rate limit Parameters NUMBER Specifies to configure the rate of the MLD control packet that the switch can process on a specific interface The rate is specified in packets per second Default By default this option is disabled Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline ...

Page 785: ... the switch suppresses the duplicate reports sent by hosts The suppression for the same group report or leave will continue until the suppression time expired For report or leave messages to the same group only one report or leave message is forwarded The remaining report and leave messages are suppressed Example This example shows how to enable MLD report suppression Switch configure terminal Swi...

Page 786: ...nterval Last listener query count The number of group specific queries sent before the router assumes there are no local listeners of a group The default number is the value of the robustness variable User can increase this value if a subnet is expected to be loose Example This example shows how to configure the robustness variable to be 3 on interface VLAN 1000 Switch configure terminal Switch co...

Page 787: ... to configure the interval of suppressing duplicate MLD reports or leaves Use the no form of the command to revert to the default setting ipv6 mld snooping suppression time SECONDS no ipv6 mld snooping suppression time Parameters SECONDS Specifies to configure the interval of suppressing duplicates MLD reports The range is 1 to 300 Default By default this value is 10 seconds Command Mode Interface...

Page 788: ...ration Mode Command Default Level Level 12 Usage Guideline The command is only available for VLAN interface configuration This setting only applies to filtering of MLD membership reports Example This example shows how to restrict all MLDv1 hosts to join Switch configure terminal Switch config vlan 1 Switch config vlan ipv6 mld snooping minimum version 2 Switch config vlan 66 18 show ipv6 mld snoop...

Page 789: ...Querier state Enabled Non active Query version v2 Query interval 125 Max response time 10 seconds Robustness value 2 Last listener query interval 1 second Rate limit 50 Ignore topology change Disabled Total Entries 1 Switch 66 19 show ipv6 mld snooping filter This command is used to display MLD snooping filter information for all interfaces on the switch or for a specified interface show ipv6 mld ...

Page 790: ...p mld_filter Groups Channel Limit Not Configured vlan1 Access group mld_filter Groups Channel Limit Not Configured vlan2 Access group Not Configured Groups Channel Limit 100 exceed action replace port channel4 Rate limit 200pps Access group Not Configured Groups Channel Limit Not Configured Switch 66 20 show ipv6 mld snooping groups This command is used to display MLD snooping group related inform...

Page 791: ...2 0 7 1 FF1E 3 EX 258 2 0 7 1 FF1E 4 3620 110 1 3a2b IN 258 2 0 7 Total Entries 3 Switch 66 21 show ipv6 mld snooping mrouter This command is used to display MLD snooping multicast router information automatically learned or manually configured on the switch show ipv6 mld snooping mrouter vlan VLAN ID Parameters vlan VLAN ID Optional Specifies the VLAN If no VLAN is specified MLD snooping Multicas...

Page 792: ...e INTERFACE ID vlan VLAN ID Parameters interface INTERFACE ID Specifies the interface of which to display the port statistics counter vlan VLAN ID Specifies the VLAN of which to display the VLAN statistics Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays the MLD snooping related statistics information Example This exa...

Page 793: ...rface eth4 0 4 Rx V1Report 3 v2Report 0 Query 3 v1Done 0 Tx v1Report 2 v2Report 2 Query 1 v1Done 2 Total Entries 3 Switch show ipv6 mld snooping statistics vlan 1 VLAN 1 Statistics Rx V1Report 3 v2Report 0 Query 3 v1Done 0 Tx v1Report 2 v2Report 2 Query 1 v1Done 2 Total Entries 1 Switch ...

Page 794: ...nterface configuration This command only takes effect when the interface has an IPv6 address configured Example This example shows how to enable MLD on VLAN 1 Switch configure terminal Switch config interface vlan1 Switch config if ipv6 mld enable Switch config if 67 2 ipv6 mld last listener query count This command is used to configure the number of group specific or group source specific queries...

Page 795: ...o configure the MLD last listener query interval on an interface Use the no form of the command to revert to the default setting ipv6 mld last listener query interval SECONDS no ipv6 mld last listener query interval Parameters SECONDS Specifies the Interval in seconds for the amount of time between group specific or group source specific queries The valid range is 1 to 25 Default By default this v...

Page 796: ...Default By default this value is 125 seconds Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The command is only valid for the VLAN interface The user can use this command to modify the MLD query interval on an interface The MLD querier will send the general query at the interval specified by the query interval command On receiving the general query the MLD...

Page 797: ...age before the router deletes the membership Example This example shows how to configure the MLD query s maximum response time for VLAN 1000 It configures the MLD query maximum response time value to 10 seconds Switch configure terminal Switch config interface vlan1000 Switch config if ipv6 mld query max response time 10 Switch config if 67 6 ipv6 mld robustness variable This command is used to se...

Page 798: ... Last member query count The number of group specific queries sent before the router assumes there are no local members of a group The default number is the value of the robustness variable Users can increase this value if a subnet is expected to be loose Example This example shows how to configure the MLD robustness variable to 3 for VLAN 1000 Switch configure terminal Switch config interface vla...

Page 799: ...e network service provider to manage the IP multicast address easily When SSM is enabled the last hop router will initiate to establish a source based tree for the channel S G on receiving a S G INCLUDE mode request falls in the SSM range from the attached MLDv2 hosts There are cases that the attached host is an MLDv1 host which only issue G requests With the SSM mapping if the multicast group req...

Page 800: ...this command to modify the MLD query version on an interface Example This example shows how to configure the MLD version 1 Switch configure terminal Switch config interface vlan1000 Switch config if ipv6 mld version 1 Switch config if 67 10 show ipv6 mld groups This command is used to display MLD group information on an interface show ipv6 mld groups GROUP ADDRESS interface INTERFACE ID detail Par...

Page 801: ...2 1 ff23 86cc detail Interface vlan1 Group FF02 1 FF23 86CC Uptime 0DT00H00M42S Expires Stopped Group mode Include Last reporter FE80 202 B3FF FEF0 79D8 Group source list Source Address Uptime Expire 2004 4 6 0DT00H00M42S 0DT00H03M38S Total Source Entries 1 Total Entries 1 Switch Display Parameters Uptime The time elapsed since the entry has been created in the format of n DT n H n M n S Expires T...

Page 802: ...EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display MLD information on all interfaces Example This example shows how to display MLD interface information on VLAN 1000 Switch show ipv6 mld interface vlan1000 VLAN 1000 Version 2 IPv6 Address Netmask FE80 260 3EFF FE86 5649 10 MLD State Enabled Querier FE80 233 1265 3322 6387 Query Interval 125 sec...

Page 803: ...ne Use this command to display the SSM source address mapping for a specified multicast group Example This example shows how to display the SSM mapping for group address ff32 1 ff23 86cc Switch show ipv6 mld ssm map ff32 1 ff23 86cc SSM Mapping Enabled Group address ff32 1 ff23 86cc Source list 2001 0DB8 2 2001 0DB8 3 Switch Display Parameters SSM Mapping Enabled Disabled Indicates the SSM mapping...

Page 804: ...2 Usage Guideline None Example This example shows how to enable the MSDP function Switch configure terminal Switch config ip msdp Switch config 68 2 ip msdp connect retry interval This command is used to configure the interval at which MSDP peers will wait after peering sessions are reset before attempting to re establish Use the no command to revert to default setting ip msdp connect retry interv...

Page 805: ...filter Parameters list ACCESS LIST NAME Specifies the name of the standard IP access list that defines S G pairs Default By default the Source Active message originating filter is not configured Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline An RP is configured to run MSDP and will originate Source Active messages for all local sources that register with this...

Page 806: ...sage Guideline The interval for Source Active originating is 60 seconds and it cannot be modified so the Source Active cache expiry time allows for the tuning of expected packet loss on a network implicitly Example This example shows how to configure the expiry time for Source Active cache Switch configure terminal Switch config ip msdp sa cache time 210 Switch config 68 5 ip msdp peer This comman...

Page 807: ...scription for an MSDP peer to make it easier to identify Use the no command to delete the description ip msdp peer description PEER ADDRESS STRING no ip msdp peer description PEER ADDRESS Parameters PEER ADDRESS Specifies the MSDP peer IP address STRING Specifies the description of the MSDP peer Default By default there is no description for the MSDP peer Command Mode Global Configuration Mode Com...

Page 808: ... If the MSDP peer is in the shutdown state the TCP connection between two peers won t be established If the MSDP peer was changed into the no shutdown state the TCP connection between two peers will attempt to re establish Example This example shows how to shut down the peer 10 1 1 1 Switch configure terminal Switch config ip msdp peer shutdown 10 1 1 1 Switch config 68 8 ip msdp peer password Thi...

Page 809: ...ue ip msdp peer keep alive PEER ADDRESS SECONDS infinity no ip msdp peer keep alive PEER ADDRESS Parameters PEER ADDRESS Specifies the MSDP peer IP address SECONDS Specifies the keep alive interval of the MSDP peer in seconds The range is from 1 to 21845 infinity Specifies the MSDP peer to never send keep alive message Default By default the keep alive interval is 60 seconds Command Mode Global Co...

Page 810: ... Default By default the hold time interval is 75 seconds Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The hold time interval must be larger than keep alive time configured on the remote side of the MSDP TCP connection Otherwise the MSDP TCP connection may be disconnected before receiving the MSDP keep alive message Example This example shows how to configur...

Page 811: ... example shows how to configure the Source Active message incoming filter Switch configure terminal Switch config ip msdp peer sa filter in 10 1 1 1 list msdp_in Switch config 68 12 ip msdp peer sa filter out This command is used to control the Source Active messages that forwards to a peer Use the no command to return this to the default setting ip msdp peer sa filter out PEER ADDRESS list ACCESS...

Page 812: ...ies the name of the standard IP access list that defines the group Default By default the Source Active request message filter is not configured Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The router will process all Source Active request messages from a specified peer By configuring ip msdp sa filter request without any parameters the router will stop pro...

Page 813: ...peer the Source Active message was sent to the Source Active will not be sent out Example This example shows how to configure the minimum TTL value Switch configure terminal Switch config ip msdp peer minimum ttl 10 1 1 1 100 Switch config 68 15 ip msdp peer sa cache maximum This command is used to configure the maximum number of Source Active cache entries learned from the peer Use the no command...

Page 814: ...DP peer from which to accept all MSDP messages Use the no command to remove the static RPF configuration ip msdp static rpf PEER ADDRESS rp list ACCESS LIST NAME no ip msdp static rpf PEER ADDRESS Parameters PEER ADDRESS Specifies the MSDP peer IP address rp list ACCESS LIST NAME Specifies the name of the standard IP access list that defines the RP prefix list Default By default a static RPF peer ...

Page 815: ...H NAME Specifies the name of the mesh group Default By default the mesh group is not defined Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Before adding an MSDP peer to the mesh group an MSDP peer must be added first using the ip msdp peer command If an MSDP peer has been added to multiple mesh groups only the last configuration takes effect Example This exa...

Page 816: ...1 1 Switch 68 19 clear ip msdp statistics This command is used to clear the statistic counters of the specified MSDP peer clear ip msdp statistics PEER ADDRESS Parameters PEER ADDRESS Optional Specifies the MSDP peer IP address Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline If the MSDP peer address is not specified the statistic counters of all MSDP p...

Page 817: ... Source Active cache entries will be cleared Example This example shows how to clear all Source Active cache entries Switch clear ip msdp sa cache Switch 68 21 show ip msdp This command is used to display the MSDP global configuration show ip msdp Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to disp...

Page 818: ...his command to display MSDP peer information If the peer IP address is specified then detailed information of the peer will be displayed If the peer IP address is not specified then all MSDP peers summary information will be displayed Example This example shows how to display all MSDP peers summary information Switch show ip msdp peer MSDP Peer Information Configured Shutdown Down Connect Listen U...

Page 819: ...The address of the remote MSDP peer Description The MSDP peer description used to make it easier to identify Mesh Group The mesh group name which this MSDP peer belongs to Static RPF The static RPF configuration on this MSDP peer State The state of the TCP connection with this MSDP peer The state DISABLED and INACTIVE in RFC3618 display as state Down and the state ESTABISHED in RFC3618 displays as...

Page 820: ...xcluding encapsulated data packets which are received from this peer and the number of those transmitted to this peer Incoming Outgoing SA messages The number of MSDP SA messages which are received from this peer and the number of those transmitted to this peer Incoming Outgoing SA requests The number of MSDP SA request messages which are received from this peer and the number of those transmitted...

Page 821: ...00S 230 1 1 3 192 168 120 1 192 168 122 1 10 1 1 1 0DT00H05M04S 0DT00H02M00S Total Entries 4 Switch 68 24 show ip msdp static rpf This command is used to display the static RPF peer configuration show ip msdp static rpf PEER ADDRESS Parameters PEER ADDRESS Optional Specifies the MSDP peer IP address Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage G...

Page 822: ... Optional Specifies the MSDP peer IP address Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display MSDP mesh group configuration Example This example shows how to display MSDP mesh group configuration Switch show ip msdp mesh group MSDP Mesh Group Information Peer s Address Group Name 10 1 1 1 group1 10 1 2 1 gro...

Page 823: ...rocess in multicast VLAN Default Multicast VLAN for the IPv4 packet process is disabled Multicast VLAN for the IPv6 packet process is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to enable multicast VLAN and configure some options for the multicast VLAN feature Example This example shows how to enable the multicast VLAN feature...

Page 824: ... VLAN member ports depending on the setting of this command If forward unmatched is disabled then the packet is dropped If forward unmatched is enabled then the packet is flooded If there are no matches against all multicast VLANs and the packet s VLAN is not configured as the multicast VLAN then the IGMP MLD packet will not be handled by multicast VLAN If the IGMP MLD report leave done packet rec...

Page 825: ...he same time Example This example shows how to create the multicast VLAN 100 Switch configure terminal Switch config mvlan ipv4 enable Switch config mvlan vlan 100 Switch config mvlan 69 4 member This command is used to configure interfaces as source ports or as receiver ports of a multicast VLAN Use the no form of this command to remove receiver ports or source ports member receiver source tagged...

Page 826: ...er source ports in the Multicast VLAN A port can be the receiver port of multiple multicast VLANs at the same time There are some restrictions when configuring receiver and source ports for a Multicast VLAN In a single Multicast VLAN a port cannot be a receiver port and a source port at the same time The source ports in a single Multicast VLAN must all be either tagged members or untagged members ...

Page 827: ...ig mvlan name ip tv Switch config mvlan 69 6 replace priority This command is used to replace the priority of data traffic forwarded in the multicast VLAN Use the no form of this command to cancel the priority replacement replace priority ipv4 PRIORITY ipv6 PRIORITY no replace priority ipv4 ipv6 Parameters ipv4 PRIORITY Specifies the remap priority for IPv4 multicast packets forwarded on the multi...

Page 828: ...at the source IP address of the IGMP report leave packet received on any multicast VLAN source port will be replaced receiver Specifies that the source IP address of the IGMP report leave packet received on any multicast VLAN receiver port will be replaced both Specifies that the source IP address of the IGMP report leave packet received on any port in the multicast VLAN will be replaced Default N...

Page 829: ...LE NAME Specifies the name of the profile all Specifies to remove all multicast VLAN profiles Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline A profile is used to define group address ranges It will be used by multicast VLANs to check which multicast VLAN should be replaced through matching the group in the IGMP MLD packet Example This example sho...

Page 830: ...o access group configured then all multicast group will be learned with the multicast VLAN Example This example shows how to bind the profile mv_profile1 to multicast VLAN 100 Switch configure terminal Switch config mvlan 100 Switch config mvlan access group mv_profile1 Switch config mvlan 69 10 range This command is used to configure the multicast address range for a multicast VLAN profile Use th...

Page 831: ... 0 5 Switch config mvlan profile 69 11 show mvlan group profile This command is used to display the multicast group profile configuration show mvlan group profile PROFILE NAME Parameters PROFILE NAME Specifies the profile name Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display all group profiles by not specifying ...

Page 832: ... or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display all binding information by not specifying the VLAN ID Example This example shows how to display the group profiles associated with the multicast VLAN Switch show mvlan access group Multicast VLAN Multicast Group Profiles 100 mv_profile1 IP6 SET Total Entries 1 Switch 69 13 show mvlan This command i...

Page 833: ...rom receiver Replace priority 4 MVLAN 200 Untagged Receiver eth1 0 20 22 Tagged Receiver Untagged Source Tagged Source eth1 0 10 Replace Source IP 1 0 0 1 from both Not replace Replace priority Not replace Total Entries 2 Switch Display Parameters IPv4 Multicast VLAN State The state of the multicast VLAN function to process IPv4 packet It can be Disabled or Enabled IPv6 Multicast VLAN State The st...

Page 834: ...00 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 829 Replace Source IP The source IP address that will be replaced in the IGMP MLD control packets before forwarded in the multicast VLAN ...

Page 835: ...n 1 and 4094 Optional Specifies a series of VLAN or separate a range of interfaces from a previous range No space is allowed before and after the comma Optional Specifies a range of VLAN No space is allowed before and after the hyphen Default None Command Mode MST Configuration Mode Command Default Level Level 12 Usage Guideline Any unmapped VLAN is mapped to the CIST instance When mapping the VLA...

Page 836: ...12 Usage Guideline Two or more switches with the same VLAN mapping and configuration version number are considered to be in different MST regions if the region names are different Example This example shows how to configure the MSTP configuration name to MName Switch configure terminal Switch config spanning tree mst configuration Switch config mst name MName Switch config mst 70 3 revision This c...

Page 837: ...iguration Specifies to display the table for the mapping relationship between VLANs and MSTP Instances digest Specifies to display the MD5 digest included in the current MST configuration identifier MSTCI instance INSTANCE ID Specifies to display the MSTP information for the designated instance only Define multiple instances by using to specify a series of instances or to separate a range of insta...

Page 838: ...ority 128 cost 20000 Designated root address 00 02 17 2C F4 00 priority 32768 cost 0 Regional root address 00 02 17 2C F4 00 Priority 32768 Designated bridge address 00 02 17 2C F4 00 priority 32768 port id 128 1 eth1 0 2 Port state forwarding Port role designated Port info port ID 128 193 priority 128 cost 200000 Designated root address 00 02 17 2C F4 00 priority 32768 cost 0 Regional root addres...

Page 839: ...l eth1 0 1 Configured link type auto operation status point to point Configured fast forwarding auto operation status edge Bpdu statistic counter sent 4 received 0 MST instance 00 vlans mapped 1 2 4 2999 4000 4094 Port state forwarding Port role designated Port info port ID 128 1 priority 128 cost 20000 Designated root address 00 02 17 2C F4 00 priority 32768 cost 0 Regional root address 00 02 17 ...

Page 840: ...0 Priority Link Interface Role State Cost Port Type Edge eth1 0 9 designated forwarding 20000 128 9 p2p edge eth1 0 10 backup blocking 200000 128 10 p2p non edge eth1 0 11 backup blocking 200000 128 11 shared edge eth1 0 12 root forwarding 2000 128 12 p2p edge Switch This example shows how to display MSTP summary information for interfaces ethernet 1 0 3 to 1 0 4 Switch show spanning tree mst inte...

Page 841: ...h This example shows how to display MSTP instance mapping configuration Switch show spanning tree mst configuration Name region1 Revision 2 Instances configured 3 Instance Vlans 0 21 4094 1 1 10 2 11 20 Switch 70 5 spanning tree mst This command is used to configure the path cost and port priority parameters for any MST instance including the CIST with instance ID 0 To return to the default settin...

Page 842: ...ace s path cost Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if spanning tree mst 0 cost 17031970 Switch config if 70 6 spanning tree mst configuration This command is used to enter the MST Configuration Mode To return to the default settings use the no form of this command spanning tree mst configuration no spanning tree mst configuration Parameters None Default ...

Page 843: ...ode Command Default Level Level 12 Usage Guideline Use this command to configure the maximum hops for MSTP Example This example shows how to configure the MSTP maximum hop count value Switch configure terminal Switch config spanning tree mst max hops 19 Switch config 70 8 spanning tree mst hello time This command is used to configure the per port hello time used in the MSTP version Use the no form...

Page 844: ...o return the setting to the default setting spanning tree mst INSTANCE ID priority PRIORITY no spanning tree mst INSTANCE ID priority Parameters INSTANCE ID Specifies the MSTP instance identifier Instance 0 represents the default instance CIST PRIORITY Specifies the bridge priority value that must be divisible by 4096 The range is from 0 to 61440 Default By default this value is 32768 Command Mode...

Page 845: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 840 ...

Page 846: ...conds Maximum time 600 seconds Command Mode LDP Configuration Mode Command Default Level Level 12 Usage Guideline The LDP back off delay time is a mechanism to prevent an endless sequence of session setup failures that occur between two LSRs with incompatible settings Example This example shows how to configure the initial and maximum back off delay time to 100 and 200 seconds Switch configure ter...

Page 847: ...s policy policy1 Switch config mpls qos class map cos exp 0 to 0 Switch config mpls qos class map cos exp 1 to 1 Switch config mpls qos class map cos exp 2 to 2 Switch config mpls qos class map cos exp 3 to 3 Switch config mpls qos class map cos exp 4 to 4 Switch config mpls qos class map cos exp 5 to 5 Switch config mpls qos class map cos exp 6 7 to 6 Switch config mpls qos 71 3 class map exp cos...

Page 848: ...rminal Switch config mpls qos policy policy1 Switch config mpls qos class map exp cos 0 2 7 to 3 Switch config mpls qos class map exp cos 1 to 6 Switch config mpls qos 71 4 clear mpls ldp neighbor This command is used to clear LDP neighbor sessions clear mpls ldp neighbor all IP ADDRESS Parameters all Specifies to clear all neighbors IP ADDRESS Specifies the IP address which is used as the peer LS...

Page 849: ...line LDP sends link hello messages at the configured interval to discover the neighbor For a discovered neighbor LDP maintains a hold timer The neighbor is timed out if the timer expired without the receipt of a hello message from the neighbor If the command is not configured for an interface the global setting takes effect If it is configured for an interface the interface setting takes effect Ex...

Page 850: ...to accept the targeted hello message Switch configure terminal Switch config interface vlan 10 Switch config if discovery targeted hello accept Switch config if 71 7 discovery targeted hello This command is used to configure the LDP hello hold time and hello interval for sessions to the targeted peer Use the no form of this command to restore the default value discovery targeted hello holdtime SEC...

Page 851: ...orm of this command to remove the transport address setting discovery transport address interface IP ADDRESS no discovery transport address Parameters interface Specifies to use the IP address of the corresponding interface as the transmission address for the session on each interface IP ADDRESS Specifies to use the specified IP address as the transmission address uniformly Default By default the ...

Page 852: ...vel Level 12 Usage Guideline If the mode is configured as Downstream on Demand mode the downstream LSR advertises a label mapping when an upstream connection makes an explicit request If the mode is configured as Downstream Unsolicited mode the downstream LSR advertises a label mapping when a label is learned in the routing table If the command is not configured for an interface the global setting...

Page 853: ... upstream will keep the outer label without popping Example This example shows how to configure the egress LSR advertise Explicit NULL label Switch configure terminal Switch config mpls ldp configuration Switch config ldp explicit null Warning The configuring will lead to LDP sessions restart Switch config ldp 71 11 keepalive holdtime This command is used to configure the keep alive hold time for ...

Page 854: ...on mode Use the no form of this command to restore the default value label retention mode liberal conservative no label retention mode Parameters liberal Specifies the liberal label retention mode conservative Specifies the conservative label retention mode Default By default the label retention mode is configured as liberal Command Mode LDP Configuration Mode Command Default Level Level 12 Usage ...

Page 855: ...label mapping messages to prevent looping of LDP messages If enabled LDP does not send the LDP message that violates the path vector check or hop count check to next hop Example This example shows how to enable LDP loop detection Switch configure terminal Switch config mpls ldp configuration Switch config ldp loop detection Warning The configuring will lead to LDP sessions restart Switch config ld...

Page 856: ... config ldp lsp control mode ordered Warning The configuring will lead to LDP sessions restart Switch config ldp 71 15 lsp trigger This command is used to configure an LSP trigger filter rule Use the no form of this command to remove the rule lsp trigger SN permit deny ip NETWORK PREFIX PREFIX LENGTH any no lsp trigger all SN Parameters SN Optional Specifies the sequence number of the LSP trigger ...

Page 857: ...gger 10 permit ip 192 1 1 0 24 Switch config ldp lsp trigger 20 deny any Switch config ldp 71 16 maxhops This command is used to configure the maximum number of hops permitted in the LSP setup Use the no form of this command to restore the default value maxhops VALUE no maxhops Parameters VALUE Specifies the maximum number of hops permitted in the LSP setup The range is from 1 to 255 Default By de...

Page 858: ...ult By default this option is disabled Command Mode MPLS QoS Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to apply a MPLS QoS policy to FECs The QoS policy will be applied to all MPLS packets of the FEC A FEC can only be bound to at most one policy Example This example shows how to apply the MPLS QoS policy1 to FEC 172 18 1 0 24 Switch configure terminal Switc...

Page 859: ...ny response to the sender The LSR ignores LDP Hellos from any LSR for which a password has not been configured Example This example shows how to enable LDP MD5 authentication Switch configure terminal Switch config mpls ldp configuration Switch config ldp md5 authentication Warning The configuring will lead to LDP sessions restart Switch config ldp 71 19 mpls ip This command is used in the global ...

Page 860: ...sable LDP mpls label protocol ldp no mpls label protocol ldp Parameters None Default By default this option is disabled Command Mode Interface Configuration Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline LDP is running on an interface only when MPLS and LDP are globally enabled MPLS and LDP are enabled on this interface Example This example shows how to enable LDP gl...

Page 861: ...p 71 22 mpls qos policy This command is used to enter the MPLS QoS configuration mode If the policy doesn t exist a new policy will be created Use no command to remove the policy mpls qos policy NAME no mpls qos policy all NAME Parameters NAME Specifies the MPLS QoS policy name The maximum name length is 32 characters all Specifies to remove all MPLS QoS policies Default None Command Mode Global C...

Page 862: ...nterface if there is outbound CoS EXP mapping table the EXP will always inherit the settings according to the mapping table Otherwise if the incoming packets have an MPLS label the EXP will not be modified If the incoming packets are not MPLS packets the EXP will be set to zero Example This example shows how to create an MPLS QoS policy called policy1 Switch configure terminal Switch config mpls q...

Page 863: ...lm all in label LABEL VALUE Parameters in label LABEL VALUE Specifies the incoming label value of the ILM forward action Specifies the forward behavior of this ILM entry swap label Specifies to swap the top label in the label stack and forward the MPLS packets to next hop pop Specifies to pop the top label in the label stack and forward the MPLS packets to next hop swap label LABEL VALUE Specifies...

Page 864: ...tore the default value neighbor IP ADDRESS password PASSWORD no neighbor IP ADDRESS password Parameters IP ADDRESS Specifies the peer IP address The IP address will be the peer s LSR ID PASSWORD Specifies the password in the clear text form Default By default a peer has no password Command Mode LDP Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to configure an L...

Page 865: ...mmand Default Level Level 12 Usage Guideline This command is used to create a targeted peer The targeted peer is used to establish the LDP session with the non directly connected neighbor Example This example shows how to create a targeted peer 110 10 10 1 Switch configure terminal Switch config mpls ldp configuration Switch config ldp neighbor 110 10 10 1 targeted Switch config ldp targeted peer ...

Page 866: ...at COUNT timeout SECONDS Parameters NETWORK PREFIX PREFIX LENGTH Specifies the IPv4 prefix FEC whose LSP connectivity will be checked repeat COUNT Specifies the number of times to send the same packet This value must be between 1 and 255 The default value is 4 timeout SECONDS Specifies the interval in seconds to send the MPLS request packet This value must be between 1 and 99 seconds The default v...

Page 867: ...check the connectivity of the LSP for network 110 1 1 0 24 Switch ping mpls ipv4 110 1 1 0 24 Request timed out Request timed out Request timed out Request timed out Ping Statistics for FEC 110 1 1 0 24 Packets Sent 4 Received 0 Lost 4 Switch 71 29 router id This command is used to configure the LSR ID of the LDP Use the no command to restore the LSR ID to the default value router id IP ADDRESS no...

Page 868: ... Switch config mpls ldp configuration Switch config ldp router id 110 10 10 30 Warning The configuring will lead to LDP sessions restart Switch config ldp 71 30 show mpls This command is used to display the MPLS settings or MPLS interfaces status show mpls interface INTERFACE ID Parameters interface Specifies to display the MPLS interface s status INTERFACE ID Optional Specifies the interface that...

