manualshive.com logo in svg

FoxGate S6124, Command Manual

Share
Download
FoxGate S6124 Command Manual Download Page 319

 

319 

 

Chapter 31 Commands for Security 

Feature 

31.1 dosattack-check srcip-equal-dstip enable 

Command: [no] dosattack-check srcip-equal-dstip enable   

Function:

  Enable  the  function  by  which  the  switch  checks  if  the  source  IP  address  is 

equal to the destination IP address; the ―no‖ form of this command disables this function. 

Parameter: 

None 

Default:

 Disable the function by which the switch checks if the source IP address is equal 

to the destination IP address. 

Command Mode: 

Global Mode

 

Usage Guide:

 By enabling this function, data packet whose source IP address is equal to 

its destination address will be dropped 

Example:

  Drop  the  data  packet  whose  source  IP  address  is  equal  to  its  destination 

address 

Switch(config)# dosattack-check srcip-equal-dstip enable 

 

31.2 dosattack-check tcp-flags enable 

Command: [no] dosattack-check tcp-flags enable 

Function:

 Enable the function by which the switch will check the unauthorized TCP label 

function; the ―no‖ form of this command will disable this function. 

Parameter:

 None 

Default: 

This function disable on the switch by default 

Command Mode:

 Global Mode 

Usage Guide:

 With this function enabled, the switch will be able to drop follow four data 

packets  containing  unauthorized  TCP  label:  SYN=1  while  source  port  is  smaller  than 

1024;TCP label positions are all 0 while its serial No. =0;FIN=1,URG=1,PSH=1 and the 

TCP  serial  No.=0;SYN=1  and  FIN=1.  This  function  can  be  used  associating  the 

―dosattack-check ipv4-first-fragment enable‖ command. 

Example:

 Drop one or more types of above four packet types. 

Switch(config)# dosattack-check tcp-flags enable 

Summary of Contents for S6124

Page 1: ...able password 25 1 1 9 end 25 1 1 10 exec timeout 26 1 1 11 exit 26 1 1 12 help 26 1 1 13 hostname 27 1 1 14 ip host 27 1 1 15 ipv6 host 28 1 1 16 ip http server 28 1 1 17 language 29 1 1 18 login 29...

Page 2: ...ax connection 40 1 2 12 ssh server authentication retries 40 1 2 13 ssh server enable 41 1 2 14 ssh server host key create rsa 41 1 2 15 ssh server max connection 41 1 2 16 ssh server timeout 42 1 2 1...

Page 3: ...TCH UPGRADE 57 1 5 1 copy FTP 57 1 5 2 copy TFTP 59 1 5 3 ftp dir 60 1 5 4 ftp server enable 60 1 5 5 ftp server timeout 61 1 5 6 ip ftp 61 1 5 7 show ftp 61 1 5 8 show tftp 62 1 5 9 tftp server enabl...

Page 4: ...width 76 3 1 2 combo forced mode 77 3 1 3 clear counters interface 78 3 1 4 flow control 78 3 1 5 interface ethernet 79 3 1 6 loopback 79 3 1 7 mdi 80 3 1 8 name 80 3 1 9 negotiation 81 3 1 10 port sc...

Page 5: ...AL SHUTDOWN 96 6 6 ULDP RESET 97 6 7 ULDP RECOVERY TIME 97 6 8 SHOW ULDP 97 6 9 DEBUG ULDP FSM INTERFACE ETHERNET 98 6 10 DEBUG ULDP ERROR 98 6 11 DEBUG ULDP EVENT 99 6 12 DEBUG ULDP PACKET 99 6 13 DE...

Page 6: ...GROUP 112 CHAPTER 9 COMMANDS FOR JUMBO 117 9 1 JUMBO ENABLE 117 CHAPTER 10 VLAN CONFIGURATION 117 10 1 COMMANDS FOR VLAN CONFIGURATION 117 10 1 1 debug gvrp 117 10 1 2 gvrp 118 10 1 3 garp timer hold...

Page 7: ...130 11 2 4 show port security 131 11 2 5 show port security address 132 11 2 6 show port security interface 132 11 2 7 switchport port security 133 11 2 8 switchport port security convert 134 11 2 9...

Page 8: ...spanning tree digest snooping 147 12 1 23 spanning tree tcflush Global mode 148 12 1 24 spanning tree tcflush Port mode 148 12 2 COMMANDS FOR MONITOR AND DEBUG 149 12 2 1 show spanning tree 149 12 2 2...

Page 9: ...ACE 169 15 1 1 interface vlan 169 15 1 2 ip address 169 15 1 3 ip default gateway 170 15 1 4 debug ip packet 170 15 1 5 show ip traffic 171 15 1 6 show ip route 173 15 2 COMMANDS FOR IPV6 CONFIGURATIO...

Page 10: ...I ARPSCAN TRUST IP 190 16 6 ANTI ARPSCAN RECOVERY ENABLE 190 16 7 ANTI ARPSCAN RECOVERY TIME 191 16 8 ANTI ARPSCAN LOG ENABLE 191 16 9 ANTI ARPSCAN TRAP ENABLE 191 16 10 SHOW ANTI ARPSCAN 192 16 11 DE...

Page 11: ...ng 204 20 1 13 ip dhcp excluded address 205 20 1 14 ip dhcp pool 205 20 1 15 ip dhcp conflict ping detection enable 205 20 1 16 ip dhcp ping packets 206 20 1 17 ip dhcp ping timeout 206 20 1 18 lease...

Page 12: ...21 22 SERVICE DHCPV6 223 21 23 SHOW IPV6 DHCP 223 21 24 SHOW IPV6 DHCP BINDING 224 21 25 SHOW IPV6 DHCP INTERFACE 224 21 26 SHOW IPV6 DHCP LOCAL POOL 225 21 27 SHOW IPV6 DHCP POOL 225 21 28 SHOW IPV6...

Page 13: ...OOPING INFORMATION ENABLE 245 CHAPTER 24 IPV4 MULTICAST PROTOCOL 245 24 1 COMMANDS FOR DCSCM 245 24 1 1 access list Multicast Destination Control 245 24 1 2 access list Multicast Source Control 246 24...

Page 14: ...source address 260 24 2 17 ip igmp snooping vlan static group 260 24 2 18 ip igmp snooping vlan suppression query time 261 24 2 19 show ip igmp snooping 261 CHAPTER 25 IPV6 MULTICAST PROTOCOL 264 25 1...

Page 15: ...2 27 9 FIREWALL 282 27 10 FIREWALL DEFAULT 282 27 11 IP ACCESS EXTENDED 283 27 12 IP ACCESS STANDARD 283 27 13 IPV6 ACCESS LIST 284 27 14 IPV6 ACCESS STANDARD 284 27 15 IP IPV6 MAC MAC IP ACCESS GROUP...

Page 16: ...28 17 DOT1X PRIVATECLIENT ENABLE 305 28 18 DOT1X RE AUTHENTICATE 306 28 19 DOT1X RE AUTHENTICATION 306 28 20 DOT1X TIMEOUT QUIET PERIOD 307 28 21 DOT1X TIMEOUT RE AUTHPERIOD 307 28 22 DOT1X TIMEOUT TX...

Page 17: ...2 1 TACACS SERVER AUTHENTICATION HOST 322 32 2 TACACS SERVER KEY 322 32 3 TACACS SERVER NAS IPV4 323 32 4 TACACS SERVER TIMEOUT 323 32 5 DEBUG TACACS SERVER 324 CHAPTER 33 COMMANDS FOR RADIUS 325 33 1...

Page 18: ...HTTP SECURE SERVER STATUS 338 34 5 DEBUG SSL 338 CHAPTER 35 COMMANDS FOR IPV6 SECURITY RA 340 35 1 IPV6 SECURITY RA ENABLE 340 35 2 IPV6 SECURITY RA ENABLE 340 35 3 SHOW IPV6 SECURITY RA 341 35 4 DEB...

Page 19: ...3 38 6 SFLOW COUNTER INTERVAL 353 38 7 SFLOW RATE 353 38 8 SHOW SFLOW 354 CHAPTER 39 COMMANDS FOR SNTP 355 39 1 DEBUG SNTP 355 39 2 SNTP SERVER 356 39 3 SNTP POLLTIME 356 39 4 SNTP TIMEZONE 357 39 5 S...

Page 20: ...GGING 371 41 8 SHOW FLASH 371 41 9 SHOW HISTORY 371 41 10 SHOW LOGGING BUFFERED 372 41 11 SHOW MEMORY 372 41 12 SHOW RUNNING CONFIG 373 41 13 SHOW STARTUP CONFIG 373 41 14 SHOW SWITCHPORT INTERFACE 37...

Page 21: ...OTOCOL 382 43 7 DEBUG DRIVER 383 CHAPTER 44 COMMANDS FOR POE 383 44 1 COMMANDS FOR POE CONFIGURATION 383 44 1 1 power inline enable Global 383 44 1 2 power inline enable Port 384 44 1 3 power inline l...

Page 22: ...cation method of lower preferences will be ignored To be mentioned if the user receives correspond protocol s answer whether refuse or incept it will not attempt the next authentication method Excepti...

Page 23: ...e first booting IMG file the nos img file in the FLASH without the second one Usage Guide The first and second img files can only use img files stored in switch Example Set flash nos img as the second...

Page 24: ...Command mode Admin Mode Default upon first time start up it is defaulted to 2001 1 1 0 0 0 Usage guide The switch can not continue timing with power off hence the current date and time must be first s...

Page 25: ...ommand enable password 0 7 password no enable password Function Configure the password used for enter Admin Mode from the User Mode The no enable password command deletes this password Parameter passw...

Page 26: ...es Usage guide To secure the switch as well to prevent malicious actions from unauthorized user the time will be count from the last configuration the admin had made and the system will exit the admin...

Page 27: ...s of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is...

Page 28: ...ipv6 host hostname all Function Configure the mapping relationship between the IPv6 address and the host the no ipv6 host hostname command deletes this mapping relationship Parameter hostname is the n...

