Dell Networking 2048 Reference Manual Download Page 206 | Manualshive

Page: 206 / 1823

background image

Using the CLI

206

Management Interface Security

This section describes the minimum set of management interface security

measures implemented by the CLI. Management interface security consists

of user account management, user access control and remote network/host

access controls.

CLI through Telnet, SSH, Serial Interfaces

The CLI is accessible through a local serial interface/console port, the out-of-

band interface, or in-band interfaces. Since the console port requires a

physical connection for access, it is used if all else fails. The console port

interface is the only interface from which the user may access the Easy Setup

Wizard. It is the only interface that the user can access if the remote

authentication servers are down and the user has not configured the system to

revert to local managed accounts.
The following rules and specifications apply to these interfaces:

• The CLI is accessible from remote telnet through the IP address for the

switch. IP addresses are assigned separately for the out-of-band interface

and the in-band ports.

• The CLI is accessible from a secure shell interface.
• The CLI generates keys for SSH locally.
• The serial session defaults to 9600 baud rate, eight data bits, non-parity

and one stop bit.

User Accounts Management

The CLI provides authentication for users either through remote

authentication servers supporting or Radius or through a set of

locally managed user accounts. The setup wizard asks the user to create the

initial administrator account and password at the time the system is booted.
The following rules and specifications apply:

• The user may create five local user accounts.
• User accounts have an access level, a user name, and a user password.
• The user is able to delete the user accounts but the user will not be able to

delete the last level 15 account.

2CSNXXX_SWUM200.book Page 206 Tuesday, December 10, 2013 1:22 PM

«
...
204
205
206
207
208
...
»

Summary of Contents for Networking 2048

Page 1: ...Dell Networking 2024 2048 3024 3048 4032 4064 CLI Reference Guide Regulatory Model N2024 N2024P N2048 N2048P N3024 N3024F N3024P N3048 N3048P N4032 N4032F N4064 N4064F ...

Page 2: ...marks of Dell Inc StrataXGS is a registered trademark of Broadcom Corp sFlow is a registered trademark of InMon Corporation Cisco is a registered trademark of Cisco Systems Inc and or its affiliates in the United States and certain other countries Microsoft and Windows are registered trademarks of Microsoft Corporation in the United States and or other countries Other trademarks and trade names ma...

Page 3: ...on 83 Command Groups 83 Mode Types 87 Layer 2 Commands 89 Layer 3 Commands 127 Utility Commands 156 2 Using the CLI 179 Introduction 179 Entering and Editing CLI Commands 179 CLI Command Modes 190 Starting the CLI 203 Using CLI Functions and Tools 203 ...

Page 4: ...le 221 aaa authentication login 223 aaa authorization 224 aaa authorization network default radius 227 aaa ias user username 227 aaa new model 228 clear IAS 229 authorization 229 enable authentication 230 enable password 231 ip http authentication 232 ip https authentication 233 login authentication 235 password aaa IAS User Configuration 236 password Line Configuration 237 ...

Page 5: ... users accounts 242 show users login history 243 username 244 username unlock 246 5 Administrative Profiles Commands 249 Overview 249 Commands in this Chapter 250 admin profile 251 description Administrative Profile Configuration 251 rule 252 show admin profiles 253 show admin profiles brief 254 show cli modes 255 6 ACL Commands 257 ACL Logging 257 ...

Page 6: ...ess list extended rename 272 service acl input 273 show service acl interface 274 show access lists interface 274 show ip access lists 275 show mac access lists 276 7 Address Table Commands 279 Commands in this Chapter 280 clear mac address table 280 mac address table aging time 281 mac address table multicast forbidden address 282 mac address table static vlan 283 port security 284 port security ...

Page 7: ...e interface 290 show mac address table static 291 show mac address table vlan 292 show ports security 293 show ports security addresses 294 8 Auto VoIP Commands 297 Commands in this Chapter 297 show switchport voice 298 switchport voice detect auto 300 9 CDP Interoperability Commands 301 Commands in this Chapter 301 clear isdp counters 301 clear isdp table 302 isdp advertise v2 302 isdp enable 303...

Page 8: ...s Chapter 311 dhcp l2relay Global Configuration 312 dhcp l2relay Interface Configuration 312 dhcp l2relay circuit id 313 dhcp l2relay remote id 314 dhcp l2relay trust 314 dhcp l2relay vlan 315 show dhcp l2relay all 316 show dhcp l2relay interface 316 show dhcp l2relay stats interface 317 show dhcp l2relay subscription interface 318 show dhcp l2relay agent option vlan 319 show dhcp l2relay vlan 319...

Page 9: ...e dhcp 324 renew dhcp 325 debug dhcp packet 326 show dhcp lease 326 12 DHCP Snooping Commands 329 Commands in this Chapter 330 clear ip dhcp snooping binding 330 clear ip dhcp snooping statistics 331 ip dhcp snooping 331 ip dhcp snooping binding 332 ip dhcp snooping database 333 ip dhcp snooping database write delay 334 ip dhcp snooping limit 335 ip dhcp snooping log invalid 336 ip dhcp snooping t...

Page 10: ...oping statistics 342 13 Dynamic ARP Inspection Commands 345 Commands in this Chapter 345 arp access list 345 clear ip arp inspection statistics 346 ip arp inspection filter 347 ip arp inspection limit 347 ip arp inspection trust 348 ip arp inspection validate 349 ip arp inspection vlan 350 permit ip host mac host 351 show arp access list 351 show ip arp inspection 352 show ip arp inspection vlan 3...

Page 11: ...ssage type subject 363 logging email logtime 363 logging email test message type 364 show logging email statistics 364 clear logging email statistics 365 security 366 mail server ip address hostname 366 port Mail Server Configuration Mode 367 username Mail Server Configuration Mode 368 password Mail Server Configuration Mode 368 show mail server 369 15 Ethernet Configuration Commands 371 Commands ...

Page 12: ...apture Privileged Exec 382 rate limit cpu 383 show interfaces advertise 385 show interfaces configuration 387 show interfaces counters 388 show interfaces description 391 show interfaces detail 392 show interfaces status 393 show interfaces transceiver 396 show monitor capture 397 show statistics 398 show statistics switchport 401 show storm control 403 shutdown 403 ...

Page 13: ...protected 410 show system internal pktmgr 410 show system mtu 411 system jumbo mtu 412 16 Ethernet CFM Commands 415 Commands in this Chapter 415 ethernet cfm domain 416 service 417 ethernet cfm cc level 417 ethernet cfm mep level 418 ethernet cfm mep enable 419 ethernet cfm mep active 420 ethernet cfm mep archive hold time 420 ethernet cfm mip level 421 ping ethernet cfm 422 ...

Page 14: ...t cfm statistics 427 debug cfm 428 17 Green Ethernet Commands 431 Energy Detect Mode 431 Energy Efficient Ethernet 431 Commands in this Chapter 431 green mode energy detect 432 green mode eee 433 clear green mode statistics 434 green mode eee lpi history 434 show green mode interface id 435 show green mode 439 show green mode eee lpi history interface 440 18 GVRP Commands 443 Commands in this Chap...

Page 15: ...1 19 IGMP Snooping Commands 453 Commands in this Chapter 454 ip igmp snooping 454 show ip igmp snooping 456 show ip igmp snooping groups 457 show ip igmp snooping mrouter 458 ip igmp snooping vlan immediate leave 459 ip igmp snooping vlan groupmembership interval 460 ip igmp snooping vlan last member query interval 461 ip igmp snooping vlan mcrtrexpiretime 462 ip igmp snooping report suppression 4...

Page 16: ...erval 470 ip igmp snooping querier timer expiry 471 ip igmp snooping querier version 472 show ip igmp snooping querier 473 21 IP Addressing Commands 477 Commands in this Chapter 477 clear host 478 clear ip address conflict detect 478 interface out of band 479 ip address Out of Band 479 ip address conflict detect run 481 ip address dhcp Interface Configuration 481 ip default gateway 483 ip domain l...

Page 17: ...iguration 491 ipv6 gateway OOB Configuration 491 show hosts 492 show ip address conflict 493 show ip helper address 494 show ipv6 dhcp interface out of band statistics 495 show ipv6 interface out of band 496 22 IPv6 Access List Commands 497 Commands in this Chapter 497 deny permit IPv6 ACL 498 ipv6 access list 504 ipv6 access list rename 504 ipv6 traffic filter 505 show ipv6 access lists 507 ...

Page 18: ...an mcrtexpiretime 513 ipv6 mld snooping vlan mrouter 514 ipv6 mld snooping Global 514 show ipv6 mld snooping 515 show ipv6 mld snooping groups 517 show ipv6 mld snooping mrouter 519 24 IPv6 MLD Snooping Querier Commands 521 Commands in this Chapter 521 ipv6 mld snooping querier 521 ipv6 mld snooping querier VLAN mode 522 ipv6 mld snooping querier address 523 ipv6 mld snooping querier election part...

Page 19: ...ort security 531 ip verify binding 531 show ip verify 532 show ip verify source 533 show ip source binding 534 26 iSCSI Optimization Commands 535 Commands in this Chapter 536 iscsi aging time 536 iscsi cos 537 iscsi enable 539 iscsi target port 540 show iscsi 542 show iscsi sessions 543 27 Link Dependency Commands 545 Commands in this Chapter 545 ...

Page 20: ...s Chapter 552 clear lldp remote data 552 clear lldp statistics 553 dcb enable 554 lldp med 554 lldp med confignotification 555 lldp med faststartrepeatcount 555 lldp med transmit tlv 556 lldp notification 557 lldp notification interval 557 lldp receive 558 lldp timers 559 lldp transmit 560 lldp transmit mgmt 561 lldp transmit tlv 561 ...

Page 21: ...med local device detail 567 show lldp med remote device 568 show lldp remote device 570 show lldp statistics 571 29 Multicast VLAN Registration Commands 575 Commands in this Chapter 576 mvr 576 mvr group 576 mvr mode 577 mvr querytime 578 mvr vlan 579 mvr immediate 580 mvr type 581 mvr vlan group 582 show mvr 583 show mvr members 584 ...

Page 22: ...G Hashing 591 Manual Aggregation of LAGs 592 Flexible Assignment of Ports to LAGs 592 Commands in this Chapter 592 channel group 593 interface port channel 594 interface range port channel 594 hashing mode 595 lacp port priority 596 lacp system priority 597 lacp timeout 598 port channel local preference 599 port channel min links 600 show interfaces port channel 601 ...

Page 23: ...c 608 feature vpc 609 peer detection enable 610 peer keepalive destination 611 peer keepalive enable 612 role priority 614 show vpc 615 show vpc brief 616 show vpc consistency parameters 618 show vpc consistency features 619 show vpc peer keepalive 619 show vpc role 620 show vpc statistics 621 vpc 622 vpc domain 623 vpc peer link 624 ...

Page 24: ...w vlan remote span 633 33 QoS Commands 635 Access Control Lists 635 Layer 2 ACLs 636 Layer 3 4 IPv4 ACLs 636 Class of Service CoS 636 Queue Mapping 637 Commands in this Chapter 638 assign queue 639 class 639 class map 640 class map rename 641 classofservice dot1p mapping 642 classofservice ip dscp mapping 643 classofservice trust 646 ...

Page 25: ...fserv 653 drop 653 mark cos 654 mark ip dscp 655 mark ip precedence 655 match class map 656 match cos 657 match destination address mac 658 match dstip 659 match dstip6 659 match dstl4port 660 match ethertype 661 match ip6flowlbl 662 match ip dscp 662 match ip precedence 663 match ip tos 664 match protocol 665 ...

Page 26: ... two rate 673 policy map 674 random detect queue parms 675 random detect exponential weighting constant 678 redirect 678 service policy 679 show class map 680 show classofservice dot1p mapping 682 show classofservice ip dscp mapping 683 show classofservice trust 685 show diffserv 686 show diffserv service interface 686 show diffserv service interface port channel 687 ...

Page 27: ...policy map interface 692 show service policy 693 traffic shape 694 vlan priority 695 34 RADIUS Commands 697 Commands in this Chapter 700 aaa accounting dot1x default start stop 701 accounting 702 acct port 703 auth port 704 deadtime 705 debug aaa accounting 705 key 706 key encrypted 707 msgauth 708 name RADIUS server 708 primary 709 ...

Page 28: ...ypted 715 radius server retransmit 715 radius server source ip 716 radius server timeout 717 retransmit 718 show aaa servers 718 show accounting methods 721 show radius statistics 721 source ip 725 timeout 726 usage 726 35 Spanning Tree Commands 729 Commands in this Chapter 730 clear spanning tree detected protocols 731 exit mst 732 instance mst 732 ...

Page 29: ...backbonefast 744 spanning tree bpdu flooding 745 spanning tree bpdu protection 746 spanning tree cost 747 spanning tree disable 748 spanning tree forward time 749 spanning tree guard 750 spanning tree loopguard 750 spanning tree max age 751 spanning tree max hops 752 spanning tree mode 753 spanning tree mst configuration 754 spanning tree mst cost 755 spanning tree mst port priority 756 ...

Page 30: ...0 spanning tree priority 762 spanning tree tcnguard 763 spanning tree transmit hold count 763 spanning tree uplinkfast 764 spanning tree vlan 765 spanning tree vlan forward time 766 spanning tree vlan hello time 767 spanning tree vlan max age 768 spanning tree vlan root 769 spanning tree vlan priority 769 36 TACACS Commands 771 Commands in this Chapter 771 key 772 key encrypted 772 port 773 priori...

Page 31: ...781 Detecting Unidirectional Links on a Device Port 781 Processing UDLD Traffic from Neighbors 782 UDLD in Normal mode 782 UDLD in Aggressive mode 782 Commands in this Chapter 783 udld enable Global Configuration 783 udld reset 784 udld message time 785 udld timeout interval 785 udld enable Interface Configuration 786 udld port 787 show udld 787 debug udld 789 ...

Page 32: ...e VLAN Commands 793 Commands in this Chapter 796 dvlan tunnel ethertype 797 interface vlan 799 interface range vlan 800 mode dvlan tunnel 801 name VLAN Configuration 802 protocol group 803 protocol vlan group 804 protocol vlan group all 805 show dvlan tunnel 806 show dvlan tunnel interface 807 show interfaces switchport 808 show port protocol 811 show vlan 812 ...

Page 33: ... allowed vlan 817 switchport general ingress filtering disable 818 switchport general pvid 819 switchport mode 820 switchport trunk 821 vlan 823 vlan association mac 824 vlan association subnet 825 vlan makestatic 825 vlan protocol group 826 vlan protocol group add protocol 827 vlan protocol group name 828 vlan protocol group remove 829 switchport private vlan 830 switchport mode private vlan 831 ...

Page 34: ... 837 show voice vlan 838 40 802 1x Commands 841 Local 802 1X Authentication Server 841 MAC Authentication Bypass 842 Guest VLAN 843 802 1x Monitor Mode 843 RADIUS based Dynamic VLAN Assignment 844 Commands in this Chapter 844 dot1x dynamic vlan enable 845 dot1x initialize 846 dot1x eapolflood 846 dot1x mac auth bypass 847 dot1x max req 848 dot1x max users 849 ...

Page 35: ...meout re authperiod 855 dot1x timeout server timeout 856 dot1x timeout tx period 857 authentication enable 858 authentication order 859 authentication priority 859 authentication restart 860 clear authentication statistics 861 clear authentication authentication history 862 show authentication 862 show authenticaton authentication history 863 show authentication statistics 864 show dot1x 865 show ...

Page 36: ... dot1x advanced 876 41 Data Center Technology Commands 879 42 Data Center Bridging Commands 881 Data Center Bridging Exchange Protocol 881 Interoperability with IEEE DCBX 885 Port Roles 885 Commands in this Chapter 889 Data Center Bridging Capability Exchange Commands 889 datacenter bridging 889 lldp dcbx version 890 lldp tlv select dcbxp dcb enable 891 lldp dcbx port role 893 show lldp tlv select...

Page 37: ...903 traffic class group weight 905 show classofservice traffic class group 906 show interfaces traffic class group 907 43 Priority Flow Control Commands 909 Commands in this Chapter 910 priority flow control mode 910 priority flow control priority 911 clear priority flow control statistics 912 show interfaces priority flow control 913 44 Layer 3 Commands 917 45 ARP Commands 919 ARP Aging 920 Comma...

Page 38: ...925 clear arp cache 926 clear arp cache management 927 ip local proxy arp 928 ip proxy arp 928 show arp 929 46 DHCP Server and Relay Agent Commands 931 Commands in this Chapter 932 ip dhcp pool 932 bootfile 935 clear ip dhcp binding 935 clear ip dhcp conflict 936 client identifier 937 client name 937 default router 938 ...

Page 39: ...dhcp conflict logging 943 ip dhcp excluded address 943 ip dhcp ping packets 944 lease 945 netbios name server 946 netbios node type 947 network 947 next server 948 option 949 service dhcp 953 sntp 953 show ip dhcp binding 954 show ip dhcp conflict 955 show ip dhcp global configuration 955 show ip dhcp pool 956 show ip dhcp server statistics 956 ...

Page 40: ...963 prefix delegation 965 service dhcpv6 966 show ipv6 dhcp 967 show ipv6 dhcp binding 967 show ipv6 dhcp interface User EXEC 968 show ipv6 dhcp interface Privileged EXEC 970 show ipv6 dhcp pool 973 show ipv6 dhcp statistics 973 48 DHCPv6 Snooping Commands 975 clear ipv6 dhcp snooping binding 975 clear ipv6 dhcp snooping statistics 976 ipv6 dhcp snooping 976 ipv6 dhcp snooping vlan 977 ...

Page 41: ...p snooping verify mac address 983 ipv6 verify binding 984 ipv6 verify source 985 show ipv6 dhcp snooping 986 show ipv6 dhcp snooping binding 987 show ipv6 dhcp snooping database 988 show ipv6 dhcp snooping interfaces 989 show ipv6 dhcp snooping statistics 989 show ipv6 source binding 990 show ipv6 verify 991 show ipv6 verify source 992 49 DVMRP Commands 995 Commands in this Chapter 995 ip dvmrp 99...

Page 42: ...mmands in this Chapter 1004 gmrp enable 1004 show gmrp configuration 1005 51 IGMP Commands 1007 Commands in this Chapter 1008 ip igmp last member query count 1009 ip igmp last member query interval 1009 ip igmp mroute proxy 1010 ip igmp query interval 1011 ip igmp query max response time 1012 ip igmp robustness 1013 ip igmp startup query count 1014 ip igmp startup query interval 1014 ...

Page 43: ...igmp proxy service 1021 ip igmp proxy service reset status 1022 ip igmp proxy service unsolicit rprt interval 1023 show ip igmp proxy service 1024 show ip igmp proxy service interface 1025 show ip igmp proxy groups 1025 show ip igmp proxy service groups detail 1026 53 IP Helper DHCP Relay Commands 1029 Commands in this Chapter 1031 bootpdhcprelay maxhopcount 1031 bootpdhcprelay minwaittime 1032 cl...

Page 44: ... 1037 ip helper address interface configuration 1038 ip helper enable 1040 show ip helper address 1041 show ip dhcp relay 1042 show ip helper statistics 1043 54 IP Routing Commands 1045 Static Routes ECMP Static Routes 1045 Static Reject Routes 1046 Default Routes 1046 Commands in this Chapter 1046 encapsulation 1047 ip address 1047 ip netdirbcast 1049 ip policy route map 1049 ip route 1050 ip rou...

Page 45: ...ce null0 1059 set ip default next hop 1060 set ip next hop 1061 set ip precedence 1062 show ip brief 1063 show ip interface 1064 show ip policy 1065 show ip protocols 1066 show ip route 1070 show ip route preferences 1072 show ip route summary 1073 show ip traffic 1074 show ip vlan 1075 show route map 1076 show routing heap summary 1078 ...

Page 46: ...1086 ipv6 host 1086 ipv6 mld last member query count 1087 ipv6 mld last member query interval 1088 ipv6 mld host proxy 1088 ipv6 mld host proxy reset status 1089 ipv6 mld host proxy unsolicit rprt interval 1090 ipv6 mld query interval 1090 ipv6 mld query max response time 1091 ipv6 nd dad attempts 1092 ipv6 nd managed config flag 1093 ipv6 nd ns interval 1093 ipv6 nd other config flag 1094 ipv6 nd...

Page 47: ...ing ipv6 interface 1103 rate limit cpu 1105 show ipv6 brief 1107 show ipv6 interface 1107 show ipv6 interface management statistics 1110 show ipv6 mld groups 1111 show ipv6 mld host proxy 1113 show ipv6 mld interface 1114 show ipv6 mld host proxy 1116 show ipv6 mld host proxy groups 1118 show ipv6 mld host proxy groups detail 1119 show ipv6 mld host proxy interface 1121 show ipv6 mld traffic 1122 ...

Page 48: ...an 1129 traceroute ipv6 1129 56 Loopback Interface Commands 1133 Commands in this Chapter 1133 interface loopback 1133 show interfaces loopback 1134 57 Multicast Commands 1137 Commands in this Chapter 1138 clear ip mroute 1138 ip mcast boundary 1140 ip mroute 1140 ip multicast routing 1141 ip multicast ttl threshold 1142 ip pim 1143 ip pim bsr border 1144 ...

Page 49: ...ip pim rp candidate 1150 ip pim sparse mode 1150 ip pim ssm 1151 show ip multicast 1152 show ip pim boundary 1153 show ip multicast interface 1154 show ip mroute 1154 show ip mroute group 1155 show ip mroute source 1156 show ip mroute static 1157 show ip pim 1157 show ip pim bsr router 1158 show ip pim interface 1159 show ip pim neighbor 1161 show ip pim rp hash 1162 ...

Page 50: ...ense mode 1171 ipv6 pim dr priority 1171 ipv6 pim hello interval 1172 ipv6 pim join prune interval 1173 ipv6 pim register threshold 1173 ipv6 pim rp address 1174 ipv6 pim rp candidate 1175 ipv6 pim sparse mode 1176 ipv6 pim ssm 1176 show ipv6 pim 1177 show ipv6 pim bsr router 1178 show ipv6 mroute group 1182 show ipv6 mroute source 1183 show ipv6 pim interface 1184 show ipv6 pim neighbor 1185 ...

Page 51: ...94 Graceful Restart 1194 Commands in this Chapter 1194 area default cost Router OSPF 1196 area nssa Router OSPF 1196 area nssa default info originate Router OSPF Config 1198 area nssa no redistribute 1199 area nssa no summary 1200 area nssa translator role 1200 area nssa translator stab intv 1201 area range Router OSPF 1202 area stub 1205 area stub no summary 1206 area virtual link 1206 area virtu...

Page 52: ... 1214 capability opaque 1215 clear ip ospf 1216 clear ip ospf stub router 1217 compatible rfc1583 1217 default information originate Router OSPF Configuration 1218 default metric 1219 distance ospf 1220 distribute list out 1221 enable 1222 exit overflow interval 1223 external lsdb limit 1224 ip ospf area 1225 ip ospf authentication 1225 ip ospf cost 1226 ip ospf database filter all out 1227 ...

Page 53: ...ansmit interval 1232 ip ospf transmit delay 1233 log adjacency changes 1233 max metric router lsa 1234 maximum paths 1236 network area 1237 nsf 1238 nsf helper 1239 nsf helper strict lsa checking 1239 nsf restart interval 1240 passive interface default 1241 passive interface 1242 redistribute 1242 router id 1244 router ospf 1244 show ip ospf 1245 ...

Page 54: ...ief 1261 show ip ospf interface stats 1262 show ip ospf neighbor 1262 show ip ospf range 1266 show ip ospf statistics 1267 show ip ospf stub table 1269 show ip ospf traffic 1270 show ip ospf virtual link 1272 show ip ospf virtual links brief 1273 timers pacing flood 1273 timers pacing lsa group 1274 timers spf 1275 60 OSPFv3 Commands 1277 area default cost Router OSPFv3 1278 area nssa Router OSPFv...

Page 55: ...85 area stub 1286 area stub no summary 1287 area virtual link 1287 area virtual link dead interval 1289 area virtual link hello interval 1290 area virtual link retransmit interval 1291 area virtual link transmit delay 1292 default information originate Router OSPFv3 Configuration 1292 default metric 1293 distance ospf 1294 enable 1295 exit overflow interval 1296 external lsdb limit 1297 ipv6 ospf ...

Page 56: ...ity 1303 ipv6 ospf retransmit interval 1304 ipv6 ospf transmit delay 1305 ipv6 router ospf 1305 maximum paths 1306 nsf 1307 nsf helper 1308 nsf helper strict lsa checking 1309 nsf restart interval 1309 passive interface 1310 passive interface default 1311 redistribute 1312 router id 1312 show ipv6 ospf 1313 show ipv6 ospf abr 1317 show ipv6 ospf area 1318 ...

Page 57: ...nterface stats 1325 show ipv6 ospf interface vlan 1326 show ipv6 ospf neighbor 1327 show ipv6 ospf range 1329 show ipv6 ospf stub table 1329 show ipv6 ospf virtual links 1330 show ipv6 ospf virtual link brief 1331 61 Router Discovery Protocol Commands 1333 Commands in this Chapter 1333 ip irdp 1333 ip irdp holdtime 1335 ip irdp maxadvertinterval 1336 ip irdp minadvertinterval 1337 ip irdp multicas...

Page 58: ...ate Router RIP Configuration 1342 default metric 1343 distance rip 1344 distribute list out 1344 enable 1345 hostroutesaccept 1346 ip rip 1347 ip rip authentication 1347 ip rip receive version 1348 ip rip send version 1349 redistribute 1350 router rip 1351 show ip rip 1352 show ip rip interface 1353 show ip rip interface brief 1354 split horizon 1354 ...

Page 59: ...el mode ipv6ip 1360 tunnel source 1361 64 Virtual Router Redundancy Protocol Commands 1363 Pingable VRRP Interface 1363 VRRP Route Interface Tracking 1364 Interface Tracking 1365 Route Tracking 1365 Commands in this Chapter 1365 ip vrrp 1366 vrrp accept mode 1366 vrrp authentication 1367 vrrp description 1368 vrrp ip 1369 vrrp mode 1370 vrrp preempt 1371 ...

Page 60: ...ce 1378 show vrrp interface brief 1380 show vrrp interface stats 1381 ip vrrp accept mode 1382 show ip vrrp interface 1382 65 Utility Commands 1385 66 Auto Install Commands 1387 Commands in this Chapter 1388 boot auto copy sw 1388 boot auto copy sw allow downgrade 1389 boot host autoreboot 1390 boot host autosave 1390 boot host dhcp 1391 boot host retrycount 1392 ...

Page 61: ...er 1395 authentication timeout 1397 captive portal 1397 enable 1398 http port 1399 https port 1399 show captive portal 1400 show captive portal status 1401 block 1402 configuration 1402 enable 1403 group 1404 interface 1404 locale 1405 name Captive Portal 1406 protocol 1406 redirect 1407 redirect url 1407 ...

Page 62: ...captive portal interface configuration status 1413 clear captive portal users 1414 no user 1415 show captive portal user 1415 user group 1416 user logout 1417 user name 1418 user password 1419 user session timeout 1419 show captive portal configuration 1420 show captive portal configuration interface 1421 show captive portal configuration locales 1422 show captive portal configuration status 1423 ...

Page 63: ...e 1430 macro global description 1431 macro apply 1431 macro trace 1432 macro description 1433 show parser macro 1433 69 Clock Commands 1435 Real time Clock 1435 Simple Network Time Protocol 1435 Commands in this Chapter 1436 show sntp configuration 1436 show sntp server 1437 show sntp status 1438 sntp authenticate 1439 sntp authentication key 1440 ...

Page 64: ... 1444 clock timezone hours offset 1444 no clock timezone 1445 clock summer time recurring 1446 clock summer time date 1447 no clock summer time 1448 show clock 1448 70 Command Line Configuration Scripting Commands 1451 Commands in this Chapter 1451 script apply 1451 script delete 1452 script list 1453 script show 1453 script validate 1454 ...

Page 65: ...1457 Commands in this Chapter 1457 boot system 1458 clear config 1459 copy 1460 delete 1465 delete backup config 1466 delete backup image 1466 delete startup config 1467 dir 1467 erase 1468 filedescr 1469 rename 1470 show backup config 1470 show bootvar 1471 show running config 1472 show startup config 1473 write 1474 ...

Page 66: ...rol l4port 1480 dos control sipdip 1481 dos control tcpflag 1482 dos control tcpfrag 1482 ip icmp echo reply 1483 ip icmp error interval 1484 ip unreachables 1485 ip redirects 1485 ipv6 icmp error interval 1486 ipv6 unreachables 1487 show dos control 1487 73 Line Commands 1489 exec timeout 1489 history 1490 history size 1491 line 1491 ...

Page 67: ...cess list 1498 permit management 1499 show management access class 1501 show management access list 1502 75 Password Management Commands 1503 Configurable Minimum Password Length 1503 Password History 1503 Password Aging 1503 User Lockout 1503 Password Strength 1504 Commands in this Chapter 1505 passwords aging 1506 passwords history 1506 passwords lock out 1507 ...

Page 68: ...limit consecutive characters 1513 passwords strength max limit repeated characters 1513 passwords strength minimum character classes 1514 passwords strength exclude keyword 1515 enable password encrypted 1516 show passwords configuration 1516 show passwords result 1518 76 PHY Diagnostics Commands 1521 show copper ports tdr 1521 show fiber ports optical transceiver 1522 test copper port tdr 1523 77...

Page 69: ...line priority 1533 power inline reset 1534 power inline usage threshold 1535 clear power inline statistics 1535 show power inline 1536 show power inline firmware version 1537 78 RMON Commands 1539 Commands in this Chapter 1539 rmon alarm 1539 rmon collection history 1541 rmon event 1542 rmon hcalarm 1543 show rmon alarm 1545 show rmon alarms 1547 show rmon collection history 1548 ...

Page 70: ... Commands 1559 Commands in this Chapter 1559 sdm prefer 1559 show sdm prefer 1560 80 Serviceability Tracing Packet Commands 1565 Commands in this Chapter 1565 debug arp 1566 debug authentication interface 1567 debug auto voip 1568 debug clear 1568 debug console 1569 debug dot1ag 1569 debug dot1x 1571 debug igmpsnooping 1571 debug ip acl 1572 ...

Page 71: ...packet 1576 debug ip vrrp 1576 debug ipv6 dhcp 1577 debug ipv6 mcache 1578 debug ipv6 mld 1578 debug ipv6 pimdm 1579 debug ipv6 pimsm 1580 debug isdp 1581 debug lacp 1581 debug mldsnooping 1582 debug ospf 1583 debug ospfv3 1583 debug ping 1584 debug rip 1585 debug sflow 1585 debug spanning tree 1586 debug vrrp 1587 ...

Page 72: ...592 write core 1593 81 Sflow Commands 1597 Commands in this Chapter 1597 sflow destination 1597 sflow polling 1599 sflow polling Interface Mode 1600 sflow sampling 1601 sflow sampling Interface Mode 1602 show sflow agent 1603 show sflow destination 1604 show sflow polling 1605 show sflow sampling 1606 82 SNMP Commands 1609 Commands in this Chapter 1609 ...

Page 73: ...mp server community 1617 snmp server community group 1619 snmp server contact 1620 snmp server enable traps 1621 snmp server engineID local 1623 snmp server filter 1624 snmp server group 1625 snmp server host 1627 snmp server location 1628 snmp server user 1629 snmp server view 1631 snmp server v3 host 1632 83 SSH Commands 1635 Commands in this Chapter 1635 ...

Page 74: ...rt 1639 ip ssh pubkey auth 1640 ip ssh server 1640 key string 1641 no crypto certificate 1642 show crypto key mypubkey 1643 show crypto key pubkey chain ssh 1644 show ip ssh 1645 84 Syslog Commands 1647 CLI Logged to Local File and Syslog Server 1647 Commands in this Chapter 1648 clear logging 1648 clear logging file 1649 description Logging 1650 level 1650 logging cli command 1651 ...

Page 75: ...ing file 1658 logging monitor 1659 logging on 1660 logging protocol 1661 logging snmp 1662 logging web session 1663 port 1664 show logging 1664 show logging file 1665 show syslog servers 1666 terminal monitor 1667 85 System Management Commands 1669 asset tag 1670 banner exec 1670 banner login 1671 banner motd 1672 ...

Page 76: ...1676 connect 1676 cut through mode 1678 exec banner 1678 exit 1679 hardware profile portmode 1680 hostname 1681 initiate failover 1682 load interval 1683 locate 1684 login banner 1685 logout 1685 member 1687 motd banner 1688 nsf 1688 ping 1689 quit 1690 reload 1691 service unsupported transceiver 1693 ...

Page 77: ...face interface id 1699 show interfaces advanced firmware 1701 show interfaces interface id 1701 show interfaces utilization 1703 show memory cpu 1703 show nsf 1704 show power usage history 1705 show process cpu 1706 show sessions 1708 show slot 1709 show supported cardtype 1710 show supported switchtype 1712 show switch 1714 show system 1722 show system fan 1723 ...

Page 78: ...ion 1730 stack 1731 stack port 1732 stack port interface shutdown 1733 standby 1734 switch renumber 1735 telnet 1736 traceroute 1738 traceroute ipv6 1740 update bootcode 1742 86 Telnet Server Commands 1745 Telnet Client Behaviors 1745 Commands in this Chapter 1747 ip telnet server disable 1747 ip telnet port 1747 show ip telnet 1748 ...

Page 79: ... 1755 89 USB Flash Drive Commands 1757 Validation of Files Downloaded Uploaded from USB Device 1757 Validation for Files Uploaded from Switch to USB Flash Drive 1758 Downloading and Uploading of Files 1758 Commands in this Chapter 1758 unmount usb 1758 show usb 1759 dir usb 1760 90 User Interface Commands 1763 configure terminal 1763 do 1764 enable 1766 ...

Page 80: ...ntry 1771 crypto certificate generate 1772 crypto certificate import 1773 crypto certificate request 1774 duration 1775 ip http port 1775 ip http server 1776 ip http secure certificate 1777 ip http secure port 1778 ip http secure server 1779 key generate 1779 location 1780 organization unit 1781 show crypto certificate mycertificate 1781 ...

Page 81: ...Contents 81 show ip http server status 1782 show ip http server secure status 1783 state 1784 A Appendix A List of Commands 1787 ...

Page 82: ...Contents 82 ...

Page 83: ...nd the output displayed as text via a terminal monitor The CLI can be accessed from a console terminal connected to an EIA TIA 232 port or through a Telnet SSH session This guide describes how the CLI is structured describes the command syntax and describes the command functionality This guide also provides information for configuring the Dell Networking switch details the procedures and provides ...

Page 84: ...CFM Configures and displays GVRP configuration and information IGMP Snooping Configures IGMP snooping and displays IGMP configuration and IGMP information IGMP Snooping Querier Configures IGMP Snooping Querier and displays IGMP Snooping Querier information IP Addressing Configures and manages IP addresses on the switch IPv6 ACL Configures and displays ACL information for IPv6 IPv6 MLD Snooping Con...

Page 85: ...ns on the system DHCPv6 Configures IPv6 DHCP functions DHCPv6 Snooping Configures DHCP v6 snooping and whether an interface is trusted or untrusted DVMRP Mcast Configures DVMRP operations IGMP Mcast Configures IGMP operations IGMP Proxy Mcast Manages IGMP Proxy on the system IP Helper DHCP Relay Configures relay of UDP packets IP Routing IPv4 Configures IP routing and addressing IPv6 Multicast Man...

Page 86: ...igures the system clock Command Line Configuration Scripting Manages the switch configuration files Denial of Service Provides several Denial of Service options Line Configures the console SSH and remote Telnet connection Management ACL Configures and displays management access list information Password Management Provides password management PHY Diagnostics Diagnoses and displays the interface st...

Page 87: ...ched via interface vlan xxx command IP IP Access List Configuration IR Interface Range KC Key Chain KE Key SNMP Configures SNMP communities traps and displays SNMP information SSH Configures SSH authentication Syslog Manages and displays syslog messages System Management Configures the switch clock name and authorized users Telnet Server Configures Telnet service on the switch and displays Telnet ...

Page 88: ... Policy Map Configuration PCGC Policy Map Global Configuration PCMC Policy Class Map Configuration R Radius RIP Router RIP Configuration RC Router Configuration ROSPF Router Open Shortest Path First ROSV3 Router Open Shortest Path First Version 3 SG Stack Global Configuration SP SSH Public Key SK SSH Public Key chain TC TACACS Configuration TRC Time Range Configuration UE User EXEC VC VLAN Configu...

Page 89: ... mode GC clear IAS aaa ias users Deletes all IAS users PE enable authentication Specifies the authentication method list when accessing a higher privilege level from a remote telnet or console LC enable password Sets a local password to control access to the normal level GC ip http authentication Specifies authentication methods for http GC ip https authentication Specifies authentication methods ...

Page 90: ...age 87 Command Description Modea a For the meaning of each Mode abbreviation see Mode Types on page 87 admin profile Creates an administrative profile GC description Administrative Profile Configuration Adds a description to an administrative profile APC rule Adds a rule to an administrative profile APC show admin profiles Displays the administrative profiles PE show admin profiles brief Lists the...

Page 91: ... access group Attaches a specific MAC Access Control List ACL to an interface in the in bound direction GC or IC mac access list extended Creates the MAC Access Control List ACL identified by the name parameter GC mac access list extended rename Renames the existing MAC Access Control List ACL name GC service acl input Blocks Link Local Protocol Filtering LLPF protocol s on a given port IC show se...

Page 92: ...rned on the port while the port is in port security mode IC show mac address table Displays dynamically created entries in the bridge forwarding database PE show mac address table address Displays all entries in the bridge forwarding database for the specified MAC address UE or PE show mac address table count Displays the number of addresses present in the Forwarding Database PE show mac address t...

Page 93: ... voip on an interface or all interfaces PE Command Description Modea clear isdp counters Clears the ISDP counters PE clear isdp table Clears entries in the ISDP table PE isdp advertise v2 Enables the sending of ISDP version 2 packets from the device GC isdp enable Enables ISDP on the switch GC or IC isdp holdtime Configures the hold time for ISDP packets that the switch transmits GC isdp timer Set...

Page 94: ...ables user to set the DHCP Option 82 Remote ID for a VLAN GC dhcp l2relay vlan Enables the L2 DHCP Relay agent for a set of VLANs GC dhcp l2relay trust Configures an interface to trust a received DHCP Option 82 IC Command Description Modea a For the meaning of each Mode abbreviation see Mode Types on page 87 release dhcp Forces the DHCPv4 client to release a leased address PE renew dhcp Forces the...

Page 95: ...storage GC ip dhcp snooping limit Controls the maximum rate of DHCP messages IC ip dhcp snooping log invalid Enables logging of DHCP messages filtered by the DHCP Snooping application IC ip dhcp snooping trust Configure a port as trusted for DHCP snooping IC ip dhcp snooping verify mac address Enables the verification of the source MAC address with the client MAC address in the received DHCP messa...

Page 96: ...p inspection validate Enables additional validation checks like source MAC address validation destination MAC address validation or IP address validation on the received ARP packets GC ip arp inspection vlan Enables Dynamic ARP Inspection on a single VLAN or a range of VLANs GC permit ip host mac host Configures a rule for a valid IP address and MAC address combination used in ARP packet validatio...

Page 97: ...e Tests whether or not an e mail is being sent to an SMTP server GC show logging email statistics Displays information on how many e mails are sent how many e mails failed when the last e mail was sent how long it has been since the last e mail was sent how long it has been since the e mail changed to disabled mode PE clear logging email statistics Clears the e mail alerting statistics GC security...

Page 98: ...e ports at the same time GC IC IR monitor capture Global Configuration Captures packets transmitted or received from the CPU GC monitor capture Privileged Exec Capture packets transmitted or received from the CPU PE rate limit cpu Sets the maximum transmission unit on an interface by adjusting the maximum size of received Ethernet frames IC rate limit cpu Reduces the amount of unknown unicast mult...

Page 99: ...a given Ethernet interface when not using auto negotiation IC storm control broadcast Enables Broadcast storm control IC storm control multicast Enables the switch to count Multicast packets together with Broadcast packets IC storm control unicast Enables Unicast storm control IC switchport protected Sets the port to Protected mode IC switchport protected name Configures a name for a protected gro...

Page 100: ...the specified level and direction IC ethernet cfm mep active Activates a MEP at the specified level and direction IC ethernet cfm mep archive hold time Maintains internal information on a missing MEP IC ethernet cfm mip level Creates a Maintenance Intermediate Point MIP at the specified level IC ping ethernet cfm Generates a loopback message LBM from the configured MEP PE traceroute ethernet cfm G...

Page 101: ...bal EEE LPI history collection interval and buffer size This value is applied globally on all interfaces on the stack GC show green mode interface id Displays the green mode configuration and operational status of the port This command is also used to display the per port configuration and operational status of the green mode The status is shown only for the modes supported on the corresponding ha...

Page 102: ...E show gvrp statistics Displays GVRP statistics UE a For the meaning of each Mode abbreviation see Mode Types on page 87 Command Description Modea ip igmp snooping In Global Configuration mode Enables Internet Group Management Protocol IGMP snooping GC show ip igmp snooping groups Displays Multicast groups learned by IGMP snooping UE show ip igmp snooping mrouter Displays information on dynamicall...

Page 103: ...Types on page 87 Command Description Modea a For the meaning of each Mode abbreviation see Mode Types on page 87 ip igmp snooping querier Enables disables IGMP Snooping Querier on the system Global Configuration mode or on a VLAN GC VC ip igmp snooping querier election participate Enables the Snooping Querier to participate in the Querier Election process when it discovers the presence of another ...

Page 104: ...es a default gateway router GC ip domain lookup Enables IP DNS based host name to address translation GC ip domain name Defines a default domain name to complete unqualified host names GC ip host Configures static host name to address mapping in the host cache GC ip name server Configures available name servers GC ipv6 address Interface Configuration Sets the IPv6 address of the management interfa...

Page 105: ...ation see Mode Types on page 87 Command Description Modea a For the meaning of each Mode abbreviation see Mode Types on page 87 deny permit IPv6 ACL Creates a new rule for the current IPv6 access list v6ACL ipv6 access list Creates an IPv6 Access Control List ACL consisting of classification fields defined for the IP header of an IPv6 frame GC ipv6 access list rename Changes the name of an IPv6 AC...

Page 106: ...ps Displays the MLD Snooping entries in the MFDB table PE a For the meaning of each Mode abbreviation see Mode Types on page 87 Command Description Modea a For the meaning of each Mode abbreviation see Mode Types on page 87 ipv6 mld snooping querier Enables MLD Snooping Querier on the system or on a VLAN GC or VC ipv6 mld snooping querier address Sets the global MLD Snooping Querier address on the...

Page 107: ...ce PE show ip source binding Displays all bindings static and dynamic PE Command Description Modea a For the meaning of each Mode abbreviation see Mode Types on page 87 iscsi aging time Sets aging time for iSCSI sessions GC iscsi cos Sets the quality of service profile that will be applied to iSCSI flows GC iscsi enable Enables Global Configuration mode command globally enables iSCSI awareness GC ...

Page 108: ...n an interface IC lldp med confignotification Enables sending the topology change notification IC lldp med faststartrepeatcount Sets the value of the fast start repeat count GC lldp med transmit tlv Specifies which optional TLVs in the LLDP MED set are transmitted in the LLDPDUs IC lldp notification Enables remote data change notifications IC lldp notification interval Limits how frequently remote...

Page 109: ... PE show lldp med local device detail Displays the advertised LLDP local data in detail PE show lldp med remote device Displays the current LLDP MED remote data PE show lldp remote device Displays the current LLDP remote data PE show lldp statistics Displays the current LLDP traffic statistics PE a For the meaning of each Mode abbreviation see Mode Types on page 87 Command Description Modea clear ...

Page 110: ...ncy features Displays MLAG related configuration information in a format suitable for comparison with the other MLAG peer PE show vpc peer keepalive Displays the peer MLAG switch s IP address used by the dual control plane detection protocol PE show vpc role Displays information about the keepalive status keepalive parameters role of the MLAG switch and the system MAC and priority PE show vpc stat...

Page 111: ... specific MVR group IC show mvr Displays global MVR settings PE show mvr members Displays the MVR membership groups allocated PE show mvr interface Displays the MVR enabled interface configuration PE show mvr traffic Displays global MVR statistics PE Command Description Modea channel group Associates a port with a port channel IC interface port channel Enables debug traces for the specified protoc...

Page 112: ...stics PE a For the meaning of each Mode abbreviation see Mode Types on page 87 Command Description Modea a For the meaning of each Mode abbreviation see Mode Types on page 87 monitor session Configures a port monitoring session GC remote span Configures a VLAN as an RSPAN VLAN VC show monitor session Displays the port monitoring status PE show vlan remote span Displays the RSPAN VLAN IDs UE or PE ...

Page 113: ...bandwidth Specifies the minimum transmission bandwidth for each interface queue GC or IC cos queue random detect Configures WRED packet drop policy on an interface CoS queue GC or IC cos queue strict Activates the strict priority scheduler mode for each specified queue GC or IC diffserv Sets the DiffServ operational mode to active GC drop Use the drop policy class map configuration command to spec...

Page 114: ...tination layer 4 port of a packet using a single keyword or a numeric notation CMC match ethertype Adds to the specified class definition a match condition based on the value of the ethertype CMC match ip6flowlbl Adds to the specified class definition a match condition based on the IPv6 flow label of a packet v6CMC match ip dscp Adds to the specified class definition a match condition based on the...

Page 115: ...f the layer 2 VLAN Identifier field CMC mirror Mirrors all the data that matches the class defined to the destination port specified PCMC police simple Implements simple color aware marking for the specified class PCMC police single rate Implements a single rate Three Color Marker trTCM per RFC 2698 PCMC police two rate Implements a two rate Three Color Marker trTCM per RFC 2698 PCMC policy map Es...

Page 116: ...erv Displays the DiffServ General Status information PE show diffserv service interface Displays policy service information for the specified interface and direction PE show diffserv service interface port channel Displays policy service information for the specified interface and direction PE show diffserv service brief Displays all interfaces in the system to which a DiffServ policy has been att...

Page 117: ...uthentication requests of the designated radius server R deadtime Improves Radius response times when a server is unavailable by causing the unavailable server to be skipped R debug aaa accounting Enables debugging for accounting PE key Sets the authentication and encryption key for all RADIUS communications between the switch and the RADIUS daemon R key Configures an encrypted key that is shared ...

Page 118: ...number of times the software searches the list of RADIUS server hosts GC radius server source ip Specifies the source IP address used for communication with RADIUS servers GC radius server timeout Sets the interval for which a switch waits for a server host to reply GC retransmit Specifies the number of times the software searches the list of RADIUS server hosts before stopping the search R show a...

Page 119: ...onfiguration PE show spanning tree summary Displays spanning tree settings and parameters for the switch PE show spanning tree vlan Displays spanning tree information per VLAN and also lists the port roles and states as well as the port cost PE spanning tree Enables spanning tree functionality GC spanning tree auto portfast Sets the port to auto portfast mode IC spanning tree backbonefast Enables ...

Page 120: ...ree mst configuration Enables configuring an MST region by entering the multiple spanning tree MST mode GC spanning tree mst cost Configures the path cost for multiple spanning tree MST calculations IC spanning tree mst port priority Configures port priority IC spanning tree mst priority Configures the switch priority for the specified spanning tree instance GC spanning tree portfast Enables PortF...

Page 121: ...panning tree hello time for a specified VLAN or a range of VLANs GC spanning tree vlan max age Configures the spanning tree maximum age time for a set of VLANs GC spanning tree vlan root Configures the switch to become the root bridge or standby root bridge GC spanning tree vlan priority Configures the bridge priority of a VLAN GC a For the meaning of each Mode abbreviation see Mode Types on page ...

Page 122: ...Command Description Modea dvlan tunnel ethertype Configures the EtherType for the interface GC interface vlan Enters the VLAN interface configuration mode GC interface range vlan Enters the interface configuration mode to configure multiple VLANs GC mode dvlan tunnel Enables Double VLAN tunneling on the specified interface IC name VLAN Configuration Configures a name to a VLAN IC private vlan Defi...

Page 123: ...associated with a specific configured MAC address PE show vlan association subnet Displays the VLAN associated with a specific configured IP subnet PE show vlan private vlan switchport access vlan Configures the VLAN ID when the interface is in access mode IC switchportgeneralforbidden vlan Forbids adding specific VLANs to a port IC switchport general acceptable frame type tagged only Discards unt...

Page 124: ... GC vlan protocol group Adds protocol based VLAN groups to the system GC vlan protocol group add protocol Adds a protocol to the protocol based VLAN identified by groupid GC vlan protocol group name Adds a group name to the protocol based VLAN identified by groupid GC vlan protocol group remove Removes the protocol base VLAN group identified by groupid GC a For the meaning of each Mode abbreviatio...

Page 125: ...n the port when MAC based 802 1X authentication is enabled on the port IC dot1x port control Enables manual control of the authorization state of the port IC dot1x re authenticate Manually initiates a reauthentication of all 802 1x enabled ports or a specified 802 1X enabled port PE dot1x reauthentication Enables periodic reauthentication of the client IC dot1x system auth control monitor Enables ...

Page 126: ...ntication statistics PE clear authentication authentication history Clears the authentication history logs PE show authentication Displays the configured authentication methods configured and if Tiered Authentication is enabled PE show authenticaton authentication history Displays the authentication history on one or more interfaces PE show authentication statistics Displays the Authentication Man...

Page 127: ...witch or specified interface PE a For the meaning of each Mode abbreviation see Mode Types on page 87 Command Description Modea arp Creates an Address Resolution Protocol ARP entry GC arp cachesize Configures the maximum number of entries in the ARP cache GC arp dynamicrenew Enables the ARP component to automatically renew dynamic ARP entries when they age out GC arp purge Causes the specified IP ...

Page 128: ...s the user into DHCP Pool Configuration mode GC bootfile Sets the name of the image for the DHCP client to load DP clear ip dhcp binding Removes automatic DHCP server bindings PE clear ip dhcp conflict Removes DHCP server address conflicts PE client identifier Identifies a a Microsoft DHCP client to be manually assigned an address DP client name Specifies the host name of a DHCP client DP default ...

Page 129: ...rosoft DHCP client DP netbios node type Sets the NetBIOS node type for a Microsoft DHCP client DP network Defines a pool of IPv4 addresses for distributing to clients DP next server Sets the IPv4 address of the TFTP server to be used during auto install DP option Supplies arbitrary configuration information to a DHCP client DP service dhcp Enables local IPv4 DHCP server on the switch GC sntp Sets ...

Page 130: ...6 server v6DP ipv6 dhcp pool Enters IPv6 DHCP Pool Configuration mode GC ipv6 dhcp relay Configures an interface for DHCPv6 Relay functionality IC ipv6 dhcp server Configures DHCPv6 server functionality on an interface IC prefix delegation Defines Multiple IPv6 prefixes within a pool for distributing to specific DHCPv6 Prefix delegation clients v6DP service dhcpv6 Enables DHCPv6 configuration on t...

Page 131: ...ng database GC ipv6 dhcp snooping limit Configures an interface to disable itself if the rate of received DHCP messages exceeds the configured limit IC ipv6 dhcp snooping log invalid Configures the port to log invalid received DHCP messages IC ipv6 dhcp snooping trust Configures the port as trusted IC ipv6 dhcp snooping verify mac address Enables the additional verification of the source MAC addre...

Page 132: ...a a For the meaning of each Mode abbreviation see Mode Types on page 87 ip dvmrp Sets the administrative mode of DVMRP in the router to active GC IC ip dvmrp metric Configures the metric for an interface IC show ip dvmrp Displays the system wide information for DVMRP PE show ip dvmrp interface Displays the interface information for DVMRP on the specified interface PE show ip dvmrp neighbor Display...

Page 133: ...e Group messages IC ip igmp query interval Configures the query interval for the specified interface The query interval determines how fast IGMP Host Query packets are transmitted on this interface IC ip igmp query max response time Configures the maximum response time interval for the specified interface IC ip igmp robustness Configures the robustness that allows tuning of the interface IC ip igm...

Page 134: ...he router IC ip igmp proxy service reset status Resets the host interface status parameters of the IGMP Proxy router IC ip igmp proxy service unsolicit rprt interval Sets the unsolicited report interval for the IGMP Proxy router IC show ip igmp proxy service Displays a summary of the host interface status parameters PE show ip igmp proxy service interface Displays a detailed list of the host inter...

Page 135: ...y information option insert Enables the circuit ID option and remote agent ID mode for BootP DHCP Relay on the circuit ID option and remote agent ID mode for BootP DHCP Relay on the interface also called option 82 GC ip helper address global configuration Configures the relay of certain UDP broadcast packets received on any interface GC ip helper address interface configuration Configures the rela...

Page 136: ...ing Globally enables IPv4 routing on the router GC match length Configures packet length matching criteria for a route map RM match mac list Configures MAC ACL match criteria for a route map RM route map Creates a policy based route map GC match ip address Specify IP address match criteria for a route map RM set interface null0 Routes packets to interface null 0 RM set ip default next hop Sets a l...

Page 137: ...fic Displays IP statistical information UE or PE show ip vlan Displays the VLAN routing information for all VLANs with routing enabled PE show route map Displays the route maps PE show routing heap summary Displays a summary of the memory allocation from the routing heap PE a For the meaning of each Mode abbreviation see Mode Types on page 87 Command Description Modea clear ipv6 neighbors Clears a...

Page 138: ...he group specific queries sent out of this interface IC VC ipv6 mld host proxy Enables MLD Proxy on the router IC ipv6 mld host proxy reset status Resets the host interface status parameters of the MLD Proxy router IC ipv6 mld host proxy unsolicit rprt interval Sets the unsolicited report interval for the MLD Proxy router IC ipv6 mld query interval Sets the MLD router s query interval for the inte...

Page 139: ...tisement transmission on an interface IC ipv6 route Configures an IPv6 static route GC ipv6 route distance Sets the default distance preference for static routes GC ipv6 unicast routing Enables forwarding of IPv6 unicast datagrams GC ping ipv6 Determines whether another computer is on the network PE ping ipv6 interface Determines whether another computer is on the network using Interface keyword P...

Page 140: ...v6 mld traffic Displays MLD statistical information for the router PE show ipv6 neighbors Displays information about IPv6 neighbors PE show ipv6 route Displays the IPv6 routing table PE show ipv6 route preferences Shows the preference value associated with the type of route PE show ipv6 route summary Displays a summary of the routing table PE show ipv6 traffic Shows traffic and statistics for IPv6...

Page 141: ...ast routing on a VLAN interface IC ip pim bsr border Administratively disables bootstrap router BSR messages from being sent or received through an interface IC ip pim bsr candidate Configures the router to advertise itself as a bootstrap router BSR GC ip pim dense mode Administratively configures PIM dense mode for IP multicast routing GC ip pim dr priority Administratively configures the adverti...

Page 142: ...icast table PE show ip mroute group Displays the multicast configuration settings of entries in the multicast mroute table PE show ip mroute source Displays the multicast configuration settings of entries in the multicast mroute table PE show ip mroute static Displays all the static routes configured in the static mcast table PE show ip pim bsr router Displays the bootstrap router BSR information ...

Page 143: ...riority Sets the priority value for which a router is elected as the designated router DR IC ipv6 pim hello interval Administratively configures the PIM SM Hello Interval for the specified interface IC ipv6 pim join prune interval Administratively configures the interface join prune interval for the PIM SM router IC ipv6 pim register threshold Configures the Register Threshold rate for the RP rout...

Page 144: ...aning of each Mode abbreviation see Mode Types on page 87 Command Description Modea area default cost Router OSPF Configures the advertised default cost for the stub area ROSPF area nssa Router OSPF Configures the specified area ID to function as an NSSA ROSPF area nssa default info originate Router OSPF Config Configures the metric value and type for the default route advertised into the NSSA ROS...

Page 145: ...terface on the virtual interface identified by the area ID and neighbor ID ROSPF area virtual link retransmit interval Configures the retransmit interval for the OSPF virtual interface on the virtual interface identified by the area ID and neighbor ID ROSPF area virtual link transmit delay Configures the transmit delay for the OSPF virtual interface on the virtual interface identified by the area ...

Page 146: ...p ospf dead intervall Sets the OSPF dead interval for the specified interface IC ip ospf hello interval Sets the OSPF hello interval for the specified interface IC ip ospf mtu ignore Disables OSPF maximum transmission unit MTU mismatch detection IC ip ospf network Configure OSPF to treat an interface as a point to point rather than broadcast interface IC ip ospf priority Sets the OSPF priority for...

Page 147: ... specified source protocol routers ROSPF router id Sets a 4 digit dotted decimal number uniquely identifying the router OSPF ID ROSPF router ospf Enters Router OSPF mode GC show ip ospf Displays information relevant to the OSPF router PE show ip ospf abr Displays the internal OSPF routing table entries to Area Border Routers ABR PE show ip ospf area Displays information about the identified OSPF a...

Page 148: ...or a specific area and neighbor PE show ip ospf virtual links brief Displays the OSPF Virtual Interface information for all areas in the system PE timers pacing flood Adjusts the rate at which OSPFv2 sends LS Update packets OG timers pacing lsa group Tunes how OSPF groups LSAs for periodic refresh OG timers spf Configures the SPF delay and hold time ROSPF a For the meaning of each Mode abbreviatio...

Page 149: ...ighbor ROSV3 area virtual link dead interval Configures the dead interval for the OSPF virtual interface on the virtual interface identified by areaid and neighbor ROSV3 area virtual link hello interval Configures the hello interval for the OSPF virtual interface on the virtual interface identified by areaid and neighbor ROSV3 area virtual link retransmit interval Configures the retransmit interva...

Page 150: ... mtu ignore Disables OSPF maximum transmission unit MTU mismatch detection IC ipv6 ospf network Changes the default OSPF network type for the interface IC ipv6 ospf priority Sets the OSPF priority for the specified router interface IC ipv6 ospf retransmit interval Sets the OSPF retransmit interval for the specified interface IC ipv6 ospf transmit delay Sets the OSPF Transmit Delay for the specifie...

Page 151: ... ospf asbr Displays the internal OSPFv3 routes to reach Autonomous System Boundary Routes ASBR PE show ipv6 ospf border routers Displays internal OSPFv3 routers to reach Area Border Routers ABR and Autonomous System Boundary Routers ASBR UE or PE show ipv6 ospf database Displays information about the link state database when OSPFv3 is enabled PE show ipv6 ospf database database summary Displays th...

Page 152: ...breviation see Mode Types on page 87 ip irdp Enables Router Discovery on an interface IC ip irdp holdtime Configures the value in seconds of the holdtime field of the router advertisement sent from this interface IC ip irdp maxadvertinterval Configures the maximum time in seconds allowed between sending router advertisements from the interface IC ip irdp minadvertinterval Configures the minimum ti...

Page 153: ...p rip Enables RIP on a router interface IC ip rip authentication Sets the RIP Version 2 Authentication Type and Key for the specified interface IC ip rip receive version Configures the interface to allow RIP control packets of the specified version s to be received IC ip rip send version Configures the interface to allow RIP control packets of the specified version to be sent IC redistribute Confi...

Page 154: ...ort address of the tunnel IC tunnel mode ipv6ip Specifies the mode of the tunnel IC tunnel source Specifies the source transport address of the tunnel either explicitly or by reference to an interface IC Command Description Modea ip vrrp Enables the administrative mode of Virtual Router Redundancy Protocol VRRP for the router GC vrrp accept mode Enables the VRRP Master to accept ping packets sent ...

Page 155: ...r based on the availability of its interfaces IC vrrp track ip route Tracks route reachability IC show vrrp Displays the global VRRP configuration and status as well as the brief or detailed status of one or all VRRP groups UE or PE show vrrp interface Displays all configuration information and VRRP router statistics of a virtual router configured on a specific interface UE or PE show vrrp interfa...

Page 156: ... auto image is successfully downloaded GC boot host autosave Enables disables automatically saving the downloaded configuration on the switch GC boot host dhcp Enables disables Auto Config on the switch GC boot host retrycount Set the number of attempts to download a configuration GC show auto copy sw Displays Stack Firmware Synchronization configuration status PE show boot Displays the current st...

Page 157: ...ciates an interface with a captive portal configuration CPI name Captive Portal Configures the name for a captive portal configuration CPI protocol Configures the protocol mode for a captive portal configuration CPI redirect Enables the redirect mode for a captive portal configuration CPI redirect url Configures the redirect URL for a captive portal configuration CPI session timeout Configures the...

Page 158: ... with a captive portal user user logout Enables captive portal users to log out of the portal CPI user name Modifies the user name for a local captive portal user CP user password Creates a local user or changes the password for an existing user CP user session timeout Sets the session timeout value for a captive portal user CP show captive portal configuration Displays the operational status of e...

Page 159: ...global macro description GC macro apply Use to apply a macro IC macro trace Applies and traces a macro IC macro description Appends a line to the macro description IC show parser macro Displays information about defined macros PE Command Description Modea show sntp configuration Displays the SNTP configuration PE show sntp server Displays the preconfigured SNTP servers PE show sntp status Displays...

Page 160: ...he summertime offset to UTC GC show clock Displays the time and date from the system clock PE a For the meaning of each Mode abbreviation see Mode Types on page 87 Command Description Modea a For the meaning of each Mode abbreviation see Mode Types on page 87 Configuration and Image Files script apply Applies commands in the script to the switch PE script delete Deletes a specific script PE script...

Page 161: ... file that the switch loads at startup UE show running config Displays the contents of the currently running configuration file PE show startup config Displays the startup configuration file contents PE write Copies the running configuration image to the startup configuration PE a For the meaning of each Mode abbreviation see Mode Types on page 87 Command Description Modea dos control firstfrag En...

Page 162: ...ables Enables the generation of ICMPv6 Destination Unreachable messages IC show dos control Displays Denial of Service configuration information PE a For the meaning of each Mode abbreviation see Mode Types on page 87 Command Description Modea a For the meaning of each Mode abbreviation see Mode Types on page 87 exec timeout Configures the interval that the system waits for user input LC history E...

Page 163: ...ments aging on the passwords such that users are required to change passwords when they expire GC passwords history Enables the administrator to set the number of previous passwords that are stored to ensure that users do not reuse their passwords too frequently GC passwords lock out Enables the administrator to strengthen the security of the switch by enabling the user lockout feature When a lock...

Page 164: ...er classes Enforces the minimum number of character classes uppercase letters lowercase letters numeric characters and special characters that a password must contain GC passwords strength exclude keyword Enforces a maximum number of consecutive characters that a password can contain GC enable password encrypted Used by an Administrator to transfer the enable password between devices without havin...

Page 165: ...s the port high power mode IC power inline limit Configures the type of power limit IC power inline management Sets the power management type GC power inline powered device Adds a comment or description of the powered device type IC Ethernet power inline priority Configures the port priority level for the delivery of power to an attached device IC Ethernet power inline reset Use to reset the port ...

Page 166: ...and PE show rmon collection history Displays the requested group of statistics UE show rmon events Displays the RMON event table UE show rmon hcalarm Displays the high capacity alarms PE show rmon history Displays RMON Ethernet Statistics history UE show rmon log Displays the RMON logging table UE show rmon statistics Displays RMON Ethernet Statistics UE Command Description Modea a For the meaning...

Page 167: ...received by the switch PE debug ip acl Enables debug of IP Protocol packets matching the ACL criteria PE debug ip dvmrp Traces DVMRP packet reception and transmission PE debug ip igmp Traces IGMP packet reception and transmission PE debug ip mcache Traces MDATA packet reception and transmission PE debug ip pimdm packet Traces PIMDM packet reception and transmission PE debug ip pimsm packet Traces ...

Page 168: ...bles tracing of RIP requests and responses PE debug sflow Enables sFlow debug packet trace PE debug spanning tree Traces spanning tree BPDU packet reception and transmission PE debug vrrp Enables VRRP debug protocol messages PE exception core file Configures the core dump file name GC exception dump Configures the core dump location GC exception protocol Enables full core dumps GC exception switch...

Page 169: ...r instance for this data source if rcvr_idx is valid IC show sflow agent Displays the sflow agent information PE show sflow destination Displays all the configuration information related to the sFlow receivers PE show sflow polling Displays the sFlow polling instances created on the switch PE show sflow sampling Displays the sFlow sampling instances created on the switch PE Command Description Mod...

Page 170: ...s GC snmp server host Specifies the recipient of SNMP notifications GC snmp server location Sets the system location string GC snmp server user Configures a new SNMP Version 3 user GC snmp server view Creates or updates a Simple Network Management Protocol SNMP server view entry GC snmp server v3 host Specifies the recipient of Simple Network Management Protocol Version 3 SNMPv3 notifications GC a...

Page 171: ...h PE show crypto key pubkey chain ssh Displays SSH public keys stored on the switch PE show ip ssh Displays the SSH server configuration PE a For the meaning of each Mode abbreviation see Mode Types on page 87 Command Description Modea clear logging Clears messages from the internal logging buffer PE clear logging file Clears messages from the logging file PE description Logging Describes the sysl...

Page 172: ...te of logging and the syslog messages stored in the internal buffer PE show logging file Displays the state of logging and the syslog messages stored in the logging file PE show syslog servers Displays the syslog servers settings PE terminal monitor Enables the display of logging messages on the terminal PE a For the meaning of each Mode abbreviation see Mode Types on page 87 Command Description M...

Page 173: ...ailover of management unit GC load interval Loads the interface utilization measurement interval IC locate Locates a switch by LED blinking PE login banner Enables login banner on the console telnet or SSH connection LC logout Disconnects the serial connection to a remote unit on a stack member UE member Configures the switch SG motd banner Enables motd on the console telnet or SSH connection LC n...

Page 174: ...lable RAM space on the switch PE show nsf Shows non stop forwarding status PE show power usage history Shows the history of unit power consumption for the unit specified in the command and total stack power consumption PE show process cpu Checks the CPU utilization for each process currently running on the switch PE show sessions Displays a list of the open telnet sessions to remote hosts PE show ...

Page 175: ...E stack Sets the mode to Stack Global Configuration mode GC stack port Sets the mode to Stack Global Configuration mode to configure Stack ports as either Stacking ports or as Ethernet ports GC stack port interface shutdown Enables or disable the stack port administratively SC standby Configures the standby in the stack SG switch renumber Changes the identifier for a switch in the stack GC telnet ...

Page 176: ... page 87 time range Creates a time range identified by name consisting of one absolute time entry and or one or more periodic time entries GC absolute Adds an absolute time entry to a time range TRC periodic Adds a periodic time entry to a time range TRC show time range Displays a time range and all the absolute periodic time entries that are defined for the time range PE Command Description Modea...

Page 177: ... for the device CC country Specifies the country CC crypto certificate generate Generates a HTTPS certificate GC crypto certificate import Imports a certificate signed by the Certification Authority for HTTPS GC crypto certificate request Generates and displays a certificate request for HTTPS PE duration Specifies the duration in days CC ip http port Specifies the TCP port for use by a web browser...

Page 178: ...rypto certificate mycertificate Displays the SSL certificates of your switch PE show ip http server status Displays the HTTP server status information PE show ip http server secure status Displays the HTTP secure server status information UE or PE state Specifies the state or province name CC a For the meaning of each Mode abbreviation see Mode Types on page 87 Command Description Modea ...

Page 179: ...rs that may be entered in a single command is limited to 1536 characters Keywords identify a command and arguments specify configuration parameters For example in the command show interfaces status gigabitethernet 1 0 5 show interfaces and status are keywords gigabitethernet is an argument that specifies the interface type and 1 0 5 specifies the unit slot port When working with the CLI the comman...

Page 180: ...entions are applicable to CLI command entry and editing History Buffer Negating Commands Show Command Command Completion Short Form Commands Keyboard Shortcuts Operating on Multiple Objects Range Command Scripting CLI Command Notation Conventions Interface Naming Conventions History Buffer Every time a command is entered in the CLI it is recorded in an internally managed Command History buffer Com...

Page 181: ...ommand The show command executes in the User Executive EXEC Privileged Executive EXEC Configuration mode interface Configuration mode and all configuration submodes such as interface Configuration mode with command completion Output from show commands is paginated Use the terminal length command to set the number of lines displayed in a page When the paging prompt appears press the space bar to di...

Page 182: ...yed to assist in entering the correct command By pressing the tab key an incomplete command is changed into a complete command If the characters already entered are not enough for the system to identify a single matching command the key displays the available commands matching the characters already entered Short Form Commands The CLI supports the short forms of all commands As long as it is possi...

Page 183: ...F Go forward one character Ctrl B Go backward one character Ctrl D Delete current character Ctrl U X Delete to beginning of line Ctrl K Delete to the end of the line Ctrl W Delete previous word Ctrl T Transpose previous character Ctrl P Go to previous line history buffer Ctrl R Rewrites or pastes the line Ctrl N Go to next line in history buffer Ctrl Y Print last deleted character Ctrl Q Pauses sc...

Page 184: ...0 1 1 0 3 5 1 0 7 indicates that the operation applies to the gigabit Ethernet ports 1 3 4 5 and 7 on unit 1 NOTE Each port must be a fully qualified port identifier in the format unit slot port See Interface Naming Conventions on page 186 To specify a range of LAGs use the following command interface range port channel 1 48 No spaces are allowed anywhere in a range parameter e g gi1 0 1 2 is not ...

Page 185: ...facilitate this function any characters entered after the character are treated as a comment and ignored by the CLI Also the CLI allows the user to disable session timeouts CLI Command Notation Conventions When entering commands there are certain command entry notations which apply to all commands Table 2 3 describes these conventions as they are used in syntax definitions ...

Page 186: ...the logical position of the switch in a stack The range is 1 12 The unit value is 1 for standalone switches Slot The slot number is an integer number assigned to a particular slot Front panel ports have a slot number of 0 Rear panel ports are numbered from 1 and can be identified by the lexan on the rear panel Use the show slot command to retrieve information for a particular slot Convention Descr...

Page 187: ...amples below Stacking Interfaces Stacking interfaces are represented in the CLI with the same unit slot port form as Ethernet interfaces The fixed stacking interfaces on the N2000 N3000 switches always use the TwentyGigabitStacking or Tw notation and on the N4000 switches are referred to using Ethernet notation Loopback Interfaces Loopback interfaces are represented in the CLI by the variable loop...

Page 188: ...ch can assume values from 0 7 VLAN Interfaces VLAN interfaces are represented in the CLI by the variable vlan id which can can assume values from 1 4093 Examples Example 1 shows the various forms of interface notation that can be entered in the CLI Examples 2 and 3 show various forms of CLI output using shorthand interface notation Example 1 gigabitethernet 1 0 1 gigabitethernet1 0 1 there is no s...

Page 189: ...gable 1 0 Full Enable Enable Dell Networking N3024F No 1 1 Empty Disable Disable Yes 2 0 Empty Enable Enable Dell Networking N3024F No 2 1 Empty Enable Enable Yes 3 0 Empty Enable Enable Dell Networking N3048 No 3 1 Empty Enable Enable Yes console config if Gi1 0 23 show slot 1 0 Slot 1 0 Slot Status Full Admin State Enable Power State Enable Inserted Card Model Identifier Dell Networking N3024F C...

Page 190: ...e routing protocols necessary to enable the distribution of routes Utility describes commands used to manage the switch Commands that cause specific actions to be taken immediately by the system and do not directly affect the system configurations are defined at the top of the command tree For example commands for rebooting the system or for downloading or backing up the system configuration files...

Page 191: ...er EXEC command mode unless the user is defined as a privileged user In general the User EXEC commands allow the user to perform basic tests and list system information The user level prompt consists of the switch host name followed by the angle bracket console The default host name is Console unless it has been changed using the hostname command in the Global Configuration mode Privileged EXEC Mo...

Page 192: ...ied when the port is placed into access mode Likewise OSPF routing can be configured in the switch without being enabled on any port Interface and Other Specific Configuration Modes Interface configuration modes are used to modify specific interface operations The following are the Interface Configuration and other specific configuration modes MST The Global Configuration mode command spanning tre...

Page 193: ...riteria Use the class map class map name commands to access the QoS Class Map Configuration mode to configure QoS class maps Stack Use the stack command to access the Stack Configuration Mode Ethernet Contains commands to manage Ethernet port configuration The Global Configuration mode command interface enters the Interface Configuration mode to configure an Ethernet interface Port Channel Contain...

Page 194: ...nfigures the parameters for the RADIUS server SNMP Host Configuration Configures the parameters for the SNMP server host Crypto Certificate Request Configures the parameters for crypto certificate request Crypto Certificate Generation Configures the parameters for crypto certificate generate Logging Configures the parameters for syslog log server Identifying the Switch and Command Mode from the Sy...

Page 195: ... Modes Table 2 5 describes how to navigate through the CLI Command Mode hierarchy Table 2 5 Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode User EXEC The user is automatically in User EXEC mode unless the user is defined as a privileged user console logout Privileged EXEC Use the enable command to enter into this mode This mode is password protec...

Page 196: ...xit command or press Ctrl Z to Privileged EXEC mode Policy Class Map From Global Configuration mode use the policy map class command console config policy map To exit to Global Configuration mode use the exit command or press Ctrl Z to Privileged EXEC mode Class Map From Global Configuration mode use the class map command console config classmap To exit to Global Configuration mode use the exit co...

Page 197: ...the exit command or press Ctrl Z to Privileged EXEC mode SSH Public Key String From the SSH Public Key Chain mode use the user key user name rsa dsa command console config pubkey key To return to the SSH Public key chain mode use the exit command or press Ctrl Z to Privileged EXEC mode TACACS From Global Configuration mode use the tacacs server host command console tacacs To exit to Global Configu...

Page 198: ...ress Ctrl Z to Privileged EXEC mode SNMP v3 Host Configuration From Global Configuration mode use the snmp server v3 host command console config snmp To exit to Global Configuration mode use the exit command or press Ctrl Z to Privileged EXEC mode SNMP Community Configuration From Global Configuration mode use the snmp server community command console config snmp To exit to Global Configuration mo...

