manualshive.com logo in svg

D-Link xStack DGS-3400 Series, Cli Manual

The D-Link xStack DGS-3400 Series is a high-performance network switch designed to meet the growing demands of businesses. With advanced features and exceptional reliability, this product ensures seamless connectivity. To familiarize yourself with its functionalities, simply download the free Reference Manual available at manualshive.com.

Share
Download
background image

xStack

®

 DGS-3400 Series Layer 2 Gigabit Managed Switch CLI Manual

 

 

185

25

 

 

802.1X

 

C

OMMANDS

 

The xStack

®

 DGS–3400 implements the server–side of the IEEE 802.1X Port–based and MAC–based Network Access Control. 

This mechanism is intended to allow only authorized users, or other network devices, access to network resources by establishing 
criteria for each port on the Switch that a user or network device must meet before allowing that port to forward or receive frames. 
The switch also supports 802.1X extensions, which means that as well as granting simple access rights, some controlling 
parameters can be passed from the authentication server to fine tune the management for the authenticated port/host. 

The 802.1X commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following 
table. 

Command Parameters 

enable 802.1x 

 

disable 802.1x 

 

show 802.1x 

 

show 802.1x auth_state ports 

{<portlist>} 

show 802.1x auth_configuration ports 

{<portlist>} 

config 802.1x auth_protocol 

[local | radius_eap] 

create 802.1x user 

<username 15> 

delete 802.1x user 

<username 15> 

show 802.1x user 

 

show auth_statistics 

{ports <portlist | all>} 

show auth_diagnostics 

{ports <portlist | all>} 

show auth_session_statistics 

{ports <portlist | all>} 

show auth_client 

 

show acct_client 

 

config 802.1x capability ports 

[<portlist> | all] [authenticator | none] 

config 802.1x auth_parameter ports 

[<portlist> | all] [default | {direction [both | in] | port_control [force_unauth | 
auto | force_auth] | quiet_period <sec 0-65535> | tx_period <sec 1-65535> 
| supp_timeout <sec 1-65535> | server_timeout <sec 1-65535> | max_req 
<value 1-10> | reauth_period <sec 1-65535> | max_users [<value 1-128> | 
no_limit] | enable_reauth [enable | disable]}] (1) 

config 802.1x init 

[port_based ports [<portlist> | all] | mac_based [ports] [<portlist> | all] 
{mac_address <macaddr>}] 

config 802.1x auth_mode 

[port_based | mac_based] 

config 802.1x reauth 

{port_based ports [<portlist> | all] | mac_based [ports] [<portlist> | all] 
{mac_address <macaddr>}] 

config radius add 

<server_index 1–3> <server_ip> key <passwd 32> [default | {auth_port 
<udp_port_number 1–65535> | acct_port <udp_port_number 1–65535> | 
timeout <int 1-255> | retransmit <int 1-20>} (1) ] 

config radius delete 

<server_index 1–3> 

config radius 

<server_index 1-3> {ipaddress <server_ip> | key <passwd 32> | auth_port 
<udp_port_number 1-65535 > | acct_port <udp_port_number 1-65535 > | 
timeout <int 1-255> |retransmit <int 1-20>} (1) 

show radius 

 

Summary of Contents for xStack DGS-3400 Series

Page 1: ... CLI Manual Product Model xStack DGS 3400 Series Layer 2 Gigabit Ethernet Managed Switch Release 2 6 ...

Page 2: ...July 2009 651GS3400095G RECYCLABLE ...

Page 3: ...OMMANDS 119 ISM VLAN COMMANDS 130 LINK AGGREGATION COMMANDS 134 IP MAC PORT BINDING IMPB COMMANDS 139 IP COMMANDS INCLUDING IPV6 151 IPV6 NEIGHBOR DISCOVERY COMMANDS 158 IGMP SNOOPING COMMANDS 164 MLD SNOOPING COMMANDS 174 LIMITED IP MULTICAST ADDRESS IGMP FILTERING 182 802 1X COMMANDS 185 ACCESS CONTROL LIST ACL COMMANDS 209 TIME RANGE COMMANDS 230 SAFEGUARD ENGINE COMMANDS 232 TRAFFIC SEGMENTATI...

Page 4: ... VLAN COMMANDS 349 MAC BASED ACCESS CONTROL MAC COMMANDS 355 Q IN Q COMMANDS 367 LLDP COMMANDS 372 SFLOW 386 DHCP SERVER COMMANDS 395 DHCP SERVER SCREENING COMMANDS 408 RSPAN COMMANDS 411 ACL FLOW METERING COMMANDS 416 LAYER 2 PROTOCOL TUNNELING L2PT COMMANDS 420 ARP AND GRATUITOUS ARP COMMANDS 423 COMPOUND AUTHENTICATION COMMANDS 430 WEB BASED ACCESS CONTROL WAC COMMANDS 436 PROTOCOL VLAN GROUP C...

Page 5: ... settings are as follows 115200 baud no parity 8 data bits 1 stop bit A computer running a terminal emulation program capable of emulating a VT 100 terminal and a serial port configured as above is then connected to the Switch s serial port via an RS 232 DB 9 cable With the serial port properly connected to a management computer the following screen should be visible If this screen does not appear...

Page 6: ...t the IP address to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation The IP interface named System on the Switch can be assigned an IP address and subnet mask which can then be used to connect a management station to the Switch s Telnet or Web based management agent DGS 3426 5 config ipif System ipaddress 10 73 21 35 255 0 0 0 C...

Page 7: ...le interface is used by connecting the Switch to a VT100 compatible terminal or a computer running an ordinary terminal emulator program e g the HyperTerminal program included with the Windows operating system using an RS 232C serial cable Your terminal parameters will need to be set to VT 100 compatible 115200 baud 8 data bits No parity One stop bit No flow control Users may also access the same ...

Page 8: ...and When entering a command without its required parameters the CLI will prompt you with a Next possible completions message DGS 3426 5 config account Command confif account Next possible completions username DGS 3426 5 Figure 2 3 Example Command Parameter Help In this case the command config account was entered with the parameter username The CLI will then prompt to enter the username with the me...

Page 9: ...e help prompts are the same as presented in this manual angle brackets indicate a numerical value or character string braces indicate optional parameters or a choice of parameters and brackets indicate required parameters If a command is entered that is unrecognized by the CLI the top level commands will be displayed under the Available commands prompt DGS 3426 5 the Available commands cable_diag ...

Page 10: ...imited link_aggregation lldp log log_save_timing loopdetect mac_based_access_control mac_based_access_control_local mac_based_vlan mac_notification mirror mld_snooping module_info multicast multicast_fdb packet port port_security ports pvid qinq radius router_ports rspan safeguard_engine scheduling scheduling_mechanism serial_port session Sflow sim snmp sntp ssh ssl stack_device stack_information ...

Page 11: ...ecified Syntax create account admin operator user username 15 In the above syntax example users must specify either an admin or a user level account to be created Do not type the square brackets Description Example Command create account user newuser1 vertical bar Purpose Separates two or more mutually exclusive items in a list one of which must be entered Syntax create account admin operator user...

Page 12: ...e cursor to the left Right Arrow Moves the cursor to the right Up Arrow Repeats the previously entered command Each time the up arrow is pressed the command previous to that displayed appears This way it is possible to review the command history for the current session Use the down arrow to progress sequentially forward through the command history list Down Arrow The down arrow will display the ne...

Page 13: ...ble password encryption show module_info show device_status show session show switch show serial_port config serial_port baud_rate 9600 19200 38400 115200 auto_logout never 2_minutes 5_minutes 10_minutes 15_minutes 1 enable clipaging disable clipaging telnet ipaddr tcp_port value 0 65535 enable telnet tcp_port_number 1 65535 disable telnet enable web tcp_port_number 1 65535 disable web save config...

Page 14: ...steps necessary to resolve this issue config account Purpose Used to configure user accounts Syntax config account username encrypt plain_text sha_1 password Description When the password information is not specified in the command the system will prompt the user to input the password interactively For this case the user can only input the plain text password If the password is present in the comm...

Page 15: ...rameters None Restrictions Only Administrator level users can issue this command Example usage To display the accounts that have been created DGS 3426 5 show account Command show account Current Accounts Username Access Level dlink Admin Total Entries 1 DGS 3426 5 delete account Purpose Used to delete an existing user account Syntax delete account username string Description This command deletes a...

Page 16: ...mple usage To enable password encryption DGS 3426 5 enable password encryption Command enable password encryption Success DGS 3426 5 disable password encryption Purpose Used to disable password encryption Syntax disable password encryption Description The user account configuration information will be stored in the configuration file and can be applied to the system later If the password encryptio...

Page 17: ...ice_status Purpose Used to display current status of fans and power or power supplies on the system Syntax show device_status Description This command displays the current status of power s and fan s on the system There is a status display for all the fans on the Switch If all fans are working normally there will a corresponding OK in the Fan display field If any fan fails there will be a correspo...

Page 18: ...erator level users can issue this command Example usage To display the way that the users logged in DGS 3427 4 show session Command show session ID Live Time From Level Name 8 0 8 48 860 Serial Port 4 Anonymous Total Entries 1 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh show switch Purpose Used to display general information about the Switch Syntax show switch Description This co...

Page 19: ...ping Disabled TELNET Enabled TCP 23 WEB Enabled TCP 80 SNMP Disabled RMON Disabled SSL status Disabled SSH status Disabled 802 1x Disabled Jumbo Frame Off Clipaging Enabled MAC Notification Disabled Port Mirror Disabled SNTP Disabled HOL Prevention State Enabled Syslog Global State Disabled Single IP Management Disabled Dual Image Supported Password Encryption Status Disabled CTRL C ESC q Quit SPA...

Page 20: ... will log out the current user if there is no user input for 5 minutes 10_minutes The console will log out the current user if there is no user input for 10 minutes 15_minutes The console will log out the current user if there is no user input for 15 minutes Restrictions Only Administrator and Operator level users can issue this command Example usage To configure baud rate DGS 3426 5 config serial...

Page 21: ... of the screen display when a command output reaches the end of the page DGS 3426 5 disable clipaging Command disable clipaging Success DGS 3426 5 telnet Purpose Specifies to instruct the Telnet client to connect to the specific Telnet server Syntax ipaddr tcp_port value 0 65535 Description This command will instruct the Telnet client to connect to the specific Telnet server The parameters specifi...

Page 22: ...telnet 23 Success DGS 3426 5 disable telnet Purpose Used to disable the Telnet protocol on the Switch Syntax disable telnet Description This command is used to disable the Telnet protocol on the Switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable the Telnet protocol on the Switch DGS 3426 5 disable telnet Command disable t...

Page 23: ...ges in the Switch s configuration to non volatile RAM Syntax save config config_id 1 2 log all Description This command is used to enter the current switch configuration into non volatile RAM The saved switch configuration will be loaded into the Switch s memory each time the Switch is restarted Parameters config config_id 1 2 Specify to save current settings to configuration file 1 or 2 log Speci...

Page 24: ...ettings are restored on the Switch including the IP address user accounts the switch history log and banner The Switch will not save or reboot system If the keyword system is specified all of the factory default settings are restored on the Switch The Switch will save and reboot after the settings are changed to default Rebooting will clear all entries in the Forwarding Data Base If no parameter i...

Page 25: ...en there is nothing to prevent any IP address from accessing the Switch provided the user knows the Username and Password Parameters ipaddr The IP address of the trusted host to be created network_address The network address of the trusted network The form of network address is xxx xxx xxx xxx y Restrictions Only Administrator and Operator level users can issue this command Example usage To create...

Page 26: ...d above Parameters ipaddr The IP address of the trusted host network_address The network address of the trusted network all Delete all trusted hosts Restrictions Only Administrator and Operator level users can issue this command Example usage To delete a trusted host with an IP address 10 48 74 121 DGS 3426 5 delete trusted_host ipaddr 10 48 74 121 Command delete trusted_host 10 48 74 121 Success ...

Page 27: ...so separated by a colon are specified The beginning and end of the port list range are separated by a dash For example 1 3 specifies switch number 1 port 3 2 4 specifies switch number 2 port 4 1 3 2 4 specifies all of the ports between switch 1 port 3 and switch 2 port 4 in numerical order Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 medium_type fiber copper This app...

Page 28: ...egotiation details media_type Description This command is used to display the current configuration of a range of ports Parameters portlist Specifies a port or range of ports to be displayed The port list is specified by listing the lowest switch number and the beginning port number on that switch separated by a colon Then the highest switch number and the highest port number of the range also sep...

Page 29: ... 1000M Full None Enabled 1 8 Enabled Auto Disabled Link Down Enabled 1 9 Enabled Auto Disabled Link Down Enabled 1 10 Enabled Auto Disabled Link Down Enabled 1 11 Enabled Auto Disabled Link Down Enabled 1 12 Enabled Auto Disabled Link Down Enabled 1 13 Enabled Auto Disabled Link Down Enabled 1 14 Enabled Auto Disabled Link Down Enabled 1 15 Enabled Auto Disabled 100M Full None Enabled 1 16 Enabled...

Page 30: ...to Disabled Link Down Enabled Description 1 3 Enabled Auto Disabled Link Down Enabled Description 1 4 Enabled Auto Disabled Link Down Enabled Description 1 5 Enabled Auto Disabled Link Down Enabled Description 1 6 Enabled Auto Disabled Link Down Enabled Description 1 7 Enabled Auto Disabled 1000M Full None Enabled Description 1 8 Enabled Auto Disabled Link Down Enabled Description 1 9 Enabled Auto...

Page 31: ...the lowest switch number and the beginning port number on that switch separated by a colon Then the highest switch number and the highest port number of the range also separated by a colon are specified The beginning and end of the port list range are separated by a dash For example 1 3 specifies switch number 1 port 3 2 4 specifies switch number 2 port 4 1 3 2 4 specifies all of the ports between...

Page 32: ... set using the config port_security ports command is set as permanent or delete on reset Parameters vlan name vlan_name 32 Enter the corresponding VLAN name of the port to delete port port Enter the port number which has learned the previously entered MAC address The port is specified by listing the lowest switch number and the beginning port number on that switch separated by a colon For example ...

Page 33: ...tlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 Restrictions Only Administrator and Operator level users can issue this command Example usage To clear a port security entry by port DGS 3426 5 clear port_security_entry port 1 6 Command clear port_security_entry port 1 6 Success DGS 3426 5 show port_security Purpose Used to display the current port security configuration Syntax show port_s...

Page 34: ...rts 1 1 1 5 Command show port_security ports 1 1 1 5 Port Admin State Max Learning Addr Lock Address Mode 1 Disabled 1 DeleteOnReset 2 Disabled 1 DeleteOnReset 3 Disabled 1 DeleteOnReset 4 Disabled 1 DeleteOnReset 5 Disabled 1 DeleteOnReset CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh ...

Page 35: ...riority value to the box with lower numbers having higher priority The possible priority range is 1 63 This field is important when the stacking mode is automatically configured Users who wish a certain switch become the primary master of the switch stack should configure their choice for the priority master switch to have the highest priority and in essence the lowest number Restrictions Only Adm...

Page 36: ...mation Parameters None Restrictions None Usage example To display stack information DGS 3426 5 show stack_information Command show stack_information Topology Duplex_Chain My Box ID 1 Master ID 1 BK Master ID 1 Box Count 1 Box User Prio Prom Runtime H W ID Set Type Exist rity MAC Version Version Version 1 AUTO DGS 3426 Exist 32 00 19 5B 3D 7C D6 1 00 B13 2 60 B26 A2 2 Not_Exist No 3 Not_Exist No 4 ...

Page 37: ...Operator level users can issue this command NOTE Only ports 26 and 27 of the DGS 3427 support stacking Port 25 cannot be used for stacking and is to be used only as a 10 Gigabit uplink port Usage example To disable the stacking mode DGS 3426 5 config stacking mode disable Command config stacking mode disable Change Box bootmode may cause devices work restart still continue y n y show stacking mode...

Page 38: ...es Layer 2 Gigabit Managed Switch CLI Manual 34 Usage example To display the stacking devices DGS 3426 5 show stack_device Command show stack_device Box ID Box Type H W Version Serial Number 2 DGS 3426 2A1G avc DGS 3426 5 ...

Page 39: ...r HMAC SHA algorithms AuthNoPriv v3 MD5 DES or SHA DES Authentication is based on the HMAC MD5 or HMAC SHA algorithms AuthPriv DES 56 bit encryption is added based on the CBC DES DES 56 standard Command Parameters enable snmp disable snmp enable snmp linkchange_traps disable snmp linkchange_traps config snmp linkchange_traps ports all portlist enable disable create snmp user username 32 groupname ...

Page 40: ...ist disable snmp traps disable snmp authenticate traps config snmp system_contact sw_contact config snmp system_location sw_location config snmp system_name sw_name enable rmon disable rmon Each command is listed in detail in the following sections enable snmp Purpose Used to enable the SNMP function on the Switch Syntax enable snmp Description This command is used to enable Simple Network Managem...

Page 41: ...tion This command is used to enable and disable SNMP linkchange traps on the Switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable SNMP linkchange traps DGS 3426 5 enable snmp linkchange_traps Command enable snmp linkchange_traps Success DGS 3426 5 disable snmp linkchange_traps Purpose Used to disable SNMP linkchange traps on...

Page 42: ...Switch portlist Specifies a port or range of ports to be configured The beginning and end of the port list range are separated by a dash Non contiguous portlist entries are separated by a comma ex 1 3 7 9 enable disable Used to enable or disable SMMP linkchange traps for the switch Restrictions Only Administrator and Operator level users can issue this command Example usage To configure SNMP linkc...

Page 43: ...hod is not recommended auth The user may also choose the type of authentication algorithms used to authenticate the snmp user The choices are md5 Specifies that the HMAC MD5 96 authentication level will be used md5 may be utilized by entering one of the following auth password 8 16 An alphanumeric sting of between 8 and 16 characters that will be used to authorize the agent to receive packets for ...

Page 44: ... identifies the SNMP user that will be deleted Restrictions Only Administrator and Operator level users can issue this command Example usage To delete a previously entered SNMP user on the Switch DGS 3426 5 delete snmp user dlink Command delete snmp user dlink Success DGS 3426 5 show snmp user Purpose Used to display information about each SNMP username in the SNMP username table Syntax show snmp ...

Page 45: ... access Restrictions Only Administrator and Operator level users can issue this command Example usage To create an SNMP view DGS 3426 5 create snmp view dlinkview 1 3 6 view_type included Command create snmp view dlinkview 1 3 6 view_type included Success DGS 3426 5 delete snmp view Purpose Used to remove an SNMP view entry previously created on the Switch Syntax delete snmp view view_name 32 all ...

Page 46: ...ntifies the SNMP view that will be displayed Restrictions None Example usage To display SNMP view configuration UserName PassWord DGS 3426P 4 show snmp view Command show snmp view Vacm View Table Settings View Name Subtree View Type v3v 1 Included restricted 1 3 6 1 2 1 1 Included restricted 1 3 6 1 2 1 11 Included restricted 1 3 6 1 6 3 10 2 1 Included restricted 1 3 6 1 6 3 11 2 1 Included restr...

Page 47: ...me 32 An alphanumeric string of up to 32 characters that is used to identify the group of MIB objects that a remote SNMP manager is allowed to access on the Switch read_only Specifies that SNMP community members using the community string created with this command can only read the contents of the MIBs on the Switch read_write Specifies that SNMP community members using the community string create...

Page 48: ...ample usage To display the currently entered SNMP community strings DGS 3426P 4 show snmp community Command show snmp community SNMP Community Table Community Name View Name Access Right private CommunityView read_write public CommunityView read_only Total Entries 2 DGS 3426P 4 config snmp engineID Purpose Used to configure an identification for the SNMP engine on the Switch Syntax config snmp eng...

Page 49: ...nd distributed network management strategies It includes improvements in the Structure of Management Information SMI and adds some security features v3 Specifies that the SNMP version 3 will be used SNMP v3 provides secure access to devices through a combination of authentication and encrypting packets over the network SNMP v3 adds Message integrity Ensures that packets have not been tampered with...

Page 50: ...the SNMP group the new SNMP user will be associated with Restrictions Only Administrator and Operator level users can issue this command Example usage To delete the SNMP group named sg1 DGS 3426 5 delete snmp group sg1 Command delete snmp group sg1 Success DGS 3426 5 show snmp groups Purpose Used to display the group names of SNMP groups currently configured on the Switch The security model level ...

Page 51: ...oup Name private ReadView Name CommunityView WriteView Name CommunityView Notify View Name CommunityView Security Model SNMPv2 Security Level NoAuthNoPriv Group Name ReadGroup ReadView Name CommunityView WriteView Name Notify View Name CommunityView Security Model SNMPv1 Security Level NoAuthNoPriv Group Name ReadGroup ReadView Name CommunityView WriteView Name Notify View Name CommunityView Secur...

