Home
/
Edge-Core
/
AS5700-54X
/
Cli Reference Manual

Edge-Core AS5700-54X, Cli Reference Manual, Page: 305 / 1116

Share

Page: 305 / 1116

Edge-Core AS5700-54X Cli Reference Manual Download Page 305

Chapter 8

| General Security Measures

IPv4 Source Guard

– 305 –

ip source-guard

This command configures the switch to filter inbound traffic based on source IP
address, or source IP address and corresponding MAC address. Use the

no

form to

disable this function.

Syntax

ip source-guard

{

sip

|

sip-mac

}

no

ip source-guard

sip

- Filters traffic based on IP addresses stored in the binding table.

sip-mac

- Filters traffic based on IP addresses and corresponding MAC

addresses stored in the binding table.

Default Setting

Disabled

Command Mode

Interface Configuration (Ethernet)

Command Usage

◆

Source guard is used to filter traffic on an insecure port which receives
messages from outside the network or fire wall, and therefore may be subject
to traffic attacks caused by a host trying to use the IP address of a neighbor.

◆

Setting source guard mode to “sip” or “sip-mac” enables this function on the
selected port. Use the “sip” option to check the VLAN ID, source IP address, and
port number against all entries in the binding table. Use the “sip-mac” option
to check these same parameters, plus the source MAC address. Use the

no ip

source guard

command to disable this function on the selected port.

◆

When enabled, traffic is filtered based upon dynamic entries learned via DHCP
snooping, or static addresses configured in the source guard binding table.

◆

Table entries include a MAC address, IP address, lease time, entry type (Static-IP-
SG-Binding, Dynamic-DHCP-Binding, VLAN identifier, and port identifier.

◆

Static addresses entered in the source guard binding table with the

command are automatically configured with an infinite lease

time. Dynamic entries learned via DHCP snooping are configured by the DHCP
server itself.

◆

If the IP source guard is enabled, an inbound packet’s IP address (sip option) or
both its IP address and corresponding MAC address (sip-mac option) will be
checked against the binding table. If no matching entry is found, the packet
will be dropped.

◆

Filtering rules are implemented as follows:

■

If DHCPv4 snooping is disabled (see

), IP source guard will check

the VLAN ID, source IP address, port number, and source MAC address (for

«
...
303
304
305
306
307
...
»

Summary of Contents for AS5700-54X

Page 1: ...CLI Reference Guide www edge core com 10G 40G Top of Rack Switches AS5700 54X AS6700 32X Software Release v1 1 166 154...

Page 2: ...SFP Ports 6 40GBASE QSFP Ports 2 Power Supply Units and 4 Fan Trays 4 Fans F2B and B2F Airflow AS6700 32X 32 Port 40G Data Center Switch with 20 40G QSFP Ports 2 40G Expansion Slots 2 Power Supply Un...

Page 3: ...ibes the switch s command line interface CLI For more detailed information on the switch s key features refer to the Administrator s Guide The guide includes these sections Section I Getting Started I...

Page 4: ...tential hazard that could cause loss of data or damage the system or equipment Warning Alerts you to a potential hazard that could cause personal injury Revision History This section summarizes the ch...

Page 5: ...Craft Port 58 Obtaining and Installing a License for the Network Ports 59 Configuring the Switch for Remote Management 61 Using the Service Port or Network Interface 61 Setting an IP Address 62 Enabli...

Page 6: ...words and Arguments 85 Minimum Abbreviation 85 Command Completion 85 Getting Help on Commands 86 Partial Keyword Lookup 87 Negating the Effect of Commands 88 Using Command History 88 Understanding Com...

Page 7: ...tion 109 banner configure ip lan 110 banner configure lp number 110 banner configure manager info 111 banner configure mux 112 banner configure note 112 show banner 113 System Status 113 location led...

Page 8: ...c Code Upgrade Commands 137 upgrade opcode auto 137 upgrade opcode path 138 upgrade opcode reload 139 show upgrade 140 TFTP Configuration Commands 140 ip tftp retry 140 ip tftp timeout 141 show ip tft...

Page 9: ...ogging sendmail destination email 162 logging sendmail source email 162 show logging sendmail 163 Time 163 SNTP Commands 164 sntp client 164 sntp poll 165 sntp server 166 show sntp 166 NTP Commands 16...

Page 10: ...Target Host Commands 186 snmp server enable traps 186 snmp server host 187 snmp server enable port traps mac notification 189 show snmp server enable port traps 190 SNMPv3 Commands 190 snmp server en...

Page 11: ...ds 211 User Accounts 212 enable password 212 username 213 Authentication Sequence 214 authentication enable 214 authentication login 215 RADIUS Client 216 radius server acct port 217 radius server aut...

Page 12: ...4 ip ssh timeout 235 delete public key 235 ip ssh crypto host key generate 236 ip ssh crypto zeroize 237 ip ssh save host key 237 show ip ssh 238 show public key 238 show ssh 239 802 1X Port Authentic...

Page 13: ...ess mac filter 263 mac authentication reauth time 263 network access dynamic qos 264 network access dynamic vlan 265 network access guest vlan 266 network access link detection 267 network access link...

Page 14: ...option remote id 285 ip dhcp snooping information policy 286 ip dhcp snooping limit rate 286 ip dhcp snooping verify mac address 287 ip dhcp snooping vlan 288 ip dhcp snooping information option circ...

Page 15: ...ing 310 ipv6 source guard 312 ipv6 source guard max binding 313 show ipv6 source guard 314 show ipv6 source guard binding 315 IPv6 Source Guard 315 ipv6 source guard binding 316 ipv6 source guard 317...

Page 16: ...permit deny Standard IP ACL 337 permit deny Extended IPv4 ACL 338 ip access group 340 show ip access group 341 show ip access list 341 IPv6 ACLs 342 access list ipv6 342 permit deny Standard IPv6 ACL...

Page 17: ...ofile portmode 368 show interfaces brief 369 show interfaces counters 369 show interfaces history 373 show interfaces status 376 show interfaces switchport 377 Transceiver Threshold Configuration 378...

Page 18: ...annel 397 lacp timeout 398 Trunk Status Display Commands 399 show lacp 399 show port channel load balance 403 MLAG Commands 403 mlag 404 mlag peer link 405 mlag group member 405 show mlag 407 show mla...

Page 19: ...nds 429 udld detection interval 429 udld message interval 430 udld recovery 431 udld recovery interval 431 udld aggressive 432 udld port 433 show udld 434 16 Address Table Commands 437 mac address tab...

Page 20: ...ype 458 spanning tree mst cost 459 spanning tree mst port priority 460 spanning tree port priority 461 spanning tree root guard 461 spanning tree spanning disabled 462 spanning tree tc prop stop 463 s...

Page 21: ...nnel mode 486 switchport dot1q tunnel priority map 486 switchport dot1q tunnel service default match all 487 switchport dot1q tunnel service match cvid 488 show dot1q tunnel 490 Configuring L2CP Tunne...

Page 22: ...tation 517 qos map ip port dscp 518 qos map ip prec dscp 519 qos map trust mode 520 show qos map cos dscp 521 show map default drop precedence 521 show map dscp cos 522 show qos map dscp mutation 523...

Page 23: ...how pfc statistics 553 Enhanced Transmission Selection Commands 554 ets mode 555 traffic class algo 555 traffic class map 556 traffic class weight 557 show ets mapping 558 show ets weight 559 Congesti...

Page 24: ...query solicit 588 ip igmp snooping unregistered data flood 589 ip igmp snooping unsolicited report interval 590 ip igmp snooping version 590 ip igmp snooping version exclusive 591 ip igmp snooping vla...

Page 25: ...ilter 614 show ip igmp profile 615 show ip igmp query drop 615 show ip igmp throttle interface 616 MLD Snooping 617 ipv6 mld snooping 618 ipv6 mld snooping querier 618 ipv6 mld snooping query interval...

Page 26: ...637 IGMP Proxy Routing 638 ip igmp proxy 638 ip igmp proxy unsolicited report interval 640 MLD Layer 3 640 ipv6 mld 641 ipv6 mld last member query response interval 641 ipv6 mld max resp interval 642...

Page 27: ...v pfc config 664 lldp dot1 tlv proto ident 664 lldp dot1 tlv proto vid 665 lldp dot1 tlv pvid 665 lldp dot1 tlv vlan name 666 lldp dot3 tlv link agg 666 lldp dot3 tlv mac phy 667 lldp dot3 tlv max fra...

Page 28: ...nts remote detail 699 Continuity Check Operations 701 ethernet cfm cc ma interval 701 ethernet cfm cc enable 702 snmp server enable traps ethernet cfm cc 703 mep archive hold time 704 clear ethernet c...

Page 29: ...tions 720 ethernet cfm delay measure two way 720 25 Domain Name Service Commands 723 ip domain list 724 ip domain lookup 725 ip domain name 725 ip host 726 ip name server 727 ipv6 host 728 clear dns c...

Page 30: ...p timeout 752 clear arp cache 753 show arp 753 IPv6 Interface 754 Interface Address Configuration and Utilities 755 ipv6 default gateway 755 ipv6 address 756 ipv6 address eui 64 757 ipv6 address link...

Page 31: ...ax binding 786 ipv6 nd snooping trust 787 clear ipv6 nd snooping binding 787 clear ipv6 nd snooping prefix 788 show ipv6 nd snooping 788 show ipv6 nd snooping binding 788 show ipv6 nd snooping prefix...

Page 32: ...Hash 812 protocol id IPv4 Hash 812 src ip IPv4 Hash 812 src l4 port IPv4 Hash 813 vlan IPv4 Hash 813 collapsed dst ip IPv6 Hash 813 collapsed src ip IPv6 Hash 814 dst l4 port IPv6 Hash 814 next header...

Page 33: ...35 clear ip rip route 835 show ip protocols rip 836 show ip rip 837 Open Shortest Path First OSPFv2 838 General Configuration 839 router ospf 839 compatible rfc1583 840 default information originate 8...

Page 34: ...ay 865 passive interface 866 Display Information 866 show ip ospf 866 show ip ospf border routers 868 show ip ospf database 869 show ip ospf interface 875 show ip ospf neighbor 877 show ip ospf route...

Page 35: ...nformation 900 show ipv6 ospf 900 show ipv6 ospf database 902 show ipv6 ospf interface 903 show ipv6 ospf neighbor 904 show ipv6 ospf route 905 show ipv6 ospf virtual links 906 Border Gateway Protocol...

Page 36: ...and Selection 944 bgp always compare med 944 bgp bestpath as path ignore 944 bgp bestpath compare confed aspath 945 bgp bestpath compare routerid 945 bgp bestpath med 946 bgp default local preference...

Page 37: ...list 965 neighbor remote as 966 neighbor remove private as 966 neighbor route map 967 neighbor route reflector client 968 neighbor route server client 969 neighbor send community 970 neighbor shutdown...

Page 38: ...p prefix list 988 show ip prefix list detail 989 show ip prefix list summary 989 show ip protocols bgp 990 Policy based Routing for BGP 991 route map 993 call 994 continue 995 description 995 match as...

Page 39: ...ip mroute 1014 IPv6 Commands 1016 ipv6 multicast routing 1016 show ipv6 mroute 1017 Static Multicast Routing 1019 ip igmp snooping vlan mrouter 1019 Static Multicast Routing 1020 ip igmp snooping vlan...

Page 40: ...threshold 1039 ip pim ssm range 1040 ip pim dr priority 1042 ip pim join prune interval 1043 clear ip pim bsr rp set 1044 show ip pim bsr router 1045 show ip pim rp mapping 1046 show ip pim rp hash 1...

Page 41: ...1062 ipv6 pim spt threshold 1064 ipv6 pim dr priority 1065 ipv6 pim join prune interval 1066 clear ipv6 pim bsr rp set 1067 show ipv6 pim bsr router 1068 show ipv6 pim rp mapping 1069 show ipv6 pim rp...

Page 42: ...Contents 42...

Page 43: ...apping QinQ Service VLAN to Customer VLAN 489 Figure 5 Openflow Process 571 Figure 6 Connections for Internal and External BGP 908 Figure 7 Connections for Single Route Reflector 914 Figure 8 Connecti...

Page 44: ...Figures 44...

Page 45: ...s list tcam utilization display description 115 Table 14 show system display description 121 Table 15 show version display description 124 Table 16 Fan Control Commands 125 Table 17 Frame Size Command...

Page 46: ...le 45 show ssh display description 239 Table 46 802 1X Port Authentication Commands 240 Table 47 Management IP Filter Commands 252 Table 48 General Security Commands 255 Table 49 Port Security Command...

Page 47: ...mands 411 Table 80 Congestion Control Commands 419 Table 81 Rate Limit Commands 419 Table 82 Rate Limit Commands 421 Table 83 Loopback Detection Commands 423 Table 84 UniDirectional Link Detection Com...

Page 48: ...115 Multicast Filtering Commands 581 Table 116 IGMP Snooping Commands 582 Table 117 show ip igmp snooping statistics input display description 603 Table 118 show ip igmp snooping statistics output di...

Page 49: ...Commands 737 Table 150 IP Interface Commands 741 Table 151 IPv4 Interface Commands 741 Table 152 Basic IP Configuration Commands 742 Table 153 Address Resolution Protocol Commands 751 Table 154 IPv6 C...

Page 50: ...ay description 906 Table 185 Border Gateway Protocol Commands Version 4 918 Table 186 show ip bgp display description 977 Table 187 show ip bgp community info display description 980 Table 188 show ip...

Page 51: ...isplay description 1056 Table 207 show ip pim bsr router display description 1068 Table 208 show ip pim rp mapping display description 1069 Table 209 show ip pim rp hash display description 1070 Table...

Page 52: ...Tables 52...

Page 53: ...ides an overview of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these ch...

Page 54: ...Section I Getting Started 54...

Page 55: ...standard web browser such as Internet Explorer 8 or above Mozilla Firefox 32 or above and Google Chrome 39 or above The switch s web management interface can be accessed from any computer attached to...

Page 56: ...that enables a connection to a PC or terminal for monitoring and configuring the switch A null modem console cable is provided with the switch Attach a VT100 compatible terminal or a PC running a term...

Page 57: ...y mode 2 Hybrid mode Select 1 2 Operation Mode Legacy Logging Onto the Command Line Interface The CLI program provides two different command levels normal access level Normal Exec and privileged acces...

Page 58: ...X 10G and AS6700 32X 40G Layer 3 Ethernet switches AS5700 54X and AS6700 32X are the bare metal switch names without any operating system installed AOS5700 54X and AOS6700 32X are the same switches wi...

Page 59: ...at is network ports but not the craft port are disabled by default These ports will only function when a port usage license is obtained from your distributor and installed on the switch To verify whet...

Page 60: ...1B 71 Web Server Enabled Web Server Port 80 Web Secure Server Enabled Web Secure Server Port 443 Telnet Server Enabled Telnet Server Port 23 Jumbo Frame Disabled To install a license first verify that...

Page 61: ...aqYSy270I97Syoaztq3DfsAtd0NPoVOabb8iWqIGFqy43ieDkIaYB E pTZkUY8vFt6JOiIDsPQLrzu8W HU6xcX9YS0UmBisZoSHSu eJeHzpGupwdYhccOQ5gL2O5YK9f1 LGjsQz8sjHVwaa7u7NsOu26zt1XGrwq1Pj5jIzJc6uJ7QZBicjqbpqhNyUM9vmx2qnw...

Page 62: ...e than one subnet can only be manually configured as described in Assigning an IPv6 Address on page 63 Manual Configuration You can manually assign an IP address to the switch You may also need to spe...

Page 63: ...ace on page 754 Link Local Address All link local addresses must be configured with a prefix in the range of FE80 FEBF Remember that this address type makes the switch accessible over IPv6 for all dev...

Page 64: ...prefix that form the network address and is expressed as a decimal number For example all IPv6 addresses that start with the first byte of 73 hexadecimal could be expressed as 73 0 0 0 0 0 0 0 8 or 7...

Page 65: ...ast every few minutes using exponential backoff until IP configuration information is obtained from a DHCP server DHCP values can include the IP address subnet mask and default gateway If the DHCP ser...

Page 66: ...ss Obtaining an IPv6 Address Link Local Address There are several ways to configure IPv6 addresses The simplest method is to automatically generate a link local address identified by an address prefix...

Page 67: ...rovide management access for version 1 or 2c clients you must specify a community string The switch provides a default MIB View i e an SNMPv3 construct for the default public community string that pro...

Page 68: ...r host command From the Privileged Exec level global configuration mode prompt type snmp server host host address community string version 1 2c 3 auth noauth priv where host address is the IP address...

Page 69: ...file The types of files are Configuration This file type stores system configuration information and is created when configuration settings are saved Saved configuration files can be selected as a sy...

Page 70: ...mware to the switch and activate it The TFTP server could be any standards compliant server running on Windows or Linux When downloading from an FTP server the logon interface will prompt for a user n...

Page 71: ...g startup config command always sets the new file as the startup file To select a previously saved configuration file use the boot system config filename command The maximum number of saved configurat...

Page 72: ...he host portion of the upgrade file location URL must be a valid IPv4 IP address DNS host names are not recognized Valid IP addresses consist of four numbers 0 to 255 separated by periods The path to...

Page 73: ...peding normal operations data switching etc of the switch During the automatic search and transfer process the administrator cannot transfer or update another operation code image configuration file p...

Page 74: ...this command the switch will follow these steps when it boots up a It will search for a new version of the image at the location specified by upgrade opcode path command The name for the new image sto...

Page 75: ...n index entry for a switch requesting service it should reply with the TFTP server name and boot file name Note that the vendor class identifier can be formatted in either text or hexadecimal but the...

Page 76: ...on the DHCP client request sent by this switch includes a parameter request list asking for this information Besides these items the client request also includes a vendor class identifier that allows...

Page 77: ...Network Time Protocol SNTP or Network Time Protocol NTP can be used to set the switch s internal clock based on periodic updates from a time server Maintaining an accurate time on the switch enables...

Page 78: ...command Console show calendar Current Time Apr 2 15 56 12 2013 Time Zone UTC 08 00 Summer Time SUMMER offset 60 minutes Apr 2 2013 00 00 to Jun 30 2013 00 00 Summer Time in Effect Yes Console Configu...

Page 79: ...tion key 45 md5 thisiskey45 Console config ntp authenticate Console config ntp server 192 168 3 20 Console config ntp server 192 168 3 21 Console config ntp server 192 168 5 23 key 19 Console config e...

Page 80: ...Chapter 1 Initial Switch Configuration Setting the System Clock 80...

Page 81: ...SNMP Commands on page 181 Remote Monitoring Commands on page 203 Authentication Commands on page 211 General Security Measures on page 255 Access Control Lists on page 335 Interface Commands on page...

Page 82: ...of Service Commands on page 527 Multicast Filtering Commands on page 581 LLDP Commands on page 653 CFM Commands on page 681 DHCP Commands on page 733 IP Interface Commands on page 741 VRRP Commands o...

Page 83: ...er name and password is entered the CLI displays the Console prompt and enters privileged access mode i e Privileged Exec But when the guest user name and password is entered the CLI displays the Cons...

Page 84: ...olated network then you can use any IP address that matches the network segment to which you are attached After you configure the switch with an IP address you can open a Telnet session by performing...

Page 85: ...For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that require parameters enter the required p...

Page 86: ...hernet Shows Metro Ethernet information ets 802 1Qaz configuration hardware Hardware ralated functions hash selection Hash selection lists history Shows history information hosts Host information inte...

Page 87: ...atchdog status web auth Shows web authentication configuration Console show The command show interfaces will display the following information Console show interfaces brief Brief interface description...

Page 88: ...rally display information on system status or clear statistical counters Configuration commands on the other hand modify interface parameters or enable certain switching functions These classes are fu...

Page 89: ...word privileged level password Console Configuration Commands Configuration commands are privileged level commands used to modify switch settings These commands modify the running configuration only a...

Page 90: ...ons such as Access Control Lists VLAN Configuration Includes the command to create VLAN groups To enter the Global Configuration mode enter the command configure in Privileged Exec mode The system pro...

Page 91: ...cy map Console config pmap 531 Route Map route map Console config route map 993 Router router bgp ipv6 ospf ospf pim pim6 rip Console config router 908 882 839 1022 1047 820 Time Range time range Cons...

Page 92: ...for command line processing Table 6 Keystroke Commands Keystroke Function Ctrl A Shifts cursor to start of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current tas...

Page 93: ...g DHCP requests and replies and discarding invalid ARP responses 255 Access Control List Provides filtering for IPv4 frames based on address protocol TCP UDP port number or TCP control code IPv6 frame...

Page 94: ...igures LLDP settings to enable information discovery about neighbor devices 653 Domain Name Service Configures DNS services 723 Dynamic Host Configuration Protocol Configures DHCP client relay and ser...

Page 95: ...at a specified time after a specified delay or at a periodic interval GC enable Activates privileged mode NE quit Exits a CLI session NE PE show history Shows the command history buffer NE PE configu...

Page 96: ...oad the switch hour The hour at which to reload Range 0 23 minute The minute at which to reload Range 0 59 month The month at which to reload january december day The day of the month at which to relo...

Page 97: ...02 10 43 2013 Are you sure to reboot the system at the specified time y n enable This command activates Privileged Exec mode In privileged mode additional commands are available and certain commands d...

Page 98: ...xec Command Usage The quit and exit commands can both exit the configuration program Example This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verifica...

Page 99: ...ory buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console 2 Console config Console config config...

Page 100: ...ed to the end of the prompt to indicate that the system is in normal access mode Example Console disable Console Related Commands enable 97 reload Privileged Exec This command restarts the system Note...

Page 101: ...ys 0 hours 29 minutes 52 seconds Console end This command returns to Privileged Exec mode Default Setting None Command Mode Global Configuration Interface Configuration Line Configuration VLAN Databas...

Page 102: ...Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session Console config exit Console exit Press ENTER to start session Use...

Page 103: ...figuration active managers and version information Fan Control Forces fans to full speed Frame Size Enables support for jumbo frames File Management Manages code image or switch configuration files Li...

Page 104: ...line prompt Example Console config hostname RD 1 Console config Banner Information These commands are used to configure and manage administrative information about the switch its exact data center lo...

Page 105: ...is not supported If for example a mistake is made in the company name it can be corrected with the banner configure company command banner configure department Configures the Department information th...

Page 106: ...or 2 Row 7 Rack 25 Electrical circuit ec 177743209 xb Number of LP 12 Position of the equipment in the MUX 1 23 IP LAN 192 168 1 1 Note This is a random note about this managed switch and can contain...

Page 107: ...rack electrical circuit floor id The floor number row id The row number rack id The rack number ec id The electrical circuit ID Maximum length of each parameter 32 characters Default Setting None Comm...

Page 108: ...on letter characters is suggested for situations where white space is necessary for clarity Example Console config banner configure department R D Console config banner configure equipment info This c...

Page 109: ...e equipment location This command is used to configure the equipment location information displayed in the banner Use the no form to restore the default setting Syntax banner configure equipment locat...

Page 110: ...her unobtrusive non letter characters is suggested for situations where white space is necessary for clarity Example Console config banner configure ip lan 192 168 1 1 255 255 255 0 Console config ban...

Page 111: ...ber The phone number of the first manager mgr2 name The name of the second manager mgr2 number The phone number of the second manager mgr3 name The name of the third manager mgr3 number The phone numb...

Page 112: ...usive non letter characters is suggested for situations where white space is necessary for clarity Example Console config banner configure mux telco 8734212kx_PVC 1 23 Console config banner configure...

Page 113: ...123 555 1212 Lamar 123 555 1219 Station s information 710_Network_Path _Indianapolis Edge Core ECS4660 28F Floor Row Rack Sub Rack 3 10 15 12 DC power supply Power Source A Floor Row Rack Electrical c...

Page 114: ...PE show running config Displays the configuration data currently in use PE show startup config Displays the contents of the configuration file stored in flash memory that is used to start up the syst...

Page 115: ...A6E IPv6 extended ACL DM MAC diffServ D4 IPv4 diffServ D6S IPv6 standard diffServ D6E IPv6 extended diffServ AEM Egress MAC ACL AE4 Egress IPv4 ACL AE6S Egress IPv6 standard ACL AE6E Egress IPv6 exte...

Page 116: ...IDylJNWPn65Lpv AtxzmEAAhPrXgHJk4P9 VcNnYGmJ6CB0X9jnWYox86W5RCB6p HbC7MFDY0gtUFmfNz16th DaWOi m2gAvc5Y mXS9l LZt 9Kcm4EfBi7Qxv2r0qayPu QN9LMqOAi0RFs48Rz752fCwnCWgUYtgzI9YnK Eq3lsWDC w7y2CDS vF 5IWGvr2x...

