manualshive.com logo in svg

Kontron CP6923, Reference Manual, Page: 329 / 480

Share
Download
Kontron CP6923 Reference Manual Download Page 329

CP6923

Utility Commands

Page 6 - 15

CP6923 CLI Reference Manual

If you use the 

switchport

 keyword, the following information appears.

Protocol Statistics • 802.3x Pause Frames Transmitted 

- A count of MAC Control frames transmitted on this 

interface with an opcode indicating the PAUSE operation. This counter does not increment 

when the interface is operating in half-duplex mode. 

• GVRP PDUs Received

 - The count of GVRP PDUs received in the GARP layer.

• GVRP PDUs Transmitted

 - The count of GVRP PDUs transmitted from the GARP layer. 

• GVRP Failed Registrations

 - The number of times attempted GVRP registrations could 

not be completed. 

• GMRP PDUs Received

 - The count of GMRP PDU's received in the GARP layer. 

• GMRP PDUs Transmitted

 - The count of GMRP PDU's transmitted from the GARP layer. 

• GMRP  Failed  Registrations

 - The number of times attempted GMRP registrations could 

not be completed. 

• STP BPDUs Transmitted 

- Spanning Tree Protocol Bridge Protocol Data Units sent.

• STP BPDUs Received

 - Spanning Tree Protocol Bridge Protocol Data Units received.

• RST BPDUs Transmitted

 - Rapid Spanning Tree Protocol Bridge Protocol Data Units 

sent.

• RSTP BPDUs Received

 - Rapid Spanning Tree Protocol Bridge Protocol Data Units 

received.

• MSTP BPDUs Transmitted

 - Multiple Spanning Tree Protocol Bridge Protocol Data Units 

sent.

• MSTP BPDUs Received

 - Multiple Spanning Tree Protocol Bridge Protocol Data Units 

received.

Dot1x Statistics

• EAPOL Frames Received

 - The number of valid EAPOL frames of any type that have 

been received by this authenticator.  

• EAPOL Frames Transmitted

 - The number of EAPOL frames of any type that have been 

transmitted by this authenticator.

Time Since 

Counters Last 

Cleared

The elapsed time, in days, hours, minutes, and seconds since the statistics for this port were 

last cleared. 

Term

Definition

Octets Received

The total number of octets of data received by the processor (excluding framing bits but 

including FCS octets).

Total Packets 

Received Without 

Error

The total number of packets (including broadcast packets and multicast packets) received by 

the processor.

Unicast Packets 

Received

The number of subnetwork-unicast packets delivered to a higher-layer protocol.

Multicast Packets 

Received

The total number of packets received that were directed to a multicast address. Note that this 

number does not include packets directed to the broadcast address.

Broadcast Packets 

Received

The total number of packets received that were directed to the broadcast address. Note that 

this does not include multicast packets. 

Receive Packets 

Discarded

The number of inbound packets which were chosen to be discarded even though no errors 

had been detected to prevent their being deliverable to a higher-layer protocol. A possible 

reason for discarding a packet could be to free up buffer space.

Octets Transmitted

The total number of octets transmitted out of the interface, including framing characters.

Packets 

Transmitted 

without Errors

The total number of packets transmitted out of the interface.

Unicast Packets 

Transmitted

The total number of packets that higher-level protocols requested be transmitted to a 

subnetwork-unicast address, including those that were discarded or not sent. 

Term

Definition

Summary of Contents for CP6923

Page 1: ...CP6923_TECH_0 Manual ID 3 05 Revision Index 1 September 2010 Date of Issue CLI Reference Manual CP6923 6U CPCI Ethernet Switch with 24 Channels ...

Page 2: ...version supporting Fastpath 5 1 09 June 2008 3 01 Add set board root password some small changes 28 July 2008 3 02 snmp server engine id show snmp engine id clear errcoun ter show logging errcounter commands added Note in show boardinfo sensors command description added no set igmp querier election participate format changed 21 Nov 2008 3 03 SW release referenced GA 3 03 Removed port based routing...

Page 3: ...or further information about Kontron AG our products or services please visit our Internet web site www kontron com Disclaimer Copyright 2006 Kontron AG All rights reserved All data is for information purposes only and not guaranteed for legal purposes Information has been carefully checked and is believed to be accurate however no responsibility is assumed for inaccuracies Kontron and the Kontron...

Page 4: ...Page iv ...

Page 5: ...oprietary Note This document contains information proprietary to Kontron Modular Computers GmbH It may not be copied or transmitted by any means disclosed to others or stored in any retrieval sys tem or media without the prior written consent of Kontron Modular Computers GmbH or one of its authorized agents The information contained in this document is to the best of our knowledge entirely correct...

Page 6: ...ade marks owned by Kontron Modular Computers GmbH Kaufbeuren Germany In addition this document may include names company logos and trademarks which are registered trademarks and therefore pro prietary to their respective owners Environmental Protection Statement This product has been manufactured to satisfy environmental protection requirements where possible Many of the components used structural...

Page 7: ...ol and title warn of hazards due to electrical shocks 60V when touching products or parts of them Failure to observe the precautions indicated and or prescribed by the law may endanger your life health and or result in damage to your material Please refer also to the section High Voltage Safety Instructions on the following page Warning ESD Sensitive Device This symbol and title inform that electr...

Page 8: ...mage the batteries or conductive circuits on the board Warning All operations on this device must be carried out by sufficiently skilled personnel only Caution Electric Shock Indicates that you must enter a value in place of the brackets and text inside them Before installing your new Kontron product into a system always ensure that your mains power is switched off This applies also to the install...

Page 9: ...ser of Kontron s products a two year limited hardware warranty as described in the following However no other warranties that may be granted or implied by anyone on behalf of Kontron are valid unless the consumer has the express written consent of Kontron Modular Computers GmbH Kontron Modular Computers GmbH warrants their own products excluding software to be free from manufacturing and material ...

Page 10: ... or any loss incurred as a result of the product not functioning at any given time are excluded The extent of Kontron Modular Computers GmbH liability to the customer shall not exceed the original purchase price of the item for which the claim exists Kontron Modular Computers GmbH issues no warranty or representation either explicit or im plicit with respect to its products reliability fitness qua...

Page 11: ...ion 1 7 1 9 CLI Error Messages 1 7 1 10 CLI Line Editing Conventions 1 8 1 11 Using CLI Help 1 8 1 12 Accessing the CLI 1 9 Chapter 2 2 Switching Commands 2 2 2 1 Port Configuration Commands 2 2 2 1 1 interface 2 3 2 1 2 block 2 3 2 1 3 auto negotiate 2 3 2 1 4 auto negotiate all 2 4 2 1 5 advertise speed 2 4 2 1 6 show advertise speed 2 4 2 1 7 description 2 4 2 1 8 mtu 2 5 2 1 9 shutdown 2 5 2 1...

Page 12: ...rt mode 2 14 2 2 20 spanning tree port mode all 2 15 2 2 21 spanning tree rootguard 2 15 2 2 22 show spanning tree 2 15 2 2 23 show spanning tree brief 2 16 2 2 24 show spanning tree interface 2 17 2 2 25 show spanning tree mst port detailed 2 17 2 2 26 show spanning tree mst port summary 2 19 2 2 27 show spanning tree mst summary 2 19 2 2 28 show spanning tree summary 2 19 2 2 29 show spanning tr...

Page 13: ... voice vlan Global Config 2 32 2 5 2 voice vlan Interface Config 2 33 2 5 3 voice vlan data priority 2 33 2 5 4 show voice vlan 2 33 2 6 Provisioning IEEE 802 1p Commands 2 34 2 6 1 vlan port priority all 2 34 2 6 2 vlan priority 2 34 2 7 Protected Ports Commands 2 34 2 7 1 switchport protected Global Config 2 35 2 7 2 switchport protected Interface Config 2 35 2 7 3 show switchport protected 2 35...

Page 14: ...hentication 2 47 2 11 21 show authentication users 2 48 2 11 22 show dot1x 2 48 2 11 23 show dot1x clients 2 50 2 11 24 show dot1x users 2 51 2 11 25 show users authentication 2 51 2 12 Storm Control Commands 2 52 2 12 1 storm control broadcast 2 52 2 12 2 storm control broadcast level 2 52 2 12 3 storm control broadcast rate 2 53 2 12 4 storm control broadcast all 2 53 2 12 5 storm control broadc...

Page 15: ... priority 2 66 2 13 16 lacp partner admin key 2 66 2 13 17 lacp partner admin state 2 66 2 13 18 lacp partner admin state individual 2 67 2 13 19 lacp partner admin state longtimeout 2 67 2 13 20 lacp partner admin state passive 2 68 2 13 21 lacp partner port id 2 68 2 13 22 lacp partner port priority 2 68 2 13 23 lacp partner system id 2 69 2 13 24 lacp partner system priority 2 69 2 13 25 port c...

Page 16: ...82 2 16 11 ip verify source 2 82 2 16 12 show ip dhcp snooping 2 82 2 16 13 show ip dhcp snooping binding 2 83 2 16 14 show ip dhcp snooping database 2 83 2 16 15 show ip dhcp snooping statistics 2 84 2 16 16 clear ip dhcp snooping binding 2 85 2 16 17 clear ip dhcp snooping statistics 2 85 2 16 18 show ip verify source 2 85 2 16 19 show ip source binding 2 86 2 17 Dynamic ARP Inspection Commands ...

Page 17: ...01 2 20 1 set mld 2 101 2 20 2 set mld interfacemode 2 102 2 20 3 set mld fast leave 2 102 2 20 4 set mld groupmembership interval 2 103 2 20 5 set mld maxresponse 2 103 2 20 6 set mld mcrtexpiretime 2 104 2 20 7 set mld mrouter 2 104 2 20 8 set mld mrouter interface 2 104 2 20 9 show mldsnooping 2 105 2 20 10 show mldsnooping mrouter interface 2 105 2 20 11 show mldsnooping mrouter vlan 2 106 2 2...

Page 18: ...ED Commands 2 118 2 24 1 lldp med 2 119 2 24 2 lldp med confignotification 2 119 2 24 3 lldp med transmit tlv 2 119 2 24 4 lldp med all 2 120 2 24 5 lldp med confignotification all 2 120 2 24 6 lldp med faststartrepeatcount 2 120 2 24 7 lldp med transmit tlv all 2 120 2 24 8 show lldp med 2 121 2 24 9 show lldp med interface 2 121 2 24 10 show lldp med local device detail 2 122 2 24 11 show lldp m...

Page 19: ...es cos queue 3 6 3 1 12 show interface cos counter 3 6 3 1 13 show packet memory 3 6 3 1 14 packet memory configure 3 7 3 1 15 packet memory interface 3 7 3 2 Differentiated Services DiffServ Commands 3 7 3 2 1 diffserv 3 8 3 3 DiffServ Class Commands 3 8 3 3 1 class map 3 9 3 3 2 class map rename 3 9 3 3 3 match ethertype 3 9 3 3 4 match any 3 10 3 3 5 match class map 3 10 3 3 6 match cos 3 11 3 ...

Page 20: ...ervice 3 24 3 6 5 show diffserv service brief 3 24 3 6 6 show policy map interface 3 24 3 6 7 show service policy 3 25 3 7 MAC Access Control List ACL Commands 3 25 3 7 1 mac access list extended 3 26 3 7 2 mac access list extended rename 3 26 3 7 3 deny permit MAC ACL 3 26 3 7 4 mac access group 3 28 3 7 5 show mac access lists 3 28 3 8 IP Access Control List ACL Commands 3 29 3 8 1 access list 3...

Page 21: ... purge 4 4 4 1 6 arp resptime 4 4 4 1 7 arp retries 4 4 4 1 8 arp timeout 4 4 4 1 9 clear arp cache 4 5 4 1 10 clear arp switch 4 5 4 1 11 show arp 4 5 4 1 12 show arp brief 4 6 4 1 13 show arp switch 4 6 4 2 IP Routing Commands 4 7 4 2 1 routing 4 7 4 2 2 ip routing 4 7 4 2 3 ip address 4 7 4 2 4 ip route 4 8 4 2 5 ip route default 4 9 4 2 6 ip route distance 4 9 4 2 7 ip netdirbcast 4 9 4 2 8 ip...

Page 22: ...3 4 5 10 ip vrrp track ip route 4 24 4 5 11 show ip vrrp interface stats 4 24 4 5 12 show ip vrrp 4 25 4 5 13 show ip vrrp interface 4 25 4 5 14 show ip vrrp interface brief 4 26 4 6 DHCP and BOOTP Relay Commands 4 27 4 6 1 bootpdhcprelay cidoptmode 4 27 4 6 2 bootpdhcprelay maxhopcount 4 27 4 6 3 bootpdhcprelay minwaittime 4 27 4 6 4 show bootpdhcprelay 4 28 4 7 IP Helper Commands 4 28 4 7 1 ip h...

Page 23: ...0 clear ip ospf redistribution 4 38 4 8 31 default information originate OSPF 4 39 4 8 32 default metric OSPF 4 39 4 8 33 distance ospf OSPF 4 39 4 8 34 distribute list out OSPF 4 40 4 8 35 exit overflow interval OSPF 4 40 4 8 36 external lsdb limit OSPF 4 40 4 8 37 ip ospf authentication 4 41 4 8 38 ip ospf cost 4 41 4 8 39 ip ospf dead interval 4 41 4 8 40 ip ospf hello interval 4 42 4 8 41 ip o...

Page 24: ...out RIP 4 62 4 9 9 ip rip authentication 4 62 4 9 10 ip rip receive version 4 63 4 9 11 ip rip send version 4 63 4 9 12 hostroutesaccept 4 63 4 9 13 split horizon 4 64 4 9 14 redistribute RIP 4 64 4 9 15 show ip rip 4 64 4 9 16 show ip rip interface brief 4 65 4 9 17 show ip rip interface 4 65 4 10 ICMP Throttling Commands 4 66 4 10 1 ip unreachables 4 66 4 10 2 ip redirects 4 67 4 10 3 ip icmp ec...

Page 25: ... 5 5 5 1 9 show ip mcast mroute source 5 5 5 2 DVMRP Commands 5 6 5 2 1 ip dvmrp 5 6 5 2 2 ip dvmrp metric 5 6 5 2 3 ip dvmrp trapflags 5 7 5 2 4 ip dvmrp 5 7 5 2 5 show ip dvmrp 5 7 5 2 6 show ip dvmrp interface 5 8 5 2 7 show ip dvmrp neighbor 5 8 5 2 8 show ip dvmrp nexthop 5 9 5 2 9 show ip dvmrp prune 5 9 5 2 10 show ip dvmrp route 5 10 5 3 PIM DM Commands 5 10 5 3 1 ip pimdm 5 10 5 3 2 ip pi...

Page 26: ...r query count 5 20 5 5 4 ip igmp last member query interval 5 20 5 5 5 ip igmp query interval 5 20 5 5 6 ip igmp query max response time 5 21 5 5 7 ip igmp robustness 5 21 5 5 8 ip igmp startup query count 5 21 5 5 9 ip igmp startup query interval 5 22 5 5 10 show ip igmp 5 22 5 5 11 show ip igmp groups 5 22 5 5 12 show ip igmp interface 5 23 5 5 13 show ip igmp interface membership 5 24 5 5 14 sh...

Page 27: ...nt 6 6 6 3 5 set board ipmi controller debug 6 7 6 3 6 set board pm mode 6 7 6 3 7 set board sfp 6 7 6 3 8 set board time 6 7 6 4 System Information and Statistics Commands 6 7 6 4 1 show arp switch 6 7 6 4 2 show eventlog 6 8 6 4 3 show hardware 6 8 6 4 4 show version 6 8 6 4 5 show interface 6 9 6 4 6 show interface ethernet 6 10 6 4 7 show mac addr table 6 16 6 4 8 show running config 6 17 6 4 ...

Page 28: ... 5 8 logging syslog 6 25 6 5 9 show logging 6 25 6 5 10 show logging buffered 6 26 6 5 11 show logging hosts 6 26 6 5 12 show logging traplogs 6 26 6 5 13 show logging errcounter 6 27 6 5 14 clear board event log 6 27 6 5 15 show logging backtrace 6 27 6 6 System Utility and Clear Commands 6 27 6 6 1 traceroute 6 28 6 6 2 clear config 6 29 6 6 3 clear counters 6 29 6 6 4 clear errcounter 6 29 6 6 ...

Page 29: ...6 40 6 8 5 dns server 6 41 6 8 6 hardware address 6 41 6 8 7 host 6 41 6 8 8 lease 6 42 6 8 9 network DHCP Pool Config 6 42 6 8 10 bootfile 6 42 6 8 11 domain name 6 43 6 8 12 netbios name server 6 43 6 8 13 netbios node type 6 43 6 8 14 next server 6 44 6 8 15 option 6 44 6 8 16 ip dhcp excluded address 6 45 6 8 17 ip dhcp ping packets 6 45 6 8 18 service dhcp 6 45 6 8 19 ip dhcp bootp automatic ...

Page 30: ...arp 6 55 6 11 2 debug auto voip 6 56 6 11 3 debug clear 6 56 6 11 4 debug console 6 56 6 11 5 debug dot1x packet 6 56 6 11 6 debug igmpsnooping packet 6 57 6 11 7 debug igmpsnooping packet transmit 6 57 6 11 8 debug igmpsnooping packet receive 6 58 6 11 9 debug ip acl 6 59 6 11 10 debug ip igmp packet 6 59 6 11 11 debug ip mcache packet 6 60 6 11 12 debug ip pimdm packet 6 60 6 11 13 debug ip pims...

Page 31: ...ddress 7 3 7 1 7 network mac type 7 4 7 1 8 show network 7 4 7 1 9 show serviceport 7 5 7 2 Console Port Access Commands 7 5 7 2 1 configuration 7 6 7 2 2 lineconfig 7 6 7 2 3 serial baudrate 7 6 7 2 4 serial timeout 7 6 7 2 5 show serial 7 7 7 3 Telnet Commands 7 7 7 3 1 ip telnet server enable 7 7 7 3 2 telnet 7 7 7 3 3 transport input telnet 7 8 7 3 4 transport output telnet 7 8 7 3 5 session l...

Page 32: ...ow users accounts 7 18 7 7 11 passwd 7 19 7 7 12 passwords min length 7 19 7 7 13 passwords history 7 19 7 7 14 passwords aging 7 19 7 7 15 passwords lock out 7 20 7 7 16 show passwords configuration 7 20 7 7 17 write memory 7 20 7 8 SNMP Commands 7 21 7 8 1 snmp server 7 21 7 8 2 snmp server community 7 21 7 8 3 snmp server community ipaddr 7 21 7 8 4 snmp server community ipmask 7 22 7 8 5 snmp ...

Page 33: ...er retransmit 7 32 7 9 9 radius server timeout 7 33 7 9 10 show radius 7 33 7 9 11 show radius accounting 7 34 7 9 12 show radius statistics 7 35 7 10 TACACS Commands 7 35 7 10 1 tacacs server host 7 36 7 10 2 tacacs server key 7 36 7 10 3 tacacs server timeout 7 36 7 10 4 key 7 37 7 10 5 port 7 37 7 10 6 priority 7 37 7 10 7 timeout 7 37 7 10 8 show tacacs 7 38 7 11 Configuration Scripting Comman...

Page 34: ...Page xxxiv Appendix A A Getting Help A 2 Appendix B B FASTPATH Log Messages B 2 B 1 Core B 2 B 2 Utilities B 3 B 3 Management B 5 B 4 Switching B 7 B 5 QoS B 12 B 6 Technologies B 13 B 7 O S Support B 14 Appendix C C List of Commands C 2 ...

Page 35: ...Using the Command Line Interface Chapter 1 1 Page 1 1 CP6923 CLI Reference Manual CP6923 ...

Page 36: ...arameters Other commands such as network parms require that you supply a value after the command You must type the parameter values in a specific order and optional parameters follow required parameters The following example describes the network parms command syntax Format network parms ipaddr netmask gateway network parms is the command name ipaddr and netmask are parameters and represent requir...

Page 37: ... exclusive choices Braces within square brackets choice1 choice2 Indicates a choice within an optional element Table 2 Parameter Descriptions Parameter Description ipaddr This parameter is a valid IP address You can enter the IP address in the following formats a 32 bits a b 8 24 bits a b c 8 8 16 bits a b c d 8 8 8 8 In addition to these formats the CLI accepts decimal hexadecimal and octal forma...

Page 38: ... disabled feature or to enable a feature that is disabled by default Only the configuration commands are available in the no form Table 3 Type of Slots Slot Type Description Physical slot numbers Physical slot numbers begin with zero and are allocated up to the maximum number of physical slots Logical slot numbers Logical slots immediately follow physical slots and identify port channel LAG or rou...

Page 39: ... changes in each command mode to help you identify the current mode Table 5 describes the command modes and the prompts visible in that mode Note The command modes available on your switch depend on the software modules that are installed Table 5 CLI Command Modes Command Mode Prompt Mode Description User EXEC Switch Contains a limited set of commands to view basic system information Privileged EX...

Page 40: ...Privileged EXEC From the User EXEC mode enter enable To exit to the User EXEC mode enter exit or press Ctrl Z Global Config From the Privileged EXEC mode enter configure To exit to the Privileged EXEC mode enter exit or press Ctrl Z VLAN Config From the Privileged EXEC mode enter vlan database To exit to the Privileged EXEC mode enter exit or press Ctrl Z Interface Config From the Global Config mo...