Page 199: ...config crypto cert To exit to PrivilegedEXEC mode use the exit command or press Ctrl Z Stack From Global Configuration mode use the stack command console config stack To exit to Global Configuration mode use the exit command or press Ctrl Z to Privileged EXEC mode Logging From Global Configuration mode use the logging command console config logging To exit to Global Configuration mode use the exit...

Page 200: ...mand or press Ctrl Z to Privileged EXEC mode Router OSPF Conf From Global Configuration mode use the router ospf command console config router To exit to Global Configuration mode use the exit command or press Ctrl Z to Privileged EXEC mode Router RIP Config From Global Configuration mode use the router rip command console config router To exit to Global Configuration mode use the exit command or ...

Page 201: ... Modes Gigabit Ethernet From Global Configuration mode use the interface gigabitethernet command Or use the abbreviation interface gi console config if Giunit slot port To exit to Global Configuration mode use the exit command or press Ctrl Z to Privileged EXEC mode 10 Gigabit Ethernet From Global Configuration mode use the interface tengigabitethernet command Or use the abbreviation interface te ...

Page 202: ...er To exit to Global Configuration mode use the exit command or Ctrl Z to Privileged EXEC mode VLAN From Global Configuration mode use the interface vlan command console config if vlanvlan id To exit to Global Configuration mode use the exit command or press Ctrl Z to Privileged EXEC mode Tunnel From Global Configuration mode use the interface tunnel command Or use the abbreviation interface tu co...

Page 203: ...d over a direct connection to the switch console port or through a Telnet connection If access is through a Telnet connection the switch must have a defined IP address corresponding management access granted and a connection to the network Using CLI Functions and Tools The CLI has been designed to manage the switch s configuration file system and to manage switch security A number of resident tool...

Page 204: ... on these files Copying Files The copy command not only provides a method for copying files within the file system but also to and from remote servers With the copy command and URLs to identify files the user can back up images to local or remote systems or restore images from local or remote systems To use the copy command the user specifies the source file and the destination file For example co...

Page 205: ... into one of these special files and the source file has an attached file description it also is copied as the file description for the special file backup config This file refers to the backup configuration file running config This file refers to the configuration file currently active in the system It is possible to copy the running config image to a backup config file or to the startup config f...

Page 206: ...ccounts The following rules and specifications apply to these interfaces The CLI is accessible from remote telnet through the IP address for the switch IP addresses are assigned separately for the out of band interface and the in band ports The CLI is accessible from a secure shell interface The CLI generates keys for SSH locally The serial session defaults to 9600 baud rate eight data bits non pa...

Page 207: ... Access Control In addition to authenticating a user the CLI also assigns the user access to one of two security levels Level 1 has read only access This level allow the user to read information but not configure the switch The access to this level cannot be modified Level 15 is the special access level assigned to the superuser of the switch This level has full access to all functions within the ...

Page 208: ...tication servers are down the CLI allows the user to log in to the serial interface authenticated by locally managed account data Syslogs The CLI supports sending logging messages to a remote syslog server The user configures the switch to generate logging messages to a remote log server If no remote log server exists then the CLI maintains a rolling log of at most the last 1000 system events The ...

Page 209: ...defines a management profile which identifies management protocols such as the following Telnet SSH and the keying information to use for SSH HTTP HTTPS and the security certificate to be used SNMPv1 v2c and the read and read write community strings to be used SNMPv3 and the security information for used this protocol For each of these management profiles the user defines the list of hosts or subn...

Page 210: ...t automatically Operational Code Startup Main Menu 1 Start Operational Code 2 Display Boot Menu Select 1 2 active dev mtd7 Extracting Operational Code from stk file done Loading Operational Code done Decompressing Operational Code done Scanning devshell symbols file 47544 symbols loading Done PCI unit 0 Dev 0xb842 Rev 0x02 Chip BCM56842_A0 Driver BCM56840_B0 SOC unit 0 attached to PCI device BCM56...

Page 211: ...Select Baud Rate 3 Retrieve Logs 4 Load New Operational Code 5 Display Operational Code Details 9 Reboot 10 Restore Configuration to Factory Defaults 11 Activate Backup Image 12 Start Password Recovery Enter Choice 4 Creating tmpfs filesystem on mnt download for download done Current Active Image dev mtd7 Which Image to Update Active dev mtd7 OR Back Up dev mtd6 Select A B B You selected to update...

Page 212: ...rom stk file done Loading Operational Code done Decompressing Operational Code done Product Details Operational Code Image File Name N4000v8 22 13 9 Rel 8 Ver 22 Maint Lev 13 Bld No 9 Timestamp Thu Aug 22 13 09 33 EDT 2013 Number of components 1 Device 776 ImageFlags 1 L7_MODULE_LIST linux kernel bde ko linux user bde ko Enter Choice 10 Are sure you want to Erase Current Configuration Y N y Erasin...

Page 213: ...PCI device BCM56842_A1 hpc No stack ports Starting in stand alone mode 186 Jul 12 02 40 46 0 0 0 0 1 General 63446620 bootos c 179 11 Event 0xaaaaaaaa started Unit 1 Waiting to select management unit usbMount took 1 milliseconds Applying Global configuration please wait usbMount took 0 milliseconds Welcome to Dell Easy Setup Wizard The setup wizard guides you through the initial switch configurati...

Page 214: ...y entering the command logging console Traps generated by the system are dumped to all CLI sessions that have requested monitoring mode to be enabled The no logging console command disables trap monitoring for the session By default console logging is enabled Viewing System Messages System messages autonomously display information regarding occurrences that may affect switch operations By default ...

Page 215: ...L Commands Ethernet Configuration Commands IPv6 MLD Snooping Querier Commands QoS Commands Address Table Commands Ethernet CFM Commands IP Source Guard Commands RADIUS Commands Auto VoIP Commands Green Ethernet Commands iSCSI Optimization Commands Spanning Tree Commands CDP Interoperability Commands GVRP Commands Link Dependency Commands TACACS Commands DHCP Layer 2 Relay Commands IGMP Snooping Co...

Page 216: ...216 Layer 2 Switching Commands ...

Page 217: ...for authentication RADIUS The user s ID and password are authenticated using the RADIUS server TACACS The user s ID and password are authenticated using the TACACS server None No authentication is used Enable Uses the enable password for authentication Line Uses the line password for authentication Authentication Preference Lists APLs An Authentication Preference List is an ordered list of authent...

Page 218: ...er login and logout times are noted and conveyed to an external AAA server User executed commands Commands executed by the user and the time of execution are accounted and conveyed to an external AAA server User activity can be accounted for at the end and or at the beginning of the activity For this purpose the following record types are defined Start stop Accounting notifications are sent when t...

Page 219: ...serial console Telnet This mode is used when user logs in through Telnet SSH This mode is used when user logs in through SSH By default no accounting is enabled for any line Configuration modes The following default Accounting Methods List are available The default lists are not applied to any line configuration modes by default Commands in this Chapter This chapter explains the following commands...

Page 220: ... Uses no authentication Default Configuration No default authentication method is defined Command Mode Global Configuration mode User Guidelines Only one authentication method may be specified in the command For the RADIUS authentication method if the RADIUS server cannot be contacted the supplicant fails authentication The none method always allows access the ias method utilizes the internal auth...

Page 221: ...higher privilege levels To return to the default configuration use the no form of this command Syntax aaa authentication enable default list name method1 method2 no aaa authentication enable default list name default Uses the listed authentication methods that follow this argument as the default list of methods when using higher privilege levels list name Character string used to name the list of ...

Page 222: ... authenticate the user Only the RADIUS or TACACS methods can return an error To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line Note that enable will not succeed for a level one user if no authentication method is defined A level one user must authenticate to get to privileged EXEC mode For example if none is specifie...

Page 223: ...authentication methods activated when a user logs in Range 1 15 characters method1 method2 Specify at least one from the following table Default Configuration The default login lists are defaultList and networkList defaultList is used by the console and only contains the method none networkList is used by telnet and SSH and only contains the method local Command Mode Global Configuration mode Keyw...

Page 224: ...thentication method after radius no authentication is used if the RADIUS server is down If specified none must be the last method in the list NOTE Auth Type Local doesn t work for recent versions of FreeRadius FreeRadius ignores the configuration if Local is used Administrators should remove Auth Type Local and use the PAP or CHAP modules instead Example The following example configures the defaul...

Page 225: ...ontained in the list name method The following authorization methods are supported local Perform local authorization do not perform authorization all commands are authorized none Do not perform authorization All commands are authorized radius Request authorization from the configured RADIUS servers tacacs Request authorization from the configured TACACS servers Default Configuration Authorization ...

Page 226: ...st pass command authorization Applying a script is treated as a single command apply script which also must pass authorization Startup config commands applied on device boot up are not subject to the authorization process Example Perform TACACS authorization on user commands A TACACS server must be configured console config aaa authorization commands default tacacs Perform exec authorization via R...

Page 227: ...ode User Guidelines The RADIUS server can place a port in a particular VLAN based on the result of the authentication VLAN assignment must be configured on the external RADIUS server Example The following example enables RADIUS assigned VLANs console config aaa authorization network default radius aaa ias user username Use the aaa ias user username command in Global Configuration mode to configure...

Page 228: ...ser username client 1 console Config IAS User exit console config no aaa ias user username client 1 aaa new model The aaa new model command in Global Configuration mode is a no op command It is present only for compatibility purposes Dell Networking switches only support the new model command set Syntax aaa new model Default Configuration This command has no default configuration Command Mode Glob...

Page 229: ...guration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example console clear aaa ias users authorization Use the authorization command to apply a command authorization method to a line config Use the no form of the command to return the authorization for the line mode to the default Syntax authorization com...

Page 230: ...tch sends information about the entered command to the method specified in the command list The authorization method validates the received command and responds with either a PASS or FAIL response If approved the command is executed Otherwise the command is denied and an error message is shown to the user If contact with the authorization method fails then the next method in the list is attempted ...

Page 231: ... no form of the command does not disable authentication Instead it sets the authentication list to the default list same as enable authentication default Example The following example specifies the default authentication method when accessing a higher privilege level console console config line console console config line enable authentication default enable password Use the enable password comman...

Page 232: ... enableNetList method which requires an enable password If users are unable to enter privileged mode when accessing the switch via telnet or SSH the administrator will need to either change the enable authentication method e g to enableList or set an enable password If the encrypted parameter is specified the password parameter is stored as entered in the running config No attempt is made to decod...

Page 233: ...s the final method in the command line For example if none is specified as an authentication method after radius no authentication is used if the RADIUS server is down Example The following example configures the http authentication console config ip http authentication radius local ip https authentication Use the ip https authentication command in Global Configuration mode to specify authenticati...

Page 234: ...or specify none as the final method in the command line If none is specified as an authentication method after radius no authentication is used if the RADIUS server is down When TACACS is used as the authentication method for HTTP HTTPS the Cisco ACS must be configured to allow the shell service In addition for admin privileges the privilege level attribute must be set to 15 Example The following ...

Page 235: ...ame no login authentication default Uses the default list created with the aaa authentication login command list name Uses the indicated list created with the aaa authentication login command Default Configuration Uses the default set with the command aaa authentication login Command Mode Line Configuration mode User Guidelines This command has no user guidelines Example The following example spec...

Page 236: ...ssword for this level Range 8 64 characters encrypted Encrypted password to be entered copied from another switch configuration Default Configuration This command has no default configuration Command Mode aaa IAS User Configuration User Guidelines This command has no user guidelines Example console configure console config aaa ias user username client 1 console Config IAS User password client123 c...

Page 237: ... password password Password for this level Range 8 64 characters The special characters allowed in the password include _ User names can contain blanks if the name is surrounded by double quotes encrypted Encrypted password to be entered copied from another switch configuration Default Configuration No password is specified Command Mode Line Configuration mode User Guidelines This command has no u...

Page 238: ... by double quotes NOTE For commands that configure password properties see Password Management Commands Syntax password Default Configuration There is no default configuration for this command Command Mode User EXEC mode User Guidelines This command has no user guidelines Example The following example shows the prompt sequence for executing the password command console password Enter old password ...

Page 239: ...as no user guidelines Example console show aaa ias users UserName Client 1 Client 2 show aaa statistics Use the show aaa statistics command in Privileged EXEC mode to display accounting statistics Syntax show aaa statistics Default Configuration This command has no default setting Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has n...

Page 240: ...mber of Accounting Notifications sent at end of a command execution 0 Errors when sending Accounting Notifications at end of a command execution 0 show authentication methods Use the show authentication methods command in Privileged EXEC mode to display information about the authentication methods Syntax show authentication methods Default Configuration This command has no default configuration Co...

Page 241: ...rization methods command in Privileged EXEC mode to display the configured authorization method lists Syntax show authorization methods Default Configuration This command has no default setting Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines Command authorization is supported only for the line telnet and SSH access methods Example console show au...

Page 242: ...with respect to user account lockout and password aging Syntax show users accounts Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines The following fields are displayed by this command Parameter Description User Name Local user account s user name Privilege User s access level read only...

Page 243: ...elong show users login history Use the show users login history command in Global Configuration mode to display information about the login history of users Syntax show users login history long name name of user Range 1 20 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines Th...

Page 244: ...rname name nopassword password password privilege level admin profile profile encrypted no username name name The name of the user Range 1 32 printable characters The special characters allowed in the password include _ User names can contain blanks if the name is surrounded by double quotes password The authentication password for the user Range 8 64 characters This value can be 0 zero if the no ...

Page 245: ...xyz includes an exclamation point in both the username and password Up to 8 users may be created If the password strength feature is enabled it checks for password strength and returns an appropriate error if it fails to meet the password strength criteria If the encrypted keyword is entered no password strength checking is performed as the password is encrypted and the system does not have the ca...

Page 246: ...ntax username username unlock Reason behind the failure 1 Exceeds Minimum Length of a Password Password should be in the range of 8 64 characters in length Set minimum password length to 0 by using the passwords min length 0 command 2 Password should contain Minimum number uppercase letters number lowercase letters number numeric numbers number specialcharactersand number characterclassesand Maxim...

Page 247: ...AAA Commands 247 Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines This command has no user guidelines ...

Page 248: ...248 AAA Commands ...

Page 249: ... Profiles feature allows the network administrator to define a list of rules which control the commands which may be executed by a user These rules are collected in a profile A rule defines a set of commands to which a user is permitted or denied access Alternatively a rule may define a CLI command mode to which the user is permitted or denied access The rule numbers determine the order in which t...

Page 250: ...The network administrator may configure a custom attribute to be provided by the server during authentication The RADIUS and TACACS applications process this custom attribute and provide this data to the User Manager for configuring the user profile The custom attribute is defined as cisco av pair shell roles roleA roleB NOTE If an is used instead of an the attribute is considered optional and dev...

Page 251: ...n profile profile name profile name The name of the profile to create or delete Range 1 to 16 alphanumeric characters may also include a hyphen Default Configuration The administrative profiles are defined by default Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example console config admin profile qos console admin profile description Administrative Pr...

Page 252: ... profile allows access to QoS commands rule Use the rule command to add a rule to an administrative profile Use the no form of this command to delete a rule Syntax rule number deny permit command command string mode mode name no rule number number The sequence number of the rule Rules are applied from the highest sequence number to the lowest Range 1 to 256 command string Specifies which commands ...

Page 253: ...onsole admin profile show admin profiles Use the show admin profiles command in Privileged EXEC mode to show the administrative profiles If the optional profile name parameter is used only that profile will be shown Syntax show admin profiles name profile name profile name The name of the administrative profile to display Default Configuration This command has no default configuration Command Mode...

Page 254: ...to QoS commands Rule Perm Type Entity 1 permit command access list 2 permit command access group 3 permit mode class map show admin profiles brief Use the show admin profiles brief command in Privileged EXEC mode to list the names of the administrative profiles defined on the switch Syntax show admin profiles brief Default Configuration This command has no default configuration Command Mode Privil...

Page 255: ...modes command in Privileged EXEC mode to list the names of all the CLI modes Syntax show cli modes Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines These are the generic mode names to be used in the rule command above These are not the same as the prompt which is displayed in a particular mode Example console show cli modes user exec...

Page 256: ...256 Administrative Profiles Commands ...

Page 257: ... between the internal network and an external network such as the Internet They can also be used on a router positioned between two parts of the network to control the traffic entering or exiting a specific part of the internal network The Dell Networking ACL feature allows classification of packets based upon Layer 2 through Layer 4 header information An Ethernet IPv6 packet is distinguished from...

Page 258: ...false matches Administrators are cautioned to specify ACL access list permit and deny rule criteria as fully as is possible in order to avoid false matches This is especially true in networks with protocols such as FCoE that have newly introduced Ether type values As an example rules that specify a TCP or UDP port value should also specify the TCP or UDP protocol and the IPv4 or IPv6 Ether type Ru...

Page 259: ...d frame IEEE 802 1Q 0x86DD Internet Protocol version 6 IPv6 0x8808 MAC Control 0x8809 Slow Protocols IEEE 802 3 0x8870 Jumbo frames 0x888E EAP over LAN EAPOL 802 1x 0x88CC Link Layer Discovery Protocol 0x8906 Fibre Channel over Ethernet 0x8914 FCoE Initialization Protocol 0x9100 Q in Q Table 6 2 Common IP Protocol Numbers IP Protocol Numbers Protocol 0x00 IPv6 Hop by hop option 0x01 ICMP 0x02 IGMP...

Page 260: ...st name up to 31 characters in length Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Access lists now use the extended access list format Multiple permit and deny clauses and actions may be specified without requiring the access list name to be entered each time Permit and deny clauses are entered in order from the first match...

Page 261: ...cmp code icmp message icmp message igmp type igmp type fragments precedence precedence tos tos tosmask dscp dscp time range time range name log assign queue queue id mirror redirect unit slot port rate limit rate burst size deny permit Specifies whether the IP ACL rule permits or denies the matching traffic ipv4 protocol number every Specifies the protocol to match for the IP ACL rule IPv4 protoco...

Page 262: ...ied port number or portkey It is equivalent to specifying the range as 0 to specified port number 1 When gt is specified IP ACL rule matches if the layer 4 destination port number is greater than the specified port number or portkey It is equivalent to specifying the range as specified port number 1 to 65535 When neq is specified IP ACL rule matches only if the layer 4 destination port number is n...

Page 263: ...ge icmp message Specifies a match condition for ICMP packets When icmp type is specified IP ACL rule matches on the specified ICMP message type a number from 0 to 255 When icmp code is specified IP ACL rule matches on the specified ICMP message code a number from 0 to 255 Specifying icmp message implies both icmp type and icmp code are specified ICMP message is decoded into corresponding ICMP type...

Page 264: ...en the time range with specified name becomes active The ACL rule is removed when the time range with specified name becomes inactive assign queue queue id Specifies the assign queue which is the queue identifier to which packets matching this rule are assigned mirror redirect unit slot port Specifies the mirror or redirect interface which is the unit slot port to which packets matching this rule ...

Page 265: ...s are not supported for ACLs configured in egress out access groups This means that only the eq operator is supported in an egress out ACL The protocol type must be tcp or udp to specify a port range The fragment keyword is not supported for ACLs configured in egress out IPv4 access groups Ethertype Protocol 0x0800 Internet Protocol version 4 IPv4 0x0806 Address Resolution Protocol ARP 0x0842 Wake...

Page 266: ...rted as the rules within an ACL cannot be deleted individually Rather the entire ACL must be deleted and respecified Example console config ip acl deny ip any any precedence 3 deny permit Mac Access List Configuration Use the deny command in Mac Access List Configuration mode to deny traffic if the conditions defined in the deny statement are matched Use the permit command in Mac Access List Confi...

Page 267: ...nation MAC address in format xxxx xxxx xxxx bpdu Bridge protocol data unit ethertypekey Either a keyword or valid four digit hexadecimal number Range Supported values are appletalk arp ibmsna ipv4 ipv6 ipx mplsmcast mplsucast Netbios novell pppoe rarp 0x0600 0xFFFF Specify custom ethertype value hexadecimal range 0x0600 0xFFFF vlan eq VLAN number Range 0 4095 cos Class of service Range 0 7 log Spe...

Page 268: ...rom MAC address 0806 c200 0000 console config mac access list extended DELL123 console config mac access list deny 0806 c200 0000 ffff ffff ffff any ip access group Use the ip access group command in Global and Interface Configuration modes to apply an IP based ACL on an Ethernet interface or a group of interfaces An IP based ACL should have been created by the access list name command with the sa...

Page 269: ...r the interface The optional control plane keyword allows application of an ACL on the CPU port Control plane matches actions occur in the egress direction System level rules are applied on ingress after application of any user defined ingress rules therefore it is not possible to rate limit packets matching the system defined rules with an ACL having a control plane target Use the rate limit cpu ...

Page 270: ...s interface and direction Range 1 4294967295 Default Configuration No ACLs are configured by default Command Mode Global Configuration mode or Interface Configuration Ethernet VLAN or Port Channel mode User Guidelines An optional sequence number may be specified to indicate the order of this access list relative to the other access lists already assigned to this interface and direction A lower num...

Page 271: ...ffic 11 11 config mac access list extended unkn multicast 11 11 config mac access list permit 01 00 5e 00 00 00 ff ff ff 00 00 00 any rate limit 8 4 11 11 config mac access list permit any any 11 11 config mac access list exit 11 11 config mac access group unkn multicast control plane mac access list extended Use the mac access list extended command in Global Configuration mode to create the MAC A...

Page 272: ...c access list extended rename command in Global Configuration mode to rename the existing MAC Access Control List ACL Syntax mac access list extended rename name newname name Existing name of the access list Range 1 31 characters newname New name of the access list Range 1 31 characters Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guid...

Page 273: ...rom being forwarded blockudld To block UDLD PDU s from being forwarded blockpagp To block PAgP PDU s from being forwarded blocksstp To block SSTP PDU s from being forwarded blockall To block all the PDU s with MAC of 01 00 00 0c cc cx x don t care from being forwarded Default Configuration This command has no default configuration Command Mode Interface Configuration Ethernet Port channel User Gui...

Page 274: ... Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console show service acl interface gi1 0 1 Block CDP Enable Block VTP Enable Block DTP Enable Block UDLD Enable Block PAGP Enable Block SSTP Enable Block All Enable show access lists interface Use the show access lists interface command in Privileged EXEC...

Page 275: ...or this command Examples console show access lists interface control plane ACL Type ACL ID Sequence Number IPv6 ip61 1 show ip access lists Use the show ip access lists command in Privileged EXEC mode to display an IP ACL and time range parameters Syntax show ip access lists accesslistnumber accesslistnumber The number used to identify the IP ACL Default Configuration This command has no default c...

Page 276: ...e show mac access lists command in Privileged EXEC mode to display a MAC access list and all the rules that are defined for the MAC ACL Use the name parameter to identify a specific MAC ACL to display Syntax show mac access lists name name Use this parameter to identify the specific MAC ACL to display Default Configuration This command has no default configuration Command Mode Privileged EXEC mode...

Page 277: ...ame unkn multicast Inbound Interface s control plane Rule Number 1 Action permit Source MAC Address 0100 5E00 0000 Source MAC Mask FFFF FF00 0000 Committed Rate 8 Committed Burst Size 4 Rule Number 2 Action permit Match All TRUE ...

Page 278: ...278 ACL Commands ...

Page 279: ...dress is not in the table the packet is flooded to all other ports in the VLAN If the address is in the table then it is checked to see if it has been defined as a filter If the MAC address is not defined as a filter then the packet is forwarded If the specific destination MAC address is defined as a filter then the ingress port number is compared to the set of source ports listed for the address ...

Page 280: ...ort or port channel vlan id Delete all dynamic MAC addresses for the specified VLAN The range is 1 to 4093 Default Configuration This command has no default configuration clear mac address table show mac address table multicast show mac address table interface mac address table aging time show mac address table show mac address table static mac address table multicast forbidden address show mac ad...

Page 281: ...de to set the aging time of the address To restore the default use the no form of the mac address table aging time command Syntax mac address table aging time 0 10 1000000 no mac address table aging time 0 Disable aging time for the MAC Address Table 10 1000000 Set the number of seconds aging time for the MAC Address Table Default Configuration 300 seconds Command Mode Global Configuration mode Us...

Page 282: ...l tengigabitethernet fortygigabitethernet interface list no mac address table multicast forbidden address vlan vlan id mac multicast address ip multicast address add Adds ports to the group If no option is specified this is the default option remove Removes ports from the group vlan vlan id A valid vlan id Range 1 4093 mac multicast address MAC Multicast address in the format xxxx xxxx xxxx ip mul...

Page 283: ...interface id no mac address table static mac addr vlan vlan id gigabitethernet port channel tengigabitethernet interface id mac address A valid MAC address in the format xxxx xxxx xxxx or xx xx xx xx xx xx vlan id Valid VLAN ID 1 4093 interface id The interface to which the received packet is forwarded Default Configuration No static addresses are defined The default mode for an added address is p...

Page 284: ...rt security discard Discards frames with unlearned source addresses This is the default if no option is indicated Default Configuration Disabled No port security Command Mode Interface Configuration gigabitethernet port channel tengigabitethernet fortygigabitethernet mode Interface Range mode Port Channel Range mode User Guidelines When port security is enabled on an interface all dynamic entries ...

Page 285: ...maximum number of addresses that can be learning on the port Range 0 600 Default Configuration The default value for this command is 100 Command Mode Interface Configuration gigabitethernet port channel tengigabitethernet fortygigabitethernet mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example shows using this com...

Page 286: ...pecified the default is mac Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines A MAC address can be displayed in IP format only if it is in the range 01 00 5e 00 00 00 through 01 00 5e 7f ff ff Example In this example Multicast MAC address table information is displayed console show mac address table multicast Vlan MAC Address Type Ports 1 0100 5E05...

Page 287: ... has no user guidelines Example In this example all classes of entries in the mac address table are displayed console show mac address table Aging time is 300 Sec Vlan Mac Address Type Port 0 001E C9AA AE19 Management CPU Interface 0 5 1 001E C9AA AC19 Dynamic Gi1 0 21 1 001E C9AA AE1B Management Vl1 10 001E C9AA AE1B Management Vl10 90 001E C9AA AE1B Management Vl90 Total MAC Addresses in use 5 s...

Page 288: ...t configuration Command Mode User EXEC Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example In this example the mac address table entry for 0000 E26D 2C2A is displayed console show mac address table address 0000 E26D 2C2A Vlan Mac Address Type Port 1 0000 E26D 2C2A Dynamic 1 0 1 show mac address table count Use the show ...

Page 289: ...atabase console show mac address table count Capacity 8192 Used 109 Static addresses 2 Secure addresses 1 Dynamic addresses 97 Internal addresses 9 show mac address table dynamic Use the show mac address table command in User EXEC or Privileged EXEC mode to display all dynamic entries in the bridge forwarding database Syntax show mac address table dynamic address mac address interface interface id...

Page 290: ...Port 1 0000 0001 0000 Dynamic gi1 0 1 1 0000 8420 5010 Dynamic gi1 0 1 1 0000 E26D 2C2A Dynamic gi1 0 1 1 0000 E89A 596E Dynamic gi1 0 1 1 0001 02F1 0B33 Dynamic gi1 0 1 show mac address table interface Use the show mac address table command in User EXEC or Privileged EXEC mode to display all entries in the mac address table Syntax show mac address table interface interface id vlan vlan id interfa...

Page 291: ...420 5010 Dynamic gi1 0 1 1 0000 E26D 2C2A Dynamic gi1 0 1 1 0000 E89A 596E Dynamic gi1 0 1 1 0001 02F1 0B33 Dynamic gi1 0 1 show mac address table static Use the show mac address table static command in User EXEC or Privileged EXEC mode to display static entries in the bridge forwarding database Syntax show mac address table static address mac address interface interface id vlan vlan id mac addres...

Page 292: ...rt 1 0001 0001 0001 Static gi1 0 1 show mac address table vlan Use the show mac address table vlan command in User EXEC or Privileged EXEC mode to display all entries in the bridge forwarding database for the specified VLAN Syntax show mac address table vlan vlan id vlan id Specify a valid VLAN the range is 1 to 4093 Default Configuration This command has no default configuration Command Mode User...

Page 293: ...s criterion 5 show ports security Use the show ports security command in Privileged EXEC mode to display the port lock status Syntax show ports security gigabitethernet unit slot port port channel port channel number tengigabitethernet unit slot port fortygigabitethernet unit slot port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration m...

Page 294: ...lot port port channel port channel number tengigabitethernet unit slot port fortygigabitethernet unit slot port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes Field Description Port The port number Status The status can be one of the following Locked or Unlocked Actions Action on violations Maximum...

Page 295: ...elines This command has no user guidelines Examples The following example displays dynamic addresses for port channel number 1 0 1 console show ports security addresses Te1 0 1 Dynamic addresses 83 Maximum addresses 100 Learned addresses ...

Page 296: ...296 Address Table Commands ...

Page 297: ...inary traffic The Auto VoIP module provides the capability to assign the highest priority for the following VoIP packets Session Initiation Protocol SIP H 323 Skinny Client Control Protocol SCCP Auto VoIP borrows ACL lists from the global system pool ACL lists allocated by Auto VoIP reduce the total number of ACLs available for use by the network operator Enabling Auto VoIP uses one ACL list to mo...

Page 298: ...Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command Examples The following example shows command output when a port is not specified console show switchport voice Interface Auto VoIP Mode Traffic Class Gi1 0 1 Disabled 6 Gi1 0 2 Disabled 6 Gi1 0 3 Disabled 6 Gi1 0 4 Disabled 6 Gi1 0 5 Disabled 6 Gi1 0 6 D...

Page 299: ...11 Disabled 6 Po12 Disabled 6 Po13 Disabled 6 Po14 Disabled 6 Po15 Disabled 6 More or q uit The following example shows command output when a port is specified console show switchport voice gigabitethernet 1 0 1 Interface Auto VoIP Mode Traffic Class Gi1 0 1 Disabled 6 The command output provides the following information AutoVoIP Mode The Auto VoIP mode on the interface Traffic Class The Cos Queu...

Page 300: ...e VoIP Profile Syntax switchport voice detect auto no switchport voice detect auto Default Configuration This feature is disabled by default Command Mode Global Configuration mode Configuration mode and all Configuration submodes Interface gigabitethernet port channel tengigabitethernet fortygigabitethernet Configuration mode User Guidelines This command has no user guidelines Example console conf...

Page 301: ... discover and be discovered by devices that support the Cisco Discovery Protocol CDP ISDP is based on CDP which is a precursor to LLDP Commands in this Chapter This chapter explains the following commands clear isdp counters The clear isdp counters command clears the ISDP counters Syntax clear isdp counters Default Configuration There is no default configuration for this command Command Mode Privi...

Page 302: ...isdp table Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example console clear isdp table isdp advertise v2 The isdp advertise v2 command enables the sending of ISDP version 2 packets from the device Use the no form of this command to send version 1 packets Syntax isdp adverti...

Page 303: ...h User the no form of this command to disable ISDP Use this command in global configuration mode to enable the ISDP function on the switch Use this command in interface mode to enable sending ISDP packets on a specific interface Syntax isdp enable no isdp enable Default Configuration ISDP is enabled Command Mode Global Configuration mode Interface Ethernet configuration mode User Guidelines There ...

Page 304: ... no form of this command to reset the holdtime to the default Syntax isdp holdtime time no isdp holdtime time The time in seconds range 10 255 seconds Default Configuration The default holdtime is 180 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets isdp holdtime to 40 seconds console config isdp holdtim...

Page 305: ...e no user guidelines for this command Example The following example sets the isdp timer value to 40 seconds console config isdp timer 40 show isdp The show isdp command displays global ISDP settings Syntax show isdp Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines There are n...

Page 306: ...try about that device is displayed Syntax show isdp entry all deviceid all Show ISDP settings for all devices deviceid The device ID associated with a neighbor Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command Example console show ...

Page 307: ...p interface The show isdp interface command displays ISDP settings for the specified interface Syntax show isdp interface all gigabitethernet unit slot port tengigabitethernet unit slot port fortygigabitethernet unit slot port Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines ...

Page 308: ...et 1 0 1 Interface Mode 1 0 1 Enabled show isdp neighbors The show isdp neighbors command displays the list of neighboring devices Syntax show isdp neighbors gigabitethernet unit slot port tengigabitethernet unit slot port fortygigabitethernet unit slot port detail Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Configuration mode and all ...

Page 309: ...ce 1 0 1 Port ID GigabitEthernet1 1 Holdtime 162 Advertisement Version 2 Entry last changed time 0 days 00 55 20 Version Cisco IOS Software Catalyst 4000 L3 Switch Software cat4000 I9K91S M Version 12 2 25 EWA9 RELEASE SOFTWARE fc3 Technical Support http www cisco com techsupport Copyright c 1986 2007 by Cisco Systems Inc Compiled Wed 21 Mar 07 12 20 by tinhuang show isdp traffic The show isdp tra...

Page 310: ...p traffic ISDP Packets Received 4253 ISDP Packets Transmitted 127 ISDPv1 Packets Received 0 ISDPv1 Packets Transmitted 0 ISDPv2 Packets Received 4253 ISDPv2 Packets Transmitted 4351 ISDP Bad Header 0 ISDP Checksum Error 0 ISDP Transmission Failure 0 ISDP Invalid Format 0 ISDP Table Full 392 ISDP Ip Address Table Full 737 ...

Page 311: ... on another subnet Unlike a router which switches IP packets transparently a DHCP Relay agent processes DHCP messages and generates new DHCP messages as a result The Dell Networking DHCP Relay supports DHCP Relay Option 82 circuit id and remote id for a VLAN Commands in this Chapter This chapter explains the following commands dhcp l2relay Global Configuration show dhcp l2relay stats interface dhc...

Page 312: ... l2relay no dhcp l2relay Default Configuration DHCP L2 Relay is disabled by default Command Mode Global Configuration User Guidelines There are no user guidelines for this command Example console config dhcp l2relay dhcp l2relay Interface Configuration Use the dhcp l2relay command to enable DHCP L2 Relay for an interface Use the no form of this command to disable DHCP L2 Relay for an interface Syn...

Page 313: ...N When enabled the interface number is added as the Circuit ID in DHCP option 82 Use the no form of this command to disable setting the DHCP Option 82 Circuit ID Syntax dhcp l2relay circuit id vlan vlan range no dhcp l2relay circuit id vlan vlan range vlan range The list of VLAN IDs Default Configuration Setting the DHCP Option 82 Circuit ID is disabled by default Command Mode Global Configuration...

Page 314: ...ay remote id remoteId vlan vlan range remoteId The string to be used as the remote ID in the Option 82 Range 1 128 characters vlan range The list of VLAN IDs Default Configuration Setting the DHCP Option 82 Remote ID is disabled by default Command Mode Global Configuration User Guidelines There are no user guidelines for this command Example console config dhcp l2relay remote id dslforum vlan 10 2...

Page 315: ...L2 DHCP Relay agent for a set of VLANs All DHCP packets which arrive on interfaces in the configured VLAN are subject to L2 Relay processing Use the no form of this command to disable L2 DHCP Relay for a set of VLANs Syntax dhcp l2relay vlan vlan range no dhcp l2relay vlan vlan range vlan range The list of VLAN IDs Default Configuration DHCP L2 Relay is disabled on all VLANs by default Command Mod...

Page 316: ...nes There are no user guidelines for this command Example console show dhcp l2relay all DHCP L2 Relay is Enabled Interface L2RelayMode TrustMode Gi1 0 2 Enabled untrusted Gi1 0 4 Disabled trusted VLAN Id L2 Relay CircuitId RemoteId 3 Disabled Enabled NULL 5 Enabled Enabled NULL 6 Enabled Enabled broadcom 7 Enabled Disabled NULL 8 Enabled Disabled NULL 9 Enabled Disabled NULL 10 Enabled Disabled NU...

Page 317: ...r guidelines for this command Example console show dhcp l2relay interface all DHCP L2 Relay is Enabled Interface L2RelayMode TrustMode 0 2 Enabled untrusted 0 4 Disabled trusted show dhcp l2relay stats interface Use the show dhcp l2relay stats interface command in Privileged EXEC mode to display DHCP L2 Relay statistics specific to interfaces Syntax show dhcp l2relay stats interface all interface ...

Page 318: ...utOpt82 Gi1 0 1 0 0 0 0 Gi1 0 2 0 0 3 7 Gi1 0 3 0 0 0 0 show dhcp l2relay subscription interface Use the show dhcp l2relay subscription interface command in Privileged EXEC mode to display DHCP L2 Relay Option 82 configuration specific to interfaces Syntax show dhcp l2relay subscription interface all interface id all Show all interfaces interface id A physical interface Default Configuration This ...

Page 319: ...guration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command Example console show dhcp l2relay agent option vlan 5 10 DHCP L2 Relay is Enabled VLAN Id L2 Relay CircuitId RemoteId 5 Enabled Enabled NULL 6 Enabled Enabled broadcom 7 Enabled Disabled NULL 8 Enabled D...

Page 320: ... Example console show dhcp l2relay vlan 100 DHCP L2 Relay is Enabled DHCP L2 Relay is enabled on the following VLANs 100 show dhcp l2relay circuit id vlan Use the show dhcp l2relay circuit id vlan command in Privileged EXEC mode to display whether DHCP L2 Relay is globally enabled and whether the DHCP Circuit ID option is enabled on the specified VLAN or VLAN range Syntax show dhcp l2relay circuit...

Page 321: ...splay whether DHCP L2 Relay is globally enabled and shows the remote ID configured on the specified VLAN or VLAN range Syntax show dhcp l2relay remote id vlan vlan range vlan range Show information for the specified VLAN range A range may be a single VLAN ID or two VLAN IDs separated by a single dash with no embedded spaces Default Configuration This command has no default configuration Command Mo...

Page 322: ...th the counters to clear or use the all keyword to clear the counters on all ports Syntax clear dhcp l2relay statistics interface all interface id all Show all interfaces interface id A physical interface Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example console clear dhcp l2relay ...

Page 323: ...gured addresses The operator may enable DHCPv6 and configure IPv6 addresses on the same interface Only a single in band interface can be configured as a DHCPv6 client DHCP is disabled by default on all in band interfaces The DHCP client retains an IP address even if the IP interface goes down The client does not attempt to renew its IP address until the lease expires regardless of changes in link ...

Page 324: ... IP address can be reassigned to another client The interface method does not change and will still be DHCP even after issuing this command To lease an IP address again issue either the renew dhcp interface id command below or ip address dhcp Interface Configuration command on page 481 in interface mode If the IPv4 address on the interface was not assigned by DHCP then the command fails and displa...

Page 325: ...eged EXEC User Guidelines If the interface has a leased IPv4 address when this command is issued the DHCP client sends a DHCP REQUEST message telling the DHCP server that it wants to continue using the IP address If DHCP is enabled on the interface but the interface does not currently have an IPv4 address for example if the address was previously released then the DHCP client sends a DISCOVER to a...

Page 326: ...nsmit receive Default Configuration This command has no default configuration Command Mode Privileged EXEC User Guidelines DHCP client already has packet tracing This command turns the packet tracing on Example The first example is for transmit and receive flows console debug dhcp packet The second example is for transmit flow console debug dhcp packet transmit The third example is for receive flo...

Page 327: ...command show ip interface out of band This command output provides the following information Term Description IP address Subnet mask The IP address and network mask leased from the DHCP server DHCP Lease server The IPv4 address of the DHCP server that leased the address State State of the DHCPv4 Client on this interface DHCP transaction id The transaction ID of the DHCPv4 Client Lease The time in ...

Page 328: ...id 0x7AD Lease 86400 secs Renewal 43200 secs Rebind 75600 secs Retry count 0 IP address 10 1 1 2 on interface VLAN20 Subnet mask 255 255 255 0 DHCP Lease server 10 1 1 1 state 5 Bound DHCP transaction id 0x11EB Lease 86400 secs Renewal 43200 secs Rebind 75600 secs Retry count 0 console show dhcp lease interface vlan 10 IP address 10 1 20 1 on interface VLAN10 Subnet mask 255 255 255 0 DHCP Lease s...

Page 329: ...messages on trusted members within the VLAN If DHCP Relay and or DHCP Server coexist with DHCP Snooping the DHCP client message is sent to the DHCP Relay or and DHCP Server for further processing The DHCP Snooping application uses DHCP messages to build and maintain the binding s database The binding s database only includes data for clients on untrusted ports DHCP Snooping creates a tentative bin...

Page 330: ...ied interface Default Configuration There is no default configuration for this command Command Mode Privileged EXEC User Guidelines There are no user guidelines for this command clear ip dhcp snooping binding ip dhcp snooping trust clear ip dhcp snooping statistics ip dhcp snooping verify mac address ip dhcp snooping show ip dhcp snooping ip dhcp snooping binding show ip dhcp snooping binding ip d...

Page 331: ...ion for this command Command Mode Privileged EXEC User Guidelines There are no user guidelines for this command Example console clear ip dhcp snooping statistics ip dhcp snooping Use the ip dhcp snooping command to enable DHCP snooping globally Use the no form of this command to disable DHCP snooping Syntax ip dhcp snooping no ip dhcp snooping Default Configuration DHCP Snooping is disabled by def...

Page 332: ...1 ip dhcp snooping console config if vlan1 exit console config interface gi1 0 4 console config if Gi1 0 4 ip dhcp snooping trust ip dhcp snooping binding Use the ip dhcp snooping binding command to configure a static DHCP Snooping binding Use the no form of this command to remove a static binding Syntax ip dhcp snooping binding mac address vlan vlan id ip address interface gigabitethernet unit sl...

Page 333: ...ping database This can be local to the switch or on a remote machine Syntax ip dhcp snooping database local tftp hostIP filename hostIP The IP address of the remote host filename The name of the file for the database on the remote host The filename may contain any printable character and is checked only when attempting to open the file The file must reside in the working directory of the TFTP serv...

Page 334: ...ing database write delay command to configure the interval in seconds at which the DHCP Snooping database will be stored in persistent storage Use the no form of this command to reset the write delay to the default Syntax ip dhcp snooping database write delay seconds no ip dhcp snooping database write delay seconds The write delay Range 15 86400 seconds Default Configuration The write delay is 300...

Page 335: ...bitethernet port channel tengigabitethernet fortygigabitethernet mode User Guidelines The switch hardware rate limits DHCP packets sent to the CPU from snooping enabled interfaces to 512 Kbps To prevent DHCP packets from being used in a DoS attack when DHCP snooping is enabled the snooping application allows configuration of rate limiting for received DHCP packets DHCP snooping monitors the receiv...

Page 336: ...able logging of DHCP messages filtered by the DHCP Snooping application Use the no form of this command to disable logging Syntax ip dhcp snooping log invalid no ip dhcp snooping log invalid Default Configuration Logging of filtered messages is disabled by default Invalid DHCP messages are not logged by default Command Mode Interface Configuration gigabitethernet port channel tengigabitethernet fo...

Page 337: ...P snooping validation of DHCP packets and exposes the port to IPv4 DHCP DoS attacks Configuring an interface as untrusted indicates that the switch should firewall DHCP messages and act as if the port is connected to a device outside the DMZ DHCP snooping must be enabled globally and on the VLAN for which the port is a member for this command to have an effect Interfaces connected to the DHCP serv...

Page 338: ...dhcp snooping verify mac address no ip dhcp snooping verify mac address Default Configuration Source MAC address verification is enabled by default Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example console config ip dhcp snooping verify mac address show ip dhcp snooping Use the show ip dhcp snooping command to display the DHCP snooping glo...

Page 339: ...g Invalid Pkts 1 0 1 Yes No 1 0 2 No Yes 1 0 3 No Yes 1 0 4 No No 1 0 6 No No show ip dhcp snooping binding Use the show ip dhcp snooping binding command to display the DHCP snooping binding entries Syntax show ip dhcp snooping binding static dynamic interface interface id port channel port channel id vlan vlan id static dynamic Use these keywords to filter by static or dynamic bindings interface ...

Page 340: ...3 10 Gi1 0 1 Dyn 86400 00 02 FE 06 13 04 210 1 1 4 10 Gi1 0 1 Dyn 86400 show ip dhcp snooping database Use the show ip dhcp snooping database command to display the DHCP snooping configuration related to the database persistence Syntax show ip dhcp snooping database Default Configuration There is no default configuration for this command Command Mode User EXEC Privileged EXEC Configuration mode an...

Page 341: ...ault Configuration There is no default configuration for this command Command Mode Privileged EXEC Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command Example console show ip dhcp snooping interfaces Interface Trust State Rate Limit Burst Interval pps seconds 1 0 1 No 15 1 1 0 2 No 15 1 1 0 3 No 15 1 console show ip dhcp snooping interfac...

Page 342: ...fields are displayed by this command Example console show ip dhcp snooping statistics Interface MAC Verify Client Ifc DHCP Server Failures Mismatch Msgs Rec d 1 0 2 0 0 0 1 0 3 0 0 0 1 0 4 0 0 0 1 0 5 0 0 0 1 0 6 0 0 0 Fields Description MAC Verify Failures The number of DHCP messages that were filtered on an untrusted interface because of source MAC address and client MAC address mismatch Client ...

Page 343: ...CP Snooping Commands 343 1 0 7 0 0 0 1 0 8 0 0 0 1 0 9 0 0 0 1 0 10 0 0 0 1 0 11 0 0 0 1 0 12 0 0 0 1 0 13 0 0 0 1 0 14 0 0 0 1 0 15 0 0 0 1 0 16 0 0 0 1 0 17 0 0 0 1 0 18 0 0 0 1 0 19 0 0 0 1 0 20 0 0 0 ...

Page 344: ...344 DHCP Snooping Commands ...

Page 345: ...ops ARP packets whose sender MAC address and sender IP address do not match an entry in the DHCP Snooping bindings database Commands in this Chapter This chapter explains the following commands arp access list Use the arp access list command to create an ARP ACL It will place the user in ARP ACL Configuration mode Use the no form of this command to delete an ARP ACL Syntax arp access list acl name...

Page 346: ...arp access list tier1 clear ip arp inspection statistics Use the clear ip arp inspection statistics command in Privileged EXEC mode to reset the statistics for Dynamic Address Resolution Protocol ARP inspection on all VLANs Syntax clear ip arp inspection statistics Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user gu...

Page 347: ...l name vlan vlan range static acl name The name of a valid ARP ACL Range 1 31 characters vlan range A valid VLAN range Default Configuration No ARP ACL is configured Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example console config ip arp inspection filter tier1 vlan 2 10 static console config ip arp inspection filter tier1 vlan 20 30 ip ar...

Page 348: ...at a rate that exceeds the threshold for a specified time that port will be diagnostically disabled The threshold is configurable up to 300 pps and the burst is configurable up to 15s long The default is 15 pps and 1s burst Use the no shut command to bring the port back in to service Example console config if Gi1 0 1 ip arp inspection limit none console config if Gi1 0 1 ip arp inspection limit ra...

Page 349: ...P packets Each command overrides the configuration of the previous command For example if a command enables source MAC address and destination MAC address validations and a second command enables IP address validation only the source MAC address and destination MAC address validations are disabled as a result of the second command Use the no form of this command to disable additional validation ch...

Page 350: ...namic ARP Inspection on a single VLAN or a range of VLANs Use the no form of this command to disable Dynamic ARP Inspection on a single VLAN or a range of VLANs Syntax ip arp inspection vlan vlan range logging no ip arp inspection vlan vlan range logging vlan range A valid range of VLAN IDs logging Use this parameter to enable logging of invalid packets Default Configuration Dynamic ARP Inspection...

Page 351: ...id MAC address in combination with the above sender ip used by a host Default Configuration There are no ARP ACL rules created by default Command Mode ARP Access list Configuration mode User Guidelines There are no user guidelines for this command Example console Config arp access list permit ip host 1 1 1 1 mac host 00 01 02 03 04 05 show arp access list Use the show arp access list command to di...

Page 352: ...ection and status Syntax show ip arp inspection interfaces interface id statistics vlan vlan range vlan vlan range interfaces interface id Display the Dynamic ARP Inspection configuration on all the DAI enabled interfaces Giving an interface argument it displays the values for that interface statistics vlan vlan range Display the statistics of the ARP packets processed by Dynamic ARP Inspection Gi...

Page 353: ...Description VLAN The VLAN ID for each displayed row Forwarded The total number of valid ARP packets forwarded in this VLAN Dropped The total number of invalid ARP packets dropped in this VLAN DHCP Drops The number of packets dropped due to DHCP Snooping binding database match failure ACL Drops The number of packets dropped due to ARP ACL rule match failure DHCP Permits The number of packets permit...

Page 354: ...stics VLAN Forwarded Dropped 10 90 14 20 10 3 console show ip arp inspection statistics vlan 10 20 VLAN DHCP ACL DHCP ACL Bad Src Bad Dest Invalid Drops Drops Permits Permits MAC MAC IP 10 11 1 65 25 1 1 0 20 1 0 8 2 0 1 1 show ip arp inspection vlan Use the show ip arp inspection vlan command to display the Dynamic ARP Inspection configuration on all the VLANs in the given VLAN range It also disp...

Page 355: ...bled Vlan Configuration Log Invalid ACL Name Static flag 10 Enabled Enabled H2 Enabled 11 Disabled Enabled Parameter Description Source Mac Validation If Source Mac validation of ARP frame is enabled Destination Mac Validation If Destination Mac validation of ARP Response frame is enabled IP Address Validation If IP address validation of ARP frame is enabled Field Description VLAN The VLAN ID for ...

Page 356: ...356 Dynamic ARP Inspection Commands 12 Enabled Disabled ...

Page 357: ...estination e mail addresses Log messages in the urgent group are sent immediately to SMTP server with each log message in a separate mail Log messages in the non urgent group are batched into a single e mail message and after a configurable delay Only the minimum part MUA functionality of RFC 4409 required by the switch or router to send the messages to the SMTP server is supported Some SMTP serve...

Page 358: ...are e mailed The severity level may either be specified by keyword or as an integer from 0 to 7 The accepted keywords and the numeric severity level each represents are as follows emergency 0 alert 1 critical 2 error 3 warning 4 logging email show logging email statistics logging email urgent clear logging email statistics logging traps security logging email message type to addr mail server ip ad...

Page 359: ...f you set the non urgent severity level to the same value as the urgent severity level then no log messages are e mailed non urgently See the logging email urgent command to specify the urgent severity level The command no logging email disables all e mail alerting logging email urgent Use the logging email urgent command in Global Configuration mode to set the lowest severity level at which log m...

Page 360: ...t or above this severity level are considered urgent By default Emergency and Alert log messages are considered urgent Urgent log messages are e mailed immediately one log message per e mail message and do not wait for the log time to expire Urgent log messages are not e mailed unless you enable e mail alerting with the logging email command logging traps Use the logging traps command in Global Co...

Page 361: ...he buffered log by severity level You can specify the severity level of log messages that are e mailed You can use this command to specify the severity level at which SNMP traps are logged and thus control whether traps appear in the buffered log or are e mailed and if they are e mailed whether traps are considered urgent or non urgent logging email message type to addr Use the logging email messa...

Page 362: ...ration User Guidelines This command removes the configured to addr field of e mail logging email from addr Use the logging email from addr command in Global Configuration mode to configure the From address of the e mail Use the no form of this command to remove the e mail source address Syntax logging email from addr from email addr no logging email from addr Default Configuration This command has...

Page 363: ...sage type subject Default Configuration This command has no default configuration Command Mode Global Configuration User Guidelines The user must enter the message type parameter manually as tab and space bar completion do not work for this parameter logging email logtime Use the logging email logtime command in Global Configuration mode to configure the value of how frequently the queued messages...

Page 364: ...age body The message to log Enclose the message in double quotes if it contains any spaces Default Configuration This command has no default configuration Command Mode Global Configuration User Guidelines This command has no user guidelines show logging email statistics Use the show logging email statistics command in Privileged EXEC mode to show the statistics about the e mails The command displa...

Page 365: ...delines This command has no user guidelines clear logging email statistics Use the clear logging email statistics command in Privileged EXEC mode to clear the e mail alerting statistics Syntax clear logging email statistics Default Configuration This command has no default configuration Command Mode Privileged EXEC User Guidelines This command has no user guidelines ...

Page 366: ...ue is disabled Command Mode Mail Server Configuration User Guidelines This command has no user guidelines mail server ip address hostname Use the mail server ip address hostname command in Global Configuration mode to configure the SMTP server IP address and change the mode to Mail Server Configuration mode The server address can be in the IPv4 IPv6 or DNS name format Use the no form of this comma...

Page 367: ...ommand in Mail Server Configuration mode to configure the TCP port to use for communication with the SMTP server Port can be set to 465 or 25 Use the no form of the command to revert the SMTP port to the default port Syntax port port no port Default Configuration The default value is 25 Command Mode Mail Server Configuration Field Default Email Alert Mail Server Port 25 Email Alert Security Protoc...

Page 368: ...ication Use the no form of the command to revert the username to the default value Syntax username username no username Default Configuration The default value for username is admin Command Mode Mail Server Configuration User Guidelines This command has no user guidelines password Mail Server Configuration Mode Use the password command in Mail Server Configuration mode to configure the password re...

Page 369: ...ail servers or a particular mail server Syntax show mail server ip address hostname all Default Configuration This command has no default configuration Command Mode Privileged EXEC Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console show mail server all Mail Servers configuration No of mail servers configured 2 Mail Serqy ver1 confi...

Page 370: ...r IP Address 10 131 1 31 SMTP server Port 465 SMTP server security protocol tls SMTP server authentication details Username admin console show mail server ip address 10 131 1 11 SMTP server IP Address 10 131 1 11 SMTP server Port 465 SMTP server security protocol tls SMTP server authentication details Username admin ...

Page 371: ...working jumbo frames feature extends the standard ethernet MTU Max Frame Size from 1518 1522 with VLAN header bytes to 9216 bytes However any device connecting to the same broadcast domain should support the same or larger MTU Flow control is a mechanism or protocol used to temporarily suspend transmission of data to a device to avoid overloading the device receive path Dell Networking switching i...

Page 372: ...s Chapter This chapter explains the following commands clear counters Use the clear counters command in Privileged EXEC mode to clear statistics on an interface clear counters show interfaces counters speed description show interfaces description storm control broadcast flowcontrol receive show interfaces detail storm control multicast interface show interfaces status storm control unicast interfa...

Page 373: ...s command clears the individual component counters If port channel is specified the command clears the port channel counters including the flap counters Example In the following example the counters for port 1 0 1 are cleared console clear counters gigabitethernet 1 0 1 description Use the description command in Interface Configuration mode to add a description to an interface To remove the descri...

Page 374: ...eceive Use the flowcontrol command in Global Configuration mode to configure the flow control To disable flow control use the no form of this command Syntax flowcontrol receive on off no flowcontrol receive Default Configuration Flow Control is enabled by default Command Mode Global Configuration and Interface Configuration modes User Guidelines Dell Networking switches implement receive flow cont...

Page 375: ...ve off console config flowcontrol receive on interface Use this command to configure parameters for the gigabit Ethernet and ten gigabit Ethernet ports and for port channels While in Global Configuration mode enter the interface command with a specific interface To exit to Global Configuration mode enter exit To return to Privileged EXEC mode press Ctrl Z or enter end Additional forms of the inter...

Page 376: ...he internal packet buffers are consumed This situation may cause traffic loss on other ports that are not congested or flow controlled See http www ieee802 org 3 cm_study public september04 thaler_3_0904 pdf for more information Example The following example enables gigabit port 2 on stack member 1 for configuration console config interface gigabitethernet 1 0 2 interface range Use the interface r...

Page 377: ...sole config if range The following example shows how all gigabitethernet ports can be configured at once console config interface range gigabitethernet all console config if range The following examples demonstrate various valid interface ranges console config interface range gigabitEthernet 1 0 1 20 console config interface range gi1 0 20 48 console config interface range gi1 0 1 gi1 0 48 console...

Page 378: ... is 524288 bytes and is named cpuPktCapture pcap Command Modes Global Configuration mode User Guidelines Only one of file remote or line may be specified Setting the file remote or line stops the capture No monitor capture stops the capture and returns the configuration to the defaults No monitor capture file size returns the capture file size to the defaults No monitor capture remote port returns...

Page 379: ...packets are captured and saved into the RAM Capturing packets can be stopped manually before 128 packets have been captured The command monitor capture stop halts packet capture If capturing is in progress the show monitor capture packets command displays only captured packets which have not yet been displayed during capturing session If capturing is stopped the first after stopping show monitor c...

Page 380: ... is in progress All captured packets can be displayed No captured and not yet displayed packet can be lost Captured packets can be displayed when capturing is in progress or after the moment when capturing is stopped Only packets saved in RAM up to 128 can be displayed when capturing is stopped If capturing is in progress the show monitor capture packets command displays only captured packets whic...

Page 381: ...play the captured traffic When using remote capture mode the switch doesn t store any captured data locally The local TCP port number can be configured for connecting Wireshark to the switch The default port number is 2002 If a firewall is installed between the Wireshark PC and the switch then these ports must be allowed to pass through the firewall The Firewall must be configured to allow the Wir...

Page 382: ...Example Configure capture for Wireshark remote access on port 2020 console config monitor capture remote port 2020 Copy the local capture file to a TFTP server console copy flash cpuPktCapture pcap tftp 10 267 9 99 mypkts pcap monitor capture Privileged Exec Use the monitor capture command to capture packets transmitted or received from the CPU This facility captures switch control plane traffic a...

Page 383: ...he rate limit cpu command to reduce the amount of unknown unicast multicast packets forwarded to the CPU Use the no form of the command to set the rate limit to the default value Syntax rate limit cpu direction input pps pps_value no rate limit cpu direction input pps pps_value The packets per second The range is 100 1024 packets per second 100 3000 packets per second for N4000 series switches Def...

Page 384: ...r when the internal CPU queue is continually kept busy handling low priority packets This command does not affect the rate limits for control plane packets It is almost never necessary to use this command to change from the default value The use of this command should be restricted to situations in which moderate to high rates of unknown unicast multicast are continually sent to the switch CPU as ...

Page 385: ...1 1291 RMONTask 0 00 0 02 0 03 1293 boxs Req 0 00 0 01 0 01 Total CPU Utilization 27 31 28 97 31 01 show interfaces advertise Use the show interfaces advertise command in Privileged EXEC mode to display information about auto negotiation advertisement The display includes the local configuration and link partner advertisement in addition to the local advertisement Syntax show interfaces advertise ...

Page 386: ...aces advertise Port Type Neg Operational Link Advertisement Gi1 0 1 Gigabit Level Enabled 1000f 100f 10f Gi1 0 2 Gigabit Level Enabled 1000f 100f 10f Gi1 0 3 Gigabit Level Enabled 1000f 100f 10f Gi1 0 4 Gigabit Level Enabled 1000f 100f 10f Gi1 0 5 Gigabit Level Enabled 1000f 100f 10f Gi1 0 6 Gigabit Level Enabled 1000f 100f 10f Example 2 console show interfaces advertise gi1 0 1 Port Gi1 0 1 Type ...

Page 387: ...de and all Configuration submodes User Guidelines The displayed port configuration information includes the following Example The following example displays the configuration for all configured interfaces console show interfaces configuration gigabitethernet 1 0 1 Field Description Port The port number Description The port designated IEEE shorthand identifier For example 1000Base T refers to 1000 ...

Page 388: ...r counts frame discards and reasons in the in and out direction gigabitethernet Shows the traffic for the specified Gigabit Ethernet port port channel Shows the traffic for the specified port channel port tengigabitethernet Shows the traffic for the specified 10 Gigabit Ethernet port fortygigabitethernet Shows the traffic for the specified 40 Gigabit Ethernet port Default Configuration This comman...

Page 389: ... frames that are involved in a multiple collision and are subsequently transmitted successfully Late Collisions Counted times that a collision is detected later than one slot time into the transmission of a packet Excessive Collisions Counted frames for which transmission fails due to excessive collisions Received packets dropped MTU Count of received frames dropped due to frame length greater tha...

Page 390: ...utUcastPkts 1 23739 882 The following example displays counters for Ethernet port 1 0 1 console config if Te1 0 1 show interfaces counters te1 0 1 Port InOctets InUcastPkts InMcastPkts InBcastPkts Te1 0 1 0 0 0 0 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts Te1 0 1 0 0 0 0 Transmitted PFC Frames A count of the transmitted PFC frames Receive Packets Discards Count of frames discarded due t...

Page 391: ...EXEC mode to display the description for all configured interfaces Syntax show interfaces description gigabitethernet unit slot port port channel port channel number tengigabitethernet unit slot port fortygigabitethernet unit slot port Default Configuration This command has no default configuration Command Mode User EXEC mode Configuration mode and all Configuration submodes User Guidelines This c...

Page 392: ...rface or port channel identifier Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays detailed status and configuration of the specified interface console config show interfaces detail gi1 0 1 Port Description Dupl...

Page 393: ...ng Enabled Acceptable Frame Type Untagged Port Gi1 0 1 is statically configured to VLAN Name Egress rule Forbidden VLANS VLAN Name Port Gi1 0 1 Enabled State Disabled Role Disabled Port id 128 1 Port Cost 0 Port Fast No Configured no Root Protection No Designated bridge Priority 32768 Address 001E C9DE C52B Designated port id 0 0 Designated path cost 0 CST Regional Root 80 00 00 1E C9 DE C5 2B CST...

Page 394: ...ivity state of the link It is possible that the link is connected physically yet frames are not able to pass over the link Possible causes of this condition are speed or duplex mismatch The displayed port status information includes the following Example The following example displays the status for all configured interfaces Field Description Port The port or port channel number Oob means Out of B...

Page 395: ...8 1 N A Unknown Auto Down Inactive Te1 0 9 1 N A Unknown Auto Down Inactive console show interfaces status gigabitethernet 1 0 1 Port Description VLAN Duplex Speed Neg Link Flow Ctrl State Status Gi1 0 1 1 Full 1000 Auto Up Disabled console show interfaces status po1 Port Description Channel Po1 Operational State Down Admin Mode Enabled Port Channel Flap Count 0 Member Device Port Port Flap Ports ...

Page 396: ...ser EXEC Privileged EXEC modes User Guidelines This command only supports the display of 10G and 40G transceivers Example The following example shows the qualifications status of the optics on the switch console show interfaces transceiver Port Dell Qualified Te1 0 9 Yes Te1 0 11 Yes Te1 0 13 N A Te1 0 15 No Te1 0 17 No The following example shows static parameters of the optics along with the qua...

Page 397: ...tion This command has no default configuration Command Modes Privileged EXEC mode all SHOW modes User Guidelines This command has no user guidelines Example console show monitor capture Operational Status Enabled Current Capturing Type Line Capturing Traffic Mode Tx Rx Line Wrap Mode Disabled RPCAP Listening Port 2002 RPCAP dump file size KB 45 console show monitor capture packets 1 0 1 Length 94 ...

Page 398: ...0 00 01 00 11 88 2f 8e 82 81 00 00 01 0010 86 dd 60 00 00 00 00 24 00 01 fe 80 00 00 00 00 0020 00 00 00 00 88 ff fe 2f 8e 82 ff 02 00 00 00 00 0030 00 00 00 00 00 00 00 00 00 01 3a 00 05 02 00 00 0040 01 00 82 00 43 62 27 10 00 00 00 00 00 00 00 00 0050 00 00 00 00 00 00 00 00 00 00 ff ff 00 00 1 0 1 Length 94 RECEIVE 02 29 26 0000 0000 33 33 00 00 00 01 00 11 88 2f 8e 82 81 00 00 01 0010 86 dd 6...

Page 399: ...ommand has no user guidelines Examples The following example shows statistics for port 1 0 1 console config if Te1 0 1 show statistics te1 0 1 Total Packets Received Octets 0 Packets Received 64 Octets 0 Packets Received 65 127 Octets 0 Packets Received 128 255 Octets 0 Packets Received 256 511 Octets 0 Packets Received 512 1023 Octets 0 Packets Received 1024 1518 Octets 0 Packets Received 1518 Oc...

Page 400: ... 127 Octets 0 Packets Transmitted 128 255 Octets 0 Packets Transmitted 256 511 Octets 0 Packets Transmitted 512 1023 Octets 0 Packets Transmitted 1024 1518 Octets 0 Packets Transmitted 1518 Octets 0 Max Frame Size 1518 Total Packets Transmitted Successfully 0 Unicast Packets Transmitted 0 Multicast Packets Transmitted 0 Broadcast Packets Transmitted 0 Total Transmit Errors 0 Total Transmit Packets...

Page 401: ...cs for the entire switch Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines It is possible to enter interface configuration mode from global configuration mode or from interface configuration mode RFC Cross Reference Textual Explanation RFC 2863 MIB Identifier Total Packets Received Oct...

Page 402: ...kets Received Without Error 0 Unicast Packets Received 0 Multicast Packets Received 0 Broadcast Packets Received 0 Receive Packets Discarded 0 Octets Transmitted 0 Packets Transmitted Without Errors 0 Unicast Packets Transmitted 0 Multicast Packets Transmitted 0 Broadcast Packets Transmitted 0 Transmit Packets Discarded 0 Most Address Entries Ever Used 3 Address Entries Currently in Use 3 Maximum ...

Page 403: ...ll Configuration submodes User Guidelines This command has no user guidelines Examples The following example shows storm control configurations for a gigabit Ethernet port The second example shows flow control mode status console show storm control 802 3x Flow Control Mode Disable console show storm control gigabitethernet 1 0 1 Bcast Bcast Mcast Mcast Ucast Ucast Flow Intf Mode Level Mode Level M...

Page 404: ...Gi1 0 5 shutdown The following example reenables gigabit ethernet port 1 0 5 console config interface gigabitethernet 1 0 5 console config if Gi1 0 5 no shutdown speed Use the speed command in Interface Configuration mode to configure the speed of a given Ethernet interface To restore the default use the no form of this command Syntax speed 10 100 1000 10000 auto 10 100 1000 10000 no speed 10 Conf...

Page 405: ...ports may lead to random frame loss as the clock master has not been arbitrated by the auto negotiation process Auto negotiation is required on 10G 40G copper ports and is always recommended for copper ports When the auto parameter is used with a set of speeds only those speeds are advertised during auto negotiation Alternatively if no speed arguments are configured then all the speeds which the p...

Page 406: ...configured rate as a percentage of link speed rate The configured rate in kilobits per second Kbps Range 0 100 Default Configuration The default value is 5 Command Mode Interface Configuration Ethernet mode User Guidelines This command has no user guidelines Example console config if Gi1 0 1 storm control broadcast level 5 storm control multicast Use the storm control multicast command in Interfac...

Page 407: ...has no user guidelines Example console config if Gi1 0 1 storm control multicast level 5 storm control unicast Use the storm control unicast command in Interface Configuration mode to enable unknown unicast storm control for an interface If the mode is enabled unicast storm recovery is active and if the rate of unknown L2 unicast destination lookup failure traffic ingressing on an interface increa...

Page 408: ...onfiguration mode to configure a protected port The groupid parameter identifies the set of protected ports to which this interface is assigned You can only configure an interface as protected in one group You are required to remove an interface from one group before adding it to another group Port protection occurs within a single switch Protected port configuration does not affect traffic betwee...

Page 409: ...0 1 console config if Gi1 0 1 switchport protected 1 switchport protected name Use the switchport protected name command in Global Configuration mode to adds the port to the protected group 1 and also sets the group name to protected Syntax switchport protected groupid name name no switchport protected groupid name groupid Identifies which group the port is to be protected in Range 0 2 name Name o...

Page 410: ...interfaces Syntax show switchport protected groupid groupid Identifies which group the port is to be protected in Range 0 2 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example identifies test as the protected group console...

Page 411: ...and Example console show system internal pktmgr internal control sw rate limit Inband pps global threshold 1024 show system mtu Use the show system mtu command to display the configured MTU The MTU is set using the global system jumbo mtu command This command deprecates the show interfaces mtu command Syntax show system mtu Default Configuration The default mtu size is 1518 bytes 1522 bytes for VL...

Page 412: ...agmented This command deprecates the mtu ip mtu and ipv6 mtu commands Use the no form of the command to reset the MTU to the default Syntax system jumbo mtu frame size no system jumbo mtu frame size The maximum frame size in bytes received by the system which is not forwarded Default Configuration The default MTU size is 1518 bytes 1522 bytes for VLAN tagged frames Command Modes Global Configurati...

Page 413: ...Ethernet Configuration Commands 413 advertise different IP MTUs they will not form an adjacency unless OSPF has been instructed to ignore differences in IP MTU with the ip ospf mtuignore command ...

Page 414: ...414 Ethernet Configuration Commands ...

Page 415: ...als with the fault diagnosis at service layer across networks comprising multiple LANs including LANs other than 802 3 media Dell Networking CFM is only available on the N4000 series switches CFM is not compatible with iSCSI optimization Disable iSCSI optimization before enabling CFM Dell Networking CFM supports the following functionality Path discovery linktrace message Fault detection continuit...

Page 416: ...cfm domain domain name level 0 7 domain name Name of the maintenance domain Alphanumeric string of up to 43 characters Default Configuration No CFM domains are preconfigured Command Mode Global Configuration mode User Guidelines Each domain must have a unique name and level for example one cannot create a domain qwerty at level 2 if domain qwerty already exists at level 1 Likewise one cannot creat...

Page 417: ...anid VLAN ID representing a service instance that is monitored by this maintenance association The range is 1 4093 Default Configuration No VLANs are associated with a maintenance domain by default Command Mode Maintenance domain Configuration mode User Guidelines This command has no user guidelines Example console config cfm mdomain service serv1 vlan 10 ethernet cfm cc level Use the ethernet cfm...

Page 418: ...ple console config ethernet cfm cc level 1 vlan 15 interval 10 ethernet cfm mep level Use the ethernet cfm mep level command in Interface Configuration mode to create a Maintenance End Point MEP on an interface at the specified level and direction MEPs are configured per Maintenance Association per Maintenance Domain Use the no form of the command to delete a MEP Syntax ethernet cfm mep level 0 7 ...

Page 419: ... vlan 10 ethernet cfm mep enable Use the ethernet cfm mep enable command in Interface Configuration mode to enable a MEP at the specified level and direction Use the no form of the command to disable the MEP Syntax ethernet cfm mep enable level 0 7 vlan 1 4093 mpid 1 8191 level Maintenance association level mpid Maintenance entity identifier vlan VLAN on which the MEP operates Default Configuratio...

Page 420: ... Syntax ethernet cfm mep active level 0 7 vlan 1 4093 mpid 1 8191 level Maintenance association level mpid Maintenance entity identifier vlan VLAN on which the MEP operates Default Configuration No MEPs are preconfigured Command Mode Interface Configuration User Guidelines This command has no user guidelines ethernet cfm mep archive hold time Use the ethernet cfm mep archive hold time command in I...

Page 421: ...s the hold time for maintaining internal information regarding a missing MEP console config ethernet cfm mep archive hold time 1200 ethernet cfm mip level Use the ethernet cfm mip level command in Interface Configuration mode to create a Maintenance Intermediate Point MIP at the specified level The MEPs are configured per Maintenance Domain per interface Use the no form of the command to delete a ...

Page 422: ...nation MAC address for which the connectivity needs to be verified Either MEP ID or the MAC address option can be used remote mpid The MEP ID for which connectivity is to be verified i e the destination MEP ID domain Name of the maintenance domain an alphanumeric string of up to 43 characters in length vlan id A VLAN associated with the maintenance domain Range 1 4094 mpid The MEP ID from which th...

Page 423: ...The destination MAC address for which the connectivity needs to be verified Either MEP ID or the MAC address option can be used remote mpid The MEP ID for which connectivity is to be verified i e the destination MEP ID domain Name of the maintenance domain an alphanumeric string of up to 43 characters in length vlan id A VLAN associated with the maintenance domain Range 1 4094 mpid The MEP ID from...

Page 424: ...main Name of the maintenance domain an alphanumeric string of up to 43 characters in length Default Configuration This command has no default configuration Command Mode Privileged EXEC Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console show ethernet cfm errors Level SVID MPID DefRDICcm DefMACStatus DefRemoteCCM DefErrorCCM DefXconC...

Page 425: ...w Ethernet cfm domain domain1 Domain Name domain1 Level 1 Total Services 1 VLAN ServiceName CC Interval secs 10 serv1 1 show ethernet cfm maintenance points local Use the show ethernet cfm maintenance points local command in Privileged EXEC mode to display the configured local maintenance points Syntax show ethernet cfm maintenance points local level 0 7 interface interface id domain domain name l...

Page 426: ...show ethernet cfm maintenance points remote command in Privileged EXEC mode to display the configured remote maintenance points Syntax show ethernet cfm maintenance points remote level 0 7 domain domain name detail mac mac address mep MEPId domain domain name level 0 7 vlan vlan id domain Name of the maintenance domain an alphanumeric string of up to 43 characters in length level Maintenance assoc...

Page 427: ...1 22 33 44 55 10 25 serv1 show ethernet cfm statistics Use the show ethernet cfm maintenance points remote command in Privileged EXEC mode to display the CFM statistics Syntax show ethernet cfm statistics domain domain name level 0 7 domain Name of the maintenance domain an alphanumeric string of up to 43 characters in length level Maintenance association level Default Configuration This command h...

Page 428: ...nce CCM s received 0 CCM s transmitted 1 In order Loopback Replies received 5 Out of order Loopback Replies received 5 Bad MSDU Loopback Replies received 0 Loopback Replies transmitted 0 Unexpected LTR s received 0 Statistics for Domain domain1 Level 1 Vlan 11 MEP Id 3 Out of sequence CCM s received 0 CCM s transmitted 1 In order Loopback Replies received 0 Out of order Loopback Replies received 0...

Page 429: ...lines Example Console show ethernet cfm statistics Statistics for Domain domain1 Level 1 Vlan 11 MEP Id 1 Out of sequence CCM s received 0 CCM s transmitted 259 In order Loopback Replies received 5 Out of order Loopback Replies received 0 Bad MSDU Loopback Replies received 0 Loopback Replies transmitted 5 Unexpected LTR s received 0 Statistics for Domain domain1 Level 1 Vlan 11 MEP Id 2 Out of seq...