Page 869: ...prefix FEC If not specified display all FECs detail Specifies to display detailed information of the MPLS label forwarding path information Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays the MPLS forwarding path information Example This example shows how to display all MPLS label forwarding path information Switch S...

Page 870: ... Out Interface VLAN 20 LSP 3 Type Egress Status Up FEC 172 1 1 1 32 Owner LDP In Label 1050 Out Label Pop Next Hop 172 18 1 1 Out Interface VLAN 10 LSP 4 Type Ingress Status Up FEC 192 1 1 0 24 Owner LDP In Label Out Label Push 1070 Next Hop 172 18 1 1 Out Interface VLAN 10 LSP 5 Type Ingress Status Up FEC VC11 192 1 1 1 Owner LDP In Label Out Label Push 1100 1070 Next Hop 172 18 1 1 Out Interface...

Page 871: ...splay all LDP label binding information Switch show mpls ldp bindings FEC 3 3 3 3 32 State Established In label 0 Upstream 2 2 2 2 Out label None Downstream None FEC 1 1 1 1 32 State Established In label None Upstream None Out label 172 Downstream 2 2 2 2 Total Entries 2 Switch 71 33 show mpls ldp discovery This command is used to display LDP peer information show mpls ldp discovery Parameters Non...

Page 872: ...Id 192 18 0 15 0 Targeted Hellos 10 1 1 1 10 133 0 33 ldp active xmit recv LDP Id 10 133 0 33 0 10 1 1 1 172 18 30 2 ldp passive xmit recv LDP Id 172 18 30 2 0 Switch 71 34 show mpls ldp information This command is used to display LDP global information show mpls ldp information Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guidel...

Page 873: ...ication Disabled PHP Explicit null Trap Status Disabled Switch 71 35 show mpls ldp interface This command is used to display LDP interface information show mpls ldp interface INTERFACE ID Parameters INTERFACE ID Optional Specifies the interface that will be displayed If not specified all interfaces information will be displayed Default None Command Mode User EXEC or Any Configuration Mode Command ...

Page 874: ... 71 36 show mpls ldp neighbor This command is used to display LDP peer information show mpls ldp neighbor IP ADDRESS Parameters IP ADDRESS Specifies the IP address used as the peer LSR ID If not specified all neighbors will be displayed Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display all peers learned by LD...

Page 875: ...th 0 Peer 202 20 1 1 0 Protocol Version 1 0 Transport address 202 20 1 1 Keep Alive Time 40 sec Distribution Method DU Loop Detect Disabled Path Vector Limit 0 Max PDU Length 1500 Total Entries 3 Switch 71 37 show mpls ldp neighbor password This command is used to display the LDP neighbor password show mpls ldp neighbor password Parameters None Default None Command Mode User EXEC or Any Configurat...

Page 876: ...eer configuration show mpls ldp neighbor targeted Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display all LDP targeted peer configurations Example This example shows how to display all LDP targeted peer configurations Switch show mpls ldp neighbor targeted Targeted Peer Hello Interval Hold Time ...

Page 877: ... This command is used to display all LDP sessions Example This example shows how to display all LDP session information Switch show mpls ldp session Peer Status Role Keep Alive Distribution Method 10 1 1 2 0 OPERATIONAL Active 40 Sec DU 20 1 1 2 0 OPERATIONAL Passive 40 Sec DU Total Entries 2 Switch This example shows how to display LDP session detailed information of peer 10 1 1 2 Switch show mpl...

Page 878: ... RX 1 Label Request Message TX 2 RX 1 Label Withdraw Message TX 0 RX 0 Label Release Message TX 0 RX 0 Label Abort Message TX 0 RX 0 Total Entries 1 Switch 71 40 show mpls ldp statistic This command is used to display LDP global statistic information show mpls ldp statistic Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline T...

Page 879: ...trigger This command is used to display MPLS LSP trigger filter rule s show mpls lsp trigger SN Parameters SN Optional Specifies the sequence number of the MPLS LSP trigger filter rule to be displayed If not specified all rules will be displayed Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display MPLS LSP trigger f...

Page 880: ...se QoS policy will be displayed Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the MPLS QoS policy settings Example This example shows how to displays all MPLS QoS settings Switch show mpls qos policy MPLS QoS Policy policy1 Trust EXP Inbound EXP to CoS EXP 0 1 2 3 4 5 6 7 CoS 0 1 2 3 4 5 6 6 Outbound CoS to E...

Page 881: ...onfiguration Mode Command Default Level Level 12 Usage Guideline This command used to configure the LDP trap state Example This example shows how to enable the LDP trap state Switch configure terminal Switch config snmp server enable traps mpls ldp Switch config 71 44 snmp server enable traps mpls lsp This command is used to enable the MPLS LSP trap state Use the no form of this command to disable...

Page 882: ...t be between 1 and 99 seconds The default value is 2 seconds Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used for hop by hop fault localization as well as path tracing the LSP of the specified FEC If there is no LSP for the specified FEC the Destination unreachable message will be displayed Otherwise MPLS echo request ...

Page 883: ...d to disable the trust trust exp no trust exp Parameters None Default By default this option is disabled Command Mode MPLS QoS Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to trust the incoming label s top most EXP as the priority If the EXP is trusted the matched packets are scheduled according to the EXP to the priority mapping of the MPLS QoS policy Otherwi...

Page 884: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 879 ...

Page 885: ...e Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to create an ND inspection policy This command will enter into the ND inspection policy configuration mode ND inspection is mainly for inspection of Neighbor Solicitation NS and Neighbor Advertisement NA messages Example This example shows how to create an ND policy name called policy1 Switch configure ...

Page 886: ...nspection validate source mac Switch config nd inspection 72 3 device role This command is used to specify the role of the attached device Use the no form of the command to reset to the default setting device role host router no device role Parameters host Specifies to set the role of the device to host router Specifies to set the role of the device to router Default By default the device s role i...

Page 887: ...de Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is available for physical port and port channel configuration The command is used to apply the ND Inspection policy on a specified interface If no policy name is specified the behavior of the default policy is as follows NS NA messages are inspected Layer 2 header source MAC address validations are disabled...

Page 888: ... Level 1 Usage Guideline If the policy name is specified only the specified policy information is displayed If the policy name is not specified information is displayed for all policies Example This example shows how to display the policy configuration for a policy named inspect1 and all the interfaces where the policy is applied Switch show ipv6 nd inspection policy inspect1 Policy inspect1 confi...

Page 889: ...It may cause unexpected behavior if it is functioning on hosts that send tagged packets If the authentication host mode is set to multi host the port will be added as a guest VLAN member port and the PVID of the port will change to guest VLAN Traffic that comes from guest VLAN can be forward whatever whether authenticated Traffic that comes from other VLANs will still be dropped until it pass auth...

Page 890: ...t is authenticated the client will not be re authenticated when received from other VLANs This option is useful for trunk ports to do per VLAN authentication control When a port s authentication mode is changed to multi host the previous authentication VLAN s on this port will be cleared Default By default multi auth is used Command Mode Interface Configuration Mode Command Default Level Level 12 ...

Page 891: ... Example This example shows how to enable periodic re authentication on Ethernet port 1 0 1 Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if authentication periodic Switch config if 73 4 authentication timer inactivity This command is used to configure the timer after which an inactive session is terminated Use the no form of the command to disable the inactivity t...

Page 892: ...thenticate a session Use the no form of the command to revert the setting to default authentication timer reauthentication SECONDS no authentication timer reauthentication Parameters SECONDS Specifies the timer to re authenticate a session The range is from 1 to 65535 Default By default this value is 3600 seconds Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guidel...

Page 893: ...itch config if authentication timer restart 20 Switch config if 73 7 authentication username This command is used to create a user in the local database for authentication Use the no form of this command to remove a user in the local database authentication username NAME password 0 7 PASSWORD vlan VLAN ID no authentication username NAME vlan Parameters NAME Specifies the username with a maximum of...

Page 894: ...ntication sessions clear authentication sessions mac wac dot1x all interface INTERFACE ID mac wac dot1x mac address MAC ADDRESS Parameters mac Specifies to clear all MAC sessions wac Specifies to clear all WAC sessions dot1x Specifies to clear all dot1x sessions all Specifies to clear all sessions interface INTERFACE ID Specifies a port to clear sessions mac address MAC ADDRESS Specifies a specifi...

Page 895: ...that when using as delimiter the format is AA BB CC DD EE FF dot Specifies that when using as delimiter the format is AA BB CC DD EE FF none Specifies that when not using any delimiter the format is AABBCCDDEEFF number Specifies the delimiter number value Choose one of the following delimiter options 1 Single delimiter the format is AABBCC DDEEFF 2 Double delimiters the format is AABB CCDD EEFF 5 ...

Page 896: ...in the global configuration mode and interface configuration mode If the command is configured in the global configuration mode the maximum user number limits the user number of the entire system If the command is configured in the interface configuration mode the maximum user number is set for the interface The maximum users being limited include 802 1X MAC based Access Control and WAC users In a...

Page 897: ...ization attributes with new port The authenticated host can do roaming from port 1 to port 2 and inherit the authorization attributes without re authentication If the new port has the different authentication configuration as the original port then re authentication is needed The authenticated host on port 1 can move and re authenticated by port 2 If the new port has no authentication method enabl...

Page 898: ...shows how to disable the authorization status Switch configure terminal Switch config no authorization disable Switch config 73 13 show authentication sessions This command is used to display authentication information show authentication sessions mac wac dot1x interface INTERFACE ID mac wac dot1x mac address MAC ADDRESS Parameters mac Specifies to display all MAC sessions wac Specifies to display...

Page 899: ...ication Authentication State The authentication status of host Start Host received but no any authentication start Initialization Authentication resource ready but no new authentication start Authenticating Host is under authenticating Failure Authentication failure Success Host pass authentication Accounting Session ID The accounting session ID that used to do accounting after authenticated Authe...

Page 900: ... that the state machine initialization has finished but no supplicant connects to this port CONNECTING Indicates that the switch has detected a supplicant connecting to this port The PAE will attempt to establish communication with a supplicant AUTHENTICATING Indicates that a supplicant is being authenticated AUTHENTICATED Indicates that the Authenticator has successfully authenticated the supplic...

Page 901: ...plicant is an illegal client The backend state machine will notify the authenticator PAE state machine and the supplicant TIMEOUT Indicates that the authentication server or supplicant has time out IDLE In this state the state machine is waiting for the Authenticator state machine to signal the start of a new authentication session INITIALIZE Indicates the authenticator is initializing the state m...

Page 902: ... Mode Command Default Level Level 12 Usage Guideline This command is used to create an NLB unicast MAC entry The Network Load Balancing NLB function is used to support the Microsoft server load balancing application where multiple servers can share the same IP address and MAC address The requests from clients will be forwarded to all the servers but will only be processed by one of them The server...

Page 903: ...et contains a destination address that matches the specified MAC address it will be forwarded to the specified interfaces vlan VLAN ID Specifies the VLAN ID of the entry The range is 1 to 4094 interface INTERFACE ID Specifies the interface to which the matched packets will be forwarded to Only physical ports are valid interfaces Optional Specifies a series of interfaces or separate a range of inte...

Page 904: ...lticast fdb 01 F3 22 0A 12 F4 vlan 1 interface ethernet 1 0 1 5 Switch config 74 3 show nlb fdb This command is used to display NLB configured entries show nlb fdb Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display NLB configured entries including unicast and multicast entries Example This exam...

Page 905: ...ault route The acceptable value is a 24 bit number from 0 to 65535 Default By default this value is 1 Command Mode Router Configuration Mode Command Default Level Level 12 Usage Guideline Use this command on the Area Border Router ABR that is attached to the stub area or NSSA area to specify the cost associated with the type 3 default route generated to the area Example This example shows how to a...

Page 906: ...e area nssa command to simplify administration if connecting a central site using OSPF to a remote site that is using a different routing protocol Extend OSPF to cover the remote connection by defining the area between the central router and the remote router as a NSSA For ASBR NSSA redistribution external routes will only be redistributed to the NSSA area when redistribution is configured for the...

Page 907: ...on the ABR to summarize the intra area routes This command can be used to specify the summarized route for area 0 or for the non zero area Multiple area range commands can be configured Thus OSPF can summarize addresses for multiple sets of address ranges Example This example shows how to configure one summary route to be advertised by the ABR to other areas for all subnets on network 192 168 0 0 ...

Page 908: ...SWORD message digest key KEY ID md5 KEY no area AREA ID virtual link ROUTER ID authentication hello interval dead interval message digest key KEY ID Parameters AREA ID Specifies the identifier of the area to establish the virtual link It can be specified as either a decimal value or as an IPv4 address ROUTER ID Specifies the router ID of the virtual link neighbor authentication Optional Specifies ...

Page 909: ...rval and dead interval of 5 and 10 seconds respectively Switch configure terminal Switch config router ospf Switch config router area 1 virtual link 10 10 11 50 dead interval 10 hello interval 5 Switch config router This example shows how to configure the parameters for a virtual link at area 1 and remote ID of 192 168 255 1 The key is defined is a simple password authentication defined as yourpas...

Page 910: ...xistence of a default route in the redistricted routes metric METRIC VALUE Optional Specifies the cost associated the generated default route If not specified the default metric cost is 1 The valid value is from 0 to 16777214 Default By default this feature is disabled Command Mode Router Configuration Mode Command Default Level Level 12 Usage Guideline The default information originate command is...

Page 911: ...and is used in conjunction with the redistribute router configuration command to cause the current routing protocol to use the default metric value for the redistributed routes that have no metric specified Example This example shows how to configure router redistributes RIP derived routes into the OSPF domain and that all redistributed routes are advertised with an OSPF metric of 10 Switch config...

Page 912: ...F routes The distance ospf command acts as the distance command which determines which routes will be installed in routing information base If the distance of specific OSPF routes is not configured the distance follows the value specified by the distance command Numerically an administrative distance is an integer from 1 to 255 In general the higher the value is the lower the rating of trustworthi...

Page 913: ...re terminal Switch config router ospf Switch config router host 172 16 10 100 area 1 Switch config router 75 11 ip ospf authentication This command is used to define the authentication mode for OSPF Use the no command to disable the authentication ip ospf authentication message digest no ip ospf authentication Parameters message digest Optional Specifies to use the message digest authentication De...

Page 914: ... Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command creates a password key that is inserted into the OSPF header when the router originates routing protocol packets Assign a separate password to each network for different interfaces Routers on the same network must use the same password to be able to exchange OSPF routing data Configure the routers in the...

Page 915: ...ted based on reference bandwidth The cost corresponds that the reference bandwidth is 1 Use the auto cost reference bandwidth command to set the reference bandwidth Use the ip ospf cost command to manually specify the cost Example This example shows how to configure the interface cost value to 10 on interface VLAN 1 Switch configure terminal Switch config interface vlan1 Switch config if ip ospf c...

Page 916: ... 75 15 ip ospf hello interval This command is used to specify the interval between hello packets To return to the default setting use the no form of this command ip ospf hello interval SECONDS no ip ospf hello interval Parameters SECONDS Specifies the interval in seconds This value must be between 1 and 65535 seconds Default By default this value is 10 seconds Command Mode Interface Configuration ...

Page 917: ...uted based on the locally defined message digest key corresponding to the same key ID The same key ID on the neighboring router should be defined with the same key string All the neighboring routers on the same interface must use the same key to exchange the OSPF packet with each other Normally all neighboring routers on the interface use the same key With the MD5 digest mode the user can rollover...

Page 918: ...a broadcast network only the designated router and backup designated router become adjacent neighbors of all other routers attached On point to point network only two routers become adjacent if they can communicate Example This example shows how to configure the OSPF network type to point to point on the VLAN 1 interface Switch configure terminal Switch config interface vlan1 Switch config if ip o...

Page 919: ...d router Example This example shows how to configure the OSPF priority value to 3 on the VLAN 1 interface Switch configure terminal Switch config interface vlan1 Switch config if ip ospf priority 3 Switch config if 75 19 ip ospf bfd This command is used to enable BFD on an interface Use the no command to disable BFD on an interface ip ospf bfd no ip ospf bfd Parameters None Default By default this...

Page 920: ...ifier of the area to be created Default None Command Mode Router Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to create an OSPF area on the interfaces The area will be created on an interface if the subnet configured on the interface falls in the range of the network specified by the command The interface that has a subnet defined that belongs to the network s...

Page 921: ...mmand is used to disable the sending and receiving of the OSPF routing updates on an interface Use the no command to enable the sending and receiving of routing updates passive interface default INTERFACE ID no passive interface default INTERFACE ID Parameters default Specifies the default state of a routing interface when its state is not individually specified INTERFACE ID Specifies the routing ...

Page 922: ...nk type of the route being redistributed into the OSPF routing domain It can be one of two values 1 Specifies to use the Type 1 external route 2 Specifies to use the Type 2 external route If a metric type is not specified the switch will adopt a Type 2 external route route map MAP NAME Optional Specifies the route map that filters the imported routes from this source routing protocol If not specif...

Page 923: ...ion originate command Example This example shows how BGP routes are redistributed into a OSPF domain Switch configure terminal Switch config router ospf Switch config router redistribute bgp metric 100 Switch config router 75 24 router ospf This command is used to configure an OSPF routing process To remove an OSPF routing process use the no form of this command router ospf vrf VRF NAME no router ...

Page 924: ...ly identifies the router within an Autonomous System Each router has a unique router ID If the router is already active when this command is configured the new router ID will not take effect immediately It is applied on the next reload or manual restart of the OSPF process Example This example shows how to configure the router ID to 10 10 10 60 Switch configure terminal Switch config router ospf S...

Page 925: ...r of areas attached to this router 5 Area 0 0 0 0 BACKBONE Number of interface in this area is 15 active interface number is 15 Number of fully adjacent neighbors in this area is 15 SPF algorithm executed 19 times Number of LSA 37 Area 0 0 0 1 Number of interface in this area is 1 active interface number is 1 Number of fully adjacent neighbors in this area is 1 SPF algorithm executed 19 times Numb...

Page 926: ... database summary for OSPF information Switch show ip ospf database Router Link States Area 0 0 0 0 Link ID ADV Router Age Seq CkSum Link count 10 47 65 160 10 47 65 160 1765 0x8000000e 0x107f 6 Net Link States Area 0 0 0 0 Link ID ADV Router Age Seq CkSum 47 65 49 111 47 65 49 111 1819 0x80000001 0x33da Summary Link States Area 0 0 0 0 Link ID ADV Router Age Seq CkSum Route 2 1 1 0 10 47 65 160 5...

Page 927: ...router This command is used to display all of the LSAs generated by the advertising router show ip ospf vrf VRF NAME database adv router IP ADDRESS Parameters IP ADDRESS Specifies the advertising router as an IP address vrf VRF NAME Optional Specifies the IPv4 OSPF VRF process Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this comma...

Page 928: ...pf database asbr summary This command is used to display information about the Autonomous System Boundary Router ASBR summary LSAs show ip ospf vrf VRF NAME database asbr summary LINK STATE ID self originate adv router IP ADDRESS Parameters vrf VRF NAME Optional Specifies the IPv4 OSPF VRF process LINK STATE ID Specifies the link state ID as an IP address self originate Specifies the self originat...

Page 929: ... States Area 0 0 0 1 LS age 927 Options 0x2 E LS Type ASBR summary LSA Link State ID 10 47 65 183 AS Boundary Router address Advertising Router 10 47 65 160 LS Seq Number 80000001 Checksum 0x53ba Length 28 Network Mask 0 TOS 0 Metric 1 Total Entries 2 Switch 75 30 show ip ospf database external This command is used to display information about the external LSAs show ip ospf vrf VRF NAME database e...

Page 930: ...Boundary Router ASBR external LSAs Switch show ip ospf database external AS External Link States LS age 1056 Options 0x2 E LS Type AS external LSA Link State ID 1 0 0 0 External Network Number Advertising Router 10 47 65 160 LS Seq Number 80000001 Checksum 0x17e4 Length 36 Network Mask 24 Metric Type 2 Larger than any link state path TOS 0 Metric 20 Forward Address 47 65 52 2 External Route Tag 0 ...

Page 931: ...ion about the network LSAs Example This example shows how to display information about the network LSAs Switch show ip ospf database network Net Link States Area 0 0 0 0 LS age 1034 Options 0x0 LS Type network LSA Link State ID 47 65 49 111 address of Designated Router Advertising Router 47 65 49 111 LS Seq Number 80000001 Checksum 0x33da Length 32 Network Mask 24 Attached Router 47 65 49 111 Atta...

Page 932: ...play all the LSAs of the specified router IP ADDRESS Specifies the advertise router IP address Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display information about the NSSA external LSAs Example This example shows how to display information about the NSSA external LSAs Switch show ip ospf database nssa external OS...

Page 933: ...deline Use this command to display LSAs generated by the local router Example This example shows how to display LSAs generated by the local router Switch show ip ospf database self originate Router Link States Area 0 0 0 0 LS age 796 Options 0x2 E Flags 0x2 ASBR LS Type router LSA Link State ID 10 64 84 203 Advertising Router 10 64 84 203 LS Seq Number 800000f1 Checksum 0x57c1 Length 84 Number of ...

Page 934: ... 3 Link Data Router Interface address 192 0 22 2 Number of TOS metrics 0 TOS 0 Metric 1 Total Entries 1 Switch 75 34 show ip ospf database router This command is used to display information about the router LSAs show ip ospf vrf VRF NAME database router LINK STATE ID self originate adv router IP ADDRESS Parameters vrf VRF NAME Optional Specifies the IPv4 OSPF VRF process LINK STATE ID Specifies th...

Page 935: ...47 65 181 Link Data Router Interface address 47 65 51 1 Number of TOS metrics 0 TOS 0 Metric 1 Link connected to a Virtual Link Link ID Neighboring Router ID 10 47 65 182 Link Data Router Interface address 47 65 52 1 Number of TOS metrics 0 TOS 0 Metric 1 Link connected to a Virtual Link Link ID Neighboring Router ID 10 47 65 183 Link Data Router Interface address 47 65 53 1 Number of TOS metrics ...

Page 936: ...nd is used to display information about the summary LSAs show ip ospf vrf VRF NAME database summary LINK STATE ID self originate adv router IP ADDRESS Parameters vrf VRF NAME Optional Specifies the IPv4 OSPF VRF process LINK STATE ID Specifies the link state ID as an IP address self originate Specifies the self originated link states adv router Specifies to display all the LSAs of the specified ro...

Page 937: ...m 0xd863 Length 28 Network Mask 24 TOS 0 Metric 1 Total Entries 2 Switch 75 36 show ip ospf database stub This command is used to display information about the LSAs in the stub and NSSA areas show ip ospf vrf VRF NAME database stub LINK STATE ID self originate adv router IP ADDRESS Parameters vrf VRF NAME Optional Specifies the IPv4 OSPF VRF process LINK STATE ID Specifies the link state ID as an ...

Page 938: ...rtual Link Link ID Neighboring Router ID 10 47 65 160 Link Data Router Interface address 47 65 51 2 Number of TOS metrics 0 TOS 0 Metric 1 Link connected to a Virtual Link Link ID Neighboring Router ID 10 47 65 184 Link Data Router Interface address 47 65 84 2 Number of TOS metrics 0 TOS 0 Metric 10 Net Link States Area 1 1 1 1 LS age 1034 Options 0x0 LS Type network LSA Link State ID 47 65 49 111...

Page 939: ...to display interface information for OSPF If the no interface type or number is specified OSPF information of all interfaces will be displayed Example This example shows how to display interface information for OSPF Switch show ip ospf interface vlan10 is up line protocol is up Internet Address 1 0 0 1 8 Area 0 0 0 0 Router ID 222 200 23 1 Network Type POINT_TO_POINT Cost 1 Transmit Delay is 1 sec...

Page 940: ...terface ID to display NEIGHBOR ID Optional Specifies the Neighbor ID detail Optional Specifies to display detailed information of neighbors vrf VRF NAME Optional Specifies the IPv4 OSPF VRF process Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display information of OSPF neighbors If no interface type or number is sp...

Page 941: ...uence Number is 0 Neighbor 110 1 1 1 interface address 10 90 90 90 In the area 0 0 0 0 via interface vlan1 Neighbor priority is 1 State is Exchange 4 state changes DR is 10 10 9 2 BDR is 10 90 90 90 Options is 0x02 E Dead timer due in 00 00 35 Neighbor is up for 00 00 27 Crypt Sequence Number is 0 Neighbor 32 44 67 200 interface address 21 44 67 200 In the area 0 0 0 1 via interface vlan2 Neighbor...

Page 942: ... Example This example shows how to display virtual link information Switch show ip ospf virtual links Virtual Link to router 10 90 90 90 is up Transit area 0 0 0 3 via interface vlan40 Local address 4 0 0 1 Remote address 4 0 0 2 Transmit Delay is 1 sec State Point To Point Timer intervals configured Hello 10 Dead 40 Retransmit 5 Adjacency state Full Current Authentication Type md5 Authentication ...

Page 943: ...spf neighbor This command is used to turn on the OSPF neighbor state debug switch Use the no form of the command to turn off the OSPF neighbor state debug switch debug ip ospf neighbor no debug ip ospf neighbor Parameters None Default By default the OSPF neighbor state debug switch is turned off Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command to tu...

Page 944: ... Level Level 15 Usage Guideline Use this command to turn on or turn off the OSPF interface state debug switch When the OSPF interface state changes or some events happen to change the interface state debug information will print When DR selection happens debug information will also print if the OSPF debug function is turned on Example This example shows how to turn on the OSPF interface state debu...

Page 945: ...LSA id 100 1 1 2 for area 0 0 0 0 seq 80000001 tic 10 75 44 debug ip ospf lsa flooding This command is used to turn on the OSPF LSA flooding debug switch Use the no form of the command to turn off the OSPF LSA flooding debug switch debug ip ospf lsa flooding no debug ip ospf lsa flooding Parameters None Default By default the OSPF LSA flooding debug switch is turned off Command Mode Privileged EXE...

Page 946: ... Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command to turn on or turn off the OSPF packet receiving debug switch When one OSPF protocol packet is received the debug information will print if the OSPF debug function is turned on Example This example shows how to turn on the OSPF packet receiving debug switch Switch debug ip ospf packet receiving Switch Received a ...

Page 947: ...llo on interface 10 1 1 1 dst 255 0 0 5 tic 200 Send out a Hello on interface 100 1 1 1 dst 255 0 0 5 tic 220 75 47 debug ip ospf spf This command is used to turn on the OSPF SPF calculation debug switch Use the no form of the command to turn off the OSPF SPF calculation debug switch debug ip ospf spf no debug ip ospf spf Parameters None Default By default the OSPF SPF calculation switch is turned...

Page 948: ...fault Level Level 15 Usage Guideline Use this command to turn on or turn off the OSPF timer debug switch When the event related to the OSPF timer happens the debug information will print if the OSPF debug function is turned on Example This example shows how to turn on the OSPF timer debug switch Switch debug ip ospf timer Switch Start Hello timer at interface System tic 20 Wait timer expired at in...

Page 949: ...a 1 1 1 1 vnbr 3 3 3 3 tic 260 75 50 debug ip ospf route This command is used to turn on the OSPF route debug switch Use the no form of the command to turn off the OSPF route debug switch debug ip ospf route no debug ip ospf route Parameters None Default By default the OSPF route switch is turned off Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command ...

Page 950: ...ibution debug switch When one route of other protocol is redistributed into OSPF or not redistributed into OSPF any more the debug information will print if the OSPF debug function is turned on Example This example shows how to turn on the OSPF redistribution debug switch Switch debug ip ospf redistribution Switch Import AS external route from src 5 net 192 1 1 1 mask 255 255 255 0 type 2 cost 50 ...

Page 951: ... shows how to displays all OSPF statistic counters Switch debug ip ospf show counter OSPF Debug Statistic Counters Packet Receiving Total 5 Hello 5 DD 0 LSR 0 LSU 0 LSAck 0 Drop 0 Auth Fail 0 Packet Sending Total 5 Hello 5 DD 0 LSR 0 LSU 0 LSAck 0 Neighbor State Change 3 SeqMismatch 0 SPF Calculation Intra 1 Inter 1 Extern 1 Switch 75 53 debug ip ospf clear counter This command is used to reset OS...