Page 29: ...1 1 18 login Command login no login Function login enable password authentication no login command cancels the login configuration Command mode Global mode Default No login by default Usage guide By...

Page 30: ...d encryption by system default Usage guide The current unencrypted passwords as well as the coming passwords configured by password enable password ip ftp and username command will be encrypted by exe...

Page 31: ...Example Set the factory contact mode to test Switch config sysContact test 1 1 24 sysLocation Command sysLocation LINE no sysLocation Function Set the factory address the no sysLocation command reset...

Page 32: ...mand show clock Function Display the current system clock Command mode Admin and Configuration Mode Usage Guide If the system clock is inaccurate user can adjust the time by examining the system date...

Page 33: ...e level of the commands that the user is able to execute its value is limited between 1 and 15 and 1 by default password is the password for the user If input option 0 on password setting the password...

Page 34: ...figuration user1 and user2 will be denied Switch config username admin privilege 15 password 0 admin Switch config username user1 privilege 1 password 7 4a7d1ed414474e4033ac29ccb8653d9b The password i...

Page 35: ...tication ipv6 access class num std name no authentication ipv6 access class Function Binding standard IPv6 ACL protocol to login with Telnet SSH Web the no form command will cancel the binding ACL Par...

Page 36: ...the TACACS configuration method can be used The authentication line console login command is exclusive with the login command The authentication line console login command configures the switch to us...

Page 37: ...the trusted IPv6 address is configured only clients with trusted IPv6 addresses are able to login the switch Up to 32 trusted IPv6 addresses can be configured in the switch Example Configure the secur...

Page 38: ...l no length cancels the screen switching operation and display content once in all Parameter Columns of characters displayed in each screen ranging between 0 512 0 refers to non stop display Command m...

Page 39: ...TCP connection with the remote host To connect to another remote host the current TCP connection must be disconnected with a hotkey CTRL To telnet a host name mapping relationship between the host nam...

Page 40: ...on Default The system default value of the max connection number is 5 Command Mode Global Mode Usage Guide None Example Set the max connection number supported by the Telnet service as 10 Switch confi...

Page 41: ...t value is 1024 Command mode Global Mode Default The system uses the key generated when the ssh server is started at the first time Usage Guide This command is used to generate the new host key When S...

Page 42: ...t value for SSH authentication the no ssh server timeout command restores the default timeout value for SSH authentication Parameter timeout is timeout value valid range is 10 to 600 seconds Command m...

Page 43: ...ace vlan vlan id Function Enter the VLAN interface configuration mode the no operation of this command will delete the existing VLAN interface Parameters vlan id is the VLAN ID of an existing VLAN ran...

Page 44: ...dress Command ipv6 address ipv6address prefix length eui 64 no ipv6 address ipv6address prefix length eui 64 Function Configure aggregatable global unicast address site local address and link local ad...

Page 45: ...k Example Get IP address through BootP Switch config interface vlan 1 Switch Config if Vlan1 ip bootp client enable Switch Config if Vlan1 exit Switch config Relative command ip address ip dhcp client...

Page 46: ...ocate the problem causes Example Switch debug snmp mib 1 4 2 debug snmp kernel Command debug snmp kernel no debug snmp kernel Function Enable the SNMP kernel debugging the no debug snmp kernel command...

Page 47: ...errors 0 Number of requested variables 0 Number of altered variables 0 Get request PDUs 0 Get next PDUs 0 Set request PDUs 0 SNMP packets output 0 Too big errors Max packet size 1500 0 No such name er...

Page 48: ...or SNMP packets maximum packet size Maximum length of SNMP packets no such name errors Number of packets requesting for non existent MIB objects bad values errors Number of Bad_values error SNMP packe...

Page 49: ...ew name Notify View Notify view name no writeview specified No view name specified by the user 1 4 7 show snmp mib Command show snmp mib Function Display all MIB supported by the switch Command Mode A...

Page 50: ...e ID 1234567890 Auth Protocol MD5 Priv Protocol DES CBC Row status active Displayed Information Explanation User name User name Engine ID Engine ID Priv Protocol Employed encryption algorithm Auth Pro...

Page 51: ...for standard numeric ACL ranging between 1 99 name is the access class name for standard ACL the character string length is ranging between 1 32 ipv6 num std is the access class number for standard nu...

Page 52: ...proxy server function Command mode Global mode Default SNMP proxy server function is disabled by system default Usage guide To perform configuration management on the switch with network manage softw...

Page 53: ...ring access num std name ipv6 access ipv6 num std ipv6 name no snmp server group group string NoauthNopriv AuthNopriv AuthPriv access num std name ipv6 access ipv6 num std ipv6 name Function This comm...

Page 54: ...1 v2c versions this command configures the IPv4 or IPv6 address and Trap community character string of the network manage station receiving the SNMP Trap message And for v3 version this command is use...

Page 55: ...Command Mode Global Mode Parameter ipv4 address is NMS security IPv4 address point separated decimal format ipv6 address is NMS security IPv6 address colon separated hex format Usage Guide It is only...

Page 56: ...able OID as parameter But also supports the input using the node name of the parameter Example Create a view the name is readview including iso node but not including the iso 3 node Switch config snmp...

Page 57: ...n is selected the authentication must be done When deleting a user if correct username and incorrect group name is inputted the user can still be deleted Example Add a new user tester in the UserGroup...

Page 58: ...command supports command line hints namely if the user can enter commands in following forms copy filename ftp or copy ftp filename and press Enter following hints will be provided by the system ftp s...

Page 59: ...ddress is the IPv4 or IPv6 address of the TFTP server client hostname is the name of the host mapping with the IPv6 address it does not support the file download and upload with hosts mapping with IPv...

Page 60: ...er name password is the FTP user password ipv4address ipv6address is the IPv4 or IPv6 address of the FTP server Command Mode Admin Mode Example Browse the list of the files on the server with the FTP...

Page 61: ...ip ftp username username Function Configure the username and password for logging in to the FTP the no operation of this command will delete the configured username and password simultaneously Paramet...

Page 62: ...imeout Timeout time Retry Times Retransmission times 1 5 9 tftp server enable Command tftp server enable no tftp server enable Function Start TFTP server the no ftp server enable command shuts down TF...

Page 63: ...0 times Switch config Switch config tftp server retransmission number 10 1 5 11 tftp server transmission timeout Command tftp server transmission timeout seconds Function Set the transmission timeout...

Page 64: ...gy and re add this node But after being readded the candidate id of the switch might change The command can only be executed on commander switches Example Clear all candidate switch lists found by the...

Page 65: ...ember switches of the cluster Parameters commander ip cluster IP address pool for allocating internal IP addresses of the cluster commander ip is the head address of the address pool of which the vali...

Page 66: ...he one distributed by its commander Commander will send DP messages within the cluster once in every keepalive interval Members will respond to the received DP messages with DR messages The no operati...

Page 67: ...e loss count 5 2 7 cluster member Command cluster member nodes sn candidate sn list mac address mac addr id member id no cluster member id member id mac address mac addr Function On a commander switch...

Page 68: ...uring no cluster auto add Users need to change automatically added members to manually added ones to keep them Parameter None Default None Command Mode Global Mode Usage Guide Execute this command on...

Page 69: ...rivate route of the cluster Example Disable cluster function in the local switch Switch config no cluster run 2 11 cluster update member Command cluster update member member id src url dst filename as...

Page 70: ...being 1 src ul being ftp admin admin 192 168 1 1 nos img and dst url being nos img Switch cluster update member 1 ftp admin admin 192 168 1 1 nos img nos img 2 12 debug cluster Command debug cluster...

Page 71: ...the debug information of receiving DP messages Switch debug cluster packets DP receive 2 14 show cluster Command show cluster Function Display cluster information of the switch Command Mode Admin and...

Page 72: ...Configuration Mode Usage Guide Executing this command on a commander switch will display the configuration information of all cluster member switches Example Execute this command on a commander switc...

Page 73: ...min and Configuration Mode Usage Guide Executing this command on the switch will display the information of the candidate member switches Example Display configuration information of all cluster candi...

Page 74: ...x12 x 1 1 ES4626H LAB_SWITCH_1 CM 01 02 03 04 05 01 root root 2 ES4626H LAB_SWITCH_2 M 01 02 03 04 05 02 eth 1 1 eth 1 2 N 3 ES4626H LAB_SWITCH_3 CA 01 02 03 04 05 03 eth 1 1 eth 1 3 Y 4 ES4626H LAB_S...

Page 75: ...626H Hostname LAB_SWITCH_2 Upstream local port eth 1 1 Upstream node 01 02 03 04 05 01 Upstream remote port eth 1 2 Upstream speed 100full 2 18 rcommand commander Command rcommand commander Function I...

Page 76: ...This command can only be executed on commander switches Example In the commander switch enter the configuration interface of the member switch with mem id 1 Switch rcommand member 1 Chapter 3 Commands...

Page 77: ...forces use of fiber cable port sfp preferred auto for fiber cable port first Command mode Port Mode Default The default setting for combo mode of combo ports is fiber cable port first Usage Guide The...

Page 78: ...erface under Admin Mode to check for the active port of a combo port The following result indicates if the active port for a combo port is the fiber cable port Hardware is Gigabit combo active is fibe...

Page 79: ...not recommended unless the users need a slow speed low performance network with low packet loss Flow control will not work between different cards in the switch When enable the port flow control func...

Page 80: ...uto indicates auto identification of cable types across indicates crossover cable support only normal indicates straight through cable support only Command mode Port Mode Default Port cable type is se...

Page 81: ...iation is enabled by default Usage Guide This command applies to 1000Base FX interface only The negotiation command is not available for 1000Base TX or 100Base TX interface For combo port this command...

Page 82: ...ports in the switch i e enables broadcasts multicasts and unknown destination unicasts to pass through the switch at line speed Parameters use dlf to limit unicast traffic for unknown destination mul...

Page 83: ...dcast messages caused by a loop which affect the processing of other tasks of the switch the port will be shut down to guarantee the normal operation of the switch Example If users set the rate violat...