Page 430: ...ted LTR s received 0 Statistics for Domain domain1 Level 1 Vlan 11 MEP Id 3 Out of sequence CCM s received 0 CCM s transmitted 1 In order Loopback Replies received 0 Out of order Loopback Replies received 0 Bad MSDU Loopback Replies received 0 Loopback Replies transmitted 5 Unexpected LTR s received 0 ...

Page 431: ...y on GE copper ports Energy Efficient Ethernet Energy Efficient Ethernet EEE combines the MAC with a family of PHYs that support operation in a Low Power Mode as defined by the IEEE 802 3az Energy Efficient Ethernet Task Force Lower Power Mode enables both the send and receive sides of the link to disable some functionality for power savings when lightly loaded Transition to Low Power Mode does no...

Page 432: ...rm of the command to disable energy detect mode on the interface s Syntax green mode energy detect no green mode energy detect Default Configuration On N2000 and N3000 switches energy detect is disabled by default Energy detect mode is enabled by default and cannot be disabled on N4000 10G copper interfaces Command Mode Interface Configuration mode User Guidelines Cable diagnostics show copper por...

Page 433: ...s Frames in transit are not dropped or corrupted in transition to and from Low Power Mode On combo ports eee mode can be enabled even if the port is using the fiber interface If enabled eee mode is only active when the copper interface is active Use the no form of the command to disable the feature Syntax green mode eee no green mode eee Default Configuration The default value is Disabled Command ...

Page 434: ... Naming Conventions for interface representation all All interfaces Default Configuration This command has no default configuration Command Mode Privileged EXEC User Guidelines This command has no user guidelines green mode eee lpi history Use the green mode eee lpi history command in Global Configuration mode to configure the Global EEE LPI history collection interval and buffer size This value i...

Page 435: ...00 N3000 1G and 10G copper ports Examples Use the command below to set the EEE LPI History sampling interval to the default console config no green mode eee lpi history sampling interval Use the command below to set the EEE LPI History max samples to the default console config no green mode eee lpi history max samples show green mode interface id Use the show green mode interface id command in Pri...

Page 436: ...y detect mode may be administratively enabled but the operational status may be inactive The reasons for the operational status are described below Reason for Energy detect current operational status The energy detect mode may be administratively enabled but the operational status may be inactive The possible reasons are 1 Port is currently operating in the fiber mode 2 Link is up If the energy de...

Page 437: ...the Tw_sys that it wants to request from the remote system This value maps into the aLldpXdot3LocTxTwSysEcho attribute Tw_sys_rx μSec Integer that indicates the value of Tw_sys that the local system requests from the remote system This value is updated by the EEE Receiver L2 state diagram This variable maps into the aLldpXdot3LocRxTwSys attribute Tw_sys_rx Echo μSec Integer that indicates the remo...

Page 438: ...ttribute maps to the variable RemFbSystemValue as defined in 78 4 2 3 Tx_dll_enabled Initialization status of the EEE transmit Data Link Layer management function on the local system Tx_dll_ready Data Link Layer ready This variable indicates that the tx system initialization is complete and is ready to update receive LLDPDU containing EEE TLV This variable is updated by the local system software R...

Page 439: ...dy Yes Rx DLL enabled Yes Rx DLL ready Yes Cumulative Energy Saving W H 2 37 Time Since Counters Last Cleared 1 day 20 hr 47 min 34 sec show green mode Use the show green mode command in Privileged EXEC mode to display the green mode configuration for the whole system The status is shown only for the modes supported on the corresponding hardware platform whether enabled or disabled Syntax show gre...

Page 440: ...isabled In Active Enabled gi1 0 5 Enabled Active Enabled Disabled In Active Enabled gi1 0 6 Enabled Active Enabled Disabled In Active Enabled gi1 0 7 Enabled Active Enabled Disabled In Active Enabled gi1 0 8 Enabled Active Enabled Disabled In Active Enabled show green mode eee lpi history interface Use the show green mode eee lpi history interface command in Privileged EXEC mode to display the int...

Page 441: ...atform capable of providing power consumption details Term Description Sampling Interval Interval at which EEE LPI statistics is collected Total No of Samples to Keep Maximum number of samples to keep Percentage LPI Time per Stack Percentage of total time spent in LPI mode by all ports in the stack when compared to total time since reset Sample No Sample index Sample Time Time since last reset Tim...

Page 442: ...Spent in Time Spent in No the SampleLPI Mode SinceLPI Mode Since Was Recorded Last SampleLast Reset 10 0d 00 00 13 3 2 9 0d 00 00 44 3 2 8 0d 00 01 15 3 2 7 0d 00 01 46 3 2 6 0d 00 02 18 3 2 5 0d 00 02 49 3 2 4 0d 00 03 20 3 2 3 0d 00 03 51 3 1 2 0d 00 04 22 3 1 1 0d 00 04 53 3 1 ...

Page 443: ...t implement the GVRP protocol and enable GVRP then process the GPDUs The VLAN registration is made in the context of the port that receives the GPDU The networking device propagates this VLAN membership on all of its other ports in the active topology Thus the end station VLAN ID is propagated throughout the network GVRP is an application defined in the IEEE 802 1p standard that allows for the con...

Page 444: ...1 0 8 console clear gvrp statistics gigabitethernet 1 0 8 garp timer Use the garp timer command in Interface Configuration mode to adjust the GARP application join leave and leaveall GARP timer values To reset the timer to default values use the no form of this command Syntax garp timer join leave leaveall timer_value no garp timer join Indicates the time in centiseconds that PDUs are transmitted ...

Page 445: ... greater than or equal to three times the join time Leaveall time must be greater than the leave time Set the same GARP timer values on all Layer 2 connected devices If the GARP timers are set differently on Layer 2 connected devices the GARP application will not operate successfully The timer_value setting must be a multiple of 10 Example The following example sets the leave timer for port 1 0 8 ...

Page 446: ...s GVRP on the device console config gvrp enable gvrp enable interface Use the gvrp enable command in Interface Configuration mode to enable GVRP on an interface To disable GVRP on an interface use the no form of this command Syntax gvrp enable no gvrp enable Default Configuration GVRP is disabled on all interfaces by default Command Mode Interface Configuration gigabitethernet port channel tengiga...

Page 447: ...console config if Gi1 0 8 gvrp enable gvrp registration forbid Use the gvrp registration forbid command in Interface Configuration mode to deregister all VLANs on a port and prevent any dynamic registration on the port To allow dynamic registering for VLANs on a port use the no form of this command Syntax gvrp registration forbid no gvrp registration forbid Default Configuration Dynamic registerin...

Page 448: ...orbid no gvrp vlan creation forbid Default Configuration By default dynamic VLAN creation is enabled Command Mode Interface Configuration gigabitethernet port channel tengigabitethernet fortygigabitethernet mode User Guidelines This command has no user guidelines Example The following example disables dynamic VLAN creation on port 1 0 8 console config interface gigabitethernet 1 0 8 console config...

Page 449: ...ple shows how to display GVRP configuration information console show gvrp configuration Global GVRP Mode Disabled Join Leave LeaveAll Port VLAN Interface Timer Timer Timer GVRP Mode Create Register centisecs centisecs centisecs Forbid Forbid 1 0 1 20 60 1000 Disabled 1 0 2 20 60 1000 Disabled 1 0 3 20 60 1000 Disabled 1 0 4 20 60 1000 Disabled 1 0 5 20 60 1000 Disabled 1 0 6 20 60 1000 Disabled 1 ...

Page 450: ...no default configuration Command Mode User EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays GVRP error statistics information console show gvrp error statistics GVRP error statistics Legend INVPROT Invalid Protocol Id INVATYP Invalid Attribute Type INVALEN Invalid Attribute Length INVAVAL Invalid ...

Page 451: ...ion submodes User Guidelines This command has no user guidelines Example This example shows output of the show gvrp statistics command console show gvrp statistics GVRP statistics Legend rJE Join Empty Received rJIn Join In Received rEmp Empty Received rLIn Leave In Received rLE Leave Empty Received rLA Leave All Received sJE Join Empty Sent JIn Join In Sent sEmp Empty Sent sLIn Leave In Sent sLE ...

Page 452: ...452 GVRP Commands 1 0 5 0 0 0 0 0 0 0 0 0 0 0 0 1 0 6 0 0 0 0 0 0 0 0 0 0 0 0 1 0 7 0 0 0 0 0 0 0 0 0 0 0 0 1 0 8 0 0 0 0 0 0 0 0 0 0 0 0 ...

Page 453: ...g tables in Dell Networking are mapped to link layer addresses The Multicast Forwarding Database MFDB manages the forwarding address table for Layer 2 multicast protocols such as IGMP Snooping The IGMP Snooping code in the CPU ages out IGMP entries in the MFDB If a report for a particular group on a particular interface is not received within a certain time interval query interval the IGMP Snoopin...

Page 454: ...lowing commands ip igmp snooping Use the ip igmp snooping command in Global Configuration mode without parameters to globally enable Internet Group Management Protocol IGMP snooping Use the vlan form of the command to enable IGMP snooping on a specific VLAN Use the no form of this command to disable IGMP snooping globally Syntax ip igmp snooping vlan vlan id no ip igmp snooping vlan vlan id vlan i...

Page 455: ...ded to the mrouter ports that have been discovered when the multicast source is first seen If a new mrouter is later discovered on a different port the multicast source data is not forwarded to the new port Likewise if an existing mrouter times out or stops querying the multicast source data continues to be forwarded to that port If a host in the VLAN subsequently joins or leaves the group the lis...

Page 456: ...ed EXEC Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console config show ip igmp snooping Admin Mode Enable IGMP Router Alert check Enabled Multicast Control Frame Count 0 SSM FDB Capacity 0 SSM FDB Current Entries 0 SSM FDB High Water Mark 0 Flooding Unregistered to All Ports Disabled Vlan 1 IGMP Snooping Admin Mode Enabled Immediat...

Page 457: ...uration This command has no default configuration Command Mode User EXEC mode Configuration mode and all Configuration submodes User Guidelines To see the full Multicast address table including static addresses use the show mac address table command Example This example shows IGMPv2 snooping entries console config show ip igmp snooping groups Vlan Group Type OIFs 1 224 239 129 1 2 3 Dynamic Te1 0 ...

Page 458: ...Vlan 1 IGMP Snooping Admin Mode Enabled Immediate Leave Mode Disabled Group Membership Interval 260 Last Member Query Interval 10 Multicast Router Expiry Time 300 Report Suppression Mode Enabled show ip igmp snooping mrouter Use the show ip igmp snooping mrouter command in Privileged EXEC mode to display information on dynamically learned Multicast router interfaces Syntax show ip igmp snooping mr...

Page 459: ...al queries to the interface The no form of this command disables IGMP Snooping immediate leave mode on a VLAN You should enable immediate leave admin mode only on VLANs where only one host is connected to each layer 2 LAN port This setting prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN port but were still interested in receiving multicast traffic d...

Page 460: ...up on a particular interface before deleting the interface from the entry This value must be greater than the IGMPv3 Maximum Response time value The range is 2 to 3600 seconds The no form of this command sets the IGMPv3 Group Membership Interval time to the default value Syntax ip igmp snooping vlan vlan id groupmembership interval time no ip igmp snooping groupmembership interval vlan id Number a...

Page 461: ... range is 1 to 25 seconds The no form of this command sets the last member query interval on the VLAN to the default value Syntax ip igmp snooping vlan vlan id last member query interval time no ip igmp snooping vlan vlan id last member query interval time vlan id Number assigned to the VLAN time Number of seconds after which a host is considered to have left the group Range 1 25 Default Configura...

Page 462: ...ation time to 0 The time is set for a particular VLAN Syntax ip igmp snooping vlan vlan id mcrtexpiretime time no igmp snooping vlan vlan id mcrtexpiretime time vlan id Number assigned to the VLAN time Multicast router present expiration time Range 1 3600 Default Configuration The default multicast router present expiration time is 300 seconds Command Mode Global Configuration mode User Guidelines...

Page 463: ...n is only applicable to IGMPv1 and IGMPv2 Example The following example sets the multicast router present expiration time on VLAN 2 to 60 seconds console config ip igmp snooping report suppression vlan 10 ip igmp snooping unregistered floodall This command enables flooding of unregistered multicast traffic to all ports in the VLAN Use the no form of this command to only flood unregistered multicas...

Page 464: ...ng vlan vlan id mrouter interface interface id no ip igmp snooping vlan mrouter vlan id The number assigned to the VLAN interface id The next hop interface to the multicast router Default Configuration There are no multicast router ports configured by default Command Mode Global Configuration mode User Guidelines It is preferable to configure mrouter ports for IGMP snooping as opposed to configuri...

Page 465: ...IGMP Snooping Commands 465 Example console config ip igmp snooping vlan 10 mrouter interface Gi1 0 2 ...

Page 466: ...466 IGMP Snooping Commands ...

Page 467: ...owever if it is required that the IP multicast traffic in a VLAN be switched and no multicast router is present in the network the Dell Networking switch can be configured as an IGMP querier When IGMP Snooping Querier is enabled the Querier sends out periodic IGMP General Queries that trigger the multicast listeners members to send their joins to the querier so as to receive the multicast data tra...

Page 468: ...functionality is reenabled if IGMP Snooping becomes operational on the VLAN The IGMP Snooping Querier application sends periodic general queries on the VLAN to solicit membership reports Syntax ip igmp snooping querier vlan vlan id address ip address no ip igmp snooping querier vlan vlan id address vlan id A valid VLAN number ip address An IPv4 address used for the source address Default Configura...

Page 469: ...ter alert option If other devices in the network do not send IGMP packets with the router alert option IGMP snooping and snoooping querier will discard the packet Use the no ip igmp snooping router alert check command to disable checking for the router alert option Example The following example enables IGMP snooping querier in Global Configuration mode console config ip igmp snooping querier vlan ...

Page 470: ...configures the snooping querier to participate in the querier election console config ip igmp snooping querier election participate ip igmp snooping querier query interval This command sets the IGMP Querier Query Interval time which is the amount of time in seconds that the switch waits before sending another periodic query The no form of this command sets the IGMP Querier Query Interval time to i...

Page 471: ... igmp snooping querier query_interval 1800 ip igmp snooping querier timer expiry This command sets the IGMP Querier timer expiration period which is the time period that the switch remains in Non Querier mode after it has discovered that there is a Multicast Querier in the network The no form of this command sets the IGMP Querier timer expiration period to its default value Syntax ip igmp snooping...

Page 472: ...the snooping switch is going to send periodically The no form of this command sets the IGMP Querier Version to its default value Syntax ip igmp snooping querier version version no ip igmp snooping querier version version IGMP version Range 1 2 Default Configuration The querier version default is 2 Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example Th...

Page 473: ...nes When the optional argument vlan_id is not used the command shows the following information When you specify a value for vlan_id the following information appears Parameter Description Admin Mode Indicates whether or not IGMP Snooping Querier is active on the switch Admin Version Indicates the version of IGMP that will be used while sending out the queries Source IP Address Shows the IP address...

Page 474: ... moving to Querier state and does not send out any queries VLAN Operational Max Response Time Indicates the time to wait before removing a Leave from a host upon receiving a Leave request This value is calculated dynamically from the Queries received from the network If the Snooping Switch is in Querier state then it is equal to the configured value Querier Election Participate Indicates whether t...

Page 475: ...IGMP Snooping Querier Commands 475 Operational State Querier Last Querier Address 2 2 2 2 Operational version 2 Operational Max Resp Time 10 ...

Page 476: ...476 IGMP Snooping Querier Commands ...

Page 477: ...ing routing interfaces Out of band management is always through the dedicated out of band interface The serial port on the stack master provides a direct console interface supporting a CLI In band management interfaces can employ a variety of protection mechanisms including VLAN assignment and Management ACLs The out of band port does not support such protection mechanisms and therefore it is reco...

Page 478: ...Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines Example The following example deletes all entries from the host name to address cache console clear host clear ip address conflict detect Use the clear ip address conflict detect command in Privileged EXEC mode to clear the address conflict detection status ...

Page 479: ...rface configuration mode Syntax interface out of band Default Configuration This command has no default configuration Command Mode Global Configuration User Guidelines No specific guidelines Example console config interface out of band console config if ip address Out of Band Use the ip address command in Interface Configuration mode to set an IP address for the out of band interface Use the no fo...

Page 480: ...er Guidelines When setting the netmask prefix length on an IPv4 address a space is required between the address and the mask or prefix length Setting an IP address on the out of band port enables switch management over the service port In order to ensure the security of the switches from intruders it is strongly recommended that the out of band interface be isolated on a physically separate networ...

Page 481: ...un Default Configuration This command has no default configuration Command Mode Global Configuration User Guidelines This command has no user guidelines Example console console configure console config ip address conflict detect run ip address dhcp Interface Configuration Use the ip address dhcp command in Interface VLAN Configuration mode to enable the DHCPv4 client on an interface Syntax ip addr...

Page 482: ...es not remove a manually configured address In addition to leasing an IP address and subnet mask the DHCP client may learn the following parameters from a DHCP server The IPv4 address of a default gateway If the device learns different default gateways on different interfaces the system uses the first default gateway learned The system installs a default route in the routing table with the default...

Page 483: ...gateway The system installs a default IPv4 route with the gateway address as the next hop address The route preference is 253 A default gateway configured with this command is more preferred than a default gateway learned from a DHCP server which has a route preference of 254 It is less preferred than a static route configured via the ip route command which has a route preference of 1 Use the show...

Page 484: ...tion is enabled by default Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The following example enables the IP Domain Naming System DNS based host name to address translation console config ip domain lookup ip domain name Use the ip domain name command in Global Configuration mode to define a default domain name used to complete unqualified host ...

Page 485: ...Guidelines This command has no user guidelines Example The following example defines a default domain name of dell com console config ip domain name dell com ip host Use the ip host command in Global Configuration mode to define static host name to address mapping in the host cache To delete the name to address mapping use the no form of this command Syntax ip host name address no ip host name nam...

Page 486: ...e server server address1 server address2 server address8 no ip name server server address1 server address8 server address Valid IPv4 or IPv6 addresses of the name server Range 1 255 characters Default Configuration No name server IP addresses are specified Command Mode Global Configuration mode User Guidelines Server preference is determined by entry order Up to eight servers can be defined in one...

Page 487: ...g on the interfaces is enabled using an EUI 64 interface ID in the low order 64 bits of the address If this option is used the value of prefix_length must be 64 bits autoconfig Use this keyword to set the IPv6 address auto configuration mode dhcp Use this keyword to obtain an IPv6 address via DHCP Default Configuration There is no IPv6 address configured by default Command Mode Interface Configura...

Page 488: ...e autoconfig parameter specifies that a link local address in the EUI 64 format is assigned to the interface The DHCP parameter indicates that the port should obtain its address va DHCP Use the no form of the command to remove a specific address or to return the address assignment to its default value Using the no form of the command with no parameters removes all IPv6 prefixes from the interface ...

Page 489: ...of the in band management interfaces ipv6 address dhcp Use the ipv6 address dhcp command in Interface VLAN Configuration mode to enable the DHCPv6 client on an IPv6 interface Syntax ipv6 address dhcp no ipv6 address dhcp Default Configuration DHCPv6 is disabled by default on routing interfaces Command Mode Interface VLAN Configuration mode User Guidelines This command only applies to VLAN routing ...

Page 490: ...hcp ipv6 enable Interface Configuration Use the ipv6 enable command in Interface Configuration mode to enable IPv6 on a routing interface Use the no form of this command to reset the IPv6 configuration to the defaults Syntax ipv6 enable no ipv6 enable Default Configuration IPv6 is not enabled by default Command Mode Interface Configuration mode VLAN loopback User Guidelines There are no user guide...

Page 491: ...mmand Mode Interface out of band Configuration mode User Guidelines There are no user guidelines for this command ipv6 gateway OOB Configuration Use the ipv6 gateway command in Interface out of band Configuration mode to configure the address of the IPv6 gateway The gateway is used as a default route for packets addressed to network devices not present on the local subnet Use the no form of the co...

Page 492: ...llows spaces in the host name when specified in double quotes For example console config snmp server host host name Default Configuration This command has no default configuration Command Mode User EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays information about IP hosts console show hosts Host ...

Page 493: ...XEC Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines The command provides the following information Term Description Address Conflict Detection Status Whether the switch has detected an address conflict on any IP address Set to Conflict Detected if detected No Conflict Detected otherwise Last Conflicting IP Address The IP address that was last detected as conf...

Page 494: ...w ip helper address command in Privileged EXEC mode to display IP helper addresses configuration Syntax show ip helper address intf address intf address IP address of a routing interface Range Any valid IP address Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no us...

Page 495: ...d EXEC Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console show ipv6 dhcp interface out of band statistics DHCPv6 Client Statistics DHCPv6 Advertisement Packets Received 0 DHCPv6 Reply Packets Received 0 Received DHCPv6 Advertisement Packets Discard 0 Received DHCPv6 Reply Packets Discarded 0 DHCPv6 Malformed Packets Received 0 Tota...

Page 496: ...and has no default configuration Command Mode Privileged EXEC Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console config if do show ipv6 interface out of band IPv6 Administrative Mode Enabled IPv6 Prefix is FE80 21E C9FF FEAA AD79 64 128 IPv6 Default Router FE80 A912 FEC2 A145 FEAD Configured IPv6 Protocol None IPv6 AutoConfiguratio...

Page 497: ...nts of routing updates decide which types of traffic are forwarded or blocked and above all provide security for the network ACLs are normally used in firewall routers that are positioned between the internal network and an external network such as the Internet They can also be used on a router positioned between two parts of the network to control the traffic entering or exiting a specific part o...

Page 498: ... to accept the optional time range parameter The time range parameter allows imposing a time limitation on the IPv6 ACL rule as defined by the parameter time range name If a time range with the specified name does not exist and the IPv6 ACL containing this ACL rule is applied to an interface or bound to a VLAN then the ACL rule is applied immediately If a time range with the specified name exists ...

Page 499: ...L rule A destination port number which ranges from 0 65535 can be entered or a portkey which can be one of the following keywords bgp domain echo ftp ftp data http ntp pop2 pop3 rip smtp snmp telnet tftp telnet time who and www Each of these keywords translates into its equivalent destination port number When range is specified IPv6 ACL rule matches only if the layer 4 port number falls within the...

Page 500: ...s any implies 0 128 prefix and a mask of all ones Specifying host implies prefix length as 128 and a mask of 0 128 precedence precedence tos tos tosmask dscp dscp Specifies the TOS for an IP TCP UDP ACL rule depending on a match of precedence or DSCP values using the parameters dscp precedence or tos tosmask flag fin fin syn syn rst rst psh psh ack ack urg urg established Specifies that the IP TCP...

Page 501: ...ge types are available only if the protocol is icmpv6 fragments Specifies the rule matches packets that are non initial fragments fragment bit asserted Not valid for rules that match L4 information such as TCP port number since that information is carried in the initial packet IPv6 fragments contain an IPv6 Fragment extension header routing Specifies that IP ACL rule matches on routed packets Rout...

Page 502: ...nd Mode IPv6 Access List Configuration mode User Guidelines Users are permitted to add rules but if a packet does not match any user specified rules the packet is dropped by the implicit deny all rule In order to provide the greatest amount of flexibility in configuring ACLs the permit deny syntax allows combinations of matching criteria that may not make sense when applied in practice The rate li...

Page 503: ...ader it is not matched For the N2000 N3000 Series series for ingress in ACLs The IPv6 ACL fragment keyword matches only on the first IPv6 extension header for the fragment header next header code 44 If the fragment header appears in the second or a subsequent header it is not matched The IPv6 ACL routing keyword matches only on the first IPv6 extension header for the routing header next header cod...

Page 504: ...Pv6 ACL from the system Syntax ipv6 access list name no ipv6 access list name name Alphanumeric string of 1 to 31 characters uniquely identifying the IPv6 access list Default Configuration There is no default configuration for this command Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example creates an IPv6 ACL named DEL...

Page 505: ...st ACL to an interface or associates it with a VLAN ID in a given direction An optional sequence number may be specified to indicate the order of this access list relative to other IPv6 access lists already assigned to this interface and direction A lower number indicates higher precedence order If a sequence number is already in use for this interface and direction the specified IPv6 access list ...

Page 506: ...uration mode Interface Configuration Ethernet Port channel VLAN mode User Guidelines This command specified in Interface Configuration mode only affects a single interface whereas the Global Configuration mode setting is applied to all interfaces The optional control plane keyword allows application of an ACL on the CPU port ingress queue Control plane packets e g BPDUs are dropped because of the ...

Page 507: ...ipv6 access lists name name The name used to identify the IPv6 ACL Default Configuration There is no default configuration for this command Command Mode User EXEC Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command Example ACL Name ip1 Outbound Interface s control plane Rule Number 1 Action permit Match All FALSE Prot...

Page 508: ...508 IPv6 Access List Commands ...

Page 509: ... version 2 MLDv2 is equivalent to IGMPv3 MLD is a subprotocol of Internet Control Message Protocol version 6 ICMPv6 and MLD messages are a subset of ICMPv6 messages identified in IPv6 packets by a preceding Next Header value of 58 Dell Networking switches can snoop on both MLDv1 and MLDv2 protocol packets and bridge IPv6 multicast data based on destination IPv6 Multicast MAC Addresses The switch c...

Page 510: ...v6 mld snooping vlan id groupmembership interval time vlan id Specifies a VLAN ID value time MLD group membership interval time in seconds Range 2 3600 Default Configuration The default group membership interval time is 260 seconds Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example console config ipv6 mld snooping vlan 2 groupmembership interval 1500...

Page 511: ...Specifies the VLAN Default Configuration Immediate leave is disabled on all VLANs by default Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example This example enables mld snooping immediate leave for VLAN 2 console config ipv6 mld snooping vlan 2 immediate leave ipv6 mld snooping listener message suppression This command enables MLD listener ...

Page 512: ...sage suppression ipv6 mld snooping vlan last listener query interval The ipv6 mld snooping vlan last listener query interval command sets the number of seconds after which a host is considered to have left the group This value must be less than the MLD Query Interval time value The range is 1 to 25 seconds Syntax ipv6 mld snooping vlan vlan id last listener query interval time no ipv6 mld snooping...

Page 513: ...y to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached The range is 1 to 3600 seconds Syntax ipv6 mld snooping vlan vlan id mcrtexpiretime time no ipv6 mld snooping vlan vlan id mcrtexpiretime vlan id Specifies a valid VLAN ID time Multicast router present expiration time in seconds Range 1 3600 Default Configuration The default...

Page 514: ...lticast router Default Configuration There are no multicast router ports configured by default Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example console config ipv6 mld snooping vlan 10 mrouter interface Gi1 0 2 ipv6 mld snooping Global Use the ipv6 mld snooping Global command to globally enable MLD Snooping on the system Global Configuration Mode U...

Page 515: ...icast source is forwarded to the mrouter ports that have been discovered when the multicast source is first seen If a new mrouter is later discovered on a different port the multicast source data is not forwarded to the new port Likewise if an existing mrouter times out or stops querying the multicast source data continues to be forwarded to that port If a host in the VLAN subsequently joins or le...

Page 516: ... the total number of IGMP or PIM packets which have been received same as IPv4 Flooding Unregistered to All Ports Indicates if Flooding Unregistered to All Ports is enabled If enabled multicast data traffic for which no listeners have registered is flooded to all ports in a VLAN instead of only flooded to multicast router ports SSM FDB Capacity The capacity of the SSM FDB SSM FDB Current Entries T...

Page 517: ...ce that is participating in the VLAN from the list of interfaces with multicast routers attached The interface is removed if a query is not received This value may be configured Listener Message Suppression Mode Sends only the first report received in response to a query to the router Example console config show ipv6 mld snooping Admin Mode Enable Multicast Control Frame Count 6255 SSM FDB Capacit...

Page 518: ...ation mode and all Configuration submodes User Guidelines This user guideline applies to all switch models To see the full Multicast address table including static addresses use the show mac address table command Example This example shows MLDv2 snooping entries console show ipv6 mld snooping groups Vlan Group Type OIFs 1 3333 0000 0003 Dynamic Te1 0 1 Te1 0 17 MLD SSM Entries VLAN Group Reporter ...

Page 519: ...n dynamically learned Multicast router interfaces Syntax show ipv6 mld snooping mrouter Default configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console show ipv6 mld snooping mrouter VLAN ID Port 10 Gi2 0 1 ...

Page 520: ...520 IPv6 MLD Snooping Commands ...

Page 521: ...e switch can be configured as an MLD querier When MLD Snooping Querier is enabled the Querier sends out periodic MLD General Queries that trigger the Multicast listeners member to send their joins so as to receive the Multicast data traffic MLD Snooping listens to these reports to establish the appropriate forwarding table entries Commands in this Chapter This chapter explains the following comman...

Page 522: ...lticast routing Example console config ipv6 mld snooping querier ipv6 mld snooping querier VLAN mode Use the ipv6 mld snooping querier command in VLAN mode to enable MLD Snooping Querier on a VLAN Use the no form of this command to disable MLD Snooping Querier on a VLAN Syntax ipv6 mld snooping querier vlanvlan id no ipv6 mld snooping querier vlan vlan id vlan id A valid VLAN ID Range 1 4093 Defau...

Page 523: ...dress prefix The bits of the address to be configured prefix length Designates how many of the high order contiguous bits of the address make up the prefix Default Configuration There is no global MLD Snooping Querier address configured by default Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example console config ipv6 mld snooping querier ad...

Page 524: ...lobal Configuration mode User Guidelines If there is another querier in the network and the local querier is in election mode then the querier with the lower IP address is elected and the other querier stops querying If the local querier is not in election mode and another querier is detected the local querier stops querying Example console config vlan ipv6 mld snooping querier election participat...

Page 525: ...piry command to set the MLD Querier timer expiration period It is the time period that the switch remains in Non Querier mode once it has discovered that there is another Multicast Querier in the network Use the no form of this command to reset the timer expiration period to the default Syntax ipv6 mld snooping querier timer expiry timer ipv6 mld snooping querier timer expiry timer The time that t...

Page 526: ... ID Range 1 4093 Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines When the optional argument vlan vlan id is not used the command shows the following information Parameter Description MLD Snooping Querier Mode Indicates whether or not MLD Snooping Querier is active on the swi...

Page 527: ...e on the VLAN Querier Election Participate Mode Indicates whether the MLD Snooping Querier participates in querier election if it discovers the presence of a querier in the VLAN Querier VLAN Address Shows the IP Address which will be used in the IPv6 header while sending out MLD queries Operational State Indicates whether MLD Snooping Querier is in Querier or Non Querier state When the switch is i...

Page 528: ...528 IPv6 MLD Snooping Querier Commands ...

Page 529: ...IPSG on a port where DHCP snooping is disabled or where DHCP snooping is enabled but the port is trusted all IP traffic received on that port is dropped depending upon the admin configured IPSG entries IPSG cannot be enabled on a port based routing interface IPSG uses two enforcement mechanisms the L2FDB to enforce the source MAC address and ingress VLAN and an ingress classifier to enforce the so...

Page 530: ...r which DHCP snooping is enabled and the port is trusted incoming traffic on the interface is dropped Incoming traffic is filtered based on the source IP address and VLAN When the port security keyword is configured filtering occurs based upon source IP address VLAN and source MAC address IP source guard also interacts with the port security component Use the port security command in interface mod...

Page 531: ...G is disabled on all interfaces Command Mode Interface Configuration mode User Guidelines Use the no ip verify source command to disable IPSG on an interface Example console config if Gi1 0 1 ip verify source port security ip verify binding Use the ip verify binding command in Global Configuration mode to configure static bindings Use the no form of the command to remove the IPSG entry Syntax ip v...

Page 532: ... the show ip verify command to display the IP Source Guard configuration on all interfaces or the specified interface Syntax show ip verify interface if id if id A valid interface ID physical Default Configuration There is no default configuration for this command Command Modes User EXEC Privileged EXEC all show modes User Guidelines The filter type is one of the following values ipv4 mac User has...

Page 533: ...n Privileged EXEC mode to display the bindings configured on a particular interface or all interfaces Syntax show ip verify source interface interface id interface id A valid physical interface or port channel identifier Default Configuration There is no default configuration for this command Command Mode User EXEC Privileged EXEC mode Configuration mode and all Configuration submodes User Guideli...

Page 534: ...lay all bindings static and dynamic Syntax show ip source binding Default Configuration There is no default configuration for this command Command Mode User EXEC Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console show ip source binding ...

Page 535: ...lt queue for this homogenous traffic provides the best performance in traffic burst handling and the most accurate 802 3x Flow Control Pause Frame generation In these cases the application of QoS treatment other than the default policy may result in less overall throughput or more packet loss By default iSCSI optimization is enabled and iSCSI QoS treatment is disabled LLDP is used to detect the pr...

Page 536: ...ed iSCSI session utilizes two rules from additional ACL lists up to a maximum of two ACL lists This means that the maximum number of ACL lists allocated by iSCSI is three Commands in this Chapter This chapter explains the following commands iscsi aging time The iscsi aging time command sets the time out value for iSCSI sessions To reset the aging time to the default value use the no form of this c...

Page 537: ... iscsi aging time 100 iscsi cos Use the iscsi cos command in Global Configuration mode to set the quality of service profile that will be applied to iSCSI flows To return the VPT DSCP setting to the default value use the no form of this command VPT DSCP values can be configured independently from the application of QoS treatment Syntax iscsi cos enable disable vpt vpt dscp dscp remark no iscsi cos...

Page 538: ...obin WRR You may alter the QoS setting by configuring the relevant ports to work in other scheduling and queue management modes via the Class of Service settings These choices may include strict priority for the queue used for iSCSI traffic The downside of strict priority is that in certain circumstances under heavy high priority traffic other lower priority traffic may get starved In WRR the queu...

Page 539: ...ualLogic Storage arrays via LLDP is also enabled by this command Upon detection of an EQL array the specific interface involved will have spanning tree portfast enabled and unicast storm control disabled These changes appear in the running config Disabling iSCSI Optimization does not disable flow control portfast or storm control configuration applied as a result of enabling iSCSI Optimization On ...

Page 540: ... tcp port 1 tcp port 2 tcp port 16 address ip address name targetname no iscsi target port tcp port 1 tcp port 2 tcp port 16 address ip address tcp port TCP port number or list of TCP port numbers on which iSCSI target s listen to requests Up to 16 TCP ports can be defined in the system in one command or by using multiple commands ip address IP address of the iSCSI target When the no form is used ...

Page 541: ...destination IP is the target s IP address This way the CPU is not be falsely loaded by non iSCSI flows if by chance other applications also choose to use these non standard ports When a port is already defined and not bound to an IP address and you want to bind the port to an IP address first remove the port by using the no form of the command and then add it again this time together with the rele...

Page 542: ...r Guidelines There are no user guidelines for this command Example The following example displays the iSCSI configuration console show iscsi iSCSI enabled iSCSI CoS enabled iSCSI vpt is 5 Session aging time 10 min Maximum number of sessions is 192 iSCSI Targets and TCP Ports TCP Port Target IP Address Name 860 3260 30001 172 16 1 1iqn 1993 11 com disk vendor diskarrays sn 45678 tape sys1 xyz 30033...

Page 543: ...t monitoring for up to 1024 sessions The N4000 switches support monitoring for up to 512 sessions Example The following examples show summary and detailed information about the iSCSI sessions console show iscsi sessions Target iqn 1993 11 com disk vendor diskarrays sn 45678 Initiator iqn 1992 04 com os vendor plan9 cdrom 12 ISID 11 Initiator iqn 1995 05 com os vendor plan9 cdrom 10 ISID 222 Target...

Page 544: ...P address TCP port IP address IP port 172 16 1 3 49154 172 16 1 20 30001 172 16 1 4 49155 172 16 1 21 30001 172 16 1 5 49156 172 16 1 22 30001 Session 2 Initiator iqn 1995 05 com os vendor plan9 cdrom 10 Time started 17 Aug 2008 21 04 50 Time for aging out 2 min ISID 22 Initiator Initiator Target Target IP address TCP port IP address IP port 172 16 1 30 49200 172 16 1 20 30001 172 16 1 30 49201 17...

Page 545: ...nds in this Chapter This chapter explains the following commands action Use the action command in Link Dependency mode to indicate if the link dependency group should mirror or invert the status of the depended on interfaces Syntax action down up down Mirror the depended on interface s status up Invert the depended on interface s status Default Configuration The default configuration for a group i...

Page 546: ...nk dependency group Syntax link dependency group GroupId no link dependency group GroupId GroupId Link dependency group identifier Range 1 72 Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines The preference of a group is to remain in the up state A group will be in the up state if any depends on interface is up and will be in the...

Page 547: ...uration Command Mode Link Dependency mode User Guidelines Adding an interface to a dependency list brings the interface down until the depends on command is entered The link status will then follow the interface specified in the depends on command To avoid bringing down interfaces enter the depends on command prior to entering the add command Example console config depend 1 add gigabitethernet 1 0...

Page 548: ...efault configuration Command Mode Link Dependency mode User Guidelines Circular dependencies are not allowed i e interfaces added to the group may not also appear in the depends on list Examples console config linkDep group 1 depends on gigabitethernet 1 0 10 console config linkDep group 1 depends on port channel 6 show link dependency Use the show link dependency command to show the link dependen...

Page 549: ...Link Action Group State 1 Gi4 0 2 3 Gi4 0 5 Gi4 0 10 12 Link Up Up Down The following command shows link dependencies for group 1 only console show link dependency group 1 GroupId Member Ports Ports Depended On Link Action Group State 1 Gi4 0 2 3 Gi4 0 5 Gi4 0 10 12 Link Up Up Down The following command shows detailed information for group 1 console show link dependency group 1 detail GroupId 1 Li...

Page 550: ...550 Link Dependency Commands ...

Page 551: ...eceive functions and each function can be enabled or disabled separately by the network manager Dell Networking supports both the transmit and receive functions in order to support device discovery The LLDP component transmit and receive functions can be enabled disabled separately per physical port By default both transmit and receive functions are enabled on all ports The application starts each...

Page 552: ...using SNMP as defined in the MIB definitions Commands in this Chapter This chapter explains the following commands clear lldp remote data Use the clear lldp remote data command in Privileged EXEC mode to delete all LLDP information from the remote data table Syntax clear lldp remote data clear lldp remote data lldp receive show lldp med clear lldp statistics lldp timers show lldp med interface lld...

Page 553: ...ta console clear lldp remote data clear lldp statistics Use the clear lldp statistics command in Privileged EXEC mode to reset all LLDP statistics Syntax clear lldp statistics Default Configuration By default the statistics are only cleared on a system reset Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines Example The following example displays how to reset all...

Page 554: ...se this command to disable the sending of DCBX information when it is desirable to utilize legacy QoS and disable the automatic configuration of CNAs based on transmitted DCBX information Example console config no dcb enable lldp med This command is used to enable disable LLDP MED on an interface By enabling MED the transmit and receive functions of LLDP are effectively enabled Syntax lldp med no ...

Page 555: ...le sending the topology change notification Syntax lldp med confignotification no lldp med confignotification Command Mode Interface Ethernet Configuration Default Value By default notifications are disabled on all supported interfaces User Guidelines No specific guidelines Example console config lldp med confignotification lldp med faststartrepeatcount This command is used to set the value of the...

Page 556: ... in the LLDPDUs There are certain conditions that have to be met for this port to be MED compliant These conditions are explained in the normative section of the specification For example the MED TLV capabilities is mandatory By disabling this bit MED is effectively disable on this interface Syntax lldp med transmit tlv capabilities network policy ex pse ex pd location inventory no med lldp transm...

Page 557: ...ation no lldp notification Default Configuration By default notifications are disabled on all supported interfaces Command Mode Interface Configuration Ethernet mode User Guidelines This command has no user guidelines Example The following example displays how to enable remote data change notifications console config if Gi1 0 3 lldp notification lldp notification interval Use the lldp notification...

Page 558: ... Guidelines This command has no user guidelines Example The following example displays how to set the interval value to 10 seconds console config lldp notification interval 10 lldp receive Use the lldp receive command in Interface Configuration mode to enable the LLDP receive capability To disable reception of LLDPDUs use the no form of this command Syntax lldp receive no lldp receive Default Conf...

Page 559: ...this command Syntax lldp timers interval transmit interval hold hold multiplier reinit reinit delay no lldp timers interval hold reinit transmit interval The interval in seconds at which to transmit local data LLDPDUs Range 5 32768 seconds hold multiplier Multiplier on the transmit interval used to set the TTL in local data LLDPDUs Range 2 10 reinit delay The delay in seconds before reinitializati...

Page 560: ...console config lldp timers interval 1000 hold 8 reinit 5 lldp transmit Use the lldp transmit command in Interface Configuration mode to enable the LLDP advertise transmit capability To disable local data transmission use the no form of this command Syntax lldp transmit no lldp transmit Default Configuration LLDP is enabled on all supported interfaces Command Mode Interface Configuration Ethernet m...

Page 561: ...e Interface Configuration Ethernet mode User Guidelines This command has no user guidelines Example The following example displays how to include management information in the LLDPDU console config if Gi1 0 3 lldp transmit mgmt lldp transmit tlv Use the lldp transmit tlv command in Interface Configuration mode to specify which optional type length value settings TLVs in the 802 1AB basic managemen...

Page 562: ...n Ethernet mode User Guidelines This command has no user guidelines Example The following example shows how to include the system description TLV in local data transmit console config if 1 0 3 lldp transmit tlv sys desc show lldp Use the show lldp command in Privileged EXEC mode to display the current LLDP configuration summary Syntax show lldp Default Configuration This command has no default con...

Page 563: ...e show lldp interface command in Privileged EXEC mode to display the current LLDP interface state Syntax show lldp interface gigabitethernet unit slot port tengigabitethernet unit slot port fortygigabitethernet unit slot port all Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This c...

Page 564: ...the advertised LLDP local data This command can display summary information or detail for each interface Syntax show lldp local device detail interface interface all detail includes a detailed version of remote data interface Specifies a valid physical interface on the device Specify either gigabitethernet unit slot port or tengigabitethernet unit slot port or fortygigabitethernet unit slot port a...

Page 565: ...0 62 48 00 00 02 System Name System Description Routing Port Description System Capabilities Supported bridge router System Capabilities Enabled bridge Management Address Type IPv4 Address 192 168 17 25 show lldp med This command displays a summary of the current LLDP MED configuration Syntax show lldp med Command Mode Privileged EXEC Configuration mode and all Configuration submodes Default Value...

Page 566: ...lt Value Not applicable Example console show lldp med interface all LLDP MED Interface Configuration Interface Link configMED operMED ConfigNotify TLVsTx Gi1 0 1 Detach Enabled EnabledEnabled0 1 Gi1 0 2 Detach Disabled Disabled Disabled 0 1 Gi1 0 3 Detach Disabled Disabled Disabled 0 1 Gi1 0 4 Detach Disabled Disabled Disabled 0 1 Gi1 0 5 Detach Disabled Disabled Disabled 0 1 console show lldp med...

Page 567: ...modes Default Value Not applicable Example Console show lldp med local device detail 1 0 1 LLDP MED Local Device Detail Interface 1 0 8 Network Policies Media Policy Application Type voice Vlan ID 10 Priority 5 DSCP 1 Unknown False Tagged True Media Policy Application Type streamingvideo Vlan ID 20 Priority 1 DSCP 2 Unknown False Tagged True Inventory Hardware Rev xxx xxx xxx Firmware Rev xxx xxx ...

Page 568: ... remote data This command can display summary information or detail for each interface Syntax show lldp med remote device gigabitethernet unit slot port tengigabitethernet unit slot port all show lldp med remote device detail gigabitethernet unit slot port tengigabitethernet unit slot port all Indicates all valid LLDP interfaces detail Includes a detailed version of remote data for the indicated i...

Page 569: ...apabilities MED Capabilities Supported capabilities networkpolicy location extendedpse MED Capabilities Enabled capabilities networkpolicy Device Class Endpoint Class I Network Policies Media Policy Application Type voice Vlan ID 10 Priority 5 DSCP 1 Unknown False Tagged True Media Policy Application Type streamingvideo Vlan ID 20 Priority 1 DSCP 2 Unknown False Tagged True Inventory Hardware Rev ...

Page 570: ... to display the current LLDP remote data This command can display summary information or detail for each interface Syntax show lldp remote device detail interface interface all detail Includes detailed version of remote data interface Specifies a valid physical interface on the device Substitute gigabitethernet unit slot port or tengigabitethernet unit slot port or fortygigabitethernet unit slot p...

Page 571: ... seconds console show lldp remote device detail 1 0 1 Ethernet1 0 1 Remote ID 01 23 45 67 89 AB System Name system 1 System Description System Capabilities Bridge Port ID 01 23 45 67 89 AC Port Description 1 0 4 Management Address 192 168 112 1 TTL 60 seconds show lldp statistics Use the show lldp statistics command in Privileged EXEC mode to display the current LLDP traffic statistics Syntax show...

Page 572: ... 802 3 1 0 11 29395 82562 0 0 1 0 0 0 1 4 The following table explains the fields in this example Fields Description Last Update The value of system of time the last time a remote data entry was created modified or deleted Total Inserts The number of times a complete set of information advertised by a remote device has been inserted into the table Total Deletes The number of times a complete set o...

Page 573: ...LDP frames received on the indicated port Ageouts Number of times a remote data entry on the indicated port has been deleted due to TTL expiration TLV Discards Number LLDP TLVs Type Length Value sets received on the indicated port and discarded for any reason by the LLDP agent TLV Unknowns Number of LLDP TLVs received on the indicated port for a type not recognized by the LLDP agent TLV MED Number...

Page 574: ...574 LLDP Commands ...

Page 575: ...In such a case MVR is listening to the join and report messages only for groups configured statically All other groups are managed by IGMP snooping There are two types of MVR ports source and receiver Source port is the port to which the multicast traffic is flowing using the multicast VLAN Receiver port is the port where a listening host is connected to the switch It can utilize any or no VLAN ex...

Page 576: ...ult Configuration The default value is Disabled Command Mode Global Configuration Interface Configuration User Guidelines MVR can only be configured on physical interfaces mvr group Use the mvr group command in Global Configuration mode to add an MVR membership group Use the no form of the command to remove an MVR membership group mvr mvr type mvr group mvr vlan group mvr mode show mvr mvr queryti...

Page 577: ...ode Global Configuration User Guidelines The following table lists the completion messages Example console config mvr console config mvr group 239 0 1 0 100 console config mvr vlan 10 mvr mode Use the mvr mode command in Global Configuration mode to change the MVR mode type Use the no form of the command to set the mode type to the default value Syntax mvr mode compatible dynamic Message Type Mess...

Page 578: ...time Use the mvr querytime command in Global Configuration mode to set the MVR query response time The query time is the maximum time to wait for an IGMP membership report on a receiver port before removing the port from the multicast group The query time only applies to receiver ports and is specified in tenths of a second Use the no form of the command to set the MVR query response time to the d...

Page 579: ...he mvr vlan command in Global Configuration mode to set the MVR multicast VLAN Use the no form of the command to set the MVR multicast VLAN to the default value Syntax mvr vlan 1 4094 no mvr vlan 1 4094 Specifies the port on which multicast data is expected to be received Source ports should belong to this VLAN Default Configuration The default value is 1 Command Mode Global Configuration User Gui...

Page 580: ...ediate leave is enabled a receiver port will leave a group on receipt of a leave message Without immediate leave upon receipt of a leave message the port sends an IGMP query and waits for an IGMP membership report Example console config interface Gi1 0 1 console config if Gi1 0 1 switchport access vlan 10 console config if Gi1 0 1 mvr console config if Gi1 0 1 mvr type receiver console config if G...

Page 581: ...rts are ports over which multicast data is received or sent Default Configuration The default value is None Command Mode Interface Configuration User Guidelines The following table lists the completion messages Example console config mvr console config mvr group 239 1 1 1 console config exit console config interface Gi1 0 1 console config if Gi1 0 1 switchport access vlan 10 console config if Gi1 ...

Page 582: ...R group Syntax mvr vlan mVLAN group A B C D no mvr vlan mVLAN group A B C D VLAN The VLAN over which multicast data from the specified group is to be received A B C D The multicast group for which multicast data is to be received over the specified VLAN Default Configuration This command has no default configuration Command Mode Interface Configuration User Guidelines This command statically confi...

Page 583: ... Configuration This command has no default configuration Command Mode Privileged EXEC Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages The following table explains the output parameters Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled Parameter Description MVR Running MVR run...

Page 584: ...mvr members A B C D A B C D A valid multicast address in IPv4 dotted notation Default Configuration This command has no default configuration Command Mode Privileged EXEC Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages MVR Current Multicast groups The current number of MVR groups allocated MVR Query Response Time The current MVR q...

Page 585: ...nd in Privileged EXEC mode to display the MVR enabled interfaces configuration Syntax show mvr interface interface id members vlan vid interface id Identifies a specific interface vid VLAN identifier Default Configuration This command has no default configuration Error Completion Message MVR disabled Parameter Description MVR Group IP MVR group multicast IP address Status The status of the specifi...

Page 586: ...RECEIVER Status ACTIVE Immediate Leave DISABLED console show mvr interface Fa1 0 23 members 235 0 0 1 STATIC ACTIVE Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled Parameter Description Port Interface number Type The MVR port type It can be None Receiver or Source type Status The interface status It consists of two characteristics 1 active ...

Page 587: ...ation mode and all Configuration submodes User Guidelines The following table lists the completion messages Examples The following table explains the output parameters Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled Parameter Description IGMP Query Received Number of received IGMP Queries IGMP Report V1 Received Number of received IGMP Repo...

Page 588: ...Leave Transmitted 1 IGMP Packet Receive Failures 0 IGMP Packet Transmit Failures 0 IGMP Report V1 Transmitted Number of transmitted IGMP Reports V1 IGMP Report V2 Transmitted Number of transmitted IGMP Reports V2 IGMP Leave Transmitted Number of transmitted IGMP Leaves IGMP Packet Receive Failures Number of failures on receiving the IGMP packets IGMP Packet Transmit Failures Number of failures on ...

Page 589: ...are must be taken while enabling this type of configuration If the Partner System is not 802 3AD compliant or the Link Aggregation Control protocol is not enabled there may be network instability Network instability occurs when one side assumes that the members in an aggregation are one single link while the other side is oblivious to this aggregation and continues to treat the members as individu...

Page 590: ...dd the port to the LAG A LAG can be either static or dynamic but not both It cannot have some member ports participate in the protocol while other member ports do not participate Additionally it is not possible to change a LAG from static to dynamic via the CLI You must remove the member ports from the static LAG and then add them to the dynamic LAG VLANs and LAGs When physical interfaces are adde...

Page 591: ...ion MAC VLAN EtherType and incoming port associated with the packet Source MAC Destination MAC VLAN EtherType and incoming port associated with the packet Destination IP and Destination TCP UDP Port fields of the packet Source Destination MAC VLAN EtherType and incoming port associated with the packet Source Destination IP and source destination TCP UDP Port fields of the packet Enhanced LAG Hashi...

Page 592: ... to the partner system in order to find a suitable Partner to form an aggregation When the Partner System neglects to respond using LACPDUs the Dell Networking switching aggregates manually The Dell Networking switching uses the currently configured default Partner Values for Partner Information Flexible Assignment of Ports to LAGs Assignment of interfaces to dynamic LAGs is based upon a maximum o...

Page 593: ...ctive Forces the port to join a channel with LACP dynamic LAG Default Configuration This command has no default configuration Command Mode Interface Configuration Ethernet mode User Guidelines This command has no user guidelines Example The following example shows how port 1 0 5 is configured to port channel 1 without LACP static LAG console config interface gigabitethernet 1 0 5 console config if...

Page 594: ...umbers range from 1 to 128 Example The following example enters the context of port channel 1 console config interface port channel 1 console config if po1 interface range port channel Use the interface range port channel command in Global Configuration mode to execute a command on multiple port channels at the same time Syntax interface range port channel port channel range all port channel range...

Page 595: ...he same command console config interface range port channel 1 2 8 console config if hashing mode Use the hashing mode command to set the hashing algorithm on trunk ports Use the no hashing mode command to set the hashing algorithm on trunk ports to the default 7 Syntax hashing mode mode mode Mode value in the range of 1 to 7 Range 1 7 1 Source MAC VLAN EtherType source module and port ID 2 Destina...

Page 596: ...ole config if po1 hashing mode 4 console config if po1 no hashing mode lacp port priority Use the lacp port priority command to configure the priority value for physical ports To reset to default priority value use the no form of this command Syntax lacp port priority value no lacp port priority value Port priority value Range 1 65535 Default Configuration The default port priority value is 1 Comm...

Page 597: ...cally lower value of port priority has the higher priority The selection algorithm is reapplied upon changes in the membership of the port channel for example if a link fails or if a new link joins the group and any subsequent changes to the set of active links are made according to the above algorithm Example The following example configures the priority value for port 1 0 8 to 247 console config...

Page 598: ...he least significant six octets For a given switch and link aggregation partner the switch with the numerically lower value of system priority has the higher priority The selection algorithm is reapplied upon changes in the membership of the port channel for example if a link fails or if a new link joins the group and any subsequent changes to the set of active links are made according to the abov...

Page 599: ... every second For further information refer to the LACP_Timeout setting in IEEE Std 802 1AX 2008 Example The following example assigns an administrative LACP timeout for port Gi1 0 8 to a long timeout value console config interface gigabitethernet 1 0 8 console config if Gi1 0 8 lacp timeout long port channel local preference Use the port channel local preference command in Interface Configuration...

Page 600: ...Therefore use of this option should be carefully considered and the operator must ensure that sufficient egress bandwidth is available in the LAG links on every stack member to avoid excessive discards By default the local preference mode for a port channel is disabled This command can be used only on port channel interfaces port channel min links Use the port channel min links command in Interfac...

Page 601: ...on Command Mode Privileged EXEC Configuration mode and all Configuration submodes User Guidelines The command displays the following information Example 1 console show interfaces port channel ChannelPorts ChTypeHash Algorithm Typemin Links Po1Inactive Gi1 0 3Dynamic31 Parameter Description index Number of the port channel to show This parameter is optional If the port channel number is not given a...

Page 602: ... mode Example 2 console show interfaces port channel 1 Channel Ports Ch Type Hash Type Min links Local Prf Po1 Inactive Gi1 0 1 Gi1 0 2 Dynamic 3 1 Enabled Gi1 0 3 Gi1 0 4 show lacp Use this command in Privileged EXEC mode to display LACP information for Ethernet ports Syntax show lacp gigabitethernet unit slot port tengigabitethernet unit slot port fortygigabitethernet unit slot port parameters s...

Page 603: ...Admin timeout LONG port Oper timeout LONG LACP Activity ACTIVE Aggregation AGGREGATABLE synchronization FALSE collecting FALSE distributing FALSE expired FALSE Partner system priority 0 system mac addr 00 00 00 00 00 00 port Admin key 0 port Oper key 0 port Admin priority 0 port Oper priority 0 port Oper timeout LONG LACP Activity ASSIVE Aggregation AGGREGATABLE synchronization FALSE collecting FA...

Page 604: ... console show statistics port channel 1 Total Packets Received Octets 0 Packets Received 1522 Octets 0 Packets RX and TX 64 Octets 1064 Packets RX and TX 65 127 Octets 140 Packets RX and TX 128 255 Octets 201 Packets RX and TX 256 511 Octets 418 Packets RX and TX 512 1023 Octets 1 Packets RX and TX 1024 1518 Octets 0 Packets RX and TX 1519 1522 Octets 0 Packets RX and TX 1523 2047 Octets 0 Packets...

Page 605: ...e Size 1518 Total Packets Transmitted Successfully 1824 Unicast Packets Transmitted 330 Multicast Packets Transmitted 737 Broadcast Packets Transmitted 757 Total Transmit Errors 0 FCS Errors 0 More or q uit Tx Oversized 0 Underrun Errors 0 Total Transmit Packets Discarded 0 Single Collision Frames 0 Multiple Collision Frames 0 Excessive Collision Frames 0 Port Membership Discards 0 802 3x Pause Fr...

Page 606: ...606 Port Channel Commands ...

Page 607: ... to a single switch Commands in this Chapter This chapter explains the following commands clear vpc statistics Use the clear vpc statistics command to clear the counters for the keepalive messages trasmitted and received by the MLAG switch Syntax clear vpc statistics peer keepalive peer link clear vpc statistics show vpc consistency parameters debug vpc show vpc consistency features feature vpc sh...

Page 608: ...age peer detection core no debug vpc peer keepalive packet peer link control message data message peer detection core peer keepalive Displays the debug traces for the keepalive state machine transitions The packet option enables debug traces for the keep alive packets exchanged between the MLAG peer devices on the peer link peer link In error cases enables the debug traces for the control messages...

Page 609: ...command globally enables MLAG Use the no form of the command to globally disable MLAG Syntax feature vpc no feature vpc Default Configuration By default the MLAG feature is not globally enabled Command Modes Global Configuration mode User Guidelines The MLAG configuration is retained even when the feature is disabled The peer link will not be enabled if the VPC feature is not enabled MLAG role ele...

Page 610: ... Default Configuration Dual Control Plane Detection Protocol is disabled by default Command Modes MLAG Domain Configuration mode Usage Guidelines Use of the Dual Control Plane Detection Protocol is optional It provides a second layer of redundancy beyond that provided by the peer link protocol System that operate without the DCPDP protocol enabled and use static LAGs run the risk of a split brain ...

Page 611: ...The UDP port number to use to listen for peer Dual Control Plane Detection Protocol packets srcaddr The local source address to use seconds The timeout value used to expire the Dual Control Plane Detection Protocol peer The range is 2 15 seconds the default is 5 Default Configuration There are no Dual Control Plane Detection Protocol peers configured by default Command Modes MLAG Domain Configurat...

Page 612: ...sole config vpc domain 1 console config vpc 1 peer keepalive enable console config vpc 1 peer keepalive destination 192 168 0 2 source 192 168 0 1 console config vpc 1 peer detection enable console config vpc 1 exit peer keepalive enable Use the peer keepalive enable command to enable the peer keep alive protocol on the peer link When enabled if an MLAG switch does not receive keepalive messages f...

Page 613: ...s to primary state and continues forwarding traffic on its local MLAG ports It also starts processing control messages The MLAG connected devices see a change in the source MAC address Once the peer device comes up again it starts the keepalive protocol and transitions to the secondary state The peer link fails This occurs when either switch cannot contact the peer through the peer keepalive proto...

Page 614: ...the MLAG role election and is sent to the MLAG peer in the MLAG keepalive messages The MLAG switch with the numerically lower priority value becomes the Primary and the switch with higher priority becomes the Secondary If both the MLAG peer switches have the same role priority the device with lower system MAC address becomes the Primary switch Changes to the priority value are not preemptive The k...

Page 615: ...long with the member ports on the current switch and peer switch plus their link status Syntax show vpc id id A valid MLAG identifier Default Configuration There is no default configuration for this command Command Modes Privileged EXEC mode and above User Guidelines There are no user guidelines for this command Example console show vpc 10 VPC Id 10 Configuration mode Enabled Operational mode Enab...

Page 616: ...of the Secondary switch The Secondary switch does not maintain or show the status of the Primary switch peer members A VPC instance may show as enabled even if all of the port channels that are members of the VPC are disabled or all of the links in the port channels are disabled A VPC will show as disabled if peer link or DCPDP connectivity is lost The Keep alive admin status field shows the statu...

Page 617: ... 14 15 16 17 VPC Details Number of VPCs configured 2 Number of VPCs operational 2 VPC id 1 Interface Po2 Configured Vlans 1 10 11 12 13 14 15 16 17 VPC Interface State Active Local MemberPorts Status Gi1 0 23 UP Gi1 0 24 UP Peer MemberPorts Status Gi1 0 23 UP Gi1 0 24 UP VPC id 2 Interface Po3 Configured Vlans 1 10 11 12 13 14 15 16 17 VPC Interface State Active show vpc example MLAG Peer A show v...

Page 618: ... on both MLAG peers to display MLAG related configuration information in a format suitable for comparison with the other MLAG peer Syntax show vpc consistency parameters global interface port channel number port channel number A valid port channel identifier range 1 128 Default Configuration There is no default configuration for this command Command Modes Privileged EXEC mode and above User Guidel...

Page 619: ...ation for this command Command Modes Privileged EXEC mode and above User Guidelines There are no user guidelines for this command show vpc peer keepalive Use the show vpc peer keepalive command to display the peer MLAG switch s IP address used by the Dual Control Plane Detection Protocol The port used for the Dual Control Plane Detection Protocol is shown as well as if peer detection is enabled or...

Page 620: ...isplay information about the keepalive status and parameters The role of the MLAG switch and the system MAC and priority are displayed Syntax show vpc role Default Configuration There is no default configuration for this command Command Modes Privileged EXEC mode and above User Guidelines There are no user guidelines for this command Example console show vpc role Keepalive admin mode Enabled Prior...

Page 621: ...123 Tx successful 118 Tx errors 5 Total received 115 Rx successful 108 Rx Errors 7 Timeout counter 6 console show vpc statistics peer link Peer link control messages transmitted 123 Peer link control messages Tx errors 5 Peer link control messages Tx timeout 4 Peer link control messages ACK transmitted 34 Peer link control messages ACK Tx erorrs 5 Peer link control messages received 115 Peer link ...

Page 622: ...ransmitted 73 Peer link data messages Tx errors 0 Peer link data messages Tx timeout 0 Peer link data messages received 73 Peer link BPDU s transmitted to peer 0 Peer link BPDU s Tx errors 0 Peer link BPDU s received from peer 0 Peer link BPDU s Rx errors 0 Peer link LACPDU s tranmsitted to peer 73 Peer link LACPDU s Tx errors 0 Peer link LACPDU s received from peer 73 Peer link LACPDU s Rx errors...

Page 623: ... Modes Port channel mode User Guidelines The peer keep alive protocol is required for MLAG operation Configure a LAG between the two MLAG peers as an MLAG peer link before executing this command Example console config interface po3 console config if Po3 switchport mode trunk console config if Po3 switchport trunk allowed vlan 1 99 101 4093 console config if Po3 vpc 2 console config if Po3 exitcons...

Page 624: ...0 2 source 192 168 0 1 console config vpc 1 peer detection enable console config vpc 1 exit vpc peer link Use the vpc peer link command to configure a port channel as the MLAG peer link for a domain and enables the peer link protocol Use the no form of the command to remove the peer link configuration from an MLAG domain and disable the peer link protocol Syntax vpc peer link no vpc peer link Defa...

Page 625: ... between the two MLAG peers as an MLAG peer link before executing this command Example console config interface port channel 1 console config if Po1 description MLAG Peer Link console config if Po1 spanning tree disable console config if Po1 switchport mode trunk console config if Po1 switchport trunk allowed vlan 1 99 101 4093 console config if Po1 vpc peer link console config if Po1 exit ...

Page 626: ...626 MLAG ...

Page 627: ...rk traffic analyzer can be attached to destination ports to analyze the traffic patterns of source ports A session is operationally active only if both a destination port and at least one source port are configured If neither is true the session is inactive A port configured as a destination port acts as a mirroring port when the session is operationally active If it is not the port acts as a norm...

Page 628: ...ved and transmitted on the physical monitored port Use the no form of the command to remove the monitoring session Syntax monitor session session_number source interface interface id vlan vlan id remote vlan rspan vlan id rx tx destination interface interface id remote vlan rspan vlan id reflector port interface id filter ip access group acl name acl number mac access group acl name no monitor ses...

Page 629: ...smit and receive directions If neither tx or rx is configured both directions are monitored Command Mode Global Configuration mode User Guidelines The source of a monitoring session must be configured before the destination can be configured Only one session with a single destination is supported however that session supports multiple sources The internal CPU port cannot be configured as an RSPAN ...

Page 630: ...lector port gi1 0 10 console config monitor session 1 mode This example shows how to configure a destination switch using VLAN 723 as the source RSPAN VLAN and Gi1 0 10 as the destination interface console config monitor session 1 source remote vlan 723 console config monitor session 1 destination interface gi1 0 10 console config monitor session 1 mode remote span Use this command to configure a ...

Page 631: ...EXEC mode to display status of port monitoring VLAN based mirroring Flow based mirroring and mirroring across RSPAN Syntax show monitor session session_number detail session _number Session identification number detail Displays additional information Default Configuration This command has no default configuration Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration...

Page 632: ... None Source RSPAN VLAN None Destination ports Te2 0 20 Destination RSPAN VLAN None IP access group a1 MAC access group None The following example shows the detailed status of a VLAN session on source switch where session is span across multiple switches console show monitor session 1 detail Session 1 Type Remote Destination Session Source Ports RX Only None TX Only None Both None Source VLANs RX ...

Page 633: ...Ports Gi1 0 15 Dest RSPAN VLAN None show vlan remote span Use this command to display the RSPAN VLAN IDs Syntax show vlan remote span Default Configuration This command has no default configuration Command Modes User EXEC Privileged EXEC modes User Guidelines This command has no user guidelines Example The following example shows the RSPAN VLANs configured on the switch console show vlan remote sp...

Page 634: ...634 Port Monitor Commands ...

Page 635: ...oice or multimedia QoS is a means of providing consistent predictable data delivery by distinguishing between packets that have strict timing requirements from those that are more tolerant of delay Packets with strict timing requirements are given special treatment in a QoS capable network To accomplish this all elements of the network must be QoS capable If one node is unable to meet the necessar...

Page 636: ...ss CoS queue should handle the traffic and whether the traffic flow is to be redirected to a specific outgoing interface MAC access lists are identified by a user specified name instead of a number Layer 3 4 IPv4 ACLs The Layer 3 4 ACL feature supports IP access lists both standard and extended These lists check the Layer 3 portion of a packet looking specifically at information contained in the I...

Page 637: ...ain a meaningful COS queue designation the ingress port can be configured to use its default priority to specify the CoS queue CoS queue mappings use the concept of trusted and untrusted ports A trusted port is one that takes at face value a certain priority designation within arriving packets Specifically a port may be configured to trust one of the following packet fields 802 1p User Priority IP...

Page 638: ...rvice dot1p mapping match destination address mac match vlan show diffserv service interface classofservice ip dscp mapping match dstip mirror show diffserv service interface port channel classofservice trust match dstip6 police simple show diffserv service brief conform color match dstl4port police single rate show interfaces cos queue cos queue min bandwidth match ethertype police two rate show ...

Page 639: ...de Policy Class Map Configuration mode User Guidelines This command has no user guidelines Example The following example displays how to change the queue ID to 4 for the associated traffic stream console config policy classmap assign queue 4 class Use the class command in Policy Map Class Configuration mode to create an instance of a class definition within the specified policy for the purpose of ...

Page 640: ...uccessfully Example The following example shows how to specify the DiffServ class name of DELL console config policy map DELL1 console config classmap class DELL class map Use the class map command in Global Configuration mode to define a new DiffServ class of type match all To delete the existing class use the no form of this command Syntax class map match all class map name ipv4 ipv6 no class ma...

Page 641: ...map class map rename Use the class map rename command in Global Configuration mode to change the name of a DiffServ class Syntax class map rename classname newclassname classname The name of an existing DiffServ class Range 1 31 characters newclassname A case sensitive alphanumeric string Range 1 31 characters Default Configuration This command has no default configuration Command Mode Global Conf...

Page 642: ...e the mapping is applied only to packets received on that interface Use the no form of the command to remove mapping between an 802 1p priority and an internal traffic class Syntax classofservice dot1p mapping 802 1ppriority trafficclass no classofservice dot1p mapping 802 1ppriority Specifies the user priority mapped to the specified traffic class for this switch Range 0 7 trafficclass Specifies ...

Page 643: ...ass Use the no form of the command to return the classofservice mapping to the default and remove a traffic class mapping for an IP DSCP value Syntax classofservice ip dscp mapping ipdscp trafficclass no classofservice ip dscp mapping ipdscp ipdscp Specifies the IP DSCP value to which you map the specified traffic class Range 0 63 or an IP DSCP keyword af11 af12 af13 af21 af22 af23 af31 af32 af33 ...

Page 644: ...mmands 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 cs1 0 9 0 10 af11 0 11 0 12 af12 0 13 0 14 af13 0 15 0 16 cs2 0 17 0 18 af21 0 19 0 20 af22 0 21 0 22 af23 0 23 0 24 cs3 1 25 1 26 af31 1 27 1 28 af32 1 IP DSCP Traffic Class ...

Page 645: ...ands 645 29 1 30 af33 1 31 1 32 cs4 2 33 2 34 af41 2 35 2 36 af42 2 37 2 38 af43 2 39 2 40 cs5 2 41 2 42 2 43 2 44 2 45 2 46 ef 2 47 2 48 cs6 3 49 3 50 3 51 3 52 3 53 3 54 3 55 3 56 cs7 3 IP DSCP Traffic Class ...

Page 646: ... command in either Global Configuration mode or Interface Configuration mode to set the class of service trust mode of an interface To set the interface mode to untrusted use the no form of this command Syntax classofservice trust dot1p untrusted ip dscp no classofservice trust dot1p Specifies that the mode be set to trust dot1p 802 1p packet markings untrusted Sets the Class of Service Trust Mode...

Page 647: ...nterface to trust IP Precedence packet mark console config classofservice trust ip precedence conform color Use the conform color command in Policy Class Map Configuration mode to enable color aware marking for a policy This command must be preceded by a police command If the conform color command is not entered the police algorithm uses the color blind version meaning in the incoming color is ign...

Page 648: ... specified for the two rate police algorithm Example The following example uses a simple policer to color TCP packets that exceed an average rate of 1000 Kbps or a burst size of 16 Kbytes as red Conforming packets are colored green The example configuration below also shows the configuration of WRED drop thresholds and probabilities for colored traffic console config class map match all class ipv4...

Page 649: ... there are COS queues bw 0 through bw n Range 0 100 in increments of 5 Default Configuration By default all CoS queues are configured with a 0 minimum bandwidth guarantee Command Mode Global Configuration mode or Interface Configuration gigabitethernet port channel tengigabitethernet fortygigabitethernet mode User Guidelines The maximum number of queues supported per interface is seven It is recom...

Page 650: ...on bandwidth guarantee for cos queues 0 through 6 console config cos queue min bandwidth 5 5 10 10 0 0 0 cos queue random detect Use the cos queue random detect command in Global Configuration or Interface Configuration mode to enable WRED queue management policy on an interface CoS queue Use the no form of the command to disable WRED policy for a CoS queue on an interface Syntax cos queue random ...

Page 651: ...k traffic with a color other than default green color The drop probability scale supports values in the range 0 10 and the discrete values 25 50 75 and 100 Other values are truncated to the next lower value by the hardware Example Enable WRED on the default CoS 0 queue for unmarked packets and set the green yellow and red colored traffic to utilize WRED starting at 3 of port congestion with a drop...

Page 652: ...1 through queue id n Range 0 6 Default Configuration This command has no default configuration Command Mode Global Configuration mode or Interface Configuration gigabitethernet port channel tengigabitethernet fortygigabitethernet mode User Guidelines Strict priority SP queues are scheduled in priority order ahead of WRR queues Strict priority queues are allocated unlimited bandwidth Use the cos qu...

Page 653: ... of this command Syntax diffserv no diffserv Default Configuration This command default is enabled Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The following example displays how to set the DiffServ operational mode to active console Config diffserv drop Use the drop command in Policy Class Map Configuration mode to specify that all packets for...

Page 654: ...ffic stream with the specified class of service value in the priority field of the 802 1p header If the packet does not already contain this header one is inserted Syntax mark cos cos value cos value Specifies the CoS value as an integer Range 0 7 Default Configuration There is no default cos value for this command Packets are not remarked by default Command Mode Policy Class Map Configuration mod...

Page 655: ...5 cs6 cs7 ef Default Configuration This command has no default configuration Command Mode Policy Class Map Configuration mode User Guidelines This command has no user guidelines Example The following example displays how to mark all packets with an IP DSCP value of cs4 console config policy classmap mark ip dscp cs4 mark ip precedence Use the mark ip precedence command in Policy Class Map Configur...

Page 656: ...ch class map Use the match class map command to add to the specified class definition the set of match conditions defined for another class Use the no form of this command to remove from the specified class definition the set of match conditions defined for another class Syntax match class map refclassname no match class map refclassname refclassname The name of an existing DiffServ class whose ma...

Page 657: ...latform specific maximum In some cases each removal of a refclass rule reduces the maximum number of available rules in the class definition by one Example The following example adds match conditions defined for the Dell class to the class currently being configured console config classmap match class map Dell The following example deletes the match conditions defined for the Dell class from the c...

Page 658: ...condition based on the destination MAC address of a packet Syntax match destination address mac macaddr macmask macaddr Specifies any valid layer 2 MAC address formatted as six two digit hexadecimal numbers separated by colons macmask Specifies a valid layer 2 MAC address bit mask formatted as six two digit hexadecimal numbers separated by colons This address bit mask does not need to be contiguou...

Page 659: ...s a valid IP address ipmask Specifies a valid IP address bit mask Note that even though this parameter is similar to a standard subnet mask it does not need to be contiguous Default Configuration This command has no default configuration Command Mode Class Map Configuration mode User Guidelines This command has no user guidelines Example The following example displays adding a match condition usin...

Page 660: ...tch dstip6 2001 DB8 32 match dstl4port Use the match dstl4port command in Class Map Configuration mode to add a match condition based on the destination layer 4 port of a packet using a single keyword or a numeric notation Syntax match dstl4port portkey port number portkey Specifies one of the supported port name keywords A match condition is specified by one layer 4 port number The currently supp...

Page 661: ...onfiguration mode to add a match condition based on the value of the ethertype Syntax match ethertype keyword 0x0600 0xffff keyword Specifies either a valid keyword or a valid hexadecimal number The supported keywords are appletalk arp ibmsna ipv4 ipv6 ipx mplsmcast mplsucast netbios novell pppoe rarp Range 0x0600 0xFFFF Default Configuration This command has no default configuration Command Mode ...

Page 662: ...e Ipv6 Class Map Configuration mode User Guidelines There are no user guidelines for this command Example The following example adds a rule to match packets whose IPv6 Flow Label equals 32312 console config classmap match ip6flowlbl 32312 match ip dscp Use the match ip dscp command in Class Map Configuration mode to add to the specified class definition a match condition based on the value of the ...