Page 41: ...xtended name To exit to the Global Config mode enter exit To return to the Privileged EXEC mode enter Ctrl Z TACACS Config From the Global Config mode enter tacacs server host ip addr where ip addr is the IP address of the TACACS server on your network To exit to the Global Config mode enter exit To return to the Privileged EXEC mode enter Ctrl Z DHCP Pool Config From the Global Config mode enter ...

Page 42: ...st Enter a question mark after each word you enter to display available command keywords or parameters switch network javamode Enable Disable mgmt_vlan Configure the Management VLAN ID of the switch Table 8 CLI Editing Conventions Key Sequence Description DEL or Backspace Delete previous character Ctrl A Go to beginning of line Ctrl E Go to end of line Ctrl F Go forward one character Ctrl B Go bac...

Page 43: ...yping one or more characters of a word to list the available command or parameters that begin with the letters as shown in the following example switch show m mac addr table mac address table monitor 1 12 Accessing the CLI You can access the CLI by using a direct console connection or by using a telnet or SSH connection from a remote management host For the initial connection you must use a direct...

Page 44: ...Using the Command Line Interface CP6923 CP6923 CLI Reference Manual Page 1 10 ...

Page 45: ...Switching Commands Chapter 1 2 Page 2 1 CP6923 CLI Reference Manual CP6923 ...

Page 46: ...iltering on page 2 76 2 16 DHCP Snooping Configuration Commands on page 2 79 2 17 Dynamic ARP Inspection Commands on page 2 86 2 18 IGMP Snooping Configuration Commands on page 2 92 2 19 IGMP Snooping Querier Commands on page 2 98 2 20 MLD Snooping Commands on page 2 101 2 21 MLD Snooping Querier Commands on page 2 106 2 22 Port Security Commands on page 2 109 2 23 LLDP 802 1AB Commands on page 2 ...

Page 47: ...abled the state is not changed until it will become enabled The state of the ports can be listed spanning tree by show spanning tree mst port summary 0 all 2 1 2 1 no block This command resets a port to non blocking 2 1 3 auto negotiate This command enables automatic negotiation on a port 2 1 3 1 no auto negotiate This command disables automatic negotiation on a port Format interface slot port Mod...

Page 48: ...rameters 2 1 6 show advertise speed This command lists the auto negotiation advertised speed parameters The values are listed for a specified interface 2 1 7 description Use this command to create an alpha numeric description of the port Default enabled Format auto negotiate all Mode Global Config Format no auto negotiate all Mode Global Config Format advertise speed 100 10 half duplex advertise s...

Page 49: ...ort 2 1 9 1 no shutdown This command enables a port 2 1 10 shutdown all This command disables all ports Note To receive and process packets the Ethernet MTU must include any extra bytes that Layer 2 headers might require To configure the IP MTU size which is the maximum size of the IP packet IP Header IP payload see 4 2 8 ip mtu on page 4 10 Default 1518 untagged Format mtu 1518 9216 Mode Interfac...

Page 50: ...at no shutdown all Mode Global Config Format speed 100 10 half duplex full duplex Mode Interface Config Acceptable Values Definition 100h 100BASE T half duplex 100f 100BASE T full duplex 10h 10BASE T half duplex 10f 10BASE T full duplex Format speed all 100 10 half duplex full duplex Mode Global Config Acceptable Values Definition 100h 100BASE T half duplex 100f 100BASE T full duplex 10h 10BASE T ...

Page 51: ...e If auto negotiation support is selected then the duplex mode and speed is set from the auto negotiation process Note that the maximum capability of the port full duplex 100M is advertised Otherwise this object determines the port s duplex mode and transmission rate The factory default is Auto Physical Status The port speed and duplex mode Link Status The Link is up or down Link Trap This object ...

Page 52: ...s command to disable BPDU Filter on the interface 2 2 3 spanning tree bpdufilter default Use this command to enable BPDU Filter on all the edge port interfaces 2 2 3 1 no spanning tree bpdufilter default Use this command to disable BPDU Filter on all the edge port interfaces Default disabled Format spanning tree Mode Global Config Format no spanning tree Mode Global Config Default disabled Format ...

Page 53: ... keyword to transmit BPDUs from all interfaces This command forces the BPDU transmission when you execute it so the command does not change the system configuration or have a no version 2 2 7 spanning tree configuration name This command sets the Configuration Identifier Name for use in identifying the configuration that this switch is currently using The name is a string of up to 32 characters De...

Page 54: ... spanning tree edgeport This command specifies that this port is an Edge Port within the common and internal spanning tree This allows this port to transition to Forwarding State without delay 2 2 9 1 no spanning tree edgeport This command specifies that this port is not an Edge Port within the common and internal spanning tree 2 2 10 spanning tree forceversion This command sets the Force Protocol...

Page 55: ...being greater than or equal to Bridge Max Age 2 1 2 2 11 1 no spanning tree forward time This command sets the Bridge Forward Delay parameter for the common and internal spanning tree to the default value 2 2 12 spanning tree hello time This command sets the Admin Hello Time parameter to a new value for the common and internal spanning tree The hello time value is in whole seconds within a range o...

Page 56: ... tree If you specify an mstid parameter that corresponds to an existing multiple spanning tree instance the configurations are done for that multiple spanning tree instance If you specify 0 defined as the default CIST ID as the mstid the configurations are done for the common and internal spanning tree instance If you specify the cost option the command sets the path cost for this port within a mu...

Page 57: ... the external path cost for this port for mst 0 instance to the default value i e a path cost value based on the Link Speed If you specify port priority this command sets the priority for this port within a specific multiple spanning tree instance or the common and internal spanning tree instance depending on the mstid parameter to the default value 2 2 16 spanning tree mst instance This command a...

Page 58: ...T ID is passed as the mstid this command sets the Bridge Priority parameter for the common and internal spanning tree to the default value 2 2 18 spanning tree mst vlan This command adds an association between a multiple spanning tree instance and a VLAN so that the VLAN is no longer associated with the common and internal spanning tree The parameter mstid is a number that corresponds to the desir...

Page 59: ...uard on the interface 2 2 21 1 no spanning tree rootguard Use this command to disable root BPDU Guard on the interface 2 2 22 show spanning tree This command displays spanning tree settings for the common and internal spanning tree The following details are displayed Format spanning tree port mode Mode Interface Config Format no spanning tree port mode Mode Interface Config Default disabled Format...

Page 60: ...fier of the port to access the Designated Root for the CST Root Port Max Age Derived value Root Port Bridge Forward Delay Derived value Hello Time Configured value of the parameter for the CST Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units BPDUs Bridge Max Hops Bridge max hops count for the device CST Regional Root Bridge Identifier of the CST Region...

Page 61: ... disable the propagation of received topology change notifications and topology changes to other ports BPDU Filter Mode Enabled or disabled BPDU Flood Mode Enabled or disabled Auto Edge To enable or disable the feature that causes a port that has not seen a BPDU for edge delay time to become an edge port and transition to forwarding faster Port Up Time Since Counters Last Cleared Time since port w...

Page 62: ...he designated root for this port Designated Port Cost Path Cost offered to the LAN by the Designated Port Designated Bridge Bridge Identifier of the bridge with the Designated Port Designated Port Identifier Port on the Designated Bridge that offers the lowest cost to the LAN Term Definition Port Identifier The port identifier for this port within the CST Port Priority The priority of the port wit...

Page 63: ...e displayed on execution of the command CST Port Cost The configured path cost for this port Format show spanning tree mst port summary mstid slot port all Mode Privileged EXEC User EXEC Term Definition MST Instance ID The MST instance associated with this port Interface Valid slot and port number separated by a forward slash Type Currently not used STP State The forwarding state of the port in th...

Page 64: ... 802 1w or IEEE 802 1d based upon the Force Protocol Version parameter BPDU Guard Mode Enabled or disabled BPDU Filter Mode Enabled or disabled Configuration Name Identifier used to identify the configuration currently being used Configuration Revision Level Identifier used to identify the configuration currently being used Configuration Digest Key Identifier used to identify the configuration cur...

Page 65: ...rames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port With either option VLAN tagged frames are forwarded in accordance with the IEEE 802 1Q VLAN Specification 2 3 4 1 no vlan acceptframe This command resets the frame acceptance mode for the interface to the default value 2 3 5 vlan ingressfilter This command enables ingress ...

Page 66: ...nd changes the name of a VLAN The name is an alphanumeric string of up to 32 characters and the ID is a valid VLAN identification number ID range is 1 4094 2 3 7 1 no vlan name This command sets the name of a VLAN to a blank string 2 3 8 vlan participation This command configures the degree of participation for a specific interface in a VLAN The ID is a valid VLAN identification number and the int...

Page 67: ...face is never a member of this VLAN This is equivalent to registration forbidden auto The interface is dynamically registered in this VLAN by GVRP The interface will not participate in this VLAN unless a join request is received on this interface This is equivalent to registration normal Format vlan participation all exclude include auto 1 4094 Mode Global Config Participation Options Definition i...

Page 68: ...interface are admitted and forwarded to ports that are members of that VLAN 2 3 12 vlan port pvid all This command changes the VLAN ID for all interface 2 3 12 1 no vlan port pvid all This command sets the VLAN ID for all interfaces to 1 2 3 13 vlan port tagging all This command configures the tagging behavior for all interfaces in a VLAN to enabled If tagging is enabled traffic is transmitted as ...

Page 69: ...mbination can only be associated with one group If adding a protocol to a group causes any conflicts with interfaces currently associated with the group this command fails and the protocol is not added to the group The possible values for protocol are ip arp and ipx 2 3 15 1 no vlan protocol group add protocol This command removes the protocol from this protocol based VLAN group that is identified...

Page 70: ...This command removes the interface from this protocol based VLAN group that is identified by this groupid 2 3 19 protocol vlan group all This command adds all physical interfaces to the protocol based VLAN identified by groupid You can associate multiple interfaces with a group but you can only associate each interface and protocol combination with one group If adding an interface to a group cause...

Page 71: ...gures the tagging behavior for a specific interface in a VLAN to disabled If tagging is disabled traffic is transmitted as untagged frames The ID is a valid VLAN identification number 2 3 22 vlan association subnet This command associates a VLAN to a specific IP subnet 2 3 22 1 no vlan association subnet This command removes association of a specific IP subnet to a VLAN Mode Global Config Default ...

Page 72: ...ll ports by using the selectors on the top line Current The degree of participation of this port in this VLAN The permissible values are Include This port is always a member of this VLAN This is equivalent to registration fixed in the IEEE 802 1Q standard Exclude This port is never a member of this VLAN This is equivalent to registration forbidden in the IEEE 802 1Q standard Autodetect To allow th...

Page 73: ... set the parameters for all ports by using the selectors on the top line Port VLAN ID The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port The value must be for an existing VLAN The factory default is 1 Acceptable Frame Types The types of frames that may be received on this port The options are VLAN only and Admit All When set to VLAN only untag...

Page 74: ... The ether type may have the values of 802 1Q vMAN or custom If the ether type has a value of custom the optional value of the custom ether type must be set to a value from 0 to 65535 2 4 2 mode dot1q tunnel This command is used to enable Double VLAN Tunneling on the specified interface Term Definition IP Address The IP address assigned to each interface Net Mask The subnet mask VLAN ID There is a...

Page 75: ... Config Note When you use the mode dvlan tunnel command on an interface it becomes a service provider port Ports that do not have double VLAN tunneling enabled are customer ports Default disabled Format mode dvlan tunnel Mode Interface Config Format no mode dvlan tunnel Mode Interface Config Format show dot1q tunnel interface slot port all Mode Privileged EXEC User EXEC Term Definition Interface V...

Page 76: ...ication and scheduling to sent network traffic from the switch in a predictable manner The system uses the source MAC of the traffic traveling through the port to identify the IP phone data flow 2 5 1 voice vlan Global Config Use this command to enable the Voice VLAN capability on the switch 2 5 1 1 no voice vlan Global Config Use this command to disable the Voice VLAN capability on the switch For...

Page 77: ...d Mode Interface Config Parameter Description vlan id Configure the IP phone to forward all voice traffic through the specified VLAN Valid VLAN ID s are from 1 to 4094 the max supported by the platform dot1p Configure the IP phone to use 802 1p priority tagging for voice traffic and to use the default native VLAN VLAN 0 to carry all traffic Valid priority range is 0 to 7 none Allow the IP phone to...

Page 78: ...orts can forward traffic to all unprotected ports in their group Unprotected ports can forward traffic to both protected and unprotected ports Ports are unprotected by default If an interface is configured as a protected port and you add that interface to a Port Channel or Link Aggregation Group LAG the protected port status becomes operationally disabled on the interface and the interface follows...

Page 79: ...otected Interface Config Use this command to configure a port as unprotected The groupid parameter identifies the set of protected ports to which this interface is assigned 2 7 3 show switchport protected This command displays the status of all the interfaces including protected and unprotected interfaces Note Port protection occurs within a single switch Protected port configuration does not affe...

Page 80: ...seconds The value 20 centiseconds is 0 2 seconds 2 8 1 1 no set garp timer join This command sets the GVRP join time for one or all ports and per GARP to the default and only has an effect when GVRP is enabled Term Definition Group ID The number that identifies the protected port group Name An optional name of the protected port group The name can be up to 32 alphanumeric characters long including...

Page 81: ...Leave All PDUs are generated A Leave All PDU indicates that all registrations will be unregistered Participants would need to rejoin in order to maintain registration The value applies per port and per GARP participation The time may range from 200 to 6000 centiseconds The value 1000 centiseconds is 10 seconds You can use this command on all ports Global Config mode or a single port Interface Conf...

Page 82: ... ports Global Config mode 2 9 2 1 no set gvrp interfacemode This command disables GVRP on a single port Interface Config mode or all ports Global Config mode If GVRP is disabled Join Time Leave Time and Leave All Time have no effect Term Definition GMRP Admin Mode The administrative mode of GARP Multicast Registration Protocol GMRP for the system GVRP Admin Mode The administrative mode of GARP VLA...

Page 83: ...econds The factory default is 20 centiseconds 0 2 seconds The finest granularity of specification is one centisecond 0 01 seconds Leave Timer The period of time to wait after receiving an unregister request for an attribute before deleting the attribute Current attributes are a VLAN or multicast group This may be considered a buffer time for another station to assert registration for the same attr...

Page 84: ...n Protocol GARP information for one or all interfaces Format no set gmrp adminmode Mode Privileged EXEC Default disabled Format set gmrp interfacemode Mode Interface Config Global Config Format no set gmrp interfacemode Mode Interface Config Global Config Format show gmrp configuration slot port all Mode Privileged EXEC User EXEC Term Definition Interface The slot port of the interface that this r...

Page 85: ...tes that the user s ID and password will be authenticated using the RADIUS server The value of reject indicates the user is never authenticated LeaveAll Timer This Leave All Time controls how frequently LeaveAll PDUs are generated A LeaveAll PDU indicates that all registrations will shortly be deregistered Participants will need to rejoin in order to maintain registration There is an instance of t...

Page 86: ...hentication login The default login list cannot be deleted 2 11 2 clear dot1x statistics This command resets the 802 1x statistics for the specified port or for all ports 2 11 3 clear radius statistics This command is used to clear all RADIUS statistics 2 11 4 dot1x default login This command assigns the authentication login list to use for non configured users for 802 1x port security This settin...

Page 87: ... 1x port security The user parameter must be a configured user and the listname parameter must be a configured authentication login list 2 11 8 dot1x max req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request Identity frame before timing out the supplicant The count value must be in the range 1 10 2 11 8 1 no dot1x max req ...

Page 88: ...nges between the supplicant authenticator and the authentication server 2 11 10 1 no dot1x port control This command sets the authentication mode on the specified port to the default value 2 11 11 dot1x port control all This command sets the authentication mode to use on all ports Select force unauthorized to specify that the authenticator PAE unconditionally sets the controlled port to unauthoriz...

Page 89: ...on This command disables re authentication of the supplicant for the specified port 2 11 14 dot1x system auth control Use this command to enable the dot1x authentication support on the switch While disabled the dot1x configuration is retained and can be changed but is not activated 2 11 14 1 no dot1x system auth control This command is used to disable the dot1x authentication support on the switch...

Page 90: ...uth period must be a value in the range 1 65535 quiet period The value in seconds of the timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant The quiet period must be a value in the range 0 65535 tx period The value in seconds of the timer used by the authenticator state machine on this port to determine when to s...

Page 91: ...uthenticated using local authentication only 2 11 19 users login This command assigns the specified authentication login list to the specified user for system login The user must be a configured user and the listname must be a configured login list If the user is assigned a login list that requires remote authentication all access to the interface from all CLI web and telnet sessions will be block...

Page 92: ...d authentication login list if any Method 2 The second method in the specified authentication login list if any Method 3 The third method in the specified authentication login list if any Format show authentication users listname Mode Privileged EXEC Term Definition User The user assigned to the specified authentication login list Component The component User or 802 1x for which the authentication...

Page 93: ...uest VLAN identifier configured on the interface Guest VLAN Period The time in seconds for which the authenticator waits before authorizing and placing the port in the Guest VLAN if no EAPOL packets are detected on that port Supplicant Timeout The timer used by the authenticator state machine on this port to timeout the supplicant The value is expressed in seconds and will be in the range of 1 and...

Page 94: ...re displayed EAPOL Frames Received The number of valid EAPOL frames of any type that have been received by this authenticator EAPOL Frames Transmitted The number of EAPOL frames of any type that have been transmitted by this authenticator EAPOL Start Frames Received The number of EAPOL start frames that have been received by this authenticator EAPOL Logoff Frames Received The number of EAPOL logof...

Page 95: ...ield has been assigned to the port Possible values are RADIUS Unauthenticated VLAN or Default When the VLAN Assigned reason is Default it means that the VLAN was assigned to the port because the PVID of the port was that VLAN ID Session Timeout This value indicates the time for which the given session is valid The time period in seconds is returned by the RADIUS server on authentication of the por...

Page 96: ...storm control command not stating a level disables that form of storm control but maintains the configured level to be active the next time that form of storm control is enabled 2 12 1 storm control broadcast Use this command to enable broadcast storm recovery mode for a specific interface If the mode is enabled broadcast storm recovery is active and if the rate of L2 broadcast traffic ingressing ...

Page 97: ... 3 1 no storm control broadcast rate This command sets the broadcast storm recovery threshold to the default value for an interface and disables broadcast storm recovery 2 12 4 storm control broadcast all This command enables broadcast storm recovery mode for all interfaces If the mode is enabled broadcast storm recovery is active and if the rate of L2 broadcast traffic ingressing on an interface ...

Page 98: ...adcast storm recovery is active and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold the traffic is dropped Therefore the rate of broadcast traffic is limited to the configured threshold 2 12 6 1 no storm control broadcast all rate This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables br...

Page 99: ...erface and disables multicast storm recovery 2 12 9 storm control multicast rate Use this command to configure the multicast storm recovery threshold for an interface in packets per second If the mode is enabled multicast storm recovery is active and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold the traffic is dropped Therefore the rate of...

Page 100: ...es beyond the configured threshold the traffic will be dropped Therefore the rate of multicast traffic will be limited to the configured threshold 2 12 11 1 no storm control multicast all level This command sets the multicast storm recovery threshold to the default value for all interfaces and disables multicast storm recovery 2 12 12 storm control multicast all rate Use this command to configure ...

Page 101: ...If the mode is enabled unicast storm recovery is active and if the rate of unknown L2 unicast destination lookup failure traffic ingressing on an interface increases beyond the configured threshold the traffic will be dropped Therefore the rate of unknown unicast traffic will be limited to the configured threshold This command also enables unicast storm recovery mode for an interface 2 12 15 1 no ...

Page 102: ...y mode for all interfaces 2 12 18 storm control unicast all level This command configures the unicast storm recovery threshold for all interfaces as a percentage of link speed and enables unicast storm recovery If the mode is enabled unicast storm recovery is active and if the rate of unknown L2 unicast destination lookup failure traffic ingressing on an interface increases beyond the configured t...

Page 103: ...configure a level for sending flow control pause stop frames The flow fanin sets a weight for sending pause stop frames Heigher values effects sending a pause stop frame earlier The flow percent sets the percentage of per port cells useable before flow control starts 2 12 20 1 no storm control flowcontrol This command disables 802 3x flow control for the switch Mode Global Config Default 0 Format ...

Page 104: ...nterface Example The following shows example CLI display output for the command Ethernet Fabric show storm control 802 3x Flow Control Mode Disable Example The following shows example CLI display output for the command Ethernet Fabric show storm control 0 1 Bcast Bcast Mcast Mcast Ucast Ucast Intf Mode Level Mode Level Mode Level 0 1 Disable 5 Disable 5 Disable 5 Format no storm control flowcontro...

Page 105: ...nel If you do not assign VLAN membership the port channel might become a member of the management VLAN which can result in learning and switching issues A port channel LAG interface can be either static or dynamic but not both All members of a port channel must participate in the same protocols A static port channel interface does not require a partner system to be able to aggregate its member por...

Page 106: ...6 6 7 clear port channel on page 6 30 2 13 5 lacp admin key Use this command to configure the administrative value of the key for the port channel The value range of key is 0 to 65535 2 13 5 1 no lacp admin key Use this command to configure the default administrative value of the key for the port channel Note Before adding a port to a port channel set the physical mode of the port For more informa...

Page 107: ...cp actor admin key Use this command to configure the default administrative value of the key 2 13 9 lacp actor admin state Use this command to configure the administrative value of actor state as transmitted by the Actor in LACPDUs The valid value range is 0x00 0xFF Default 0x8000 Format lacp collector max delay delay Mode Interface Config Note This command is only applicable to port channel inter...