Page 52: ...mbination of authentication and encrypting packets over the network SNMP v3 adds Message integrity ensures that packets have not been tampered with during transit Authentication determines if an SNMP message is from a valid source Encryption scrambles the contents of messages to prevent it being viewed by an unauthorized source noauth_nopriv Specifies that there will be no authorization and no enc...

Page 53: ...ommand Example usage To delete an IPv4 SNMP host entry DGS 3426 5 delete snmp host 10 48 74 100 Command delete snmp host 10 48 74 100 Success DGS 3426 5 To delete an IPv6 SNMP host entry DGS 3426 5 delete snmp v6host FF FF Command delete snmp v6host FF FF Success DGS 3426 5 show snmp host Purpose Used to display the recipient of SNMP traps generated by the Switch s SNMP agent Syntax show snmp host...

Page 54: ...SNMP traps that are generated by the Switch s SNMP agent Parameters v6host ipv6addr The IPv6 address of a remote SNMP manager that will receive SNMP traps generated by the Switch s SNMP agent Restrictions None Example usage To display the currently configured IPv6 SNMP hosts on the Switch DGS 3426 5 show snmp host Command show snmp host SNMP Host Table Host IPv6 Address FF FF SNMP Version V3 na np...

Page 55: ... usage To turn on SNMP authentication trap support DGS 3426 5 enable snmp authenticate traps Command enable snmp authenticate traps Success DGS 3426 5 show snmp traps Purpose Used to show SNMP trap support on the Switch Syntax show snmp traps linkchange_traps ports portlist Description This command is used to view the SNMP trap support status currently configured on the Switch Parameters portlist ...

Page 56: ...isable SNMP authentication support on the Switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable the SNMP authentication trap support DGS 3426 5 disable snmp authenticate traps Command disable snmp authenticate traps Success DGS 3426 5 config snmp system_contact Purpose Used to enter the name of a contact person who is respon...

Page 57: ... 3426 5 config snmp system_location HQ 5F Command config snmp system_location HQ 5F Success DGS 3426 5 config snmp system_name Purpose Used to configure the name for the Switch Syntax config snmp system_name sw_name Description This command is used to configure the name of the Switch Parameters sw_name A maximum of 255 characters is allowed Restrictions Only Administrator and Operator level users ...

Page 58: ...disable rmon Purpose Used to disable RMON on the Switch Syntax disable rmon Description This command is used to disable remote monitoring RMON on the Switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable RMON DGS 3426 5 disable rmon Command disable rmon Success DGS 3426 5 ...

Page 59: ...n the following sections download Purpose Used to download and install new firmware or a new configuration on the switch from a TFTP server Syntax download firmware_fromTFTP ipaddr ipv6addr path_filename 64 image_id int 1 2 unit all unitid 1 12 cfg_fromTFTP ipaddr ipv6addr path_filename 64 config_id 1 2 increment Description This command is used to download a new firmware or a switch configuration...

Page 60: ...er switch parameters will remain unchanged Restrictions Only Administrator level users can issue this command Example usage To download a configuration file DGS 3426 5 download cfg_fromTFTP 10 48 74 121 unit all c cfg setting txt Command download cfg_fromTFTP 10 48 74 121 unit all c cfg setting txt Connecting to server Done Download configuration Done DGS 3426 5 DGS 3426 5 DGS 3426 5 DGS 3426 Giga...

Page 61: ...ion 1 boot_up Success DGS 3426 5 config firmware Purpose Used to configure the firmware section as a boot up section or to delete the firmware section Syntax config firmware unit unitid_list 1 12 all image_id int 1 2 delete boot_up Description This command is used to configure the firmware section The user may choose to remove the firmware section or use it as a boot up section Parameters unit uni...

Page 62: ...tion information Parameters None Restrictions None Example usage To display the current firmware information on the Switch DGS 3426P 5 show firmware information Command show firmware information Box ID Version Size B Update Time From User 1 1 2 60 B26 3763691 2009 03 05 10 23 40 10 73 21 1 R 1 2 empty means boot up firmware R means firmware update through Serial Port RS232 T means firmware update ...

Page 63: ...t List 5 storm control 6 IP group management 7 syslog 8 QoS 9 port mirroring 10 traffic segmentation 11 SSL 12 port 13 PoE 14 Port lock 15 SNMPv3 16 MANAGEMENT 17 VLAN 18 802 1X 19 Guest VLAN 20 TR 21 ACL 22 FDB forwarding data base 23 Address Binding 24 MAC Address Table Notification 25 STP 26 SAFEGUARD ENGINE 27 BANNER PROMPT 28 SSH 29 SNTP 30 LACP 31 IP and auto config 32 IGMP Snooping 33 MLD S...

Page 64: ...ig Command show config current_config DGS 3426 Gigabit Ethernet Switch Configuration Firmware Build 2 60 B26 Copyright C 2009 D Link Corporation All rights reserved STACK Box Prio ID Type Exist rity 1 DGS 3426P exist 16 2 DGS 3426 exist 32 3 DGS 3450 exist 32 4 Not_Exist no 5 Not_Exist no 6 Not_Exist no ...

Page 65: ...ill be uploaded to the TFTP server ipaddr The IP address of the TFTP server The TFTP server must be on the same IP subnet as the Switch ipv6addr The IPv6 address of the TFTP server The TFTP server must be on the same IP subnet as the Switch path_filename 64 Specifies the location of the Switch configuration file on the TFTP server This file will be replaced by the uploaded file from the Switch att...

Page 66: ...e_list field If no parameter is specified all history log entries will be displayed Restrictions None Example usage To display the attack log DGS 3426 5 show attack_log index 1 2 Command show attack_log index 1 2 Index Date Time Log Text 2 2006 04 25 12 38 00 Possible spoofing attack from 000d010023001 port 1 23 1 2006 04 25 12 37 42 Possible spoofing attack from 000d010023001 port 1 23 DGS 3426 5...

Page 67: ...sure Example usage To enable auto configuration on the Switch DGS 3426 5 enable autoconfig Command enable autoconfig Success DGS 3426 5 When auto configuration is enabled and the Switch is rebooted the normal login screen will appear for a few moments while the autoconfig request i e download configuration is initiated The console will then display the configuration parameters as they are loaded f...

Page 68: ...instruction from the DHCP server This does not change the IP settings of the Switch The IPIFsettings will continue as DHCP client until changed with the config ipif command Parameters Only Administrator and Operator level users can issue this command Restrictions Only Administrator and Operator level users can issue this command Example usage To stop the auto configuration function DGS 3426 5 disa...

Page 69: ...74 121 time 10ms Reply from 10 48 74 121 time 10ms Reply from 10 48 74 121 time 10ms Reply from 10 48 74 121 time 10ms Ping statistics for 10 48 74 121 Packets Sent 4 Received 4 Lost 0 DGS 3426 5 ping6 Purpose Used to test the connectivity between IPv6 ready network devices Syntax ping6 ipv6addr times value 0 255 size value 1 6000 timeout value 1 10 Description This command sends Internet Control ...

Page 70: ...imes 4 timeout 10 Command ping6 2009 280 C8FF FE3C 5C8A times 4 timeout 10 Reply from 2009 280 C8FF FE3C 5C8A bytes 100 time 10 ms Reply from 2009 280 C8FF FE3C 5C8A bytes 100 time 10 ms Reply from 2009 280 C8FF FE3C 5C8A bytes 100 time 10 ms Reply from 2009 280 C8FF FE3C 5C8A bytes 100 time 10 ms Ping statistics for 2009 280 C8FF FE3C 5C8A Packets Sent 4 Received 4 Lost 0 DGS 3426 5 ...

Page 71: ...ndex 1 4 all show syslog host index 1 4 show syslog config system_severity trap log all critical warning information show system_severity config log_save_timing time_interval min 1 65535 on_demand log_trigger show log_save_timing Each command is listed in detail in the following sections show packet ports Purpose Used to display statistics about the packets sent and received by the Switch Syntax s...

Page 72: ...how error ports portlist Description This command will display all of the packet error statistics collected and logged by the Switch for a given port list Parameters portlist Specifies a port or range of ports to be displayed The port list is specified by listing the lowest switch number and the beginning port number on that switch separated by a colon Then the highest switch number and the highes...

Page 73: ...0 Multicast Drop 0 VLAN Ingress Drop 0 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh show utilization Purpose Used to display real time port and CPU utilization statistics Syntax show utilization ports cpu Description This command will display the real time port and cpu utilization statistics for the Switch Parameters ports Entering this parameter will display the current port util...

Page 74: ...0 0 0 1 7 31 9 1 1 8 0 0 0 1 9 0 0 0 1 10 0 0 0 1 11 0 0 0 1 12 0 0 0 1 13 0 0 0 1 14 0 0 0 1 15 10 31 1 1 16 0 0 0 1 17 0 0 0 1 18 0 0 0 1 19 0 0 0 1 20 0 0 0 1 21 0 0 0 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh Example usage To display the current CPU utilization DGS 3426 5 show utilization cpu Command show utilization cpu CPU utilization Five seconds 15 One minute 25 Five mi...

Page 75: ...er Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 Restrictions Only Administrator and Operator level users can issue this command Example usage To clear the counters DGS 3426 5 clear counters ports 1 2 1 9 Command clear counters ports 1 2 1 9 Success DGS 3426 5 clear log Purpose Used to clear the Switch s history log Syntax clear log Description This command will clear...

Page 76: ...to a remote syslog server Syntax enable syslog Description This command enables the system log to be sent to a remote syslog server Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable the syslog function on the Switch DGS 3426 5 enable syslog Command enable syslog Success DGS 3426 5 disable syslog Purpose Used to disable the syste...

Page 77: ...onal Specifies that informational messages will be sent to the remote host This corresponds to number 6 from the list above warning Specifies that warning messages will be sent to the remote host This corresponds to number 4 from the list above all Specifies that all of the currently supported syslog messages that are generated by the Switch will be sent to the remote host facility Some of the ope...

Page 78: ...r 23 from the list above udp_port udp_port_number Specifies the UDP port number that the syslog protocol will use to send messages to the remote host ipaddress ipaddr Specifies the IP address of the remote host where syslog messages will be sent Only IPv4 addresses are supported for this feature state enable disable Allows the sending of syslog messages to the remote host specified above to be ena...

Page 79: ...d are shown in the following Bold font indicates the facility values the Switch currently supports Numerical Facility Code 0 kernel messages 1 user level messages 2 mail system 3 system daemons 4 security authorization messages 5 messages generated internally by syslog 6 line printer subsystem 7 network news subsystem 8 UUCP subsystem 9 clock daemon 10 security authorization messages 11 FTP daemon...

Page 80: ...a syslog host DGS 3426 5 config syslog host 1 severity all Command config syslog host 1 severity all Success DGS 3426 5 config syslog host 1 facility local0 Command config syslog host 1 facility local0 Success DGS 3426 5 config syslog host 1 udp_port 6000 Command config syslog host 1 udp_port 6000 Success DGS 3426 5 config syslog host 1 ipaddress 10 44 67 8 Command config syslog host 1 ipaddress 1...

Page 81: ...e Switch currently supports Numerical Facility Code 0 kernel messages 1 user level messages 2 mail system 3 system daemons 4 security authorization messages 5 messages generated internally by syslog 6 line printer subsystem 7 network news subsystem 8 UUCP subsystem 9 clock daemon 10 security authorization messages 11 FTP daemon 12 NTP subsystem 13 log audit 14 log alert 15 clock daemon 16 local us...

Page 82: ... 5 config syslog host all facility local0 Command config syslog host all facility local0 Success DGS 3426 5 config syslog host all udp_port 6000 Command config syslog host all udp_port 6000 Success DGS 3426 5 config syslog host all ipaddress 10 44 67 8 Command config syslog host all ipaddress 10 44 67 8 Success DGS 3426 5 config syslog host all state enabled Command config syslog host all state en...

Page 83: ...ictions None Example usage To show syslog host information DGS 3426 5 show syslog host Command show syslog host Syslog Global State Disabled Host Id Host IP Address Severity Facility UDP port Status 1 10 1 1 2 All Local0 514 Disabled 2 10 40 2 3 All Local0 514 Disabled 3 10 21 13 1 All Local0 514 Disabled Total Entries 3 DGS 3426 5 show syslog Purpose Used to display the global current running sta...

Page 84: ...n the Switch will be sent to a SNMP agent for analysis log Entering this parameter will define which events occurring on the Switch will be sent to the Switch s log for analysis all Entering this parameter will define which events occurring on the Switch will be sent to a SNMP agent and the Switch s log for analysis Choose one of the following to identify what level of severity warnings are to be ...

Page 85: ...e log command log_trigger Users who choose this method will have log files saved to the Switch every time a log event occurs on the Switch Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the time interval as every 30 minutes for saving log files DGS 3426 5 config log_save_timing time_interval 30 Command config log_save_timing time_interval...

Page 86: ...ation that will have the following three attributes a A configuration name defined by an alphanumeric string of up to 32 characters defined in the config stp mst_config_id command as name string b A configuration revision number named here as a revision_level and c A 4096 element table defined here as a vid_range which will associate each of the possible 4096 VLANs supported by the Switch for a gi...

Page 87: ...cription This command allows the Spanning Tree Protocol to be globally disabled on the Switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable STP on the Switch DGS 3426 5 disable stp Command disable stp Success DGS 3426 5 config stp version Purpose Used to globally set the version of STP on the Switch Syntax config stp versio...

Page 88: ...n devices in a spanning tree region before the BPDU bridge protocol data unit packet sent by the Switch will be discarded Each switch on the hop count will reduce the hop count by one until the value reaches zero The Switch will then discard the BDPU packet and the information held for the port will age out The user may set a hop count from 1 to 40 The default is 20 If the entered value is less th...

Page 89: ...ts between switch 1 port 3 and switch 2 port 4 in numerical order Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 externalCost This defines a metric that indicates the relative cost of forwarding packets to the specified port list Port cost can be set automatically or as a metric value The default value is auto auto Setting this parameter for the external cost will auto...

Page 90: ... Root Port The default value is false restricted_tcn true false To decide if this port not to propagate topology change The default value is false lbd enable disable When this is enabled the Switch will temporarily block STP on the port when a BDPU packet has been looped back If the Switch detects its own BDPU packet coming back it signifies a loop on the network STP will automatically be blocked ...

Page 91: ...lly and have the same configuration revision_level number and the same name Parameters value 1 15 Enter a number between 1 and 15 to define the instance_id The Switch supports 16 STP regions with one unchangeable default instance ID set as 0 add_vlan Along with the vid_range vidlist parameter this command will add VIDs to the previously configured STP instance_id remove_vlan Along with the vid_ran...

Page 92: ...r forwarding packets The lower the priority value set the higher the priority Parameters priority value 0 61440 Select a value between 0 and 61440 to specify the priority for a specified instance id for forwarding packets The lower the value the higher the priority This entry must be divisible by 4096 instance_id value 0 15 Enter the value corresponding to the previously configured instance id of ...

Page 93: ...er that lower priority values mean higher priorities for forwarding packets Parameters portlist Specifies a range of ports to be configured The port list is specified by listing the lowest switch number and the beginning port number on that switch separated by a colon Then the highest switch number and the highest port number of the range also separated by a colon are specified The beginning and e...

Page 94: ...meters None Restrictions None Example usage To display the status of STP on the Switch Status 1 STP enabled with STP compatible version DGS 3426 5 show stp Command show stp STP Bridge Global Settings STP Status Enabled STP Version STP Compatible Max Age 20 Hello Time 2 Forward Delay 15 Max Age 20 TX Hold Count 3 Forwarding BPDU Enabled Loopback Detection Enabled LBD Recover Time 60 NNI BPDU Addres...

Page 95: ...a colon Then the highest switch number and the highest port number of the range also separated by a colon are specified The beginning and end of the port list range are separated by a dash For example 1 3 specifies switch number 1 port 3 2 4 specifies switch number 2 port 4 1 3 2 4 specifies all of the ports between switch 1 port 3 and switch 2 port 4 in numerical order Non contiguous portlist ent...

Page 96: ...Command show stp instance 0 STP Instance Settings Instance Type CIST Instance Status Enabled Instance Priority 32768 Bridge Priority 32768 SYS ID Ext 0 STP Instance Operational Status Designated Root Bridge 32766 00 90 27 39 78 E2 External Root Cost 200012 Regional Root Bri 32768 00 53 13 1A 33 24 Internal Root Cost 0 Designated Bridge 32768 00 50 BA 71 20 D6 Root Port 1 23 Max Age 20 Forward Dela...

Page 97: ...gabit Managed Switch CLI Manual 93 DGS 3426 5 show stp mst_config_id Command show stp mst_config_id Current MST Configuration Identification Configuration Name 00 19 5B 3D 7C D6 Revision Level 0 MSTI ID Vid list CIST 1 4094 DGS 3426 5 ...

Page 98: ...paddr Each command is listed in detail in the following sections create fdb Purpose Used to create a static entry to the unicast MAC address forwarding table database Syntax create fdb vlan_name 32 macaddr port port Description This command is used to make an entry in the Switch s unicast MAC address forwarding database Parameters vlan_name 32 The name of the VLAN on which the MAC address resides ...

Page 99: ...rding table Parameters vlan_name 32 The name of the VLAN on which the MAC address resides macaddr The MAC address that will be added to the multicast forwarding table add delete add will add ports to the forwarding table delete will remove ports from the multicast forwarding table portlist Specifies a port or range of ports to be configured The port list is specified by listing the lowest switch n...

Page 100: ...ch case the Switch will broadcast the packet to all ports negating many of the benefits of having a switch Parameters sec 10 1000000 The aging time for the MAC address forwarding database value The value in seconds may be between 10 and 1000000 seconds Restrictions Only Administrator and Operator level users can issue this command Example usage To set the FDB aging time DGS 3426 5 config fdb aging...

Page 101: ...t 3 2 4 specifies switch number 2 port 4 Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 all Clears all dynamic entries to the Switch s forwarding database Restrictions Only Administrator and Operator level users can issue this command Example usage To clear all FDB dynamic entries DGS 3426 5 clear fdb all Command clear fdb all Success DGS 3426 5 show multicast_fdb Purp...

Page 102: ...mber corresponding to the MAC destination address The Switch will always forward traffic to the specified device through this port The port is specified by listing the switch number and the port number on that switch separated by a colon For example 1 3 specifies switch number 1 port 3 2 4 specifies switch number 2 port 4 vlan_name 32 The name of the VLAN on which the MAC address resides The VID o...

Page 103: ...mic 1 default 00 02 3F 63 DD 68 1 10 Dynamic CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All config multicast filtering_mode Purpose Used to configure the multicast packet filtering mode for specific VLANs Syntax config multicast filtering_mode vlan_name 32 all forward_all_groups forward_unregistered_groups filter_unregistered_groups Description This command is used to configure the mul...

Page 104: ... Example usage To view the multicast filtering mode for all VLANs DGS 3426 5 show multicast filtering_mode Command show multicast filtering_mode VLAN Name Multicast Filter Mode default filter_unregistered_groups v1 filter_unregistered_groups v2 filter_unregistered_groups v3 filter_unregistered_groups DGS 3426 5 show ipfdb Purpose Used to display the current IP address forwarding database table Syn...

Page 105: ... 30 1 13 Dynamic System 10 0 34 1 1 13 Dynamic System 10 0 51 1 1 13 Dynamic System 10 0 58 4 1 13 Dynamic System 10 0 85 168 1 13 Dynamic System 10 1 1 1 1 13 Dynamic System 10 1 1 99 1 13 Dynamic System 10 1 1 101 1 13 Dynamic System 10 1 1 102 1 13 Dynamic System 10 1 1 103 1 13 Dynamic System 10 1 1 152 1 13 Dynamic System 10 1 1 157 1 13 Dynamic System 10 1 1 161 1 13 Dynamic System 10 1 1 16...

Page 106: ...s only viable for Broadcast and Multicast storms because the chip only has counters for these two types of packets Once a storm has been detected that is once the packet threshold set below has been exceeded the Switch will shutdown the port to all incoming traffic with the exception of STP BPDU packets for a time period specified using the Countdown field If this field times out and the packet st...

Page 107: ...he port except STP BPDU packets which are essential in keeping the Spanning Tree operational on the Switch If the countdown timer has expired and yet the Packet Storm continues the port will be placed in Shutdown Forever mode and is no longer operational until the user manually resets the port using the config traffic control_recover command Choosing this option obligates the user to configure the...

Page 108: ...e separated by a dash For example 1 3 specifies switch number 1 port 3 2 4 specifies switch number 2 port 4 1 3 2 4 specifies all of the ports between switch 1 port 3 and switch 2 port 4 in numerical order Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 all All ports on switches in the switch stack Restrictions Only Administrator and Operator level users can issue this ...