Page 663: ... but with a slightly different user notation To specify a match on all DSCP values use the match ip tos tosbits tosmask command with tosbits set to 0 zero and tosmask set to hex 03 Example The following example displays how to add a match condition based on the DSCP field console config classmap match ip dscp 3 match ip precedence Use the match ip precedence command in Class Map Configuration mode...

Page 664: ...tion based on the value of the IP precedence field console config classmap match ip precedence 1 match ip tos Use the match ip tos command in Class Map Configuration mode to add to the specified class definition a match condition based on the value of the IP TOS field in a packet This field is defined as all eight bits of the Service Type octet in the IP header Syntax match ip tos tosbits tosmask ...

Page 665: ...a match condition based on the value of the IP TOS field in a packet console config classmap match ip tos AA EF match protocol Use the match protocol command in Class Map Configuration mode to add to the specified class definition a match condition based on the value of the IP Protocol field in a packet using a single keyword notation or a numeric value notation Syntax match protocol protocol name...

Page 666: ...t Syntax match source address mac address macmask macaddr Specifies any valid layer 2 MAC address formatted as six two digit hexadecimal numbers separated by colons macmask Specifies a layer 2 MAC address bit mask formatted as six two digit hexadecimal numbers separated by colons This bit mask does not need to be contiguous Default Configuration This command has no default configuration Command Mo...

Page 667: ...P address bit mask is similar to a subnet mask it does not need to be contiguous Default Configuration This command has no default configuration Command Mode Class Map Configuration mode User Guidelines Only one srcip matching criteria can be specified To remove the matching criteria delete the class map Example The following example displays adding a match condition for the specified IP address a...

Page 668: ... 32 match srcl4port Use the match srcl4port command in Class Map Configuration mode to add to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword or a numeric notation Syntax match srcl4port portkey port number portkey Specifies one of the supported port name keywords A match condition is specified by one layer 4 port number The curr...

Page 669: ...and in Class Map Configuration mode to add to the specified class definition a match condition based on the value of the layer 2 VLAN Identifier field This field is the only tag in a single tagged packet or the first or outer tag of a double VLAN packet Syntax match vlan vlan id vlan id Specifies a VLAN ID as an integer Range 0 4095 Default Configuration This command has no default configuration C...

Page 670: ... Command Mode Policy Class Map Configuration mode User Guidelines The port identified in this command is identical to the destination port of the monitor command Example The following example displays how to copy all the data to port 1 0 5 console config policy classmap mirror 1 0 5 police simple Use the police simple command in Policy Class Map Configuration mode to applying a policing meter for ...

Page 671: ...ice value Range 0 7 dscpval DSCP value Range 0 63 or a keyword from this list af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 be cs0 cs1 cs2 cs3 cs4 cs5 cs6 cs7 ef Default Configuration This command has no default configuration Command Mode Policy Class Map Configuration mode User Guidelines Only one style of police command simple or two rate is allowed for a given class instance in a ...

Page 672: ... rate datarate burstsize excess burstsize conform action action exceed action action violate action action datarate Data rate in kilobits per second Kbps Range 1 4294967295 burstsize Burst size in kilobits per seconds Kbps Range 1 128 excess burstsize Excess burst size in kilobits per seconds Kbps Range 1 128 action The action to take according to the color Select one drop Drop the packet set prec...

Page 673: ...rding to four parameters Committed Information Rate CIR Committed Burst Size CBS Peak Information Rate PIR Peak Burst Size PBS A packet is colored red if it exceeds the PIR yellow if it exceeds the CIR and green if it does not exceed either A trTCM is useful when a peak rate needs to be enforced separately from a committed rate Syntax police two rate datarate burstsize peak data rate excess bursts...

Page 674: ...PIR are measured in Kbps not pps as indicated in the RFC the CBS in Kbytes and the PBS in Kbytes It is recommended that the CBS and PBS be configured to be larger than the largest expected IP packet A class command in policy map mode must be issued for an existing class map before entering this command Example console police two rate 100000000 64 1000000000 32 conform action set cos transmit 7 exc...

Page 675: ...is command has no default configuration Command Mode Global Configuration mode User Guidelines The CLI mode is changed to Policy Class Map Configuration when this command is successfully executed The policy type dictates which of the individual policy attribute commands are valid within the policy definition Example The following example shows how to establish a new ingress DiffServ policy named D...

Page 676: ...ach color and for non TCP packets Range 0 to 100 drop prob scale The maximum drop probability Range 0 100 Default Configuration The table below shows the default green yellow and red TCP and non TCP minimum maximum drop thresholds and the green yellow and red TCP and non TCP drop probabilities Command Mode Global Configuration mode Interface Configuration mode physical and port channel Interface R...

Page 677: ...minimum value Configuring a queue with a drop probability of 0 effectively applies tail drop behavior when the queue length exceeds the maximum threshold If the max thresh parameter is less than the corresponding min thresh parameter it is adjusted to be the min thresh plus one Example This example configures interface te2 0 1 to drop packets queued for egress on the all interfaces global config o...

Page 678: ...ion mode physical and port channel Interface Range mode User Guidelines To use the instantaneous queue size in the calculation of WRED drops set the weighting constant to 0 Larger values of N reduce the effect of instantaneous changes To update the current queue size to the difference between the previous size and the current instantaneous queue size set the weighting constant to 1 To update the c...

Page 679: ...edirect 1 0 1 service policy Use the service policy command in either Global Configuration mode for all system interfaces or Interface Configuration mode for a specific interface to attach a policy to an interface To return to the system default use the no form of this command Syntax service policy in out policymapname no service policy in out policymapname policymapname Specifies the DiffServ pol...

Page 680: ...olicy is attached to an interface successfully any attempt to change the policy definition such that it would result in a violation of the interface capabilities causes the policy change attempt to fail ACLs and DiffServ policies may not both exist on the same interface in the same direction Example The following example shows how to attach a service policy named DELL to all interfaces console con...

Page 681: ... map Class L3 Class Name Type Proto Reference Class Name ipv4 All ipv4 ipv6 All ipv6 stop_http_class All ipv6 match_icmp6 All ipv6 console show class map ipv4 Class Name ipv4 Class Type All Class Layer3 Protocol ipv4 Match Criteria Values Source IP Address 2 2 2 2 255 255 255 0 console show class map stop_http_class Class Name stop_http_class Class Type All Class Layer3 Protocol ipv6 Match Criteri...

Page 682: ...mmand Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines If the interface is specified the 802 1p mapping table of the interface is displayed If omitted the most recent global configuration settings are displayed The following table lists the parameters in the example and gives a description of each Example The following example displays the dot1p traffic c...

Page 683: ... traffic classes for a specific interface Syntax show classofservice ip dscp mapping Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines Command is supported only globally Example console show classofservice ip dscp mapping IP DSCP Traffic Class 0 be cs0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 c...

Page 684: ... 18 af21 0 19 0 More or q uit 20 af22 0 21 0 22 af23 0 23 0 24 cs3 1 25 1 26 af31 1 27 1 28 af32 1 29 1 30 af33 1 31 1 32 cs4 2 33 2 34 af41 2 35 2 36 af42 2 37 2 38 af43 2 39 2 40 cs5 2 41 2 42 2 More or q uit 43 2 44 2 45 2 46 ef 2 47 2 48 cs6 3 49 3 50 3 51 3 52 3 53 3 54 3 ...

Page 685: ...bitethernet unit slot port fortygigabitethernet unit slot port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines If the interface is specified the port trust mode of the interface is displayed If omitted the port trust mode for global configuration is shown Example The following exampl...

Page 686: ...on mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays the DiffServ information console show diffserv DiffServ Admin mode Enable Class Table Size Current Max 5 25 Class Rule Table Size Current Max 6 150 Policy Table Size Current Max 2 64 Policy Instance Table Size Current Max 2 640 Policy Attribute Table Size Current Max 2 ...

Page 687: ...tion submodes User Guidelines This command has no user guidelines Example console show diffserv service interface gigabitethernet 1 0 1 in DiffServ Admin Mode Enable Interface 1 0 1 Direction In No policy is attached to this interface in this direction show diffserv service interface port channel Syntax show diffserv service interface port channel channel group in out channel group A valid port ch...

Page 688: ...e brief command in Privileged EXEC mode to display all interfaces in the system to which a DiffServ policy has been attached Syntax show diffserv service brief Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example shows how ...

Page 689: ...n Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines If the interface is specified the class of service queue configuration of the interface is displayed If omitted the most recent global configuration settings are displayed Examples The following example displays the COS configuration with no unit slot port or port channel parameter console show in...

Page 690: ...e If displaying the global configuration this output line is replaced with a global configuration indication Intf Shaping Rate The maximum transmission bandwidth limit for the interface as a whole It is independent of any per queue maximum bandwidth values in effect for the interface This value is a configured value Queue Mgmt Type The queue depth management technique used for all queues on this i...

Page 691: ...figuration mode and all Configuration submodes User Guidelines Use the show interfaces cos queue command to show the global or per interface scheduler type and queue management types show policy map Use the show policy map command in Privileged EXEC mode to display all configuration information for the specified policy Syntax show policy map policyname policyname Specifies the name of a valid exis...

Page 692: ... interface command in Privileged EXEC mode to display policy oriented statistics information for the specified interface Syntax show policy map interface gigabithethernet unit slot port tengigabitethernet unit slot port fortygigabitethernet unit slot port port channel port channel number in out port channel number A valid port channel identifier in Show inbound service policies The offered value i...

Page 693: ... Status Down Policy Name DELL Interface Summary Class Name Dell Networking In Offered Packets 1003 In Discarded Packets 11 show service policy Use the show service policy command in Privileged EXEC mode to display a summary of policy oriented statistics information for all interfaces Syntax show service policy Default Configuration This command has no default configuration Command Mode Privileged ...

Page 694: ...d in Global Configuration mode and Interface Configuration mode to specify the maximum transmission bandwidth limit for the interface as a whole This process also known as rate shaping has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded To restore the default interface shaping rate value use the no form of this command Syntax traffic shape...

Page 695: ...face gi1 0 1 to a maximum bandwidth of 1024 Kbps console config if gi1 0 1 traffic shape 1024 kbps vlan priority Use the vlan priority command to assign a default VLAN priority tag for untagged frames ingressing an interface Syntax vlan priority cos value cos value A value ranging from 0 7 Default Configuration By default untagged frames are processed with VLAN priority 0 The VLAN priority is mapp...

Page 696: ...s User Guidelines This command has no user guidelines Example The following example configures the default VLAN priority to 1 for untagged frames ingressing interface Te1 0 1 console config if Te1 0 1 vlan priority 1 ...

Page 697: ...conforms to a client server model with secure communications using UDP as a transport protocol It is extremely flexible supporting a variety of methods to authenticate and statistically track users It is very extensible allowing for new methods of authentication to be added without disrupting existing network functionality Dell Networking supports a RADIUS client in conformance with RFC 2865 and a...

Page 698: ...STATION ID Yes No No 31 CALLING STATION ID Yes No No 32 NAS IDENTIFIER Yes No No 40 ACCT STATUS TYPE Set by RADIUS client for Accounting No No 42 ACCT INPUT OCTETS Yes No No 43 ACCT OUTPUT OCTETS Yes No No 44 ACCT SESSION ID Set by RADIUS client for Accounting No No 46 ACCT SESSION TIME Yes No No 49 ACCT TERMINATE CAUSE Yes No No 52 ACCT INPUT GIGAWORDS Yes No No 53 ACCT OUTPUT GIGAWORDS Yes No No...

Page 699: ...sed by both 802 1x and Captive Portal TERMINATION ACTION Indication as to the action taken when the service is completed EAP MESSAGE Contains an EAP message to be sent to the user This is typically used for MAB clients VENDOR SPECIFIC No actions configured at this time 61 NAS PORT TYPE Yes No No 64 TUNNEL TYPE Yes No No 65 TUNNEL MEDIUM TYPE Yes No No 79 EAP MESSAGE Yes No No 80 MESSAGE AUTHENTICA...

Page 700: ...me or a VLAN id If a VLAN id is given the string must only contain decimal digits Commands in this Chapter This chapter explains the following commands aaa accounting dot1x default start stop name RADIUS server radius server source ip accounting primary radius server timeout acct port priority retransmit auth port radius server attribute 4 show aaa servers deadtime radius server deadtime show acco...

Page 701: ...accounting Syntax aaa accounting dot1x default start stop radius none no aaa accounting dot1x default aaa accounting dot1x default none aaa accounting exec commands listname default none start stop stop only radius tacacs radius tacacs tacacs radius no aaa accounting exec commands default list commands Perform accounting on all user executed commands TACACS only exec Perform accounting on EXEC ter...

Page 702: ...thod lists can be created for each exec and commands accounting type The same list name can be used for both exec and commands accounting types AAA accounting for commands with RADIUS as the accounting method is not supported TACACS supports both exec and commands accounting types There is exactly one accounting method list for dot1x default accounting Use the accounting command in Line Configurat...

Page 703: ...exec mode for the current line configuration type users logged in with that mode will be logged out Examples Use the following command to enable exec type accounting for telnet console config line telnet console config telnet accounting exec default acct port Use the acct port command to set the port on which RADIUS accounting server listens for connections Use the no form of this command to reset...

Page 704: ... to set the port number on which the RADIUS server listens for authentication requests Syntax auth port auth port number auth port number Port number for authentication requests Range 1 65535 Default Configuration The default value of the port number is 1812 Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command Exa...

Page 705: ...x deadtime deadtime deadtime The amount of time that the unavailable server is skipped over Range 0 2000 minutes Default Configuration The default deadtime interval is 0 minutes Command Mode Radius mode User Guidelines If only one RADIUS server is configured it is recommended to use a deadtime interval of 0 Example The following example specifies a deadtime interval of 60 minutes console config ra...

Page 706: ...ser guidelines key Use the key command to specify the encryption key which is shared with the RADIUS server Use the no form of this command to remove the key Syntax key key string key string A string specifying the encryption key Range 0 128 characters Default Configuration There is no key configured by default Command Mode Radius mode User Guidelines There are no user guidelines for this command ...

Page 707: ...ypted key string key string The key string in encrypted form It should be 256 characters in length Default Configuration There is no default configuration for this command Command Modes Radius mode User Guidelines This command has no user guidelines Example console Config auth radius key encrypted f6fdffe48c908deb0f4c3bd36c032e72f6fdffe48c908deb0f4c3bd36c032e72f6fdffe48c90 8deb0f4c3bd36c032e72f6fd...

Page 708: ...uthenticator attribute is enabled by default Command Mode Radius mode User Guidelines There are no user guidelines for this command Example console Config auth radius msgauth name RADIUS server Use the name command to assign a name to a RADIUS server Use the no form of the command to return the name to the default unspecified The no form of the command does not require the user to enter the config...

Page 709: ...nd the request is sent to the second configured name list Within the same server list the first primary server would be tried You can have multiple secondary servers in the same name list From the multiple secondary servers the one with the lowest priority value would be tried For a different named server list the server name would be based on lexicographic order For e g if name9 name1 name6 are c...

Page 710: ...y authentication server by default Command Mode Radius mode User Guidelines There are no user guidelines for this command Example console Config auth radius primary priority Use the priority command in Radius mode to specify the order in which the servers are to be used with 0 being the highest priority Syntax priority priority priority Sets server priority level Range 0 65535 Default Configuratio...

Page 711: ...US server The NAS IP address is RADIUS attribute number 4 Use the no version of the command to set the value to the default Syntax radius server attribute 4 ip address no radius server attribute 4 ip address Specifies the IP address to be used as the RADIUS attribute 4 the NAS IP address Default Configuration If a RADIUS server has been configured on the switch the default attribute 4 value is the...

Page 712: ...adtime interval has not expired are skipped when searching for a new RADIUS server to contact To set the deadtime to 0 use the no form of this command Syntax radius server deadtime deadtime no radius server deadtime deadtime Length of time in minutes for which a Radius server is skipped over by transaction requests Range 0 2000 minutes Deadtime is used to mark an unavailable Radius server as dead ...

Page 713: ... server host acct auth ip address hostname acct auth The type of server accounting or authentication ip address The RADIUS server host IP address hostname Host name of the Radius server host Range 1 255 characters Default Configuration The default server type is authentication The default server name is Default RADIUS Server The default port number is 1812 for an authentication server and 1813 for...

Page 714: ...tring no radius server key key string Specifies the authentication and encryption key for all Radius communications between the switch and the Radius server This key must match the encryption used on the Radius server Range 1 128 characters Default Configuration The default is an empty string Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The fol...

Page 715: ...n mode User Guidelines This command has no user guidelines Example console config radius server key encrypted f6fdffe48c908deb0f4c3bd36c032e72f6fdffe48c908deb0f4c3bd36c032e72f6fdffe48c90 8deb0f4c3bd36c032e72f6fdffe48c908deb0f4c3bd36c032e72f6fdffe48c908deb0f4c3bd3 6c032e72f6fdffe48c908deb0f4c3bd36c032e72f6fdffe48c908deb0f4c3bd36c032e72f6fd ffe48c908deb0f4c3bd36c032e72 console config radius server r...

Page 716: ...tempts console config radius server retransmit 5 radius server source ip Use the radius server source ip command in Global Configuration mode to specify the source IP address used for communication with Radius servers To return to the default use the no form of this command 0 0 0 0 is interpreted as a request to use the IP address of the outgoing IP interface Syntax radius server source ip source ...

Page 717: ...the interval for which a switch waits for a server host to reply To restore the default use the no form of this command Syntax radius server timeout timeout no radius server timeout timeout Specifies the timeout value in seconds Range 1 30 Default Configuration The default value is 3 seconds Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The foll...

Page 718: ...r the mode corresponding to a specific Radius server before executing this command Example The following example of the retransmit command specifies five retries console config radius server host 192 143 120 123 console config radius retransmit 5 show aaa servers Use the show aaa servers command to display the list of configured RADIUS servers and the values configured for the global parameters of...

Page 719: ...and all Configuration submodes User Guidelines The following fields are displayed Field Description Configured Authentication Servers The number of RADIUS Authentication servers that have been configured Configured Accounting Servers The number of RADIUS Accounting servers that have been configured Named Authentication Server Groups The number of configured named RADIUS server groups Named Account...

Page 720: ...ntication Server Groups 2 Number of Named Accounting Server Groups 1 Number of Retransmits 3 Timeout Duration 15 Deadtime 0 Source IP 0 0 0 0 RADIUS Accounting Mode Disable RADIUS Attribute 4 Mode Disable More or q uit RADIUS Attribute 4 Value 0 0 0 0 console show aaa servers name Server Name Host Address Port Secret Configured RADIUS Accounting Mode A Global parameter to indicate whether the acco...

Page 721: ...mode and all Configuration submodes User Guidelines This command has no user guidelines Examples console show accounting methods Acct Type Method Name Record Type Method Type Exec dfltExecList start stop TACACS Commands dfltCmdsList stop only TACACS Commands UserCmdAudit start stop TACACS Line EXEC Method List Command Method List Console dfltExecList dfltCmdsList Telnet dfltExecList dfltCmdsList S...

Page 722: ...the server Default Configuration There is no default configuration for this command Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines The following fields are displayed for accounting servers Field Description RADIUS Accounting Server Name Name of the accounting server Server Host Address IP address of the host Round Trip Time The time i...

Page 723: ...number of RADIUS Accounting Request packets destined for this server that have not yet timed out or received a response Timeouts The number of accounting timeouts on this server Unknown Types The number of packets unknown type which were received from this server on accounting port Packets Dropped The number of RADIUS packets received from this server on accounting port and dropped for some other ...

Page 724: ...ormed Access Responses The number of malformed RADIUS Access Response packets received from this server Malformed packets include packets with an invalid length Bad authenticators or signature attributes or unknown types are not included as malformed access responses Bad Authenticators The number of RADIUS Access Response packets containing invalid authenticators or signature attributes received f...

Page 725: ...e IP address to be used for communication with Radius servers 0 0 0 0 is interpreted as a request to use the IP address of the outgoing IP interface Syntax source ip source source A valid source IP address Default Configuration The IP address is of the outgoing IP interface Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing ...

Page 726: ...nds Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command Example The following example specifies the timeout setting for the designated Radius Server console config radius server host 192 143 120 123 console config radius timeout 20 usage Use the usage command in Radius mode to specify the usage type of the server...

Page 727: ... Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command Example The following example specifies usage type login console config radius server host 192 143 120 123 console config radius usage login ...

Page 728: ...728 RADIUS Commands ...

Page 729: ...ancement of the Multiple Spanning Tree Protocol Loop guard protects a network from forwarding loops induced by BPDU packet loss It can be configured to prevent a blocked port from transitioning to the forwarding state when the port stops receiving BPDUs for some reason such as a uni directional link failure STP BPDU Guard The STP BPDU guard allows the network administrator to enforce the STP domai...

Page 730: ...e disabled on the switch administratively When this feature is enabled on the switch it floods all the ports which have the BPDU flood feature enabled BPDU Storm Protection If STP BPDUs are received at a rate of 15 pps or greater for 3 consecutive seconds on a port the port will be diagnostically disabled A message of the following form is logged 188 MAY 04 09 45 23 10 10 10 10 1 DOT1S 276072720 d...

Page 731: ...onfiguration This command has no default setting Command Mode Privileged EXEC mode User Guidelines This feature is used only when working in RSTP or MSTP mode show spanning tree spanning tree forward time spanning tree portfast spanning tree vlan forward time show spanning tree summary spanning tree guard spanning tree portfast bpdufilter default spanning tree vlan hello time show spanning tree vl...

Page 732: ...d apply all configuration changes Syntax exit Default Configuration MST configuration Command Mode MST mode User Guidelines This command has no user guidelines Example The following example shows how to exit the MST configuration mode and save changes console config spanning tree mst configuration console config mst exit instance mst Use the instance command in MST mode to map VLANS to an MST inst...

Page 733: ...ing the same configuration revision number and the same name Dell Networking MSTP supports mapping of VLANs to MST instances even though the underlying VLAN may not be defined on the switch Traffic received on VLANs not defined on the port received is dropped Example The following example maps the entire range of VLANs to MST instances MST instance 0 is mapped to VLAN 1 by default Additionally two...

Page 734: ...console config if Te1 1 1 switchport trunk allowed vlan add 2 150 console config if Te1 1 1 spanning tree mst 1 port priority 16 console config if Te1 1 1 interface te1 1 2 console config if Te1 1 2 switchport mode trunk console config if Te1 1 2 switchport trunk allowed vlan add 200 349 console config if Te1 1 2 spanning tree mst 2 port priority 16 console config if Te1 1 2 exit name mst Use the ...

Page 735: ...g use the no form of this command Syntax revision version no revision version Configuration revision number Range 0 65535 Default Configuration Revision number is 0 Command Mode MST mode User Guidelines This command has no user guidelines Example The following example sets the configuration revision to 1 console config spanning tree mst configuration console config mst revision 1 show spanning tre...

Page 736: ...ST configuration identifier instance id ID of the spanning tree instance uplinkfast Displays Direct Rapid Convergence information backbonefast Displays Indirect Rapid Convergence information Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Examples ...

Page 737: ... Port id 128 1 Port Cost 20000 Port Fast No Root Protection No Designated bridge Priority 32768 Address 0010 1882 1C53 Designated port id 128 48 Designated path cost 0 CST Regional Root 80 00 00 10 18 82 1C 53 CST Port Cost 0 Root Guard FALSE Loop Guard FALSE TCN Guard FALSE Auto Portfast TRUE Port Up Time Since Counters Last Cleared 0 day 0 hr 17 min 1 sec BPDU sent 24 received 496 console show s...

Page 738: ...U filtering Disabled mode rstp CST Regional Root 80 00 00 1E C9 AA AD 1B Regional Root Path Cost 0 ROOT ID Priority 32768 Address 0010 1882 1C53 Path Cost 20000 Root Port Gi1 0 1 Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 Address 001E C9AA AD1B Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Number of topology changes 1 last change occurred 0d0h17m15s ago Ti...

Page 739: ...ath Cost 20000 Root Port Gi1 0 1 Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 Address 001E C9AA AD1B Hello Time 2 Sec Max Age 20 console show spanning tree backbonefast Backbonefast Statistics Transitions via Backbonefast all VLANs 0 Inferior BPDUs received all VLANs 0 RLQ request PDUs received all VLANs 0 RLQ response PDUs received all VLANs 0 RLQ request PDUs sen...

Page 740: ...or disabled Spanning Tree Version Version of 802 1 currently supported IEEE 802 1s IEEE 802 1w or IEEE 802 1d based upon the mode parameter BPDU Protection Mode Enabled or disabled BPDU Filter Mode Enabled or disabled BPDU Flooding Mode Enabled or disabled Configuration Name Identifier used to identify the configuration currently being used Configuration Revision Level Identifier used to identify ...

Page 741: ... display spanning tree information per VLAN and also list out the port roles and states as well as port cost Syntax show spanning tree vlan vlan list vlan list A list of VLANs or VLAN ranges separated by commas and with no embedded blank spaces VLAN ranges are of the form X Y where X and Y are valid VLAN identifiers and X Y Default Configuration There is no default configuration for this command C...

Page 742: ...ning tree enabled protocol rstp Root ID Priority 32768 Address 0000 0000 0001 Cost 4 Port 1 1 0 1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32770 priority 32768 sys id ext 2 Address 0000 0000 0003 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio Nbr Gi1 0 3 Desg FWD 4 128 19 Gi1 0 4 Desg FWD 4 128 21 VLAN0003 Spannin...

Page 743: ... of this command Syntax spanning tree no spanning tree Default Configuration Spanning tree is enabled Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The following example enables spanning tree functionality console config spanning tree spanning tree auto portfast Use the spanning tree auto portfast command to set the port to auto portfast mode Th...

Page 744: ...le config interface gigabitethernet 4 0 1 console config if 4 0 1 spanning tree auto portfast spanning tree backbonefast Use the spanning tree backbonefast command to enable the detection of indirect link failures and accelerate spanning tree convergence on STP PV RSTP PV configured switches using Indirect Rapid Convergence IRC IRC accelerates finding an alternate path when an indirect link to the...

Page 745: ...e designated switch This allows a blocked port to immediately move to the listening state where the port can be transitioned to the forwarding state in the normal manner Example console config spanning tree backbonefast spanning tree bpdu flooding The spanning tree bpdu flooding command allows flooding of BPDUs received on non spanning tree ports to all other non spanning tree ports Use the no for...

Page 746: ... spanning tree which causes network topology flapping In normal cases these ports do not receive any BPDU packets However someone may forge BPDU to maliciously attack the switch and cause network flapping RSTP provides BPDU protection function against such attack After BPDU protection function is enabled on a switch the system disables an edge port that has received BPDU and notifies the network m...

Page 747: ...ost Range 1 200 000 000 Default Configuration The default value is to select the path cost based on the link speed 40G Port path cost 1400 10G Port path cost 2000 1000 mbps giga 20 000 100 mbps 200 000 10 mbps 2 000 000 Port Channel 200 000 000 divided by the sum of the unidirectional link speed in Mbps of each active member multiplied by 10 per section 13 6 1 of IEEE 802 1s Command Mode Interface...

Page 748: ...sable Use the spanning tree disable command in Interface Configuration mode to disable spanning tree on a specific port To enable spanning tree on a port use the no form of this command Syntax spanning tree disable no spanning tree disable Default Configuration By default all ports are enabled for spanning tree Command Mode Interface Configuration gigabitethernet port channel tengigabitethernet fo...

Page 749: ...e the no form of this command Syntax spanning tree forward time seconds no spanning tree forward time seconds Time in seconds Range 4 30 Default Configuration The default forwarding time for IEEE Spanning tree Protocol STP is 15 seconds Command Mode Global Configuration mode User Guidelines When configuring the Forward Time the following relationship should be satisfied 2 Forward Time 1 Max Age Ex...

Page 750: ... root and loop guard Default Configuration Neither root nor loop guard is enabled Command Mode Interface Configuration Ethernet Port Channel mode User Guidelines There are no user guidelines for this command Example The following example disables spanning tree guard functionality on gigabit ethernet interface 4 0 1 console config console config interface gigabitethernet 4 0 1 console config if 4 0...

Page 751: ...functionality on all ports console config spanning tree loopguard default spanning tree max age Use the spanning tree max age command in Global Configuration mode to configure the spanning tree bridge maximum age To reset the default maximum age use the no form of this command Syntax spanning tree max age seconds no spanning tree max age seconds Time in seconds Range 6 40 Default Configuration The...

Page 752: ...e the spanning tree max hops command to set the MSTP Max Hops parameter to a new value for the common and internal spanning tree Use the no form of this command to reset the Max Hops to the default Syntax spanning tree max hops hops no spanning tree max hops hops The maximum number of hops to use Range 6 to 40 Default Configuration The maximum number of hops is 20 by default Command Mode Global Co...

Page 753: ...ning tree operates in Rapid Per VLAN mode Default Configuration Rapid Spanning Tree Protocol RSTP is supported Command Mode Global Configuration mode User Guidelines In RSTP mode the switch uses STP when the neighbor switch is using STP In MSTP mode the switch uses RSTP when the neighbor switch is using RSTP and uses STP when the neighbor switch is using STP Only one of STP RSTP MSTP RSTP STP PV o...

Page 754: ...t version 0 STP BPDUs are no longer transmitted and version 2 RSTP PV BPDUs that carry per VLAN information are transmitted on the VLANs enabled for spanning tree If a version 0 BPDU is seen RSTP PV reverts to sending version 0 BPDUs RSTP PV embeds support for STP PV Indirect Rapid Convergence and Direct Rapid Convergence There is no provision to enable or disable these features in RSTP PV Example...

Page 755: ...the internal path cost for multiple spanning tree MST calculations If a loop occurs the spanning tree considers path cost when selecting an interface to put in the forwarding state To return to the default port path cost use the no form of this command Syntax spanning tree mst instance id cost cost no spanning tree mst instance id cost instance ID ID of the spanning tree instance Range 1 4094 cost...

Page 756: ...port priority Use the spanning tree mst port priority command in Interface Configuration mode to configure port priority To return to the default port priority use the no form of this command Syntax spanning tree mst instance id port priority priority no spanning tree mst instance id port priority instance id ID of the spanning tree instance Range 1 4094 priority The port priority Range 0 240 in m...

Page 757: ...ommand Syntax spanning tree mst instance id priority priority no spanning tree mst instance id priority instance id ID of the spanning tree instance Range 1 4094 priority Sets the switch priority for the specified spanning tree instance This setting affects the likelihood that the switch is selected as the root switch A lower value increases the probability that the switch is selected as the root ...

Page 758: ...tfast Default Configuration PortFast mode is disabled Command Mode Interface Configuration gigabitethernet port channel tengigabitethernet fortygigabitethernet mode User Guidelines This command only applies to access ports The command is to be used only with interfaces connected to end stations Otherwise an accidental topology loop could cause a data packet loop and disrupt switch and network oper...

Page 759: ...ation This feature is disabled by default Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example discards BPDUs received on spanning tree ports in portfast mode console spanning tree portfast bpdufilter default spanning tree portfast default Use the spanning tree portfast default command to enable Portfast mode only on acc...

Page 760: ...tree port priority Interface Configuration Use the spanning tree port priority command in Interface Configuration mode to configure the priority value of an edge port or point to point interface to allow the operator to select the relative importance of the interface in the selection process for forwarding Set this value to a lower number to prefer an operationally enabled interface for forwarding...

Page 761: ...nabled A point to point link is a link configured as full duplex Edge ports and point to point links can directly transition to the forwarding state and do not delay for the listening and learning stages of spanning tree An edge port that receives a BPDU is no longer considered an edge port and will utilize the configured port priority value All interfaces and VLANs have 128 as priority value by d...

Page 762: ... tree priority The priority value is used to determine which bridge is elected as the root bridge To reset the default spanning tree priority use the no form of this command Syntax spanning tree priority priority no spanning tree priority priority Priority of the bridge Range 0 61440 Default Configuration The default bridge priority for IEEE STP is 32768 Command Mode Global Configuration mode User...

Page 763: ...nnel mode User Guidelines There are no user guidelines for this command Example The following example configures spanning tree tcnguard on 4 0 1 console config if 4 0 1 spanning tree tcnguard spanning tree transmit hold count Use the spanning tree transmit hold count command to set the maximum number of BPDUs that a bridge is allowed to send within a hello time window 2 seconds Use the no form of ...

Page 764: ...s per second after a switchover to an alternate port on STP PV and RSTP PV configured switches and enable Direct Rapid Convergence on STP PV switches This command assists in accelerating spanning tree convergence after switchover to an alternate port Use the no form of the command to return the configured rate to the default value or disable uplinkfast on STP PV configured switches Syntax spanning...

Page 765: ... port on behalf of each attached machine so that the rest of the network knows to use the secondary link to reach that machine RSTP PV embeds support for IRC and DRC There is no provision to enable or disable these features in RSTP PV configured switches Example console config spanning tree uplinkfast spanning tree vlan Use the spanning tree vlan command to enable per VLAN spanning tree on a VLAN ...

Page 766: ...des Example This example configures a switch to use per VLAN spanning tree for VLANS 12 13 and 24 26 console config spanning tree vlan 12 13 24 26 spanning tree vlan forward time Use the spanning tree vlan forward time command to configure the spanning tree forward delay time for a specified VLAN or a range of VLANs Use the no form of the command to return the forward time to its default value Syn...

Page 767: ...nning tree vlan hello time Use the spanning tree vlan hello time command to configure the spanning tree hello time for a specified VLAN or a range of VLANs Syntax spanning tree vlan vlan list hello time 1 10 no spanning tree vlan vlan list hello time Hello time The interval between sending successive BDPUs Default 2 seconds Default Configuration The default hello time is 2 seconds Command Modes Gl...

Page 768: ...tion Default Configuration The default maximum aging time is 20 seconds Command Modes Global Configuration Mode User Guidelines Set this value to a lower number to accelerate discovery of topology changes The network operator must take into account the end to end BPDU propagation delay and message age overestimate for their specific topology when configuring this value The default setting of 20 se...

Page 769: ...iguration mode User Guidelines This command can be configured even if the switch is configured for MST RSTP mode It is only used when the switch is configured for PVST or RPVST modes The logic sets the bridge priority to a value lower primary or next lower secondary than the lowest bridge priority for the specified VLAN or a range of VLANs This command only applies when STP PV or RSTP PV is enable...

Page 770: ... is not among the specifed values it will be rounded off to the nearest valid value Command Modes Global Configuration mode User Guidelines This command can be configured even if the switch is configured for MST RSTP mode It is only used when the switch is configured for PVST or RPVST modes The root bridge for a VLAN should be carefully selected to provide optimal paths for traffic through the net...

Page 771: ...r login type CLI HTTP HTTPS the NAS will prompt for the user login credentials and request services from the TACACS client the client will then use the configured list of servers for authentication and provide results back to the NAS The TACACS server list is configured with one or more hosts defined via their network IP address each can be assigned a priority to determine the order in which the T...

Page 772: ...n If left unspecified the key string parameter defaults to the global value Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines Example The following example specifies an encryption and authentication key of 12 console tacacs key 12 key encrypted Use the key encrypted command to configure an encrypted key that is shared with the TACACS server Use the no form ...

Page 773: ...36c032e72f6fdffe48c90 8deb0f4c3bd36c032e72f6fdffe48c908deb0f4c3bd36c032e72f6fdffe48c908deb0f4c3bd3 6c032e72f6fdffe48c908deb0f4c3bd36c032e72f6fdffe48c908deb0f4c3bd36c032e72f6fd ffe48c908deb0f4c3bd36c032e72 console config port Use the port command in TACACS Configuration mode to specify a port number on which a TACACS server listens for connections Syntax port port number port number The server port...

Page 774: ...riority Syntax priority priority priority Specifies the priority for servers 0 zero is the highest priority Range 0 65535 Default Configuration If left unspecified this parameter defaults to 0 zero Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines Example The following example shows how to specify a server priority of 10000 console tacacs priority 10000 sho...

Page 775: ...g example displays TACACS server settings console show tacacs Global Timeout 5 IP address Port Timeout Priority 10 254 24 162 49 Global 0 tacacs server host Use the tacacs server host command in Global Configuration mode to configure a TACACS server This command enters into the TACACS configuration mode To delete the specified hostname or IP address use the no form of this command Syntax tacacs se...

Page 776: ...t 172 16 1 1 console tacacs tacacs server key Use the tacacs server key command in Global Configuration mode to set the authentication and encryption key for all TACACS communications between the switch and the TACACS daemon To disable the key use the no form of this command Syntax tacacs server key key string no tacacs server key key string Specifies the authentication and encryption key for all ...

Page 777: ...xample The following example sets the authentication encryption key console config tacacs server key I ve got a secret console config tacacs server key _ tacacs server key encrypted Use this command to set the authentication and encryption key for the communication between the switch and TACACS server Use the no form of the command to disable the key Syntax tacacs server key encrypted key string k...

Page 778: ... set the interval during which a switch waits for a server host to reply To restore the default use the no form of this command Syntax tacacs server timeout timeout no tacacs server timeout timeout The timeout value in seconds Range 1 30 Default Configuration The default value is 5 seconds Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The follow...

Page 779: ...conds Range 1 30 Default Configuration If left unspecified the timeout defaults to the global value Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines Example This example shows how to specify the timeout value console tacacs timeout 23 ...

Page 780: ...780 TACACS Commands ...

Page 781: ...This improves fault tolerance of port channel UDLD PDUs act as network control packets They are unaffected by Spanning Tree state Thus they are transmitted and received regardless of Spanning Tree state For the successful operation of UDLD it is required that its neighbors are UDLD capable and UDLD is enabled on the corresponding ports All ports should also be configured to use the same mode of UD...

Page 782: ...D messages The state of undetermined has no effect on the operation of the port The port is not disabled and continues operating as it previously did When in normal mode a port is disagnostically disabled for the following cases a UDLD PDU is received from partner that does not have the port s own details echo b When there is a loopback Information sent out on a port is received back as it is UDLD...

Page 783: ...rval d In aggressive mode when the partner does not respond to an ECHO within 7 seconds Commands in this Chapter This chapter explains the following commands udld enable Global Configuration Use the udld enable command in Global Configuration mode to enable UDLD on all physical interfaces on a switch Use the no form of the command to disable UDLD on all interfaces Syntax udld enable no udld enable...

Page 784: ...LD Syntax udld reset Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines The following commands will reset an interface disabled by UDLD Use udld reset in Privileged EXEC mode to reset all interfaces disabled by UDLD The shutdown command followed by no shutdown interface configuration command The no udld enable global configuration comm...

Page 785: ...tion The default message transmit interval is 15 seconds Command Mode Global Configuration mode User Guidelines Lower message time values will detect the unidirectional links more quickly at the cost of higher CPU utilization The message interval is also used to age out UDLD entries from the internal database UDLD entries are removed after three times the message interval and the discovery process...

Page 786: ...in three times the message interval then the link is considered to have unidirectional connectivity udld enable Interface Configuration Use the udld enable command in Interface physical Configuration mode to enable UDLD on a specific interface Use the no form of the command to disable UDLD on an interface Syntax udld enable no udld enable Default Configuration UDLD is disabled by default on an int...

Page 787: ...ers in aggressive mode Default Configuration Normal mode is configured by default when UDLD is enabled on an interface Command Mode Interface physical Configuration mode User Guidelines In aggressive mode UDLD will attempt to detect a peer by sending an ECHO packet every seven seconds until a peer is detected show udld Use the show udld command in User EXEC or Privileged EXEC mode to display the g...

Page 788: ...bal administrative mode of UDLD Message Interval The time period in seconds between the transmission of UDLD probe packets Timeout Interval The time period in seconds before making decision that link is unidirectional Field Description Interface Id The interface identifier in short form e g te1 0 1 Admin Mode The administrative mode of UDLD configured on this interface This is either Enabled or Di...

Page 789: ...default debugging is disabled Command Mode Privileged EXEC mode UDLD Status The status of the link as determined by UDLD The options are Undetermined UDLD has not collected enough information to determine the state of the port Not applicable UDLD is disabled either globally or on the port Shutdown UDLD has detected a unidirectional link and shutdown the port That is the port is in an errDisabled s...

Page 790: ...790 UDLD Commands User Guidelines This command has no user guidelines ...

Page 791: ...g switches supports 802 1Q VLANs As such ports may simultaneously belong to multiple VLANs VLANs allow a network to be logically segmented without regard to the physical locations of devices in the network Dell Networking switches supports up to 4093 VLANs for forwarding Interfaces can be configured in trunk mode multiple VLAN support or access mode single VLAN support VLANs can be allocated by su...

Page 792: ...s only with the VLAN on which the frame was received Therefore frames are forwarded based on their unicast destination address as well as their VLAN membership This configuration affords multiple occurrences of an address in the forwarding database Each address associates with a unique VLAN Care must be taken in the administration of networks as multiple instances of a MAC address each on a differ...

Page 793: ...ocol based VLAN classifications multiple VIDs are associated with each of the physical ports Each VID is also associated with a protocol The ingress rules used to classify incoming packets include the use of the packet s protocol in addition to the PVID to determine the VLAN to which the packet belongs This approach requires one VID on each port for each protocol for which the filter is desired IP...

Page 794: ...a private VLAN Promiscuous port Belongs to a primary VLAN and can communicate with all interfaces in the private VLAN including other promiscuous ports community ports and isolated ports An endpoint connected to a promiscuous port is allowed to communicate with any endpoint within the private VLAN Multiple promiscuous ports can be defined for a single private VLAN domain Host port Belongs to a sec...

Page 795: ...te with the endpoints within the community and can also communicate with any configured promiscuous port The endpoints which belong to one community cannot communicate with endpoints which belong to a different community or with endpoints connected over isolated VLANs Private VLAN Operation in the Switch Environment The Private VLAN feature operates in a stacked or single switch environment The st...

Page 796: ...c is forwarded to all promiscuous and trunk ports If the received port is community port the broadcast traffic is forwarded to promiscuous trunk and community ports in the same VLAN A promiscuous port sends traffic to other promiscuous ports isolated and community ports Commands in this Chapter This chapter explains the following commands dvlan tunnel ethertype show dvlan tunnel switchport general...

Page 797: ... custom Configures a custom EtherType for the DVLAN tunnel The value must be in the range 1 65535 primary tpid Globally configures the tag protocol identifier on the outer VLAN tag on all interfaces If this parameter is not given the inner vlan is configured Default Configuration The default outer tag type secondary TPID is 802 1Q The default inner tag type primary TPID is 802 1Q protocol vlan gro...

Page 798: ...D for all switch interfaces when used in global CONFIG mode When used in interface mode this command configures the inner VLAN tag type secondary TPID for an individual switch interface or port channel DVLAN capable service provider interfaces must be configured for egress tagging in order for double tags to be observed on frames egressing the interface MAC address learning on DVLAN enabled uplink...

Page 799: ...se vlan 200 for local traffic Forwarding is based on VLAN 100 learning console config if Gi1 0 2 switchport general allowed vlan add 200 console config if Gi1 0 2 dvlan tunnel ethertype vman console config if Gi1 0 2 exit Customer port configuration console config interface gi1 0 3 Customer port is participating in service provider VLAN 100 and egress tagging is disabled console config if Gi1 0 3 ...

Page 800: ...routing on the VLAN interface Examples console config vlan10 interface vlan 10 console config if vlan10 interface range vlan Use the interface range vlan command in Global Configuration mode to execute a command on multiple VLANs at the same time Syntax interface range vlan vlan range all vlan range A list of valid VLAN IDs to add Separate nonconsecutive VLAN IDs with a comma and no spaces use a h...

Page 801: ...mand in Interface Configuration mode to enable Double VLAN Tunneling on the specified interface To disable Double VLAN Tunneling on the specified interface use the no form of this command Syntax mode dvlan tunnel no mode dvlan tunnel Default Configuration By default Double VLAN Tunneling is disabled Command Mode Interface Configuration gigabitethernet port channel tengigabitethernet fortygigabitet...

Page 802: ... the configured ethertype and the service provider ID taken from the PVID of the service provider port On egress the access port strips the outer tag belonging to service provider VLANS Example The following example displays how to enable Double VLAN Tunneling on gigabit ethernet port 1 0 1 console config if Gi1 0 1 mode dvlan tunnel name VLAN Configuration Use the name command in VLAN Configurati...

Page 803: ... the protocol group command in VLAN Configuration mode to attach a VLAN ID to the protocol based group identified by groupid A group may only be associated with one VLAN at a time However the VLAN association can be changed The referenced VLAN should be created prior to the creation of the protocol based group except when GVRP is expected to create the VLAN To detach the VLAN from this protocol ba...

Page 804: ...oup may have more than one interface associated with it Each interface and protocol combination can be associated with one group only If adding an interface to a group causes any conflicts with protocols currently associated with the group this command fails and the interface s are not added to the group Ensure that the referenced VLAN is created prior to the creation of the protocol based group e...

Page 805: ...roup all Use the protocol vlan group all command in Global Configuration mode to add all physical interfaces to the protocol based group identified by groupid A group may have more than one interface associated with it Each interface and protocol combination can be associated with one group only If adding an interface to a group causes any conflicts with protocols currently associated with the gro...

Page 806: ... User Guidelines This command has no user guidelines Example The following example displays how to add all physical interfaces to the protocol based group identified by group ID 2 console config protocol vlan group all 2 show dvlan tunnel Use the show dvlan tunnel command in Privileged EXEC mode to display all interfaces enabled for Double VLAN Tunneling Syntax show dvlan tunnel Default Configurat...

Page 807: ...nnel interface gigabithethernet unit slot port tengigabitethernet unit slot port fortygigabitethernet unit slot port all all Displays information for all interfaces Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines The following table describes the significant fields shown in the examp...

Page 808: ...t Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Interface Configuration mode and all Configuration submodes User Guidelines Do not configure private VLANs on ports configured with any of these features Link Aggregation Control Protocol LACP Multicast VLAN Registration MVR EtherType This field represents a 2 byte hex EtherType to be used as the fi...

Page 809: ...ype All GVRP status Enabled Protected Enabled Port 1 0 1 is member in VLAN Name Egress rule Type 1 default untagged Default 8 VLAN008 tagged Dynamic 11 VLAN0011 tagged Static 19 IPv6 VLAN untagged Static 72 VLAN0072 untagged Static Static configuration PVID 1 default Ingress Filtering Enabled Acceptable Frame Type All Port 1 0 1 is statically configured to VLAN Name Egress rule 11 VLAN0011 tagged ...

Page 810: ...elephony tagged Static Static configuration PVID 8 Ingress Filtering Disabled Acceptable Frame Type All Port 1 0 2 is statically configured to VLAN Name Egress rule 8 VLAN0072 untagged 91 IP Telephony tagged Forbidden VLANS VLAN Name 73 Out The following example displays switchport configuration individually for 2 0 19 console show interfaces switchport gigabitethernet 2 0 19 Port 2 0 19 Operating...

Page 811: ...er the entire system or for the indicated group Syntax show port protocol groupid all groupid The protocol based VLAN group ID which is automatically generated when you create a protocol based VLAN group with the vlan protocol group command all Enter all to show all interfaces Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and a...

Page 812: ...VLAN identification number Syntax show vlan id vlanid name vlan name vlanid VLAN identifier vlan name A valid VLAN name Range 1 32 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example This shows all VLANs and RSPAN VLANs console show ...

Page 813: ...n mac Use the show vlan association mac command in Privileged EXEC mode to display the VLAN associated with a specific configured MAC address If no MAC address is specified the VLAN associations of all the configured MAC addresses are displayed Syntax show vlan association mac mac address mac address Specifies the MAC address to be entered in the list Range Any valid MAC address Default Configurat...

Page 814: ...ode to display the VLAN associated with a specific configured IP Address and netmask If no IP Address and net mask are specified the VLAN associations of all the configured IP subnets are displayed Syntax show vlan association subnet ip address ip mask ip address Specifies IP address to be shown ip mask Specifies IP mask to be shown Default Configuration This command has no default configuration C...

Page 815: ...an vlan id A valid VLAN ID of the VLAN to which the port is configured Default Configuration The default value for the vlan id parameter is 1 Command Mode Interface Configuration gigabitethernet port channel tengigabitethernet fortygigabitethernet mode User Guidelines This command removes the port from the previous VLAN membership and adds it to the specified VLAN The no form of the command sets t...

Page 816: ...en list Separate nonconsecutive VLAN IDs with a comma and no spaces Use a hyphen to designate a range of IDs remove vlan list List of valid VLAN IDs to remove from the forbidden list Separate nonconsecutive VLAN IDs with a comma and no spaces Use a hyphen to designate a range of IDs Default Configuration All VLANs allowed Command Mode Interface Configuration gigabitethernet port channel tengigabit...

Page 817: ...s Command Mode Interface Configuration gigabitethernet port channel tengigabitethernet fortygigabitethernet mode User Guidelines This command has no user guidelines Example The following example configures 1 0 8 to discard untagged frames at ingress console config interface gigabitethernet 1 0 8 console config if Gi1 0 8 switchport general acceptable frame type tagged only switchport general allow...

Page 818: ...figuration Untagged Command Mode Interface Configuration gigabitethernet port channel tengigabitethernet fortygigabitethernet mode User Guidelines You can use this command to change the egress rule for example from tagged to untagged without first removing the VLAN from the list Example The following example shows how to add VLANs 1 2 5 and 8 to the allowed list console config if Gi1 0 8 switchpor...

Page 819: ...ress filtering on 1 0 8 console config interface gigabitethernet 1 0 8 console config if 1 0 8 switchport general ingress filtering disable switchport general pvid Use the switchport general pvid command in Interface Configuration mode to configure the Port VLAN ID PVID when the interface is in general mode Use the switchport mode general command to set the VLAN membership mode of a port to genera...

Page 820: ... the switch use the no form of this command Syntax switchport mode access trunk general no switchport mode access An access port connects to a single end station belonging to a single VLAN An access port is configured with ingress filtering enabled and will accept either an untagged frame or a packet tagged with the access port VLAN Tagged packets received with a VLAN other than the access port VL...

Page 821: ...es Example The following example configures 1 0 5 to access mode console config interface gigabitethernet 1 0 5 console config if 1 0 5 switchport mode access switchport trunk Use the switchport trunk command in Interface Configuration mode to add VLANs to or remove VLANs from a trunk port or to set the native VLAN for an interface in Trunk Mode Syntax switchport trunk allowed vlan vlan list nativ...

Page 822: ...1 to 4093 or a continuous range of VLANs described by two VLAN numbers the lesser one first separated by a hyphen valid id A valid VLAN id from 1 4093 Default Configuration All VLANs are members of a trunk port VLAN 1 is the native VLAN on a trunk port VLAN 1 is the default VLAN for access mode ports Command Mode Interface Configuration gigabitethernet port channel tengigabitethernet fortygigabite...

Page 823: ... non consecutive VLAN IDs separated by commas without spaces Use a hyphen to designate a range of IDs Range 1 4093 Default Configuration This command has no default configuration Command Mode Global Configuration Config User Guidelines Deleting the VLAN assigned as the PVID on an access port will cause VLAN 1 to be assigned as the PVID for the access port Deleting the VLAN assigned as the native V...

Page 824: ... matching source IP address are placed in the VLAN Syntax vlan association mac mac address no vlan association mac mac address mac address MAC address to associate to the VLAN Range Any MAC address in the format xxxx xxxx xxxx or xx xx xx xx xx xx Default Configuration No assigned MAC address Command Mode VLAN Configuration mode User Guidelines This command has no user guidelines Example The follo...

Page 825: ... mask Subnet mask Range Any valid subnet mask Default Configuration No assigned ip subnet Command Mode VLAN Configuration mode User Guidelines This command has no user guidelines Example The following example associates the 192 168 0 xxx IP address with VLAN ID 1 console config vlan 1 console config vlan 1 vlan association subnet 192 168 0 0 255 255 255 0 vlan makestatic This command changes a dyn...

Page 826: ...ic VLAN console config vlan vlan makestatic 3 vlan protocol group Use the vlan protocol group command in Global Configuration mode to add protocol based groups to the system When a protocol group is created it is assigned a unique group ID number The group ID is used to identify the group in subsequent commands Use the no form of the command to remove the specified VLAN protocol group name from th...

Page 827: ... group causes any conflicts with interfaces currently associated with the group this command fails and the protocol is not added to the group To remove the protocol from the protocol based VLAN group identified by groupid use the no form of this command Syntax vlan protocol group add protocol groupid ethertype value no vlan protocol group add protocol groupid ethertype value groupid The protocol b...

Page 828: ...group name to vlan protocol group id Syntax vlan protocol group name groupid groupName no vlan protocol group name groupid groupid The protocol based VLAN group ID which is automatically generated when you create a protocol based VLAN group with the vlan protocol group command To see the group ID associated with the name of a protocol group use the show port protocol all command groupName The grou...

Page 829: ... protocol based VLAN group ID which is automatically generated when you create a protocol based VLAN group with the vlan protocol group command To see the group ID associated with the name of a protocol group use the show port protocol all command Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines This command has no user guidelin...

Page 830: ...host association mapping host association Defines VLAN associations for community or host ports mapping Defines the private VLAN mapping for promiscuous ports primary vlan id Primary VLAN ID of a private VLAN secondary vlan id Secondary isolated or community VLAN ID of a private VLAN add Associates the secondary VLAN with the primary one remove Deletes the secondary VLANs from the primary VLAN ass...

Page 831: ... host port Host ports are community or isolated ports depending on the VLAN to which they belong promiscuous Configure the interface as a private VLAN promiscuous port Promiscuous ports are members of the primary VLAN Default Configuration This command has no default configuration By default a port is neither configured as promiscuous or host Command Mode Interface Configuration physical or port c...

Page 832: ...that the selected VLAN is the community VLAN isolated Specify that the selected VLAN is the isolated VLAN add Associates a secondary VLAN with the primary VLAN remove Deletes the secondary VLAN association with the primary VLAN vlan list A list of secondary VLAN ids to be mapped to a primary VLAN The VLAN list can contain multiple entries separated by commas and containing no spaces Each entry can...

Page 833: ...nsole config vlan private vlan isolated console config vlan exit console config vlan 1002 console config vlan private vlan community console config vlan exit console config vlan 1003 console config vlan private vlan community console config vlan exit console config vlan 20 console config vlan private vlan association 1001 1003 console config vlan end show vlan private vlan Use the show vlan privat...

Page 834: ...trol Protocol LACP Multicast VLAN Registration MVR Voice VLAN It is recommended that the private VLAN host ports be configured as spanning tree portfast The command displays the following information Parameter Description Primary Primary VLAN ID Secondary Secondary VLAN ID Type Secondary VLAN type Use the type parameter to display only private VLAN ID and its type Ports Ports that are associated w...

Page 835: ...he LLDP MED mechanism The voice data coming from the VoIP phone is tagged with the exchanged VLAN ID thus regular data arriving on the switch is given the default PVID of the port and the voice traffic is received on a predefined VLAN The two types of traffic are therefore segregated so that better service can be provided to the voice traffic When a dot1p priority is associated with the voice VLAN...

Page 836: ...on User Guidelines Not applicable Default Value This feature is disabled by default Example console config voice vlan console config no voice vlan voice vlan Interface This command is used to enable the voice vlan capability on the interface Syntax voice vlan vlanid dot1p priority none untagged data priority trust untrust auth enable disable dscp dscp no voice vlan voice vlan voice vlan data prior...

Page 837: ... packets arriving on the voice vlan port untagged Configure the phone to send untagged voice traffic untrust Do not trust the dot1p priority or DSCP values contained in packets arriving on the voice vlan port vlanid The voice VLAN ID Default Configuration The default DSCP value is 46 Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Ex...

Page 838: ... 0 1 voice vlan data priority untrust console config if 1 0 1 voice vlan data priority trust show voice vlan This command displays information about the voice VLAN Syntax show voice vlan interface gigabitethernet unit slot port tengigabitethernet unit slot port fortygigabitethernet unit slot port all Command Mode Privileged EXEC Configuration mode and all Configuration submodes User Guidelines Whe...

Page 839: ...face parameter is specified Voice VLAN Mode The admin mode of the voice VLAN on the interface Voice VLAN ID The voice VLAN ID Voice VLAN Priority The Dot1p priority for the voice VLAN on the port Voice VLAN Untagged The tagging option for the voice VLAN traffic Voice VLAN COS Override The Override option for the voice traffic arriving on the port Voice VLAN Status The operational status of voice V...

Page 840: ...840 Voice VLAN Commands ...

Page 841: ...ice with a local authentication server or authentication using remote RADIUS or TACACS servers Supported security methods for communication with remote servers include MD5 PEAP EAP TTL EAP TTLS and EAP TLS Local 802 1X Authentication Server The Dell Networking switch supports a dedicated database for local authentication of users for network access through the Dot1x feature This functionality is d...

Page 842: ...loaded or imported downloaded to from a central location using a TFTP server MAC Authentication Bypass Today 802 1x has become the recommended port based authentication method at the access layer in enterprise networks However there may be 802 1x unaware devices such as printers fax machines etc that would require access to the network without 802 1x authentication MAC Authentication Bypass MAB is...

Page 843: ...is a failure to authenticate but logs the results of the authentication process for diagnostic purposes The exact details are described in the below sections The main aim of the monitor mode is to provide a mechanism to the operator to be able to identify the short comings in the configuration of a Dot1x authentication on the switch without affecting the network access to the users of the switch T...

Page 844: ...This implies that the client can connect from any port and be assigned to the appropriate VLAN This gives flexibility for clients to move around the network with out requiring the operator to perform additional provisioning for each network interface Commands in this Chapter This chapter explains the following commands dot1x dynamic vlan enable dot1x timeout re authperiod show authentication stati...

Page 845: ...capability Syntax dot1x dynamic vlan enable no dot1x dynamic vlan enable Default Configuration The default value is Disabled Command Mode Global Configuration User Guidelines This command has no user guidelines dot1x system auth control monitor clear authentication authentication history dot1x unauth vlan dot1x timeout guest vlan period show authentication show dot1x advanced dot1x timeout quiet p...

Page 846: ...e port to be initialized Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command dot1x eapolflood This command enables the flooding of received IEEE 802 1x frames in the VLAN Syntax dot1x eapolflood Default Configuration By default the switch does not forward received IEEE 802 1x frames even if ...

Page 847: ...tation record and play back certain flooded EAPOL frames at a high rate dot1x mac auth bypass Use the dot1x mac auth bypass command to enable MAB on an interface Use the no form of this command to disable MAB on an interface Syntax dot1x mac auth bypass no dot1x mac auth bypass Default Configuration MAC Authentication Bypass is disabled by default Command Mode Interface Configuration Ethernet mode...

Page 848: ...es that the switch sends an EAP request identity frame before restarting the authentication process Range 1 10 Default Configuration The default value for the count parameter is 2 Command Mode Interface Configuration Ethernet mode User Guidelines Change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain c...

Page 849: ... max users users The number of users the port supports for MAC based 802 1X authentication Range 1 64 Default Configuration The default number of clients supported on a port with MAC based 802 1X authentication is 64 Command Mode Interface Configuration Ethernet mode User Guidelines This command has no user guidelines Example The following command limits the number of devices that can authenticate...

Page 850: ...n to the unauthorized state ignoring all attempts by the client to authenticate The switch cannot provide authentication services to the client through the interface mac based Enables 802 1x authentication on the interface and allows multiple hosts to authenticate on a single port The hosts are distinguished by their MAC addresses Default Configuration The default configuration is auto Command Mod...

Page 851: ...lot port fortygigabitethernet unit slot port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines Example The following command manually initiates a reauthentication of the 802 1x enabled port console dot1x re authenticate gigabitethernet 1 0 16 dot1x reauthentication Use the dot1x reauthentication com...

Page 852: ...0 16 dot1x reauthentication dot1x system auth control Use the dot1x system auth control command in Global Configuration mode to enable 802 1x globally To disable 802 1x globally use the no form of this command Syntax dot1x system auth control no dot1x system auth control Default Configuration The default for this command is disabled Command Mode Global Configuration mode User Guidelines This comma...

Page 853: ...tem auth control monitor Default Configuration Dot1x monitor mode is disabled Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The following example enables 802 1x globally console config dot1x system auth control monitor dot1x timeout guest vlan period Use the dot1x timeout guest vlan period command in Interface Configuration mode to set the numbe...

Page 854: ...mes the while timer so that at least three EAP Requests are sent before assuming that the client is a dot1x unaware client Example The following example sets the dot1x timeout guest vlan period to 100 seconds console config dot1x timeout guest vlan period 100 dot1x timeout quiet period Use the dot1x timeout quiet period command in Interface Configuration mode to set the number of seconds that the ...

Page 855: ...c behavioral problems with certain clients and authentication servers To provide a faster response time to the user enter a smaller number than the default Example The following example sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange to 3600 console config interface gigabitethernet 1 0 16 console config if Gi1 0 16 dot1x timeout quie...

Page 856: ...erface gigabitethernet 1 0 16 console config if Gi1 0 16 dot1x timeout re authperiod 300 dot1x timeout server timeout Use the dot1x timeout server timeout command in Interface Configuration mode to set the time that the switch waits for a response from the authentication server To return to the default setting use the no form of this command Syntax dot1x timeout server timeout seconds no dot1x tim...

Page 857: ...x period command in Interface Configuration mode to set the number of seconds that the switch waits for a response to an Extensible Authentication Protocol EAP request identity frame from the client before resending the request To return to the default setting use the no form of this command Syntax dot1x timeout tx period seconds no dot1x timeout tx period seconds Time in seconds that the switch s...

Page 858: ...gigabitethernet 1 0 16 console config if Gi1 0 16 dot1x timeout tx period 3600 authentication enable Use this command to globally enable the Authentication Manager Interface configuration takes effect only if the Authentication Manager is enabled with this command Use the no form of this command to set the feature to factory default value Syntax authentication enable no authentication enable Defau...

Page 859: ...t configuration for this command Command Modes Interface VLAN Configuration mode User Guidelines Each method can only be entered once Ordering is only possible between 802 1x and MAB Captive portal can be configured either as a stand alone method or as the last method in the order Example console config if Gi1 0 1 authentication order dot1x mab captive portal console config if Gi1 0 1 no authentic...

Page 860: ...nce There are no restrictions on the priority ordering of methods Example console config if Gi1 0 1 authentication priority mab dot1x captive portal console config if Gi1 0 1 no authentication priority authentication restart Use this command to set the interval after which reauthentication starts This timer starts only if all the authentication methods fail Use the no form of this command to set t...

Page 861: ...n timer restart clear authentication statistics Use this command to clear the authentication statistics Syntax clear authentication statistics interface id all Default Configuration There is no default configuration for this command Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Example console config clear authentication statistics Gi1 0 1 Are you...

Page 862: ...n for this command Command Modes Privileged EXEC mode User Guidelines None Example console config clear authentication authentication history Gi1 0 1 show authentication Use this command to list the authentication methods configured on the interface and display if the Tiered Authentication feature is enabled Syntax show authentication interface interface id all interface id The physical interface ...

Page 863: ...ured method priority undefined undefined undefined Enabled method priority undefined undefined undefined Number of authenticated clients 1 Logical Interface 0 client mac addr 00 00 00 00 00 01 Authenticated Method dot1x Auth State success Auth Status Authenticated show authenticaton authentication history Use this command to display the authentication history on one or more interfaces Syntax show ...

Page 864: ...802 1X show authentication statistics Use this command to display the Authentication Manager statistics on one or more interfaces Syntax show authentication statistics interface id interface id The physical interface Default Configuration There is no default configuration for this command Command Modes Privileged EXEC mode User Guidelines This command has no user guidelines Example config show aut...

Page 865: ...terface interface id statistics interface id Any valid interface See Interface Naming Conventions for interface representation Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines If you do not use the optional parameters the command displays the global dot1x mode and the VLAN Assignment ...

Page 866: ...ssful and unsuccessful dot1x authentication processes The command is available to display all events or events per interface or only failure authentication events in summary or in detail Syntax show dot1x authentication history interface id all failed auth only detail interface id Any valid interface See Interface Naming Conventions for interface representation all All interfaces Monitor Mode Indi...

Page 867: ... Auth Status Authorized Reason Dot1x Authentication due to Guest VLAN Timer Expiry console show dot1x authentication history all Time Stamp Interface MAC Address VLANID Auth Status Parameter Description Time Stamp Exact time at which the event occurs Interface Physical Port on which the event occurs MAC Address Supplicant Client MAC Address VLAN assigned VLAN assigned to the client port on authent...

Page 868: ...01 18 22 gi1 0 2 00 00 00 03 04 05 0 Unauthorized show dot1x clients Use the show dot1x clients command in Privileged EXEC mode to display 802 1x client information The client information is displayed in summary or in detail The command also displays the statistics of the number of clients that are authenticated using Monitor Mode and using 802 1x Syntax show dot1x clients interface id all interfa...

Page 869: ... The port number Username The username representing the identity of the Supplicant This field shows the username when the port control is auto or mac based If the port is Authorized it shows the username of the current user If the port is unauthorized it shows the last user that was authenticated successfully Supp MAC Address The MAC address of the supplicant Session Time The amount of time in sec...

Page 870: ...command shows the status of MAC Authentication Bypass This feature is an extension of Dot1x Option 81 feature added in Dell Networking Release 2 1 to accept a VLAN name as an alternative to a number when RADIUS indicates the Tunnel Private Group ID for a supplicant Syntax show dot1x interface gigabitethernet unit slot port tengigabitethernet unit slot port fortygigabitethernet unit slot port Defau...

Page 871: ... secs 30 MAB mode configured Disabled MAB mode operational Disabled Authenticator PAE State Initialize Backend Authentication State Initialize show dot1x interface statistics Use the show dot1x interface statistics command in Privileged EXEC mode to display 802 1x statistics for the specified interface Syntax show dot1x interface gigabitethernet unit slot port tengigabitethernet unit slot port for...

Page 872: ... been received by this Authenticator EAP Response Frames Received The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator EAP Request ID Frames Transmitted The number of EAP Req Id frames that have been transmitted by this Authenticator EAP Request Frames Transmitted The number of EAP Request frames other than Rq Id frames that have been tran...

Page 873: ...Transmitted 0 Invalid EAPOL Frames Received 0 EAPOL Length Error Frames Received 0 show dot1x users Use the show dot1x users command in Privileged EXEC mode to display 802 1x authenticated users for the switch Syntax show dot1x users username username username Supplicant username Range 1 160 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mod...

Page 874: ... dot1x authentication history interface id interface id Any valid interface See Interface Naming Conventions for interface representation Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines Example console clear dot1x authentication history Purge all entries from the log console clear dot1x authentica...

Page 875: ... use as the guest VLAN Range 0 4093 Default Configuration The guest VLAN is disabled on the interface by default Command Mode Interface Configuration Ethernet mode User Guidelines Configure the guest VLAN before using this command Example The following example sets the guest VLAN on port 1 0 2 to VLAN 10 console config if Gi1 0 2 dot1x guest vlan 10 dot1x unauth vlan Use the dot1x unauth vlan comm...

Page 876: ...ole config if Gi1 0 2 dot1x unauth vlan 20 show dot1x advanced Use the show dot1x advanced command in Privileged EXEC mode to display 802 1x advanced features for the switch or for the specified interface The output of this command has been updated in release 2 1 to remove the Multiple Hosts column and add an Unauthenticated VLAN column which indicates whether an unauthenticated VLAN is configured...

Page 877: ... has no user guidelines Example The following example displays 802 1x advanced features for the switch console show dot1x advanced Port Guest Unauthenticated VLAN Vlan 1 0 1 Disabled Disabled 1 0 2 10 20 1 0 3 Disabled Disabled 1 0 4 Disabled Disabled 1 0 5 Disabled Disabled 1 0 6 Disabled Disabled console show dot1x advanced gigabitethernet 1 0 2 Port Guest Unauthenticated VLAN Vlan 1 0 2 10 20 ...

Page 878: ...878 802 1x Commands ...

Page 879: ... as specified by the FC BB 5 working group of ANSI T11 This capability allows operators to deploy networks at a lower cost while still maintaining the same SAN network management operations that exists today NOTE Data Center Technologies such as ETS DCBX and PFC are only available on N4000 series switches This section of the document contains the following FCoE commands Data Center Bridging Comman...

Page 880: ...880 Data Center Technology Commands ...

Page 881: ...orking implementation of the DCBX protocol supports the propagation of configuration information for the following features 1 Enhanced Transmission Selection ETS 2 Priority based Flow Control PFC 3 Application Priorities The features listed above use DCBX to send and receive device configuration and capability information and configuration details to peer DCBX devices The PFC and ETS information e...

Page 882: ... is congested In some hardware implementations the queue depth can be managed using tail dropping or a weighted random early discard or a weighted random early discard WRED technique These methods often use customizable threshold parameters that are specified on a per drop precedence basis The Dell Networking QoS implementation contains Differentiated Services DiffServ support that allows traffic ...

Page 883: ...be performed 1 Configure CoS queues to Traffic Class Group mapping for the egress ports 2 Configure weight percentage bandwidth allocation for each TCG 3 Enable appropriate scheduling algorithm for each TCG CoS information is exchanged with peer DCBX devices using ETS TLVs As part of the transmitted ETS TLVs by default DCBX advertises the following parameters and these parameters are populated in ...

Page 884: ...r ETS TLVs are stored in the DCBX database and are accessible using show commands The Application Priority TLV is accepted from auto upstream devices and propagated to auto downstream devices In addition if iSCSI CoS is enabled an additional entry in the Application Priority TLV is added as discussed in the iSCSI section Data Center Bridging Exchange Protocol Main Objective The DCBX protocol imple...

Page 885: ...on the OUI of the organization TLV then the switch changes its DCBX mode on that port to support the version detected There is no time out mechanism to move back to IEEE mode Once the DCBX peer times out multiple peers are detected the link is reset link down up or as commanded by the operator DCBX resets its operational mode to IEEE The interaction between DCBX component and other components rema...

Page 886: ... the operator of incompatible configurations if client configuration exchange over DCBX is enabled Manually configured ports are always operationally enabled for DCBX clients regardless of whether DCBX is enabled Auto Upstream Advertises a configuration but is also willing to accept a configuration from the link partner and propagate it internally to the auto downstream ports as well as receive co...

Page 887: ...e the recommendation TLV parameter enabled Auto downstream ports that receive internally propagated information ignore their local configuration and utilize the internally propagated information Configuration Source In this role the port has been manually selected to be the configuration source Configuration received over this port is propagated to the other auto configuration ports however no aut...

Page 888: ... eligible ports A port is eligible to become the configuration source if No other port is the configuration source The port role is auto upstream The port is enabled with link up and DCBX enabled The port has negotiated a DCBX relationship with the partner The switch is capable of supporting the received configuration values either directly or by translating the values into an equivalent configura...

Page 889: ...guration ports and each port may begin configuration negotiation with their peer again if any information has changed Commands in this Chapter This chapter explains the following commands Data Center Bridging Capability Exchange Commands datacenter bridging Use the datacenter bridging command for an ethernet interface in order to enter the DataCenterBridging mode Priority Flow Control is configura...

Page 890: ... dcb priority flow control mode on console config if dcb priority flow control priority 1 no drop lldp dcbx version Use the lldp dcbx version command in Global Configuration mode to configure the administrative version for the Data Center Bridging Capability Exchange DCBX protocol This command enables the switch to support a specific version of the DCBX protocol or to detect the peer version and m...

Page 891: ...CEE frame followed by a CIN frame The switch will parse the received response and immediately switch to the peer version Because LLDP is a link local protocol it cannot be configured on a port channel or VLAN interface It is recommended that all ports configured in a port channel utilize the same LLDP configuration Example The following example configures the switch to use CEE DCBX s1 config lldp ...

Page 892: ...ommendation TLV Pfc Transmit the PFC configuration TLV Application priority Transmit the application priority TLV Congestion notification Transmit the congestion notification TLV Default Configuration The default value is to transmit all DCBX TLVs as received from the auto configuration configuration source port In manual mode the default is to transmit all DCBX TLVs per the switch global or inter...

Page 893: ...link partner and propagate it internally to the auto downstream ports as well as receive configuration propagated internally by other auto upstream ports These ports have the willing bit enabled These ports should be connected to FCFs Auto down Advertises a configuration but is not willing to accept one from the link partner However the port will accept a configuration propagated internally by the...

Page 894: ...becomes operationally disabled Examples This example configures an FCF facing port console config if Te1 1 1 lldp dcbx port role auto up This example configures an FCoE host facing port console config if Te1 1 1 lldp dcbx port role auto down show lldp tlv select Use the lldp tlv select command in Privileged EXEC mode to display the Traffic Class to Traffic Class Group mapping Syntax show lldp tlv ...

Page 895: ...C App Priority QCN te1 0 1Yes No Yes No Yes te1 0 2No No Yes No Yes show lldp dcbx Use the show lldp dcbx command in Privileged EXEC mode to display the Traffic Class to Traffic Class Group mapping Syntax show lldp dcbx interface all interface id detail status interface id A valid physical interface specifier all All interfaces detail Display detailed DCBX information status Display a status summa...

Page 896: ...mple 2 DCBX not enabled console show lldp dcbx interface te1 0 1 Interface te1 0 1 DCBX Admin Status Disabled Configured DCBX Version Auto detect Peer DCBX Version Peer MAC Peer Description Auto configuration Port Role Manual Peer Is Configuration Source False Error Counters ETS Incompatible Configuration 0 PFC Incompatible Configuration 0 Disappearing Neighbor 0 Multiple Neighbors Detected 0 Exam...

Page 897: ... 5 0 6 0 7 0 Peer Configuration Operation version 00 Max version 00 Seq no 23 Ack no 22 Max Oper Type Subtype Version En Will Err PFC 3 000 000 000 Y N N PG 2 000 000 000 Y N N APP 4 000 000 000 Y N N Number of TCs Supported 3 Priority Group Id 0 00 1 01 2 02 3 03 4 04 5 05 6 06 7 07 PG Percentage 0 0 1 10 2 12 3 00 4 00 5 78 6 00 7 00 PFC Enable Vector 0 0 1 1 2 0 3 0 4 0 5 1 6 0 7 0 Application ...