Page 952: ...pf show database This command is used to view detailed information about the OSPF LSDB debug ip ospf show database rt link net link summary link external link type7 link vrf VRF NAME Parameters rt link Specifies to display detailed information of Router LSAs net link Specifies to display detailed information of Network LSAs summary link Specifies to display detailed information of Summary LSAs ext...

Page 953: ..._LSA 0 DC Not Support Handling Of Demand Circuits 0 O O Bit Isn t Set 0 7 Bit Isn t Set LS Sequence Number 0x80000001 Length 36 Flags 0x0 0 B NO Area Border Router 0 E NO AS Boundary Router 0 V NO Virtual Link Endpoint Number Of Links 1 Type Stub ID 10 1 1 0 Data 255 255 255 0 Metric 1 Internal Field Del_flag 0x0 I_ref_count 0 Seq 0x80000001 Csum 0x4d28 Rxtime 0 Txtime 0 Orgage 0 Current Time 10 S...

Page 954: ...134 0 RTID 90 2 0 1 LSID 192 194 135 0 RTID 90 2 0 1 LSID 192 194 136 0 RTID 90 2 0 1 LSID 192 194 137 0 RTID 90 2 0 1 LSID 192 194 138 0 RTID 90 2 0 1 Switch 75 56 debug ip ospf show redistribution This command is used to display the current internal OSPF redistribution list debug ip ospf show redistribution vrf VRF NAME Parameters vrf VRF NAME Optional Specifies the name of the VPN routing and f...

Page 955: ...o display the current internal OSPF summary list debug ip ospf show summary list vrf VRF NAME Parameters vrf VRF NAME Optional Specifies the name of the VPN routing and forwarding VRF instance This name can be up to 12 characters long Default None Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command to check the information about the route to be aggrega...

Page 956: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 951 Circuit 2 2 2 1 Circuit 10 1 1 6 Switch ...

Page 957: ...ode Command Default Level Level 12 Usage Guideline This command is used only on an ABR attached to a stub area In all routers and access servers attached to the stub area the area should be configured as a stub area using the area stub command Use the area default cost command only on an ABR attached to the stub area The area default cost command provides the metric for the summary default route g...

Page 958: ...evel Level 12 Usage Guideline This command is used only with ABRs It is used to consolidate or summarize routes for an area The result is that a single summary route is advertised to other areas by the ABR Routing information is condensed at area boundaries External to the area a single route is advertised for each address range Example This example shows how to configure one summary route to be a...

Page 959: ...the area stub no summary command Example This example shows how to configure the router as a stub that advertises connected and summary routes Switch configure terminal Switch config ipv6 router ospf 1000 Switch config rtr router id 20 0 1 10 Switch config rtr area 1 1 1 1 stub Switch config rtr 76 4 area virtual link This command is used to define an IPv6 OSPF virtual link To remove a virtual lin...

Page 960: ...pairs the connection You can configure virtual links between any two backbone routers that have an interface to a common non backbone area The protocol treats these two routers joined by a virtual link as if they were connected by an un numbered point to point network To configure virtual link include both the transit area ID and the corresponding virtual link neighbor s router ID in the virtual l...

Page 961: ...nd Default Level Level 12 Usage Guideline This command is used to control the reference value IPv6 OSPF uses when calculating metrics for interfaces Example This example shows how to set the auto cost reference bandwidth to 1000 Mbps Switch configure terminal Switch config ipv6 router ospf 1000 Switch config rtr auto cost reference bandwidth 1000 Switch config rtr 76 6 clear ipv6 ospf process This...

Page 962: ...ric Parameters METRIC VALUE Specifies the default metric value This value must be between 1 and 16777214 Default The default metric value is 20 Command Mode Router Configuration Mode Command Default Level Level 12 Usage Guideline The default metric command is used in conjunction with the redistribute router configuration command to cause the current routing protocol to use the same metric value fo...

Page 963: ... Configuration Mode Command Default Level Level 12 Usage Guideline Use the distance ospf command to set the administrative distance for specific OSPF routes The distance ospf command acts as the distance command which determines which routes will be installed in routing table Numerically an administrative distance is an integer from 0 to 255 In general the higher the value is the lower the rating ...

Page 964: ... interface is an IPv6 interface The created area is a normal area initially and can be changed to another type of area by using the area stub command On the same interface only one area can be configured for the same OSPF process The instance ID is a value representing a specific instance The instance ID must the same as the neighbor router in order to establish the neighbor session Example This e...

Page 965: ...al Switch config interface vlan1 Switch config if ipv6 ospf cost 65 Switch config if 76 11 ipv6 ospf dead interval This command is used to set the time period for which hello packets must not be seen before neighbors declare the router down To return to the default time use the no form of this command ipv6 ospf dead interval SECONDS no ipv6 ospf dead interval Parameters SECONDS Specifies the inter...

Page 966: ...valid setting is 1 65535 Default The default interval is 10 seconds Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This value is advertised in the hello packets The shorter the hello interval the earlier topological changes will be detected but more routing traffic will ensue This value must be the same for all routers and access servers on a specific netw...

Page 967: ...re eligible to become the designated or backup designated router Configure router priority for multi access networks not point to point only Example This example shows how to set the router priority value to 4 Switch configure terminal Switch config interface vlan1 Switch config if ipv6 ospf priority 4 Switch config if 76 14 ipv6 ospf retransmit interval This command is used to specify the time be...

Page 968: ...t on the interface To return to the default value use the no form of this command ipv6 ospf transmit delay SECONDS no ipv6 ospf transmit delay Parameters SECONDS Specifies the interval the router waits for before it transmits a packet The valid setting is 1 65535 Default The default interval is 1 seconds Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline LSUs ...

Page 969: ...e range of value is from 1 to 65535 Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to enter the OSPF for IPv6 router configuration mode From this mode you can configure other settings of IPv6 OSPF Example This example shows how to enable the router configuration mode of IPv6 OSPF The process ID is 1 Switch configure terminal Swit...

Page 970: ...e no form of the command to restore it to the default passive interface default INTERFACE ID no passive interface default INTERFACE ID Parameters INTERFACE ID Specifies the interface as passive interface default Optional Specifies all the interfaces as passive interfaces Default None Command Mode Router Configuration Mode Command Default Level Level 12 Usage Guideline If an interface is passive th...

Page 971: ...onfiguration Mode Command Default Level Level 12 Usage Guideline A router receiving a link state protocol with an internal metric will consider the cost of the route from itself to the redistributing router plus the advertised cost to reach the destination An external metric only considers the advertised metric to reach the destination Whenever you use the redistribute or the default information r...

Page 972: ...assigned to each router running OSPF This number uniquely identifies the router within an Autonomous System Each router has a unique router ID among IPv6 OSPF processes Example This example shows how to specify a fixed router ID Switch configure terminal Switch config ipv6 router ospf 1 Switch config rtr router id 10 1 1 1 Switch config rtr 76 21 show ipv6 ospf This command is used to display gene...

Page 973: ...E active Number of interfaces in this area is 7 active interface number is 7 Number of fully adjacent virtual neighbors through this area is 0 SPF algorithm executed 15 times Number of LSA 44 Checksum Sum 0x15c2dc Number of Unknown LSA 0 Area ranges are Area 0 0 0 1 active Number of interfaces in this area is 1 active interface number is 1 Number of fully adjacent virtual neighbors through this ar...

Page 974: ...eter for an IPv6 OSPF routing process It is locally assigned and can be any positive integer A unique value is assigned for each IPv6 OSPF routing process Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the ABRs and ASBRs information Example This example shows how to display the ABRs and ASBRs for the IPv6 OSPF...

Page 975: ...onal Specifies to display information only about the network LSAs prefix Optional Specifies to display information on the intra area prefix LSAs router Optional Specifies to display information only about the router LSAs self originate Optional Specifies to display only self originated LSAs from the local router AREA ID Optional Specifies to display all the LSAs of the specified area It can be spe...

Page 976: ...80000002 0xd73f 3ffe 4 64 10 76 37 30 374 0x80000002 0x7e20 3ffe 4 30 128 10 76 37 30 352 0x80000003 0xa570 3ffe 2 64 10 76 37 30 352 0x80000003 0x0fad 3ffe 2 10 128 Inter Area Router LSA Area 0 0 0 0 BACKBONE ADV Router Age Seq CkSum Dest RtrID 10 76 37 3 366 0x80000001 0x26dd 10 76 37 30 Intra Area Prefix LSA Area 0 0 0 0 BACKBONE ADV Router Age Seq CkSum Ref LsType Ref LSID Prefix 10 76 37 3 34...

Page 977: ...kSum Prefix 10 76 37 30 395 0x80000002 0x920e 3ffe 4 30 128 10 76 37 30 395 0x80000002 0xd73f 3ffe 4 64 10 76 37 30 352 0x80000003 0xaf67 3ffe 2 64 10 76 37 30 352 0x80000003 0x19a4 3ffe 2 10 128 10 76 37 30 347 0x80000002 0xcb41 3ffe 1 64 Intra Area Prefix LSA Area 0 0 0 3 ADV Router Age Seq CkSum Ref LsType Ref LSID Prefix 10 76 37 30 359 0x80000003 0xda73 Router LSA 0 0 0 0 3ffe 3 64 Switch Thi...

Page 978: ...ted to a Virtual Link Metric 1 Interface ID 2147483649 Neighbor Interface ID 2147483809 Neighbor Router ID 10 47 65 180 Link connected to a Virtual Link Metric 10 Interface ID 2147483650 Neighbor Interface ID 2147483650 Neighbor Router ID 10 47 65 183 Total Entries 2 Switch This example shows how to display the network LSAs information Switch show ipv6 ospf database network OSPFv3 Router with ID 4...

Page 979: ...efix Options 0 Total Entries 1 Switch This example shows how to display information about inter area router LSAs Switch show ipv6 ospf database inter area router OSPFv3 Router with ID 10 47 65 180 Process 1 Inter Area Router LSA Area 0 0 0 0 BACKBONE LS age 162 LS Type Inter Area Router LSA Link State ID 0 0 0 1 Advertising Router 10 47 65 180 LS Seq Number 0x80000003 Checksum 0x3889 Length 32 Opt...

Page 980: ...metric Metric 16000000 Prefix 1151 32 Prefix Options 0 LS age 279 LS Type AS External LSA Link State ID 0 0 0 2 Advertising Router 10 47 65 180 LS Seq Number 0x80000003 Checksum 0xD96D Length 32 Metric Type 1 Comparable directly to link state metric Metric 16000000 Prefix 1154 32 Prefix Options 0 LS age 279 LS Type AS External LSA Link State ID 0 0 0 3 Advertising Router 10 47 65 180 LS Seq Number...

Page 981: ...n about intra area prefix LSAs Switch show ipv6 ospf database prefix OSPFv3 Router with ID 10 47 65 180 Process 1 Intra Area Prefix LSA Area 0 0 0 1 LS age 326 LS Type Intra Area Prefix LSA Link State ID 0 0 0 2 Advertising Router 10 47 65 180 LS Seq Number 0x8000000B Checksum 0x9814 Length 52 Referenced LS Type 0x2001 Referenced Link State ID 0 0 0 0 Referenced Advertising Router 10 47 65 180 Num...

Page 982: ...hecksum 0x915D Length 56 Flags 0x03 E B Options 0x000013 R E V6 Number of Links 2 Link connected to a Virtual Link Metric 1 Interface ID 2147483649 Neighbor Interface ID 2147483809 Neighbor Router ID 10 47 65 180 Link connected to a Virtual Link Metric 10 Interface ID 2147483650 Neighbor Interface ID 2147483650 Neighbor Router ID 10 47 65 183 Total Entries 1 Switch This example shows how to displa...

Page 983: ...mation show ipv6 ospf interface INTERFACE ID Parameters INTERFACE ID Optional Specifies the interface ID to display the OSPF information If no interface ID is specified the OSPF information on all interfaces will be displayed Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Both of these keywords can be appended to all other keywords used ...

Page 984: ...ighbor INTERFACE ID NEIGHBOR ID detail Parameters PROCESS ID Optional Specifies the internally used identification parameter for an IPv6 OSPF routing process It is locally assigned and can be any positive integer A unique value is assigned for each IPv6 OSPF routing process INTERFACE ID Optional Specifies the interface ID to display the neighbor information NEIGHBOR ID Optional Specifies the Neigh...

Page 985: ... is 36 0 0 0 Options is 0x000013 R E V6 Total Entries 3 Switch 76 26 show ipv6 ospf virtual links This command is used to display parameters and the current state of OSPF virtual links show ipv6 ospf PROCESS ID virtual links Parameters PROCESS ID Optional Specifies the internally used identification parameter for an IPv6 OSPF routing process It is locally assigned and can be any positive integer A...

Page 986: ...ter 10 90 90 90 is up Transit area 0 0 0 3 via interface vlan40 instance ID 0 Local Peer Address FD80 2A10 7BFF FE7D D963 128 Remote Peer Address 4000 A 128 Transmit Delay is 1 sec State Point To Point Timer intervals configured Hello 10 Dead 40 Retransmit 5 Adjacency state Full Total Entries 1 Switch ...

Page 987: ...ip address command all of the matching criteria in the access list will be checked The packet that matches that permit statement will be acted on based on the route map The packet that is denied by the access list will be routed based on the routing table Use the following set of commands to define the action to take for policy based routing set ip precedence set ip next hop set ip default next ho...

Page 988: ...ameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use the command to display the policy based routing information configured on interfaces Example This example shows how to display policy based information configured on interfaces Switch show ip policy Interface Route map vlan1 pbr map1 vlan2 pbr map2 vlan100 pbr map3 Switch ...

Page 989: ...eries of interfaces or separate a range of interfaces from a previous range No space is allowed before and after the comma Optional Specifies a range of interfaces No space is allowed before and after the hyphen vlan VLAN ID Specifies to delete the auto learned secured entry learned with the specified VLAN Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guidelin...

Page 990: ...No space is allowed before and after the hyphen Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display the current port security settings Example This example shows how to display the port security settings of interfaces Ethernet 1 0 1 to 1 0 3 Switch show port security interface ethernet 1 0 1 3 D Delete on Timeo...

Page 991: ...itchport port security This command is used to configure the port security settings to restrict the number of users that are allowed to gain access rights to a port Use the no form of this command to disable port security or to delete a secure MAC address switchport port security maximum VALUE violation protect restrict shutdown mode permanent delete on timeout mac address permanent MAC ADDRESS vl...

Page 992: ...on counts will be cleared and the auto permanent entries will be converted to corresponding dynamic entries As the port security state is changed to disabled the auto learned secured entries either dynamic or permanent with its violation counts are cleared As the related VLAN configuration is changed the auto learned dynamic secured entries are cleared Permanent secured entry will be kept in the r...

Page 993: ...from the insecure hosts at the port security process level and increment the security violation counter if a security violation is detected Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if switchport port security violation restrict Switch config if 78 5 switchport port security aging This command is used to configure the aging time for auto learned dynamic secure ...

Page 994: ...tch config if This example shows how to configure the port security aging time type for interface Ethernet 1 0 1 Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if switchport port security aging type inactivity Switch config if 78 6 port security limit This command is used to configure the maximum secure MAC address number on the system or on the specified VLAN Use t...

Page 995: ...Level Level 12 Usage Guideline Use this command to set the limit on the port security entry number which can be learned on a system or on VLANs Example This example shows how to configure the maximum secure MAC address number for the system Switch configure terminal Switch config port security limit global 100 Switch config ...

Page 996: ...LEDs used to illustrate port status are all turned off to save power Example This example shows how to disable the port LED function Switch configure terminal Switch config dim led Switch config 79 2 power saving This command is used to enable individual power saving functions Use the no form of the command to disable these functions power saving link detection length detection port shutdown dim l...

Page 997: ...ected cable length When dim LED is enabled the device will turn off all the port s LEDs in the specified time range to save power When port shutdown is enabled the device will shut off all ports in the specified time range to save power When Energy Efficient Ethernet EEE is enabled the device will activate EEE power saving for those EEE enabled ports When hibernation is enabled the device will ent...

Page 998: ...nfigure terminal Switch config interface ethernet 1 1 1 Switch config if power saving eee Switch config if 79 4 power saving dim led time range This command is used to configure the time range profile for the dim LED schedule Use the no form of the command to delete the specified time range profile power saving dim led time range PROFILE NAME no power saving dim led time range PROFILE NAME Paramet...

Page 999: ...e When the system enters the hibernation mode the switch will go into a low power state and idle It will shut down all the ports and LEDs all network function will be disabled and only the console connection will work via the RS232 port If the switch is an endpoint type Power Sourcing Equipment PSE the switch will not provide power to the port Example This example shows how to add a time range pro...

Page 1000: ...f 79 7 show power saving This command is used to display the power saving configuration information show power saving link detection length detection dim led port shutdown hibernation eee Parameters link detection Optional Specifies to display the link detection state length detection Optional Specifies to display the cable length detection state dim led Optional Specifies to display the dim LED s...

Page 1001: ...information Switch show power saving Function Version 3 00 Link Detection Power Saving State Disabled Length Detection Power Saving State Disabled Scheduled Hibernation Power Saving State Disabled Administrative Dim LED State Enabled Scheduled Dim LED Power Saving State Disabled Scheduled Port shutdown Power Saving State Disabled EEE_Enabled Ports Switch ...

Page 1002: ...ore and after the hyphen rx Specifies to clear the counter of received PFC frames tx Specifies to clear the counter of transmitted PFC frames both Specifies to clear the counter of received and transmitted PFC frames Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Use this command to clear the PFC counters of requests and indications on the specified i...

Page 1003: ...able the PFC pause characteristics on a class referenced in a type network QoS policy map Use the service policy interface configuration command to apply a type network QoS policy map If the PFC of all priorities is disabled on an interface the interface defaults to the IEEE 802 3x flow control setting When the PFC of any priority is enabled the interface will pause a CoS on which the PFC is enabl...

Page 1004: ... interface Switch show interfaces priority flow control Interface PFC Admin PFC On Oper PFC On Will Rx PFC Tx PFC Id Cap Priorities Priorities ing Frame s Frame s eth 1 0 1 8 0 1 2 3 4 5 6 7 0 1 3 4 5 On 4294967295 4294967295 eth 1 0 2 8 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 Off 4294967295 4294967295 eth 1 0 3 8 On 0 0 eth 1 0 4 8 Off 0 0 eth 1 0 5 8 Off 0 0 eth 1 0 5 8 Off 0 0 eth 1 0 7 8 Off 0 0 eth 1...

Page 1005: ... 0 0 Switch Display Parameters PFC Cap PFC Capability Specifies the device s limitation of how many traffic classes may simultaneously be supported by PFC Oper PFC On Priorities The CoS list that the operational PFC is on Empty means there is no CoS on which the operational PFC is on at the interface ...

Page 1006: ...er ports of the community VLAN at Layer 2 primary Specifies the VLAN as a primary VLAN in a private VLAN domain Default None Command Mode VLAN Configuration Mode Command Default Level Level 12 Usage Guideline A private VLAN domain is defined with one primary VLAN one isolated VLAN and multiple community VLANs Use this command first to specify the role of the private VLAN before they can be referen...

Page 1007: ...a series of VLAN or separate a range of VLAN from a previous range No space is allowed before and after the comma Optional Specifies a range of VLAN No space is allowed before and after the hyphen Default None Command Mode VLAN Configuration Mode Command Default Level Level 12 Usage Guideline Only one isolated VLAN can be associated with the primary VLAN Multiple community VLANs can be associated ...

Page 1008: ... Switch config spanning tree mst configuration Switch config mst instance 1 vlans 1 100 Switch config mst instance 2 vlans 101 200 Switch config mst private vlan synchronize Switch config mst 81 4 switchport mode private vlan This command is used to specify a port as a private VLAN port The port type can be a host port promiscuous port trunk promiscuous port or trunk secondary port Use the no comm...

Page 1009: ...ne the associated VLANs When an interface s mode is changed the setting associated with the previous mode will be lost Example This example shows how to configure physical ports as private VLAN ports Here we specify the interface Ethernet 1 0 1 as a private VLAN host port and specify the interface Ethernet 1 0 2 as a private VLAN promiscuous port Switch configure terminal Switch config interface e...

Page 1010: ...te vlan host association 1000 1001 Switch config if This example shows how to define the interface Ethernet 1 0 2 to trunk secondary mode and associate it with the primary VLAN 2000 and the secondary VLAN 2001 Switch configure terminal Switch config interface ethernet 1 0 2 Switch config if switchport mode private vlan trunk secondary Switch config if switchport private vlan host association trunk...

Page 1011: ...e shows how to configure interface Ethernet 1 0 2 as a private VLAN promiscuous port and to map it to a primary VLAN 1000 and secondary VLAN 1001 and VLAN 1002 Switch configure terminal Switch config interface ethernet 1 0 2 Switch config if switchport mode private vlan promiscuous Switch config if switchport private vlan mapping 1000 add 1001 1002 Switch config if This example shows how to config...

Page 1012: ...kets for the native VLAN and tagged packets for all other VLANs and the acceptable frame types of the port has to be set to admit all in order to function correctly Example This example shows how to configure interface Ethernet 1 0 2 as a native VLAN member port Switch configure terminal Switch config interface eth5 0 2 Switch config if switchport private vlan trunk native vlan 2 Switch config if ...

Page 1013: ...rt normal VLANs on trunk promiscuous ports or trunk secondary ports A packet received on a trunk promiscuous port could belong to the primary VLAN or to the normal VLAN depending on the incoming VLAN A packet received on a trunk secondary port could belong to the secondary VLAN or to the normal VLAN depending on the incoming VLAN Example This example shows how to configure the trunk secondary inte...

Page 1014: ...rt of each private VLAN Example This example shows how to display the private VLAN settings In this example there are two private VLAN domains configured Switch show vlan private vlan Primary VLAN Secondary VLAN Type Interface 1000 1001 isolated eth1 0 1 eth1 0 16 1002 community 1003 community 2000 2001 isolated eth1 0 2 eth1 0 3 2000 2002 community eth1 0 2 eth1 0 3 2000 2003 community eth1 0 4 e...

Page 1015: ...ult Level Level 12 Usage Guideline Before the PIM function is enabled on an interface enable IPv6 multicast routing by issuing the command ipv6 multicast routing in the global configuration mode Example This example shows how to enable the IPv6 PIM SM on a specified interface Switch configure terminal Switch config interface vlan1 Switch config if ipv6 pim sparse mode Switch config if 82 2 ipv6 pi...

Page 1016: ...r INTERFACE ID HASH MASK LENGTH priority PRIORITY VALUE no ipv6 pim bsr candidate bsr Parameters INTERFACE ID Specifies the interface whose IPv6 address will be announced as the bootstrap router address HASH MASK LENGTH Specifies to configure the hash mask length for RP selection The range is from 0 to 128 The mask 128 bits maximum that is to be logically AND with the group address before the hash...

Page 1017: ...pim bsr candidate rp INTERFACE ID group list ACCESS LIST priority PRIORITY VALUE interval SECONDS no ipv6 pim bsr candidate rp INTERFACE ID Parameters INTERFACE ID Specifies the interface whose IPv6 address will be advertised as the candidate RP C RP group list ACCESS LIST Optional Specifies the name of the IPv6 access list that defines the group prefixes that are advertised in association with th...

Page 1018: ...alue is 1 Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is only valid for the VLAN interface This command only takes effective when the interface is PIM SM mode enabled When a DR is a candidate for election the following conditions apply The router with the highest priority value configured on an interface will be elected as the DR If multipl...

Page 1019: ...the hello message Routers configured for IP multicast send PIM hello messages to detect PIM routers For SM hello messages are also used to determine which router will be elected as the designated router for each LAN segment Example This example shows how to configure the PIM hello interval to 45 seconds Switch configure terminal Switch config interface vlan1 Switch config if ipv6 pim hello interva...

Page 1020: ...uter will start a timer based on this hold time and prune the interface if no join message is received on this interface Example This example shows how to configure the PIM Join Prune timer to 120 seconds on interface VLAN 1 Switch configure terminal Switch config interface vlan1 Switch config if ipv6 pim join prune interval 120 Switch config if 82 8 ipv6 pim passive This command is used to specif...

Page 1021: ...epkt Parameters None Default By default this option is disabled By default the register checksum methodology is PIM RFC compliant excluding the data portion in the Register message Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command only affects PIM SM operation If this command is specified then the setting will be applied to all RP addresses Example ...

Page 1022: ... config 82 11 ipv6 pim register suppression This command is used to configure the register suppression time Use the no form of the command to revert to the default setting ipv6 pim register suppression SECONDS no ipv6 pim register suppression Parameters SECONDS Specifies the register suppression timeout value in seconds The range is from 3 to 65535 Default By default this value is 60 seconds Comma...

Page 1023: ...ect when the interface is PIM SM enabled Embedded RP defines an address allocation policy in which the address of the RP is encoded in an IPv6 multicast group address This allows an easy deployment of scalable inter domain multicast and simplifies the intra domain multicast configuration as well IPv6 Multicast group addresses embedded with RP information start with ff70 12 where the flag value of ...

Page 1024: ...multicast group to RP mapping The first hop router that initiates a register message will use the mapping entries to determine the RP for sending the PIM register message destined for a specific group The last hop router that initiates a join message uses the mapping entries to determine the RP for sending the join and prune message for a specific group When a router receives a join message it wil...

Page 1025: ...finity parameter enables all sources for the specified groups to use the shared tree Using the 0 parameter to join the SPT immediately after the first packet arrives from a new source Example This example shows how to configure the PIM last hop router to stay on the shared Switch configure terminal Switch config ipv6 pim spt threshold infinity Switch config 82 15 ipv6 pim ssm This command is used ...

Page 1026: ...ystems will receive this traffic by becoming members of the S G channel Signaling is not required but receivers must subscribe or unsubscribe to S G channels to receive or not receive traffic from specific sources That is MLD version 2 is required for SSM to operate In order to achieve the full benefit of SSM all routers in a domain should have a consistent configuration about SSM group address ra...

Page 1027: ...6 pim sg keepalive time 300 Switch config 82 17 show ipv6 pim This command is used to display the PIM global information show ipv6 pim sparse mode Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the global information of PIM Example This example shows how to display PIM global information Switch...

Page 1028: ...ay the candidate rendezvous point C RP cache learned from unicast C RP announcements on the elected BSR Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display details of the BSR election state machine C RP advertisement state machine and the C RP cache Information on the C RP state machine is displayed only on a route...

Page 1029: ...p PIMv2 C RP information Candidate RP 3ffe 1000 10 5 100 vlan10 Priority 192 Holdtime 150 Advertisement interval 60 seconds Next advertisement in 0DT00H00M54S Switch Display Parameters This system is the Bootstrap Router BSR Indicates this router is the BSR and provides information on the parameters associated with it BS Timer On the elected BSR the BS timer shows the time in which the next BSM wi...

Page 1030: ...ppings will be displayed Specify the group address range or learned source to filter the group mappings Example This example shows how to display the RP mapping of group FF04 10 Switch show ipv6 pim group map ff04 10 128 FF04 10 128 RP 3ffe 10 10 5 153 Info source 3ffe 10 10 5 153 via bootstrap Switch This example shows how to display the RP mappings learned from a specific source enabled by stati...

Page 1031: ...he designated router DR on the interface If no interface is specified the IPv6 PIM information on for all applicable interfaces will be shown Example This example shows how to display how to display the information of the PIM sparse mode interface Switch show ipv6 pim interface sparse mode PIM6 SM Interface Table Interface Mode Nbr DR Hello J P BSR Count Priority Interval Interval Border vlan1 Spa...

Page 1032: ...mber of PIM neighbors that have been learnt on the interface DR Priority The DR priority that is configured on the interface Hello Interval The hello interval value that is configured on the interface J P Interval The Join Prune interval value that is configured on the interface BSR Border The BSR Border state whether is enabled or disabled Address The Link Local IPv6 address of the interface Glob...

Page 1033: ...est path to that destination group found in the unicast routing table through Reverse Path Forwarding RPF Example This example shows how to display the PIM SM multicast routing table Switch show ipv6 pim mroute sparse mode PIM SM Multicast Routing Table JP State Join Prune State ET Expiry Timer PPT Prune Pending Timer KAT Keep Alive Timer Flags S Sparse T SPT bit set ff13 10 Uptime 0DT00H04M43S Fl...

Page 1034: ...outer next sends a periodic Join message Downstream Interface List The downstream interface s protocol state information vlan11 The interface name of the downstream interface JP State The state resulting from G or S G Join Prune messages received on this interface PPT The Prune Pending Timer The remaining time that allows other router to override the join or prune ET The Expiry Timer The remaining...