Page 109: ...switch 1 port 3 and switch 2 port 4 in numerical order Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 Restrictions None Example usage To display traffic control setting DGS 3426 5 show traffic control Command show traffic control Traffic Storm Control Trap None Port Thres Broadcast Multicast Unicast Action Count Time Shutdown hold Storm Storm Storm down Interval Foreve...

Page 110: ... hardware priority queues in order beginning with the highest priority queue 6 to the lowest priority queue 0 Each hardware queue will transmit all of the packets in its buffer before permitting the next lower priority to transmit its packets When the lowest hardware priority queue has finished transmitting all of its packets the highest hardware priority queue will begin transmitting any packets ...

Page 111: ...ntiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 rx_rate Specifies that one of the parameters below no_limit or value 64 10000000 will be applied to the rate at which the above specified ports will be allowed to receive packets no_limit Specifies that there will be no limit on the rate of packets received by the above specified ports value 64 10000000 Specifies the receiving p...

Page 112: ...specifies switch number 1 port 3 2 4 specifies switch number 2 port 4 1 3 2 4 specifies all of the ports between switch 1 port 3 and switch 2 port 4 in numerical order Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 Restrictions None Example usage To display bandwidth control settings DGS 3426 5 show bandwidth_control 1 1 1 10 Command show bandwidth_control 1 1 1 10 Ban...

Page 113: ...ority queue to begin transmitting its packets A value between 0 and 15 can be specified For example if a value of 3 is specified then the highest hardware priority queue number 6 will be allowed to transmit 3 packets then the next lowest hardware priority queue number 5 will be allowed to transmit 3 packets and so on until all of the queues have transmitted 3 packets The process will then repeat P...

Page 114: ... the seven hardware priority queues 802 1p Hardware Queue Remark 0 2 Mid low 1 0 Lowest 2 1 Lowest 3 3 Mid low 4 4 Mid high 5 5 Mid high 6 6 Highest 7 6 Highest This mapping scheme is based upon recommendations contained in IEEE 802 1D Users may change this mapping by specifying the 802 1p user priority you want to go to the class_id 0 6 the number of the hardware queue Parameters priority 0 7 The...

Page 115: ...ntax config 802 1p default_priority portlist all priority 0 7 Description This command is used to specify a default priority handling of untagged packets received by the Switch The priority value entered with this command will be used to determine which of the seven hardware priority queues the packet is forwarded to Parameters portlist Specifies a port or range of ports to be configured The port ...

Page 116: ... specified by listing the lowest switch number and the beginning port number on that switch separated by a colon Then the highest switch number and the highest port number of the range also separated by a colon are specified The beginning and end of the port list range are separated by a dash For example 1 3 specifies switch number 1 port 3 2 4 specifies switch number 2 port 4 1 3 2 4 specifies al...

Page 117: ...ing its queue if a packet is received on a higher class of service The packet that was received on the higher class of service will transmit its packet before allowing the lower class to resume clearing its queue Parameters strict Entering the strict parameter indicates that the highest class of service is the first to be processed That is the highest class of service should finish emptying before...

Page 118: ...enable Head of Line prevention Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable HOL prevention DGS 3426 5 enable hol_prevention Command enable hol_prevention Success DGS 3426 5 disable hol_prevention Purpose Used to disable HOL prevention Syntax disable hol_prevention Description This command is used to disable Head of Line pre...

Page 119: ...w HOL prevention Syntax show hol_prevention Description This command is used to display the Head of Line prevention state Parameters None Restrictions None Example usage To view the HOL prevention status DGS 3426 5 show hol_prevention Command show hol_prevention Device HOL Prevention State Enabled DGS 3426 5 ...

Page 120: ...its operating speed to match that of the target port The port is specified by listing the lowest switch number and the beginning port number on that switch separated by a colon For example 1 3 specifies switch number 1 port 3 2 4 specifies switch number 2 port 4 add delete Specifies to add or delete ports to be mirrored which are specified in the source ports parameter source ports The port or por...

Page 121: ...roring configuration into the Switch and then turn the port mirroring on and off without having to modify the port mirroring configuration Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable mirroring configurations DGS 3426 5 enable mirror Command enable mirror Success DGS 3426 5 disable mirror Purpose Used to disable a previousl...

Page 122: ...t port mirroring configuration on the Switch Syntax show mirror Description This command is used to display the current port mirroring configuration on the Switch Parameters None Restrictions None Example usage To display mirroring configuration DGS 3426 5 show mirror Command show mirror Current Settings Mirror Status Enabled Target Port 1 1 Mirrored Port RX TX 1 2 1 7 DGS 3426 5 ...

Page 123: ...is tpid and therefore checks the VLAN tagged packet to see if a provider VLAN tag has been added If so the packet is then routed through this provider VLAN which contains smaller VLANs with similar configurations to ensure speedy and guaranteed routing destination of the packet The VLAN commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following tab...

Page 124: ...1Q VLAN on the Switch advertisement Specifies that the VLAN is able to join GVRP Restrictions Each VLAN name can be up to 32 characters Only Administrator and Operator level users can issue this command Example usage To create a VLAN v1 tag 2 DGS 3426 5 create vlan v1 tag 2 Command create vlan v1 tag 2 Success DGS 3426 5 delete vlan Purpose Used to delete a previously configured VLAN on the Switch...

Page 125: ...ts to add to or delete from the specified VLAN The port list is specified by listing the lowest switch number and the beginning port number on that switch separated by a colon Then the highest switch number and the highest port number of the range also separated by a colon are specified The beginning and end of the port list range are separated by a dash For example 1 3 specifies switch number 1 p...

Page 126: ...ports on the Switch state enable disable Enables or disables GVRP for the ports specified in the port list ingress_checking enable disable Enables or disables ingress checking for the specified port list acceptable_frame tagged_only admit_all This parameter states the frame type that will be accepted by the Switch for this function tagged_only implies that only VLAN tagged frames will be accepted ...

Page 127: ...ble gvrp Success DGS 3426 5 show vlan Purpose Used to display the current VLAN configuration information including parameters settings and operational value on the Switch Syntax show vlan vlan_name 32 vlanid vidlist ports portlist Description This command is used to display summary information about each VLAN including the VLAN ID VLAN name the Tagging Untagging status and the Member Non member Fo...

Page 128: ... on the Switch Parameters portlist Specifies a port or range of ports for which the GVRP status is to be displayed The port list is specified by listing the lowest switch number and the beginning port number on that switch separated by a colon Then the highest switch number and the highest port number of the range also separated by a colon are specified The beginning and end of the port list range...

Page 129: ...ll Frames CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All enable double_vlan Purpose Used to enable the Q in Q VLAN feature on the Switch Syntax enable double_vlan Description This command along with the disable double_vlan command enables and disables the Q in Q Tag VLAN When Q in Q VLANs are enabled the system configurations for VLANs will return to the default setting except stacking...

Page 130: ...eed to reset system config Are you sure y n y Success DGS 3426 5 create double_vlan Purpose Used to create a Q in Q VLAN on the Switch Syntax create double_vlan vlan_name 32 spvid vlanid 1 4094 tpid hex 0x0 0xffff Description This command is used to create a Q in Q VLAN service provider VLAN on the Switch Parameters vlan vlan_name 32 The name of the Q in Q VLAN to be created The user is to enter a...

Page 131: ...mple 1 3 specifies switch number 1 port 3 2 4 specifies switch number 2 port 4 1 3 2 4 specifies all of the ports between switch 1 port 3 and switch 2 port 4 in numerical order Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 delete Specify this parameter to delete ports configured in the portlist from this VLAN portlist Enter a list of ports to be deleted from this VLAN...

Page 132: ...ts Access ports 1 4 1 8 Unknow ports Total Entries 1 DGS 3426 5 enable pvid auto_assign Purpose Used to enable auto assign PVID Syntax enable pvid auto_assign Description This command is used to enable auto assign PVID If PVID auto_assign is disabled PVID can only be changed by PVID configuration user changes explicitly The VLAN configuration has no effect on PVID If PVID auto_assign is enabled PV...

Page 133: ... has no effect on PVID The default setting is enabled Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable the auto assign PVID DGS 3426 5 disable pvid auto_assign Command disable pvid auto_assign Success DGS 3426 5 show pvid auto_assign Purpose Show PVID auto assignment state Syntax show pvid auto_assign Description This command i...

Page 134: ...lan Purpose Used to create an ISM VLAN on the switch Syntax create igmp_snooping multicast_vlan vlan_name 32 vlanid 2 4094 Description This command is used to create a multicast VLAN on the Switch Parameters vlan_name 32 Specifies the ISM VLAN name max length is 32 vlanid 2 4094 Specifies the ISM VLAN ID Restrictions Only Administrator and Operator level users can issue this command Example usage ...

Page 135: ... for a previously created multicast VLAN on the Switch Parameters vlan_name 32 Specifies the ISM VLAN name The maximum length is 32 characters member_port portlist Add untagged member ports to ISM VLAN which connect with PC users tag_member_port portlist Add tagged member ports to ISM VLAN which connect with PC users source_port portlist Add source ports to ISM VLAN which connect with uplink serve...

Page 136: ...GS 3426 5 config igmp_snooping multicast_vlan_group Purpose Used to configure multicast group in this ISM VLAN on the switch Syntax config igmp_snooping multicast_vlan_group vlan_name 32 add delete mcast_address_list delete_all Description This command is used to configure the multicast group which will be learned with the specific multicast VLAN Parameters vlan_name 32 Specifies the ISM VLAN name...

Page 137: ... usage To display an ISM VLAN DGS 3426 5 show igmp_snooping multicast_vlan Command show igmp_snooping multicast_vlan VLAN Name test VID 2 Member Untagged Ports 1 8 Tagged Member Ports 10 Source Ports 9 Status Enabled Replace Source IP 192 18 2 1 Total Entries 1 show igmp_snooping multicast_vlan_group Purpose Used to display the ISM VLAN groups on the Switch Syntax show igmp_snooping multicast_vlan...

Page 138: ...itch allows up to 32 link aggregation groups to be configured The group number identifies each of the groups type Specify the type of link aggregation used for the group If the type is not specified the default type is static lacp This designates the port group as LACP compliant LACP allows dynamic adjustment to the aggregated port group LACP compliant ports may be further configured see config la...

Page 139: ...ber identifies each of the groups master_port port Master port ID Specifies which port by port number of the link aggregation group will be the master port All of the ports in a link aggregation group will share the port configuration with the master port The port is specified by listing the switch number and the port number on that switch separated by a colon For example 1 3 specifies switch numb...

Page 140: ...n addresses ip_source Indicates that the Switch should examine the IP source address ip_destination Indicates that the Switch should examine the IP destination address ip_source_dest Indicates that the Switch should examine the IP source address and the destination address Restrictions Only Administrator and Operator level users can issue this command Example usage To configure link aggregation al...

Page 141: ...3 2 4 specifies switch number 2 port 4 1 3 2 4 specifies all of the ports between switch 1 port 3 and switch 2 port 4 in numerical order mode Select the mode to determine if LACP ports will process LACP control frames active Active LACP ports are capable of processing and sending LACP control frames This allows LACP compliant devices to negotiate the aggregated link so the group may be changed dyn...

Page 142: ...e range also separated by a colon are specified The beginning and end of the port list range are separated by a dash For example 1 3 specifies switch number 1 port 3 2 4 specifies switch number 2 port 4 1 3 2 4 specifies all of the ports between switch 1 port 3 and switch 2 port 4 in numerical order Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 If no parameter is spec...

Page 143: ...Switch will only accept packets from a created entry in the IP MAC Port Binding Setting window All others will be discarded The function is port based meaning a user can enable or disable the function on the individual port To configure the ACL mode the user must first set up IP MAC Port binding using the create address_binding ip_mac ipaddress command to create an entry Then the user must enable ...

Page 144: ...ng ports portlist all Each command is listed in detail in the following sections create address_binding ip_mac ipaddress Purpose Used to create an IP MAC Port Binding entry in the white list Syntax create address_binding ip_mac ipaddress ipaddr mac_address macaddr ports portlist all Description This command is used to create an IP MAC Port Binding entry Parameters ipaddr The IP address of the devi...

Page 145: ...abled ports ACL mode belong to this entry the access profile table will look like this DGS 3426 5 show access_profile Command show access_profile Access Profile Table Total Unused Rule Entries 767 Total Used Rule Entries 1 Access Profile ID 1 Type Ethernet Owner IP MAC PORT Binding MASK Option Ethernet type Access ID 1 Mode Deny Ports 2 16 0x800 Unused Entries 127 DGS 3426 5 The show access_profil...

Page 146: ...IMPB settings for specified ports Syntax config address_binding ip_mac ports portlist all state enable strict loose disable allow_zeroip enable disable forward_dhcppkt enable disable mode arp acl stop_learning_threshold value 0 500 1 Description This command is used to configure the per port state of IP MAC binding on the Switch If a port has been configured as a group member of an aggregated link...

Page 147: ...orm DoS attacks by statically configuring the ARP table on their PC In this case the Switch cannot block such attacks because the PC will not send out ARP packets allow_zeroip Specifies whether to allow ARP packets with Source IP address 0 0 0 0 When enabled on a port all ARP packets with a source IP address of 0 0 0 0 is forwarded when set to disable they are blocked forward_dhcppkt By default th...

Page 148: ...s can be viewed by entering the VLAN name and the MAC address of the device ports Specifies a port or range of ports to be displayed information Parameters all Displays all IP MAC Port binding entries for Blocked Address Binding entries all specifies all the blocked VLANs and their bound MAC addresses ipaddr The IP address of the device where the IP MAC Port binding is made macaddr The MAC address...

Page 149: ...evice on a known VLAN all For IP MAC Port Binding all specifies all the IP MAC Port Binding entries for Blocked Address Binding entries all specifies all the blocked VLANs and their bound physical addresses Restrictions Only Administrator and Operator level users can issue this command Example usage To delete an IP MAC Port Binding entry on the Switch DGS 3426 5 delete address binding ip mac ipadd...

Page 150: ...e the address binding debugging feature on the Switch Syntax debug address_binding event dhcp all Description This command is used to configure the IPMB debugging feature The debugging feature is disabled by default Parameters event The Switch will print out the debug messages when an IMPB module receives ARP IP packets dhcp The Switch will print out the debug messages when the IMPB module receive...

Page 151: ... dropped DHCP snooping is generally considered to be more secure because it enforces all clients to acquire IP through the DHCP server Additionally it makes IP Information auditable because clients cannot manually configure their own IP address Each DHCP snooped entry is associated with a lease time When the lease time expires the expired entry will be removed from this port The auto learned bindi...

Page 152: ...p_snoop binding_entry ports portlist all Description This command is used to clear the DHCP snooped entries learned for the specified ports Parameters ports Specifies the list of ports on which to cleare the DHCP snoop learned entry Restrictions Only Administrator and Operator level users can issue this command Example usage To clear address binding auto mode DGS 3426 5 clear address_binding dhcp_...

Page 153: ...ress Lease Time secs Port Status 10 62 58 35 00 0B 5D 05 34 0B 35964 1 Active 10 33 53 82 00 20 c3 56 b2 ef 2590 2 Inactive Total entries 2 DGS 3426 5 To display the address_binding dhcp_snoop max_entry DGS 3426 5 show address_binding dhcp_snoop max_entry Command show address_binding dhcp_snoop max_entry Port Max Entry 1 1 no_limit 1 2 no_limit 1 3 no_limit 1 4 no_limit 1 5 no_limit 1 6 no_limit 1...

Page 154: ...ries that ports 1 23 can learn to 10 DGS 3426 5 config address_binding dhcp_snoop max_entry ports 1 3 limit 10 Command config address_binding dhcp_snoop max_entry ports 1 1 1 3 limit 10 Success DGS 3426 5 config address_binding recover_learning ports Purpose To recover a port from the stop learning state to the normal state Syntax config address_binding recover_learning ports portlist all Descript...

Page 155: ...witch Utility Commands for descriptions of all autoconfig commands Each command is listed in detail in the following sections create ipif Purpose Used to create an IP interface on the Switch Syntax create ipif ipif_name 12 network_address vlan_name 32 state enable disable Description This command is used to create an IP interface Parameters ipif_name 12 The name for the IP interface to be created ...

Page 156: ...ble disable Allows users to enable or disable the IP interface bootp Allows the selection of the BOOTP protocol for the assignment of an IP address to the Switch s System IP interface This method is only for IPv4 addresses and if users manually configure an IPv4 address and set this parameter the manually set IP address will be overwritten by this protocol dhcp Allows the selection of the DHCP pro...

Page 157: ...nabled IPv4 Address 10 48 74 122 8 MANUAL IPv6 Link Local Address FE80 217 9AFF FEBA 72CB 128 Interface Name Zira VLAN Name Tiberius Interface Admin State Enabled IPv4 Address 0 0 0 0 0 MANUAL IPv6 Link Local Address FE80 217 9AFF FEBA 72CB 128 IPv6 Global Unicast Address 3FFE 501 FFFF 100 1 64 Total Entries 2 DGS 3426 5 enable ipif Purpose Used to enable an IP interface on the Switch Syntax enabl...

Page 158: ...ctions Only Administrator and Operator level users can issue this command Example usage To disable the IP interface named s2 DGS 3426 5 disable ipif s2 Command disable ipif s2 Success DGS 3426 5 delete ipif Purpose Used to delete the configuration of an IP interface on the Switch Syntax delete ipif ipif_name 12 all Description This command will delete the configuration of an IP interface on the Sw...

Page 159: ...ta field of the DHCP reply packet The TFTP server must be running and have the requested configuration file in its base directory when the request is received from the Switch Consult the DHCP server and TFTP server software instructions for information on loading a configuration file Example usage To enable auto configuration on the Switch DGS 3426 5 enable autoconfig Command enable autoconfig Suc...

Page 160: ...able the auto configuration of link local addresses when there are no IPv6 addresses explicitly configured When an IPv6 address is explicitly configured the link local address will be automatically configured and the IPv6 processing will be started When there is no IPv6 address explicitly configured by default link local address is not configured and the IPv6 processing will be disabled By enablin...

Page 161: ... automatic configuration of link local address for an interface DGS 3426 5 disable ipif_ipv6_link_local_auto System Command disable ipif_ipv6_link_local_auto System Success DGS 3426 5 show ipif_ipv6_link_local_auto Purpose Displays the link local address automatic configuration state Syntax show ipif_ipv6_link_local_auto ipif_name 12 Description This command is used to display the link local addre...

Page 162: ...295 valid_life_time value 0 4294967295 on_link_flag enable disable autonomus_flag enable disable 1 config ipv6 nd ns ipif ipif_name 12 retrans_time uint 0 4294967295 show ipv6 nd ipif ipif_name 12 Each command is listed in detail in the following sections create ipv6 neighbor_cache ipif Purpose Used to add a static IPv6 neighbor Syntax create ipv6 neighbor_cache ipif ipif_name 12 ipv6addr macaddr ...

Page 163: ...or_cache ipif Purpose Used to view the neighbor cache of an IPv6 interface located on the Switch Syntax show ipv6 neighbor_cache ipif ipif_name 12 all ipv6address ipv6addr static dynamic all Description This command is used to display the IPv6 neighbors of a configured IPv6 interface currently set on the switch Users may specify an IP interface IPv6 address or statically entered IPv6 addresses by ...

Page 164: ...link this value should not exceed the value stated in the Life Time field previously mentioned Setting this field to zero will specify that this switch will not specify the Retransmit Time for the link local network and therefore will be specified by another router on the link local network The default value is 0 milliseconds hop_limit value 0 255 This field sets the number of nodes that this Rout...

Page 165: ... network This prefix is carried in the Router Advertisement message to be shared on the link local network The user must first have a Global Unicast Address set for the Switch preferred_life_time uint 0 4294967295 This field states the time that this prefix is advertised as being preferred on the link local network when using stateless address configuration The user may configure a time between 0 ...

Page 166: ... between 0 and 4294967295 milliseconds Very fast intervals represented by a low number are not recommended for this field Restrictions Only Administrator and Operator level users can issue this command Example usage To configure IPv6 ND Neighbor Soliciatation messages DGS 3426 5 config ipv6 nd ns ipif Zira retrans_time 1000000 Command config ipv6 nd ns ipif Zira retrans_time 1000000 Success DGS 34...

Page 167: ...98 s RA Router Life Time 1800 s RA Reachable Time 1200000 ms RA Retransmit Time 0 ms RA Managed Flag Disabled RA Other Config Flag Disabled Interface Name Zira Hop Limit 10 NS Retransmit Time 50000 ms Router Advertisement Enabled RA Max Router AdvInterval 100 s RA Min Router AdvInterval 50 s RA Router Life Time 1000 s RA Reachable Time 10000 ms RA Retransmit Time 50000 ms RA Managed Flag Enabled R...