Page 898: ... Interface te1 0 1 DCBX Admin Status Enabled Configured Version Auto detect Auto configuration Port Role Configuration Source Peer Is Configuration Source True PFC Capability TX Enabled Willing True MBC False Max PFC classes supported 3 PFC Enable Vector 0 0 1 1 2 0 3 0 4 0 5 1 6 0 7 0 ETS Configuration TX Enabled Willing True Credit Shaper True Traffic Classes Supported 8 Priority Assignment 0 0 ...

Page 899: ...nds NOTE Enhanced Transmission Selection commands are only supported on N4000 series switches CLI commands and Dell OpenManage Switch Administrator pages are not available for other switch models classofservice traffic class group This command maps the internal Traffic Class to an internal Traffic Class Group TCG The Traffic Class can range from 0 6 although the actual number of available traffic ...

Page 900: ...ts configured as DCBX manual role utilize the configured ETS settings It is recommended that all strict priority traffic classes be mapped to a single TCG Internally frames are selected for transmission from the strict priority TCGs first then once the constraints of the TCGs are satisfied frames from the WRR TCGs are selected for transmission For example grouping strict priority assignments into ...

Page 901: ...NOTE This command is only available on N40xx series switches This command specified in Interface Configuration mode only affects a single interface whereas the Global Configuration mode setting is applied to all interfaces Interface configuration overrides the global configuration on the designated interface The Interface Configuration mode command is only available on platforms that support indep...

Page 902: ... Example The following example demonstrates how to limit the maximum bandwidth percentage for TCG 1 and 2 to 25 each console config traffic class group max bandwidth 50 25 25 traffic class group min bandwidth Use this command in Global Config or Interface Configuration mode to specify the minimum transmission bandwidth guaranteed for each TCG before processing frames from other TCGs on an interfac...

Page 903: ...d as greater than the current maximum bandwidth value for the corresponding TCG then its corresponding maximum bandwidth automatically increases the maximum to the same value Min bandwidth may be configured manually by the operator on manual and auto configuration ports If the port is an auto configuration port the weights received via ETS TLVs are taken into account by the scheduler along with th...

Page 904: ...s are specified with this command Duplicate tcg id values are ignored Each tcg id value ranges from 0 to n 1 where n is the total number of TCG supported per interface The number n is platform dependent and corresponds to the number of supported Traffic Class Groups When strict priority scheduling is used for a TCG the minimum bandwidth setting for the TCG is ignored and packets are scheduled for ...

Page 905: ...s Use the no form of the command to return the TCGs to the default weighted scheduler mode Syntax traffic class group weight wp 0 wp 1 wp 2 no traffic class group strict wp n The weight percentage Range 0 to 100 Default Configuration The default weight is in the ratio of 1 2 3 for TCG0 TCG1 TCG2 100 0 0 Command Mode Global Configuration mode Interface Configuration mode User Guidelines NOTE This c...

Page 906: ...using the ETS TLVs Example The following example demonstrates how to set TCG 0 to 50 weight and TCG 1 to 50 console config traffic class group weight 50 5 0 show classofservice traffic class group Use the show classofservice traffic class group command in Privileged EXEC mode to display the Traffic Class to Traffic Class Group mapping Syntax show classofservice traffic class group interface id wp ...

Page 907: ...p mappings s1 show classofservice traffic class group Traffic Class Traffic Class Group 0 0 1 1 2 1 3 1 4 2 5 1 6 1 show interfaces traffic class group Use the show interfaces traffic class group command in Privileged EXEC mode to display the Traffic Class to Traffic Class Group mapping Syntax show interfaces traffic class group interface id interface id A valid physical interface specifier Defaul...

Page 908: ...utput line is replaced with a Global Config indication Traffic Class Group The traffic class Group identifier Min Bandwidth The minimum transmission bandwidth expressed as a percentage A value of 0 means bandwidth is not guaranteed This is a configured value Max Bandwidth The maximum transmission bandwidth g expressed as a percentage A value of 0 means no upper limit is enforced so the queue may u...

Page 909: ...p or no drop If a priority that is designated as no drop is congested the priority is paused Drop priorities do not participate in pause By default there are no priority classifications configured and PFC is not enabled While several no drop priorities may be configured on a supporting system the actual number of lossless priorities supported on a given system is a function of the switch chips pac...

Page 910: ... are each mapped into their own flow control group where lossless groups have additional buffer to handle the round trip delay for flow control In order to minimize the impact the link will only be dropped when changing between 802 3 and 802 1Qbb Commands in this Chapter This chapter explains the following commands priority flow control mode Use the priority flow control mode on command in Datacen...

Page 911: ...d as DCBX manual role utilize the configured PFC settings When PFC is enabled on an interface the normal PAUSE control mechanism is operationally disabled Because PFC is a link local protocol it must be configured on all the interfaces aggregated in a port channel Only configuring some of the ports in a port channel to use PFC will cause unexpected results and is not supported Example The followin...

Page 912: ...order to ensure end to end lossless behavior Ports that are configured to use the DCBX auto configuration roles auto up or auto down have their PFC settings overridden Only ports configured as DCBX manual role utilize the configured PFC settings Example The following example sets priority 3 to no drop behavior s1 config interface te1 0 1 s1 config if Te1 0 1 datacenter bridging s1 config if dcb pr...

Page 913: ...ce priority flow control status and statistics Syntax show interfaces interface id priority flow control interface id A valid Ethernet port identifier Command Mode Privileged EXEC Configuration mode and all Configuration submodes User Guidelines NOTE This command is only available on N40xx series switches This command has no user guidelines Examples The following examples show the priority flow co...

Page 914: ...faces priority flow control Port Drop No Drop Operational Priorities Priorities Status Te1 0 1 0 2 4 7 3 Active Te1 0 2 0 2 4 7 3 Active Te1 0 3 0 7 Inactive Te1 0 4 0 7 Inactive Te1 0 5 0 7 Inactive Te1 0 6 0 7 Inactive Te1 0 7 0 7 Inactive Te1 0 8 0 7 Inactive Te1 0 9 0 7 Inactive Te1 0 10 0 7 Inactive Te1 0 11 0 7 Inactive Te1 0 12 0 7 Inactive Te1 0 13 0 7 Inactive Te1 0 14 0 7 Inactive Te1 0 ...

Page 915: ...Priority Flow Control Commands 915 Te1 0 23 0 2 4 7 3 Active Te1 0 24 0 7 Inactive ...

Page 916: ...916 Priority Flow Control Commands ...

Page 917: ...the Internet This section of the document contains the following Layer 3 topics ARP Commands Loopback Interface Commands DHCP Server and Relay Agent Commands Multicast Commands DHCPv6 Commands IPv6 Multicast Commands DVMRP Commands OSPF Commands GMRP Commands OSPFv3 Commands IGMP Commands Router Discovery Protocol Commands IGMP Proxy Commands Routing Information Protocol Commands IP Helper DHCP Re...

Page 918: ...918 Layer 3 Commands ...

Page 919: ...eway or may dynamically learn a default gateway The router discovery protocol is one method that enables hosts to learn a default gateway If a host does not know a default gateway it can learn the first hop to the destination through proxy ARP Proxy ARP RFC 1027 is a technique used to make a machine physically located on one network appear to be logically part of a different physical network conne...

Page 920: ...the cache entry is retained and its age is reset to 0 By enabling the dynamic renew option the system administrator can configure ARP to attempt to renew aged ARP entries regardless of their use for forwarding If the system learns a new ARP entry but the hardware does not have space to add the new ARP entry the system attempts to remove entries that have not been used for forwarding recently This ...

Page 921: ...ser guidelines Example The following example creates an ARP entry consisting of an IP address and a MAC address console config arp 192 168 1 2 00A2 64B3 A245 arp cachesize Use the arp cachesize command in Global Configuration mode to configure the maximum number of entries in the ARP cache To return the maximum number ARP cache entries to the default value use the no form of this command Syntax ar...

Page 922: ...the arp dynamicrenew command in Global Configuration mode to enable the ARP component to automatically renew dynamic ARP entries when they age out To disable the automatic renewal of dynamic ARP entries when they age out use the no form of the command Syntax arp dynamicrenew no arp dynamicrenew Default Configuration The default state is disabled Command Mode Global Configuration mode User Guidelin...

Page 923: ...he dynamic renew option only applies to host entries The disadvantage of enabling dynamic renew is that once an ARP cache entry is created that cache entry continues to take space in the ARP cache as long as the neighbor continues to respond to ARP requests even if no traffic is being forwarded to the neighbor In a network where the number of potential neighbors is greater than the ARP cache capac...

Page 924: ...ode to configure the ARP request response time out To return the response time out to the default value use the no form of this command Syntax arp resptime integer no arp resptime integer IP ARP entry response time out Range 1 10 seconds Default Configuration The default value is 1 second Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The followi...

Page 925: ...lt Configuration The default value is 4 retries Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The following example defines 6 as the maximum number of retries console config arp retries 6 arp timeout Use the arp timeout command in Global Configuration mode to configure the ARP entry ageout time Use the no form of the command to set the ageout ti...

Page 926: ...rp cache Use the clear arp cache command in Privileged EXEC mode to remove all ARP entries of type dynamic from the ARP cache Syntax clear arp cache gateway gateway Removes the dynamic entries of type gateway as well Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines Example The following example cle...

Page 927: ...delines This command has no user guidelines Example In the example below out of band management entries are shown for example those from the out of band interface console show arp Age Time seconds 1200 Response Time seconds 1 Retries 4 Cache Size 6144 Dynamic Renew Mode Disable Total Entry Count Current Peak 0 0 Static Entry Count Configured Active Max 0 0 128 IP Address MAC Address Interface Type...

Page 928: ...ip proxy arp command in Interface Configuration mode to enable proxy ARP on a router interface Without proxy ARP a device only responds to an ARP request if the target IP address is an address configured on the interface where the ARP request arrived With proxy ARP the device may also respond if the target IP address is reachable The device only responds if all next hops in its route to the destin...

Page 929: ...on Protocol ARP cache The displayed results are not the total ARP entries To view the total ARP entries the operator should view the show ARP results Syntax show arp brief brief Display ARP parameters Default Configuration This command has no default configuration Command Mode User EXEC and Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines The show arp command...

Page 930: ...s reachable on a local subnet Age Time seconds 1200 Response Time seconds 1 Retries 4 Cache Size 6144 Dynamic Renew Mode Disable Total Entry Count Current Peak 0 0 Static Entry Count Configured Active Max 1 0 128 IP Address MAC Address Interface Type Age 1 1 1 3 0000 0000 0022 n a Static n a ...

Page 931: ...er to a host A mechanism for allocation of network addresses to hosts DHCP offers the following features and benefits It supports the definition of pools of IP addresses that can be allocated to clients by the server Many implementations use the term scope instead of pool Configuration settings like the subnet mask default router DNS server that are required to make TCP IP work correctly can be pa...

Page 932: ...ration mode to define a DHCP address pool that can be used to supply addressing information to DHCP clients Upon successful completion this command puts the user into DHCP Pool Configuration mode Use the no form of the command to remove an address pool definition ip dhcp pool dns server IP DHCP Pool Config ip dhcp ping packets service dhcp bootfile domain name IP DHCP Pool Config lease sntp clear ...

Page 933: ...address assignment leases an address to the client for a limited period of time Automatic assignment assigns a permanent address to a client Manual static assignment simply conveys an address assigned by the administrator to the client In DHCP Pool Configuration mode the administrator can configure the address space and other parameters to be supplied to DHCP clients By default the DHCP server ass...

Page 934: ...er or hardware address must be specified before specifying the host address DHCP client identifier client identifier BOOTP client MAC address hardware address Host address host Client name optional client name Examples Example 1 Manual Address Pool console config service dhcp console config ip dhcp pool Printer LP32 R1 101 console config dhcp pool client identifier 00 23 12 43 23 54 console config...

Page 935: ...file filename no bootfile filename The name of the file for the DHCP client to load Default Configuration There is no default bootfile filename Command Mode DHCP Pool Configuration mode User Guidelines This command has no user guidelines Example console config dhcp pool bootfile ntldr clear ip dhcp binding Use the clear ip dhcp binding command in Privileged EXEC mode to remove automatic DHCP serve...

Page 936: ...conflict command in Privileged EXEC mode to remove DHCP server address conflicts Use the show ip dhcp conflict command to display address conflicts detected by the DHCP server Syntax clear ip dhcp conflict ip address Clear all automatic dhcp bindings ip address Clear a specific address conflict Default Configuration The command has no default configuration Command Mode Privileged EXEC mode User Gu...

Page 937: ...re X is a hexadecimal digit Default Configuration This command has no default configuration Command Mode DHCP Pool Configuration mode User Guidelines For Microsoft DHCP clients the identifier consists of the media type followed by the MAC address of the client The media type 01 indicates Ethernet media Use the show ip dhcp pool command to display pool configuration parameters Example console confi...

Page 938: ...mmand It is not recommended to use embedded blanks in client names Example console config dhcp pool client identifier 01 03 13 18 22 33 11 console config dhcp pool host 192 168 21 34 32 console config dhcp pool client name Line_Printer_Hallway default router Use the default router command in DHCP Pool Configuration mode to set the IPv4 address of one or more routers for the DHCP client to use Use ...

Page 939: ...outer 192 168 22 1 192 168 23 1 dns server IP DHCP Pool Config Use the dns server command in IP DHCP Pool Configuration mode to set the IP DNS server address which is provided to a DHCP client by the DHCP server DNS server address is configured for stateless server support Syntax dns server ip address1 no dns server ip address1 A valid IPv4 address Default Configuration This command has no default...

Page 940: ...characters Default Configuration This command has no default configuration Command Mode IP DHCP Pool Configuration mode hardware address Use the hardware address command in DHCP Pool Configuration mode to specify the MAC address of a client to be manually assigned an address Use the no form of the command to remove the MAC address assignment Syntax hardware address hardware address no hardware add...

Page 941: ...92 168 21 131 32 host Use the host command in DHCP Pool Configuration mode to specify a manual binding for a DHCP client host Use the no form of the command to remove the manual binding Syntax host ip address netmask prefix length no host ip address IPv4 address to be manually assigned to the host identified by the client identifier netmask An IPv4 address indicating the applicable bits of the add...

Page 942: ...tion mode to enable automatic BOOTP address assignment By default BOOTP clients are not automatically assigned addresses although they may be assigned a static address Use the no form of the command to disable automatic BOOTP client address assignment Use the show ip dhcp global configuration command to display the automatic address assignment configuration Syntax ip dhcp bootp automatic no ip dhc...

Page 943: ...tion mode User Guidelines This command has no user guidelines Example console ip dhcp conflict logging ip dhcp excluded address Use the ip dhcp excluded address command in Global Configuration mode to exclude one or more DHCP addresses from automatic assignment Use the no form of the command to allow automatic address assignment for the specified address or address range Syntax ip dhcp excluded ad...

Page 944: ...20 1 192 168 20 3 ip dhcp ping packets Use the ip dhcp ping packets command in Global Configuration mode to configure the number of pings sent to detect if an address is in use prior to assigning an address from the DHCP pool If neither ping is answered the DHCP server presumes the address is not in use and assigns the selected IP address Syntax ip dhcp ping packets 0 2 10 no ip dhcp ping packets ...

Page 945: ...return the lease configuration to the default Use the show ip dhcp pool command to display pool configuration parameters Use the show ip dhcp binding command to display the expiration time of the leased IP address Syntax lease days hours minutes infinite no lease days The number of days for the lease duration Range 0 59 Default is 1 hours The number of hours for the lease duration Range 0 23 There...

Page 946: ...server configuration Syntax netbios name server ip address ip address2 ip address8 no netbios name server ip address IPv4 address Default Configuration There is no default name server configured Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters Up to eight name server addresses may be specified The NetBIOS WINS info...

Page 947: ... is no default NetBIOS node type configured Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters The NetBIOS node type information is conveyed in the Option 46 TLV of the DHCP OFFER DHCP ACK DHCP INFORM ACK and DHCP BOOTREPLY messages Supported NetBIOS node types are broadcast b node peer to peer p node mixed m node hy...

Page 948: ...This command has no default configuration Command Mode IP DHCP Pool Configuration mode next server Use the next server command in DHCP Pool Configuration mode to set the IPv4 address of the TFTP server to be used during auto install Use the no form of the command to remove the next server configuration Syntax next server ip address no next server ip address The IPv4 address of the TFTP server to u...

Page 949: ...figuration Use the show ip dhcp pool command to display pool configuration parameters Syntax option code ascii string1 hex string1 string8 ip ip address1 ip address8 no option code code The DHCP TLV option code ascii string1 An ASCII character string Strings with embedded blanks must be wholly contained in quotes hex string1 A hexadecimal string containing the characters 0 9A F The string should n...

Page 950: ...the options that can be configured and their fixed length minimum length and length multiple requirements Figure 46 1 Option Codes and Lengths Option Code Fixed Length Minimum Length Multiple Of 2 Time Offset 4 4 Time Server 4 4 7 Log Server 4 4 8 Cookie Server 4 4 9 LPR Server 4 4 10 Impress Server 4 4 11 Resource Location Server 4 4 12 Host Name 1 13 Boot File Size 2 14 Merit File Dump 1 16 Swap...

Page 951: ... 1 32 Router Solicitation Address 4 33 Static Router Option 8 8 34 Trailer Encapsulation 1 35 ARP Cache Timeout 4 36 Ethernet Encapsulation 1 37 TCP TTL 1 38 TCP Keepalive Interval 4 39 TCP Keepalive Garbage 1 40 Network Information Service 1 41 Network Information Servers 4 4 42 NTP Servers 4 4 43 Vendor Specific Information 1 Figure 46 1 Option Codes and Lengths continued Option Code Fixed Lengt...

Page 952: ...tbois Scope 1 48 X Windows Font Server 4 4 49 X Windows Display Manager 4 4 58 Renewal Time T1 4 59 Rebinding Time T2 4 60 Vendor Class 1 64 NIS Domain 1 65 NIS Servers 4 4 66 TFTP Server 1 68 Mobile IP Home Agent 0 4 69 SMTP Server 4 4 70 POP3 Server 4 4 71 NNTP Server 4 4 72 WWW Server 4 4 73 Finger Server 4 4 74 IRC Server 4 4 75 Streettalk Server 4 4 76 STDA Server 4 4 Figure 46 1 Option Codes...

Page 953: ...service dhcp no service dhcp Default Configuration The service is disabled by default Command Mode Global Configuration mode User Guidelines This command has no user guidelines sntp Use the sntp command in DHCP Pool Configuration mode to set the IPv4 address of the NTP server to be used for time synchronization of the client Use the no form of the command to remove the NTP server configuration Syn...

Page 954: ...how ip dhcp binding Use the show ip dhcp binding command in Privileged EXEC mode to display the configured DHCP bindings Syntax show ip dhcp binding address address A valid IPv4 address Default Configuration The command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console...

Page 955: ... address for which the conflict information is desired Default Configuration The command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines show ip dhcp global configuration Use the show ip dhcp global configuration command in Privileged EXEC mode to display the DHCP global configurati...

Page 956: ...x show ip dhcp pool all poolname poolname Name of the pool Range 1 32 characters Default Configuration This command has no default configuration Command Mode User EXEC Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines show ip dhcp server statistics Use the show ip dhcp server statistics command in Privileged EXEC mode to disp...

Page 957: ...modes User Guidelines This command has no user guidelines Example console show ip dhcp server statistics Automatic Bindings 100 Expired Bindings 32 Malformed Bindings 0 Messages Received DHCP DISCOVER 132 DHCP REQUEST 132 DHCP DECLINE 0 DHCP RELEASE 32 DHCP INFORM 0 Messages Sent DHCP OFFER 132 DHCP ACK 132 DHCP NACK 0 ...

Page 958: ...958 DHCP Server and Relay Agent Commands ...

Page 959: ...lan vlan id statistics vlan id Valid VLAN ID statistics Indicates statistics display if VLAN is specified Default Configuration This command has no default configuration Command Mode Privileged EXEC mode clear ipv6 dhcp service dhcpv6 dns server IPv6 DHCP Pool Config show ipv6 dhcp domain name IPv6 DHCP Pool Config show ipv6 dhcp binding ipv6 dhcp pool show ipv6 dhcp interface User EXEC ipv6 dhcp ...

Page 960: ... DNS server address is configured for stateless server support Syntax dns server ipv6 address no dns server ipv6 address ipv6 address Valid IPv6 address Default Configuration This command has no default configuration Command Mode IPv6 DHCP Pool Configuration mode User Guidelines This command has no user guidelines domain name IPv6 DHCP Pool Config Use the domain name command in IPv6 DHCP Pool Conf...

Page 961: ...pool console config dhcp6s pool domain name test console config dhcp6s pool no domain name test ipv6 dhcp pool This capability requires the IPv6 DHCP service to be enabled Use the service dhcpv6 command to enable the DHCPv6 service Use the ipv6 dhcp pool command in Global Configuration mode to enter IPv6 DHCP Pool Configuration mode DHCPv6 pools are used to specify information for DHCPv6 server to...

Page 962: ... dhcp relay destination relay address interface vlan vlan id interface vlan vlan id remote id duid ifid user defined string destination Keyword that sets the relay server IPv6 address relay address An IPv6 address of a DHCPv6 relay server interface Sets the relay server interface vlan id A valid VLAN ID remote id duid ifid user defined string The Relay Agent Information Option remote ID suboption ...

Page 963: ...iguring an interface in DHCP relay mode overwrites the DHCP server mode and vice versa An IP interface configured in relay mode cannot be configured as a DHCP client ip address dhcp Example The following example configures VLAN 15 for DHCPv6 relay functionality console config service dhcpv6 console config interface vlan 15 console config if vlan15 ipv6 dhcp relay destination 2020 1 1 ipv6 dhcp ser...

Page 964: ...d commit keyword is enabled for the server the server responds to the solicit message with a reply message If the preference keyword is configured with a value other than 0 the server adds a preference option to carry the preference value for the advertise messages This action affects the selection of a server by the client Any advertise message that does not include a preference option is conside...

Page 965: ...ngth Delegated IPv6 prefix client DUID Client DUID e g 00 01 00 09 f8 79 4e 00 04 76 73 43 76 hostname Client hostname used for logging and tracing Range 0 31 characters The command allows spaces in the host name when specified in double quotes For example console config snmp server host host name valid lifetime Valid lifetime for delegated prefix Range 0 4294967295 seconds or use the keyword infi...

Page 966: ...he MAC address 00 1D BA 06 37 64 converted to EUI 64 format and a preferred lifetime of 5 days console config dhcp6s pool prefix delegation fc00 7 00 1D BA FF FE 06 37 64 preferred lifetime 43200 service dhcpv6 Use the service dhcpv6 command in Global Configuration mode to enable local IPv6 DHCP server on the switch Use the no form of the command to disable the DHCPv6 service Syntax service dhcpv6...

Page 967: ...nfiguration This command has no default configuration Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines The DUID value of the server will only appear in the output when a DHCPv6 lease is active Example The following example displays the DHCPv6 server name and status console show ipv6 dhcp DHCPv6 is disabled Server DUID show ipv6 dhcp bin...

Page 968: ...ddress console show ipv6 dhcp binding 2020 1 show ipv6 dhcp interface User EXEC Use the show ipv6 dhcp interface command in User EXEC mode to display DHCPv6 information for all relevant interfaces or for the specified interface If an interface is specified the optional statistics parameter is available to view statistics for the specified interface Syntax show ipv6 dhcp interface type number stati...

Page 969: ...HCPv6 Interface vlan11 Statistics DHCPv6 Solicit Packets Received 0 DHCPv6 Request Packets Received 0 DHCPv6 Confirm Packets Received 0 DHCPv6 Renew Packets Received 0 DHCPv6 Rebind Packets Received 0 DHCPv6 Release Packets Received 0 DHCPv6 Decline Packets Received 0 DHCPv6 Inform Packets Received 0 DHCPv6 Relay forward Packets Received 0 DHCPv6 Relay reply Packets Received 0 DHCPv6 Malformed Pac...

Page 970: ...iguration submodes User Guidelines This command shows the DHCP status Information displayed depends on the mode The command output provides the following information for an interface configured in client mode Not all fields will be shown for an inactive client Term Description Mode Displays whether the specified interface is in Client Relay or Server mode State State of the DHCPv6 Client on this i...

Page 971: ...3 hrs 55 mins 28 secs console show ipv6 dhcp interface vlan 10 T2 Time The T2 in seconds time as indicated by the DHCPv6 Server T2 value indicates the time interval after which the Client sends Rebind message to the Server in case there are no replies to the Renew messages Interface IAID An identifier for an identity association chosen by this Client Leased Address The IPv6 address leased by the D...

Page 972: ... 0 DHCPv6 Decline Packets Received 0 DHCPv6 Inform Packets Received 0 DHCPv6 Relay forward Packets Received 0 DHCPv6 Relay reply Packets Received 0 DHCPv6 Malformed Packets Received 0 Received DHCPv6 Packets Discarded 0 Total DHCPv6 Packets Received 0 DHCPv6 Advertisement Packets Transmitted 0 DHCPv6 Reply Packets Transmitted 0 DHCPv6 Reconfig Packets Transmitted 0 DHCPv6 Relay reply Packets Trans...

Page 973: ...to display the configured DHCP pool Syntax show ipv6 dhcp pool poolname poolname Name of the pool Range 1 32 characters Default Configuration This command has no default configuration Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays the configured DHCP pool conso...

Page 974: ...t Packets Received 0 DHCPv6 Confirm Packets Received 0 DHCPv6 Renew Packets Received 0 DHCPv6 Rebind Packets Received 0 DHCPv6 Release Packets Received 0 DHCPv6 Decline Packets Received 0 DHCPv6 Inform Packets Received 0 DHCPv6 Relay forward Packets Received 0 DHCPv6 Relay reply Packets Received 0 DHCPv6 Malformed Packets Received 0 Received DHCPv6 Packets Discarded 0 Total DHCPv6 Packets Received...

Page 975: ...tion This command has no default configuration clear ipv6 dhcp snooping binding ipv6 dhcp snooping verify mac address clear ipv6 dhcp snooping statistics ipv6 verify binding ipv6 dhcp snooping ipv6 verify source ipv6 dhcp snooping vlan show ipv6 dhcp snooping ipv6 dhcp snooping vlan show ipv6 dhcp snooping binding ipv6 dhcp snooping binding show ipv6 dhcp snooping database ipv6 dhcp snooping datab...

Page 976: ...CP Snooping statistics Syntax clear ipv6 dhcp snooping statistics Default Configuration This command has no default configuration Command Modes User EXEC Privileged EXEC User Guidelines The IPv6 snooping statistics are also cleared by the clear counters all command Example console clear ipv6 dhcp snooping statistics ipv6 dhcp snooping Use the ipv6 dhcp snooping command to globally enable IPv6 DHCP...

Page 977: ...red for valid client messages DHCP snooping additionally compares the source MAC address to the DHCP client hardware address If there is a mismatch DHCP snooping logs a message and drops the packet The network administrator can disable this option using the no ip dhcpv6 snooping verify mac address for DHCPv6 DHCP snooping always forwards client messages on trusted interfaces within the VLAN If DHC...

Page 978: ...lobally enabled to become operational Example console config ipv6 dhcp snooping console config ipv6 dhcp snooping vlan 5 10 15 30 console config interface te1 0 1 console config if te1 0 1 switchport mode access console config if te1 0 1 switchport access vlan 10 console config if te1 0 1 no ipv6 dhcp snooping trust ipv6 dhcp snooping binding Use the ipv6 dhcp snooping binding command to configure...

Page 979: ...ngs are configured Command Modes Global Configuration mode User Guidelines Static bindings do not age out of the DHCP binding database ipv6 dhcp snooping database Use the ipv6 dhcp snooping database command to configure the persistent location of the DHCP snooping database This can be a local or remote file on a TFTP server Syntax ipv6 dhcp snooping database local tftp hostIP filename no ipv6 dhcp...

Page 980: ...se the bindings and may cause connectivity loss for hosts if IPSG or DAI is enabled ipv6 dhcp snooping database write delay Use the ipv6 dhcp snooping database write delay command to configure the time period between successive writes of the binding database The binding database is used to persistently store the DHCP bindings Use the no form of the command to return the write delay to the default ...

Page 981: ...ets Range 1 15 default 1 second Default Configuration By default DHCP messages do not shut down the interface Command Modes Interface Configuration mode User Guidelines The switch hardware rate limits DHCP packets sent to the CPU from snooping enabled interfaces to 512 Kbps To prevent DHCP packets from being used in a DoS attack when DHCP snooping is enabled the snooping application allows configu...

Page 982: ... invalid DHCP messages are not logged Command Modes Interface Configuration mode User Guidelines An invalid DHCP message is one that is received on an untrusted interface that is not a member of the VLAN over which the IP address and optionally the MAC address has been learned Receiving large number of invalid messages may be an indication of an attack Logging invalid messages can use valuable CPU...

Page 983: ...tacks DHCP snooping must be enabled globally and on the VLAN for which the port is a member for this command to have an effect Configuring a port as trusted indicates that the port is connected to an IPv6 DHCP server or to a trusted device Configuring a port as untrusted indicates that the switch should firewall IPv6 DHCP messages and act as if the port is connected to an untrusted device Use the ...

Page 984: ...d in renew process For DHCP servers and relay agents connected to untrusted interfaces source MAC verification should be disabled DHCP snooping must be enabled on at least one VLAN and globally enabled to become operational Example console config ipv6 dhcp snooping console config ipv6 dhcp snooping vlan 5 10 15 30 console config interface te1 0 1 console config if te1 0 1 switchport mode access co...

Page 985: ...r Guidelines Traffic is filtered based upon the source IPv6 address and VLAN Use the port security command in interface mode to optionally add MAC address filtering in addition to source IPv6 address filtering If port security is enabled the filtering is based upon IPv6 address MAC address and VLAN ipv6 verify source Use the ipv6 verify source command to configure an interface to filter drop incom...

Page 986: ...s configured filtering occur based upon source IP address VLAN and source MAC address IP source guard also interacts with the port security component Use the port security command in interface mode to optionally add checking of learned MAC addresses When port security is enabled MAC learning coordinates with the IP Source Guard component to verify that the MAC address is in the DHCP binding databa...

Page 987: ...ow ipv6 dhcp snooping binding Use the show ipv6 dhcp snooping binding command to display the IPv6 DHCP snooping configuration Syntax show ipv6 dhcp snooping binding static dynamic interface interface id port channel port channel id vlan vlan id static Only show static entries dynamic Only show dynamic entries interface id Limit the display to entries associated with interface id vlan id Limit the ...

Page 988: ...0 1 64 10 0 1 86400 show ipv6 dhcp snooping database Use the show ipv6 dhcp snooping database command to display IPv6 DHCP snooping configuration related to database persistency Syntax show ipv6 dhcp snooping database Default Configuration This command has no default configuration Command Modes User EXEC Privileged EXEC all show modes User Guidelines This command has no user guidelines Example con...

Page 989: ... no default configuration for this command Command Modes User EXEC Privileged EXEC all show modes User Guidelines If no parameter is given all interfaces are shown Example console show ipv6 dhcp interfaces Interface Trust State Rate Limit Burst Interval pps seconds Gi1 0 1 No 15 1 Gi1 0 2 No 15 1 Gi1 0 3 No 15 1 show ipv6 dhcp snooping statistics Use the show ipv6 dhcp snooping statistics command ...

Page 990: ... 6 0 0 0 show ipv6 source binding Use the show ipv6 source binding command to display the IPv6 Source Guard configurations on all ports on an individual port or on a VLAN Parameter Description MAC Verify Failures The number of DHCP messages that got filtered on an untrusted interface because of the source MAC address and client hardware address mismatch Client Ifc mismatch The number of DHCP relea...

Page 991: ... command has no user guidelines Example console show ipv6 source binding MAC Address IP Address Type Vlan Interface 00 00 00 00 00 08 2000 1 dhcpv6 snooping 2 Gi1 0 1 00 00 00 00 00 09 3000 1 dhcpv6 snooping 3 Gi1 0 1 00 00 00 00 00 0A 4000 1 dhcpv6 snooping 4 Gi1 0 1 show ipv6 verify Use the show ipv6 verify command to display the IPv6 Source Guard configuration on all interfaces or the specified...

Page 992: ...ltering is configured on the interface Example console config if Gi1 0 5 show ipv6 verify Interface Filter Type Gi1 0 1 ipv6 Gi1 0 2 ipv6 mac Gi1 0 3 N A Gi1 0 4 N A Gi1 0 5 ipv6 mac Gi1 0 6 N A Gi1 0 7 N A Gi1 0 8 N A Gi1 0 9 N A console config if Gi1 0 5 show ipv6 verify interface gi1 0 5 Interface Filter Type Gi1 0 5 ipv6 mac show ipv6 verify source Use the show ipv6 verify source command to di...

Page 993: ...ld is empty If port security is disabled on the interface the MAC Address field displays permit all The filter type is one of the following ipv6 mac User has configured MAC address filtering on this interface ipv6 Only IPv6 address filtering is configured on this interface Example show ipv6 verify source Interface Filter Type IPv6 Address MAC Address Vlan Gi1 0 1 ipv6 mac 2000 1 64 00 02 B3 06 60 ...

Page 994: ...994 DHCPv6 Snooping Commands ...

Page 995: ...rce group multicast trees It is also called Broadcast and Prune Multicasting protocol It dynamically generates per source group multicast trees using Reverse Path Multicasting Trees are calculated and updated dynamically to track membership of individual groups Commands in this Chapter This chapter explains the following commands ip dvmrp Use the ip dvmrp command to set the administrative mode of ...

Page 996: ...ve mode of DVMRP to active console config interface vlan 15 console config if vlan15 ip dvmrp ip dvmrp metric Use the ip dvmrp metric command in Interface Configuration mode to configure the metric for an interface This value is used in the DVMRP messages as the cost to reach this network Syntax ip dvmrp metric metric no ip dvmrp metric metric Cost to reach the network Range 1 31 Default Configura...

Page 997: ...he system wide information for DVMRP Syntax show ip dvmrp Default Configuration This command has no default condition Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays system wide information for DVMRP console config show ip dvmrp Admin Mode Enabled Version 3 Total Number of...

Page 998: ...ged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays interface information for VLAN 11 DVMRP console config show ip dvmrp interface vlan 11 Interface Mode Enabled Interface Metric 1 Local Address 10 1 0 2 show ip dvmrp neighbor Use the show ip dvmrp neighbor command in Privileged EXEC mode to disp...

Page 999: ...mand in Privileged EXEC mode to display the next hop information on outgoing interfaces for routing multicast datagrams Syntax show ip dvmrp nexthop Default Configuration This command has no default condition Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays the next hop inf...

Page 1000: ...and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays the table that lists the router s upstream prune information console config show ip dvmrp prune Group IP Source IP Source Mask Expiry Time secs 239 0 1 43 10 1 0 3 255 255 0 0 237 show ip dvmrp route Use the show ip dvmrp route command in Privileged EXEC mode to display the mul...

Page 1001: ...ration submodes User Guidelines This command has no user guidelines Example The following example displays the multicast routing information for DVMRP console show ip dvmrp route console config show ip dvmrp route Upstream Expiry Source Address Source Mask Neighbor Intf Metric Time UpTime ...

Page 1002: ...1002 DVMRP Commands ...

Page 1003: ... of a particular Group and carry the group MAC addresses associated with the Group 2 Group service requirements information This indicates that one or more GMRP participants require Forward all Groups or Forward Unregistered to be the default filtering behavior NOTE The Group Service capability is not supported Registration of group membership information allow networking devices to be made aware ...

Page 1004: ...ed on LAN segments which neither have registered GMRP participants nor are in the path through the active topology between the sources of the frames and the registered group members Commands in this Chapter This chapter explains the following commands gmrp enable Use the gmrp enable command in Global Configuration mode to enable GMRP globally or Interface Configuration mode to enable GMRP on a por...

Page 1005: ...t Configuration GMRP is disabled by default Command Mode Global Configuration and Interface Configuration modes User Guidelines This command has no user guidelines Example console show gmrp configuration Global GMRP Mode Disabled Join Leave LeaveAll Port Interface Timer Timer Timer GMRP Mode centisecs centisecs centisecs Gi1 0 1 20 60 1000 Disabled Gi1 0 2 20 60 1000 Disabled Gi1 0 3 20 60 1000 Di...

Page 1006: ...1006 GMRP Commands ...

Page 1007: ... to all versions A multicast router can act as both an IGMP host and an IGMP router and as a result can respond to its own IGMP messages The Dell Networking implementation of IGMPv3 supports the multicast router portion of the protocol that is not the host portion It is backward compatible with IGMPv1 and IGMPv2 One router periodically broadcasts IGMP Query messages onto the network Hosts respond ...

Page 1008: ...s is blocked inside the network It also allows hosts to block packets for all sources sending unwanted traffic IGMPv3 adds the capability for a multicast router to learn which sources are of interest to neighboring systems for packets sent to any particular multicast address This information gathered by IGMP is provided to the multicast routing protocol that is DVMRP PIM DM and PIM SM that is curr...

Page 1009: ...Interface Configuration VLAN mode User Guidelines This command has no user guidelines Example The following example sets 10 as the number of VLAN 2 Group Specific Queries console configure console config interface vlan 2 console config if vlan2 ip igmp last member query count 10 console config if vlan2 no ip igmp last member query count ip igmp last member query interval Use the ip igmp last membe...

Page 1010: ...nfigures downstream IGMP proxy on the selected VLAN interface associated with multicast hosts Use this command to enable the proxying of IGMP messages received on the local interface to the multicast router connected interface enabled with the ip igmp proxy service command PIM and DVMRP are not compatible with IGMP proxy Disable PIM DVMRP before enabling IGMP proxy Multicast routing must be enable...

Page 1011: ...L3 IP multicast must be enabled for IGMP to operate Example The following example globally enables IGMP the IGMP proxy service on VLAN 1 console config ip multicast routing console config interface vlan 1 console config if vlan1 ip igmp mroute proxy ip igmp query interval Use the ip igmp query interval command in Interface Configuration mode to configure the query interval for the specified interf...

Page 1012: ...nterval 10 ip igmp query max response time Use the ip igmp query max response time command in Internet Configuration mode to configure the maximum response time interval for the specified interface It is the maximum query response time advertised in IGMPv2 queries on this interface The time interval is specified in seconds Syntax ip igmp query max response time seconds no ip igmp query max respons...

Page 1013: ...ing of the interface that is tuning for the expected packet loss on a subnet If a subnet is expected to have significant loss the robustness variable may be increased for the interface Syntax ip igmp robustness robustness no ip igmp robustness robustness Robustness variable Range 1 255 Default Configuration The default robustness value is 2 Command Mode Interface Configuration VLAN mode User Guide...

Page 1014: ...ion The default count value is 2 Command Mode Interface Configuration VLAN mode User Guidelines This command has no user guidelines Example The following example sets for VLAN 15 the number of queries sent out on startup at 10 console config interface vlan 15 console config if vlan15 ip igmp startup query count 10 ip igmp startup query interval Use the ip igmp startup query interval command in Int...

Page 1015: ...terval between general queries sent at startup for VLAN 15 console config interface vlan 15 console config if vlan15 ip igmp startup query interval 10 ip igmp version Use the ip igmp version command in Interface Configuration mode to configure the version of IGMP for an interface Syntax ip igmp version version version IGMP version Range 1 3 Default Configuration The default version is 3 Command Mo...

Page 1016: ...n Syntax show ip igmp Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays system wide IGMP information console show ip igmp IGMP Admin Mode Enabled IGMP Router Alert check Disabled IGMP INTERFACE STATUS Interface ...

Page 1017: ...d has no default configuration Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays the registered multicast groups for VLAN 1 console show ip igmp groups interface vlan 3 detail REGISTERED MULTICAST GROUP DETAILS Version1 Version2 Group Multicast Last Up Expiry Host...

Page 1018: ...ple The following example displays IGMP information for VLAN 11 console show ip igmp vlan 11 Interface 11 IGMP Admin Mode Enable Interface Mode Enable IGMP Version 3 Query Interval secs 125 Query Max Response Time 1 10 of a second 100 Robustness 2 Startup Query Interval secs 31 Startup Query Count 2 Last Member Query Interval 1 10 of a second 10 Last Member Query Count 2 show ip igmp membership Us...

Page 1019: ...at have registered in the multicast group at IP address 224 5 5 5 the latter in detail mode console show ip igmp interface membership 224 5 5 5 console config show ip igmp interface membership 224 5 5 5 detail show ip igmp interface stats Use the show ip igmp interface stats command in User EXEC mode to display the IGMP statistical information for the interface The statistics are only displayed wh...

Page 1020: ...ommand has no user guidelines Examples The following example displays the IGMP statistical information for VLAN 7 console show ip igmp interface stats vlan 7 Querier Status Querier Querier IP Address 7 7 7 7 Querier Up Time secs 55372 Querier Expiry Time secs 0 Wrong Version Queries 0 Number of Joins 7 Number of Groups 1 ...

Page 1021: ... 1 Commands in this Chapter This chapter explains the following commands ip igmp proxy service Use the ip igmp proxy service command in Interface Configuration mode to enable the IGMP Proxy on the VLAN interface Use this command to enable the sending of IGMP messages received on interfaces configured with the ip igmp mroute proxy command to an attached multicast router IGMP is enabled with IGMP pr...

Page 1022: ...RP are not compatible with IGMP proxy Disable PIM DVMRP before enabling IGMP proxy Multicast routing must be enabled for the IGMP proxy service to become operationally enabled Example The following example enables the IGMP Proxy on the VLAN 15 router console config interface vlan 15 console config if vlan15 ip igmp proxy ip igmp proxy service reset status Use the ip igmp proxy service reset status...

Page 1023: ...ce reset status ip igmp proxy service unsolicit rprt interval Use the ip igmp proxy service unsolicit rprt interval command in Interface Configuration mode to set the unsolicited report interval for the IGMP Proxy router This command is valid only if IGMP Proxy on the interface is enabled Syntax ip igmp proxy service unsolicit rprt interval seconds seconds Unsolicited report interval Range 1 260 s...

Page 1024: ...GMP Proxy is enabled Syntax show ip igmp proxy service Default Configuration This command has no default configuration Command Mode User EXEC Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays a summary of the host interface status parameters console show ip igmp proxy service Interface I...

Page 1025: ...ileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example fails to display status parameters because IGMP Proxy is not enabled console show ip igmp proxy service interface Interface Index vlan13 Ver Query Rcvd Report Rcvd Report Sent Leave Rcvd Leave Sent 1 0 0 0 2 0 0 0 0 0 3 0 0 0 show ip igmp proxy groups...

Page 1026: ...t IGMP Proxy reported console show ip igmp proxy service groups Interface Index vlan13 Group Address Last Reporter Up Time Member State Filter Mode Sources 225 0 1 1 13 13 13 1 7 DELAY MEMBER Exclude 0 225 0 1 2 13 13 13 1 48 DELAY MEMBER Exclude 0 show ip igmp proxy service groups detail Use the show ip igmp proxy service groups detail command in Privileged EXEC mode to display complete informati...

Page 1027: ...delines Example The following example displays complete information about multicast groups that IGMP Proxy has reported console show ip igmp proxy service groups detail Interface Index vlan13 Group Address Last Reporter Up Time Member State Filter Mode Sources 225 0 1 1 13 13 13 1 26 DELAY MEMBER Exclude 0 225 0 1 2 13 13 13 1 67 DELAY MEMBER Exclude 0 ...

Page 1028: ...1028 IGMP Proxy Commands ...

Page 1029: ...ching packets to each server address Interface configuration takes priority over global configuration If the destination UDP port for a packet matches any entry on the ingress interface the packet is handled according to the interface configuration If the packet does not match any entry on the ingress interface the packet is handled according to the global IP helper configuration Network administr...

Page 1030: ...nt retains the source IP address from the original client packet The relay agent uses a local IP address as the source IP address of relayed DHCP client packets When a switch receives a broadcast UDP packet on a routing interface the relay agent verifies that the interface is configured to relay to the destination UDP port If so the relay agent unicasts the packet to the configured server IP addre...

Page 1031: ...pdhcprelay maxhopcount command in Global Configuration mode to configure the maximum allowable relay agent hops for BootP DHCP Relay on the system Use the no form of the command to set the maximum hop count to the default value Syntax bootpdhcprelay maxhopcount integer no bootpdhcprelay maxhopcount integer Maximum allowable relay agent hops for BootP DHCP Relay on the system Range 1 16 bootpdhcpre...

Page 1032: ...de to configure the minimum wait time in seconds for BootP DHCP Relay on the system When the BOOTP relay agent receives a BOOTREQUEST message it might use the seconds sinceclient began booting field of the request as a factor in deciding whether to relay the request or not Use the no form of the command to set the minimum wait time to the default value Syntax bootpdhcprelay minwaittime integer no ...

Page 1033: ...cs Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example console clear ip helper statistics ip dhcp relay information check Use the ip dhcp relay information check command to enable DHCP Relay to check that the relay agent information option in forwarded BOOTREPLY messages is ...

Page 1034: ... only it should insert option 82 fields and no other device near the client has the facility to insert options Example The following example enables relay information check globally console config ip dhcp relay information check ip dhcp relay information check reply Use the ip dhcp relay information check reply command to enable DHCP Relay to check that the relay agent information option in forwar...

Page 1035: ...s DHCP information options Example The following example enables relay information check on the interface console config interface vlan 10 console config if vlan10 ip dhcp relay information check ip dhcp relay information option Use the ip dhcp relay information option command in Global Configuration mode to enable the circuit ID option and remote agent ID mode for BootP DHCP Relay on the system a...

Page 1036: ...orm of the command to return the option insert configuration to the default Syntax ip dhcp relay information option insert none no ip dhcp relay information option insert none Use to disable insertion of circuit id and remote agent id options into DHCP messages Default Configuration Disabled is the default configuration Command Mode Interface VLAN Configuration mode User Guidelines Enable DHCP Rel...

Page 1037: ...ntp pim auto rp rip tacacs tftp time server address The IPv4 unicast or directed broadcast address to which relayed UDP broadcast packets are sent The server address cannot be an IP address configured on any interface of the local router dest udp port A destination UDP port number from 0 to 65535 port name The destination UDP port may be optionally specified by its name Whether a port is specified...

Page 1038: ...e the following commands console config console config ip helper address 20 1 1 1 ip helper address interface configuration Use the ip helper address interface configuration command to configure the relay of certain UDP broadcast packets received on a specific interface To delete a relay entry on an interface use the no form of this command Syntax ip helper address server address discard dest udp ...

Page 1039: ...sses are configured Command Mode Interface Configuration VLAN mode User Guidelines This command can be invoked multiple times on routing interface either to specify multiple server addresses for a given port number or to specify multiple port numbers handled by a specific server The command no ip helper address with no arguments clears all helper addresses on the interface Example To relay DHCP pa...

Page 1040: ...e config if vlan5 ip helper address 192 168 40 2 domain console config if vlan5 exit console config interface 2 6 console config if vlan6 ip helper address 192 168 23 1 162 console config if vlan6 ip helper address discard dhcp ip helper enable Use the ip helper enable command to enable relay of UDP packets To disable relay of all UDP packets use the no form of this command Syntax ip helper enable...

Page 1041: ...Interface The relay configuration is applied to packets that arrive on this interface This field is set to any for global IP helper entries UDP Port The relay configuration is applied to packets whose destination UDP port is this port Entries whose UDP port is identified as any are applied to packets with the destination UDP ports listed in Table 47 1 Discard If Yes packets arriving on the given i...

Page 1042: ...mode to display the BootP DHCP Relay information Syntax show ip dhcp relay Default Configuration The command has no default configuration Command Mode User EXEC and Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example defines the Boot DHCP Relay information console show ip dhcp relay Maximum Hop Co...

Page 1043: ...urce and destination IP addresses DHCP client messages relayed The number of DHCP client messages relayed to a server If a message is relayed to multiple servers the count is incremented once for each server DHCP server messages received The number of DHCP responses received from the DHCP server This count only includes messages that the DHCP server unicasts to the relay agent for relay to the cli...

Page 1044: ...hese packets DHCP message with secs field below min The number of DHCP client messages received with secs fields that are less than the minimum value The minimum secs value is a configurable value and is displayed in show ip dhcp relay A log message is written for each such failure The DHCP relay agent does not relay these packets DHCP message with giaddr set to local address The number of DHCP cl...

Page 1045: ...ible to route packets to or from the out of band interface Static Routes ECMP Static Routes The operator is able to configure static and default routes with multiple next hops to any given destination Permitting the additional routes creates several options for the Dell Networking network operator 1 The operator configures multiple next hops to a given destination intending for the router to load ...

Page 1046: ...ell Networking enables configuring a static reject route for that network on the router Such traffic is discarded and an ICMP destination unreachable message is sent back to the source Static reject routes are typically used to prevent routing loops Default Routes Dell Networking routing provides a preference option for the configuration of default routes A configured default route is treated exac...

Page 1047: ...N mode User Guidelines This command has no user guidelines Example The following example applies SNAP encapsulation for VLAN 15 console config interface vlan 15 console config if vlan15 encapsulation snap ip address Use the ip address command in Interface Configuration mode to configure an IP address on an in band interface Also use this command to configure one or more secondary IP addresses on t...

Page 1048: ...fault IPv4 address assignment method is DHCP on VLAN 1 The N3000 N4000 default IPv4 address assignment method is none Command Mode Interface Configuration VLAN Loopback mode User Guidelines This command also implicitly enables the VLAN or loopback interface for routing i e as if the user had issued the routing interface command By default configuring an IP address on a VLAN enables in band managem...

Page 1049: ...guration Command Mode Interface Configuration VLAN mode User Guidelines This command has no user guidelines Example The following example defines the IP address and subnet mask for VLAN 15 console config interface vlan 15 console config if vlan15 ip netdirbcast ip policy route map Use this command to apply a route map on an interface Use the no form of this command to delete a route map from the i...

Page 1050: ... route Use the ip route command in Global Configuration mode to configure a static route Use the no form of the command to delete the static route The IP route command sets a value for the route preference Among routes to the same destination the route with the lowest preference value is the route entered into the forwarding database Specifying the preference of a static route controls whether a s...

Page 1051: ...mode User Guidelines For the static routes to be visible you must Enable ip routing globally Enable ip routing for the interface Confirm that the associated link is also up Example The following example identifies the ip address subnet mask next hop ip and a preference value of 200 console config ip route 192 168 10 10 255 255 255 0 192 168 20 1 200 ip route default Use the ip route default comman...

Page 1052: ...e default gateway until it renews its IP address Using this command the administrator may manually configure a single global default gateway The switch installs a default route for a configured default gateway with a preference of 253 making it more preferred than the default gateways learned via DHCP but less preferred than a static default route The preference of these routes is not configurable...

Page 1053: ...he original default distance The new default distance are applied to static routes created after invoking the ip route distance command Syntax ip route distance integer no ip route distance integer integer Specifies the distance preference of an individual static route Range 1 255 Default Configuration Default value of distance is 1 Command Mode Global Configuration mode User Guidelines Lower rout...

Page 1054: ...r VLAN 15 console config ip routing match ip address Use this command to specify IP address match criteria for a route map Use the no form of this command to delete a match statement from a route map Syntax match ip address access list name access list name no match ip address access list name access list name The access list name that identifies the named IP ACLs The name can be up to 31 characte...

Page 1055: ...at the end of the list Instead non matching packets for a permit route map use the routing table Example The example below creates two access lists R1 and R2 and two route maps with IP address match clauses and that associate the route map to an interface In the example the ip policy route map equal access command is applied to interface VLAN 11 All packets ingressing VLAN 11 are policy routed Rou...

Page 1056: ... config if vlan11 ip address 10 1 1 1 255 255 255 0 console config if vlan11 ip policy route map equal access console config interface vlan 12 console config if vlan12 ip address 10 1 1 1 255 255 255 0 console config if vlan12 ip policy route map equal access console config interface vlan 13 console config if vlan13 ip address 192 168 6 5 255 255 255 0 console config interface vlan 16 console conf...

Page 1057: ...h mac list Use this command to configure MAC ACL match criteria for a route map Use the no form of this command to delete the match statement from a route map Syntax match mac list mac list name mac list name no match mac list mac list name mac list name The MAC ACL name that identifies the MAC ACLs The name can be between 0 and 31 characters Default Configuration There is no default configuration...

Page 1058: ... name may be up to 32 characters long and comprised of any printable character Enclose the map tag in quotes to embed blanks in the name permit Optional Permit routes that match all of the match conditions in the route map deny Optional Deny routes that match all of the match conditions in the route map Packets matching deny routes use the routing table sequence number Optional An integer used to ...

Page 1059: ...first route map in the system for allowing matching packets into the system Route map mode is also entered console config route map equal access permit 0 set interface null0 Use this command to drop a packet instead of reverting to normal routing for packets that do not match the route map criteria This command should be configured as the last entry in the route map as no further set clauses will ...

Page 1060: ...t highest numbered route map Example console config route map set interface null0 set ip default next hop Use this route map clause to override default entries in the routing table Packets that can routed by an active explicit route in the routing table are not affected by this clause Use this command to set a list of default next hop IP addresses to be used if no explicit route for the packet s d...

Page 1061: ...and to specify an adjacent next hop router in the path toward the destination to which the packets should be forwarded If more than one IP address is specified the first IP address associated with a link up interface is used to route the packets Use the no form of this command to remove a set command from a route map Syntax set ip next hop ip address ip address no set ip next hop ip address ip add...

Page 1062: ...route map Example console config route map set ip next hop 192 0 2 1 set ip precedence Use this command to set the three IP precedence bits in the IP packet header on ingress Values 0 through 7 are supported This precedence value may be used by other QoS services in the switch such as weighted fair queuing WFQ or weighted random early detection WRED Use the no form of this command to remove a set ...

Page 1063: ...edence 5 show ip brief Use the show ip brief command in Privileged EXEC mode to display all the summary information of the IP Syntax show ip brief Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays IP summary inf...

Page 1064: ...ce number Valid only for loopback and VLAN types Default Configuration This command has no default configuration Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines The Method field contains one of the following values Example console config if show ip interface Default Gateway 0 0 0 0 L3 MAC Address Routing Interfaces Interface State IP A...

Page 1065: ...nable Administrative Mode Enable Forward Net Directed Broadcasts Disable Proxy ARP Enable Local Proxy ARP Disable Active State Active Link Speed Data Rate 100 Half MAC address 00 11 88 2A 3C B3 Encapsulation Type Ethernet IP MTU 1500 Bandwidth 100000 kbps Destination Unreachables Enabled ICMP Redirects Enabled console show ip interface out of band IP Address 10 131 11 66 Subnet Mask 255 255 255 0 ...

Page 1066: ...onsole show ip policy Interface Route map Gi1 0 24 pbr rmap show ip protocols Use the show ip protocols command in Privileged EXEC mode to display a summary of the configuration and status for each unicast routing protocol The command lists all supported routing protocols regardless of whether they are currently configured or enabled Syntax show ip protocols Default Configuration This command has ...

Page 1067: ...bor specific distance If a neighbor s address falls within one of these ranges routes from that neighbor are assigned the configured distance If a prefix list is configured then the distance is only assigned to prefixes from the neighbor that are permitted by the prefix list Prefix List In The global prefix list used to filter inbound routes from all neighbors Prefix List Out The global prefix lis...

Page 1068: ...resses or only classful prefixes Dist List A distribute list used to filter routes of this type Only routes that pass the distribute list are redistributed Number of Active Areas The number of OSPF areas with at least one interface running on this router Also broken down by area type ABR Status The number of OSPF areas with at least one interface running on this router Also broken down by area typ...

Page 1069: ...ix List In PfxList1 Prefix List Out None Neighbors 172 20 1 100 Filter List In 1 Filter List Out 2 Prefix List In PfxList2 Prefix List Out PfxList3 Route Map In rmapUp Route Map Out rmapDown 172 20 5 1 Prefix List Out PfxList12 Routing Protocol OSPFv2 Router ID 6 6 6 6 OSPF Admin Mode Enable Maximum Paths 32 Routing for Networks 172 24 0 0 0 0 255 255 area 0 10 0 0 0 0 255 255 255 area 1 192 168 7...

Page 1070: ...Disable Distance 120 Interface Send Recv 0 25 RIPv2 RIPv2 show ip route Use the show ip route command in Privileged EXEC mode to display the current state of the routing table The output of the command also displays the IPv4 address of the default gateway and the default route associated with the gateway This command deprecates the show ip route configured and show ip route connected commands Synt...

Page 1071: ...le show ip route 192 168 2 0 24 If only an IP address is specified the best route for the IP address is displayed For example show ip route 192 168 2 0 If the longer prefixes option is specified then the subnets within an aggregate are displayed For example show ip route 192 168 2 0 23 longer prefixes Example The following example displays the IPv4 address of the default gateway and the default ro...

Page 1072: ...leged EXEC mode displays detailed information about the route preferences Route preferences are used in determining the best route Lower router preference values are preferred over higher router preference values The user can configure a global default gateway using the ip default gateway command creating a default route with a preference of 253 The show ip route preferences command lists the new ...

Page 1073: ...ay the routing table summary including best and non best routes Syntax show ip route summary best best Shows the number of best routes To include the number of all routes do not use this optional parameter Default Configuration This command has no default configuration Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines This command has no...

Page 1074: ...s that are displayed Syntax show ip traffic Default Configuration This command has no default configuration Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines This command displays statistics for the software IP stack not the hardware routing information Example The following example displays IP route preferences console show ip traffic I...

Page 1075: ...s 0 IcmpInEchos 3 IcmpInEchoReps 0 IcmpInTimestamps 0 IcmpInTimestampReps 0 IcmpInAddrMasks 0 IcmpInAddrMaskReps 0 IcmpOutMsgs 3 IcmpOutErrors 0 IcmpOutDestUnreachs 0 IcmpOutTimeExcds 0 IcmpOutParmProbs 0 IcmpOutSrcQuenchs 0 IcmpOutRedirects 0 IcmpOutEchos 3 IcmpOutEchoReps 3 IcmpOutTimestamps 0 IcmpOutTimestampReps 0 IcmpOutAddrMasks 0 show ip vlan Use the show ip vlan command in Privileged EXEC ...

Page 1076: ...he following example displays VLAN routing information console show ip vlan MAC Address used by Routing VLANs 00 00 00 01 00 02 VLAN ID IP Address Subnet Mask 10 0 0 0 0 0 0 0 0 20 0 0 0 0 0 0 0 0 show route map Use this command to display the route maps Syntax show route map map name Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines ...

Page 1077: ...50 console show ip policy Interface Route Map console show route map simplest route map simplest permit 10 Match clauses ip address access lists 1 Set clauses ip next hop 3 3 3 3 ip precedence 3 Policy routing matches 0 packets 0 bytes route map simplest permit 20 Match clauses ip address access lists 1 Set clauses ip default next hop 4 4 4 4 ip precedence 4 Policy routing matches 0 packets 0 byte...

Page 1078: ...permit 10 Match clauses ip address access lists 1 Set clauses ip next hop 3 3 3 3 ip precedence 3 Policy routing matches 0 packets 0 bytes route map simplest permit 20 Match clauses ip address access lists 1 Set clauses ip default next hop 4 4 4 4 ip precedence 4 Policy routing matches 0 packets 0 bytes route map simplest permit 30 Match clauses Set clauses interface null0 Policy routing matches 0...

Page 1079: ...78721 bytes 0 Memory Available in Heap 92365249 bytes 99 In Use High Water Mark 210788 bytes 0 Parameter Description Heap Size The amount of memory in bytes allocated at startup for the routing heap Memory In Use The number of bytes currently allocated Memory on Free List The number of bytes currently on the free list When a chunk of memory from the routing heap is freed it is placed on a free lis...

Page 1080: ...1080 IP Routing Commands ...

Page 1081: ...tination sorted by preference IPv6 routing only operates over VLAN interfaces IPv6 Limitations Restrictions The following limitations apply IPSec support is not available The DHCPv6 server does not support stateful address configuration Automated router renumbering is not supported Commands in this Chapter This chapter explains the following commands clear ipv6 neighbors ipv6 mld query max respons...

Page 1082: ... user guidelines ipv6 host ipv6 nd prefix show ipv6 brief show ipv6 route ipv6 mld last member query count ipv6 nd ra interval show ipv6 interface show ipv6 route preferences ipv6 mld last member query interval ipv6 nd ra lifetime show ipv6 interface management statistics show ipv6 route summary ipv6 mld host proxy ipv6 nd reachable time show ipv6 mld groups show ipv6 traffic ipv6 mld host proxy r...

Page 1083: ...vlan id tunnel tunnel id loopback loopback id vlan id Valid VLAN ID tunnel id Tunnel identifier Range 0 7 loopback id Loopback identifier Range 0 7 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines Example The following example clears IPv6 statistics for VLAN 11 console config clear ipv6 statistics ...

Page 1084: ...000 0001 becomes 1 Any host 0000 0000 0000 0000 0000 0000 0000 0000 becomes The hexadecimal letters in the IPv6 addresses are not case sensitive An example of an IPv6 prefix and prefix length is 3ffe 1 1234 64 Syntax ipv6 address prefix prefix length eui64 no ipv6 address prefix prefix length eui64 prefix Consists of the bits of the address to be configured prefix length Designates how many of the...

Page 1085: ...an explicit IPv6 address Command execution automatically configures the interface with a link local address The command is not required if an IPv6 global address is configured on the interface Syntax ipv6 enable no ipv6 enable Default Configuration Disabled is the default configuration Command Mode Interface Configuration VLAN Tunnel Loopback mode User Guidelines This command has no user guideline...

Page 1086: ... hop limit count The number of hops before the PDU expires Range 0 255 Default Configuration The default count is 64 hops Command Mode Global Configuration ipv6 host The ipv6 host command is used to define static host name to ipv6 address mapping in the host cache Syntax ipv6 host name ipv6 address no ipv6 host name name Host name ipv6 address IPv6 address of the host Default Configuration No IPv6...

Page 1087: ...o local members on the interface Use the no form of this command to set the last member query count to the default Syntax ipv6 mld last member query count last member query count no ipv6 mld last member query count last member query count Query count Range 1 20 Default Configuration The default last member query count is 2 Command Mode Interface Configuration VLAN mode User Guidelines There are no...

Page 1088: ...0 65535 milliseconds Default Configuration The default last member query interval is 1 second Command Mode Interface Configuration VLAN mode User Guidelines There are no user guidelines for this command Example console config if vlan3 ipv6 mld last member query interval 5000 ipv6 mld host proxy This command enables MLD and MLD Proxy on the specified interface PIM and DVMRP are not compatible with ...

Page 1089: ...console config if vlan3 ipv6 mld host proxy ipv6 mld host proxy reset status Use the ipv6 mld host proxy reset status command to reset the host interface status parameters of the MLD Proxy router This command is only valid when MLD Proxy is enabled on the interface Syntax ipv6 mld host proxy reset status Command Mode Interface Configuration VLAN mode Default Configuration There is no default confi...

Page 1090: ...val interval no ipv6 mld host proxy unsolicited report interval interval The interval between unsolicited reports Range 1 260 seconds Default Configuration The unsolicited report interval is 1 second by default Command Mode Interface Configuration VLAN mode User Guidelines This command has no user guidelines Example console config if vlan3 ipv6 mld host proxy unsolicit rprt interval 10 ipv6 mld qu...

Page 1091: ... mld query max response time The ipv6 mld query max response time command sets MLD query maximum response time for the interface This value is used in assigning the maximum response time in the query messages that are sent on that interface Use the no form of this command to set the maximum query response time to the default Syntax ipv6 mld query max response time query max response time no ipv6 m...

Page 1092: ...hbor discovery Duplicate address detection verifies that an IPv6 address on an interface is unique Syntax ipv6 nd dad attempts value no ipv6 nd dad attempts value Probes transmitted Range 0 600 Default Configuration The default value for attempts is 1 Command Mode Interface Configuration VLAN Tunnel Loopback mode User Guidelines This command has no user guidelines Example The following example set...

Page 1093: ...ation False is the default configuration Command Mode Interface Configuration VLAN Tunnel Loopback mode User Guidelines This command has no user guidelines Example In the following example the end node uses DHCPv6 console config interface vlan 15 console config if vlan15 ipv6 nd managed config flag ipv6 nd ns interval Use the ipv6 nd ns interval command in Interface Configuration mode to set the i...

Page 1094: ...ised neighbor solicitations at 5000 ms console config interface vlan 15 console config if vlan15 ipv6 nd ns interval 5000 ipv6 nd other config flag Use the ipv6 nd other config flag command in Interface Configuration mode to set the other stateful configuration flag in router advertisements sent from the interface Syntax ipv6 nd other config flag no ipv6 nd other config flag Default Configuration ...

Page 1095: ...red lifetime infinite no autoconfig off link no ipv6 nd prefix ipv6 prefix prefix length ipv6 prefix IPv6 prefix prefix length IPv6 prefix length valid lifetime Valid lifetime of the router in seconds Range 0 4294967295 seconds infinite Indicates lifetime value is infinite preferred lifetime Preferred lifetime of the router in seconds Range 0 4294967295 seconds no autoconfig Do not use Prefix for ...

Page 1096: ... address In order for the prefix to be included in RAs you must configure an address that matches the prefix using the ipv6 address command Prefixes specified using ipv6 nd prefix without an associated interface address will not be included in RAs and will not be committed to the device configuration Example The following example sets the IPv6 prefixes to include in the router advertisement consol...

Page 1097: ...in Interface Configuration mode to set the value that is placed in the Router Lifetime field of the router advertisements sent from the interface Syntax ipv6 nd ra lifetime seconds no ipv6 nd ra lifetime seconds Lifetime duration The value must be zero or it must be an integer between the value of the router advertisement transmission interval and 9000 seconds A value of zero means this router is ...

Page 1098: ...yntax ipv6 nd reachable time milliseconds no ipv6 nd reachable time milliseconds Reachable time duration A value of zero means the time is unspecified by the router Range 0 3600000 milliseconds Default Configuration The default value for neighbor discovery reachable times is 0 milliseconds Command Mode Interface Configuration VLAN Tunnel Loopback mode User Guidelines This command has no user guide...

Page 1099: ...guidelines Example The following example suppresses router advertisement transmission console config interface vlan 15 console config if vlan15 ipv6 nd suppress ra ipv6 route Use the ipv6 route command in Global Configuration mode to configure an IPv6 static route Use the no form of the command to remove a preference an individual next hop or all next hops for a route Using the no ipv6 route dista...

Page 1100: ...eparate the prefix from the prefix length with no spaces on either side of the slash mark interface type Distinguishes direct static routes from point to point and broadcast interfaces and must be specified when using a link local address as the next hop Interface type can be Null or vlan plus vlan id or tunnel plus tunnel id ipv6 address The IPv6 address of the next hop neighbor preference The ad...

Page 1101: ...en if they were assigned the original default distance The new default distance is applied to static routes created after invoking the ipv6 route distance command Syntax ipv6 route distance integer no ipv6 route distance integer integer Specifies the distance preference of an individual static route Range 1 255 Default Configuration Default value of integer is 1 Command Mode Global Configuration m...

Page 1102: ...pv6 unicast routing ping ipv6 Use ping ipv6 command in Privileged EXEC mode to determine whether another computer is reachable on the network The target device must have the ping responses enabled Syntax ping ipv6 ipv6 address hostname repeat 1 15 timeout 1 60 size 0 13000 source ipv6 address loopback 0 7 vlan 0 4093 tunnel 0 7 out of band ipv6 address hostname The target IP address or host to pin...

Page 1103: ...ileged EXEC modes User Guidelines This command has no user guidelines s Example The following example determines whether another computer is on the network at the IPv6 address specified console ping ipv6 2030 1 1 64 Send count 3 Receive count 0 from 2030 1 1 64 Average round trip time 0 00 ms ping ipv6 interface Use ping ipv6 interface command in the Privileged EXEC mode to determine whether anoth...

Page 1104: ...nd the echo request link local address The target IP address or host to ping repeat The number of ping packets to send Range 1 15 timeout The period in seconds to wait for an ICMP echo reply size The packet size padding in bytes Range 0 13000 source Use the specified source IP address loopback address VLAN address tunnel or out of band interface address in the transmitted packets Default Configura...

Page 1105: ... per second 100 3000 for N4000 switches Default Configuration The default is 1024 packets per second 3000 for N4000 switches Command Modes Global Configuration mode User Guidelines Unknown multicast and IPv4 IPv6 data packets destined to hosts in the connected networks on the router for which the MAC address is not resolved are trapped to CPU to trigger the ARP neighbor discovery resolution of tho...

Page 1106: ...ue Use this command to limit the CPU load in situations where large numbers of unknown multicast or IPv4 IPv6 packets with an unknown multicast or unicast IPv4 IPv6 destination are being handled in software The symptom can be diagnosed by high CPU usage of the ipMapForwardingTask Example An example output is showing higher than normal CPU usage due to packets copied to the software forwarding task...

Page 1107: ...nd has no user guidelines Example The following example displays the IPv6 status of forwarding mode and IPv6 unicast routing mode console show ipv6 brief IPv6 Unicast Routing Mode Enable IPv6 Hop Limit Unconfigured ICMPv6 Rate Limit Error Interval 1000 msec ICMPv6 Rate Limit Burst Size 100 messages show ipv6 interface Use the show ipv6 interface command in Privileged EXEC mode to show the usabilit...

Page 1108: ...values The long form of the command includes the same annotations and shows whether address autoconfiguration or DHCP client are enabled on the interface When the interface acts as a host interface the output also shows the default gateway on the interface if one exists Examples The following example shows the method of assignment for each IPv6 address that is either autoconfigured or leased from ...

Page 1109: ...autoconfiguration or DHCP client are enabled on the interface When the interface acts as a host interface the output also shows the default gateway on the interface if one exists console show ipv6 interface vlan2 IPv6 is enabled IPv6 Prefix is FE80 211 88FF FE2A 3E3C 128 2017 A42A 26DB 1049 43DD 128 DHCP Routing Mode Enabled Administrative Mode Enabled IPv6 Routing Operational Mode Enabled Bandwid...

Page 1110: ...uration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console show ipv6 interface management statistics DHCPv6 Client Statistics DHCPv6 Advertisement Packets Received 0 DHCPv6 Reply Packets Received 0 Received DHCPv6 Advertisement Packets Discard 0 Received DHCPv6 Reply Packets Discarded 0 DHCPv6 Malformed Packets Received 0 Total DHCPv6 Packets Re...

Page 1111: ...t configuration for this command Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines The following fields are displayed as a table when vlan vlan id is specified Field Description Number of G entries Displays the number of groups present in the MLD Table Number of S G entries Displays the number of include and exclude mode sources present in the MLD ...

Page 1112: ...known Expiry Time Time left in seconds before the entry is removed from the MLD membership table of this interface Last Reporter The IP Address of the source of the last membership report received for this multicast group address on that interface Filter Mode The filter mode of the multicast group on this interface The values it can take are INCLUDE and EXCLUDE Compatibility Mode The compatibility...

Page 1113: ...ime hh mm ss 00 04 23 Expiry Time hh mm ss Group Address FF1E 3 Interface vlan 6 Up Time hh mm ss 00 04 23 Expiry Time hh mm ss Group Address FF1E 4 Interface vlan 6 Up Time hh mm ss 00 04 23 Expiry Time hh mm ss show ipv6 mld host proxy Use the show ipv6 mld host proxy command to display a summary of the host interface status parameters This command deprecates the show ipv6 mld mroute proxy comma...

Page 1114: ... ipv6 mld interface vlan vlan id all vlan id A valid VLAN id Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines The following information is displayed for the specified interface Field Description Interface The interface number in unit slot port format MLD Global Admin Mode Thi...

Page 1115: ...alue indicates the configured number of Queries sent out on startup separated by the Startup Query Interval Last Member Query Interval This value indicates the configured Maximum Response Time inserted into Group Specific Queries sent in response to Leave Group messages Last Member Query Count This value indicates the configured number of Group Specific Queries sent before the router assumes that ...

Page 1116: ...Query Count 2 show ipv6 mld host proxy Use the show ipv6 mld host proxy command to display a summary of the host interface status parameters Syntax show ipv6 mld host proxy Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes Default Configuration There is no default configuration for this command Number of Joins The number of times a group membership has been added ...

Page 1117: ... is a configured value Operational Mode Indicates whether MLD Proxy is operationally enabled or disabled This is a status parameter Version The present MLD host version that is operational on the proxy interface Number of Multicast Groups The number of multicast groups that are associated with the MLD Proxy interface UnsolicitedReport Interval The time interval at which the MLD Proxy interface sen...

Page 1118: ...e The MLD Proxy interface Group Address The IP address of the multicast group Last Reporter The IP address of the host that last sent a membership report for the current group on the network attached to the MLD Proxy interface upstream interface Up Time in secs The time elapsed in seconds since last created Member State Possible values are Idle_Member The interface has responded to the latest grou...

Page 1119: ...information about multicast groups that MLD Proxy reported Syntax show ipv6 mld host proxy groups detail Default Configuration There is no default configuration for this command Command Mode Privileged EXEC Configuration mode and all Configuration submodes User Guidelines The following parameters are displayed by this command Field Description Interface The interface number of the MLD Proxy Group ...

Page 1120: ...00 2 3 255 DELAY_MEMBER Include 4 Group Source List Expiry Time 4001 1 00 03 40 5002 2 00 03 40 4001 2 00 03 40 5002 2 00 03 40 Member State Possible values are Idle_Member The interface has responded to the latest group membership query for this group Delay_Member The interface is going to send a group membership report to respond to a group membership query for this group Filter Mode Possible va...

Page 1121: ...e following parameters are displayed only when MLD Proxy is enabled The column headings of the table associated with the interface are as follows Example console show ipv6 mld host proxy interface Interface vlan 10 Parameter Description Interface The MLD Proxy interface Parameter Description Ver The MLD version Query Rcvd Number of MLD queries received Report Rcvd Number of MLD reports received Re...

Page 1122: ...idelines The following fields are displayed Field Description Valid MLD Packets Received The number of valid MLD packets received by the router Valid MLD Packets Sent The number of valid MLD packets sent by the router Queries Received The number of valid MLD queries received by the router Queries Sent The number of valid MLD queries sent by the router Reports Received The number of valid MLD repor...