Page 117: ...his command shows the amount of memory currently free for use the amount of memory allocated to active processes the total amount of system memory and the alarm thresholds Example Console show memory...

Page 118: ...w startup config command to compare the information in running memory to the information stored in non volatile memory This command displays settings for key command modes Each mode group is separated...

Page 119: ...97a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database VLAN 1 name...

Page 120: ...encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address configured for management VLAN I...

Page 121: ...rees Temperature 3 38 degrees Temperature 4 31 degrees Temperature 5 31 degrees Temperature 6 29 degrees Temperature 7 29 degrees Temperature 8 36 degrees Temperature 9 36 degrees Main Power Status Up...

Page 122: ...ring 1 3 6 1 4 1 259 12 1 2 System Information System Up Time 0 days 2 hours 17 minutes and 6 23 seconds System Name NONE System Location NONE System Contact NONE MAC Address Unit1 00 12 CF 61 24 2F W...

Page 123: ...None steve 15 RSA Online Users Line User Name Idle time h m s Remote IP addr console admin 0 14 14 VTY 0 admin 0 00 00 192 168 1 19 SSH 1 steve 0 00 06 192 168 1 19 Web Online Users Line User Name Id...

Page 124: ...Mode Privileged Exec Table 15 show version display description Parameter Description Serial Number The serial number of the switch Hardware Version Hardware version of the main board EPLD Version Vers...

Page 125: ...speed force full Default Setting Normal speed Command Mode Global Configuration Example Console config fan speed force full Console config Frame Size This section describes commands used to configure...

Page 126: ...ture Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept the extended frame size And for half duplex connections all devic...

Page 127: ...age or a switch configuration to or from flash memory or an FTP TFTP server PE delete Deletes a file or code image PE dir Displays a list of files in flash memory PE umount usbdisk Prepares the USB me...

Page 128: ...OM config Configuration file opcode Run time operation code filename Name of configuration file or code image The colon is required Default Setting None Command Mode Global Configuration Command Usage...

Page 129: ...at adds the settings listed in the specified file to the running configuration file Keyword that allows you to copy to from a file ftp Keyword that allows you to copy to from an FTP server https certi...

Page 130: ...b Management Guide For information on configuring the switch to use HTTPS for a secure connection see the ip http secure server command When logging into an FTP server the interface prompts for a user...

Page 131: ...s Console This example shows how to copy a secure site certificate from an TFTP server It then reboots the switch to activate the certificate Console copy tftp https certificate TFTP server ip address...

Page 132: ...s command deletes a file or image Syntax delete file name filename file name System file in switch memory filename Name of configuration file or code image Default Setting None Command Mode Privileged...

Page 133: ...ut any parameters the system displays all files File information is shown below Example The following example shows how to display all file information Console dir File Name Type Startup Modified Time...

Page 134: ...grade procedures can be run during system bootup or from the CLI using the command options listed above The following procedure shows how to upgrade the switch runtime code from the ONIE loader backdo...

Page 135: ...bear ssh daemon done Starting telnetd done discover Rescue mode detected Installer disabled Please press Enter to activate this console To check the install status inspect var log onie log Try this ta...

Page 136: ...prepares the USB memory device to be safely removed from the switch Syntax umount usbdisk Default Setting None Command Mode Privileged Exec Command Usage Before disconnecting a USB memory device you...

Page 137: ...t Setting Disabled Command Mode Global Configuration Command Usage This command is used to enable or disable automatic upgrade of the operational code When the switch starts up and automatic image upg...

Page 138: ...cceeds Downloading new image Flash programming started Flash programming completed The switch will now restart upgrade opcode path This command specifies an TFTP server and directory in which the new...

Page 139: ...be used for the connection Example This shows how to specify a TFTP server where new code is stored Console config upgrade opcode path tftp 192 168 0 1 sm24 Console config This shows how to specify a...

Page 140: ...Commands ip tftp retry This command specifies the number of times the switch can retry transmitting a request to a TFTP server after waiting for the configured timeout period and receiving no response...

Page 141: ...o ip tftp timeout seconds The the time the switch can wait for a response from a TFTP server before retransmitting a request or timing out Range 1 65535 seconds Default Setting 5 seconds Command Mode...

Page 142: ...y hardware LC exec timeout Sets the interval that the command interpreter waits until user input is detected LC login Enables password checking at login LC parity Defines the generation of a parity bi...

Page 143: ...ommand sets the number of data bits per character that are interpreted and generated by the console port Use the no form to restore the default value Syntax databits 7 8 no databits 7 Seven data bits...

Page 144: ...interval the session is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command...

Page 145: ...ent interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 respectively no login selects no authentication When using this method the management...

Page 146: ...h 32 characters plain text or encrypted case sensitive Default Setting No password is specified Command Mode Line Configuration Command Usage When a connection is started on a line with password prote...

Page 147: ...allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three attempts Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the...

Page 148: ...nge 1 65535 where 0 means disabled Default Setting Disabled Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Console config line silent time 60 Console c...

Page 149: ...s the number of the stop bits transmitted per byte Use the no form to restore the default setting Syntax stopbits 1 2 no stopbits 1 One stop bit 2 Two stop bits Default Setting 1 stop bit Command Mode...

Page 150: ...ting Example To set the timeout to two minutes enter this command Console config line timeout login response 120 Console config line disconnect This command terminates an SSH Telnet or console connect...

Page 151: ...t Range 0 255 character Any valid keyboard character history The number of lines stored in the command buffer and recalled using the arrow keys Range 0 256 length The number of lines displayed on the...

Page 152: ...d Exec Example To show all lines enter this command Console show line Terminal Configuration for this session Length 24 Width 80 History Size 10 Escape Character ASCII number 27 Terminal Type VT100 Co...

Page 153: ...64 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to sort messages or to store messages in the corresponding database Example Consol...

Page 154: ...ash errors level 3 0 RAM debugging level 7 0 Command Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that spec...

Page 155: ...to build up a list of host IP addresses The maximum number of host IP addresses allowed is five Example Console config logging host 10 1 0 3 Console config logging on This command controls logging of...

Page 156: ...se the no form to disable remote logging Syntax logging trap level level no logging trap level level One of the syslog severity levels listed in the table on page 154 Messages sent include the selecte...

Page 157: ...Commands show log 157 show log This command displays the log messages stored in local memory Syntax show log flash ram flash Event history stored in flash memory i e permanent memory ram Event histor...

Page 158: ...splays settings for storing event messages in flash memory i e permanent memory ram Displays settings for storing event messages in temporary RAM i e memory flushed on power reset trap Displays settin...

Page 159: ...ry command History logging in RAM The message level s reported based on the logging history command Table 24 show logging trap display description Field Description Syslog logging Shows if system logg...

Page 160: ...ess ip address IPv4 or IPv6 address of an SMTP server that will be sent alert messages for event handling Default Setting None Command Mode Global Configuration Command Usage You can specify up to thr...

Page 161: ...ging sendmail level This command sets the severity threshold used to trigger alert messages Use the no form to restore the default setting Syntax logging sendmail level level no logging sendmail level...

Page 162: ...must enter a separate command to specify each recipient Example Console config logging sendmail destination email ted this company com Console config logging sendmail source email This command sets t...

Page 163: ...namically set by polling a set of specified time servers NTP or SNTP Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries If the clo...

Page 164: ...based on the interval set via the sntp poll command ntp client Enables the NTP client for time updates from specified servers GC ntp server Specifies NTP servers to poll for time updates GC show ntp...

Page 165: ...1 0 19 Current Server 137 92 140 80 Console Related Commands sntp server 166 sntp poll 165 show sntp 166 sntp poll This command sets the interval between sending time requests when the switch is set t...

Page 166: ...e servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchro...

Page 167: ...form to disable authentication Syntax no ntp authenticate Default Setting Disabled Command Mode Global Configuration Command Usage You can enable NTP authentication to ensure that reliable updates are...

Page 168: ...to 32 case sensitive printable ASCII characters no spaces Default Setting None Command Mode Global Configuration Command Usage The key number specifies a key value in the NTP authentication key list U...

Page 169: ...starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the ntp servers command It issues time synchro...

Page 170: ...ntp authenticate command you must also configure at least one key number using the ntp authentication key command Use the no form of this command without an argument to clear all configured servers in...

Page 171: ...me Name of the time zone while summer time is in effect usually an acronym Range 1 30 characters b date Day of the month when summer time will begin Range 1 31 b month The month when summer time will...

Page 172: ...sets the 2014 Summer Time ahead by 60 minutes on March 9th and returns to normal time on November 2nd Console config clock summer time DEST date march 9 2014 01 59 november 2 2014 01 59 60 Console co...

Page 173: ...the user to manually configure the start end and offset times of summer time daylight savings time for the switch on a recurring basis Use the no form to disable summer time Syntax clock summer time...

Page 174: ...ge 0 99 minutes Default Setting Disabled Command Mode Global Configuration Command Usage In some countries or regions clocks are adjusted through the summer months so that afternoons have more dayligh...

Page 175: ...s command sets the local time zone relative to the Coordinated Universal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corre...

Page 176: ...time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Example Console config clock timezone predefined GMT 0930 Taiohae Console config Related Comma...

Page 177: ...alendar Current Time Mar 12 02 53 58 2013 Time Zone UTC 00 00 Summer Time DEST offset 60 minutes Apr 1 2007 23 23 to Apr 23 2007 23 23 Summer Time in Effect No Console Time Range This section describe...

Page 178: ...A maximum of eight rules can be configured for a time range Example Console config time range r d Console config time range Related Commands Access Control Lists 335 absolute This command sets the tim...

Page 179: ...for the single occurrence of an event Console config time range r d Console config time range absolute start 1 1 1 april 2009 end 2 1 1 april 2009 Console config time range periodic This command sets...

Page 180: ...ent time is within the absolute time range and one of the periodic time ranges Example This example configures a time range for the periodic occurrence of an event Console config time range sales Cons...

Page 181: ...p server community Sets up the community access string to permit access to SNMP commands GC snmp server contact Sets the system contact string GC snmp server location Sets the system location string G...

Page 182: ...rrent Sends a trap when the transceiver current falls outside the specified thresholds IC Port transceiver threshold rx power Sends a trap when the power level of the received signal falls outside the...

Page 183: ...access to the SNMP protocol Maximum length 32 characters case sensitive Maximum number of strings 5 ro Specifies read only access Authorized management stations are only able to retrieve MIB objects...

Page 184: ...mand Mode Global Configuration Example Console config snmp server contact Paul Console config Related Commands snmp server location 184 snmp server location This command sets the system location strin...

Page 185: ...show snmp SNMP Agent Enabled SNMP Traps Authentication Enabled MAC notification Disabled MAC notification interval 1 second s SNMP Communities 1 public and the access level is read only 2 private and...

Page 186: ...ation Command Usage If you do not enter an snmp server enable traps command no notifications controlled by this command are sent In order to configure this device to send SNMP notifications you must e...

Page 187: ...3 seconds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like community str...

Page 188: ...ver note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider these effects when deciding...

Page 189: ...ble port traps mac notification This command enables the device to send SNMP traps i e SNMP notifications when a dynamic MAC address is added or removed Use the no form to restore the default setting...

Page 190: ...Trap Eth 1 1 No Eth 1 2 No Eth 1 3 No SNMPv3 Commands snmp server engine id This command configures an identification string for the SNMPv3 engine Use the no form to restore the default Syntax snmp s...

Page 191: ...proxy requests or informs to it Trailing zeroes need not be entered to uniquely specify a engine ID In other words the value 0123456789 is equivalent to 0123456789 followed by 16 zeroes for a local e...

Page 192: ...the Internet OID space 1 writeview Nothing is defined notifyview Nothing is defined Command Mode Global Configuration Command Usage A group sets the access policy for the assigned users When authenti...

Page 193: ...ip address The Internet address of the remote device v1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha Uses MD5 or SH...

Page 194: ...remote agent s SNMP engine ID is used to compute authentication privacy digests from the user s password If the remote engine ID is not first configured the snmp server user command specifying a remo...

Page 195: ...ver view mib 2 1 3 6 1 2 1 included Console config This view includes the MIB 2 interfaces table ifDescr The wild card is used to select all the index values in this table Console config snmp server v...

Page 196: ...none Notify View none Storage Type volatile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group...

Page 197: ...uthentication Protocol MD5 Privacy Protocol 3DES Storage Type Nonvolatile Row Status Active SNMP remote user Engine ID 1234567890 User Name bill Group Name rd Security Model v3 Security Level Authenti...

Page 198: ...gine ID String identifying the engine ID User Name Name of user connecting to the SNMP agent Group Name Name of an SNMP group Security Model Shows the SNMP version 1 2c or 3 Security Level Shows if au...

Page 199: ...ommand does not delete the entries stored in the notification log Example This example enables the notification log A1 Console config nlm A1 Console config snmp server notify filter This command creat...

Page 200: ...r command and nlm command and these commands stored in the startup configuration file Then when the switch reboots SNMP traps such as warm start can now be logged When this command is executed a notif...

Page 201: ...ed target hosts Console show snmp notify filter Filter profile name IP address A1 10 1 19 23 Console Additional Trap Commands memory This command sets an SNMP trap based on configured thresholds for m...

Page 202: ...ntax process cpu rising rising threshold falling falling threshold no process cpu rising falling rising threshold Rising threshold for CPU utilization alarm expressed in percentage Range 1 100 falling...

Page 203: ...vent and Alarm groups When RMON is enabled the system gradually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent then...

Page 204: ...e sampling period delta The last sample is subtracted from the current value and the difference is then compared to the thresholds threshold An alarm threshold for the sampled variable Range 0 2147483...

Page 205: ...vent for an alarm Use the no form to remove an event Syntax rmon event index log trap community description string owner name no rmon event index index Index to this entry Range 1 65535 log Generates...

Page 206: ...s number interval seconds interval seconds owner name buckets number interval seconds no rmon collection history controlEntry index index Index to this entry Range 1 65535 number The number of buckets...

Page 207: ...for port 8 Console config interface ethernet 1 5 Console config if rmon collection history controlEntry 15 Console config if end Console show running config interface ethernet 1 5 rmon collection his...

Page 208: ...Example Console config interface ethernet 1 1 Console config if rmon collection rmon1 controlEntry 1 owner mike Console config if show rmon alarms This command shows the settings for all configured a...

Page 209: ...agments and 0 jabbers packets 0 CRC alignment errors and 0 collisions of dropped packet events is 0 Network utilization is estimated at 0 show rmon statistics This command shows the information collec...

Page 210: ...Chapter 6 Remote Monitoring Commands 210...

Page 211: ...uence Defines logon authentication method and precedence RADIUS Client Configures settings for authentication via a RADIUS server TACACS Client Configures settings for authentication via a TACACS serv...

Page 212: ...7 0 means plain password 7 means encrypted password password Password for this privilege level Maximum length 32 characters plain text or encrypted case sensitive Default Setting The default is level...

Page 213: ...which is assigned privilege level 0 Normal Exec and has access to a limited number of commands and admin which is assigned privilege level 15 and has full access to all commands access level level Sp...

Page 214: ...ate users logging into the system for management access The commands in this section can be used to define the authentication method and sequence authentication enable This command defines the authent...

Page 215: ...verified first If the RADIUS server is not available then authentication is attempted on the TACACS server If the TACACS server is not available the local user name and password is checked Example Con...

Page 216: ...ated Commands username for setting the local user names and passwords 213 RADIUS Client Remote Authentication Dial in User Service RADIUS is a logon authentication protocol that uses software running...

Page 217: ...Range 1 65535 Default Setting 1813 Command Mode Global Configuration Example Console config radius server acct port 181 Console config radius server auth port This command sets the RADIUS server netw...

Page 218: ...dress IP address of server acct port RADIUS server UDP port used for accounting messages Range 1 65535 auth port RADIUS server UDP port used for authentication messages Range 1 65535 key Encryption ke...

Page 219: ...ngth 48 characters Default Setting None Command Mode Global Configuration Example Console config radius server key green Console config radius server retransmit This command sets the number of retries...

Page 220: ...e 1 65535 Default Setting 5 Command Mode Global Configuration Example Console config radius server timeout 10 Console config show radius server This command displays the current settings for the RADIU...

Page 221: ...cs server index index The index for this server Range 1 host ip address IP address of a TACACS server key Encryption key used to authenticate logon access for the client Enclose any string containing...

Page 222: ...acs server key key string no tacacs server key key string Encryption key used to authenticate logon access for the client Enclose any string containing blank spaces in double quotes Maximum length 48...

Page 223: ...he switch will try to authenticate logon access via the TACACS server Range 1 30 Default Setting 2 Command Mode Global Configuration Example Console config tacacs server retransmit 5 Console config ta...

Page 224: ...erver IP Address 10 11 12 13 Server Port Number 49 Retransmit Times 2 Timeout 4 TACACS Server Group Group Name Member Index tacacs 1 Console Web Server This section describes commands used to configur...

Page 225: ...er no ip http port port number The TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Example Console config ip http port 769 Console confi...

Page 226: ...Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must speci...

Page 227: ...lient and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 11 Mozilla Firefox 40 or Google Chrome 45 or more recent versions The foll...

Page 228: ...ip telnet max sessions session count The maximum number of allowed Telnet session Range 0 8 Default Setting 8 sessions Command Mode Global Configuration Command Usage A maximum of eight sessions can b...

Page 229: ...Default Setting 23 Command Mode Global Configuration Example Console config ip telnet port 123 Console config ip telnet server This command allows this device to be monitored or configured from Telne...

Page 230: ...GC ip ssh server key size Sets the SSH server key size GC ip ssh timeout Specifies the authentication timeout for the SSH server GC copy tftp public key Copies the user s public key from a TFTP server...

Page 231: ...0 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 108259132128902337654680172627257141342876294130119619556678259566410486...

Page 232: ...andom 256 bit string as a challenge encrypts this string with the user s public key and sends it to the client d The client uses its private key to decrypt the challenge string computes the MD5 checks...

Page 233: ...he number of authentication attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Command Mode Global Configuration Example Console config ip ssh authentication retires 2 C...

Page 234: ...config ip ssh server Console config Related Commands ip ssh crypto host key generate 236 show ssh 239 ip ssh server key size This command sets the SSH server key size Use the no form to restore the d...

Page 235: ...switch will wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty...

Page 236: ...1 5 clients and DSA Version 2 for SSHv2 clients This command stores the host key pair in memory i e RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client p...

Page 237: ...mory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Console ip ssh crypto zeroize dsa C...

Page 238: ...eged Exec Command Usage If no parameters are entered all keys are displayed If the user keyword is entered but no user name is specified then the public keys for all users are displayed When an RSA ke...

Page 239: ...7s6TLdtny1wRq ow2eTCD5nekAAACBAJ8rMccXTxHLFAczWS7EjOy DbsloBfPuSAb4oAsyjKXKVYNLQkTLZfcFRu41bS2KV5LAwecsigF DjKGWtPNIQqabKgYCw2 o dVzX4Gg yqdTlYmGA7fHGm8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3kk475S7...

Page 240: ...h sends an EAP request identity frame to the client before restarting the authentication process IC dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity p...

Page 241: ...en dot1x is globally disabled Use the no form to restore the default Syntax no dot1x eapol pass through Default Setting Discards all EAPOL frames when dot1x is globally disabled Command Mode Global Co...

Page 242: ...ce is functioning as an edge switch but does not require any attached clients to be authenticated the no dot1x eapol pass through command can be used to discard unnecessary EAPOL traffic Example This...

Page 243: ...N assignment to be successful the VLAN must be configured and set as active see the vlan database command and assigned as the guest VLAN for the port see the network access guest vlan command A port c...

Page 244: ...ce Configuration Example Console config interface eth 1 2 Console config if dot1x max req 2 Console config if dot1x operation mode This command allows hosts clients to connect to an 802 1X authorized...

Page 245: ...port needs to pass authentication The number of hosts allowed access to a port operating in this mode is limited only by the available space in the secure address table i e up to 1024 addresses Examp...

Page 246: ...connected the network and the process is handled transparently by the dot1x client software Only if re authentication fails is the port blocked The connected client is re authenticated after the inte...

Page 247: ...re authperiod seconds no dot1x timeout re authperiod seconds The number of seconds Range 1 65535 Default 3600 seconds Command Mode Interface Configuration Example Console config interface eth 1 2 Cons...

Page 248: ...nd other EAP request frames to the client during an active connection as required for reauthentication Example Console config interface eth 1 2 Console config if dot1x timeout supp timeout 300 Console...

Page 249: ...rd on the RADIUS server During re authentication the client remains connected the network and the process is handled transparently by the dot1x client software Only if re authentication fails is the p...

Page 250: ...efore attempting to acquire a new client page 246 TX Period Time a port waits during authentication session before re transmitting EAP packet page 248 Supplicant Timeout Supplicant timeout Server Time...

Page 251: ...hrough Disabled 802 1X Port Summary Port Type Operation Mode Control Mode Authorized Eth 1 1 Disabled Single Host Force Authorized Yes Eth 1 2 Disabled Single Host Force Authorized Yes Eth 1 51 Disabl...

Page 252: ...o restore the default setting Syntax no management all client http client snmp client telnet client start address end address all client Adds IP address es to all groups http client Adds IP address es...

Page 253: ...ng addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and re enter the add...

Page 254: ...Filter HTTP Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 SNMP Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 16...

Page 255: ...rames based on MAC address or Ethernet type DHCPv4 Snooping Filters untrusted DHCPv4 messages on unsecure ports by building and maintaining a DHCPv4 snooping binding table DHCPv6 Snooping Filters untr...

Page 256: ...take action by disabling the port and sending a trap message mac learning This command enables MAC address learning on the selected interface Use the no form to disable MAC address learning Syntax no...

Page 257: ...config if no mac learning Console config if Related Commands show interfaces status 376 port security This command enables or configures port security Use the no form without any keywords to disable p...

Page 258: ...ed on the port The specified maximum address count is effective when port security is enabled or disabled Note that you can manually add additional secure addresses to a port using the mac address tab...

Page 259: ...ow port security interface interface interface Specifies a port interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 Command Mode Privileged Exec Example This examp...

Page 260: ...2 Port Security Enabled Port Status Secure Up Intrusion Action None Max MAC Count 0 Current MAC Count 0 MAC Filter ID Disabled Last Intrusion MAC NA Last Time Detected Intrusion MAC NA Console This e...

Page 261: ...y of service feature IC network access dynamic vlan Enables dynamic VLAN assignment from a RADIUS server IC network access guest vlan Specifies the guest VLAN IC network access link detection Enables...

Page 262: ...able aging time command This parameter applies to authenticated MAC addresses configured by the MAC Address Authentication process described in this section as well as to any secure MAC addresses auth...

Page 263: ...is different from configuring static addresses with the mac address table static command in that it allows you configure a range of addresses when using a mask and then to assign these addresses to on...

Page 264: ...work access dynamic qos Default Setting Disabled Command Mode Interface Configuration Command Usage The RADIUS server may optionally return dynamic QoS assignments to be applied to a switch port for a...

Page 265: ...access dynamic qos Console config if network access dynamic vlan Use this command to enable dynamic VLAN assignment for an authenticated port Use the no form to disable dynamic VLAN assignment Syntax...

Page 266: ...ation is rejected Use the no form of this command to disable guest VLAN assignment Syntax network access guest vlan vlan id no network access guest vlan vlan id VLAN ID Range 1 4094 Default Setting Di...

Page 267: ...ink down Use this command to detect link down events When detected the switch can shut down the port send an SNMP trap or both Use the no form of this command to disable this feature Syntax network ac...

Page 268: ...Setting Disabled Command Mode Interface Configuration Example Console config interface ethernet 1 1 Console config if network access link detection link up action trap Console config if network acces...

Page 269: ...uthenticated IEEE 802 1X and MAC addresses allowed Range 0 1024 0 for unlimited Default Setting 1024 Command Mode Interface Configuration Command Usage The maximum number of MAC addresses per port is...

Page 270: ...port security cannot be configured together on the same port Only one security mechanism can be applied MAC authentication cannot be configured on trunks i e static nor dynamic When port status chang...

Page 271: ...Use the no form of this command to restore the default Syntax mac authentication intrusion action block traffic pass traffic no mac authentication intrusion action Default Setting Block Traffic Comman...

Page 272: ...ies dynamic Specifies dynamic address entries mac address Specifies a MAC address entry Format xx xx xx xx xx xx interface Specifies a port interface ethernet unit port unit Unit identifier Range 1 po...

Page 273: ...VLAN Disabled Link Detection Disabled Detection Mode Link down Detection Action Trap Console show network access mac address table Use this command to display secure MAC address table entries Syntax s...