Page 168: ...5 last_member_query_interval sec 1 25 state enable disable version value 1 3 1 create igmp_snooping static_group vlan vlan_name 32 vlanid vidlist ipaddr config igmp_snooping static_group vlan vlan_name 32 vlanid vidlist ipaddr add delete portlist delete igmp_snooping static_group vlan vlan_name 32 vlanid vidlist ipaddr show igmp_snooping static_group vlan vlan_name 32 vlanid vidlist ipaddr config ...

Page 169: ... 16711450 Specifies the amount of time a Multicast address will stay in the database before it is deleted after it has sent out a leave group message The default is 2 seconds Note This parameter is configurable but will not take effect The parameter remains in order to be compatible with the older version of the CLI state enable disable Allows users to enable or disable IGMP snooping for the speci...

Page 170: ...lows robustness variable x query interval 1 x query response interval Other querier present interval Amount of time that must pass before a multicast router decides that there is no longer another multicast router that is the querier This interval is calculated as follows robustness variable x query interval 0 5 x query response interval Last member query count Number of group specific queries sen...

Page 171: ...h to create IGMP snooping static group information vlanid vidlist The list of the VLAN IDs for which to create IGMP snooping static group information ipaddr The static group address for which to create IGMP snooping static group information Restrictions Only Administrator and Operator level users can issue this command Example usage To create a static group 226 1 1 1 for VID 1 DGS 3426 5 create ig...

Page 172: ...ly Administrator and Operator level users can issue this command Example usage To delete a static group 226 1 1 1 on VID 1 DGS 3426 5 delete igmp_snooping static_group vlanid 1 226 1 1 1 Command delete igmp_snooping static_group vlanid 1 226 1 1 1 Success DGS 3426 5 show igmp_snooping static_group Purpose Used to display the current IGMP snooping static group information on the Switch Syntax show ...

Page 173: ...her add or delete router ports to the specified VLAN portlist Specifies a port or range of ports that will be configured as router ports The port list is specified by listing the lowest switch number and the beginning port number on that switch separated by a colon Then the highest switch number and the highest port number of the range also separated by a colon are specified The beginning and end ...

Page 174: ... 4 specifies switch number 2 port 4 1 3 2 4 specifies all of the ports between switch 1 port 3 and switch 2 port 4 in numerical order Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 Restrictions Only Administrator and Operator level users can issue this command Example usage To set up forbidden router ports DGS 3426 5 config router_ports_forbidden default add 1 2 1 10 C...

Page 175: ...d without the parameter will disable igmp snooping on the Switch Restrictions Only Administrator and Operator level users can issue this command Example usage To disable IGMP snooping on the Switch DGS 3426 5 disable igmp_snooping Command disable igmp_snooping Success DGS 3426 5 Example usage To disable forwarding all multicast traffic to a multicast enabled router DGS 3426 5 disable igmp_snooping...

Page 176: ... router_ports Purpose Used to display the currently configured router ports on the Switch Syntax show router_ports vlan vlan_name 32 static dynamic forbidden Description This command is used to display the router ports currently configured on the Switch Parameters vlan vlan_name 32 The name of the VLAN on which the router port resides static Displays router ports that have been statically configur...

Page 177: ...and is used to display the current IGMP Snooping Group configuration setup currently configured on the Switch Parameters vlan_name 32 The name of the VLAN for which to view IGMP snooping group information Restrictions None Example usage To view the current IGMP snooping group DGS 3426 5 show igmp_snooping group Command show igmp_snooping group Source Group NULL 226 1 1 1 VLAN Name VID default 1 Po...

Page 178: ...cific multicast address that is also ready These two types of messages are distinguished by a multicast destination address located in the IPv6 header and a multicast address in the Multicast Listener Query Message 2 Multicast Listener Report Comparable to the Host Membership Report in IGMPv2 and labeled as 131 in the ICMP packet header this message is sent by the listening port to the Switch stat...

Page 179: ...le usage To enable MLD snooping globally on the Switch DGS 3426 5 enable mld_snooping Command enable mld_snooping Success DGS 3426 5 disable mld_snooping Purpose Used to disable MLD snooping globally on the switch Syntax disable mld_snooping forward_mcrouter_only Description This command in conjunction with the enable mld_snooping will enable and disable MLD snooping globally on the switch without...

Page 180: ...st group without the Switch receiving a node listener report The user may specify a time between 1 and 16711450 with a default setting of 260 seconds Note This parameter is configurable but will not take effect The parameter remains in order to be compatible with the older version of the CLI done_timer sec 1 16711450 Specifies the maximum amount of time a router can remain in the Switch after rece...

Page 181: ... snooping multicast router ports DGS 3426 5 config mld_snooping mrouter_ports default add 1 1 1 10 Command config mld_snooping mrouter_ports default add 1 1 1 10 Success DGS 3426 5 config mld_snooping mrouter_ports_forbidden Purpose Used to configure ports on the Switch as forbidden router ports Syntax config mld_snooping mrouter_ports_forbidden vlan_name 32 add delete portlist Description This co...

Page 182: ...sponse_time sec 1 25 The maximum time to wait for reports from listeners The user may specify a time between 1 and 25 seconds with a default setting of 10 seconds robustness_variable value 1 255 Provides fine tuning to allow for expected packet loss on a subnet The user may choose a value between 1 and 255 with a default setting of 2 If a subnet is expected to be lossy the user may wish to increas...

Page 183: ...he default value is the value of the robustness variable show mld_snooping Purpose Used to display the current status of the MLD snooping function on the Switch Syntax show mld_snooping vlan vlan_name 32 Description This command is used to display the current status of the MLD snooping function on the Switch Parameters vlan vlan_name 32 The name of the VLAN for which to view the MLD snooping confi...

Page 184: ...Port Member 11 Mode INCLUDE Source Group 2001 2 FF1E 1 VLAN Name VID default 1 Port Member 11 Mode INCLUDE Source Group 2001 3 FF1E 1 VLAN Name VID default 1 Port Member 11 Mode INCLUDE Total Entries 3 DGS 3426 5 show mld_snooping mrouter_ports Purpose Used to display the current router ports set on the Switch Syntax show mld_snooping mrouter_ports vlan vlan_name 32 static dynamic forbidden Descri...

Page 185: ...al 181 To display the MLD snooping multicast router port settings DGS 3426 5 show mld_snooping mrouter_ports Commands show mld_snooping mrouter_ports VLAN Name default Static mrouter port 1 10 Dynamic mrouter port Forbidden mrouter port Total Entries 1 DGS 3426 5 ...

Page 186: ... range access level and state Parameters portlist A port or range of ports to config the limited multicast address The port list is specified by listing the lowest switch number and the beginning port number on that switch separated by a colon Then the highest switch number and the highest port number of the range also separated by a colon are specified The beginning and end of the port list range...

Page 187: ...umerical order Restrictions Only Administrator and Operator level users can issue this command Example usage To delete the limited multicast address on ports 1 3 DGS 3426 5 delete limited multicast address 1 1 1 3 Command delete limited multicast address 1 1 1 3 Success DGS 3426 5 show limited multicast address Purpose Used to show per port Limited IP multicast address range Syntax show limited mu...

Page 188: ...Manual 184 DGS 3426 5 show limited multicast address 1 1 1 3 Command show limited multicast address 1 1 1 3 Port From To Access Status 1 1 224 1 1 1 224 1 1 2 permit enable 1 2 224 1 1 1 224 1 1 2 permit enable 1 3 224 1 1 1 224 1 1 2 permit enable DGS 3426 5 ...

Page 189: ...15 delete 802 1x user username 15 show 802 1x user show auth_statistics ports portlist all show auth_diagnostics ports portlist all show auth_session_statistics ports portlist all show auth_client show acct_client config 802 1x capability ports portlist all authenticator none config 802 1x auth_parameter ports portlist all default direction both in port_control force_unauth auto force_auth quiet_p...

Page 190: ...nable the 802 1X server on the Switch Syntax enable 802 1x Description This command is used to enable the 802 1X Network Access control server application on the Switch To select between port based or MAC based use the config 802 1x auth_mode command Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable 802 1X switch wide DGS 3426 5...

Page 191: ... Description This command is used to display the 802 1X general configurations on the Switch Parameters None Restrictions None Example usage To display the 802 1X general authentication configuration DGS 3426 5 show 802 1x Command show 802 1x 802 1X Enabled Authentication Mode Port_based Authentication Protocol RADIUS_EAP Authentication Failover Enabled Forward EAPOL PDU Enabled Max Users No Limit...

Page 192: ...unauthorized will exert control over communication in both receiving and transmitting directions or just the receiving direction OpenCtlDir Both In Shows whether a controlled Port that is unauthorized will exert control over communication in both receiving and transmitting directions or just the receiving direction Port Control ForceAuth ForceUnauth Auto Shows the administrative control over the p...

Page 193: ...eparated by a dash For example 1 3 specifies switch number 1 port 3 2 4 specifies switch number 2 port 4 1 3 2 4 specifies all of the ports between switch 1 port 3 and switch 2 port 4 in numerical order Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 The following details what is displayed Ports Shows the physical port number on the Switch Restrictions None Example usag...

Page 194: ...ted 1234 1 00 00 00 00 00 03 Blocked 1 00 00 00 00 00 04 Authenticating 2 P Authenticated 1234 4 P Authenticating 4 P Blocked Total Authenticating Hosts 2 Total Authenticated Hosts 3 DGS 3426 5 config 802 1x auth_mode Purpose Used to configure the 802 1X authentication mode on the Switch Syntax config 802 1x auth_mode port_based mac_based Description This command is used to enable either the port ...

Page 195: ...ange also separated by a colon are specified The beginning and end of the port list range are separated by a dash For example 1 3 specifies switch number 1 port 3 2 4 specifies switch number 2 port 4 1 3 2 4 specifies all of the ports between switch 1 port 3 and switch 2 port 4 in numerical order Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 all Specifies all of the p...

Page 196: ...ings direction both in Determines whether a controlled port blocks communication in both the receiving and transmitting directions or just the receiving direction port_control Configures the administrative control over the authentication process for the range of ports The user has the following authentication options force_auth Forces the Authenticator for the port to become authorized Network acc...

Page 197: ...resses approved for initialization can then be specified ports portlist Specifies a port or range of ports to be configured The port list is specified by listing the lowest switch number and the beginning port number on that switch separated by a colon Then the highest switch number and the highest port number of the range also separated by a colon are specified The beginning and end of the port l...

Page 198: ...cifies a port or range of ports to be re authorized The port list is specified by listing the lowest switch number and the beginning port number on that switch separated by a colon Then the highest switch number and the highest port number of the range also separated by a colon are specified The beginning and end of the port list range are separated by a dash For example 1 3 specifies switch numbe...

Page 199: ...port udp_port_number 1 65535 The UDP port number for authentication requests The default is 1812 acct_port udp_port_number 1 65535 The UDP port number for accounting requests The default is 1813 timeout int 1 255 The time in second for waiting server reply The default is 5 seconds retransmit int 1 20 The count for re transmit The default is 2 Restrictions Only Administrator and Operator level user...

Page 200: ...ed auth_port udp_port_number 1 65535 The UDP port number for authentication requests The default is 1812 acct_port udp_port_number 1 65535 The UDP port number for accounting requests The default is 1813 timeout int 1 255 The time in seconds that will wait for a reply from the server If the corresponding global parameter is supported by default the value will follow the global settings Otherwise th...

Page 201: ...s username 15 A username of up to 15 alphanumeric characters in length Restrictions Only Administrator and Operator level users can issue this command Example usage To create an 802 1X user DGS 3426 5 create 802 1x user RG Command create 802 1x user RG Enter a case sensitive new password Enter the new password again for confirmation Success DGS 3426 5 show 802 1x user Purpose Used to display the 8...

Page 202: ...d Operator level users can issue this command Example usage To delete 802 1X users DGS 3426 5 delete 802 1x user Rob Command delete 802 1x user Rob Are you sure to delete the user y n Success DGS 3426 5 config 802 1x auth_protocol Purpose Used to configure the 802 1X authentication protocol on the Switch Syntax config 802 1x auth_protocol local radius_eap Description This command enables configura...

Page 203: ... 1 radiusAccServerAddress 0 0 0 0 radiusAccClientServerPortNumber 0 radiusAccClientRoundTripTime 0 radiusAccClientRequests 0 radiusAccClientRetransmissions 0 radiusAccClientResponses 0 radiusAccClientMalformedResponses 0 radiusAccClientBadAuthenticators 0 radiusAccClientPendingRequests 0 radiusAccClientTimeouts 0 radiusAccClientUnknownTypes 0 radiusAccClientPacketsDropped 0 CTRL C ESC q Quit SPACE...

Page 204: ...ostics Purpose Used to display the current authentication diagnostics Syntax show auth_diagnostics ports portlist all Description This command is used to display the current authentication diagnostics of the Switch on a per port basis Parameters ports portlist Specifies a range of ports The port list is specified by listing the lowest switch number and the beginning port number on that switch sepa...

Page 205: ...authentication session statistics Syntax show auth_session_statistics ports portlist all Description This command is used to display the current authentication session statistics of the Switch on a per port basis Parameters ports portlist Specifies a range of ports The port list is specified by listing the lowest switch number and the beginning port number on that switch separated by a colon Then ...

Page 206: ...er on that switch separated by a colon Then the highest switch number and the highest port number of the range also separated by a colon are specified The beginning and end of the port list range are separated by a dash For example 1 3 specifies switch number 1 port 3 2 4 specifies switch number 2 port 4 1 3 2 4 specifies all of the ports between switch 1 port 3 and switch 2 port 4 in numerical or...

Page 207: ...st VLAN Syntax config 802 1x guest_vlan ports portlist all state enable disable Description This command is used to configure ports to be enabled or disabled for the 802 1X guest VLAN Parameters portlist Specify a port or range of ports to be configured for the 802 1X Guest VLAN The port list is specified by listing the lowest switch number and the beginning port number on that switch separated by...

Page 208: ...ge To configure the configurations for a previously created 802 1X Guest VLAN DGS 3426 5 show 802 1x guest_vlan Command show 802 1x guest_vlan Guest VLAN Setting Guest VLAN Tiberius Enable guest VLAN ports 1 5 1 8 DGS 3426 5 delete 802 1x guest_vlan Purpose Used to delete a 802 1X Guest VLAN Syntax delete 802 1x guest_vlan vlan_name 32 Description This command is used to delete an 802 1X Guest VLA...

Page 209: ...cation failover DGS 3426 5 config 802 1x auth_failover enable Command config 802 1x auth_failover enable Success DGS 3426 5 config 802 1x fwd_pdu system Purpose Used to configure the forwarding of EAPOL PDU when 802 1X is disabled Syntax config 802 1x fwd_pdu system enable disable Description This is a global setting to control the forwarding of EAPOL PDU When 802 1X functionality is disabled glob...

Page 210: ...erical order all Specifies all of the ports on the Switch enable Enables the 802 1X forward PDU ports disable Disables the 802 1X forward PDU ports Restrictions Only Administrator and Operator level users can issue this command Example usage To configure 802 1X forwarding PDU for ports DGS 3426 5 config 802 1x fwd_pdu ports 1 1 1 2 enable Command config 802 1x fwd_pdu ports 1 1 1 2 enable Success ...

Page 211: ... shell system state enable disable Description This command is used to enable or disable the specified RADIUS accounting service Parameters network Specifies an accounting service for 802 1X port access control By default the service is disabled shell Accounting service for shell events When the user logs in or logs out of the switch via the console Telnet or SSH when timeout occurs accounting inf...

Page 212: ...itch CLI Manual 208 show accounting service Restrictions None Example usage To display the accounting service DGS 3426 5 show accounting service Command show accounting service Accounting State Network Disabled Shell Enabled System Disabled DGS 3426 5 ...

Page 213: ...y within the list of rules A lower access_id gives the rule a higher priority In case of a conflict in the rules entered for an access profile the rule with the highest priority lowest access_id will take precedence The ip parameter instructs the Switch that this new rule will be applied to the IP addresses contained within each frame s header source_ip tells the Switch that this rule will apply t...

Page 214: ...ff offset 16 31 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset 32 47 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset 48 63 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset 64 79 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff 1 ipv6 class flowlabel 1 source_ipv6_mask...

Page 215: ... 000000000000 FFFFFFFFFFFF 802 1p Specifies that the Switch will examine the 802 1p priority value in the frame s header ethernet_type Specifies that the Switch will examine the Ethernet type value in each frame s header Restrictions Only Administrator and Operator level users can issue this command Example usage To create an Ethernet access profile DGS 3426 5 create access_profile profile_id 1 et...

Page 216: ... 2 port 4 1 3 2 4 specifies all of the ports between switch 1 port 3 and switch 2 port 4 in numerical order Up to 128 rules may be configured for each port The user may select all ports by entering the all parameter Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 permit Specifies that packets that match the access profile are permitted to be forwarded by the Switch prio...

Page 217: ...ss_profile command below Syntax create access_profile profile_id value 1 6 ip vlan source_ip_mask netmask destination_ip_mask netmask dscp icmp type code igmp type tcp src_port_mask hex 0x0 0xffff dst_port_mask hex 0x0 0xffff flag_mask all urg ack psh rst syn fin udp src_port_mask hex 0x0 0xffff dst_port_mask hex 0x0 0xffff protocol_id_mask hex 0x0 0xff user_define_mask hex 0x0 0xffffffff 1 Descri...

Page 218: ... a hexadecimal value that will identify the user defined protocol to be discovered in the packet header Restrictions Only Administrator and Operator level users can issue this command Example usage To configure a rule for the IP access profile DGS 3426 5 create access_profile profile_id 2 ip protocol_id_mask 0xFF Command create access_profile profile_id 2 ip protocol_id_mask 0xFF Success DGS 3426 ...

Page 219: ...s profile will apply only to packets that have this TCP source port in their TCP header dst_port value 0 65535 Specifies that the access profile will apply only to packets that have this TCP destination port in their TCP header Enter the type of TCP flag to be masked The choices are urg TCP control flag urgent ack TCP control flag acknowledgement psh TCP control flag push rst TCP control flag rese...

Page 220: ...hen the ingress rate is 640kbit sec The user many select a value between 1 156249 or no limit The default setting is no limit counter enable disable Use this parameter to enable the counter function When enabled this counter will count the number of packets that match the profile stated with this command If the counter command is enabled using the flow_meter command the conter command here will be...

Page 221: ...e will help you identify the bytes in the respective chunks chunk0 chunk1 chunk2 chunk29 chunk30 chunk31 b126 b2 b6 b114 b118 b122 b127 b3 b7 b115 b119 b123 b1 b4 b8 b116 b120 b124 b0 b5 b9 b117 b121 b125 Check the box of the chunk from 1 to 4 you wish to examine and then enter the hexadecimal value in the mask field profile_id value 1 6 Specifies an index number between 1 and 6 that will identify...

Page 222: ...n the Switch The beginning and end of the port list range are separated by a dash Non contiguous portlist entries are separated by a comma ex 1 3 7 9 permit Specifies that packets that match the access profile are permitted to be forwarded by the Switch priority value 0 7 This parameter is specified to re write the 802 1p default priority previously set in the Switch which is used to determine the...

Page 223: ... Switch finds in the specified frame header fields Specific values for the rules are entered using the config access_profile command below Syntax create access_profile profile_id value 1 6 ipv6 class flowlabel source_ipv6_mask ipv6mask destination_ipv6_mask ipv6mask 1 Description This command is used to identify various parts of IPv6 packets that enter the Switch so they can be either forwarded or...

Page 224: ...Pv6 access profile auto_assign Choose this parameter to configure the Switch to automatically assign a numerical value between 1 and 128 for the rule being configured ipv6 Specifies that the Switch will look into the IPv6 fields in each packet with emphasis on one or more of the following fields class value 0 255 Entering this parameter will instruct the Switch to examine the class field of the IP...

Page 225: ... the Switch and will be filtered counter enable disable Use this parameter to enable the counter function When enabled this counter will count the number of packets that match the profile stated with this command If the counter command is enabled using the flow_meter command the conter command here will be overridden and therefore will not count packets This command is optional and the default set...

Page 226: ...istrator and Operator level users can issue this command Example usage To delete the access profile with a profile ID of 1 DGS 3426 5 delete access_profile profile_id 1 Command delete access_profile profile_id 1 Success DGS 3426 5 show access_profile Purpose Used to display the currently configured access profiles on the Switch Syntax show access_profile profile_id value 1 6 Description This comma...

Page 227: ... which parts of each incoming frame s header the Switch will examine Masks can be entered that will be combined with the values the Switch finds in the specified frame header fields Specific values for the rules are entered using the config cpu access_profile command below Syntax create cpu access_profile ethernet vlan source_mac macaddr 000000000000 ffffffffffff destination_mac macaddr 0000000000...

Page 228: ... Point DSCP field in each frame s header icmp Specifies that the switch will examine the Internet Control Message Protocol ICMP field in each frame s header type Specifies that the switch will examine each frame s ICMP Type field code Specifies that the switch will examine each frame s ICMP Code field igmp Specifies that the switch will examine each frame s Internet Group Management Protocol IGMP ...