Page 1035: ...outers on the LAN are configured for PIMv6 Example This example shows how to display the sparse mode neighbor information Switch show ipv6 pim neighbor sparse mode Mode B Bidir Capable DR Designated Router N Default DR Priority G Supports Generation ID Neighbor Address Interface Uptime Expires Ver DR Pri Mode fe80 a01 2ff fe39 1 vlan1 0DT00H55M33S 0DT00H01M32S v2 1 G fe80 a01 2ff fe39 2 vlan2 0DT0...

Page 1036: ...s N to indicate that the neighbor does not support the DR Priority option in the Hello message otherwise the DR priority value will be displayed The meaning of indicating codes for Mode are as follows DR Indicates that the neighbor is the Designated Router B The neighbor is capable of PIM in the bidirectional mode G The neighbor supports a Generation ID which reduces the re convergence times after...

Page 1037: ...itially multicast data stream are flooded to all downstream routers and the interfaces that have group members If there are no downstream routers or group members the router will send prune message to indicate that the multicast data stream is not desired Sparse Mode When multicast traffic is received on a sparse mode interface the first hop router will encapsulate and send the register message to...

Page 1038: ...nterface that border with another domain to avoid the exchange of BSR messages across two domains Example This example shows how to configure VLAN 100 as a BSR border interface Switch configure terminal Switch config interface vlan100 Switch config if ip pim bsr border Switch config if 83 3 ip pim bsr candidate This command is used to configure the router to announce itself as the Candidate Bootst...

Page 1039: ...ges to announce the IP address of the designated interface as the CBSR address The hash mask is used by all routers within a domain to map a group to one of the Rendezvous Points RP from the matching set of group range to RP maps this set all have the same longest mask length and same highest priority The algorithm takes as an input the group address and the addresses of the candidate RPs from the...

Page 1040: ... if ip pim dr priority 200 Switch config if 83 5 ip pim jp timer This command is used to configure the Join Prune interval value Use the no form of the command to restore the default setting ip pim jp timer SECONDS no ip pim jp timer Parameters SECONDS Specifies the interval between Join Prune messages The range is from 1 to 18000 Default By default this value is 60 seconds Command Mode Interface ...

Page 1041: ...fault Level Level 12 Usage Guideline This command only takes effect when the interface is PIM enabled When the passive mode is enabled the interface will neither send PIM messages out nor accept PIM messages from this interface The router will act as if it is the only PIM router on the network Use this command only when there is only one PIM router on the LAN Example This example shows how to conf...

Page 1042: ...od for the interval the unresponsive neighbor can be discovered faster and thus the failover and recovery will become more efficient Example This example shows how to configure the PIM hello interval to 45 seconds Switch configure terminal Switch config interface vlan 1 Switch config if ip pim query interval 45 Switch config if 83 8 ip pim register checksum wholepkt This command is used to enable ...

Page 1043: ... rp_filter Switch config 83 9 ip pim register probe This command is used to configure the register probe time Use the no form of the command to revert to the default setting ip pim register probe SECONDS no ip pim register probe Parameters SECONDS Specifies the register probe time value in seconds The range is from 1 to 127 Default By default this value is 5 seconds Command Mode Global Configurati...

Page 1044: ...hop router The value of the register probe time must be less than half the value of the register suppression time to prevent a possible negative value in the setting of the register stop timer The minimal value for the register suppression time is 3 Example This example shows how to configure the register suppression time to 30 seconds Switch configure terminal Switch config ip pim register suppre...

Page 1045: ...ticast group 225 2 2 2 only Switch configure terminal Switch config ip access list PIM Control Switch config ip acl permit any host 225 2 2 2 Switch config ip acl exit Switch config ip pim rp address 10 90 90 90 group list PIM Control Switch config 83 12 ip pim rp candidate This command is used to configure the router as an RP candidate Use the no form of this command to remove the router as candi...

Page 1046: ...tified by interface VLAN 1 Switch configure terminal Switch config ip access list PIM Control Switch config ip acl permit any 239 0 0 0 0 0 0 255 Switch config ip acl exit Switch config ip pim rp candidate vlan1 group list PIM Control Switch config 83 13 ip pim rp register kat This command is used to configure the keep alive time of S G on the RP when receiving a register message To restore the de...

Page 1047: ... Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command on the last hop of the router In the PIM SM mode initially the multicast traffic from the source will be flowing along the RPT share tree to the receiver After the first packet arrives at the last hop router for each group of traffic it can operate in one of the following two modes With the mode infinity the...

Page 1048: ...ommand on the last hop of the router only When SSM is enabled the last hop router will initiate to establish a source based tree for the channel S G on receiving a IGMPv3 include S G request that falls in the SSM range from the attached hosts Example This example shows how to configure an IP standard access list and specifies the defined group address as the SSM range Switch configure terminal Swi...

Page 1049: ...Infinity RP Address 90 1 1 1 group list static rp RP Candidate priority 192 interval 60 seconds wildcard prefix cnt 0 vlan100 group list rp cand BSR Candidate vlan100 hash mask length 30 priority 1 interval 60 seconds SSM group Movies Switch 83 17 show ip pim bsr router This command is used to display bootstrap router BSR information show ip pim bsr router Parameters None Default None Command Mode...

Page 1050: ...Mv2 Bootstrap information BSR address 192 168 53 113 BSR Priority 255 Hash mask length 30 Next bootstrap message in 0DT00H02M04S Candidate RP 192 168 38 111 loopback2 Group ACL d235 1 3 4 24 Next Cand_RP_advertisement in 0DT00H00M41S Switch 83 18 show ip pim interface This command is used to display the interface information show ip pim interface dense mode sparse mode sparse dense mode INTERFACE ...

Page 1051: ...Address Interface Mode Nbr DR DR Generation Cnt Priority ID 90 1 1 1 vlan100 SM p 0 1 90 1 1 1 1645d8a00 30 1 1 1 vlan200 DM 1 0 0 0 0 0 3a5f93 12 1 1 1 vlan300 SM DM 1 0 0 0 0 0 37c693 Total Entries 3 Switch This example shows how to display interface information in detail Switch show ip pim interface detail vlan100 Address 90 1 1 1 PIM Enabled Mode Sparse Neighbor Count 1 DR 90 1 1 1 DR Priority...

Page 1052: ...tion If the interface ID is not configured information on all interfaces will be displayed Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to determine which routers on the LAN are configured for PIM Example This example shows how to display the PIM neighbor information on all interfaces Switch show ip pim neighbor Mode D...

Page 1053: ...his command is used to display the RP mapping information viewed by the router Example This example shows how to display group to RP rendezvous point mappings and the RP set Switch show ip pim rp mapping Group s 224 0 0 0 4 RP 90 1 1 3 Info source 90 1 1 3 via bootstrap priority 0 Uptime 0DT16H52M39S expires 0DT00H02M50S Group s 225 0 0 0 8 RP 1 1 1 10 Info source static Switch Display Parameters ...

Page 1054: ...rp hash GROUP ADDRESS Parameters GROUP ADDRESS Specifies the group address to display the selected RP for the group Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays the RP selected for the specified group Example This example shows how to display the RP with the group address 238 10 10 10 Switch show ip pim rp hash 23...

Page 1055: ...AN Configuration Mode Command Default Level Level 12 Usage Guideline For a VLAN to operate with PIM snooping both the global state and per interface state must be enabled Example This example shows how to enable the PIM snooping global state Switch configure terminal Switch config ip pim snooping Switch config This example shows how to enable PIM snooping on a VLAN 1 Switch configure terminal Swit...

Page 1056: ...oping related statistics Switch clear ip pim snooping statistics all Switch 84 3 show ip pim snooping This command is used to display PIM snooping information on the switch show ip pim snooping vlan VLAN ID Parameters vlan VLAN ID Optional Specifies the VLAN to be displayed Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is u...

Page 1057: ...g neighbor vlan VLAN ID Parameters vlan VLAN ID Optional Specifies the VLAN to be displayed Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display PIM snooping neighbor information on the switch Example This example shows how to display PIM snooping neighbor information on the switch Switch show ip pim snooping ne...

Page 1058: ... shows how to display PIM snooping multicast routing information on the switch Switch show ip pim snooping mroute Timers PPT Prune Pending Timer ET Expiry Timer VLAN 1 226 1 1 1 Uptime Expire 0DT00H07M21S 0DT00H03M08S Downstream ports 1 0 23 Outgoing ports 1 0 23 Local Port 1 0 23 JPState Join Exp 0DT00H03M08S Upstream neighbor 36 90 90 100 learned on port Local PPT ET 0DT00H03M08S VLAN 1 226 1 1 ...

Page 1059: ...n Mode Command Default Level Level 1 Usage Guideline This command is used to display PIM snooping statistics information on the switch Example This example shows how to display PIM snooping statistics information on the switch Switch show ip pim snooping statistics VLAN ID 1 Received PIMv2 hello 41 Received PIMv2 join prune 18 Received PIM error 0 Received PIMv1 messages in total 0 Received PIMv2 ...

Page 1060: ...onfiguration Mode Command Default Level Level 12 Usage Guideline Use this command to configure the distance is an integer from 1 to 255 representing the trust rating of the route The route with a lower distance value is preferred over the route with a higher distance value A route with the distance 255 will not be installed for routing of packets since it indicates that the route is not trusted If...

Page 1061: ...nterface ID is not specified the distribute list is applied to all interfaces Example This example shows how to configure access list East ranch to filter RIP protocol route updates Switch configure terminal Switch config router rip Switch config router distribute list East ranch in Switch config router 85 3 ip prefix list This command is used to create a prefix list entry Use the no form of this ...

Page 1062: ...rval for future lower sequence number entries Otherwise it will create extra effort to insert an entry with a lower sequence number The sequence number must be unique in the domain of an access list If you enter a priority value that is already present the new entry will override the old one Only the route that is equal to or more specific than the specified network will be matched Example This ex...

Page 1063: ...el as the next hop Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline If a static route entry is configured with weight greater than 1 then the entry will be replicated multiple copies in the hashing table so the path gets more chance to be hit for traffic routing When the total number of replication exceeds the maximum paths number supported by the ...

Page 1064: ...Level 12 Usage Guideline The distance of routes is used in the following ways There are a number of sources that a route can be learned from Each route is associated with a distance The route with the least distance will be installed in routing table If multiple routes to the same destination network is configured with the same distance and the distance is less than distance of routes learned from...

Page 1065: ...m will take the next hop entry based on the hashing result Use the ip route ecmp load balance command to define the data which will be included in the hash value computation The source IP address is always included in the hash value computation This command issued later will overwrite the previous command setting Example This example shows how to include the destination IP address and port number ...

Page 1066: ...long to the same source Example This example shows how to configure the maximum paths of the OSPF protocol to 3 Switch configure terminal Switch config router ospf Switch config router maximum paths 3 Switch config router 85 8 show ip prefix list This command is used to display the configured prefix lists show ip prefix list PREFIX LIST NAME Parameters PREFIX LIST NAME Optional Specifies to displa...

Page 1067: ...display the IS IS protocol overall configuration vrf VRF NAME Optional Specifies to display the VRF routing process Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the status of the routing processes If no option is specified all running routing processes are displayed Example This example shows how to display ...

Page 1068: ... 0 0 2 01 22 25 2 0 0 2 01 22 25 131 0 0 2 01 22 25 132 0 0 2 01 22 25 133 0 0 2 01 22 25 Distribute list East branch in Interface in vlan20 East branch acl1 Distance 100 Routing Protocol is OSPF Router ID 222 200 23 1 It is an area boundary router It is an autonomous system boundary router Redistributing external route from RIP with metric mapped to 20 Static with metric mapped to 20 Connected wi...

Page 1069: ...Aggregated network s Neighbor s Maximum path 1 External distance 70 internal distance 130 Switch 85 10 show ip route This command is used to display the entry in the routing table show ip route vrf VRF NAME IP ADDRESS MASK PROTOCOL hardware Parameters vrf VRF NAME Optional Specifies to display the VRF routing table IP ADDRESS Optional Specifies the network address of which routing information shou...

Page 1070: ...P I IS IS O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 candidate default Gateway of last resort is not set C 10 0 0 0 8 is directly connected vlan1 Total Entries 1 Switch Display Parameters Code Indicates the source type that the route is derived from It can be one of the following values C Connected S Static R ...

Page 1071: ...ecified network can be reached 85 11 show ip route summary This command is used to display the brief information for the working routing entries show ip route summary vrf VRF NAME Parameters vrf VRF NAME Optional Specifies to display the VRF routing table Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays the brief info...

Page 1072: ...n written into chip database Optional Specifies to display all the related entries in the routing database instead of just the best route Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline The routing table gathers routes learned from different protocols If multiple routes can reach the same network the one with the best distance and the nex...

Page 1073: ...4 120 2 via FE80 1 vlan70 R 2100 0 0 8 64 120 2 via FE80 1 vlan70 R 2100 0 0 9 64 120 2 via FE80 1 vlan70 C 2131 64 0 1 is directly connected vlan31 C 2132 64 0 1 is directly connected vlan32 C 2133 64 0 1 is directly connected vlan33 S 300A 64 1 1 via 1001 2 vlan10 C 3600 64 0 1 is directly connected vlan1 O 3620 64 110 20 via FE80 2C0 8FFF FE04 1128 vlan10 O 4000 64 110 10 via FE80 208 62FF FE02...

Page 1074: ...d 85 13 show ipv6 route summary This command is used to display the current state of the IPv6 routing table show ipv6 route summary Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline When the system provides forwarding services for IPv6 traffic it is very important and helpful to check the forwarding routing table to understa...

Page 1075: ... DCB function If the specified name of class map does not exist no traffic is classified to the class A warning message will be prompted to indicate it Use the policy map type network qos global configuration command to identify the policy map type of network QoS and enter the policy map configuration mode Example This example shows how to create a network QoS class map to classify the traffic tha...

Page 1076: ...class map configuration mode Use the following commands to define or modify the match criteria match cos To define the class of traffic in a type network QoS class map use the match cos command no match cos Removes a match statement from a class map Example This example shows how to create a type network QoS class map named my_class_map Switch configure terminal Switch config class map type networ...

Page 1077: ...traffic classes 0 to 3 Assign traffic class 4 to 7 to strict priority Switch configure terminal Switch config interface ethernet 1 0 3 Switch config if mls qos scheduler ets Switch config if ets queue bandwidth 10 20 30 40 0 0 0 0 Switch config if 86 4 mls qos scheduler ets This command is used to configure the queue scheduling to the Enhanced Transmission Selection ETS mode mls qos scheduler ets ...

Page 1078: ...ity based Flow Control PFC to provide lossless service PFC which is defined in IEEE 802 1Qbb extends the basic IEEE 802 3x PAUSE semantics and uses the IEEE 802 1p CoS values in the IEEE 802 1Q VLAN tag to differentiate up to eight CoSs that can be subject to flow control independently If PFC of all priorities is disabled the interface defaults to the IEEE 802 3x flow control setting When PFC of a...

Page 1079: ... for the class my_class_map which is created in step 1 Switch configure terminal Switch config policy map type network qos my_policy_map Switch config pmap nq class type network qos my_class_map Switch config pmap c nq pause Switch config pmap c nq exit Switch config pmap Step 3 Apply the type network QoS policy map my_policy_map created in step 2 on interface Ethernet 1 0 3 Switch configure termi...

Page 1080: ... class by using the class type network qos policy map configuration command Attach the type network QoS policy map to an interface at the ingress by using the service policy type network qos input interface configuration command Example This example shows how to create a type network QoS policy map and modify the PFC state for the class map Switch configure terminal Switch config policy map type n...

Page 1081: ...Switch config interface ethernet 1 0 1 Switch config if service policy type network qos input my_policy_map Switch config if 86 8 show class map type network qos This command is used to display the type network QoS class map configuration show class map type network qos NAME Parameters NAME Optional Specifies the name of the class map The class map name can be a maximum of 32alphanumeric character...

Page 1082: ...aces or separate a range of interfaces from a previous range No space is allowed before and after the comma Optional Specifies a range of interfaces No space is allowed before and after the hyphen Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays the bandwidth assignment for all scheduling modes Example This example sh...

Page 1083: ...map configuration on the specified interface show policy map interface INTERFACE ID Parameters INTERFACE ID Specifies the interface ID Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays the policy maps configuration if any that has been attached to the specified interface Example This example shows how to displays the p...

Page 1084: ...y maps will be displayed INTERFACE ID Optional Specifies the module and port number Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays the class policies configured for the type network QoS policy map Use the show policy map without specifying the keyword type network qos command to display the class policy configuratio...

Page 1085: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 1080 pause Switch ...

Page 1086: ... as class default If the specified name of class map does not exist no traffic is classified to the class Example This example shows how to define a policy map policy1 which defines policies for the class class dscp red The packets that match DSCP 10 12 or 14 will all be marked as DSCP 10 and be policed by a single rate policer Switch configure terminal Switch config class map class dscp red Switc...

Page 1087: ...enters the class map configuration mode where match commands are entered to define the match criteria for this class When multiple match commands are defined for a class use the match all or match any keyword to specify whether to evaluate the multiple match criteria based on either the logical AND or the logical OR Example This example shows how to configure the class_home_user as the name of a c...

Page 1088: ...ore precedence values separated by commas or hyphen for a range list The valid range is from 0 to 7 Optional ip Specifies that the match is for IPv4 packets only If not specified the match is for both IP and IPv6 packets For IPv6 packets the precedence is most three significant bits of traffic class of IPv6 header protocol PROTOCOL NAME Specifies the protocol name to be matched vlan VLAN ID LIST S...

Page 1089: ... 2 3 Switch config cmap This example shows how classes called voice and video n data are created to classify traffic based on the CoS values QoS treatment is then given to the appropriate packets in the cos based treatment policy map in this example the QoS treatment is a single rate policer and a two rate policer for class voice and video n data respectively The service policy configured in this ...

Page 1090: ...rst token bucket for the two rate metering PIR Specifies the peak information rate in Kbps The peak information rate is the second token bucket for the two rate metering CONFORM BURST Specifies the burst size for the first token bucket in kilobytes PEAK BURST Specifies the burst size for the second token bucket in kilobytes confirm action optional Specifies the action to take on green color packet...

Page 1091: ...e class 1 and class 2 traffic class in the policy 2 policy map Switch configure terminal Switch config mls qos aggregate policer agg policer5 10 1000 exceed action drop Switch config policy map policy2 Switch config pmap class class1 Switch config pmap c police aggregate agg_policer5 Switch config pmap c exit Switch config pmap class class2 Switch config pmap c police aggregate agg_policer5 Switch...

Page 1092: ...ming packet is tagged the CoS value of the packet is modified at the ingress port For packets arriving at the 802 1Q VLAN tunnel port the port default CoS will be both the internal CoS assigned to the packet and the CoS value in the tunnel VLAN tag of the transmitted packet Example This example shows how the default CoS of Ethernet port 1 0 1 is set to 3 Switch configure terminal Switch config int...

Page 1093: ...ls qos map cos color COS LIST to green yellow red no mls qos map cos color Parameters COS LIST Specifies the list of CoS values to be mapped to a color The range of CoS is from 0 to 7 The multiple CoS values in the list can be in the form separated by commas or a range list Default By default all CoS values are mapped to the green color Command Mode Interface Configuration Mode Command Default Lev...

Page 1094: ...ine This command is used to define the DSCP to color map for the mapping of a packet s initial color Example This example shows how to define DSCP 61 to 63 as the yellow color and any other IP packet is initialized with the green color at Ethernet 1 0 1 Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if mls qos map dscp color 61 63 to yellow Switch config if 87 9 mls...

Page 1095: ...ig if mls qos map dscp cos 12 16 18 to 1 Switch config if 87 10 mls qos map dscp mutation This command is used to define a named Differentiated Services Code Point DSCP mutation map To remove the mutation map use the no form of this command mls qos map dscp mutation MAP NAME INPUT DSCP LIST to OUTPUT DSCP no mls qos map dscp mutation MAP NAME Parameters MAP NAME Specifies the name of the DSCP muta...

Page 1096: ...d is used to configure the scheduling mechanism Use the no command to reset the packet scheduling mechanism to the default mls qos scheduler sp rr wrr wdrr ets no mls qos scheduler Parameters sp Specifies that all queues are in strict priority scheduling rr Specifies that all queues are in round robin scheduling wrr Specifies the queues in the frame count weighted round robin scheduling If the wei...

Page 1097: ... a higher priority CoS queue is sent the corresponding weight is subtracted by 1 and the packet in the next lower CoS queue will be serviced When the weight of a CoS queue reaches zero the queue will not be serviced until its weight is replenished When weights of all CoS queues reach 0 the weights get replenished at a time Example This example shows how to configure the queue scheduling algorithm ...

Page 1098: ...to trust DSCP then the CoS mapped from the DSCP code point will be the internal CoS of the packet and the CoS value in the packet s outer VLAN tag When a packet is received by a port it will be initialized to a color based on the mls qos map dscp color command if the receiving port is to trust DSCP or MLS QoS mapped CoS color if the receiving port is to trust CoS Example This example shows how to ...

Page 1099: ...e packet is mapped from the incoming DSCP based on the DSCP to color map If the receipt port trusts CoS then the initial color is mapped from the incoming CoS based on the CoS to color map A single rate two color policer can only work in color blind mode Both single rate three color policers and two rate three color policers can work in color aware mode In color blind mode the final color of the p...

Page 1100: ...figuration mode to create a named aggregate policer Then use the police aggregate command in the policy map class configuration mode to configure the named aggregate policer as the policy for a traffic class A named aggregate policer cannot be referenced from a different policy map If a named aggregate policer is attached to multiple ingress ports the metering operation of the policer will not be ...

Page 1101: ...bytes confirm action Optional Specifies the action to take on green color packets If the action is not specified the default action is transmit exceed action Optional Specifies the action to take for those packets that conform to PIR but not to CIR These packets are referred to as yellow color traffic If the exceed action is not specified the default action is drop violate action Optional Specifie...

Page 1102: ... When specifying the actions you cannot specify contradictory actions such as violate action transmit and exceed action drop The actions configured by the set command for the traffic class will be applied to all the packets belonging to the traffic class Example This example shows how two rate traffic policing is configured on a class called police to limit traffic to an average committed rate of ...

Page 1103: ...y called class1 specifies a policy for traffic that matches an access control list ACL acl_rd The second class is the default class named class default to include packets that do not match the defined classes Switch configure terminal Switch config class map class1 Switch config cmap match access group name acl_rd Switch config cmap exit Switch config policy map policy Switch config pmap class cla...

Page 1104: ...is command is used to specify or modify the bandwidth allocated for a queue To remove the bandwidth allocated for a queue use the no form of this command queue QUEUE ID rate limit MIN BANDWIDTH KBPS percent MIN PERCENTAGE MAX BANDWIDTH KBPS percent MAX PERCENTAGE no queue QUEUE ID rate limit Parameters QUEUE ID Specifies the queue ID to set minimal guaranteed and maximum bandwidth MIN BANDWIDTH KB...

Page 1105: ...nfigure the queue bandwidth the minimum guaranteed bandwidth and maximum bandwidth of queue 1 of interface Ethernet 1 0 1 to 100Kbps and 2000Kbps respectively Set the minimum guaranteed bandwidth and maximum bandwidth of queue 2 to 10 and 50 respectively Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if queue 1 rate limit 100 2000 Switch config if queue 2 rate limit...

Page 1106: ...fies to apply the policy map for ingress flow on the interface output Specifies to apply the policy map for egress flow on the interface NAME Specifies the name of a service policy map The name can be a maximum of 32 alphanumeric characters Default None Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline Use the service policy command to attach at most one poli...

Page 1107: ... config pmap class silver Switch config pmap c police 2000 2000 exceed action set dscp transmit 0 Switch config pmap c exit Switch config pmap class bronze Switch config pmap c police 8000 2000 exceed action set dscp transmit 0 Switch config pmap c exit Switch config pmap exit Switch config interface ethernet 1 0 1 Switch config if service policy input cust1 classes Switch config if exit Switch co...

Page 1108: ...ue selection cos queue COS QUEUE Specifies to assign the CoS queue to the packets This overwrites the original CoS queue selection Setting the CoS queue will not take effect if the policy map is applied for the egress flow on the interface Default None Command Mode Policy map Class Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to set the DSCP field CoS field or...

Page 1109: ...mand Default Level Level 1 Usage Guideline Use this command to display all class maps and their matching criteria Example This example shows how two class maps are defined Packets that match the access list acl_home_user belong to the class c3 IP packets belong to the class c2 Switch show class map Class Map match any class default Match any Class Map match all c2 Match protocol ip Class Map match...

Page 1110: ...S configurations show mls qos interface INTERFACE ID cos scheduler trust rate limit queue rate limit dscp mutation map dscp color cos color dscp cos Parameters interface INTERFACE ID Specifies the interface ID to display Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No space is allowed before and after the comma Optional Specifies a range of inte...

Page 1111: ... CoS for eth 1 0 2 to eth 1 0 5 Switch show mls qos interface ethernet 1 0 2 5 cos Interface CoS Override eth1 0 2 3 Yes eth1 0 3 4 No eth1 0 4 4 No eth1 0 5 3 No Switch This example shows how to display the port trust state for eth 1 0 2 to eth 1 0 5 Switch show mls qos interface ethernet 1 0 2 1 0 5 trust Interface Trust State eth1 0 2 trust DSCP eth1 0 3 trust CoS eth1 0 4 trust DSCP eth1 0 5 t...

Page 1112: ... Tx Burst eth1 0 1 1000 kbps No Limit 64 kbyte No Limit eth1 0 2 No Limit 2000 kbps No Limit 2000 kbyte eth1 0 3 10 100000 kbps 20 200000 kbps 64 kbyte 64 kbyte eth1 0 4 2 2000 kbps 64 kbyte 64 kbyte Switch This example shows how to display the CoS bandwidth allocation for eth 1 0 1 to 1 0 2 Switch show mls qos interface ethernet 1 0 1 2 queue rate limit eth1 0 1 QID Min Bandwidth Max Bandwidth 0 ...

Page 1113: ...to yellow CoS 6 are mapped to red eth1 0 4 CoS 0 1 6 are mapped to green Switch This example shows how to display the DSCP to CoS map for port 1 0 1 Switch show mls qos interface ethernet 1 0 1 map dscp cos eth1 0 1 0 1 2 3 4 5 6 7 8 9 00 00 00 00 00 00 00 00 00 01 01 10 01 01 01 01 01 01 02 02 02 02 20 02 02 02 02 03 03 03 03 03 01 30 03 03 04 04 04 04 04 04 04 04 40 05 05 05 05 05 05 05 05 06 06...

Page 1114: ... 22 23 24 25 26 27 28 29 30 30 31 32 33 34 35 36 37 38 39 40 40 41 42 43 44 45 46 47 48 49 50 50 51 52 53 54 55 56 57 58 59 60 60 61 62 63 Switch 87 26 show mls qos queueing This command is used to display the QoS queuing information and weight configuration for different scheduler algorithm on specified interface s show mls qos queuing interface INTERFACE ID Parameters interface INTERFACE ID Opti...

Page 1115: ...s configured by the mls qos scheduler command determines which weight configuration taking effect Use the show mls qos interface scheduler command to get the scheduling mode of an interface Example This example shows how to display the QoS queuing information Switch show mls qos queueing Cos queue map CoS UC QID MC QID 0 2 1 1 0 0 2 1 0 3 3 1 4 4 2 5 5 2 6 6 3 7 7 3 Switch This example shows how t...

Page 1116: ...e show policy map command to display the class policy configurations of any or all the existing service policy maps Example This example shows how in the policy map called policy1 two rate traffic policing has been configured for the class called police Two rate traffic policing has been configured to limit the traffic to an average committed rate of 500 kbps and a peak rate of 1 Mbps Switch confi...

Page 1117: ...action transmit exceed action set dscp transmit 2 violate action drop Switch 87 28 wdrr queue bandwidth This command is used to set the queue quantum in the WDRR scheduling mode To restore to the default setting use the no form of this command wdrr queue bandwidth QUANTUM1 QUANTUM8 no wdrr queue bandwidth Parameters QUANTUM1 QUANTUM8 Specifies the quantum frame length count value of every queue fo...

Page 1118: ... scheduling Default By default each weight value is 1 Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The configuration of this command takes effect when the scheduling mode is in the WRR mode Use the mls qos scheduler wrr command to change the scheduling mode to WRR mode To satisfy the behavior requirements of Expedited Forwarding EF the highest queue is a...