Page 1123: ...e IPv6 neighbors Syntax show ipv6 neighbors Default Configuration This command has no default configuration Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays information about the IPv6 neighbors console config show ipv6 neighbors Bad Checksum MLD Packets The numbe...

Page 1124: ...tocol Specifies the protocol that installed the routes Is one of the following keywords connected ospf static ipv6 prefix prefix length Specifies an IPv6 network for which the matching route would be displayed interface type interface number Valid IPv6 interface Specifies that the routes with next hops on the selected interface be displayed Supported interface types are VLAN Tunnel and Loopback be...

Page 1125: ...SA Ext Type 2 Default gateway is 10 1 20 1 S 0 0 0 0 0 254 0 via 10 1 20 1 C 10 1 20 0 24 0 1 directly connected vlan2 C 20 1 20 0 24 0 1 directly connected vlan4 show ipv6 route preferences Use the show ipv6 route preferences command in Privileged EXEC mode to show the preference value associated with the type of route Lower numbers have a greater preference Syntax show ipv6 route preferences Def...

Page 1126: ...for all routes including best and non best routes Use best to display the count summary for only best routes Syntax show ipv6 route summary best best Displays the count summary for only best routes Default Configuration This command has no default configuration Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines This command has no user gu...

Page 1127: ...ic on a specific interface or without the optional parameter shows information about traffic on all interfaces tunnel Tunnel identifier Range 0 7 loopback Loopback identifier Range 0 7 Default Configuration This command has no default configuration Command Mode User EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Examples The followin...

Page 1128: ...tagrams Received 0 Multicast Datagrams Transmitted 0 console show ipv6 traffic vlan 11 Interface 11 IPv6 STATISTICS Total Datagrams Received 0 Received Datagrams Locally Delivered 0 Received Datagrams Discarded Due To Header Errors 0 Received Datagrams Discarded Due To MTU 0 Red Datagrams Discarded Due To No Route 0 Received Datagrams With Unknown Protocol 0 Received Datagrams Discarded Due To Inv...

Page 1129: ...Pv6 VLAN routing interface addresses console show ipv6 vlan MAC Address used by Routing VLANs 00 02 BC 00 30 68 VLAN ID IPv6 Address Prefix Length 1 traceroute ipv6 Use the traceroute ipv6 command in Privileged EXEC mode to determine the path and measure the transit delay to another device in the network The transit delays are measured for each hop in the network Syntax traceroute ipv6 ipv6 addres...

Page 1130: ...ied source IP address loopback address VLAN address tunnel or out of band interface address in the transmitted packets Default Configuration There is no default configuration for this command Command Mode Privileged EXEC and User EXEC modes User Guidelines Traceroute operates by sending a sequence of Internet Control Message Protocol ICMP echo request packets The time to live TTL value is used in ...

Page 1131: ...IPv6 Routing Commands 1131 2 2001 2 12 msec 13 msec 12 msec 3 2001 2 14 msec 9 msec 11 msec ...

Page 1132: ...1132 IPv6 Routing Commands ...

Page 1133: ...hes in the network This interface never transmits data but may receive data It is typically expected to be used by routing protocols Support for the internal loopback address if present is limited to testing the IP stack Commands in this Chapter This chapter explains the following commands interface loopback Use the interface loopback command in Global Configuration mode to enter the Interface Loo...

Page 1134: ...y From 192 168 22 1 icmp_seq 0 time 10 msec Reply From 192 168 22 1 icmp_seq 1 time 10 msec Reply From 192 168 22 1 icmp_seq 2 time 10 msec Reply From 192 168 22 1 icmp_seq 3 time 10 msec show interfaces loopback Use the show interfaces loopback command in Privileged EXEC mode to display information about one or all configured loopback interfaces Syntax show interfaces loopback loopback id loopbac...

Page 1135: ...nformation about configured loopback interfaces console show interfaces loopback Loopback Id Interface IP Address Received Packets Sent Packets 1 loopback 1 0 0 0 0 0 0 console show interfaces loopback 1 Interface Link Status Up IP Address 0 0 0 0 0 0 0 0 MTU size 1500 bytes ...

Page 1136: ...1136 Loopback Interface Commands ...

Page 1137: ...r unicast IP messages The message is not guaranteed to arrive intact at all members of the destination group or in the same order relative to other messages The advantages of multicasting are explained below Network Load Decrease A number of applications are required to transmit packets to hundreds of stations The packets transmitted to these stations share a group of links on their paths to their...

Page 1138: ...ipating stations are free to join or leave an audio cast or a video cast as needed The variable membership maintenance is managed efficiently through multicasting Commands in this Chapter This chapter explains the following commands clear ip mroute Use this command to selectively clear IPv4 multicast entries from the cache clear ip mroute ip pim dense mode show ip multicast show ip mroute static i...

Page 1139: ...his command it cannot be formed again until it is expired in IGMP and started again via the host The default mcache time out is 210 seconds Example The following example deletes all entries from the IP multicast routing table console clear ip mroute The following example deletes from the IP multicast routing table all entries that match the given multicast group address 224 1 2 1 irrespective of w...

Page 1140: ...range is 239 0 0 0 to 239 255 255 255 mask The group address mask in dotted quad notation Default Configuration This command has no default configuration Command Mode Interface Configuration VLAN mode User Guidelines This command has no user guidelines Example The following example adds an administrative scope multicast boundary console config interface vlan 15 console config if vlan15 ip multicas...

Page 1141: ...p mroute 1 1 1 1 255 255 0 0 192 168 20 1 34 ip multicast routing Use the ip multicast routing command in Global Configuration mode to set the administrative mode of the IP multicast forwarder in the router to active It enables both IPv4 and IPv6 multicast routing For multicast routing to become operational IGMP must be currently enabled An error message is displayed on the CLI if multicast routin...

Page 1142: ... out or stops querying the multicast source data continues to be forwarded to that port If a host in the VLAN subsequently joins or leaves the group the list of mrouter ports is updated for the multicast source and the forwarding of the multicast source is adjusted The workaround to this limitation is to statically configure mrouter ports when enabling IGMP MLD snooping in L3 multicast enabled VLA...

Page 1143: ...ing example applies a ttlvalue of 5 to the VLAN 15 routing interface console config interface vlan 15 console config if vlan15 ip multicast ttl threshold 5 ip pim Use the ip pim command in Interface VLAN Configuration mode to administratively configure PIM mode for IP multicast routing on a VLAN interface Enabling or disabling PIM mode concurrently enables disables IGMP Use the no form of the comm...

Page 1144: ...nd is used in Interface VLAN Configuration mode to administratively disable bootstrap router BSR messages on the interface Use the no form of this command to return the configuration to the default Syntax ip pim bsr border no ip pim bsr border Default Configuration BSR messages are enabled on the interface by default Command Mode Interface VLAN Configuration mode User Guidelines This command only ...

Page 1145: ...AN identifier with multicast routing enabled hash mask length Length of the BSR hash to be ANDed with the multicast group address Range 0 32 bits Default 0 bsr priority The advertised priority of the BSR candidate Range 0 255 Default 0 interval Optional Indicates the RP candidate advertisement interval The range is from 1 to 16383 seconds The default value is 60 seconds Default Configuration None ...

Page 1146: ...be configured on a router IGMP is automatically enabled if PIM is enabled and disabled when PIM is disabled ip multicast routing is not enabled or disabled by this command PIM is not compatible with DVMRP DVMRP must be disabled before enabling PIM Example console config ip multicast routing console config ip pim dense mode ip pim dr priority The ip pim dr priority command in Interface VLAN Configu...

Page 1147: ...r priority 32768 ip pim hello interval The ip pim hello interval command in Interface VLAN Configuration mode to administratively configure the frequency of PIM Hello messages on the specified interface Use the no form of this command to return the configuration to the default Syntax ip pim hello interval interval no ip pim hello interval interval The number of seconds between successive hello tra...

Page 1148: ...specified interface Use the no form of this command to return the configuration to the default Syntax ip pim join prune interval interval no ip pim join prune interval interval The number of seconds between successive join prune transmissions Range 0 18000 seconds Default is 60 Default Configuration The default join prune interval is 60 seconds Command Mode Interface VLAN Configuration mode User G...

Page 1149: ...oup mask rp address The valid IPv4 address for the rendezvous point group address A valid multicast group address to be sourced from the rendezvous point group mask A mask indicating the range of multicast groups sourced from the RP override A flag indicating that the static entry should override dynamically learned entries for the configured multicast group Default Configuration None no static mu...

Page 1150: ...abled group address A valid multicast group address group mask A mask indicating the range of multicast groups for which the router should advertise itself as an RP candidate interval Optional Indicates the RP candidate advertisement interval The range is from 1 to 16383 seconds The default value is 60 seconds Default Configuration None the router does not advertise itself as an RP candidate by de...

Page 1151: ...s recommended that IGMP snooping be disabled if IP multicast is enabled unless specifically required PIM is not compatible with DVMRP DVMRP must be disabled before enabling PIM Example console config ip pim sparse mode ip pim ssm Use the ip pim ssm command in Global Configuration mode to administratively configure PIM source specific multicast range of addresses for IP multicast routing Use the no...

Page 1152: ...nes There are no user guidelines for this command Example console config ip pim ssm 239 0 10 0 255 255 255 0 show ip multicast Use the show ip multicast command in Privileged EXEC mode to display the system wide multicast information Syntax show ip multicast Default Configuration This command has no default configuration Command Mode User EXEC Privileged EXEC modes Configuration mode and all Confi...

Page 1153: ...EC mode to display all the configured administrative scoped multicast boundaries Syntax show ip pim boundary vlan vlan id all vlan id Valid VLAN ID Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays all the confi...

Page 1154: ...the only supported type and number Default Configuration Show information for all multicast interfaces Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays the multicast information for VLAN 15 console show ip mcast interface vlan 15 Interface TTL Vl15 1 show ip mrou...

Page 1155: ...mroute group Use the show ip mroute group command in Privileged EXEC mode to display the multicast configuration settings such as flags timer settings incoming and outgoing interfaces RPF neighboring routers and expiration times of all the entries in the multicast mroute table containing the groupipaddr value Syntax show ip mroute group groupipaddr summary groupipaddr IP address of the multicast g...

Page 1156: ...s RPF neighboring routers and expiration times of all the entries in the multicast mroute table containing the sourceipaddr or sourceipaddr groupipaddr pair value s Syntax show ip mroute source sourceipaddr summary sourceipaddr IP address of source Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes Use...

Page 1157: ...rce Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays the static routes configured in the static mcast table console show ip mroute static MULTICAST STATIC ROUTES Source IP Source Mask RPF Address Preference 1 1...

Page 1158: ...M the following message is displayed None of the routing interfaces are enabled for PIM show ip pim bsr router The show ip pim bsr router command displays information about a bootstrap router BSR Syntax show ip pim bsr router candidate elected candidate Shows the candidate routers capable of acting as the bootstrap router elected Shows the router elected as the PIM bootstrap router Default Configu...

Page 1159: ...d on this router show ip pim interface The show ip pim interface command displays the PIM interface status parameters If the interface number is not is specified the command displays the status parameters of all the PIM enabled interfaces Syntax show ip pim interface vlan vlan id Field Description BSR address IP address of the BSR BSR Priority The configured BSR priority BSR Hash Mask Length The c...

Page 1160: ...ce InterfaceVLAN0010 ModeSparse Hello Interval secs 30 Join Prune Interval secs 60 DR Priority1 BSR BorderDisabled Neighbor Count1 Designated Router192 168 10 1 InterfaceVLAN0001 Field Description Mode Active PIM Protocol Interface Interface number Hello Interval Hello interval value Join prune Interval Join prune interval value DR Priority DR Priority configured on this interface BSR Border Wheth...

Page 1161: ...rs discovered by PIMv2 Hello messages If the interface number is not specified this command displays the neighbors discovered on all the PIM enabled interfaces Syntax show ip pim neighbor vlan vlan id vlan id A valid VLAN ID for which multicast routing has been enabled Default Configuration This command has no default configuration Command Mode User EXEC Privileged EXEC modes Configuration mode an...

Page 1162: ...ned on any of the interfaces the following message is displayed No neighbors are learned on any interface show ip pim rp hash The show ip pim rp hash command displays the rendezvous point RP selected for the specified group address Syntax show ip pim rp hash group address group address A valid multicast address supported by RP Default Configuration There is no default configuration for this comman...

Page 1163: ... mapping command is used in User EXEC and Privileged EXEC modes to display the mappings for the PIM group to the active rendezvous points Syntax show ip pim rp mapping rp address candidate static rp address An RP address Default configuration There is no default configuration for this command Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration submodes User Guidel...

Page 1164: ... If no RP Group mapping exists on the router the following message is displayed No RP Group mappings exist on this router If no static RP Group mapping exists on the router the following message is displayed No Static RP Group mappings exist on this router Field Description RP Address Address of the RP Group Address Address of the multicast group Group Mask Mask for the group address Origin Origin...

Page 1165: ...Multicast Commands 1165 ...

Page 1166: ...1166 Multicast Commands ...

Page 1167: ...6 mroute group address source address Deletes all IPv6 entries from the IP multicast routing table group address IPv6 address of the multicast group source address IPv6 address of a multicast srouce that is sending multicast traffic to the group clear ipv6 mroute ipv6 pim rp address ipv6 pim VLAN Interface config ipv6 pim rp candidate ipv6 pim bsr border ipv6 pim sparse mode ipv6 pim bsr candidate...

Page 1168: ...le clear ipv6 mroute The following example deletes from the IPv6 multicast routing table all entries that match the given multicast group address FF4E 1 irrespective of which source is sending for this group console clear ipv6 mroute FF4E 1 The following example deletes from the IPv6 multicast routing table all entries that match the given multicast group address FF4E 1 and the multicast source ad...

Page 1169: ...e console config if vlan3 ipv6 pim ipv6 pim bsr border Use the ipv6 pim bsr border command to prevent bootstrap router BSR messages from being sent or received through an interface Use the no form of this command to disable the interface from being the BSR border Syntax ipv6 pim bsr border no ipv6 pim bsr border Default Configuration BSR border is disabled by default Command Mode Interface Configu...

Page 1170: ...seed hash correspond to the same RP For example if this value is 24 only the first 24 bits of the group addresses matter This allows you to get one RP for multiple groups Range 0 128 bits priority The priority of the candidate BSR The BSR with the higher priority is preferred If the priority values are the same the router with the higher IP address is the BSR Range 0 255 interval The interval at w...

Page 1171: ...outing Syntax ipv6 pim dense mode no ipv6 pim Default Configuration PIM dense mode is disabled by default Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router DVMRP must be disabled before enabling PIM Example console config ipv6 pim dense ipv6 pim dr priority Use the ipv6 pim dr priority command to set the priority value for which a...

Page 1172: ...6 pim hello interval Use the ipv6 pim hello interval command to configure the PIM SM Hello Interval for the specified interface Use the no form of this command to set the hello interval to the default Syntax ipv6 pim hello interval interval no ipv6 pim hello interval interval The hello interval Range 0 18000 seconds Default Configuration The default hello interval is 30 seconds Command Mode Interf...

Page 1173: ...e 0 18000 seconds Default Configuration The default join prune interval is 60 seconds Command Mode Interface Configuration VLAN mode User Guidelines There are no user guidelines for this command Example console config if vlan3 ipv6 pim join prune interval 90 ipv6 pim register threshold Use the ipv6 pim register threshold command to configure the Register Threshold rate for the RP router to switch ...

Page 1174: ...rride indicates that if there is a conflict the RP configured with this command prevails over the RP learned by BSR Use the no form of this command to remove the RP address for one or more multicast groups Syntax ipv6 pim rp address rp address group address prefixlength override no ipv6 pim rp address rp address An RP address group address The group address to display prefixlength This parameter s...

Page 1175: ...p candidate vlan vlan id group address prefixlength interval c_rp_interval no ipv6 pim rp candidate vlan vlan id vlan id A valid VLAN ID value group address The group address to display prefixlength This parameter specifies the prefix length of the IP address for the media gateway Range 1 32 c_rp_interval The Candiate RP advertisement interval range 1 16383 seconds default 60 seconds Default Confi...

Page 1176: ... Default Configuration IPv6 PIM sparse mode is disabled by default Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router DVMRP must be disabled before enabling PIM Example console config ipv6 pim sparse mode ipv6 pim ssm Use the ipv6 pim ssm command to define the Source Specific Multicast SSM range of multicast addresses Syntax ipv6 p...

Page 1177: ...s for this command Example console config ipv6 pim ssm ff1e 64 show ipv6 pim Use the show ipv6 pim command to display global status of IPv6 PIMSM and its IPv6 routing interfaces Syntax show ipv6 pim Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines There are no user guidelines...

Page 1178: ...d PIM bootstrap router information Default Configuration There is no default configuration for this command Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines Field descriptions are shown in the following table Field Description BSR Address Address of the BSR BSR Priority Configured BSR priority BSR Hash Mask Length Configured hash mask l...

Page 1179: ...andidate BSR Address 2001 0db8 0 badc 1 BSR Priority 0 BSR Hash Mask Length 64 C BSR Advertisement Interval secs 60 Next Bootstrap message hh mm ss 00 00 32 If no configured elected BSR s exist on the router the following message is displayed No BSR s exist learned on this router ...

Page 1180: ...rmation for the specified multicast source static Show the multicast route information for the specified static multicast group summary Summarize the information Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console show ipv6 mroute summa...

Page 1181: ...ource IP Group IP mm ss hh mm ss RPF Neighbor Flags 2001 5 FF43 5 03 08 00 00 21 2001 5 SPT console show ipv6 mroute source 2001 5 summary Multicast Route Table Summary Source IP Group IP Protocol IIF OIF Expiry 2001 5 FF43 5 PIMSM Vl12 Vl11 Vl13 console show ipv6 mroute group FF43 5 cr Press enter to execute the command Output filter options summary Display the IPV6 multicast routing table summar...

Page 1182: ...terfaces RPF neighboring routers and expiration times of all the entries in the multicast mroute table containing the groupipaddr value Syntax show ipv6 mroute group groupipaddr summary groupipaddr IP address of the multicast group Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This...

Page 1183: ... Use the show ipv6 mroute source command in Privileged EXEC mode to display the multicast configuration settings such as flags timer settings incoming and outgoing interfaces RPF neighboring routers and expiration times of all the entries in the multicast mroute table containing the sourceipaddr or sourceipaddr groupipaddr pair value s Syntax show ipv6 mroute source sourceipaddr summary groupipadd...

Page 1184: ...IP mm ss hh mm ss RPF Neighbor Flags 2001 5 FF43 5 03 08 00 00 21 2001 5 SPT console show ipv6 mroute source 2001 5 summary Multicast Route Table Summary Source IP Group IP Protocol IIF OIF Expiry 2001 5 FF43 5 PIMSM Vl12 Vl11 Vl13 show ipv6 pim interface Use the show ipv6 pim interface command to display interface config parameters If no interface is specified all interfaces are displayed Syntax ...

Page 1185: ...ated Router FE80 2FF EDFF FED0 2 DR Priority 1 BSR Border Disabled show ipv6 pim neighbor Use the show ipv6 pim neighbor command to display IPv6 PIMSM neighbors learned on the routing interfaces Syntax show ipv6 pim neighbor interface vlan vlan id vlan id A valid VLAN ID value Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Configuration m...

Page 1186: ... address supported by RP Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command Example console show ipv6 pim rp hash ff1e 64 RP Type Address 3001 1 BSR show ipv6 pim rp mapping Use the show ipv6 pim rp mapping command to display all gr...

Page 1187: ...endezvous point mappings Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command Example console show ipv6 pim rp mapping Group Address FF1E 64 RP Address 2001 1 origin Static Group Address FF1E 64 RP Address 3001 1 origin BSR ...

Page 1188: ...1188 IPv6 Multicast Commands ...

Page 1189: ...IPv6 Multicast Commands 1189 ...

Page 1190: ...1190 IPv6 Multicast Commands ...

Page 1191: ...ame hierarchical area An area s topology is not visible to routers outside the area Two different types of OSPF routing occur as a result of area partitioning Intra area and Inter area Intra area routing occurs if a source and destination are in the same area Inter area routing occurs when a source and destination are in different areas An OSPF backbone distributes information between areas For IP...

Page 1192: ...ute preference of 255 makes the route ineligible to be selected as the best route to its destination That is a route type with a preference of 255 shall never be used for forwarding The RIP preference is not used in IPv6 routing OSPF Equal Cost Multipath ECMP A device running the IP routing protocol OSPF maintains multiple equal cost routes to all destinations The multiple routes are of the same t...

Page 1193: ...ace connecting Router A and Router B Then on Router A OSPF reports to RTO a route to 20 0 0 0 8 with a next hop of 10 1 1 2 If the user configures a static route to 20 0 0 0 8 with a single next hop of 10 1 2 2 RTO does NOT combine the OSPF and static route into a single route to 20 0 0 0 8 with two next hops All next hops within an ECMP route must be provided by the same source On Dell Networking...

Page 1194: ...trol plane is restarting but that it will be back shortly Helpful neighbors continue to advertise to the rest of the network that they have full adjacencies with the restarting router avoiding announcement of a topology change and everything that goes with that i e flooding of LSAs SPF runs Helpful neighbors continue to forward packets through the restarting router The restarting router relearns t...

Page 1195: ...nterval nsf helper strict lsa checking show ip ospf statistics area virtual link external lsdb limit nsf restart interval show ip ospf stub table area virtual link authentication ip ospf area passive interface default show ip ospf traffic area virtual link dead interval ip ospf authentication passive interface show ip ospf virtual link area virtual link hello interval ip ospf cost redistribute sho...

Page 1196: ...s the default configuration for integer Command Mode Router OSPF Configuration mode User Guidelines This command has no user guidelines Example The following example identifies a stub area of 10 and default cost of 100 console config router ospf console config router area 10 default cost 100 area nssa Router OSPF Use the area nssa command in Router OSPF Configuration mode to configure the specifie...

Page 1197: ...f nssa external 1 A metric type of nssa external 2 default role The translator role where role is one of the following always The router assumes the role of the translator when it becomes a border router candidate The router to participate in the translator election process when it attains border router status interval The period of time that an elected translator continues to perform its duties a...

Page 1198: ...onfigure the metric value and type for the default route advertised into the NSSA The metric type can be comparable nssa external 1 or noncomparable nssa external 2 Use the no form of the command to return the metric value and type to the default value Syntax area area id nssa default info originate integer comparable non comparable no area area id nssa default info originate area id Identifies th...

Page 1199: ...tion mode to configure the NSSA Area Border router ABR so that learned external routes are not redistributed to the NSSA Syntax area area id nssa no redistribute no area area id nssa no redistribute area id Identifies the OSPF NSSA to configure Range IP address or decimal from 0 4294967295 Default Configuration This command has no default configuration Command Mode Router OSPF Configuration mode U...

Page 1200: ...on Command Mode Router OSPF Configuration mode User Guidelines This command has no user guidelines Example The following example configures the NSSA so that summary LSAs are not advertised into the NSSA console config router area 20 nssa no summary area nssa translator role Use the area nssa translator role command in Router OSPF Configuration mode to configure the translator role of the NSSA Synt...

Page 1201: ...g router area 20 nssa translator role always area nssa translator stab intv Use the area nssa translator stab intv command in Router OSPF Configuration mode to configure the translator stability interval of the NSSA Syntax area area id nssa translator stab intv integer no area area id nssa translator stab intv area id Identifies the OSPF NSSA to configure Range IP address or decimal from 0 4294967...

Page 1202: ...e configured at the edge of an NSSA to summarize external routes reachable within the NSSA The range is advertised as a type 5 external LSA Use the no form of the command to delete an area range or revert an option to its default Syntax area area id range prefix netmask summarylink nssaexternallink advertise not advertise cost cost no area area id range prefix netmask summarylink nssaexternallink ...

Page 1203: ...e suppressed This behavior is equivalent to specifying the not advertise option If the range is configured for type 7 to type 5 translation a type 5 LSA is sent if the metric is set to 16 777 215 however other routers will not compute a route from a type 5 LSA with this metric Default Configuration No area ranges are configured by default No cost is configured by default Command Mode OSPFv2 Router...

Page 1204: ...eady configured on this area If the network mask is invalid console config router area 1 range 0 0 0 0 0 0 0 0 summarylink An area range mask must have contiguous ones and be no longer than 31 bits If the prefix is not a valid area range prefix console config router area 1 range 0 0 0 0 255 0 0 0 summarylink Cannot create this area range because it represents a default route console config router ...

Page 1205: ...Summary LSAs can significantly reduce the link state database of routers within the stub area Use the no form of the command to remove the stub area Syntax area area id stub no area area id stub area id Identifies the area identifier of the OSPF stub Range IP address or decimal from 0 4294967295 Default Configuration This command has no default configuration Command Mode Router OSPF Configuration ...

Page 1206: ...figuration mode User Guidelines This command has no user guidelines Example The following example prevents the Summary LSA from being advertised into the area 3 NSSA console config router area 3 stub no summary area virtual link Use the area virtual link command in Router OSPF Configuration mode to create the OSPF virtual interface for the specified area id and neighbor router To remove the link u...

Page 1207: ... or message digest authentication if configured for the area hello interval seconds Number of seconds to wait before sending hello packets to the OSPF virtual interface Range 1 65535 dead interval seconds Number of seconds to wait before the OSPF virtual interface on the virtual interface is assumed to be dead Range 1 65535 retransmit interval seconds The number of seconds to wait between retransm...

Page 1208: ...lay interval and default values for all other optional parameters router ospf network 10 50 50 0 0 0 0 255 area 10 area 10 virtual link 192 168 2 2 transmit delay 40 The following example establishes a virtual link with MD5 authentication router ospf Parameter Default area id No area ID is predefined router id No router ID is predefined hello interval seconds 10 seconds retransmit interval seconds...

Page 1209: ...hbor id authentication area id Identifies the OSPF area to configure Range IP address or decimal from 0 4294967295 neighbor id Identifies the Router identifier of the neighbor encrypt Use MD5 Encryption for an OSPF Virtual Link key Authentication key for the specified interface Range 8 bytes or less if the authentication type is simple and 16 bytes or less if the type is encrypt key id Authenticat...

Page 1210: ...irtual interface identified by area id and neighbor router Use the no form of the command to return the dead interval to the default value Syntax area area id virtual link neighbor id dead interval seconds no area area id virtual link neighbor id dead interval area id Identifies the OSPF area to configure Range IP address or decimal from 0 4294967295 neighbor id Identifies the Router ID of the nei...

Page 1211: ...return the hello interval to the default value Syntax area area id virtual link neighbor id hello interval seconds no area area id virtual link neighbor id hello interval area id Identifies the OSPF area to configure Range IP address or decimal from 0 4294967295 neighbor id Identifies the Router ID of the neighbor seconds Number of seconds to wait before sending hello packets to the OSPF virtual i...

Page 1212: ...nds no area area id virtual link neighbor id retransmit interval area id Identifies the OSPF area to configure Range IP address or decimal from 0 4294967295 neighbor id Identifies the Router ID of the neighbor seconds The number of seconds to wait between retransmitting LSAs if no acknowledgement is received Range 0 3600 Default Configuration The default configuration is 5 seconds Command Mode Rou...

Page 1213: ...ighbor id Identifies the Router ID of the neighbor seconds Number of seconds to increment the age of the LSA before sending based on the estimated time it takes to transmit from the interface Range 0 3600 Default Configuration 1 second is the default configuration Command Mode Router OSPF Configuration mode User Guidelines This command has no user guidelines Example The following example configure...

Page 1214: ... or OSPFv3 Router Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures a reference bandwidth of 500 Mbps console config router auto cost reference bandwidth 500 bandwidth By default OSPF computes the link cost of an interface as the ratio of the reference bandwidth to the interface bandwidth Reference bandwidth is specified with ...

Page 1215: ... following example configures the interface bandwidth to 500000 Kbps console config if vlan1 bandwidth 500000 capability opaque Use the capability opaque command to enable Opaque Capability on the router Use the no form of this command to disable Opaque Capability Syntax capability opaque no capability opaque Default Configuration Opaque Capability is enabled by default Command Mode Router Configu...

Page 1216: ...iguration and re originate prefixes as necessary counters Reset global and interface statistics neighbor Drop the adjacency with all OSPF neighbors On each neighbor s interface send a one way hello Adjacencies may then be reestablished interface vlan vlan id Drop adjacency with all neighbors on a specific interface neighbor id Drop adjacency with a specific router ID on a specific interface Defaul...

Page 1217: ...a resource limitation Syntax clear ip ospf stub router Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode User Guidelines OSPF only exits stub router mode if it entered stub router mode because of a resource limitation or if it is in stub router mode at startup This command has not effect is OSPF is configured to be in stub router mode perman...

Page 1218: ...le rfc1583 default information originate Router OSPF Configuration Use the default information originate command in Router OSPF Configuration mode to control the advertisement of default routes Use the no form of the command to return the default route advertisement settings to the default value Syntax default information originate always metric metric value metric type type value no default infor...

Page 1219: ...lways keyword will cause the router to advertise a default route to its neighbors even if no valid default route is known Example The following example always advertises default routes console config router default information originate always metric 100 metric type 1 default metric Use the default metric command in Router OSPF Configuration mode to set a default for the metric of distributed rout...

Page 1220: ...rence value Use the no form of this command to reset the preference values to the default Syntax distance ospf intra area dist1 inter area dist2 external dist3 no distance ospf intra area inter area external intra area dist1 Used to select the best path within an area when there are two or more routes to the same destination from two different routing protocols Range 1 255 inter area dist2 Used to...

Page 1221: ...ribute list out command in Router OSPF Configuration mode to specify the access list to filter routes received from the source protocol Use the no form of the command to remove the specified source protocol from the access list Syntax distribute list name out rip static connected no distribute list name out rip static connected name The name used to identify an existing ACL The range is 1 31 chara...

Page 1222: ...r distribute list ACL40 out rip enable This command has been deprecated Use the enable command in Router OSPF Configuration mode to reset the default administrative mode of OSPF in the router active OSPF is now globally enabled using the router ospf command Use the no form of the command to disable the administrative mode for OSPF Syntax enable no enable Default Configuration Enabled is the defaul...

Page 1223: ... until restarted Use the no form of the command to return the interval to the default value Syntax exit overflow interval seconds no exit overflow interval seconds Number of seconds after entering overflow state that a router will wait before attempting to leave the overflow state Range 0 2147483647 Default Configuration 0 seconds is the default configuration Command Mode Router OSPF Configuration...

Page 1224: ...no form of the command to return the limit to the default value Syntax external lsdb limit integer no external lsdb limit integer Maximum number of non default AS external LSAs allowed in the router s link state database Range 1 to 2147483647 Default Configuration 1 is the default configuration Command Mode Router OSPF Configuration mode User Guidelines The external LSDB limit MUST be set identica...

Page 1225: ...e area Range IP address or decimal from 0 4294967295 Default Configuration OSPFv2 is disabled by default Command Mode Interface Configuration VLAN mode User Guidelines There are no user guidelines for this command Example console config if vlan1 ip ospf area 192 168 1 10 console config if vlan1 ip ospf area 3232235786 ip ospf authentication Use the ip ospf authentication command in the Interface C...

Page 1226: ...ace Configuration VLAN mode User Guidelines Unauthenticated interfaces do not need an authentication key or authentication key ID Example The following example sets the OSPF Authentication Type and Key for VLAN 15 console config if vlan15 ip ospf authentication encrypt test123 100 ip ospf cost Use the ip ospf cost command in Interface Configuration mode to configure the cost on an OSPF interface U...

Page 1227: ...spf database filter all out Use the ip ospf database filter all out command in Interface Configuration mode to prevent flooding of OSPF LSAs on an interface Use the no form of the command to enable flooding of LSAs on an interface Syntax ip ospf database filter all out no ip ospf database filter all out Default Configuration By default LSAs are flooded on all interfaces in a routed VLAN Command Mo...

Page 1228: ...ult Configuration 40 is the default number of seconds Command Mode Interface Configuration VLAN mode User Guidelines The value for the length of time must be the same for all routers attached to a common network This value should be some multiple of the Hello Interval i e 4 Example The following example sets the dead interval at 30 seconds console config if vlan1 ip ospf dead interval 30 ip ospf h...

Page 1229: ...0 ip ospf mtu ignore Use the ip ospf mtu ignore command in Interface Configuration mode to disable OSPF maximum transmission unit MTU mismatch detection OSPF Database Description packets specify the size of the largest IP packet that can be sent without fragmentation on the interface When a router receives a Database Description packet it examines the MTU advertised by the neighbor By default if t...

Page 1230: ...spf mtu ignore ip ospf network Use the ip ospf network command to configure OSPF to treat an interface as a point to point rather than broadcast interface To return to the default value use the no form of this command Syntax ip ospf network broadcast point to point no ip ospf network broadcast Set the network type to broadcast point to point Set the network type to point to point Default Configura...

Page 1231: ...int mode Example The following example shows the options for the ip ospf network command console config if vlan1 ip ospf network broadcast Set the OSPF network type to Broadcast point to point Set the OSPF network type to Point to Point ip ospf priority Use the ip ospf priority command in Interface Configuration mode to set the OSPF priority for the specified router interface Use the no form of th...

Page 1232: ...return the interval to the default value Syntax ip ospf retransmit interval seconds no ip ospf retransmit interval seconds Number of seconds between link state advertisement retransmissions for adjacencies belonging to this router interface This value is also used when retransmitting database description and link state request packets Range 0 3600 seconds Default Configuration 5 is the default num...

Page 1233: ...f seconds it takes to transmit a link state update packet over this interface Range 1 3600 seconds Default Configuration 1 is the default number of seconds Command Mode Interface Configuration VLAN mode User Guidelines This command has no user guidelines Example The following example sets the OSPF Transit Delay for VLAN 15 at 20 seconds console config if vlan1 ip ospf transmit delay 20 log adjacen...

Page 1234: ...guration mode to configure OSPF to enable stub router mode To disable stub router mode use the no max metric router lsa command in OSPFv2 Global Router Configuration mode Syntax max metric router lsa on startup seconds summary lsa metric no max metric router lsa on startup summary lsa on startup Optional OSPF starts in stub router mode after a reboot seconds Required if on startup The number of se...

Page 1235: ... up If the summary LSA metric is set to 16 777 215 other routers will skip the summary LSA when they compute routes If the router is configured to enter stub router mode on startup max metric router lsa on startup and one then enters max metric router lsa there is no change If OSPF is administratively in stub router mode the max metric router lsa command has been given and one configures OSPF to e...

Page 1236: ...s a network area range Any individual interface can only be attached to a single area If an interface address matches multiple network area ranges the interface is assigned to the area for the first matching range If the ip ospf area command is given for an interface it overrides any matching network area command OSPF only advertises IP subnets for secondary IP addresses if the secondary address i...

Page 1237: ...guration mode User Guidelines OSPF is only enabled on an interface if the primary IPv4 address on the interface matches a network area range Any individual interface can only be attached to a single area If an interface address matches multiple network area ranges the interface is assigned to the area for the first matching range If the ip ospf area command is given for an interface it overrides a...

Page 1238: ... restart works in concert with nonstop forwarding to enable the hardware to continue forwarding IPv4 packets using OSPFv2 routes while a backup unit takes over management unit responsibility When OSPF executes a graceful restart it informs its neighbors that the OSPF control plane is restarting but that it will be back shortly Helpful neighbors continue to advertise to the rest of the network that...

Page 1239: ...er Guidelines The grace LSA announcing the graceful restart includes a restart reason Reasons 1 software restart and 2 software reload upgrade are considered planned restarts Reasons 0 unknown and 3 switch to redundant control processor are considered unplanned restarts nsf ietf helper disable is functionally equivalent to no nsf helper and is supported solely for IS CLI compatibility nsf helper s...

Page 1240: ...at persist until the graceful restart completes By exiting the graceful restart on a topology change a router tries to eliminate the loops or black holes as quickly as possible by routing around the restarting router A helpful neighbor considers a link down with the restarting router to be a topology change regardless of the strict LSA checking configuration nsf restart interval Use the nsf restar...

Page 1241: ...and complete a full database exchange with each of those neighbors Example console config router nsf restart interval 180 passive interface default The passive interface default command enables the global passive mode by default for all interfaces It overrides any interface level passive mode Use the no form of this command to disable the global passive mode by default for all interfaces Any inter...

Page 1242: ... id no passive interface vlan vlan id vlan id The vlan number Default Configuration Passive interface mode is disabled by default Command Mode Router OSPF Configuration mode User Guidelines There are no user guidelines for this command Example console config router passive interface vlan 1 redistribute Use the redistribute command in Router OSPF Configuration mode to configure OSPF protocol to all...

Page 1243: ...onnected route metric value Specifies the metric to use when redistributing the route Range 0 16777214 type value One of the following Type 1 external route Type 2 external route tag value Value attached to each external route which might be used to communicate information between ASBRs Range 0 4294967295 subnets Specifies whether to redistribute the routes to subnets Default Configuration 0 is th...

Page 1244: ...r ID Command Mode Router OSPF Configuration mode User Guidelines The router id must be set in order for OSPF to become operationally enabled It is recommended that the router ID be set to the IP address of a loopback interface to ensure that the router remains up internally Example The following example defines the router ID as 5 5 5 5 console config router ospf console config router router id 5 5...

Page 1245: ...s into router OSPF mode console config router ospf console config router show ip ospf Use the show ip ospf command to display information relevant to the OSPF router This command has been modified to show additional fields Syntax show ip ospf Syntax Description This command has no arguments or keywords Default Configuration There is no default configuration for this command Command Mode User EXEC ...

Page 1246: ...ws the maximum number of non default external LSAs entries that can be stored in the link state database Exit Overflow Interval Shows the number of seconds that after entering OverflowState as defined by RFC 1765 a router will attempt to leave OverflowState Spf Delay Time The number of seconds to wait before running a routing table calculation after a topology change Spf Hold Time The minimum numb...

Page 1247: ...default routes If the metric is not configured this field is not configured Metric Type Shows whether the metric for the default route is advertised as External Type 1 or External Type 2 Number of Active Areas The number of OSPF areas to which the router is attached on interfaces that are up ABR Status Shows whether the router is an OSPF Area Border Router ASBR Status Indicates whether the router ...

Page 1248: ... LSA High Water Mark The maximum number of LSAs that have been in the link state database since OSPF began operation AS Scope LSA Flood List Length The number of LSAs currently in the global flood queue waiting to be flooded through the OSPF domain LSAs with AS flooding scope such as type 5 external LSAs and type 11 Opaque LSAs Retransmit List Entries The current number of entries on all neighbors...

Page 1249: ...ed In progress Completed Timed out Topology change and Manual clear NSF Helper Support Whether this router is configured to act as a graceful restart helpful neighbor Possible values are Helper Support Always Disabled or Planned NSF Helper Strict LSA Checking As a graceful restart helpful neighbor whether to terminate the helper relationship if a topology change occurs during a neighbor s graceful...

Page 1250: ... Number of Retransmit Entries 72800 Retransmit Entries High Water Mark 2 NSF Support Disabled NSF Restart Interval 120 NSF Restart Status Not Restarting NSF Restart Age 0 seconds NSF Restart Exit Reason Not Attempted NSF Helper Support Always NSF Helper Strict LSA Checking Enabled Example 2 The following example displays the length of the global flood queue for LSAs with AS flooding scope and for ...

Page 1251: ...ble Stub Router Status Inactive Stub Router Reason reason Stub Router Time Remaining duration seconds External LSDB Overflow FALSE External LSA Count 0 External LSA Checksum 0 AS_OPAQUE LSA Count 0 AS_OPAQUE LSA Checksum 0 New LSAs Originated 300269 LSAs Received 300276 LSA Count 6020 Maximum Number of LSAs 36968 LSA High Water Mark 6020 AS Scope LSA Flood List Length 0 Retransmit List Entries 0 M...

Page 1252: ...rea ID Next Hop Next Hop Intf INTRA 3 3 3 3 1 0 0 0 1 10 1 23 3 vlan11 INTRA 4 4 4 4 10 0 0 0 1 10 1 24 4 vlan12 show ip ospf area Use the show ip ospf area command in Privileged EXEC mode to display information about the identified OSPF area Syntax show ip ospf area area id area id Identifies the OSPF area whose ranges are being displayed Range 0 4294967295 Default Configuration This command has ...

Page 1253: ...SAs Spf Runs 0 Area Border Router Count 0 Area LSA Count 0 Area LSA Checksum 0 OSPF NSSA Specific Information Import Summary LSAs Enable Redistribute into NSSA Enable Default Information Originate TRUE Default Metric 250 Default Metric Type Non Comparable Translator Role Candidate Translator Stability Interval 2000 Translator State Disabled Example 3 The following example shows the length of the a...

Page 1254: ...mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console show ip ospf asbr Type Router Id Cost Area ID Next Hop Next Hop Intf INTRA 1 1 1 1 1 0 0 0 1 10 1 12 1 vlan10 INTRA 4 4 4 4 10 0 0 0 1 10 1 24 4 vlan12 show ip ospf database Use the show ip ospf database command in Privileged EXEC mode to display information about the link sta...

Page 1255: ... Display router LSAs summary Display the LSA database summary information ls id Specifies the link state ID LSID Range IP address or an integer in the range of 0 4294967295 adv router Display the LSAs that are restricted by the advertising router To specify a router enter the IP address of the router self originate Display the LSAs in that are self originated opaque area Display the area opaque LS...

Page 1256: ...0000b 0f80 E Network Link States Area 0 0 0 0 Link Id Adv Router Age Sequence Chksm Options Rtr Opt 2 2 2 2 20 20 20 20 1165 80000005 f86d E O Network Summary States Area 0 0 0 0 Link Id Adv Router Age Sequence Chksm Options Rtr Opt 5 2 0 0 0 0 0 0 1360 80000007 242e Summary ASBR States Area 0 0 0 0 Link Id Adv Router Age Sequence Chksm Options Rtr Opt 5 2 0 0 0 0 0 0 1361 80000006 183a Link Opaqu...

Page 1257: ...p ospf database database summary Use the show ip ospf database database summary command to display the number of each type of LSA in the database for each area and for the router The command also displays the total number of LSAs in the database This command has been modified Syntax show ip ospf database database summary Default Configuration There is no default configuration for this command Comm...

Page 1258: ...e OSPF link state database Network Shows Total number of network LSAs in the OSPF link state database Summary Net Shows Total number of summary network LSAs in the database Summary ASBR Shows Number of summary ASBR LSAs in the database Type 7 Ext Shows Total number of Type 7 external LSAs in the database Self Originated Type 7 Shows Total number of self originated AS external LSAs in the OSPFv3 li...

Page 1259: ... in Privileged EXEC mode to display the information for the VLAN or loopback interface The long form of the command displays the configuration of flood blocking Syntax show ip ospf interface interface type interface number interface type Vlan or loopback interface number Valid VLAN ID or loopback interface number Range 0 7 Flood Blocking Indicates if flood blocking is enabled or disabled Default C...

Page 1260: ...nterval 10 Dead Interval 40 LSA Ack Interval 1 Iftransit Delay Interval 1 Authentication Type None Metric Cost 10 computed Passive Status Non passive interface OSPF Mtu ignore Disable State designated router Designated Router 1 1 1 1 Backup Designated Router 0 0 0 0 Number of Link Events 2 Example 2 The following example shows the configuration of flood blocking console show ip ospf interface gi2 ...

Page 1261: ...s Syntax show ip ospf interface brief Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays brief information for the IFO object or virtual interface tables console show ip ospf interface brief Hello Dead Retrax LSA...

Page 1262: ... and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays the ospf statistics for VLAN 15 console show ip ospf interface stats vlan 15 OSPF Area ID 0 0 0 0 Area Border Router Count 0 AS Border Router Count 0 Area LSA Count 1 IP Address 2 2 2 2 OSPF Interface Events 1 Virtual Events 0 Neighbor Events 0 External LSA Count 0 show ip osp...

Page 1263: ...ce on which the adjacency is formed Neighbor IP Address The IPv4 address on the neighbor s interface used to form the adjacency Interface Index The SNMP interface index Area Id The OSPF area in which the adjacency is formed Options The options advertised by the neighbor Router Priority The router priority advertised by the neighbor Dead timer The number of seconds until the dead timer expires Up T...

Page 1264: ...ing This router is acting as a helpful neighbor to this neighbor A helpful neighbor does not report an adjacency change during graceful restart but continues to advertise the restarting router as a FULL adjacency A helpful neighbor continues to forward data packets to the restarting router trusting that the restarting router s forwarding table is maintained during the restart Not Helping This rout...

Page 1265: ...sets the Restart Reason to Software Restart on a planned warm restart when the initiate failover command is invoked and to Unknown on an unplanned warm restart Remaining Grace Time The number of seconds remaining in the current graceful restart interval This row is only included if the router is currently acting as a restart helper for the neighbor Restart Exit Reason One of the following None gra...

Page 1266: ...t Helper Exit Reason Not attempted show ip ospf range Use the show ip ospf range command in Privileged EXEC mode to display information about the area ranges for the specified area id Syntax show ip ospf range area id area id Identifies the OSPF area whose ranges are being displayed Range IP address or decimal from 0 4294967295 Default Configuration This command has no default configuration Comman...

Page 1267: ...has run for each OSPF area A table follows this information For each of the 15 most recent SPF runs the table lists how long ago the SPF ran how long the SPF took and the reasons why the SPF was scheduled Syntax show ip ospf statistics Default Configuration This command has no default configuration Prefix The summary prefix Subnet Mask The subnetwork mask of the summary prefix Type S Summary Link ...

Page 1268: ...a The time taken to compute intra area routes in milliseconds Summ The time taken to compute inter area routes in milliseconds Ext The time taken to compute external routes in milliseconds SPF Total The total time to compute routes in milliseconds The total may exceed the sum of the Intra Summ and Ext times RIB Update The time from the completion of the routing table calculation until all changes ...

Page 1269: ...ow ip ospf stub table command in Privileged EXEC mode to display the OSPF stub table The information below will only be displayed if OSPF is initialized on the switch Syntax show ip ospf stub table Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Ex...

Page 1270: ...ode User Guidelines The clear ip ospf counters command does not clear the message queue high water marks The following is output Parameter Description OSPFv2 Packet Statistics The number of packets of each type sent and received since OSPF counters were last cleared LSAs Retransmitted The number of LSAs retransmitted by this router since OSPF counters were last cleared LS Update Max Receive Rate T...

Page 1271: ...T4 ASBR Summary 15 T5 External 20 T7 NSSA External 0 T9 Link Opaque 0 T10 Area Opaque 0 T11 AS Opaque 0 Total 345 OSPFv2 Queue Statistics Current Max Drops Limit Hello 0 10 0 500 ACK 2 12 0 1680 Data 24 47 0 500 Event 1 8 0 1000 Number of LSAs Received The number of LSAs of each type received since OSPF counters were last cleared OSPFv2 Queue Statistics For each OSPFv2 message queue the current co...

Page 1272: ... Range Valid IP address Default Configuration Show information for all OSPF Virtual Interfaces Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays the OSPF Virtual Interface information for area 10 and its neighbor console show ip ospf virtual link 10 192 168 2 2 Ar...

Page 1273: ...EC modes Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays the OSPF Virtual Interface information in the system console show ipv6 ospf virtual link brief Hello Dead Retransmit Transit Area ID Neighbor Interval Interval Interval Delay 0 0 0 2 5 5 5 5 10 40 5 1 timers pacing flood Use the timers pacing flood c...

Page 1274: ... likelihood of sending a neighbor more packets than it can buffer OSPF rate limits the transmission of LS Update packets By default OSPF sends up to 30 updates per second on each interface 1 the pacing interval Use this command to adjust the LS Update transmission rate timers pacing lsa group Use the timers pacing lsa group command in router OSPF Global Configuration mode to tune how OSPF groups L...

Page 1275: ... LSA By selecting a random refresh delay OSPF avoids refreshing a large number of LSAs at one time even if a large number of LSAs are originated at one time timers spf Use the timers spf command in Router OSPF Configuration mode to configure the SPF delay and hold time Use the no form of the command to reset the numbers to the default value Syntax timers spf delay time hold time no timers spf dela...

Page 1276: ...1276 OSPF Commands console config router timers spf 20 30 ...

Page 1277: ...it interval show ipv6 ospf area area nssa default info originate Router OSPFv3 Config default metric ipv6 ospf transmit delay show ipv6 ospf asbr area nssa no redistribute distance ospf ipv6 router ospf show ipv6 ospf database area nssa no summary enable maximum paths show ipv6 ospf database database summary area nssa translator role exit overflow interval nsf show ipv6 ospf interface area nssa tr...

Page 1278: ...d default cost cost no area area id default cost areaid Valid area identifier cost Default cost Range 1 16777215 Default Configuration This command has no default configuration Command Mode Router OSPFv3 Configuration mode User Guidelines This command has no user guidelines area virtual link ipv6 ospf dead interval passive interface default show ipv6 ospf range area virtual link dead interval ipv6...

Page 1279: ...tion originate metric metric value metric type metric type value no summary translator role role translator stab intv interval no area area id nssa no redistribution default information originate no summary translator role translator stab intv area id Identifies the OSPFv3 stub area to configure Range IP address or decimal from 0 4294967295 metric value Specifies the metric of the default route ad...

Page 1280: ...sa The following example configures the metric value and type for the default route advertised into the NSSA and configures the NSSA so that summary LSAs are not advertised into the NSSA console config router area 20 nssa default info originate metric 250 metric type 2 no summary area nssa default info originate Router OSPFv3 Config Use the area nssa default info originate command in Router OSPFv3...

Page 1281: ...er OSPFv3 Configuration mode User Guidelines This command has no user guidelines Example The following example configures the default metric value for the default route advertised into the NSSA console config ipv6 router ospf console config rtr area 1 nssa default info originate area nssa no redistribute Use the area nssa no redistribute command in Router OSPFv3 Configuration mode to configure the...

Page 1282: ...ted to the NSSA console config ipv6 router ospf console config rtr area 1 nssa no redistribute area nssa no summary Use the area nssa no summary command in Router OSPFv3 Configuration mode to configure the NSSA so that summary LSAs are not advertised into the NSSA Use the no form of the command to remove the configuration Syntax area areaid nssa no summary no area area id nssa no summary areaid Va...

Page 1283: ...lator role of the NSSA Use the no form of the command to remove the configuration Syntax area areaid nssa translator role always candidate no area areaid nssa translator role areaid Valid OSPF area identifier always Causes the router to assume the role of the translator the instant it becomes a border router candidate Causes the router to participate in the translator election process when it atta...

Page 1284: ...rform its duties after it determines that its translator status has been deposed by another router Syntax area areaid nssa translator stab intv seconds no area areaid nssa translator stab intv areaid Valid OSPF area identifier seconds Translator stability interval of the NSSA Range 0 3600 seconds Default Configuration This command has no default configuration Command Mode Router OSPFv3 Configurati...

Page 1285: ... a type 5 external LSA Use the no form of the command to remove the summary prefix configuration for routes learned in the specified area Syntax area area id range ipv6 prefix prefix length summarylink nssaexternallink advertise not advertise no area area id range ipv6 prefix prefix length summarylink nssaexternallink areaid Valid OSPFv3 area identifier ipv6 prefix prefix length Valid route prefix...

Page 1286: ...S External LSAs are not propagated into the area Removing AS External LSAs and Summary LSAs can significantly reduce the size of the link state database of routers within the stub area Syntax area area id stub no summary no area area id stub no summary area id Valid OSPFv3 area identifier no summary Disable the import of Summary LSAs for the stub area identified by area id Default Configuration Th...

Page 1287: ...ration mode User Guidelines This command has no user guidelines Example The following example prevents Summary LSAs from being advertised into the area 1 NSSA console config ipv6 router ospf console config rtr area 1 stub no summary area virtual link Use the area virtual link command in Router OSPFv3 Configuration mode to create the OSPF virtual interface for the specified area id and neighbor rou...

Page 1288: ...l interface Range 1 65535 dead interval seconds Number of seconds to wait before the OSPF virtual interface on the virtual interface is assumed to be dead Range 1 65535 retransmit interval seconds The number of seconds to wait between retransmitting LSAs if no acknowledgement is received Range 0 3600 transmit delay seconds Number of seconds to increment the age of the LSA before sending based on t...

Page 1289: ...ace identified by area 1 and its neighbor console config ipv6 router ospf console config rtr area 1 virtual link 2 dead interval 20 hello interval 20 retransmit interval 20 transmit delay 20 area virtual link dead interval Use the area virtual link dead interval command in Router OSPFv3 Configuration mode to configure the dead interval for the OSPF virtual interface on the virtual interface identi...

Page 1290: ...o interval Use the area virtual link hello interval command in Router OSPFv3 Configuration mode to configure the hello interval for the OSPF virtual interface on the virtual interface identified by areaid and neighbor Syntax area areaid virtual link neighbor hello interval seconds no area areaid virtual link neighbor hello interval areaid Valid OSPFv3 area identifier neighbor Router ID of neighbor...

Page 1291: ...al interface identified by areaid and neighbor Syntax area areaid virtual link neighbor retransmit interval seconds no area areaid virtual link neighbor retransmit interval areaid Valid OSPFv3 area identifier neighbor Router ID of neighbor seconds Retransmit interval Range 0 3600 Default Configuration 5 is the default value for seconds Command Mode Router OSPFv3 Configuration mode User Guidelines ...

Page 1292: ...ault Configuration 1 is the default value for seconds Command Mode Router OSPFv3 Configuration mode User Guidelines This command has no user guidelines Example The following example configures a 20 second transmit delay for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor console config ipv6 router ospf console config rtr area 1 virtual link 2 transmit dela...

Page 1293: ...ault metric is none and the default type is 2 Command Mode Router OSPFv3 Configuration mode User Guidelines This command has no user guidelines Example The following example controls the advertisement of default routes by defining a metric value of 100 and metric type 2 console config ipv6 router ospf console config rtr default information originate metric 100 metric type 2 default metric Use the ...

Page 1294: ...rtr default metric 100 distance ospf The distance ospf command sets the preference values of OSPF route types in the router Lower route preference values are preferred when determining the best route The type of OSPF route can be intra inter external All the external type routes are given the same preference value Use the no form of this command to reset the preference values to the default Syntax...

Page 1295: ...ample sets a route preference value of 100 for intra OSPF in the router console config ipv6 router ospf console config rtr distance ospf intra 100 enable Use the enable command in Router OSPFv3 Configuration mode to enable administrative mode of OSPF in the router active Syntax enable no enable Default Configuration Enabled is the default state Command Mode Router OSPFv3 Configuration mode User Gu...

Page 1296: ...g to leave the Overflow State This allows the router to originate non default AS external LSAs again When set to 0 the router will not leave Overflow State until restarted Syntax exit overflow interval seconds no exit overflow interval seconds Exit overflow interval for OSPF Range 0 2147483647 Default Configuration 0 is the default value for seconds Command Mode Router OSPFv3 Configuration mode Us...

Page 1297: ...ternal LSDB limit MUST be set identically in all routers attached to the OSPF backbone and or any regular OSPF area Syntax external lsdb limit limit no external lsdb limit limit External LSDB limit for OSPF Range 1 2147483647 Default Configuration 1 is the default value for limit Command Mode Router OSPFv3 Configuration mode User Guidelines This command has no user guidelines Example The following...

Page 1298: ...v6 ospf area Use the ipv6 ospf area areaid command in Interface Configuration mode to set the OSPF area to which the specified router interface belongs Syntax ipv6 ospf area areaid no ipv6 ospf area areaid areaid Is a 32 bit integer formatted as a 4 digit dotted decimal number or a decimal value It uniquely identifies the area to which the interface connects Assigning an area id which does not exi...

Page 1299: ...terface Configuration mode to configure the cost on an OSPF interface Use the no form of the command to return the cost to the default value Syntax ipv6 ospf cost interface cost no ipv6 ospf cost interface cost Specifies the cost link state metric of the OSPF interface Range 1 65535 Default Configuration 10 is the default link state metric configuration Command Mode Interface Configuration VLAN mo...

Page 1300: ...own The value for the length of time must be the same for all routers attached to a common network This value should be some multiple of the Hello Interval i e 4 Range 1 65535 Default Configuration 40 seconds is the default value of seconds Command Mode Interface Configuration VLAN Tunnel Loopback mode User Guidelines This command has no user guidelines Example The following example sets the OSPF ...

Page 1301: ...VLAN Tunnel Loopback mode User Guidelines This command has no user guidelines Example The following example sets the OSPF hello interval at 15 seconds console config interface vlan 15 console config if vlan15 ipv6 ospf hello interval 15 ipv6 ospf mtu ignore Use the ipv6 ospf mtu ignore command in Interface Configuration mode to disable OSPF maximum transmission unit MTU mismatch detection Use the ...

Page 1302: ... Example The following example disables OSPF maximum transmission unit MTU mismatch detection console config interface vlan 15 console config if vlan15 ipv6 ospf mtu ignore ipv6 ospf network Use the ipv6 ospf network command in Interface Configuration mode to change the default OSPF network type for the interface Use the no form of the command to return the network setting to the default value Syn...

Page 1303: ...following example changes the default OSPF network type to point to point console config interface vlan 15 console config if vlan15 ipv6 ospf network point to point ipv6 ospf priority Use the ipv6 ospf priority command in Interface Configuration mode to set the OSPF priority for the specified router interface Use the no form of the command to return the priority to the default value Syntax ipv6 os...

Page 1304: ...al seconds no ipv6 ospf retransmit interval seconds The number of seconds between link state advertisement retransmissions for adjacencies belonging to this router interface This value is also used when retransmitting database description and link state request packets Range 0 to 3600 seconds Default Configuration 5 seconds is the default value Command Mode Interface Configuration VLAN Tunnel Loop...

Page 1305: ...e Range 1 to 3600 seconds Default Configuration No default value Command Mode Interface Configuration VLAN Tunnel Loopback mode User Guidelines This command has no user guidelines Example The following example sets the OSPF Transmit Delay at 100 seconds for VLAN 15 console config interface vlan 15 console config if vlan15 ipv6 ospf transmit delay 100 ipv6 router ospf Use the ipv6 router ospf comma...

Page 1306: ...v3 console config ipv6 router ospf maximum paths Use the maximum paths command in Router OSPFv3 Configuration mode to set the number of paths that OSPF can report for a given destination Syntax maximum paths maxpaths no maximum paths maxpaths Number of paths that can be reported Range 1 2 Default Configuration 2 is the default value for maxpaths Command Mode Router OSPFv3 Configuration mode User G...

Page 1307: ...s that OSPF should only perform a graceful restart when the restart is planned i e when the restart is a result of the initiate failover command Default Configuration Graceful restart is disabled by default Command Mode Router OSPFv3 Configuration mode User Guidelines Graceful restart works in concert with nonstop forwarding to enable the hardware to continue forwarding IPv6 packets using OSPFv3 r...

Page 1308: ... prevent OSPF from acting as a helpful neighbor Syntax nsf helper planned only no nsf helper planned only This keyword indicates that OSPF should only help a restarting router performing a planned restart Default Configuration OSPF may act as a helpful neighbor for both planned and unplanned restarts Command Mode Router OSPFv3 Configuration mode User Guidelines The grace LSA announcing the gracefu...

Page 1309: ... change occurs Command Mode Router OSPFv3 Configuration mode User Guidelines The restarting router is unable to react to topology changes In particular the restarting router will not immediately update its forwarding table therefore a topology change may introduce forwarding loops or black holes that persist until the graceful restart completes By exiting the graceful restart on a topology change ...

Page 1310: ...n The default restart interval is 120 seconds Command Mode Router OSPFv3 Configuration mode User Guidelines The grace period must be set long enough to allow the restarting router to reestablish all of its adjacencies and complete a full database exchange with each of those neighbors passive interface Use the passive interface command to set the interface or tunnel as passive It overrides the glob...

Page 1311: ... mode by default for all interfaces It overrides any interface level passive mode Use the no form of this command to disable the global passive mode by default for all interfaces Any interface previously configured to be passive reverts to non passive mode Syntax passive interface default no passive interface default Default Configuration Global passive mode is disabled by default Command Mode Rou...

Page 1312: ...16777214 tag Tag Range 0 4294967295 Default Configuration 2 is the default value for metric type 0 for tag Command Mode Router OSPFv3 Configuration mode User Guidelines This command has no user guidelines Example The following example configures the OSPFv3 protocol to allow redistribution of routes from the specified source protocol routers console config ipv6 router ospf console config rtr redist...

Page 1313: ... decimal number identifying the Router OSPF ID as 2 3 4 5 console config ipv6 router ospf console config rtr router id 2 3 4 5 show ipv6 ospf Use the show ipv6 ospf command in Privileged EXEC mode to display information relevant to the OSPF router Syntax show ipv6 ospf area id area id Identifier for the OSPF area being displayed Default Configuration This command has no default configuration Comma...

Page 1314: ...th This value is used to determine the OSPF metric on its interfaces The reference bandwidth is divided by the interface speed to compute the metric Default Passive Setting When enabled OSPF interfaces are passive by default Maximum Paths Shows the maximum number of paths that OSPF can report for a given destination Default Metric Default metric for redistributed routes Default Route Advertise Whe...

Page 1315: ... the stub router To restore OSPF to normal operation resolve the condition that caused the resource overload then disable and reenable OSPF globally External LSDB Overflow OSPF enters this state when the number of external LSAs exceeds a configured limit as described in RFC 1765 External LSA Count Shows the number of external LS type 5 link state advertisements in the link state database External ...

Page 1316: ...il a graceful restart expires Only non zero when the router is in graceful restart NSF Restart Exit Reason The reason the previous graceful restart ended Possible values are Not attempted In progress Completed Timed out Topology change and Manual clear NSF Helper Support Whether this router is configured to act as a graceful restart helpful neighbor Possible values are Helper Support Always Disabl...

Page 1317: ... FALSE Metric Metric Type External Type 2 NSF Support Disabled NSF Restart Interval 120 seconds NSF Helper Support Always NSF Helper Strict LSA Checking Enabled show ipv6 ospf abr This command displays the internal OSPFv3 routes to reach Area Border Routers ABR This command takes no options Syntax show ipv6 ospf abr Default Configuration This command has no default configuration Command Mode User ...

Page 1318: ...a areaid areaid Identifier for the OSPF area being displayed Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays information about area 1 console show ipv6 ospf area 1 AreaID 0 0 0 1 External Routing Import Extern...

Page 1319: ...modes User Guidelines This command has no user guidelines Example console show ipv6 ospf asbr Type Router Id Cost Area ID Next Hop Next Hop Intf INTRA 1 1 1 1 10 0 0 0 1 FE80 213 C4FF FEDB 6C41 vlan10 INTRA 4 4 4 4 10 0 0 0 1 FE80 210 18FF FE82 8E1 vlan12 show ipv6 ospf border routers Use the show ipv6 ospf command to display internal OSPFv3 routes to reach Area Border Routers ABR and Autonomous S...

Page 1320: ...refix router unknown area as link link state id adv router router id self originate area id Identifies a specific OSPF area for which link state database information will be displayed external Displays the external LSAs inter area Displays the inter area LSAs link Displays the link LSAs network Displays the network LSAs nssa external Displays NSSA external LSAs prefix Displays intra area Prefix LS...

Page 1321: ...6E R B Network Link States Area 0 0 0 0 Adv Router Link Id Age Sequence Csum Options Rtr Opt 2 2 2 2 636 636 80000001 8B0D V6E R Inter Network States Area 0 0 0 0 Adv Router Link Id Age Sequence Csum Options Rtr Opt 1 1 1 1 1 323 80000001 3970 2 2 2 2 1 322 80000001 1B8A 1 1 1 1 2 293 80000001 3529 2 2 2 2 2 375 80000001 FC5E Link States Area 0 0 0 0 Adv Router Link Id Age Sequence Csum Options Rt...

Page 1322: ...tes Area 0 0 0 1 Adv Router Link Id Age Sequence Csum Options Rtr Opt 1 1 1 1 634 441 80000003 B877 V6E R 2 2 2 2 634 433 80000003 FE6E V6E R Intra Prefix States Area 0 0 0 1 Adv Router Link Id Age Sequence Csum Options Rtr Opt 1 1 1 1 0 6 8000003A 37C4 2 2 2 2 0 1 8000004F 439A 1 1 1 1 10634 434 80000002 440A show ipv6 ospf database database summary Use the show ipv6 ospf database database summar...

Page 1323: ... Router 0 Network 0 Inter area Prefix 0 Inter area Router 0 Type 7 Ext 0 Link 0 Intra area Prefix 0 Link Unknown 0 Area Unknown 0 AS Unknown 0 Type 5 Ext 0 Self Originated Type 5 Ext 0 Total 0 show ipv6 ospf interface Use the show ipv6 ospf interface command in Privileged EXEC mode to display the information for the IFO object or virtual interface tables Syntax show ipv6 ospf interface interface t...

Page 1324: ...interface vlan 11 IP Address 11 11 11 11 ifIndex 1 OSPF Admin Mode Enable OSPF Area ID 0 0 0 0 Router Priority 1 Retransmit Interval 5 Hello Interval 10 Dead Interval 40 LSA Ack Interval 1 Iftransit Delay Interval 1 Authentication Type None Metric Cost 10 computed OSPF Mtu ignore Disable OSPF cannot be initialized on this interface show ipv6 ospf interface brief Use the show ipv6 ospf interface br...

Page 1325: ... Router Int Int Int Retrax Ack Interface Mode Area ID Prior Cost Val Val Val Delay Intval show ipv6 ospf interface stats Use the show ipv6 ospf interface stats command in User EXEC mode to display the statistics for a specific interface The command only displays information if OSPF is enabled Syntax show ipv6 ospf interface stats vlan vlan id vlan id Valid VLAN ID Default Configuration This comman...

Page 1326: ...kets 1013 Received Packets 893 Discards 48 Bad Version 0 Virtual Link Not Found 9 Area Mismatch 39 Invalid Destination Address 0 No Neighbor at Source Address 0 Invalid OSPF Packet Type 0 Packet Type Sent Received Hello 295 219 Database Description 10 14 LS Request 4 4 LS Update 521 398 LS Acknowledgement 209 282 show ipv6 ospf interface vlan Use the show ipv6 ospf interface vlan command in Privil...

Page 1327: ... Interval 40 LSA Ack Interval 1 Iftransit Delay Interval 1 Authentication Type None Metric Cost 10 computed OSPF Mtu ignore Disable OSPF Interface Type broadcast State backup designated router Designated Router 1 1 1 1 Backup Designated Router 2 2 2 2 Number of Link Events 46 show ipv6 ospf neighbor Use the show ipv6 ospf neighbor command in Privileged EXEC mode to display information about OSPF n...

Page 1328: ...de Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Examples The following examples display information about OSPF neighbors in the first case in a summary table and in the second in a table specific to tunnel 1 console show ipv6 ospf neighbor Router ID Priority Intf Interface State Dead ID Time console show ipv6 ospf neighbor interface tunnel 1...

Page 1329: ...tion This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays information about the area ranges for area 1 console show ipv6 ospf range 1 Area ID IPv6 Prefix Prefix Length Lsdb Type Advertisement show ipv6 ospf stub table Use the show ipv6 ...

Page 1330: ...10 Normal 1 Enable show ipv6 ospf virtual links Use the show ipv6 ospf virtual links command in Privileged EXEC mode to display the OSPF Virtual Interface information for a specific area and neighbor or for all areas in the system Syntax show ipv6 ospf virtual link area id neighbor id brief area id Identifies the OSPF area whose virtual interface information is being displayed neighbor id Router I...

Page 1331: ...al 5 State point to point Metric 10 Neighbor State Full show ipv6 ospf virtual link brief Use the show ipv6 ospf virtual link brief command in Privileged EXEC mode to display the OSPFV3 Virtual Interface information for all areas in the system Syntax show ipv6 ospf virtual link brief Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mod...

Page 1332: ...1332 OSPFv3 Commands console config show ipv6 ospf virtual link brief Hello Dead Retransmit Transit Area ID Neighbor Interval Interval Interval Delay ...

Page 1333: ...e host does not have to wait for the next periodic message Router discovery enables hosts to select from among multiple default gateways and switch to a different default gateway if an initially designated gateway goes down Commands in this Chapter This chapter explains the following commands ip irdp Use the ip irdp command in Interface Configuration mode to enable Router Discovery on an interface...

Page 1334: ...nimum time in seconds allowed between sending router advertisements from the interface Range 3 to value of maximum advertisement interval in seconds preference number Preference of the address as a default router address relative to other router addresses on the same subnet Range 2147483648 to 2147483647 address address IP address for router discovery advertisements Range 224 0 0 1 all hosts IP mu...

Page 1335: ... integer Integer value in seconds of the holdtime field of the router advertisement sent from this interface The holdtime must be no less than the maximum advertisement interval and cannot be greater than 9000 seconds Default Configuration The holdtime defaults to 3 times the maximum advertisement interval Command Mode Interface Configuration VLAN mode User Guidelines The holdtime is the length of...

Page 1336: ...Configuration VLAN mode User Guidelines The default values of the minimum advertisement interval and the holdtime depend on the value of the maximum advertisement interval Setting the maximum advertisement interval changes the minimum advertisement interval and holdtime if those values are at their defaults so the maximum advertisement interval should always be set first If the minimum advertiseme...

Page 1337: ...p minadvertinterval integer no ip irdp minadvertinterval integer Minimum time in seconds allowed between sending router advertisements from the interface Range 3 to value of maximum advertisement interval in seconds Default Configuration The default value is 0 75 times the maximum advertisement interval Command Mode Interface Configuration VLAN mode User Guidelines This command has no user guideli...

Page 1338: ...ode User Guidelines If a subnet includes any hosts that do not accept IP multicast packets send router advertisements to the limited broadcast address Example The following example configures router discovery to send to the limited broadcast address console config interface vlan 15804 Router Discovery Protocol Commands www d e l l c om s u p p o r t d e l l com console config if vlan15 no ip irdp ...

Page 1339: ...Configuration VLAN mode User Guidelines This command has no user guidelines Example The following example sets the ip irdp preference to 1000 for VLAN 15 console config interface vlan 15 console config if vlan15 ip irdp preference 1000 show ip irdp Use the show ip irdp command in Privileged EXEC mode to display the router discovery information for all interfaces or for a specified interface Syntax...

Page 1340: ...e and all Configuration submodes User Guidelines This command has no user guidelines Example The following example shows router discovery information for VLAN 15 console show ip irdp vlan 15 Interface Ad Mode Advertise Address Max Int Min Int Hold Time Preference vlan15 Enable 224 0 0 1 600 450 1800 0 ...

Page 1341: ... usefulness is limited to moderately sized networks whose physical interconnections are of similar type and speed Dell Networking routing supports RIPv2 as specified in RFC 2453 Commands in this Chapter This chapter explains the following commands auto summary Use the auto summary command in Router RIP Configuration mode to enable the RIP auto summarization mode Use the no form of the command to d...

Page 1342: ...delines Example console config router auto summary default information originate Router RIP Configuration Use the default information originate command in Router RIP Configuration mode to control the advertisement of default routes Syntax default information originate no default information originate Default Configuration The default configuration is no default information originate Command Mode R...

Page 1343: ...ommand in Router RIP Configuration mode to set a default for the metric of distributed routes Use the no form of the command to return the metric to the default value Syntax default metric number value no default metric number value Metric for the distributed routes Range 1 15 Default Configuration Default metric is not configured by default Command Mode Router RIP Configuration mode User Guidelin...

Page 1344: ...1 255 Default Configuration 15 is the default configuration Command Mode Router RIP Configuration mode User Guidelines This command has no user guidelines Example The following example sets the route preference value of RIP in the router at 100 console config router distance rip 100 distribute list out Use the distribute list out command in Router RIP Configuration mode to specify the access list ...

Page 1345: ...kets come from a directly connected route Default Configuration This command has no default configuration Command Mode Router RIP Configuration mode User Guidelines This command has no user guidelines Example The following example elects access list ACL40 to filter routes received from the source protocol console config router distribute list ACL40 out static enable Use the enable command in Route...

Page 1346: ...stroutesaccept Use the hostroutesaccept command in Router RIP Configuration mode to enable the RIP hostroutesaccept mode Use the no form of the command to disable the RIP hostroutesaccept mode Syntax hostroutesaccept no hostroutesaccept Default Configuration Enabled is the default configuration Command Mode Router RIP Configuration mode User Guidelines This command has no user guidelines Example c...

Page 1347: ...elines This command has no user guidelines Example console config if vlan2 ip rip console config if vlan2 no ip rip ip rip authentication Use the ip rip authentication command in Interface Configuration Mode to set the RIP Version 2 Authentication Type and Key for the specified VLAN Use the no form of the command to return the authentication to the default value Syntax ip rip authentication none s...

Page 1348: ... 2 Authentication Type and Key for VLAN 11 console config if vlan11 ip rip authentication encrypt pass123 35 ip rip receive version Use the ip rip receive version command in Interface Configuration mode to configure the interface to allow RIP control packets of the specified version s to be received Use the no form of the command to return the version to the default value Syntax ip rip receive ver...

Page 1349: ... version command in Interface Configuration mode to configure the interface to allow RIP control packets of the specified version to be sent Use the no form of the command to return the version to the default value Syntax ip rip send version rip1 rip1c rip2 none no ip rip send version rip1 Send RIP version 1 formatted packets rip1c Send RIP version 1 compatibility mode which sends RIP version 2 fo...

Page 1350: ...edistribute ospf redistribute static connected metric integer metric integer Specifies the metric to use when redistributing the route Range 0 15 match internal Adds internal matches to any match types presently being redistributed match external 1 Adds routes imported into OSPF as Type 1 external routes into any match types presently being redistributed match external 2 Adds routes imported into ...

Page 1351: ...nsole config router redistribute ospf metric 10 match nssa external 1 console config router redistribute connected metric 1 router rip Use the router rip command in Global Configuration mode to enter Router RIP mode Syntax router rip Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The...

Page 1352: ...nfiguration submodes User Guidelines This command has no user guidelines Example The following example displays information relevant to the RIP router console show ip rip RIP Admin Mode Enable Split Horizon Mode Simple Auto Summary Mode Enable Host Routes Accept Mode Enable Global route changes 0 Global queries 0 Default Metric 12 Default Route Advertise 0 Redistributing Source Connected Metric 2 ...