Page 84: ...a row the showing information include port number Link Protocl status Speed Duplex Vlan port type and port name counter packets show package number statistics of all ethernet ports include layer 2 un...

Page 85: ...d output rate 0 bytes sec 0 packets sec Input packets statistics 0 input packets 0 bytes 0 no buffer 0 unicast packets 0 multicast packets 0 broadcast packets 0 input errors 0 CRC 0 frame alignment 0...

Page 86: ...OUT bytes s 1 1 5m 13 473 12 345 678 12 345 1 234 567 5s 135 65 800 245 92 600 1 2 5m 0 0 0 0 5s 0 0 0 0 1 3 5m 0 0 0 0 5s 0 0 0 0 1 4 5m 0 0 0 0 5s 0 0 0 0 3 1 14 shutdown Command shutdown no shutdow...

Page 87: ...x mode force1g full for forced 1000Mbps at full duplex mode nonegotiate for disable auto negotiation for 1000 Mb port master to force the 1000Mb port to be master mode slave to force the 1000Mb port t...

Page 88: ...onnected to a 100M port the results of 4 5 and 7 8 will be of no meaning The result may have deviations according to the type of the twisted pair the temperature working voltage and other conditions W...

Page 89: ...tion groups can a switch have When the users need to change or redo the configuration of the port isolation group he can delete the existing group with the no operation of this command Example Create...

Page 90: ...ements When an Ethernet port is a member of more than one port isolate group it will be isolated from every port of all groups it belongs to Example Add Ethernet ports 1 1 2 and 1 5 into a port isolat...

Page 91: ...rol Command Mode Port Mode Usage Guide If there is any loopback the port will not recovery the state of be controlled after enabling control operation on the port If the overtime is configured the por...

Page 92: ...nk Switch Config If Ethernet1 2 switchport trunk allowed vlan all Switch Config If Ethernet1 2 loopback detection specified vlan 1 3 5 20 Switch Config If Ethernet1 2 no loopback detection specified v...

Page 93: ...The recovery time is a useful time for shutdown control mode because the port can keep on detection loopback in the other modes so suggest not to use this command Examples Enable automatic recovery of...

Page 94: ...sages and changing states Parameters None Command Mode Admin Mode Default Disabled by default Usage Guide Display the message sending receiving and state changes with this command Example Switch debug...

Page 95: ...ts which are available after ULDP is enabled this command should be issued in the port configuration mode to make ULDP be effect Example To enable ULDP in global configuration mode Switch config uldp...

Page 96: ...None Command Mode Global Configuration Mode and Port Configuration Mode Default Normal mode Usage Guide The ULDP working mode can be configured only if it is enabled globally When ULDP aggressive mod...

Page 97: ...ration Parameters recovery time is the time out value for the ULDP recovery timer Its value is limited between 30 and 86400 seconds Command Mode Global Configuration Mode Default 0 is set by default w...

Page 98: ...ULDP for the specified interface The no form of this command will disable the debugging information Parameters IFname is the interface name Command Mode Admin Configuration Mode Default Disabled by d...

Page 99: ...fter that Display the type and interface of the packet which receiving and sending on the client The no form command disables this function Parameter None Command Mode Admin Mode Default Disabled Usag...

Page 100: ...100 Default Disabled Usage Guide Use this command to display the Hello packet details receiving on the interface Ethernet 1 1 Switch debug uldp hello receive interface Ethernet 1 1...

Page 101: ...nd lldp enable lldp disable Function Enable the LLDP function module of ports in port configuration mode disable command will disable the LLDP function module of port Parameters None Default the LLDP...

Page 102: ...terval integer no lldp tx interval Function Set the interval of sending update messages on all the ports with LLDP function enabled the value of which ranges from 5 to 32768 seconds and is 30 seconds...

Page 103: ...multiplier as 6 Switch config lldp msgTxHold 6 7 6 lldp transmit delay Command lldp transmit delay seconds no lldp transmit delay Function Since local information might change frequently because of th...

Page 104: ...and lldp trap enable disable Function enable configure to enable the Trap function on the specified port disable configure to disable the Trap function on the specified port Parameters None Default Th...

Page 105: ...ntries ranging from 5 to 500 Default The maximum number of entries can be stored in Remote MIB is 100 Command Mode Port Configuration Mode Usage Guide The maximum number of entries can be stored in Re...

Page 106: ...ldp Example Check the configuration information of global LLDP after it is enabled on the switch Switch config show lldp LLDP GLOBAL INFORMATIONS LLDP enabled port Ethernet 1 1 LLDP interval 30 LLDP t...

Page 107: ...ig show lldp interface ethernet 1 1 Port name ethernet 1 1 LLDP Agent Adminstatus Both LLDP Operation TLV portDecs sysName sysDesc sysCap LLDP Trap Status disable LLDP maxRemote 100 LLDP Overflow hand...

Page 108: ...nterface Ethernet1 2 debug lldp packets interface Ethernet1 3 debug lldp packets interface Ethernet1 4 debug lldp packets interface Ethernet1 5 END OF DEBUG SETTINGS 7 17 debug lldp Command debug lldp...

Page 109: ...is enabled users can check the receiving and sending of packets and other information on the port Example Enable the debug switch of LLDP function on the switch Switch config debug lldp packets inter...

Page 110: ...sage Guide On entering aggregated port mode configuration to GVRP or spanning tree modules will apply to aggregated ports if the aggregated port does not exist i e ports have not been aggregated an er...

Page 111: ...g to destination IP src ip performs load balancing according to source IP dst src ip performs load balancing according to destination and source IP If a port group has formed a port channel the load b...

Page 112: ...tch Config If Ethernet1 1 port group 1 mode active 8 5 show port group Command show port group port group number brief detail load balance port port channel Parameters port group number is the group n...

Page 113: ...d 32768 1 ACDEF Ethernet1 6 Selected 32768 1 ACDEF Ethernet1 7 Selected 32768 1 ACDEF Ethernet1 8 Selected 32768 1 ACDEF Ethernet1 20 Unselected 32768 1 ACG Ethernet1 23 Standby 32768 1 AC Remote Acto...

Page 114: ...ctor part Administrative Operational port number 1 port priority 0x8000 aggregator id 0 port key 0x0100 0x0101 port state LACP activety 1 LACP timeout Aggregation 1 1 Synchronization Collecting Distri...

Page 115: ...ion Synchronization Whether port is synchronized with the partner end Collecting Whether status of port bound status machine is collecting or not Distributing Whether status of port bound status machi...

Page 116: ...nnel does not exist the above information will not be displayed Number of port Port number in the port channel Standby port Port that is in standby status which means the port is qualified to join the...

Page 117: ...size is 9018 9022 Default Jumbo function not enabled by default Command Mode Global Mode Usage Guide Set switch of both ends jumbo necessarily or jumbo frame will be dropped at the switch has not be s...

Page 118: ...port 10 Switch config gvrp Switch config interface ethernet 1 10 Switch Config If Ethernet1 10 gvrp Switch config exit 10 1 3 garp timer hold Command garp timer hold timer value no garp timer hold Fu...

Page 119: ...garp timer leave command restores the default timer setting Parameter timer value is the value for leave timer the valid range is 100 to 327650 ms Command mode Port Mode Default The default value for...

Page 120: ...s vlan name is the specified name string Command Mode VLAN Configuration Mode Default The default VLAN name is vlanXXX where xxx is VID Usage Guide The switch can specify names for different VLANs mak...

Page 121: ...an primary Note This will remove all the ports from vlan 100 Switch Config Vlan100 exit Switch config vlan 200 Switch Config Vlan200 private vlan isolated Note This will remove all the ports from vlan...

Page 122: ...t to be displayed Command mode Admin Mode and other configuration Mode Usage Guide N A Example Display global GARP information Switch show garp 10 1 11 show gvrp Command show gvrp interface name Funct...

Page 123: ...1 default Static ENET Ethernet1 1 Ethernet1 2 Ethernet1 3 Ethernet1 4 Ethernet1 9 Ethernet1 10 Ethernet1 11 Ethernet1 12 2 VLAN0002 Static ENET Ethernet1 5 Ethernet1 6 Ethernet1 7 Ethernet1 8 Switch...

Page 124: ...annel interface name interface list Function Specify Ethernet port to VLAN the no switchport interface ethernet portchannel interface name interface list command deletes one or one set of ports from t...

Page 125: ...rnet1 8 exit 10 1 16 switchport trunk allowed vlan Command switchport trunk allowed vlan WORD all add WORD except WORD remove WORD no switchport trunk allowed vlan Function Set trunk port to allow VLA...

Page 126: ...port trunk native vlan 100 Switch Config If Ethernet1 5 exit 10 1 18 vlan Command vlan WORD no vlan WORD Function Create VLANs and enter VLAN configuration mode If using and connect with multi VLANs t...

Page 127: ...ngress rule Command mode Global Mode Default VLAN ingress rules are enabled by default Usage Guide When VLAN ingress rules are enabled on the port when the system receives data it will check source po...

Page 128: ...ss does aging when the aging time is set to 0 Example Set the aging time to 600 seconds Switch config mac address table aging time 600 11 1 2 mac address table static blackhole Command mac address tab...

Page 129: ...em default Example Port 1 1 belongs to VLAN200 and establishes address mapping with MAC address 00 03 0f f0 00 18 Switch config mac address table static address 00 03 0f f0 00 18 vlan 200 interface et...

Page 130: ...n port1 Switch clear port security dynamic interface Ethernet 1 1 11 2 2 mac address table periodic monitor time Command mac address table periodic monitor time 5 86400 Function Set the MAC monitor in...

Page 131: ...ure port MAC address information Example Switch show port security Security Port MaxSecurity Addr CurrentAddr Security Action count count Ethernet1 1 1 1 Protect Ethernet1 3 10 1 Protect Ethernet1 5 1...

Page 132: ...Type Ports 1 0000 0000 1111 SecureConfigured Ethernet1 1 Total Addresses 1 Displayed information Explanation Vlan The VLAN ID for the secure MAC Address Mac Address Secure MAC address Type Secure MAC...