Page 108: ... LACP actor admin state to longtimeout 2 13 11 1 no lacp actor admin state longtimeout Use this command to set the LACP actor admin state to short timeout Mode Interface Config Note This command is only applicable to physical interfaces Format no lacp actor admin state individual longtimeout passive Mode Interface Config Format lacp actor admin state individual Mode Interface Config Note This comm...

Page 109: ...assigned to the Aggregation Port The valid range for priority is 0 to 255 2 13 14 1 no lacp actor port priority Use this command to configure the default priority value assigned to the Aggregation Port Note This command is only applicable to physical interfaces Format lacp actor admin state passive Mode Interface Config Note This command is only applicable to physical interfaces Format no lacp act...

Page 110: ...key Use this command to configure the administrative value of the Key for the protocol partner 2 13 17 lacp partner admin state Use this command to configure the current administrative value of actor state for the protocol Partner The valid value range is 0x00 0xFF Default 0x80 Format lacp actor system priority priority Mode Interface Config Note This command is only applicable to physical interfa...

Page 111: ...e to longtimeout 2 13 19 1 no lacp partner admin state longtimeout Use this command to set the LACP partner admin state to short timeout Note This command is only applicable to physical interfaces Format no lacp partner admin state individual longtimeout passive Mode Interface Config Format lacp partner admin state individual Mode Interface Config Note This command is only applicable to physical i...

Page 112: ...partner port id to the default 2 13 22 lacp partner port priority Use this command to configure the LACP partner port priority The valid range for priority is 0 to 255 Format lacp partner admin state passive Mode Interface Config Note This command is only applicable to physical interfaces Format no lacp partner admin state passive Mode Interface Config Default 0x80 Format lacp partner port id port...

Page 113: ...3 24 lacp partner system priority Use this command to configure the administrative value of the priority associated with the Partner s System ID The valid range for priority is 0 to 255 2 13 24 1 no lacp partner system priority Use this command to configure the default administrative value of priority associated with the Partner s System ID Format no lacp partner port priority Mode Interface Confi...

Page 114: ...erface to the default value This command will be executed only for interfaces of type port channel LAG 2 13 26 port lacpmode This command enables Link Aggregation Control Protocol LACP on a port 2 13 26 1 no port lacpmode This command disables Link Aggregation Control Protocol LACP on a port 2 13 27 port lacpmode all This command enables Link Aggregation Control Protocol LACP on all ports 2 13 27 ...

Page 115: ...l physical interfaces of a particular device type actor or partner back to their default values 2 13 30 port channel adminmode This command enables a port channel LAG The option all sets every configured port channel with the same administrative mode setting 2 13 30 1 no port channel adminmode This command disables a port channel LAG The option all sets every configured port channel with the same ...

Page 116: ...The interface is a logical slot port for a configured port channel and name is an alphanumeric string up to 15 characters 2 13 33 port channel system priority Use this command to configure port channel system priority The valid range of priority is 0 65535 2 13 33 1 no port channel system priority Use this command to configure the default port channel system priority value 2 13 34 show lacp actor ...

Page 117: ...EC Parameter Description System Priority The administrative value of priority associated with the Partner s System ID System ID The value representing the administrative value of the Aggregation Port s protocol Partner s System ID Admin Key The administrative value of the Key for the protocol Partner Port Priority The administrative value of the Key for protocol Partner Port ID The administrative ...

Page 118: ...ll the traffic received and transmitted on the physical monitored port Format show port channel logical slot port all Mode Privileged EXEC User EXEC Term Definition Logical Interface Valid slot and port number separated by a forward slash Port Channel Name The name of this port channel LAG You may enter any string of up to 15 alphanumeric characters Link State Indicates whether the Link is up or d...

Page 119: ...d Format no monitor session session id source interface slot port destination interface slot port mode Mode Global Config Note This is a stand alone no command This command does not have a normal form Default enabled Format no monitor Mode Global Config Note The session id parameter is an integer value used to identify the session In the current version of the software the session id parameter is ...

Page 120: ...ters supported is 20 For multicast MAC address filters with destination ports configured the maximum number of static filters supported is 256 i e For current Broadcom platforms you can configure the following combinations Unicast MAC and source port max 20 Multicast MAC and source port max 20 Multicast MAC and destination port only max 256 Multicast MAC and source ports and destination ports max ...

Page 121: ...n the format of b1 b2 b3 b4 b5 b6 The vlanid parameter must identify a valid VLAN 2 15 4 macfilter addsrc This command adds the interface to the source filter set for the MAC filter with the MAC address of macaddr and VLAN of vlanid The macaddr parameter must be specified as a 6 byte hexadecimal number in the format of b1 b2 b3 b4 b5 b6 The vlanid parameter must identify a valid VLAN 2 15 4 1 no m...

Page 122: ... information for all Static MAC Filters If you select all all the Static MAC Filters in the system are displayed If you supply a value for macaddr you must also enter a value for vlanid and the system displays Static MAC Filter information only for that MAC address and VLAN 2 15 7 show mac address table staticfiltering This command displays the Static Filtering entries in the Multicast Forwarding ...

Page 123: ...s A unicast MAC address for which the switch has forwarding and or filtering information As the data is gleaned from the MFDB the address will be a multicast address The format is 6 or 8 two digit hexadecimal numbers that are separated by colons for example 01 23 45 67 89 AB In an IVL system the MAC address will be displayed as 8 bytes Type The type of the entry Static entries are those that are c...

Page 124: ...e this command to set the write delay value to the default value 2 16 6 ip dhcp snooping binding Use this command to configure static DHCP Snooping binding 2 16 6 1 no ip dhcp snooping binding mac address Use this command to remove the DHCP static entry from the DHCP Snooping database Format ip dhcp snooping verify mac address Mode Global Config Format no ip dhcp snooping verify mac address Mode G...

Page 125: ...defaults 2 16 9 ip dhcp snooping log invalid Use this command to control the logging DHCP messages filtration by the DHCP Snooping application 2 16 9 1 no ip dhcp snooping log invalid Use this command to disable the logging DHCP messages filtration by the DHCP Snooping application Format ip verify binding mac address vlan vlan id ip address interface interface id Mode Global Config Format no ip ve...

Page 126: ...cannot disable port security alone if it is configured 2 16 12 show ip dhcp snooping Use this command to display the DHCP Snooping global configurations and per port configurations Example The following shows example CLI display output for the command switch show ip dhcp snooping Default disabled Format ip dhcp snooping trust Mode Interface Config Format no ip dhcp snooping trust Mode Interface Co...

Page 127: ...ch show ip dhcp snooping binding Total number of bindings 2 MAC Address IP Address VLAN Interface Type Lease Secs 00 02 B3 06 60 80 210 1 1 3 10 0 1 86400 00 0F FE 00 13 04 210 1 1 4 10 0 1 86400 2 16 14 show ip dhcp snooping database Use this command to display the DHCP Snooping configuration related to the database persistency Format show ip dhcp snooping binding static dynamic interface slot po...

Page 128: ...0 8 0 0 0 0 9 0 0 0 0 10 0 0 0 0 11 0 0 0 0 12 0 0 0 0 13 0 0 0 0 14 0 0 0 0 15 0 0 0 0 16 0 0 0 Mode Privileged EXEC User EXEC Term Definition Agent URL Bindings database agent URL Write Delay The maximum write time to wrte the database into local or remote Format show ip dhcp snooping statistics Mode Privileged EXEC User EXEC Term Definition Interface The IP address of the interface in slot port...

Page 129: ...n 0 1 ip mac 210 1 1 3 00 02 B3 06 60 80 10 0 1 ip mac 210 1 1 4 00 0F FE 00 13 04 10 Format clear ip dhcp snooping binding interface slot port Mode Privileged EXEC User EXEC Format clear ip dhcp snooping statistics Mode Privileged EXEC User EXEC Format show ip verify source Mode Privileged EXEC User EXEC Term Definition Interface Interface address in slot port format Filter Type Is one of two val...

Page 130: ...dress to its own MAC address DAI relies on DHCP snooping DHCP snooping listens to DHCP message exchanges and builds a binding database of valid MAC address IP address VLAN and interface tuples When DAI is enabled the switch drops ARP packets whose sender MAC address and sender IP address do not match an entry in the DHCP snooping bindings database You can optionally configure additional ARP packet...

Page 131: ... disable the additional validation checks on the received ARP packets 2 17 3 ip arp inspection vlan logging Use this command to enable logging of invalid ARP packets on a list of comma separated VLAN ranges 2 17 3 1 no ip arp inspection vlan logging Use this command to disable logging of invalid ARP packets on a list of comma separated VLAN ranges 2 17 4 ip arp inspection trust Use this command to...

Page 132: ...anges If the static keyword is given packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings 2 17 6 1 no ip arp inspection filter Use this command to unconfigure the ARP ACL used to filter invalid ARP packets on a list of comma separated VLAN ranges Format no ip arp inspection trust Mode Interface Config Note The user interface will accept a rate limi...

Page 133: ...ation on all the VLANs in the given VLAN list The global configuration includes the source mac validation destination mac validation and invalid IP validation information Format arp access list acl name Mode Global Config Format no arp access list acl name Mode Global Config Format permit ip host sender ip mac host sender mac Mode ARP Access list Config Format no permit ip host sender ip mac host ...

Page 134: ... of forwarded and dropped ARP packets on all DAI enabled VLANs VLAN Forwarded Dropped 10 90 14 20 10 3 Log Invalid Displays whether logging of invalid ARP packets is enabled on the VLAN ACL Name The ARP ACL Name if configured on the VLAN Static Flag If the ARP ACL is configured static on the VLAN Format show ip arp inspection statistics vlan vlan list Mode Privileged EXEC User EXEC Term Definition...

Page 135: ...mand displays the values for that interface whether the interface is enabled for DAI or not Example The following shows example CLI display output for the command Switching show ip arp inspection interfaces Interface Trust State Rate Limit Burst Interval pps seconds 0 1 Untrusted 15 1 0 2 Untrusted 10 10 2 17 13 show arp access list Use this command to display the configured ARP ACLs with the rule...

Page 136: ...system Global Config Mode or an interface Interface Config Mode This command also enables IGMP snooping on a particular VLAN VLAN Config Mode and can enable IGMP snooping on all interfaces participating in a VLAN If an interface has IGMP Snooping enabled and you enable this interface for routing or enlist it as a member of a port channel LAG IGMP Snooping functionality is disabled on that interfac...

Page 137: ...ected interface or VLAN Enabling fast leave allows the switch to immediately remove the layer 2 LAN interface from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending out MAC based general queries to the interface You should enable fast leave admin mode only on VLANs where only one host is connected to each layer 2 LAN port This prevents t...

Page 138: ...ue 2 18 5 set igmp maxresponse This command sets the IGMP Maximum Response time for the system or on a particular interface or VLAN The Maximum Response time is the amount of time in seconds that a switch will wait after sending a query on an interface because it did not receive a report for a particular group in that interface This value must be less than the IGMP Query Interval time value The ra...

Page 139: ... e no expiration 2 18 6 1 no set igmp mcrtrexpiretime This command sets the Multicast Router Present Expiration time to 0 The time is set for the system on a particular interface or a VLAN 2 18 7 set igmp mrouter This command configures the VLAN ID vlanId that has the multicast router mode enabled Format set igmp maxresponse vlan_id 1 25 Mode VLAN Config Format no set igmp maxresponse Mode Global ...

Page 140: ...are not used the command displays the following information When you specify the slot port values the following information appears Format no set igmp mrouter vlan_id Mode Interface Config Default disabled Format set igmp mrouter interface Mode Interface Config Format no set igmp mrouter interface Mode Interface Config Format show igmpsnooping slot port vlan_id Mode Privileged EXEC Term Definition...

Page 141: ...GMP Snooping Fast leave is active on the VLAN Group Membership Interval The amount of time in seconds that a switch will wait for a report from a particular group on a particular interface which is participating in the VLAN before deleting the interface from the entry This value may be configured Maximum Response Time The amount of time the switch waits after it sends a query on an interface parti...

Page 142: ...address while generating periodic queries If a VLAN has IGMP Snooping Querier enabled and IGMP Snooping is operationally disabled on it IGMP Snooping Querier functionality is disabled on that VLAN IGMP Snooping functionality is re enabled if IGMP Snooping is operational on the VLAN The IGMP Snooping Querier application supports sending periodic general queries on the VLAN to solicit membership rep...

Page 143: ...ration period It is the time period that the switch remains in Non Querier mode once it has discovered that there is a Multicast Querier in the network 2 19 3 1 no set igmp querier timer expiry Use this command to set the IGMP Querier timer expiration period to its default value 2 19 4 set igmp querier version Use this command to set the IGMP version of the query that the snooping switch is going ...

Page 144: ...ormation is displayed whether or not IGMP Snooping Querier is enabled When the optional argument vlanid is not used the command displays the following information When you specify a value for vlanid the following additional information appears Format no set igmp querier version Mode Global Config Default disabled Format set igmp querier election participate vlanid Mode VLAN Config Format no set ig...

Page 145: ... following activities Validation of address version payload length consistencies and discarding of the frame upon error Maintenance of the forwarding table entries based on the MAC address versus the IPv6 address Flooding of unregistered multicast data packets to all ports in the VLAN VLAN Operational State Indicates whether IGMP Snooping Querier is in Querier or Non Querier state When the switch ...

Page 146: ...ve admin mode on a selected interface or VLAN Enabling fast leave allows the switch to immediately remove the Layer 2 LAN interface from its forwarding table entry upon receiving and MLD done message for that multicast group without first sending out MAC based general queries to the interface Format set mld vlanid Mode Global Config Interface Config VLAN Mode Default disabled Format set mld interf...

Page 147: ...sponse Use this command to set the MLD Maximum Response time for the system on a particular interface or VLAN The Maximum Response time is the amount of time in seconds that a switch will wait after sending a query on an interface because it did not receive a report for a particular group in that interface This value must be less than the MLD Query Interval time value The range is 1 to 65 seconds ...

Page 148: ...has the multicast router attached mode enabled 2 20 7 1 no set mld mrouter Use this command to disable multicast router attached mode for a VLAN with a particular VLAN ID 2 20 8 set mld mrouter interface Use this command to configure the interface as a multicast router attached interface When configured as a multicast router interface the interface is treated as a multicast router attached interfa...

Page 149: ...d for MLD Snooping VLANs on which MLD Snooping is enabled Term Definition MLD Snooping Admin Mode Indicates whether MLD Snooping is active on the interface Fast Leave Mode Indicates whether MLD Snooping Fast Leave is active on the VLAN GroupMembership Interval Shows the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface which is partici...

Page 150: ...k and separately on VLANs Term Definition Interface Shows the interface on which multicast router information is being displayed Multicast Router Attached Indicates whether multicast router is statically enabled on the interface VLAN ID Displays the list of VLANs of which the interface is a member Format show mldsnooping mrouter vlan slot port Mode Privileged EXEC Term Definition Interface Shows t...

Page 151: ...address to reset the querier address 2 21 2 set mld querier query_interval Use this command to set the MLD Querier Query Interval time It is the amount of time in seconds that the switch waits before sending another general query 2 21 2 1 no set mld querier query_interval Use this command to set the MLD Querier Query Interval time to its default value 2 21 3 set mld querier timer expiry Use this c...

Page 152: ...and to display MLD Snooping Querier information Configured information is displayed whether or not MLD Snooping Querier is enabled When the optional arguments vlandid are not used the command displays the following information Format no set mld querier timer expiry Mode Global Config Default disabled Format set mld querier election participate Mode VLAN Config Format no set mld querier election pa...

Page 153: ...odic general queries When in Non Querier state it will wait for moving to Querier state and does not send out any queries VLAN Operational Max Response Time Indicates the time to wait before removing a Leave from a host upon receiving a Leave request This value is calculated dynamically from the Queries received from the network If the Snooping Switch is in Querier state then it is equal to the co...

Page 154: ...t security mac address This command adds a MAC address to the list of statically locked MAC addresses The vid is the VLAN ID 2 22 4 1 no port security mac address This command removes a MAC address from the list of statically locked MAC addresses 2 22 5 port security mac address move This command converts dynamically locked MAC addresses to statically locked addresses Default 600 Format port secur...

Page 155: ...iolation This command displays the source MAC address of the last packet discarded on a locked port Mode Interface Config Format show port security slot port all Mode Privileged EXEC Term Definition Admin Mode Port Locking mode for the entire system This field displays if you do not supply any parameters Term Definition Admin Mode Port Locking mode for the Interface Dynamic Limit Maximum dynamical...

Page 156: ...23 2 lldp receive Use this command to enable the LLDP receive capability 2 23 2 1 no lldp receive Use this command to return the reception of LLDPDUs to the default value 2 23 3 lldp timers Use this command to set the timing parameters for local data transmission on ports enabled for LLDP The interval seconds determines the number of seconds to wait between transmitting local data LLDPDUs The rang...

Page 157: ...on page 2 4 2 23 4 1 no lldp transmit tlv Use this command to remove an optional TLV from the LLDPDUs Use the command without parameters to remove all optional TLVs from the LLDPDU 2 23 5 lldp transmit mgmt Use this command to include transmission of the local system management address information in the LLDPDUs 2 23 5 1 no lldp transmit mgmt Use this command to include transmission of the local s...

Page 158: ... interval Use this command to return the notification interval to the default value 2 23 8 clear lldp statistics Use this command to reset all LLDP statistics including MED related information 2 23 9 clear lldp remote data Use this command to delete all information from the LLDP remote data table including MED related information Mode Interface Config Default disabled Format lldp notification Mode...

Page 159: ...de Privileged Exec Term Definition Interface The interface in a slot port format Link Shows whether the link is up or down Transmit Shows whether the interface transmits LLDPDUs Receive Shows whether the interface receives LLDPDUs Notify Shows whether the interface sends remote data change notifications TLVs Shows whether the interface sends optional TLVs in the LLDPDUs The TLV codes can be 0 Port...

Page 160: ...The interface in slot port format Transmit Total Total number of LLDP packets transmitted on the port Receive Total Total number of LLDP packets received on the port Discards Total number of LLDP frames discarded on the port for any reason Errors The number of invalid LLDP frames received on the port Ageouts Total number of times a complete remote data entry was deleted for the port because the Ti...

Page 161: ...e to the system Chassis ID Subtype The type of identification used in the Chassis ID field Chassis ID The chassis of the remote device Port ID Subtype The type of port on the remote device Port ID The port number that transmitted the LLDPDU System Name The system name of the remote device System Description Describes the remote system by identifying the system name and versions of hardware operati...

Page 162: ... interface in a slot port format Port ID The port ID associated with this interface Port Description The port description associated with the interface Format show lldp local device detail slot port Mode Privileged EXEC Term Definition Interface The interface that sends the LLDPDU Chassis ID Subtype The type of identification used in the Chassis ID field Chassis ID The chassis of the local device ...

Page 163: ...et will be transmitted in the Link Layer Discovery Protocol Data Units LLDPDUs Default disabled Format lldp med Mode Interface Config Format no lldp med Mode Interface Config Default disabled Format lldp med confignotification Mode Interface Config Format no lldp med confignotification Mode Interface Config Default By default the capabilities and network policy TLVs are included Format lldp med tr...

Page 164: ...nt Use this command to return to the factory default value 2 24 7 lldp med transmit tlv all Use this command to specify which optional Type Length Values TLVs in the LLDP MED set will be transmitted in the Link Layer Discovery Protocol Data Units LLDPDUs Format no lldp med transmit tlv capabilities network policy ex pse ex pd location inventory Mode Interface Config Format lldp med all Mode Global...

Page 165: ...es Example The following shows example CLI display output for the command Broadcom FASTPATH Routing show lldp med interface all Interface Link configMED operMED ConfigNotify TLVsTx 0 1 Down Disabled Disabled Disabled 0 1 0 2 Up Disabled Disabled Disabled 0 1 0 3 Down Disabled Disabled Disabled 0 1 0 4 Down Disabled Disabled Disabled 0 1 0 5 Down Disabled Disabled Disabled 0 1 Term Definition capab...

Page 166: ...gNotify TLVsTx 0 2 Up Disabled Disabled Disabled 0 1 TLV Codes 0 Capabilities 1 Network Policy 2 Location 3 Extended PSE 4 Extended Pd 5 Inventory Broadcom FASTPATH Routing 2 24 10 show lldp med local device detail Use this command to display detailed information about the LLDP MED data that a specific interface transmits slot port indicates a specific physical interface Example The following show...

Page 167: ...bout remote devices that transmit current LLDP MED data to the system You can show information about LLDP MED remote data received on all valid LLDP interfaces or on a specific physical interface Example The following shows example CLI display output for the command Broadcom FASTPATH Routing show lldp med remote device all LLDP MED Remote Device Summary Local Interface Remote ID Device Class 0 8 1...

Page 168: ... 18 Capabilities MED Capabilities Supported capabilities networkpolicy location extendedpse MED Capabilities Enabled capabilities networkpolicy Device Class Endpoint Class I Network Policies Media Policy Application Type voice Vlan ID 10 Priority 5 DSCP 1 Unknown False Tagged True Media Policy Application Type streamingvideo Vlan ID 20 Priority 1 DSCP 2 Unknown False Tagged True Inventory Hardware...