Page 229: ...ies an IP address mask for the source IPv6 address destination_ipv6 ipv6addr Specifies an IP address mask for the destination IPv6 address profile_id value 1 5 Enter an integer between 1 and 5 that is used to identify the CPU access profile to be deleted with this command Restrictions Only Administrator and Operator level users can issue this command Example usage To create a CPU access profile DG...

Page 230: ...fffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff 1 ipv6 class value 0 255 flowlabel hex 0x0 0xfffff 1 source_ipv6 ipv6addr destination_ipv6 ipv6addr 1 port portlist all permit deny time_range range_name 32 delete access_id value 1 100 Description This command is used to configure a CPU access profile for CPU Interface Filtering and to enter specific values that will be combined using...

Page 231: ...l TCP field within each packet src_port value 0 65535 Specifies that the access profile will apply only to packets that have this UDP source port in their header dst_port value 0 65535 Specifies that the access profile will apply only to packets that have this UDP destination port in their header protocol_id value 0 255 Specifies that the Switch will examine the protocol field in each packet and i...

Page 232: ...e of the Time Range settings that has been previously configured using the config time_range command This will set specific times when this access rule will be enabled or disabled on the Switch delete access_id value 1 100 Use this to remove a previously created access rule in a profile ID Restrictions Only Administrator and Operator level users can issue this command Example usage To configure CP...

Page 233: ...al 229 DGS 3426 5 show cpu access_profile Command show cpu access_profile CPU Interface Filtering State Disabled CPU Interface Access Profile Table Access Profile ID 1 TYPE Ethernet MASK Option VLAN 802 1p Access ID 2 Mode Permit default Total Entries 1 DGS 3426 5 ...

Page 234: ... associated rule are to be enabled on the Switch Remember this time range can only be applied to one period of time and also it is based on the time set on the Switch Parameters range_name 32 Enter a name of no more than 32 alphanumeric characters that will be used to identify this time range on the Switch This range name will be used in the config access_profile profile_id command to identify the...

Page 235: ...rrent configurations of the time range set on the Switch Syntax show time_range Description This command is used to display the currently configured time range s set on the Switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To view the current time range settings DGS 3426 5 show time_range Command show time_range Time Range informat...

Page 236: ...g all unnecessary broadcast IP packets even if the high CPU utilization is not caused by the high reception rate of broadcast IP packets b When fuzzy is chosen the Switch will minimize the IP packet bandwidth received by the Switch by adjusting the bandwidth for all IP packets by setting a acceptable bandwidth for both unicast and broadcast IP packets The Switch uses an internal algorithm to filte...

Page 237: ...nable disable Choose whether to enable or disable the sending of messages to the device s SNMP agent and switch log once the Safeguard Engine has been activated by a high CPU utilization rate mode Used to select the type of Safeguard Engine to be activated by the Switch when the CPU utilization reaches a high rate The user may select strict If selected this function will instruct the Switch to min...

Page 238: ...tch CLI Manual 234 DGS 3426 5 show safeguard_engine Command show safeguard_engine Safeguard engine state Disabled Safeguard engine current status normal mode CPU utilization information Rising 30 Falling 20 Trap Log state Disabled Mode Fuzzy DGS 3426 5 ...

Page 239: ... 4 in numerical order Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 all Specifies all ports on the Switch Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 forward_list Specifies a port or range of ports that will receive forwarded frames from the ports specified in the portlist above null No ports are specified all Specifies all ports on the...

Page 240: ...ated by a colon are specified The beginning and end of the port list range are separated by a dash For example 1 3 specifies switch number 1 port 3 2 4 specifies switch number 2 port 4 1 3 2 4 specifies all of the ports between switch 1 port 3 and switch 2 port 4 in numerical order Non contiguous portlist entries are separated by a comma ex 1 1 1 3 1 7 1 9 Restrictions None Example usage To displa...

Page 241: ...mmand is listed in detail in the following sections config sntp Purpose Used to setup SNTP service Syntax config sntp primary ipaddr secondary ipaddr poll interval int 30 99999 Description This command is used to configure SNTP service from an SNTP server SNTP must be enabled for this command to function See enable sntp Parameters primary This is the primary server the SNTP information will be tak...

Page 242: ...ntax enable sntp Description This command is used to enable SNTP support SNTP service must be separately configured see config sntp Enabling and configuring SNTP support will override any manually configured system time settings Parameters None Restrictions Only Administrator and Operator level users can issue this command SNTP settings must be configured for SNTP to function config sntp Example u...

Page 243: ...ictions Only Administrator and Operator level users can issue this command Manually configured system time and date settings are overridden if SNTP support is enabled Example usage To manually set system time and date settings DGS 3426 5 config time 30jun2003 16 30 30 Command config time 30jun2003 16 30 30 Success DGS 3426 5 config time_zone Purpose Used to determine the time zone used in order to...

Page 244: ...ime adjustment Annual mode requires that the DST beginning and ending date be specified concisely For example specify to begin DST on April 3 and end DST on October 14 s_week Configure the week of the month in which DST begins start_week 1 4 last The number of the week during the month in which DST begins where 1 is the first week 2 is the second week and so on last is the last week of the month e...

Page 245: ... e_mth 10 e_time 15 30 offset 30 Command config dst repeating s_week 2 s_day tue s_mth 4 s_time 15 00 e_week 2 e_day wed e_mth 10 e_time 15 30 offset 30 Success DGS 3426 5 show time Purpose Used to display the current time settings and status Syntax show time Description This command is used to display system time and date configuration as well as display current system time Parameters None Restri...

Page 246: ... option_60 delete string string 255 relay ipaddress ipaddress ipaddr all default ipaddr show dhcp_relay option_60 string string 255 ipaddress ipaddr default config dhcp_relay option_61 state enable disable config dhcp_relay option_61 default relay ipaddr drop config dhcp_relay option_61 add mac_address macaddr string string 255 relay ipaddr drop config dhcp_relay option_61 delete mac_address macad...

Page 247: ...ge To add an IP destination to the DHCP relay table DGS 3426 5 config dhcp_relay add ipif System 10 58 44 6 Command config dhcp_relay add ipif System 10 58 44 6 Success DGS 3426 5 config dhcp_relay delete ipif Purpose Used to delete an IP destination addresses from the Switch s DHCP BOOTP relay table Syntax config dhcp_relay delete ipif ipif_name 12 ipaddr Description This command is used to delet...

Page 248: ... field and forwards the packet to the switch port that connects to the DHCP client that sent the DHCP request disable If the field is toggled to disable the relay agent will not insert and remove DHCP relay information option 82 field in messages between DHCP servers and clients and the check and policy settings will have no effect Restrictions Only Administrator and Operator level users can issue...

Page 249: ...n the packet received from the DHCP client keep The option 82 field will be retained if the option 82 field already exists in the packet received from the DHCP client Restrictions Only Administrator and Operator level users can issue this command Example usage To configure DHCP relay option 82 policy DGS 3426 5 config dhcp_relay option_82 policy replace Command config dhcp_relay option_82 policy r...

Page 250: ... Command show dhcp_relay ipif System DHCP BOOTP Relay Status Enabled DHCP BOOTP Hops Count Limit 2 DHCP BOOTP Relay Time Threshold 23 DHCP Relay Agent Information Option 82 State Enabled DHCP Relay Agent Information Option 82 Check Enabled DHCP Relay Agent Information Option 82 Policy Replace Interface Server 1 Server 2 Server 3 Server 4 System 10 58 44 6 DGS 3426 5 enable dhcp_relay Purpose Used ...

Page 251: ...sable Description This command is used to decide whether the DHCP relay will process the DHCP option 60 or not When option_60 is enabled if the packet does not have option 60 then the relay servers cannot be determined based on option 60 The relay servers will be determined based on either option 61 or per IPIF configured servers If the relay servers are determined based on option 60 or option 61 ...

Page 252: ...tring abc relay 10 90 90 1 exact match Success DGS 3426 5 config dhcp_relay option_60 default Purpose This command is used to configure DHCP relay option 60 default relay servers Syntax config dhcp_relay option_60 default relay ipaddr mode relay drop Description When there are no matching servers found for the packet based on option 60 the relay servers will be determined by the default relay serv...

Page 253: ...etes all entries however default relay servers are excluded string Deletes all the entries whose string is equal to the string specified if the ipaddress is not specified Restrictions Only Administrator and Operator level users can issue this command Example usage To delete the DHCP relay option 60 DGS 3426 5 config dhcp_relay option_60 delete all Command config dhcp_relay option_60 delete all Suc...

Page 254: ...ket does not have option 61 then the relay servers cannot be determined based on option 61 If the relay servers are determined based on option 60 or option 61 then per IPIF configured servers will be ignored If the relay servers are not determined either by option 60 or option 61 then per IPIF configured servers will be used to determine the relay servers Parameters enable Enables the fuction dhcp...

Page 255: ...ess drop Specify to drop the packet Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the DHCP relay option 61 DGS 3426 5 config dhcp_relay option_61 add mac_address 00 01 22 33 44 55 drop Command config dhcp_relay option_61 add mac_address 00 01 22 33 44 55 drop Success DGS 3426 5 config dhcp_relay option_61 default Purpose This command is ...

Page 256: ...or and Operator level users can issue this command Example usage To delete the DHCP relay option 61 rules DGS 3426 5 config dhcp_relay option_61 delete mac_address 00 11 22 33 44 55 Command config dhcp_relay option_61 delete mac_address 00 11 22 33 44 55 Success DGS 3426 5 show dhcp_relay option_61 Purpose This command displays DHCP relay option 61 Syntax show dhcp_relay option_61 Description This...

Page 257: ...network_address ipaddr metric 1 65535 primary backup delete iproute default network_address ipaddr show iproute network_address ipaddr static create ipv6route default ipv6networkaddr ipif_name 12 ipv6addr ipv6addr metric 1 65535 delete ipv6route default ipv6networkaddr ipif_name 12 ipv6addr ipv6addr all show ipv6route ipv6networkaddr Each command is listed in detail in the following sections creat...

Page 258: ...Only Administrator and Operator level users can issue this command Example usage To delete a backup static address 10 48 75 121 mask 255 0 0 0 and gateway ipaddr entry of 10 1 1 254 from the routing table DGS 3426 5 delete iproute 10 48 74 121 8 10 1 1 254 Command delete iproute 10 48 74 121 8 10 1 1 254 Success DGS 3426 5 show iproute Purpose Used to display the Switch s current IP routing table ...

Page 259: ...Switch s IP routing table ipv6networkaddr IPV6 address and netmask of the IP interface that is the destination of the route Specify the address and mask information using the format as ipv6address prefix_length ipv6address is hexadecimal number prefix length is decimal number for example 1234 5D7F 32 ipif name 12 Enter the corresponding IPIF name of the IPv6 addres ipv6addr IPv6 address for the ne...

Page 260: ...ess to be deleted here ipv6addr IPv6 address for the next hop router all This will delete all IPv6 static entries Restrictions Only Administrator and Operator level users can issue this command Example usage To delete a static IPv6 entry from the routing table DGS 3426 5 delete ipv6route 1234 5D7F 32 2D30 AC21 Command delete ipv6route 1234 5D7F 32 2D30 AC21 Success DGS 3426 5 show ipv6route Purpos...

Page 261: ...s Layer 2 Gigabit Managed Switch CLI Manual 257 DGS 3426 5 show ipv6route Command show ipv6route Routing Table IPv6 Prefix 1234 32 Protocol Static Metric 1 Next Hop 2D30 AC21 IPIF Status Inactive Total Entries 1 DGS 3426 5 ...

Page 262: ...e notification on the Switch Syntax enable mac_notification Description This command is used to enable MAC address notification without changing configuration Parameters None Restrictions Only Administrator and Operator level users can issue this command Example Usage To enable MAC notification without changing basic configuration DGS 3426 5 enable mac_notification Command enable mac_notification ...

Page 263: ...ion ports Purpose Used to configure MAC address notification status settings Syntax config mac_notification ports portlist all enable disable Description This command is used to monitor MAC addresses learned and entered into the FDB Parameters portlist Specify a port or range of ports to be configured The port list is specified by listing the lowest switch number and the beginning port number on t...

Page 264: ...settings Syntax show mac_notification ports portlist Description This command is used to display the Switch s MAC address table notification status settings Parameters portlist Specify a port or range of ports to be configured The port list is specified by listing the lowest switch number and the beginning port number on that switch separated by a colon Then the highest switch number and the highe...

Page 265: ...ss Table Notification State 1 1 Disabled 1 2 Disabled 1 3 Disabled 1 4 Disabled 1 5 Disabled 1 6 Disabled 1 7 Disabled 1 8 Disabled 1 9 Disabled 1 10 Disabled 1 11 Disabled 1 12 Disabled 1 13 Disabled 1 14 Disabled 1 15 Disabled 1 16 Disabled 1 17 Disabled 1 18 Disabled 1 19 Disabled 1 20 Disabled CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh ...

Page 266: ...uthentication the Switch contacts the TACACS XTACACS TACACS RADIUS server to verify and the server will respond with one of three messages A The server verifies the username and password and the user is granted normal user privileges on the Switch B The server will not accept the username and password and the user is denied access to the Switch C The server doesn t respond to the verification quer...

Page 267: ...ole telnet ssh http all login enable default method_list_name string 15 show authen application create authen server_group string 15 config authen server_group tacacs xtacacs tacacs radius string 15 add delete server_host ipaddr protocol tacacs xtacacs tacacs radius delete authen server_group string 15 show authen server_group string 15 create authen server_host ipaddr protocol tacacs xtacacs taca...

Page 268: ...ed to disable the administrator defined authentication policy for users trying to access the Switch When disabled the Switch will access the local user account database for username and password verification In addition the Switch will now accept the local enable password as the authentication for normal users attempting to access administrator level privileges Parameters None Restrictions Only Ad...

Page 269: ...ed or default method list of authentication methods for users logging on to the Switch The sequence of methods implemented in this command will affect the authentication result For example if a user enters a sequence of methods like tacacs xtacacs local the Switch will send an authentication request to the first tacacs host in the server group If no response comes from the server host the Switch w...

Page 270: ...e user to be authenticated using the TACACS protocol from a remote TACACS server xtacacs Adding this parameter will require the user to be authenticated using the XTACACS protocol from a remote XTACACS server tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from a remote TACACS server radius Adding this parameter will require the user to be authentic...

Page 271: ... command is used to show a list of authentication methods for user login Parameters default Entering this parameter will display the default method list for users logging on to the Switch method_list_name string 15 Enter an alphanumeric string of up to 15 characters to define the given method list the user wishes to view all Entering this parameter will display all the authentication login methods...

Page 272: ...ssue this command Example usage To create a user defined method list named Permit for promoting user privileges to Administrator privileges DGS 3426 5 create authen_enable method_list_name Permit Command show authen_login method_list_name Permit Success DGS 3426 5 config authen_enable Purpose Used to configure a user defined method list of authentication methods for promoting normal user level pri...

Page 273: ...tch local_enable Adding this parameter will require the user to be authenticated using the local user account database on the Switch none Adding this parameter will require no authentication to access the Switch method_list_name Enter a previously implemented method list name defined by the user create authen_enable The user may add one or a combination of up to four of the following authenticatio...

Page 274: ... Purpose Used to delete a user defined method list of authentication methods for promoting normal user level privileges to Administrator level privileges on the Switch Syntax delete authen_enable method_list_name string 15 Description This command is used to delete a user defined method list of authentication methods for promoting user level privileges to Administrator level privileges Parameters ...

Page 275: ...me Priority Defines which order the method list protocols will be queried for authentication when a user attempts to log on to the Switch Priority ranges from 1 highest to 4 lowest Method Name Defines which security protocols are implemented per method list name Comment Defines the type of Method User defined Group refers to server groups defined by the user Built in Group refers to the TACACS XTA...

Page 276: ...using a previously configured method list enable Use this parameter to configure an application for upgrading a normal user level to administrator privileges using a previously configured method list default Use this parameter to configure an application for user authentication using the default method list method_list_name string 15 Use this parameter to configure an application for user authenti...

Page 277: ...s server_host ipaddr The IP address of the remote server host to add protocol The protocol used by the server host The user may choose one of the following tacacs Enter this parameter if the server host utilizes the TACACS protocol xtacacs Enter this parameter if the server host utilizes the XTACACS protocol tacacs Enter this parameter if the server host utilizes the TACACS protocol radius Enter t...

Page 278: ...The user may choose one of the following tacacs Enter this parameter if the server host utilizes the TACACS protocol xtacacs Enter this parameter if the server host utilizes the XTACACS protocol tacacs Enter this parameter if the server host utilizes the TACACS protocol radius Enter this parameter if the server host utilizes the RADIUS protocol port int 1 65535 Enter a number between 1 and 65535 t...

Page 279: ...DGS 3426 5 delete authen server_host 10 1 1 121 protocol tacacs Command delete authen server_host 10 1 1 121 protocol tacacs Success DGS 3426 5 show authen server_host Purpose Used to view a user defined authentication server host Syntax show authen server_host Description This command is used to view user defined authentication server hosts previously created on the Switch The following parameter...

Page 280: ...tication server group A server group is a technique used to group TACACS XTACACS TACACS RADIUS server hosts into user defined categories for authentication using method lists The user may add up to eight authentication server hosts to this group using the config authen server_group command Parameters string 15 Enter an alphanumeric string of up to 15 characters to define the newly created server g...

Page 281: ...ACS server protocol on the Switch Only server hosts utilizing the TACACS protocol may be added to this group radius Use this parameter to utilize the built in RADIUS server protocol on the Switch Only server hosts utilizing the RADIUS protocol may be added to this group string 15 Enter an alphanumeric string of up to 15 characters to define the previously created server group This group may add an...

Page 282: ...s used to display authentication server groups currently configured on the Switch This command will display the following fields Group Name The name of the server group currently configured on the Switch including built in groups and user defined groups IP Address The IP address of the server host Protocol The authentication protocol used by the server host Parameters string 15 Enter an alphanumer...

Page 283: ...mand config authen parameter response_timeout 60 Success DGS 3426 5 config authen parameter attempt Purpose Used to configure the maximum number of times the Switch will accept authentication attempts Syntax config authen parameter attempt int 1 255 Description This command is used to configure the maximum number of times the Switch will accept authentication attempts Users failing to be authentic...

Page 284: ... parameter Response timeout 60 seconds User attempts 5 DGS 3426 5 enable admin Purpose Used to promote user level privileges to administrator level privileges Syntax enable admin Description This command is for users who have logged on to the Switch on the normal user level to become promoted to the administrator level After logging on to the Switch users will have only user level privileges To ga...

Page 285: ...ord configured here that is set locally on the Switch Parameters password 15 After entering this command the user will be prompted to enter the old password then a new password in an alphanumeric string of no more than 15 characters and finally prompted to enter the new password again for confirmation See the example below Restrictions Only Administrator level users can issue this command Example ...

Page 286: ... Finally enable SSH on the Switch using the enable ssh command After following the above steps users can configure an SSH Client on the remote PC and manage the Switch using secure in band communication The Secure Shell SSH commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters enable ssh disable ssh config ssh authmode...

Page 287: ...ommand is used to configure the SSH authentication mode for users attempting to access the Switch Parameters password This parameter may be chosen if the administrator wishes to use a locally configured password for authentication on the Switch publickey This parameter may be chosen to use a publickey configuration set on a SSH server for authentication hostbased This parameter may be chosen to us...

Page 288: ...tion This command is used to configure parameters for the SSH server setting on the Switch Parameters maxsession int 1 8 Allows the user to set the number of users that may simultaneously access the Switch The default setting is 8 contimeout sec 120 600 Allows the user to set the connection timeout The user may set a time between 120 and 600 seconds The default is 120 seconds authfail int 2 20 All...

Page 289: ...escription This command is used to configure the SSH user authentication method Parameters username 15 Enter a username of no more than 15 characters to identify the SSH user authmode Specifies the authentication mode of the SSH user wishing to log on to the Switch The administrator may choose between hostbased This parameter should be chosen to use a remote SSH server for authentication purposes ...

Page 290: ...current SSH user setting Parameters None Restrictions Only Administrator level users can issue this command Example usage To display the SSH user DGS 3426 5 show ssh user authmode Command show ssh user authmode Current Accounts UserName Authentication Host Name Host IP Rubio Hostbased 12334 10 45 25 8 DGS 3426 5 NOTE To configure the SSH user the administrator must create a user account on the Swi...

Page 291: ...st128 This parameter will enable or disable the Cast128 encryption algorithm twofish128 This parameter will enable or disable the twofish128 encryption algorithm twofish192 This parameter will enable or disable the twofish192 encryption algorithm MD5 This parameter will enable or disable the MD5 Message Digest encryption algorithm SHA1 This parameter will enable or disable the Secure Hash Algorith...