Page 1119: ...hen cp QID Specifies the queue ID same as the outbound queue ID to specify which Congestion Point CP to clear counters Specify multiple CPs separated by commas or ranges by using a hyphen No space before and after the comma or hyphen Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Use this command with the interface keyword to clear QCN counters of CP ...

Page 1120: ...8 3 qcn cnm transmit priority This command is used to globally configure the IEEE 802 1p priority for transmitting Congestion Notification Messages CNMs Use the no form of this command to reset to the default setting qcn cnm transmit priority PRIORITY VALUE no qcn cnm transmit priority Parameters PRIORITY VALUE Specifies the IEEE 802 1p priority value for all Congestion Notification Messages CNMs ...

Page 1121: ...de choice for newly created port entries that is the defense mode and alternate priority are determined by the per port administrator s setting If not specified the default cp creation is auto enable admin defense mode Optional Specifies the default CND defense mode for this CNPV on all interfaces This setting can be overridden by the admin defense mode of per interface disable The congestion noti...

Page 1122: ...ity is deleted from CNPV the CNPV configuration for all interfaces will be deleted Example This example shows how to assign the CoS priority 3 to CoS queue 2 Assign priority 3 as the CNPV and take admin as the defense mode choice for newly created port entries Switch configure terminal Switch config priority queue cos map 2 3 Switch config qcn cnpv 3 cp creation auto disable Switch config This exa...

Page 1123: ...to 7 If not specified the default alternate priority is 0 defense mode choice Specifies how the default CND defense mode and alternate priority for this Congestion Notification Priority Value on this interface admin The default CND defense mode and alternate priority are specified by administrator auto The default CND defense mode and alternate priority are controlled automatically comp The defaul...

Page 1124: ...V mapped to that queue ID For example if a CNPV is only enabled on a single interface and no other active non disabled CNPVs use the same queue ID it implies the corresponding CPs on other egress ports are inactive then no CNMs can be triggered for the incoming traffic from this single enabled interface To make the Congestion Notification Domain CND work correctly you need enable a CNPV on more th...

Page 1125: ...on between the queue ID and CP is one to one the CP is specified by the queue ID to which the CP is attached to Use the qcn cp command to configure the parameters for the CP Specify a queue ID on which no CP is attached If the queue is not used by any CNPV the configuration won t take effect The CP monitors the transmission queue at the egress port When you set the defense mode to disabled for a C...

Page 1126: ...iority and error port list for the CNPV Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the configured QCN CNPV configuration Example This example shows how to display the QCN CNPV settings Switch show qcn cnpv Dot1p Defense Admin Alternate Auto Alt CP Priority Queue ID Mode Choice Defense Mode Priority Priorit...

Page 1127: ...o space before and after the comma or hyphen INTERFACE ID Optional Specifies the interface to display QCN CNPV information Specify multiple interfaces separated by commas or ranges by using a hyphen No space before and after the comma or hyphen simple Optional Specifies to only display the CND defense mode which would operate for the CNPV as determined by the LLDP Congestion Notification TLV Defau...

Page 1128: ...ace Ethernet 1 0 1 Switch show qcn cnpv 1 interface ethernet 1 0 1 CNPV 1 Interface Id eth1 0 1 Defense Mode Choice comp Admin Defense Mode interior ready Auto Defense Mode Alternate Priority 0 Defense Mode active interior ready Alternate Priority active 0 Corresponding CP Queue ID 2 active Switch This example shows how to display the CND defense mode controlled by the LLDP Congestion Notification...

Page 1129: ...onfiguration Mode Command Default Level Level 1 Usage Guideline Use this command to display the CP information for the specified interface s Example This example shows how to display CP information for interface Ethernet 1 0 1 and with queue ID 1 Switch show qcn cp interface ethernet 1 0 1 queue 1 Interface Id eth1 0 1 CP Index 2 Status active CP Priority 0 CP Identifier 0011223344550101 MAC Addre...

Page 1130: ...mmand Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the corresponding interface ID and CP index for the specified CP Identifier This CP index is an arbitrary integer indexing the entries in the CP table among the entries for the same interface This value is the corresponding queue ID plus 1 Example This example shows how to displ...

Page 1131: ...ree Please wait the switch is rebooting 89 2 reboot schedule This command is used to configure a reboot schedule Use the no command to cancel the reboot schedule reboot schedule in MINUTES at TIME DATE save_before_reboot no reboot schedule Parameters in MINUTES Specifies that the switch should initiate a reboot after the time period specified here The time value range is from 1 to 43200 minutes at...

Page 1132: ... the reboot schedule After the switch was rebooted it will generate a log message to identify that the system was restarted using the reboot schedule The configuration file of the device will not include the reboot schedule command After the reboot or shutdown the reboot schedule will be deleted automatically Moreover if the switch was manually rebooted or powered off before the reboot schedule to...

Page 1133: ...l Level 1 Usage Guideline This command is used to display the reboot schedule configuration Example This example shows how to display the reboot schedule configuration Switch show reboot schedule Reboot Schedule Settings Reboot schedule at 27 Mar 2015 23 00 00 in 520 minutes Save before reboot Yes Switch ...

Page 1134: ... Command Default Level Level 12 Usage Guideline The RMON statistics group entry number is dynamic Only the interface that is enabled for RMON statistics will have a corresponding entry in the table Example This example shows how to configure an RMON statistics entry with an index of 65 and the owner name guest on Ethernet interface Ethernet 1 0 2 Switch configure terminal Switch config interface e...

Page 1135: ...r the created entry Example This example shows how to enable the RMON MIB history statistics group on interface Ethernet 1 0 8 Switch configure terminal Switch config interface ethernet 1 0 8 Switch config if rmon collection history 101 owner it domain com interval 2000 Switch config if 90 3 rmon alarm This command is used to configure an alarm entry to monitor an interface To remove an alarm entr...

Page 1136: ...ngth is 127 Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The RMON alarm facility periodically takes samples of the value of variables and compares them against the configured threshold Example This example shows how to configure an alarm entry to monitor an interface Switch configure terminal Switch config rmon alarm 783 1 3 6 1 2 1 2 2 1 12 6 ...

Page 1137: ...ce If both the log and trap options are specified the created entry will cause both the log entry and the SNMP notification to be generated on event occurrence Example This example shows how to configure an event with an index of 13 to generate a log on the occurrence of the event Switch configure terminal Switch config rmon event 13 log owner it domain com description ifInNUcastPkts is too much S...

Page 1138: ...his command is used to display the RMON event table show rmon events Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays the RMON event table Example This example shows how to displays the RMON event table Switch show rmon events Event 1 owned by manager1 Description is Errors Event trigger action log tra...

Page 1139: ...story Index 23 owned by Manager Data source is eth4 0 2 Interval 30 seconds Requested buckets 50 Granted buckets 50 Sample 1 Received octets 303595962 Received packets 357568 Broadcast packets 3289 Multicast packets 7287 Estimated utilization 19 Undersized packets 213 Oversized packets 24 Fragments 2 Jabbers 1 CRC alignment errors 0 Collisions 0 Drop events 0 Sample 2 Received octets 303596354 Rec...

Page 1140: ... packets 192 Undersized packets 213 Oversized packets 24 Fragments 2 Jabbers 1 CRC alignment errors 0 Collisions 0 Drop events 0 Packets in 64 octets 256 Packets in 65 127 octets 236 Packets in 128 255 octets 129 Packets in 256 511 octets 10 Packets in 512 1023 octets 38 Packets in 1024 1518 octets 2200 Switch 90 9 snmp server enable traps rmon This command is used to enable the RMON trap state sn...

Page 1141: ...figuration Mode Command Default Level Level 12 Usage Guideline This command enables RMON trap state Example This example shows how to enable the sending of RMON traps for both the falling alarm and rising alarm Switch configure terminal Switch config snmp server enable traps rmon Switch config ...

Page 1142: ...ng routes against outgoing interfaces Example This example shows how to create a route map entry to match against the outgoing interface Switch configure terminal Switch config route map myPolicy permit 1 Switch config route map match interface vlan1 Switch config route map 91 2 match ip address This command is used to define a clause to match the route based on the standard IP access list or IP p...

Page 1143: ...route map match ip address myacl Switch config route map 91 3 match ip next hop This command is used to define a clause to match the route s next hop based on the standard IP access list or IP prefix list Use the no command to remove the clause match ip nexthop ACCESS LIST NAME prefix list PREFIX LIST NAME no match ip nexthop ACCESS LIST NAME prefix list PREFIX LIST NAME Parameters ACCESS LIST NAM...

Page 1144: ... ip route source ACCESS LIST NAME no match ip route source Parameters ACCESS LIST NAME Specifies a standard IP access list name Default None Command Mode Route map Configuration Mode Command Default Level Level 12 Usage Guideline Use this command in the route map configure mode to define a rule for matching routes against the source router IP address The IP address of the source router will be mat...

Page 1145: ... of routes Switch configure terminal Switch config route map myPolicy permit 1 Switch config route map match metric 10 Switch config route map 91 6 match route type This command is used to specify the RIP version to be sent on an interface basis Use the no command to revert to the default setting match route type internal external type 1 type 2 no match route type internal external type 1 type 2 P...

Page 1146: ...es the name of the route map permit Specifies that routes that match the rule entry are permitted deny Specifies that routes that match the rule entry are denied SEQ NUMBER Specifies the sequence number for the route map entry The value range is from 1 to 65535 Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline A route map can contain multiple route ...

Page 1147: ...y 1 1 Switch config route map 91 8 show route map This command is used to display information about the route map show route map ROUTE MAP NAME Parameters ROUTE MAP NAME Optional Specifies the route map to be displayed Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the route map information Example This exampl...

Page 1148: ...2 when the source ip is 10 1 1 0 24 The receiving interface is VLAN 100 and cannot find the route in routing table to route the packet At first create an IP basic access list named Strict Control which permits the prefix 10 1 1 0 24 Secondly create a route map named myPolicy which defines a match rule to associate the IP address prefix list to the previously created access list Strict Control Last...

Page 1149: ... 2 when the source IP is 10 1 1 0 24 The receiving interface is VLAN 100 At first create an IP basic access list named Strict Control which permits the prefix 10 1 1 0 24 Secondly create a route map named myPolicy which defines a match rule to associate the IP address prefix list to the previously created access list Strict Control Lastly in the VLAN interface configuration mode set the IP policy ...

Page 1150: ...er This command only takes effect when policy routing involves the IPv4 packet The precedence can be set using either a number or the corresponding name Example This example shows how to configure the IP precedence value to 5 critical for packets that pass the route map match Switch configure terminal Switch config route map example permit 10 Switch config route map match ip address IPACL_01 Switc...

Page 1151: ...pe This command is used to configure the type of OSPF AS external route set metric type type 1 type 2 no set metric type Parameters type 1 Specifies to use the OSPF external type 1 metric type 2 Specifies to use the OSPF external type 2 metric Default None Command Mode Route map Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to set the type of OSPF AS external r...

Page 1152: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 1147 ...

Page 1153: ... Mode Command Default Level Level 12 Usage Guideline This command is used to create an RA guard policy This command will enter into the RA guard policy configuration mode Example This example shows how to create an RA guard policy named policy1 Switch configure terminal Switch config ipv6 nd raguard policy policy1 Switch config ra guard 92 2 device role This command is used to configure the role o...

Page 1154: ...92 3 match ipv6 access list This command is used to filter the RA messages based on the sender IPv6 address Use the no form of the command to disable the filtering match ipv6 access list IPV6 ACCESS LIST NAME no match ipv6 access list Parameters IPV6 ACCESS LIST NAME Specifies a standard IPv6 access list Default None Command Mode RA Guard Policy Configuration Mode Command Default Level Level 12 Us...

Page 1155: ...licy can be attached If the policy name is not specified the default policy will set the device role to host Example This example shows how to apply the RA guard policy on interface Ethernet 1 0 3 Switch configure terminal Switch config ipv6 nd raguard policy raguard1 Switch config ra guard device role router Switch config ra guard match ipv6 access list list1 Switch config ra guard exit Switch co...

Page 1156: ...e is specified only the specified policy information is displayed If the policy name is not specified information is displayed for all policies Example This example shows how to display the policy configuration for a policy named raguard1 and all the interfaces where the policy is applied Switch show ipv6 nd raguard policy raguard1 Policy raguard1 configuration Device Role host Target eth1 0 1 1 0...

Page 1157: ...figure the distance is an integer from 1 to 255 representing the trust rating of the route The route with lower distance value is preferred over the route with the higher distance value Routes with the distance 255 will not be installed for the routing of packets since it indicates that the route is not trusted Example This example shows how to configure the distance of RIP routes to 100 Switch co...

Page 1158: ...shows how to enter and exit address family configuration mode for the VRF branch route address family Switch configure terminal Switch config router rip Switch config router address family ipv4 vrf branch route Switch config router af exit Switch config router 93 3 default metric RIP This command is used to configure the value to be used as the default metric for routes redistributed to RIP To ret...

Page 1159: ...thentication text password This command is used to enable authentication for RIP version 2 packets and to specify the key that can be used on an interface To disable authentication use the no form of this command ip rip authentication text password PASSWORD no ip rip authentication text password Parameters PASSWORD Specifies a password string Default None Command Mode Interface Configuration Mode ...

Page 1160: ... takes effect for RIP version 2 Example This example shows how to enable the authentication at interface VLAN 2 Switch configure terminal Switch config interface vlan2 Switch config if ip rip authentication mode text Switch config if 93 6 ip rip receive version This command is used to specify a RIP version to receive on an interface basis Use the no form of the command to revert to the default set...

Page 1161: ... rip send version 1 2 no ip rip send version Parameters 1 Optional Specifies to send RIP version 1 packets 2 Optional Specifies to send RIP version 2 packets Default By default the global setting will be used Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to specify the send RIP version for an interface If not specified the global setting ...

Page 1162: ...sten to multicast packets If enabled version 2 packets will be sent to the IP broadcast address instead of the IP multicast address 224 0 0 9 Example This example shows how to configure the interface VLAN 100 to broadcast version 2 RIP packets Switch configure terminal Switch config interface vlan100 Switch config if ip rip send version 2 Switch config if ip rip v2 broadcast Switch config if 93 9 ...

Page 1163: ...form of this command to revert to the default setting passive interface default INTERFACR ID no passive interface default INTERFACR ID Parameters default Specifies the global default passive state for all interfaces INTERFACR ID Specifies the interface identifier for setting the passive state If passive state of an interface is not specified it follows the global default passive state Default By d...

Page 1164: ...e redistributed Default By default this option is disabled Command Mode Router Configuration Mode Router Address Family Configuration RIP Mode Command Default Level Level 12 Usage Guideline If the metric option is not specified or is specified as 0 the following rules are applied The metric of the redistributed static route or connected route will be 1 if the metric option is not specified or is s...

Page 1165: ...e Router Configuration Mode of the RIP protocol and enable the RIP function The no command will remove the configuration in the RIP router mode and disable RIP process Example This example shows how to begin the RIP routing process Switch configure terminal Switch config router rip Switch config router 93 13 show ip rip database This command is used to display the Routing Information Protocol RIP ...

Page 1166: ... removed from the routing table Example This example shows how to display a summary address Switch Show ip rip database Codes R RIP Rc RIP connected K Kernel C Connected S Static O OSPF B BGP I IS IS A Aggregate Network Next Hop Metric From If Time Rc 10 1 0 0 16 1 vlan1 Rc 20 0 0 0 8 1 vlan2 R 30 0 0 0 8 20 33 24 1 2 20 33 24 1 vlan2 0DT0H2M44S 40 33 24 8 5 40 33 24 2 vlan3 0DT0H2M30S RA 10 0 0 0...

Page 1167: ...ocol is up Routing Protocol RIP Receive RIP packets Send RIP packets Send v2 broadcast Disabled Authentication Mode text Passive interface Disabled IP interface address 20 72 63 80 8 IP summary address 11 0 0 0 8 Total Entries 2 Switch 93 15 timers basic This command is used to configure the RIP network timers To restore the default timers use the no form of this command timers basic UPDATE INVALI...

Page 1168: ... 160 Switch config router 93 16 version This command is used to specify a RIP version globally as the default version for all interfaces Use the no form of the command to revert to the default setting version 1 2 no version Parameters 1 Specifies to only receive and transmit RIP version 1 packets 2 Specifies to only receive and transmit RIP version 2 packets Default By default RIP version 1 and 2 ...

Page 1169: ...Managed 10Gigabit Ethernet Switch CLI Reference Guide 1164 This example shows how to configure the RIP version to version 2 Switch configure terminal Switch config router rip Switch config router version 2 Switch config router ...

Page 1170: ...g process is cleared the routing database will be cleared and repopulated Example This example shows how to clear the RIPng routing database Switch clear ipv6 rip Clear ipv6 rip y n n y Switch 94 2 default metric RIPng This command is used to set the value used as the default metric for routes redistributed to RIPng To return to the default value use the no form of the command default metric METRI...

Page 1171: ...This command is used to define an administrative distance of routes learned by IPv6 routing protocols Use the no command to restore the default setting distance DISTANCE no distance Parameters DISTANCE Specifies the administrative distance The range is from 1 to 254 The lower value represents better route Default By default the RIPng distance is 120 Command Mode Router Configuration Mode Command D...

Page 1172: ...able IPv6 RIP on required interfaces Example This example shows how to enable the IPv6 RIP routing process on VLAN 1 Switch configure terminal Switch config interface vlan1 Switch config if ipv6 rip enable Switch config if 94 5 ipv6 rip metric offset This command is used to set the value to be added to the metric of an IPv6 RIP route received on the configured interface Use the no form of the comm...

Page 1173: ...tes received on VLAN 1 Switch configure terminal Switch config interface vlan1 Switch config if ipv6 rip metric offset 3 Switch config if 94 6 ipv6 router rip This command is used to configure the IPv6 RIP routing process To remove an IPv6 RIP routing process use the no form of this command ipv6 router rip no ipv6 router rip Parameters None Default None Command Mode Global Configuration Mode Comma...

Page 1174: ... with an unreachable metric Example This example shows how to enable poison reverse for IPv6 RIP Switch configure terminal Switch config ipv6 router rip Switch config rtr poison reverse Switch config rtr 94 8 redistribute This command is used to redistribute routes from other routing domains into RIP Use the no command to disable route redistribution from specific protocols redistribute PROTOCOL m...

Page 1175: ...pecified as 0 If the default metric is not specified then the original metric from the redistributed protocol will be transparently carried through Example This example shows how to configure the specified OSPF process routes to be redistributed into an RIP domain The metric will be remapped to 10 Switch configure terminal Switch config ipv6 router rip Switch config rtr redistribute ospf metric 10...

Page 1176: ...0 split horizon This command is used to enable the split horizon option for an IPv6 RIP process Use the no form of the command to disable the split horizon option split horizon no split horizon Parameters None Default By default this option is enabled Command Mode Router Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to enable split horizon mechanism in the IPv6...

Page 1177: ... 65535 Default The default update time 30 seconds The default invalid time 180 seconds The default flush time 120 seconds Command Mode Router Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to modify the IPv6 RIP protocol timers Example This example shows how to configure the RIP timers The Timers of update invalid and flush timers are set to 10 40 and 160 respec...

Page 1178: ...ebug switch To turn off the IPv6 RIP interface state debug switch use the no form of this command debug ipv6 rip interface no debug ipv6 rip interface Parameters None Default By default this option is disabled Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command to turn on or turn off the IPv6 RIP interface state debug switch When the IPv6 RIP interface...

Page 1179: ...IPv6 RIP packet receiving debug switch When one IPv6 RIP protocol packet is received the debug information will be print if the IPv6 RIP debug function is turned on Example This example shows how to turn on the IPv6 RIP packet receiving debug switch Switch debug ipv6 rip packet receiving Switch Received a RIPng request packet from FE80 1 94 15 debug ipv6 rip packet transmitting This command is use...

Page 1180: ...ipv6 rip route This command is used to turn on the IPv6 RIP route debug switch To turn off the IPv6 RIP route debug switch use the no form of this command debug ipv6 rip route no debug ipv6 rip route Parameters None Default By default this option is disabled Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command to turn on or turn off the IPv6 RIP route d...

Page 1181: ...otect related counters of the specified protocol If no protocol name is specified then all protocols will be cleared Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline If this command is issued without parameters then all CPU protect related counters will be cleared Example This example shows how to clear all CPU protect related statistics Switch clear cp...

Page 1182: ...inimizing the workload of the switch while the attack is ongoing thus making it capable to forward essential packets over its network in a limited bandwidth When the CPU utilization of the switch rises over configured rising threshold it will enter exhausted mode In exhausted mode the switch limits the bandwidth of receiving ARP and broadcast IP packets Example This example shows how to enable the...

Page 1183: ...e rate limit of packets for the management sub interface and the threshold is 1000 packets per seconds Switch configure terminal Switch config cpu protect sub interface manage pps 1000 Switch config 95 4 cpu protect type This command is used to configure the rate limit of traffic destined to the CPU by the protocol type cpu protect type PROTOCOL NAME pps RATE no cpu protect type PROTOCOL NAME Para...

Page 1184: ...way Protocol Protocol dhcp Dynamic Host Configuration Protocol dns Domain Name Services Protocol dvmrp Distance Vector Multicast Routing Protocol Protocol gvrp GARP VLAN Registration Protocol Protocol icmp IPv4 Internet Control Message Protocol Protocol icmpv6 ndp IPv6 ICMP Neighbor Discover Protocol NS NA RS RA Protocol icmpv6 other IPv6 ICMP except NDP NS NA RS RA Protocol Igmp Internet Group Ma...

Page 1185: ...eguard Engine Switch show cpu protect safeguard Safeguard Engine State Disabled Safeguard Engine Status Normal Utilization Thresholds Rising 50 Falling 20 Switch Display Parameters Safeguard Engine Status Displays the current mode that CPU utilization stays The possible displayed strings are Exhausted If the CPU utilization is higher than the configured rising threshold it will enter Exhausted Mod...

Page 1186: ...display the configured rate limit and drop count of the safeguard engine of a specific group Switch show cpu protect sub interface manage Sub Interface manage Rate Limit 1000 pps Unit Total Drop 1 50 0 3 50 0 Switch 95 7 show cpu protect type This command is used to display the rate limit and statistics of CPU protection show cpu protect type PROTOCOL NAME UNIT ID unit UNIT ID Parameters PROTOCOL ...

Page 1187: ...raps safeguard engine This command is used to enable the sending of SNMP notifications for the Safeguard Engine Use the no command to disable the sending of SNMP notifications for the Safeguard Engine snmp server enable traps safeguard engine no snmp server enable traps safeguard engine Parameters None Default By default this feature is disabled Command Mode Global Configuration Mode Command Defau...

Page 1188: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 1183 Switch config snmp server enable traps safeguard engine Switch config ...

Page 1189: ...SFTP itself does not provide authentication and security the SFTP server runs as a sub system of the SSH server It is required to enable the SSH server by using the ip ssh server command to make SFTP work correctly Disabling the SSH server or the SFTP server will cause all established SFTP sessions disconnected When the SFTP server is enabled on the switch manage the files on the switch using vari...

Page 1190: ... afterwards the current connected SFTP sessions won t be affected The cancel of an idle SFTP session takes no effect to the corresponding SSH Shell session After all SSH sessions SFTP session and Shell session of a connection closed the SSH connection will be closed Example This example shows how to specify the idle timer for the SFTP server to 600 seconds Switch configure terminal Switch config i...

Page 1191: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 1186 IP SFTP server Enabled Protocol version 3 Idle time out 120 secs Switch ...

Page 1192: ...0 512 768 1024 and 2048 If not specified a message will be promoted to the user to specify the value Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline This command is used to generate the RSA or DSA key pair Example This example shows how to create an RSA key Switch crypto key generate rsa The RSA key pairs already existed Do you really want to replace t...

Page 1193: ...Switch 97 3 ip ssh timeout This command is used to configure the SSH control parameters on the switch To restore the default values use the no form of this command ip ssh timeout SECONDS authentication retries NUMBER no ip ssh timeout authentication retries Parameters timeout SECONDS Specifies the time interval that the switch waits for the SSH client to respond during the SSH negotiation phase Th...

Page 1194: ...uthentication retries value to 2 times The connection fails after 2 retry attempt fails Switch configure terminal Switch config ip ssh authentication retries 2 Switch config 97 4 ip ssh server This command is used to enable the SSH server function Use the no command to disable the SSH server function ip ssh server no ip ssh server Parameters None Default By default this option is disabled Command ...

Page 1195: ...iguration Mode Command Default Level Level 12 Usage Guideline This command configures the TCP port number for SSH server Example This example shows how to change the service port number to 3000 Switch configure terminal Switch config ip ssh service port 3000 Switch config 97 6 show crypto key mypubkey This command is used to display the RSA or DSA public key pairs show crypto key mypubkey rsa dsa ...

Page 1196: ...38ULC8 kAKra Ze mG7IW3eC 8STcrkr5 s7l9H bh jG oqkwj SlUJSGqR e sj6Ws Switch 97 7 show ip ssh This command is used to display the user SSH configuration settings show ip ssh Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to the SSH configuration settings Example This example shows how to display the SSH co...

Page 1197: ...00 1 V2 3des cbc hmac sha1 lee4567890123456 2000 243 Total Entries 2 Switch Display Parameters SID A unique number that identifies the SSH session Ver Indicates the SSH version of this session Cipher The cryptographic Hashed Message Authentication Code HMAC algorithm that the SSH client is using Userid The login username of the session Client IP Address The client IP address for this established S...

Page 1198: ...user is password Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The administrator can use this command to specify authentication method for a user The user name must be a user created by the username command By default the authentication method is password The system will prompt the user to input the password To authenticate a user via SSH public key authenti...

Page 1199: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 1194 Switch config ...

Page 1200: ...te is a local certificate the corresponding private key will be deleted at the same time Example This example shows how to delete an imported certificate named tongken ca of the trust point gaa Switch show crypto pki trustpoints Trustpoint Name gaa primary Imported certificates CA tongken ca local certificate webserver crt local private key webserver prv Switch configure terminal Switch config cry...

Page 1201: ...only local Specifies to import local certificate and key pairs only both Specifies to import the CA certificate local certificate and key pairs Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline This command allows administrators to import certificates and key pairs in the PEM formatted files Proper certificates and key pairs need to be imported to the sw...

Page 1202: ...This command is used to declare the trust point that the switch will use To delete all certificates and key pairs associated with the trust point use the no form of this command crypto pki trustpoint NAME no crypto pki trustpoint NAME Parameters NAME Specifies to create a name for the trust point Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use...

Page 1203: ... this command to enter into certificate chain configuration mode If the specified trust point name doesn t exist an error message will be displayed Example This example shows how to enter into certificate chain configuration mode Switch configure terminal Switch config crypto pki certificate chain TP1 Switch trustpoint 98 5 primary This command is used to assign a specified trust point as the prim...

Page 1204: ... TP1 Switch ca trustpoint primary Switch ca trustpoint 98 6 show crypto pki trustpoints This command is used to display the trust points that are configured in the switch show crypto pki trustpoints TRUSTPOINT Parameters TRUSTPOINT Optional Specifies the name of the trust point to be displayed Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideli...

Page 1205: ...e of the SSL service policy is not specified all SSL service policies will be displayed Example This example shows how to display all SSL service policies Switch show ssl service policy SSL Policy Name policy1 Enabled CipherSuites RSA_WITH_RC4_128_MD5 RSA_WITH_3DES_EDE_CBC_SHA RSA_EXPORT_WITH_RC4_40_MD5 Session Cache Timeout 600 Secure Trustpoint TP1 SSL Policy Name policy2 Enabled CipherSuites RS...

Page 1206: ...r message digest rsa export rc4 40 md5 Use RSA EXPORT key exchange with RC4 40 bits for message encryption and MD5 for message digest When the cipher suite is not configured the SSL client and server will negotiate the best cipher suite that they both support from the list of available cipher suites Multiple cipher suites can be specified to be used Use the no form of this command to disable the s...

Page 1207: ...Switch CLI Reference Guide 1202 Example This example shows how to configure the SSL service policy ssl server which associates the TP1 trust point Switch configure terminal Switch config ssl service policy ssl server secure trustpoint TP1 Switch config ...