Page 169: ...1024 or TCP Control Flags 0 and TCP Sequence Number 0 or TCP Flags FIN URG and PSH set and TCP Sequence Number 0 or TCP Flags SYN and FIN set L4 Port Source TCP UDP Port Destination TCP UDP Port ICMP Limiting the size of ICMP Ping packets 2 25 1 dos control all This command enables Denial of Service protection checks globally 2 25 1 1 no dos control all This command disables Denial of Service prev...

Page 170: ...ol tcpfrag This command enables TCP Fragment Denial of Service protection If the mode is enabled Denial of Service prevention is active for this type of attack If packets ingress having IP Fragment Offset equal to one 1 the packets will be dropped if the mode is enabled 2 25 4 1 no dos control tcpfrag This command disabled TCP Fragment Denial of Service protection 2 25 5 dos control tcpflag This c...

Page 171: ...ables Maximum ICMP Packet Size Denial of Service protections If the mode is enabled Denial of Service prevention is active for this type of attack If ICMP Echo Request PING packets ingress having a size greater than the configured value the packets will be dropped if the mode is enabled 2 25 7 1 no dos control icmp This command disables Maximum ICMP Packet Size Denial of Service protections Defaul...

Page 172: ...L system the fdbid all parameter is required Mode Global Config Format show dos control Mode Privileged EXEC Term Definition First Fragment Mode May be enabled or disabled The factory default is disabled Min TCP Hdr Size 0 255 The factory default is 20 ICMP Mode May be enabled or disabled The factory default is disabled Max ICMPv4 Pkt Size The range is 0 1023 The factory default is 512 L4 Port Mod...

Page 173: ...digit hexadecimal numbers separated by colons for example 01 23 45 67 89 AB In an IVL system the MAC address will be displayed as a MAC address and VLAN ID combination of 8 bytes Type The type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Component The component that is responsible for ...

Page 174: ...Switching Commands CP6923 CP6923 CLI Reference Manual Page 2 130 ...

Page 175: ...Quality of Service Commands Chapter 1 3 Page 3 1 CP6923 CLI Reference Manual CP6923 ...

Page 176: ...w you to control the priority and transmission rate of traffic 3 1 1 classofservice dot1p mapping This command maps an 802 1p priority to an internal traffic class The userpriority values can range from 0 7 The trafficclass values range from 0 6 although the actual number of available traffic classes depends on the platform For more information about 802 1p priority see 2 5 Voice VLAN Commands on ...

Page 177: ...Dot1p the mode does not appear in the output of the show running config command because Dot1p is the default 3 1 3 1 no classofservice trust This command sets the interface mode to the default value 3 1 4 cos queue min bandwidth This command specifies the minimum transmission bandwidth guarantee for each interface queue The total number of queues supported per interface is platform specific A valu...

Page 178: ...affic rate is bounded 3 1 6 1 no traffic shape This command restores the interface shaping rate to the default value 3 1 7 show classofservice dot1p mapping This command displays the current Dot1p 802 1p priority mapping to internal traffic classes for a specific interface The slot port parameter is optional and is only valid on platforms that support independent per port class of Format cos queue...

Page 179: ...lowing information is repeated for each user priority 3 1 10 show classofservice trust This command displays the current trust mode setting for a specific interface The slot port parameter is optional and is only valid on platforms that support independent per port class of service mappings If you specify an interface the command displays the port trust mode of the interface If you do not specify ...

Page 180: ... Term Definition Non IP Traffic Class The traffic class used for non IP traffic This is only displayed when the COS trust mode is set to trust IP Precedence or IP DSCP on platforms that support IP DSCP Untrusted Traffic Class The traffic class used for all untrusted traffic This is only displayed when the COS trust mode is set to untrusted Format show interfaces cos queue slot port Mode Privileged...

Page 181: ...mory interface This command configures the packet memory limits for the related interface See detailed under packet memory above 3 2 Differentiated Services DiffServ Commands This section describes the commands you use to configure QOS Differentiated Services DiffServ You configure DiffServ in several stages by specifying three DiffServ components 1 Class a Creating and deleting classes b Defining...

Page 182: ...is not activated When enabled DiffServ services are activated 3 2 1 1 no diffserv This command sets the DiffServ operational mode to inactive While disabled the DiffServ configuration is retained and can be changed but it is not activated When enabled DiffServ services are activated 3 3 DiffServ Class Commands Use the DiffServ class commands to define traffic classification To classify traffic you...

Page 183: ...ass map rename This command changes the name of a DiffServ class The class map name is the name of an existing DiffServ class The new class map name parameter is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the class 3 3 3 match ethertype This command adds to the specified class definition a match condition based on the value of the ethertype The ethertype valu...

Page 184: ...ss Map Config Default none Format match any Mode Class Map Config Ipv6 Class Map Config Default none Format match class map refclassname Mode Class Map Config Ipv6 Class Map Config Note The parameters refclassname and class map name can not be the same Only one other class may be referenced by a class Any attempts to delete the refclassname class while the class is still referenced by any class ma...

Page 185: ... 802 1Q tag of a double VLAN tagged packet The value may be from 0 to 7 3 3 8 match destination address mac This command adds to the specified class definition a match condition based on the destination MAC address of a packet The macaddr parameter is any layer 2 MAC address formatted as six two digit hexadecimal numbers separated by colons e g 00 11 22 dd ee ff The macmask parameter is a layer 2 ...

Page 186: ...for portkey is one of the supported port name keywords The currently supported portkey values are domain echo ftp ftpdata http smtp snmp telnet tftp www Each of these translates into its equivalent port number To specify the match condition using a numeric notation one layer 4 port number is required The port number is an integer from 0 to 65535 3 3 12 match ip dscp This command adds to the specif...

Page 187: ...t are used for comparison against the IP TOS field in a packet For example to check for an IP TOS value having bits 7 and 5 set and bit 1 clear where bit 7 is most significant use a tosbits value of a0 hex and a tosmask of a2 hex Note The ip dscp ip precedence and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a s...

Page 188: ...decimal numbers separated by colons e g 00 11 22 dd ee ff The macmask parameter is a layer 2 MAC address bit mask which may not be contiguous and is formatted as six two digit hexadecimal numbers separated by colons e g ff 07 23 ff fe dc The optional not parameter has the effect of negating this match condition for the class i e match all source MAC addresses except for what is specified here 3 3 ...

Page 189: ...required The port number is an integer from 0 to 65535 3 3 20 match vlan This command adds to the specified class definition a match condition based on the value of the layer 2 VLAN Identifier field the only tag in a single tagged packet or the first or outer tag of a double VLAN tagged packet The VLAN ID is an integer from 1 to 4095 3 3 21 match secondary vlan This command adds to the specified c...

Page 190: ...ual policy attributes The CLI command root is policy map 3 4 1 assign queue This command modifies the queue id to which the associated traffic stream is assigned The queueid is an integer from 0 to n 1 where n is the number of egress queues supported by the device 3 4 2 drop This command specifies that all packets for the associated traffic stream are to be dropped at ingress 3 4 3 mirror This com...

Page 191: ... specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements The classname is the name of an existing DiffServ class Format mirror slot port Mode Policy Class Map Config Incompatibilities Drop Redirect Note This command is not available on the Broadcom 5630x platform Format redirect slot port Mode Policy Class Map Config Incompatibilit...

Page 192: ...specified as either an integer from 0 to 63 or symbolically through one of the following keywords af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 be cs0 cs1 cs2 cs3 cs4 cs5 cs6 cs7 ef 3 4 8 mark ip precedence This command marks all packets for the associated traffic stream with the specified IP Precedence value The IP Precedence value is an integer from 0 to 7 Note This command removes...

Page 193: ...nce value is required and is specified as an integer from 0 7 For set cos transmit an 802 1p priority value is required and is specified as an integer from 0 7 3 4 10 policy map This command establishes a new DiffServ policy The policyname parameter is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the policy The type of policy is specific to the inbound traffic ...

Page 194: ... name of an existing DiffServ policy This command causes a service to create a reference to the policy 3 5 1 1 no service policy This command detaches a policy from an interface in the inbound direction The policyname parameter is the name of an existing DiffServ policy Format policy map rename policyname newpolicyname Mode Global Config Note This command effectively enables DiffServ on an interfa...

Page 195: ...ed for the class is evaluated simultaneously and must all be true to indicate a class match L3 Proto The Layer 3 protocol for this class Possible values are IPv4 and IPv6 Match Criteria The Match Criteria fields are only displayed if they have been configured Not all platforms support all match criteria values They are displayed in the order entered by the user The fields are evaluated in accordan...

Page 196: ...s rows for the Class Table Class Rule Table Size The current number of entries rows in the Class Rule Table Class Rule Table Max The maximum allowed entries rows for the Class Rule Table Policy Table Size The current number of entries rows in the Policy Table Policy Table Max The maximum allowed entries rows for the Policy Table Policy Instance Table Size Current number of entries rows in the Poli...

Page 197: ...he mark cos was not specified Mark IP DSCP The mark re mark value used as the DSCP for traffic matching this class This is not displayed if mark ip description is not specified Mark IP Precedence The mark re mark value used as the IP Precedence for traffic matching this class This is not displayed if mark ip precedence is not specified Mirror Copies a classified traffic stream to a specified egres...

Page 198: ...s only in effect on an interface while DiffServ is in an enabled mode Interface Valid slot and port number separated by a forward slash Direction The traffic direction of this interface service Operational Status The current operational status of this DiffServ service interface Policy Name The name of the policy attached to the interface in the indicated direction Policy Details Attached policy de...

Page 199: ...thernet II frame types The maximum number of rules per MAC ACL is hardware dependent For the Broadcom 5630x platform if you configure an IP ACL on an interface you cannot configure a MAC ACL on the same interface Format show policy map interface slot port in Mode Privileged EXEC Term Definition Interface Valid slot and port number separated by a forward slash Direction The traffic direction of thi...

Page 200: ...e sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list This command fails if a MAC ACL by the name newname already exists 3 7 3 deny permit MAC ACL This command creates a new rule for the current MAC access list Each rule is appended to the list of configured rules for the list Note The CLI mode changes to Mac Access List Config mode when you successfully ...

Page 201: ...hardware queue for handling traffic that matches this rule The allowed queue id value is 0 n 1 where n is the number of user configurable queues available for the hardware platform The assign queue parameter is valid only for a permit rule For the Broadcom 5650x platform the mirror parameter allows the traffic matching this rule to be copied to the specified slot port while the redirect parameter ...

Page 202: ...pplied to all interfaces The VLAN keyword is only valid in the Global Config mode The Interface Config mode command is only available on platforms that support independent per port class of service queue configuration 3 7 4 1 no mac access group This command removes a MAC ACL identified by name from the interface in a given direction 3 7 5 show mac access lists This command displays a MAC access l...

Page 203: ... 0 s in a bit position that must be checked A 1 in a bit position of the ACL mask indicates the corresponding bit can be ignored 3 8 1 access list This command creates an IP Access Control List ACL that is identified by the access list number which is 1 99 for standard ACLs or 100 199 for extended ACLs Table 2 describes the parameters for the access list command IP Standard ACL IP Extended ACL VLA...

Page 204: ...l to filter for an extended IP ACL rule srcip srcmask Specifies a source IP address and source netmask for match condition of the IP ACL rule eq portkey 0 65535 Specifies the source layer 4 port match condition for the IP ACL rule You can use the port number which ranges from 0 65535 or you specify the portkey which can be one of the following keywords domain echo ftp ftpdata http smtp snmp telnet...

Page 205: ...source and destination IP address fields may be specified using the keyword any to indicate a match on any value in that field The remaining command parameters are all optional but the most frequently used parameters appear in the same relative order as shown in the command format Format ip access list name Mode Global Config Format no ip access list name Mode Global Config Format ip access list r...

Page 206: ...irection the specified access list replaces the currently attached IP access list using that sequence number If the sequence number is not specified for this command a sequence number that is one greater than the highest sequence number currently in use for this interface and direction is used 3 8 5 1 no ip access group This command removes a specified IP ACL from an interface 3 8 6 acl trapflags ...

Page 207: ...icates whether this access list applies to every packet Possible values are True or False Protocol The protocol to filter for this rule Source IP Address The source IP address for this rule Source IP Mask The source IP Mask for this rule Source L4 Port Keyword The source port for this rule Destination IP Address The destination IP address for this rule Destination IP Mask The destination IP Mask f...

Page 208: ...y name from the system 3 9 2 ipv6 access list rename This command changes the name of an IPv6 ACL The name parameter is the name of an existing IPv6 ACL The newname parameter is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the IPv6 access list Term Definition ACL Type Type of access list IP IPv6 or MAC ACL ID Access List name for a MAC or IPv6 access list or th...

Page 209: ...c matching this rule to be forwarded to the specified slot port The assign queue and redirect parameters are only valid for a permit rule 3 9 4 ipv6 traffic filter This command either attaches a specific IPv6 ACL identified by name to an interface or associates with a VLAN ID in a given direction The name parameter must be the name of an existing IPv6 ACL An optional sequence number may be specifi...

Page 210: ...ig Interface Config Format no ipv6 traffic filter name vlan vlan id in sequence 1 4294967295 Modes Global Config Interface Config Format show ipv6 access lists name Mode Privileged EXEC Term Definition Rule Number The ordered rule number identifier defined within the IPv6 ACL Action The action associated with each rule The possible values are Permit or Deny Match All Indicates whether this access ...

Page 211: ... 10 1 auto voip all Use this command to enable VoIP Profile on the interfaces of the switch 3 10 1 1 no auto voip all Use this command to disable VoIP Profile on the interfaces of the switch 3 10 2 auto voip Use this command to enable VoIP Profile on the interface 3 10 2 1 no auto voip Use this command to disable VoIP Profile on the interface 3 10 3 show auto voip Use this command to display the V...

Page 212: ...raptimer This command resets the time interval for generating ACL traps to its default value 3 11 2 show acl traptimer This command displays the time interval for generating ACL traps A trap is generated if a ACL rule applies for an incoming packet Field Description AutoVoIP Mode The Auto VoIP mode on the interface Traffic Class The CoS Queue or Traffic Class to which all VoIP traffic is mapped to...

Page 213: ...Routing Commands Chapter 1 4 Page 4 1 CP6923 CLI Reference Manual CP6923 ...

Page 214: ...n the switch ARP associates IP addresses with MAC addresses and stores the information as ARP entries in the ARP cache 4 1 1 arp This command creates an ARP entry The value for ipaddress is the IP address of a device on a subnet attached to an existing routing interface macaddr is a unicast MAC address for that device The format of the MAC address is 6 two digit hexadecimal numbers that are separa...

Page 215: ...hesize This command configures the ARP cache size The ARP cache size value is a platform specific integer value The default size also varies depending on the platform 4 1 3 1 no arp cachesize This command configures the default ARP cache size 4 1 4 arp dynamicrenew This command enables the ARP component to automatically renew dynamic ARP entries when they age out 4 1 4 1 no arp dynamicrenew This c...

Page 216: ...and configures the default ARP request response timeout 4 1 7 arp retries This command configures the ARP count of maximum request for retries The value for retries is an integer which represents the maximum number of request for retries The range for retries is an integer between 0 10 retries 4 1 7 1 no arp retries This command configures the default ARP count of maximum request for retries 4 1 8...

Page 217: ...he clear arp switch command and check the show arp switch entries There will be no more arp entries 4 1 11 show arp This command displays the Address Resolution Protocol ARP cache The displayed results are not the total ARP entries To view the total ARP entries the operator should view the show arp results in conjunction with the show arp switch results Default 1200 Format arp timeout 15 21600 Mod...

Page 218: ...onfigurable The possible values are Local Gateway Dynamic and Static Age The current age of the ARP entry since last refresh in hh mm ss format Format show arp brief Mode Privileged EXEC Term Definition Age Time seconds The time it takes for an ARP entry to age out This value is configurable Age time is measured in seconds Response Time seconds The time it takes for an ARP request timeout This val...

Page 219: ... the IP Router Admin Mode for the master switch 4 2 2 1 no ip routing This command disables the IP Router Admin Mode for the master switch 4 2 3 ip address This command configures an IP address on an interface You can also use this command to configure one or more secondary IP addresses on the interface The value for ipaddr is the IP address of the interface The value for subnetmask is a 4 digit d...

Page 220: ...of an individual static route Among routes to the same destination the route with the lowest preference value is the route entered into the forwarding database By specifying the preference of a static route you control whether a static route is more or less preferred than routes from dynamic routing protocols The preference also controls whether a static route is more or less preferred than other ...

Page 221: ...et the distance preference of an individual static route The default distance is used when no distance is specified in these commands Changing the default distance does not update the distance of existing static routes even if they were assigned the original default distance The new default distance will only be applied to static routes created after invoking the ip route distance command 4 2 6 1 ...

Page 222: ...e IP MTU in the Database Description packets it sends to its neighbors during database exchange If two OSPF neighbors advertise different IP MTUs they will not form an adjacency unless OSPF has been instructed to ignore differences in IP MTU with the ip ospf mtu ignore command 4 2 8 1 no ip mtu This command resets the ip mtu to the default value 4 2 9 show ip brief This command displays all the su...

Page 223: ...0 messages The default value is 100 messages ICMP Echo Replies Shows whether ICMP Echo Replies are enabled or disabled ICMP Redirects Shows whether ICMP Redirects are enabled or disabled Format show ip interface slot port Modes Privileged EXEC User EXEC Term Definition Routing Interface Status Determine the operational status of IPv4 routing Interface The possible values are Up or Down Primary IP ...

Page 224: ...ve An interface is considered active if its link is up and it is in forwarding state Link Speed Data Rate An integer representing the physical link data rate of the specified interface This is measured in Megabits per second Mbps MAC Address The burned in physical address of the specified interface The format is 6 two digit hexadecimal numbers that are separated by colons Encapsulation Type The en...

Page 225: ...ce Possible values are Enable or Disable MultiCast Fwd The multicast forwarding administrative mode on the interface Possible values are Enable or Disable Note If you use the connected keyword for protocol the all option is not available because there are no best or non best connected routes Format show ip route ip address protocol ip address mask longer prefixes protocol protocol all all Modes Pr...

Page 226: ... 0 5 S 7 0 0 0 8 1 0 directly connected Null0 OIA 10 10 10 0 24 110 6 via 5 5 5 2 00h 00m 01s 0 5 C 11 11 11 0 24 0 1 directly connected 0 11 S 12 0 0 0 8 5 0 directly connected Null0 S 23 0 0 0 8 3 0 directly connected Null0 4 2 13 show ip route summary Use this command to display the routing table summary Use the optional all parameter to show the number of all routes including best and non best...

Page 227: ...yed 4 3 Router Discovery Protocol Commands This section describes the commands you use to view and configure Router Discovery Protocol settings on the switch The Router Discovery Protocol enables a host to discover the IP address of routers on the subnet 4 3 1 ip irdp This command enables Router Discovery on an interface Format show ip route preferences Modes Privileged EXEC User EXEC Term Definit...

Page 228: ...ertisement sent from this interface The holdtime range is the value of maxadvertinterval to 9000 seconds 4 3 3 1 no ip irdp holdtime This command configures the default value in seconds of the holdtime field of the router advertisement sent from this interface 4 3 4 ip irdp maxadvertinterval This command configures the maximum time in seconds allowed between sending router advertisements from the ...

Page 229: ...r address relative to other router addresses on the same subnet 4 3 6 1 no ip irdp preference This command configures the default preferability of the address as a default router address relative to other router addresses on the same subnet 4 3 7 show ip irdp This command displays the router discovery information for all interfaces or a specified interface Format no ip irdp maxadvertinterval Mode ...

Page 230: ...has a range from 1 to 3965 Example Example 1 shows the command specifying a vlanid value The interface ID argument is not used Switch Vlan vlan 14 Switch Vlan vlan routing 14 cr Press enter to execute the command 1 128 Enter interface ID Typically you press Enter without supplying the Interface ID value the system automatically selects the interface ID In Example 2 the command specifies interface ...

Page 231: ...terface Switch show ip vlan MAC Address used by Routing VLANs 00 11 88 59 47 36 Logical VLAN ID Interface IP Address Subnet Mask 10 4 1 172 16 10 1 255 255 255 0 11 4 50 172 16 11 1 255 255 255 0 12 4 3 172 16 12 1 255 255 255 0 13 4 4 172 16 13 1 255 255 255 0 14 4 51 0 0 0 0 0 0 0 0 Switch config Switch Config exit Switch vlan database Switch Vlan vlan 15 Switch Vlan vlan routing 15 1 Interface ...

Page 232: ...mand in Global Config mode to enable the administrative mode of VRRP on the router 4 5 1 1 no ip vrrp Use this command in Global Config mode to disable the default administrative mode of VRRP on the router Format show ip vlan Modes Privileged EXEC User EXEC Term Definition MAC Address used by Routing VLANs The MAC Address associated with the internal bridge router interface IBRI The same MAC Addre...

Page 233: ...configured on the specified interface Disabling the status field stops a virtual router 4 5 4 ip vrrp ip This command sets the virtual router IP address value for an interface The value for ipaddr is the IP address which is to be configured on that interface for VRRP The parameter vrid is the virtual router ID which has an integer value range from 1 to 255 You can use the optional secondary parame...

Page 234: ...rface 4 5 7 ip vrrp priority This command sets the priority of a router within a VRRP group Higher values equal higher priority The range is from 1 to 254 The parameter vrid is the virtual router ID whose range is from 1 to 255 The router with the highest priority is elected master If a router is configured with the address used as the address of the virtual router the router is called the address...