Page 292: ...show ssh algorithm Encryption Algorithm 3DES Enabled AES128 Enabled AES192 Enabled AES256 Enabled arcfour Enabled blowfish Enabled cast128 Enabled twofish128 Enabled twofish192 Enabled twofish256 Enabled Data Integrity Algorithm MD5 Enabled SHA1 Enabled Public Key Algorithm RSA Enabled DSA Enabled DGS 3426 5 ...

Page 293: ... create the encrypted text 3 Hash Algorithm This part of the ciphersuite allows the user to choose a message digest function which will determine a Message Authentication Code This Message Authentication Code will be encrypted with a sent message to provide integrity and prevent against replay attacks The Switch supports two hash algorithms MD5 Message Digest 5 and SHA Secure Hash Algorithm These ...

Page 294: ...ange CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm DHE_DSS_with_3DES_EDE_CBC_SHA This ciphersuite combines the DSA Diffie Hellman key exchange CBC Block Cipher 3DES_EDE encryption and SHA Hash Algorithm RSA_EXPORT_with_RC4_40_MD5 This ciphersuite combines the RSA Export key exchange stream cipher RC4 encryption with 40 bit keys The ciphersuites are enabled by default on the Switc...

Page 295: ...combines the RSA Export key exchange stream cipher RC4 encryption with 40 bit keys Restrictions Only Administrator and Operator level users can issue this command Example usage To disable the SSL status on the Switch DGS 3426 5 disable ssl Command disable ssl Success DGS 3426 5 To disable ciphersuite RSA_EXPORT_with_RC4_40_MD5 only DGS 3426 5 disable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5 Comm...

Page 296: ...d show ssl cachetimeout Cache timeout is 600 second s DGS 3426 5 show ssl Purpose Used to view the SSL status and the certificate file status on the Switch Syntax show ssl certificate Description This command is used to view the SSL status on the Switch Parameters certificate Adding this parameter will allow the user to view the SSL certificate file information currently implemented on the Switch ...

Page 297: ...n and digital signatures Both the server and the client must have consistent certificate files for optimal use of the SSL function The Switch only supports certificate files with der file extensions Parameters ipaddr Enter the IP address of the TFTP server certfilename path_filename 64 Enter the path and the filename of the certificate file to download keyfilename path_filename 64 Enter the path a...

Page 298: ... enable the jumbo frame function on the Switch Syntax enable jumbo_frame Description This command is used to allow ethernet frames larger than 1536 bytes to be processed by the Switch The maximum size of the jumbo frame may not exceed 9220 Bytes tagged Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable the jumbo frame function on...

Page 299: ...the jumbo frame function on the Switch Syntax show jumbo_frame Description This command is used to display the status of the jumbo frame function on the Switch Parameters None Restrictions None Usage Example To display the jumbo frame status currently configured on the Switch DGS 3426 5 show jumbo_frame Command show jumbo_frame Jumbo frame state disabled Maximum Jumbo frame size 1536 bytes DGS 342...

Page 300: ...ce for a group and takes on the following characteristics It has an IP Address It is not a Commander Switch or Member Switch of another Single IP group It is connected to the Member Switches through its management VLAN Member Switch MS This is a switch that has joined a single IP group and is accessible from the CS and it takes on the following characteristics It is not a CS or MS of another IP gr...

Page 301: ...mple if the Switch is still powered down if it has become the member of another group or if it has been configured to be a Commander Switch the rediscovery process cannot occur This version will support multiple switch upload and downloads for firmware configuration files and log files as follows Firmware The switch now supports multiple MS firmware downloads from a TFTP server Configuration Files...

Page 302: ... Purpose Used to disable Single IP Management SIM on the Switch Syntax disable sim Description This command is used to disable SIM globally on the Switch Parameters None Restrictions Only Administrator level users can issue this command Example usage To disable SIM on the Switch DGS 3426 5 disable sim Command disable sim Success DGS 3426 5 ...

Page 303: ...kets out over the network Hold time Displays the time in seconds the Switch will hold discovery results before dropping it or utilizing it Parameters candidates candidate_id 1 100 Entering this parameter will display information concerning candidates of the SIM group To view a specific candidate include that candidate s ID number listed from 1 to 100 members member_id 1 32 Entering this parameter ...

Page 304: ...andidates 1 2 ID MAC Address Platform Hold Firmware Device Name Capability Time Version 1 00 01 02 03 04 00 DGS 3400 L2 Switch 40 2 00 B46 The Man 2 00 55 55 00 55 00 DGS 3400 L2 Switch 140 2 00 B46 default master Total Entries 2 DGS 3426 5 To display the member information in summary if the member ID is specified DGS 3426 5 show sim member 1 2 Command show sim member 1 2 ID MAC Address Platform H...

Page 305: ...ghbor Command show sim neighbor Neighbor Info Table Port MAC Address Role 23 00 35 26 00 11 99 Commander 23 00 35 26 00 11 91 Member 24 00 35 26 00 11 90 Candidate Total Entries 3 DGS 3426 5 reconfig Purpose Used to connect to a member switch through the commander switch using Telnet Syntax reconfig member_id value 1 32 exit Description This command is used to reconnect to a member switch using Te...

Page 306: ...te Switch CaS to a Member Switch MS of a SIM group The CaS may be defined by its ID number and a password if necessary delete member_id 1 32 Use this parameter to delete a member switch of a SIM group The member switch should be defined by ID number Restrictions Only Administrator level users can issue this command Example usage To add a member DGS 3426 5 config sim_group add 2 Command config sim_...

Page 307: ...es utilizing the discovery interval protocol The user may set the hold time from 100 to 255 seconds candidate Used to change the role of a CS commander to a CaS candidate dp_interval 30 90 The user may set the discovery protocol interval in seconds that the Switch will send out discovery packets Returning information to the CS will include information about other switches connected to it Ex MS CaS...

Page 308: ...mbers of a SIM group ipaddr Enter the IP address of the TFTP server path_filename Enter the path and the filename of the firmware or switch on the TFTP server members Enter this parameter to specify the members to which to download firmware or switch configuration files The user may specify a member or members by adding one of the following mslist 1 32 Enter a value or values to specify which memb...

Page 309: ... SIM group log_to_tftp Specify this parameter if the user wishes to upload a switch log to members of a SIM group ipaddr Enter the IP address of the TFTP server to which to upload a configuration file path_filename Enter a user defined path and file name on the TFTP server to which to upload configuration files members Enter this parameter to specify the members to which to upload switch configura...

Page 310: ...xceeds the per port power limit The active circuit protection feature automatically disables the port if there is a short Other ports will remain active PDs receive power according to the following classification Class Max power used by PD 0 0 44 to 12 95W 1 0 44 to 3 84W 2 3 84 to 6 49W 3 6 49 to 12 95W PSE provides power according to the following classification Class Max power provided by PSE 0...

Page 311: ...ort After the power budget has been exceeded the next port attempting to power up is denied regardless of its priority deny_low_priority_port After the power budget has been exceeded the next port attempting to power up causes the port with the lowest priority to shut down to allow high priority ports to power up The default setting is deny_next_port management_mode Use this parameter to utilize t...

Page 312: ...according to their priority if the power disconnect method is set to deny_ low_priority_port critical Specifying this parameter will nominate these ports has having the highest priority for all configured PoE ports These ports will be the first ports to receive power and the last to disconnect power high Specifying this parameter will nominate these ports as having the second highest priority for ...

Page 313: ...hoosing this parameter will display the settings for PoE on a port by port basis portlist Enter a port or range of ports to be displayed for their PoE settings The port list is specified by listing the lowest switch number and the beginning port number on that switch separated by a colon Then the highest switch number and the highest port number of the range also separated by a colon are specified...

Page 314: ...line detection 1 6 Enabled Low 15400 User defined 0 0 0 0 OFF Interim state during line detection CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All show poe system Purpose Used to display the setting and actual values of the whole PoE system Syntax show poe system units unitlist Description This command is used to display the system settings for PoE such as switch power limit consumption ...

Page 315: ...poe system Unit 1 PoE System Information Power Limit 300 watts Power Consumption 0 watts Power Remained 300 watts Power Disconnection Method deny next port If Power Disconnection Method is set to deny next port then the system cannot utilize its maximum power capacity The maximum unused watt is 19W DGS 3426P 5 ...

Page 316: ...te command will list all the corresponding parameters for the specified command along with a brief description of the commands function and similar commands having the same words in the command Restrictions None Example usage To display all of the commands in the CLI DGS 3426 5 clear clear arptable clear attack_log clear counters clear fdb clear log clear port_security_entry port config 802 1p def...

Page 317: ... stp version DGS 3426 5 config command_history Purpose Used to configure the command history Syntax config command_history value 1 40 Description This command is used to configure the command history Parameters value 1 40 The number of previously executed commands maintained in the buffer Up to 40 of the latest executed commands may be viewed Restrictions None Example usage To configure the comman...

Page 318: ...xStack DGS 3400 Series Layer 2 Gigabit Managed Switch CLI Manual DGS 3426 5 show command_history Command show command_history show show vlan show command history DGS 3426 5 314 ...

Page 319: ...eset to the original factory banner To open the Banner Editor click enter after typing the config greeting_message command Type the information to be displayed on the banner by using the commands described on the Banner Editor Quit without save Ctrl C Save and quit Ctrl W Move cursor Left Right Up Down Delete line Ctrl D Erase all setting Ctrl X Reload original setting Ctrl L Restrictions Only Adm...

Page 320: ...ing Ctrl L Reload original setting show greeting_message Purpose Used to view the currently configured greeting message configured on the Switch Syntax show greeting_message Description This command is used to view the currently configured greeting message on the Switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To view the current...

Page 321: ...d prompt will be changed to the login username default The command prompt will reset to factory default command prompt Restrictions Only Administrator and Operator level users can issue this command Other restrictions include If the reset command is executed the modified command prompt will remain modified However the reset system config command will reset the command prompt to the original factor...

Page 322: ...1 config jwac virtual_ip ipaddr config jwac quarantine_server_url string 128 config jwac clear_quarantine_server_url config jwac update_server add delete ipaddress network_address tcp_port tcp_port_number 1 65535 udp_port udp_port_number 1 65535 show jwac update_server config jwac switch_http_port tcp_port_number 1 65535 http https config jwac ports portlist all state enable disable max_authentica...

Page 323: ...ultaneously When the JWAC function is used PC users end users need to pass two stages of authentication The first stage is to authenticate with the quarantine server and the second stage is to authenticate with the switch For the second stage the authentication is similar to WAC except that there is no port VLAN membership change by JWAC after a host passes authentication The RADIUS server will sh...

Page 324: ...ccess to the quarantine server and the JWAC login page all other Web access will be denied Parameters None Restrictions When enabling redirect to quarantine server a quarantine server must be configured first Only Administrator and Operator level users can issue this command Example usage To enable JWAC redirect on the Switch DGS 3426 5 enable jwac redirect Command enable jwac redirect Success DGS...

Page 325: ...able jwac forcible_logout Purpose Used to disable the JWAC forcible logout function Syntax disable jwac forcible_logout Description This command is used to disable the JWAC forcible logout function Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable JWAC forcible logout on the Switch DGS 3426 5 disable jwac forcible_logout Comman...

Page 326: ...ine_server_monitor Purpose Used to enable the JWAC quarantine server monitor Syntax enable jwac quarantine_server_monitor function Description When the JWAC quarantine server monitor is enabled the Switch will monitor the Quarantine Server to ensure that it is functioning properly If the Switch does not detect the Quarantine Server it will redirect all unauthenticated HTTP requests to the JWAC Log...

Page 327: ...uarantine_server_error_timeout Purpose Used to set quarantine server error timeout Syntax config jwac quarantine_server_error_timeout sec 5 300 Description When the quarantine server error timeout is enabled the Switch will periodically check if the server is functioning properly If the Switch does not receive any responses from the quarantine server during the configured error timeout interval th...

Page 328: ...is command Example usage To configure the JWAC redirect on the Switch DGS 3426 5 config jwac redirect destination jwac_login_page delay_time 5 Command config jwac redirect_ destination jwac_login_page delay_time 5 Success DGS 3426 5 config jwac virtual_ip Purpose Used to configure jwac virtual ipaddress This IP is for accepting authentication request from unauthenticated host Syntax config jwac vi...

Page 329: ...string 128 To specify the entire URL address of the authentication page of the quarantine server Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the JWAC quarantine server URL DGS 3426 5 config jwac quarantine_server_url http 10 90 90 88 authpage html Command config jwac quarantine_server_url http 10 90 90 88 authpage html Success DGS 3426...

Page 330: ...ware company s website to check whether the OS or Anti Virus software of the client is up to date and so these IP addresses need to be added to the Switch Parameters add To add a network address to which the traffic will not be blocked You can add 5 network addresses at most delete To delete a network address to which the traffic will not be blocked ipaddress To specify the network address to add ...

Page 331: ...enticate to the switch by inputting the user name and password Parameters tcp_port_number 1 65535 A TCP port which the Switch listens to and uses for the authenticating process http To specify the JWAC runs HTTP protocol on this TCP port https To specify the JWAC runs HTTPS protocol on this TCP port Restrictions The HTTP cannot runs at TCP port 443 and the HTTPS cannot runs at TCP port 80 Only Adm...

Page 332: ...tate of JWAC max_authenticating_host Max number of host process authentication on each port at the same time The max authenticating hosts depends on a specific project aging_time A time period during which an authenticated host will keep the authenticated state infinite indicates never to age out the authenticated host on the port idle_time If there is no traffic during idle_time the host will be ...

Page 333: ...uration with 802 1X When using this command to set the RADIUS protocol ensure that the RADIUS server added by the config radius command supports the protocol Only Administrator and Operator level users can issue this command Example usage To configure the JWAC RADIUS protocol DGS 3426 5 config jwac radius_protocol ms_chapv2 Command config jwac radius_protocol ms_chapv2 Success DGS 3426 5 create jw...

Page 334: ...thenticated host which uses this user account to pass authentication Restrictions Only Administrator and Operator level users can issue this command Example usage To configure a JWAC user DGS 3426 5 config jwac user 112233 Command config jwac user 112233 Enter a old password Enter a case sensitive new password Enter the new password again for confirmation Success DGS 3426 5 delete jwac user Purpos...

Page 335: ...me Password VID 1 1 1 Total Entries 1 DGS 3426 5 clear jwac auth_state Purpose Used to delete host on JWAC enabled ports Syntax clear jwac auth_state ports all portlist authenticated authenticating blocked mac_addr macaddr Description This command is used to delete JWAC host Parameters ports To specify the port range to delete host on them authenticated To specify the state of host to delete authe...

Page 336: ...ne Example usage To display the JWAC configuration DGS 3426 5 show jwac Command show jwac State Enabled Enabled Ports 1 1 1 11 1 23 1 25 1 35 Virtual IP 1 1 1 1 Switch HTTP Port 21212 HTTP UDP Filtering Enabled Forcible Logout Enabled Redirect State Enabled Redirect Delay Time 3 Seconds Redirect Destination Quarantine Server Quarantine Server http 172 18 212 147 pcinventory Q Server Monitor Enable...

Page 337: ...l be shown as indicating that packets with SA 00 00 00 00 00 03 will be droped no matter which VLAN these packets are from 4 mac 00 00 00 00 00 04 attempts to start authentication the VID field will be shown as until authentication completed If port 2 is in port based mode 1 mac 00 00 00 00 00 10 is the mac which made port 2 pass authentication mac address with P in the end indicats that this auth...

Page 338: ... 3 00 00 00 00 00 21 P Blocked 200 Total Authenticating Hosts 2 Total Authenticated Hosts 3 Total Blocked Hosts 2 DGS 3426 5 show jwac ports Purpose Used to display JWAC port configuration Syntax show jwac ports portlist This command is used to display JWAC port configuration Parameters portlist To specify a port range to show the configuration of JWAC Restrictions None Example usage To display JW...

Page 339: ...entication page Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the authentication page DGS 3426 5 config jwac authentication_page element japanese default Command config jwac authentication_page element japanese default Success DGS 3426 5 config jwac auth_failover Purpose Used to enable or disable JWAC authentication failover Syntax confi...

Page 340: ...local If specified to enable the authorized data assigned by the local database will be accepted if the global authorization network is enabled The default state is enabled Restrictions Only Administrator and Operator level users can issue this command Example usage To enable the accepting of an authorized configuration DGS 3426 5 config jwac authorization network radius enable Command config jwac...

Page 341: ...ne Restrictions None Example usage To display an element of the authenticate page DGS 3426 5 show jwac authenticate_page element Command show jwac authenticate_page element Current Page Japanese Version English page element Page Title Login Window Title Authentication Login User Name Title User Name Password Title Password Login Out Window Title Logout from the network Japanese page element Page T...

Page 342: ...cable length will be displayed no abnormal result will be shown If the link is down the reason may be that the partner was powered off or that the port is disabled the abnormal results won t be shown but the cable length will be indicated If the link is down and there is some error in the cable the abnormal results will be shown but the cable length item won t be shown Please note that the port to...

Page 343: ...he static MAC based entry Parameters mac_address The MAC addess to be created vlan The VLAN to be associated with the MAC address Restrictions Only Administrator and Operator level users can issue this command Example usage To create a static MAC based VLAN entry DGS 3426 5 create mac_based_vlan mac_address 00 00 00 00 00 01 vlan default Command create mac_based_vlan mac_address 00 00 00 00 00 01 ...

Page 344: ... This command is used to display static MAC based VLAN entries Parameters mac_address Specifies the MAC address of the entry you want to display vlan Specifies the VLAN to be associated with the MAC address Restrictions None Example usage To display a static MAC based VLAN entry DGS 3426 5 show mac_based_vlan MAC Address VLAN Status Type 00 80 e0 14 a7 57 200 Active Static 00 80 c2 33 c3 45 200 In...

Page 345: ...on LBD for the entire switch Parameters recover_timer The time interval in seconds used by the Auto Recovery mechanism to decide how long to check if the loop status is gone The valid range is 60 to 1000000 Zero is a special value which specifies the disabled auto recovery mechanism hence users need to recover the disabled port manually The default value of the recover timer is 60 interval The tim...

Page 346: ... 1 1 5 state enable Command config loopdetect ports 1 1 1 5 state enable Success DGS 3426 5 enable loopdetect Purpose Used to globally enable loop detect function on the switch Syntax enable loopdetect Description This command allows the loop detect function to be globally enabled on the switch The default value is disabled Parameters None Restrictions Only Administrator and Operator level users c...

Page 347: ...426 5 show loopdetect Command show loopdetect LBD Global Settings LBD Status Enabled LBD Interval 20 LBD Recover Time 60 DGS 3426 5 show loopdetect ports Purpose Used to display the switch s current per port loop detect configuration Syntax show loopdetect ports all portlist Description The show loop detect ports command displays the switch s current per port loop detect configuration and status P...

Page 348: ... 9 20 300 500 600 700 900 1000 2000 6 Enabled None 7 Enabled 2 8 Enabled None DGS 3426 5 config loopdetect trap Purpose Used to configure the trap mode Syntax config loopdetect trap none loop_detected loop_cleared both Description This command is used to configure the trap mode A ttrap will be sent when the loop condition is detected Similiarly the trap is sent when the loop condition is cleared P...

Page 349: ...xStack DGS 3400 Series Layer 2 Gigabit Managed Switch CLI Manual 345 DGS 3426P 5 config loopdetect trap loop_detected Command config loopdetect trap loop_detected Success DGS 3426 5 ...

Page 350: ...Restrictions None Example usage To display switch information serial number encoded DGS 3426 5 show switch Command show switch Device Type DGS 3426 Gigabit Ethernet Switch MAC Address 00 01 02 03 04 05 IP Address 172 18 211 246 Manual VLAN Name default Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 Boot PROM Version Build 1 00 B13 Firmware Version Build 2 60 B26 Hardware Version A2 Serial Numbe...

Page 351: ...Address 172 18 211 246 Manual VLAN Name default Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 Boot PROM Version Build 1 00 B13 Firmware Version Build 2 60 B26 Hardware Version A2 System Name System Location System Contact Spanning Tree Disabled GVRP Disabled IGMP Snooping Disabled MLD Snooping Disabled TELNET Enabled TCP 23 WEB Enabled TCP 80 SNMP Disabled RMON Disabled SSL Status Disabled SSH...

Page 352: ... Syntax show stack_device Description This command is used to display stack device information Parameters None Restrictions None Example usage To display stack information DGS 3627 5 show stack_device Command show stack_device Box ID Box Type H W Version Serial Number 1 DGS 3426 1A1G 123456879 CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All ...