Page 133: ...rrent secure static MAC address number for the port Lock Timer Whether locking timer timer timeout is enabled for the port Mac Learning function Is the MAC address learning function enabled 11 2 7 swi...

Page 134: ...not reserve configuration Example Converting MAC addresses in port 1 to static secure MAC addresses Switch config interface Ethernet 1 1 Switch Config If Ethernet1 1 switchport port security convert...

Page 135: ...ecure MAC addresses for a port the no switchport port security maximum command restores the maximum secure address number of 1 Command mode Port Mode Parameter value is the up limit for static secure...

Page 136: ...chport port security violation Command switchport port security violation protect shutdown no switchport port security violation Function Configure the port violation mode The no switchport port secur...

Page 137: ...egion configuration quit MSTP region mode and return to global mode Command mode MSTP Region Mode Usage Guide This command is to quit MSTP region mode with saving the current configuration Example Qui...

Page 138: ...4 Example Map VLAN1 10 and VLAN 100 110 to Instance 1 Switch config spanning tree mst configuration Switch Config Mstp Region instance 1 vlan 1 10 100 110 12 1 4 name Command name name no name Functio...

Page 139: ...led in all the ports except for the ports which are set to disable the MSTP explicitly Example Enable the MSTP in global mode and disable the MSTP in the interface1 2 Switch config spanning tree Switc...

Page 140: ...1 0 seconds Bridge_Max_Age Bridge_Max_Age 2 Bridge_Hello_Time 1 0 seconds Example Set MSTP hello time to 5 seconds in global mode Switch config spanning tree hello time 5 12 1 9 spanning tree link ty...

Page 141: ...age 25 12 1 11 spanning tree max hop Command spanning tree max hop hop count no spanning tree max hop Function Set maximum hops of BPDU in the MSTP region the command no spanning tree max hop restores...

Page 142: ...stores the default setting Parameter mstp sets the switch in IEEE802 1s MSTP mode stp sets the switch in IEEE802 1D STP mode rstp sets the switch in IEEE802 1D RSTP mode Command mode Global Mode Defau...

Page 143: ...ance the command no spanning tree mst instance id cost restores the default setting Parameter instance id sets the instance ID The valid range is from 0 to 64 cost sets path cost The valid range is fr...

Page 144: ...Set the port priority as 32 on the port 1 2 for the instance 1 Switch config interface ethernet 1 2 Switch Config If Ethernet1 2 spanning tree mst 1 port priority 32 12 1 17 spanning tree mst priority...

Page 145: ...etwork Example Enable rootguard function for port 1 2 in instance 0 Switch config interface ethernet 1 2 Switch Config If Ethernet1 2 spanning tree mst 0 rootguard Switch Config If Ethernet1 2 12 1 19...

Page 146: ...with products of other companies The no command restores the default format Parameter standard The packet format provided by IEEE privacy Privacy packet format which is compatible with CISCO equipment...

Page 147: ...mand no spanning tree digest snooping restores to use the port generated authentication string Parameter None Command mode Port Mode Default Don t use the authentication string of partner port Usage G...

Page 148: ...to switch from one spanning tree branch to another rapidly the disable mode is not recommended Example Configure the spanning tree flush mode once the topology changes is not flush to TC Switch confi...

Page 149: ...list detail Function Display the MSTP Information Parameter interface list sets interface list instance id sets the instance ID The valid range is from 0 to 64 detail sets the detailed spanning tree i...

Page 150: ...Instance 3 Ethernet1 1 Ethernet1 2 Total 2 PortName ID IntRPC State Role DsgBridge DsgPort Ethernet1 1 128 001 0 FWD MSTR 0 00030f010e30 128 001 Ethernet1 2 128 002 0 BLK ALTR 0 00030f010e30 128 002 I...

Page 151: ...tance PortName Port name ID Port priority and port index ExtRPC Port cost to the root of the entire network IntRPC Cost from the current port to the region root of the current instance State Port stat...

Page 152: ...guration of the current MSTP region such as MSTP name revision VLAN and instance mapping Note Before quitting the MSTP region mode the displayed parameters may not be effective Example Display the con...

Page 153: ...nterface e1 1 Chapter 13 Commands for QoS 13 1 class Command class class map name no class class map name Function Associates a class to a policy map and enters the policy class map mode the no class...

Page 154: ...ch standard of the class map the no form of this command deletes the specified match standard Parameter access group acl index or name match specified IP ACL or MAC ACL the parameters are the number o...

Page 155: ...e is taking effect by default when startup message will rewrite cos field according to cos dscp cos dscp mutation rewrite dscp value according to cos dscp Ingress cos value is the port default cos Exa...

Page 156: ...nge packet CoS value port priority cos assigns a priority to the physical port cos is the priority to be assigned Priority of all incoming packets through the port will be set to this cos value This i...

Page 157: ...rt Example Configuring Ethernet port 1 1 to trust DSCP using DSCP mutation mapping of mu1 Switch config interface ethernet 1 1 Switch Config If Ethernet1 1 mls qos trust dscp pass through cos Switch C...

Page 158: ...list is a list of DSCP values containing up to 8 DSCP values mark down dscp are DSCP value after mark down Default Default mapping values are Default CoS to DSCP Map CoS Value 0 1 2 3 4 5 6 7 DSCP Val...

Page 159: ...Example Setting the bandwidth for packets that matching c1 class rule to 20 Mbps with a burst value of 2 MB all packets exceed this bandwidth setting will be dropped Switch config policy map p1 Switc...

Page 160: ...named p1 Switch config policy map p1 Switch Config PolicyMap p1 exit Switch config no policy map p1 13 12 priority queue out Command priority queue out no priority queue out Function Configure the deq...

Page 161: ...olicy Class map Mode Usage Guide Only the classified traffic which matches the matching standard will be assigned with the new values Note ipv6 flowlabel configuration is not supported by this switch...

Page 162: ...ort1 1 Switch config interface ethernet 1 1 Switch Config If Ethernet1 1 service policy input p1 13 16 show class map Command show class map class map name Function Displays class map of QoS Parameter...

Page 163: ...meters interface id is the port ID buffers is the queue buffer setting on the port policy is the policy setting on the port queuing is the queue setting for the port statistics is the number of packet...

Page 164: ...mls qos interface queuing ethernet 1 2 Cos queue map Cos 0 1 2 3 4 5 6 7 Queue 1 1 2 2 3 3 4 4 Queue and weight type Port q1 q2 q3 q4 QType 1 2 4 8 WRR Displayed information Explanation Cos queue map...

Page 165: ...ion information for QoS Parameters cos dscp CoS for CoS DSCP inside cos queue CoS for wrr queue dscp cos DSCP inside for DSCP CoS dscp mutation dscp mutation name for DSCP DSCP mutation dscp mutation...

Page 166: ...8 19 2 20 21 22 23 24 25 26 27 28 29 3 30 31 32 33 34 35 36 37 38 39 4 40 41 42 43 44 45 46 47 48 49 5 50 51 52 53 54 55 56 57 58 59 6 60 61 62 63 13 20 show mls qos Command show mls qos Function Disp...

Page 167: ...ues can be set 0 and the queues which be set to 0 are at back Example Setting the bandwidth weight proportion of the four queue out to be 1 2 3 4 Switch config wrr queue bandwidth 1 2 3 4 13 22 wrr qu...

Page 168: ...access group aclname redirect command is used to delete flow based redirection Flow based redirection function enables the switch to transmit the data frames meeting some special condition to another...

Page 169: ...pecified Parameters vlan id is the VLAN ID of the established VLAN ranging from 1 to 4094 Default No Layer 3 interface is configured upon switch shipment Command mode Global Mode Usage Guide When crea...

Page 170: ...net management Furthermore the switch also provides BOOTP DHCP manner to get IP address Example The IP address of switch VLAN1 interface is set to 192 168 1 10 24 Switch Config if Vlan1 ip address 192...

Page 171: ...ffic IP statistics Rcvd 3249810 total 3180 local destination 0 header errors 0 address errors 0 unknown protocol 0 discards Frags 0 reassembled 0 timeouts 0 fragment rcvd 0 fragment dropped 0 fragment...

Page 172: ...t rcvd 0 fragment dropped 0 fragmented 0 couldn t fragment 0 fragment sent Fragmentation statistics number of packets reassembled timeouts fragments received fragments discarded packets that cannot be...

Page 173: ...segment packeage number passive connection number Retransfer packeage number retransfer the time of timer Retransfer the max time is allowed by timer retransfer the min time is allowed by timer UDP st...

Page 174: ...ugh the OSPF protocol A OSPF ASE Route introduced by OSPF B BGP derived BGP route acquired by the BGP protocol Destination Target network Mask Target network mask Nexthop Next hop IP address Interface...

Page 175: ...rc fe80 203 fff fe01 2786 Source IPv6 address Dst fe80 1 Destination IPv6 address size 64 Size of data report proto 58 Protocol field in IPv6 header from Vlan1 IPv6 data report is collected from Layer...

Page 176: ...IPv6 ND messages while no specification means to disable that for all five types of ND message Parameter None Default The debug of receiving and sending operations for all five types of IPv6 ND messag...

Page 177: ...s between 3 128 eui 64 means IPv6 address is generated automatically based on eui64 interface identifier of the interface Command Mode Interface Configuration Mode Default None Usage Guide IPv6 addres...

Page 178: ...arameter parameter seconds is the time interval of sending Neighbor Solicitation Message seconds value must be between 1 3600 seconds no command restores the default value 1 second Command Mode Interf...

Page 179: ...brief is the brief summarization of IPv6 status and configuration and parameter interface name is Layer 3 interface name Default None Command Mode Admin and Configuration Mode Usage Guide If only brie...

Page 180: ...up up Layer 3 interface status dev index Internal index No fe80 203 fff fe00 10 Automatically configured IPv6 address of Layer 3 interface 3001 1 Configured IPv6 address of Layer 3 interface 15 2 11...

Page 181: ...ffe 3240 800d 1 64 via Vlan1 1024 O 3ffe 3240 800d 2 64 via Vlan2 1024 O 3ffe 3240 800d 10 64 via Vlan12 1024 O 3ffe 3240 800d 20 64 via fe80 20c ceff fe13 eac1 Vlan12 1024 C fe80 64 via Vlan1 256 C f...