Page 235: ...ment When the interface is up for IP protocol the priority will be incremented by the priority value A VRRP configured interface can track more than one interface When a tracked interface goes down then the priority of the router will be decreased by 10 the default priority decrement for each downed interface The default priority decrement is changed using the priority argument The default priorit...

Page 236: ...reachable 4 5 11 show ip vrrp interface stats This command displays the statistical information about each virtual router configured on the switch Default priority 10 Format ip vrrp vrid track ip route ip address prefix length decrement priority Mode Interface Config Format no ip vrrp vrid track interface slot port decrement Mode Interface Config Format show ip vrrp interface stats slot port vrid ...

Page 237: ...own authentication type Authentication Type Mismatch The total number of VRRP advertisements received for which auth type not equal to locally configured one for this virtual router Packet Length Errors The total number of VRRP packets received with packet length less than length of VRRP header Format show ip vrrp Modes Privileged EXEC User EXEC Term Definition VRRP Admin Mode The administrative m...

Page 238: ... This command takes no options It displays information about each virtual router Configured Priority The priority configured through the ip vrrp vrid priority 1 254 command Advertisement interval The advertisement interval in seconds for the specific virtual router Pre Empt Mode The preemption mode configured on the specified virtual router Administrative Mode The status Enable or Disable of the s...

Page 239: ... Relay on the system The hops parameter has a range of 1 to 16 4 6 2 1 no bootpdhcprelay maxhopcount This command configures the default maximum allowable relay agent hops for BootP DHCP Relay on the system 4 6 3 bootpdhcprelay minwaittime This command configures the minimum wait time in seconds for BootP DHCP Relay on the system When the BOOTP relay agent receives a BOOTREQUEST message it MAY use...

Page 240: ...form the helper addresses list until the list reaches the maximum supported helper addresses 4 7 1 1 no ip helper address Use this command to remove the IP address from the previously configured list The no command without an ip address argument removes the entire list of helper addresses on that interface Format no bootpdhcprelay minwaittime Mode Global Config Format show bootpdhcprelay Modes Pri...

Page 241: ...gure OSPF which is a link state routing protocol that you use to route traffic within a network 4 8 1 router ospf Use this command to enter Router OSPF mode 4 8 2 enable OSPF This command resets the default administrative mode of OSPF in the router active 4 8 2 1 no enable OSPF This command sets the administrative mode of OSPF in the router to inactive Format no ip helper address ip address Mode I...

Page 242: ...area command It can also be used to configure the advertiseability of the secondary addresses on this interface into the OSPFv2 domain 4 8 4 1 no ip ospf area Use this command to disable OSPF on an interface 4 8 5 1583compatibility This command enables OSPF 1583 compatibility Default disabled Format network ip address wildcard mask area area id Mode Router OSPF Config Format no network ip address ...

Page 243: ...the NSSA The optional metric parameter specifies the metric of the default route and is to be in a range of 1 16777214 If no metric is specified the default value is The metric type can be comparable nssa external 1 or non comparable nssa external 2 4 8 8 1 no area nssa default info originate OSPF This command disables the default route advertised into the NSSA Format no 1583compatibility Mode Rou...

Page 244: ...nd configures the translator role of the NSSA A value of always causes the router to assume the role of the translator the instant it becomes a border router and a value of candidate causes the router to participate in the translator election process when it attains border router status 4 8 11 1 no area nssa translator role OSPF This command disables the nssa translator role from the specified are...

Page 245: ...essed 4 8 13 1 no area range This command deletes a specified area range The ipaddr is a valid IP address The subnetmask is a valid subnet mask 4 8 14 area stub OSPF This command creates a stub area for the specified area ID A stub area is characterized by the fact that AS External LSAs are not propagated into the area Removing AS External LSAs and Summary LSAs can significantly reduce the link st...

Page 246: ...nterface identified by areaid and neighbor The neighbor parameter is the Router ID of the neighbor The value for type is either none simple or encrypt The key is composed of standard displayable non control keystrokes from a Standard 101 102 key keyboard The authentication key must be 8 bytes or less if the authentication type is simple If the type is encrypt the key may be up to 16 bytes Unauthen...

Page 247: ...ID of the neighbor 4 8 19 area virtual link hello interval OSPF This command configures the hello interval for the OSPF virtual interface on the virtual interface identified by areaid and neighbor The neighbor parameter is the Router ID of the neighbor The range for seconds is 1 to 65535 4 8 19 1 no area virtual link hello interval This command configures the default hello interval for the OSPF vi...

Page 248: ...ks have lower metrics making them more attractive in route selection The configuration parameters in the auto cost reference bandwidth and bandwidth commands give you control over the default link cost You can configure for OSPF an interface bandwidth that is independent of the actual link speed A second configuration parameter allows you to control the ratio of interface bandwidth to link cost Th...

Page 249: ...t the actual speed of an interface 4 8 23 1 no bandwidth Use this command to set the interface bandwidth to its default value 4 8 24 capability opaque Use this command to enable Opaque Capability on the Router The information contained in Opaque LSAs may be used directly by OSPF or indirectly by an application wishing to distribute information throughout the OSPF domain FASTPATH supports the stori...

Page 250: ...9 clear ip ospf neighbor interface To drop adjacency with all neighbors on a specific interface use the optional parameter slot port To drop adjacency with a specific router ID on a specific interface use the optional parameter neighbor id 4 8 30 clear ip ospf redistribution Use this command to flush all self originated external LSAs Reapply the redistribution configuration and re originate prefix...

Page 251: ...OSPF route can be intra inter or external All the external type routes are given the same preference value The range of preference value is 1 to 255 4 8 33 1 no distance ospf This command sets the default route preference value of OSPF routes in the router The type of OSPF can be intra inter or external All the external type routes are given the same preference value Default metric unspecified typ...

Page 252: ...6 external lsdb limit OSPF This command configures the external LSDB limit for OSPF If the value is 1 then there is no limit When the number of non default AS external LSAs in a router s link state database reaches the external LSDB limit the router enters overflow state The router never holds more than the external LSDB limit non default AS external LSAs in it database The external LSDB limit MUS...

Page 253: ...rface The cost parameter has a range of 1 to 65535 4 8 38 1 no ip ospf cost This command configures the default cost on an OSPF interface 4 8 39 ip ospf dead interval This command sets the OSPF dead interval for the specified interface The value for seconds is a valid positive integer which represents the length of time in seconds that a router s Hello packets have not been seen before its neighbo...

Page 254: ...network type to broadcast The point to point option sets the OSPF network type to point to point OSPF treats interfaces as broadcast interfaces by default Loopback interfaces have a special loopback network type which cannot be changed When there are only two routers on the network OSPF can operate more efficiently by treating the network as a point to point network For point to point networks OSP...

Page 255: ...and link state request packets Valid values range from 0 to 3600 1 hour 4 8 43 1 no ip ospf retransmit interval This command sets the default OSPF retransmit Interval for the specified interface 4 8 44 ip ospf transmit delay This command sets the OSPF Transit Delay for the specified interface The transmit delay is specified in seconds In addition it sets the estimated number of seconds it takes to...

Page 256: ...and sets a 4 digit dotted decimal number uniquely identifying the router ospf id The ipaddress is a configured value 4 8 47 redistribute OSPF This command configures OSPF protocol to allow redistribution of routes from the specified source protocol routers 4 8 47 1 no redistribute This command configures OSPF protocol to prohibit redistribution of routes from the specified source protocol routers ...

Page 257: ...interfaces Any interface previously configured to be passive reverts to non passive mode 4 8 50 passive interface OSPF Use this command to set the interface or tunnel as passive It overrides the global passive mode that is currently effective on the interface or tunnel 4 8 50 1 no passive interface Use this command to set the interface or tunnel as non passive It overrides the global passive mode ...

Page 258: ...e the individual flag enter the group name followed by that particular flag To enable all the flags in that group give the group name followed by all To enable all the flags give the command as trapflags all Default delay time 5 hold time 10 Format timers spf delay time hold time Mode Router OSPF Config Group Flags errors authentication failure bad packet config error virt authentication failure v...

Page 259: ...e lsa originate overflow all lsdb overflow lsdb approaching overflow retransmit all packets virt packets rtb all rtb entry info state change all if state change neighbor state change virtif state change virtneighbor state change Mode Router OSPF Config Format no trapflags all errors all authentication failure bad packet config error virt authentication failure virt bad packet virt config error if ...

Page 260: ...the router is an autonomous system border router The router automatically becomes an ASBR when it is configured to redistribute routes learnt from other protocols The possible values for the ASBR status is enabled if the router is configured to redistribute routes learned by other protocols or disabled if the router is not configured for the same Stub Router When OSPF runs out of resources to stor...

Page 261: ...fault Metric Default value for redistributed routes Default Passive Setting Shows whether the interfaces are passive by default Default Route Advertise Indicates whether the default routes received from other source protocols are advertised or not Always Shows whether default routes are always advertised Metric The metric of the routes being redistributed If the metric is not configured this field...

Page 262: ...ernal OSPF routing table entries to Area Border Routers ABR This command takes no options 4 8 54 show ip ospf area This command displays information about the area The areaid identifies the OSPF area that is being displayed Format show ip ospf abr Mode Privileged EXEC User EXEC Term Definition Type The type of the route to the destination It can be either intra Intra area route inter Inter area ro...

Page 263: ...s only if the area is a configured as a stub area Term Definition Import Summary LSAs Shows whether to import summary LSAs into the NSSA Redistribute into NSSA Shows whether to redistribute information into the NSSA DefaultInformation Originate Shows whether to advertise a default route into the NSSA Default Metric The metric value for the default route advertised into the NSSA Default Metric Type...

Page 264: ...ue LSAs router Use router to display router LSAs summary Use summary to show the LSA database summary information lsid Use lsid to specify the link state ID LSID The value of lsid can be an IP address or an integer in the range of 0 4294967295 adv router Use adv router to show the LSAs that are restricted by the advertising router self originate Use self originate to display the LSAs in that are s...

Page 265: ...aque area LSAs in the database Subtotal Number of entries for the identified area Opaque AS Number of opaque AS LSAs in the database Total Number of entries for all areas Format show ip ospf interface slot port loopback loopback id Mode Privileged EXEC User EXEC Term Definition IP Address The IP address for the specified interface Subnet Mask A mask of the network and host portion of the IP addres...

Page 266: ... designated router Backup Designated Router The router ID representing the backup designated router Number of Link Events The number of link events Local Link LSAs The number of Link Local Opaque LSAs in the link state database Local Link LSA Checksum The sum of LS Checksums of Link Local Opaque LSAs in the link state database Format show ip ospf interface brief Mode Privileged EXEC User EXEC Term...

Page 267: ...e Discards The number of received OSPF packets discarded because of an error in the packet or an error in processing the packet Bad Version The number of received OSPF packets whose version field in the OSPF header does not match the version of the OSPF process handling the packet Source Not On Local Subnet The number of received packets discarded because the source IP address is not within a subn...

Page 268: ... not match the previously recorded IP address for that neighbor Note Does not apply to Hellos Invalid OSPF Packet Type The number of OSPF packets discarded because the packet type field in the OSPF header is not a known type Hellos Ignored The number of received Hello packets that were ignored by this router from the new neighbors after the limit has been reached for the number of neighbors on an ...

Page 269: ...rs are fully adjacent and they will now appear in router LSAs and network LSAs Dead Time The amount of time in seconds to wait before the router assumes the neighbor is unreachable Term Definition Interface Valid slot and port number separated by forward slashes Neighbor IP Address The IP address of the neighbor router Interface Index The interface ID of the neighbor router Area ID The area ID of ...

Page 270: ...d the reasons why the SPF was scheduled Format show ip ospf range areaid Modes Privileged EXEC User EXEC Term Definition Area ID The area id of the requested OSPF area IP Address An IP address which represents this area range Subnet Mask A valid subnet mask for this area range Lsdb Type The type of link advertisement associated with this area range Advertisement The status of the advertisement Adv...

Page 271: ...lts to the least metric of the type of service among the interfaces to other areas The OSPF cost for a route is a function of the metric value Import Summary LSA Controls the import of summary LSAs into stub areas Format show ip ospf virtual link areaid neighbor Modes Privileged EXEC User EXEC Term Definition Area ID The area id of the requested OSPF area Neighbor Router ID The input neighbor Rout...

Page 272: ...is command enables RIP on a router interface 4 9 3 1 no ip rip This command disables RIP on a router interface Term Definition Area ID The area id of the requested OSPF area Neighbor The neighbor interface of the OSPF virtual interface Hello Interval The configured hello interval for the OSPF virtual interface Dead Interval The configured dead interval for the OSPF virtual interface Retransmit Int...

Page 273: ...advertisement of default routes 4 9 6 default metric RIP This command is used to set a default for the metric of distributed routes 4 9 6 1 no default metric RIP This command is used to reset the default metric of distributed routes to its default value Mode Interface Config Default disabled Format auto summary Mode Router RIP Config Format no auto summary Mode Router RIP Config Format default inf...

Page 274: ...cified interface The value of type is either none simple or encrypt The value for authentication key key must be 16 bytes or less The key is composed of standard displayable non control keystrokes from a Standard 101 102 key keyboard If the value of type is encrypt a keyid in the range of 0 and 255 must be specified Unauthenticated interfaces do not need an authentication key or authentication key...

Page 275: ...broadcast RIP version 1 formatted packets rip1c RIP version 1 compatibility mode which sends RIP version 2 formatted packets via broadcast rip2 for sending RIP version 2 using multicast or none to not allow any RIP control packets to be sent 4 9 11 1 no ip rip send version This command configures the interface to allow RIP control packets of the default version to be sent 4 9 12 hostroutesaccept T...

Page 276: ...match options When you submit the command redistribute ospf match match type the match type or types specified are added to any match types presently being redistributed Internal routes are redistributed by default 4 9 14 1 no redistribute This command de configures RIP protocol to redistribute routes from the specified source protocol routers 4 9 15 show ip rip This command displays information r...

Page 277: ...ude the refresh of a route s age Global queries The number of responses sent to RIP queries from other systems Default Metric The default metric of redistributed routes if one has already been set or blank if not configured earlier The valid values are 1 to 15 Default Route Advertise The default route Format show ip rip interface brief Modes Privileged EXEC User EXEC Term Definition Interface Vali...

Page 278: ...updates from the specified interface The types are none RIP 1 RIP 2 Both This is a configured value Both RIP Admin Mode RIP administrative mode of router RIP operation enable activates disable de activates it This is a configured value Link State Indicates whether the RIP interface is up or down This is a configured value Authentication Type The RIP Authentication Type for the specified interface ...

Page 279: ...s by the router 4 10 4 ip icmp error interval Use this command to limit the rate at which IPv4 ICMP error messages are sent The rate limit is configured as a token bucket with two configurable parameters burst size and burst interval The burst interval specifies how often the token bucket is initialized with burst size tokens burst interval is from 0 to 2147483647 milliseconds msec The burst size ...

Page 280: ...ans that for example when the tunnel is down no ICMP unreachable is generated It also means that PATH MTU discovery will not work as expected Each host sending data through the tunnel should thus use an appropriately lowered MTU 4 11 1 interface tunnel This command enters tunnel configuration mode Up to 8 distinct tunnels can be configured Each tunnel is identified by the IP addresses of the local...

Page 281: ...and match the tunnel type are subject to decapsulation 4 11 5 ip address Set the tunnel IP address This address can be used with static routes to identify the tunnel as the next hop 4 11 6 shutdown Set tunnel to link state down mode This will disable the tunnel and also will disable all routes using the tunnel 4 11 6 1 no shutdown Set tunnel to link state up mode This will enable the tunnel and al...

Page 282: ...ct errors that only occur in a single direction i e one end is still able to receive while the other end is not A remote site is declared failed when its heartbeat was not received for a configurable grace period When a remote site is sending heartbeats it is not declared working until a configurable lockout period has elapsed This may be used to avoid flapping links that toggle between working an...

Page 283: ...ing the tunnel mode to link state up again 100 ms to 90 seconds 4 12 6 heartbeat ignore remote failure When this command is given heartbeat commands are sent and received but the tunnel will never go to link state down because of heartbeat failure This is most useful for tunnels that shall always be up but where heartbeat information is useful to the operator It can also be used to temporarily ign...

Page 284: ...at number This command lists the current heartbeat configuration and status for a specific heartbeat association 4 12 9 show heartbeat This command lists the current heartbeat global configuration Format no heartbeat ignore remote failure Mode Interface Tunnel Mode Format show heartbeat brief Mode Privileged Exec Format show heartbeat number Mode Privileged Exec Format show heartbeat Mode Privileg...

Page 285: ...Multicast Commands Chapter 1 5 Page 5 1 CP6923 CLI Reference Manual CP6923 ...

Page 286: ...trative boundary is applicable groupipaddr is a group IP address and mask is a group IP mask 5 1 1 1 no ip mcast boundary This command deletes an administrative scope multicast boundary specified by groupipaddr and mask for which this multicast administrative boundary is applicable groupipaddr is a group IP address and mask is a group IP mask 5 1 2 ip multicast This command sets the administrative...

Page 287: ...ault ttlthreshold to a routing interface The ttlthreshold is the TTL threshold which is to be applied to the multicast Data packets which are to be forwarded from the interface 5 1 4 show ip mcast This command displays the system wide multicast information Format no ip multicast Mode Global Config Default 1 Format ip multicast ttl threshold ttlvalue Mode Interface Config Format no ip multicast ttl...

Page 288: ...nterface Valid slot and port number separated by forward slashes Group Ip The group IP address Mask The group IP mask Format show ip mcast interface unit slot port Modes Privileged EXEC User EXEC Term Definition Interface Valid slot and port number separated by forward slashes TTL The time to live value for this interface Format show ip mcast mroute detail summary Modes Privileged EXEC User EXEC T...

Page 289: ...ddr The IP address of the destination of the multicast packet Protocol The multicast routing protocol by which the entry was created Incoming Interface The interface on which the packet for the source group arrives Outgoing Interface List The list of outgoing interfaces on which the packet is forwarded Format show ip mcast mroute group groupipaddr detail summary Modes Privileged EXEC User EXEC Ter...

Page 290: ... 1 to 31 5 2 2 1 no ip dvmrp metric This command resets the metric for an interface to the default value This value is used in the DVMRP messages as the cost to reach this network RPF Neighbor The IP address of the RPF neighbor Flags The flags associated with this entry Term Definition Source IP Addr The IP address of the multicast data source Group IP Addr The IP address of the destination of the...

Page 291: ... This command displays the system wide information for DVMRP Mode Interface Config Default disabled Format ip dvmrp trapflags Mode Global Config Format no ip dvmrp trapflags Mode Global Config Default disabled Format ip dvmrp Mode Interface Config Format no ip dvmrp Mode Interface Config Format show ip dvmrp Modes Privileged EXEC User EXEC Term Definition Admin Mode Indicates whether DVMRP is enab...

Page 292: ...erational or Non Operational Format show ip dvmrp interface unit slot port Modes Privileged EXEC User EXEC Term Definition Interface Mode Indicates whether DVMRP is enabled or disabled on the specified interface Metric The metric of this interface This is a configured value Local Address The IP address of the interface Term Definition Generation ID The Generation ID value for the interface This is...

Page 293: ...r of routes received from the neighbor Rcvd Bad Pkts The number of invalid packets received from this neighbor Rcvd Bad Routes The number of correct packets received with invalid routes Format show ip dvmrp nexthop Modes Privileged EXEC User EXEC Term Definition Source IP The sources for which this entry specifies a next hop on an outgoing interface Source Mask The IP Mask for the sources for whic...

Page 294: ...mode This command sets administrative mode of PIM DM on an interface to enabled Format show ip dvmrp route Modes Privileged EXEC User EXEC Term Definition Source Address The multicast address of the source group Source Mask The IP Mask for the source group Upstream Neighbor The IP address of the neighbor which is the source for the packets for a specified multicast address Interface The interface ...

Page 295: ... for PIM DM 5 3 5 show ip pimdm interface This command displays the interface information for PIM DM on the specified interface Format no ip pimdm Mode Interface Config Default 30 Format ip pimdm query interval seconds Mode Interface Config Format no ip pimdm query interval Mode Interface Config Format show ip pimdm Modes Privileged EXEC User EXEC Term Definition PIM DM Admin Mode Indicates whethe...

Page 296: ...n the specified interface PIM DM Interface Hello Interval The frequency at which PIM hello messages are transmitted on this interface By default the value is 30 seconds Format show ip pimdm interface stats unit slot port all Modes Privileged EXEC User EXEC Term Definition Interface Valid slot and port number separated by forward slashes IP Address The IP address that represents the PIM DM interfac...

Page 297: ... Mode Interface Config Default disabled Format ip pimsm bsr border Mode Interface Config Format no ip pimsm bsr border Mode Interface Config Default None Format ip pimsm bsr candidate interface slot port hash mask length priority Mode Global Config Parameters Description hash mask length Length of a mask 32 bits maximum that is to be ANDed with the group address before the hash function is called ...

Page 298: ...fault value 5 4 6 ip pimsm join prune interval This command is used to configure the interface join prune interval for the PIM SM router The join prune interval is specified in seconds This parameter can be configured to a value from 0 to 18000 5 4 6 1 no ip pimsm join prune interval Use this command to set the join prune interval to the default value Default 1 Format ip pimsm dr priority 0 214748...

Page 299: ...figured with this command prevails over the RP learned by BSR 5 4 8 1 no ip pimsm rp address This command is used to statically remove the RP address for one or more multicast groups 5 4 9 ip pimsm rp candidate This command is used to configure the router to advertise itself as a PIM candidate rendezvous point RP to the bootstrap router BSR 5 4 9 1 no ip pimsm rp candidate This command is used to ...