Page 274: ...20s Dynamic Console show network access mac filter Use this command to display information for entries in the MAC filter tables Syntax show network access mac filter filter id filter id Specifies a MA...

Page 275: ...ge 1 3 Default Setting 3 login attempts Table 53 Web Authentication Command Function Mode web auth login attempts Defines the limit for failed web authentication login attempts GC web auth quiet perio...

Page 276: ...t wait before attempting authentication again Range 1 180 seconds Default Setting 60 seconds Command Mode Global Configuration Example Console config web auth quiet period 120 Console config web auth...

Page 277: ...Configuration Command Usage Both web auth system auth control for the switch and web auth for an interface must be enabled for the web authentication feature to be active Example Console config web a...

Page 278: ...tifier Range 1 port Port number Range 1 32 54 Default Setting None Command Mode Privileged Exec Example Console web auth re authenticate interface ethernet 1 2 Console web auth re authenticate IP This...

Page 279: ...eout 3600 Quiet Period 60 Max Login Attempts 3 Console show web auth interface This command displays interface specific web authentication parameters and statistics Syntax show web auth interface inte...

Page 280: ...on option Enables or disables the use of DHCP Option 82 information and specifies frame format for the remote id GC ipdhcpsnoopinginformation option encode no subtype Disables use of sub type and sub...

Page 281: ...d When enabled DHCP messages entering an untrusted interface are filtered based upon dynamic entries learned via DHCP snooping Table entries are only learned for trusted interfaces Each entry includes...

Page 282: ...d by the ip dhcp snooping verify mac address command However if MAC address verification is enabled then the packet will only be forwarded if the client s hardware address stored in the DHCP packet is...

Page 283: ...id ip address encode ascii hex mac address encode ascii hex string string no ip dhcp snooping information option encode no subtype remote id ip address encode mac address encode encode no subtype Dis...

Page 284: ...tion in incoming DHCP packets but not relay them Packets are processed as follows If an incoming packet is a DHCP request packet with option 82 information it will modify the option 82 information acc...

Page 285: ...x ip dhcp snooping information option remote id ip address encode ascii hex mac address encode ascii hex string no ip dhcp snooping information option remote id ip address encode mac address encode ma...

Page 286: ...ess when DHCP snooping is enabled and forwards the packets to trusted ports Default Setting replace Command Mode Global Configuration Command Usage When the switch receives DHCP packets from clients t...

Page 287: ...ss in the Ethernet header Use the no form to disable this function Syntax no ip dhcp verify mac address Default Setting Enabled Command Mode Global Configuration Command Usage If MAC address verificat...

Page 288: ...d DHCP snooping can still be configured for specific VLANs but the changes will not take effect until DHCP snooping is globally re enabled When DHCP snooping is globally enabled and then disabled on a...

Page 289: ...ng The R 124 string includes the following information sub type Distinguishes different types of circuit IDs sub length Length of the circuit ID type access node identifier ASCII string Default is the...

Page 290: ...twork or fire wall Set all ports connected to DHCP servers within the local network or fire wall to trusted and all other ports outside the local network or fire wall to untrusted When DHCP snooping i...

Page 291: ...e clear ip dhcp snooping binding 11 22 33 44 55 66 vlan 1 Console clear ip dhcp snooping database flash This command removes all dynamically learned snooping entries from flash memory Command Mode Pri...

Page 292: ...emote ID MAC Address hex encoded DHCP Snooping Information Policy replace DHCP Snooping is configured on the following VLANs 1 Verify Source Mac Address enabled DHCP Snooping rate limit unlimited Inte...

Page 293: ...ode ipv6 dhcp snooping Enables DHCPv6 snooping globally GC ipv6 dhcp snooping option remote id Enables insertion of DHCPv6 Option 37 relay agent remote id GC ipv6 dhcp snooping option remote id policy...

Page 294: ...If DHCPv6 snooping is enabled globally and also enabled on the VLAN where the DHCPv6 packet is received DHCPv6 packets are forwarded for a trusted port as described below If DHCPv6 snooping is enable...

Page 295: ...to binding table update lease time and forward to original destination Otherwise remove binding entry and check failed If a DHCPv6 Relay packet is received check the relay message option in Relay Forw...

Page 296: ...ts DHCPv6 clients to the DHCPv6 server Known as DHCPv6 Option 37 it allows compatible DHCPv6 servers to use the information when assigning IP addresses or to set other services or policies for clients...

Page 297: ...option remote id Console config ipv6 dhcp snooping option remote id policy This command sets the remote id option policy for DHCPv6 client packets that include Option 37 information Use the no form to...

Page 298: ...fault Setting Disabled Command Mode Global Configuration Command Usage When DHCPv6 snooping enabled globally using the ipv6 dhcp snooping command and enabled on a VLAN with this command DHCPv6 packet...

Page 299: ...ommand configures the specified interface as trusted Use the no form to restore the default setting Syntax no ipv6 dhcp snooping trust Default Setting All interfaces are untrusted Command Mode Interfa...

Page 300: ...e config if Related Commands ipv6 dhcp snooping 293 ipv6 dhcp snooping vlan 298 clear ipv6 dhcp snooping binding This command clears DHCPv6 snooping binding table entries from RAM Use this command wit...

Page 301: ...l DHCPv6 Snooping status disabled DHCPv6 Snooping remote id option status disabled DHCPv6 Snooping remote id policy drop DHCPv6 Snooping is configured on the following VLANs 1 Interface Trusted Max bi...

Page 302: ...d on manually configured entries in the IPv4 Source Guard table or dynamic entries in the DHCPv4 Snooping table when enabled see DHCPv4 Snooping on page 280 IPv4 source guard can be used to prevent tr...

Page 303: ...p address A valid unicast IP address including classful types A B or C unit Unit identifier Range 1 port list Physical port number or list of port numbers Separate nonconsecutive port numbers with a c...

Page 304: ...s and the type of the entry is dynamic DHCP snooping binding then the new entry will replace the old one and the entry type will be changed to static IP source guard binding Note that a static IP sour...

Page 305: ...nst all entries in the binding table Use the sip mac option to check these same parameters plus the source MAC address Use the no ip source guard command to disable this function on the selected port...

Page 306: ...raffic on that port except for DHCP packets Only unicast addresses are accepted for static bindings Example This example enables IP source guard on port 5 Console config interface ethernet 1 5 Console...

Page 307: ...the number of MAC addresses learned per port Authenticated IP traffic with different source MAC addresses cannot be learned if it would exceed this maximum number Example This example sets the maximu...

Page 308: ...d This command clears source guard binding table entries from RAM Syntax clear ip source guard binding blocked Command Mode Privileged Exec Command Usage When IP Source Guard detects an invalid packet...

Page 309: ...p snooping Shows dynamic entries configured with DHCP Snooping commands see page 280 static Shows static entries configured with the ip source guard binding command see page 303 acl Shows static entri...

Page 310: ...terface no ipv6 source guard binding mac address vlan vlan id mac address A valid unicast MAC address vlan id ID of a configured VLAN Range 1 4094 ipv6 address Corresponding IPv6 address This address...

Page 311: ...with same MAC address and a different VLAN ID cannot be added to the binding table Static bindings are processed as follows If there is no entry with same and MAC address and IPv6 address a new entry...

Page 312: ...erface the switch initially blocks all IPv6 traffic received on that interface except for ND packets allowed by ND snooping and DHCPv6 packets allowed by DHCPv6 snooping A port access control list ACL...

Page 313: ...which IPv6 source bindings dynamically learned via ND snooping or DHCPv6 snooping or manually configured are not yet configured the switch will drop all IPv6 traffic on that port except for ND packet...

Page 314: ...l be added to the IPv6 source guard binding table If IPv6 source guard is enabled on a port and the maximum number of allowed bindings is changed to a lower value precedence is given to deleting entri...

Page 315: ...in the IPv6 Source Guard table or dynamic entries in the Neighbor Discovery Snooping table or DHCPv6 Snooping table when either snooping protocol is enabled see DHCPv6 Snooping on page 293 IPv6 source...

Page 316: ...ndefined fields interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 Default Setting No configured entries Command Mode Global Configuration Command Usage Table ent...

Page 317: ...nly unicast addresses are accepted for static bindings Example This example configures a static source guard binding on port 5 Console config ipv6 source guard binding 00 ab 11 cd 23 45 vlan 1 2001 1...

Page 318: ...are automatically configured with an infinite lease time Dynamic entries learned via DHCPv6 snooping are configured by the DHCPv6 server itself If IPv6 source guard is enabled an inbound packet s sou...

Page 319: ...ress entries that can be mapped to an interface in the binding table including both dynamic entries discovered by ND snooping DHCPv6 snooping and static entries set by the ipv6 source guard command IP...

Page 320: ...led or disabled on each interface and the maximum allowed bindings Command Mode Privileged Exec Example Console show ipv6 source guard Interface Filter type Max binding Eth 1 1 DISABLED 5 Eth 1 2 DISA...

Page 321: ...h statically configured IP addresses This section describes commands used to configure ARP Inspection Table 60 ARP Inspection Commands Command Function Mode ip arp inspection Enables ARP Inspection gl...

Page 322: ...luding those where ARP Inspection is enabled When ARP Inspection is disabled all ARP request and reply packets bypass the ARP Inspection engine and their manner of switching matches that of all other...

Page 323: ...d ACL address bindings in the DHCP snooping database is not checked Default Setting ARP ACLs are not bound to any VLAN Static mode is not enabled Command Mode Global Configuration Command Usage ARP AC...

Page 324: ...By default logging is active for ARP Inspection and cannot be disabled When the switch drops a packet it places an entry in the log buffer Each entry contains flow information such as the receiving VL...

Page 325: ...es are checked in all ARP requests and responses while target IP addresses are checked only in ARP responses allow zeros Allows sender IP address to be 0 0 0 0 src mac Checks the source MAC address in...

Page 326: ...enabled When ARP Inspection is disabled all ARP request and reply packets bypass the ARP Inspection engine and their manner of switching matches that of all other packets Disabling and then re enabli...

Page 327: ...ig if ip arp inspection limit rate 150 Console config if ip arp inspection trust This command sets a port as trusted and thus exempted from ARP Inspection Use the no form to restore the default settin...

Page 328: ...Interval 10 s Log Message Number 1 Need Additional Validation s Yes Additional Validation Type Destination MAC address Console show ip arp inspection interface This command shows the trust status and...

Page 329: ...statistics ARP packets received 150 ARP packets dropped due to rate limt 5 Total ARP packets processed by ARP Inspection 150 ARP packets dropped by additional validation source MAC address 0 ARP pack...

Page 330: ...er clients or to forward traffic through the uplink ports used by other clients allowing different clients to share access to their uplink ports where security is less likely to be compromised traffic...

Page 331: ...l Enter the traffic segmentation command without any parameters to enable traffic segmentation Then set the interface members for segmented groups using the traffic segmentation uplink downlink comman...

Page 332: ...e interfaces to normal operating mode Example Console config traffic segmentation session 1 Console config traffic segmentation uplink downlink This command configures the uplink and down link ports f...

Page 333: ...s If a downlink port is not configured for the session the assigned uplink ports will operate as normal ports Example This example enables traffic segmentation and then sets port 10 as the uplink and...

Page 334: ...sole config traffic segmentation uplink to uplink forwarding Console config show traffic segmentation This command displays the configured traffic segments Command Mode Privileged Exec Example Console...

Page 335: ...Command Group Function IPv4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code IPv6 ACLs Configures ACLs based on IPv6 addresses MAC ACLs Configures A...

Page 336: ...IP address and other more specific criteria acl name Name of the ACL Maximum length 32 characters Default Setting None Command Mode Global Configuration Command Usage When you create a new ACL or ent...

Page 337: ...t Setting None Command Mode Standard IPv4 ACL Command Usage New rules are appended to the end of the list Address bit masks are similar to a subnet mask containing four integers from 0 to 255 each sep...

Page 338: ...ort dport port bitmask permit deny tcp any source address bitmask host source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port sport bitmask destina...

Page 339: ...to indicate ignore The bit mask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned You...

Page 340: ...onfig ext acl This permits all TCP packets from class C addresses 192 168 1 0 with the TCP control code set to SYN Console config ext acl permit tcp 192 168 1 0 255 255 255 0 any control flag 2 2 Cons...

Page 341: ...ccess list 341 Time Range 177 show ip access group This command shows the ports assigned to IP ACLs Command Mode Privileged Exec Example Console show ip access group Interface ethernet 1 2 IP access l...

Page 342: ...pecified ACL Syntax no access list ipv6 standard extended acl name standard Specifies an ACL that filters packets based on the source IP address extended Specifies an ACL that filters packets based on...

Page 343: ...rd IPv6 ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule Syntax permit deny any host source ipv6 address source ipv6 address prefix...

Page 344: ...form to remove a rule Syntax permit deny any host destination ipv6 address destination ipv6 address prefix length time range time range name no permit deny any host destination ipv6 address destinati...

Page 345: ...m to remove the port Syntax ipv6 access group acl name in out time range time range name counter no ipv6 access group acl name in out acl name Name of the ACL Maximum length 16 characters in Indicates...

Page 346: ...p Interface ethernet 1 2 IPv6 standard access list david in Console Related Commands ipv6 access group 345 show ipv6 access list This command displays the rules for configured IPv6 ACLs Syntax show ip...

Page 347: ...rm to remove the specified ACL Syntax no access list mac acl name acl name Name of the ACL Maximum length 16 characters Default Setting None Command Mode Global Configuration Command Usage When you cr...

Page 348: ...ol protocol bitmask time range time range name no permit deny any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask ethertype protocol protocol bi...

Page 349: ...ntagged 802 3 any host source source address bitmask any host destination destination address bitmask tagged eth2 Tagged Ethernet II packets untagged eth2 Untagged Ethernet II packets tagged 802 3 Tag...

Page 350: ...host 00 e0 29 94 34 de ethertype 0800 Console config mac acl Related Commands access list mac 347 Time Range 177 mac access group This command binds a MAC ACL to a port Use the no form to remove the...

Page 351: ...command shows the ports assigned to MAC ACLs Command Mode Privileged Exec Example Console show mac access group Interface ethernet 1 5 MAC access list M5 in Console Related Commands mac access group 3...

Page 352: ...de Global Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an A...

Page 353: ...ss bitmask log no permit deny response ip any host source ip source ip ip address bitmask any host destination ip destination ip ip address bitmask mac any host source mac source mac mac address bitma...

Page 354: ...cess list arp acl name acl name Name of the ACL Maximum length 32 characters Command Mode Privileged Exec Example Console show access list arp ARP access list factory permit response ip any 192 168 0...

Page 355: ...face name acl name in Clears counter for ingress rules out Clears counter for egress rules interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 acl name Name of the...

Page 356: ...s rules for Extended IPv4 ACLs ip standard Shows ingress rules for Standard IPv4 ACLs ipv6 extended Shows ingress rules for Extended IPv6 ACLs ipv6 standard Shows ingress rules for Standard IPv6 ACLs...

Page 357: ...ter 9 Access Control Lists ACL Information 357 MAC access list jerry permit any host 00 30 29 94 34 de ethertype 800 800 IP extended access list A6 deny tcp any any control flag 2 2 permit any any Con...

Page 358: ...Chapter 9 Access Control Lists ACL Information 358...

Page 359: ...s port settings for 40G operation PE show hardware profile portmode Displays the configuration settings for 40G operation PE show interfaces brief Displays a summary of key information including opera...

Page 360: ...lds for the transceiver power level of the received signal which can be used to trigger an alarm or warning message IC transceiver threshold temperature Sets thresholds for the transceiver temperature...

Page 361: ...figures an alias name for the interface Use the no form to remove the alias name Syntax alias string no alias string A mnemonic name to help you remember what is attached to this interface Range 1 64...

Page 362: ...e in this object is the name of the manufacturer and the product name Example The following example adds a description to port 4 Console config interface ethernet 1 4 Console config if description RD...

Page 363: ...the no form to remove a named entry from the sampling table Syntax history name interval buckets no history name name A symbolic name for this entry in the sampling table Range 1 32 characters interva...

Page 364: ...rface Configuration Ethernet Example This forces the switch to use the built in SFP slot for port 25 Console config interface ethernet 1 51 Console config if media type sfp forced 1000sfp Console conf...

Page 365: ...is command to specify the required size of the MTU The comparison of packet size against the configured port MTU considers only the incoming packet size and is not affected by the fact that an ingress...

Page 366: ...6 Console config if Related Commands jumbo frame 126 show interfaces status 376 clear counters This command clears statistics on an interface Syntax clear counters interface interface ethernet unit po...

Page 367: ...ault Setting AS6700 32X 1x40g AS6700 54X The example under the show hardware profile portmode command shows the default settings for this switch Command Mode Privileged Exec Command Usage 40G ports ca...

Page 368: ...1 69 72 1x40g 1 11 1 73 76 1x40g 1 12 1 77 80 1x40g 1 13 1 81 84 1x40g 1 14 1 85 88 1x40g 1 15 1 89 92 1x40g 1 16 1 93 96 1x40g 1 17 1 97 100 1x40g 1 18 1 101 104 1x40g 1 19 1 105 108 1x40g 1 20 1 109...

Page 369: ...ne Eth 1 2 Up 1 0 1000full 1000BASE SFP None Eth 1 3 Down 1 0 10Gfull 10GBASE SFP None show interfaces counters This command displays interface statistics Syntax show interfaces counters interface int...

Page 370: ...rrors 0 Pause Frames Input 0 Pause Frames Output RMON Stats 0 Drop Events 16900558 Octets 40243 Packets 170 Broadcast PKTS 23 Multi cast PKTS 0 Undersize PKTS 0 Oversize PKTS 0 Fragments 0 Jabbers 0 C...

Page 371: ...b layer to a higher sub layer which were addressed to a multicast address at this sub layer Multicast Output The total number of packets that higher level protocols requested be transmitted and which...

Page 372: ...ull duplex mode at 1000 Mb s the number of times the receiving media is non idle a carrier event for a period of time equal to or greater than minFrameSize and during which there was at least one occu...

Page 373: ...ceived and transmitted that were less than 64 octets in length excluding framing bits but including FCS octets 65 127 Octets 128 255 Octets 256 511 Octets 512 1023 Octets 1024 1518 Octets 1519 1536 Oc...

Page 374: ...e Eth 1 1 Name 15min Interval 900 second s Buckets Requested 96 Buckets Granted 7 Status Active Current Entries Start Time Octets Input Unicast Multicast Broadcast 00d 01 45 01 0 00 105421 688 30 8 Di...

Page 375: ...ts Output Unicast Multicast Broadcast 0 00 48334 54 19 0 Discards Errors 0 0 Previous Entries Start Time Octets Input Unicast Multicast Broadcast 00d 00 05 37 1400912 9381 1895 50 00d 00 06 37 1566090...

Page 376: ...d information on all interfaces is displayed Example Console show interfaces status ethernet 1 1 Information of Eth 1 1 Basic Information Port Type 1000Base SFP MAC Address 00 00 0C 00 00 FE Configura...

Page 377: ...nge 1 32 54 port channel channel id Range 1 16 27 Default Setting Shows all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces...

Page 378: ...old level page 421 Multicast Threshold Shows if multicast storm suppression is enabled or disabled if enabled it also shows the threshold level page 421 Unknown Unicast Threshold Shows if unknown unic...

Page 379: ...w alarm low warning threshold value high alarm Sets the high current threshold for an alarm message high warning Sets the high current threshold for a warning message low alarm Sets the low current th...

Page 380: ...mmand are sent to any management station configured by the snmp server host command Example The following example sets alarm thresholds for the transceiver current at port 1 Console config interface e...

Page 381: ...threshold rx power low alarm 21 Console config if transceiver threshold rx power high alarm 3 Console transceiver threshold temperature This command sets thresholds for the transceiver temperature whi...

Page 382: ...ransmitted signal which can be used to trigger an alarm or warning message Syntax transceiver threshold tx power high alarm high warning low alarm low warning threshold value high alarm Sets the high...

Page 383: ...alarm high warning low alarm low warning threshold value high alarm Sets the high voltage threshold for an alarm message high warning Sets the high voltage threshold for a warning message low alarm S...

Page 384: ...ch can display diagnostic information for SFP modules which support the SFF 8472 Specification for Diagnostic Monitoring Interface for Optical Transceivers This information allows administrators to re...

Page 385: ...dBm 21 50 21 00 3 50 3 00 Console The following example shows information for a 40G transceiver Console show interfaces transceiver ethernet 1 54 Information of Eth 1 54 Connector Type No Separable Co...

Page 386: ...iagnose problems with optical devices This feature referred to as Digital Diagnostic Monitoring DDM in the command display provides information on transceiver parameters including temperature supply v...

Page 387: ...es it possible to check that an interface is working properly without having to make any network connections When performing an internal loopback test packets from the specified interface are looped b...

Page 388: ...Chapter 10 Interface Commands Cable Diagnostics 388 Example Console show loop internal interface ethernet 1 1 Port Test Result Last Update Eth 1 1 Succeeded 2013 04 15 15 26 56 Console...

Page 389: ...ion mode for the trunk GC port channel load balance Sets the load distribution method among ports in aggregated links GC channel group Adds a port to a trunk IC Ethernet Dynamic Configuration Commands...

Page 390: ...deleted from a VLAN via the specified port channel STP VLAN and IGMP settings can only be made for the entire trunk via the specified port channel Dynamically Creating a Port Channel Ports assigned to...

Page 391: ...nd dynamic trunks on the switch To ensure that the switch traffic load is distributed evenly across all links in a trunk select the source and destination addresses used in the load balance calculatio...

Page 392: ...ived from many different hosts src mac All traffic with the same source MAC address is output on the same link in a trunk This mode works best for switch to switch trunk links where traffic through th...

Page 393: ...orm to disable it Syntax no lacp Default Setting Disabled Command Mode Interface Configuration Ethernet Command Usage The ports on both ends of an LACP trunk must be configured for full duplex either...

Page 394: ...t 262143 Kbits second Unknown Unicast Storm Disabled Unknown Unicast Storm Limit 262143 Kbits second Flow Control Disabled VLAN Trunking Disabled MAC Learning Enabled MTU 1518 Current status Created B...

Page 395: ...in use on that side Configuring LACP settings for the partner only applies to its administrative state not its operational state Note Configuring the partner admin key does not affect remote or local...

Page 396: ...P operational settings are already in use on that side Configuring LACP settings for the partner only applies to its administrative state not its operational state and will only take effect the next t...

Page 397: ...x lacp admin key key no lacp admin key key The port channel admin key is used to identify a specific link aggregation group LAG during local LACP setup on this switch Range 0 65535 Default Setting 0 C...

Page 398: ...nsmitted LACPDUs When the partner switch receives an LACPDU set with a short timeout from the actor switch the partner adjusts the transmit LACPDU interval to 1 second When it receives an LACPDU set w...

Page 399: ...Mode Privileged Exec Example Console show lacp 1 counters Port Channel 1 Member Port Eth 1 1 LACPDU Sent 63 LACPDU Received 62 MarkerPDU Sent 0 MarkerPDU Received 0 MarkerResponsePDU Sent 0 MarkerResp...

Page 400: ...the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly form...

Page 401: ...xpired state Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames...

Page 402: ...system ID assigned by the LACP protocol Partner Admin Port ID Current administrative value of the port priority and the port number for the protocol partner Partner Oper Port ID Operational port prio...

Page 403: ...pear as an ordinary link aggregation group LAG The cooperating switches are MLAG peer switches and communicate through an interface called a peer link While the peer link s primary purpose is exchangi...

Page 404: ...ic segmentation up link down link port cannot be configured on an MLAG member or peer link All actions which cause a port to become nonexistent such as deleting a trunk port adding a port to a trunk o...

Page 405: ...a pair of MLAG devices in the same MLAG domain See Figure 1 The peer link can be a normal port or a static trunk The peer link may be a normal port or a static trunk MAC learning is automatically dis...

Page 406: ...al port or a static trunk An MLAG member is active if the MLAG ID is set and the associated MLAG domain is active An MLAG member is active if the MLAG ID is set and the associated MLAG domain is activ...

Page 407: ...are synced through the peer link for the MLAG will be removed automatically Example Console config mlag group 1 domain 1 member ethernet 1 1 Console config show mlag This command shows MLAG configura...

Page 408: ...Chapter 11 Link Aggregation Commands MLAG Commands 408 Example Console show mlag domain 1 Peer Link Eth 1 1 MLAG List 10 20 33 35 Console...

Page 409: ...x tx both no port monitor interface interface ethernet unit port source port unit Unit identifier Range 1 port Port number Range 1 32 54 rx Mirror received packets tx Mirror transmitted packets both M...

Page 410: ...nitor command to specify the source of the traffic to mirror Note that the destination port cannot be a trunk or trunk member port When mirroring traffic from a port the mirror port and monitor port s...