Page 1208: ...fies the maximum number of data bytes of a single sFlow datagram The valid range is from 700 to 1400 host IP ADDRESS Optional Specifies the IPv4 address of the remote sFlow collector host IPV6 ADDRESS Optional Specifies the IPv6 address of the remote sFlow collector vrf VRF NAME Optional Specifies the name of the routing forwarding instance udp port PORT Optional Specifies the UDP port of the remo...

Page 1209: ...nd sampling rate RATE max header size SIZE no sflow sampler INSTANCE Parameters INSTANCE Specifies the instance index if multiple samplers are associated with one interface The valid range is from 1 to 65535 receiver RECEIVER Optional Specifies the receiver s index for this sampler If not specified the value is 0 The user cannot configure the value to 0 inbound Optional Specifies to sample ingress...

Page 1210: ...128 bytes Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if sflow sampler 1 receiver 1 inbound sampling rate 1024 max header size 128 Switch config if 99 3 sflow poller This command is used to create or configure a poller for the sFlow agent Use the no form of this command to delete a poller sflow poller INSTANCE receiver RECEIVER interval SECONDS no sflow poller IN...

Page 1211: ...sflow agent receiver sampler poller Parameters agent Optional Specifies to display sFlow agent information receiver Optional Specifies to display information of all receivers sampler Optional Specifies to display information of all samplers poller Optional Specifies to display information of all pollers Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usa...

Page 1212: ... Index 3 Owner Expire Time 0 Current Countdown Time 0 Max Datagram Size 1400 Address 0 0 0 0 VRF Name Port 6343 Datagram Version 5 Index 4 Owner Expire Time 0 Current Countdown Time 0 Max Datagram Size 1400 Address 0 0 0 0 VRF Name Port 6343 Datagram Version 5 Samplers Information Interface Instance Receiver Mode Admin Rate Active Rate Max Header Size eth1 0 1 1 1 inbound 256 0 128 eth1 0 2 1 2 in...

Page 1213: ... of the remote sFlow receiver VRF Name The name of the routing forwarding instance Port The UDP port of the remote sFlow receiver Datagram Version The version of sFlow datagrams Interface The interface on which the sampler is configured Instance The Sampler instance index Receiver The Receiver s INDEX for this Sampler Mode The instance s mode which is inbound or outbound or inactive Admin Rate The...

Page 1214: ...e system provides the service to send SYSLOG messages to email receivers via SMTP Email messages will only be sent only when the mail server recipient and own mail address are configured The switch acts as the SMTP client and sends the SYSLOG message to the SMTP server then the server will delivers email messages to the recipient Up to one SMTP server can be configured for a switch Example This ex...

Page 1215: ...s used to configure the recipient where the email will be sent Use the no form of the command to remove a recipient smtp recipient EMAIL ADDRESS no smtp recipient all EMAIL ADDRESS Parameters recipient EMAIL ADDRESS Specifies a recipient to receive the email Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The system provides the service to send SY...

Page 1216: ...interval If set to 0 switch will send a mail for each event immediately Default By default this value is 30 minutes Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to configure the SMTP sending interval that the switch uses Example This example shows how to configure the interval to 10 minutes Switch configure terminal Switch config smtp inter...

Page 1217: ... domain com 3 receiver3 domain com 4 receiver4 domain com 5 receiver5 domain com 6 receiver6 domain com 7 receiver7 domain com 8 receiver8 domain com Switch 100 6 smtp send_testmsg This command is used to check the reachability of the SMTP server smtp send_testmsg Parameters None Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used...

Page 1218: ...d 10Gigabit Ethernet Switch CLI Reference Guide 1213 Switch configure terminal Switch config smtp send_testmsg Subject This is the test message subject Content This is the test message content Sending mail please wait Switch config ...

Page 1219: ...Specifies to display SNMP local engine ID information Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays the SNMP information When displaying SNMP community strings the SNMPv1 or SNMPv2c user created will not be displayed Example This example shows how to display SNMP community information Switch show snmp community Cod...

Page 1220: ...s how to display the MIB view setting Switch show snmp view View Name Subtree View Type restricted 1 3 6 1 2 1 1 Included restricted 1 3 6 1 2 1 11 Included restricted 1 3 6 1 6 3 10 2 1 Included restricted 1 3 6 1 6 3 11 2 1 Included restricted 1 3 6 1 6 3 15 1 1 Included CommunityView 1 Included CommunityView 1 3 6 1 6 3 Excluded CommunityView 1 3 6 1 6 3 1 Included Total Entries 8 Switch This e...

Page 1221: ...odel v2c ReadView CommunityView WriteView CommunityView NotifyView CommunityView IP access control list Total Entries 5 Switch This example shows how to display the SNMP engine ID Switch show snmp engineID Local SNMP engineID 00000009020000000C025808 Switch 101 2 show snmp user This command is used to display information about the configured SNMP user show snmp user USER NAME Parameters USER NAME ...

Page 1222: ...d to remove the community string snmp server community 0 7 COMMUNITY STRING view VIEW NAME ro rw access IP ACL NAME context CONTEXT no snmp server community 0 7 COMMUNITY STRING Parameters 0 COMMUNITY STRING Optional Specifies the community string in the plain text form with a maximum of 32 alphanumeric characters This is the default option 7 COMMUNITY STRING Optional Specifies the community strin...

Page 1223: ...te access the interfacesMibView view is created Switch configure terminal Switch config snmp server view interfacesMibView 1 3 6 1 2 1 2 included Switch config snmp server community comaccess view interfacesMibView rw Switch config 101 4 snmp server engineID local This command is used to specify the SNMP engine ID on the local device Use the no command to revert the SNMP engine ID to the default s...

Page 1224: ...SNMPv3 security model auth Specifies to authenticate the packet but not encrypt it noauth Specifies not to authenticate and not to encrypt the packet priv Specifies to authenticate and encrypt the packet read READ VIEW Optional Specifies a read view that the group user can access write WRITE VIEW Optional Specifies a write view that the group user can access notify NOTIFY VIEW Optional Specifies a...

Page 1225: ...an report its status in the notification packets to the trap managers that are identified by the specified group user act as community string If notify view is not specified then no MIB objects can be reported Example This example shows how to create the SNMP server group guestgroup for SNMPv3 access and SNMPv2c Switch configure terminal Switch config snmp server view interfacesMibView 1 3 6 1 2 1...

Page 1226: ... send the trap packets in SNMPv1 or SNMPv2c to a specific host the specified community string acts as the community string in the trap packets When specifying to send the trap packets in SNMPv3 to a specific host whether to do authentication and encryption in the sending of the packet should be specified The specified community string acts as the username in the SNMPv3 packet The user must be crea...

Page 1227: ...e interface traps Parameters INTERFACE ID Specifies the interface whose IP address will be used as the source address for sending the SNMP trap packet Default The IP address of the closest interface will be used Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to specify the interface whose IP address will be used as the source address for send...

Page 1228: ... text form This password is 8 to 16 octets If the keyword encrypted is specified the length is fixed to 32 octets access IP ACL NAME Optional Specifies the standard IP access control list ACL to associate with the user Default By default there is one user User Name initial Group Name initial Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline To create a SMNP user...

Page 1229: ... word such as system Use the asterisk wildcard in a single sub identifier to specify a sub tree family included Specifies the sub tree to be included in the SNMP view excluded Specifies the sub tree to be excluded from the SNMP view Default VIEW NAME OID TREE View Type Restricted 1 3 6 1 2 1 1 Included Restricted 1 3 6 1 2 1 11 Included Restricted 1 3 6 1 6 3 10 2 1 Included Restricted 1 3 6 1 6 3...

Page 1230: ...n all interfaces will be displayed Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display per interface link up down trap state Example This example shows how to display the interface s link up down trap state for port Ethernet 1 0 1 to 1 0 9 Switch show snmp trap link status interface ethernet 1 0 1 1 0 9 Interface T...

Page 1231: ... display trap related settings Example This example shows how to display the SNMP server configuration Switch show snmp server SNMP Server Enabled Name Switch Location Contact SNMP UDP Port 161 SNMP Response Broadcast Request Disabled Switch This example shows how to display trap related settings Global Trap State Enabled Individual Trap State Authentication Disabled Linkup Disabled Linkdown Disab...

Page 1232: ...ing state Example This example shows how to display the trap sending state for ports Ethernet 1 0 1 to 1 0 9 Switch show snmp server trap sending interface ethernet 1 0 1 1 0 9 Port Trap Sending eth1 0 1 Enabled eth1 0 2 Enabled eth1 0 3 Disabled eth1 0 4 Enabled eth1 0 5 Enabled eth1 0 6 Disabled eth1 0 7 Enabled eth1 0 8 Enabled eth1 0 9 Enabled Switch 101 13 snmp server This command is used to ...

Page 1233: ...o configure the system contact information for the device Use the no command to remove the setting snmp server contact TEXT no snmp server contact Parameters contact TEXT Specifies a string for describing the system contact information The maximum length is 255 characters The syntax is a general string that allows spaces Default None Command Mode Global Configuration Mode Command Default Level Lev...

Page 1234: ...he sending of all or specific SNMP notifications To disable sending of all or specific SNMP notifications use the no form of this command snmp server enable traps snmp authentication linkup linkdown coldstart warmstart no snmp server enable traps snmp authentication linkup linkdown coldstart warmstart Parameters authentication Optional Specifies to control the sending of SNMP authentication failur...

Page 1235: ...etting must be enabled too Example This example shows how to enable the router to send all SNMP traps to the host 10 9 18 100 using the community string defined as public Switch configure terminal Switch config snmp server enable traps Switch config snmp server enable traps snmp Switch config snmp server host 10 9 18 100 version 2c public Switch config This example shows how to enable the SNMP aut...

Page 1236: ...sed to configure the system s name information Use the no command to remove the setting snmp server name NAME no snmp server name Parameters NAME Specifies the string that describes the host name information The maximum length is 255 characters As a suggestion do not configure the hostname longer than 10 characters Default By default this name is Switch Command Mode Global Configuration Mode Comma...

Page 1237: ...ted by the system are not allowed to transmit out of the port The SNMP traps generated by other system and forwarded to the port is not subject to this restriction Example This example shows how to disable the sending of the notification traps out of interface Ethernet 1 0 8 Switch configure terminal Switch config interface ethernet 1 0 8 Switch config if snmp server trap sending disable Switch co...

Page 1238: ... snmp server response broadcast request no snmp server response broadcast request Parameters None Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to enable or disable the server to response to broadcast SNMP GetRequest packet NMS tools would send broadcast SNMP GetRequest packets to discover netwo...

Page 1239: ...link status Switch config if 101 23 snmp server context map This command is used to configure the SNMP context mapping table Use the no command to remove the configuration snmp server context map CONTEXT instance id INT instance name NAME vrf name NAME no snmp server context map CONTEXT Parameters CONTEXT Specifies the VACM context name This name can be up to 32 characters long The name must start...

Page 1240: ...ext vrf name vrf user Switch config 101 24 show snmp context map This command is used to display information about the configured SNMP context mapping table show snmp context map Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display information about the configured SNMP context mapping table Examp...

Page 1241: ...the command to disable the single IP management function of the device Example This example shows how to enable single IP management Switch configure terminal Switch config sim Switch config 102 2 sim role This command is used to configure the device s single IP management role from Candidate to Commander or from Commander to Candidate sim role commander GROUP NAME candidate Parameters commander S...

Page 1242: ...ows how to create a single IP management group Switch configure terminal Switch config sim role commander my group Switch config 102 3 sim group member This command is used to add one Candidate switch to the single IP management group Use no form to remove one member from this single IP management group sim group member CANDIDATE ID PASSWORD no sim group member MEMBER ID Parameters CANDIDATE ID Sp...

Page 1243: ...ameters SECONDS Specifies the hold time in seconds The range is from 100 to255 Default By default this value is 100 seconds Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline During the hold time If no SIM protocol message were received it will For the Commander switch clear Member switch information For the Member switch clear the Commander switch information an...

Page 1244: ...protocol Switch configure terminal Switch config sim interval 60 Switch config 102 6 sim management vlan This command is used to configure SIM management VLAN Use the no form of the command to revert to the default setting sim management vlan VLAN ID no sim management vlan Parameters VLAN ID Specifies the single IP management message VLAN Default By default this option is set the VLAN 1 Command Mo...

Page 1245: ...This command only can be used on the Commander switch Example This example shows how to login the single IP management group member device Switch sim remote config member 1 Switch 102 8 copy sim This command is used to copy a file to single IP management group members copy sim SOURCE URL DESTINATION URL member MEMBER LIST Parameters SOURCE URL Specifies the source URL to be uploaded to the server ...

Page 1246: ...lt Level Level 12 Usage Guideline This command can be used on Commander Switch to upload files to the server from member switches In order to distinguish the different member switch s ID the file name will be appended to the member switch s ID Example This example shows how to download firmware to the member switch 1 Switch copy sim tftp 10 10 10 58 switch had firmware member 1 Download firmware 1...

Page 1247: ...Group neighbor Specifies to display the neighbor information Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display single IP management information Example This example shows how to display detailed local SIM information on the Commander Switch show sim Group Name my group SIM Version VER 1 61 Firmware Version 2 ...

Page 1248: ... Version Device Name 1 00 01 00 00 12 12 DXS 3600 100 2 40 041 2 00 02 00 00 12 13 DXS 3600 80 2 40 041 Total Entries 2 Switch This example shows how to display one of the SIM member s information in detail Switch show sim members 1 Sim Member Information Member ID 1 Firmware Version 2 40 041 Device Name MAC Address 00 01 00 00 12 12 Platform DXS 3600 Hold Time 100 sec Switch This example shows ho...

Page 1249: ...ns Commander switch SIM Group Name default Hold Firmware ID MAC Address Platform Time Version Device Name 1 00 02 00 00 08 12 DXS 3600 40 2 40 041 2 00 07 15 34 00 50 3 00 01 02 03 00 10 SIM Group Name SIM2 Hold Firmware ID MAC Address Platform Time Version Device Name 1 00 01 02 03 04 11 DXS 3600 40 2 40 041 2 00 55 55 00 55 11 Total Entries 2 Switch This example shows how to display SIM group de...

Page 1250: ...1 2 MAC Address 00 07 15 34 00 50 Member Info 2 2 MAC Address 00 01 02 03 00 10 Switch This example shows how to display SIM neighbors summary Switch show sim neighbor Port MAC Address Role 1 00 02 00 00 08 12 Member 2 00 01 00 00 12 12 Member 2 EE FF 00 00 12 12 Candidate Total Entries 3 Switch ...

Page 1251: ...state This action can be used to test whether all legacy bridges on a given LAN have been removed If there is no STP Bridge on the LAN the port will be operated in the configured mode either in the RSTP or MSTP mode Otherwise the port will be operated in the STP mode Example This example shows how to trigger the protocol migration event for all ports Switch clear spanning tree detected protocols a...

Page 1252: ...6 NNI BPDU Address dot1d 01 80 C2 00 00 00 Root ID Priority 32768 Address 00 00 00 11 22 33 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 priority 32768 sys id ext 0 Address 00 00 00 11 22 33 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Topology Changes Count 0 Priority Link Interface Role State Cost Port Type Edge eth1 0 3 designated forwarding 20000 128 3 ...

Page 1253: ...ws how to display spanning tree configuration information for interface Ethernet 1 0 1 Switch show spanning tree configuration interface ethernet 1 0 1 eth1 0 1 Spanning tree state Enabled Port path cost 0 Port priority 128 Port Identifier 128 1 Link type auto Port fast edge Guard root Disabled TCN filter Disabled Bpdu forward Disabled Switch 103 4 snmp server enable traps stp This command is used...

Page 1254: ...ble traps Switch config snmp server enable traps stp Switch config snmp server host 10 9 18 100 version 2c public Switch config 103 5 spanning tree global state This command is used to enable or disable the STP s global state Use the no form to disable the STP s global state spanning tree global state enable disable no spanning tree global state Parameters enable Specifies to enable the STP s glob...

Page 1255: ...ansition from the listening to the learning states and learning to forwarding states The range is from 4 to 30 seconds max age SECONDS Specifies the maximum message age of BPDU The range is from 6 to 40 seconds Default The default value of the hello time is 2 seconds The default value of the forward time is 15 seconds The default value of the max age is 20 seconds Command Mode Global Configuration...

Page 1256: ...th caution to prevent bridging loops The command does not take effect if the Layer 2 protocol tunnel is enabled for STP Example This example shows how to enable Spanning Tree on interface Ethernet 1 0 1 Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if spanning tree state enable Switch config if 103 8 spanning tree cost This command is used to configure the value of...

Page 1257: ...12 Usage Guideline BPDU guard prevents a port from becoming a root port This feature is useful for the service provider to prevent external bridges to a core region of the network influencing the spanning tree active topology possibly because those bridges are not under the full control of the administrator When a port is guarded from becoming a root port the port will only play the role as a desi...

Page 1258: ...ult Level Level 12 Usage Guideline A full duplex port is considered to have a point to point connection on the opposite a half duplex port is considered to have a shared connection The port can t transit into forwarding state rapidly by setting link type to shared media Hence auto determined of link type by the STP module is recommended This configuration will take effect for all the spanning tree...

Page 1259: ...therefore all of the stable spanning tree port states will transit into discarding states Example This example shows how to configure the running version of the STP module to RSTP Switch configure terminal Switch config spanning tree mode rstp Switch config 103 12 spanning tree portfast This command is used to specify the port s fast mode Use the no form of the command to revert to the default set...

Page 1260: ...ows how to configure port Ethernet 1 0 7 to the port fast edge mode Switch configure terminal Switch config interface ethernet 1 0 7 Switch config if spanning tree portfast edge Switch config if 103 13 spanning tree port priority This command is used to configure the value of the STP port priority on the specified port It is only used for RSTP and STP versions Use no form of this command to reset ...

Page 1261: ...el 12 Usage Guideline The bridge priority value is one of the two parameters used to select the Root Bridge The other parameter is system s MAC address The bridge s priority value must be divisible by 4096 and a smaller number represents a better priority This configuration will take effect on STP version and RSTP mode In the MSTP mode use the command spanning tree mst priority to configure the pr...

Page 1262: ...l Switch config interface ethernet 1 0 7 Switch config if spanning tree tcnfilter Switch config if 103 16 spanning tree tx hold count This command is used to limit the maximum number of BPDUs that can be sent before pausing for one second Use the no form of the command to restore the default setting spanning tree tx hold count VALUE no spanning tree tx hold count Parameters VALUE Specifies the max...

Page 1263: ...ode Command Default Level Level 12 Usage Guideline If enabled the received STP BPDU will be forwarded to all VLAN member ports in the untagged form The command does not take effect if the Layer 2 protocol tunnel is enabled for STP Example This example shows how to enable the forwarding of STP BPDUs Switch configure terminal Switch config interface eth6 0 1 Switch config if spanning tree forward bp...

Page 1264: ...l 12 Usage Guideline Generally the Customer Bridge Group Address is used as the destination address of the STP BPDU This command is used to designate the destination address of the STP BPDU in the service provider site It will only take effect on the VLAN trunk ports which behave as the NNI ports in the service provider site This configuration will take effect for all the spanning tree modes Examp...

Page 1265: ...on the setting of the stack command The stack command setting of a switch unit must be enabled before the switch unit can be chained with other switch units The setting will be saved in the individual switch unit if the user saves the configuration Example This example shows how to enable stacking mode Switch stack WARNING The command does not take effect until the next reboot Switch 104 2 stack r...

Page 1266: ...ssigns unit IDs to switch units based on the following rules If the unit ID of the master unit is auto assigned it will get 1 as its unit ID If a switch unit to be added to the stack has a unit ID conflicting with a unit ID of a switch unit already added then this switch unit ID cannot be successfully added Example This example shows how to configure the renumbered unit ID of a switch unit 2 to 3 ...

Page 1267: ...e the priority of the switch unit 2 to 10 Switch stack 2 priority 10 Switch 104 4 stack preempt This command is used to enable preemption of the master role to come into play when a unit with a better priority is added to the switch later Use the no form of the command to disable preemption stack preempt no stack preempt Parameters None Default By default this option is disabled Command Mode Privi...

Page 1268: ...display the stacking information Example This example shows how to display stacking information Switch show stack Stacking Mode Enabled Stack Preempt Enabled Trap State Disabled Topology Duplex_Chain My Box ID 1 Master ID 1 Box Count 1 Box User Module Prio Prom Runtime H W ID Set Name Exist rity MAC Version Version Version 1 Auto DXS 3600 32S Exist 32 00 00 00 11 22 33 1 10 009 2 40 042 B1 2 NOT_E...

Page 1269: ...ecifies the threshold value in packets count per second The range is from 1 to 2147483647 If the low PPS value is not specified the default value is 80 of the specified risen PPS level kbps KBPS RISE KBPS LOW Specifies the threshold value as a rate of bits per second at which traffic is received on the port The range is from 1 to 2147483647 If the low KBPS is not specified the default value is 80 ...

Page 1270: ...torm control polling This command is used to configure the polling interval of received packet counts Use the no form of this command to restore to its default settings storm control polling interval SECONDS retries NUMBER infinite no storm control polling interval retries Parameters interval SECONDS Specifies the polling interval of received packet counts This value must be between 1 and 300 seco...

Page 1271: ...the current broadcast storm setting multicast Specifies to display the current multicast storm setting unicast Specifies to display the current unicast DLF storm setting Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline If the interface ID is not specified all interfaces configurations will be displayed If the packet type is not specified a...

Page 1272: ...ossible actions are Drop Shutdown None Threshold The configured threshold Current The actual traffic rate which is currently flowing though the interface Its unit may be percentage kbps PPS based on the configured meter mode Because hardware can only counts by PPS this value of this filed may be a rough value for percentage and kbps State The current state of storm control on a given interface for...

Page 1273: ...cation when a storm event is detected storm clear Optional Specifies to send a notification when a storm event is cleared Default By default this feature is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline None Example This example shows how to enable the sending of traps for storm control for both storm occurrences and clearances Switch configure term...

Page 1274: ... an IP interface is bound to a super VLAN the proxy ARP will be enabled automatically on the interface for communication between its sub VLANs Multiple super VLANs can be configured and each super VLAN can consist of multiple sub VLANs Private VLANs and super VLANs are mutually exclusive A private VLAN cannot be configured as a super VLAN Layer 3 routing protocols VRRP multicast protocols and the ...

Page 1275: ... sub VLANs of a super VLAN A sub VLAN can only belong to one super VLAN Private VLANs and Super VLANs are mutually exclusive Example This example shows how to configure VLANs 5 6 and 7 as the sub VLANs of the super VLAN 10 Switch configure terminal Switch config vlan 10 Switch config vlan supervlan Switch config vlan subvlan 5 7 Switch config vlan 106 3 subvlan address range This command is used t...

Page 1276: ...er range s if applicable Example This example shows how to configure the IP address range of the sub VLAN 5 Switch configure terminal Switch config vlan 5 Switch config vlan subvlan address range 192 168 10 1 192 168 10 50 Switch config vlan 106 4 show supervlan This command is used to display the configuration of the super VLAN and its sub VLANs show supervlan VLAN ID Parameters VLAN ID Optional ...

Page 1277: ...Gigabit Ethernet Switch CLI Reference Guide 1272 SuperVLAN ID SubVLAN ID SubVLAN Status SubVLAN IP Address Range 10 5 Active 192 168 10 1 192 168 10 50 6 Inactive 192 168 10 51 192 168 10 60 7 Inactive 192 168 10 61 192 168 10 70 Switch ...

Page 1278: ...rwarding asf Parameters None Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline ASF is used to reduce the latency for large packets When ASF is enabled packets can be forwarded before it has been entirely received To avoid under runs ASF takes place only when all the below conditions are met The ingress port speed is fas...

Page 1279: ... 12 Usage Guideline For 1000BASE T modules if the speed is set to 1000 then the duplex mode cannot be set to half duplex If the duplex mode is set to half duplex then the speed cannot be set to 1000 Auto negotiation will be enabled if either the speed parameter is set to auto or the duplex parameter is set to auto if the speed parameter is set to auto and the duplex parameter is set to the fixed m...

Page 1280: ...e been configured on the switch because the flow control capability is determined by both the local port device and the device connected at the other end of the link not just by the local device If the speed is set to the forced mode the final flow control setting will be determined by the configured flow control setting If the speed is set to the auto mode the final flow control setting will be b...

Page 1281: ...inal Switch config interface ethernet 1 1 1 Switch config if mdix auto Switch config if 108 4 speed This command is used to configure the physical port interface s speed settings Use the no form of command to revert to the default setting NOTE 10G does not support speed configurations of 10Mbps and 100Mbps speed 10 100 1000 master slave 10giga master slave 40giga auto SPEED LIST rj45 sfp no speed ...

Page 1282: ...cified speed is not supported by the hardware error messages will be returned For a 1000BASE T connection if the speed is specified to 1000Mbps the port must be configured as master or slave For a 10GBASE T connection if the speed is specified to 10Gbps the port must be configured as master or slave If speed is set to 1000Mbps 10Gbps or 40Gbps then the duplex mode cannot be set to half duplex If t...

Page 1283: ...e default startup configuration file is config cfg If there is no valid configuration file the device will be configured to the default state NOTE If the boot configuration file is damaged the Switch will automatically revert back to the default configuration Example This example shows how to configure the file switch config cfg as the startup configuration file Switch configure terminal Switch co...

Page 1284: ... other than the boot up one NOTE If the boot image file is damaged the Switch will automatically use the backup image file in the next boot up This change will not be indicated in the show boot command Example This example shows how to specify that the switch should use the image file named switch image1 had as the boot image file for the next startup Switch configure terminal Switch config boot i...

Page 1285: ...d the configuration profile to the TFTP server This command will clear the system s configuration settings including IP parameters but not the stacking information Thus all the existing remote connections will be disconnected After this command was applied the user needs to setup the IP address via the local console Example This example shows how to clear the system s running configuration Switch ...

Page 1286: ...tch is rebooting 109 5 configure replace This command is used to replace the current running configuration with the indicated configuration file configure replace tftp location filename rcp username location filename ftp username password location tcpport filename vrf VRFNAME flash FILENAME force Parameters tftp Specifies that the configuration file is from the TFTP server location filename Specif...

Page 1287: ...nt running configuration with it Switch configure replace tftp 10 0 0 66 config cfg This will apply all necessary additions and deletions to replace the current running configuration with the contents of the specified configuration file which is assumed to be a complete configuration not a partial configuration y n y Accessing tftp 10 0 0 66 config cfg Transmission start Transmission finished file...

Page 1288: ...SSWORD LOCATION TCP PORT DESTINATION URL rcp USER NAME LOCATION DESTINATION URL vrf VRF NAME copy tftp LOCATION SOURCE URL ftp USER NAME PASSWORD LOCATION TCP PORT SOURCE URL rcp USER NAME LOCATION SOURCE URL vrf VRF NAME DESTINATION URL Parameters SOURCE URL Specifies the source URL for the source file to be copied One special form of the URL is represented by the following keywords If startup co...

Page 1289: ...lt None Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command to copy a file to another file in the file system Use this command to download or upload the configuration file or the image file Use this command to upload the system log to the TFTP server To upload the running configuration or save the running configuration to the startup configuration spec...

Page 1290: ... Switch copy running config tftp 10 1 1 254 switch config cfg Address of remote host 10 1 1 254 Destination filename switch config cfg Accessing tftp 10 1 1 254 switch config cfg Transmission start Transmission finished file length 45421 bytes Switch This example shows how to save the system s running configuration into the FLASH memory and uses it as the next boot configuration Switch copy runnin...

Page 1291: ...nitiating TFTP packets To revert to the default setting use the no form of this command ip tftp source interface INTERFACE ID no ip tftp source interface Parameters INTERFACE ID Specifies the interface whose IP address will be used as the source address for initiating TFTP packets Default The IP address of the closest interface will be used Command Mode Global Configuration Mode Command Default Le...

Page 1292: ...he interface whose IP address will be used as the source address for initiating FTP packets To do software loading via the out of band management port specify the interface ID for the out of band management port Example This example shows how to do software download via the out of band management port Switch configure terminal Switch config ip ftp source interface mgmt0 Switch config 109 9 ip rcp ...

Page 1293: ... port Switch configure terminal Switch config ip rcp source interface mgmt0 Switch config 109 10 show boot This command is used to display the boot configuration file and the boot image setting show boot unit UNIT ID Parameters UNIT ID Optional Specifies the unit to be displayed Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command...

Page 1294: ... Specifies to display all command configurations including commands that corresponds to default parameters interface INTERFACE ID Specifies to display command configurations corresponding to the specified interface Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 15 Usage Guideline This command displays the current running system configuration Example This ...