Page 300: ...rce Specific Multicast SSM range of IP multicast addresses 5 4 11 1 no ip pimsm ssm This command is used to disable the Source Specific Multicast SSM range 5 4 12 ip pim trapflags This command enables the PIM trap mode for both Sparse Mode SM and Dense Mode DM Mode Global Config Default 0 Format ip pimsm spt threshold 1 2000 Mode Global Config Format no ip pimsm spt threshold Mode Global Config De...

Page 301: ... shortest path Interface Valid slot and port number separated by forward slashes Interface Mode Indicates whether PIM SM is enabled or disabled on the interface Protocol State The current state of the PIM SM protocol on the interface Possible values are Operational or Non Operational Format show ip pimsm bsr Mode Privileged EXEC User EXEC Term Definition BSR Address IP address of the BSR Uptime Le...

Page 302: ... by forward slashes IP Address The IP address of the specified interface Subnet Mask The Subnet Mask for the IP address of the PIM interface Hello Interval secs The frequency at which PIM hello messages are transmitted on this interface By default the value is 30 seconds Join Prune Interval secs The join prune interval for the PIM SM router The interval is in seconds Neighbor Count The neighbor co...

Page 303: ... sets the administrative mode of IGMP in the system to active 5 5 1 1 no ip igmp This command sets the administrative mode of IGMP in the system to inactive 5 5 2 ip igmp version This command configures the version of IGMP for an interface The value for version is either 1 2 or 3 Format show ip pimsm rphash group address Modes Privileged EXEC User EXEC Term Definition RP The IP address of the RP f...

Page 304: ... The range for seconds is 0 to 255 tenths of a second 5 5 4 1 no ip igmp last member query interval This command resets the Maximum Response Time to the default value 5 5 5 ip igmp query interval This command configures the query interval for the specified interface The query interval determines how fast IGMP Host Query packets are transmitted on this interface The range for queryinterval is 1 to ...

Page 305: ...s interface to the default value The maximum response time interval is reset to the default time 5 5 7 ip igmp robustness This command configures the robustness that allows tuning of the interface The robustness is the tuning for the expected packet loss on a subnet If a subnet is expected to have a lot of loss the Robustness variable may be increased for the interface The range for robustness is ...

Page 306: ...command displays the registered multicast groups on the interface If detail is specified this command displays the registered multicast groups on the interface in detail Format ip igmp startup query count count Mode Interface Config Format no ip igmp startup query count Mode Interface Config Default 31 Format ip igmp startup query interval interval Mode Interface Config Format no ip igmp startup q...

Page 307: ...is interface Up Time The time elapsed since the entry was created for the specified multicast group address on this interface Expiry Time The amount of time remaining to remove this entry before it is aged out Version1 Host Timer The time remaining until the local router assumes that there are no longer any IGMP version 1 multicast members on the IP subnet attached to this interface This could be ...

Page 308: ... Format show ip igmp interface membership multiipaddr detail Mode Privileged EXEC Term Definition Interface Valid unit slot and port number separated by forward slashes Interface IP The IP address of the interface participating in the multicast group State The interface that has IGMP in Querier mode or Non Querier mode Group Compatibility Mode The group compatibility mode v1 v2 or v3 for the speci...

Page 309: ...erval for the IGMP Proxy router This command is valid only when you enable IGMP Proxy on the interface The value of interval can be 1 260 seconds Format show ip igmp interface stats unit slot port Modes Privileged EXEC User EXEC Term Definition Querier Status The status of the IGMP router whether it is running in Querier mode or Non Querier mode Querier IP Address The IP address of the IGMP Querie...

Page 310: ...rface Config Format show ip igmp proxy Modes Privileged EXEC User EXEC Term Definition Interface index The interface number of the IGMP Proxy Admin Mode States whether the IGMP Proxy is enabled or not This is a configured value Operational Mode States whether the IGMP Proxy is operationally enabled or not This is a status parameter Version The present IGMP host version that is operational on the p...

Page 311: ...xy interface Interface Index 0 1 Ver Query Rcvd Report Rcvd Report Sent Leave Rcvd Leave Sent 1 0 0 0 2 0 0 0 0 0 3 0 0 0 5 6 6 show ip igmp proxy groups This command displays information about the subscribed multicast groups that IGMP Proxy reported It displays a table of entries with the following as the fields of each column Format show ip igmp proxy interface Modes Privileged EXEC User EXEC Te...

Page 312: ...ter The IP address of host that last sent a membership report for the current group on the network attached to the IGMP Proxy interface upstream interface Up Time in secs The time elapsed since last created Member State The status of the entry Possible values are IDLE_MEMBER or DELAY_MEMBER IDLE_MEMBER interface has responded to the latest group membership query for this group DELAY_MEMBER interfa...

Page 313: ...27 4 4 4 5 5 5 48 00 02 21 DELAY_MEMBER Exclude 0 228 4 4 4 5 5 5 48 00 03 21 DELAY_MEMBER Include 3 Group Source List Expiry Time 9 1 2 3 00 03 21 6 1 2 3 00 03 21 7 1 2 3 00 03 21 Member State The status of the entry Possible values are IDLE_MEMBER or DELAY_MEMBER IDLE_MEMBER interface has responded to the latest group membership query for this group DELAY_MEMBER interface is going to send a gro...

Page 314: ...Multicast Commands CP6923 CP6923 CLI Reference Manual Page 5 30 ...

Page 315: ...Utility Commands Chapter 6 Page 6 1 CP6923 CLI Reference Manual CP6923 ...

Page 316: ...are implemented to manipulate the Software images and configurations of the CP6923 6 1 1 download initrd This command updates the system software It downloades a system image from URL 6 1 2 download ipmifw This command updates the IPMI firmware using a HPM 1 firmware image It downloads an IPMI firmware image from URL and flashes the IPMC The command is also used for updates of AMC see section belo...

Page 317: ...error the image in the first partition is used 6 1 6 startupslot This command configures the startup slot with the supplied values from the other slots It will also check the configuration for consistency and flag any errors The slot number slotnumber ranges from 1 9 6 1 7 startupslot activate This command sets the startup slot to active and will use this in all subsequent reboots Using once at th...

Page 318: ...ad from the backplane through the SGA pins as defined by the CPCI standard The GA geographical address is read via IPMI BMC info command The commands allow to set default mapping if no other mapping is active a mapping of SGA GA to startupslot number For the SGA address and the slot number the following values are allowed SGA number 0 31 slot number F 1 99 6 1 9 1 no startupslot sga The command no...

Page 319: ... activated an error message displays 6 2 2 boot system This command activates the specified image It will be the active image for subsequent reboots and will be loaded by the boot loader The current active image is marked as the backup image for subsequent reboots 6 2 3 show bootvar This command displays the version information and the activation status for the current active and backup images The...

Page 320: ...ue types are 6 3 3 set board device id This command sets the device ID for the board The device ID is used in the management device locator sensor show boardinfo sensors 6 3 4 set board ipmb redundant This command enables or disables the IPMB redundant mode Mode Privileged EXEC Format set board bootcycle none event pwr down interval cycles Mode Priviledged EXEC Format set board sensor threshold re...

Page 321: ...entury Year seconds 6 4 System Information and Statistics Commands This section describes the commands you use to view information about system features components and configurations 6 4 1 show arp switch This command displays the contents of the IP stack s Address Resolution Protocol ARP table The IP stack only learns ARP entries associated with the management interfaces network or service ports ...

Page 322: ...ine The line number of the event Task Id The task ID of the event Code The event code Time The time this event occurred Note Event log information is retained across a switch reset Note The show version command and the show hardware command display the same information In future releases of the software the show hardware command will not be available For a description of the command output see the...

Page 323: ...rt switchport Mode Privileged EXEC Parameters Definition Packets Received Without Error The total number of packets including broadcast packets and multicast packets received by the processor Packets Received With Error The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Broadcast Packets Received The total number of packets receive...

Page 324: ...address including those that were discarded or not sent Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors Address Entries Currently In Use The total number of Forwarding Database Address Table entries now active on the switch including learned and static entries VLAN Entries Currently In Use The number of VLAN entries presently occupying the VLAN...

Page 325: ...CP6923 Utility Commands Page 6 11 CP6923 CLI Reference Manual When you specify a value for slot port the command displays the following information ...

Page 326: ...e otherwise well formed Packets RX and TX 64 Octets The total number of packets including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets Packets RX and TX 65 127 Octets The total number of packets including bad packets received and transmitted that were between 65 and 127 octets in length inclusive excluding framing bits but inclu...

Page 327: ...ength excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with a non integral number of octets Rx FCS Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with an integral number of octets ...

Page 328: ...lly Total The number of frames that have been transmitted by this port to its segment Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a Multicast...

Page 329: ...his authenticator EAPOL Frames Transmitted The number of EAPOL frames of any type that have been transmitted by this authenticator Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this port were last cleared Term Definition Octets Received The total number of octets of data received by the processor excluding framing bits but including FC...

Page 330: ...r protocol A possible reason for discarding a packet could be to free up buffer space Most Address Entries Ever Used The highest number of Forwarding Database Address Table entries that have been learned by this switch since the most recent reboot Address Entries in Use The number of Learned and static entries in the Forwarding Database Address Table for this switch Maximum VLAN Entries The maximu...

Page 331: ...ffic and is currently in use Management The value of the corresponding instance system MAC address is also the value of an existing instance of dot1dStaticAddress It is identified with interface 0 1 and is currently used when enabling VLANs for routing Self The value of the corresponding instance is the address of one of the switch s physical interfaces the system s own MAC address GMRP Learned Th...

Page 332: ...the show running config command output This is true for any configuration mode that contains nothing but default configuration That is the command to enter a particular config mode followed immediately by its exit command are both omitted from the show running config command output and hence from the startup config file when the system configuration is saved Format show running config all scriptna...

Page 333: ... length Use this command to set the terminal length to the default value 6 4 12 show terminal length Use this command to display the value of the user configured terminal length size 6 4 13 show boardinfo post status This command displays the system power on self test status 6 4 14 show boardinfo sensors This command displays the current sensor readings It can either display a compressed list of a...

Page 334: ...licable Version information included Board name Base board serial number and part number Basic product identification product number IPMC firmware version FWUM firmware version System U boot version System kernel version FASTPATH version CPLD revision PCB revision Base board broadcom silicon revision Processor CPU type Processor clock Flash size Hardware write protection of non volatile memories N...

Page 335: ...lated information 6 4 20 show boardinfo ipmb This command shows the IPMB redundant mode setting 6 4 21 show boardinfo ipmidev This command displays the IPMI device information This consists of Firmware Revision IPMI version Manufacturer and Product ID 6 4 22 show boardinfo time This command displays the current date and time Format show boardinfo address Mode Priviledged EXEC Format show boardinfo...

Page 336: ...27 show boardinfo cpu load This command displays the CPU load It shows the total time the user time the system time and the idle time in current interval 30 seconds interval and 5 minutes interval All times are reported in percent 6 4 28 show boardinfo memory usage This command displays the memory usage It shows malloc and kernel statistics as well as system memory usage statistics Format show boa...

Page 337: ...y logging when the log file reaches full capacity Otherwise when the log file reaches full capacity logging stops 6 5 2 1 no logging buffered wrap This command disables wrapping of in memory logging and configures logging to stop when the log file capacity is full 6 5 3 logging cli command This command enables the CLI command logging feature which enables the FASTPATH software to log all CLI comma...

Page 338: ...indicates the type of address ipv4 or ipv6 or dns being passed The port value is a port number from 1 to 65535 You can specify the severitylevel value as either an integer from 0 to 7 or symbolically through one of the following keywords emergency 0 alert 1 critical 2 error 3 warning 4 notice 5 info 6 or debug 7 6 5 6 logging host remove This command disables logging to host See 6 5 11 show loggin...

Page 339: ...tion Default 514 Format logging port portid Mode Global Config Format no logging port Mode Global Config Default disabled Format logging syslog port portid Mode Global Config Format no logging syslog Mode Global Config Format show logging Mode Privileged EXEC Term Definition Logging Client Local Port Port on the collector relay to which syslog messages are sent CLI Command Logging Shows whether CL...

Page 340: ...EC Term Definition Buffered In Memory Logging Shows whether the In Memory log is enabled or disabled Buffered Logging Wrapping Behavior The behavior of the In Memory log when faced with a log full situation Buffered Log Count The count of valid entries in the buffered log Format show logging hosts Mode Privileged EXEC Term Definition Host Index Used for deleting hosts IP Address Hostname IP addres...

Page 341: ... Commands This section describes the commands you use to help troubleshoot connectivity issues and to restore various configurations to their factory defaults Term Definition Number of Traps Since Last Reset The number of traps since the last boot Trap Log Capacity The number of traps the system can retain Number of Traps Since Log Last Viewed The number of new traps since the command was last exe...

Page 342: ...s port 33434 maxTtl 30 hops maxFail 5 probes initTtl 1 hop Format traceroute ipaddr hostname initTtl initTtl maxTtl maxTtl maxFail maxFail interval interval count count port port size size Mode Privileged EXEC Parameter Description ipaddr hostname The ipaddr value should be a valid IP address The hostname value should be a valid hostname initTtl Use initTtl to specify the initial time to live TTL ...

Page 343: ...er y you automatically reset the current configuration on the switch to the default values It does not reset the switch 6 6 3 clear counters This command clears the statistics for a specified slot port for all the ports or for the entire switch based upon the argument 6 6 4 clear errcounter This command clears the counters for critical major and minor errors 6 6 5 clear igmpsnooping This command c...

Page 344: ...enable passwd encrypted password This command allows the administrator to transfer the enable password between devices without having to know the password The password parameter must be exactly 128 hexadecimal characters 6 6 12 logout This command closes the current telnet connection or resets the current serial connection Format clear port channel Mode Privileged EXEC Format clear traplog Mode Pr...

Page 345: ...H Routing ping 192 168 254 222 count 3 interval 1 size 255 Pinging 192 168 254 222 with 255 bytes of data Received Response Unreachable Destination Received Response Unreachable Destination Received Response Unreachable Destination 192 168 254 222 PING statistics 3 packets transmitted 3 packets received 0 packet loss round trip msec min avg max 0 0 0 In Case Of Request TimedOut Broadcom FASTPATH R...

Page 346: ...mmand is used to initiate a switch management restart via reset of the system The reload fast command will just do a clear config and will then re apply the startup config file 6 6 17 copy The copy command uploads and downloads files to and from the switch You can also use the copy command to manage the dual images image1 and image2 on the file system Upload and download files from a server by usi...

Page 347: ...settings nvram current settings Copies factory settings file to current settings file nvram factory config nvram current config Copies factory configuration file to current configuration file nvram fastpath cfg url Uploads the binary config file to a specified URL nvram log url Copies the log file to a server nvram script scriptname url Copies a specified configuration script file to a server nvra...

Page 348: ... from a specified URL url nvram sshkey dsa Downloads an SSH key file For more information see 7 4 Secure Shell SSH Commands on page 7 11 url nvram sshkey rsa1 Downloads an SSH key file url nvram sshkey rsa2 Downloads an SSH key file url nvram settings Downloads the file containing current settings to the system url nvram startup config slot 1 99 Downloads the startup configuration file to the syst...

Page 349: ...ommands you use to automatically configure the system time and date by using SNTP 6 7 1 sntp broadcast client poll interval This command sets the poll interval for SNTP broadcast clients in seconds as a power of two where poll interval can be a value from 6 to 16 6 7 1 1 no sntp broadcast client poll interval This command resets the poll interval for SNTP broadcast client back to the default value...

Page 350: ... command resets the SNTP client port back to its default value 6 7 4 sntp unicast client poll interval This command sets the poll interval for SNTP unicast clients in seconds as a power of two where poll interval can be a value from 6 to 16 6 7 4 1 no sntp unicast client poll interval This command resets the poll interval for SNTP unicast clients to its default value Default disabled Format sntp c...

Page 351: ...7 sntp server This command configures an SNTP server a maximum of three The optional priority can be a value of 1 3 the version a value of 1 4 and the port id a value of 1 65535 6 7 7 1 no sntp server This command deletes an server from the configured SNTP servers 6 7 8 show sntp This command is used to display SNTP settings and status Default 5 Format sntp unicast client poll timeout poll timeout...

Page 352: ...urrent number of unsolicited multicast messages that have been received and processed by the SNTP client since last reboot Format show sntp client Mode Privileged EXEC Term Definition Client Supported Modes Supported SNTP Modes Broadcast or Unicast SNTP Version The highest SNTP version the client supports Port SNTP Client Port Client Mode Configured SNTP Client Mode Format show sntp server Mode Pr...

Page 353: ... 1 1 no ip dhcp pool This command removes the DHCP address pool The name should be previously configured pool name Term Definition IP Address Hostname IP address or hostname of configured SNTP Server Address Type Address Type of configured SNTP server Priority IP priority type of the configured server Version SNTP Version number of the server The protocol version used to query the server in unicas...

Page 354: ...mbers for a list of media type codes 6 8 2 1 no client identifier This command deletes the client identifier 6 8 3 client name This command specifies the name for a DHCP client Name is a string consisting of standard ASCII characters 6 8 3 1 no client name This command removes the client name 6 8 4 default router This command specifies the default router list for a DHCP client address1 address2 ad...

Page 355: ...tes the protocol of the hardware platform It is 1 for 10 MB Ethernet and 6 for IEEE 802 6 8 6 1 no hardware address This command removes the hardware address of the DHCP client 6 8 7 host This command specifies the IP address and network mask for a manual binding to a DHCP client Address and Mask are valid IP addresses each made up of four decimal bytes ranging from 0 to 255 IP address 0 0 0 0 is ...

Page 356: ...Use this command to configure the subnet number and mask for a DHCP address pool on the server Network number is a valid IP address made up of four decimal bytes ranging from 0 to 255 IP address 0 0 0 0 is invalid Mask is the IP subnet mask for the specified address pool The prefix length is an integer from 0 to 32 6 8 9 1 no network This command removes the subnet number and mask 6 8 10 bootfile ...

Page 357: ...mmand line Servers are listed in order of preference address1 is the most preferred server address2 is the next most preferred server and so on 6 8 12 1 no netbios name server This command removes the NetBIOS name server list 6 8 13 netbios node type The command configures the NetBIOS node type for Microsoft Dynamic Host Configuration Protocol DHCP clients type Specifies the NetBIOS node type Vali...

Page 358: ...ter strings that contain white space must be delimited by quotation marks The hex string parameter specifies hexadecimal data In hexadecimal character strings are two hexadecimal digits You can separate each byte by a period for example a3 4f 22 0c colon for example a3 4f 22 0c or white space for example a3 4f 22 0c 6 8 15 1 no option This command removes the DHCP Server options The code parameter...

Page 359: ...P server sends to a pool address as part of a ping operation By default the number of packets sent to a pool address is 2 which is the smallest allowed number when sending packets Setting the number of packets to 0 disables this command 6 8 17 1 no ip dhcp ping packets This command prevents the server from pinging pool addresses and sets the number of packets to 0 6 8 18 service dhcp This command ...

Page 360: ...er 6 8 21 clear ip dhcp binding This command deletes an automatic address binding from the DHCP server database If is specified the bindings corresponding to all the addresses are deleted address is a valid IP address made up of four decimal bytes ranging from 0 to 255 IP address 0 0 0 0 is invalid 6 8 22 clear ip dhcp server statistics This command clears DHCP server statistics counters Default d...

Page 361: ...pool configuration If all is specified configuration for all the pools is displayed Default none Format clear ip dhcp conflict address Mode Privileged EXEC Format show ip dhcp binding address Modes Privileged EXEC User EXEC Term Definition IP address The IP address of the client Hardware Address The MAC Address or the client identifier Lease expiration The lease expiration time of the IP address a...

Page 362: ...ifier of a DHCP client Hardware Address The hardware address of a DHCP client Hardware Address Type The protocol of the hardware platform Host The IP address and the mask for a manual binding to a DHCP client Format show ip dhcp server statistics Modes Privileged EXEC User EXEC Field Definition Automatic Bindings The number of IP addresses that have been automatically mapped to the MAC addresses o...

Page 363: ...lient 6 9 2 ip domain name Use this command to define a default domain name that FASTPATH software uses to complete unqualified host names names with a domain name By default no default domain name is configured in the system name may Message Definition DHCP OFFER The number of DHCPOFFER messages the server sent DHCP ACK The number of DHCPACK messages the server sent DHCP NACK The number of DHCPNA...

Page 364: ...n initial period The default domain name configured using the ip domain name command is used only when the default domain name list is empty A maximum of 32 names can be entered in to this list 6 9 3 1 no ip domain list Use this command to delete a name from a list 6 9 4 ip name server Use this command to configure the available name servers Up to eight servers can be defined in one command or by ...

Page 365: ...s from 0 to 100 6 9 6 1 no ip domain retry Use this command to return to the default 6 9 7 ip domain timeout Use this command to specify the amount of time to wait for a response to a DNS query The parameter seconds specifies the time in seconds to wait for a response to a DNS query seconds ranges from 0 to 3600 6 9 7 1 no ip domain timeout Use this command to return to the default setting Mode Gl...

Page 366: ...oo com Stanford edu rediff com Domain Name lookup Enabled Number of retries 5 Retry timeout period 1500 Name servers Preference order 176 16 1 18 176 16 1 19 Configured host name to address mapping Host Addresses Mode Global Config Format clear host name all Mode Privileged EXEC Field Description name A particular host entry to remove name ranges from 1 255 characters all Removes all entries Forma...