Page 182: ...ss Hardware Addr Interface Port State 2002 ca60 c801 1 250 baff fef2 a4f4 00 50 ba f2 a4 f4 Vlan1 Ethernet1 2 reachable 3ffe 3240 800d 1 100 00 03 0f 01 27 86 Vlan1 Ethernet1 3 reachable 3ffe 3240 800...

Page 183: ...on Mode Example Switch show ipv6 traffic IP statistics Rcvd 90 total 17 local destination 0 header errors 0 address errors 0 unknown protocol 13 discards Frags 0 reassembled 0 timeouts 0 fragment rcvd...

Page 184: ...tion ipv6 enable has been on IPv6 transmission switch is at on status 15 3 Commands for ARP Configuration 15 3 1 arp Command arp ip_address mac_address interface ethernet portName no arp ip_address Fu...

Page 185: ...tch of APR state changing of the switch Default ARP debug is disabled by default Command mode Admin Mode Usage Guide Display contents for ARP packets received sent including type source and destinatio...

Page 186: ...ddr Interface Port Flag 50 1 1 6 00 0a eb 51 51 38 Vlan50 Ethernet1 11 Dynamic 50 1 1 9 00 00 00 00 00 09 Vlan50 Ethernet1 1 Static 150 1 1 2 00 00 58 fc 48 9f Vlan150 Ethernet1 4 Dynamic Displayed in...

Page 187: ...r box switches this command will only show statistics of APP messages received and sent from the current boardcard Command mode Admin and Config Mode Usage Guide Display statistics information of rece...

Page 188: ...reset to its default attribute that is Untrust port Example Enable the ARP scanning prevention function of the switch Switch config anti arpscan enable 16 2 anti arpscan port based threshold Command...

Page 189: ...the threshold of IP based ARP scanning prevention as 6 packets second Switch config anti arpscan ip based threshold 6 16 4 anti arpscan trust Command anti arpscan trust port supertrust port no anti a...

Page 190: ...ommand Mode Global configuration mode User Guide If a port is configured as a trusted port then the ARP scanning prevention function will not deal with this port even if the rate of received ARP messa...

Page 191: ...i arpscan log enable no anti arpscan log enable Function Enable ARP scanning prevention log function no anti arpscan log enable command will disable this function Parameters None Default Settings Enab...

Page 192: ...isplay the operation information of ARP scanning prevention function Parameters None Default Settings Display every port to tell whether it is a trusted port and whether it is closed If the port is cl...

Page 193: ...10 untrust N 0 Ethernet4 11 untrust N 0 Ethernet4 12 untrust N 0 Ethernet4 13 untrust N 0 Ethernet4 14 untrust N 0 Ethernet4 15 untrust N 0 Ethernet4 16 untrust N 0 Ethernet4 17 untrust N 0 Ethernet4...

Page 194: ...switch of ARP scanning prevention Command Mode Admin Mode User Guide After enabling debug switch of ARP scanning prevention users can check corresponding debug information or enable the port based or...

Page 195: ...timer or create a new item so the current ARP item keep unchanged and the new item can still be learned Example Switch Config if Vlan1 ip arp security updateprotect Switch config ip arp security updat...

Page 196: ...which in combination with disabling automatic learning can prevent ARP binding Once implemented this command will lose its effect Example Switch Config if Vlan1 ip arp security convert Switch config i...

Page 197: ...RP GUARD will be filtered If the source IP addresses of the ARP messagse match the ARP GUARD address configured on this port these messages will be judged as ARP cheating messages which will be direct...

Page 198: ...s in the switch will be enabled to send gratuitous ARP request If gratuitous ARP is configured in interface configuration mode then only the specified interface is able to send gratuitous ARP requests...

Page 199: ...on about gratuitous ARP configuration in both global and interface configuration modes Switch show ip gratuitous arp Gratuitous ARP send is Global enabled Interval Time is 300 s Gratuitous ARP send en...

Page 200: ...at have a binding record Command mode Admin Mode Usage Guide show ip dhcp binding command can be used to view binding information for IP addresses and corresponding DHCP client hardware addresses If t...

Page 201: ...statistics can be viewed with show ip dhcp server statistics command all information is accumulated You can use the clear ip dhcp server statistics command to clear the count for easier statistics ch...

Page 202: ...decimal format Default No default gateway is configured for DHCP clients by default Command Mode DHCP Address Pool Mode Usage Guide The IP address of default gateway s should be in the same subnet as...

Page 203: ...foxgate ua 20 1 10 hardware address Command hardware address hardware address Ethernet IEEE802 type number no hardware address Function Specifies the hardware address of the user when binding address...

Page 204: ...nding addresses manually If the identifier or hardware address of the requesting client matches the specified identifier or hardware address the DHCP server assigns the IP address defined in host comm...

Page 205: ...ral consecutive addresses in the pool from being assigned dynamically so that those addresses can be used by the administrator for other purposes Example Reserving addresses from 10 1 128 1 to 10 1 12...

Page 206: ...tection enable Related Command ip dhcp conflict logging ip dhcp ping packets ip dhcp ping timeout 20 1 16 ip dhcp ping packets Command ip dhcp ping packets request num no ip dhcp ping packets Function...

Page 207: ...setting Parameters days is number of days from 0 to 365 hours is number of hours from 0 to 23 minutes is number of minutes from 0 to 59 infinite means perpetual use Default The default lease duration...

Page 208: ...is the node type in Hex from 0 to FF Default No client node type is specified by default Command Mode DHCP Address Pool Mode Usage Guide If client node type is to be specified it is recommended to set...

Page 209: ...ss workstations that need to download configuration files from the server on boot up This command is used together with bootfile Example Setting the hosting server address as 10 1 128 4 Switch dhcp 1...

Page 210: ...1 25 show ip dhcp binding Command show ip dhcp binding ip addr type all manual dynamic count Function Displays IP MAC binding information Parameters ip addr is a specified IP address in decimal format...

Page 211: ...Address Conflicting IP address Detection method Method in which the conflict is detected Detection Time Time when the conflict is detected 20 1 27 show ip dhcp server statistics Command show ip dhcp...

Page 212: ...dresses whose leases are expired Malformed message Number of error messages Message Received Statistics for DHCP packets received BOOTREQUEST Total packets received DHCPDISCOVER Number of DHCPDISCOVER...

Page 213: ...6 server will not remove its bind for this address In this situation the address binding information can be removed manually through this command and if no parameter is appended this command will remo...

Page 214: ...ug information of all kinds of packets received or sent by DHCPv6 the no form of this command disabled this function Default Disabled Command Mode Admin Mode Example Switch debug ipv6 dhcp detail 21 5...

Page 215: ...Server address of DHCPv6 client as 2001 da8 1 Switch dhcp 1 config dns server 2001 da8 1 21 8 domain name Command domain name domain name no domain name domain name Function To configure domain name...

Page 216: ...ing with its length no more than 32 designating or manual configuring the name of the address prefix defined in the prefix pool ipv6 prefix prefix length is latter part of the IPv6 address excluding t...

Page 217: ...alid IPv6 address This command is exclusive with ipv6 dhcp server If the prefix delegation client is disabled for an interface then the address prefix which is get from this interface through prefix d...

Page 218: ...is the address pool name of DHCPv6 with its length no more than 32 Default Any DHCPv6 address pool are not configured by default Command Mode Global Mode Usage Guide This command should be launched in...

Page 219: ...nce 80 rapid commit allow hint 21 16 ipv6 general prefix Command ipv6 general prefix prefix name ipv6 prefix prefix length no ipv6 general prefix prefix name Function To define an IPv6 general prefix...

Page 220: ...delegation pool command to allocate address prefixes to the clients If IPv6 prefix delegation is removed the associated prefix delegation command will be in effective either 21 18 lifetime Command li...

Page 221: ...ommand Mode DHCPv6 Address Pool Configuration Mode Usage Guide This command configures the address pool for the DHCPv6 server to allocate addresses only one address range can be configured for each ad...

Page 222: ...ty than the prefix address pool Example The following command will allocate 2001 da8 48 to the client with DUID as 0001000600000005000BBFAA2408 and IAID as 12 Switch dhcp 1 config prefix delegation 20...

Page 223: ...obal Mode Usage Guide The DHCPv6 services include DHCPv6 server function DHCPv6 relay function DHCPv6 prefix delegation function All of the above services are configured on ports Only when DHCPv6 serv...

Page 224: ...lifetime 604800 seconds valid lifetime 2592000 seconds Lease obtained at Jan 01 01 34 44 1970 Lease expires at Jan 31 01 34 44 1970 2592000 seconds left The number of DHCPv6 bindings is 1 21 25 show...

Page 225: ...y and the length less than 32 characters If the poolname parameter is not provided then all the DHCPv6 address pool information will be shown Command Mode Admin and Configuration Mode Usage Guide To d...

Page 226: ...Y 0 DHCP6RENEW 0 DHCP6REBIND 0 DHCP6RELEASE 0 DHCP6DECLINE 0 DHCP6CONFIRM 0 DHCP6RECONFIGURE 0 DHCP6INFORMREQ 0 DHCP6RELAYFORW 0 DHCP6RELAYREPLY 0 Message Send DHCP6SOLICIT 0 DHCP6ADVERTISE 0 DHCP6REQ...

Page 227: ...FIGURE packets DHCP6INFORMREQ The number of DHCPv6 INFORMREQ packets DHCP6RELAYFORW The number of DHCPv6 RELAYFORW packets DHCP6RELAYREPLY The number of DHCPv6 RELAYREPLY packets Message Send The stat...

Page 228: ...ion Mode Usage Guide To show the IPv6 general prefix pool information include the prefix number in general prefix pool the name of every prefix the interface of prefix obtained and the prefix value Ex...

Page 229: ...acket Command debug ip dhcp snooping packet no debug ip dhcp snooping packet Function This command is used to enable the DHCP SNOOPING debug switch to debug the message processing procedure of DHCP SN...