Page 1295: ...OGIN START LOGIN END Output Truncated 109 12 show startup config This command is used to display the content of the startup configuration file show startup config Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 15 Usage Guideline This command displays the configuration settings that the system will be initialized with Example This example s...

Page 1296: ...Switch Configuration Firmware Build 2 40 041 Copyright C 2015 D Link Corporation All rights reserved STACK end stack preempt end DEVICE configure terminal end AAA configure terminal AAA START no aaa new model AAA END end PRIVMGMT configure terminal COMMAND LEVEL START COMMAND LEVEL END LEVEL START Output Truncated ...

Page 1297: ...vel Level 12 Usage Guideline This command deletes all the log messages in the system logging buffer Example This example shows how to delete all the log messages in the logging buffer Switch clear logging Clear logging y n n y Switch 110 2 logging on This command is used to enable the logging of system messages Use the no command to disable the logging of system messages logging on no logging on P...

Page 1298: ... time Switch config 110 3 logging buffered This command is used to enable logging of system messages to the local message buffer Use the no command to disable the logging of messages to the local message buffer Use the default logging buffered command to revert to default setting logging buffered severity SEVERITY LEVEL SEVERITY NAME discriminator NAME write delay SECONDS infinite no logging buffe...

Page 1299: ...ogged messages in the FLASH will be reloaded into the logging buffer on reboot Example This example shows how to enable the logging of messages to the logging buffer and restrict logging of messages with a security level of errors or higher Switch configure terminal Switch config logging buffered severity errors Switch config 110 4 logging console This command is used to enable the logging of syst...

Page 1300: ...hed to the local console Example This example shows how to enable the logging of messages to the local console and restrict the logging of messages with a security level of errors or higher Switch configure terminal Switch config logging console severity errors Switch config 110 5 logging discriminator This command is used to create a discriminator that can be further used to filter SYSLOG message...

Page 1301: ... severity SEVERITY LEVEL SEVERITY NAME facility FACILITY NUM FACILITY NAME discriminator NAME port UDP PORT no logging server IP ADDRESS IPV6 ADDRESS vrf VRF NAME Parameters IP ADDRESS Specifies the IP address of the SYSLOG server host IPV6 ADDRESS Specifies the IPv6 address of the log server host VRF NAME Specifies the name of the routing forwarding instance SEVERITY LEVEL Optional Specifies the ...

Page 1302: ...Global Configuration Mode Command Default Level Level 12 Usage Guideline System messages can be logged to the local message buffer local console or remote hosts Messages must enter the local message buffer first before it can be further dispatched to logging server The following is a table for the facility Facility Number Facility Name Facility Description 0 kern Kernel messages 1 user User level ...

Page 1303: ...SEVERITY LEVEL Optional Specifies the severity level of system messages The messages at that severity level or a more severe level will be logged to message buffers This value must be between 0 and 7 0 is the most severe level The corresponding severity levels are listed together with their respective severity names emergencies 0 alerts 1 critical 2 errors 3 warnings 4 notifications 5 informationa...

Page 1304: ...s Switch config 110 8 logging source interface This command is used to specify the interface whose IP address will be used as the source address for sending the SYSLOG packet To revert to default setting use the no form of this command logging source interface INTERFACE ID no logging source interface Parameters INTERFACE ID Specifies the interface whose IP address will be used as the source addres...

Page 1305: ...sage logged in the message buffer is associated with a sequence number As a message is logged a sequence number starting from 1 is allocated The sequence number will roll back to 1 when it reaches 100000 When the user specifies to display a number of messages following the reference sequence number the oldest messages are displayed prior to the newer messages When the user specifies to display a n...

Page 1306: ... a large amount of messages and quickly cause the system to run out of system log storage Therefore for this type of log messages only the first log that is generated each minute can be stored in the system log with the rest of them being stored in a separate table named attack log Example This example shows how to display the first attack log entry Switch show attack logging index 1 Attack log me...

Page 1307: ...r 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 1302 This command used to delete the attack log messages Example This example shows how to delete all the attack log messages Switch clear attack logging all Switch ...

Page 1308: ...med to be in the time zone specified by the configuration of the clock timezone command The clock configured by this command will be applied to RTC if it is available The configured clock will not be stored in the configuration file If the clock is manually set and the SNTP server is configured the system will still try to sync the clock with the server If the clock is manually set but a new clock...

Page 1309: ...nd 120 Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to automatically switch over to summer time The command has two forms One is the recurring form which is used to specify the time through the week and the day of the month The other form is the date form which is used to specify the date of the mo...

Page 1310: ...tained by the SNTP server refers to the UTC time The local time will be calculated based on UTC time time zone and the daylight saving configuration Example This example shows how to set the time zone to the Pacific Standard Time PST which is 8 hours ahead of UTC Switch configure terminal Switch config clock timezone 8 Switch config 111 4 show clock This command is used to display the time and dat...

Page 1311: ... 5 show sntp This command is used to display information about the SNTP server show sntp Parameters None Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display information about the SNTP server Example This example shows how to display SNTP information Switch show sntp SNTP Status Enabled SNTP Pool Interval 720 se...

Page 1312: ...d to provide time services to other systems SNTP typically provides time within 100 milliseconds of the accurate time but it does not provide the complex filtering and statistical mechanisms of NTP In addition SNTP does not authenticate traffic although you can configure extended access lists to provide some protection Enter this command once for each NTP server Configure the system with either th...

Page 1313: ...ge Guideline This command is used to enable or disable the SNTP function Example This example shows how to enable the SNTP function Switch configure terminal Switch config sntp enable Switch config 111 8 sntp interval This command is used to set the interval for the SNTP client to synchronize its clock with the server sntp interval SECONDS no sntp interval Parameters SECONDS Specifies the synchron...

Page 1314: ...abit Ethernet Switch CLI Reference Guide 1309 This command is used to set the polling interval Example This example shows how to configure the interval to 100 seconds Switch configure terminal Switch config sntp interval 100 Switch config ...

Page 1315: ... Command Mode Time range Configuration Mode Command Default Level Level 12 Usage Guideline A new period can be partially overlapped with an older one If a new period s starting and ending time is respectively the same as a previous period an error message will be displayed and the new period will not be allowed When specifying a period to remove it must be the same period originally added and cann...

Page 1316: ...yed Example This example shows how to display all the configured time ranges Switch show time range Time Range Profile rdtime Daily 09 00 to 12 00 Weekly Saturday 00 00 to Monday 00 00 Time Range Profile lunchtime Daily 12 00 to 13 00 Total Entries 2 Switch 112 3 time range This command is used to enter the time range configuration mode to define a time range Use the no command to delete a time ra...

Page 1317: ...ration mode before using the periodic command to specify a time period When a time range is created without any time interval periodic setting it implies that there is not any active period for the time range Example This example shows how to enter the time range configuration mode for the time range profile named rdtime Switch configure terminal Switch config time range rdtime Switch config time ...

Page 1318: ...e hyphen Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline While entering this command without any other keywords the traffic segmentation configuration for all ports is displayed Otherwise only the specified interface s traffic segmentation is displayed Example This example shows how to display the configuration of traffic segmentation for...

Page 1319: ...e port is not restricted The traffic segmentation forward command can be entered multiple times The following interfaces will be appended into the forwarding domain Use the no form command will remove the specified interface from the traffic segmentation forward member list The traffic segmentation member list can be comprised of different interface types for example port and port channel in the s...

Page 1320: ...ferent attack types URPF helps to mitigate problems caused by malformed or forged IPv4 IPv6 source addresses passing through a router The ip urpf global configuration command is used to enable URPF globally and the ip verify unicast source interface mode command is used to enable URPF on the interface To enable URPF on an interface enable the function both globally and on the interface Example Thi...

Page 1321: ...fault Level Level 12 Usage Guideline Unicast RPF helps to mitigate problems caused by the introduction of malformed or forged IPv4 IPv6 source addresses into a network by discarding IPv4 IPv6 packets that lack a verifiable IPv4 IPv6 source address When Unicast RPF is effectively enabled on an interface the switch examines all IPv4 and IPv6 packets received as input on that interface to make sure t...

Page 1322: ...ameters INTERFACE ID Optional Specifies the interface to display Valid interfaces are physical interfaces Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No space before and after the comma Optional Specifies a range of interfaces No space before and after the hyphen Default None Command Mode User EXEC or Any Configuration Mode Command Default Leve...

Page 1323: ...al state does not take effect until after the next reboot State The state of Unicast RPF Port The port number Reachable Via The mode how Unicast RPF examines the incoming packets Allow Default Indicates whether allows the use of the default route for RPF verification IP Access List Name Indicates the name of the IP ACL to be checked The empty string indicates the IP Access List Name is not specifi...

Page 1324: ...evel Level 12 Usage Guideline The command is used to configure the inner TPID of the system The inner TPID is used to decide if the ingress packet is C tagged The Inner TPID is per system configurable Example This example shows how to configure the inner TPID to 0x9100 Switch configure terminal Switch config dot1q inner ethertype 0x9100 Switch config 115 2 dot1q tunneling ethertype This command is...

Page 1325: ... the received frame on this port Example This example shows how to configure the 802 1Q tunneling TPID on interface Ethernet 1 0 1 to 0x88a8 Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if switchport mode trunk Switch config if dot1q tunneling ethertype 0x88a8 Switch config if 115 3 switchport mode dot1q tunnel This command is used to specify the switch port to op...

Page 1326: ...ace the original VLAN for matched packets RESULTANT INNER VLAN Optional Specifies the new inner VLAN that will replace original inner VLAN on trunk mode port DOT1Q TUNNEL VLAN Specifies the service VLAN ID that will be added for matched packets on the dot1q tunnel mode port COS VALUE Optional Specifies the priority for the rule If not specified the priority of the service VLAN tag will be set to 0...

Page 1327: ... before the packet is transmitted When configuring VLAN mapping entries to translate an original VLAN to an S VLAN the user cannot configure another VLAN mapping entry to translate other original VLANs to the S VLAN or configure the VLAN mapping rule bundling C VLANs to the S VLAN and vice versa If there is no VLAN mapping entry or rule that matches the incoming tagged packet and the VLAN mapping ...

Page 1328: ...nner tag with VLAN 10 Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if switchport mode dot1q tunnel Switch config if dot1q tunnel insert dot1q tag 10 Switch config if 115 6 vlan mapping miss drop This command is used to enable the dropping of VLAN mapping unmatched packets Use the no command to disable the VLAN mapping miss dropping vlan mapping miss drop no vlan m...

Page 1329: ...ot1q tunnel trust inner priority Parameters None Default By default this option is disabled Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline When the trusting dot1q priority option on a dot1q tunnel port is enabled the priority of the dot1q VLAN tag in the received packets will be copied to the service VLAN tag Example This example shows how to configure the...

Page 1330: ...he profile rules Example This example shows how to create a VLAN mapping profile for matching Ethernet fields Switch configure terminal Switch config vlan mapping profile 1 type ethernet Switch config vlan map 115 9 vlan mapping rule This command is used to configure the VLAN mapping rules of the profile Use the no command to remove the previous configured rules rule SN match src mac MAC ADDRESS d...

Page 1331: ...pecified the priority of the new outer tag is 0 inner vid VLAN ID Optional Specifies the new inner VLAN ID Default None Command Mode VLAN Mapping Profile Configuration Mode Command Default Level Level 12 Usage Guideline The rule command is used to configure the VLAN mapping rules of the profile If a profile is applied on an interface the switch matches the incoming packets according to the rules o...

Page 1332: ... incoming packets according to the rules of the profile If the packets match a rule the action of the rule will be taken Setting the port to a mode other than the dot1q tunnel mode will lead to the VLAN mapping profile configuration to be removed Example This example shows how to configure a VLAN mapping profile and apply it to the 802 1Q tunnel port 1 The customer packets that come from 100 1 1 0...

Page 1333: ...e shows how to display the 802 1Q TPID setting for all interfaces Switch show dot1q ethertype 802 1q inner Ethernet Type is 0x8100 eth1 0 1 802 1q tunneling Ethernet Type is 0x88a8 eth1 0 2 802 1q tunneling Ethernet Type is 0x88a8 Switch 115 12 show dot1q tunnel This command is used to display the dot1q VLAN tunneling configuration on interfaces show dot1q tunnel interface INTERFACE ID Parameters ...

Page 1334: ...nnel Interface eth1 0 2 Trust inner priority Disabled VLAN mapping miss drop Enabled Insert dot1q tag VLAN 10 Switch 115 13 show vlan mapping This command is used to display the VLAN mapping configuration show vlan mapping interface INTERFACE ID Parameters INTERFACE ID Optional Specifies the interfaces that will be displayed If not specified display the all VLAN mappings Optional Specifies a serie...

Page 1335: ...show vlan mapping profile This command is used to display the configured VLAN mapping profile information show vlan mapping profile ID Parameters ID Optional Specifies the ID of the VLAN mapping profile If not specifies display all configured VLAN mapping profiles Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display...

Page 1336: ...atch src ip 192 1 1 0 24 action dot1q tunnel outer vid 300 priority 0 Total Entries 3 VLAN mapping profile 2 type ethernet rule 10 match src mac 00 00 00 00 00 01 action translate outer vid 40 priority 2 rule 20 match inner vid 5 action translate outer vid 10 priority 0 Total Entries 2 Switch ...

Page 1337: ...tted Default For the access VLAN mode the default option is untagged only For the other VLAN mode the default option is admit all Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to set the acceptable types of frames by a port Example This example shows how to set the acceptable frame type to tagged only for port Ethernet 1 0 1 Switch co...

Page 1338: ... config if 116 3 mac vlan This command is used to create the MAC based VLAN classification entry Use the no form of this command to remove the MAC based VLAN classification entry mac vlan MAC ADDRESS vlan VLAN ID priority COS VALUE no mac vlan MAC ADDRESS Parameters MAC ADDRESS Specifies the MAC address for the entry priority COS VALUE Optional Specifies the priority CoS value If not specified the...

Page 1339: ...alue for the type of the LLC frames ether type TYPE VALUE Specifies the type This value should be 2 bytes in hexadecimal form Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use the protocol vlan profile command in the global configuration mode to create a protocol group Then use the protocol vlan profile command in the interface configuration mod...

Page 1340: ...o exist to configure the command The precedence for classifying the untagged packet is MAC based Subnet based Protocol VLAN Example This example shows how to create a VLAN classification entry on Ethernet 1 0 1 to classify packets in the protocol group 10 to VLAN 3000 Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if protocol vlan profile 10 vlan 3000 Switch config ...

Page 1341: ...Protocol VLAN Example This example shows how to configure VLAN classification entries to classify that packets belong to subnets 20 0 0 0 8 192 0 0 0 8 and 3ffe 22 33 44 64 to VLAN 100 Switch configure terminal Switch config subnet vlan ipv4 20 0 0 0 8 vlan 100 vlan 100 Switch config subnet vlan ipv4 192 0 0 0 8 vlan 100 priority 4 Switch config subnet vlan ipv6 3ffe 22 33 44 64 vlan 100 Switch co...

Page 1342: ... eth1 0 2 10 3 0 11 2001 4 12 3002 1 eth1 0 3 2 100 6 Switch This example shows how to display the protocol group profile settings Switch show protocol vlan profile Profile ID Frame type Ether type 1 Ethernet2 0x86DD IPv6 2 Ethernet2 0x0800 IP 3 Ethernet2 0x0806 ARP Total Entries 3 Switch 116 8 show vlan This command is used to display the parameters for all configured VLANs or one VLAN on the swi...

Page 1343: ...uideline This command is used to display the parameters for all configured VLANs or one VLAN on the switch Example This example shows how to display all the current VLAN entries Switch show vlan VLAN 1 Name default Tagged Member Ports Untagged Member Ports 1 0 1 1 0 8 Total Entries 1 Switch This example shows how to display the PVID ingress checking and acceptable frame type information for ports ...

Page 1344: ...ce MAC VLAN Switch This example shows how to display all the MAC based VLAN entries Switch show vlan mac vlan MAC Address VLAN ID Priority Status 00 80 cc 00 00 11 101 4 Active 00 11 22 00 00 05 200 5 Active Total Entries 2 Switch This example shows how to display all the subnet based VLAN entries Switch show vlan subnet vlan Subnet VLAN ID Priority 20 0 0 0 8 100 0 192 0 0 0 8 100 4 3FFE 22 33 44...

Page 1345: ...port mode access Switch config if switchport access vlan 1000 Switch config if 116 10 switchport hybrid allowed vlan This command is used to specify the tagged or untagged VLANs for a hybrid port Use the no form of the command to reset to the default setting switchport hybrid allowed vlan add tagged untagged remove VLAN ID no switchport hybrid allowed vlan Parameters add Specifies the port will be...

Page 1346: ...rent untagged allowed VLAN list the overlap part will change to the tagged allowed VLAN The last command will take effect The VLAN does not need to exist to configure the command Example This example shows how to configure interface Ethernet 1 0 1 to be a tagged member of VLAN 1000 and an untagged member of VLAN 2000 and 3000 Switch configure terminal Switch config interface ethernet 1 0 1 Switch ...

Page 1347: ...the VLAN mode to the default setting switchport mode access hybrid trunk dot1q tunnel no switchport mode Parameters access Specifies the port as an access port hybrid Specifies the port as a hybrid port trunk Specifies the port as a trunk port dot1q tunnel Specifies the port as a dot1q tunnel port Default By default this option is hybrid Command Mode Interface Configuration Mode Command Default Le...

Page 1348: ...t to the allowed VLAN list remove Specifies to remove the specified VLAN list from the allowed VLAN list except Specifies that all VLANs except the VLANs in the exception list are allowed VLAN ID Specifies the allow VLAN list or the VLAN list to be added to or removed from the allow VLAN list Optional Specifies a series of VLANs or separate a range of VLANs from a previous range No space is requir...

Page 1349: ...el 12 Usage Guideline The command only takes effect when the interface is set to trunk mode When a trunk port native VLAN is set to tagged mode normally the acceptable frame type of the port should be set to tagged only to only accept tagged frames When a trunk port works in the untagged mode for a native VLAN transmitting untagged packet for a native VLAN and tagged packets for all other VLANs an...

Page 1350: ... VLAN configuration mode Entering the VLAN ID of an existing VLAN does not create a new VLAN but allows the user to modify the VLAN parameters for the specified VLAN When the user enters the VLAN ID of a new VLAN the VLAN will be automatically created Use the no vlan command to remove a VLAN The default VLAN cannot be removed If the removed VLAN is a port s access VLAN the port s access VLAN will ...

Page 1351: ...n hybrid or dot1q tunnel interfaces Example This example shows how to configure the interface Ethernet 1 0 1 as a subnet VLAN has higher precedence Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if vlan precedence subnet vlan Switch config if 116 17 name This command is used to specify the name of a VLAN Use the no command to reset the VLAN name to the default VLAN ...

Page 1352: ...nted If no physical port interface is specified then statistics is counted on merely a per VLAN basis Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No space is allowed before and after the comma Optional Specifies a range of interfaces No space is allowed before and after the hyphen broadcast Specifies to count only broadcast frames multicast Spe...

Page 1353: ...o count both ingress and egress broadcast statistics for VLAN 3 Switch configure terminal Switch config interface L2vlan 3 Switch config if counting broadcast Switch config if This example shows how to create a control entry to count ingress unicast statistics for the physical port interface Ethernet 1 0 1 in VLAN 5 Switch configure terminal Switch config interface L2vlan 5 Switch config if counti...

Page 1354: ...LAN interface is specified then all control entries will be displayed rx Optional Specifies to display control entries for ingress traffic tx Optional Specifies to display control entries for egress traffic Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline None Example This example shows how to display all Layer 2 VLAN statistics control en...

Page 1355: ...s command is used to configure the addition VLAN for the port VLAN based AC The ingress packets on the port with the addition VLAN ID can also be sent to the Pseudo Wire PW as the packets ingress on the AC Example This example shows how to configure the addition VLAN of the AC Switch configure terminal Switch config interface Ethernet 1 0 1 Switch config if service encapsulation svid 100 Switch co...

Page 1356: ...ddress MAC ADDR Optional Specifies the MAC address to be cleared Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline This command is used to clear VPLS MAC addresses Example This example shows how to clear all VPLS MAC addresses Switch clear mac address table vpls dynamic all Switch 117 3 dot1q tunneling ethertype This command is used to configure the TPID...

Page 1357: ...117 4 l2 vfi This command is used to create a VPLS instance and enter the VFI configuration mode Use the no command to delete a VPLS instance l2 vfi VPLS NAME manual no l2 vfi VPLS NAME Parameters VPLS NAME Specifies the VPLS instance name The maximum length is 32 characters manual Specifies to manually configure neighbors using LDP for signaling Default By default no VPLS instance is created Comm...

Page 1358: ...d range of value is from 0 to 65535 Default By default this value is 1500 Command Mode VFI Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to set the local AC link s MTU value of a VPLS The local AC link s MTU value can be modified only when there is no PW in this VPLS Example This example shows how to configure the local AC link s MTU value to 1000 Switch co...

Page 1359: ...LS Use the no command to delete a peer from a VPLS neighbor remote IP ADDRESS VC ID encapsulation mpls no split horizon no neighbor remote IP ADDRESS VC ID Parameters IP ADDRESS Specifies the LSR ID that is used to identify the PE to which the peer belongs to VC ID Optional Specifies the PW ID The range is from 1 to 4294967295 It is used with the IP address to uniquely identify a peer for a VPLS I...

Page 1360: ...set by the VPN ID of this VPLS DISABLE DELAY Optional Specifies to switch back to the primary PW with the specified delay time after the primary PW comes online The range is from 0 to 180 seconds never Optional Specifies not switch back to the primary PW even if it comes back online Default By default the VC ID is set by the VPN ID of this VPLS Command Mode VFI Configuration Mode Command Default L...

Page 1361: ...ulation mpls Switch config neighbor exit Switch config vfi neighbor remote 2 2 2 2 backup Switch config neighbor 117 9 pw type This command is used to set the type of emulated service in a VPLS Use the no form of the command to restore the default setting pw type raw tagged no pw type Parameters raw Specifies that the service type is in the Ethernet raw mode It means that the encapsulation of all ...

Page 1362: ...s to VC ID Optional Specifies the PW ID The range is from 1 to 4294967295 ac Optional Specifies the local AC in a VPLS INTERFACE ID Optional Specifies the Ethernet interface of a local AC vlan VLAN ID Optional Specifies the VLAN ID address MAC ADDR Optional Specifies the MAC address Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This com...

Page 1363: ...r EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display VC detailed information for VPWS and VPLS Example This example shows how to display all VC information including VPWS and VPLS Switch show mpls l2transport vc VC ID Peer Local AC MTU Type Oper Status 1 150 1 1 4 eth1 0 0 VLAN2 1500 Raw Up 2 130 1 1 2 eth1 0 1 VLAN3 1500 Tagged Down 3 140 ...

Page 1364: ...pabilities CC Type 2 CV LSP ping VC Statistics RX Bytes 0 RX Packets 0 TX Bytes 0 TX Packets 0 Total Entries 1 Switch 117 12 show vpls This command is used to display VPLS information show vpls VPLS NAME detail Parameters VPLS NAME Optional Specifies the VPLS name This name can be up to 32 characters long detail Optional Specifies to display detailed VPLS information Default None Command Mode User...

Page 1365: ... MTU 1500 VLAN mode Default 802 1q tunneling Ethernet Type 0x8100 Peers via Pseudowires VC ID Peer Type Oper Status 100 3 3 3 3 Network Down 100 1 1 1 1 Network Up 100 5 5 5 5 Spoke Down Local ACs Local AC Oper Status eth1 0 7 VLAN100 Up VPLS Name vpls101 Operate Status Up VPLS ID 101 Service Type Tagged MTU 1500 VLAN mode Default 802 1q tunneling Ethernet Type 0x8100 Peers via Pseudowires VC ID P...

Page 1366: ... Parameters nochange Specifies not to change the VLAN tag on the ingress packet This can only be applied on Ethernet VLAN based ACs addvlan VLAN ID Specifies to add the configured VLAN tag to the ingress packet The default action for port based ACs is to add the VID of 0 This can be applied on both Ethernet based and Ethernet VLAN based ACs Enter the VLAN ID after the keyword here changevlan VLAN ...

Page 1367: ...lan 20 Switch config vfi 117 14 vpn id This command is used to configure the VPN ID of a VPLS vpn id VPN ID Parameters VPN ID Specifies the VPN ID of a VPLS The value range is from 1 to 4294967295 Default By default the VPN ID is 0 Command Mode VFI Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to configure the VPN ID of a VPLS Each VPLS in a device should h...

Page 1368: ...guration mode All local ACs in a VPLS should have same AC type All VLAN based local ACs in a VPLS should have the same encapsulation service VLAN Example This example shows how to create a local AC which is an Ethernet based AC and the Ethernet port is 1 0 1 into a VPLS which name is vpls100 Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if xconnect vfi vpls100 Swit...

Page 1369: ...ernet VLAN based ACs The ingress packets on the port with the addition VLAN ID can also be sent to the PW as the packets ingress on the AC Example This example shows how to configure the addition VLAN of the AC Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if service encapsulation svid 10 Switch config if srv xconnect 130 1 1 2 2 encapsulation mpls Switch config if...

Page 1370: ...o procedure or other situations found the primary PW to be link down the backup PW will be changed to link up to do packet forwarding in the VPWS service If the primary PW is recovered later the switch will either keep using the backup PW or switch back to the primary PW base on the delay option setting The local and remote labels for the backup PW are automatically assigned and exchanged Generall...

Page 1371: ...ine This command is used to configure the TPID of the VLAN tag If the VLAN mode is addvlan or changevlan the TPID of the modified VLAN tag will be set to the configured value The command can only be applied on a PW of the type is tagged Example This example shows how to configure the 802 1Q tunneling TPID to 0x88a8 of a PW Switch configure terminal Switch config interface ethernet 1 0 1 Switch con...

Page 1372: ...igned Example This example shows how to assign the local label and the remote label for a manual PW Switch configure terminal Switch config interface ethernet 1 0 2 Switch config if service encapsulation svid 10 Switch config if srv xconnect 130 1 1 2 2 encapsulation mpls manual Switch config if xconn mpls label 100 200 Switch config if xconn 118 5 name This command is used to configure the name o...

Page 1373: ...118 6 ping mpls pseudowire This command is used to check the connectivity of the PW ping mpls pseudowire IP ADDRESS VC ID repeat COUNT timeout SECONDS Parameters IP ADDRESS Specifies the peer LSR ID that is used to identify the other end PE VC ID Specifies the PW service instance ID repeat COUNT Specifies the number of times to send the same packet The value range is from 1 to 255 and the default ...

Page 1374: ...s Reply from 192 1 1 0 time 10ms Reply from 192 1 1 0 time 10ms Ping Statistics for FEC VC 1 192 1 1 0 Packets Sent 4 Received 4 Lost 0 Switch This example shows how to check the connectivity of the PW with peer address 110 1 1 0 and VC ID 2 Switch ping mpls pseudowire 110 1 1 0 2 Request timed out Request timed out Request timed out Request timed out Ping Statistics for FEC VC 2 110 1 1 0 Packets...

Page 1375: ...interface ethernet2 0 1 Switch config if service encapsulation svid 1000 Switch config if srv xconnect 110 1 1 12 2 encapsulation mpls Switch config if xconn 118 8 show mpls l2transport vc This command is used to display the VPWS VC information show mpls l2transport vc VC ID detail Parameters VC ID Specifies the display the specified PW ID only detail Specifies the display detailed PW information ...

Page 1376: ...cal VCCV Capabilities CC Type 2 CV LSP ping Remote VCCV Capabilities CC Type 2 CV LSP ping VC Statistics RX Bytes 0 RX Packets 0 TX Bytes 0 TX Packets 0 Total Entries 1 Switch This example shows how to display detailed information belonging to PW redundancy Switch show mpls l2transport vc detail VC ID 3 Peer IP Address 140 1 1 2 Operate Status Up Primary Name PRIMARY_VC_TO_PE2 Description This is ...

Page 1377: ...X Packets 0 TX Bytes 0 TX Packets 0 Total Entries 2 Switch 118 9 vlanmode This command is used to configure the VLAN mode of the PW Use the no command to reset the VLAN mode of the PW to the default setting vlanmode nochange addvlan VLAN ID changevlan VLAN ID no vlanmode Parameters nochange Specifies not to change of the VLAN tag on the ingress packet This can only be applied on Ethernet VLAN base...