Page 411: ...rt Eth1 5 Source Port monitored port Eth1 6 Mode RX TX Console RSPAN Mirroring Commands Remote Switched Port Analyzer RSPAN allows you to mirror traffic from remote switches for analysis on a local de...

Page 412: ...source destination or uplink Also note that the source port and destination port cannot be configured on the same switch Local Remote Mirror The destination of a local mirror session created with the...

Page 413: ...Range 1 2 Only two mirror sessions are allowed including both local and remote mirroring If local mirroring is enabled with the port monitor command then there is only one session available for RSPAN...

Page 414: ...mote mirroring If local mirroring is enabled with the port monitor command then there is only one session available for RSPAN interface ethernet unit port unit Unit identifier Range 1 port Port number...

Page 415: ...vailable for RSPAN vlan id ID of configured RSPAN VLAN Range 2 4092 Use the vlan rspan command to reserve a VLAN for RSPAN mirroring before enabling RSPAN with this command source Specifies this devic...

Page 416: ...figured RSPAN session Syntax no rspan session session id session id A number identifying this RSPAN session Range 1 2 Only two mirror sessions are allowed including both local and remote mirroring If...

Page 417: ...xec Example Console show rspan session RSPAN Session ID 1 Source Ports mirrored ports None RX Only None TX Only None BOTH None Destination Port monitor port Eth 1 2 Destination Tagged Mode Untagged Sw...

Page 418: ...Chapter 12 Port Mirroring Commands RSPAN Mirroring Commands 418...

Page 419: ...terface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network Packets that exceed the acceptable amount of traffic are dropped Rate limiting ca...

Page 420: ...ts per second for 10G Ethernet ports 64 40 000 000 Kbits per second for 40G Ethernet ports Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage If the rate...

Page 421: ...switchport broadcast multicast unknown unicast packet rate rate no switchport broadcast multicast unicast broadcast Specifies storm control for broadcast traffic multicast Specifies storm control for...

Page 422: ...rface may lead to unexpected results It is therefore not advisable to use both of these commands on the same interface Example The following shows how to configure broadcast storm control at 600 kilob...

Page 423: ...interface or when a interface is released from a shutdown state caused by a loopback event a trap message is sent and the event recorded in the system log Loopback detection must be enabled both globa...

Page 424: ...ded for the spanning tree protocol on port 1 and then enables general loopback detection for that port Console config loopback detection Console config interface ethernet 1 1 Console config if no span...

Page 425: ...erefore shut down Use the loopback detection recover time command to set the time to wait before re enabling an interface shut down by the loopback detection process When the loopback detection respon...

Page 426: ...to transmit loopback detection control frames Use the no form to restore the default setting Syntax loopback detection transmit interval seconds no loopback detection transmit interval seconds The tra...

Page 427: ...ing None Command Mode Global Configuration Command Usage Refer to the loopback detection recover time command for information on conditions which constitute loopback recovery Example Console config lo...

Page 428: ...y be set to None this command will still display the configured Detection Port Admin State and Information Oper State Example Console show loopback detection Loopback Detection Global Information Glob...

Page 429: ...interval detection interval The amount of time the switch remains in detection state after discovering a neighbor through UDLD Range 5 255 seconds Default Setting 5 seconds Command Mode Global Config...

Page 430: ...messages after linkup or detection phases Range 7 90 seconds Default Setting 15 seconds Command Mode Global Configuration Command Usage During the detection phase messages are exchanged at the maximum...

Page 431: ...le config udld recovery Console config udld recovery interval This command specifies the period after which to automatically recover from UDLD disabled port state Use the no form to restore the defaul...

Page 432: ...connectivity UDLD follows a conservative approach to minimize false positives during the detection process and deems a port to be in undetermined state In other words normal mode will shut down a port...

Page 433: ...ompt corrective action to be taken Whenever a UDLD device learns about a new neighbor or receives a resynchronization request from an out of synch neighbor it re starts the detection process on its si...

Page 434: ...1 1 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 2 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 3 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 4 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 5...

Page 435: ...rt state Unknown Bidirectional Unidirectional Transmit to receive loop Mismatch with neighbor state reported Neighbor s echo is empty The state is Unknown if the link is down or not connected to a UDL...

Page 436: ...Chapter 15 UniDirectional Link Detection Commands 436...

Page 437: ...guration Command Usage The aging time is used to age out dynamically learned forwarding information Example Console config mac address table aging time 100 Console config Table 86 Address Table Comman...

Page 438: ...witch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default lifetime is permanent Command Mode Global Configuration Command Usage The static address fo...

Page 439: ...address table dynamic Console show mac address table This command shows classes of entries in the bridge forwarding database Syntax show mac address table address mac address mask interface interface...

Page 440: ...of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 16K Example Console show mac address table Flag VXLAN VNID Interface MAC A...

Page 441: ...Syntax show mac address table count interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 port channel channel id Range 1 16 27 Default Setting...

Page 442: ...Chapter 16 Address Table Commands 442...

Page 443: ...to all other ports or just to all other ports in the same VLAN when global spanning tree is disabled GC spanning tree transmission limit Configures the transmission limit for RSTP MSTP GC max hops Co...

Page 444: ...n a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch Console config spanning tree Console config spanning tree port priority Configures the sp...

Page 445: ...earning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conf...

Page 446: ...her of 6 or 2 x hello time 1 The maximum value is the lower of 40 or 2 x forward time 1 Default Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in...

Page 447: ...perating multiple VLANs we recommend selecting the MSTP option Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynam...

Page 448: ...sed values that range from 1 200 000 000 This method is based on the IEEE 802 1w Rapid Spanning Tree Protocol short Specifies 16 bit based values that range from 1 65535 This method is based on the IE...

Page 449: ...used in selecting the root device root port and designated port The device with the highest priority i e lower numeric value becomes the STA root device However if all devices have the same priority t...

Page 450: ...oding to all Floods BPDUs to all other ports on the switch to vlan Floods BPDUs to all other ports within the receiving port s native VLAN i e as determined by port s PVID Default Setting Floods to al...

Page 451: ...TP and RSTP protocols Therefore the message age for BPDUs inside an MSTI region is never changed However each spanning tree instance within a region and the internal spanning tree IST that connects th...

Page 452: ...his switch to act as the MSTI root device by specifying a priority of 0 or as the MSTI alternate device by specifying a priority of 16384 Example Console config mstp mst 1 priority 4096 Console config...

Page 453: ...VLANs Also note that RSTP treats each MSTI region as a single node connecting all regions to the Common Spanning Tree Example Console config mstp mst 1 vlan 2 5 Console config mstp name This command c...

Page 454: ...th the same MST instances Example Console config mstp revision 1 Console config mstp Related Commands name 453 spanning tree bpdu filter This command allows you to avoid transmitting BPDUs on configur...

Page 455: ...ywords to disable this feature or with a keyword to restore the default settings Syntax spanning tree bpdu guard auto recovery interval interval no spanning tree bpdu guard auto recovery interval auto...

Page 456: ...path cost method Default Setting By default the system automatically detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 i...

Page 457: ...rnet 1 5 Console config if spanning tree cost 50 Console config if spanning tree edge port This command specifies an interface as an edge port Use the no form to restore the default Syntax spanning tr...

Page 458: ...ed to an end node device When edge port is set as auto the operational state is determined automatically by the Bridge Detection State Machine described in 802 1D 2004 where the edge port state may ch...

Page 459: ...ation 1 65535 for short path cost method8 1 200 000 000 for long path cost method The recommended path cost range is listed in Table 88 on page 456 Default Setting By default the system automatically...

Page 460: ...ntifier of the spanning tree Range 0 4094 priority Priority for an interface Range 0 240 in steps of 16 Default Setting 128 Command Mode Interface Configuration Ethernet Port Channel Command Usage Thi...

Page 461: ...lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled The criteria us...

Page 462: ...h could potentially overload a slower link by taking over as the root port and forming a new spanning tree topology It could also be used to form a border around part of the network where the root bri...

Page 463: ...thernet Port Channel Command Usage When this command is enabled on an interface topology change information originating from the interface will still be propagated This command should not be used on a...

Page 464: ...spanning tree CST for all instances within the multiple spanning tree MST or for a specific instance within the multiple spanning tree MST Syntax show spanning tree interface mst instance id interfac...

Page 465: ...Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max Hops 20 Remaining Hops 20 Designated Root 32768 0 0001ECF8D8C6 Current Root Port 21 Curre...

Page 466: ...nfiguration This command shows the configuration of the multiple spanning tree Command Mode Privileged Exec Example Console show spanning tree mst configuration Mstp Configuration Information Configur...

Page 467: ...ng shows the configuration for bridge extension MIB Editing VLAN Groups Sets up VLAN groups including name VID and state Configuring VLAN Interfaces Configures VLAN interface parameters including ingr...

Page 468: ...d Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration...

Page 469: ...age Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are indepen...

Page 470: ...Console config if show garp timer This command shows the GARP timers for the selected interface Syntax show garp timer interface interface ethernet unit port unit Unit identifier Range 1 port Port nu...

Page 471: ...ation interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 port channel channel id Range 1 16 27 Default Setting Shows both global and interface specific...

Page 472: ...tings by entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the runn...

Page 473: ...used for mirroring traffic from remote switches The VLAN used for RSPAN cannot include VLAN 1 the switch s default VLAN Nor should it include VLAN 4093 which is used for switch clustering Configuring...

Page 474: ...ayer 3 configuration commands and save the configuration settings To change a Layer 3 normal VLAN back to a Layer 2 VLAN use the no interface command Table 93 Commands for Configuring VLAN Interfaces...

Page 475: ...store the default Syntax switchport acceptable frame types all tagged no switchport acceptable frame types all The port accepts all frames tagged or untagged tagged The port only receives tagged frame...

Page 476: ...previous VLANs is retained remove vlan list List of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs R...

Page 477: ...witchport forbidden vlan add vlan list remove vlan list no switchport forbidden vlan add vlan list List of VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan list Separat...

Page 478: ...only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member these frames will be flooded to all other ports except for those VL...

Page 479: ...d frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames Default Setting All ports are in hybrid...

Page 480: ...t to any VLAN for which it is an untagged member If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames entering the ingress por...

Page 481: ...nt loops from forming in the spanning tree all unknown VLANs will be bound to a single instance either STP RSTP or an MSTP instance depending on the selected STA mode VLAN trunking is mutually exclusi...

Page 482: ...Port Channels Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Eth1 9 S Eth1 10 S Eth1 11 S Eth1 12 S Eth1 13 S Eth1 14 S Eth1 15 S Eth1 16 S Eth1 17 S Eth1 18 S Eth1 19 S Eth1...

Page 483: ...TPID value of the tunnel access port This step is required if the attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is 0x8100 See d...

Page 484: ...tunnel access port If the spanning tree protocol is enabled be aware that a tunnel access or tunnel uplink port may be disabled if the spanning tree structure is automatically reconfigured to overcom...

Page 485: ...tagged frames For example 0x1234 is set as the custom 802 1Q ethertype on a trunk port incoming frames containing that ethertype are assigned to the VLAN contained in the tag following the ethertype...

Page 486: ...unnel uplink port receives a packet from a customer the customer tag regardless of whether there are one or more tag layers is retained in the inner tag and the service provider s tag added to the out...

Page 487: ...priority map Console config if switchport dot1q tunnel service default match all This command specifies how to handle traffic that does not match any other dot1q tunnel service settings Use the no fo...

Page 488: ...he 802 1Q tunnel This process is performed in a transparent manner When priority bits are found in the inner tag these are also copied to the outer tag This allows the service provider to differentiat...

Page 489: ...member of VLANs 100 200 and 300 using uplink mode Console config interface ethernet 1 2 Console config if switchport allowed vlan add 100 200 300 tagged Console config if switchport dot1q tunnel mode...

Page 490: ...Remove C Tag Eth 1 1 Enabled Disabled Step 2 Configure Switch C 1 Create VLAN 100 200 and 300 Console config vlan database Console config vlan vlan 100 200 300 media ethernet state active 2 Configure...

Page 491: ...nel Status Enabled Port Mode TPID Hex Priority Mapping Eth 1 1 Access 8100 Disabled Eth 1 2 Uplink 8100 Disabled Eth 1 3 Normal 8100 Disabled Console show dot1q tunnel interface ethernet 1 5 802 1Q Tu...

Page 492: ...two octet field in an Ethernet frame It is used to indicate which protocol is encapsulated in the payload of an Ethernet Frame Range 600 ffff hexadecimal snap The Subnetwork Access Protocol is an exte...

Page 493: ...stination address for Layer 2 Protocol Tunneling L2PT Use the no form to restore the default setting Syntax l2protocol tunnel tunnel dmac mac address mac address The switch rewrites the destination MA...

Page 494: ...l packet is received on an uplink port i e an 802 1Q tunnel ingress port connecting the edge switch to the service provider network with the destination address 01 80 C2 00 00 00 0B 0F C VLAN tag it i...

Page 495: ...dress to make it a GBPT protocol packet i e setting the destination address to 01 00 0C CD CD D0 L2PT is disabled on this port it is forwarded to the following ports in the same S VLAN a other access...

Page 496: ...anning Tree STP RSTP MSTP vtp Cisco VLAN Trunking Protocol Default Setting Disabled for all protocols Command Mode Interface Configuration Ethernet Port Channel Command Usage Refer to the Command Usag...

Page 497: ...o VXLAN mapping is found it then searches the bridge table for the destination port If the egress port is found the packet is encapsulated with a VXLAN header and sent on to the corresponding VTEP If...

Page 498: ...multicast group that it will use This information must be configured using the vxlan flood command Using this mapping the VTEP can provide IGMP membership reports to the upstream switch router to join...

Page 499: ...the VXLAN UDP port This value should be used by default as the destination UDP port Some early implementations of VXLAN have used other values for the destination port This command is therefore provi...

Page 500: ...EPs on this VNI multicast Multicast is used for carrying unknown destination broadcast and multicast frames ipv4 address Each VTEP VNI joins this multicast group as an IP host through the IGMP IGMP jo...

Page 501: ...vni id vid The VLAN associated with this VNI vni id A 24 bit segment ID used to identify each VXLAN segment termed the VXLAN Network Identifier The VNI is used in an outer header that encapsulates the...

Page 502: ...eged Exec Example This example shows the type of debug information that would be displayed for tracing a callback event Console debug vxlan event Console con Console config vlan database Console confi...

Page 503: ...2 13 l_vtep_ip 192 168 2 1 dst_vid_ifindex 1003 dst_inet_addr 192 168 2 13 vfi 28672 e_vlan 3 l3_if 6 lport 0 udp_port 4789 mac 00 00 00 00 00 00 23 24 34 VXLAN 2398 vfi_id 0x7000 bcast_group 0xc00000...

Page 504: ...o identify each VXLAN segment termed the VXLAN Network Identifier The VNI is used in an outer header that encapsulates the inner MAC frame originated by a virtual machine VM Command Mode Privileged Ex...

Page 505: ...lan vlan vni 3 VLAN VNI 3 123 Console show debug vxlan This command shows the VXLAN debug settings Syntax show debug vxlan Command Mode Privileged Exec Example Console show debug vxlan VXLAN VXLAN eve...

Page 506: ...Chapter 18 VLAN Commands Configuring VXLAN Tunneling 506...

Page 507: ...ayer 2 Configures the queue mode queue weights and default priority for untagged frames Priority Commands Layer 3 and 4 Sets the default priority processing method CoS or DSCP maps priority tags for i...

Page 508: ...ct queue Default Setting WRR Command Mode Interface Configuration Ethernet Port Channel Command Usage The switch can be set to service the port queues based on strict priority WRR or a combination of...

Page 509: ...weights to the eight class of service CoS priority queues when using weighted queuing or one of the queuing modes that use a combination of strict and weighted queuing Use the no form to restore the...

Page 510: ...rity mapping is IP DSCP and then default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged f...

Page 511: ...config if Related Commands show interfaces switchport 377 show queue mode This command shows the current queue mode Command Mode Privileged Exec Example Console show queue mode Unit Port queue mode 1...

Page 512: ...and drop precedence values for internal priority processing IC qos map ip prec dscp Maps IP Precedence values in incoming packets to per hop behavior and drop precedence values for internal priority...

Page 513: ...spaces Egress packets are placed into the hardware queues according to the mapping defined by this command Example Console config interface ethernet 1 5 Console config if qos map phb queue 0 from 1 2...

Page 514: ...ed by spaces If a packet arrives with a 802 1Q header but it is not an IP packet then the CoS CFI to PHB Drop Precedence mapping table is used to generate priority and drop precedence values for inter...

Page 515: ...AULT SETTING Command Mode Interface Configuration Port Static Aggregation Command Usage Enter a drop precedence followed by the keyword from and then up to four per hop behavior values separated by sp...

Page 516: ...at Range 0 1 phb Per hop behavior or the priority used for this router hop Range 0 7 drop precedence Drop precedence used for controlling traffic congestion Range 0 Green 3 Yellow 1 Red DEFAULT SETTIN...

Page 517: ...ETTING Command Mode Interface Configuration Port Static Aggregation Table 105 Default Mapping of DSCP Values to Internal PHB Drop Values ingress dscp1 ingress dscp10 0 1 2 3 4 5 6 7 8 9 0 0 0 0 1 0 0...

Page 518: ...P value of 1 to a per hop behavior of 3 and a drop precedence of 1 Referring to Table 105 note that the DSCP value for these packets is now set to 25 3x23 1 and passed on to the egress interface Conso...

Page 519: ...precedence used for controlling traffic congestion Range 0 Green 3 Yellow 1 Red DEFAULT SETTING Command Mode Interface Configuration Port Static Aggregation Command Usage Enter up to eight paired valu...

Page 520: ...d and the ingress packet type is IPv4 then priority processing will be based on the DSCP value in the ingress packet If the QoS mapping mode is set to either IP Precedence or DSCP and a non IP packet...

Page 521: ...Console show qos map cos dscp interface ethernet 1 5 CoS Information of Eth 1 5 CoS DSCP map x y x phb y drop precedence CoS CFI 0 1 0 0 0 0 1 1 1 0 1 1 2 2 0 2 1 3 3 0 3 1 4 4 0 4 1 5 5 0 5 1 6 6 0 6...

Page 522: ...dence to CoS values Syntax show qos map dscp cos interface interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 32 54 port channel channel id Range 1 16 27 Command M...

Page 523: ...in the top row in other words ingress DSCP d1 10 d2 and the corresponding Internal DSCP and drop precedence is shown at the intersecting cell in the table Console show qos map dscp mutation interface...

Page 524: ...s IP precedence to internal DSCP map Syntax show qos map ip prec dscp interface interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 32 54 port channel channel id Ra...

Page 525: ...nsole show qos map phb queue interface ethernet 1 5 Information of Eth 1 5 PHB queue map PHB 0 1 2 3 4 5 6 7 queue 2 0 1 3 4 5 6 7 Console show qos map trust mode This command shows the QoS mapping mo...

Page 526: ...Chapter 19 Class of Service Commands Priority Commands Layer 3 and 4 526...

Page 527: ...of a policy map PM police flow Defines an enforcer for classified traffic based on a metered flow rate PM C police srtcm color Defines an enforcer for classified traffic based on a single rate three c...

Page 528: ...e in the VLAN tag for the matching traffic class and use one of the police commands to monitor parameters such as the average flow and burst rate and drop any traffic that exceeds the specified rate o...

Page 529: ...fig cmap match ip dscp 3 Console config cmap Related Commands show class map 541 description This command specifies the description of a class map or policy map Syntax description string string Descri...

Page 530: ...uded in the ACL will be ignored If match criteria includes an IP ACL or IP priority rule then a VLAN rule cannot be included in the same class map If match criteria includes a MAC ACL or VLAN rule the...

Page 531: ...1 Console config cmap rename rd class 9 Console config cmap policy map This command creates a policy map that can be attached to multiple interfaces and enters Policy Map configuration mode Use the no...

Page 532: ...pon which a policy can act and enters Policy Map Class configuration mode Use the no form to delete a class map Syntax no class class map name class map name Name of the class map Range 1 32 character...

Page 533: ...ew dscp violate action drop new dscp committed rate Committed information rate CIR in kilobits per second Range 0 40000000 kbps or maximum port speed whichever is lower committed burst Committed burst...

Page 534: ...efined rd class uses the set phb command to classify the service that incoming packets will receive and then uses the police flow command to limit the average bandwidth to 100 000 Kbps the burst rate...

Page 535: ...class maps for ingress ports The srTCM as defined in RFC 2697 meters a traffic stream and processes its packets according to three traffic parameters Committed Information Rate CIR Committed Burst Siz...

Page 536: ...n precolored as yellow or green and if Te t B 0 the packets is yellow and Te is decremented by B down to the minimum value of 0 else the packet is red and neither Tc nor Te is decremented The metering...

Page 537: ...1000 128000000 bytes conform action Action to take when rate is within the CIR and BP Packet size does not exceed BP and there are enough tokens in bucket BC to service the packet the packet is set gr...

Page 538: ...s incremented by one PIR times per second up to BP and the token count Tc is incremented by one CIR times per second up to BC When a packet of size B bytes arrives at time t the following happens if t...

Page 539: ...Mode Policy Map Class Configuration Command Usage The set cos command is used to set the CoS value in the VLAN tag for matching packets The set cos and set phb command function at the same level of pr...

Page 540: ...to control queue congestion by the police srtcm color command and police trtcm color command The set cos and set phb command function at the same level of priority Therefore setting either of these co...

Page 541: ...face Command Mode Interface Configuration Ethernet Port Channel Command Usage First define a class map then define a policy map and finally use the service policy command to bind the policy map to the...

Page 542: ...classification criteria for incoming traffic and may include policers for bandwidth limitations Syntax show policy map policy map name class class map name policy map name Name of the policy map Range...

Page 543: ...x show policy map interface interface input output interface unit port unit Unit identifier Range 1 port Port number Range 1 32 54 port channel channel id Range 1 16 27 input Apply to the input traffi...

Page 544: ...Chapter 20 Quality of Service Commands 544...

Page 545: ...ovides the mechanism which allows peers to exchange configuration information via LLDP TLVs about ETS and PFC settings and their willingness to accept ETS configuration recommendations Priority based...

Page 546: ...onfigured to use DCBX DCBX uses LLDP to exchange attributes between two link peers DCBX does this by exchanging LLDP TLVs with peer devices to discover DCB capabilities supported by a peer port detect...

Page 547: ...downstream ports as well as receive a configuration propagated internally by other auto upstream ports configuration source In configuration source mode the port is manually selected as the configurat...

Page 548: ...port is maintained until it is cleared by setting the port to the manual mode Only the configuration source is allowed to propagate its configuration to other ports internally If no port is set to con...

Page 549: ...ng through an interface Traffic classes are specified in the priority field of the 802 1Q VLAN header which identifies an 802 1p priority value However a VLAN unaware end station can also use PFC by s...

Page 550: ...mode auto Negotiates PFC capability using DCBX The operational capability of PFC depends on the result of DCBX negotiations on Forces PFC to enabled state Default Setting Disabled Command Mode Interfa...

Page 551: ...disable PFC for specified priorities Syntax no pfc priority enable priority list priority list Priority identifier specified as a single number a range of consecutive numbers separated by a hyphen or...

Page 552: ...ar pfc statistics interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 port channel channel id Range 1 16 27 Default Setting None Command Mode P...

Page 553: ...atistics Use this command to how PFC statistics for the number of PFC frames received and transmitted for each priority Syntax show pfc statistics interface interface interface ethernet unit port unit...

Page 554: ...andwidth of the group Configuration Guidelines Take the following steps to configure ETS 1 Map CoS queues to TCGs for the egress ports using the traffic class map command 2 Configure the bandwidth all...

Page 555: ...d with identical ETS TCG queuing algorithm priority queue mapping and minimum bandwidth requirements Ports configured in auto upstream or auto downstream DCBX roles receive their ETS configuration fro...

Page 556: ...rface ethernet 1 5 Console config if traffic class algo ets Console config if traffic class map Use this command to map a given priority to a traffic class group TCG Use the no form to restore the def...

Page 557: ...hannel Command Usage The cumulative weight for all three TCGs must be 100 The weight assigned by the traffic class weight command must be 0 for any TCG set to strict mode with the traffic class algo c...

Page 558: ...rnet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 port channel channel id Range 1 16 27 Command Mode Privileged Exec Example This example shows both the locally configured set...

Page 559: ...ode Auto Traffic Class Tx Selection Mode Weight 0 Strict 0 1 Strict 0 2 Strict 0 Operational ETS Mode On Traffic Class Tx Selection Mode Weight 0 Strict 0 1 Strict 0 2 Strict 0 Console Congestion Noti...