Page 1353: ...configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays information related to the VLAN 15 RIP interface console show ip rip interface vlan 15 Interface 15 IP Address Send version RIP 2 Receive version Both RIP Admin Mode Disable Link State Authentication Type MD5 Au...

Page 1354: ...EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays general information for each RIP interface console show ip rip interface brief Send Receive RIP Link Interface IP Address Version Version Mode State vlan1 0 0 0 0 RIP 2 Both Disable Down vlan2 0 0 0 0 RIP 2 Both Disable Down split horizon Use the sp...

Page 1355: ...ing loops poison RIP uses split horizon with poison reverse increases routing packet update size Default Configuration Simple is the default configuration Command Mode Router RIP Configuration mode User Guidelines This command has no user guidelines Example The following example does not use split horizon console config router split horizon none ...

Page 1356: ...1356 Routing Information Protocol Commands ...

Page 1357: ...platform limitation to the number of tunnel interfaces available to the entire system To support IPv4 to IPv6 transition Dell Networking supports configured tunnels RFC 4213 and automatic 6to4 tunnels RFC 3056 6to4 tunnels are automatically formed for IPv4 tunnels carrying IPv6 traffic The automatic tunnels IPv4 destination address is derived from the 6to4 IPv6 address of the tunnel s next hop Del...

Page 1358: ...guration Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The following example enables the interface configuration mode for tunnel 1 console config interface tunnel 1 console config if tunnel1 show interfaces tunnel Use the show interfaces tunnel command in Privileged EXEC mode to display the parameters related to tunnel such as tunnel mode tunnel...

Page 1359: ...sole show interfaces tunnel 1 Interface Link Status down MTU size 1480 bytes console show interfaces tunnel TunnelId Interface TunnelMode SourceAddress DestinationAddress 1 tunnel 1 IPv6OVER4 10 254 25 14 10 254 25 10 2 tunnel 2 IPv6OVER4 10 254 20 10 tunnel destination Use the tunnel destination command in Interface Configuration mode to specify the destination transport address of the tunnel Syn...

Page 1360: ...unnel mode ipv6ip command in Interface Configuration mode to specify the mode of the tunnel Syntax tunnel mode ipv6ip 6to4 no tunnel mode 6to4 Sets the tunnel mode to automatic Default Configuration This command has no default configuration Command Mode Interface Configuration Tunnel mode User Guidelines This command has no user guidelines Example The following example specifies ipv6ip mode for tu...

Page 1361: ... source ip address Valid IPv4 address interface type Valid interface type VLAN is the only type supported interface number Valid interface number Default Configuration This command has no default configuration Command Mode Interface Configuration Tunnel mode User Guidelines This command has no user guidelines Example The following example specifies VLAN 11 as the source transport address of the tu...

Page 1362: ...1362 Tunnel Interface Commands ...

Page 1363: ...s elected in its place and starts handling traffic sent to the address This change is transparent to end stations VRRP increases the availability of the default path without requiring configuration of dynamic routing or router discovery protocols on every end station Multiple virtual routers can be defined on a single router interface Pingable VRRP Interface RFC 3768 specifies that a router may on...

Page 1364: ...ponds to ICMP Echo Requests When Echo Replies are disabled using that option the VRRP master does not respond to Echo Requests even if this new option is enabled VRRP Route Interface Tracking The VRRP Route Interface Tracking feature extends the capability of the Virtual Router Redundancy Protocol VRRP to allow tracking of specific route interface IP states within the router that can alter the pri...

Page 1365: ...ble entry exists for the route and the route is accessible For route tracking make VRRP a best route client of RTO When a tracked route is added or deleted change the priority For simplicity routes are not distinguished with the next hop interface that has VRRP enabled So VRRP Route Tracking can ignore route modifications Commands in this Chapter This chapter explains the following commands Virtua...

Page 1366: ...tion VRRP is disabled by default Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The following example enables VRRP protocol on the router console config ip vrrp vrrp accept mode Use the vrrp accept mode command in Interface VLAN Configuration mode to enable the VRRP Master to accept ping packets sent to one of the virtual router s IP addresses fr...

Page 1367: ...details value for the virtual router configured on a specified interface Use the no form of the command to return the authentication type to the default value Syntax vrrp group authentication none simple key no vrrp group authentication group The virtual router identifier Range 1 255 none Indicates authentication type is none simple Authentication type is a simple text password key The key for sim...

Page 1368: ...f the command Syntax vrrp group description text no vrrp group description group The virtual router identifier Range 1 255 text Description for the virtual router group up to 80 characters Default Configuration No description is present Command Mode Interface Configuration VLAN mode User Guidelines This command accepts any printable characters for the name Descriptions containing spaces must be wr...

Page 1369: ...s as a secondary IP address on an interface Default Configuration VRRP is not configured on the interface Command Mode Interface Configuration VLAN mode User Guidelines The virtual router IP addresses must be a valid host address on the local subnet based on the IP address and subnet mask configured on the VLAN interface The VRRP IP address cannot be either the broadcast address or a network addre...

Page 1370: ...168 5 20 console config if vlan15 vrrp 20 mode vrrp mode Use the vrrp mode command in Interface Configuration mode to enable the virtual router configured on an interface Enabling the status field starts a virtual router Use the no form of the command to disable the virtual router Syntax vrrp vr id mode no vrrp vr id mode vr id The virtual router identifier Range 1 255 Default Configuration Disabl...

Page 1371: ...ult Configuration Enabled is the default configuration Delay defaults to 0 seconds Command Mode Interface Configuration VLAN mode User Guidelines As per the VRRP RFC when preemption is enabled the backup router discards the advertisements until the masterdowntimer starts This feature requires immediate sending of advertisements when the preemption case occurs and the delay is 0 This is a violation...

Page 1372: ...ines The VRRP router with the highest numerical value for priority will become the VR master When the VRRP priorities are equal the router with the numerically highest IP address will win the election and become master If the VRRP router is the owner of the VR IP address its priority will be 255 and this value cannot be changed Example The following example sets the priority value for the virtual ...

Page 1373: ...ple The following example sets the frequency at which the VLAN 15 virtual router 5 sends a virtual router advertisement console config if vlan15 vrrp 5 timers advertise 10 vrrp timers learn Use the vrrp timers learn command in Interface Configuration mode to configure the router when it is acting as backup virtual router for a Virtual Router Redundancy Protocol VRRP group to learn the advertisemen...

Page 1374: ...acked interface is up if routing on that interface is up Otherwise the tracked interface is down When the tracked interface is down or the interface has been removed from the router the priority of the VRRP router will be decremented by the value specified in the priority argument When the interface is up for the IP protocol the priority will be incremented by the priority value A VRRP configured ...

Page 1375: ...aces are tracked The default decrement priority is 10 Command Mode Interface Configuration VLAN mode User Guidelines This command has no user guidelines Example The following example adds VLAN 2 to the virtual router tracked list with a priority decrement value of 20 config if vlan10 vrrp 1 track interface vlan 2 decrement 20 vrrp track ip route Use the vrrp track ip route command to track the rou...

Page 1376: ...ess prefix length group The virtual router identifier Range 1 255 ip address prefix length Specifies the route to be tracked priority Priority decrement value for the tracked route Range 1 254 Default Configuration There are no routes tracked by default The default decrement priority is 10 Command Mode Interface Configuration VLAN mode User Guidelines There are no user guidelines for this command ...

Page 1377: ...r Guidelines This command has no user guidelines Example The following example displays detailed VRRP status console show vrrp Admin Mode Enable Router Checksum Errors 0 Router Version Errors 0 Router VRID Errors 0 Vlan 7 Group 1 Primary IP Address 192 168 5 55 VMAC Address 0000 5E00 0101 Authentication Type None Priority 60 Configured Priority 100 Advertisement Interval secs 10 Accept Mode Enable...

Page 1378: ...Disable Description Track Interface vlan 3 Track Interface State Down Track Interface DecrementPriority 20 Track Route pfx len 10 10 10 0 24 Track Route Reachable False Track Route DecrementPriority 20 console show vrrp brief Interface Grp Prio IP Address Mode State V1 1 2 60 0 0 0 0 Disable Initialize V1 2 5 70 192 168 5 55 Enable Initialize show vrrp interface Use the show vrrp interface command...

Page 1379: ...er guidelines Example The following example displays all configuration information about the VLAN 15 virtual router console show vrrp interface vlan 7 Vlan 7 Group 1 Primary IP Address 192 168 5 55 VMAC Address 0000 5E00 0101 Authentication Type None Priority 100 Configured Priority 100 Advertisement Interval secs 10 Accept Mode Disable Pre empt Mode Enable Pre empt Delay 0 Administrative Mode Ena...

Page 1380: ...kets Received 0 Zero Priority Packets Sent 0 Invalid Type Packets Received 0 Address List Errors 0 Invalid Authentication Type 0 Authentication Type Mismatch 0 Packet Length Errors 0 show vrrp interface brief Use the show vrrp interface brief command in Privileged EXEC mode to display information about each virtual router configured on the switch It displays information about each virtual router S...

Page 1381: ... each virtual router configured on the switch Syntax show vrrp interface stats vlan vlan id vr id vlan id Valid VLAN ID vr id The virtual router identifier Range 1 255 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example di...

Page 1382: ...figuration mode to enable the VRRP Master to accept ping packets sent to one of the virtual router s IP addresses Use the no form of the command to disable responding to ping packets Syntax ip vrrp vrid accept mode no vrrp vrid accept mode vrid Virtual router identification Range 1 255 Default Configuration The default configuration is disabled Command Mode Interface Configuration VLAN mode User G...

Page 1383: ...ommand has no user guidelines Example The following example displays all configuration information about the VLAN 15 virtual router console show ip vrrp interface vlan2 1 Primary IP Address 10 10 10 1 VMAC Address 00 00 5E 00 01 01 Authentication Type None Priority 100 Configured Priority 100 Advertisement Interval secs 1 Pre empt Mode Enable Administrative Mode Disable Accept Mode Enable State In...

Page 1384: ...1384 Virtual Router Redundancy Protocol Commands ...

Page 1385: ...Packet Commands Terminal Length Commands CLI Macro Commands Mode Commands Sflow Commands Time Ranges Commands Clock Commands Password Management Commands SNMP Commands USB Flash Drive Commands Command Line Configuration Scripting Commands PHY Diagnostics Commands SSH Commands User Interface Commands Configuration and Image File Commands Power Over Ethernet Commands Syslog Commands Web Server Comma...

Page 1386: ...1386 Utility Commands ...

Page 1387: ... devices Auto Install is available on Dell Networking devices as per the specification listed below Auto Install features in this release include 1 Support download of image from TFTP server using DHCP option 125 The image update can result in a downgrade or upgrade of the firmware on the switch or stack of switches 2 Support for automatic download of a configuration file from a TFTP server when t...

Page 1388: ...ds boot auto copy sw Use the boot auto copy sw command in Privileged EXEC mode to enable or disable Stack Firmware Synchronization Use the no form of the command to disable Stack Firmware Synchronization Syntax boot auto copy sw no boot auto copy sw Default Configuration Stack firmware synchronization is enabled by default Command Mode Global Config boot auto copy sw boot auto copy sw allow downgr...

Page 1389: ...Enable Command Mode Global Configuration User Guidelines The configuration on the stack master switch controls the stack as if it is a single switch No configuration steps need to be taken on the member switches to downgrade the firmware Configuration migration during a downgrade is not assured The operator should ensure that the configuration can be downgraded before allowing the downgrade to occ...

Page 1390: ...ue is enabled Command Mode Global Configuration mode User Guidelines The configuration on the master switch controls the stack as if it is a single switch No configuration steps need to be taken on the member switches to enable rebooting the member switches after auto image download Example console console configure console config boot host autoreboot console config no boot host autoreboot boot ho...

Page 1391: ...to enable Auto Install and Auto Configuration on the switch When a switch boots with a saved startup configuration that includes this command the Auto Install process is triggered Use the no form of this command to disable Auto Install on the next reboot if the reboot occurs with a saved startup configuration If you give this command while the Auto Install process is running the Auto Install proce...

Page 1392: ...load a configuration Use the no form of this command to reset the number of attempts to download a configuration to the default Syntax boot host retrycount count no boot host retrycount count The number of attempts to download a configuration Range 1 6 Default Configuration The default number of configuration download attempts is three Command Mode Global Configuration mode User Guidelines This co...

Page 1393: ...default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines The show switch command also displays the switch firmware synchronization status Example console show auto copy sw Stack Firmware Synchronization Synchronization Enabled SNMP Trap status Enabled Allow Downgrade Enabled show boot Use the show boot command in Privileged EXEC mode...

Page 1394: ...mmand Mode Privileged EXEC Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console show boot AutoInstall Mode Started AutoSave Mode Enabled AutoReboot Mode Enabled AutoInstall Retry Count 3 AutoInstall State Waiting for boot options ...

Page 1395: ...ion Captive Portal can be configured to use an optional HTTP port in support of HTTP Proxy networks or an optional HTTPS port If configured this additional port or ports are then used exclusively by Captive Portal NOTE This optional HTTP port is in addition to the standard HTTP port 80 which is currently being used for all other web traffic and the optional HTTPS port is in addition to the standar...

Page 1396: ... interface client status show captive portal client status show captive portal interface configuration status show captive portal configuration client status clear captive portal users user logout no user user name show captive portal user user password user group user session timeout show captive portal configuration show captive portal configuration locales show captive portal configuration inte...

Page 1397: ...d to reset the authentication timeout to the default Syntax authentication timeout timeout no authentication timeout timeout The authentication timeout Range 60 600 seconds Default Configuration The default authentication timeout is 300 seconds Command Mode Captive Portal Configuration mode User Guidelines There are no user guidelines for this command Example console config CP authentication timeo...

Page 1398: ...ple console config captive portal console config CP enable Use the enable command to globally enable captive portal Use the no form of this command to globally disable captive portal Syntax enable no enable Default Configuration Captive Portal is disabled by default Command Mode Captive Portal Configuration mode User Guidelines There are no user guidelines for this command Example console config C...

Page 1399: ...65535 Default Configuration Captive portal only monitors port 80 by default Command Mode Captive Portal Configuration mode User Guidelines The port number should not be set to a value that might conflict with other well known protocol port numbers used on this switch Example console config CP http port 32768 console config CP no http port https port Use the https port command to configure an addit...

Page 1400: ... other well known protocol port numbers used on this switch Example console config CP https port 1443 console config CP no https port show captive portal Use the show captive portal command to display the status of the captive portal feature Syntax show captive portal Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Configuration mode and a...

Page 1401: ... for this command Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command Example console show captive portal status Additional HTTP Port 81 Additional HTTP Secure Port 1443 Authentication Timeout 300 Supported Captive Portals 10 Configured Captive Portals 1 Active Captive Portals 0 Local Supported Users 128 ...

Page 1402: ...nes There are no user guidelines for this command Example console config CP 2 block configuration Use the configuration command to enter the captive portal instance mode The captive portal configuration identified by CP ID 1 is the default CP configuration The system supports a total of ten CP configurations Use the no form of this command to delete a configuration The default configuration 1 cann...

Page 1403: ...onsole config CP configuration 2 console config CP 2 enable Use the enable command to enable a captive portal configuration Use the no form of this command to disable a configuration Syntax enable no enable Default Configuration Configurations are enabled by default Command Mode Captive Portal Instance mode User Guidelines There are no user guidelines for this command Example console config CP 2 n...

Page 1404: ...yntax group group number no group group number The number of the group to associate with this configuration Range 1 10 Default Configuration The default group number is 1 Command Mode Captive Portal Instance mode User Guidelines There are no user guidelines for this command Example console config CP 2 group 2 interface Use the interface command to associate an interface with a captive portal confi...

Page 1405: ...d to be a user command The administrator must use the Web UI to create and customize captive portal web content This command is primarily used by the show running config command and process as it provides the ability to save and restore configurations using a text based format Syntax locale web id web id The locale number Range Only locale 1 is supported Default Configuration Locale 1 is configure...

Page 1406: ...32 characters Default Configuration Configuration 1 has the name Default by default All other configurations have no name by default Command Mode Captive Portal Instance mode User Guidelines There are no user guidelines for this command Example console config CP 2 name cp2 protocol Use the protocol command to configure the protocol mode for a captive portal configuration Syntax protocol http https...

Page 1407: ... mode for a captive portal configuration Use the no form of this command to disable redirect mode Syntax redirect no redirect Default Configuration Redirect mode is disabled by default Command Mode Captive Portal Instance mode User Guidelines There are no user guidelines for this command Example console config CP 2 redirect redirect url Use the redirect url command to configure the redirect URL fo...

Page 1408: ... Example console config CP 2 redirect url www dell com session timeout Use the session timeout command to configure the session timeout for a captive portal configuration Use the no form of this command to reset the session timeout to the default Syntax session timeout timeout no session timeout timeout Session timeout 0 indicates timeout not enforced Range 0 86400 seconds Default Configuration Th...

Page 1409: ...nfiguration Syntax verification guest local radius guest Allows access for unauthenticated users users that do not have assigned user names and passwords local Authenticates users against a local user database radius Authenticates users against a remote RADIUS database Default Configuration The default verification mode is guest Command Mode Captive Portal Instance mode User Guidelines There are n...

Page 1410: ...fault configuration for this command Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example console captive portal client deauthenticate 0002 BC00 1290 show captive portal client status Use the show captive portal client status command to display client connection details or a connection summary for connected captive portal users Syntax show captive...

Page 1411: ...ow captive portal client 0002 BC00 1290 status Client MAC Address 0002 BC00 1290 Client IP Address 10 254 96 47 Protocol Mode https Verification Mode Local CP ID 1 CP Name cp1 Interface 1 0 1 Interface Description Unit 1 Slot 0 Port 1 Gigabit Level User Name user123 Session Time 0d 00 00 13 show captive portal configuration client status Use the show captive portal configuration client status comm...

Page 1412: ...e portal configuration 1 client status CP ID 1 CP Name cp1 Client Client MAC Address IP Address Interface Interface Description 0002 BC00 1290 10 254 96 47 1 0 1 Unit 1 Slot 0 Port 1 Gigabit 0002 BC00 1291 10 254 96 48 1 0 2 Unit 1 Slot 0 Port 2 Gigabit show captive portal interface client status Use the show captive portal interface client status command to display information about clients authe...

Page 1413: ...it 0002 BC00 1293 10 254 96 50 console show captive portal interface 1 0 1 client status Interface 1 0 1 Interface Description Unit 1 Slot 0 Port 1 Gigabit Client Client MAC Address IP Address CP ID CP Name Protocol Verification 0002 BC00 1290 10 254 96 47 1 cp1 http local 0002 BC00 1291 10 254 96 48 2 cp2 http local Captive Portal Interface Commands show captive portal interface configuration sta...

Page 1414: ... ID CP Name Interface Interface Description Type 1 Default 1 0 1 Unit 1 Slot 0 Port 1 Gigabit Physical console show captive portal interface configuration 1 status CP ID 1 CP Name cp1 Interface Interface Description Type 1 0 1 Unit 1 Slot 0 Port 1 Gigabit Physical Captive Portal Local User Commands clear captive portal users Use the clear captive portal users command to delete all captive portal u...

Page 1415: ...n existing session it is disconnected Syntax no user user id user id User ID Range 1 128 Default Configuration There is no default configuration for this command Command Mode Captive Portal Configuration mode User Guidelines There are no user guidelines for this command Example console config CP no user 1 show captive portal user Use the show captive portal user command to display all configured u...

Page 1416: ...nsole show captive portal user Session User ID User Name Timeout Group ID Group Name 1 user123 14400 1 Default 2 user234 0 1 Default 2 group2 console show captive portal user 1 User ID 1 User Name user123 Password Configured Yes Session Timeout 0 Group ID Group Name 1 Default 2 group2 user group Use the user group command to associate a group with a captive portal user Use the no form of this comm...

Page 1417: ...e no user guidelines for this command Example console config CP user 1 group 3 user logout Use the user logout command in Captive Portal Instance mode to enable captive portal users to log out of the portal versus having the session time out Use the no form of the command to return the user logout configuration to the default Syntax user logout no user logout Default Configuration User logout is d...

Page 1418: ...guration 1 console config CP 1 user logout console config CP 1 no user logout user name Use the user name command to modify the user name for a local captive portal user Syntax user user id name name user id User ID Range 1 128 name user name Range 1 32 characters Default Configuration There is no name for a user by default Command Mode Captive Portal Configuration mode User Guidelines There are n...

Page 1419: ... There are no users configured by default Command Mode Captive Portal Configuration mode User Guidelines There are no user guidelines for this command Example console Config CP user 1 password Enter password 8 to 64 characters Re enter password user session timeout Use the user session timeout command to set the session timeout value for a captive portal user Use the no form of this command to res...

Page 1420: ...imeout 86400 console config CP no user 1 session timeout Captive Portal Status Commands show captive portal configuration Use the show captive portal configuration command to display the operational status of each captive portal configuration Syntax show captive portal configuration cp id cp id Captive Portal ID Default Configuration There is no default configuration for this command Command Mode ...

Page 1421: ...tion or about a specific interface assigned to a captive portal configuration Syntax show captive portal configuration cp id interface gigabitethernet unit slot port tengigabitethernet unit slot port fortygigabitethernet unit slot port cp id Captive Portal ID Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Configuration mode and all Config...

Page 1422: ...ptive portal configuration locales Use the show captive portal configuration locales command to display locales associated with a specific captive portal configuration Syntax show captive portal configuration cp id locales cp id Captive Portal Configuration ID Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode Configuration mode and all Confi...

Page 1423: ...figuration for this command Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command Example console show captive portal configuration status CP ID CP Name Mode Protocol Verification 1 cp1 Enable https Guest 2 cp2 Enable http Local 3 cp3 Disable https Guest console show captive portal configuration 1 status CP...

Page 1424: ...ID Range 1 10 Default Configuration User group 1 is created by default and cannot be deleted Command Mode Captive Portal Configuration mode User Guidelines There are no user guidelines for this command Example console config CP user group 2 console config CP no user group 2 user group moveusers Use the user group moveusers command to move a group s users to a different group Syntax user group grou...

Page 1425: ... CP user group 2 moveusers 3 user group name Use the user group name command to configure a group name Syntax user group group id name name group id Group ID Range 1 10 name Group name Range 1 32 characters Default Configuration User groups have no names by default Command Mode Captive Portal Configuration mode User Guidelines There are no user guidelines for this command Example console config CP...

Page 1426: ...1426 Captive Portal Commands ...

Page 1427: ... Macros the predefined macros which cannot be changed or deleted User Defined Macros or Custom Macros the macros which allow the operator to bundle some prerequisites or global configurations as a macro and then apply them to one or more interfaces at a time which can then be copied or used by other switches Up to 50 user defined macros are supported The software includes 6 built in macros profile...

Page 1428: ...to delete a macro Syntax macro name name no macro name name name The name of the macro A macro name can consist of any printable characters including blanks A macro name may be up to 31 characters in length Embed the name in quotes if a blank is desired in the name Use the no form of the command to delete a macro Default Configuration The following macros are defined by default and may not be dele...

Page 1429: ... interfaces or to the global configuration Up to 50 user defined macros may be configured macro global apply Use the macro global apply command in Global Configuration mode to apply a macro Syntax macro global apply macro name parameter value parameter value parameter value macro name The name of the macro parameter The name of the parameter recognized by the macro The parameter must begin with a ...

Page 1430: ...ach line of the macro as it is executed and list any errors encountered Syntax macro global trace macro name parameter value parameter value parameter value macro name The name of the macro parameter The name of the parameter recognized by the macro The parameter must begin with a dollar sign value The string to be substituted within the macro for the specified parameter name Default Configuration...

Page 1431: ... description Default Configuration There is no description by default Command Mode Global Configuration mode User Guidelines This command is intended to give the administrator an easy way to remember which macros have been applied globally All text up to the new line is included in the description The line is appended to the global description macro apply Use the macro apply command in Interface C...

Page 1432: ...d in Interface Configuration mode to apply and trace a macro The command will display each line of the macro as it is executed and list any errors encountered Syntax macro trace macro name parameter value parameter value parameter value no macro name name macro name The name of the macro parameter The name of the parameter recognized by the macro The parameter must begin with a dollar sign value T...

Page 1433: ...ro description line line The macro description All text up to the new line is included in the description Default Configuration There is no description by default Command Mode Interface Configuration mode User Guidelines This command is intended to give the administrator an easy way to remember which macros have been applied to an interface All text up to the new line is included in the descriptio...

Page 1434: ...ding its contents macro The name of the macro to display interface id The interface for which to show the macro description Default Configuration No parameters are substituted unless supplied on the command line Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command ...

Page 1435: ...implementations can operate as either a client or a server To an NTP or SNTP server NTP and SNTP clients are indistinguishable Likewise to an NTP or SNTP client NTP and SNTP servers are indistinguishable Furthermore any version of NTP is compatible with any other version of NTP Dell Networking SNTP implements the client side of SNTP Support for IPv6 address configuration is provided to the existin...

Page 1436: ...etwork Time Protocol SNTP Syntax show sntp configuration Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines show sntp configuration sntp trusted key show sntp server sntp unicast client enable show sntp status clock timezone hours offset sntp authenti...

Page 1437: ...rver Key Polling Priority 10 27 128 21 Disabled Enabled 1 show sntp server Use the show sntp server command in Privileged EXEC mode to display the preconfigured SNTP servers The configured servers can be either IPv4 or IPv6 format Syntax show sntp server Default Configuration This command has no default configuration Command Mode Privileged EXEC Configuration mode and all Configuration submodes Us...

Page 1438: ...0 2009 Last Update Status Success Total Unicast Requests 955 Failed Unicast Requests 1 More or q uit Host Address 3 north america pool ntp org Address Type DNS Priority 1 Version 4 Port 123 Last Update Time Dec 22 07 30 31 2009 Last Attempt Time Dec 22 07 32 41 2009 Last Update Status Server Unsynchronized Total Unicast Requests 157 Failed Unicast Requests 2 show sntp status Use the show sntp stat...

Page 1439: ...w sntp status Client Mode Unicast Last Update Time MAR 30 21 21 20 2009 Unicast servers Server Status Last response 192 168 0 1 Up 21 21 20 Mar 30 2009 sntp authenticate Use the sntp authenticate command in Global Configuration mode to require server authentication for received Network Time Protocol NTP traffic To disable the feature use the no form of this command Syntax sntp authenticate no sntp...

Page 1440: ...n mode to define an authentication key for Simple Network Time Protocol SNTP To remove the authentication key for SNTP use the no form of this command Syntax sntp authentication key key number md5 value no sntp authentication key number key number number Range 1 4294967295 value value Range 1 8 characters Default value No authentication is defined Command Mode Global Configuration mode User Guidel...

Page 1441: ...figuration The SNTP Broadcast client is disabled Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The following example enables a Simple Network Time Protocol SNTP Broadcast client console config sntp broadcast client enable sntp client poll timer Use the sntp client poll timer command in Global Configuration mode to set the polling time for the Si...

Page 1442: ...ds console config sntp client poll timer 1024 sntp server Use the sntp server command in Global Configuration mode to configure an SNTP server address or a host name The server address can be either an IPv4 address or an IPv6 address Use the no form of this command to unconfigure an SNTP server address or a host name Syntax sntp server ip address ipv6 address hostname no sntp server ip address ipv...

Page 1443: ...k Time Protocol SNTP will synchronize To disable authentication of the identity of the system use the no form of this command Syntax sntp trusted key key number no sntp trusted key key number key number Key number of authentication key to be trusted Range 1 4294967295 Default Configuration No keys are trusted Command Mode Global Configuration mode User Guidelines This command is relevant for both ...

Page 1444: ...ode User Guidelines Use the sntp server command to define SNTP servers Examples The following example enables the device to use Simple Network Time Protocol SNTP to request and accept SNTP traffic from servers console config sntp unicast client enable clock timezone hours offset Use the clock timezone hours offset minutes minutes offset zone acronym command to set the offset to Coordinated Univers...

Page 1445: ... User Guidelines No specific guidelines Example console config clock timezone 5 minutes 30 zone IST no clock timezone Use the no clock timezone command to reset the time zone settings Syntax no clock timezone Default Configuration This command has no default configuration Command Mode Global Configuration User Guidelines This command has no specific user guidelines Example console config no clock ...

Page 1446: ...Week of the month Range 1 5 first last day Day of the week Range The first three letters by name sun for example month Month Range The first three letters by name jan for example hh mm Time in 24 hour format in hours and minutes Range hh 0 23 mm 0 59 offset Number of minutes to add during the summertime Range 1 1440 acronym The acronym for the time zone to be displayed when summertime is in effect...

Page 1447: ...onth Month Range The first three letters by name jan for example year Year Range 2000 2097 hh mm Time in 24 hour format in hours and minutes Range hh 0 23 mm 0 59 offset Number of minutes to add during the summertime Range 1 1440 acronym The acronym for the time zone to be displayed when summertime is in effect Range Up to four characters Default Configuration This command has no default configura...

Page 1448: ...s No specific guidelines Example console config no clock summer time show clock Use the show clock command in Privileged EXEC or User EXEC mode to display the time and date from the system clock Use the show clock detail command to show the time zone and summertime configuration Syntax show clock detail Default Configuration This command has no default configuration Command Mode User EXEC Privileg...

Page 1449: ... date timezone and summertime configuration console show clock detail 15 29 03 PDT UTC 7 Jun 17 2005 Time source is SNTP Time zone Acronym is PST Offset is UTC 7 Summertime Acronym is PDT Recurring every year Begins at first Sunday of April at 2 00 Ends at last Sunday of October at 2 00 Offset is 60 minutes The following example displays the time and date from the system clock console show clock 1...

Page 1450: ...1450 Clock Commands ...

Page 1451: ...switches with minor or no modifications Commands applied from a script are additive in nature That is they modify but do not automatically replace the current configuration Any valid command can be placed in a script including show commands Scripts execute in Privileged EXEC mode The script author must add a command configure in order to enter Global Configuration mode Commands in this Chapter Thi...

Page 1452: ...o the switch console script apply config scr script delete Use the script delete command in Privileged EXEC mode to delete a specified script Syntax script delete scriptname all scriptname Script name of the file being deleted Range 1 31 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines E...

Page 1453: ...ault configuration Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines Example The following example displays all scripts present on the switch console script list Configuration Script Name Size Bytes 0 configuration script s found 2048 Kbytes free script show Use the script show command in Privileged EXEC mode to display the contents of a script file Syntax scrip...

Page 1454: ...ess 176 242 100 100 255 255 255 0 exit script validate Use the script validate command in Privileged EXEC mode to validate a script file by parsing each line in the script file The validate option is intended for use as a tool in script development Validation identifies potential problems though it may not identify all problems with a given script Syntax script validate scriptname scriptname Name ...

Page 1455: ...ine Configuration Scripting Commands 1455 User Guidelines This command has no user guidelines Example The following example validates the contents of the script file config scr console script validate config scr ...

Page 1456: ...1456 Command Line Configuration Scripting Commands ...

Page 1457: ...urces for the above commands Command Line Interface Scripting The configuration scripting feature allows the user to save the current Dell Networking configuration in text format To modify the configuration script file follow these procedures 1 Upload the file to a personal computer 2 Edit the file 3 Download the file to a Dell Networking switch 4 Apply it to the Dell Networking system With this f...

Page 1458: ...Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Use the show bootvar command to find out which image is the active image Example console boot system unit Unit to be used for this operation If absent command executes on this node active Marks the given image as active for subsequent re boots backup Marks the given image as active for...

Page 1459: ...ion XLP308L SOC Version BCM56842_A1 HW Version 1 CPLD Version 17 unit active backup current active next active 1 6 0 0 1 6 0 0 0 6 0 0 1 6 0 0 1 clear config Use the clear config command in Privileged EXEC mode to restore the switch to the default configuration Syntax clear config Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This...

Page 1460: ...s for uploading from the switch backup config Uploads Backup Config file image Uploads code file via tftp operational log Uploads Operational Log file running config Copies system config file script Uploads Configuration Script file startup config Uploads Startup Config file startup log Uploads Startup Log file Valid source URLs for downloading to the switch tftp ipaddress hostname filepath filena...

Page 1461: ...r name for logging into the remote server via SSH The following table lists and describes reserved keywords destination url The URL or reserved keyword of the destination file Range 1 160 characters List of valid destination parameters for downloading to the switch backup config Downloads config file using sftp or tftp image Downloads code file by ftp sftp or tftp script Downloads configuration sc...

Page 1462: ...and it refers to the backup image When image is the source of a copy command it refers to the active image If this is destination the file will be distributed to all units in the stack ftp Source or destination URL for an FTP network server The syntax for this alias is ftp ipaddr filepath filename image tftp Source or destination URL for a TFTP network server The syntax for this alias is tftp loca...

Page 1463: ...loaded to the switch and removed when the script is uploaded from the switch Using the flash filename syntax as the target or source bypasses adding of the script header ensuring that when a script is applied on the switch which was previously copied to the switch using the flash filename syntax a syntax error will result Downloaded scripts are executed from privileged exec mode and should contain...

Page 1464: ...pleted successfully console show bootvar Image Descriptions active backup Images currently available on Flash unit active backup current active next active 1 6 0 0 1 6 0 0 0 6 0 0 1 6 0 0 1 After the file transfer completes use the boot system command to select the new image to run Example Downloading and applying ias users file console copy tftp 10 131 17 104 aaa_users txt ias users Transfer Mode...

Page 1465: ...rational log usb olog txt console copy usb backup config txt backup config console copy active usb image1 stk console copy flash crashdump 0 usb crashdump 0 delete Use the delete command to delete files from flash Files cannot be deleted from the USB device Syntax delete file file Name of the file to be deleted Default Configuration This command has no default configuration Command Mode Privileged...

Page 1466: ...Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines Example The following example deletes the backup config file console delete backup config Delete backup config Y N y delete backup image Use the delete backup image command in Privileged EXEC mode to delete a file from a flash memory device Syntax delete backup image Default Configuration This command has no defa...

Page 1467: ...vileged EXEC mode to delete the startup config file Syntax delete startup config Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines If the startup config file is not present when system reboots it reboots with default settings Example The following example deletes the startup config file console delete startup config Delete startup con...

Page 1468: ...0 2031 15 58 14 boot dim 0 rwx 0 Jan 10 2031 15 58 18 slog2 txt 0 rwx 53205 Jan 22 2005 09 45 04 rc soc 0 rwx 148 Jan 10 2031 15 58 22 hpc_broad cfg 0 rwx 11224 Jan 22 2005 09 45 04 helixmem soc More or q uit console erase Use the erase command to erase the startup configuration the backup configuration or the backup image Syntax erase filename startup config backup image backup config filename Th...

Page 1469: ...tion no filedescr image 1 image2 image1 image2 Image file description Block of descriptive text Range 0 128 characters Default Configuration No description is attached to the file Command Mode Privileged EXEC mode User Guidelines The description accepts any printable characters except a double quote or question mark Enclose the string in double quotes to include spaces within the description The s...

Page 1470: ...n flash Syntax rename source dest source Source file name dest Destination file name Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines Example console rename file1 scr file2 scr show backup config Use the show backup config command in Privileged EXEC mode to display the contents of the backup config...

Page 1471: ...le show backup config Current Configuration System Description Dell Networking N4032 6 0 0 0 Linux 2 6 32 9 System Software Version 6 0 0 0 Cut through mode is configured as disabled configure slot 1 0 1 Dell Networking N4032 stack member 1 1 N4032 exit interface vlan 1 exit snmp server engineid local 800002a203001122334455 exit show bootvar Use the show bootvar command in User EXEC mode to displa...

Page 1472: ...xt active 1 6 0 0 0 9 25 16 57 6 0 0 0 6 0 0 0 show running config Use the show running config command in Privileged EXEC mode to display the contents of the currently running configuration file including banner configuration The command only displays the configurations that are non default NOTE All non default configurations for the Captve Portal branding images and encoded Unicode are not displa...

Page 1473: ...switch through remote connections such as Telnet is suspended while the output is being generated and displayed Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console show running config line ssh no exec banner exit line telnet no login ba...

Page 1474: ... startup config file console show startup config Current Configuration System Description Dell Networking 7048R 10 0 0 0 Linux 6 6 System Software Version 6 0 0 0 configure vlan routing 1 1 exit slot 1 0 7 Dell Networking N3048 slot 1 1 11 SFP Card slot 1 2 9 CX4 Card stack member 1 7 N3048 exit logging console informational logging cli command logging file informational interface vlan 1 exit snmp...

Page 1475: ...75 Syntax write Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command is equivalent to the copy running config startup config command functionally Example console write ...

Page 1476: ...1476 Configuration and Image File Commands ...

Page 1477: ...nt Offset 1 TCP Flag TCP Flag SYN set and Source Port 1024 or TCP Control Flags 0 and TCP Sequence Number 0 or TCP Flags FIN URG and PSH set and TCP Sequence Number 0 or TCP Flags SYN and FIN set L4 Port Source TCP UDP Port Destination TCP UDP Port ICMP Limiting the size of ICMP Ping packets SMAC DMAC Source MAC address Destination MAC address TCP Port Source TCP Port Destination TCP Port UDP Port...

Page 1478: ...lags FIN and URG and PSH set and TCP Sequence Number 0 ICMP V6 Limiting the size of ICMPv6 Ping packets ICMP Fragment Checks for fragmented ICMP packets Commands in this Chapter This chapter explains the following commands dos control firstfrag ip icmp error interval dos control icmp ip unreachables dos control l4port ip redirects dos control sipdip ipv6 icmp error interval dos control tcpflag ipv...

Page 1479: ... size is 20 ICMP packet size is 512 Default Configuration Denial of Service is disabled Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The following example defines a minimum TCP header size of 20 Packets entering with a smaller header size are dropped console config dos control firstfrag 20 dos control icmp Use the dos control icmp command in Gl...

Page 1480: ...Maximum ICMP Packet Denial of Service protection with a maximum packet size of 1023 console config dos control icmp 1023 dos control l4port Use the dos control l4port command in Global Configuration mode to enable L4 Port Denial of Service protection If the mode is enabled Denial of Service prevention is active for this type of attack If packets ingress having Source TCP UDP Port Number equal to D...

Page 1481: ...IP Address Destination IP Address SIP DIP Denial of Service protection If the mode is enabled Denial of Service prevention is active for this type of attack If packets ingress with SIP DIP the packets is dropped if the mode is enabled Syntax dos control sipdip no dos control sipdip Default Configuration Denial of Service is disabled Command Mode Global Configuration mode User Guidelines This comma...

Page 1482: ... SYN and FIN both set the packets are dropped Syntax dos control tcpflag no dos control tcpflag Default Configuration Denial of Service is disabled Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The following example activates TCP Flag Denial of Service protections console config dos control tcpflag dos control tcpfrag Use the dos control tcpfrag...

Page 1483: ...vice protection console config dos control tcpfrag ip icmp echo reply Use the ip icmp echo reply command to enable or disable the generation of ICMP Echo Reply messages Use the no form of this command to prevent the generation of ICMP Echo Replies Syntax ip icmp echo reply no ip icmp echo reply Default Configuration ICMP Echo Reply messages are enabled by default Command Mode Global Configuration ...

Page 1484: ...interval and burst size to their default values Syntax ip icmp error interval burst interval burst size no ip icmp error interval burst interval How often the token bucket is initialized Range 0 2147483647 milliseconds burst size The maximum number of messages that can be sent during a burst interval Range 1 200 Default Configuration Rate limiting is enabled by default The default burst interval i...

Page 1485: ...ommand Mode Interface Configuration VLAN mode User Guidelines There are no user guidelines for this command Example console config if vlan10 ip unreachables ip redirects Use the ip redirects command to enable the generation of ICMP Redirect messages Use the no form of this command to prevent the sending of ICMP Redirect Messages In global configuration mode this command affects all interfaces In i...

Page 1486: ...mmand to return burst interval and burst size to their default values To disable ICMP rate limiting set burst interval to zero Syntax ipv6 icmp error interval burst interval burst size no ipv6 icmp error interval burst interval How often the token bucket is initialized Range 0 2147483647 milliseconds burst size The maximum number of messages that can be sent during a burst interval Range 1 200 Def...

Page 1487: ...s Syntax ipv6 unreachables no ipv6 unreachables Default Configuration ICMPv6 Destination Unreachable messages are enabled by default Command Mode Interface Configuration VLAN mode User Guidelines There are no user guidelines for this command Example console config if vlan10 ipv6 unreachables show dos control Use the show dos control command in Privileged EXEC mode to display Denial of Service conf...

Page 1488: ...elines This command has no user guidelines Example The following example displays Denial of Service configuration information console show dos control SIPDIP Mode Disable First Fragment Mode Disable Min TCP Hdr Size 20 TCP Fragment Mode Disable TCP Flag Mode Disable L4 Port Mode Disable ICMP Mode Disable Max ICMP Pkt Size 512 ...

Page 1489: ...ystem waits for user input before timeout The exec timeout command is also used by the web for timing out web sessions To restore the default setting use the no form of this command Syntax exec timeout minutes seconds no exec timeout minutes Integer that specifies the number of minutes Range 0 65535 seconds Additional time intervals in seconds Range 0 59 Default Configuration The default configura...

Page 1490: ...tory Use the history command in Line Configuration mode to enable the command history function To disable the command history function use the no form of this command Syntax history no history Default Configuration The default value for this command is enabled Command Mode Line Interface mode User Guidelines This command has no user guidelines Example The following example disables the command his...

Page 1491: ...y buffer Range 0 216 Default Configuration The default command history buffer size is 10 Command Mode Line Configuration mode User Guidelines This command has no user guidelines Example The following example configures the command history buffer size to 20 commands for the current terminal session console config line history size 20 line Use the line command in Global Configuration mode to identif...

Page 1492: ...efined When using line ssh authentication with a RADIUS server as the primary authentication method be aware that the default 802 1x timeout is 45 seconds This is the same timeout value as SSH Thus a secondary authentication method is unlikely to be invoked due to SSH timing out and dropping the connection attempt Examples The following example sets the telnet authentication list to enableList con...

Page 1493: ...has no user guidelines Example The following example displays the line configuration console show line Console configuration Interactive timeout Disabled History 10 Baudrate 9600 Databits 8 Parity none Stopbits 1 Telnet configuration Interactive timeout 10 minutes 10 seconds History 10 SSH configuration Interactive timeout 10 minutes 10 seconds History 10 speed Use the speed command in Line Config...

Page 1494: ...0 38400 57600 and 115200 Default Configuration This default speed is 9600 Command Mode Line Interface console mode User Guidelines This configuration applies only to the current session Example The following example configures the console baud rate to 9600 console config line speed 9600 ...

Page 1495: ...ased filtering supplied by the management ACL capability When a Management ACAL is enabled incoming TCP packets initiating a connection TCP SYN and all UDP packets will be filtered based on their source IP address and destination port Additionally other attributes such as incoming port or port channel and VLAN ID can be used to determine if the traffic should be allowed to the management interface...

Page 1496: ...hernet routed port number vlan vlan id A valid VLAN number port channel port channel number A valid routed port channel number tengigabitethernet unit slot port A valid 10 gigabit Ethernet routed port number fortygigabitethernet unit slot port A valid 40 gigabit Ethernet routed port number ip address Source IP address mask mask Specifies the network mask of the source IP address mask prefix length...

Page 1497: ...e shows how all ports are denied in the access list called mlist console config management access list mlist console config macal deny management access class Use the management access class command in Global Configuration mode to restrict management connections To disable restriction use the no form of this command Syntax management access class console only name no management access class name A...

Page 1498: ...access conditions are configured with the deny and permit commands To remove an access list use the no form of this command Syntax management access list name no management access list name name The access list name Range 1 32 printable characters Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines This command enters the access li...

Page 1499: ...t for two interfaces gigabit Ethernet 1 0 1 and gigabit Ethernet 2 0 9 console config management access list mlist console config macal deny gigabitethernet 1 0 1 priority 1 console config macal deny gigabitethernet 2 0 9 priority 2 console config macal permit priority 2 console config macal exit console config management access class mlist permit management Use the permit command in Management Ac...

Page 1500: ...d by a forward slash Range 0 32 service service Indicates service type Can be one of the following telnet ssh http https tftp snmp sntp or any The any keyword indicates that the service match for the ACL is effectively don t care priority priority value Priority for the rule Range 1 64 Default Configuration This command has no default configuration Command Mode Management Access list Configuration...

Page 1501: ...itethernet 2 0 9 priority 2 console config macal permit priority 2 console config macal exit console config management access class mlist show management access class Use the show management access class command in Privileged EXEC mode to display information about the active management access list Syntax show management access class Default Configuration This command has no default configuration C...

Page 1502: ...haracters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays the active management access list console show management access list mlist permit priority 1 gigabitethernet 1 0 1 permit priority 2 gigabitethernet 2...

Page 1503: ...e switch to store up to 10 of the last passwords for each user The default operation is that no history is stored Password Aging The switch can implement an aging process on passwords and require users to change them when they expire The administrator can configure the switch to force a password change between 1 and 365 days By default password aging is disabled When a password expires the user mu...

Page 1504: ...r all locally administered users The feature doesn t affect users with an existing password until their password ages out Password Strength is only enforced when a user is configuring a new password or changing their existing password The default action is Disabled in FP and is independent of any platform The network operator has to take care that the Password Strength check is Disabled before dow...

Page 1505: ...wing commands for viewing and configuring properties of passwords NOTE To change a password use the passwords command which is described in AAA Commands passwords aging passwords strength minimum special characters passwords history passwords strength max limit consecutive characters passwords lock out passwords strength max limit repeated characters passwords min length passwords strength minimum...

Page 1506: ...de User Guidelines A value of 0 days disables password aging Example The following example sets the password age limit to 100 days console config passwords aging 100 passwords history As administrator use the passwords history command in Global Configuration mode to set the number of previous passwords that are stored for each user account When a local user changes his or her password the user is ...

Page 1507: ... the security of the switch by locking user accounts that have failed login due to wrong passwords When a lockout count is configured a user who is logging in must enter the correct password within that count Otherwise that user is locked out from further switch access Only a user with read write access can reactivate a locked user account Password lockout does not apply to logins from the serial ...

Page 1508: ...sswords min length Use the passwords min length command in Global Configuration mode to enforce a minimum length password length for local users The value also applies to the enable password The valid range is 8 64 The default is 8 Use the no version of this command to set the minimum password length to 8 Syntax passwords min length length no passwords min length length The minimum length of the p...

Page 1509: ...ord Strength feature Syntax passwords strength check no passwords strength check Default Configuration The password strength feature is disabled by default Command Mode Global Configuration User Guidelines This command enables disables enforcement of password strength checking policy as configured by the following commands passwords strength minimum uppercase letters passwords strength minimum low...

Page 1510: ...ion The default value is 1 Command Mode Global Configuration User Guidelines This limit is not enforced unless the passwords strength minimum character classes command is configured with a value greater than 0 Example console config passwords strength minimum uppercase letters 6 passwords strength minimum lowercase letters Use this command to enforce a minimum number of lowercase letters that a pa...

Page 1511: ...le config passwords strength minimum lowercase letters 6 passwords strength minimum numeric characters Use this command to enforce a minimum number of numeric numbers that a password should contain The valid range is 0 16 The default is 1 A minimum of 0 means no restriction on that set of characters Use the no form of this command to reset the minimum numeric characters to the default value Syntax...

Page 1512: ...fault is 1 A setting of 0 means no restriction Special characters are one of the following characters _ Use the no form of this command to reset the minimum special characters to the default value Syntax passwords strength minimum special characters 0 16 no passwords strength minimum special characters Default Configuration The default value is 1 Command Mode Global Configuration User Guidelines T...

Page 1513: ...6 or Use the no form of this command to reset the maximum consecutive characters accepted to the default value Syntax passwords strength max limit consecutive characters 0 15 no passwords strength max limit consecutive characters Default Configuration The default value is 0 Command Mode Global Configuration User Guidelines This command has no user guidelines Example console config passwords streng...

Page 1514: ...s strength max limit repeated characters 3 passwords strength minimum character classes Use this command to enforce a minimum number of character classes that a password should contain Character classes are uppercase letters lowercase letters numeric characters and special characters The valid range is 0 4 The default is 0 If a value of 0 is configured then no character class checking is performed...

Page 1515: ... numeric characters A value greater than 0 specifies the minimum number of character class tests a password must pass A value of 0 disables the minimum strength checking set by the above commands Example console config passwords strength minimum character classes 4 passwords strength exclude keyword Use this command to exclude the keyword while configuring the password The password does not accept...

Page 1516: ...inistrator to transfer the enable password between devices without having to know the password The password parameter must be exactly 128 hexadecimal characters Syntax enable password encrypted password Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines show passwords configuration Use the show passw...

Page 1517: ...ord is valid Lockout Attempts Number of failed password login attempts before lockout Minimum Password Uppercase Letters Minimum number of uppercase characters required when configuring passwords Minimum Password Lowercase Letters Minimum number of uppercase characters required when configuring passwords Minimum Password Numeric Characters Minimum number of numeric characters required when configu...

Page 1518: ...rs 3 Maximum Password Repeated Characters 3 Minimum Password Character Classes 4 Password Exclude Keywords brcm brcm1 brcm2 show passwords result Use the show passwords result command in Privileged EXEC mode to display the last password set result information Syntax show passwords result Default Configuration This command has no default configuration Minimum Password Character Classes Minimum numb...

Page 1519: ...uidelines This command has no user guidelines Example The following example displays the command output console show passwords result Last User whose password is set brcm Password strength check Enable Last Password Set Result Reason for failure Could not set user password Password should contain at least 4 uppercase letters ...

Page 1520: ...1520 Password Management Commands ...

Page 1521: ...t port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines The copper related commands do not apply to the stacking or 10GBaseT ports associated with these plug in modules The maximum length of the cable for the Time Domain Reflectometry TDR test is 120 meters Disable green mode on the p...

Page 1522: ...interface A valid fiber port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines The show fiber ports command is applicable to all fiber ports including SFP SFP and XFP ports It will display an error if executed against a copper port or passive or active direct attach cables Examples The...

Page 1523: ...st copper port tdr interface interface A valid Ethernet port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command prompts the user to shut down the port for the duration of the test Passive or active direct attach SFP SFP cables are not based on BaseT technology and do not support TDR testing The maximum distance the Virtual...

Page 1524: ...1524 PHY Diagnostics Commands The following example results in a failure to report on the cable attached to port te2 0 3 console test copper port tdr te2 0 3 Can t perform the test on fiber ports ...

Page 1525: ...r priority ports are forcibly stopped to supply power in order to provide power to higher priority ports The static power management feature allows operators to reserve a guaranteed amount of power for a PoE port This is useful for powering up devices which draw variable amounts of power and provide them an assured power range within which to operate Class based power management allocates power at...

Page 1526: ...ver Disables the device discovery protocol and stops supplying power to the device Command Mode Interface Configuration Ethernet User Guidelines Auto enables the switch to negotiate with the powered device via LLDP to learn the device s desired power draw The power inline detection parameter should be set to class power inline power inline priority power inline detection power inline reset power i...

Page 1527: ...the default Syntax power inline detection dot3af legacy dot3af no power inline detection dot3af legacy IEEE 802 3af 4 point detection followed by legacy capacitive detection dot3af IEEE 802 3af 4 point detection only Legacy capacitive detection is disabled Default Value The default value is dot3af legacy Command Mode Global Configuration User Guidelines This command has no user guidelines power in...

Page 1528: ...rtner requesting the application of high power power inline limit Use the power inline limit command to configure the type of power limit Use the no form of this command to set the power limit type to the default Syntax power inline limit user defined limit no power inline limit user defined limit Allows the port to draw up to user defined configured value The range of limit is 3000 32000 milliwat...

Page 1529: ...ommand is used along with the power inline priority command on page 1533 Use the no form of this command to set the management mode to the default Syntax power inline management dynamic static class no power inline management dynamic Dynamic power management static Static power management class Class based power management Default Configuration Default management is dynamic Command Mode Global Con...

Page 1530: ...e class based power allocation for each port Class based power management allocates power based on the class selected by the device using LLDP Power is supplied to the device in class mode per the following table There are three power banks on a switch one for the fixed power supply one for the external power supply EPS and one for both The power limits are shown in the following table Class Usage...

Page 1531: ...W 715W Power budget is 1100W All PoE UPOE ports can be turned on N3048P 140W 1100W Power budget is 950W The total POE supplied power cannot exceed 950W 2200W Power budget is 1900W All PoE UPOE ports can be turned on N2024P 90W 1000W Power budget is 850W The total POE supplied power cannot exceed 850W 2000W Power budget is 1700W All PoE UPOE ports can be turned on N2048P 110W 1000W Power budget is ...

Page 1532: ...evice will not be powered until class based power management is configured Example In the following example no port is specified so the command displays global configuration and status of all the ports Configure the global power management scheme as dynamic with dot3af legacy detection and enable PoE capability on ports gi1 0 1 10 console config power inline management dynamic console config power...

Page 1533: ...rface gigabitethernet 1 0 1 console config if Gi1 0 1 power inline powered device IP phone power inline priority The power inline priority command configures the port priority level for the delivery of power to an attached device The switch may not be able to supply power to all connected devices so the port priority is used to determine which ports will supply power if adequate power capacity is ...

Page 1534: ...d ports first Default Value Low Examples console config interface gigabitethernet 1 0 1 console config if Gi1 0 1 power inline priority high power inline reset Use the power inline reset command to reset the port Syntax power inline reset Default Configuration This command has no default configuration Command Mode Interface Configuration User Guidelines This command is useful if the port is stuck ...

Page 1535: ...ted The range is 1 99 Default Configuration The default threshold is 90 Command Mode Global Configuration User Guidelines The power limit beyond which ports are disconnected has a configurable range as a percentage of total available power The maximum power available is given in the table shown in the power inline management command When ports are disconnected due to the threshold being exceeded a...

Page 1536: ...ys the details for the single port Use the detailed parameter to show power limits detection type and high power mode for the interface Syntax show power inline interface id detailed interface id Any physical interface See Interface Naming Conventions for interface representation Command Mode Privileged EXEC User Guidelines No specific guidelines Examples In the next example the port is specified ...

Page 1537: ...0 13 Port Powered Device State Priority Status Class W Power mW 1 0 13 auto Low On 3 84 6 49 5000 Overload Counter 0 Short Counter 0 Denied Counter 0 Absent Counter 0 Invalid Signature Counter 0 console show power inline firmware version Use the show power inline firmware version command in Privileged EXEC mode to display the version of the PoE controller firmware present on the switch file system...

Page 1538: ...1538 Power Over Ethernet Commands Example console config show power inline firmware version Unit Firmware Version 1 248_48 ...

Page 1539: ... RMON MIB RFC 2819 A device that supports gathering and reporting the RMON data is referred to as an RMON probe or RMON Agent An RMON probe provides RMON data to an RMON Manager for analysis and presentation to the user An RMON probe may be embedded in an existing network device or stand alone Commands in this Chapter This chapter explains the following commands rmon alarm Use the rmon alarm comma...

Page 1540: ...be compared against the thresholds If the method is delta the selected variable value at the last sample is subtracted from the current value and the difference compared with the thresholds absolute The sampling method for the selected variable and calculating the value to be compared against the thresholds If the method is absolute the value of the selected variable is compared directly with the ...

Page 1541: ...alling threshold event index 1 console config rmon alarm 1 1 3 6 1 2 1 2 2 1 1 10 5 10 50000 10 1 1 rmon collection history Use the rmon collection history command in Interface Configuration mode to enable a Remote Monitoring RMON MIB history statistics group on an interface To remove a specified RMON history statistics group use the no form of this command Also see the show rmon collection histor...

Page 1542: ...figuration gigabitethernet port channel tengigabitethernet fortygigabitethernet mode User Guidelines This command cannot be executed on multiple ports using the interface range command Example The following example enables a Remote Monitoring RMON MIB history statistics group on port 1 0 8 with the index number 1 and a polling interval period of 2400 seconds console config interface gigabitetherne...

Page 1543: ... event If unspecified the name is an empty string Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The following example configures an event with the trap index of 10 console config rmon event 10 log rmon hcalarm Use the rmon hcalarm to configure high capacity alarms Use the no form of...

Page 1544: ...alue 263 to 263 1 rising event index Event to trigger when the rising threshold is crossed 1 65535 falling threshold high value 64 Falling threshold value 263 to 263 1 falling event index Event to trigger when the rising threshold is crossed 1 65535 startup rising falling rising falling The event that is sent when this entry is first set to active If the first sample after this entry is configured...

Page 1545: ...ion Also see the rmon alarm command Syntax show rmon alarm number number Alarm index Range 1 65535 Default Configuration This command has no default configuration Command Mode User EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays RMON 1 alarms console show rmon alarm 1 Alarm 1 OID 1 3 6 1 2 1 2 2 ...

Page 1546: ...the last sample is subtracted from the current value and the difference compared with the thresholds Startup Alarm The alarm that may be sent when this entry is first set If the first sample is greater than or equal to the rising threshold and startup alarm is equal to rising or rising and falling then a single rising alarm is generated If the first sample is less than or equal to the falling thre...

Page 1547: ...ation submodes User Guidelines This command has no user guidelines Example The following example displays the alarms summary table console show rmon alarms Index OID Owner 1 1 3 6 1 2 1 2 2 1 10 1 CLI 2 1 3 6 1 2 1 2 2 1 10 1 Manager 3 1 3 6 1 2 1 2 2 1 10 9 CLI The following table describes the significant fields shown in the display Owner The entity that configured this entry Field Description I...

Page 1548: ...ode Configuration mode and all Configuration submodes User Guidelines The following table describes the significant fields shown in the display Example The following example displays all RMON group statistics console show rmon collection history Index Interface Interval Requested Granted Owner Owner The entity that configured this entry Field Description Index An index that uniquely identifies the...

Page 1549: ...he display Field Description Index An index that uniquely identifies the event Description A comment describing this event Type The type of notification that the device generates about this event Can have the following values none log trap log trap In the case of log an entry is made in the log table for each event In the case of trap an SNMP trap is sent to one or more management stations Communi...

Page 1550: ...mand to display high capacity 64 bit alarms configured with the rmon hcalarm command Syntax show rmon hcalarms hcalarm number number The alarm index Range 1 65535 Default Configuration This command has no default configuration Command Modes Privileged EXEC all show modes User Guidelines This command has no user guidelines Example console show rmon hcalarm 2 Alarm 2 OID ifInOctets 1 Last Sample Val...

Page 1551: ...Also see the rmon collection history command Syntax show rmon history index throughput errors other period seconds index The requested set of samples Range 1 65535 throughput Displays throughput counters errors Displays error counters other Displays drop and collision counters period seconds Specifies the requested period time to display Range 0 2147483647 Default Configuration This command has no...

Page 1552: ...ing framing bits but including FCS octets between 64 and 1518 octets inclusive but had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Undersize The number of packets received during this sampling interval that were less than 64 octets long excluding framing bits but including FCS octets and were ot...

Page 1553: ...Maximum table size 500 800 after reset TimeCRCUndersizeOversizeFragmentsJabbers Align 09 Mar 2005110490 18 29 32 09 Mar 2005110270 18 29 42 Jabbers The number of packets received during this sampling interval that were longer than 1518 octets excluding framing bits but including FCS octets and had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a...

Page 1554: ...show rmon log Use the show rmon log command in User EXEC mode to display the RMON logging table Syntax show rmon log event event Event index Range 1 65535 Default Configuration This command has no default configuration Command Mode User EXEC mode Configuration mode and all Configuration submodes User Guidelines The following table describes the significant fields shown in the display Field Descrip...

Page 1555: ...s Jan 18 2005 23 58 17 2 High Broadcast Jan 18 2005 23 59 48 show rmon statistics Use the show rmon statistics command in User EXEC mode to display the RMON Ethernet Statistics Syntax show rmon statistics gigabitethernet unit slot port port channel port channel number tengigabitethernet unit slot port fortygigabitethernet unit slot port Default Configuration This command has no default configurati...

Page 1556: ...ming bits but including FCS octets of between 64 and 1518 octets inclusive but with either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Undersize Pkts The total number of packets received less than 64 octets long excluding framing bits but including FCS octets and otherwise well formed Oversize Pkts The...

Page 1557: ...tets The total number of packets including bad packets received that are between 65 and 127 octets in length inclusive excluding framing bits but including FCS octets 128 to 255 Octets The total number of packets including bad packets received that are between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets 256 to 511 Octets The total number of packets includ...

Page 1558: ...ts 65 127 Octets 0 HC Pkts 65 127 Octets 0 HC Overflow Pkts 128 255 Octets 0 HC Pkts 128 255 Octets 0 HC Overflow Pkts 256 511 Octets 0 HC Pkts 256 511 Octets 0 HC Overflow Pkts 512 1023 Octets 0 HC Pkts 512 1023 Octets 0 HC Overflow Pkts 1024 1518 Octets 0 HC Pkts 1024 1518 Octets 0 ...

Page 1559: ... can choose between Ipv4 only where all the routing table entries are reserved for IPv4 Routes or IPv4 IPv6 Default mode Commands in this Chapter This chapter explains the following commands sdm prefer Use the sdm prefer command in Global Configuration mode to change the template that will be active after the next reboot To revert to the default template after the next reboot use the no form of th...

Page 1560: ...ct If you attach a unit to a stack and its template does not match the stack s template then the new unit will automatically reboot using the template used by other stack members To avoid the automatic reboot you may first set the template to the template used by existing members of the stack Then power off the new unit attach it to the stack and power it on The following table lists the completio...

Page 1561: ...for the N3000 switch is the dual ipv4 and ipv6 data center The default template for the N2000 is dual ipv4 and ipv6 default The N2000 has limited routing functionality Command Mode Privileged EXEC Configuration mode and all Configuration submodes User Guidelines When invoked with no optional keywords this command lists the currently active template and the template that will become active on the n...

Page 1562: ... show sdm prefer command to see what SDM preference is currently active Error Completion Message None Parameter Description ARP Entries The maximum number of entries in the IPv4 Address Resolution Protocol ARP cache for routing interfaces IPv4 Unicast Routes The maximum number of IPv4 unicast forwarding table entries IPv6 NDP Entries The maximum number of IPv6 Neighbor Discovery Protocol NDP cache...

Page 1563: ... IPv4 and IPv6 template ARP Entries 6144 IPv4 Unicast Routes 8160 IPv6 NDP Entries 2560 IPv6 Unicast Routes 4096 ECMP Next Hops 4 IPv4 Multicast Routes 1536 IPv6 Multicast Routes 512 On the next reload the template will be the IPv4 routing Default template To list the scaling parameters for the data center template invoke the command with the ipv4 routing data center keywords config show sdm prefe...

Page 1564: ...1564 SDM Templates Commands ...

Page 1565: ...d in accordance with the configuration of the syslog utility Configuration of console logging in the syslog utility is not required in order to view the output of debug traces Debug commands are provided in the normal CLI tree Debug settings are not persistent and are not visible in the running configuration To view the current debug settings use the show debug command The output of debug commands...

Page 1566: ...vileged EXEC mode debug authentication interface debug ip mcache debug isdp debug vrrp debug auto voip debug ip pimdm packet debug lacp exception core file debug clear debug ip pimsm packet debug mldsnooping exception dump debug console debug ip vrrp debug ospf exception protocol debug dot1ag debug ipv6 dhcp debug ping exception switch chip register debug dot1x debug ipv6 mld debug rip show debugg...

Page 1567: ...race to factory default value Syntax debug authentication event all interface id no debug authentication event all interface id event Traces Authentication Manager debug events all Enables all Authentication Manager debugs interface id The interface to trace Default Configuration Default value is disabled Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this comm...

Page 1568: ...essages Syntax debug auto voip H323 SCCP SIP no debug auto voip H323 SCCP SIP Default Configuration Auto VOIP tracing is disabled by default Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example console debug auto voip debug clear Use the debug clear command to disable all debug traces Syntax debug clear Default Configuration There is no default co...

Page 1569: ... login sessions for which debug console has been enabled The configuration of this command remains in effect for the life of the login session The effect of this command is not persistent across resets Syntax debug console Default Configuration Display of debug traces is disabled by default Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example cons...

Page 1570: ...lbm Traces LBMs lbr Traces LBRs ltm Traces LTMs ltr Traces LTRs pdu Traces specific PDUs Default Configuration Tracing is disabled by default Command Modes Privileged EXEC mode User Guidelines This command is only application to N4000 series switches Example console debug dot1ag all Dot1ag CCM LBM LBR LTM LTR tracing enabled console console debug dot1ag events Dot1ag events tracing enabled console...

Page 1571: ...1x packet receive transmit Default Configuration Display of dot1x traces is disabled by default Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example console debug dot1x packet debug igmpsnooping Use the debug igmpsnooping to enable tracing of IGMP Snooping packets transmitted and or received by the switch IGMP Snooping should be enabled on the dev...

Page 1572: ...and Example console debug igmpsnooping packet debug ip acl Use the debug ip acl command to enable debug of IP Protocol packets matching the ACL criteria Use the no form of this command to disable IP ACL debugging Syntax debug ip acl acl no debug ip acl acl acl The number of the IP ACL to debug Default Configuration Display of IP ACL traces is disabled by default Command Mode Privileged EXEC mode U...

Page 1573: ...ed or transmitted is displayed on the console Syntax debug ip dvmrp packet receive transmit no debug ip dvmrp packet receive transmit Default Configuration Display of DVMRP traces is disabled by default Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example console debug ip dvmrp packet debug ip igmp Use the debug ip igmp command to trace IGMP packe...

Page 1574: ...mp packet debug ip mcache Use the debug ip mcache command for tracing MDATA packet reception and transmission The receive option traces only received data packets and the transmit option traces only transmitted data packets When neither keyword is used in the command then all data packet traces are dumped Vital information such as source address destination address packet length and the interface ...

Page 1575: ... in the command then all PIMDM packet traces are dumped Vital information such as source address destination address control packet type packet length and the interface on which the packet is received or transmitted is displayed on the console Use the no form of this command to disable debug tracing of PIMDM packet reception and transmission Syntax debug ip pimdm packet receive transmit no debug i...

Page 1576: ... on which the packet is received or transmitted is displayed on the console Use the no form of this command to disable debug tracing of PIMSM packet reception and transmission Syntax debug ip pimsm packet receive transmit no debug ip pimsm packet receive transmit Default Configuration Display of PIMSM traces is disabled by default Command Mode Privileged EXEC mode User Guidelines There are no user...

Page 1577: ...in Privileged EXEC mode to display debug information about DHCPv6 client activities and to trace DHCPv6 packets to and from the local DHCPv6 client To disable debugging use the no form of the command Syntax debug ipv6 dhcp no debug ipv6 dhcp Default Configuration Debugging for the DHCP for IPv6 is disabled by default Command Mode Privileged EXEC User Guidelines DHCPv6 client already has packet tra...

Page 1578: ...ebug ipv6 mcache packet receive transmit Default Configuration Display of MDATA traces is disabled by default Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines Example console debug ipv6 mcache packet debug ipv6 mld Use the debug ipv6 mld command to trace MLD packet reception and transmission The receive option traces only received MLD packets and the transmit o...

Page 1579: ...nsmission The receive option traces only received PIMDMv6 packets and the transmit option traces only transmitted PIMDMv6 packets When neither keyword is used in the command then all PIMDMv6 packet traces are dumped Vital information such as source address destination address control packet type packet length and the interface on which the packet is received or transmitted is displayed on the cons...

Page 1580: ...eyword is used in the command then all PIMSMv6 packet traces are dumped Vital information such as source address destination address control packet type packet length and the interface on which the packet is received or transmitted is displayed on the console Use the no form of this command to disable PIMSMv6 tracing Syntax debug ipv6 pimsm packet receive transmit no debug ipv6 pimsm packet receiv...

Page 1581: ...face on which the packet is received or transmitted is displayed on the console Use the no form of this command to disable ISDP tracing Syntax debug isdp packet receive transmit no debug isdp packet receive transmit Default Configuration Display of ISDP traces is disabled by default Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example console debu...

Page 1582: ...ansmitted MLD snooping packets When neither keyword is used in the command then all MLD snooping packet traces are dumped Vital information such as source address destination address control packet type packet length and the interface on which the packet is received or transmitted is displayed on the console Use the no form of this command to disable tracing of MLD Snooping packets Syntax debug ml...

Page 1583: ...g ospf packet no debug ospf packet Default Configuration Display of OSPF traces is disabled by default Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example console debug ospf packet debug ospfv3 Use the debug ospfv3 command to enable tracing of OSPFv3 packets received and transmitted by the switch Use the no form of this command to disable tracing...

Page 1584: ...able tracing of ICMP echo requests and responses This command traces pings on the network port and on the routing interfaces Use the no form of this command to disable tracing of ICMP echo requests and responses Syntax debug ping packet no debug ping packet Default Configuration Display of ICMP echo traces is disabled by default Command Mode Privileged EXEC mode User Guidelines There are no user g...

Page 1585: ...t Default Configuration Display of RIP traces is disabled by default Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example console debug rip packet debug sflow Use the debug sflow command to enable sFlow debug packet trace Use the no form of this command to disable sFlow packet tracing Syntax debug sflow packet no debug sflow packet Default Configu...

Page 1586: ...sed in the command all spanning tree BPDU traces are dumped Vital information such as source address destination address control packet type packet length and the interface on which the packet is received or transmitted is displayed on the console Use the no form of this command to disable tracing of spanning tree BPDUs Syntax debug spanning tree bpdu receive transmit no debug spanning tree bpdu r...

Page 1587: ...ception core file Use the exception core file command to configure the core dump file name Use the no form of the command the reset the core file name to the default Syntax exception core file file name hostname time stamp time stamp hostname no exception core file file name The file name The maximum length is 15 characters Embedded blanks may not be allowed by the host file system for example TFT...

Page 1588: ...rs should ensure that a cleanly formatted USB stick of at least 1G is used for collection of a the full core dump Example This example enables core dumps to a TFTP server 10 27 9 1 reachable over the out of band port The core file is written to the dumps directory and the name includes the host name of the switch and the switch TOD console config exception dump tftp server 10 27 9 1 file path dump...

Page 1589: ...configured parameters and that the core dump is likely to succeed Example This example enables core dumps to a TFTP server 10 27 9 1 reachable over the out of band port The core file is written to the dumps directory and the name includes the host name of the switch and the switch TOD console config exception dump tftp server 10 27 9 1 file path dumps console config exception core file Core hostna...

Page 1590: ...alidate that the configured parameters are valid and the core dump is likely to succeed The file name for the core file includes options as the time stamp or hostname as per the configured parameters The TFTP core dump does not support TFTPD32 or Klever Pumpkin TFTP servers Example This example enables core dumps to a TFTP server 10 27 9 1 reachable over the out of band port The core file is writt...

Page 1591: ...s in case of an exception The register dump is taken only for the master unit and not for the stack member units Use the no form of the command to disable dumping of the switch chip registers Syntax exception switch chip register no exception switch chip register Default Configuration By default switch register dumps are disabled Command Modes Global Configuration mode User Guidelines This option ...

Page 1592: ...delines Enabled packet tracing configurations are displayed Example console show debugging Authentication manager all debug traces enabled on Gi1 0 1 console show exception Use the show exception command to display the core dump configuration parameters Syntax show exception Default Configuration This command has no default configuration Command Modes Privileged EXEC mode all show modes User Guide...

Page 1593: ...er reboot the switch or test the core file configuration Syntax write core test dest file name dest file name The file name used if a tftp server is configured with the exception dump tftp server command The dest file name parameter overrides the file name parameters configured with the exception core file command Default Configuration This command has no default configuration Parameter Default Co...

Page 1594: ...e contacted Similarly if the protocol is configured as usb it mounts and unmounts the file system and then informs the administrator regarding the status Example console config do write core The system has unsaved changes Would you like to save them now y n n Configuration Not Saved This operation will reboot the device Are you sure you want to create coredump y n y Thu Jan 1 00 17 35 1970 pgid 57...

Page 1595: ...tion please wait Applying Interface configuration please wait console en console dir usb Filename Filesize Modification Time 16384 01 01 1970 00 00 00 0 06 24 2013 17 14 30 test bin 11 01 01 1980 00 00 00 syncdb_hostname_1055 bin 348160 01 01 1980 00 00 00 switchdrvr_hostname_1063 bin 459640832 01 01 1980 00 00 00 Total Size 1002160128 Bytes Used 460029952 Bytes Free 542130176 ...

Page 1596: ...1596 Serviceability Tracing Packet Commands ...

Page 1597: ...tatistics immediately to an sFlow Collector for analysis The traffic samples sent to the Collector contain the source ifIndex and for switched packets the destination ifIndex The sFlow Agent supports two forms of sampling statistical packet based sampling of switched or routed Packet Flows and time based sampling of counters Commands in this Chapter This chapter explains the following commands sfl...

Page 1598: ...tring The identity string must be set before assigning a receiver to a sampler or poller Range 1 127 characters rcvr_timeout The time in seconds remaining before the sampler or poller is released and stops sending samples to the receiver Setting a value of 0 for the timeout value permanently configures the sflow receiver Use the no form of the command to remove permanently configured receivers A m...

Page 1599: ... destination maxdatagram 500 console config sflow 1 destination 30 30 30 1 560 sflow polling Use the sflow polling command to enable a new sflow poller instance for this data source if rcvr_idx is valid An sflow poller sends counter samples to the receiver Use the no form of this command to reset poller parameters to the defaults Syntax sflow rcvr index polling gigabitethernet tengigabitethernet f...

Page 1600: ...rface Mode to enable a new sflow poller instance for this interface if rcvr_idx is valid An sflow poller sends counter samples to the receiver Use the no form of this command to reset poller parameters to the defaults Syntax sflow rcvr index polling poll interval no sflow rcvr index polling rcvr index The sFlow Receiver associated with the poller Range 1 8 poll interval The sFlow instance polling ...

Page 1601: ...gabitethernet tengigabitethernet fortygigabitethernet interface list rcvr index The sFlow Receiver for this sFlow sampler to which flow samples are to be sent If no receiver is configured then no packets will be sampled Only active receivers can be set If a receiver times out then all samplers associated with the receiver will also expire Range 1 8 interface list The list of interfaces to poll in ...