Page 353: ...createsa VLAN on the Switch The VLAN ID must be always specified for creating a VLAN The second command allows the user to create a number of VLANs at a time A unique VLAN name e g VLAN10 will be automatically assigned by the system However the user can use config vlan command to rename the VLAN The automatic assignment of VLAN name is based on the following rule VLAN ID For example for VLAN ID 10...

Page 354: ...ed to add ports to the port list of a previously configured VLAN You can specify the additional ports as tagged untagged or forbidden The default is to assign the ports as untagged If based on VLAN ID to configure VLAN multiple VLANs can be configured at a time During configuration of multiple VLANs error message will be returned if the configurations are conflict Parameters vlan_name The name of ...

Page 355: ...ertisement Purpose Used to enable or disable VLAN advertisement Syntax config vlan vlan_name advertisement enable disable Description This command is used to enable or disable VLAN advertisement Parameters vlan_name The name of the VLAN on which you want to configure advertisement Join GVRP or not If not the VLAN can t join dynamically Restrictions Only Administrator and Operator level users can i...

Page 356: ...rotocol DGS 3426 5 disable gvrp Command disable gvrp Success DGS 3426 5 show vlan Purpose Used to show VLAN information including parameter settings and operational values Syntax show vlan vlan_name 32 vlanid vlanid_list ports portlist Description This command is used to display summary information about each VLAN which includes VLANID VLAN Name Tagged untagged Forbidden status for each port Membe...

Page 357: ...tic Advertisement Disabled Member Ports 1 26 2 26 Static Ports Current Tagged Ports Current Untagged Ports Static Tagged Ports Static Untagged Ports Forbidden Ports Total Entries 2 DGS 3426 5 show gvrp Purpose Used to display the GVRP status for a port list on the Switch Syntax show gvrp portlist Description This command is used to display the GVRP status for a port list on the Switch Parameters p...

Page 358: ...ed Enabled All Frames 1 6 1 Disabled Enabled All Frames 1 7 1 Disabled Enabled All Frames 1 8 1 Disabled Enabled All Frames 1 9 1 Disabled Enabled All Frames 1 10 1 Disabled Enabled All Frames 1 11 1 Disabled Enabled All Frames 1 12 1 Disabled Enabled All Frames 1 13 1 Disabled Enabled All Frames 1 14 1 Disabled Enabled All Frames 1 15 1 Disabled Enabled All Frames 1 16 1 Disabled Enabled All Fram...

Page 359: ...state ports all portlist mac_addr macaddr create mac_based_access_control_local mac macaddr vlan vlan_name 32 vlanid vlanid 1 4094 config mac_based_access_control_local mac macaddr vlan vlan_name 32 vlanid vlanid 1 4094 clear_vlan delete mac_based_access_control_local mac macaddr vlan vlan_name 32 vlanid vlanid 1 4094 show mac_based_access_control ports portlist show mac_based_access_control_local...

Page 360: ...le mac_based_access_control Command disable mac_based_access_control Success DGS 3426 5 config mac_based_access_control password Purpose Used to configure the MAC based access control password Syntax config mac_based_access_control password passwd 16 Description This command is used to set a password that will be used for authentication via a RADIUS server Parameters passwd 16 In RADIUS mode the S...

Page 361: ...an ports Purpose Used to configure the MAC based access control guest VLAN membership Syntax config mac_based_access_control guest_vlan ports portlist Description This command is used to put the specified port in guest VLAN mode For those ports not contained in the portlist they are in non guest VLAN mode For detailed information for operation of guest VLAN mode please see the description for the ...

Page 362: ...VLAN In the case where it doesn t support MAC based VLAN classification the guest VLAN and host based mode can t be enabled at the same time If the product supports the MAC based VLAN classification then each user will be authorized individually and capable of getting its own VLAN For guest VLAN mode if the MAC address is authorized but no VLAN information is assigned from the RADIUS server or the...

Page 363: ... users can issue this command Example usage To create a MAC based access control guest VLAN DGS 3426 5 create mac_based_access_control guest_vlan default Command create mac_based_access_control guest_vlan default Success DGS 3426 5 delete mac_based_access_control Purpose Used to delete a guest VLAN Syntax delete mac_based_access_control guest_vlan vlan_name 32 guest_vlanid vlanid 1 4094 Descriptio...

Page 364: ... state on MAC enabled ports DGS 3426 5 clear mac_based_access_control auth_state ports all Command clear mac_based_access_control auth_state ports all Success DGS 3426 5 create mac_based_access_control_local mac Purpose Used to create the local database entry for MAC based access control Syntax create mac_based_access_control_local mac macaddr vlan vlan_name 32 vlanid vlanid 1 4094 Description Thi...

Page 365: ...fig mac_based_access_control_local mac 00 00 00 00 00 01 vlan default Success DGS 3426 5 delete mac_based_access_control_local Purpose Used to delete the local database entry Syntax delete mac_based_access_control_local mac macaddr vlan vlan_name 32 vlanid vlanid 1 4094 Description This command is used to delete a database entry Parameters mac Deletes the database by this MAC address vlan Deletes ...

Page 366: ...nd show mac_based_access_control ports 1 1 1 7 Port State Aging Time Block Time Auth Mode Max User mins secs 1 1 Disabled 1440 300 Host_based 128 1 2 Disabled 1440 300 Host_based 128 1 3 Disabled 1440 300 Host_based 128 1 4 Disabled 1440 300 Host_based 128 1 5 Enabled 1440 300 Host_based 128 1 6 Enabled 1440 300 Host_based 128 1 7 Enabled 1440 300 Host_based 128 DGS 3426 5 To display MAC based acc...

Page 367: ...se by this VLAN name vlanid Display a MAC based access control local database by this VLAN ID Restrictions None Example usage To display a MAC based access control local DGS 3426 5 show mac_based_access_control_local Command show mac_based_access_control_local MAC Address VID 00 00 00 00 00 01 1 00 00 00 00 00 02 123 00 00 00 00 00 03 123 00 00 00 00 00 04 1 Total Entries 4 DGS 3426 5 To display M...

Page 368: ...ts 1 7 Command show mac_based_access_control auth_state ports 1 1 1 7 Port MAC Address State VID Priority Aging Time Block Time Total Authenticating Hosts 0 Total Authenticated Hosts 0 Total Blocked Hosts 0 DGS 3426 5 config mac_based_access_control auth_failover Purpose Used to configure the MAC based access control authentication failover function Syntax config mac_based_access_control auth_fail...

Page 369: ...thorized data assigned by the local database will be accepted if the global authorization network is enabled The default state is enabled Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the MAC based access control authorized network DGS 3426 5 config mac_based_access_control authorization network local disable Command config mac_based_acc...

Page 370: ...xStack DGS 3400 Series Layer 2 Gigabit Managed Switch CLI Manual 366 DGS 3426 5 config mac_based_access_control max_users 126 Command config mac_based_access_control max_users 126 Success DGS 3426 5 ...

Page 371: ... in detail in the following sections enable qinq Purpose Used to enable Q in Q mode Syntax enable qinq Description This command is used to enable the Q in Q mode When enable Q in Q all network port roles will be NNI port and their outer TPID will be set to 88a8 All existed static VLAN will run as SP VLAN All dynamically learned L2 address will be cleared All dynamically registered VLAN entries wil...

Page 372: ...switch you shall enable GVRP manually All existed SP VLAN will run as static 1Q VLAN Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable Q in Q DGS 3426 5 disable qinq Command disable qinq Success DGS 3426 5 show qinq Purpose Used to display global Q in Q Syntax show qinq Description The command is used to display the global Q in...

Page 373: ...o Network Interface speficies that communication between two specified networks will occur missdrop enable disable C VLAN based SP VLAN assignment miss drop tpid Allows the interoperation with devices on a public network by specifying ports Restrictions Only Administrator and Operator level users can issue this command You must be in the Q in Q mode Example usage To configure port list 1 4 as NNI ...

Page 374: ...g will not be effective when Q in Q mode is disabled Note that the project has the option to implement either the Q in Q profile command set or the vlan translation command set If the project is required to implement the enhanced set of classification method in addition to vlan classification then Q in Q profile command is needed Otherwise the vlan translation command set is sufficient Parameters ...

Page 375: ...n_translation ports 1 4 Command delete vlan_translation ports 1 4 Success DGS 3426 5 show vlan_translation Purpose Used to show pre created C VLAN based SP VLAN assignment rules Syntax show vlan_translation ports portlist cvid vidlist Description The command is used to show pre created C VLAN based SP VLAN assignment rules Parameters ports A range of ports which the rules will be displayed cvid Sp...

Page 376: ...all port_description system_name system_description system_capabilities 1 enable disable config lldp ports portlist all dot1_tlv_pvid enable disable config lldp ports portlist all dot1_tlv_protocol_vid vlan all vlan_name 32 vlanid vlanid_list enable disable config lldp ports portlist all dot1_tlv_vlan_name vlan all vlan_name 32 vlanid vlanid_list enable disable config lldp ports portlist all dot1_...

Page 377: ... enable lldp Command enable lldp Success DGS 3426 5 disable lldp Purpose Used to disable LLDP operation on the Switch Syntax disable lldp Description This command is used to stop the sending and receiving of LLDP advertisement packets on the Switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable LLDP DGS 3426 5 disable lldp C...

Page 378: ...level users can issue this command Usage Example To change the multiplier value DGS 3426 5 config lldp message_tx_hold_multiplier 3 Command config lldp message_tx_ hold_multiplier 3 Success DGS 3426 5 config lldp tx_delay Purpose Used to change the minimum time delay interval any LLDP port will delay advertising successive LLDP advertisements due to a change in LLDP MIB content The tx_delay define...

Page 379: ...fig lldp reinit_delay 5 Command config lldp reinit_delay 5 Success DGS 3426 5 config lldp notification _interval Purpose Used to configure the timer of the notification interval for sending notification to configured SNMP trap receiver s Syntax config lldp notification_interval sec 5 3600 Description This command is used to globally change the interval between successive LLDP change notifications ...

Page 380: ... 3426 5 config lldp ports 1 5 notification enable Command config lldp ports 1 5 notification enable Success DGS 3426 5 config lldp ports admin_status Purpose Used to configure per port transmit and receive modes Syntax config lldp ports portlist all admin_status tx_only rx_only tx_and_rx disable Description This command is used to control which ports participate in LLDP traffic and whether the par...

Page 381: ...cription system_capabilities enable disable Description An active LLDP port on the switch always includes the mandatory data in its outbound advertisements And there are four optional data that can be configured for an individual port or group of ports to exclude one or more of these data types from outbound LLDP advertisements The mandatory data type include four basic types of information end of...

Page 382: ...e outbound LLDP advertisements for all ports DGS 3426 5 config lldp ports all dot1_tlv_pvid enable Command config lldp ports all dot1_tlv_pvid enable Success DGS 3426 5 config lldp dot1_tlv_protocol_vid Purpose Used to configure an individual port or group of ports to exclude one or more of IEEE 802 1 Organizationally port and protocol VLAN ID TLV data types from outbound LLDP advertisements Synta...

Page 383: ... ports all dot1_tlv_vlan_name vlanid 1 3 enable Success DGS 3426 5 config lldp dot1_tlv_protocol_identity Purpose Used to configure an individual port or group of ports to exclude one or more of IEEE 802 1 Organizationally protocol identity TLV data types from outbound LLDP advertisements Syntax config lldp ports portlist all dot1_tlv_ protocol_identity all eapol lacp gvrp stp 1 enable disable Des...

Page 384: ...l establish some limited network connectivity More precisely the information includes whether the port support the auto negotiation function whether the function is enabled the auto negotiated advertised capability and the operational MAU type The default state is disabled link_aggregation This TLV optional data type indicates that LLDP agent should transmit Link Aggregation TLV This type indicate...

Page 385: ...enable Command config lldp forward_message enable Success DGS 3426 5 show lldp Purpose This command displays the switch s general LLDP configuration status Syntax show lldp Description This command is used to display the Switch s general LLDP configuration status Parameters None Restrictions None Usage Example To display the LLDP system level configuration status DGS 3426 5 show lldp Command show ...

Page 386: ...nknown OID 1 3 6 1 4 1 171 10 36 1 11 Advertising Ports 1 5 7 DGS 3426 5 show lldp ports Purpose Display the LLDP per port configuration for advertisement options Syntax show lldp ports portlist Description This command is used to display the LLDP per port configuration for advertisement options Parameters portlist Use this parameter to define ports to be configured Restrictions None Example usage...

Page 387: ... this parameter to define ports to be configured brief Display the information in brief mode normal Display the information in normal mode This is the default display mode detailed Display the information in detailed mode Restrictions None Usage Example To display outbound LLDP advertisements for port 1 2 DGS 3426 5 show lldp local_ports 1 2 Command show lldp local_ports 1 2 Port ID 1 Port ID Subt...

Page 388: ...ode Restrictions None Example usage To display remote table in brief mode DGS 3426 5 show lldp remote_ports 1 2 mode brief Command show lldp remote_ports 1 2 mode brief Port ID 1 Remote Entities Count 1 Entity 1 Chassis ID Subtype MAC Address Chassis ID 00 01 0 2 03 04 01 Port ID Subtype Local Port ID 1 3 Port Description RMON Port 1 on Unit 3 CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a...

Page 389: ...o define ports to be configured When portlist is not specified information for all ports will be displayed Restrictions None Usage Example To display statistics information of port 1 DGS 3426 5 show lldp statistics ports 1 Command show lldp statistics ports 1 Port ID 1 LLDPStatsTxPortFramesTotal 0 LLDPStatsRxPortFramesDiscardedTotal 0 LLDPStatsRxPortFramesErrors 0 LLDPStatsRxPortFramesTotal 0 LLDP...

Page 390: ... Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters enable sflow disable sflow create sflow analyzer_server value 1 4 owner name 16 timeout sec 1 2000000 infinite collectoraddress ipaddr collectorport udp_port_number 1 65535 maxdatagramsize value 300 1400 config sflow analyzer_server value 1 4 timeout sec 1 2000000 infinite collect...

Page 391: ...mand Example usage To disable the sFlow DGS 3426 5 disable sflow Command disable sflow Success DGS 3426 5 create sflow analyzer_server Purpose Used to create the analyzer server for the sFlow functions Syntax create sflow analyzer_server value 1 4 owner name 16 timeout sec 1 2000000 infinite collectoraddress ipaddr collectorport udp_port_number 1 65535 maxdatagramsize value 300 1400 Description Th...

Page 392: ...ollectoraddress ipaddr collectorport udp_port_number 1 65535 maxdatagramsize value 300 1400 1 Description This command is used to configure the settings for the remote sFlow Analyzer collector that will be used to gather and analyze sFlow Datagrams that originate from the Switch Users must have the proper sFlow software set on the Analyzer in order to receive datagrams from the switch to be analyz...

Page 393: ...rator and Operator level users can issue this command Example usage To delete an sFlow analyzer server DGS 3426 5 delete sflow analyzer_server 1 Command delete sflow analyzer_server 1 Success DGS 3426 5 show sflow analyzer_server Purpose Used to display the settings of the sFlow analyzer server set on the switch Syntax show sflow analyzer_server Description This command is used to display the sett...

Page 394: ...ons Only Administrator and Operator level users can issue this command Example usage To create the sFlow counter poller DGS 3426 5 create sflow counter_poller ports 1 analyzer_server_id 1 interval 20 Command create sflow counter_poller ports 1 analyzer_server_id 1 interval 20 Success DGS 3426 5 config sflow counter_poller ports Purpose Used to configure the counter poller for the sFlow function of...

Page 395: ...ter to delete all ports to be mined for sFlow information Restrictions Only Administrator and Operator level users can issue this command Example usage To delete the sFlow counter poller settings DGS 3426 5 delete sflow counter_poller ports all Command delete sflow counter_poller ports all Success DGS 3426 5 show sflow counter_poller Purpose Used to display the counter poller for the sFlow functio...

Page 396: ...ntered here is to be multiplied by 256 to get the percentage of packets sampled For example if the user enters a figure of 20 into this field the switch will sample one out of every 5120 packets 20 x 256 5120 that pass through the individual port Users may enter a value between 1 and 65535 An entry of 0 disables the packet sampling Since this is the default setting users are reminded to configure ...

Page 397: ... to configure a rate here or this function will not function maxheadersize value 18 256 This field will set the number of leading bytes of the sampled packet header This sampled header will be encapsulated with the datagram to be forwarded to the Analyzer Server The user may set a value between 18 and 256 bytes The default setting is 128 bytes Restrictions Only Administrator and Operator level use...

Page 398: ...Flow flow sampler settings DGS 3426 5 show sflow flow_sampler Command show sflow flow_sampler Port Analyzer Server ID Configured Rate Active Rate Max Header Size 1 1 10000 0 128 Total Entries 1 DGS 3426 5 show sflow Purpose Used to display the sflow settings configured on the switch Syntax show sflow Description This command is used to display the Switch s sFlow settings Parameters None Restrictio...

Page 399: ... Users also have the ability to bind IP addresses within the DHCP pool to specific MAC addresses in order to keep consistent the IP addresses of devices that may be important to the upkeep of the network that require a static IP address The Limited IP Multicast Commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters crea...

Page 400: ...Only Administrator and Operator level users can issue this command Example usage To create the DHCP pool Floor2 DGS 3426 5 create dhcp pool Floor2 Command create dhcp pool Floor2 Success DGS 3426 5 delete dhcp pool Purpose Used to delete a DHCP pool Syntax delete dhcp pool pool_name 12 all Description This command is used to delete a DHCP poll that was created with the create dhcp pool command Par...

Page 401: ...rectly to the Switch while the IEEE802 denotes that the manually bound device is outside the local network of the Switch Restrictions Only Administrator and Operator level users can issue this command Example usage To create a manual binding DHCP entry DGS 3426 5 create dhcp pool manual_binding engineering 10 10 10 1 hardware_address 02 02 02 02 02 02 type Ethernet Command create dhcp pool manual_...

Page 402: ... accounting Pool Name IP Address Hardware Address Type accounting 192 168 0 1 01 22 b7 35 ce 99 Ethernet accounting 192 168 0 2 0a 52 f7 34 ce 88 Ethernet Total Entries 2 DGS 3426 5 show dhcp_binding Purpose Used to show the DHCP binding information Syntax show dhcp_binding pool_name 12 Description This command is used to display the DHCP binding information by created pool Entering the command wi...

Page 403: ...mber between 2 and 10 to denote the number of Ping packets that the Switch will send out on the network containing the IP address to be allotted If the Ping request is not returned the IP address is considered unique to the local network and then allotted to the requesting client The default setting is 2 packets Restrictions Only Administrator and Operator level users can issue this command Exampl...

Page 404: ... usage To set the boot file DGS 3426 5 config dhcp pool boot_file accounting boot had Command config dhcp pool boot_file accounting boot had Success DGS 3426 5 config dhcp pool default_router Purpose Used to configure the default router for the DHCP client Syntax config dhcp pool default_router pool_name 12 ipaddr ipaddr ipaddr Description This command is used to configure the default router for D...

Page 405: ...NS server address foe a DHCP pool DGS 3426 5 config dhcp pool dns_server_address accounting 10 245 32 1 Command config dhcp pool dns_server_address accounting 10 245 32 1 Success DGS 3426 5 config dhcp pool domain_name Purpose Used to configure the domain name for the DHCP pool of the Switch Syntax config dhcp pool domain_name pool_name 12 domain_name 64 Description This command is used to configu...

Page 406: ...ing infinite Command config dhcp pool lease accounting infinite Success DGS 3426 5 config dhcp pool netbios_name_server Purpose Used to configure the IP address es for the Net BIOS name server Syntax config dhcp pool netbios_name_server pool_name 12 ipaddr ipaddr ipaddr Description This command is used to enter the IP address of a Net BIOS Name Server that will be available to a Microsoft DHCP Cli...

Page 407: ... network_addr Purpose Used to configure the network address and corresponding subnet mask for the DHCP pool Syntax config dhcp pool network_addr pool_name 12 network_address Description This command is used to enter the IP address pool to be assigned to requesting DHCP Clients This address will not be chosen but the first 3 sets of numbers in the IP address will be used for the IP address of reque...

Page 408: ...ng 10 99 88 77 Command config dhcp pool next_server accounting 10 99 88 77 Success DGS 3426 5 enable dhcp_server Purpose Used to enable the DHCP function on the switch Syntax enable dhcp_server Description This command along with the disable dhcp_server will enable and disable the DHCP server function without affecting configurations Parameters None Restrictions Only Administrator and Operator lev...

Page 409: ...d from the DHCP Server pool of addresses Syntax create dhcp excluded_address begin_address ipaddr end_address ipaddr Description This command is used to set an IP address or a range of IP addresses that are NOT to be included in the range of IP addresses that the Switch will allot to clients requesting DHCP service Parameters begin_address ipaddr Enter the beginning IP address of the range of IP a...