Page 560: ...s can be carried across the network with minimal contention with Congestion Controlled Flows CCFs for those resources Operational Concept In order for CN to successfully control congestion in a Virtua...

Page 561: ...otification Message CNM GC cn cnpv Sets a dot1p priority to be a Congestion Notification Priority Value CNPV GC cn cnpv alternate priority Configures the alternate priority used to remark a received f...

Page 562: ...re transmitted if congestion is detected on a CP Example The following example enables CN for all ports Console config interface ethernet 1 5 Console config if traffic class map 2 1 Console config if...

Page 563: ...ity CNPV assigned to Congestion Control Flows CFF on this port Range 0 7 Default Setting None Command Mode Global Configuration Command Usage Up to 7 CNPVs can be set for the system When a CNPV is cha...

Page 564: ...s are not exhausted with traffic from CN unaware sources Frames coming from non CN sources do not have a CN TAG If these frames are mapped to the CN enabled queue then they may contribute to the conge...

Page 565: ...ined by the LLDP CN TLV and may be set to edge interior or interior ready The alternate priority is also determined by the LLDP CN TLV If CN is enabled and the CND defense mode of the port is Edge the...

Page 566: ...hen its dot1p priority is equal to the CNPV when the defense mode is other than auto Use the no form to use the global setting for the CNPV Syntax cn cnpv cnpv priority alternate priority priority no...

Page 567: ...ngestion Notification TLV disabled CN capability is administratively disabled edge CNPV is remapped to non CNPV and CN TAG is removed interior Priority remapping is inhibited and CN TAG is removed int...

Page 568: ...nformation including the defense mode and alternate priority Syntax show cn cnpv cnpv priority interface cnpv priority CN priority value Range 0 7 interface ethernet unit port unit Unit identifier Ran...

Page 569: ...MAC Address 70 72 CF 8C 2F EF Set Point 26000 Feedback Weight 2 Minimum Sample Base 150000 bytes Discarded Frames 0 Transmitted Frames 0 Transmitted CNMs 0 Console Table 113 show cn cp display descrip...

Page 570: ...the switch and controller It could even decide to forward the traffic itself provided that it has told the switch to forward entire packets The following table is from the Openflow standard It illust...

Page 571: ...use of storm control but ACL flow in the FP stage will change these packets to forwarding state That means the final state for these packets will be forwarding The following commands are supported by...

Page 572: ...a new IP address is selected The OpenFlow feature becomes operational only when a switch interface with the matching IP address becomes active The switch must have an operational IP interface with the...

Page 573: ...ier for the flow forwarding behaviour implemented by the data path Range 1 100 characters Default Setting None Command Mode Global Configuration Example Console config through_boa Console config clear...

Page 574: ...ermination mac VxLAN termination MAC flow table unicast routing Unicast routing flow table multicast routing Multicast routing flow table bridging Bridging flow table acl policy ACL Policy flow table...

Page 575: ...tion MAC table Priority 201 cookie 14 Hard Timeout 0 Idle Timeout 0 Match EtherType 0x86DD VLAN 0x2 0xFFF Dest MAC 33 33 00 00 00 00 Dest MAC MASK FF FF 00 00 00 00 Instruction Goto table 40 Multicast...

Page 576: ...L table No more flow from ofagent Console show of agent flow table id 40 Flow 1 Table ID 40 Multicast Routing table Priority 501 cookie 13 Hard Timeout 0 Idle Timeout 0 Match EtherType 0x0800 VLAN 0x2...

Page 577: ...ace Flow 2 Table ID 60 ACL table Priority 601 cookie 11 Hard Timeout 0 Idle Timeout 0 Match EtherType 0x86DD In port 45 0xFFFFFFFF Instruction Set VLAN PCP 5 Group 0x10000001 L2 Rewrite No more flow f...

Page 578: ...ewrite Specifies L2 rewrite group l3 unicast Specifies L3 unicast group l2 multicast Specifies L2 multicast group l2 flood Specifies L2 flood group l3 interface Specifies L3 interface group l3 ecmp Sp...

Page 579: ...e Bucket Index 1 Reference Group 0x20003 L2 Interface Group 0x40020001 L2 Flood VID 2 Bucket Index 0 Reference Group 0x20001 L2 Interface Bucket Index 1 Reference Group 0x20003 L2 Interface Group 0x50...

Page 580: ...ex 0 Output 3 No more group from ofagent Console show of agent group type l3 interface Group 0x50000003 L3 Interface Bucket Index 0 New Source MAC 00 00 05 22 33 99 New VID 3 Reference Group 0x30003 L...

Page 581: ...y reporting displays current snooping settings and displays the multicast service and group members Static Multicast Routing Configures static multicast router ports which forward all inbound multicas...

Page 582: ...cited IGMP reports when proxy reporting is enabled GC ip igmp snooping version Configures the IGMP version for snooping GC ip igmp snooping version exclusive Discards received IGMP messages which use...

Page 583: ...Adds an interface as a member of a multicast group GC ip igmp snooping vlan version Configures the IGMP version for snooping GC ip igmp snooping vlan version exclusive Discards received IGMP messages...

Page 584: ...ing priority priority no ip igmp snooping priority priority The CoS priority assigned to all multicast traffic Range 0 7 where 7 is the highest priority Default Setting 2 Command Mode Global Configura...

Page 585: ...ing is enabled with this command the switch performs IGMP Snooping with Proxy Reporting as defined in DSL Forum TR 101 April 2006 including last leave and query suppression Last leave sends out a prox...

Page 586: ...and Mode Global Configuration Command Usage As described in Section 9 1 of RFC 3376 for IGMP Version 3 the Router Alert Option can be used to protect against DOS attacks One common method of attack is...

Page 587: ...flood This command enables flooding of multicast traffic if a spanning tree topology change notification TCN occurs Use the no form to disable flooding Syntax no ip igmp snooping tcn flood Default Se...

Page 588: ...ends a proxy query to quickly re learn the host membership port relations for multicast channels The root bridge also sends an unsolicited Multicast Router Discover MRD request to quickly locate the m...

Page 589: ...ping tcn query solicit Console config ip igmp snooping unregistered data flood This command floods unregistered multicast traffic into the attached VLAN Use the no form to drop unregistered multicast...

Page 590: ...ation Command Usage When a new upstream interface that is uplink port starts up the switch sends unsolicited reports for all currently learned multicast channels out through the new upstream interface...

Page 591: ...ve This command discards any received IGMP messages except for multicast protocol packets which use a version different to that currently configured by the ip igmp snooping version command Use the no...

Page 592: ...sages are forwarded only to downstream ports which have joined a multicast service Example Console config ip igmp snooping vlan 1 general query suppression Console config ip igmp snooping vlan immedia...

Page 593: ...n that port leave the group will the member port be deleted This command is only effective if IGMP snooping is enabled and IGMPv2 or IGMPv3 snooping is used Example The following shows how to enable i...

Page 594: ...g 10 1 second Command Mode Global Configuration Command Usage When a multicast host leaves a group it sends an IGMP leave message When the leave message is received by the switch it checks to see if t...

Page 595: ...erface with IP multicast forwarding and MRD enabled a router will respond with an advertisement Advertisements are sent by routers to advertise that IP multicast forwarding is enabled These messages a...

Page 596: ...s of 0 0 0 0 These hosts will therefore not reply to the queries causing the multicast router to stop sending traffic to them To resolve this problem the source address in proxied IGMP query and repor...

Page 597: ...vlan vlan id query interval vlan id VLAN ID Range 1 4094 interval The interval between sending IGMP general queries Range 2 31744 seconds Default Setting 125 seconds Command Mode Global Configuration...

Page 598: ...ting 100 10 seconds Command Mode Global Configuration Command Usage This command applies when the switch is serving as the querier page 585 or as a proxy host when IGMP snooping proxy reporting is ena...

Page 599: ...clear ip igmp snooping groups dynamic This command clears multicast group information dynamically learned through IGMP snooping Syntax clear ip igmp snooping groups dynamic Command Mode Privileged Exe...

Page 600: ...Router Alert Check Disabled Router Port Mode Forward TCN Flood Disabled TCN Query Solicit Disabled Unregistered Data Flood Disabled 802 1p Forwarding Priority Disabled Unsolicited Report Interval 400...

Page 601: ...igmpsnp Display only entries learned through IGMP snooping sort by port Display entries sorted by port user Display only the user configured multicast entries vlan id VLAN ID 1 4094 Default Setting N...

Page 602: ...nd Mode Privileged Exec Command Usage Multicast router port types displayed include Static or Dynamic Example The following shows the ports in VLAN 1 which are attached to multicast routers Console sh...

Page 603: ...nterface Report Leave G Query G S S Query Drop Group Eth 1 1 12 0 1 0 0 0 Console Table 117 show ip igmp snooping statistics input display description Field Description Interface Shows interface Repor...

Page 604: ...fic or group and source specific query messages sent from this interface Drop The number of times a report leave or query was dropped Packets may be dropped due to invalid format rate limiting or pack...

Page 605: ...e at which received query messages of the wrong version type cause the Vx warning count to increment Note that 0 sec means that the Vx warning count is incremented for each wrong message version recei...

Page 606: ...n The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port and IGMP throttling limits the number of simultaneous multicast groups a p...

Page 607: ...nabled IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast gr...

Page 608: ...o many interfaces but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny Example Console config ip igmp profile 19 Console config igmp profil...

Page 609: ...tting None Command Mode IGMP Profile Configuration Command Usage Enter this command multiple times to specify more than one multicast address or address range for a profile Example Console config ip i...

Page 610: ...rejoins the same group the join report needs to again be authenticated When receiving an IGMP v3 report message the switch will send the access request to the RADIUS server only when the record type...

Page 611: ...IGMP filter profile number Range 1 4294967295 Default Setting None Command Mode Interface Configuration Command Usage The IGMP filtering profile must first be created with the ip igmp profile command...

Page 612: ...o actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it wi...

Page 613: ...IGMP query packets Use the no form to restore the default setting Syntax no ip igmp query drop Default Setting Disabled Command Mode Interface Configuration Ethernet Command Usage This command can be...

Page 614: ...led Other ports port channels are Disable Console show ip igmp filter This command displays the global and interface settings for IGMP filtering Syntax show ip igmp filter interface interface interfac...

Page 615: ...ed Exec Example Console show ip igmp profile IGMP Profile 19 IGMP Profile 50 Console show ip igmp profile 19 IGMP Profile 19 Deny Range 239 1 1 1 239 1 1 1 Range 239 2 3 1 239 2 3 100 Console show ip...

Page 616: ...ttings for IGMP throttling Syntax show ip igmp throttle interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 port channel channel id Range 1 16...

Page 617: ...ch to act as the querier for MLD snooping GC ipv6 mld snooping query interval Configures the interval between sending MLD general query messages GC ipv6 mld snooping query max response time Configures...

Page 618: ...Syntax no ipv6 mld snooping querier Default Setting Disabled Command Mode Global Configuration Command Usage If enabled the switch will serve as querier if elected The querier is responsible for aski...

Page 619: ...125 seconds Command Mode Global Configuration Command Usage This command applies when the switch is serving as the querier An MLD general query message is sent by the switch at the interval specified...

Page 620: ...command configures the MLD Snooping robustness variable Use the no form to restore the default value Syntax ipv6 mld snooping robustness value no ipv6 mld snooping robustness value The number of the...

Page 621: ...rt i e the interface that had been receiving query packets to have expired Example Console config ipv6 mld snooping router port expire time 300 Console config ipv6 mld snooping unknown multicast mode...

Page 622: ...default Syntax ipv6 mld snooping version 1 2 1 MLD version 1 2 MLD version 2 Default Setting Version 2 Command Mode Global Configuration Example Console config ipv6 mld snooping version 1 Console con...

Page 623: ...ave Console config interface vlan 1 Console config if ipv6 mld snooping immediate leave Console config if ipv6 mld snooping vlan mrouter This command statically configures an IPv6 multicast router por...

Page 624: ...6 address interface vlan VLAN ID Range 1 4094 ipv6 address An IPv6 address of a multicast group Format X X X X X interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 52 p...

Page 625: ...r ipv6 mld snooping statistics interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 port channel channel id Range 1 16 vlan vlan id VLAN identif...

Page 626: ...abled on all VLAN Unknown Flood Behavior To Router Port MLD Snooping Version Version 2 VLAN Group IPv6 Address Port 1 ff05 0 1 2 3 4 5 6 Eth 1 1 Console show ipv6 mld snooping group This command shows...

Page 627: ...Eth 1 1 Type MLD Snooping Filter Mode Include if exclude filter mode Filter Timer elapse 10 sec Request List 01 02 03 04 01 02 03 05 01 02 03 06 01 02 03 07 Exclude List 02 02 03 04 02 02 03 05 02 02...

Page 628: ...f ip igmp Console config if end Table 124 IGMP Commands Layer 3 Command Function Mode ip igmp Enables IGMP for the specified interface IC ip igmp last member query interval Configures thefrequencyat w...

Page 629: ...ecific leave message Use the no form to restore the default setting Syntax ip igmp last member query interval seconds no ip igmp last member query interval seconds The frequency at which the switch se...

Page 630: ...v1 does not support a configurable maximum response time for query messages It is fixed at 10 seconds for IGMPv1 By varying the Maximum Response Interval the burstiness of IGMP messages passed on the...

Page 631: ...rmine the interfaces that are connected to downstream hosts requesting a specific multicast service Only the designated multicast router for a subnet sends host query messages which are addressed to t...

Page 632: ...g that the QRV field does not contain a declared robustness value the switch will set the robustness variable to the value statically configured by this command If the QRV exceeds 7 the maximum value...

Page 633: ...configured for an any source multicast G a source address cannot subsequently be defined for this group without first deleting the entry If a static group is configured for one or more source specific...

Page 634: ...the switch will ignore any Leave Group messages that it receives for that group Example Console config if ip igmp version 1 Console config if clear ip igmp group This command deletes entries from the...

Page 635: ...mation about multicast groups IGMP must first be enabled on the interface to which a group has been assigned using the ip igmp command and multicast routing must be enabled globally on the system usin...

Page 636: ...ce this entry was created Expire The time remaining before this entry will be aged out The default is 260 seconds This field displays stopped if the Group Mode is INCLUDE V1 Timer The time remaining u...

Page 637: ...In EXCLUDE mode reception of packets sent to the given multicast address is requested from all IP source addresses except for those listed in the source list parameter and where the source timer stat...

Page 638: ...to forward IGMP membership reports 4 Optional Use the ip igmp proxy unsolicited report interval command to indicate how often the system will send unsolicited reports to the upstream router ip igmp pr...

Page 639: ...proxy multicast service When changes occur in the downstream IGMP groups a IGMP state change report is created and sent to the upstream router If there is an IGMPv1 or IGMPv2 querier on the upstream n...

Page 640: ...yer 3 This section describes commands used to configure Layer 3 Multicast Listener Discovery MLD on the switch Table 128 MLD Commands Layer 3 Command Function Mode ipv6 mld Enables MLD for the specifi...

Page 641: ...olicited Report Interval 400 sec Robustness Variable 2 Query Interval 125 sec Query Max Response Time 10 sec Last Member Query Interval 1 sec Querier Joined Groups Static Groups Console ipv6 mld last...

Page 642: ...sponse interval 20 Console config if ipv6 mld max resp interval This command configures the maximum response time advertised in MLD queries Use the no form of this command to restore the default setti...

Page 643: ...essages Range 1 255 seconds Default Setting 125 seconds Command Mode Interface Configuration VLAN Command Usage Multicast routers send host query messages to determine the interfaces that are connecte...

Page 644: ...s zero indicating that the QRV field does not contain a declared robustness value the switch will set the robustness variable to the value statically configured by this command If the QRV exceeds 7 th...

Page 645: ...e and source specific multicast entries Use the no form of this command to delete a static group without specifying the source address to delete all any source and source specific multicast entries fo...

Page 646: ...er Multicast hosts on the subnet may support either MLD versions 1 or 2 Example Console config if ipv6 mld version 1 Console config if clear ipv6 mld group This command deletes entries from the MLD ca...

Page 647: ...using the ipv6 mld command and multicast routing must be enabled globally on the system using the ip multicast routing command Example The following shows options for displaying MLD group information...

Page 648: ...ed if the Group Mode is INCLUDE Group Mode In Include mode reception of packets sent to the specified multicast address is requested only from those IP source addresses listed in the source list param...

Page 649: ...membership reports 4 Optional Use the ipv6 mld proxy unsolicited report interval command to indicate how often the system will send unsolicited reports to the upstream router ipv6 mld proxy This comma...

Page 650: ...e When changes occur in the downstream MLD groups an MLD state change report is created and sent to the upstream router If there is an MLDv1 querier on the upstream network then the proxy device will...

Page 651: ...port interval seconds The interval at which to issue unsolicited reports Range 1 65535 seconds Default Setting 400 seconds Command Mode Interface Configuration VLAN Command Usage The unsolicited repor...

Page 652: ...Chapter 22 Multicast Filtering Commands MLD Proxy Routing 652...

Page 653: ...rate network topology Table 131 LLDP Commands Command Function Mode lldp Enables LLDP globally on the switch GC lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisemen...

Page 654: ...pabilities IC lldp dot3 tlv mac phy Configures an LLDP enabled port to advertise its MAC and physical layer specifications IC lldp dot3 tlv max frame Configures an LLDP enabled port to advertise its m...

Page 655: ...tiplier value no lldp holdtime multiplier value Calculates the TTL in seconds based on the following rule minimum of Transmission Interval Holdtime Multiplier or 65536 Range 2 10 Default Setting Holdt...

Page 656: ...command specifies the amount of MED Fast Start LLDPDUs to transmit during the activation process of the LLDP MED Fast Start mechanism Syntax lldp med fast start count packets no lldp med fast start co...

Page 657: ...n LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes that exist at the time of a notification are included in the transmission An SNMP agent should therefore pe...

Page 658: ...s Default Setting 2 seconds Command Mode Global Configuration Command Usage When LLDP is re initialized on a port all information in the remote systems LLDP MIB associated with this port is deleted Ex...

Page 659: ...d receive mode on the specified port Use the no form to disable this feature Syntax lldp admin status rx only tx only tx rx no lldp admin status rx only Only receive LLDP PDUs tx only Only transmit LL...

Page 660: ...rent addresses associated with a Layer 3 device an individual LLDP PDU may contain more than one management address TLV Every management address TLV that reports an address that is accessible on a por...

Page 661: ...r not these primary functions are enabled The information advertised by this TLV is described in IEEE 802 1AB Example Console config interface ethernet 1 1 Console config if lldp basic tlv system capa...

Page 662: ...e The system name is taken from the sysName object in RFC 3418 which contains the system s administratively assigned name and is in turn based on the hostname command Example Console config interface...

Page 663: ...rtise the ETS settings that the switch wants the connected peer interface to use Use the no form to disable this feature Syntax no lldp dcbx tlv ets recommend Default Setting Enabled Command Mode Inte...

Page 664: ...earn its PFC configuration from the switch DCBX pushes the switch s PFC configuration to the peer Example Console config interface ethernet 1 1 Console config if lldp dcbx tlv pfc config Console confi...

Page 665: ...onfig interface ethernet 1 1 Console config if no lldp dot1 tlv proto vid Console config if lldp dot1 tlv pvid This command configures an LLDP enabled port to advertise its default VLAN ID Use the no...

Page 666: ...thernet 1 1 Console config if no lldp dot1 tlv vlan name Console config if lldp dot3 tlv link agg This command configures an LLDP enabled port to advertise link aggregation capabilities Use the no for...

Page 667: ...and operational Multistation Access Unit MAU type Example Console config interface ethernet 1 1 Console config if no lldp dot3 tlv mac phy Console config if lldp dot3 tlv max frame This command config...

Page 668: ...ss value Range 0 255 ca value Description of a location Range 1 32 characters Default Setting Not advertised No description Command Mode Interface Configuration Ethernet Port Channel Command Usage Use...

Page 669: ...ion civic addr 4 West Irvine Console config if lldp med location civic addr 6 Exchange Console config if lldp med location civic addr 18 Avenue Console config if lldp med location civic addr 19 320 Co...

Page 670: ...Only state changes that exist at the time of a trap notification are included in the transmission An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to dete...

Page 671: ...This option advertises location identification details Example Console config interface ethernet 1 1 Console config if lldp med tlv location Console config if lldp med tlv med cap This command configu...

Page 672: ...diagnosis of VLAN configuration mismatches on a port Improper network policy configurations frequently result in voice quality degradation or complete service disruption Example Console config interfa...

Page 673: ...ed due to throttling or transmission loss Example Console config interface ethernet 1 1 Console config if lldp notification Console config if show lldp config This command shows LLDP configuration set...

Page 674: ...tatus Enabled MED Enabled TLVs Advertised med cap network policy location inventory MED Location Identification Location Data Format Civic Address LCI Country Name US What 2 DHCP Client CA Type 1 Cali...

Page 675: ...t on unit 1 port 3 Eth 1 4 MAC Address 00 E0 0C 02 01 01 Ethernet Port on unit 1 port 4 Console show lldp info local device detail ethernet 1 1 LLDP Port Information Details Port Eth 1 1 Port Type MAC...

Page 676: ...iption Ethernet Port on unit 1 port 1 System Description ECS4120 28P System Capabilities Bridge Router Enabled Capabilities Bridge Router Management Address 70 72 CF 80 0E 50 MAC Address Port VLAN ID...

Page 677: ...92 168 1 2 IPv4 Remote Port VID 1 Remote Port Protocol VLAN VLAN 3 supported enabled Remote VLAN Name VLAN 1 DefaultVlan Remote Protocol Identity Hex 88 CC Remote MAC PHY Configuration Status Remote p...

Page 678: ...s command shows statistics based on traffic received through all attached LLDP enabled interfaces Syntax show lldp info statistics detail interface detail Shows configuration summary interface etherne...

Page 679: ...h 1 4 0 0 0 Eth 1 5 0 0 0 Console show lldp info statistics detail ethernet 1 1 LLDP Port Statistics Detail Port Name Eth 1 1 Frames Discarded 0 Frames Invalid 0 Frames Received 327 Frames Sent 328 TL...

Page 680: ...Chapter 23 LLDP Commands 680...

Page 681: ...supported through loop back messages and fault isolation through link trace messages Fault notification is also provided by SNMP alarms which are automatically generated by maintenance points when con...

Page 682: ...continuity check database PE Continuity Check Operations ethernet cfm cc ma interval Sets the transmission delay between continuity check messages GC ethernet cfm cc enable Enables transmission of con...

Page 683: ...cfm linktrace cache size Sets the maximum size for the link trace cache GC ethernet cfm linktrace Sends CFM link trace messages to the MAC address for a MEP PE clear ethernet cfm linktrace cache Clea...

Page 684: ...the interval at which continuity check messages are sent page 701 or setting the start up delay for the cross check operation page 707 You can also enable SNMP traps for events discovered by continui...

Page 685: ...3 alphanumeric characters Default Setting Disabled Command Mode Global Configuration Command Usage Each MA name must be unique within the CFM domain Frames with AIS information can be issued at the cl...

Page 686: ...le This example sets the interval for sending frames with AIS information at 60 seconds Console config ethernet cfm ais period 60 md voip ma rd Console config ethernet cfm ais suppress alarm This comm...

Page 687: ...resses sending frames with AIS information Console config ethernet cfm ais suppress alarm md voip ma rd Console config ethernet cfm domain This command defines a CFM maintenance domain sets the author...

Page 688: ...tion points that make up all possible paths between the DSAPs within an MA MIPs are automatically generated by the CFM protocol when the mip creation option in this command is set to default or explic...

Page 689: ...e 690 ethernet cfm enable This command enables CFM processing globally on the switch Use the no form to disable CFM processing globally Syntax no ethernet cfm enable Default Setting Disabled Command M...

Page 690: ...s MA on any bridge port through which the MA s VID can pass explicit MIPs can be created this MA only on bridge ports through which the MA s VID can pass and only if a maintenance end point MEP is cre...

Page 691: ...e rd vlan 1 mip creation default Console config ether cfm ma index name format This command specifies the name format for the maintenance association as IEEE 802 1ag character based or ITU T SG13 SG15...

Page 692: ...d then the MEP is facing away from the switch and transmits CFM messages towards and receives them from the direction of the physical medium Default Setting No MEPs are configured The MEP faces outwar...

Page 693: ...d on that interface When CFM is disabled hardware resources previously used for CFM processing on that interface are released and all CFM frames entering that interface are forwarded as normal data tr...

Page 694: ...s interface interface global Displays global settings including CFM global status cross check start delay and link trace parameters traps Displays the status of all continuity check and cross check tr...