Page 230: ...utputting the state of checking binding data and executing port action and so on 22 5 debug ip dhcp snooping binding Command debug ip dhcp snooping binding no debug ip dhcp snooping binding Function T...

Page 231: ...he DHCP SNOOPING function is enabled the binding function can be enabled Example Enable the DHCP Snooping binding funciton switch config ip dhcp snooping binding enable Relative Command ip dhcp snoopi...

Page 232: ...binding arp This command is not supported by switch 22 10 ip dhcp snooping binding dot1x Command ip dhcp snooping binding dot1x no ip dhcp snooping binding dot1x Function Enable the DHCP Snooping bind...

Page 233: ...x 22 12 ip dhcp snooping binding user control max user Command ip dhcp snooping binding user control max user number no ip dhcp snooping binding user control max user Function Set the max number of us...

Page 234: ...ode Default Settings By default all ports are non trusted ports Usage Guide Only when DHCP Snooping is globally enabled can this command be set When a port turns into a trusted port from a non trusted...

Page 235: ...cp snooping action blackhole recovery 30 22 15 ip dhcp snooping action MaxNum Command ip dhcp snooping action maxNum default Function Set the number of defense action that can be simultaneously take e...

Page 236: ...ction Parameters None Default Settings Option 82 function is disabled in DHCP Snooping by default Command Mode Global Configuration Mode Usage Guide Only by implementing this command can DHCP Snooping...

Page 237: ...ion provided by the option82 field And users can retrieve different IP addresses before and after authentication When this command is applied DHCP relay should not be configured on the truck switch wh...

Page 238: ...However if TrustView is applied version two should be applied Example To configure the switch choose private packet version two to communicate with FOXGATE inter security management background system...

Page 239: ...ges this configuration should be updated in time Example Set the local management IP address as 100 1 1 1 primary HELPER SERVER address as 100 1 1 100 and the port as default value switch config inter...

Page 240: ...g interface ethernet interfaceName Function Display the current cofiguration information of dhcp snooping or display the records of defense actions of a specific port Parameters interfaceName The name...

Page 241: ...ntrust none 0second 0 0 Ethernet1 19 untrust none 0second 0 0 Ethernet1 20 untrust none 0second 0 0 Ethernet1 21 untrust none 0second 0 0 Ethernet1 22 untrust none 0second 0 0 Ethernet1 23 untrust non...

Page 242: ...eds to notify the helper server about the information but the helper server has not acknowledged it request binding The number of REQUEST information interface The name of port trust The truest attrib...

Page 243: ...inding The expired binding information Request Binding REQUEST information 22 24 show ip dhcp snooping binding all Command show ip dhcp snooping binding all Function Display the current global binding...

Page 244: ...ernet1 5 1 SL 00 00 00 00 00 16 192 168 40 16 Ethernet1 5 1 SL The flag explanation of the binding state S The static binding is configured by shell command D The dynamic binding type U The binding is...

Page 245: ...sage The format of option1 in option 82 Circuit ID option is standard vlan name plus physical port name like vlan1 ethernet1 12 That of option2 in option 82 remote ID option is CPU MAC of the switch l...

Page 246: ...st source host address destination multicast destination address destination wildcard multicast destination address wildcard character destination host ip multicast destination host address Default No...

Page 247: ...host ip multicast destination host address Default None Command Mode Global Mode Usage Guide ACL of Multicast source control list item is controlled by specifical ACL number from 5000 to 5099 the comm...

Page 248: ...icast destination control access list used on specified net segment the no ip multicast destination control IPADDRESS M access group 6000 7999 command deletes this configuration Parameter IPADDRESS M...

Page 249: ...led for adding the members to multicast group If configuring multicast destination control to source MAC address of transmitted igmp report and match configured access list such as matching permit the...

Page 250: ...item and then they will be thrown away by switches namely only multicast data matching to PERMIT can be received and forwarded Example Switch config ip multicast source control 24 1 8 ip multicast sou...

Page 251: ...stination control Command show ip multicast destination control detail show ip multicast destination control interface Interfacename detail show ip multicast destination control host address ipaddress...

Page 252: ...p any host destination 224 1 1 1 access list 6000 deny ip host 2 1 1 1 any destination access list 6001 deny ip host 2 1 1 1 225 0 0 0 0 255 255 255 access list 6002 permit ip host 2 1 1 1 225 0 0 0 0...

Page 253: ...0 0 255 255 255 24 1 14 show ip multicast source control access list Command show ip multicast source control access list show ip multicast source control access list 5000 5099 Function Display sourc...

Page 254: ...te mrouter port in vlan 1 Switch clear ip igmp snooping vlan 1 mrouter port Relative Command show ip igmp snooping mrouter port 24 2 3 debug igmp snooping all packet event timer mfc Command debug igmp...

Page 255: ...command disables the IGMP Snooping function for the specified VLAN Parameter vlan id is the VLAN number Command mode Global Mode Default IGMP Snooping is disabled by default Usage Guide To configure...

Page 256: ...ng this command IGMP Snooping function will not be disabled when disabling the layer 2 general querier function This command is mainly for sending general queries regularly to help switches within thi...

Page 257: ...This command is used to query the layer 2 version number Example Switch config ip igmp snooping vlan 2 L2 general query version 2 24 2 10 ip igmp snooping vlan limit Command ip igmp snooping vlan vla...

Page 258: ...l ifname Function Configure static mrouter port of VLAN The no form of the command cancels this configuration Parameter vlan id ranging between 1 4094 ehternet Name of Ethernet port ifname Name of int...

Page 259: ...le Switch config ip igmp snooping vlan 2 query interval 130 24 2 14 ip igmp snooping vlan query mrsp Command ip igmp snooping vlan vlan id query mrsp value no ip igmp snooping vlan vlan id query mrsp...

Page 260: ...vlan id VLAN ID range 1 4094 A B C D IP address can be 0 0 0 0 Command Mode Global Mode Default Disabled Usage Guide Default configuration is recommended here If IGMP snooping needs to be configured...

Page 261: ...vlan vlan id suppression query time command restores to the default value Parameter vlan id VLAN ID ranging between 1 4094 value ranging between 1 65535 seconds Command Mode Global mode Default 255s...

Page 262: ...enabled with igmp snooping function whether they are l2 general querier 2 Display the IGMP Snooping summary messages of vlan1 Switch show ip igmp snooping vlan 1 Igmp snooping information for vlan 1 I...

Page 263: ...se time of the VLAN Igmp snooping robustness IGMP Snooping robustness configured on the VLAN Igmp snooping mrouter port keep alive time keep alive time of dynamic mrouter of the VLAN Igmp snooping que...

Page 264: ...vlan 1 4094 mrouter port Command clear ipv6 mld snooping vlan 1 4094 mrouter port ethernet IFNAME IFNAME Function Delete the mrouter port of the specific VLAN Parameters 1 4094 the specific VLAN ID et...

Page 265: ...nfigured with MLD Snooping the no form of this command will disable MLD Snooping on all the VLANs as well as the global MLD snooping Example Enable MLD Snooping under global mode Switch config ipv6 ml...

Page 266: ...l querier Function Set the VLAN to Level 2 general querier Parameter vlan id is the id number of the VLAN with a valid range of 1 4094 Command Mode Global Mode Default VLAN is not a MLD Snooping L2 ge...

Page 267: ...D is in operation please make this configuration in accordance with the MLD configuration as possible Example Switch config ipv6 mld snooping vlan 2 limit group 300 25 1 9 ipv6 mld snooping vlan mrout...

Page 268: ...alue query interval valid range 1 65535 secs Command Mode Global Mode Default 125s Usage Guide It is recommended to use default value and if layer 3 MLD is in operation please make this configuration...

Page 269: ...c group Command ipv6 mld snooping vlan vlan id static group X X X X source X X X X interface ethernet port channel IFNAME no ipv6 mld snooping vlan vlan id static group X X X X source X X X X interfac...

Page 270: ...n the same segment must be in accordance It is recommended to use the default value Example Switch config ipv6 mld snooping vlan 2 suppression query time 270 25 1 16 show ipv6 mld snooping Command sho...

Page 271: ...g max reponse time 10 s Mld snooping robustness 2 Mld snooping mrouter port keep alive time 255 s Mld snooping query suppression time 255 s MLD Snooping Connect Group Membership Note All Source S Incl...

Page 272: ...nooping query suppression time timeout of the VLAN as l2 general querier at suppressed status MLD Snooping Connect Group Membership Group membership of the VLAN namely the correspondence between the p...

Page 273: ...Switch config vlan 2 Switch Config Vlan2 multicast vlan 26 2 multicast vlan association Command multicast vlan association vlan list no multicast vlan association vlan list Function Associate several...

Page 274: ...Sunday end_time no periodic Monday Tuesday Wednesday Thursday Friday Saturd ay Sunday daily weekdays weekend start_time to end_time Functions Define the time range of different commands within one we...

Page 275: ...7 2 absolute start Command no absolute start start_time start_data end end_time end_data Functions Define an absolute time range this time range operates subject to the clock of this equipment Paramet...

Page 276: ...time range name access list num deny permit udp sIpAddr sMask any source host source sIpAddr s port sPort range sPortMin sPortMax dIpAddr dMask any destination host destination dIpAddr d port dPort r...

Page 277: ...epresent the type of IGMP packet and usual values please refer to the following description 17 0x11 IGMP QUERY packet 18 0x12 IGMP V1 REPORT packet 22 0x16 IGMP V2 REPORT packet 23 0x17 IGMP V2 LEAVE...

Page 278: ...0 255 255 27 5 access list mac extended Command access list num deny permit any source mac host source mac host_smac smac smac mask any destination mac host destination mac host_dmac dmac dmac mask u...

Page 279: ...num deny permit any source mac host source mac host_smac smac smac mask any destination mac host destination mac host_dmac dmac dmac mask igmp source source wildcard any source host source source host...

Page 280: ...ss protocol No of name or IP protocol It can be a key word eigrp gre icmp igmp igrp ip ipinip ospf tcp or udp or an integer from 0 255 of list No of IP address Use key word ip to match all Internet pr...