Page 410: ...from the excluded IP address list from the DHCP pool all Enter this command to delete all excluded IP addresses from the DHCP pool Restrictions Only Administrator and Operator level users can issue this command Example usage To delete excluded IP addresses DGS 3426 5 delete dhcp excluded_address begin_address 10 10 10 1 end_address 10 10 10 10 Command delete dhcp excluded_address begin_address 10 ...

Page 411: ...formation on the switch Parameters pool_name 12 Enter the name of the DHCP pool for which to view DHCP pool information Restrictions None Example usage To display the DHCP pool information DGS 3426 5 show dhcp pool Floor2 Command show dhcp pool Floor2 Pool Name Floor2 Network Address 10 0 0 0 8 Domain Name DNS Server Address 0 0 0 0 NetBIOS Name Server 0 0 0 0 NetBIOS Node Type Broadcast Default R...

Page 412: ...meters config filter dhcp_server add permit server_ip ipaddr client_mac macaddr ports portlist all delete permit server_ip ipaddr client_mac macaddr ports portlist all ports portlist all state enable disable show filter dhcp_server config filter dhcp_server trap_log enable disable config filter dhcp_server illegal_server_log_suppress_duration 1min 5min 30min Each command is listed in detail in the...

Page 413: ... show filter dhcp_server Purpose Used to display current DHCP server client filter list created on the switch Syntax Show filter dhcp_server Description This command is used to display DHCP server client filter list created on the switch The log ceasing unauthorized duration and the log trap state Parameters None Restrictions None Example usage To display the DHCP server client filter list created...

Page 414: ...g suppress duration Syntax config filter dhcp_server illegal_server_log_suppress_duration 1min 5min 30min Description This command Iis used to filter any illegal DHCP server packets The DHCP server who sends the illegal packets will be logged This command is used to suppress the logging of DHCP servers who continue to send illegal DHCP packets The same illegal DHCP server IP address that is detect...

Page 415: ...N Syntax enable rspan Description This command is used to control the RSPAN function The purpose of the RSPAN function is to mirror the packets to the remote switch The packet travels from the source switch through the intermediate switch where the monitored packet is received then to the switch where the sniffer is attached To make the RSPAN work for the source switch the RSPAN VLAN source settin...

Page 416: ...an RSPAN vlan Syntax create rspan vlan vlan_name vlan_name vlan_id value 1 4094 Description This command is used to create the RSPAN VLAN Up to 16 RSPAN VLANs can be created Parameters vlan_name Creates the RSPAN VLAN by VLAN name vlan_id Creates the RSPAN VLAN by VLAN ID Restrictions Only Administrator and Operator level users can issue this command Example usage To create an RSPAN VLAN by VLAN n...

Page 417: ...both Description This command is used to configure the source setting for the RSPAN VLAN on the source switch The output port of the RSPAN mirrored packet will use the same destination port as defined by the mirror command Note That if RSPAN is enabled the packets mirrored to the destination port are always added with RSPAN VLAN tag If the mirror is enabled but RSPAN is disabled the packets mirror...

Page 418: ...cription This command is used by the intermediate or the last switch to configure the output port of the RSPAN VLAN packets The redirect command makes sure that the RSPAN VLAN packets can be egressed to the redirect port In addition to this redirect command the VLAN setting must be correctly configured to make the RSPAN VLAN work correctly That is for the intermediate switch the redirect port must...

Page 419: ...escription This command is used to display RSPAN configuration Parameters vlan_name Specifies the RSPAN VLAN by VLAN name vlan_id Specifies the RSPAN VLAN by VLAN ID Restrictions None Example usage To display RSPAN DGS 3426 5 show rspan Command show rspan RSPAN Enabled RSPAN VLAN ID 2 Source Port RX 1 2 1 5 TX Redirect Port 1 18 Total RSPAN VLAN 1 To display RSPAN by VLAN name DGS 3426 5 show rspa...

Page 420: ...ted with the CIR and is used to identify packets that exceed the normal boundaries of packet size The CBS should be configured to accept the biggest IP packet that is expected in the IP flow EBS Excess Burst Size Measured in bytes the EBS is associated with the CIR and is used to identify packets that exceed the boundaries of the CBS packet size The EBS is to be configured for an equal or larger r...

Page 421: ...s optional field is to be used in conjunction with the PIR The PBS should be configured to accept the biggest IP packet that is expected in the IP flow sr_tcm Choosing this field will allow users to employ the Single Rate Three Color Mode and set the following parameters to determine the color rate of the IP packet flow cir value 1 156249 The Committed Information Rate can be set between 1 156249 ...

Page 422: ...ng the DSCP value to replace drop Enter this parameter to drop packets that are in the red flow counter enable disable Use this parameter to enable or disable the packet counter for the specified ACL entry in the red flow delete Use this parameter to delete the specified flow meter Restrictions Only Administrator and Operator level users can issue this command Only two counters may be enabled at a...

Page 423: ...ow flow_meter profile_id 1 access_id 1 Command show flow_meter profile_id 1 access_id 1 Profile ID 1 Access ID 1 Mode trTCM CIR 1000 64kbps CBS 200 Kbyte PIR 2000 64kbps PBS 200 Kbyte Action Conform Permit Counter Disabled Exceed Permit Replace DSCP 21 Counter Disabled Violate Drop Counter Disabled Total Entries 1 DGS 3426 5 ...

Page 424: ...nel enable bpdu_tunnel disable bpdu_tunnel Each command is listed in detail in the following sections config bpdu_tunnel ports Purpose Used to configure L2PT on specified ports Syntax portlist all type tunnel stp gvrp uplink none Description This command is used to configure L2PT on ports When Q in Q is enabled on the Switch the DA will be replaced by the tunnel multicast address and the BPDU will...

Page 425: ...4 GVRP Tunnel Multicast Address 01 05 5D 00 00 21 GVRP Tunnel Port Uplink Port DGS 3426 5 enable bpdu_tunnel Purpose Used to enable the L2PT function Syntax enable bpdu_tunnel Description This command is used to enable the L2PT function By default L2PT is disabled Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable L2PT DGS 3426 5...

Page 426: ...xStack DGS 3400 Series Layer 2 Gigabit Managed Switch CLI Manual 422 DGS 3426 5 disable bpdu_tunnel Command disable bpdu_tunnel Success DGS 3426 5 ...

Page 427: ...log 1 config gratuitous_arp send periodically ipif ipif_name 12 interval value 0 65535 show gratuitous_arp ipif ipif_name 12 Each command is listed in detail in the following sections create arpentry Purpose Used to make a static entry into the ARP table Syntax create arpentry ipaddr macaddr Description This command is used to enter an IP address and the corresponding MAC address into the Switch s...

Page 428: ...e value 0 65535 Description This command is used to set the maximum amount of time in minutes that an ARP entry can remain in the Switch s ARP table without being accessed before it is dropped from the table Parameters time value 0 65535 The ARP age out time in minutes The value may be set in the range of 0 to 65535 minutes with a default setting of 20 minutes Restrictions Only Administrator and O...

Page 429: ...amic ARP table entries from the Switch s ARP table Static ARP table entries are not affected Parameters None Restrictions Only Administrator and Operator level users can issue this command Example Usage To remove dynamic entries in the ARP table DGS 3426 5 clear arptable Command clear arptable Success DGS 3426 5 config arpentry Purpose Used to configure a static entry in the ARP table Syntax confi...

Page 430: ...tuitous ARP request in a normal situation DGS 3426 5 config gratuitous_arp send ipif_status_up enable Command config gratuitous_arp send ipif_status_up enable Success DGS 3426 5 config gratuitous_arp send dup_ip_detected Purpose Used to enable disable the sending of gratuitous ARP requests while a duplicate IP address is being detected Syntax config gratuitous_arp send duplicate_ip_detected enable...

Page 431: ... the received gratuitous ARP packet disable Disable learning of ARP entry based on the received gratuitous ARP packet Restrictions Only Administrator and Operator level users can issue this command Example usage To enable learning of ARP entry based on the received gratuitous ARP packet DGS 3426 5 config gratuitous_arp learning enable Command config gratuitous_arp learning enable Success DGS 3426 ...

Page 432: ...y Purpose Used to configure the interval for periodical sending of gratuitous ARP request packet Syntax config gratuitous_arp send periodically ipif ipif_name 12 interval value 0 65535 Description The command is used to configure the interval for the periodic sending of gratuitous ARP request packets By default the interval is 0 Parameters ipif_name 12 The name of the Layer 3 interface value 0 655...

Page 433: ...p state DGS 3426 5 show gratuitous_arp Command show gratuitous_arp Send on IPIF status up Disabled Send on Duplicate_IP_Detected Disabled Gratuitous ARP Learning Disabled IP Interface Name System Gratuitous ARP Trap Disabled Gratuitous ARP Log Disabled Gratuitous ARP Periodical Send Interval 0 Total Entries 1 DGS 3426 5 ...

Page 434: ...on network show authorization Each command is listed in detail in the following sections create authentication guest_vlan Purpose Used to assign a static VLAN to be guest VLAN Syntax create authentication guest_vlan vlan vlan_name 32 vlanid vlanid 1 4094 Description This command is used to assign a static VLAN to be a guest VLAN The specific VLAN which is assigned to a guest VLAN must exist first ...

Page 435: ...rtlist all Description The user can use this command to assign or remove ports to from a guest VLAN If multi_authen_methods mode is none this port is doing a single authentication The port will operate based on the guest VLAN configured by the single authentication module s command If the single authentication module s guest VLAN command for example JWAC has no guest VLAN command is not available ...

Page 436: ...tication Parameters portlist Specifies the ports to be configured auth_mode Choose between port based or host based port based If one of the attached hosts passes the authentication process all hosts on the same port will be granted access to the network If the user fails the authorization process this port will keep trying the next authentication host based Every user can be authenticated individ...

Page 437: ...w authentication ports portlist Description This command is used to display the authentication method and authorization mode on ports Parameters portlist Displays compound authentication on specific port s Restrictions None Example usage To display authentication settings for all ports DGS 3426 5 show authentication ports Command show authentication ports Port Methods Authorized Mode 1 1 Any Host_...

Page 438: ...tion network Success DGS 3426 5 disable authorization network Purpose To disable authorization on the Switch Syntax disable authorization network Description This command is used to disable the authorization of the network When the authorization for network is disabled the authorization data assigned by the RADUIS server will not be accepted and take effect Authorization for the network is enabled...

Page 439: ...ck DGS 3400 Series Layer 2 Gigabit Managed Switch CLI Manual 435 Example usage To display authorization DGS 3426 5 show authorization Command show authorization Authorization for Network Enabled DGS 3426 5 ...

Page 440: ..._http_port tcp_port_number 1 65535 http https create wac user username 15 vlan vlan_name 32 vlanid vlanid 1 4094 delete wac user username 15 all_users config wac user username 15 vlan vlan_name 32 vlanid vlanid 1 4094 clear_vlan config wac authorization network radius enable disable local enable disable 1 show wac show wac ports portlist show wac user show wac auth_state ports portlist clear wac a...

Page 441: ... port level settings on the Switch Parameters state Specifies to enable disable WAC state aging_time A time period during which an authenticated host will be kept in authenticated state infinite indicates the authenticated host on the port will not ageout The default value is 24 hours idle_time A time period after which an authenticated host will be moved to an un authenticated state if there is n...

Page 442: ...eachable the authentication will fail When the authentication failover is enabled if RADIUS servers authentication are unreachable the local database will be used to do the authentication The default state is disabled Parameters enable Enables the protocol authentication failover disable Disables the protocol authentication failover Restrictions Only Administrator and Operator level users can issu...

Page 443: ... WAC clear default redirect path DGS 3426 5 config wac clear_default_redirpath Command config wac clear_default_redirpath Success DGS 3426 5 config wac virtual_ip Purpose Used to configure the WAC virtual IP address used to accept authentication requests from an unauthenticated host Syntax config wac virtual_ip ipaddr Description When the virtual IP is specified the TCP packet sent to the virtual ...

Page 444: ...ccess the login page If not specified the default port number for HTTP is 80 and the default port number for HTTPS is 443 If no protocol is specified the protocol is HTTP The HTTP cannot run at TCP port 443 and the HTTPS cannot run at TCP port 80 Parameters tcp_port_number 1 65535 A TCP port which the WAC Switch listens to and uses to finish the authenticating process http To specify that WAC runs...

Page 445: ...hentication VLAN name Restrictions Only Administrator and Operator level users can issue this command Example usage To create WAC account DGS 3426 5 create wac user vlan vlanid 2 Command create wac user vlan vlanid 2 Enter a case sensitive new password Enter the new password again for confirmation Success DGS 3426 5 delete wac user Purpose Used to delete the Web based access control Syntax delete ...

Page 446: ...iguration Syntax config wac authorization network radius enable disable local enable disable Description This command is used to configure the acceptance of an authorized configuration When the authorization is enabled for WAC s radius the authorized data assigned by the RADUIS server will be accepted if the global authorization network is also enabled When the authorization is enabled for WAC s l...

Page 447: ...tual IP 0 0 0 0 Switch HTTP Port 80 HTTP RADIUS Authorization Enabled Local Authorization Disabled DGS 3426 5 show wac ports Purpose Used to display the Web Authentication port level settings Syntax show wac ports portlist Description This command is used to display the port level setting Parameters ports A range of member ports to show the status Restrictions None Example usage To show WAC ports ...

Page 448: ...N will be displayed target VLAN ID is 1234 in this example 3 mac 00 00 00 00 00 03 failed to pass authentication the VID field will be shown as indicating that packets with SA 00 00 00 00 00 03 will be droped no matter which VLAN these packets are from 4 mac 00 00 00 00 00 04 attempts to start authentication the VID field will be shown as until authentication completed If port 2 is in port based m...

Page 449: ...t Syntax clear wac auth_state ports portlist all authenticated authenticating blocked macaddr macaddr Description This command is used to clear the authentication state of a port If the port is in port based mode the port will return to an un authenticated state All the timers associated with the port will be reset If the port is in host based mode users on this port will be cleared The user needs...

Page 450: ...S 3400 Series Layer 2 Gigabit Managed Switch CLI Manual 446 Example usage To clear WAC authentication state DGS 3426 5 clear wac auth_state ports 1 5 Command clear wac auth_state ports 1 1 1 5 Success DGS 3426 5 ...

Page 451: ...ne Interface CLI are listed along with the appropriate parameters in the following table Command Parameters create dot1v_protocol_group group_id id config dot1v_protocol_group group_id id add delete protocol ethernet_2 ieee802 3_snap ieee802 3_llc protocol_value delete dot1v_protocol_group group_id id show dot1v_protocol_group group_id id config port dot1v ports portlist all add protocol_group gro...

Page 452: ... using the following protocol_value ieee802 3_snap Choose this parameter if you wish this protocol group to employ the Sub Network Access Protocol SNAP frame type This frame type is identified by the 16 bit 2 octet IEEE802 3 type field in the packet header which is to be stated using the following protocol_value ieee802 3_llc Choose this parameter if you wish this protocol group to employ the Link...

Page 453: ...tion This command is used to display the configurations of a protocol VLAN group Parameters group_id id Enter an integer from 1 to 16 to identify the protocol VLAN group to be displayed Entering this command without the group_id parameter will display the configurations for all configured protocol VLAN groups Restrictions None Example usage To display the configurations for a protocol VLAN group D...

Page 454: ...or which to add a tag to ingress untagged packets vlanid Identify the VLAN ID for which to add a tag to ingress untagged packets delete protocol_group Use this parameter to remove this protocol VLAN group s association with the ports stated in this command by using the following parameters group_id id Enter this parameter with its corresponding group number to remove this pre defined protocol grou...

Page 455: ... To configure the ports for a protocol VLAN group DGS 3426 5 show port dot1v ports 1 6 1 8 Command show port dot1v ports 1 6 1 8 Port 1 6 Protocol Group ID VLAN Name 1 RG1 Port 1 7 Protocol Group ID VLAN Name 1 RG1 Port 1 8 Protocol Group ID VLAN Name 1 RG1 Total Entries 3 DGS 3426 5 ...

Page 456: ... name 16 show ipmc_vlan_replication show ipmc_vlan_replication_entry name 16 Each command is listed in detail in the following sections enable ipmc_vlan_replication Purpose Used to enable static IP multicast VLAN replication on the Switch Syntax enable ipmc_vlan_replication Description This command is used to enable static IP multicast VLAN replication on the Switch The replication function is ena...

Page 457: ... the ttl will be decreased src_mac replace no_replace Specifies whether to replace the source Mac address of the packet By default the source MAC address will be replaced Restrictions Only Administrator and Operator level users can issue this command Example usage To specify that the ttl decreases for the IP multicast VLAN replicated packet DGS 3426 5 config ipmc_vlan_replication ttl decrease Comm...

Page 458: ...th the multicast group Each V G S will consume one resource entry Therefore the resource entry consumed by a replication entry is not constant and it will be determined by the number of V G S pair defined by the entry If the entries V G S and V G both exist in the table the entries V G will not take effect Parameters name 16 The name of the IP multicast VLAN replication entry vlan vlan_name 32 The...

Page 459: ...e add or delete destination vlan vlan_name 32 The outgoing vlan name vlanid vidlist The outgoing vlan ID ports portlist The outgoing port list Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the destination of an IP multicast VLAN replication entry DGS 3426 5 config ipmc_vlan_replication_entry destination rg1 add vlanid 5 ports 10 17 Comma...

Page 460: ...ase Source MAC Address Replace DGS 3426 5 show ipmc_vlan_replication_entry Purpose Used to display the IP multicast VLAN replication entries Syntax show ipmc_vlan_replication_entry name 16 Description This command is used to display the IP multicast VLAN replication entry Parameters name 16 The name of the IP multicast VLAN replication entry Restrictions None Example usage To display an IP multica...

Page 461: ...3ad Link Aggregation Control IEEE 802 3x Full duplex Flow Control IEEE 802 1u Fast Ethernet IEEE 802 3af Power over Ethernet Protocols CSMA CD Data Transfer Rates Ethernet Fast Ethernet Gigabit Ethernet Fiber Optic Half duplex Full duplex 10 Mbps 20Mbps 100Mbps 200Mbps 1000Mbps 2000Mbps SFP Mini GBIC Support IEEE 802 3z 1000BASE LX DEM 310GT transceiver IEEE 802 3z 1000BASE SX DEM 311GT transceive...

Page 462: ...C Humidity 5 95 non condensing Dimensions 441mm x 389mm x 44mm Weight DGS 3400 Series Switch DGS 3426 5 42 kg DGS 3426P 6 kg DGS 3427 5 51 kg DGS 3450 5 74 kg Module Inserts DEM 410CX 0 16 kg DEM 410X 0 18 kg EMI CE class A FCC Class A Safety CSA International CB Report Performance Transmission Method Store and forward Packet Buffer 0 75 MB per device Packet Filtering Forwarding Rate Full wire spe...

Reviews:

No comments

Related manuals for xStack DGS-3400 Series

Eaton Network Card-MS User Manual preview
Network Card-MS
Brand: Eaton Pages: 89
CyberTAN WR214C User Manual preview
WR214C
Brand: CyberTAN Pages: 67
Nexxt NOVA300 AML02304U1 User Manual preview
NOVA300 AML02304U1
Brand: Nexxt Pages: 75
Idis DR-6308P Quick Manual preview
DR-6308P
Brand: Idis Pages: 20
Ubiquiti UniFi LED ULED-AT Quick Start Manual preview
UniFi LED ULED-AT
Brand: Ubiquiti Pages: 16
Chase Research IOLINK-130 Installation & Application Manual preview
IOLINK-130
Brand: Chase Research Pages: 114
Sierra Wireless AirCard 750 Installation preview
AirCard 750
Brand: Sierra Wireless Pages: 2
LevelOne NetCon FBR-1409TX User Manual preview
NetCon FBR-1409TX
Brand: LevelOne Pages: 88
Valcom VIP-822 User Manual preview
VIP-822
Brand: Valcom Pages: 4
Goobay 93122 User Manual preview
93122
Brand: Goobay Pages: 20
Matrix Switch Corporation MSC-2HD1624S Product Manual preview
MSC-2HD1624S
Brand: Matrix Switch Corporation Pages: 54
Xinje VH5 Series User Manual preview
VH5 Series
Brand: Xinje Pages: 76
Juniper WX 100 Quick Start Manual preview
WX 100
Brand: Juniper Pages: 6
Cayman Systems 2E-W User Manual preview
2E-W
Brand: Cayman Systems Pages: 170
AIC HA201-AP User Manual preview
HA201-AP
Brand: AIC Pages: 64
Tachosys digiDL-B Administration Manual preview
digiDL-B
Brand: Tachosys Pages: 15
Lantech TWAP-5006 User Manual preview
TWAP-5006
Brand: Lantech Pages: 20
socomec ATyS g M 2P Instruction Manual preview
ATyS g M 2P
Brand: socomec Pages: 54

Brands by name

Popular brands

Load more brands