Page 695: ...a remote MEP which as an expired entry in the archived database CC Mep Down Trap Sends a trap if this device loses connectivity with a remote MEP or connectivityhasbeenrestoredto aremoteMEPwhich has...

Page 696: ...on Archive Hold Time m 1 rd 0 default 100 Console show ethernet cfm ma This command displays the configured maintenance associations Syntax show ethernet cfm ma level level level Maintenance level Ran...

Page 697: ...number Range 1 28 52 port channel channel id Range 1 26 level id Maintenance level for this domain Range 0 7 Default Setting None Command Mode Privileged Exec Command Usage Use the mep keyword with th...

Page 698: ...ange 1 8 port Port number Range 1 28 52 port channel channel id Range 1 26 level id Maintenance level for this domain Range 0 7 Default Setting None Command Mode Privileged Exec Example This example s...

Page 699: ...racter string unsigned Integer 16 or RFC 2865 VPN ID Level Maintenance level of the local maintenance point Direction The direction in which the MEP faces on the Bridge port up or down Interface The p...

Page 700: ...scheck Status Enabled Console Table 136 show ethernet cfm maintenance points remote detail display Field Description MAC Address MAC address of the remote maintenance point If a CCM for the specified...

Page 701: ...n MA If any MEP fails to receive three consecutive CCMs from any other MEPs in its MA a connectivity failure is registered The interval at which Port State Port states include Up The port is functioni...

Page 702: ...y check messages CCMs within a specified maintenance association Use the no form to disable the transmission of these messages Syntax no ethernet cfm cc enable md domain name ma ma name domain name Do...

Page 703: ...CM with the same MPID as its own but with a different source MAC address indicating that a CFM configuration error exists loop Sends a trap if this device receives a CCM with the same source MAC addre...

Page 704: ...MEP Range 1 65535 minutes Default Setting 100 minutes Command Mode CFM Domain Configuration Command Usage A change to the hold time only applies to entries stored in the database after this command is...

Page 705: ...t cfm errors This command clears continuity check errors logged for the specified maintenance domain or maintenance level Syntax clear ethernet cfm errors domain domain name level level id domain name...

Page 706: ...more of the VIDs in this MA can pass through the bridge port no MEP is configured facing outward down on any bridge port for this MA and some other MA y at a higher maintenance level and associated w...

Page 707: ...The cross check start delay should be configured to a value greater than or equal to the continuity check message interval to avoid generating unnecessary traps Example This example sets the maximum d...

Page 708: ...red in the static list A ma up trap is sent if cross checking is enabled and a CCM is received from all remote MEPs configured in the static list for this maintenance association Example This example...

Page 709: ...x 1 name rd vlan 1 Console config ether cfm mep crosscheck mpid 2 ma rd Console config ether cfm ethernet cfm mep crosscheck This command enables cross checking between the static list of MEPs assigne...

Page 710: ...rnet cfm maintenance points remote crosscheck domain domain name mpid mpid domain name Domain name Range 1 43 alphanumeric characters mpid Maintenance end point identifier Range 1 8191 Default Setting...

Page 711: ...om each MIP along the path and from the target MEP Information stored in the cache includes the maintenance domain name MA name MEPID sequence number and TTL value Example This example enables link tr...

Page 712: ...m linktrace cache command If the cache reaches the maximum number of specified entries or the size is set to a value less than the current number of stored entries no new entries are added To add addi...

Page 713: ...mote crosscheck command to verify that a MAC address has been learned for the target MEP Link trace messages LTMs are sent as multicast CFM frames and forwarded from MIP to MIP with each MIP generatin...

Page 714: ...ded Shows whether or not this link trace message was forwarded A message is not forwarded if received by the target MEP Ingress MAC MAC address of the ingress port on the target device Egress MAC MAC...

Page 715: ...phanumeric characters transmit count The number of times the loopback message is sent Range 1 1024 packet size The size of the loopback message Range 64 1518 bytes Default Setting Loop back count One...

Page 716: ...opback reply When using the command line or web interface the source MEP used by to send a loopback message is chosen by the CFM protocol However when using SNMP the source MEP can be specified by the...

Page 717: ...e CFM Domain Configuration Command Usage A fault alarm can generate an SNMP notification It is issued when the MEP fault notification generator state machine detects that a configured time period see...

Page 718: ...n be generated Range 3 10 seconds Table 139 Remote MEP Priority Levels Priority Level Level Name Description 1 allDef All defects 2 macRemErrXcon DefMACstatus DefRemoteCCM DefErrorCCM or DefXconCCM 3...

Page 719: ...mpid Maintenance end point identifier Range 1 8191 Default Setting None Command Mode Privileged Exec Example This example shows the fault notification settings configured for one MEP Console show eth...

Page 720: ...ats xx xx xx xx xx xx or xxxxxxxxxxxx domain name Domain name Range 1 43 alphanumeric characters ma name Maintenance association name Range 1 43 alphanumeric characters count The number of times to re...

Page 721: ...reply information with TxTimeStampf copied from the DM request information RxTimeStampf Timestamp at the time of receiving a frame with DM request information and TxTimeStampb Timestamp at the time o...

Page 722: ...Chapter 24 CFM Commands Delay Measure Operations 722...

Page 723: ...erwise the switch acts as a DNS server proxy when an outside host namely a DNS client intends to get an IP address for a host name through the switch In this case it will not add the domain suffix to...

Page 724: ...the switch performs as a DNS client and an incomplete host name is received it will work through the domain list appending each domain name in the list to the host name and checking with the specifie...

Page 725: ...DNS and then displays the configuration Console config ip domain lookup Console config end Console show dns Domain Lookup Status DNS Enabled Default Domain Name sample com Domain Name List sample com...

Page 726: ...host This command creates a static entry in the DNS table that maps a host name to an IPv4 address Use the no form to remove an entry Syntax no ip host name address name Name of an IPv4 host Range 1...

Page 727: ...IPv4 or IPv6 address of additional domain name servers Default Setting None Command Mode Global Configuration Command Usage The listed name servers are queried in the specified sequence until a respon...

Page 728: ...values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Default Setting No static entries Command Mode Global Configuratio...

Page 729: ...e clear host command to clear dynamic entries or the no ip host command to clear static entries Example This example clears all dynamic entries from the DNS table Console clear host Console show dns T...

Page 730: ...onsole show hosts No Flag Type IP Address TTL Host 0 2 Address 192 168 1 55 rd5 1 2 Address 2001 DB8 1 12 rd6 3 4 Address 209 131 36 158 65 www real wa1 b yahoo com 4 4 CNAME POINTER TO 3 65 www yahoo...

Page 731: ...stored in the cache Type This field includes Address which specifies the primary name for the owner and CNAME which specifies multiple domain names or aliases which are mapped to the same IP address...

Page 732: ...Chapter 25 Domain Name Service Commands 732...

Page 733: ...rent interface Use the no form to remove the class identifier from the DHCP packet Syntax ip dhcp client class id text text hex hex no ip dhcp client class id text A text string Range 1 32 characters...

Page 734: ...ers are not carried in a DHCP server reply To ask for a DHCP reply with option 66 67 information the DHCP client request sent by this switch includes a parameter request list asking for this informati...

Page 735: ...to DHCP mode through the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network po...

Page 736: ...sage DHCPv6 clients can obtain configuration parameters from a server through a normal four message exchange solicit advertise request reply or through a rapid two message exchange solicit reply The r...

Page 737: ...pecify the IP address for at least one DHCP server Otherwise the switch s DHCP relay agent will not forward client requests to a DHCP server To start DHCP relay service enter the ip dhcp restart relay...

Page 738: ...is located Then the switch forwards the packet to the DHCP server on another network When the server receives the DHCP request it allocates a free IP address for the DHCP client from its defined scop...

Page 739: ...to which to multicast a relay message Otherwise the switch s DHCPv6 relay agent will not forward client requests This command enables DHCPv6 relay service for the VLAN from which the command is entere...

Page 740: ...st vlan 2 Console config if Console show ipv6 dhcp relay destination This command displays a DHCPv6 server or the VLAN to which client requests are forwarded Syntax show ipv6 dhcp relay destination in...

Page 741: ...address is not suitable you can manually configure a new address to manage the switch over your network or to connect the switch to existing IP subnets You may also need to a establish a default gatew...

Page 742: ...ected to end node devices or connected to end nodes via shared media that will be assigned to a specific subnet then you must create a router interface for each VLAN that will support routing The rout...

Page 743: ...nt Also if any router switch in a network segment uses a secondary address all other routers switches in that segment must also use a secondary address from the same network or subnet address space If...

Page 744: ...gateway 192 168 5 250 Console config ip default gateway 192 168 5 245 Console config ip default gateway 192 168 10 240 Console config ip default gateway 192 168 1 246 Console config end Console show i...

Page 745: ...0 240 inactive C 192 168 1 0 24 is directly connected VLAN1 Console This example shows how to use the no ip route 0 0 0 0 0 0 0 0 gateway address command to remove a specific default gateway Note that...

Page 746: ...y set when a network interface that directly connects to the gateway has been configured on the router The same link local address may be used by different interfaces nodes in different zones RFC 4007...

Page 747: ...s is 70 72 CF EA 1B 71 Index 1001 MTU 1500 Address Mode is DHCP IP Address 192 168 2 9 Mask 255 255 255 0 Proxy ARP is disabled DHCP Vendor Class ID AOS5700 54X DHCP relay server Craft interface is Ad...

Page 748: ...p reply messages source quench messages address mask request messages address mask reply messages ICMP sent output errors destination unreachable messages time exceeded messages parameter problem mess...

Page 749: ...for each message Not all devices respond correctly to probes by returning an ICMP port unreachable message If the timer goes off before a response is returned the trace function prints a series of ast...

Page 750: ...ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds D...

Page 751: ...ied hardware address hardware address Hardware address to map to a specified IP address The format for this address is xx xx xx xx xx xx Default Setting No default entries Command Mode Global Configur...

Page 752: ...for dynamic entries in the Address Resolution Protocol ARP cache Use the no form to restore the default timeout Syntax arp timeout seconds no arp timeout seconds The time a dynamic entry remains in t...

Page 753: ...on about the ARP cache The first line shows the cache timeout It also shows each cache entry including the IP address MAC address type static dynamic other and VLAN interface Note that entry type othe...

Page 754: ...or IPv6 interfaces NE PE show ipv6 mtu Displaysmaximumtransmissionunit MTU informationfor IPv6 interfaces NE PE show ipv6 traffic Displays statistics about IPv6 traffic NE PE clear ipv6 traffic Resets...

Page 755: ...undefined fields The same link local address may be used by different interfaces nodes in different zones RFC 4007 Therefore when specifying a link local address include zone id information indicatin...

Page 756: ...l IPv6 addresses must be according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate nu...

Page 757: ...onsole Related Commands ipv6 address eui 64 757 show ipv6 interface 763 ip address 742 ipv6 address eui 64 This command configures an IPv6 address for an interface using an EUI 64 interface ID in the...

Page 758: ...use an extended 8 byte MAC address For devices that still use a 6 byte MAC address also known as EUI 48 format it must be converted into EUI 64 format by inverting the universal local bit in the addre...

Page 759: ...ic address to remove it from the interface Syntax ipv6 address ipv6 address link local no ipv6 address ipv6 address link local ipv6 address The IPv6 address assigned to the interface Default Setting N...

Page 760: ...ff19 6779 ff02 1 ff00 0 ff02 1 ff00 72 ff02 1 ff02 fd ff02 1 2 ff02 1 IPv6 link MTU is 1500 bytes ND DAD is enabled number of DAD attempts 1 ND retransmit interval is 1000 milliseconds ND advertised r...

Page 761: ...ally generated by the switch Console config interface vlan 1 Console config if ipv6 enable Console config if end Console show ipv6 interface VLAN 1 is up IPv6 is enabled Link local address fe80 269 3e...

Page 762: ...sent from this device The maximum value set by this command cannot exceed the MTU of the physical interface which is currently fixed at 1500 bytes IPv6 routers do not fragment IPv6 packets forwarded...

Page 763: ...al value indicating how many of the contiguous bits from the left of the address comprise the prefix i e the network portion of the address Command Mode Privileged Exec Example This example displays a...

Page 764: ...the same types as used by link local unicast addresses including all nodes FF02 1 all routers FF02 2 and solicited nodes FF02 1 FFXX XXXX as described below A node is also required to compute and joi...

Page 765: ...s command displays statistics about IPv6 traffic passing through this switch Command Mode Privileged Exec Example The following example shows statistics for all IPv6 unicast and multicast traffic as w...

Page 766: ...tisement messages neighbor solicit messages neighbor advertisement messages redirect messages group membership query messages group membership response messages group membership reduction messages mul...

Page 767: ...ms truncated packets The number of input datagrams discarded because datagram frame didn t carry enough data discards The number of input IPv6 datagrams for which no problems were encountered to preve...

Page 768: ...Pv6 datagrams that have been successfully fragmented at this output interface fragment failed The number of IPv6 datagrams that have been discarded because they needed to be fragmented at this output...

Page 769: ...Time Exceeded messages sent by the interface parameter problem message The number of ICMP Parameter Problem messages sent by the interface echo request messages The number of ICMP Echo request message...

Page 770: ...may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields host name A host name string which can be resolved into an IPv6 address through a domain n...

Page 771: ...80 2E0 CFF FE00 FC 1 64 by 5 32 byte payload ICMP packets timeout is 3 seconds response time 20 ms FE80 2E0 CFF FE00 FC seq_no 1 response time 0 ms FE80 2E0 CFF FE00 FC seq_no 2 response time 0 ms FE8...

Page 772: ...number of hops is exceeded The traceroute command first sends probe datagrams with the TTL value set at one This causes the first router to discard the datagram and return an error message The trace f...

Page 773: ...wing sets the hop limit for router advertisements to 64 Console config ipv6 hop limit 64 Console config ipv6 nd dad attempts This command configures the number of consecutive neighbor solicitation mes...

Page 774: ...lobal unicast address is detected it is not used All configuration commands associated with a duplicate address remain configured while the address is in duplicate state If the link local address for...

Page 775: ...ements Command Mode Interface Configuration VLAN Command Usage When a non default value is configured the specified interval is used both for router advertisements and by the router itself This comman...

Page 776: ...mmand blocks incoming Router Advertisement and Router Redirect packets Use the no form to disable this feature Syntax no ipv6 nd raguard Default Setting Disabled Command Mode Interface Configuration E...

Page 777: ...on VLAN Command Usage The time limit configured by this command allows the router to detect unavailable neighbors During the neighbor discover process an IPv6 node will multicast neighbor solicitation...

Page 778: ...ormatted as six hexadecimal pairs separated by hyphens Default Setting None Command Mode Global Configuration Command Usage Address Resolution Protocol ARP has been replaced in IPv6 with the Neighbor...

Page 779: ...5 14 01 11 86 R 1 FE80 1034 11FF FE11 4321 961 12 34 11 11 43 21 R 1 Console Related Commands show ipv6 neighbors 780 mac address table static 438 clear ipv6 neighbors This command deletes all dynamic...

Page 780: ...may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Default Setting All IPv6 neighbor discovery cache entries are displayed Command Mode Privil...

Page 781: ...dated mapping Setting the state to invalid dis associates the interface identified with this entry from the indicated mapping RFC 4293 R Reachable Positive confirmation was received within the last Re...

Page 782: ...dically sending NS messages and awaiting NA replies GC ipv6ndsnoopingauto detect retransmit count Sets the number of times to send an NS message to determine if a binding is still valid GC ipv6ndsnoop...

Page 783: ...iltering protocols e g IPv6 Source Guard as described below If an NS message is received on an trusted interface it is forwarded without further processing If an NS message is received on an untrusted...

Page 784: ...not receive an RA message in response after the configured timeout the entry is dropped If the switch receives an RA message before the timeout expires it resets the lifetime for the dynamic binding a...

Page 785: ...interval retransmit interval no ipv6 nd snooping auto detect retransmit interval retransmit interval The interval between which the switch sends an NS message to determine if a client still exists Ra...

Page 786: ...le entry with the same prefix for the specified timeout period the entry is deleted Example Console config ipv6 nd snooping prefix timeout 200 Console config ipv6 nd snooping max binding This command...

Page 787: ...ork Discovery protocol are configured as trusted interfaces RA messages received from a trusted interface are added to the prefix table and forwarded toward their destination NS messages received from...

Page 788: ...v6 nd snooping This command shows the configuration settings for ND snooping Syntax show ipv6 nd snooping Command Mode Privileged Exec Example Console show ipv6 nd snooping Global ND Snooping status e...

Page 789: ...cf01 0203 2001 1 3400 2 Eth 1 2 Console show ipv6 nd snooping prefix This command shows all entries in the address prefix table Syntax show ipv6 nd snooping prefix interface vlan vlan id vlan id VLAN...

Page 790: ...Chapter 27 IP Interface Commands ND Snooping 790...

Page 791: ...ster router when it comes on line if it has a higher priority than the currently active master router vrrp ping enable This command Allows the VRRP virtual IP address to respond to ping request Comman...

Page 792: ...ts secondary addresses Members of the virtual router group who are in backup state discard ping packets destined to VRRP addresses When the VRRP master responds to a ping request the source IPv4 addre...

Page 793: ...imum number or groups which can be defined is 64 ip address The IP address of the virtual router This is the IP address that end hosts set as their default gateway Default Setting No virtual router gr...

Page 794: ...ng a claim to become the master Range 0 120 seconds Default Setting Preempt Enabled Delay 0 seconds Command Mode Interface VLAN Command Usage If preempt is enabled and this backup router has a priorit...

Page 795: ...he current master fails When the original master router recovers it will take over as the active master router again If two or more routers are configured with the same VRRP priority the router with t...

Page 796: ...er include information about its priority and current state as the master VRRP advertisements are sent to the multicast address 224 0 0 18 Using a multicast address reduces the amount of traffic that...

Page 797: ...rity 255 Master Advertisement Interval 5 sec Master Down Interval 15 Console Table 161 show vrrp display description Field Description State VRRP role of this interface master or backup Virtual IP add...

Page 798: ...ec Master Advertisement Interval The advertisement interval configured on the VRRP master Master Down interval The down interval configured on the VRRP master This interval is used by all the routers...

Page 799: ...nterface vlan interface counters group Identifies a VRRP group Range 1 255 interface Identifier of configured VLAN interface Range 1 4094 Defaults None Command Mode Privileged Exec Example Console sho...

Page 800: ...mmand Mode Privileged Exec Example Note that unknown errors indicate VRRP packets received with an unknown or unsupported version number Console show vrrp router counters Total Number of VRRP Packets...

Page 801: ...arameters for static and dynamic routing displays the routing table and statistics for protocols used to exchange routing information Routing Information Protocol RIP Configures global and interface s...

Page 802: ...s hash attribute to the hash selection list Pv4 HS2 dst l4 port IPv4 Hash Adds the destination Layer 4 protocol port hash attribute to the hash selection Pv4 HS2 protocol id IPv4 Hash Adds the protoco...

Page 803: ...used by the dynamic unicast routing protocols is 110 for OSPF 120 for RIP 20 for eBGP and 200 for iBGP Range 1 255 Default 1 Removes all static routing table entries Default Setting No static routes...

Page 804: ...forwards all traffic for subnet 192 168 1 0 to the gateway router 192 168 5 254 using the default metric of 1 Console config ip route 192 168 1 0 255 255 255 0 192 168 5 254 Console config show ip hos...

Page 805: ...FIB contains information required to forward IP traffic It contains the interface identifier and next hop information for each reachable destination network prefix based on the IP routing table When r...

Page 806: ...entries in the Routing Information Base RIB Command Mode Privileged Exec Command Usage The RIB contains all available routes learned through dynamic routing protocols directly attached networks and an...

Page 807: ...is command displays statistics for IP ICMP UDP TCP and ARP protocols Command Mode Privileged Exec Example Console show ip traffic IP Statistics IP received 4877 total received header errors unknown pr...

Page 808: ...mand configures the load balance method used when there are multiple equal cost paths to the same destination address in the routing table including destinanation IP address with Layer 4 port or hash...

Page 809: ...figure Range 1 4 mac Enters list configuration mode for MAC packet types ipv4 Enters list configuration mode for IPv4 packet types ipv6 Enters list configuration mode for IPv6 packet types Command Mod...

Page 810: ...Global Configuration Example Console config maximum paths 8 Console config dst mac MAC Hash This command adds the dst mac address hash attribute to the hash selection list Use the no form to remove th...

Page 811: ...Console config hash selection list 1 mac Console config mac hash sel src mac Console vlan MAC Hash This command adds the VLAN hash attribute to the hash selection list Use the no form to remove the s...

Page 812: ...ole config hash selection list 2 ipv4 Console config ipv4 hash sel dst l4 port Console protocol id IPv4 Hash This command adds the protocol ID hash attribute to the hash selection list Use the no form...

Page 813: ...nfig hash selection list 2 ipv4 Console config ipv4 hash sel src l4 port Console vlan IPv4 Hash This command adds the VLAN hash attribute to the hash selection list Use the no form to remove the speci...

Page 814: ...specified attribute Syntax no collapsed src ip Command Mode IPv6 hash selection mode Command Usage An example of an IPv6 address in full form and collapsed form is shown below Full IPv6 Address FE80...

Page 815: ...ig hash selection list 3 ipv6 Console config ipv4 hash sel next header Console src l4 port IPv6 Hash This command adds the source Layer 4 protocol port hash attribute to the hash selection list Use th...

Page 816: ...ing example Console show ecmp load balance ECMP Load Balance Mode Destination IP Address And L4 Port Console show hash selection list This command shows the packet type and hash list parameters Syntax...

Page 817: ...d a link local address including a zone id indicating the VLAN identifier after the delimiter distance An administrative distance indicating that this route can be overridden by dynamic routing inform...

Page 818: ...e Forwarding Information Base FIB Syntax show ipv6 route ipv6 address prefix length bgp database interface vlan vlan id local ospf rip static ipv6 address A full IPv6 address including the network pre...

Page 819: ...sary to make a forwarding decision on a particular packet The typical components within a forwarding information base entry are a network prefix a router port identifier and next hop information This...

Page 820: ...sending routing updates on the specified interface RC redistribute Redistribute routes from one routing domain to another RC timers basic Sets basic timers including update timeout garbage collection...

Page 821: ...riginate This command generates a default external route into the local RIP autonomous system Use the no form to disable this feature Syntax no default information originate Default Setting Disabled C...

Page 822: ...metrics It is advisable to use a low metric when redistributing routes from another protocol into RIP Using a high metric limits the usefulness of external routes redistributed into RIP For example i...

Page 823: ...bits used for the associated routing entries Default Setting None Command Mode Router Configuration Command Usage Administrative distance is used by the routers to select the preferred path when ther...

Page 824: ...o remove an entry Syntax no neighbor ip address ip address IP address of a neighboring router Default Setting No neighbors are defined Command Mode Router Configuration Command Usage This command can...

Page 825: ...nds and receives updates on interfaces specified by this command If a network is not specified the interfaces in that network will not be advertised in any RIP updates Subnet addresses are interpreted...

Page 826: ...ghbor command to control the routing updates sent to specific neighbors Example Console config router passive interface vlan1 Console config router Related Commands neighbor 824 redistribute This comm...

Page 827: ...for redistributed routes these routes can only be advertised to routers up to 5 hops away at which point the metric exceeds the maximum hop count of 15 By defining a low metric of 1 traffic can follo...

Page 828: ...asic RIP processes The timeout timer is the time after which there have been no update messages that a route is declared dead The route is marked inaccessible i e the metric set to infinite and advert...

Page 829: ...RIP version any VLAN interface not previously set by the ip rip receive version or ip rip send version command will use the global RIP version setting When the no form of this command is used to rest...

Page 830: ...res the interface to exchange routing information with other routers based on an authorized password Note that this command only applies to RIPv2 For authentication to function properly both the sendi...

Page 831: ...at this command does not apply to RIPv1 For authentication to function properly both the sending and receiving interface must be configured with the same password and authentication enabled by the ip...

Page 832: ...espectively Use the default of version 1 or 2 if some routers in the local network are using RIPv2 but there are still some older routers using RIPv1 Example This example sets the interface version fo...

Page 833: ...ds only RIPv2 packets 1 compatible Route information is broadcast to other routers with RIPv2 Default Setting 1 compatible Route information is broadcast to other routers with RIPv2 Command Mode Inter...

Page 834: ...the interface to send RIP packets Use the no form to disable this feature no ip rip send packet Default Setting Enabled Command Mode Interface Configuration VLAN Default Setting Enabled Command Usage...

Page 835: ...ics to infinity This provides faster convergence If split horizon is disabled with the no rip ip split horizon command and a loop occurs the hop count for a route may be gradually incremented to infin...