Page 367: ...rithm The command allows the user to select the hash algorithm used for distribution of unicast traffic This includes all unicast ethernet traffic that is targeted at MAC addresses that have previously learned This explicitely excludes flooded traffic e g unknown destination MAC address broadcast traffic etc Traffic distribution may be based on MAC address source address sa destination address da ...

Page 368: ...packet with unregistered multicast address should be flooded or not yes no 6 10 7 multicast VLAN This command configures the VLAN based multicast handling The command defines the handling for VLAN based unregistered multicast addresses The default handling in FASTPATH is that such packets are flooded argument default The user can change the behaviour that such packets are dropped argument none The...

Page 369: ...proxy report interfacemode This command disables sending of IGMP reports to the specified interface 6 11 Serviceability Packet Tracing Commands These commands improve the capability of network engineers to diagnose conditions affecting their FASTPATH product 6 11 1 debug arp Use this command to enable ARP debug protocol messages 6 11 1 1 no debug arp Use this command to disable ARP debug protocol ...

Page 370: ...put of debug trace commands will appear on all login sessions for which debug console has been enabled The configuration of this command remains in effect for the life of the login session The effect of this command is not persistent across resets 6 11 4 1 no debug console This command disables the display of debug trace output on the login session in which it is executed 6 11 5 debug dot1x packet...

Page 371: ...8 Pkt TX Intf 1 0 20 20 Vlan_Id 1 Src_Mac 00 03 0e 00 00 00 Dest_Mac 01 00 5e 00 00 01 Src_IP 9 1 1 1 Dest_IP 225 0 0 1 Type V2_Membership_Report Group 225 0 0 1 The following parameters are displayed in the trace message Mode Privileged EXEC Format no debug dot1x Mode Privileged EXEC Default disabled Format debug igmpsnooping packet Mode Privileged EXEC Format no debug igmpsnooping packet Mode Pr...

Page 372: ...rt IGMP Version 2 Membership Report V3_Membership_Report IGMP Version 3 Membership Report V2_Leave_Group IGMP Version 2 Leave Group Group Multicast group address in the IGMP header Format no debug igmpsnooping transmit Mode Privileged EXEC Default disabled Format debug igmpsnooping packet receive Mode Privileged EXEC Parameter Definition RX A packet received by the device Intf The interface that t...

Page 373: ... is displayed on the console 6 11 9 2 no debug ip dvmrp packet Use this command to disable debug tracing of DVMRP packet reception and transmission 6 11 10 debug ip igmp packet Use this command to trace IGMP packet reception and transmission receive traces only received IGMP packets and transmit traces only transmitted IGMP packets When neither keyword is used in the command then all IGMP packet t...

Page 374: ...imdm packet Use this command to trace PIMDM packet reception and transmission receive traces only received PIMDM packets and transmit traces only transmitted PIMDM packets When neither keyword is used in the command then all PIMDM packet traces are dumped Vital information such as source address destination address control packet type packet length and the interface on which the packet is received...

Page 375: ... reception and transmission 6 11 14 debug ip vrrp Use this command to enable VRRP debug protocol messages 6 11 14 1 no debug ip vrrp Use this command to disable VRRP debug protocol messages 6 11 15 debug lacp packet This command enables tracing of LACP packets received and transmitted by the switch A sample output of the trace message is shown below 15 JAN 01 14 04 51 10 254 24 31 1 DOT3AD 1836977...

Page 376: ...le outputs of the trace messages are shown below 15 JAN 02 11 03 31 10 50 50 1 2 OSPF 46300472 ospf_debug c 297 25430 Pkt RX Intf 2 0 48 Src Ip 192 168 50 2 DestIp 224 0 0 5 AreaId 0 0 0 0 Type HELLO NetMask 255 255 255 0 D esigRouter 0 0 0 0 Backup 0 0 0 0 15 JAN 02 11 03 35 10 50 50 1 2 OSPF 46300472 ospf_debug c 293 25431 Pkt TX Intf 2 0 48 Src Ip 10 50 50 1 DestIp 192 168 50 2 AreaId 0 0 0 0 T...

Page 377: ...cket came in or went out on Format used is unit slot port internal interface number SrcIp The source IP address in the IP header of the packet DestIp The destination IP address in the IP header of the packet AreaId The area ID in the OSPF header of the packet Type Could be one of the following HELLO Hello packet DB_DSCR Database descriptor LS_REQ LS Request LS_UPD LS Update LS_ACK LS Acknowledge P...

Page 378: ...8 sim_debug c 82 21 Pkt RX Intf 1 0 1 1 S RC_IP 10 50 50 1 DEST_IP 10 50 50 2 Type ECHO_REPLY The following parameters are displayed in the trace message Field Definition Length Length of packet Field Definition Length Length of packet Format no debug ospf packet Mode Privileged EXEC Default disabled Format debug ping packet Mode Privileged EXEC Parameter Definition TX RX TX refers to a packet tra...

Page 379: ...cing of RIP requests and responses Format no debug ping packet Mode Privileged EXEC Default disabled Format debug rip packet Mode Privileged EXEC Parameter Definition TX RX TX refers to a packet transmitted by the device RX refers to packets received by the device Intf The interface that the packet came in or went out on Format used is unit slot port internal interface number Unit is always shown ...

Page 380: ...DUs received by the switch Spanning tree should be enabled on the device and on the interface in order to monitor packets for a particular interface A sample output of the trace message is shown below 15 JAN 01 01 02 04 192 168 17 29 1 DOT1S 191096896 dot1s_debug c 1249 101 Pkt RX Intf 1 0 9 9 Source_Mac 00 11 88 4e c2 10 Version 3 Root Mac 00 11 88 4e c2 00 Root Priority 0x8000 Path Cost 0 Mode P...

Page 381: ...ber Unit is always shown as 1 for interfaces on a non stacking device Source_Mac Source MAC address of the packet Version Spanning tree protocol version 0 3 0 refers to STP 2 RSTP and 3 MSTP Root_Mac MAC address of the CIST root bridge Root_Priority Priority of the CIST root bridge The value is between 0 and 61440 It is displayed in hex in multiples of 4096 Path_Cost External root path cost compon...

Page 382: ...selected port 6 12 1 cablestatus This command returns the status of the specified port Format no debug spanning tree bpdu transmit Mode Privileged EXEC Default Disable Format logging persistent severity level Mode Global Config Format no logging persistent Mode Global Config Note The cable test feature is supported only for copper cable It is not supported for optical fiber cable If the port has a...

Page 383: ...eceiver the entity making use of this sFlowRcvrTable entry The range is 127 characters The default is a null string The empty string indicates that the entry is currently unclaimed and the receiver configuration is reset to the default values An entity wishing to claim an sFlowRcvrTable entry must ensure that the entry is unclaimed before trying to claim it The entry is claimed by setting the owne...

Page 384: ...he receiver will also expire Possible values are 1 8 The default is 0 Maxheadersize The maximum number of bytes that should be copied from the sampler packet The range is 20 256 The default is 128 When set to zero 0 all the sampler parameters are set to their corresponding default value Sampling Rate The statistical sampling rate for packet sampling from this source A sampling rate of 1 counts all...

Page 385: ... Format no sflow poller rcvr indx interval poll interval Mode Interface Config Format show sflow agent Mode Privileged EXEC Field Description sFlow Version Uniquely identifies the version and implementation of this MIB The version string must have the following structure MIB Version Organization Software Revision where MIB Version 1 3 the version of this MIB Organization Broadcom Corp Revision 1 0...

Page 386: ...mples to sFlow receiver Max Datagram Size The maximum number of bytes that can be sent in a single sFlow datagram Port The destination Layer4 UDP port for sFlow datagrams IP Address The sFlow receiver IP address Address Type The sFlow receiver IP address type For an IPv4 address the value is 1 and for an IPv6 address the value is 2 Datagram Version The sFlow protocol version to be used while sendi...

Page 387: ...Management Commands Chapter 1 7 Page 7 1 CP6923 CLI Reference Manual CP6923 ...

Page 388: ...7 40 7 1 Network Interface Commands This section describes the commands you use to configure a logical interface for management access To configure the management VLAN see 2 3 2 network mgmt_vlan on page 2 20 7 1 1 enable Privileged EXEC access This command gives you access to the Privileged EXEC mode From the Privileged EXEC mode you can configure the network interface 7 1 2 serviceport ip This c...

Page 389: ...tp parameter the switch periodically sends requests to a BootP server until a response is received If you use the dhcp parameter the switch periodically sends requests to a DHCP server until a response is received If you use the none parameter you must configure the network information for the switch manually 7 1 6 network mac address This command sets locally administered MAC addresses The follow...

Page 390: ... 0 0 0 Default Gateway The default gateway for this IP interface The factory default value is 0 0 0 0 IPv6 Administrative Mode Whether enabled or disabled IPv6 Address Length The IPv6 address and length IPv6 Default Router The IPv6 default router address Burned In MAC Address The burned in MAC address used for in band connectivity Locally Administered MAC Address If desired a locally administered ...

Page 391: ...Protocol Current None Burned In MAC Address 00 10 18 82 03 38 7 2 Console Port Access Commands This section describes the commands you use to configure the console port You can use a serial cable to connect a management host directly to the console port of the switch Network Configuration Protocol Current The network protocol being used The options are bootp dhcp none Format show serviceport Mode ...

Page 392: ...ported rates are 1200 2400 4800 9600 19200 38400 57600 115200 7 2 3 1 no serial baudrate This command sets the communication rate of the terminal interface 7 2 4 serial timeout This command specifies the maximum connect time in minutes without console activity A value of 0 indicates that a console can be connected indefinitely The time range is 0 to 160 7 2 4 1 no serial timeout This command sets ...

Page 393: ... of 0 to 65535 where the default value is 23 If debug is used the current Telnet options enabled is displayed The optional line parameter Format show serial Modes Privileged EXEC User EXEC Term Definition Serial Port Login Timeout minutes The time in minutes of inactivity on a Serial port connection after which the Switch will close the connection Any numeric value between 0 and 160 is allowed the...

Page 394: ...et connections If enabled new outbound Telnet sessions can be established until the system reaches the maximum number of simultaneous outbound Telnet sessions allowed An established session remains active until the session is ended or an abnormal network error ends it 7 3 4 1 no transport output telnet Use this command to prevent new outbound Telnet connection from being established Format telnet ...

Page 395: ...ssion timeout value to the default The timeout value unit of time is minutes 7 3 7 telnetcon maxsessions This command specifies the maximum number of Telnet connection sessions that can be established A value of 0 indicates that no Telnet connection can be established The range is 0 5 7 3 7 1 no telnetcon maxsessions This command sets the maximum number of Telnet connection sessions that can be es...

Page 396: ...e switch Note When you change the timeout value the new value is applied to all active and inactive sessions immediately Any sessions that have been idle longer than the new timeout value are disconnected immediately Default 5 Format telnetcon timeout 1 160 Mode Privileged EXEC Note Changing the timeout value for active sessions does not become effective until the session is reaccessed Also any ke...

Page 397: ... command disables the IP secure shell server Term Definition Remote Connection Login Timeout minutes This object indicates the number of minutes a remote connection session is allowed to remain inactive before being logged off May be specified as a number from 1 to 160 The factory default is 5 Maximum Number of Remote Connection Sessions This object indicates the number of simultaneous remote conn...

Page 398: ...lue from 1 to 160 Changing the timeout value for active sessions does not become effective until the session is re accessed Also any keystroke activates the new timeout duration 7 4 5 1 no sshcon timeout This command sets the SSH connection session timeout value in minutes to the default Changing the timeout value for active sessions does not become effective until the session is re accessed Also ...

Page 399: ... key files will overwrite any existing generated or downloaded RSA key files 7 5 2 1 no crypto key generate rsa Use this command to delete the RSA key files from the device Term Definition Administrative Mode This field indicates whether the administrative mode of SSH is enabled or disabled Protocol Level The protocol level may have the values of version 1 version 2 or both versions 1 and version ...

Page 400: ...ion id to specify the session ID to close To view the possible values for session id use the show loginsession command 7 6 2 show loginsession This command displays current Telnet and serial port connections to the switch Format crypto key generate dsa Mode Global Config Format no crypto key generate dsa Mode Global Config Format disconnect session_id all Mode Privileged EXEC Format show loginsess...

Page 401: ...Use this command to change a password Passwords are a maximum of 64 alphanumeric characters If a user is authorized for authentication or encryption is enabled the password length must be at least eight alphanumeric characters The password is case sensitive When you change a password a prompt asks for the old password If Note You cannot delete the admin user There is only one user allowed with rea...

Page 402: ... parameter must be exactly 128 hexidecimal characters The user represented by the username parameter must be a pre existing local user 7 7 6 users snmpv3 accessmode This command specifies the snmpv3 access privileges for the specified login user The valid accessmode values are readonly or readwrite The username is the login user name for which the specified access mode applies The default is readw...

Page 403: ... The username is the user name for which the specified authentication protocol is used 7 7 8 users snmpv3 encryption This command specifies the encryption protocol used for the specified user The valid encryption protocols are des or none If you select des you can specify the required key on the command line The encryption key must be 8 to 64 characters long If you select the des protocol but do n...

Page 404: ...ge parameters on the switch Read Write or is only able to view them Read Only As a factory default the admin user has Read Write access and the guest has Read Only access There can only be one Read Write user and up to five Read Only users SNMPv3 Access Mode The SNMPv3 Access Mode If the value is set to ReadWrite the SNMPv3 user is able to set and retrieve parameters on the system If the value is ...

Page 405: ...s his or her password the user will not be able to reuse any password stored in password history This ensures that users don t reuse their passwords often The valid range is 0 10 7 7 13 1 no passwords history Use this command to set the password history to the default value 7 7 14 passwords aging Use this command to implement aging on passwords for local users When a user s password expires the us...

Page 406: ...command to set the password lock out count to the default value 7 7 16 show passwords configuration Use this command to display the configured password management settings 7 7 17 write memory Use this command to save running configuration changes to NVRAM so that the changes you make will persist across a reboot This command is the same as copy system running config nvram startup config Format no ...

Page 407: ...o be deleted 7 8 3 snmp server community ipaddr This command sets a client IP address for an SNMP community The address is the associated community SNMP packet sending address and is used along with the client IP mask value to denote a range of IP addresses from which SNMP clients may use that community to access the device A value of 0 0 0 0 allows access from any IP address Otherwise this value ...

Page 408: ...e may be up to 16 alphanumeric characters 7 8 5 snmp server community mode This command activates an SNMP community If a community is enabled an SNMP manager associated with this community manages the switch according to its access right If the community is disabled no SNMP requests using this community are accepted In this case the SNMP manager associated with this community cannot manage the swi...

Page 409: ...o snmp server enable traps violation This command disables the sending of new violation traps 7 8 8 snmp server enable traps This command enables the Authentication Flag 7 8 8 1 no snmp server enable traps This command disables the Authentication Flag Format snmp server community ro name Mode Global Config Format snmp server community rw name Mode Global Config Note For other port security command...

Page 410: ...inal interface session 7 8 10 1 no snmp server enable traps multiusers This command disables Multiple User traps 7 8 11 snmp server enable traps stpmode This command enables the sending of new root traps and topology change notification traps 7 8 11 1 no snmp server enable traps stpmode This command disables the sending of new root traps and topology change notification traps Note This command may...

Page 411: ... community name The maximum length of name is 16 case sensitive alphanumeric characters Note The name parameter does not need to be unique however the name and ipaddr pair must be unique Multiple entries can exist with the same name as long as they are associated with a different ipaddr The reverse scenario is also acceptable The name is the community name used when sending the trap to the receive...

Page 412: ...sables link status traps by interface 7 8 17 snmp trap link status all This command enables link status traps for all interfaces Format snmptrap mode name ipaddr Mode Global Config Format no snmptrap mode name ipaddr Mode Global Config Note This command is valid only when the Link Up Down Flag is enabled See snmp server enable traps linkmode on page 7 24 Format snmp trap link status Mode Interface...

Page 413: ...Format no snmp trap link status all Mode Global Config Format show snmpcommunity Mode Privileged EXEC Term Definition SNMP Community Name The community string to which this entry grants access A valid entry is a case sensitive alphanumeric string of up to 16 characters Each row of this table must contain a unique community name Client IP Address An IP address or portion thereof from which this dev...

Page 414: ...ddress The IPv6 address to receive SNMP traps from this device SNMP Version SNMPv2 Mode The receiver s status enabled or disabled Format show trapflags Mode Privileged EXEC Term Definition Authentication Flag Can be enabled or disabled The factory default is enabled Indicates whether authentication failure traps will be sent Link Up Down Flag Can be enabled or disabled The factory default is enabl...

Page 415: ... algorithm is not unique Default is the RFC 3411 related algorithm with MAC address mac A new configured algorithm will become effective not before the system has been rebooted because the Snmp Engine ID is used also to encrypt the community and user passwords Therefore the user have to save the configuration and reboot the system to activate the new algorithm 7 8 24 show snmp engine id This comma...

Page 416: ...the RADIUS accounting function is disabled 7 9 3 radius server attribute 4 Use this command to set the NAS IP address for the radius server 7 9 3 1 no radius server attribute 4 Use this command to reset the NAS IP address for the radius server Default disable Format authorization network radius Mode Global Config Format no authorization network radius Mode Global Config Default disabled Format rad...

Page 417: ...1 65535 with 1813 being the default 7 9 4 1 no radius server host This command is used to remove the configured RADIUS authentication server or the RADIUS accounting server If the auth token is used the previously configured RADIUS authentication server is removed from the configuration Similarly if the acct token is used the previously configured RADIUS accounting server is removed from the confi...

Page 418: ...ou can configure up to three servers on each client Only one of these servers can be configured as the primary If a primary server is already configured prior to this command being executed the server specified by the IP address or hostname specified used in this command will become the new primary server The IP address or hostname must match that of a previously configured RADIUS authentication s...

Page 419: ...ADIUS configuration items are displayed If you use the servers keyword the following information displays Format no radius server retransmit Mode Global Config Default 5 Format radius server timeout seconds Mode Global Config Format no radius server timeout Mode Global Config Format show radius servers Mode Privileged EXEC Term Definition Primary Server IP Address or Hostname The configured server...

Page 420: ...he configured RADIUS accounting server Round Trip Time The time interval in hundredths of a second between the most recent Accounting Response and the Accounting Request that matched it from the RADIUS accounting server Requests The number of RADIUS Accounting Request packets sent to this accounting server This number does not include retransmissions Retransmission The number of RADIUS Accounting ...

Page 421: ...he most recent Access Reply Access Challenge and the Access Request that matched it from the RADIUS authentication server Access Requests The number of RADIUS Access Request packets sent to this server This number does not include retransmissions Access Retransmission The number of RADIUS Access Request packets retransmitted to this RADIUS authentication server Access Accepts The number of RADIUS ...

Page 422: ... TACACS server s secrets in encrypted and non encrypted format When you save the configuration these secret keys are stored in encrypted format only If you want to enter the key in encrypted format enter the key along with the encrypted keyword In the show running config command s display these secret keys are displayed in encrypted format You cannot show these keys in plain text format 7 10 2 1 n...

Page 423: ...nfig command s display these secret keys are displayed in encrypted format You cannot show these keys in plain text format 7 10 5 port Use the port command in TACACS Configuration mode to specify a server port number The server port number range is 0 65535 7 10 6 priority Use the priority command in TACACS Configuration mode to specify the order in which servers are used where 0 zero is the highes...

Page 424: ...A maximum of ten scripts are allowed on the switch The combined size of all script files on the switch shall not exceed 2048 KB The maximum number of configuration file command lines is 2000 You can type single line annotations at the command prompt to use when you write test or configuration scripts to improve script readability The exclamation point character flags the beginning of a comment The...

Page 425: ...ilable space 7 11 4 script show This command displays the contents of a script file which is named scriptname Note To specify a blank password for a user in the configuration script you must specify it as a space within quotes For example to change the password for user jane from a blank password to hello the script entry is as follows users passwd jane hello hello Format script apply scriptname M...

Page 426: ...e up to 64 alphanumeric characters 7 13 Watchdog support commands The PM based hardware watchdog supervises board operation There are 4 distinct stages in the lifecycle of the system where different watchdog timers and actions are used All watchdog parameters are stored in the bootloader environment All times are in seconds All watchdog events will power cycle the board when the watchdog expires B...

Page 427: ...tchdog settings It displays the values or string disabled of different watchdog during BIST during loading of kernel and INITRD during startup of switching application and during normal execution of switching application and the heartbeat of the fpmux application Default disabled 0 Format set watchdog bist 0 30 6000 set watchdog osloader 0 120 6000 set watchdog init 0 60 6000 set watchdog applicat...

Page 428: ...Management Commands CP6923 CP6923 CLI Reference Manual Page 7 42 ...

Page 429: ...CP6923 Page A 1 CP6923 CLI Reference Manual Getting Help Appendix A ...

Page 430: ...Tel 450 437 5682 Tel 49 0 8341 803 xxx Fax 450 437 8053 Fax 49 0 8341 803 xxx If you have any questions about Kontron our products or services visit our Web site at www kontron com You also can contact us by E mail at North America support ca kontron com EMEA support kontron modular com Or at the following address North America EMEA Kontron Canada Inc Kontron Modular Computers GmbH 4555 Ambroise L...