Page 281: ...the serial number is created then the lists are added into this ACL the access list which marked 3200 3299 can configure not continual reverse mask of IP address Examples Permit the passage of TCP pa...

Page 282: ...nterface Switch clear access group statistic 27 9 firewall Command firewall enable disable Functions Enable or disable firewall Parameters enable means to enable of firewall disable means to disable f...

Page 283: ...fault No access list is configured by default Usage Guide When this command is issued for the first time an empty access list will be created Example To create a extended IP access list name tcpFlow S...

Page 284: ...access list configured Usage Guide Creates a numbered 520 standard IP access list first time the following configuration will add to the current access list Examples Creates a numbered 520 standard IP...

Page 285: ...can bind ingress rules Note when a ACL has multiple rules traffic statistic can t configure There are four kinds of packet head field based on concerned MAC ACL IP ACL MAC IP ACL and IPv6 ACL to some...

Page 286: ...med mac_acl Switch config mac access list extended mac_acl Switch Config Mac Ext Nacl mac_acl 27 17 mac ip access extended Command mac ip access list extended name no mac ip access list extended name...

Page 287: ...deny permit eigrp gre igrp ipinip ip ospf protocol num sIpAddr sMask any source host source sIpAddr dIpAddr dMask any destination host destination dIpAddr precedence prec tos tos time range time range...

Page 288: ...e standard IP access rule Parameters sIpAddr is the source IP address the format is dotted decimal notation sMask is the reverse mask of source IP the format is dotted decimal notation Command Mode Na...

Page 289: ...ination mac host destination mac host_dmac dmac dmac mask cos cos val cos bitmask vlanId vid value vid mask ethertype protocol protocol mask no deny permit any source mac host source mac host_smac sma...

Page 290: ...hernet protocol No 1536 65535 protocol bitmask protocol mask 0 65535 reverse mask and mask bit is consecutive Notice mask bit is consecutive means the effective bit must be consecutively effective fro...

Page 291: ...ion destination host ip d port port3 range dPortMin dPortMax ack fin psh rst urg syn precedence precedence tos tos time range time range name no deny permit any source mac host source mac host_smac sm...

Page 292: ...ination wildcard mask of destination I Numbers of 32 bit binary system expressed by decimal s numbers with four point separated reverse mask s port optional means the need to match TCP UDP source port...

Page 293: ...ccess lists access list 10 used 0 time s access list 10 deny any source access list 100 used 1 time s access list 100 deny ip any any destination access list 100 deny tcp any any destination access li...

Page 294: ...d Examples Switch show access group interface name Ethernet 1 1 IP Ingress access list used is 100 traffic statistics Disable interface name Ethernet1 2 IP Ingress access list used is 1 packet s numbe...

Page 295: ...igit extended IPv6 ACL number acl name is the nomenclature character string of a specific access control list lengthening within 1 32 Default None Command Mode Admin and Configuration Mode Usage Guide...

Page 296: ...0 0 0 to Sunday 23 59 59 time range timer2 inactive used 0 times absolute periodic Monday 0 0 0 to Friday 23 59 59 27 28 time range Command no time range time_range_name Functions Create the name of t...

Page 297: ...erbased user based authentication interface name the name of the interface Command Mode Admin Mode Usage Guide By enabling the debug information of dot1x details users can check the detailed processes...

Page 298: ...information of Re Authentication Timer state machine interface name the name of the interface Usage Guide By enabling the debug information of dot1x users can check the negotiation process of dot1x pr...

Page 299: ...interface name for interface name and port number Command mode Global Mode Default N A Usage Guide The dot1x address filter function is implemented according to the MAC address filter table dot1x add...

Page 300: ...2 1x function is not enabled in global mode by default if 802 1x is enabled under Global Mode 802 1x will not be enabled for the ports by default Usage Guide The 802 1x authentication for the switch m...

Page 301: ...king exclusive authentication supplicant system or the version of the supplicant system being too low In Guest VLAN users can get 802 1x supplicant system software update supplicant system or update s...

Page 302: ...equest initialed by the users in the dot1x address filter table will be accepted Example Enabling dot1x address filter function for the switch Switch config dot1x macfilter enable 28 11 dot1x max req...

Page 303: ...e configured in TrustView server and the TrustView server will distribute the configuration to the switches To be noticed only one free resource can be configured for the overall network Example To co...

Page 304: ...r userbased 5 28 15 dot1x port control Command dot1x port control auto force authorized force unauthorized no dot1x port control Function Sets the 802 1x authentication status the no dot1x port contro...

Page 305: ...l the network resources after authentication When either of the above two kinds of access control is applied un authenticated host cannot access any resources in the network When user based access con...

Page 306: ...cified port Parameters interface name stands for port number omitting the parameter for all ports Command mode Global Mode Usage Guide This command is an Global Mode command It makes the switch to re...

Page 307: ...iod Command dot1x timeout re authperiod seconds no dot1x timeout re authperiod Function Sets the supplicant re authentication interval the no dot1x timeout re authperiod command restores the default s...

Page 308: ...unicast passthrough function of switch the no operation of this command will disable this function Command mode Global Configuration Mode Default The 802 1x unicast passthrough function is not enabled...

Page 309: ...nterface list is the port list If no parameter is specified information for all ports is displayed Command mode Admin and Configuration Mode Usage Guide The dot1x related parameter and dot1x informati...

Page 310: ...transmission interval authenticator mode Switch authentication mode Mac Filter Enables dot1x address filter or not MacAccessList Dot1x address filter table Dot1x EAPoR Authentication method used by th...

Page 311: ...311 Machine...

Page 312: ...Usage Guide When configuring the max number of dynamic MAC address allowed by the port if the number of dynamically learnt MAC address on the port is already larger than the max number of dynamic MAC...

Page 313: ...ac count Command debug switchport mac count no debug switchport mac count Function When the number limitation function debug of MAC on the port if the number of dynamic MAC and the number of MAC on th...

Page 314: ...314...

Page 315: ...le Disable AM function on the switch Switch config no am enable 30 2 am port Command am iport no am port Function Enable disable AM function on port Parameters None Default AM function is disabled on...

Page 316: ...M MAC IP address of the interface allow deny the IP messages or APR messages from a source IP within that segment to be forwarded via the interface Parameter mac address is the source MAC address ip a...

Page 317: ...ormation of all interfaces Command Mode Admin and Configuration Mode Example Display all configured AM entries Switch show am AM is enabled Interface Ethernet1 3 am interface am ip pool 30 10 10 1 20...

Page 318: ...318 am interface am ip pool 50 10 10 1 30 am mac ip pool 00 02 04 06 08 09 20 10 10 5 am ip pool 50 20 10 1 20...

Page 319: ...ion address Switch config dosattack check srcip equal dstip enable 31 2 dosattack check tcp flags enable Command no dosattack check tcp flags enable Function Enable the function by which the switch wi...

Page 320: ...fragment TCP and UDP data packet whose destination port is equal to the source port Example Drop the non fragment TCP and UDP data packet whose destination port is equal to the source port Switch conf...

Page 321: ...length of the ICMPv4 data packet permitted by the switch Default The value is 0x200 by default Command Mode Global Mode Usage Guide To use this function you have to enable dosattack check icmp attacki...

Page 322: ...he system by default Usage Guide This command is for specifying the IP address port number timeout timer value and the key string of the TACACS server used on authenticating with the switch The parame...

Page 323: ...ource IP address of TACACS packet sent by the switch the no tacacs server nas ipv4 command deletes the configuration Parameter ip address is the source IP address of TACACS packet in dotted decimal no...

Page 324: ...ACS server the switch waits for the response If no replay is received during specified period the authentication is considered failed Example Configure the timeout timer of the tacacs server to 30 sec...

Page 325: ...ng enable command disables the AAA accounting function Command mode Global Mode Default AAA accounting is not enabled by default Usage Guide When accounting is enabled in the switch accounting will be...

Page 326: ...about receiving and sending packets the no operation of this command will disable such debug information Parameters send Enable the debug information of AAA about sending packets receive Enable the d...

Page 327: ...witch debug detail attribute interface Ethernet 1 1 33 6 debug aaa detail connection Command debug aaa detail connection no debug aaa detail connection Function Enable the debug information of AAA abo...

Page 328: ...ny Example Enable the debug information of AAA about errors Switch debug aaa error 33 9 radius nas ipv4 Command radius nas ipv4 ip address no radius nas ipv4 Function Configure the source IP address f...

Page 329: ...S packet We suggest using the IPv6 address of loopback interface as source IPv6 address it avoids that the packets from RADIUS server are dropped when the interface link down Example Configure the sou...

Page 330: ...rver accounting host 2004 1 2 3 2 port 3000 primary 33 12 radius server authentication host Command radius server authentication host ipv4 address ipv6 address port port number key string primary acce...

Page 331: ...ADIUS server only use 802 1x authentication or telnet authentication via access mode option It is not configure access mode option and all services can use current RADIUS server by default Example Set...

Page 332: ...mand restores the default setting Parameters retries is a retransmission times for RADIUS server the valid range is 0 to 100 Command mode Global Mode Default The default value is 3 times Usage Guide T...

Page 333: ...rameters seconds is the interval of sending fee counting update messages in seconds ranging from 60 to 3600 Command Mode Global Mode Default The default interval of sending fee counting update message...

Page 334: ...about the online user the other information displayed is used for troubleshooting by technical support Example Switch show aaa authenticated user authenticated users UserName Retry RadID Port EapID C...

Page 335: ...shifeng Authentication key authentication server sum 2 Configure the number of authentication server authentication server 0 sock_addr 2 100 100 100 60 1812 The address protocol group IP and interface...

Page 336: ...Function Displays the statistics for users of RADIUS authentication Parameters authenticated user displays the authenticated users online authenticating user displays the authenticating users Command...

Page 337: ...he communication Example Enable SSL function Switch config ip http secure server 34 2 ip http secure port Command ip http secure port port number no ip http secure port Function Configure delete port...