Page 836: ...route rip Example This example clears one specific route Console clear ip rip route 192 168 1 0 255 255 255 0 Console show ip protocols rip This command displays RIP process parameters Command Mode Pr...

Page 837: ...or for a specified interface vlan id VLAN ID Range 1 4094 Command Mode Privileged Exec Example Console show ip rip Codes R RIP Rc RIP connected Rs RIP static C Connected S Static O OSPF Network Next...

Page 838: ...bandwidth RC default metric Sets the default metric for external routes imported from other protocols RC redistribute Redistribute routes from one routing domain to another RC summary address Summari...

Page 839: ...e the designated router IC ip ospf retransmit interval Specifies the time between resending a link state advertisement IC ip ospf transmit delay Estimates time to send a link state update packet over...

Page 840: ...destination When disabled preference is based on type of path where type 1 external paths are preferred over type 2 external paths using cost only to break ties RFC 2328 All routers in an OSPF routin...

Page 841: ...ort external routes through other routing protocols or static routing and such a route is known See the redistribute command The metric for the default external route is used to calculate the path cos...

Page 842: ...outer ID for this device within the autonomous system for the current OSPF process Use the no form to use the default router identification method i e the highest interface address Syntax router id ip...

Page 843: ...utive SPF calculations Use the no form to restore the default values Syntax timers spf spf delay spf holdtime no timers spf spf delay The delay after receiving a topology change notification and start...

Page 844: ...le Route Metrics and Summaries area default cost This command specifies a cost for the default summary route sent into a stub or NSSA from an Area Border Router ABR Use the no form to remove the assig...

Page 845: ...twork mask for the summary route advertise Advertises the specified address range not advertise The summary is not sent and the routes remain hidden from the rest of the network Command Mode Router Co...

Page 846: ...967 Mbps Command Mode Router Configuration Default Setting 1 Mbps Command Usage The system calculates the cost for an interface by dividing the reference bandwidth by the interface bandwidth By defaul...

Page 847: ...etric value set by the redistribute command When a metric value has not been configured by the redistribute command the default metric command sets the metric value to be used for all imported externa...

Page 848: ...ically becomes an autonomous system boundary router ASBR If the redistribute command is used in conjunction with the default information originate command to generate a default external route into the...

Page 849: ...the summary route Command Mode Router Configuration Default Setting Disabled Command Usage Redistributing routes from other protocols into OSPF normally requires the router to advertise each route in...

Page 850: ...g plain text password authentication for an area configure a password with the ip ospf authentication key interface command This password is inserted into the OSPF header when routing protocol packets...

Page 851: ...Type 5 external LSAs candidate Router translates NSSA LSAs to Type 5 external LSAs if elected never Router never translates NSSA LSAs to Type 5 external LSAs always Router always translates NSSA LSAs...

Page 852: ...SA can include network destinations outside the AS learned via OSPF the default route static routes routes imported from other routing protocols such as BGP or RIP and networks directly connected to t...

Page 853: ...able space is saved in a stub by blocking Type 4 AS summary LSAs and Type 5 external LSAs The default setting for this command completely isolates the stub by blocking Type 3 summary LSAs that adverti...

Page 854: ...eighbor This specifies the Area Border Router ABR at the other end of the virtual link To create a virtual link enter this command for an ABR at both ends of the link One of the ABRs must be next to t...

Page 855: ...protocol message headers A separate password can be assigned to each network interface However this key must be the same for all neighboring routers on the same network i e autonomous system This key...

Page 856: ...nk 10 4 3 254 Console config router This example creates a virtual link using MD5 authentication Console config router network 10 4 0 0 0 255 255 0 0 area 10 4 0 0 Console config router area 10 4 0 0...

Page 857: ...ss B addresses 10 1 x x and a normal transit area 10 2 9 0 covering the class C addresses 10 2 9 x Console config router network 10 1 0 0 255 255 0 0 area 0 0 0 0 Console config router network 10 2 9...

Page 858: ...g on routing protocol packets When using Message Digest 5 MD5 authentication the router uses the MD5 algorithm to verify data integrity by creating a 128 bit message digest from the authentication key...

Page 859: ...No password Command Usage Before specifying plain text password authentication for an interface with the ip ospf authentication command configure a password with this command This command creates a pa...

Page 860: ...tric for this interface Use higher values to indicate slower ports Range 1 65535 Command Mode Interface Configuration VLAN Default Setting 1 Command Usage The interface cost indicates the overhead req...

Page 861: ...ng 40 or four times the interval specified by the ip ospf hello interval command Command Usage The dead interval is advertised in the router s hello packets It must be a multiple of the hello interval...

Page 862: ...p address message digest key key id md5 key no ip ospf ip address message digest key key id ip address This parameter can be used to indicate a specific IP address connected to the current interface I...

Page 863: ...y This command sets the router priority used when determining the designated router DR and backup designated router BDR for an area Use the no form to restore the default value Syntax ip ospf ip addre...

Page 864: ...to restore the default value Syntax ip ospf ip address retransmit interval seconds no ip ospf ip address retransmit interval ip address This parameter can be used to indicate a specific IP address co...

Page 865: ...ed time required to send a link state update Range 1 65535 Command Mode Interface Configuration VLAN Default Setting 1 second Command Usage LSAs have their age incremented by this delay before transmi...

Page 866: ...ved is set to passive mode The specified interface will appear as a stub in the OSPF domain Also if you configure an OSPF interface as passive where an adjacency already exists the adjacency will drop...

Page 867: ...ompatibility with the RFC 1583 an earlier version of OSPFv2 is enabled Supports only singleTOS TOS0 routes Optional Type of Service ToS specified in OSPF Version 2 Appendix F 1 2 is not supported so o...

Page 868: ...ments that have been received Number of areas attached to this router The number of configured areas attached to this router Number of interfaces in this area is The number of interfaces attached to t...

Page 869: ...An IP network number for Type 3 Summary and External LSAs A Router ID for Router Network and Type 4 AS Summary LSAs Also note that when an Type 5 ASBR External LSA is describing a default route its li...

Page 870: ...8 2 1 LS Seq Number 80000001 Checksum 0x7b67 Length 28 Network Mask 0 TOS 0 Metric 10 Console Table 169 show ip ospf database display description Field Description OSPF Router Process with ID OSPF pro...

Page 871: ...ate ID 0 0 0 0 External Network Number Advertising Router 192 168 0 2 LS Seq Number 80000005 Checksum 0xcc95 Length 36 Network Mask 0 Metric Type 2 Larger than any link state path TOS 0 Table 170 show...

Page 872: ...LSA in seconds Options Optional capabilities associated with the LSA LS Type AS External Links LSA describes routes to destinations outside the AS including default external routes for the AS Link Sta...

Page 873: ...of TOS metrics 0 TOS 0 Metric 1 Table 172 show ip ospf database network display description Field Description OSPF Router ID Router ID LS Age Age of LSA in seconds Options Optional capabilities associ...

Page 874: ...outer is a virtual link endpoint an ASBR or an ABR LS Type Router Link LSA describes the router s interfaces Link State ID Router ID of the router that originated the LSA Advertising Router Advertisin...

Page 875: ...red Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 10 Neighbor Count is 1 Adjacent neighbor count is 1 Hello received 920 sent 975 DD received 5 sent 4 LS Req received 1 sent 1 LS Upd receiv...

Page 876: ...is a loopback interface Waiting Router is trying to find the DR and BDR DR Designated Router BDR Backup Designated Router DRother Interface is on a multiaccess network but is not the DR or BDR Priorit...

Page 877: ...iption Neighbor ID Neighbor s router ID Pri Neighbor s router priority State OSPF state and identification flag States include Down Connection down Attempt Connection down but attempting contact for n...

Page 878: ...10 11 0 24 10 is directly connected fe1 2 Area 0 0 0 0 O 10 10 11 100 32 10 is directly connected lo Area 0 0 0 0 E2 10 15 0 0 24 10 50 via 10 10 0 1 VLAN1 IA 172 16 10 0 24 30 via 10 10 11 50 VLAN2 A...

Page 879: ...irtual link crosses to reach the target router Local address The IP address of ABR that serves as an endpoint connecting the isolated area to the common transit area Remote address The IP address this...

Page 880: ...ange and the hold time between consecutive SPF calculations RC Route Metrics and Summaries area default cost Sets the cost for a default summary route sent into a stub RC area range Summarizes routes...

Page 881: ...he ipv6 router ospf tag area command to assign an area to each interface that will participate in the specified OSPF process ipv6 ospf retransmit interval Specifies the time between resending a link s...

Page 882: ...ifferent routing processes It should not be confused with the instance id configured with the ipv6 router ospf area command which is used to distinguish between different routing processes running on...

Page 883: ...it has more than one actively attached area and the backbone area is configured Standard Interpretation A router is considered to be an ABR if it is attached to two or more areas It does not have to b...

Page 884: ...onsole config router abr type ibm Console config router max current dd This command sets the maximum number of neighbors with which the switch can concurrently exchange database descriptor DD packets...

Page 885: ...ter ID must be unique for every router in the autonomous system Note that the router ID can also be set to 255 255 255 255 If this router already has registered neighbors the new router ID will be use...

Page 886: ...lt Setting SPF delay 5 seconds SPF holdtime 10 seconds Command Usage Setting the SPF holdtime to 0 means that there is no delay between consecutive calculations Using a low value for the holdtime allo...

Page 887: ...ot advertise area id Identifies an area for which the routes are summarized The area ID can be in the form of an IPv4 address or as a four octet unsigned integer ranging from 0 4294967295 ipv6 prefix...

Page 888: ...nge 73 8 advertise Console config router default metric This command sets the default metric for external routes imported from other protocols Use the no form to remove the default metric for the supp...

Page 889: ...route default Routers do not add internal route metric to external route metric Command Mode Router Configuration Default Setting redistribution none metric value 20 type metric 2 Command Usage This c...

Page 890: ...outer Configuration Default Setting No stub is configured Summary advertisement are sent into the stub Command Usage All routers in a stub must be configured with the same area ID Routing table space...

Page 891: ...0 4294967295 router id Router ID of the virtual link neighbor This specifies the Area Border Router ABR at the other end of the virtual link To create a virtual link enter this command for an ABR at b...

Page 892: ...conds Command Usage All areas must be connected to a backbone area 0 0 0 0 to maintain routing connectivity throughout the autonomous system If it not possible to physically connect an area to the bac...

Page 893: ...fault Setting None Command Usage An area ID uniquely defines an OSPF broadcast area The area ID 0 0 0 0 indicates the OSPF backbone for an autonomous system Each router must be connected to the backbo...

Page 894: ...instance id Identifies a specific OSPFv3 routing process on the link local network segment attached to this interface Range 0 255 Command Mode Interface Configuration VLAN Default Setting No areas are...

Page 895: ...ance id instance id cost Link metric for this interface Use higher values to indicate slower ports Range 1 65535 instance id Identifies a specific OSPFv3 routing process on the link local network segm...

Page 896: ...ore declaring the transmitting router down This interval must be set to the same value for all routers on the network Range 1 65535 instance id Identifies a specific OSPFv3 routing process on the link...

Page 897: ...econds Command Usage Hello packets are used to inform other routers that the sending router is still active Setting the hello interval to a smaller value can reduce the delay in detecting topological...

Page 898: ...If a DR already exists for a network segment when this interface comes up the new router will accept the current DR regardless of its own priority The DR will not change until the next time the elect...

Page 899: ...state update packet over an interface Use the no form to restore the default value Syntax ipv6 ospf transmit delay seconds instance id instance id no ipv6 ospf transmit delay instance id instance id s...

Page 900: ...ull IPv6 address including the network prefix and host address bits Command Mode Router Configuration Default Setting None Command Usage You can configure an OSPF interface as passive to prevent OSPF...

Page 901: ...has been running Supports only singleTOS TOS0 routes Optional Type of Service ToS specified in OSPF Version 2 Appendix F 1 2 is not supported so only one cost per interface can be assigned SPF schedu...

Page 902: ...r LSA Area 0 Link State ID ADV Router Age Seq CkSum 0 192 168 0 2 31 0x80000002 0x14b1 AS external LSA Link State ID ADV Router Age Seq CkSum Console Number of areas attached to this router The number...

Page 903: ...0 sent 0 LS Req received 0 sent 0 LS Upd received 0 sent 0 LS Ack received 0 sent 0 Discarded 0 Console Table 181 show ip ospf database display description Field Description OSPF Router Process with...

Page 904: ...DROther Interface is on a multiaccess network but is not the DR or BDR Loopback This is a loopback interface PointToPoint A direct link between two routers Waiting Router is trying to find the DR and...

Page 905: ...non broadcast networks Init Have received Hello packet but communications not yet established Two way Bidirectional communications established ExStart Initializing adjacency between neighbors Exchang...

Page 906: ...ged Exec Example Console show ipv6 ospf virtual links Virtual Link VLINK1 to router 192 168 0 2 is up Transit area 0 0 0 1 via interface VLAN1 Local address 192 168 0 3 Remote address 192 168 0 2 Tran...

Page 907: ...between these neighbors Down Connection down Attempt Connection down but attempting contact for non broadcast networks Init Have received Hello packet but communications not yet established Two way Bi...

Page 908: ...effectively delegates all error control functions to TCP The other major innovation for BGP is the use of path vectors which carry the full list of transit networks or ASs traversed between the source...

Page 909: ...ll iBGP peers within the same AS should be connected to one another in a full mesh connection except when using route reflection When a prefix is announced from one iBGP peer to another the AS path is...

Page 910: ...tes that it is an aggregate prefix which was derived from multiple ASes NEXT_HOP This attribute indicates the IP address of the router that should be used as the next hop to reach the router destinati...

Page 911: ...stinations expressed as prefixes MP_UNREACH_NLRI This attribute withdraws non IPv4 routes It includes the route s AFI SAFI and network address prefixes EXTENDED COMMUNITIES This attribute provides a m...

Page 912: ...ges is used to keep the BGP session up These message types are described below OPEN BGP routers normally wait for BGP connections on TCP port 179 A router that wants to establish an association will f...

Page 913: ...done The aggregator node will now serve as a proxy using the more specific routes it still maintains in its own routing table After inbound routes have been aggregated the BGP speaker can propagates...

Page 914: ...ure 8 Connections for Multiple Route Reflectors If there is only one route reflector in a cluster that router would still have to process the same number of routing messages that would be required if...

Page 915: ...te with an Originator ID that matches its own router ID it should drop it Cluster List This is a list of the clusters through which a route announcement has passed When a route reflector passes on an...

Page 916: ...her the AS Confed Sequence must be inserted into the AS Path along with the AS number of the member AS to help prevent looping Border routers that also peer with outside ASes have to modify routing in...

Page 917: ...oute server client command to configure this router as a route server and the specified neighbor as its client Route Flap Dampening An update message is sent from a BGP speaker to a neighboring speake...

Page 918: ...e route dampening However when invoked it may be necessary to fine tune the penalty attributes to ensure fair treatment to unstable routes Configuration Guidelines 1 Use the bgp dampening command to e...

Page 919: ...oft re configuration PE clear ip bgp dampening Clears route dampening information and unsuppresses any suppressed routes PE Route Metrics and Selection bgp always compare med Allows comparisonoftheMul...

Page 920: ...connections RC neighbor ebgp multihop Allows eBGP neighbors to exist in different segments and configures the maximum hop count TTL RC neighbor enforce multihop Enforces the requirement for all neighb...

Page 921: ...when required RC neighbor strict capability match Forces strict capability matching when establishing connections RC neighbor timers Sets the Keep Alive time and Hold time used for specified neighbor...

Page 922: ...und routing messages using the neighbor remove private as command Note that AS number 23456 is reserved for the AS Transitive attribute which is required when setting up a new BGP speaker show ip bgp...

Page 923: ...t regular expression no ip as path access list access list name deny permit regular expression access list name Name of the access list Maximum length 16 characters no spaces or other special characte...

Page 924: ...nities can be configured in a standard community list Maximum length 32 characters no spaces or other special characters deny Denies access to messages with matching community attribute permit Permits...

Page 925: ...known communities or community numbers Expanded community lists are used to filter communities using a regular expression When multiple values are entered in the same community list they form a logica...

Page 926: ...ssion 1 99 Standard community list number that identifies one or more groups of communities standard community list name Name of standard access list A maximum of 16 extended communities can be config...

Page 927: ...e used to filter communities using a regular expression When multiple values are entered in the same community list they form a logical AND condition When multiple values are configured in separate co...

Page 928: ...with the relevant parameters to remove an attribute from the prefix list Syntax no ip prefix list prefix list name seq sequence number deny permit any no ip prefix list prefix list name seq sequence n...

Page 929: ...0 0 0 0 255 255 255 255 ge 0 le 32 can be included at the bottom of the list to grant passage for all other routing messages A prefix list can be applied to inbound or outbound updates for a specific...

Page 930: ...Set information can be used to avoid routing loops because it records where the route has been If a router notes its own AS number in the AS Set of the aggregate update it will drop the aggregate to...

Page 931: ...routes between specified clients within a cluster Clients within a reflector cluster therefore need not be fully meshed and the exchange of routing information is thereby reduced since the clients ne...

Page 932: ...e point of failure This command is used to designate multiple route reflectors used within the same cluster so that they can recognize updates from other peer route reflectors and discard them to prev...

Page 933: ...fully meshed connections between iBGP peers in the same AS It works by dividing up a large AS into several smaller ASes where only the peers in the same smaller AS are fully meshed thus reducing the n...

Page 934: ...figured Command Usage This command is used to add multiple ASes to a confederation Each AS is fully meshed within itself and the AS members are visible internally within the confederation Use the bgp...

Page 935: ...ime The maximum time a route can be suppressed Range 1 255 minutes Command Mode Router Configuration Default Setting half life 15 minutes reuse limit 750 suppress limit 2000 max suppress time 60 minut...

Page 936: ...onomous system Example Console config router bgp enforce first as Console config router bgp fast external failover This command resets sessions for any directly connected external peers if the link go...

Page 937: ...es in the system log file which can viewed using the show log ram command Example Console config router bgp log neighbor changes Console config router bgp network import check This command checks for...

Page 938: ...d can be used manually set the router ID to a fixed value The router ID must be unique for every router in the autonomous system Using the default setting based on the highest interface address ensure...

Page 939: ...ess bits used for the associated routing entries map name Name of the route map The route map can be used to filter the networks to advertise Range 1 80 characters backdoor Specifies a backdoor route...

Page 940: ...ected Imports routes that are established automatically just by enabling IP on an interface ospf External routes will be imported from the Open Shortest Path First OSPF protocol into this routing doma...

Page 941: ...rs Range 0 65535 seconds hold time The maximum interval after which a neighbor is declared dead if a keep alive or update message has not been received Range 0 65535 seconds Command Mode Router Config...

Page 942: ...g peer If ignored a normal inbound soft reset is performed out Outbound sessions soft Uses soft re configuration for the reset which does not tear down the session Command Mode Privileged Exec Default...

Page 943: ...xample This example assumes that soft re configuration has been set on the neighboring router Console config router clear ip bgp 192 168 0 254 soft in Console config router clear ip bgp dampening This...

Page 944: ...mpared only among paths from the same autonomous system This command allows the comparison of MEDs among different paths regardless of the autonomous system from which the paths are received The bgp d...

Page 945: ...tax no bgp bestpath compare confed aspath Command Mode Router Configuration Default Setting Disabled Example Console config router bgp bestpath compare confed aspath Console config router bgp bestpath...

Page 946: ...ature Syntax no bgp bestpath med confed missing as worst confed Compare MED in confederation path missing as worst Consider as maximum MED value when missing Command Mode Router Configuration Default...

Page 947: ...termine local policy Example Console config router bgp default local preference 100 Console config router bgp deterministic med This command enforces deterministic comparison of the MED attribute betw...

Page 948: ...P routes Use the no form to restore the default setting Syntax distance distance ip address netmask access list name no distance ip address netmask distance Administrative distance for an eBGP route R...

Page 949: ...distance Administrative distance for iBGP routes Range 1 255 local distance Administrative distance for local routes Range 1 255 Command Mode Router Configuration Default Setting eBGP 20 iBGP 200 loca...

Page 950: ...peer group Use the no form to disable the exchange of routing information Syntax no neighbor ip address group name activate ip address IP address of a neighbor group name A BGP peer group containing a...

Page 951: ...However the bgp dampening command can provide more precise control of route flapping Example Console config router neighbor 10 1 1 64 advertisement interval 20 Console config router neighbor allowas...

Page 952: ...onfig router neighbor attribute unchanged This command configures certain route attributes to be kept unchanged for transparent transmission to the specified neighbor Use the no form to disable this f...

Page 953: ...ted if a negotiated capability is unknown With dynamic negotiation of capabilities is enabled the capabilities by both sides are negotiated in OPEN messages with the partner responding if a capability...

Page 954: ...efault originate ip address IP address of a neighbor group name A BGP peer group containing a list of neighboring routers configured with the neighbor peer group command map name Name of the route map...

Page 955: ...ters Command Mode Router Configuration Default Setting No description specified Example Console config router neighbor 10 1 1 64 description bill s router Console config router neighbor distribute lis...

Page 956: ...nections Use the no form to restore the default setting Syntax no neighbor ip address group name dont capability negotiate ip address IP address of a neighbor group name A BGP peer group containing a...

Page 957: ...nd Usage This command can be used to allow routers in different network segments to create a BGP neighbor relationship If this command is entered without specifying a count the hop limit is set at 255...

Page 958: ...t to or received from a neighbor based on an AS path access list Use the no form to disable route filtering Syntax neighbor ip address group name filter list access list in out no neighbor ip address...

Page 959: ...vlan vlan id no neighbor ip address interface ip address IP address of a neighbor vlan id VLAN ID Range 1 4094 Command Mode Router Configuration Default Setting None Example Console config router nei...

Page 960: ...s or to prevent malicious attacks If the threshold is specified but neither the restart nor warning keywords are used the connection will be closed until the records are cleared with the clear ip bgp...

Page 961: ...directly connected with each other The neighbor next hop self command can be used to configure an iBGP router which is directly connected with an eBGP neighbor so that other iBGP routers in the same A...

Page 962: ...n Active state waiting for an inbound connection request from a neighbor and not initiating any outbound connections with the neighbor via an Open message Example Console config router neighbor 10 1 1...

Page 963: ...ime out Example Console config router neighbor 10 1 1 64 password frost Console config router neighbor peer group Creating This command configures a router peer group which can be easily configured wi...

Page 964: ...roup use the neighbor group name peer group command Example Console config router neighbor 10 1 1 64 peer group RD Console config router neighbor port This command specifies the TCP port number of the...

Page 965: ...ix list with the ip prefix list command and then use this command to specify the neighbors to which it applies and whether it applies to inbound or outbound messages Filtering routes based on a prefix...

Page 966: ...Mode Router Configuration Default Setting No neighbors are configured Command Usage BGP neighbors must be manually configured A neighbor relationship can only be established if partners are configured...

Page 967: ...portion of the AS path Example Console config router neighbor 10 1 1 64 remove private as Console config router neighbor route map This command specifies the route mapping policy for inbound outbound...

Page 968: ...ress IP address of a neighbor group name A BGP peer group containing a list of neighboring routers configured with the neighbor peer group command Command Mode Router Configuration Default Setting Dis...

Page 969: ...ed in iBGP Instead of maintaining direct eBGP peering sessions with every other service provider providers can acquire the same routing information through a single connection to a route server at the...

Page 970: ...ommand Mode Router Configuration Default Setting No community attributes are sent If community type is not specified then only standard community attributes are sent Command Usage Community attributes...

Page 971: ...peer group containing a list of neighboring routers configured with the neighbor peer group command Command Mode Router Configuration Default Setting Disabled Command Usage Use this command to employ...

Page 972: ...oup name A BGP peer group containing a list of neighboring routers configured with the neighbor peer group command Command Mode Router Configuration Default Setting Disabled Command Usage This command...

Page 973: ...he global timers bgp command Example Console config router neighbor 10 1 1 66 timers 50 200 Console config router neighbor timers connect This command sets the time to wait before attempting to reconn...

Page 974: ...the no form to remove this configuration entry Syntax no neighbor ip address group name unsuppress map map name ip address IP address of a neighbor group name A BGP peer group containing a list of nei...

Page 975: ...st interface to the neighbor is used for BGP connections This command can be used to specify any available interface for a TCP connection Example Console config router neighbor 10 1 1 66 update source...

Page 976: ...bgp ip address netmask longer prefixes ip address IP address of a route entry netmask Network mask for the route This mask identifies the network address bits used for the associated routing entries l...