Page 431: ...blem to a service technician 3 The technician will instruct you on the return procedure if the problem cannot be solved over the telephone 4 Make sure you receive an RMA from our Technical Support before returning any mer chandise Fax 1 Make a copy of the request form on the following page 2 Fill it out 3 Fax it to us at North America 450 437 0304 EMEA 49 0 8341 803 xxx E mail 1 Send us an e mail ...

Page 432: ... include all duty papers and invoice s associated with the item s in question Ensure that the unit is properly packed Pack it in a rigid cardboard box Clearly write or mark the RMA number on the outside of the package you are returning Ship prepaid We take care of insuring incoming units North America EMEA Kontron Canada Inc Kontron Modular Computers GmbH 4555 Ambroise Lafortune Sudetenstrasse 7 B...

Page 433: ..._______________________ City ________________________ Province State _______________________ Country ________________________ Postal Zip Code _______________________ Phone Number ________________________ Extension _______________________ Fax Number ________________________ E Mail _______________________ Serial Number Failure or Problem Description P O if not under warranty Fax this form to Kontron...

Page 434: ...CP6923 Page B 1 CP6923 CLI Reference Manual FASTPATH log messages Appendix B ...

Page 435: ... Component Message Cause BSP Event 0xaaaaaaaa Switch has restarted BSP Starting code BSP initialization complete starting FastPath application Table 2 NIM Log Messages Component Message Cause NIM NIM L7_ATTACH out of order for intIfNum x unit x slot x port x Interface creation out of order NIM NIM Failed to find interface at unit x slot x port x for event x There is no mapping between the USP and ...

Page 436: ...eature or file Default configuration values will be used The file name and version are indicated SYSTEM File filename same version version num but the sizes version size expected version size differ The configuration file which was loaded was of a different size than expected for the version number This message indicates the configuration file needed to be migrated to the version number appropriat...

Page 437: ...y NVStore Migrating config file XXX from version Y to Z A configuration file version mismatch was detected so a configuration file migration has started Table 7 RADIUS Log Messages Component Message Cause RADIUS RADIUS Invalid data length xxx The RADIUS Client received an invalid message from the server RADIUS RADIUS Failed to send the request A problem communicating with the RADIUS server RADIUS ...

Page 438: ...S authentication error no server to contact TACACS request needed but no servers are configured TACACS TACACS connection failed to server x x x x TACACS request sent to server x x x x but no response was received TACACS TACACS no key configured to encrypt packet for server x x x x No key configured for the specified server TACACS TACACS received invalid packet type from server Received packet type...

Page 439: ...HTTPEnd internal error handle not in Handle table EmWeb handle index not valid EmWeb ewsNetHTTPReceive recvBufCnt exceeds MAX_QUEUED_RECV_BUFS The receive buffer limit has been reached Bad request or DoS attack EmWeb EmWeb accept XXXX Accept function for new SSH connection failed XXXX indicates the error info Table 13 CLI_UTIL Log Messages Component Message Cause CLI_UTIL Telnet Send Failed errno ...

Page 440: ... loading private key from file Failed while loading private key for SSL connection SSLT SSLT Error setting cipher list no valid ciphers Failed while setting cipher list SSLT SSLT Could not delete the SSL semaphores Failed to delete SSL semaphores during cleanup of all resources associated with the OpenSSL Locking semaphores Table 16 User_Manager Log Messages Component Message Cause User_Manager Us...

Page 441: ...ange notifications IPsubnet vlans vlanIpSubnetCnfgrFiniPhase1Process could not delete avl semaphore This appears when a semaphore deletion of this component fails IPsubnet vlans vlanIpSubnetDtlVlanCreate Failed This appears when a dtl call fails to add an entry into the table IPsubnet vlans vlanIpSubnetSubnetDeleteApply Failed This appears when a dtl fails to delete an entry from the table IPsubne...

Page 442: ...ing accounting start to RADIUS server 802 1X function failed sending terminate cause intf xxx Failed sending accounting stop to RADIUS server Table 21 IGMP Snooping Log Messages Component Message Cause IGMP Snooping function osapiMessageSend failed IGMP Snooping message queue is full IGMP Snooping Failed to set global igmp snooping mode to xxx Failed to set global IGMP Snooping mode due to message...

Page 443: ...uild up of message queue Helpful in determining the load on GARP GARP GVRP GMRP gid_destroy_port Error Removing port d registration for vlan mac d 02X 02X 02X 02X 02X 02X Mismatch between the gmd gmrp database and MFDB GARP GVRP GMRP gmd_create_entry GMRP failure adding MFDB entry vlan d and address s MFDB table is full Table 23 802 3ad Log Messages Component Message Cause 802 3ad dot3adReceiveMac...

Page 444: ...2 1Q dot1qMapIntfIsConfigurable Error accessing DOT1Q config data for interface d in dot1qMapIntfIsConfigurable A default configuration does not exist for this interface Typically a case when a new interface is created and has no pre configuration 802 1Q dot1qVlanDeleteProcess Deleting the default VLAN Typically encountered during clear Vlan and clear config 802 1Q dot1qVlanMemberSetModify dot1qVl...

Page 445: ...ration save Table 32 ACL Log Messages Component Message Cause ACL Total number of ACL rules x exceeds max y on intf i The combination of all ACLs applied to an interface has resulted in requiring more rules than the platform supports ACL ACL name rule x This rule is not being logged The ACL configuration has resulted in a requirement for more logging rules than the platform supports The specified ...

Page 446: ... due to a discrepancy in the rule count for this specific policy Additionally the message can be displayed when an old rule is being modified but the old rule is not in the policy Broadcom ERROR policy x tmpPolicy x size x data x x x x x x x x An issue installing the policy due to a possible duplicate hash Broadcom ACL x not found in internal table Attempting to delete a non existent ACL Broadcom ...

Page 447: ...d uport calculated from the BCM uport bcmx_l2_addr lport x Uport not valid from BCM driver Broadcom Invalid USP calculated from the BCM uport nbcmx_l2_addr lport x USP not able to be calculated from the learn event for BCM driver Broadcom Unable to insert route R P Route R with prefix P could not be inserted in the hardware route table A retry will be issued Broadcom Unable to Insert host H Host H...

Page 448: ...efault gateway in the kernel s routing table the function is really osapiRawMRouteAdd Delete OSAPI Linux osapiNetIfConfig ioctl on XX failed addr 0xYY err ZZ or osapiNetIPSet ioctl on XX failed addr 0x YY Failed trying to set the IP address in hex as YY of the interface with Linux name XX and the interface does not exist Sometimes this is a harmless race condition e g we try to set address 0 when ...

Page 449: ...ux Failed to Set Interface IP Address or IP Netmask or Broadcast Address or Flags or Hardware Address or Failed to Retrieve Interface Flags Trouble adding VRRP IP or MAC address es to a Linux network interface Table 37 OSAPI Linux Log Messages Continued Component Message Cause ...

Page 450: ...CP6923 Page C 1 CP6923 CLI Reference Manual List of Commands Appendix C ...

Page 451: ... OSPF 4 33 area range OSPF 4 33 area stub OSPF 4 33 area stub no summary OSPF 4 34 area virtual link OSPF 4 34 area virtual link authentication 4 34 area virtual link dead interval OSPF 4 35 area virtual link hello interval OSPF 4 35 area virtual link retransmit interval OSPF 4 36 area virtual link transmit delay OSPF 4 36 arp 4 2 arp access list 2 89 arp cachesize 4 3 arp dynamicrenew 4 3 arp pur...

Page 452: ... 2 42 clear errcounter 6 29 clear host 6 52 clear igmpsnooping 6 29 clear ip arp inspection statistics 2 91 clear ip dhcp binding 6 46 clear ip dhcp conflict 6 47 clear ip dhcp server statistics 6 46 clear ip dhcp snooping binding 2 85 clear ip dhcp snooping statistics 2 85 clear ip ospf 4 37 clear ip ospf configuration 4 38 clear ip ospf counters 4 38 clear ip ospf neighbor 4 38 clear ip ospf nei...

Page 453: ...ebug ip pimsm packet 6 61 debug ip vrrp 6 61 debug lacp packet 6 61 debug mldsnooping packet 6 62 debug ospf packet 6 62 debug ping packet 6 64 debug rip packet 6 65 debug sflow packet 6 66 debug spanning tree bpdu 6 66 debug spanning tree bpdu receive 6 66 debug spanning tree bpdu transmit 6 67 default information originate OSPF 4 39 default information originate RIP 4 61 default metric OSPF 4 39...

Page 454: ... dot1x re authenticate 2 45 dot1x re authentication 2 45 dot1x system auth control 2 45 dot1x timeout 2 46 dot1x unauthenticated vlan 2 46 dot1x user 2 47 download bootloader 6 3 download frudata 6 3 download fwum 6 3 download initrd 6 2 download ipmifw 6 2 drop 3 16 dvlan tunnel ethertype 2 30 enable OSPF 4 29 enable Privileged EXEC access 7 2 enable RIP 4 60 enable passwd 6 30 enable passwd encr...

Page 455: ...dhcp ping packets 6 45 ip dhcp pool 6 39 ip dhcp snooping 2 79 ip dhcp snooping binding 2 80 ip dhcp snooping database 2 80 ip dhcp snooping database write delay 2 80 ip dhcp snooping limit 2 81 ip dhcp snooping log invalid 2 81 ip dhcp snooping trust 2 82 ip dhcp snooping verify mac address 2 79 ip dhcp snooping vlan 2 79 ip domain list 6 50 ip domain lookup 6 49 ip domain name 6 49 ip domain ret...

Page 456: ... multicast ttl threshold 5 3 ip name server 6 50 ip netdirbcast 4 9 ip ospf area 4 30 ip ospf authentication 4 41 ip ospf cost 4 41 ip ospf dead interval 4 41 ip ospf hello interval 4 42 ip ospf mtu ignore 4 44 ip ospf network 4 42 ip ospf priority 4 43 ip ospf retransmit interval 4 43 ip ospf transmit delay 4 43 ip pimdm 5 10 ip pimdm mode 5 10 ip pimdm query interval 5 11 ip pimsm 5 12 ip pimsm ...

Page 457: ...p vrrp preempt 4 22 ip vrrp priority 4 22 ip vrrp timers advertise 4 23 ip vrrp track interface 4 23 ip vrrp track ip route 4 24 ipv6 access list 3 34 ipv6 access list rename 3 34 ipv6 traffic filter 3 35 key 7 37 lacp actor admin 2 63 lacp actor admin key 2 63 lacp actor admin state 2 63 lacp actor admin state individual 2 64 lacp actor admin state longtimeout 2 64 lacp actor admin state passive ...

Page 458: ...receive 2 112 lldp timers 2 112 lldp transmit 2 112 lldp transmit mgmt 2 113 lldp transmit tlv 2 113 logging buffered 6 23 logging buffered wrap 6 23 logging cli command 6 23 logging console 6 24 logging host 6 24 logging host remove 6 24 logging persistent 6 68 logging port 6 25 logging syslog 6 25 logout 6 30 mac access group 3 28 mac access list extended 3 26 mac access list extended rename 3 2...

Page 459: ...icast VLAN 6 54 netbios name server 6 43 netbios node type 6 43 network DHCP Pool Config 6 42 network area OSPF 4 30 network mac address 7 3 network mac type 7 4 network mgmt_vlan 2 20 network parms 7 3 network protocol 7 3 next server 6 44 no 1583compatibility 4 31 no access list 3 30 no acl trapflags 3 33 no acl traptimer 3 38 no advertise speed 2 4 no area nssa default info originate OSPF 4 31 ...

Page 460: ...auto summary 4 61 no auto voip all 3 37 no auto voip 3 37 no bandwidth 4 37 no block 2 3 no bootfile 6 43 no bootpdhcprelay cidoptmode 4 27 no bootpdhcprelay maxhopcount 4 27 no bootpdhcprelay minwaittime 4 28 no bridge aging time 2 128 no capability opaque 4 37 no class 3 18 no class map 3 9 no classofservice dot1p mapping 3 2 no classofservice ip dscp mapping 3 3 no classofservice trust 3 3 no c...

Page 461: ...ault information originate OSPF 4 39 no default information originate RIP 4 61 no default metric OSPF 4 39 no default metric RIP 4 61 no default router 6 41 no diffserv 3 8 no distance ospf 4 39 no distance rip 4 62 no distribute list out 4 40 no distribute list out 4 62 no dns server 6 41 no domain name 6 43 no dos control all 2 125 no dos control firstfrag 2 126 no dos control icmp 2 127 no dos ...

Page 462: ...p dhcp conflict logging 6 46 no ip dhcp excluded address 6 45 no ip dhcp ping packets 6 45 no ip dhcp pool 6 39 no ip dhcp snooping binding mac address 2 80 no ip dhcp snooping database write delay 2 80 no ip dhcp snooping limit 2 81 no ip dhcp snooping log invalid 2 81 no ip dhcp snooping trust 2 82 no ip dhcp snooping verify mac address 2 80 no ip dhcp snooping vlan 2 79 no ip dhcp snooping 2 79...

Page 463: ...shold 5 3 no ip multicast 5 3 no ip name server 6 50 no ip netdirbcast 4 10 no ip ospf area 4 30 no ip ospf authentication 4 41 no ip ospf cost 4 41 no ip ospf dead interval 4 42 no ip ospf hello interval 4 42 no ip ospf mtu ignore 4 44 no ip ospf network 4 42 no ip ospf priority 4 43 no ip ospf retransmit interval 4 43 no ip ospf transmit delay 4 43 no ip pimdm mode 5 11 no ip pimdm query interva...

Page 464: ...terface 4 23 no ip vrrp track ip route 4 24 no ip vrrp 4 20 no ip vrrp 4 21 no ipv6 access list 3 34 no ipv6 traffic filter 3 36 no lacp actor admin key 2 63 no lacp actor admin state individual 2 64 no lacp actor admin state longtimeout 2 64 no lacp actor admin state passive 2 65 no lacp actor admin state 2 64 no lacp actor port priority 2 65 no lacp actor system priority 2 66 no lacp admin key 2...

Page 465: ...ent 6 68 no logging port 6 25 no logging syslog 6 25 no mac access group 3 28 no mac access list extended 3 26 no macfilter adddest all 2 77 no macfilter adddest 2 77 no macfilter addsrc all 2 78 no macfilter addsrc 2 77 no macfilter 2 76 no match class map 3 11 no maximum paths 4 45 no mode dot1q tunnel 2 31 no mode dvlan tunnel 2 31 no monitor 2 75 no monitor session 2 75 no mtu 2 5 no netbios n...

Page 466: ...no protocol vlan group 2 26 no radius accounting mode 7 30 no radius server attribute 4 7 30 no radius server host 7 31 no radius server msgauth 7 32 no radius server retransmit 7 33 no radius server timeout 7 33 no redistribute 4 44 no redistribute 4 64 no routing 4 7 no serial baudrate 7 6 no serial timeout 7 6 no service dhcp 6 45 no service policy 3 20 no session limit 7 9 no session timeout 7...

Page 467: ...e 2 108 no set mld querier query_interval 2 107 no set mld querier timer expiry 2 108 no set mld querier 2 107 no set mld 2 102 no sflow poller 6 70 no sflow receiver 6 69 no sflow sampler 6 70 no shutdown all 2 6 no shutdown 2 5 no shutdown 4 69 no snmp trap link status all 7 27 no snmp trap link status 7 26 no snmp server community ipaddr 7 22 no snmp server community ipmask 7 22 no snmp server ...

Page 468: ...mst 2 13 no spanning tree port mode all 2 15 no spanning tree port mode 2 15 no spanning tree rootguard 2 15 no spanning tree 2 8 no split horizon 4 64 no sshcon maxsessions 7 12 no sshcon timeout 7 12 no startupslot sga use ga 6 5 no startupslot sga 6 4 no storm control broadcast all level 2 54 no storm control broadcast all rate 2 54 no storm control broadcast all rate 2 57 no storm control broa...

Page 469: ...7 17 no users snmpv3 encryption 7 18 no vlan acceptframe 2 21 no vlan association mac 2 28 no vlan association subnet 2 27 no vlan ingressfilter 2 22 no vlan name 2 22 no vlan port acceptframe all 2 23 no vlan port ingressfilter all 2 24 no vlan port pvid all 2 24 no vlan port tagging all 2 25 no vlan protocol group add protocol 2 25 no vlan pvid 2 27 no vlan routing 4 18 no vlan tagging 2 27 no v...

Page 470: ...t security 2 109 port security mac address 2 110 port security mac address move 2 110 port security max dynamic 2 110 port security max static 2 110 priority 7 37 protocol group 2 26 protocol vlan group 2 26 protocol vlan group all 2 26 quit 6 32 radius accounting mode 7 30 radius server attribute 4 7 30 radius server host 7 31 radius server key 7 31 radius server msgauth 7 32 radius server primar...

Page 471: ...r join 2 36 set garp timer leave 2 37 set garp timer leaveall 2 37 set gmrp adminmode 2 39 set gmrp interfacemode 2 40 set gvrp adminmode 2 38 set gvrp interfacemode 2 38 set igmp 2 92 set igmp fast leave 2 93 set igmp groupmembership interval 2 94 set igmp interfacemode 2 93 set igmp maxresponse 2 94 set igmp mcrtrexpiretime 2 95 set igmp mrouter 2 95 set igmp mrouter interface 2 96 set igmp prox...

Page 472: ... 2 47 show authentication users 2 48 show auto voip 3 37 show board pm mode 6 23 show boardinfo address 6 21 show boardinfo bootcycle 6 22 show boardinfo cpu load 6 22 show boardinfo event log 6 20 show boardinfo fcap 6 22 show boardinfo fru 6 21 show boardinfo ipmb 6 21 show boardinfo ipmidev 6 21 show boardinfo memory usage 6 22 show boardinfo post status 6 19 show boardinfo sensors 6 19 show bo...

Page 473: ...snooping mrouter interface 2 97 show igmpsnooping mrouter vlan 2 97 show igmpsnooping querier 2 100 show interface 6 9 show interface cos counter 3 6 show interface ethernet 6 10 show interface tunnel 4 69 show interfaces cos queue 3 6 show interfaces switchport 2 36 show ip access lists 3 33 show ip arp inspection 2 89 show ip arp inspection interfaces 2 91 show ip arp inspection statistics 2 90 ...

Page 474: ...ary 5 4 show ip mcast interface 5 4 show ip mcast mroute 5 4 show ip mcast mroute group 5 5 show ip mcast mroute source 5 5 show ip ospf 4 47 show ip ospf area 4 50 show ip ospf asbr 4 51 show ip ospf database 4 52 show ip ospf database database summary 4 53 show ip ospf interface 4 53 show ip ospf interface brief 4 54 show ip ospf interface stats 4 55 show ip ospf neighbor 4 56 show ip ospf range...

Page 475: ...dp local device 2 118 show lldp local device detail 2 118 show lldp med 2 121 show lldp med interface 2 121 show lldp med local device detail 2 122 show lldp med remote device 2 123 show lldp med remote device detail 2 124 show lldp remote device 2 116 show lldp remote device detail 2 117 show lldp statistics 2 115 show logging 6 25 show logging backtrace 6 27 show logging buffered 6 26 show loggi...

Page 476: ...54 show port channel system priority 2 74 show port security 2 111 show port security dynamic 2 111 show port security static 2 111 show port security violation 2 111 show radius 7 33 show radius accounting 7 34 show radius statistics 7 35 show running config 6 17 show serial 7 7 show service policy 3 25 show serviceport 7 5 show sflow agent 6 71 show sflow pollers 6 71 show sflow receivers 6 71 s...

Page 477: ... 28 show vlan association mac 2 30 show vlan association subnet 2 29 show vlan brief 2 29 show vlan multicast 6 54 show vlan port 2 29 show voice vlan 2 33 show watchdog 7 41 shutdown 2 5 shutdown all 2 5 shutdown 4 69 snmp trap link status 7 26 snmp trap link status all 7 26 snmp server 7 21 snmp server community 7 21 snmp server community ipaddr 7 21 snmp server community ipmask 7 22 snmp server...

Page 478: ...ration name 2 9 spanning tree configuration revision 2 10 spanning tree edgeport 2 10 spanning tree forceversion 2 10 spanning tree forward time 2 11 spanning tree hello time 2 11 spanning tree max age 2 12 spanning tree max hops 2 12 spanning tree mst 2 12 spanning tree mst instance 2 13 spanning tree mst priority 2 14 spanning tree mst vlan 2 14 spanning tree port mode 2 14 spanning tree port mo...

Page 479: ...ted Global Config 2 35 switchport protected Interface Config 2 35 tacacs server host 7 36 tacacs server key 7 36 tacacs server timeout 7 36 telnet 7 7 telnetcon maxsessions 7 9 telnetcon timeout 7 10 terminal length 6 19 timeout 7 37 timers spf 4 46 traceroute 6 28 traffic shape 3 4 transport input telnet 7 8 transport output telnet 7 8 trapflags OSPF 4 46 tunnel destination 4 69 tunnel mode 4 68 ...

Page 480: ...ceptframe all 2 23 vlan port ingressfilter all 2 24 vlan port priority all 2 34 vlan port pvid all 2 24 vlan port tagging all 2 24 vlan priority 2 34 vlan protocol group 2 25 vlan protocol group add protocol 2 25 vlan protocol group remove 2 25 vlan pvid 2 27 vlan routing 4 18 vlan tagging 2 27 voice vlan Global Config 2 32 voice vlan Interface Config 2 33 voice vlan data priority 2 33 write memor...

Reviews:

No comments