Page 338: ...od will be used The SSL should be restarted to take effect after changes on configuration When des cbc sha is configured IE 7 0 or above is required Example Configure the secure cipher suite is rc4 12...

Page 339: ...339 Example Switch debug ssl Jan 01 01 02 05 2006 ssl will to connect to web server 127 0 0 1 9998 Jan 01 01 02 05 2006 connect to http security server success...

Page 340: ...isabling security RA will clear all the configured security RA ports Example Globally enable IPv6 security RA Switch config ipv6 security ra enable 35 2 ipv6 security ra enable Command ipv6 security r...

Page 341: ...bal IPv6 Security RA State Enable Ethernet1 1 IPv6 Security RA State Yes Ethernet1 3 IPv6 Security RA State Yes 35 4 debug ipv6 security ra Command debug ipv6 security ra no debug ipv6 security ra Fun...

Page 342: ...P loop may can t work normally or form broadcast The mrpp enable command must be start before the control vlan command be used If primary port secondary port node mode and enable commands all be confi...

Page 343: ...disables this enabled MRPP ring Parameter Command Mode MRPP ring mode Default Default disable MRPP ring Usage Guide Executing this command it must enable MRPP protocol and if other commands have conf...

Page 344: ...needs to modify the default and increase the value to avoid primary node doesn t receive Hello packet on fail timer due to time delay Example Configure fail timer of MRPP ring 4000 to 10s Switch conf...

Page 345: ...fig mrpp enable 36 8 mrpp ring Command mrpp ring ring id no mrpp ring ring id Function Create MRPP ring and access MRPP ring mode the no mrpp ring ring id command deletes configured MRPP ring Paramete...

Page 346: ...secondary port Command mrpp ring ring id secondary port no mrpp ring ring id secondary port Function Specify secondary of MRPP ring Parameter ring id is the ID of MRPP ring range is 1 4096 Command Mod...

Page 347: ...ration Command Mode Admin and Configuration Mode Default None Usage Guide None Example Display configuration of MRPP ring 4000 of switch Switch show mrpp 4000 36 13 show mrpp statistics Command show m...

Page 348: ...is used to configure the source interfaces for the mirror It is not restricted the source interface of the mirror on the switch The source can be one interface or can be multiple interfaces Both of t...

Page 349: ...ce interface 1 6 access list 120 rx 37 3 monitor session destination interface Command monitor session session destination interface interface number no monitor session session destination interface i...

Page 350: ...ation ports of all the mirror sessions Command Mode Admin Mode Usage Guide This command is used to display the source and destination ports for the configured mirror sessions For port mirroring CPU mi...

Page 351: ...address Usage Guide If the analyzer address is configured at Port Mode this IP address and port configured at Port Mode will be applied when sending the sample packet Or else the address and port conf...

Page 352: ...ority will be Example Configure the priority when sFlow receives packet from the hardware at global mode switch config sflow priority 1 38 4 sflow header len Command sflow header len length value no s...

Page 353: ...terval Command sflow counter interval interval value no sflow counter interval Function Configure the max interval of the sFlow statistic sampling the no form of this command deletes the statistic sam...

Page 354: ...h Config If Ethernet1 1 sflow rate input 10000 Switch Config If Ethernet1 1 sflow rate output 20000 38 8 show sflow Command show sflow Function Display the sFlow configuration state Parameter None Com...

Page 355: ...343 Default value of the port on E1 1 interface sampling proxy is 6343 Counter interval is 20 The statistic sampling interval on e1 1 interface is 20 seconds Sample rate is input 10000 output 0 The in...

Page 356: ...version_no is the version No of the SNTP on current server ranging between 1 4 and defaulted at 1 Default No SNTP NTP configured by default Command Mode Global Mode Example 1 Configure an IPv4 addres...

Page 357: ...ence subtract means the timezone equals the UTC time subtract time_difference time difference is the time difference to UTC time range from 0 to 12 the default value is 8 Default Add 8 is default time...

Page 358: ...s ipv6 address Function To enable specified time server of time source the no form of this command cancels the specified time server of time source Parameter ip address IPv4 address of time server ipv...

Page 359: ...one name add subtract time_difference no ntp timezone Function To configure the time zone and time different with UTC for NTP client the no form of this command cancels the time zone sets and restores...

Page 360: ...ne Default Disabled Command Mode Global Mode Usage Guide None Example To enable NTP authentication function Switch config ntp authenticate 40 7 ntp authentication key Command ntp authentication key ke...

Page 361: ...d key Switch config ntp trusted key 20 40 9 ntp disable Command ntp disable no ntp disable Function To disable enable the NTP function on port Parameter None Default To enable NTP function on all port...

Page 362: ...switch of displaying NTP packet information Parameter send The debug switch of sending NTP packet receive The debug switch of receiving NTP packet If there is no parameter that means should enable th...

Page 363: ...s no debug ntp events Function To enable disable debug switch of displaying NTP event Parameter None Default Disable the debug switch of displaying NTP event Command Mode Admin Mode Usage Guide To ena...

Page 364: ...or one specific session include server ID server layer and the local offset according to server The symbol means this server is the selected local time source Parameter ip address The IPv4 address of...

Page 365: ...form of this command will disable the output at the log host output channel Parameter ipv4 addr is the IPv4 address of the host ipv6 addr is the IPv6 address of the host local number is the recording...

Page 366: ...ber for the log the no command does not include the loghost sequence number Command Mode Port mode Default Do not include the sequence number Usage Guide Use logging command to configure the loghost b...

Page 367: ...ping success which means reachable link Example 2 Use ping command with source address configuration and leave other fields to default Switch ping src 10 1 128 161 10 1 128 160 Type c to abort Sendin...

Page 368: ...ress dst ipv6 address host hostname Function To check whether the destination network can be reached Parameters dst ipv6 address is the target IPv6 address of the ping command src ipv6 address is the...

Page 369: ...1 Use source address option n y Source IPv6 address fe80 203 fff fe0b 16e3 Repeat count 5 Datagram size in byte 56 Timeout in milli seconds 2000 Extended commands n Type c to abort Sending 5 56 byte I...

Page 370: ...oting sequence of IMG files in the corresponding storage device which IMG file is currently used in booting the configuration information of the CFG file in the storage device and the CFG file current...

Page 371: ...ich are reserved in the system flash memory Command Mode Admin Mode and Configuration Mode Example To list the files and their size in the flash Switch show flash boot rom 329 828 1900 01 01 00 00 00...

Page 372: ...will be displayed Usage Guide Warning and critical log information is saved in the buffer zone When displayed to the terminal their display format should be index ID time level module ID mission name...

Page 373: ...rent active configuration parameters for the switch Default If the active configuration parameters are the same as the default operating parameters nothing will be displayed Command mode Admin Mode Us...

Page 374: ...rface ethernet IFNAME Function Show the VLAN port mode VLAN number and Trunk port messages of the VLAN port mode on the switch Parameter IFNAME is the port number Command mode Admin mode Example Show...

Page 375: ...eignAddress Remote address of the TCP connection ForeignPort Remote port number of the TCP connection State Current status of the TCP connection 41 16 show telnet login Command show telnet login Funct...

Page 376: ...udp Function Display the current UDP connection status established to the switch Command mode Admin Mode Example Switch show udp LocalAddress LocalPort ForeignAddress ForeignPort State 0 0 0 0 161 0 0...

Page 377: ...ckets in milliseconds between 100 10000 Default The default maximum gateway number is 30 timeout in 2000 ms Command mode Admin Mode Usage Guide Traceroute is usually used to locate the problem for unr...

Page 378: ...the data packets is 30 and timeout period is defaulted at 2000 ms Command Mode Admin Mode Usage Guide Traceroute6 is normally used to locate destination network inaccessible failures Example Switch t...

Page 379: ...successfully This command will not be reserved which means that it only has one time effect Example Set the switch to automatically reload in 10 hours and 1second Switch reload after 10 00 01 Process...

Page 380: ...and check how long a time is left before rebooting the switch Example View the configuration of command reload after In the following case the user set the switch to be rebooted in 10 hours and 1 seco...

Page 381: ...ets of the protocol type the no command set the max rate to default Parameter protocol type is the type of the protocol including dot1x stp snmp arp telnet http dhcp igmp ssh packets is the max rate o...

Page 382: ...CPU receives ARP packets Switch config clear cpu rx stat protocol arp 43 5 cpu rx ratelimit channel This type of switch does not support the command 43 6 show cpu rx protocol Command show cpu rx prot...

Page 383: ...tocol of the packet including snmp telnet http dhcp igmp arp ssh icmpv6 dot1x gvrp stp lacp cluster eapou all means all of the protocol types discard means all the discarded packets Detail show detail...

Page 384: ...upply process if PD requires for an extra power which exceeds the max threshold value the supply will be cut off and the corresponding LED indicator will be updated When the PD is disconnected from th...

Page 385: ...upply and an effective method to control the power consumed by connected subordinate devices Example Set the global max output power to 50W Switch Config power inline max 50 44 1 5 power inline max Po...

Page 386: ...er is higher privileged In first come first served mode new PDs will not get power supply if available PSE power is not enough Note the first come first served mode is not supported by switch Example...

Page 387: ...lue of remaining power Min Voltage The global threshold of under voltage Max Voltage The global threshold of over voltage Police The power priority policy status enabled or disabled Legacy The non sta...

Page 388: ...er supply disabled Oper Working status on PD is normally connected and powered off PD is not connected faulty PD detection failed deny not enough available power or the required power is over the limi...

Page 389: ...ters None Command Mode Admin Mode Default None Usage Guide With debugging enabled relative information will be printed in the key processes while implementing commands for further debugging reference...

Page 390: ...ion37 38 ACL at the example o Case 1 case 2 case 3 and case 4 were deleted in the configuration steps of firewall default permit command line o In the result of the case 1 configuration access list 11...

Page 391: ...1 configuration function order 2 instruction for the configuration of default action default action dot1x port method added userbased standard value and the same changes applied to the operation manua...

Reviews:

No comments

Brands by name

Popular brands

Load more brands