Page 977: ...ntry is stale R Entry removed Origin codes Origin of table entry includes these values i Entry originated from an Interior Gateway Protocol IGP and was advertised using a network router configuration...

Page 978: ...nly BGP table version is 0 local router ID is 192 168 0 2 Status codes s suppressed d damped h history valid best i internal r RIB failure S Stale R Removed Origin codes i IGP e EGP incomplete Network...

Page 979: ...ed only to peers in the same autonomous system or to other sub autonomous systems within a confederation These routes are not advertised to external peers exact match Displays only routes that match t...

Page 980: ...st rd BGP table version is 0 local router ID is 192 168 0 2 Status codes s suppressed d damped h history valid best i internal r RIB failure S Stale R Removed Origin codes i IGP e EGP incomplete Netwo...

Page 981: ...ap statistics BGP table version is 0 local router ID is 192 168 0 2 Status codes s suppressed d damped h history valid best i internal r RIB failure S Stale R Removed Origin codes i IGP e EGP incomple...

Page 982: ...mber of prefixes 1 Console show ip bgp neighbors This command chows connection information for neighbor sessions Syntax show ip bgp neighbors ip address advertised routes received prefix filter receiv...

Page 983: ...sement runs is 30 seconds For address family IPv4 Unicast Community attribute sent to this neighbor both Inbound path policy configured 1 accepted prefixes Connections established 1 dropped 0 Last res...

Page 984: ...tween transmission of advertisements For address family Address family to which the following information refers Local host port IP address and TCP port of the local BGP speaker Foreign host port IP a...

Page 985: ...ale R Removed Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 100 1 1 0 24 10 1 1 66 0 200 300 10 1 1 100 0 32768 Console show ip bgp regexp This command shows routes ma...

Page 986: ...168 0 2 Status codes s suppressed d damped h history valid best i internal r RIB failure S Stale R Removed Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 100 1 1 0 24 1...

Page 987: ...es permitted by a community list Syntax show ip community list 1 99 100 500 community list name 1 99 Standard community list number that identifies one or more groups of communities 100 500 Expanded c...

Page 988: ...Syntax show ip prefix list prefix list name ip address netmask first match longer seq sequence number prefix list name Name of prefix list Maximum length 128 characters no spaces or other special cha...

Page 989: ...Console show ip prefix list detail rd ip prefix list rd count 1 range entries 0 sequences 5 5 seq 5 deny 10 0 0 0 8 ge 14 le 22 hit count 0 refcount 0 Console show ip prefix list summary This command...

Page 990: ...he neighbor filter list in command FiltOut Indicates whether a filter for outgoing routing updates has been specified with the neighbor filter list out command DistIn Indicates whether routes are dist...

Page 991: ...icy based routing If no matching criteria are found in the route map normal unicast routing is used to determine the packet s next hop Although route redistribution is protocol independent some of the...

Page 992: ...RM set as path Modifies the AS path by prepending or excluding an AS number RM set atomic aggregate Indicates the loss of some information in the route aggregation process RM set comm list delete Rem...

Page 993: ...rform if the criteria enforced by the match commands are met If the match criteria are met for a route map and the permit keyword specified the packet is policy routed based on defined set commands If...

Page 994: ...sole config route map set weight 30 Console config route map call This command jumps to another route map after match and set commands are executed Use the no form to remove an entry from a route map...

Page 995: ...entry the next entry is executed Example Console config route map RD permit 1 Console config route map match as path 60 Console config route map set weight 30 Console config route map continue 3 Cons...

Page 996: ...g route map match as path 60 Console config route map set weight 30 Console config route map Related Commands ip as path access list 923 match community This command sets a BGP community access list t...

Page 997: ...unities 100 500 Expanded community list number that identifies one or more groups of communities Command Mode Route Map Command Usage This command matches the extended community attributes of the BGP...

Page 998: ...this entry from a route map Syntax match ip next hop access list name prefix list prefix list name no match ip next hop access list name Name of standard or extended access list Maximum length 32 cha...

Page 999: ...t name Name of a specific prefix list Command Mode Route Map Command Usage Note that there may be situations in which the next hop and source router address of the route are not the same Example Conso...

Page 1000: ...to match in routing messages Use the no form to remove this entry from a route map Syntax match pathlimit as as limit no match pathlimit as as limit Maximum AS path length Range 1 4294967295 Command...

Page 1001: ...the parent AS the AS number contained in the AS_PATHLIMIT attribute should be replaced by the AS number of the parent AS Similarly if the AS_PATHLIMIT attribute is attached to a prefix by a member of...

Page 1002: ...and IP address to the aggregator attribute of a route Use the no form to remove this entry from a route map Syntax set aggregator as as number ip address no set aggregator as as number ip address as n...

Page 1003: ...o the AS path of the route that is matched as number Autonomous system number Range 1 4294967295 Command Mode Route Map Command Usage Note that best path selection may be influenced with this command...

Page 1004: ...ities 100 500 Expanded community list number that identifies one or more groups of communities community list name Name of standard or expanded community list Maximum length 32 characters no spaces or...

Page 1005: ...this community attribute are advertised to all internal and external peers local as Specifies the local autonomous system Routes with this community attribute are advertised only to peers that are par...

Page 1006: ...number and a 4 byte network number separated by one colon Each 2 byte number can range from 0 to 65535 and 4 byte numbers from 0 to 4294967295 IP NN Community to deny or permit The community number is...

Page 1007: ...BGP peering address Command Mode Route Map Command Usage The IP address specified as the next hop need not be an adjacent router When this command is used with the peer address keyword in an inbound r...

Page 1008: ...ic for inter autonomous systems use the set metric command A route with a higher local priority level when compared with other routes to the same destination will be preferred over other routes Exampl...

Page 1009: ...er 192 168 0 99 Console config route map set metric 1 Console config route map set origin This command sets the BGP origin code for the routing protocol which generated this message Use the no form to...

Page 1010: ...0 99 Console config route map set originator id 192 168 0 254 Console config route map set pathlimit ttl This command sets the maximum AS path length for propagation of more specific prefixes in routi...

Page 1011: ...e Route Map Command Usage Weights are used to determine the best path available to the local switch The route with the highest weight gets preference over other routes to the same network Weights assi...

Page 1012: ...ing Commands Policy based Routing for BGP 1012 Example Console show route map RD route map RD permit sequence 1 Match clauses peer 102 168 0 99 Set clauses comm list 100 delete Call clause Action Exit...

Page 1013: ...cast routing Syntax no ip multicast routing Table 193 Multicast Routing Commands Command Group Function General Multicast Routing Enables IP multicast routing globally also displays the IP multicast r...

Page 1014: ...mroute This command displays the IPv4 multicast routing table Syntax show ip mroute group address source summary group address An IPv4 multicast group address with subscribers directly attached or dow...

Page 1015: ...M SSM C Connected A member of the multicast group is present on this interface P Pruned This route has been terminated F Register flag This device is registering for a multicast source R RP bit set Th...

Page 1016: ...terfaces that Incoming Interface Interface leading to the upstream neighbor PIM creates a multicast routing tree based on the unicast routing table If the related unicast routing table does not exist...

Page 1017: ...ource summary Displays summary information for each entry in the IP multicast routing table Command Mode Privileged Exec Command Usage This command displays information for multicast routing If no opt...

Page 1018: ...f the SPT flag is set for S G the router immediately joins the shortest path tree Interface state The multicast state for the displayed interface group address IP multicast group address for a request...

Page 1019: ...cast routes on the switch ip igmp snooping vlan mrouter This command statically configures a multicast router port Use the no form to remove the configuration Syntax ip igmp snooping vlan vlan id mrou...

Page 1020: ...ast Routing This section describes commands used to configure static multicast routes on the switch ip igmp snooping vlan mrouter This command statically configures a multicast router port Use the no...

Page 1021: ...t router port within VLAN 1 Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config show ip igmp snooping mrouter This command displays information on statically configured and dyn...

Page 1022: ...m a neighboring PIM router before declaring it dead IC ip pim hello interval Sets the interval between sending PIM hello messages IC ip pim join prune holdtime Configures the hold time for the prune s...

Page 1023: ...ce address of a register message to an address other than the outgoing interface address of the designated router DR leading toward the rendezvous point RP GC ip pim rp address Sets a static address f...

Page 1024: ...isable PIM DM or PIM SM on this interface Syntax no ip pim dense mode sparse mode dense mode Enables PIM Dense Mode sparse mode Enables PIM Sparse Mode Default Setting Disabled Command Mode Interface...

Page 1025: ...e Shortest Path Source Tree SPT they periodically send join messages toward the source They also send prune messages toward the RP to prune the shared path if they have already connected to the source...

Page 1026: ...at which PIM hello messages are transmitted Use the no form to restore the default value Syntax ip pim hello interval seconds no pim hello interval seconds Interval between sending PIM hello messages...

Page 1027: ...icast stream The prune state is maintained until the join prune holdtime timer expires or a graft message is received for the forwarding entry Example Console config if ip pim join prune holdtime 60 C...

Page 1028: ...respond to a lan prune delay message Use the no form to restore the default setting Syntax ip pim override interval milliseconds no ip pim override interval milliseconds The time required for a downst...

Page 1029: ...ame VLAN interface Range 100 5000 milliseconds Default Setting 500 milliseconds Command Mode Interface Configuration VLAN Command Usage The override interval configured by the ip pim override interval...

Page 1030: ...m value between 0 and the trigger hello delay This prevents synchronization of Hello messages on multi access links if multiple routers are powered on simultaneously Also if a Hello message is receive...

Page 1031: ...show ip pim neighbor This command displays information about PIM neighbors Syntax show ip pim neighbor interface vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays information for all...

Page 1032: ...the graft message will resend it a number of times as defined by the ip pim max graft retries command Example Console config if ip pim graft retry interval 9 Console config if ip pim max graft retrie...

Page 1033: ...erface Configuration VLAN Command Usage The pruned state times out approximately every three minutes and the entire PIM DM network is reflooded with multicast packets and prune messages The state refr...

Page 1034: ...candidate with the larger IP address is elected to be the BSR Setting the priority to zero means that this router is not eligible to server as the BSR At least one router in the PIM SM domain must be...

Page 1035: ...t which register messages are sent by the Designated Router DR for each source group entry Use the no form to restore the default value Syntax ip pim register rate limit rate no ip pim register rate l...

Page 1036: ...ent from the RP to the source address will fail to reach the DR resulting in PIM SM protocol failures This command can be used to overcome this type of problem by manually configuring the source addre...

Page 1037: ...g this command are both available for a group range the RP address learned by the BSR is chosen over the one statically configured with this command All routers within the same PIM SM domain must be c...

Page 1038: ...P candidate with the largest priority is preferred If the priority values are the same the candidate with the larger IP address is elected to be the RP Setting the priority to zero means that this rou...

Page 1039: ...ations each to serve as both a candidate BSR and candidate RP It is also preferable to set up one of these routers as both the primary BSR and RP Example The following example configures the router to...

Page 1040: ...r will join the shortest path tree immediately after receiving the first packet from a new source This command forces the router to use the shared tree for all multicast groups or just for the specifi...

Page 1041: ...or core routers is that they are capable of forwarding IGMPv3 messages However when PIM SM is used by either edge or core routers the Rendezvous Point RP must not be configured to accept any registrat...

Page 1042: ...Command Usage More than one PIM SM router may be connected to an Ethernet or other shared media LAN If multicast hosts are directly connected to the LAN then only one of these routers is elected as t...

Page 1043: ...tting Syntax ip pim join prune interval seconds no ip pim join prune interval seconds The interval at which join prune messages are sent Range 1 65535 seconds Default Setting 60 seconds Command Mode I...

Page 1044: ...oldTime 105 sec Triggered Hello Delay 5 sec Join Prune Holdtime 210 sec Lan Prune Delay Disabled Propagation Delay 500 ms Override Interval 2500 ms DR Priority 20 Join Prune Interval 80 sec Console cl...

Page 1045: ...ocess Hash Mask Length The number of significant bits used in the multicast group comparison mask This mask determines the multicast group for which this router can be a BSR Expire The time before thi...

Page 1046: ...ed the mapping Syntax show ip pim rp hash group address group address An IP multicast group address Command Mode Privileged Exec Example This example displays the RP used for the specified group Conso...

Page 1047: ...the router GC ipv6 pim Enables PIM DM or PIM SM on the specified interface IC ipv6 pim hello holdtime Sets the time to wait for hello messages from a neighboring PIM router before declaring it dead I...

Page 1048: ...at which register messages are sent by the Designated Router DR GC ipv6 pim register source Configure the IP source address of a register message to an address other than the outgoing interface addres...

Page 1049: ...ode Enables PIM Sparse Mode Default Setting Disabled Command Mode Interface Configuration VLAN Command Usage To fully enable PIM you need to enable multicast routing globally for the router with the i...

Page 1050: ...ave already connected to the source through the SPT or if there are no longer any group members connected to the interface Example Console config interface vlan 1 Console config if ipv6 pim dense mode...

Page 1051: ...ding PIM hello messages Range 1 65535 Default Setting 30 seconds Command Mode Interface Configuration VLAN Command Usage Hello messages are sent to neighboring PIM routers from which this device has r...

Page 1052: ...le this feature Syntax no ipv6 pim lan prune delay Default Setting Disabled Command Mode Interface Configuration VLAN Command Usage When other downstream routers on the same VLAN are notified that thi...

Page 1053: ...ed in the message Range 500 6000 milliseconds Default Setting 2500 milliseconds Command Mode Interface Configuration VLAN Command Usage The override interval configured by this command and the propaga...

Page 1054: ...late the LAN prune delay If a downstream router has group members which want to continue receiving the flow referenced in a LAN prune delay message then the propagation delay represents the time requi...

Page 1055: ...f show ipv6 pim interface This command displays information about interfaces configured for PIM Syntax show ipv6 pim interface vlan vlan id vlan id VLAN ID Range 1 4094 Command Mode Normal Exec Privil...

Page 1056: ...acknowledgement before resending a Graft Use the no form to restore the default value Syntax ipv6 pim graft retry interval seconds no ipv6 pim graft retry interval seconds The time before resending a...

Page 1057: ...etries command Example Console config if ipv6 pim graft retry interval 9 Console config if Related Commands ipv6 pim override interval 1053 ipv6 pim propagation delay 1054 ipv6 pim max graft retries T...

Page 1058: ...tree refreshing the prune state on the outgoing interfaces of each router in the tree This also enables PIM routers to recognize topology changes sources joining or leaving a multicast group before th...

Page 1059: ...The IP address of the designated VLAN is sent as the candidate s BSR address Each neighbor receiving the bootstrap message compares the BSR address with the address from previous messages If the curr...

Page 1060: ...and RP However because register messages exceeding the limit are dropped some receivers may experience data packet loss within the first few seconds in which register messages are sent from bursty so...

Page 1061: ...the no form to remove an RP address or an RP address for a specific group Syntax no ipv6 pim rp address rp address group prefix group prefix rp address Static IPv6 address of the router that will be a...

Page 1062: ...multicast groups are removed Example In the following example the first PIM SM command just specifies the RP address 192 168 1 1 to indicate that it will be used to service all multicast groups The s...

Page 1063: ...an active RP for each group range The el6ection process is performed by the BSR only for its own use Each PIM SM router that receives the list of RP candidates from the BSR also elects an active RP f...

Page 1064: ...roup If a group address is not specified the command applies to all multicast groups Range FFXX X X X X 8 128 Default Setting The last hop PIM6 router joins the shortest path tree immediately after th...

Page 1065: ...ult Setting 1 Command Mode Interface Configuration VLAN Command Usage More than one PIM SM router may be connected to an Ethernet or other shared media LAN If multicast hosts are directly connected to...

Page 1066: ...fault setting Syntax ipv6 pim join prune interval seconds no ipv6 pim join prune interval seconds The interval at which join prune messages are sent Range 1 65535 seconds Default Setting 60 seconds Co...

Page 1067: ...llo HoldTime 105 sec Triggered Hello Delay 5 sec Join Prune Holdtime 210 sec Lan Prune Delay Disabled Propagation Delay 500 ms Override Interval 2500 ms DR Priority 1 Join Prune Interval 220 sec Conso...

Page 1068: ...ction process Hash Mask Length The number of significant bits used in the multicast group comparison mask This mask determines the multicast group for which this router can be a BSR Expire The time be...

Page 1069: ...tax show ipv6 pim rp hash group address group address An IP multicast group address Command Mode Privileged Exec Example This example displays the RP used for the specified group Console show ipv6 pim...

Page 1070: ...PIM Multicast Routing 1070 Table 209 show ip pim rp hash display description Field Description RP address IP address of the RP used for the specified multicast group Info source RP that advertised th...

Page 1071: ...1071 Section III Appendices This section provides additional information and includes these items Troubleshooting on page 1077 License Information on page 1079...

Page 1072: ...Section III Appendices 1072...

Page 1073: ...EtherChannel Like trunks 2 2 8 port trunk 10GE 3 2 4 port trunk 40GE NO Unicast Multicast load balance over trunking port YES load balance mechanism SA DS SIP DIP NO VLAN Traffic Segmentation Port Is...

Page 1074: ...YES NO Remote Authentication via TACACS YES NO HTTPS and SSL Secured Web YES NO Management Interface Access Filtering SNMP WEB TELNET YES NO Management Features Software Download Upgrade TFTP YES NO F...

Page 1075: ...v4 Multi netting YES NO CIDR Classless Inter Domain Routing YES NO Unicast Routing Static Unicast Routes YES NO Equal Cost multipath routing ECMP YES NO OSPF YES NO ARP YES Global share with routing e...

Page 1076: ...76 Termination MAC Flow Table NO YES Bridging Flow Table NO YES Unicast Routing Flow Table NO YES Multicast Routing Flow Table NO YES ACL Policy Flow Table NO YES Table 210 Legacy and Hybrid Operating...

Page 1077: ...ting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again a...

Page 1078: ...Repeat the sequence of commands or other actions that lead up to the error 7 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 8 Set...

Page 1079: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Page 1080: ...you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this Lice...

Page 1081: ...s These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License...

Page 1082: ...k for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two go...

Page 1083: ...CP is based on the Bootstrap Protocol BOOTP adding the capability of automatic allocation of reusable network addresses and additional configuration options DHCP Option 82 A relay option for sending i...

Page 1084: ...rived from a 48 bit link layer address by inserting the hexadecimal number FFFE between the upper three bytes OUI field and the lower 3 bytes serial number of the link layer address To ensure that the...

Page 1085: ...ls access to the switch ports by requiring users to first enter a user ID and password for authentication IEEE 802 3ac Defines frame extensions for VLAN tagging IEEE 802 3x Defines Ethernet frame star...

Page 1086: ...other device Layer 2 Data Link layer in the ISO 7 Layer Data Communications Protocol This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses...

Page 1087: ...by using a common VLAN for distribution while still preserving security and data isolation for subscribers residing in both the MVR VLAN and other standard or private VLAN groups NTP Network Time Pro...

Page 1088: ...n the network RIP Routing Information Protocol seeks to find the shortest route to another device by minimizing the distance vector or hop count which serves as a rough estimate of transmission cost R...

Page 1089: ...m Protocol UDP provides a datagram mode for packet switched communications It uses IP as the underlying transport mechanism to provide access to IP like services UDP packets are delivered just like IP...

Page 1090: ...Glossary 1090 XModem A protocol used to transfer files between devices Data is grouped in 128 byte blocks and error corrected...

Page 1091: ...federation identifier 933 bgp confederation peer 934 bgp dampening 935 bgp default local preference 947 bgp deterministic med 947 bgp enforce first as 936 bgp fast external failover 936 bgp log neighb...

Page 1092: ...948 distance bgp 949 dot1q tunnel system tunnel control 484 dot1q tunnel tpid 485 dot1x default 241 dot1x eapol pass through 241 dot1x intrusion action 243 dot1x max reauth req 243 dot1x max req 244...

Page 1093: ...8 ip igmp proxy unsolicited report interval 640 ip igmp query drop 613 ip igmp query interval 631 ip igmp robustval 632 ip igmp snooping 583 ip igmp snooping priority 584 ip igmp snooping proxy report...

Page 1094: ...esp interval 642 ipv6 mld proxy 649 ipv6 mld proxy unsolicited report interval 651 ipv6 mld query interval 643 ipv6 mld robustval 644 ipv6 mld snooping 618 ipv6 mld snooping querier 618 ipv6 mld snoop...

Page 1095: ...p med tlv inventory 670 lldp med tlv location 671 lldp med tlv med cap 671 lldp med tlv network policy 672 lldp notification 672 lldp notification interval 657 lldp refresh interval 657 lldp reinit de...

Page 1096: ...eighbor unsuppress map 974 neighbor update source 975 neighbor weight 975 network 825 network 939 network area 856 network access aging 262 network access dynamic qos 264 network access dynamic vlan 2...

Page 1097: ...39 set extcommunity 1006 set ip next hop 1007 set local preference 1008 set metric 1008 set origin 1009 set originator id 1010 set pathlimit ttl 1010 set phb 540 set weight 1011 show access group 356...

Page 1098: ...nterface 875 show ip ospf neighbor 877 show ip ospf route 878 show ip ospf virtual links 878 show ip pim bsr router 1045 show ip pim interface 1030 show ip pim neighbor 1031 show ip pim rp mapping 104...

Page 1099: ...tion 523 show qos map ip port dscp 523 show qos map ip prec dscp 524 show qos map phb queue 525 show qos map trust mode 525 show queue mode 511 show queue weight 511 show radius server 220 show reload...

Page 1100: ...87 switchport dot1q tunnel service match cvid 488 switchport forbidden vlan 477 switchport gvrp 470 switchport ingress filtering 478 switchport l2protocol tunnel 496 switchport mode 479 switchport mtu...

Page 1101: ...vrrp timers advertise 796 vxlan flood 500 vxlan udp dst port 499 vxlan vlan vni 501 W watchdog software 124 web auth 277 web auth login attempts 275 web auth quiet period 276 web auth re authenticate...

Page 1102: ...List of CLI Commands 1102...

Page 1103: ...ARP ACL 352 enabling globally 322 enabling per VLAN 325 trusted ports 327 ATC 781 authentication MAC address authentication 261 269 MAC configuring ports 261 network access 261 269 public key 232 web...

Page 1104: ...map to CNPV 563 dot1p priroty alternate CNPv priority global 564 dot1p priroty alternate CNPv priority interface 566 enabling priority congestion notification message 562 command line interface See C...

Page 1105: ...on rate 533 534 537 configuring 527 conforming traffic configuring response 533 534 537 description 529 excess burst size 535 metering configuring 533 peak burst size 537 peak information rate 537 pol...

Page 1106: ...447 IEEE 802 1w 447 IEEE 802 1X 240 242 IGMP clearing groups 634 enabling per interface 628 filter profiles binding to interface 611 filter profiles configuration 608 filter interface configuration 6...

Page 1107: ...ynamic configuration 65 manual configuration 62 setting 62 742 IPv4 source guard configuring static entries 303 setting filter criteria 305 setting maximum bindings 306 IPv6 configuring static neighbo...

Page 1108: ...216 sequence 214 215 settings 215 TACACS client 221 TACACS server 221 logon authentication settings 216 221 logon banner configuring 104 loop back messages CFM 681 715 loopback detection non STA 423...

Page 1109: ...validation 784 785 enabling 782 max bindings 786 trusted interface 787 Neighbor Discovery Snooping See ND snooping network access authentication 261 dynamic QoS assignment 264 dynamic VLAN assignment...

Page 1110: ...displaying 1031 sparse mode attributes 1023 1034 PIM DM 1022 configuring 1022 global configuration 1023 interface settings 1024 1032 neighbor routers 1031 PIM SM 1022 bootstrap router 1034 BSR candida...

Page 1111: ...g 527 CoS CFI to PHB drop precedence 513 DSCP to PHB drop precedence 517 dynamic assignment 264 IP Port to PHB drop precedence 518 IP precedence to PHB drop precedence 519 matching class settings 529...

Page 1112: ...0 PIMv6 SM 1064 shortest path tree PIM SM 1015 1018 1040 PIMv6 SM 1064 SMTP event handling 159 sending log events 159 SNMP 181 community string 183 enabling traps 186 enabling traps mac address change...

Page 1113: ...ntation 330 assigning ports 330 332 enabling 330 332 sessions assigning ports 330 332 sessions creating 330 332 trap manager 68 187 troubleshooting 1077 trTCM police meter 537 QoS policy 537 trunk con...

Page 1114: ...protocol message statistics 800 timers 796 virtual address 793 W web authentication 277 address re authenticating 278 configuring 277 configuring ports 277 port information displaying 279 ports confi...

Page 1115: ......

Page 1116: ...AS5700 54X AS6700 32X E032016 ST R02 149100000198A...

Reviews:

No comments