Page 1378: ...n 20 Switch config if xconn 118 10 xconnect This command is used to create the VPWS service on the interface Use the no form of this command to remove the VPWS service xconnect IP ADDRESS VC ID encapsulation mpls manual raw tagged mtu 0 65535 no xconnect Parameters IP ADDRESS Specifies the peer LSR ID that is used to identify the other end PE VC ID Specifies the PW service instance ID The range is...

Page 1379: ...mmand to remove a VPWS service The settings related to the service are also removed Example This example shows how to configure the AC from the Customer Edge Bridge CE to the PE as the VLAN 10 of port 1 Assume the VC s ID is 2 For making the VLAN 10 packets from CE one can be transmitted to the other end through the MPLS network Configure PE1 and PE2 as follows Configuring PE 1 Switch configure te...

Page 1380: ...f the trap status is enabled if a packet has been received from a router whose authentication key or authentication type conflicts with this router s authentication key or authentication type then a trap will be sent out Default By default this feature is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to enable the VRRP trap state If...

Page 1381: ...p must have the same authentication password Example This example shows how to configure one interface s VRRP authentication Switch configure terminal Switch config interface vlan 1 Switch config if vrrp authentication test Switch config if 119 3 vrrp ip This command is used to create a VRRP group on an interface Use the no form of this command to remove a VRRP group vrrp VRID ip IP ADDRESS no vrr...

Page 1382: ...1 is the IP address of the virtual router Switch configure terminal Switch config interface vlan1 Switch config if vrrp 7 ip 10 1 1 1 Switch config if 119 4 vrrp non owner ping This command is used to enable the virtual router in the master state to respond to ICMP echo requests for an IP address not owned but associated with this virtual router Use the no form of this command to disable the virtu...

Page 1383: ...rface Configuration Mode Command Default Level Level 12 Usage Guideline The maser will constantly send VRRP advertisements to communicate the related information of the current master virtual router This command configures the interval between advertisement packets and the time before other routers declare the master router as down All routers in a VRRP group must use the same timer values Example...

Page 1384: ...group 7 to preempt the current master router when its priority is higher than that of the current master router Switch configure terminal Switch config interface vlan1 Switch config if vrrp 7 preempt Switch config if 119 7 vrrp bfd This command is used to configure the VRRP Bidirectional Forwarding Detection BFD peer address Use the no command to delete the VRRP BFD peer address vrrp VRID bfd fast...

Page 1385: ...utdown This command is used to disable a virtual router on an interface Use the no command to return this feature to the default setting vrrp VRID shutdown no vrrp VRID shutdown Parameters VRID Specifies the virtual router identifier that identifies the VRRP group The valid range is from 1 to 255 Default By default a virtual router is enabled after being created Command Mode Interface Configuratio...

Page 1386: ... to set the critical IP address for one virtual router If the critical IP is configured on one virtual router the virtual router cannot be activated when the critical IP address is unreachable One VRRP group can only track one critical IP Example This example shows how to configure the critical IP address of virtual router 1 on VLAN 1 Switch configure terminal Switch config interface vlan 1 Switch...

Page 1387: ...ter is 20 0 1 1 local vlan1 VRID 8 State is Master Virtual IP address is 20 1 1 2 Virtual MAC address is 00 00 5e 00 01 08 Advertisement interval is 1 seconds Preemption is disabled Priority is 200 Critical IP address is 20 2 3 4 Master router is 20 0 1 2 local vlan2 VRID 5 State is Initialize Virtual IP address is 30 1 1 254 Virtual MAC address is 00 00 5e 00 01 05 Advertisement interval is 1 sec...

Page 1388: ...ormation Switch show vrrp brief Interface VRID Pri Owner Pre State Master IP VRouter IP vlan1 7 255 Y Y Master 20 0 1 1 20 0 1 1 vlan1 8 200 Y Master 20 0 1 1 20 1 1 2 vlan2 5 100 Y Init 0 0 0 0 30 1 1 254 vlan3 1 80 Y Backup 50 0 1 2 50 1 1 254 Total Entries 4 Switch Display Parameters Interface The Interface ID VRID The virtual router identifier Pri The VRRP priority value Owner Y Indicates that...

Page 1389: ...DXS 3600 Series Layer 3 Managed 10Gigabit Ethernet Switch CLI Reference Guide 1384 VRouter IP The IP address of the virtual router ...

Page 1390: ...uch as BGP or RIP IPv4 that use IPv4 address prefixes After executing this command the address family configuration mode will be entered and a new routing instance may be created with this command For example in RIP with this command a new RIP routing instance will be created If the no form of this command is executed the related routing instance will be removed Example This example shows how to c...

Page 1391: ... A Switch config vrf import map rmap1 Switch config vrf 120 3 ip vrf This command is used to create a new VRF instance Use the no form of this command to delete one VRF instance ip vrf VRF NAME no ip vrf VRF NAME Parameters VRF NAME Specifies the name of the VRF Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to create a new V...

Page 1392: ...terface Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to associate an interface to one VRF instance By associating interfaces to different VRFs the interfaces in different VRFs can be configured with the same IP address The IP address space in one VRF is individual and can overlap among different VRFs Example This example shows how to associate the VLAN 100...

Page 1393: ...fault there is no limit Command Mode VRF Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to limit how many routes can be allowed within the VRF This limit only applies to the active route To only get a notification set the warning only option Example This example shows how to configure the VRF VPN A s routes limit to 100 Switch configure terminal Switch confi...

Page 1394: ...PN A Switch config vrf rd 100 1 Switch config vrf 120 7 route target This command is used to add one route target of a VRF Use the no form of this command to remove one route target route target import export both ROUTE TARGET no route target import export both ROUTE TARGET Parameters import Specifies to add an import route target to the import routing information from the target VPN extended comm...

Page 1395: ... to display detailed information about one or more VRFs interfaces Optional Specifies to display interfaces associated with one or more VRFs VRF NAME Optional Specifies to display information associated with one VRF Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to check the settings of VRF instances Example This exa...

Page 1396: ...N Route target Communities RT 100 1 Import VPN Route target Communities RT 100 1 Import Route map rmap1 Route Warning Limit 5 Current Count 0 Switch This example shows how to check interfaces associated with VRFs Switch show ip vrf interfaces Interfaces IP Address VRF ip100 100 1 1 1 24 VPN A Switch ...

Page 1397: ...nction on interface Ethernet 1 0 1 Switch configure terminal Switch config interface ethernet 1 0 1 Switch config if web auth enable Switch config if 121 2 web auth page element This command is used to customize the Web authentication page elements Use the no form of this command to return to the default setting web auth page element page title STRING login window title STRING username title STRIN...

Page 1398: ...tion is not set Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Administrators can customize Web authentication page elements There are two Web authentication pages 1 the authentication login page and 2 the authentication logout page The Web authentication login page will be displayed to the user to get the username and password when the system doing Web authe...

Page 1399: ... Usage Guideline Use this command to specify the Web page to display to the hosts who passes the Web authentication Example This example shows how to configure the default redirect path to be http www website com after passing Web authentication Switch configure terminal Switch config web auth success redirect path http www website com Switch config 121 4 web auth system auth control This command ...

Page 1400: ...rl Parameters ipv4 IP ADDRESS Specifies the Web authentication virtual IPv4 address url STRING Specifies the FQDN URL for Web authentication The FQDN URL can be up to 128 characters ipv6 IPV6 ADDRESS Specifies the Web authentication virtual IPv6 address Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The virtual IP of Web authentication is just th...

Page 1401: ...rminal Switch config web auth virtual ip ipv6 2000 2 Switch config web auth virtual ip url www website6 co Switch config 121 6 snmp server enable traps web auth This command is used to enable the sending of SNMP notifications for Web authentication Use the no command to disable the sending of SNMP notifications snmp server enable traps web auth no snmp server enable traps web auth Parameters None ...

Page 1402: ...r after the commas or hyphens Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Only physical ports are valid for this command Example This example shows how to clear WRED drop counters on Ethernet 1 0 1 Switch clear random detect drop counter interface ethernet 1 0 1 Switch 122 2 random detect This command is used to enable the WRED function Use the no ...

Page 1403: ...is calculated by the following formula e MaxDropRat ld MinThresho ld MaxThresho ld MinThresho Qsize avg obability Drop _ Pr If the average queue size is greater than the maximum threshold value of the queue all packets will be dropped If the specified profile does not exist then default setting of the threshold will be associated Example This example shows how to enable the WRED function on Ethern...

Page 1404: ...ackets are treated when ECN is enabled If the ECT and CE bit is 0 0 the packets are dropped based on the WRED drop probability If the ECT and CE bit is 0 1 or 1 0 the WRED determines that the packet should be dropped based on the drop probability then the ECT and CE bits for the packet are changed to 1 instead of dropping them and the packet is transmitted If the ECT and CE bit is 1 1 the packet i...

Page 1405: ...low red min threshold VALUE max threshold VALUE max drop rate VALUE no random detect profile ID Parameters profile ID Specifies the ID of the WRED profile that will be set tcp Specifies the WRED drop parameters for the TCP packets to be set non tcp Specifies the WRED drop parameters for non TCP packets to be set green Specifies the WRED drop parameters for green packets to be set yellow Specifies ...

Page 1406: ...e 10 tcp yellow red min threshold 20 max threshold 40 max drop rate 5 Switch config 122 6 show queueing random detect This command is used to display the WRED configuration on the specified interface show queueing random detect interface INTERFACE ID Parameters interface INTERFACE ID Optional Specifies the interface ID to be displayed Specify multiple interface IDs which are separated by commas or...

Page 1407: ...ACE ID Parameters interface INTERFACE ID Specifies the interface ID for which the WRED drop counter will be displayed You can specify multiple interface IDs which are separated by commas or hyphens No space is before or after the commas or hyphens Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the WRED drop co...

Page 1408: ...configuration for all WRED profiles will be displayed Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the WRED profile setting Example This example shows how to display the WRED profile 1 settings Switch show random detect profile 1 WRED Profile 1 Packet Type Min Threshold Max Threshold Max Drop Rate TCP Green ...

Page 1409: ...nal or PC with terminal emulation to the console port of the switch Power on the Switch After the UART init is loaded to 100 the switch will allow 2 seconds for the user to press the hotkey Shift 6 to enter the Password Recovery Mode Once the Switch enters the Password Recovery Mode all ports on the Switch will be disabled Boot Procedure V1 10 008 Power On Self Test 100 MAC Address 00 17 9A 14 6B ...

Page 1410: ...icated device Informational AAA Log Description Severity Event description This log will be generated when AAA global state is enabled or disabled Log Message AAA is status Parameters description status The status indicates the AAA enabled or disabled Informational Event description This log will be generated when login successfully Log Message Successful login through exec type from client ip aut...

Page 1411: ...SSH Web Web SSL client ip It indicates the client s IP address if valid through IP protocol aaa method It indicates the authentication method e g none local server server ip It indicates the AAA server IP address if authentication method is remote server Username It indicates the username for authentication Informational Event description This log will be generated when enable privilege failure Lo...

Page 1412: ...r authentication Informational Event description This log will be generated when RADIUS assigned a valid priority attributes Log Message RADIUS server server ip assigned 802 1p default priority priority to port interface id Username username Parameters description server ip It indicates the RADIUS server IP address priority The assign priority that authorized by from RADIUS server interface id It ...

Page 1413: ...ate packet but the next_hop points to a local interface Log Message BGP 4 BADNHOP BGP Update Attr NHop Erroneous NHop ipaddr Peer ipaddr Parameters description ipaddr IP address of BGP peer Warning Event description BGP connection is closed due to some events happens Event refer to RFC Log Message BGP 4 EVENTCLOSE BGP connection is closed due to Event num Peer ipaddr Parameters description num Eve...

Page 1414: ...dr IP address of BGP peer Warning Event description BGP received invalid AS4 PATH attribute Log Message BGP 4 RCVBADAS4PATH Received invalid AS4 PATH attribute Value STRING Peer ipaddr Parameters description STRING Detailed description about the invalid attribute ipaddr IP address of BGP peer Warning Event description BGP received invalid AS4 AGGREGATOR attribute Log Message BGP 4 RCVBADAS4AGGRE R...

Page 1415: ...resents the VLAN identifier of the MEP mdlevel Represents MD level of the MEP interface id Represents the interface number of the MEP mepdirection Can be inward or outward mepid Represents the MEPID of the MEP The value 0 means unknown MEPID macaddr Represents the MAC address of the MEP The value all zeros means unknown MAC address Note In CFM hardware mode remote MEP information mepid and macaddr...

Page 1416: ...el VLAN vlanid Local Interface interface id Direction mepdirection MEPID mepid Parameters description vlanid Represents the VLAN identifier of the MEP mdlevel Represents the MD level of the MEP interface id Represents the interface number of the MEP mepdirection Represents the direction of the MEP This can be inward or outward mepid Represents the MEPID of the MEP Notice Event description AIS cond...

Page 1417: ...eters description unitID The unit ID session The user s session username Represent current login user ipaddr Represent client IP address macaddr Represent client MAC address Informational Event description Firmware upgraded unsuccessfully Log Message Unit unitID Firmware upgraded by session unsuccessfully Username username IP ipaddr MAC macaddr Parameters description unitID The unit ID session The...

Page 1418: ...The user s session username Represent current login user ipaddr Represent client IP address macaddr Represent client MAC address Warning Event description Configuration uploaded successfully Log Message Unit unitID Configuration uploaded by session successfully Username username IP ipaddr MAC macaddr Parameters description unitID The unit ID session The user s session username Represent current lo...

Page 1419: ...v6 Client Log Description Severity Event description DHCPv6 client interface administrator state changed Log Message DHCPv6 client on interface ipif name changed state to enabled disabled Parameters description ipif name Name of the DHCPv6 client interface Informational Event description DHCPv6 client obtains an ipv6 address from a DHCPv6 server Log Message DHCPv6 client obtains an ipv6 address ip...

Page 1420: ... on interface intf name changed state to enabled disabled Parameters description intf name Name of the DHCPv6 client PD interface Informational Event description DHCPv6 client PD obtains an IPv6 prefix from a delegation router Log Message DHCPv6 client PD obtains an ipv6 prefix ipv6networkaddr on interface intf name Parameters description ipv6networkaddr ipv6 prefix obtained from a delegation rout...

Page 1421: ...me Name of the DHCPv6 client PD interface Informational DHCPv6 Relay Log Description Severity Event description DHCPv6 relay on a specify interface s administrator state changed Log Message DHCPv6 relay on interface ipif name changed state to enabled disabled Parameters description ipif name Name of the DHCPv6 relay agent interface Informational DHCPv6 Server Log Description Severity Event descrip...

Page 1422: ...scription license model License Model Name string25 Activation Code Informational DOS Prevention Log Description Severity Event description Record the event if any attacking packet is received in the interval Log Message dos type is dropped from IP ip address Port interface id Parameters description dos type The type of DoS attack will be one of the followings ip address IP address of attacker int...

Page 1423: ...l failure cleared on node macaddr Parameters description macaddr The system MAC address of the node Notice Event description RPL owner conflict Log Message RPL owner conflicted on the ring macaddr Parameters description macaddr The system MAC address of the node Warning Interface Log Description Severity Event description Port link up Log Message Port interface id link up link state Parameters des...

Page 1424: ... attach to aggregation group group_id The group id of the aggregation group that port attach to Informational Event description Member port detach from Link Aggregation Group Log Message ifname detach from Link Aggregation Group group_id Parameters description ifname The interface name of the port that detach from aggregation group group_id The group id of the aggregation group that port detach fr...

Page 1425: ...nt 3 4 macAddress 4 5 networkAddress 5 6 interfaceName 6 7 local 7 chassisID chassis ID portType port ID subtype Value list 1 interfaceAlias 1 2 portComponent 2 3 macAddress 3 4 networkAddress 4 5 interfaceName 5 6 agentCircuitId 6 7 local 7 portID port ID deviceClass LLDP MED device type Notice Event description Conflict LLDP MED device type detected Log Message Conflict LLDP MED device type dete...

Page 1426: ...device class deviceClass Parameters description portNum The port number chassisType chassis ID subtype Value list 1 chassisComponent 1 2 interfaceAlias 2 3 portComponent 3 4 macAddress 4 5 networkAddress 5 6 interfaceName 6 7 local 7 chassisID chassis ID portType port ID subtype Value list 1 interfaceAlias 1 2 portComponent 2 3 macAddress 3 4 networkAddress 4 5 interfaceName 5 6 agentCircuitId 6 7...

Page 1427: ...rname Represent current login user ipaddr Represent client IP address Informational Event description Login through telnet unsuccessfully Log Message Login failed through Telnet Username username IP ipaddr Parameters description username Represent current login user ipaddr Represent client IP address Warning Event description Telnet session timed out Log Message Telnet session timed out Username u...

Page 1428: ...tion the host has aged out Log Message MAC based Access Control host aged out MAC mac address interface id VID vlan id Parameters description mac address the host MAC addresses interface id the interface on which the host is authenticated vlan id the VLAN ID on which the host exists Informational Event description the host failed to pass the authentication Log Message MAC based Access Control host...

Page 1429: ...ormational Event Description Module inserts and can t works Log Message Module module type inserts but can t work except reboot device Parameters Description module type the expansion module name Warning Event Description Module hot removes Log Message Module module type is removed Parameters Description module type the expansion module name Informational MPLS Log Description Severity Event descri...

Page 1430: ...e port status changed Log Message Spanning Tree port status change Instance InstanceID interface id old_status new_status Parameters description InstanceID Instance ID portNum Port ID old_status Old status new_status New status Notice Event description Spanning Tree port role changed Log Message Spanning Tree port role change Instance InstanceID interface id old_role new_role Parameters descriptio...

Page 1431: ... endvlanid VLANlist Informational OSPFv2 Enhancement Log Description Severity Event description OSPF interface link state changed Log Message OSPF 6 INTFSTATECHANGE OSPF interface intf name changed state to Up Down Parameters description intf name Name of OSPF interface Informational Event description OSPF interface administrator state changed Log Message OSPF 6 INTFADMINCHANGE OSPF protocol on in...

Page 1432: ... changed from Full to Down Log Message OSPF 5 VNBRFULLTODOWN OSPF nbr nbr id on virtual link changed state from Full to Down Parameters description nbr id Neighbor s router ID Notice Event description OSPF router ID was changed Log Message OSPF 6 RIDCHANGE OSPF router ID changed to router id Parameters description router id OSPF router ID Informational Event description Enable OSPF Log Message OSP...

Page 1433: ...sition and ID Critical Event description Air flow abnormal Log Message Unit unit id detecting abnormal air flow Parameters description unitID The unit ID Critical Event description Air flow recovered Log Message Unit unit id abnormal air flow back to normal Parameters description unitID The unit ID Critical Port Security Log Description Severity Event description Address full on a port Log Message...

Page 1434: ...ription SNMP request received with invalid community string Log Message SNMP request received from ipaddr with invalid community string Parameters Description ipaddr The IP address Informational SSH Log Description Severity Event description SSH server is enabled Log Message SSH server is enabled Informational Event description SSH server is disabled Log Message SSH server is disabled Informationa...

Page 1435: ...r Unit unitID Parameters description unitID Box ID Informational Event description Slave changed to master Log Message Slave changed to master Master Unit unitID Parameters description unitID Box ID Informational Event description Box ID conflict Log Message Hot insert failed box ID conflict Unit unitID conflict MAC macaddr and MAC macaddr Parameters description unitID Box ID macaddr The MAC addre...

Page 1436: ...age Broadcast Multicast Unicast storm is cleared on interface id Parameters description Broadcast Broadcast storm is cleared Multicast Multicast storm is cleared Unicast Unicast storm including both known and unknown unicast packets is cleared interface id The interface ID on which a storm is cleared Informational Event description Port shut down due to a packet storm Log Message interface id is c...

Page 1437: ...y Log Message Pseudo wire id vc_id peer ip ipaddr link standby Parameters description vc_id The link standby Pseudo wire ID ipaddr The peer IP address of the link standby Pseudo wire Informational VRRP Debug Enhancement Log Description Severity Event description One virtual router state becomes Master Log Message VRRP 6 STATEMASTER VR vr id at interface intf name switch to Master Parameters descri...

Page 1438: ...g Event description Virtual router ID mismatch of one received VRRP advertisement message Log Message VRRP 4 VRIDMIS Received ADV msg virtual router ID mismatch VR vr id at interface intf name Parameters description vr id VRRP virtual router ID intf name Interface name on which virtual router is based Warning Event description Advertisement interval mismatch of one received VRRP advertisement mess...

Page 1439: ...Message VRRP 3 MACL3FULL Failed to add virtual IP vrrp ip addr MAC vrrp mac addr into L3 table L3 table is full Parameters description vrrp ip addr VRRP virtual IP address vrrp mac addr VRRP virtual MAC address Error Event description Failed when adding a virtual MAC into switch L3 table The port where the MAC is learned from is invalid Log Message VRRP 3 BADMAC Failed to add virtual IP vrrp ip ad...

Page 1440: ...ssful login through Web Log Message Successful login through Web Username username IP ipaddr Parameters description username The use name that used to login HTTP server ipaddr The IP address of HTTP client Informational Event description Login failed through Web Log Message Login failed through Web Username username IP ipaddr Parameters description username The use name that used to login HTTP ser...

Page 1441: ...ational Web Authentication Log Description Severity Event description The log message occurs when a host passed the authentication Log Message Web Authentication host login success Username username IP ipaddr MAC mac address interface id VID vlan id Parameters description username The host username ipaddr The host IP address either an IPv4 or IPv6 address mac address The host MAC addresses interfa...

Page 1442: ...SessionAuthVlan 4 dnaSessionAuthUserName 5 dDot1xExtNotifyFailReason 1 3 6 1 4 1 17 1 14 30 0 2 Authentication Fail Trap Name Description OID authenticationFailure An authenticationFailure trap signifies that the SNMPv2 entity acting in an agent role has received a protocol message that is not properly authenticated While all implementations of the SNMPv2 must be capable of generating this trap th...

Page 1443: ...x 2 dCfmEventMaIndex 3 dCfmEventMepIdentifier 1 3 6 1 4 1 17 1 14 86 0 2 dCfmLockOccurred A notification is generated when MEP detects the LCK condition Binding objects 1 dCfmEventMdIndex 2 dCfmEventMaIndex 3 dCfmEventMepIdentifier 1 3 6 1 4 1 17 1 14 86 0 3 dCfmLockCleared A notification is generated when MEP clears the LCK condition Binding objects 1 dCfmEventMdIndex 2 dCfmEventMaIndex 3 dCfmEve...

Page 1444: ...sent when dErpsNotificationEnabled is true and a signal failure is cleared 1 3 6 1 4 1 17 1 14 78 0 2 dErpsRPLOwnerConflictNotif A dErpsOwnerConflictNotif is sent when dErpsNotificationEnabled is true and RPL owner conflict is detected 1 3 6 1 4 1 17 1 14 78 0 3 Gratuitous ARP Trap Name Description OID agentGratuitousARPTrap The trap is sent when IP address conflicted Binding objects 1 ipaddr 2 ma...

Page 1445: ...own state from some other state but not from the notPresent state This other state is indicated by the included value of ifOperStatus Binding objects 1 ifIndex 2 if AdminStatus 3 ifOperStatu 1 3 6 1 6 3 1 1 5 3 LBD Trap Name Description OID dLbdLoopOccurred This trap is sent when an interface loop occurs Binding objects dLbdNotifyInfoIfIndex 1 3 6 1 4 1 17 1 14 46 0 1 dLbdLoopRestart This trap is ...

Page 1446: ...RemTablesChange A lldpRemTablesChange notification is sent when the value of lldpStatsRemTableLastChangeTime changes It can be utilized by an NMS to trigger LLDP remote systems table maintenance polls Binding 1 lldpStatsRemTablesInserts 2 lldpStatsRemTablesDeletes 3 lldpStatsRemTablesDrops 4 lldpStatsRemTablesAgeouts 1 0 8802 1 1 2 0 0 1 lldpXMedTopologyChangeDetect ed A notification generated by ...

Page 1447: ...state from another state 1 3 6 1 2 1 10 166 2 0 1 mplsXCDown This notification is generated when the mplsXCOperStatus object for one or more contiguous entries in the mplsXCTable is about to enter the up state from another state 1 3 6 1 2 1 10 166 2 0 2 MSTP Trap Name Description OID newRoot The newRoot trap indicates that the sending agent has become the new root of the Spanning Tree the trap is ...

Page 1448: ...iguration will trigger trap messages to be sent out Binding objects 1 ifIndex 2 dPortSecIfCurrentStatus 3 dPortSecIfLastMacAddress 1 3 6 1 4 1 17 1 14 8 0 1 RMON Trap Name Description OID risingAlarm The SNMP trap that is generated when an alarm entry crosses its rising threshold and generates an event that is configured for sending SNMP traps Binding objects 1 alarmIndex 2 alarmVariable 3 alarmSa...

Page 1449: ...kNotifyInfoBoxId 2 dStackInfoMacAddr 1 3 6 1 4 1 17 1 14 9 0 2 dStackFailureNotification Unit Failure notification Binding objects 1 dStackNotifyInfoBoxId 1 3 6 1 4 1 17 1 14 9 0 3 dStackTPChangeNotification The stacking topology change notification Binding objects 1 dStackNotifyInfoTopologyType 2 dStackNotifyInfoBoxId 3 dStackInfoMacAddr 1 3 6 1 4 1 17 1 14 9 0 4 dStackRoleChangeNotification The ...

Page 1450: ...246 0 1 pwDown This notification is generated when the pwOperStatus object for one or more contiguous entries in the pwTable which are about to enter the down 2 or lowerLayerDown 6 state from any other state except for transition from the notPresent 5 state 1 3 6 1 2 1 10 246 0 2 pwDeleted This notification is generated when the PW has been deleted i e when the pwRowStatus has been set destroy 6 o...

Page 1451: ...s 1 ifIndex 2 dnaSessionAuthVlan 3 dnaSessionClientMacAddress 4 dnaSessionClientAddrType 5 dnaSessionClientAddress 6 dnaSessionAuthUserName 1 3 6 1 4 1 17 1 14 154 0 1 dWebAuthLoggedFail The trap is sent when a host has failed to pass Web Authentication login failed Binding objects 1 ifIndex 2 dnaSessionAuthVlan 3 dnaSessionClientMacAddress 4 dnaSessionClientAddrType 5 dnaSessionClientAddress 6 dn...

Page 1452: ...b authentication is successful the device will assign the privilege level according to the RADIUS server to this access user However if the user does not configure the privilege level attribute and authenticates successfully the device will not assign any privilege level to the access user If the privilege level is configured less than the minimum supported value or greater than the maximum suppor...

Page 1453: ...gn the 802 1p default priority according to the RADIUS server to the port However if the user does not configure the priority attribute and authenticates successfully the device will not assign a priority to this port If the priority attribute is configured on the RADIUS server is a value out of range 7 it will not be set to the device To assign the VLAN by the RADIUS server the proper parameters ...

Page 1454: ... is guest VLAN member it will be assigned to its original VLAN To assign the ACL by the RADIUS server the proper parameters should be configured on the RADIUS server The table below shows the parameters for an ACL The parameters of the Vendor Specific Attribute are RADIUS Tunnel Attribute Description Value Usage Vendor ID Defines the vendor 171 DLINK Required Vendor Type Defines the attribute 14 f...

Page 1455: ...US Attributes Assignment Appendix IETF standard RADIUS attributes are defined in the RFC 2865 Remote Authentication Dial In User Service RADIUS RFC 2866 RADIUS Accounting RFC 2868 RADIUS Attributes for Tunnel Protocol Support and RFC 2869 RADIUS Extensions The following table lists the IETF RADIUS attributes supported by the D Link switch RADIUS Authentication Attributes Number IETF Attribute 1 Us...

Page 1456: ...ber IETF Attribute 1 User Name 4 NAS IP Address 5 NAS Port 6 Service Type 8 Framed IP Address 31 Calling Station ID 32 NAS Identifier 40 Acct Status Type 41 Acct Delay Time 42 Acct Input Octets 43 Acct Output Octets 44 Acct Session ID 45 Acct Authentic 46 Acct Session Time 47 Acct Input Packets 48 Acct Output Packets 49 Acct Terminate Cause 52 Acct Input Gigawords 53 Acct Output Gigawords 61 NAS P...

Reviews:

No comments