Page 1602: ...ampling command in Interface Mode to enable a new sflow sampler instance for this data source if rcvr_idx is valid Use the no form of this command to reset sampler parameters to the default Syntax sflow rcvr index sampling sampling rate size no sflow rcvr index sampling rcvr index The sFlow Receiver for this sFlow sampler to which flow samples are to be sent If no receiver is configured then no pa...

Page 1603: ...s may tax the CPU beyond it s ability to deliver the packets to the receiver Lowering the sampling rate higher numerical value will help to ensure that all collected samples can be sent to the receiver Example console config if Gi1 0 15 sflow 1 sampler 1500 50 show sflow agent Use the show sflow agent command to display the sflow agent information Syntax show sflow agent Default Configuration This...

Page 1604: ...uration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines The following fields are displayed sFlow Version Uniquely identifies the version and implementation of this MIB The version string must have the following structure MIB Version Organization Software Revision where MIB Version 1 3 the version of this MIB Organization Dell Corp Revision 1 0 IP...

Page 1605: ...net interface list rcvr index The sFlow Receiver associated with the poller Range 1 8 interface list The list of interfaces to poll in unit slot port format Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines The following fields are displayed Time Out The time in seconds remaining befor...

Page 1606: ... the poller Range 1 8 interface list The list of interfaces on which data is sampled Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines The following fields are displayed Poller Data Source The sFlowDataSource unit slot port for this sFlow sampler This agent will support Physical ports ...

Page 1607: ... The sFlowDataSource unit slot port for this sFlow sampler This agent will support Physical ports only Receiver Index The sFlowReceiver configured for this sFlow sampler Packet Sampling Rate The statistical sampling rate for packet sampling from this source Max Header Size The maximum number of bytes that should be copied from a sampled packet to form a flow sample ...

Page 1608: ...1608 Sflow Commands ...

Page 1609: ...the Dell Networking SNMP makes adding remote manageability to networked devices undemanding The agent allows a network control station to retrieve reports from the networked device These reports are based upon the defined objects in the MIB The agent queries reports and sets MIB variables based upon directions from the network control station or upon preset conditions Commands in this Chapter This...

Page 1610: ...nes Example The following example displays the SNMP communications status Console show snmp Community StringCommunity AccessView nameIP address publicread onlyuser viewAll privateread writeDefault172 16 1 1 privatesuDefaultSuper172 17 1 1 Community String Group nameIP address publicuser groupAll Traps are enabled Authentication trap is enabled Version 1 2 notifications Target Address Type Communit...

Page 1611: ...k Management Protocol SNMP engine Syntax show snmp engineID Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays the SNMP engine ID console show snmp engineID Local SNMP engineID 08009009020C0B099C075878 show snmp ...

Page 1612: ... output of this command Example The following examples display the configuration of filters with and without a filter name specification console show snmp filters Name OID Tree Type user filter1 1 3 6 1 2 1 1 Included user filter1 1 3 6 1 2 1 1 7 Excluded user filter2 1 3 6 1 2 1 2 2 1 1 Included console show snmp filters user filter1 Name OID Tree Type user filter1 1 3 6 1 2 1 1 Included user fil...

Page 1613: ...tirely The following table contains field descriptions Example The following examples display the configuration of views console show snmp group Name Security Views Field Description Name Name of the group Security Model SNMP model in use v1 v2 or v3 Security Level Authentication of a packet with encryption Applicable only to SNMP Version 3 security model Views Read A string that is the name of th...

Page 1614: ...ifies the name of the user Range 1 30 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines The user name accepts any printable characters except a double quote or question mark Enclose the string in double quotes to include spaces within the name The surrounding quotes are not used as par...

Page 1615: ...ews Use the show snmp views command in Privileged EXEC mode to display the configuration of views Syntax show snmp views viewname viewname Specifies the name of the view Range 1 30 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The followi...

Page 1616: ...here is no default configuration for this command Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example 1 console show trapflags Authentication Flag Disable Auto copy sw Flag Enable Dot1q Flag Enable Link Up Down Flag Enable Maclock violation Flag Enable Multiple Users Flag Enable Spanning Tree Flag Enable VR...

Page 1617: ...rflow lsdboverflow Enabled lsdb approaching overflow Enabled retransmit packets Disabled virtpackets Disabled rtb rtb entryinfo Disabled state change all Disabled if state change Enabled neighbor state change Enabled virtif state change Disabled virtneighbor state change Disabled snmp server community Use the snmp server community command in Global Configuration mode to set up the community access...

Page 1618: ...as an access to the whole MIB You can use the view name to restrict the access rights of a community string When it is specified An internal security name is generated The internal security name for SNMPv1 and SNMPv2 security models is mapped to an internal group name The internal group name for SNMPv1 and SNMPv2 security models is mapped to a view name If ro is specified then read view and notify...

Page 1619: ...erver community group community string group name ipaddress ip address community string Community string that acts like a password and permits access to the SNMP protocol Range 1 20 characters group name Name of a previously defined group The group defines the objects available to the community Range 1 30 characters ip address Management station IP address Default is all IP addresses Default Confi...

Page 1620: ...g To remove the system contact information use the no form of the command Syntax snmp server contact text no snmp server contact text Character string 0 to 160 characters describing the system contact information Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example The following example di...

Page 1621: ...pftype all errors all authentication failure bad packet config error virt authentication failure virt bad packet virt config error lsa all lsa maxage lsa originate overflow all lsdb overflow lsdbapproaching overflow retransmit all packets virt packets state change all if state change neighbor state change virtifstate change virtneighbor state change ospfv3type all errors all bad packet config erro...

Page 1622: ...ptions for the snmp server enable traps command console config snmp server enable traps aclEnable Disable traps for Access Control Lists all Enable Disable all Traps auto copy sw Enable Disable auto copy of code if there is a version mismatch captive portalEnable Disable SNMP traps for CP system events dot1q Enable Disable switch level Dot1q trap flag dvmrp Enable Disable traps for Distance Vector...

Page 1623: ...s is two hexadecimal digits Each byte can be separated by a period or colon Range 6 32 characters default The engineID is created automatically based on the device MAC address Default Configuration The engineID is not configured Command Mode Global Configuration mode User Guidelines If you want to use SNMPv3 you need to specify an engine ID for the device You can specify your own ID or use a defau...

Page 1624: ...ilter Use the snmp server filter command in Global Configuration mode to create or update a Simple Network Management Protocol SNMP server filter entry To remove the specified SNMP server filter entry use the no form of this command Syntax snmp server filter filter name oid tree included excluded no snmp server filter filter name oid tree filter name Specifies the label for the filter record that ...

Page 1625: ...y accept entries up to the first illegal character or reject the entry entirely Per RFC 2573 configuring a filter adds an implicit exclude all as the first entry in a filter record Unless an include statement is specified all notifications are excluded by default Examples The following example creates a filter that includes all objects in the MIB II system group except for sysServices System 7 and...

Page 1626: ...y model contextname Provides different views of the system and provides the user a way of specifying that context notifyview Defines a string that is the name of the view that enables specifying an inform or a trap If unspecified nothing is defined for the notify view Range 1 30 characters readview A string that is the name of the view that enables the you to view only the contents of the agent If...

Page 1627: ...y the recipient of Simple Network Management Protocol notifications To remove the specified host use the no form of this command This command enters the user into SNMP host configuration mode Syntax snmp server host host addr informs timeout seconds retries retries traps version 1 2 community string udp port port filter filtername no snmp server host host addr traps informs host addr Specifies the...

Page 1628: ...f you enter this command with no keywords the default is to send all trap types to the host No informs are sent to this host If no version keyword is present the default is Version 1 Command Mode Global Configuration mode User Guidelines If a DNS host name is entered instead of an IP address the switch attempts to resolve the host name immediately using DNS Use the ip domain lookup command on page...

Page 1629: ...p server location New_York snmp server user Use the snmp server user command in Global Configuration mode to configure a new SNMP Version 3 user To delete a user use the no form of this command Syntax snmp server user username groupname remote engineid string auth md5 password auth sha password auth md5 key md5 key auth sha key sha key priv des password priv des key des key no snmp server user use...

Page 1630: ...ha key The HMAC SHA 96 authentication level Enter a pregenerated SHA key md5 key Character string length 32 hex characters sha key Character string length 40 characters priv des The CBC DES Symmetric Encryption privacy level Enter a password priv des key The CBC DES Symmetric Encryption privacy level The user should enter a pregenerated MD5 or SHA key depending on the authentication level selected...

Page 1631: ...abel for the view record that is being created or updated The name is used to reference the record Range 1 30 characters oid tree Specifies the object identifier of the ASN 1 subtree to be included or excluded from the view To identify the subtree specify a text string consisting of numbers such as 1 3 6 2 4 or a word such as system Replace a single subidentifier with the asterisk wildcard to spec...

Page 1632: ... view A beautiful view 1 1 2 1 included snmp server v3 host Use the snmp server v3 host command in Global Configuration mode to specify the recipient of Simple Network Management Protocol Version 3 SNMPv3 notifications To remove the specified host use the no form of this command Syntax snmp server v3 host ip address hostname username traps informs noauth auth priv timeout seconds retries retries u...

Page 1633: ...nspecified does not filter anything Range 1 30 characters Default Configuration Default configuration is 3 retries and 15 seconds timeout Command Mode Global Configuration mode User Guidelines The username can include any printable characters except a double quote or question mark Enclose the string in double quotes to include spaces within the key The surrounding quotes are not used as part of th...

Page 1634: ...1634 SNMP Commands ...

Page 1635: ...is Chapter This chapter explains the following commands cryptho key generate dsa Use the crypto key generate dsa command in Global Configuration mode to generate DSA key pairs for your switch A key pair is one public DSA key and one private DSA key Use the no form of the command to remove the generated key from the local file system Syntax crypto key generate dsa cryptho key generate dsa ip ssh se...

Page 1636: ...y is never displayed to the user DSA keys along with other switch credentials are distributed to all units in a stack on a configuration save Use the crypto key zeroize dsa command to remove DSA keys from the system Example The following example generates DSA key pairs console config crypto key generate dsa crypto key generate rsa Use the crypto key generate rsa command in Global Configuration mod...

Page 1637: ... key zeroize rsa command to remove RSA keys from the system Example The following example generates RSA key pairs console config crypto key generate rsa crypto key pubkey chain ssh Use the crypto key pubkey chain ssh command in Global Configuration mode to enter public key configuration mode in order to manually specify public keys such as SSH client public keys Syntax crypto key pubkey chain ssh ...

Page 1638: ...AC8Qh console config pubkey key exit crypto key zeroize pubkey chain Use the crypto key zeroize pubkey chain command in Global Configuration mode to erase all public key chains or the public key chain for a user Syntax crypto key zeroize pubkey chain ssh user key username Default Configuration There is no default configuration for this command Command Mode Global Configuration mode User Guidelines...

Page 1639: ...bal Configuration mode to specify the TCP port to be used by the SSH server To use the default port use the no form of this command Syntax ip ssh port port number no ip ssh port port number Port number for use by the SSH server Range 1025 65535 Default Configuration The default value is 22 Command Mode Global Configuration mode User Guidelines The SSH TCP port should not be set to a value that mig...

Page 1640: ...of this command Syntax ip ssh pubkey auth no ip ssh pubkey auth Default Configuration The function is disabled Command Mode Global Configuration mode User Guidelines AAA authentication is independent from this configuration Example The following example enables public key authentication for incoming SSH sessions console config ip ssh pubkey auth ip ssh server Use the ip ssh server command in Globa...

Page 1641: ...sa Example The following example enables the switch to be configured using SSH console config ip ssh server key string Use the key string SSH Public Key Configuration mode to specify an SSH public key manually Syntax key string key string key string row key string row To specify the SSH public key row by row key string The UU encoded DER format is the same format as the authorized keys file used b...

Page 1642: ...ZQZxjHKcqKL6rMlQ ZNXfZSkvHG QusIZ 76ILmFT34v7u7ChFAE Vu4GRfpSwoQUvV35LqJJk67IOU zfwOl1g kTwml75QR9gHujS6KwGN2QWXgh3ub8gDjTSq muSn Wd05iDX2IExQWu08licglk02LYciz Z4TrEU 9FJxwPiVQOjc KBXuR0juNg5nFYsY 0ZCk0N W9a tnkm1shRE7Di71 w3fNiOA 6w9o44t6 AINEICBCCA4YcF6zMzaT1wefWwX6f Rmt5nhhqdAtN 4oJfce166DqVX1gWmN zNR4DYDvSzg0lDnwCAC8Qh Fingerprint a4 16 46 23 5a 8d 1d b5 37 59 eb 44 13 b9 33 e9 console config ...

Page 1643: ... show crypto key mypubkey Use the show crypto key mypubkey command in Privileged EXEC mode to display the SSH public keys of the switch Syntax show crypto key mypubkey rsa dsa rsa RSA key dsa DSA key Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines ...

Page 1644: ...rib godac pynah muzyt mofim bihog cuxyx show crypto key pubkey chain ssh Use the show crypto key pubkey chain ssh command in Privileged EXEC mode to display SSH public keys stored on the switch Syntax show crypto key pubkey chain ssh username username fingerprint bubble babble hex username Specifies the remote SSH client username Range 1 48 characters bubble babble Fingerprints in Bubble Babble fo...

Page 1645: ...BHGSsHMAE0lpYtelZprDu4uiZHMuWezmdQp9 a1PU4jwQ22TlcfaUq3sqC3FMUoU Fingerprint 2f 09 e7 6f c9 bf ab 04 d4 6f a0 eb e8 df 7a 11 show ip ssh Use the show ip ssh command in Privileged EXEC mode to display the SSH server configuration Syntax show ip ssh Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User...

Page 1646: ...1646 SSH Commands IP Address User Name Idle Time SessionTime 10 240 1 122 John 00 00 00 00 00 08 ...

Page 1647: ...ssages Debug 7 debug level messages CLI Logged to Local File and Syslog Server The Dell Networking Command Logging component logs all command line interface commands issued on the system The command log messages are stored with the other system logs and provide the system operators with a detailed log of the commands executed CLI command logging is configured through any of the Dell Networking man...

Page 1648: ...md_logger_api c 260 362 CLI admin 10 27 21 22 User has successfully logged in The CLI command log subsystem also logs all user log out instances The format of the log message is 190 JAN 10 19 01 04 10 27 21 22 2 CLI_WEB 209809328 cmd_logger_api c 260 382 CLI admin 10 27 21 22 User has logged out Commands in this Chapter This chapter explains the following commands clear logging Use the clear loggi...

Page 1649: ...example clears messages from the internal syslog message logging buffer console clear logging Clear logging buffer y n clear logging file Use the clear logging file command in Privileged EXEC mode to clear messages from the logging file Syntax clear logging file Default Configuration There is no default configuration for the command Command Mode Privileged EXEC User Guidelines This command has no ...

Page 1650: ...er Range 1 64 characters Default Configuration This command has no default value Command Mode Logging mode User Guidelines After entering the view corresponding to a specific syslog server the command can be executed to set the description of the server Example The following example sets the syslog server description console config logging description syslog server 1 level Use the level command in...

Page 1651: ...yslog server the command can be executed to set the severity level for syslog messages Example The following example sets the syslog message severity level to alert console config logging level alert logging cli command Use the logging cli command in Global Configuration mode to enable CLI command logging Syntax logging cli command no logging cli command Default Configuration Disabled Command Mode...

Page 1652: ...pi c 260 369 CLI EIA 232 Access level of user admin has been set to 15 189 JAN 10 18 59 19 10 27 21 22 2 CMDLOGGER 209809328 cmd_logger_api c 83 370 CLI EIA 232 exit 189 JAN 10 18 59 22 10 27 21 22 2 CMDLOGGER 209809328 cmd_logger_api c 83 371 CLI EIA 232 telnet 10 27 21 22 189 JAN 10 18 59 27 10 27 21 22 2 TRAPMGR 209809328 traputil c 614 372 Multiple Users Unit 0 Slot 5 Port 1 189 JAN 10 18 59 2...

Page 1653: ...st name Default Configuration No syslog servers defined Command Mode Global Configuration mode User Guidelines Up to eight syslog servers can be used The Dell Dell Networking always uses the local7 23 facility in the syslog message Syslog messages will not exceed 96 bytes in length Syslog messages use the following format 130 JAN 01 00 00 06 0 0 0 0 1 UNKN 0x800023 bootos c 386 4 Event 0xaaaaaaaa ...

Page 1654: ...he local system Stack ID The assigned stack ID 1 is used for systems without stacking capability The top of stack is used to collect messages for the entire stack Component Name Component name for the logging component Components must use the new APIs in order to enable identification of the logging component Component UNKN is substituted for components that do not use the new logging APIs Thread ...

Page 1655: ...o limit syslog messages displayed from an internal buffer based on severity To cancel the buffer use use the no form of this command Syntax logging buffered severity level no logging buffered severity level Optional The number or name of the desired severity level Range 0 emergencies 1 alerts 2 critical 3 errors 4 warnings 5 notifications 6 informational 7 debugging Default Configuration The defau...

Page 1656: ...and above numerically lower console config logging buffered error logging console Use the logging console command in Global Configuration mode to limit messages logged to the console based on severity To disable logging to the console terminal use the no form of this command Syntax logging console severity level no logging console severity level Optional The number or name of the desired severity ...

Page 1657: ...severity level alert console config logging console alert logging facility Use the logging facility command in Global Configuration mode to configure the facility to be used in log messages Syntax logging facility facility no logging facility facility The facility that will be indicated in the message Range local0 local1 local2 local3 local4 local5 local6 local7 Default Configuration The default v...

Page 1658: ... on severity To cancel the buffer use the no form of this command Syntax logging file severity level number type no logging file severity level Optional The number or name of the desired severity level Range 0 emergencies 1 alerts 2 critical 3 errors 4 warnings 5 notifications 6 informational 7 debugging Default Configuration The default severity level is error Command Mode Global Configuration mo...

Page 1659: ...vel Use the no logging monitor command to disable logging messages Syntax logging monitor severity no logging monitor severity Optional The number or name of the desired severity level Range 0 emergencies 1 alerts 2 critical 3 errors 4 warnings 5 notifications 6 informational 7 debugging Default Configuration The default severity value is warnings By default logging messages are not displayed on S...

Page 1660: ...ging on no logging on Default Configuration Logging is enabled Command Mode Global Configuration mode User Guidelines The logging process controls the distribution of logging messages to the various destinations such as the logging buffer logging file or syslog server Logging on and off for these destinations can be individually configured using the logging buffered logging file and logging server...

Page 1661: ...lobal Configuration mode User Guidelines During system startup messages are logged in RFC3164 format e g in the startup persistent log Messages are logged in the selected format upon the system processing the startup configuration The time zone must be configured for the system to generate RFC5424 log messages with the time zone included The system does not support transmission of syslog messages ...

Page 1662: ...0 10 130 182 151 1 TRAPMGR 249300304 traputil c 657 10 Failed User Login with User ID xyz The following example shows the logging format when logging protocol is set to 1 with timezone configured on the switch console config clock timezone 5 minutes 30 zone IST console config show clock 02 17 44 IST UTC 5 30 Dec 21 2012 Time source is Local console config 190 1 DEC 21 02 18 15 110 5 30 10 130 182 ...

Page 1663: ...disable use the no form of this command Syntax logging web session no logging web session Default Configuration Disabled Command Mode Global Configuration mode User Guidelines To see web session logs use the show logging command Example console config logging web session 133 MAR 24 07 46 07 10 131 7 165 2 UNKN 83102768 cmd_logger_api c 140 764 WEB 10 131 7 67 UNKNOWN EwaSessionLookup session 0 cre...

Page 1664: ...ser Guidelines After entering the view corresponding to a specific syslog server the command can be executed to set the port number for the server Example The following example sets the syslog message port to 300 console config logging port 300 show logging Use the show logging command in Privileged EXEC mode to display all logging information including auditing status and logging protocol version...

Page 1665: ...onsole Logging Level warnings Messages 1 logged 706 ignored Monitor Logging disabled Buffer Logging Level informational Messages 73 logged 634 ignored File Logging Level emergencies Messages 0 logged 707 ignored Switch Auditing enabled CLI Command Logging disabled Web Session Logging disabled SNMP Set Command Logging disabled Logging facility level local7 show logging file Use the show logging fil...

Page 1666: ... Log Count 1 186 JAN 01 00 00 05 0 0 0 0 1 UNKN 268434928 bootos c 382 3 Event 0xaaaaaaaa show syslog servers Use the show syslog servers command in Privileged EXEC mode to display the syslog servers settings Syntax show syslog servers Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines ...

Page 1667: ...essions serial or out of band port connections Command Mode Privileged EXEC mode User Guidelines Use the terminal monitor command in Privileged EXEC mode enables system messages to be displayed in a Telnet or SSH session Use the no terminal monitor command to disable the display of system messages on the terminal for Telnet and SSH sessions Use the logging monitor command to display logging messag...

Page 1668: ...1668 Syslog Commands ...

Page 1669: ...ow tech support banner motd acknowledge nsf show interfaces utilization show users clear checkpoint statistics ping show memory cpu show version clear counters stack ports quit show nsf stack connect reload show power usage history stack port cut through mode service unsupported transceiver show process cpu stack port interface shutdown exec banner set description show sessions standby exit slot s...

Page 1670: ...r a tag name except a double quote or question mark Enclose the string in double quotes to include spaces within the name The surrounding quotes are not used as part of the name The CLI does not filter illegal characters and may accept entries up to the first illegal character or reject the entry entirely Example The following example specifies the switch asset tag as 1qwepot Because the unit para...

Page 1671: ...may be entered into a banner Each line entered will consume an extra two characters to account for the carriage return and line feed Example console config banner exec banner text banner login Use the banner login command to set the message that is displayed just before the login prompt after a user has successfully connectced to the switch and prior to the login banner Use no banner login command...

Page 1672: ...acknowledge for some examples Example console config banner login banner text banner motd Use the banner motd command to set the message that is displayed prior to logging into the switch Use no banner motd command to remove the message Syntax banner motd MESSAGE no banner motd MESSAGE Quoted text Default Configuration This command has no default configuration Command Mode Global Configuration Use...

Page 1673: ...d the session is terminated and no further communication is allowed on that session However serial connection will not get terminated if y is not entered Use the no banner motd acknowledge command to disable banner acknowledge Syntax banner motd acknowledge no banner motd acknowledge Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guideli...

Page 1674: ...rminal root kevin ssh 192 168 12 84 l dellradius If you need to utilize this device or otherwise make changes to the configuration you may contact Kevin at x911 Please be advised this unit is under test by Kevin dellradius 192 168 12 84 s password Press y to continue within 30 seconds y n Welcome to the N3024 in the Bottom Chassis 192 168 12 190 This unit is located in A2 and is currently under te...

Page 1675: ...er shutdown at 23 00hrs today duration 1 hr 30 minutes console config banner motd acknowledge When the MOTD banner is executed the following displays IMPORTANT There is a power shutdown at 23 00hrs today duration 1 hr 30 minutes Press y to continue If y is entered the following displays console If n is entered the session will get disconnected unless it is a serial connection clear checkpoint stat...

Page 1676: ...ics clear counters stack ports Use the clear counters stack ports command to clear the statistics for all stack ports Syntax clear counters stack ports Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command resets all statistics shown by the show switch stack ports counters and the show switch stack ports diag commands Example...

Page 1677: ...al port The user need not be currently connected over the serial port to connect to another unit The stack member being connected to must be up and running and connected as part of the stack This command effectively steals the serial console from the target stack member There is only one console session allowed per stack The stolen console session is not restarted and the privilege level is not ch...

Page 1678: ... the switch use the no form of this command Syntax cut through mode no cut through mode Default Configuration This command has no default configuration Command Mode Global Configuration User Guidelines Cut through mode is only supported on Dell Networking N4000 series switches It is not supported on Dell Networking N2000 N3000 Series switches Example console config cut through mode The mode enable...

Page 1679: ... The exec banner can consist of multiple lines Enter a quote to complete the message and return to configuration mode Example console config telnet no exec banner exit Use this command to disconnect the serial connection to a remote unit Syntax exit Default Configuration There is no default configuration for this command Command Modes User EXEC mode on stack master Unit prompt on the stack member ...

Page 1680: ...onnect 2 Remote session started Type exit to exit the session Unit 2 CLI unavailable please connect to master on Unit 1 exit Stack Master Example 2 To disconnect a remote session to the stack master established from a stack member Unit 2 CLI unavailable please connect to master on Unit 1 connect 2 Unit 2 CLI unavailable please connect to master on Unit 1 Unit 2 CLI unavailable please connect to ma...

Page 1681: ...ce Configuration mode User Guidelines This command is only available on the N4000 series switches This command can only be executed on the 40G interface Entering this command on any of the 4x10G interfaces or any other 10G port will give an error This command takes effect only after rebooting the switch hostname Use the hostname command in Global Configuration mode to specify or modify the switch ...

Page 1682: ...y entirely Example The following example specifies the switch host name console config hostname Dell initiate failover To manually force a failover from the management unit to the backup unit in a stack use the initiate failover command in Stack Configuration mode The initiate failover command checks for stack port errors and NSF synchronization prior to initiating failover If stack port errors ar...

Page 1683: ...ate failover cr Press enter to execute the command console config stack initiate failover Management unit will be reloaded Are you sure you want to failover to the backup unit y n y Example Stack Port Errors console config stack initiate failover Warning Stack errors detected on the following interfaces Interface Error Count Gi1 0 1 12 Gi1 0 3 22 NSF Status Not synchronized Stack port errors or la...

Page 1684: ...e Range Configuration mode Port Channel Configuration mode Port Channel Range Configuration mode User Guidelines This command has no user guidelines Example console config if Gi1 0 1 load interval 150 locate Use the locate command to locate a switch by LED blinking Syntax locate switch unit time time switch unit If multiple devices are stacked you can choose which switch to identify time time LED ...

Page 1685: ...s Example console locate switch 1 time 555 login banner Use the login banner command to enable login banner on the console telnet or SSH connection To disable use the no form of the command Syntax login banner no login banner MESSAGE Quoted text Default Configuration This command has no default configuration Command Mode Line Configuration User Guidelines This command has no user guidelines Exampl...

Page 1686: ...g connected to must be up and running and connected as part of the stack This command is an alias for the exit command Example Example 1 To disconnect a remote session to stack master established from a stack member Unit 2 CLI unavailable please connect to master on Unit 1 connect 1 Stack Master Stack Master logout Unit 2 CLI unavailable please connect to master on Unit 1 Example 2 To disconnect a...

Page 1687: ...ex The index into the database of the supported switch types indicating the type of the switch being preconfigured The switch index is a 32 bit integer obtained from the show supported switchtype command Default configuration This command has no defaults Command Mode Stack Global Configuration User Guidelines The switch index SID can be obtained by executing the show supported switchtype command i...

Page 1688: ...d banner MESSAGE Quoted text Default Configuration This command has no default configuration Command Mode Line Configuration User Guidelines This command has no user guidelines Example console config telnet motd banner nsf Use this command to enable non stop forwarding The no form of the command will disable NSF Syntax nsf no nsf Default Configuration Non stop forwarding is enabled by default ...

Page 1689: ...opbackaddress vlan vlanid tunnel tunnelid out of band ping ipv6 interface loopback loopbackaddress out of band vlan vlanid tunnel tunnelid ipaddress repeat count timeout interval size size source sourceaddress loopback loopbackaddress vlan vlanid tunnel tunnelid out of band ipaddress IPv4 or IPv6 address to ping contact hostname Hostname to ping contact Range 1 158 characters The command allows sp...

Page 1690: ...al is 3 seconds The default size is 0 data bytes It is not possible to ping from a specific interface when a VLAN is specified as the source of the ping The system selects the first available interface in the VLAN from which to send the ping packets Command Mode User EXEC mode Privileged EXEC mode User Guidelines The local VRRP IP address is not pingable Examples The following example sends an IPv...

Page 1691: ...disconnect a remote session to the stack master established from a stack member Unit 2 CLI unavailable please connect to master on Unit 1 connect 1 Stack Master Stack Master quit Unit 2 CLI unavailable please connect to master on Unit 1 Example 2 To disconnect a remote session to the stack master established from stack member Unit 2 CLI unavailable please connect to master on Unit 1 connect 1 Stac...

Page 1692: ...t switch has unsaved changes Would you like to save them now y n n Configuration Not Saved Are you sure you want to reload the switch y n y Reloading management switch 1 Example Stack Port Errors The following example shows stack port errors detected by the command console reload Management switch has unsaved changes Are you sure you want to continue y n Warning Stack port errors detected on the f...

Page 1693: ...message along with the SNMP trap generation on insertion or removal of an optic that is not qualified by Dell Command Mode Global Configuration mode User Guidelines The switch logs a message and generates a trap on inserting or removing an optics not qualified by Dell This command suppresses the above mentioned behavior Example The following example bypasses logging of a message and trap generatio...

Page 1694: ...t Use the slot command to configure a slot in the system The unit slot is the slot identifier of the slot located in the specified unit The cardindex is the index to the database of the supported card types see the command show supported cardtype indicating the type of card being preconfigured in the specified slot The card index is a 32 bit integer If a card is currently present in the slot that ...

Page 1695: ...ation to the default value Syntax slot unit slot cardindex no slot unit slot unit slot The slot identifier of the slot cardindex The index into the database of the supported card types see show supported cardtype indicating the type of card being preconfigured in the specified slot The card index is a 32 bit integer Default Configuration This command has no default configuration Command Mode Globa...

Page 1696: ...ner command to display banner information Syntax show banner Default Configuration This command has no default configuration Command Mode Privileged EXEC Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console show banner Banner Exec Line Console Enable Line SSH Disable Line Telnet Enable exec Banner Login Line Console Enable Line SSH E...

Page 1697: ...arding is enabled on a stack the stack s management unit checkpoints operational data to the backup unit If the backup unit takes over as the management unit the control plane on the new management unit uses the checkpointed data when initializing its state Checkpoint statistics track the amount of data checkpointed from the management unit to the backup unit Example console show checkpoint statis...

Page 1698: ...000 switches Example Console show cut through mode Current mode Enable Configured mode Disable This mode is effective on next reload show hardware profile Use the show hardware profile command in Privileged EXEC mode to display the hardware profile information for the 40G ports The user can optionally specify an interface or all 40G interfaces are displayed Syntax show hardware profile portmode in...

Page 1699: ...ware profile portmode fo1 0 1 Configured Running 40G Interface 10G Interfaces Mode Mode Fo1 0 1 Te1 0 25 28 1x40G 4x10G show idprom interface interface id Use this command to display the optics EEPROM contents in user readable format Syntax show idprom interface interface id interface id The physical interface Default Configuration This command has no default configuration Command Modes User EXEC ...

Page 1700: ...gabitethernet 1 0 9 debug D5 1kjX 2 Type SFP Media 10GBASE LRM Serial Number ANF0L5J Dell Qualified Yes IDPROM content in hex format 0 1 2 3 4 5 6 7 8 9 A B C D E F 0x00 00 00 00 00 00 00 01 00 00 00 00 15 32 CE C4 B0 0x10 34 CF 23 48 00 00 00 03 00 EA CC 70 04 23 73 C8 0x20 32 CE BD BC 34 DE 89 50 00 00 00 01 02 2B 59 0E 0x30 00 00 00 01 02 2B 59 0F 02 2B 59 0F 32 CE C4 50 0x40 00 00 00 24 32 CE ...

Page 1701: ...erface A 10G non stacking physical interface Default Configuration This command has no default configuration Command Mode Privileged EXEC Configuration mode and all Configuration submodes User Guidelines This command is only applicable to 10G non stacking interfaces Example console show interfaces advanced firmware Port Revision Part number Te1 0 1 0x411 BCM8727 Te1 0 2 0x411 BCM8727 Te1 0 3 0x411...

Page 1702: ...es User Guidelines This command has no user guidelines Example The following example shows static parameters of the optics for a given interface console show interfaces tengigabitethernet 1 0 9 transceiver properties Type SFP Media 10GBASE LRM Serial Number ANF0L5J Dell Qualified Yes The following example shows static and dynamic parameters of the optics for a given interface console show interfac...

Page 1703: ...face transmit and receive utilization in bits sec and packets sec Example console show interfaces utilization Port Interval Rx bits s Rx packets s Tx bits s Tx packets s Gi1 0 1 150 52889696 103299 1968 4 Gi1 0 2 300 0 0 36175328 70654 Gi1 0 3 300 0 0 0 0 Gi1 0 4 300 0 0 0 0 Gi1 0 5 300 856 2 37785736 73799 console show interfaces utilization gigabitethernet 1 0 1 Port Interval Rx bits sec Rx pack...

Page 1704: ...delines Example console show memory cpu Total Memory 262144 KBytes Available Memory Space 121181 KBytes show nsf Use the show nsf command to show the status of non stop forwarding Syntax show nsf Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this co...

Page 1705: ... Yes show power usage history Use the show power usage history command in Privileged EXEC mode to display the history of unit power consumption for the unit specified in the command and total stack power consumption Historical samples are not saved across switch reboots reloads Syntax show power usage history unit id unit id Stack unit for which to display the power history Range 1 12 Default Conf...

Page 1706: ...Watts 3 0d 00 00 13 56172 56172 2 0d 00 00 43 56172 56172 1 0d 00 01 12 54360 54360 show process cpu Use the show process cpu command to check the CPU utilization for each process currently running on the switch Syntax show process cpu Command Mode Privileged EXEC Configuration mode and all Configuration submodes Default Configuration This command has no default configuration User Guidelines No sp...

Page 1707: ...8a1250 osapiMonTask 0 00 0 32 0 17 4969790 BootP 0 00 0 00 0 01 4d71610 dtlTask 0 00 0 06 0 05 4ed00e0 hapiRxTask 0 00 0 06 0 03 562e810 DHCP snoop 0 00 0 00 0 06 58e9bc0 Dynamic ARP Inspection 0 00 0 06 0 03 62038a0 dot1s_timer_task 0 00 0 00 0 03 687f360 dot1xTimerTask 0 00 0 06 0 07 6e23370 radius_task 0 00 0 00 0 01 6e2c870 radius_rx_task 0 00 0 06 0 03 7bc9030 spmTask 0 00 0 09 0 01 7c58730 i...

Page 1708: ...no user guidelines Example The following example displays a list of open telnet sessions to remote hosts console show sessions User Name Connection from Idle Session Time Type EIA 232 00 00 00 00 07 37 Serial admin 192 168 1 248 00 00 17 00 00 26 Telnet admin 192 168 1 248 00 00 16 00 00 32 HTTP console The following table describes the significant fields shown in the display Field Description Con...

Page 1709: ... parameters If you supply a value for slot port the following additional information appears as shown in the table below Parameter Description Slot The slot identifier in a slot port format Slot Status The slot is empty full or has encountered an error Admin State The slot administrative mode is enabled or disabled Power State The slot power mode is enabled or disabled Configured Card Model Identi...

Page 1710: ...cts Use the generic form without specifying an index to display all the card types for a product family Syntax show supported cardtype cardindex cardindex Displays the index into the database of the supported card types This index is used when preconfiguring a slot Default Configuration This command has no default configuration Parameter Description Inserted Card Model Identifier The model identif...

Page 1711: ...orted cardtype CID Card Model ID 1 Dell Networking N4032 2 Dell Networking N4032F 3 Dell Networking N4064 4 Dell Networking N4064F 5 Dell QSFP Card 6 Dell SFP Card Parameter Description Card Index CID The index into the database of the supported card types This index is used when preconfiguring a slot Card Model Identifier The model identifier for the supported card type Parameter Description Card...

Page 1712: ...de User EXEC mode Configuration mode and all Configuration submodes User Guidelines The switch SID is used when preconfiguring switches in a stack using the member command in config stack mode The following table describes the fields in the first example Field Description Switch Index SID This field displays the index into the database of supported switch types This index is used when preconfiguri...

Page 1713: ...rted switchtype 1 Switch Type 0xd8420001 Model Identifier N4032 Switch Description Dell Networking N4032 Supported Cards Slot 0 Card Index CID 1 Model Identifier Dell Networking N4032 Slot 1 Card Index CID 5 Model Identifier Dell QSFP Card Slot 1 Card Index CID 6 Model Identifier Dell SFP Card Slot 1 Field Description Switch Type This field displays the 32 bit numeric switch type for the supported...

Page 1714: ...ng the SFS last attempt status for the specified unit The show switch command may show an SDM Mismatch value in the Switch Status field This value indicates that the unit joined the stack but is running a different SDM template than the management unit This status should be temporary the stack unit should automatically reload using the template running on the stack manager Use the show supported s...

Page 1715: ...ult Configuration This command has no default configuration Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines The show switch stack ports stack path command is useful in tracking the path a packet may take when traversing stacking links The command shows active paths only not those that may be taken after a stack failover or stack reconv...

Page 1716: ...Detected Code Version This field displays the version of code running on this switch If the switch is not present and the data is from preconfiguration the code version is None Detected Code in Flash This field displays the version of code that is currently stored in FLASH memory on the switch This code will execute after the switch is reset If the switch is not present and the data is from precon...

Page 1717: ...h in the stack Model Identifier is a 32 character field assigned by the switch manufacturer to identify the switch Switch Status This field indicates the switch status Possible values for this state are OK Unsupported CodeMismatch ConfigMismatch or NotPresent Code Version This field indicates the detected version of code on this switch Parameter Description Range Default NSF Administrative Status ...

Page 1718: ...ager to the backup manager and was unable to maintain user data traffic This is usually caused by multiple failures occurring close together Power On Administrative Move Warm Auto Restart Cold Auto Restart None Time Since Last Restart Time since the current management card became the active management card For the backup manager the value is set to 0d 00 00 00 Time Stamp 0d 00 00 00 Restart in pro...

Page 1719: ...Number CN0H0F6C2829831P0023A00 Up Time 3 days 1 hrs 16 mins 20 secs Example Stack Ports This example displays information about the stack ports console show switch stack ports Time Since Last Copy When the running configuration was last copied from the management unit to the backup unit Time Stamp Time Until Next Copy The number of seconds until the running configuration will be copied to the back...

Page 1720: ...acks the path a packet may take when traversing stacking links The command shows active paths only not those that may be taken after a stack failover or stack reconvergence console show switch stack ports stack path 3 1 Packet path from unit 3 to unit 1 1 unit 3 port gi3 0 49 to unit 2 2 unit 2 port gi2 0 49 to unit 1 Example Status Parameters for NSF The show switch command is used to display whi...

Page 1721: ...e show switch 1 Switch 1 Management Status Management Switch Switch Type 0x63400004 Preconfigured Model Identifier N3048P Plugged in Model Identifier N3048P Switch Status OK Switch Description Dell Networking N3048P Detected Code Version 6 0 0 0 Detected Code in Flash 6 0 0 0 SFS Last Attempt Status None Serial Number 13820M0230LF Up Time 0 days 3 hrs 1 mins 13 secs Example SDM Templates This exam...

Page 1722: ...ation mode and all Configuration submodes User Guidelines This command has no user guidelines Example console show system System Description Dell Networking Switch System Up Time 0 days 03h 02m 30s System Contact System Name System Location Burned In MAC Address 001E C9DE B41B System Object ID 1 3 6 1 4 1 674 10895 3060 System Model ID N3048P Machine Type Dell Networking N3048P System Thermal Cond...

Page 1723: ... Watts Watts 1 System OK 39 8 39 8 1 PS 1 Failure 1 PS 2 No Power N A N A 01 01 1970 00 00 00 USB Port Power Status Device Not Present show system fan Use the show system fan command in User EXEC or Privileged EXEC mode to explicitly display the fan status Syntax show system fan Default Configuration This command has no default configuration Command Mode User EXEC Privileged EXEC Configuration mod...

Page 1724: ... information Syntax show system id unit unit The unit number Default Configuration This command has no default configuration Command Mode User EXEC mode Configuration mode and all Configuration submodes User Guidelines The tag information is on a switch by switch basis Example The following example displays the system service tag information console show system id Service Tag 13820M0230LF Serial N...

Page 1725: ...w system power Default Configuration This command has no default configuration Command Mode User EXEC Privileged EXEC Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Examples console show system power Power Supplies Unit Description Status Average Current Since Power Power Date Time Watts Watts 1 System OK 39 8 39 8 1 PS 1 Failure 1 PS 2 No Pow...

Page 1726: ...onfiguration This command has no default configuration Command Mode User EXEC Privileged EXEC Configuration mode and all Configuration submodes User Guidelines Temperature status is indicated as per the following table Examples console show system temperature System Thermal Conditions Unit Temperature State Celsius 1 34 Good Temperature Sensors Unit Description Temperature Celsius Status Degrees C...

Page 1727: ...ransceiver show power inline show switch stack port counters show nsf show slot show interfaces advertise show interfaces advanced firmware show lldp remote device all show interfaces counters errors show fiber ports optical transceiver show process cpu show iscsi sessions show ethernet cfm errors N4000 series only show power inline firmware version show version show interfaces transceiver propert...

Page 1728: ...e Type Dell Networking N4032 Serial Number 0000 Manufacturer 0xbc00 Operating System Linux 2 6 32 9 Burned In MAC Address 0011 2233 4455 System Object ID 1 3 6 1 4 1 674 10895 3042 CPU Version XLP308H B2 SOC Version BCM56842_A1 HW Version 3 CPLD Version 17 unit active backup current active next active 1 6 0 0 0 none 6 0 0 0 6 0 0 0 Additional Packages FASTPATH QoS FASTPATH Multicast FASTPATH Stack...

Page 1729: ...o display information about the active users The command also shows which administrative profiles have been assigned to local user accounts and to show which profiles are active for logged in users Syntax show users long Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Configuration mode and all Configuration submodes User Guidelines This command ha...

Page 1730: ... show version unit unit The unit number Default Configuration This command has no default configuration Command Mode User EXEC mode Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example console show version Machine Description Dell Networking Switch System Model ID N4064 Machine Type Dell Networking N4064 Serial Number X01 64C 55 Manufacturer...

Page 1731: ... image2 stack Use the stack command in Global Configuration mode to set the mode to Stack Global Config Syntax stack Default Configuration This command has no default mode Command Mode Global Configuration mode User Guidelines This command has no user guidelines If not stack configuration appears in the saved config it is built at runtime and appears in the running config The operator can save the...

Page 1732: ...rnet ports are configured to operate in Ethernet mode Command Mode Stack Configuration mode User Guidelines Once this command has been issued the switch must be rebooted in order for the command to take effect Issuing multiple stack port commands for a single interface without intervening reboots results in undefined behavior and is not supported Reboot the switch and examine the output of the sho...

Page 1733: ...orts can be configured per stacking unit four in each direction The N4000 series switches support up to twelve units configured in a stack and can utilize 10GBaseT SFP or QSFP N4000 series only connections for stacking The N3000 and N2000 series switches support up to twelve unit configured in a stack and can utilize rear panel mini SAS ports only for stacking Example console config stack stack po...

Page 1734: ...engigabitethernet 1 2 1 shutdown Disabling a stack port will cause the stack to attempt to re converge Application messages will appear in the logs during stack convergence Before shutting down a stack link please ensure that your stack is in an active ring topology in order to avoid a stack split Continue y n console config stack no stack port twentygigbitethernet 1 0 1 shutdown standby Use the s...

Page 1735: ...Configuration mode to change the identifier for a switch in the stack Upon execution the switch is configured with the configuration information for the new switch if any is available The old switch configuration information is retained however the old switch will be operationally detached Syntax switch oldunit renumber newunit oldunit The current switch identifier Range 1 6 newunit The updated va...

Page 1736: ...t Range 1 158 characters The command allows spaces in the host name when specified in double quotes For example console config snmp server host host name port A decimal TCP port number or one of the keywords from the port table in the user guidelines see Port Table below keyword One or more keywords from the keywords table in the user guidelines see Keywords Table below Keywords Table Options Desc...

Page 1737: ...ol 21 ftp data FTP data connections 20 gopher Gopher 70 hostname NIC hostname server 101 ident Ident Protocol 113 irc Internet Relay Chat 194 klogin Kerberos login 543 kshell Kerberos shell 544 login Login 513 lpd Printer service 515 nntp Network News Transport Protocol 119 pim auto rp PIM Auto RP 496 pop2 Post Office Protocol v2 109 pop3 Post Office Protocol v3 110 smtp Simple Mail Transport Prot...

Page 1738: ...route Use the traceroute command in Privileged EXEC mode to discover the IP routes that packets actually take when traveling to their destinations Syntax traceroute ip ipaddress hostname initTtl initTtl maxTtl maxTtl maxFail maxFail interval interval count count port port size size source src ip address vlan vlan id loopback loop id ipaddress Valid IP address of the destination host talk Talk 517 ...

Page 1739: ...e considers that probe a failure printing and sends the next probe If traceroute does receive a response to a probe then it sends the next probe immediately Range 1 60 seconds count The number of probes to be sent at each TTL level Range 1 10 port The destination UDP port of the probe This should be an unused port on the remote destination system Range 1 65535 size The size in bytes of the payload...

Page 1740: ...port 33434 size 43 Traceroute to 10 240 10 115 4 hops max 43 byte packets 1 10 240 4 1 708 msec 41 msec 11 msec 2 10 240 10 115 0 msec 0 msec 0 msec Hop Count 1 Last TTL 2 Test attempt 6 Test Success 6 traceroute ipv6 Use the traceroute command in Privileged EXEC mode to discover the IP routes that packets actually take when traveling to their destinations Syntax traceroute ipv6 ipv6address hostna...

Page 1741: ... 60 seconds The default is 3 count The number of probes to be sent at each TTL level Range 1 10 port The destination UDP port of the probe This should be an unused port on the remote destination system Range 1 65535 size The size in bytes of the payload of the Echo Requests sent Range 0 39936 bytes The default is 0 src ip address The IPv4 source address to use in the ICMP echo request packets vlan...

Page 1742: ...he routes that packets will actually take when traveling to the destination specified in the command console traceroute ipv6 2001 2 init ttl 1 max ttl 4 max fail 0 interval 1 count 3 port 33434 size 43 Traceroute to 2001 2 4 hops max 43 byte packets 1 2001 2 708 msec 41 msec 11 msec 2 2001 2 12 msec 13 msec 12 msec 3 2001 2 14 msec 9 msec 11 msec update bootcode Use the update bootcode command in ...

Page 1743: ...ted to do so in the release notes Dell networking switches utilize a universal boot loader and do not contain version specific dependencies in the boot loader If unit is not specified all units in the stack are updated Example The following example updates the bootcode on unit 2 console update bootcode 2 ...

Page 1744: ...1744 System Management Commands ...

Page 1745: ... maximize performance for the systems involved When a Telnet connection is initiated each side of the connection is assumed to originate and terminate at a Network Virtual Terminal or NVT Therefore the server and user hosts do not maintain information about the characteristics of each other s terminals and terminal handling conventions Telnet Client Behaviors Different telnet clients operate diffe...

Page 1746: ... y n Welcome to the N3024 in the Bottom Chassis 192 168 12 190 This unit is located in A2 and is currently under test N3024 C1 3 SSH xterm root ssh 192 168 12 84 l dellradius If you need to utilize this device or otherwise make changes to the configuration you may contact the owner at x38525 Please be advised this unit is under test dellradius 192 168 12 84 s password Press y to continue within 30...

Page 1747: ...o ip telnet server disable Command Mode Global Configuration User Guidelines No specific guidelines Default Value This feature is enabled by default Example console configure console config ip telnet server disable console config no ip telnet server disable ip telnet port The ip telnet port command is used to configure the Telnet TCP port number on which the switch listens for Telnet connections i...

Page 1748: ...might conflict with other well known protocol port numbers used on this switch Example console config ip telnet port 1045 console config no ip telnet port show ip telnet The show ip telnet command displays the status of the Telnet server and the Telnet TCP port number Syntax show ip telnet Default Configuration This command has no default configuration Command Mode Privileged EXEC Configuration mo...

Page 1749: ...ult Configuration This default value is 24 Command Mode Privileged EXEC mode User Guidelines Setting the terminal length to 0 disables paging altogether It is recommended that the terminal length either be set to 0 or a value larger than 4 as terminal lengths in the range of 1 to 4 may give odd output due to prompting The terminal length command is specific to the current session Logging out reboo...

Page 1750: ...1750 Terminal Length Commands ...

Page 1751: ...e entry and or one or more periodic time entries If a time range by this name already exists this command enters Time Range Configuration mode to allow updating the time range entries Use the no form of the command to disable the event notifciation service Use the no form of this command with the optional name parameter to delete a time range identified by name Syntax time range name no time range...

Page 1752: ...tion that referenced the time range is in effect The time is expressed in a 24 hour clock in the form of hours minutes For example 8 00 is 8 00 am and 20 00 is 8 00 pm The date is expressed in the format day month year If no start time and date are specified the configuration statement is in effect immediately end time date Time and date at which the configuration that referenced the time range is...

Page 1753: ...o days of the week time no periodic days of the week The first occurrence of this argument is the starting day or days from which the configuration that referenced the time range starts going into effect The second occurrence is the ending day or days from which the configuration that referenced the time range is no longer in effect If the end days of the week are the same as the start they can be...

Page 1754: ...eriodic time range and bounded by the absolute time range In this case the absolute time entry specifies the absolute start and end dates times and the periodic entries specify the start stop times within the limits of the absolute time entry dates and times If a periodic time entry is added to an active time range with an existing absolute time entry the absolute time entry immediately becomes in...

Page 1755: ...re displayed Syntax show time range name name A specific time range to display Default Configuration This command has no default configuration Command Mode Privileged EXEC Configuration mode and all Configuration submodes User Guidelines This command outputs the following Parameter Description Number of Time Ranges Number of time ranges configured in the system Time Range Name Name of the time ran...

Page 1756: ...range Admin mode Enabled Current number of all Time Ranges 1 Maximum number of all Time Ranges 100 Periodic Time Range Name Status Entry count Absolute Entry t1 Active 0 Does not exist Periodic end End time and day for periodic entry Parameter Description ...

Page 1757: ...loy configurations and images from USB flash drive to the switch A USB flash drive can be used easily to move and copy configuration and image files from one switch to other Files from the switch can be copied to a USB flash device and can be used to deploy on other switches in the network Validation of Files Downloaded Uploaded from USB Device Image files are validated before downloading from the...

Page 1758: ...f Files After the file validations are successful the switch proceeds with downloading of files from the USB flash device to the switch and uploading of files from the switch to the USB flash drive The status of file download upload is shown on the console Detailed messages are logged in the system log for further reference Commands in this Chapter This chapter explains the following commands unmo...

Page 1759: ...device details Syntax show usb device Default Configuration This command has no default configuration Command Mode Privileged EXEC User Guidelines The following table explains the output parameters Parameter Description Device Status This field specifies the current status of device Active if device is plugged in and the device is recognized by the switch Inactive if device is not mounted Invalid ...

Page 1760: ... the output if the device is not plugged into the USB slot console show usb device USB flash device is not plugged in dir usb Use the dir usb command in Privileged EXEC mode to display the USB device contents and memory statistics Serial Number Serial number of the device USB Version Compliance Version of the USB device Class Code Device Class Subclass Code Device SubClass Protocol Device Protocol...

Page 1761: ...ime SecureII 4096 02 25 2009 14 43 24 Documents 4096 11 27 2009 14 58 36 Stuff 4096 11 27 2009 14 59 32 Austin 4096 09 11 2010 18 43 16 running config 819 05 13 2000 20 40 44 PC7000v20101108_1 stk 12567304 11 08 2010 16 13 54 PCM6348v10 29 16 43 stk 12444340 11 01 2010 13 55 40 Total Size 3708858368 Bytes Used 218435911 Bytes Free 3490422457 Parameter Description Filename File name Filesize File s...

Page 1762: ...1762 USB Flash Drive Commands ...

Page 1763: ...figure terminal command to enter global configuration mode This command is equivalent to the configure command with no terminal argument Syntax configure terminal Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Example console conf t console config console configure terminal console config configure terminal end do exit enable quit ...

Page 1764: ... be executed It should be an unambiguous command from the Privileged EXEC mode Commands such as configure are forbidden Command line completion for the line parameter is supported Users may only execute commands for which they have the appropriate privileges Default Configuration This command has no default configuration Command Mode All except Privileged EXEC and User EXEC modes User Guidelines A...

Page 1765: ...y help for various special keys locate Blink the locator LED logout Exit this session Any unsaved changes are lost ping Send ICMP echo packets to a specified IP address quit Exit this session Any unsaved changes are lost release Release an in band DHCP assigned address reload Reload stack or a switch in the stack rename Rename a file renew Renew an in band DHCP assigned address script Manage and e...

Page 1766: ...r Guidelines If there is no authentication method defined for enable then a level 1 user is not allowed to execute this command Example The following example shows how to enter privileged mode console enable console end Use the end command to get the CLI user control back to the privileged execution mode or user execution mode Syntax end Default Configuration This command has no default configurat...

Page 1767: ...tch Syntax exit Default Configuration This command has no default configuration Command Mode All command modes In User EXEC mode this command behaves identically with the quit command User Guidelines There are no user guidelines for this command Example The following example changes the configuration mode from Interface Configuration mode to User EXEC mode to the login prompt console config if Gi1...

Page 1768: ...terminal session by logging off the switch Syntax quit Default Configuration This command has no default configuration Command Mode User EXEC command mode User Guidelines There are no user guidelines for this command Example The following example closes an active terminal session console quit ...

Page 1769: ...This poses a security threat The Web Sessions feature makes use of cookies to control web connections sessions Cookies must be enabled on the browser The Set Cookie directive is sent only once at initiation of the session With the introduction of Web Sessions the client connections can be monitored and controlled Web Sessions put the authentication control in the Dell Networking instead of the cli...

Page 1770: ...mon name common name common name Specifies the fully qualified URL or IP address of the switch If left unspecified this parameter defaults to the lowest IP address of the switch when the certificate is generated Range 1 64 Default Configuration This command has no default configuration common name ip http secure port country ip http secure server crypto certificate generate key generate crypto cer...

Page 1771: ...ate Generation or Crypto Certificate Request mode to specify the country Syntax country country country Specifies the country name Range 2 characters Default Configuration This command has no default configuration Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate gene...

Page 1772: ...er switch If the RSA keys do not exist the generate parameter must be used To save the generated certificate and keys on the local switch and distribute the certificate across a stack save the configuration Otherwise the certificate and keys will not be available after the next reboot Example The following example generates a self signed HTTPS certificate console config crypto certificate 1 genera...

Page 1773: ... be based on a certificate request created by the crypto certificate request Privileged EXEC command If the public key found in the certificate does not match the switch s SSL RSA key the command fails This command is not saved in the router configuration however the certificate imported by this command is saved in the private configuration which is never displayed to the user or backed up to anot...

Page 1774: ...request number Specifies the certificate number Range 1 2 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Use this command to export a certificate request to a Certification Authority The certificate request is generated in Base64 encoded X 509 format Before generating a certificate request you must first generate a self signed cert...

Page 1775: ...eft unspecified the parameter defaults to 365 days Range 30 3650 days Default Configuration This command defaults to 365 days Command Mode Crypto Certificate Generation mode User Guidelines This command mode is entered using the crypto certificate generate command Example The following example displays how specify a duration of 50 days that a certification is valid console config crypto cert durat...

Page 1776: ...d not be set to a value that might conflict with other well known protocol port numbers used on this switch Example The following example shows how the http port number is configured to 10013 console config ip http port 10013 ip http server Use the ip http server command in Global Configuration mode to enable the switch to allow HTTP access to the switch To disable this function use the no form of...

Page 1777: ...a browser console config ip http server ip http secure certificate Use the ip http secure certificate command in Global Configuration mode to configure the active certificate for HTTPS To return to the default setting use the no form of this command Syntax ip http secure certificate number no ip http secure certificate number Specifies the certificate number Range 1 2 Default Configuration The def...

Page 1778: ...rt port number Port number for use by the secure HTTP server Range 1025 65535 Default Configuration This default port number is 443 Command Mode Global Configuration mode User Guidelines The HTTPS TCP port should not be set to a value that might conflict with other well known protocol port numbers used on this switch It is not possible for the administrator to directly configure the port number to...

Page 1779: ...mand Mode Global Configuration mode User Guidelines You must import a certificate using the crypto certificate import command followed by the crypto certificate generate command Example The following example enables the switch to be configured from a browser console config ip http secure server key generate Use the key generate command in Crypto Certificate Generation mode to specify the key gener...

Page 1780: ...pecify that you want to regenerate the SSL RSA key 1024 byes in length console config crypto cert key generate 1024 location Use the location command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the location or city name Syntax location location location Specifies the location or city name Range 1 64 characters Default Configuration This command has no default con...

Page 1781: ...racters Default Configuration This command has no default configuration Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command Example The following example displays how to specify the generalmotors organization unit console config crypto cert organization...

Page 1782: ...jCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw CwR0PBAQDAgFGMA8GA1UdEwEB wQFMAMBAf8wHQYDVR0OBBYEFAf4MT9BRD47 ZvKBAEL9Ggp 6MIIBNgYDVR0fBIIBLTCCASkwgdKggc ggcyGgclsZGFwOi8v L0VByb3h5JTIwU29mdHdhcmUlMjBSb290JTIwQ2VydGlmaWVyLENOPXNlcnZl END CERTIFICATE Issued by www verisign com Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US Finger print DC789788 DC88A988 127897BC BB789788 show ip...

Page 1783: ...w ip http server secure status Default Configuration This command has no default configuration Command Mode User EXEC Privileged EXEC modes Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines Example The following example displays an HTTPS server configuration with DH Key exchange enabled console show ip https HTTPS server enabled Port 443 DH Key e...

Page 1784: ...l Motors C US Finger print DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by self signed Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US Finger print 1873B936 88DC3411 BC8932EF 782134BA state Use the state command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the state or province name Syntax state state state Sp...

Page 1785: ...Web Server Commands 1785 Example The following example shows how to specify the state of texas console config crypto cert state texas ...

Page 1786: ...1786 Web Server Commands ...

Page 1787: ...F 1196 area nssa Router OSPFv3 1279 area nssa default info originate Router OSPF Config 1198 area nssa default info originate Router OSPFv3 Config 1280 area nssa no redistribute 1199 1281 area nssa no summary 1200 1282 area nssa translator role 1200 1283 area nssa translator stab intv 1201 1284 area range Router OSPF 1202 area range Router OSPFv3 1285 area stub 1205 1286 area stub no summary 1206 ...

Page 1788: ...eout 1397 authorization 229 auth port 704 auto cost 1213 auto summary 1341 B bandwidth 1214 banner exec 1670 banner login 1671 banner motd 1672 banner motd acknowledge 1673 block 1402 boot auto copy sw 1388 boot auto copy sw allow downgrade 1389 boot host autoreboot 1390 boot host autosave 1390 boot host dhcp 1391 boot host retrycount 1392 boot system 1458 bootfile 935 bootpdhcprelay maxhopcount 1...

Page 1789: ... config 1459 clear counters 372 clear counters stack ports 1676 clear dhcp l2relay statistics interface 322 clear dot1x authentication history 874 clear green mode statistics 434 clear gvrp statistics 443 clear host 478 clear ip address conflict detect 478 clear ip arp inspection statistics 346 clear ip dhcp binding 935 clear ip dhcp conflict 936 clear ip dhcp snooping binding 330 clear ip dhcp sn...

Page 1790: ...ate 1447 clock summer time recurring 1446 clock timezone hours offset 1444 common name 1770 compatible rfc1583 1217 configuration 1402 conform color 647 connect 1676 copy 1460 cos queue min bandwidth 649 cos queue random detect 650 cos queue strict 652 country 1771 crypto certificate generate 1772 crypto certificate import 1773 crypto certificate request 1774 crypto key generate dsa 1635 crypto ke...

Page 1791: ...5 debug ip pimsm packet 1576 debug ip vrrp 1576 debug ipv6 dhcp 1577 debug ipv6 mcache 1578 debug ipv6 mld 1578 debug ipv6 pimdm 1579 debug ipv6 pimsm 1580 debug isdp 1581 debug lacp 1581 debug mldsnooping 1582 debug ospf 1583 debug ospfv3 1583 debug ping 1584 debug rip 1585 debug sflow 1585 debug spanning tree 1586 debug udld 789 debug vpc 608 debug vrrp 1587 default information originate Router ...

Page 1792: ...cp l2relay Interface Configuration 312 dhcp l2relay circuit id 313 dhcp l2relay remote id 314 dhcp l2relay trust 314 dhcp l2relay vlan 315 diffserv 653 dir 1467 dir usb 1760 distance ospf 1220 1294 distance rip 1344 distribute list out 1221 1344 dns server IP DHCP Pool Config 939 dns server IPv6 DHCP Pool Config 960 do 1764 domain name IP DHCP Pool Config 940 domain name IPv6 DHCP Pool Config 960 ...

Page 1793: ...1x timeout tx period 857 dot1x unauth vlan 875 drop 653 duplex 374 duration 1775 dvlan tunnel ethertype 797 E enable 1222 1295 1345 1398 1403 1766 enable authentication 230 enable password 231 enable password encrypted 1516 encapsulation 1047 end 1766 erase 1468 ethernet cfm cc level 417 ethernet cfm domain 416 ethernet cfm mep active 420 ethernet cfm mep archive hold time 420 ethernet cfm mep ena...

Page 1794: ...lpi history 434 green mode energy detect 432 group 1404 gvrp enable global 445 gvrp enable interface 446 gvrp registration forbid 447 gvrp vlan creation forbid 448 H hardware profile portmode 1680 hardware address 940 hashing mode 595 history 1490 history size 1491 host 941 hostname 1681 hostroutesaccept 1346 http port 1399 https port 1399 I initiate failover 1682 instance mst 732 interface 375 14...

Page 1795: ...83 ip dhcp bootp automatic 942 ip dhcp conflict logging 943 ip dhcp excluded address 943 ip dhcp ping packets 944 ip dhcp pool 932 ip dhcp relay information check 1033 ip dhcp relay information check reply 1034 ip dhcp relay information option 1035 ip dhcp relay information option insert 1036 ip dhcp snooping 331 ip dhcp snooping binding 332 ip dhcp snooping database 333 ip dhcp snooping database ...

Page 1796: ...23 ip igmp query interval 1011 ip igmp query max response time 1012 ip igmp robustness 1013 ip igmp snooping global 454 ip igmp snooping VLAN 456 ip igmp snooping querier 468 ip igmp snooping querier election participate 469 ip igmp snooping querier query interval 470 ip igmp snooping querier timer expiry 471 ip igmp snooping querier version 472 ip igmp snooping report suppression 462 ip igmp snoo...

Page 1797: ... database filter all out 1227 ip ospf dead interval 1228 ip ospf hello interval 1228 ip ospf mtu ignore 1229 ip ospf network 1230 ip ospf priority 1231 ip ospf retransmit interval 1232 ip ospf transmit delay 1233 ip pim 1143 ip pim bsr border 1144 ip pim bsr candidate 1145 ip pim dense mode 1146 ip pim dr priority 1146 ip pim hello interval 1147 ip pim join prune interval 1148 ip pim rp address 11...

Page 1798: ...6 access list 504 ipv6 access list rename 504 ipv6 address 1083 ipv6 address Interface Config 487 ipv6 address OOB Port 488 ipv6 address dhcp 489 ipv6 dhcp pool 961 ipv6 dhcp relay 962 ipv6 dhcp server 963 ipv6 dhcp snooping log invalid 982 ipv6 dhcp snooping trust 983 ipv6 dhcp snooping verify mac address 983 ipv6 enable 1085 ipv6 enable Interface Config 490 ipv6 enable OOB Config 491 ipv6 gatewa...

Page 1799: ...pmembership interval 510 ipv6 mld snooping vlan immediate leave 510 ipv6 mld snooping vlan last listener query interval 512 ipv6 mld snooping vlan mcrtexpiretime 513 ipv6 mld snooping vlan mrouter 514 ipv6 nd dad attempts 1092 ipv6 nd managed config flag 1093 ipv6 nd ns interval 1093 ipv6 nd other config flag 1094 ipv6 nd prefix 1095 ipv6 nd ra interval 1096 ipv6 nd ra lifetime 1097 ipv6 nd reacha...

Page 1800: ...1099 ipv6 route distance 1101 ipv6 router ospf 1305 ipv6 traffic filter 505 ipv6 unicast routing 1101 ipv6 unreachables 1487 ipv6 verify binding 984 ipv6 verify source 985 iscsi aging time 536 iscsi cos 537 iscsi enable 539 iscsi target port 540 isdp advertise v2 302 isdp enable 303 isdp holdtime 304 isdp timer 304 K key 706 772 key encrypted 707 772 key generate 1779 key string 1641 L lacp port p...

Page 1801: ...mit tlv 561 load interval 1683 locale 1405 locate 1684 location 1780 log adjacency changes 1233 logging 1652 logging audit 1654 logging buffered 1655 logging cli command 1651 logging console 1656 logging email 358 logging email from addr 362 logging email logtime 363 logging email message type subject 363 logging email message type to addr 361 logging email test message type 364 logging email urge...

Page 1802: ...obal apply 1429 macro global description 1431 macro global trace 1430 macro name 1428 macro trace 1432 mail server ip address hostname 366 management access class 1497 management access list 1498 mark cos 654 mark ip dscp 655 mark ip precedence 655 match class map 656 match cos 657 match destination address mac 658 match dstip 659 match dstip6 659 match dstl4port 660 match ethertype 661 match ip a...

Page 1803: ...vileged Exec 382 monitor session 628 motd banner 1688 msgauth 708 mvr 576 mvr group 576 mvr immediate 580 mvr mode 577 mvr querytime 578 mvr type 581 mvr vlan 579 mvr vlan group 582 N name Captive Portal 1406 name mst 734 name RADIUS server 708 name VLAN Configuration 802 netbios name server 946 netbios node type 947 network 947 network area 1237 next server 948 no clock summer time 1448 no clock ...

Page 1804: ...trength exclude keyword 1515 passwords strength max limit consecutive characters 1513 passwords strength max limit repeated characters 1513 passwords strength minimum character classes 1514 passwords strength minimum lowercase letters 1510 passwords strength minimum numeric characters 1511 passwords strength minimum special characters 1512 passwords strength minimum uppercase letters 1510 password...

Page 1805: ... power inline powered device 1533 power inline priority 1533 power inline reset 1534 power inline usage threshold 1535 prefix delegation 965 primary 709 priority 710 774 priority flow control mode 910 priority flow control priority 911 private vlan 832 protocol 1406 protocol group 803 protocol vlan group 804 protocol vlan group all 805 Q quit 1768 R radius server attribute 4 711 radius server dead...

Page 1806: ...325 retransmit 718 revision mst 735 rmon alarm 1539 rmon collection history 1541 rmon event 1542 rmon hcalarm 1543 role priority 614 route map 1058 router ospf 1244 router rip 1351 router id 1244 1312 rule 252 S script apply 1451 script delete 1452 script list 1453 script show 1453 script validate 1454 sdm prefer 1559 security 366 service 417 service dhcp 953 service dhcpv6 966 service unsupported...

Page 1807: ...ess list 351 show authentication 862 show authentication methods 240 show authenticaton authentication history 863 show authenticaton statistics 864 show authorization methods 241 show auto copy sw 1393 show backup config 1470 show banner 1696 show boot 1393 show bootvar 1471 show captive portal 1400 show captive portal client status 1410 show captive portal configuration 1420 show captive portal ...

Page 1808: ... dhcp l2relay agent option vlan 319 show dhcp l2relay all 316 show dhcp l2relay circuit id vlan 320 show dhcp l2relay interface 316 show dhcp l2relay remote id vlan 321 show dhcp l2relay stats interface 317 show dhcp l2relay subscription interface 318 show dhcp l2relay vlan 319 show dhcp lease 326 show diffserv 686 show diffserv service brief 688 show diffserv service interface 686 show diffserv s...

Page 1809: ... interface id 385 1699 show interfaces advanced firmware 1701 show interfaces advertise 385 show interfaces configuration 387 show interfaces cos queue 689 show interfaces counters 388 show interfaces description 391 show interfaces detail 392 show interfaces interface id 1701 show interfaces loopback 1134 show interfaces port channel 601 show interfaces priority flow control 913 show interfaces r...

Page 1810: ... 1000 show ip dvmrp route 1000 show ip helper statistics 1043 show ip helper address 494 1041 show ip http server secure status 1783 show ip http server status 1782 show ip igmp 1016 show ip igmp groups 1017 show ip igmp interface 1017 show ip igmp interface stats 1019 show ip igmp membership 1018 show ip igmp proxy service 1024 show ip igmp proxy service groups 1025 show ip igmp proxy service gro...

Page 1811: ...6 show ip ospf statistics 1267 show ip ospf stub table 1269 show ip ospf traffic 1270 show ip ospf virtual link 1272 show ip ospf virtual links brief 1273 show ip pim 1157 show ip pim boundary 1153 show ip pim bsr router 1158 show ip pim interface 1159 show ip pim neighbor 1161 show ip pim rp hash 1162 show ip pim rp mapping 1163 show ip policy 1065 show ip protocols 1066 show ip rip 1352 show ip ...

Page 1812: ...tatistics 989 show ipv6 dhcp statistics 973 show ipv6 interface 1107 show ipv6 interface management statistics 1110 show ipv6 interface out of band 496 show ipv6 mld groups 1111 show ipv6 mld interface 1114 show ipv6 mld snooping 515 show ipv6 mld snooping groups 517 show ipv6 mld snooping mrouter 519 show ipv6 mld snooping querier 526 show ipv6 mld traffic 1122 show ipv6 mld proxy 1116 show ipv6 ...

Page 1813: ... ipv6 pim 1177 show ipv6 pim interface 1184 show ipv6 pim neighbor 1185 show ipv6 pim rp mapping 1186 show ipv6 pim rphash 1186 show ipv6 route 1124 show ipv6 route preferences 1125 show ipv6 route summary 1126 show ipv6 source binding 990 show ipv6 traffic 1127 show ipv6 verify 991 show ipv6 verify source 992 show ipv6 vlan 1129 show iscsi 542 show iscsi sessions 543 show isdp 305 show isdp entry...

Page 1814: ...90 show mac address table multicast 285 show mac address table static 291 show mac address table vlan 292 show mail server 369 show management access class 1501 show management access list 1502 show memory cpu 1703 show monitor capture 397 show monitor session 631 show mvr 583 show mvr interface 585 show mvr members 584 show mvr traffic 587 show nsf 1704 show parser macro 1433 show passwords confi...

Page 1815: ... service acl interface 274 show service policy 693 show sessions 1708 show sflow agent 1603 show sflow destination 1604 show sflow polling 1605 show sflow sampling 1606 show slot 1709 show snmp 1610 show snmp engineID 1611 show snmp filters 1611 show snmp group 1612 show snmp user 1614 show snmp views 1615 show sntp configuration 1436 show sntp server 1437 show sntp status 1438 show spanning tree ...

Page 1816: ...rt 1727 show time range 1755 show trapflags 1616 show udld 787 show usb 1759 show users 1729 show users accounts 242 show users login history 243 show version 1730 show vlan 812 show vlan association mac 813 show vlan association subnet 814 show vlan private vlan 833 show vlan remote span 633 show voice vlan 838 show vpc 615 show vpc brief 616 show vpc consistency features 619 show vpc consistency...

Page 1817: ...39 sntp authentication key 1440 sntp broadcast client enable 1441 sntp client poll timer 1441 sntp server 1442 sntp trusted key 1443 sntp unicast client enable 1444 source ip 725 spanning tree 743 spanning tree auto portfast 743 spanning tree backbonefast 744 spanning tree bpdu flooding 745 spanning tree bpdu protection 746 spanning tree cost 747 spanning tree disable 748 spanning tree forward tim...

Page 1818: ... spanning tree vlan max age 768 spanning tree vlan priority 769 spanning tree vlan root 769 speed 404 1493 split horizon 1354 stack 1731 stack port 1732 stack port interface shutdown 1733 standby 1734 state 1784 storm control broadcast 406 storm control multicast 406 storm control unicast 407 switch renumber 1735 switchport access vlan 815 switchport forbidden vlan 816 switchport general acceptabl...

Page 1819: ...rs pacing lsa group 1274 timers spf 1275 traceroute 1738 traceroute ethernet cfm 423 traceroute ipv6 1129 1740 traffic class group max bandwidth 901 traffic class group min bandwidth 902 traffic class group strict 903 traffic class group weight 905 traffic shape 694 tunnel destination 1359 tunnel mode ipv6ip 1360 tunnel source 1361 U udld enable Global Config 783 udld enable Interface Config 786 u...

Page 1820: ... vlan makestatic 825 vlan priority 695 vlan protocol group 826 vlan protocol group add protocol 827 vlan protocol group name 828 vlan protocol group remove 829 voice vlan 836 voice vlan Interface 836 voice vlan data priority 837 vpc 622 vpc domain 623 vpc peer link 624 vrrp accept mode 1366 vrrp authentication 1367 vrrp description 1368 vrrp ip 1369 vrrp mode 1370 vrrp preempt 1371 vrrp priority 1...

Page 1821: ...W write 1474 write core 1593 ...

Page 1822: ...www dell com support dell com Printed in the U S A ...

Page 1823: ......

Reviews:

No comments

Related manuals for Networking 2048

Brand: Dataprobe Pages: 31

Brand: IBM Pages: 13

Flex System EN2092

Brand: IBM Pages: 2

Brand: B&K Pages: 28

Brand: B&K Pages: 2

Brand: Fairchild Pages: 14

Brand: FANATEC Pages: 40

Brand: REV Ritter Pages: 15

TradeSwitch2-USB

Brand: G&D Pages: 88

Unified Gigabit Wireless PoE Switch 24...

Brand: 3Com Pages: 40

Brand: Wavetronix Pages: 3

Brand: BluStream Pages: 4

Brand: H3C Pages: 57

Brand: Avid Technology Pages: 34

SICOM3028GP Series

Brand: KYLAND Technology Pages: 40

Storage Networking SAN128B-6

Brand: IBM Pages: 116

Brand: Veris Industries Pages: 2

Brand: Lantech Pages: 80

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands