manualshive.com logo in svg

NETGEAR GSM7328Sv2 - ProSafe 24+4 Gigabit Ethernet L3 Managed Stackable Switch, Cli Manual

Get ready to optimize your network performance with the NETGEAR GSM7328Sv2 - ProSafe 24+4 Gigabit Ethernet L3 Managed Stackable Switch. Find the ultimate user satisfaction by easily accessing the detailed Cli Manual, available for free download from our website. Unlock the full potential of your device today.

Share
Download
background image

Managed Switch CLI Manual, Release 8.0.3

IPv6 Commands

7-59

v1.0, July 2010

show ipv6 ospf asbr

This command displays the internal OSPFv3 routes to reach Autonomous System Boundary 
Routers (ASBR). This command takes no options.

show ipv6 ospf database 

This command displays information about the link state database when OSPFv3 is enabled. If you 
do not enter any parameters, the command displays the LSA headers for all areas. Use the optional 

<areaid>

 parameter to display database information about a specific area. Use the other 

optional parameters to specify the type of link state advertisements to display. Use 

external

 to 

display the external LSAs. Use 

inter-area

 to display the inter-area LSAs. Use 

link 

to 

Default Metric 
Type

The metric type for the default route advertised into the NSSA.

Translator Role

The NSSA translator role of the ABR, which is always or candidate.

Translator 
Stability Interval

The amount of time that an elected translator continues to perform its duties after it 
determines that its translator status has been deposed by another router.

Translator State

Shows whether the ABR translator state is disabled, always, or elected.

Format

show ipv6 ospf asbr

Modes

• Privileged EXEC

• User EXEC

Term

Definition

Type

The type of the route to the destination. It can be either:

• intra — Intra-area route

• inter — Inter-area route

Router ID

Router ID of the destination.

Cost

Cost of using this route.

Area ID

The area ID of the area from which this route is learned.

Next Hop

Next hop toward the destination.

Next Hop Intf

The outgoing router interface to use when forwarding traffic to the next hop. 

Term

Definition

Summary of Contents for GSM7328Sv2 - ProSafe 24+4 Gigabit Ethernet L3 Managed Stackable Switch

Page 1: ...202 10715 01 July 2010 NETGEAR Inc 350 East Plumeria Drive San Jose CA 95134 ProSafe 7300S Managed Switches CLI Manual Version 8 0 3 ...

Page 2: ...operation of some equipment for example test transmitters in accordance with the regulations may however be subject to certain restrictions Please refer to the notes in the operating instructions The Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations B...

Page 3: ...2S GSM7328FS GSM7328Sv2 and GSM7352Sv2 Publication Date July 2010 Product Family managed switch Product Name ProSafe 7300S Series Layer 3 Managed Stackable Switch Home or Business Product Business Language English Publication Part Number 202 10715 01 Publication Version Number 1 0 ...

Page 4: ...rm of a Command 1 4 Managed Switch Modules 1 5 Command Modes 1 5 Command Completion and Abbreviation 1 9 CLI Error Messages 1 9 CLI Line Editing Conventions 1 10 Using CLI Help 1 11 Accessing the CLI 1 12 Chapter 2 Stacking Commands Dedicated Port Stacking 2 1 Front Panel Stacking Commands 2 10 Chapter 3 Switching Commands Port Configuration Commands 3 2 Spanning Tree Protocol STP Commands 3 11 VL...

Page 5: ...ion Commands 3 139 IGMP Snooping Querier Commands 3 148 MLD Snooping Commands 3 153 MLD Snooping Querier Commands 3 162 Port Security Commands 3 166 LLDP 802 1AB Commands 3 170 LLDP MED Commands 3 181 Denial of Service Commands 3 192 MAC Database Commands 3 204 ISDP Commands 3 206 Chapter 4 Routing Commands Address Resolution Protocol ARP Commands 4 1 IP Routing Commands 4 8 Router Discovery Proto...

Page 6: ...xy Commands 6 23 Chapter 7 IPv6 Commands IPv6 Management Commands 7 2 Tunnel Interface Commands 7 6 Loopback Interface Commands 7 8 IPv6 Routing Commands 7 10 OSPFv3 Commands 7 33 DHCPv6 Commands 7 68 Chapter 8 Quality of Service QoS Commands Class of Service CoS Commands 8 2 Differentiated Services DiffServ Commands 8 8 DiffServ Class Commands 8 10 DiffServ Policy Commands 8 19 DiffServ Service C...

Page 7: ...3 Cable Test Command 9 83 sFlow Commands 9 84 Software License Commands 9 89 Chapter 10 July 2010 Management Commands Configuring the Switch Management CPU 11 2 Network Interface Commands 11 4 Console Port Access Commands 11 8 Telnet Commands 11 11 Secure Shell SSH Commands 11 16 Management Security Commands 11 19 Hypertext Transfer Protocol HTTP Commands 11 20 Access Commands 11 28 User Account C...

Page 8: ... 11 23 O S Support 11 26 Chapter 12 Captive Portal Commands Capitve Portal Global Commands 12 1 Captive Portal Configuration Commands 12 5 Captive Portal Status Commands 12 14 Captive Portal Client Connection Commands 12 19 Captive Portal Interface Commands 12 23 Captive Portal Local User Commands 12 24 Captive Portal User Group Commands 12 31 Chapter 13 List of Commands ...

Page 9: ... an understanding of the configuration options of the software This document assumes that the reader has an understanding of the software base and has read the appropriate specification for the relevant networking device platform It also assumes that the reader has a basic knowledge of Ethernet and networking concepts About Managed Switch Software The Managed Switchsoftware has two purposes Assist...

Page 10: ...nds described in this manual can only be used on GSM7328Sv2 and GSM7352Sv2 switches These commands are noted in text The following figure shows the GSM7328S and GSM7352S switches Newer documentation refers to these two switches as GSM7328Sv1 and GSM7352Sv1 Also shown are the GSM7328Sv2 and GSM7352Sv2 switches Version 1 Switches Version 2 Switches GSM7328Sv1 GSM7352Sv1 GSM7328Sv2 GSM7352Sv2 ...

Page 11: ...et firewall and VPN technologies go to http kbserver netgear com Italic Emphasis books CDs file and server names extensions Bold User input IP addresses GUI screen text Fixed Command prompt CLI text code italic URL links Note This format is used to highlight information of importance or special interest Tip This format is used to highlight a procedure that will save time or resources Warning Ignor...

Page 12: ... computer must have the free Adobe Acrobat reader installed in order to view and print PDF files The Acrobat reader is available on the Adobe Web site at http www adobe com Revision History Table 1 1 Part Number Version Number Date Description 202 10715 01 1 0 July 2010 7300S Managed Switches CLI Manual Version 8 0 3 ...

Page 13: ... Switch Modules on page 1 5 Command Modes on page 1 5 Command Completion and Abbreviation on page 1 9 CLI Error Messages on page 1 9 CLI Line Editing Conventions on page 1 10 Using CLI Help on page 1 11 Accessing the CLI on page 1 12 Command Syntax A command is one or more words that might be followed by one or more parameters Parameters can be required or optional values Some commands such as sho...

Page 14: ... of the information that the command shows Command Conventions In this document the command name is in bold font Parameters are in italic font You must replace the parameter name with an appropriate value which might be a name or number Parameters are order dependent The parameters for a command might include mandatory values optional values or keyword choices Table 1 describes the conventions thi...

Page 15: ...ess in the following formats a 32 bits a b 8 24 bits a b c 8 8 16 bits a b c d 8 8 8 8 In addition to these formats the CLI accepts decimal hexadecimal and octal formats through the following input formats where n is any valid hexadecimal octal or decimal number 0xn CLI assumes hexadecimal format 0n CLI assumes octal format with leading zeros n CLI assumes decimal format ipv6 address FE80 0000 000...

Page 16: ...up to the maximum number of physical slots Logical slot numbers Logical slots immediately follow physical slots and identify port channel LAG or router interfaces CPU slot numbers The CPU slots immediately follow the logical slots Table 4 Type of Ports Port Type Description Physical Ports The physical ports for each slot are numbered sequentially starting from zero Logical Interfaces Port channel ...

Page 17: ...n the software The software suite includes the following modules Switching Layer 2 Routing Layer 3 IPv6 IPv6 routing Multicast Quality of Service Management CLI Web UI and SNMP IPv6 Management Allows management of the device through an IPv6 through an IPv6 address without requiring the IPv6 Routing package in the system The management address can be associated with the network port front panel swi...

Page 18: ...ration VLAN Config Switch Vlan Groups all the VLAN commands Interface Config Switch Interface unit slot port Switch Interface Loopback id Switch Interface Tunnel id Manages the operation of an interface and provides access to the router interface configuration commands Use this mode to set up a physical port for a specific logical connection operation Line Config Switch line Contains commands to c...

Page 19: ...iguration commands Stack Global Config Mode Switch Config stack Allows you to access the Stack Global Config Mode ARP Access List Config Mode Switch Config arp access list Contains commands to add ARP ACL rules in an ARP Access List Table 6 CLI Mode Access and Exit Command Mode Access Method Exit or Access Previous Mode User EXEC This is the first level of access To exit enter logout Privileged EX...

Page 20: ...nal keyword ipv6 to specify the Layer 3 protocol for this class See class map on page 8 10 for more information To exit to the Global Config mode enter exit To return to the Privileged EXEC mode enter Ctrl Z Router OSPF Config From the Global Config mode enter router ospf To exit to the Global Config mode enter exit To return to the Privileged EXEC mode enter Ctrl Z Router OSPFv3 Config From the G...

Page 21: ...p addr where ip addr is the IP address of the TACACS server on your network To exit to the Global Config mode enter exit To return to the Privileged EXEC mode enter Ctrl Z DHCP Pool Config From the Global Config mode enter ip dhcp pool pool name To exit to the Global Config mode enter exit To return to the Privileged EXEC mode enter Ctrl Z DHCPv6 Pool Config From the Global Config mode enter ip dh...

Page 22: ...s are not recognized Command not found Incomplete command Use to list commands Indicates that you did not enter the required keywords or values Ambiguous command Indicates that you did not enter enough letters to uniquely identify the command Table 8 CLI Editing Conventions Key Sequence Description DEL or Backspace Delete previous character Ctrl A Go to beginning of line Ctrl E Go to end of line C...

Page 23: ...r a question mark after each word you enter to display available command keywords or parameters switch network javamode Enable Disable mgmt_vlan Configure the Management VLAN ID of the switch parms Configure Network Parameters of the router protocol Select DHCP BootP or None as the network config protocol If the help output shows a parameter in angle brackets you must replace the parameter with a ...

Page 24: ... in the following example switch show m mac addr table mac address table monitor Accessing the CLI You can access the CLI by using a direct console connection or by using a telnet or SSH connection from a remote management host For the initial connection you must use a direct connection to the console port You cannot access the system remotely until the system has an IP address subnet mask and def...

Page 25: ...port stacking stack This command sets the mode to Stack Global Config Note The commands in this chapter are in one of two functional groups Note Show commands display switch settings statistics and other information Note Configuration commands configure features and options of the switch For every configuration command there is a show command that displays the configuration setting The Primary Man...

Page 26: ... the ability of a switch to become the Primary Management Unit The unit is the switch identifier The value is the preference parameter that allows the user to specify priority of one backup switch over another The range for priority is 1 to 15 The switch with the highest priority value will be chosen to become the Primary Management Unit if the active Primary Management Unit fails The switch prior...

Page 27: ...he tounit is the switch identifier on the new Primary Management Unit Upon execution the entire stack including all interfaces in the stack is unconfigured and reconfigured with the configuration on the new Primary Management Unit After the reload is complete all stack management capability must be performed on the new Primary Management Unit To preserve the current configuration across a stack mo...

Page 28: ...ted and the slot will be re configured with default information for the card no slot This command removes configured information from an existing slot in the system set slot disable This command configures the administrative mode of the slot s If you specify all the command is applied to all slots otherwise the command is applied to the slot identified by unit slot Format slot unit slot cardindex ...

Page 29: ...oves the configuration from the contents of the slot If the slot is empty this administrative mode removes the configuration from any module inserted into the slot If a card is disabled all the ports on the device are operationally disabled and shown as unplugged on management screens set slot power This command configures the power mode of the slot s and allows power to be supplied to a card loca...

Page 30: ...is command resets the entire stack or the identified unit The unit is the switch identifier The system prompts you to confirm that you want to reset the switch show slot This command displays information about all the slots in the system or for a specific slot Format no set slot power unit slot all Mode Global Config Format reload unit Mode User EXEC Format show slot unit slot Mode User EXEC Term ...

Page 31: ...f the card inserted in the slot Model Identifier is a 32 character field used to identify a card This field is displayed only if the slot is full Inserted Card Description The card description This field is displayed only if the slot is full Configured Card Description The card description of the card preconfigured in the slot Format show supported cardtype cardindex Mode User EXEC Term Definition...

Page 32: ...entifier The model identifier of the switch in the stack Model Identifier is a 32 character field assigned by the device manufacturer to identify the device Switch Status The switch status Possible values for this state are OK Unsup ported Code Mismatch Config Mismatch or Not Present Code Version The detected version of code on this switch Term Definition Management Status Indicates whether the sw...

Page 33: ...pre configuration then the code version is None Detected Code in Flash The version of code that is currently stored in FLASH memory on the switch This code executes after the switch is reset If the switch is not present and the data is from pre configuration then the code version is None Up Time The system up time Format show supported switchtype switchindex Mode User EXEC Privileged EXEC Term Def...

Page 34: ...This command displays summary stack port information for all interfaces For Each Interface Model Identifier The model identifier for the supported switch type Switch Description The description for the supported switch type Default stack Format stack port unit slot port ethernet stack Mode Stack Global Config Format show stack port Mode Privileged EXEC Term Definition QOS Mode Front Panel Stacking...

Page 35: ... Status of the link Link Speed Speed Gbps of the stack port link Table 9 Format show stack port counters Mode Privileged EXEC Term Definition Unit The unit number Interface The slot and port numbers Tx Data Rate Trashing data rate in megabits per second on the stacking port Tx Error Rate Platform specific number of transmit errors per second Tx Total Error Platform specific number of total transmi...

Page 36: ...v1 0 July 2010 Term Definition Unit The unit number Interface The slot and port numbers Diagnostic Entry1 80 character string used for diagnostics Diagnostic Entry2 80 character string used for diagnostics Diagnostic Entry3 80 character string used for diagnostics ...

Page 37: ...51 Protected Ports Commands on page 3 52 Private Group Commands on page 3 54 GVRP Commands on page 3 59 GMRP Commands on page 3 61 Port Based Network Access Control Commands on page 3 64 Storm Control Commands on page 3 78 Port Channel LAG 802 3ad Commands on page 3 90 Port Mirroring on page 3 113 Static MAC Filtering on page 3 115 DHCP Snooping Configuration Commands on page 3 120 Dynamic ARP Ins...

Page 38: ...port settings interface This command gives you access to the Interface Config mode which allows you to enable or modify the operation of an interface port Warning The commands in this chapter are in one of three functional groups Show commands display switch settings statistics and other information Configuration commands configure features and options of the switch For every configuration command...

Page 39: ...le options interface lag This command gives you access to the LAG link aggregation or port channel virtual interface which allows certain port configurations to be applied to the LAG interface Type a question mark after entering the interface configuration mode to see the available options auto negotiate This command enables automatic negotiation on a port Format interface range unit slot port uni...

Page 40: ...s automatic negotiation on all ports no auto negotiate all This command disables automatic negotiation on all ports Format auto negotiate Mode Interface Config Note Automatic sensing is disabled when automatic negotiation is disabled Format no auto negotiate Mode Interface Config Default enabled Format auto negotiate all Mode Global Config Format no auto negotiate all Mode Global Config ...

Page 41: ...00 seriesimplementation the MTU size is a valid integer between 1522 9216 for tagged packets and a valid integer between 1518 9216 for untagged packets no mtu This command sets the default MTU size in bytes for the interface Format description description Mode Interface Config Note To receive and process packets the Ethernet MTU must include any extra bytes that Layer 2 headers might require To co...

Page 42: ...l ports Note You can use the shutdown command on physical and port channel LAG interfaces but not on VLAN routing interfaces Default enabled Format shutdown Mode Interface Config Format no shutdown Mode Interface Config Note You can use the shutdown all command on physical and port channel LAG interfaces but not on VLAN routing interfaces Default enabled Format shutdown all Mode Global Config ...

Page 43: ...r all interfaces Format no shutdown all Mode Global Config Format speed 100 10 half duplex full duplex Mode Interface Config Acceptable Values Definition 100h 100BASE T half duplex 100f 100BASE T full duplex 10h 10BASE T half duplex 10f 10BASE T full duplex Format speed all 100 10 half duplex full duplex Mode Global Config Acceptable Values Definition 100h 100BASE T half duplex 100f 100BASE T full...

Page 44: ...is port is a probe port Admin Mode The Port control administration state The port must be enabled in order for it to be allowed into the network May be enabled or disabled The factory default is enabled Physical Mode The desired port speed and duplex mode If auto negotiation support is selected then the duplex mode and speed is set from the auto negotiation process Note that the maximum capability...

Page 45: ... type of protocol s for this group VLAN The VLAN associated with this Protocol Group Interface s Lists the unit slot port interface s that are associated with this Protocol Group Format show port description unit slot port Mode Privileged EXEC Term Definition Interface Valid slot and port number separated by forward slashes Description Shows the port description configured via the description comm...

Page 46: ...cal Mode Either Auto or fixed speed and duplex mode Physical Status The actual speed and duplex mode Link Status Whether the link is Up or Down Loop Status Whether the port is in loop state or not Partner Flow Control Whether the remote side is using flow control or not Term Definition ...

Page 47: ...spanning tree This command sets the spanning tree operational mode to disabled While disabled the spanning tree configuration is retained and can be changed but is not activated spanning tree bpdufilter default Use this command to enable BPDU Filter on all the edge port interfaces no spanning tree bpdufilter default Use this command to disable BPDU Filter on all the edge port interfaces Default en...

Page 48: ...nterface spanning tree bpduguard Use this command to enable BPDU Guard on the switch no spanning tree bpduguard Use this command to disable BPDU Guard on the switch Default enabled Format no spanning tree bpdufilter default Mode Global Config Default disabled Format spanning tree bpduflood Mode Interface Config Default enabled Format no spanning tree bpduflood Mode Interface Config Format spanning...

Page 49: ...nfiguration or have a no version spanning tree configuration name This command sets the Configuration Identifier Name for use in identifying the configuration that this switch is currently using The name is a string of up to 32 characters no spanning tree configuration name This command resets the Configuration Identifier Name to its default Default disabled Format no spanning tree bpduguard Mode ...

Page 50: ...the configuration that this switch is currently using to the default value spanning tree edgeport This command specifies that this port is an Edge Port within the common and internal spanning tree This allows this port to transition to Forwarding State without delay no spanning tree edgeport This command specifies that this port is not an Edge Port within the common and internal spanning tree Defa...

Page 51: ... rather than MST BPDUs IEEE 802 1w functionality supported no spanning tree forceversion This command sets the Force Protocol Version parameter to the default value spanning tree forward time This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree The forward time value is in seconds within a range of 4 to 30 with the value being greater than o...

Page 52: ...ning tree protocol no spanning tree guard This command disables loop guard or root guard on the interface spanning tree max age This command sets the Bridge Max Age parameter to a new value for the common and internal spanning tree The max age value is in seconds within a range of 6 to 40 with the value being less than or equal to 2 x Bridge Forward Delay 1 Format no spanning tree forward time Mod...

Page 53: ...nal spanning tree to the default value spanning tree mst This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance or in the common and internal spanning tree If you specify an mstid parameter that corresponds to an existing multiple spanning tree instance the configurations are done for that multiple spanning tree instance If you specify 0 defined a...

Page 54: ...ority for this port within the multiple spanning tree instance or in the common and internal spanning tree to the respective default values If you specify an mstid parameter that corresponds to an existing multiple spanning tree instance you are configuring that multiple spanning tree instance If you specify 0 defined as the default CIST ID as the mstid you are configuring the common and internal ...

Page 55: ... deleted instance to the common and internal spanning tree The parameter mstid is a number that corresponds to the desired existing multiple spanning tree instance to be removed spanning tree mst priority This command sets the bridge priority for a specific multiple spanning tree instance The parameter mstid is a number that corresponds to the desired existing multiple spanning tree instance The p...

Page 56: ... as the default CIST ID is passed as the mstid this command sets the Bridge Priority parameter for the common and internal spanning tree to the default value spanning tree mst vlan This command adds an association between a multiple spanning tree instance and one or more VLANs so that the VLAN s are no longer associated with the common and internal spanning tree The parameter mstid is a number tha...

Page 57: ...Administrative Switch Port State for this port to enabled no spanning tree port mode This command sets the Administrative Switch Port State for this port to disabled spanning tree port mode all This command sets the Administrative Switch Port State for all ports to enabled Format no spanning tree mst vlan mstid vlanid Mode Global Config Default disabled Format spanning tree port mode Mode Interfac...

Page 58: ...t all This command disables Edge Port mode for all ports within the common and internal spanning tree spanning tree bpduforwarding Normally a switch will not forward Spanning Tree Protocol STP BPDU packets if STP is disabled However if in some network setup the user wishes to forward BDPU packets received from other network devices this command can be used to enable the forwarding Format no spanni...

Page 59: ... 0 and 61440 It is displayed in multiples of 4096 Bridge Identifier The bridge identifier for the CST It is made up using the bridge priority and the base MAC address of the bridge Time Since Topology Change Time in seconds Topology Change Count Number of times changed Topology Change Boolean value of the Topology Change parameter for the switch indicating if a topology change is in progress on an...

Page 60: ...s of the bridge Regional Root Path Cost Path Cost to the CST Regional Root Associated FIDs List of forwarding database identifiers currently associated with this instance Associated VLANs List of VLAN IDs currently associated with this instance Format show spanning tree brief Mode Privileged EXEC User EXEC Term Definition Bridge Priority Configured value Bridge Identifier The bridge identifier for...

Page 61: ...ations and topology changes to other ports BPDU Filter Mode Enabled or disabled BPDU Flood Mode Enabled or disabled Auto Edge To enable or disable the feature that causes a port that has not seen a BPDU for edge delay time to become an edge port and transition to forwarding faster Port Up Time Since Counters Last Cleared Time since port was reset displayed in days hours minutes and seconds STP BPD...

Page 62: ...anning tree state of this port Port Role Each enabled MST Bridge Port receives a Port Role for each spanning tree The port role is one of the following values Root Port Designated Port Alternate Port Backup Port Master Port or Disabled Port Auto Calculate Port Path Cost Indicates whether auto calculation for port path cost is enabled Port Path Cost Configured value of the Internal Port Path Cost p...

Page 63: ...ortForwarding State The forwarding state of the port within the CST Port Role The role of the specified interface within the CST Auto Calculate Port Path Cost Indicates whether auto calculation for port path cost is enabled or not disabled Port Path Cost The configured path cost for the specified interface Auto Calculate External Port Path Cost Indicates whether auto calculation for external port ...

Page 64: ...s The derived value of the edge port status True if operating as an edge port false otherwise Point To Point MAC Status Derived value indicating if this port is part of a point to point link CST Regional Root The regional root identifier in use for this port CST Internal Root Path Cost The internal root path cost to the LAN by the designated external port Loop Inconsistent State The current loop i...

Page 65: ... or disabled on the port Type Currently not used STP State The forwarding state of the port in the specified spanning tree instance Port Role The role of the specified port within the spanning tree Desc Indicates whether the port is in loop inconsistent state or not This field is blank if the loop guard feature is not available Format show spanning tree mst summary Mode Privileged EXEC User EXEC T...

Page 66: ...on Version of 802 1 currently supported IEEE 802 1s IEEE 802 1w or IEEE 802 1d based upon the Force Protocol Version parameter BPDU Guard Mode Enabled or disabled BPDU Filter Mode Enabled or disabled Configuration Name Identifier used to identify the configuration currently being used Configuration Revision Level Identifier used to identify the configuration currently being used Configuration Dige...

Page 67: ...is command configures the Management VLAN ID no network mgmt_vlan This command sets the Management VLAN ID to the default Term Definition VLAN Identifier The VLANs associated with the selected MST instance Associated Instance Identifier for the associated multiple spanning tree instance or CST if associated with the common and internal spanning tree Format vlan database Mode Privileged EXEC Defaul...

Page 68: ...ntains VlanId s in range 1 4093 Separate non consecutive IDs with and no spaces and no zeros in between the range Use for range vlan acceptframe This command sets the frame acceptance mode per interface For VLAN Only mode untagged frames or priority frames received on this interface are discarded For Admit All mode untagged frames or priority frames received on this interface are accepted and assi...

Page 69: ...nd disables ingress filtering If ingress filtering is disabled frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN vlan makestatic This command changes a dynamically created VLAN one that is created by GVRP registration to a static VLAN one that is permanently configured and defined The ID ...

Page 70: ...valid interface number Participation options are Default VLAN ID 1 default other VLANS blank string Format vlan name 1 4093 name Mode VLAN Config Format no vlan name 1 4093 Mode VLAN Config Format vlan participation exclude include auto 1 4093 Mode Interface Config Participation Options Definition include The interface is always a member of this VLAN This is equivalent to registration fixed exclud...

Page 71: ...nfig Participation Options Definition include The interface is always a member of this VLAN This is equivalent to registration fixed exclude The interface is never a member of this VLAN This is equivalent to registration forbidden auto The interface is dynamically registered in this VLAN by GVRP The interface will not participate in this VLAN unless a join request is received on this interface Thi...

Page 72: ...led frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN no vlan port ingressfilter all This command disables ingress filtering for all ports If ingress filtering is disabled frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwa...

Page 73: ...mand configures the tagging behavior for all interfaces in a VLAN to disabled If tagging is disabled traffic is transmitted as untagged frames The ID is a valid VLAN identification number vlan protocol group This command adds protocol based VLAN groups to the system The groupName is a character string of 1 to 16 characters When it is created the protocol group will be assigned a unique number that...

Page 74: ...rp and ipx no vlan protocol group add protocol This command removes the protocol from this protocol based VLAN group that is identified by this groupid The possible values for protocol are ip arp and ipx vlan protocol group remove This command removes the protocol based VLAN group that is identified by this groupid protocol group This command attaches a vlanid to the protocol based VLAN identified...

Page 75: ...face and protocol combination with one group If adding an interface to a group causes any conflicts with protocols currently associated with the group this command fails and the interface s are not added to the group no protocol vlan group This command removes the interface from this protocol based VLAN group that is identified by this groupid Default none Format protocol group groupid vlanid Mode...

Page 76: ...ls currently associated with the group this command will fail and the interface s will not be added to the group no protocol vlan group all This command removes all interfaces from this protocol based VLAN group that is identified by this groupid vlan pvid This command changes the VLAN ID per interface no vlan pvid This command sets the VLAN ID per interface to 1 Default none Format protocol vlan ...

Page 77: ...s the tagging behavior for a specific interface in a VLAN to disabled If tagging is disabled traffic is transmitted as untagged frames The vlan list contains VlanId s in range 1 4093 Separate non consecutive IDs with and no spaces and no zeros in between the range Use for range vlan association subnet This command associates a VLAN to a specific IP subnet no vlan association subnet This command re...

Page 78: ...ormat vlan association mac macaddr 1 4093 Mode VLAN database Format no vlan association mac macaddr Mode VLAN database Format show vlan Mode Privileged EXEC User EXEC Term Definition VLAN ID There is a VLAN Identifier VID associated with each VLAN The range of the VLAN ID is 1 to 4093 VLAN Name A string associated with this VLAN as a convenience It can be up to 32 alphanumeric characters long incl...

Page 79: ... VLAN This is equivalent to registration fixed in the IEEE 802 1Q standard Exclude This port is never a member of this VLAN This is equivalent to registration forbidden in the IEEE 802 1Q standard Autodetect To allow the port to be dynamically registered in this VLAN via GVRP The port will not participate in this VLAN unless a join request is received on this port This is equivalent to registratio...

Page 80: ...s on the top line Port VLAN ID The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port The value must be for an existing VLAN The factory default is 1 Acceptable Frame Types The types of frames that may be received on this port The options are VLAN only and Admit All When set to VLAN only untagged frames or priority tagged frames received on this p...

Page 81: ...r disabled Default Priority The 802 1p priority assigned to tagged packets arriving on the port Format show vlan association subnet ipaddr netmask Mode Privileged EXEC Term Definition IP Subnet The IP address assigned to each interface IP Mask The subnet mask VLAN ID There is a VLAN Identifier VID associated with each VLAN Format show vlan association mac macaddr Mode Privileged EXEC Term Definiti...

Page 82: ... dvlan tunnel ethertype This command configures the ether type for all interfaces The ether type may have the values of 802 1Q vMAN or custom If the ether type has a value of custom the optional value of the custom ether type must be set to a value from 0 to 65535 mode dot1q tunnel This command is used to enable Double VLAN Tunneling on the specified interface no mode dot1q tunnel This command is ...

Page 83: ...detailed information about Double VLAN Tunneling for the specified interface or all interfaces Note When you use the mode dvlan tunnel command on an interface it becomes a service provider port Ports that do not have double VLAN tunneling enabled are customer ports Default disabled Format mode dvlan tunnel Mode Interface Config Format no mode dvlan tunnel Mode Interface Config Format show dot1q tu...

Page 84: ...ere are three different EtherType tags The first is 802 1Q which represents the commonly used value of 0x8100 The second is vMAN which represents the commonly used value of 0x88A8 If EtherType is not one of these two values then it is a custom tunnel value representing any value in the range of 0 to 65535 Format show dvlan tunnel interface unit slot port all Mode Privileged EXEC User EXEC Term Def...

Page 85: ...w voice vlan Global Config Use this command to enable the Voice VLAN capability on the switch no voice vlan Global Config Use this command to disable the Voice VLAN capability on the switch voice vlan Interface Config Use this command to enable the Voice VLAN capability on the interface You can configure Voice VLAN in one of three different ways Default disabled Format voice vlan Mode Global Confi...

Page 86: ...arameter is not specified only the global mode of the Voice VLAN is displayed When the interface is specified none Allow the IP phone to use its own configuration to send untagged voice traffic untagged Configure the phone to send untagged voice traffic Format no voice vlan Mode Interface Config Default trust Format voice vlan data priority untrust trust Mode Interface Config Format show voice vla...

Page 87: ...iority This command configures the default 802 1p port priority assigned for untagged packets for a specific interface The range for the priority is 0 7 Term Definition Voice VLAN Interface Mode The admin mode of the Voice VLAN on the interface Voice VLAN ID The Voice VLAN ID Voice VLAN Priority The do1p priority for the Voice VLAN on the port Voice VLAN Untagged The tagging option for the Voice V...

Page 88: ...face remains unchanged Once the interface is no longer a member of a LAG the current configuration for that interface automatically becomes effective switchport protected Global Config Use this command to create a protected port group The groupid parameter identifies the set of protected ports Use the name name pair to assign a name to the protected port group The name can be up to 32 alphanumeric...

Page 89: ...f protected ports to which this interface is assigned show switchport protected This command displays the status of all the interfaces including protected and unprotected interfaces Note Port protection occurs within a single switch Protected port configuration does not affect traffic between ports on two different switches No traffic forwarding is possible between two protected ports Default unpr...

Page 90: ...t in private group can be forwarded to other ports either in the same private group or anyone in the same VLAN that are not in a private group Name An optional name of the protected port group The name can be up to 32 alphanumeric characters long including blanks The default is blank List of Physical Ports List of ports which are configured as protected for the group identified with groupid If no ...

Page 91: ...ber of private groups is 192 such that the valid range for the ID is 1 192 The private group id field is optional If not specified a group id not used will be assigned automatically The mode can be either isolated or community When in isolated mode the member port in the group cannot forward its egress traffic to any other members in the same group By default the mode is community mode that each m...

Page 92: ...egistration Protocol GMRP GARP is a protocol that allows client stations to register with the switch for membership in VLANS by using GVMP or multicast groups by using GVMP Format private group name privategroup name Mode Global Config Format show private groupname private group name private group id port unit slot port Mode Priviledged EXEC Term Definition Interface Valid slot and port number sep...

Page 93: ...ult and only has an effect when GVRP is enabled set garp timer leave This command sets the GVRP leave time for one port Interface Config mode or all ports Global Config mode and only has an effect when GVRP is enabled Leave time is the time to wait after receiving an unregister request for a VLAN or a multicast group before deleting the VLAN entry This can be considered a buffer time for another s...

Page 94: ...nd per GARP participation The time may range from 200 to 6000 centiseconds The value 1000 centiseconds is 10 seconds You can use this command on all ports Global Config mode or a single port Interface Config mode and it only has an effect only when GVRP is enabled no set garp timer leaveall This command sets how frequently Leave All PDUs are generated the default and only has an effect when GVRP i...

Page 95: ... ports and automatic VLAN pruning set gvrp adminmode This command enables GVRP on the system no set gvrp adminmode This command disables GVRP Format show garp Mode Privileged EXEC User EXEC Term Definition GMRP Admin Mode The administrative mode of GARP Multicast Registration Protocol GMRP for the system GVRP Admin Mode The administrative mode of GARP VLAN Registration Protocol GVRP for the system...

Page 96: ...Time Leave Time and Leave All Time have no effect show gvrp configuration This command displays Generic Attributes Registration Protocol GARP information for one or all interfaces Format no set gvrp adminmode Mode Privileged EXEC Default disabled Format set gvrp interfacemode Mode Interface Config Global Config Format no set gvrp interfacemode Mode Interface Config Global Config Format show gvrp c...

Page 97: ...seconds Leave Timer The period of time to wait after receiving an unregister request for an attribute before deleting the attribute Current attributes are a VLAN or multicast group This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service There is an instance of this timer on a per Port per GARP participant bas...

Page 98: ...ly re enabled if routing is disabled and port channel LAG membership is removed from an interface that has GARP enabled no set gmrp interfacemode This command disables GARP Multicast Registration Protocol on a single interface or all interfaces If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port channel LAG GARP functionality is disabled GARP function...

Page 99: ...unregister request for an attribute before deleting the attribute Current attributes are a VLAN or multicast group This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service There is an instance of this timer on a per Port per GARP participant basis Permissible values are 20 to 600 centiseconds 0 2 to 6 0 second...

Page 100: ...tatistics This command is used to clear all RADIUS statistics Format show mac address table gmrp Mode Privileged EXEC Term Definition Mac Address A unicast MAC address for which the switch has forwarding and or filtering information The format is 6 or 8 two digit hexadecimal numbers that are separated by colons for example 01 23 45 67 89 AB In an IVL system the MAC address is displayed as 8 bytes ...

Page 101: ...es Guest VLAN on the interface dot1x initialize This command begins the initialization sequence on the specified port This command is only valid if the control mode for the specified port is auto or mac based If the control mode is not auto or mac based an error will be returned Format clear radius statistics Mode Privileged EXEC Default disabled Format dot1x guest vlan vlan id Mode Interface Conf...

Page 102: ...APOL EAP Request Identity frame before timing out the supplicant dot1x max users Use this command to set the maximum number of clients supported on the port when MAC based dot1x authentication is enabled on the port The maximum users supported per port is dependent on the product The count value is in the range 1 16 no dot1x max users This command resets the maximum number of clients allowed per p...

Page 103: ...port control mode on the specified port to the default value dot1x port control all This command sets the authentication mode to use on all ports Select force unauthorized to specify that the authenticator PAE unconditionally sets the controlled port to unauthorized Select force authorized to specify that the authenticator PAE unconditionally sets the controlled port to authorized Select auto to s...

Page 104: ... is auto or mac based If the control mode is not auto or mac based an error will be returned dot1x re authentication This command enables re authentication of the supplicant for the specified port no dot1x re authentication This command disables re authentication of the supplicant for the specified port Format no dot1x port control all Mode Global Config Format dot1x re authenticate unit slot port...

Page 105: ...uest vlan period The time in seconds for which the authenticator waits to see if any EAPOL packets are received on a port before authorizing the port and placing the port in the guest vlan if configured The guest vlan timer is only relevant when guest vlan has been configured on that specific port reauth period The value in seconds of the timer used by the authenticator state machine on this port ...

Page 106: ...perational supp timeout The value in seconds of the timer used by the authenticator state machine on this port to timeout the supplicant The supp timeout must be a value in the range 1 65535 server timeout The value in seconds of the timer used by the authenticator state machine on this port to timeout the authentication server The supp timeout must be a value in the range 1 65535 Default guest vl...

Page 107: ...ers with access to the specified port or all ports The user parameter must be a configured user no dot1x user This command removes the user from the list of users with access to the specified port or all ports Default 0 Format dot1x unauthenticated vlan vlan id Mode Interface Config Format no dot1x unauthenticated vlan Mode Interface Config Format dot1x user user unit slot port all Mode Global Con...

Page 108: ...onsole_Default Telnet Network_Default Network_Default SSH Network_Default Network_Default http Local https Local dot1x show dot1x This command is used to show a summary of the global dot1x configuration summary information of the dot1x configuration for a specified port or all ports the detailed dot1x configuration for a specified port and the dot1x statistics for a specified port depending on the...

Page 109: ...mode under which this port is operating Possible values are authorized unauthorized Reauthenticatio n Enabled Indicates whether re authentication is enabled on this port Port Status Indicates whether the port is authorized or unauthorized Possible values are authorized unauthorized Term Definition Port The interface whose configuration is displayed Protocol Version The protocol version associated ...

Page 110: ...mer used by the authenticator on this port to timeout the authentication server The value is expressed in seconds and will be in the range of 1 and 65535 Maximum Requests The maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request Identity before timing out the supplicant The value will be in the range of 1 and 10 VLAN Id The VLAN assigned to the p...

Page 111: ...he time period in seconds is returned by the RADIUS server on authentication of the port This value is valid for the port only when the port control mode is not MAC based Session Termination Action This value indicates the action to be taken once the session timeout expires Possible values are Default Radius Request If the value is Default the session is terminated the port goes into unauthorized ...

Page 112: ...ived EAPOL frame Last EAPOL Frame Source The source MAC address carried in the most recently received EAPOL frame EAP Response Id Frames Received The number of EAP response identity frames that have been received by this authenticator EAP Response Frames Received The number of valid EAP response frames other than resp id frames that have been received by this authenticator EAP Request Id Frames Tr...

Page 113: ...ed The reason the VLAN identified in the VLAN ID field has been assigned to the port Possible values are RADIUS Unauthenticated VLAN or Default When the VLAN Assigned reason is Default it means that the VLAN was assigned to the port because the PVID of the port was that VLAN ID Session Timeout This value indicates the time for which the given session is valid The time period in seconds is returned...

Page 114: ...t per type basis Configuring a storm control level also enables that form of storm control Disabling a storm control level using the no version of the command sets the storm control level back to the default value and disables that form of storm control Using the no version of the storm control command not stating a level disables that form of storm control but maintains the configured level to be...

Page 115: ...if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold the traffic is dropped Therefore the rate of broadcast traffic is limited to the configured threshold no storm control broadcast level This command sets the broadcast storm recovery threshold to the default value for an interface and disables broadcast storm recovery Default enabled Format stor...

Page 116: ...old to the default value for an interface and disables broadcast storm recovery storm control broadcast Global Config This command enables broadcast storm recovery mode for all interfaces If the mode is enabled broadcast storm recovery is active and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold the traffic will be dropped Therefore the rat...

Page 117: ...de for all interfaces no storm control broadcast level This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables broadcast storm recovery storm control broadcast rate Global Config Use this command to configure the broadcast storm recovery threshold for all interfaces in packets per second If the mode is enabled broadcast storm recovery is active...

Page 118: ...overy is active and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold the traffic will be dropped Therefore the rate of multicast traffic will be limited to the configured threshold no storm control multicast This command disables multicast storm recovery mode for an interface Format storm control broadcast rate 0 14880000 Mode Global Config F...

Page 119: ...ue for an interface and disables multicast storm recovery storm control multicast rate Use this command to configure the multicast storm recovery threshold for an interface in packets per second If the mode is enabled multicast storm recovery is active and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold the traffic is dropped Therefore the r...

Page 120: ...or all interfaces storm control multicast level Global Config This command configures the multicast storm recovery threshold for all interfaces as a percentage of link speed and enables multicast storm recovery mode If the mode is enabled multicast storm recovery is active and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold the traffic will ...

Page 121: ...ticast traffic is limited to the configured threshold no storm control broadcast rate This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables broadcast storm recovery storm control unicast This command enables unicast storm recovery mode for an interface If the mode is enabled unicast storm recovery is active and if the rate of unknown L2 unica...

Page 122: ...ingressing on an interface increases beyond the configured threshold the traffic will be dropped Therefore the rate of unknown unicast traffic will be limited to the configured threshold This command also enables unicast storm recovery mode for an interface no storm control unicast level This command sets the unicast storm recovery threshold to the default value for an interface and disables unica...

Page 123: ...lt value for an interface and disables unicast storm recovery storm control unicast Global Config This command enables unicast storm recovery mode for all interfaces If the mode is enabled unicast storm recovery is active and if the rate of unknown L2 unicast destination lookup failure traffic ingressing on an interface increases beyond the configured threshold the traffic will be dropped Therefor...

Page 124: ...st level This command sets the unicast storm recovery threshold to the default value and disables unicast storm recovery for all interfaces storm control unicast rate Global Config Use this command to configure the unicast storm recovery threshold for all interfaces in packets per second If the mode is enabled unicast storm recovery is active and if the rate of L2 broadcast traffic ingressing on a...

Page 125: ...ports no storm control flowcontrol This command disables 802 3x flow control for the switch Format no storm control unicast rate Mode Global Config Note 802 3x flow control works by pausing a port when the port becomes oversubscribed and dropping all traffic for small bursts of time during the congestion condition This can lead to high priority and or network control traffic loss Default disabled ...

Page 126: ... port configuration parameters for all interfaces or specify the unit slot port to display information about a specific interface Port Channel LAG 802 3ad Commands This section describes the commands you use to configure port channels which are also known as link aggregation groups LAGs Link aggregation allows you to combine multiple full duplex Ethernet links into a single logical link Network de...

Page 127: ...e its member ports port channel This command configures a new port channel LAG and generates a logical unit slot port number for the port channel The name field is a character string which allows the dash character as well as alphanumeric characters Use the show port channel command to display the unit slot port number for the logical interface no port channel This command deletes a port channel L...

Page 128: ...igured port channel deleteport Global Config This command deletes all configured ports from the port channel LAG The interface is a logical unit slot port number of a configured port channel To clear the port channels see clear port channel on page 9 28 Note Before adding a port to a port channel set the physical mode of the port For more information see speed on page 3 7 Format addport logical un...

Page 129: ...trative value of the key for the port channel lacp collector max delay Use this command to configure the port channel collector max delay The valid range of delay is 0 65535 Default 0x8000 Format lacp admin key key Mode Interface Config Note This command is only applicable to port channel interfaces Format no lacp admin key Mode Interface Config Default 0x8000 Format lacp collector max delay delay...

Page 130: ...is command to configure the administrative value of the LACP actor admin key The valid range for key is 0 65535 no lacp actor admin key Use this command to configure the default administrative value of the key Format no lacp collector max delay Mode Interface Config Default Internal Interface Number of this Physical Port Format lacp actor admin key key Mode Interface Config Note This command is on...

Page 131: ...P actor admin state to aggregation lacp actor admin state longtimeout Use this command to set LACP actor admin state to longtimeout Format lacp actor admin state individual Mode Interface Config Note This command is only applicable to physical interfaces Format no lacp actor admin state individual Mode Interface Config Format lacp actor admin state longtimeout Mode Interface Config Note This comma...

Page 132: ...the LACP actor admin state to passive no lacp actor admin state passive Use this command to set the LACP actor admin state to active Format no lacp actor admin state longtimeout Mode Interface Config Note This command is only applicable to physical interfaces Format lacp actor admin state passive Mode Interface Config Note This command is only applicable to physical interfaces Format no lacp actor...

Page 133: ...igned to the Aggregation Port lacp actor system priority Use this command to configure the priority value associated with the LACP Actor s SystemID The range for priority is 0 to 65535 Default 0x80 Format lacp actor port priority priority Mode Interface Config Note This command is only applicable to physical interfaces Format no lacp actor port priority Mode Interface Config Default 32768 Format l...

Page 134: ...s 0 to 65535 no lacp partner admin key Use this command to configure the administrative value of the Key for the protocol partner lacp partner admin state individual Use this command to set LACP partner admin state to individual Format no lacp actor system priority Mode Interface Config Default 0x0 Format lacp partner admin key Mode Interface Config Note This command is only applicable to physical...

Page 135: ... lacp partner admin state longtimeout Use this command to set the LACP partner admin state to short timeout Note This command is only applicable to physical interfaces Format no lacp partner admin state individual Mode Interface Config Format lacp partner admin state longtimeout Mode Interface Config Note This command is only applicable to physical interfaces Format no lacp partner admin state lon...

Page 136: ...admin state to active lacp partner port id Use this command to configure the LACP partner port id The valid range for port id is 0 to 65535 Format lacp partner admin state passive Mode Interface Config Note This command is only applicable to physical interfaces Format no lacp partner admin state passive Mode Interface Config Default 0x80 Format lacp partner portid port id Mode Interface Config Not...

Page 137: ...ure the LACP partner port priority The valid range for priority is 0 to 255 no lacp partner port priority Use this command to configure the default LACP partner port priority Format no lacp partner portid Mode Interface Config Default 0x0 Format lacp partner port priority priority Mode Interface Config Note This command is only applicable to physical interfaces Format no lacp partner port priority...

Page 138: ...re the default value representing the administrative value of the Aggregation Port s protocol Partner s System ID lacp partner system priority Use this command to configure the administrative value of the priority associated with the Partner s System ID The valid range for priority is 0 to 255 Default 00 00 00 00 00 00 Format lacp partner system id system id Mode Interface Config Note This command...

Page 139: ...r of allowable dynamic port channels are already present in the system the static mode for a new port channel enabled which means the port channel is static You can only use this command on port channel interfaces no port channel static This command sets the static mode on a particular port channel LAG interface to the default value This command will be executed only for interfaces of type port ch...

Page 140: ...otocol LACP on a port port lacpmode enable all This command enables Link Aggregation Control Protocol LACP on all ports no port lacpmode enable all This command disables Link Aggregation Control Protocol LACP on all ports Default enabled Format port lacpmode Mode Interface Config Format no port lacpmode Mode Interface Config Format port lacpmode enable all Mode Global Config Format no port lacpmod...

Page 141: ...rt lacptimeout Global Config This command sets the timeout for all interfaces of a particular device type actor or partner to either long or short timeout no port lacptimeout This command sets the timeout for all physical interfaces of a particular device type actor or partner back to their default values Default long Format port lacptimeout actor partner long short Mode Interface Config Format no...

Page 142: ...The interface is a logical unit slot port for a configured port channel The option all enables link trap notifications for all the configured port channels no port channel linktrap This command disables link trap notifications for the port channel LAG The interface is a logical slot and port for a configured port channel The option all disables link trap notifications for all the configured port c...

Page 143: ...t 6 Source Destination IP and source destination TCP UDP port no hashing mode This command sets the hashing algorithm on Trunk ports to default 3 The command is available in the interface configuration mode for a port channel port channel load balance This command selects the load balancing option used on a port channel LAG Traffic is balanced on a port channel LAG by selecting one of the links in...

Page 144: ...Source Destination MAC VLAN EtherType and incoming port associated with the packet 4 Source IP and Source TCP UDP fields of the packet 5 Destination IP and Destination TCP UDP Port fields of the packet 6 Source Destination IP and source destination TCP UDP Port fields of the packet unit slot port all Global Config Mode only The interface is a logical unit slot port number of a configured port chan...

Page 145: ...is 0 65535 no port channel system priority Use this command to configure the default port channel system priority value show lacp actor Use this command to display LACP actor attributes The following output parameters are displayed Format port channel name logical unit slot port all name Mode Global Config Default 0x8000 Format port channel system priority priority Mode Global Config Format no por...

Page 146: ... state as transmitted by the Actor in LACPDUs Format show lacp actor unit slot port all Mode Privileged EXEC Parameter Description System Priority The administrative value of priority associated with the Partner s System ID System ID The value representing the administrative value of the Aggregation Port s protocol Partner s System ID Admin Key The administrative value of the Key for the protocol ...

Page 147: ... up or down Trap Flag Shows whether trap flags are enabled or disabled Type Shows whether the port channel is statically or dynamically maintained Mbr Ports The members of this port channel Active Ports The ports that are actively participating in the port channel Format show port channel Mode Privileged EXEC User EXEC Term Definition Static Capability This field displays whether or not the device...

Page 148: ...bled or disabled The factory default is enabled Type The status designating whether a particular port channel LAG is statically or dynamically maintained Static The port channel is statically maintained Dynamic The port channel is dynamically maintained Mbr Ports A listing of the ports that are members of this port channel LAG in unit slot port notation There can be a maximum of eight ports assign...

Page 149: ... the administrative mode of the session If enabled the probe port monitors all the traffic received and transmitted on the physical monitored port no monitor session Use this command without optional parameters to remove the monitor session port monitoring designation from the source probe port the destination monitored port and all VLANs Once the port is removed from the VLAN you must manually ad...

Page 150: ...terface unit slot port destination interface unit slot port mode Mode Global Config Note This is a stand alone no command This command does not have a normal form Default enabled Format no monitor Mode Global Config Note The session id parameter is an integer value used to identify the session In the current version of the software the session id parameter is always one 1 Format show monitor sessi...

Page 151: ...icast MAC address filters and multicast MAC address filters with source port lists the maximum number of static MAC filters supported is 20 For multicast MAC address filters with destination ports configured the maximum number of static filters supported is 256 i e For current platforms you can configure the following combinations Unicast MAC and source port max 20 Multicast MAC and source port ma...

Page 152: ...lanid parameter must identify a valid VLAN macfilter adddest Use this command to add the interface to the destination filter set for the MAC filter with the given macaddr and VLAN of vlanid The macaddr parameter must be specified as a 6 byte hexadecimal number in the format of b1 b2 b3 b4 b5 b6 The vlanid parameter must identify a valid VLAN Format macfilter macaddr vlanid Mode Global Config Forma...

Page 153: ...acaddr parameter must be specified as a 6 byte hexadecimal number in the format of b1 b2 b3 b4 b5 b6 The vlanid parameter must identify a valid VLAN no macfilter adddest all This command removes all ports from the destination filter set for the MAC filter with the given macaddr and VLAN of vlanid The macaddr parameter must be specified as a 6 byte hexadecimal number in the format of b1 b2 b3 b4 b5...

Page 154: ...of b1 b2 b3 b4 b5 b6 The vlanid parameter must identify a valid VLAN macfilter addsrc all This command adds all interfaces to the source filter set for the MAC filter with the MAC address of macaddr and vlanid You must specify the macaddr parameter as a 6 byte hexadecimal number in the format of b1 b2 b3 b4 b5 b6 The vlanid parameter must identify a valid VLAN no macfilter addsrc all This command ...

Page 155: ...tion only for that MAC address and VLAN show mac address table staticfiltering This command displays the Static Filtering entries in the Multicast Forwarding Database MFDB table Format no macfilter addsrc all macaddr vlanid Mode Global Config Format show mac address table static macaddr vlanid all Mode Privileged EXEC Term Definition MAC Address The MAC Address of the static MAC filter entry VLAN ...

Page 156: ...g and or filtering information As the data is gleaned from the MFDB the address will be a multicast address The format is 6 or 8 two digit hexadecimal numbers that are separated by colons for example 01 23 45 67 89 AB In an IVL system the MAC address will be displayed as 8 bytes Type The type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the...

Page 157: ...address Use this command to disable verification of the source MAC address with the client hardware address ip dhcp snooping database Use this command to configure the persistent location of the DHCP Snooping database This can be local or a remote file on a given IP machine Default disabled Format ip dhcp snooping vlan vlan list Mode Global Config Format no ip dhcp snooping vlan vlan list Mode Glo...

Page 158: ...lt value ip dhcp snooping binding Use this command to configure static DHCP Snooping binding no ip dhcp snooping binding mac address Use this command to remove the DHCP static entry from the DHCP Snooping database Default local Format ip dhcp snooping database local tftp hostIP filename Mode Global Config Default 300 seconds Format ip dhcp snooping database write delay in seconds Mode Global Confi...

Page 159: ...default burst level is 1 second with a range of 1 to 15 seconds no ip dhcp snooping limit Use this command to set the rate at which the DHCP Snooping messages come and the burst level to the defaults Format no ip dhcp snooping binding mac address Mode Global Config Format ip verify binding mac address vlan vlan id ip address interface interface id Mode Global Config Format no ip verify binding mac...

Page 160: ...gging DHCP messages filtration by the DHCP Snooping application ip dhcp snooping trust Use this command to configure the port as trusted no ip dhcp snooping trust Use this command to configure the port as untrusted Format no ip dhcp snooping limit Mode Interface Config Default disabled Format ip dhcp snooping log invalid Mode Interface Config Format no ip dhcp snooping log invalid Mode Interface C...

Page 161: ...ill be filtered based on the IP and MAC addresses no ip verify source Use this command to disable the IPSG configuration in the hardware You cannot disable port security alone if it is configured show ip dhcp snooping Use this command to display the DHCP Snooping global configurations and per port configurations Format no ip dhcp snooping trust Mode Interface Config Default the source ID is the IP...

Page 162: ... Snooping binding entries To restrict the output use the following options Dynamic Restrict the output based on DCHP snooping Interface Restrict the output based on a specific interface Static Restrict the output based on static entries VLAN Restrict the output based on VLAN Term Definition Interface The interface for which data is displayed Trusted If it is enabled DHCP snooping considers the por...

Page 163: ...ample CLI display output for the command switch show ip dhcp snooping database Term Definition MAC Address Displays the MAC address for the binding that was added The MAC address is the key to the binding database IP Address Displays the valid IP address for the binding rule VLAN The VLAN for the binding rule Interface The interface to add a binding into the DHCP snooping interface Type Binding ty...

Page 164: ... 4 0 0 0 1 0 5 0 0 0 1 0 6 0 0 0 1 0 7 0 0 0 1 0 8 0 0 0 1 0 9 0 0 0 1 0 10 0 0 0 1 0 11 0 0 0 1 0 12 0 0 0 1 0 13 0 0 0 Format show ip dhcp snooping statistics Mode Privileged EXEC User EXEC Term Definition Interface The IP address of the interface in unit slot port format MAC Verify Failures Represents the number of DHCP messages that were filtered on an untrusted interface because of source MAC...

Page 165: ...cific interface clear ip dhcp snooping statistics Use this command to clear all DHCP Snooping statistics show ip verify source Use this command to display the IPSG configurations on all ports Format clear ip dhcp snooping binding interface unit slot port Mode Privileged EXEC User EXEC Format clear ip dhcp snooping statistics Mode Privileged EXEC User EXEC Format show ip verify source Mode Privileg...

Page 166: ...on this interface IP Address IP address of the interface MAC Address If MAC address filtering is not configured on the interface the MAC Address field is empty If port security is disabled on the interface then the MAC Address field displays permit all VLAN The VLAN for the binding rule Format show ip source binding static dynamic interface unit slot port vlan id Mode Privileged EXEC User EXEC Ter...

Page 167: ... caches of its unsuspecting neighbors The miscreant sends ARP requests or responses mapping another station s IP address to its own MAC address DAI relies on DHCP snooping DHCP snooping listens to DHCP message exchanges and builds a binding database of valid MAC address IP address VLAN and interface tuples When DAI is enabled the switch drops ARP packets whose sender MAC address and sender IP addr...

Page 168: ...only the src mac and dst mac validations are disabled as a result of the second command no ip arp inspection validate Use this command to disable the additional validation checks on the received ARP packets ip arp inspection vlan logging Use this command to enable logging of invalid ARP packets on a list of comma separated VLAN ranges Format no ip arp inspection vlan vlan list Mode Global Config D...

Page 169: ...usted for Dynamic ARP Inspection ip arp inspection limit Use this command to configure the rate limit and burst interval values for an interface Configuring none for the limit means the interface is not rate limited for Dynamic ARP Inspections Format no ip arp inspection vlan vlan list logging Mode Global Config Default enabled Format ip arp inspection trust Mode Interface Config Format no ip arp ...

Page 170: ...match a permit statement are dropped without consulting the DHCP snooping bindings no ip arp inspection filter Use this command to unconfigure the ARP ACL used to filter invalid ARP packets on a list of comma separated VLAN ranges Default 15 pps for rate and 1 second for burst interval Format ip arp inspection limit rate pps burst interval seconds none Mode Interface Config Format no ip arp inspec...

Page 171: ...re a rule for a valid IP address and MAC address combination used in ARP packet validation no permit ip host mac host Use this command to delete a rule for a valid IP and MAC combination Format arp access list acl name Mode Global Config Format no arp access list acl name Mode Global Config Format permit ip host sender ip mac host sender mac Mode ARP Access list Config Format no permit ip host sen...

Page 172: ...ation Mac Validation Disabled IP Address Validation Disabled Vlan Configuration Log Invalid ACL Name Static flag 10 Enabled Enabled H2 Enabled 11 Disabled Enabled 12 Enabled Disabled Format show ip arp inspection vlan vlan list Mode Privileged EXEC User EXEC Term Definition Source MAC Validation Displays whether Source MAC Validation of ARP frame is enabled or disabled Destination MAC Validation D...

Page 173: ... the command show ip arp inspection statistics vlan vlan list VLAN DHCP ACL DHCP ACL Bad Src Bad Dest Invalid Drops Drops Permits Permits MAC MAC IP Format show ip arp inspection statistics vlan vlan list Mode Privileged EXEC User EXEC Term Definition VLAN The VLAN ID for each displayed row Forwarded The total number of valid ARP packets forwarded in this VLAN Dropped The total number of not valid...

Page 174: ... argument the command displays the values for that interface whether the interface is enabled for DAI or not Example The following shows example CLI display output for the command Switch show ip arp inspection interfaces Interface Trust State Rate Limit Burst Interval pps seconds 0 1 Untrusted 15 1 Default none Format clear ip arp inspection statistics Mode Privileged EXEC Format show ip arp inspe...

Page 175: ...2 mac host 00 03 04 05 06 08 IGMP Snooping Configuration Commands This section describes the commands you use to configure IGMP snooping The software supports IGMP Versions 1 2 and 3 The IGMP snooping feature can help conserve bandwidth because it allows the switch to forward IP multicast traffic only to connected hosts that request multicast traffic IGMPv3 adds source filtering capabilities to IG...

Page 176: ...IGMP application supports the following activities Validation of the IP header checksum as well as the IGMP header checksum and discarding of the frame upon checksum error Maintenance of the forwarding table entries based on the MAC address versus the IP address Flooding of unregistered multicast data packets to all ports in the VLAN no set igmp This command disables IGMP Snooping on the system an...

Page 177: ...cted interface or VLAN Enabling fast leave allows the switch to immediately remove the layer 2 LAN interface from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending out MAC based general queries to the interface You should enable fast leave admin mode only on VLANs where only one host is connected to each layer 2 LAN port This prevents th...

Page 178: ...ng the interface from the entry This value must be greater than the IGMPv3 Maximum Response time value The range is 2 to 3600 seconds no set igmp groupmembership interval This command sets the IGMPv3 Group Membership Interval time to the default value Format no set igmp fast leave Mode Interface Config Format no set igmp fast leave vlan_id Mode VLAN Config Default 260 seconds Format set igmp group...

Page 179: ... the interface or VLAN to the default value set igmp mcrtrexpiretime This command sets the Multicast Router Present Expiration time The time is set for the system on a particular interface or VLAN This is the amount of time in seconds that a switch waits for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached The range ...

Page 180: ... the multicast router mode enabled no set igmp mrouter This command disables multicast router mode for a particular VLAN ID vlan_id Format set igmp mcrtrexpiretime 0 3600 Mode Global Config Interface Config Format set igmp mcrtrexpiretime vlan_id 0 3600 Mode VLAN Config Format no set igmp mcrtrexpiretime Mode Global Config Interface Config Format no set igmp mcrtrexpiretime vlan_id Mode VLAN Confi...

Page 181: ...he filtering of unknown multicast packets to the VLAN Packets with an unknown mulicast address in the destination field will be dropped This command is mainly used when IGMP snooping is enabled to prevent flooding of unwanted multicast packets to every port no ip igmpsnooping unknown multicast This command disables the filtering of unknown multicast packets Unknown multicast packets will be floode...

Page 182: ...IGMP Snooping is enabled VLANS Enabled for IGMP Snooping The list of VLANS on which IGMP Snooping is enabled Term Definition IGMP Snooping Admin Mode Indicates whether IGMP Snooping is active on the interface Fast Leave Mode Indicates whether IGMP Snooping Fast leave is active on the interface Group Membership Interval The amount of time in seconds that a switch will wait for a report from a parti...

Page 183: ...ating in the VLAN before deleting the interface from the entry This value may be configured Maximum Response Time The amount of time the switch waits after it sends a query on an interface participating in the VLAN because it did not receive a report for a particular group on that interface This value may be configured Multicast Router Expiry Time The amount of time to wait before removing an inte...

Page 184: ...Format show igmpsnooping mrouter vlan unit slot port Mode Privileged EXEC Term Definition Interface The port on which multicast router information is being displayed VLAN ID The list of VLANs of which the interface is a member Format show mac address table igmpsnooping Mode Privileged EXEC Term Definition MAC Address A multicast MAC address for which the switch has forwarding or filtering informat...

Page 185: ... IGMP Snooping is operationally disabled on it IGMP Snooping Querier functionality is disabled on that VLAN IGMP Snooping functionality is re enabled if IGMP Snooping is operational on the VLAN The IGMP Snooping Querier application supports sending periodic general queries on the VLAN to solicit membership reports no set igmp querier Use this command to disable IGMP Snooping Querier on the system ...

Page 186: ...piry Use this command to set the IGMP Querier timer expiration period It is the time period that the switch remains in Non Querier mode once it has discovered that there is a Multicast Querier in the network no set igmp querier timer expiry Use this command to set the IGMP Querier timer expiration period to its default value Default disabled Format set igmp querier query interval 1 18000 Mode Glob...

Page 187: ... if the Snooping Querier finds that the other Querier s source address is better less than the Snooping Querier s address it stops sending periodic queries If the Snooping Querier wins the election then it will continue sending periodic queries no set igmp querier election participate Use this command to set the Snooping Querier not to participate in querier election but go into non querier mode a...

Page 188: ...ount of time to wait in the Non Querier operational state before moving to a Querier state Field Description VLAN Admin Mode Indicates whether iGMP Snooping Querier is active on the VLAN VLAN Operational State Indicates whether IGMP Snooping Querier is in Querier or Non Querier state When the switch is in Querier state it will send out periodic general queries When in Non Querier state it will wai...

Page 189: ... Config Mode or an Interface Interface Config Mode This command also enables MLD Snooping on a particular VLAN and enables MLD Snooping on all interfaces participating in a VLAN If an interface has MLD Snooping enabled and you enable this interface for routing or enlist it as a member of a port channel LAG MLD Snooping functionality is disabled on that interface MLD Snooping functionality is re en...

Page 190: ... as a member of a port channel LAG MLD Snooping functionality is disabled on that interface MLD Snooping functionality is re enabled if you disable routing or remove port channel LAG membership from an interface that has MLD Snooping enabled Default disabled Format set mld Mode Global Config Interface Config Default disabled Format set mld vlanid Mode VLAN Mode Format no set mld Mode Global Config...

Page 191: ... multicast group without first sending out MAC based general queries to the interface Format no set mld interfacemode Mode Global Config Note You should enable fast leave admin mode only on VLANs where only one host is connected to each Layer 2 LAN port This prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN port but were still interested in receiving ...

Page 192: ...n a particular interface before deleting the interface from the entry This value must be greater than the MLDv2 Maximum Response time value The range is 2 to 3600 seconds no set groupmembership interval Use this command to set the MLDv2 Group Membership Interval time to the default value Format no set mld fast leave vlanid Mode VLAN Mode Format no set mld fast leave vlanid Mode Interface Config De...

Page 193: ...p in that interface This value must be less than the MLD Query Interval time value The range is 1 to 65 seconds no set mld maxresponse Use this command to set the max response time on the interface or VLAN to the default value Format no set mld groupmembership interval Mode Interface Config Global Config Default 10 seconds Format set mld maxresponse 1 65 Mode Global Config Interface Config Default...

Page 194: ...f 0 indicates an infinite timeout i e no expiration no set mld mcrtexpiretime Use this command to set the Multicast Router Present Expiration time to 0 The time is set for the system on a particular interface or a VLAN set mld mrouter Use this command to configure the VLAN ID for the VLAN that has the multicast router attached mode enabled Default 0 Format set mld mcrtexpiretime 0 3600 Mode Global...

Page 195: ...icast router attached interface in all VLANs no set mld mrouter interface Use this command to disable the status of the interface as a statically configured multicast router attached interface show mldsnooping Use this command to display MLD Snooping information Configured information is displayed whether or not MLD Snooping is enabled Format no set mld mrouter vlanid Mode Interface Config Default...

Page 196: ... active on the interface Fast Leave Mode Indicates whether MLD Snooping Fast Leave is active on the VLAN Group Membership Interval Shows the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface which is participating in the VLAN before deleting the interface from the entry This value may be configured Max Response Time Displays the amount...

Page 197: ...abase MFDB table Format show mldsnooping mrouter unit slot port Mode Privileged EXEC Term Definition Interface Shows the interface on which multicast router information is being displayed Multicast Router Attached Indicates whether multicast router is statically enabled on the interface VLAN ID Displays the list of VLANs of which the interface is a member Format show mldsnooping mrouter vlan unit ...

Page 198: ... you can specify the IP address that the snooping querier switch should use as a source address while generating periodic queries If a VLAN has MLD Snooping Querier enabled and MLD Snooping is operationally disabled on it MLD Snooping Querier functionality is disabled on that VLAN MLD Snooping functionality is re enabled if MLD Snooping is operational on the VLAN The MLD Snooping Querier sends per...

Page 199: ... waits before sending another general query no set mld querier query_interval Use this command to set the MLD Querier Query Interval time to its default value Format set mld querier address ipv6_address Mode Global Config Default disabled Format set mld querier vlan id address ipv6_address Mode VLAN Mode Format no set mld querier address Mode Global Config Format no set mld querier vlan id address...

Page 200: ...covers the presence of another Querier in the VLAN When this mode is enabled if the Snooping Querier finds that the other Querier s source address is better less than the Snooping Querier s address it stops sending periodic queries If the Snooping Querier wins the election then it will continue sending periodic queries no set mld querier election participate Use this command to set the snooping qu...

Page 201: ...rsion of MLD that will be used while sending out the queries This is defaulted to MLD v1 and it cannot be changed Querier Address Shows the IP address which will be used in the IPv6 header while sending out MLD queries It can be configured using the appropriate command Query Interval Shows the amount of time in seconds that a Snooping Querier waits before sending out the periodic general query Que...

Page 202: ...d dynamically from the Queries received from the network If the Snooping Switch is in Querier state then it is equal to the configured value QuerierElection Participate Indicates whether the MLD Snooping Querier participates in querier election if it discovers the presence of a querier in the VLAN Querier VLAN Address The IP address will be used in the IPv6 header while sending out MLD queries on ...

Page 203: ...ic This command sets the maximum number of dynamically locked MAC addresses allowed on a specific port no port security max dynamic This command resets the maximum number of dynamically locked MAC addresses allowed on a specific port to its default value Default disabled Format port security Mode Global Config Interface Config Format no port security Mode Global Config Interface Config Default 600...

Page 204: ...ort security mac address This command adds a MAC address to the list of statically locked MAC addresses The vid is the VLAN ID no port security mac address This command removes a MAC address from the list of statically locked MAC addresses Default 20 Format port security max static maxvalue Mode Interface Config Format no port security max static Mode Interface Config Format port security mac addr...

Page 205: ... specify the following information appears show port security dynamic This command displays the dynamically locked MAC addresses for the port Format port security mac address move Mode Interface Config Format show port security unit slot port all Mode Privileged EXEC Term Definition Admin Mode Port Locking mode for the entire system This field displays if you do not supply any parameters Term Defi...

Page 206: ...tocol LLDP which is defined in the IEEE 802 1AB specification LLDP allows stations on an 802 LAN to advertise major capabilities and physical descriptions The advertisements allow a network management system NMS to access and display this information Term Definition MAC Address MAC Address of dynamically locked MAC Format show port security static unit slot port Mode Privileged EXEC Term Definitio...

Page 207: ...his command to return the reception of LLDPDUs to the default value lldp timers Use this command to set the timing parameters for local data transmission on ports enabled for LLDP The interval seconds determines the number of seconds to wait between transmitting local data LLDPDUs The range is 1 32768 seconds The hold value is the Default enabled Format lldp transmit Mode Interface Config Format n...

Page 208: ...1AB basic management set are transmitted in the LLDPDUs Use sys name to transmit the system name TLV To configure the system name see snmp server on page 10 41 Use sys descto transmit the system description TLV Use sys cap to transmit the system capabilities TLV Use port desc to transmit the port description TLV To configure the port description see See description on page 5 Default interval 30 se...

Page 209: ...n in the LLDPDUs no lldp transmit mgmt Use this command to include transmission of the local system management address information in the LLDPDUs Use this command to cancel inclusion of the management information in LLDPDUs lldp notification Use this command to enable remote data change notifications Format no lldp transmit tlv sys desc sys name sys cap port desc Mode Interface Config Format lldp ...

Page 210: ...between sending notifications The valid interval range is 5 3600 seconds no lldp notification interval Use this command to return the notification interval to the default value clear lldp statistics Use this command to reset all LLDP statistics including MED related information Default disabled Format no lldp notification Mode Interface Config Default 5 Format lldp notification interval interval M...

Page 211: ...Format clear lldp remote data Mode Global Config Format show lldp Mode Privileged Exec Term Definition Transmit Interval How frequently the system transmits local data LLDPDUs in seconds Transmit Hold Multiplier The multiplier on the transmit interval that sets the TTL in local data LLDPDUs Re initialization Delay The delay before re initialization in seconds Notification Interval How frequently t...

Page 212: ...gement address information in the LLDPDUs Format show lldp statistics unit slot port all Mode Privileged Exec Term Definition Last Update The amount of time since the last update to the remote table in days hours minutes and seconds Total Inserts Total number of inserts to the remote data table Total Deletes Total number of deletes from the remote data table Total Drops Total number of times the c...

Page 213: ...TLV Unknowns Total number of LLDP TLVs received on the port where the type value is in the reserved range and not recognized TLV MED Total number of LLDP MED TLVs received on the local ports TVL802 1 Total number of 802 1 LLDP TLVs received on the local ports TVL802 3 Total number of 802 3 LLDP TLVs received on the local ports Format show lldp remote device unit slot port all Mode Privileged EXEC ...

Page 214: ...00 FC E3 90 04 11 0 8 0 9 0 10 0 11 0 12 More or q uit show lldp remote device detail Use this command to display detailed information about remote devices that transmit current LLDP data to an interface on the system Format show lldp remote device detail unit slot port Mode Privileged EXEC Term Definition Local Interface The interface that received the LLDPDU from the remote device Remote Identif...

Page 215: ...device System Description Describes the remote system by identifying the system name and versions of hardware operating system and networking software supported in the device Port Description Describes the port in an alpha numeric format The port description is configurable System Capabilities Supported Indicates the primary function s of the device System Capabilities Enabled Shows which of the s...

Page 216: ... Port Description The port description associated with the interface Format show lldp local device detail unit slot port Mode Privileged EXEC Term Definition Interface The interface that sends the LLDPDU Chassis ID Subtype The type of identification used in the Chassis ID field Chassis ID The chassis of the local device Port ID Subtype The type of port on the local device Port ID The port number t...

Page 217: ...PoE management and inventory management lldp med Use this command to enable MED By enabling MED you will be effectively enabling the transmit and receive function of LLDP no lldp med Use this command to disable MED System Capabilities Enabled Shows which of the supported system capabilities are enabled Management Address The type of address and the specific address the local LLDP agent uses to sen...

Page 218: ...Protocol Data Units LLDPDUs Default enabled Format lldp med confignotification Mode Interface Config Format no lldp med confignotification Mode Interface Config Default By default the capabilities and network policy TLVs are included Format lldp med transmit tlv capabilities ex pd ex pse inventory location network policy Mode Interface Config Term Definition capabilities Transmit the LLDP capabili...

Page 219: ...is command to configure all the ports to send the topology change notification no lldp med confignotification all Use this command to disable all the ports to send the topology change notification Format no lldp med transmit tlv capabilities network policy ex pse ex pd location inventory Mode Interface Config Format lldp med all Mode Global Config Format no lldp med all Mode Global Config Format l...

Page 220: ...ED set will be transmitted in the Link Layer Discovery Protocol Data Units LLDPDUs Default 3 Format lldp med faststartrepeatcount count Mode Global Config Format no lldp med faststartrepeatcount Mode Global Config Default By default the capabilities and network policy TLVs are included Format lldp med transmit tlv all capabilities ex pd ex pse inventory location network policy Mode Global Config T...

Page 221: ...mit tlv all capabilities network policy ex pse ex pd location inventory Mode Global Config Format show lldp med Mode Privileged Exec Term Definition Fast Start Repeat Count The number of LLDP PDUs that will be transmitted when the protocl is enabled Device Class The local device s MED Classification There are four different kinds of devices three of them represent the actual end points classified ...

Page 222: ...Disabled Disabled Disabled 0 1 1 0 8 Down Disabled Disabled Disabled 0 1 1 0 9 Down Disabled Disabled Disabled 0 1 1 0 10 Down Disabled Disabled Disabled 0 1 1 0 11 Down Disabled Disabled Disabled 0 1 1 0 12 Down Disabled Disabled Disabled 0 1 1 0 13 Down Disabled Disabled Disabled 0 1 1 0 14 Down Disabled Disabled Disabled 0 1 Format show lldp med interface unit slot port all Mode Privileged Exec...

Page 223: ... EXEC Term Definition Media Application Type Shows the application type Types are unknown voice voicesignaling guestvoice guestvoicesignaling sfotphonevoice videoconferencing streamingvideo videosignaling Vlan ID Shows the VLAN id associated with a particular policy type Priority Shows the priority associated with a particular policy type DSCP Shows the DSCP associated with a particular policy typ...

Page 224: ... ID 10 Priority 5 DSCP 1 Unknown False Tagged True Media Policy Application Type streamingvideo Vlan ID 20 Priority 1 DSCP 2 Unknown False Tagged True Inventory Hardware Rev xxx xxx xxx Firmware Rev xxx xxx xxx Software Rev xxx xxx xxx Serial Num xxx xxx xxx Mfg Name xxx xxx xxx Model Name xxx xxx xxx Asset ID xxx xxx xxx Location Subtype elin Info xxx xxx xxx Extended POE Device Type pseDevice Ex...

Page 225: ...terface Remote ID Device Class 1 0 8 1 Class I 1 0 9 2 Not Defined 1 0 10 3 Class II 1 0 11 4 Class III 1 0 12 5 Network Con Format show lldp med remote device unit slot port all Mode Privileged EXEC Term Definition Interface The interface in a unit slot port format Device Class The Remote device s MED Classification There are four different kinds of devices three of them represent the actual end ...

Page 226: ...he application type Types of applications are unknown voice voicesignaling guestvoice guestvoicesignaling sfotphonevoice videoconferencing streamingvideo videosignaling VLAN Id Shows the VLAN id associated with a particular policy type Priority Shows the priority associated with a particular policy type DSCP Shows the DSCP associated with a particular policy type Unknown Indicates if the policy ty...

Page 227: ...n False Tagged True Media Policy Application Type streamingvideo Vlan ID 20 Priority 1 DSCP 2 Unknown False Tagged True Inventory Hardware Rev xxx xxx xxx Firmware Rev xxx xxx xxx Sub Type Shows the type of location information Location Information Shows the location information as a string for a given type of location id Device Type Shows the remote device s PoE device type connected to this port...

Page 228: ...ands you use to configure Denial of Service DoS Control The software provides support for classifying and blocking specific types of Denial of Service attacks You can configure your system to monitor and block these types of attacks SIP DIP Source IP address Destination IP address First Fragment TCP Header size smaller then configured value TCP Fragment IP Fragment Offset 1 TCP Flag TCP Flag SYN s...

Page 229: ...IP Denial of Service protection If the mode is enabled Denial of Service prevention is active for this type of attack If packets ingress with SIP DIP the packets will be dropped if the mode is enabled no dos control sipdip This command disables Source IP address Destination IP address SIP DIP Denial of Service prevention Default disabled Format dos control all Mode Global Config Format no dos cont...

Page 230: ...o dos control firstfrag This command sets Minimum TCP Header Size Denial of Service protection to the default value of disabled dos control tcpfrag This command enables TCP Fragment Denial of Service protection If the mode is enabled Denial of Service prevention is active for this type of attack If packets ingress having IP Fragment Offset equal to one 1 the packets will be dropped if the mode is ...

Page 231: ...lag This command sets disables TCP Flag Denial of Service protections dos control l4port This command enables L4 Port Denial of Service protections If the mode is enabled Denial of Service prevention is active for this type of attack If packets ingress having Source TCP UDP Port Number equal to Destination TCP UDP Port Number the packets will be dropped if the mode is enabled Default disabled Form...

Page 232: ...bled no dos control icmp This command disables Maximum ICMP Packet Size Denial of Service protections dos control smacdmac This command enables Source MAC address Destination MAC address SMAC DMAC Denial of Service protection If the mode is enabled Denial of Service prevention is active for this type of attack If packets ingress with SMAC DMAC the packets will be dropped if the mode is enabled Thi...

Page 233: ... command is only available on FSM72xxRS switches no dos control tcpport This command disables TCP L4 source destination port number Source TCP Port Destination TCP Port Denial of Service protection This command is only available on FSM72xxRS switches dos control udpport This command enables UDP L4 source destination port number Source UDP Port Destination UDP Port Denial of Service protection If t...

Page 234: ...and a source port less than 1024 or having TCP Control Flags set to 0 and TCP Sequence Number set to 0 or having TCP Flags FIN URG and PSH set and TCP Sequence Number set to 0 or having TCP Flags SYN and FIN both set the packets will be dropped if the mode is enabled This command is only available on FSM72xxRS switches no dos control tcpflagseq This command sets disables TCP Flag and Sequence Deni...

Page 235: ...e on FSM72xxRS switches dos control tcpsyn This command enables TCP SYN and L4 source 0 1023 Denial of Service protection If the mode is enabled Denial of Service prevention is active for this type of attack If packets ingress having TCP flag SYN set and an L4 source port from 0 to 1023 the packets will be dropped if the mode is enabled This command is only available on FSM72xxRS switches no dos c...

Page 236: ... SYN FIN Denial of Service protection This command is only available on FSM72xxRS switches dos control tcpfinurgpsh This command enables TCP FIN and URG and PSH and SEQ 0 checking Denial of Service protections If the mode is enabled Denial of Service prevention is active for this type of attack If packets ingress having TCP FIN URG and PSH all set and TCP Sequence Number set to 0 the packets will ...

Page 237: ...prevention is active for this type of attack If ICMPv4 Echo Request PING packets ingress having a size greater than the configured value the packets will be dropped if the mode is enabled This command is only available on FSM72xxRS switches no dos control icmpv4 This command disables Maximum ICMP Packet Size Denial of Service protections This command is only available on FSM72xxRS switches Format ...

Page 238: ...ial of Service protections This command is only available on FSM72xxRS switches dos control icmpfrag This command enables ICMP Fragment Denial of Service protection If the mode is enabled Denial of Service prevention is active for this type of attack If packets ingress having fragmented ICMP packets the packets will be dropped if the mode is enabled This command is only available on FSM72xxRS swit...

Page 239: ...nabled or disabled The factory default is disabled Max ICMPv4 Pkt Size The range is 0 1023 The factory default is 512 Max ICMPv6 Pkt Size The range is 0 16384 The factory default is 512 ICMP Fragment Mode May be enabled or disabled The factory default is disabled L4 Port Mode May be enabled or disabled The factory default is disabled TCP Port Mode May be enabled or disabled The factory default is ...

Page 240: ...se address aging timeout to the default value TCP FIN URG PSH Mode May be enabled or disabled The factory default is disabled TCP Flag Sequence Mode May be enabled or disabled The factory default is disabled TCP SYN Mode May be enabled or disabled The factory default is disabled TCP SYN FIN Mode May be enabled or disabled The factory default is disabled TCP Fragment Mode May be enabled or disabled...

Page 241: ...address for which the switch has forwarding and or filtering information The format is two digit hexadecimal numbers separated by colons for example 01 23 45 67 89 AB In an IVL system the MAC address will be displayed as a MAC address and VLAN ID combination of 8 bytes Type The type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as ...

Page 242: ... This command disables ISDP on the switch Format show mac address table stats Mode Privileged EXEC Term Definition Max MFDB Table Entries The total number of entries that can possibly be in the Multicast Forwarding Database table Most MFDB Entries Since Last Reset The largest number of entries that have been present in the Multicast Forwarding Database table This value is also known as the MFDB hi...

Page 243: ... timer This command sets the period of time between sending new ISDP packets The range is given in seconds isdp advertise v2 This command enables the sending of ISDP version 2 packets from the device no isdp advertise v2 This command disables the sending of ISDP version 2 packets from the device Default 180 seconds Format isdp holdtime 10 255 Mode Global Config Default 30 seconds Format isdp timer...

Page 244: ...ar isdp counters This command clears ISDP counters clear isdp table This command clears entries in the ISDP table show isdp This command displays global ISDP settings Default Enabled Format isdp enable Mode Interface Config Format no isdp enable Mode Interface Config Format clear isdp counters Mode Privileged EXEC Format clear isdp table Mode Privileged EXEC Format show isdp Mode Privileged EXEC ...

Page 245: ... capability of the device serialNumber indicates that the device uses a serial number as the format for its Device ID macAddress indicates that the device uses a Layer 2 MAC address as the format for its Device ID other indicates that the device uses its platform specific format as the format for its Device ID Device ID Format Indicates the Device ID format of the device serialNumber indicates tha...

Page 246: ...ertisement was received Port ID The port ID of the interface from which the neighbor sent the advertisement Hold Time The hold time advertised by the neighbor Version The software version that the neighbor is running Advertisement Version The version of the advertisement packet received from the neighbor Capability ISDP Functional Capabilities advertised by the neighbor Format show isdp neighbors ...

Page 247: ...terface from which the neighbor sent the advertisement Hold Time The hold time advertised by the neighbor Advertisement Version The version of the advertisement packet received from the neighbor Entry Last Changed Time Displays when the entry was last modified Version The software version that the neighbor is running Format show isdp traffic Mode Privileged EXEC Term Definition ISDP Packets Receiv...

Page 248: ...f ISDPv2 packets transmitted ISDP Bad Header Number of packets received with a bad header ISDP Checksum Error Number of packets received with a checksum error ISDP Transmission Failure Number of packets which failed to transmit ISDP Invalid Format Number of invalid packets received ISDP Table Full Number of times a neighbor entry was not added to the table due to a full database ISDP IP Address Ta...

Page 249: ...n page 4 39 Routing Information Protocol RIP Commands on page 4 82 ICMP Throttling Commands on page 4 91 Address Resolution Protocol ARP Commands This section describes the commands you use to configure ARP and to view ARP information on the switch ARP associates IP addresses with MAC addresses and stores the information as ARP entries in the ARP cache Warning The commands in this chapter are in o...

Page 250: ...dress of a device on a subnet attached to an existing routing interface macaddr is a unicast MAC address for that device ip proxy arp This command enables proxy ARP on a router interface Without proxy ARP a device only responds to an ARP request if the target IP address is an address configured on the interface where the ARP request arrived With proxy ARP the device may also respond if the target ...

Page 251: ...ize This command configures the default ARP cache size arp dynamicrenew This command enables the ARP component to automatically renew dynamic ARP entries when they age out no arp dynamicrenew This command prevents dynamic ARP entries from renewing when they age out Format no ip proxy arp Mode Interface Config Format arp cachesize platform specific integer value Mode Global Config Format no arp cac...

Page 252: ... response timeout time in seconds The range for seconds is between 1 10 seconds no arp resptime This command configures the default ARP request response timeout arp retries This command configures the ARP count of maximum request for retries The value for retries is an integer which represents the maximum number of request for retries The range for retries is an integer between 0 10 retries Format...

Page 253: ...ime in seconds The range for seconds is between 15 21600 seconds no arp timeout This command configures the default ARP entry ageout time clear arp cache This command causes all ARP entries of type dynamic to be removed from the ARP cache If the gateway keyword is specified the dynamic entries of type gateway are purged as well Format no arp retries Mode Global Config Default 1200 Format arp timeo...

Page 254: ...ged EXEC Format show arp Mode Privileged EXEC Term Definition Age Time seconds The time it takes for an ARP entry to age out This is configurable Age time is measured in seconds Response Time seconds The time it takes for an ARP request timeout This value is configurable Response time is measured in seconds Retries The maximum number of times an ARP request is retried This value is configurable Ca...

Page 255: ... Time seconds The time it takes for an ARP entry to age out This value is configurable Age time is measured in seconds Response Time seconds The time it takes for an ARP request timeout This value is configurable Response time is measured in seconds Retries The maximum number of times an ARP request is retried This value is configurable Cache Size The maximum number of entries in the ARP table Thi...

Page 256: ...is command disables routing for an interface You can view the current value for this function with the show ip brief command The value is labeled as Routing Mode ip routing This command enables the IP Router Admin Mode for the master switch Term Definition IP Address The IP address of a device on a subnet attached to the switch MAC Address The hardware MAC address of that device Interface The rout...

Page 257: ...here the range for a b c and d is 1 255 The value for subnetmask is a 4 digit dotted decimal number which represents the Subnet Mask of the interface To remove all of the IP addresses primary and secondary configured on the interface enter the command no ip address ip route This command configures a static route The ipaddr parameter is a valid IP address and subnetmask is a valid subnet mask The n...

Page 258: ...e Confirm that the associated link is also up no ip route This command deletes a single next hop to a destination static route If you use the nexthopip parameter the next hop is deleted If you use the preference value the preference value of the static route is reset to its default ip route default This command configures the default route The value for nexthopip is a valid IP address of the next ...

Page 259: ...oute The default distance is used when no distance is specified in these commands Changing the default distance does not update the distance of existing static routes even if they were assigned the original default distance The new default distance will only be applied to static routes created after invoking the ip route distance command no ip route distance This command sets the default static ro...

Page 260: ...ts may be fragmented by the IP stack The IP stack uses its default IP MTU and ignores the value set using the ip mtu command OSPF advertises the IP MTU in the Database Description packets it sends to its neighbors during database exchange If two OSPF neighbors advertise different IP MTUs they will not form an adjacency unless OSPF has been instructed to ignore differences in IP MTU with the ip osp...

Page 261: ...show ip brief This command displays all the summary information of the IP including the ICMP rate limit configuration and the global ICMP Redirect configuration Format no ip mtu mtu Mode Interface Config Default ethernet Format encapsulation ethernet snap Mode Interface Config Note Routed frames are always ethernet encapsulated when a frame is routed to a VLAN Format clear ip route all Mode Privil...

Page 262: ... final destination Routing Mode Shows whether the routing mode is enabled or disabled Maximum Next Hops The maximum number of next hops the packet can travel Maximum Routes The maximum number of routes the packet can travel ICMP Rate Limit Interval Shows how often the token bucket is initialized with burst size tokens Burst interval is from 0 to 2147483647 milliseconds The default burst interval i...

Page 263: ...ied interface The possible values of this field are enable or disable This value is configurable Forward Net Directed Broadcasts Displays whether forwarding of network directed broadcasts is enabled or disabled This value is configurable Proxy ARP Displays whether Proxy ARP is enabled or disabled on the system Local Proxy ARP Displays whether Local Proxy ARP is enabled or disabled on the interface...

Page 264: ...ress specifies the network for which the route is to be displayed and displays the best matching best route for the address The mask specifies the subnet mask for the given ip address When you use the longer Format show ip interface brief Modes Privileged EXEC User EXEC Term Definition Interface Valid unit slot and port number separated by forward slashes State Routing operational state of the int...

Page 265: ...cted routes Format show ip route ip address protocol ip address mask longer prefixes protocol protocol all all Modes Privileged EXEC User EXEC Term Definition Route Codes The key for the routing protocol codes that might appear in the routing table output Term Definition Code The codes for the routing protocols that created the routes IP Address Mask The IP Address and mask of the destination netw...

Page 266: ...l Type 1 E2 OSPF External Type 2 N1 OSPF NSSA External Type 1 N2 OSPF NSSA External Type 2 C 1 1 1 0 24 0 1 directly connected 0 11 C 2 2 2 0 24 0 1 directly connected 0 1 C 5 5 5 0 24 0 1 directly connected 0 5 S 7 0 0 0 8 1 0 directly connected Null0 OIA 10 10 10 0 24 110 6 via 5 5 5 2 00h 00m 01s 0 5 C 11 11 11 0 24 0 1 directly connected 0 11 S 12 0 0 0 8 5 0 directly connected Null0 S 23 0 0 ...

Page 267: ... are used in determining the best route Lower router preference values are preferred over higher router preference values A route with a preference of 255 cannot be used to forward traffic Reject Routes Total number of reject routes installed by all protocols Total Routes Total number of routes in the routing table Format show ip route preferences Modes Privileged EXEC User EXEC Term Definition Lo...

Page 268: ...ribes the commands you use to view and configure Router Discovery Protocol settings on the switch The Router Discovery Protocol enables a host to discover the IP address of routers on the subnet ip irdp This command enables Router Discovery on an interface no ip irdp This command disables Router Discovery on an interface Format show ip stats Modes Privileged EXEC User EXEC Default disabled Format ...

Page 269: ...er for the interface ip irdp holdtime This command configures the value in seconds of the holdtime field of the router advertisement sent from this interface The holdtime range is the value of maxadvertinterval to 9000 seconds no ip irdp holdtime This command configures the default value in seconds of the holdtime field of the router advertisement sent from this interface Default 224 0 0 1 Format ...

Page 270: ...nterval This command configures the minimum time in seconds allowed between sending router advertisements from the interface The range for minadvertinterval is three to the value of maxadvertinterval no ip irdp minadvertinterval This command sets the default minimum time to the default Default 600 Format ip irdp maxadvertinterval 4 1800 Mode Interface Config Format no ip irdp maxadvertinterval Mod...

Page 271: ...Format no ip irdp preference Mode Interface Config Format show ip irdp unit slot port all Modes Privileged EXEC User EXEC Term Definition Interface The unit slot port that matches the rest of the information in the row Ad Mode The advertise mode which indicates whether router discovery is enabled or disabled on this interface Advertise Address The IP address to which the interface sends the advert...

Page 272: ...4093 show ip vlan This command displays the VLAN routing information for all VLANs with routing enabled Preference The preference of the address as a default router address relative to other router addresses on the same subnet Format vlan routing vlanid Mode VLAN Config Format no vlan routing vlanid Mode VLAN Config Format show ip vlan Modes Privileged EXEC User EXEC Term Definition MAC Address us...

Page 273: ...rp Global Config Use this command in Global Config mode to enable the administrative mode of VRRP on the router no ip vrrp Use this command in Global Config mode to disable the default administrative mode of VRRP on the router VLAN ID The identifier of the VLAN Logical Interface The logical unit slot port associated with the VLAN routing interface IP Address The IP address associated with this VLA...

Page 274: ...rid is an integer value that ranges from 1 to 255 ip vrrp mode This command enables the virtual router configured on the specified interface Enabling the status field starts a virtual router The parameter vrid is the virtual router ID which has an integer value ranging from 1 to 255 no ip vrrp mode This command disables the virtual router configured on the specified interface Disabling the status ...

Page 275: ...tion This command sets the authorization details value for the virtual router configured on a specified interface The parameter none simple specifies the authorization type for virtual router configured on the specified interface The parameter key is optional it is only required when authorization type is simple text password The parameter vrid is the virtual router ID which has an integer value r...

Page 276: ... is from 1 to 255 The router with the highest priority is elected master If a router is configured with the address used as the address of the virtual router the router is called the address owner The priority of the address owner is always 255 so that the address owner is always master If the master has a priority less than 255 it is not the address owner and you configure the priority of another...

Page 277: ... IP interfaces are tracked A tracked interface is up if the IP on that interface is up Otherwise the tracked interface is down When the tracked interface is down or the interface has been removed from the router the priority of the VRRP router will be decremented by the value specified in the priority argument When the interface is up for IP protocol the priority will be incremented by the priorit...

Page 278: ...ified in the priority argument When the tracked route is added the priority will be incremented by the same A VRRP configured interface can track more than one route When a tracked route goes down then the priority of the router will be decreased by 10 the default priority decrement for each downed route By default no routes are tracked If you specify just the route to be tracked without giving th...

Page 279: ...l router has been up in days hours minutes and seconds Protocol The protocol configured on the interface State Transitioned to Master The total number of times virtual router state has changed to MASTER Advertisement Received The total number of VRRP advertisements received by this virtual router Advertisement Interval Errors The total number of VRRP advertisements received for which advertisement...

Page 280: ...of VRRP packets received with unknown authentication type Authentication Type Mismatch The total number of VRRP advertisements received for which auth type not equal to locally configured one for this virtual router Packet Length Errors The total number of VRRP packets received with packet length less than length of VRRP header Format show ip vrrp Modes Privileged EXEC User EXEC Term Definition Ad...

Page 281: ...e State DecrementPriority Format show ip vrrp interface unit slot port vrid vlan 1 4093 Modes Privileged EXEC User EXEC Term Definition Primary IP Address The configured IP address for the Virtual router VMAC address The VMAC address of the specified router Authentication type The authentication type for the specific virtual router Priority The priority value for the specific virtual router taking...

Page 282: ... DHCP relay agent operates at Layer 3 and forwards DHCP requests and replies between clients and servers when they are not on the same physical subnet bootpdhcprelay cidoptmode This command enables the circuit ID option mode for BootP DHCP Relay on the system Format show ip vrrp interface brief Modes Privileged EXEC User EXEC Term Definition Interface Valid unit slot and port number separated by f...

Page 283: ... agent hops for BootP DHCP Relay on the system bootpdhcprelay minwaittime This command configures the minimum wait time in seconds for BootP DHCP Relay on the system When the BOOTP relay agent receives a BOOTREQUEST message it MAY use the seconds since client began booting field of the request as a factor in deciding whether to relay the request or not The parameter has a range of 0 to 100 seconds...

Page 284: ...at show bootpdhcprelay Modes Privileged EXEC User EXEC Term Definition Maximum Hop Count The maximum allowable relay agent hops Minimum Wait Time Seconds The minimum wait time Admin Mode Indicates whether relaying of requests is enabled or disabled Server IP Address The IP address for the BootP DHCP Relay server Circuit Id Option Mode The DHCP circuit Id option which may be enabled or disabled Req...

Page 285: ...c interface has precedence over a setting of a helper address for all interfaces You cannot enable forwarding of BOOTP DHCP packets ports 67 68 with this command If you want to relay BOOTP DHCP packets use the DHCP relay commands Ip address Destination broadcast or host address to be used when forwarding UDP broadcasts You can specify 0 0 0 0 to indicate not to forward the UDP packet to any host a...

Page 286: ...elper addresses on that interface ip helper address discard Use this command to drop matching packets Format no ip helper address ip address 1 65535 dhcp domain isakmp mobile ip nameserver netbios dgm netbios ns ntp pim auto rip rip tacacs tftp time Mode GlobalConfig Format ip helper address ip address 1 65535 dhcp domain isakmp mobile ip nameserver netbios dgm netbios ns ntp pim auto rip rip taca...

Page 287: ...Helper IP Address 1 2 3 4 1 2 3 5 Open Shortest Path First OSPF Commands This section describes the commands you use to view and configure OSPF which is a link state routing protocol that you use to route traffic within a network router ospf Use this command to enter Router OSPF mode Format no ip helper address discard 1 65535 dhcp domain isakmp mobile ip nameserver netbios dgm netbios ns ntp pim ...

Page 288: ...interface and set its area ID if the IP address of an interface is covered by this network command no network area OSPF Use this command to disable the OSPFv2 on a interface if the IP address of an interface was earlier covered by this network command Default enabled Format enable Mode Router OSPF Config Format no enable Mode Router OSPF Config Default disabled Format network ip address wildcard m...

Page 289: ...PFv2 domain no ip ospf area Use this command to disable OSPF on an interface 1583compatibility This command enables OSPF 1583 compatibility no 1583compatibility This command disables OSPF 1583 compatibility Default disabled Format ip ospf area area id secondaries none Mode Interface Config Format no ip ospf area secondaries none Mode Interface Config Note 1583 compatibility mode is enabled by defa...

Page 290: ...SPF This command configures the metric value and type for the default route advertised into the NSSA The optional metric parameter specifies the metric of the default route and is to be in a range of 1 16777214 If no metric is specified the default value is 10 The metric type can be comparable nssa external 1 or non comparable nssa external 2 Format area areaid default cost 1 16777215 Mode Router ...

Page 291: ...so that learned external routes are redistributed to the NSSA area nssa no summary OSPF This command configures the NSSA so that summary LSAs are not advertised into the NSSA no area nssa no summary OSPF This command disables nssa from the summary LSAs Format no area areaid nssa default info originate metric comparable non comparable Mode Router OSPF Config Format area areaid nssa no redistribute ...

Page 292: ...tab intv OSPF This command configures the translator stabilityinterval of the NSSA The stabilityinterval is the period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router no area nssa translator stab intv OSPF This command disables the nssa translator s stabilityinterval from the specified area id Form...

Page 293: ...is a valid subnet mask area stub OSPF This command creates a stub area for the specified area ID A stub area is characterized by the fact that AS External LSAs are not propagated into the area Removing AS External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area no area stub This command deletes a stub area for the specified area ID Format area...

Page 294: ...command creates the OSPF virtual interface for the specified areaid and neighbor The neighbor parameter is the Router ID of the neighbor no area virtual link This command deletes the OSPF virtual interface from the given interface identified by areaid and neighbor The neighbor parameter is the Router ID of the neighbor Default disabled Format area areaid stub no summary Mode Router OSPF Config For...

Page 295: ...ecified The default value for authentication type is none Neither the default password key nor the default key id are configured no area virtual link authentication This command configures the default authentication type for the OSPF virtual interface identified by areaid and neighbor The neighbor parameter is the Router ID of the neighbor area virtual link dead interval OSPF This command configur...

Page 296: ...configures the default hello interval for the OSPF virtual interface on the virtual interface identified by areaid and neighbor The neighbor parameter is the Router ID of the neighbor area virtual link retransmit interval OSPF This command configures the retransmit interval for the OSPF virtual interface on the virtual interface identified by areaid and neighbor The neighbor parameter is the Route...

Page 297: ...e bandwidth Faster links have lower metrics making them more attractive in route selection The configuration parameters in the auto cost reference bandwidth and bandwidth commands give you control over the default link cost You can configure for OSPF an interface bandwidth that is independent of the actual link speed A second configuration parameter allows you to control the ratio of interface ban...

Page 298: ...dth is specified with the auto cost command For the purpose of the OSPF link cost calculation use the bandwidth command to specify the interface bandwidth The bandwidth is specified in kilobits per second If no bandwidth is configured the bandwidth defaults to the actual interface bandwidth for port based routing interfaces and to 10 Mbps for VLAN routing interfaces This command does not affect th...

Page 299: ...f Opaque LSAs of different scopes no capability opaque Use this command to disable opaque capability on the router clear ip ospf Use this command to disable and re enable OSPF clear ip ospf configuration Use this command to reset the OSPF configuration to factory defaults clear ip ospf counters Use this command to reset global and interface statistics Default disabled Format capability opaque Mode...

Page 300: ...ency with all neighbors on a specific interface use the optional parameter unit slot port To drop adjacency with a specific router ID on a specific interface use the optional parameter neighbor id clear ip ospf redistribution Use this command to flush all self originated external LSAs Reapply the redistribution configuration and re originate prefixes as necessary Format clear ip ospf counters Mode...

Page 301: ...OSPF This command is used to set a default for the metric of distributed routes no default metric OSPF This command is used to set a default for the metric of distributed routes Default metric unspecified type 2 Format default information originate always metric 0 16777214 metric type 1 2 Mode Router OSPF Config Format no default information originate metric metric type Mode Router OSPF Config For...

Page 302: ...er The type of OSPF can be intra inter or external All the external type routes are given the same preference value distribute list out OSPF Use this command to specify the access list to filter routes received from the source protocol no distribute list out Use this command to specify the access list to filter routes received from the source protocol Default 110 Format distance ospf intra area 1 ...

Page 303: ...figures the external LSDB limit for OSPF If the value is 1 then there is no limit When the number of non default AS external LSAs in a router s link state database reaches the external LSDB limit the router enters overflow state The router never holds more than the external LSDB limit non default AS external LSAs in it database The external LSDB limit MUST be set identically in all routers attache...

Page 304: ...e range of 0 and 255 must be specified Unauthenticated interfaces do not need an authentication key or authentication key ID There is no default value for this command no ip ospf authentication This command sets the default OSPF Authentication Type for the specified interface ip ospf cost This command configures the cost on an OSPF interface The cost parameter has a range of 1 to 65535 no ip ospf ...

Page 305: ...7483647 no ip ospf dead interval This command sets the default OSPF dead interval for the specified interface ip ospf hello interval This command sets the OSPF hello interval for the specified interface The value for seconds is a valid positive integer which represents the length of time in seconds The value for the length of time must be the same for all routers attached to a network Valid values...

Page 306: ...to point network For point to point networks OSPF does not elect a designated router or generate a network link state advertisement LSA Both endpoints of the link must be configured to operate in point to point mode no ip ospf network Use this command to return the OSPF network type to the default ip ospf priority This command sets the OSPF priority for the specified router interface The priority ...

Page 307: ...d link state request packets Valid values range from 0 to 3600 1 hour no ip ospf retransmit interval This command sets the default OSPF retransmit Interval for the specified interface ip ospf transmit delay This command sets the OSPF Transit Delay for the specified interface The transmit delay is specified in seconds In addition it sets the estimated number of seconds it takes to transmit a link s...

Page 308: ...scription packet it examines the MTU advertised by the neighbor By default if the MTU is larger than the router can accept the Database Description packet is rejected and the OSPF adjacency is not established no ip ospf mtu ignore This command enables the OSPF MTU mismatch detection router id OSPF This command sets a 4 digit dotted decimal number uniquely identifying the router ospf id The ipaddre...

Page 309: ...of paths that OSPF can report for a given destination where maxpaths is platform dependent no maximum paths This command resets the number of paths that OSPF can report for a given destination back to its default value Default metric unspecified type 2 tag 0 Format redistribute rip static connected metric 0 16777214 metric type 1 2 tag 0 4294967295 subnets Mode Router OSPF Config Format no redistr...

Page 310: ...ts to non passive mode passive interface OSPF Use this command to set the interface or tunnel as passive It overrides the global passive mode that is currently effective on the interface or tunnel no passive interface Use this command to set the interface or tunnel as non passive It overrides the global passive mode that is currently effective on the interface or tunnel Default disabled Format pas...

Page 311: ...f Table 1 Table 1 Trapflags Groups To enable the individual flag enter the group name followed by that particular flag To enable all the flags in that group give the group name followed by all Default delay time 5 hold time 10 Format timers spf delay time hold time Mode Router OSPF Config Group Flags errors authentication failure bad packet config error virt authentication failure virt bad packet ...

Page 312: ...the group name followed by all To disable all the flags give the command as trapflags all Default disabled Format trapflags all errors all authentication failure bad packet config error virt authentication failure virt bad packet virt config error if rx all if rx packet lsa all lsa maxage lsa originate overflow all lsdb overflow lsdb approaching overflow retransmit all packets virt packets rtb all...

Page 313: ...only if you enable OSPF and configure certain features Term Definition Router ID A 32 bit integer in dotted decimal format identifying the router about which information is displayed This is a configured value OSPF Admin Mode Shows whether the administrative mode of OSPF in the router is enabled or disabled This is a configured value ASBR Mode Indicates whether the ASBR mode is enabled or disabled...

Page 314: ...out of resources to store the entire link state database or any other state information OSPF goes into stub router mode As a stub router OSPF re originates its own router LSAs setting the cost of all non stub interfaces to infinity To restore OSPF to normal operation disable and re enable OSPF Exit Overflow Interval The number of seconds that after entering overflow state a router will attempt to ...

Page 315: ...oute Advertise Indicates whether the default routes received from other source protocols are advertised or not Always Shows whether default routes are always advertised Metric The metric of the routes being redistributed If the metric is not configured this field is blank Metric Type Shows whether the routes are External Type 1 or External Type 2 Number of Active Areas The number of active OSPF ar...

Page 316: ...efault Metric Not configured Default Route Advertise Disabled Always FALSE Metric Not configured Metric Type External Type 2 Number of Active Areas 3 3 normal 0 stub 0 nssa ABR Status Disable ASBR Status Disable Stub Router FALSE External LSDB Overflow FALSE External LSA Count 0 External LSA Checksum 0 AS_OPAQUE LSA Count 0 AS_OPAQUE LSA Checksum 0 LSAs Originated 0 LSAs Received 0 LSA Count 0 Max...

Page 317: ...Cost of using this route Area ID The area ID of the area from which this route is learned Next Hop Next hop toward the destination Next Hop Intf The outgoing router interface to use when forwarding traffic to the next hop Format show ip ospf area areaid Modes Privileged EXEC User EXEC Term Definition AreaID The area id of the requested OSPF area External Routing A number representing the external ...

Page 318: ... area Term Definition Import Summary LSAs Shows whether to import summary LSAs into the NSSA Redistribute into NSSA Shows whether to redistribute information into the NSSA Default Information Originate Shows whether to advertise a default route into the NSSA Default Metric The metric value for the default route advertised into the NSSA Default Metric Type The metric type for the default route adve...

Page 319: ...is learned Next Hop Next hop toward the destination Next Hop Intf The outgoing router interface to use when forwarding traffic to the next hop Parameter Description asbr summary Use asbr summary to show the autonomous system boundary router ASBR summary LSAs external Use external to display the external LSAs network Use network to display the network LSAs nssa external Use nssa external to display...

Page 320: ...mal number representing the LSDB interface Age A number representing the age of the link state advertisement in seconds Sequence A number that represents which LSA is more recent Checksum The total number LSA checksum Options This is an integer It indicates that the LSA receives special handling during routing calculations Rtr Opt Router Options are valid for router links only Format show ip ospf ...

Page 321: ...ddresses if any are configured on the interface OSPF Admin Mode States whether OSPF is enabled or disabled on a router interface OSPF Area ID The OSPF Area ID for the specified interface OSPF Network Type The type of network on this interface that the OSPF is running on Router Priority A number representing the OSPF Priority for the specified interface Retransmit Interval A number representing the...

Page 322: ...tes are down loopback waiting point to point designated router and backup designated router Designated Router The router ID representing the designated router Backup Designated Router The router ID representing the backup designated router Number of Link Events The number of link events Local Link LSAs The number of Link Local Opaque LSAs in the link state database Local Link LSA Checksum The sum ...

Page 323: ... this OSPF interface Area Border Router Count The total number of area border routers reachable within this area This is initially zero and is calculated in each SPF pass AS Border Router Count The total number of Autonomous System border routers reachable within this area Area LSA Count The total number of link state advertisements in this area s link state database excluding AS External LSAs IP ...

Page 324: ...discarded because the packet s destination IP address is not the address of the ingress interface and is not the AllDrRouters or AllSpfRouters multicast addresses Wrong Authentication Type The number of packets discarded because the authentication type specified in the OSPF header does not match the authentication type configured on the ingress interface Note This field only applies to OSPFv2 Auth...

Page 325: ...you do not specify an IP address a table with the following columns displays for all neighbors or the neighbor associated with the interface that you specify LS Request 1 1 LS Update 141 42 LS Acknowledgment 40 135 Format show ip ospf neighbor interface unit slot port ip address Modes Privileged EXEC User EXEC Term Definition Router ID The 4 digit dotted decimal number of the neighbor router Prior...

Page 326: ...ly adjacent and they will now appear in router LSAs and network LSAs Dead Time The amount of time in seconds to wait before the router assumes the neighbor is unreachable Term Definition Interface Valid unit slot and port number separated by forward slashes Neighbor IP Address The IP address of the neighbor router Interface Index The interface ID of the neighbor router Area ID The area ID of the O...

Page 327: ... for the specified areaid The areaid identifies the OSPF area whose ranges are being displayed Retransmission Queue Length An integer representing the current length of the retransmission queue of the specified neighbor router Id of the specified interface Format show ip ospf range areaid Modes Privileged EXEC User EXEC Term Definition Area ID The area id of the requested OSPF area IP Address An I...

Page 328: ...played if OSPF is initialized on the switch Format show ip ospf statistics Modes Privileged EXEC User EXEC Term Definition Delta T How long ago the SPF ran The time is in the format hh mm ss giving the hours minutes and seconds since the SPF run SPF Duration How long the SPF took in milliseconds Reason The reason the SPF was scheduled Reason codes are as follows R a router LSA has changed N a netw...

Page 329: ...p ospf virtual link areaid neighbor Modes Privileged EXEC User EXEC Term Definition Area ID The area id of the requested OSPF area Neighbor Router ID The input neighbor Router ID Hello Interval The configured hello interval for the OSPF virtual interface Dead Interval The configured dead interval for the OSPF virtual interface Iftransit Delay Interval The configured transit delay for the OSPF virt...

Page 330: ...his command resets the default administrative mode of RIP in the router active Format show ip ospf virtual link brief Modes Privileged EXEC User EXEC Term Definition Area ID The area id of the requested OSPF area Neighbor The neighbor interface of the OSPF virtual interface Hello Interval The configured hello interval for the OSPF virtual interface Dead Interval The configured dead interval for th...

Page 331: ... rip This command disables RIP on a router interface auto summary This command enables the RIP auto summarization mode no auto summary This command disables the RIP auto summarization mode Format no enable Mode Router RIP Config Default disabled Format ip rip Mode Interface Config Format no ip rip Mode Interface Config Default disabled Format auto summary Mode Router RIP Config Format no auto summ...

Page 332: ...RIP This command is used to reset the default metric of distributed routes to its default value distance rip This command sets the route preference value of RIP in the router Lower route preference values are preferred when determining the best route A route with a preference of 255 cannot be used to forward traffic Format default information originate Mode Router RIP Config Format no default info...

Page 333: ...ied interface The value of type is either none simple or encrypt The value for authentication key key must be 16 bytes or less The key is composed of standard displayable non control keystrokes from a Standard 101 102 key keyboard If the value of type is encrypt a keyid in the range of 0 and 255 must be specified Unauthenticated interfaces do not need an authentication key or authentication key ID...

Page 334: ... receive version This command configures the interface to allow RIP control packets of the default version s to be received ip rip send version This command configures the interface to allow RIP control packets of the specified version to be sent The value for mode is one of rip1 to broadcast RIP version 1 formatted packets rip1c RIP version 1 compatibility mode which sends RIP version 2 formatted...

Page 335: ...roblems caused by including routes in updates sent to the router from which the route was originally learned The options are None no special processing for this case Simple a route will not be included in updates sent to the router from which it was learned Poisoned reverse a route will be included in updates sent to the router from which it was learned but the metric will be set to infinity Forma...

Page 336: ...re redistributed by default no redistribute This command de configures RIP protocol to redistribute routes from the specified source protocol routers Format split horizon none simple poison Mode Router RIP Config Format no split horizon Mode Router RIP Config Default metric not configured match internal Format for OSPF as source protocol redistribute ospf metric 0 15 match internal external 1 exte...

Page 337: ...able Host Routes Accept Mode Enable or disable If enabled the router accepts host routes The default is enable Global Route Changes The number of route changes made to the IP Route Database by RIP This does not include the refresh of a route s age Global queries The number of responses sent to RIP queries from other systems Default Metric The default metric of redistributed routes if one has alrea...

Page 338: ...ypes are none RIP 1 RIP 1c RIP 2 This is a configured value Receive Version The RIP version s allowed when receiving updates from the specified interface The types are none RIP 1 RIP 2 Both This is a configured value RIP Admin Mode RIP administrative mode of router RIP operation enable activates disable de activates it This is a configured value Link State Indicates whether the RIP interface is up...

Page 339: ...nreachable messages is enabled no ip unreachables Use this command to prevent the generation of ICMP Destination Unreachable messages ip redirects Use this command to enable the generation of ICMP Redirect messages by the router By default the generation of ICMP Redirect messages is enabled no ip redirects Use this command to prevent the generation of ICMP Redirect messages by the router Default e...

Page 340: ...h two configurable parameters burst size and burst interval The burst interval specifies how often the token bucket is initialized with burst size tokens burst interval is from 0 to 2147483647 milliseconds msec The burst size is the number of ICMP error messages that can be sent during one burst interval The range is from 1 to 200 messages To disable ICMP rate limiting set burst interval to zero 0...

Page 341: ...l Release 8 0 3 Routing Commands 4 93 v1 0 July 2010 no ip icmp error interval Use the no form of the command to return burst interval and burst size to their default values Format no ip icmp error interval Mode Global Config ...

Page 342: ...Group Message Protocol IGMP Commands on page 5 26 IGMP Proxy Commands on page 5 35 Multicast Commands This section describes the commands you use to configure IP Multicast and to view IP Multicast settings and statistics Warning The commands in this chapter are in one of two functional groups Show commands display switch settings statistics and other information Configuration commands configure fe...

Page 343: ...ecified by groupipaddr and mask for which this multicast administrative boundary is applicable groupipaddr is a group IP address and mask is a group IP mask ip multicast This command sets the administrative mode of the IP multicast forwarder in the router to active no ip multicast This command sets the administrative mode of the IP multicast forwarder in the router to inactive Format ip mcast boun...

Page 344: ...lies the default ttlthreshold to a routing interface The ttlthreshold is the TTL threshold which is to be applied to the multicast Data packets which are to be forwarded from the interface show ip mcast This command displays the system wide multicast information Default 1 Format ip multicast ttl threshold ttlvalue Mode Interface Config Format no ip multicast ttl threshold Mode Interface Config For...

Page 345: ... Entry Count The number of entries in the multicast forwarding cache Format show ip mcast boundary unit slot port all Modes Privileged EXEC User EXEC Term Definition Interface Valid unit slot and port number separated by forward slashes Group Ip The group IP address Mask The group IP mask Format show ip mcast interface unit slot port Modes Privileged EXEC User EXEC Term Definition Interface Valid ...

Page 346: ...es Privileged EXEC User EXEC Term Definition Source IP The IP address of the multicast data source Group IP The IP address of the destination of the multicast packet Expiry Time The time of expiry of this entry in seconds Up Time The time elapsed since the entry was created in seconds RPF Neighbor The IP address of the RPF neighbor Flags The flags associated with this entry Term Definition Source ...

Page 347: ...e Group IP The IP address of the destination of the multicast packet Protocol The multicast routing protocol by which this entry was created Incoming Interface The interface on which the packet for this group arrives Outgoing Interface List The list of outgoing interfaces on which this packet is forwarded Format show ip mcast mroute source sourceipaddr summary detail Modes Privileged EXEC User EXE...

Page 348: ...inactive ip dvmrp metric This command configures the metric for an interface This value is used in the DVMRP messages as the cost to reach this network This field has a range of 1 to 31 Protocol The multicast routing protocol by which this entry was created Incoming Interface The interface on which the packet for this source arrives Outgoing Interface List The list of outgoing interfaces on which ...

Page 349: ... mode no ip dvmrp trapflags This command disables the DVMRP trap mode ip dvmrp This command sets the administrative mode of DVMRP on an interface to active no ip dvmrp This command sets the administrative mode of DVMRP on an interface to inactive Format no ip dvmrp metric Mode Interface Config Default disabled Format ip dvmrp trapflags Mode Global Config Format no ip dvmrp trapflags Mode Global Co...

Page 350: ...The number of routes in the DVMRP routing table Reachable Routes The number of entries in the routing table with non infinite metrics Term Definition Interface Valid unit slot and port number separated by forward slashes Interface Mode The mode of this interface Possible values are Enabled and Disabled Operational status The current state of DVMRP on this interface Possible values are Operational ...

Page 351: ... on this interface Format show ip dvmrp neighbor Modes Privileged EXEC User EXEC Term Definition IfIndex The value of the interface used to reach the neighbor Nbr IP Addr The IP address of the DVMRP neighbor for which this entry contains information State The state of the neighboring router The possible value for this field are ACTIVE or DOWN Up Time The time since this neighboring router was lear...

Page 352: ...pecifies a next hop on an outgoing interface Source Mask The IP Mask for the sources for which this entry specifies a next hop on an outgoing interface Next Hop Interface The interface in unit slot port format for the outgoing interface for this next hop Type The network is a LEAF or a BRANCH Format show ip dvmrp prune Modes Privileged EXEC User EXEC Term Definition Group IP The multicast Address ...

Page 353: ...ministrative mode of PIM DM in the router Format show ip dvmrp route Modes Privileged EXEC User EXEC Term Definition Source Address The multicast address of the source group Source Mask The IP Mask for the source group Upstream Neighbor The IP address of the neighbor which is the source for the packets for a specified multicast address Interface The interface used to receive the packets sent by th...

Page 354: ... no ip pimdm Interface Config This command sets administrative mode of PIM DM on an interface to disabled ip pimdm hello interval This command configures the transmission frequency of hello messages between PIM enabled neighbors This field has a range of 10 to 3600 seconds Format no ip pimdm Mode Global Config Default disabled Format ip pimdm Mode Interface Config Format no ip pimdm Mode Interface...

Page 355: ...m Modes Privileged EXEC User EXEC Term Definition Admin Mode Indicates whether PIM DM is enabled or disabled Interface Valid unit slot and port number separated by forward slashes Interface Mode Indicates whether PIM DM is enabled or disabled on this interface Operational status The current state of PIM DM on this interface Possible values are Operational or Non Operational Format show ip pimdm in...

Page 356: ...d slashes IP Address The IP address that represents the PIM DM interface Nbr Count The neighbor count for the PIM DM interface Hello Interval The time interval between two hello messages sent from the router on the given interface Designated Router The IP address of the Designated Router for this interface Format show ip pimdm neighbor unit slot port all Modes Privileged EXEC User EXEC Term Defini...

Page 357: ...by any particular unicast routing protocol ip pimsm Global Config This command is used to administratively enable PIM SM multicast routing mode on the router no ip pimsm Global Config This command is used to administratively disable PIM SM multicast routing mode on the router ip pimsm Interface Config This command is used to administratively enable PIM SM multicast routing mode on a particular rou...

Page 358: ...t or received through an interface no ip pimsm bsr border Use this command to disable the interface from being the BSR border ip pimsm bsr candidate This command is used to configure the router to announce its candidacy as a bootstrap router BSR Format no ip pimsm Mode Interface Config Default disabled Format ip pimsm bsr border Mode Interface Config Format no ip pimsm bsr border Mode Interface Co...

Page 359: ...ith the group address before the hash function is called All groups with the same seed hash correspond to the same RP For example if this value was 24 only the first 24 bits of the group addresses matter This allows you to get one RP for multiple groups priority Priority of the candidate BSR The range is an integer from 0 to 255 The BSR with the larger priority is preferred If the priority values ...

Page 360: ...his command is used to configure the interface join prune interval for the PIM SM router The join prune interval is specified in seconds This parameter can be configured to a value from 0 to 18000 no ip pimsm join prune interval Use this command to set the join prune interval to the default value Default 30 Format ip pimsm hello interval 0 18000 Mode Interface Config Format no ip pimsm hello inter...

Page 361: ...eter rp address is the IP address of the RP The parameter groupaddress is the group address supported by the RP The parameter groupmask is the group mask for the group address The optional keyword override indicates that if there is a conflict the RP configured with this command prevails over the RP learned by BSR no ip pimsm rp address This command is used to statically remove the RP address for ...

Page 362: ...d is used to configure the Data Threshold rate for the last hop router to switch to the shortest path The rate is specified in Kilobits per second The possible values are 0 to 2000 no ip pimsm spt threshold This command is used to set the Data Threshold rate for the RP router to the default value Default None Format ip pimsm rp candidate interface unit slot port group address group mask Mode Globa...

Page 363: ...pim trapflags This command enables the PIM trap mode for both Sparse Mode SM and Dense Mode DM no ip pim trapflags This command sets the PIM trap mode to the default Default disabled Format ip pimsm ssm default group address group mask Mode Global Config Parameter Description default range Defines the SSM range access list to 232 8 Format no ip pimsm ssm Mode Global Config Default disabled Format ...

Page 364: ...The threshold rate for the RP router to switch to the shortest path Interface Valid unit slot and port number separated by forward slashes Interface Mode Indicates whether PIM SM is enabled or disabled on the interface Operational Status The current state of the PIM SM protocol on the interface Possible values are Operational or Non Operational Format show ip pimsm bsr Mode Privileged EXEC User EX...

Page 365: ...nd seconds in which the next candidate RP advertisement will be sent Format show ip pimsm interface unit slot port Modes Privileged EXEC User EXEC Term Definition Interface Valid unit slot and port number separated by forward slashes IP Address The IP address of the specified interface Subnet Mask The Subnet Mask for the IP address of the PIM interface Hello Interval secs The frequency at which PI...

Page 366: ...ow ip pimsm neighbor unit slot port all Modes Privileged EXEC User EXEC Term Definition Interface Valid unit slot and port number separated by forward slashes IP Address The IP address of the neighbor on an interface Up Time The time since this neighbor has become active on this interface Expiry Time The expiry time of the neighbor on this interface Format show ip pimsm rphash group address Modes ...

Page 367: ...ayed Internet Group Message Protocol IGMP Commands This section describes the commands you use to view and configure IGMP settings ip igmp This command sets the administrative mode of IGMP in the system to active no ip igmp This command sets the administrative mode of IGMP in the system to inactive Format show ip pimsm rp mapping rp address Modes Privileged EXEC User EXEC Default disabled Format i...

Page 368: ...command sets the number of Group Specific Queries sent before the router assumes that there are no local members on the interface The range for count is 1 to 20 no ip igmp last member query count This command resets the number of Group Specific Queries to the default value Default 3 Format ip igmp version version Modes Interface Config Format no ip igmp version Modes Interface Config Format ip igm...

Page 369: ... specified interface The query interval determines how fast IGMP Host Query packets are transmitted on this interface The range for queryinterval is 1 to 3600 seconds no ip igmp query interval This command resets the query interval for the specified interface to the default value This is the frequency at which IGMP Host Query packets are transmitted on this interface Default 10 tenths of a second ...

Page 370: ...sed in IGMPv2 queries on this interface to the default value The maximum response time interval is reset to the default time ip igmp robustness This command configures the robustness that allows tuning of the interface The robustness is the tuning for the expected packet loss on a subnet If a subnet is expected to have a lot of loss the Robustness variable may be increased for the interface The ra...

Page 371: ...alue ip igmp startup query interval This command sets the interval between General Queries sent on startup on the interface The time interval value is in seconds The range for interval is 1 to 300 seconds no ip igmp startup query interval This command resets the interval between General Queries sent on startup on the interface to the default value Default 2 Format ip igmp startup query count count...

Page 372: ...ured value Interface Valid unit slot and port number separated by forward slashes Interface Mode Indicates whether IGMP is enabled or disabled on the interface This is a configured value Opeational Status The current state of IGMP on this interface Possible values are Operational or Non Operational Format show ip igmp groups unit slot port detail Mode Privileged EXEC Term Definition IP Address The...

Page 373: ... an integer value or if there is no Version 1 host present Version2 Host Timer The time remaining until the local router assumes that there are no longer any IGMP version 2 multicast members on the IP subnet attached to this interface This could be an integer value or if there is no Version 2 host present Group Compatibility Mode The group compatibility mode v1 v2 or v3 for this group on the speci...

Page 374: ...c Queries sent before the router assumes that there are no local members Format show ip igmp interface membership multiipaddr detail Mode Privileged EXEC Term Definition Interface Valid unit slot and port number separated by forward slashes Interface IP The IP address of the interface participating in the multicast group State The interface that has IGMP in Querier mode or Non Querier mode Group C...

Page 375: ...ace stats unit slot port Modes Privileged EXEC User EXEC Term Definition Querier Status The status of the IGMP router whether it is running in Querier mode or Non Querier mode Querier IP Address The IP address of the IGMP Querier on the IP subnet to which this interface is attached Querier Up Time The time since the interface Querier was last changed Querier Expiry Time The amount of time remainin...

Page 376: ... the router To enable the IGMP Proxy on the router you must enable multicast forwarding Also make sure that there are no multicast routing protocols enabled on the router no ip igmp proxy This command disables the IGMP Proxy on the router ip igmp proxy unsolicit rprt interval This command sets the unsolicited report interval for the IGMP Proxy router This command is valid only when you enable IGMP...

Page 377: ...Format ip igmp proxy reset status Mode Interface Config Format show ip igmp proxy Modes Privileged EXEC User EXEC Term Definition Interface index The interface number of the IGMP Proxy Admin Mode States whether the IGMP Proxy is enabled or not This is a configured value Operational Mode States whether the IGMP Proxy is operationally enabled or not This is a status parameter Version The present IGM...

Page 378: ...ys a detailed list of the host interface status parameters It displays the following parameters only when you enable IGMP Proxy The column headings of the table associated with the interface are as follows Older Version 1 Querier Timeout The interval used to timeout the older version 1 queriers Older Version 2 Querier Timeout The interval used to timeout the older version 2 queriers Proxy Start Fr...

Page 379: ...only Leaves Sent Number of IGMP leaves sent on the Proxy interface Valid for version 2 only Format show ip igmp proxy groups Modes Privileged EXEC User EXEC Term Definition Interface The interface number of the IGMP Proxy Group Address The IP address of the multicast group Last Reporter The IP address of host that last sent a membership report for the current group on the network attached to the I...

Page 380: ...ntries with the following as the fields of each column Sources The number of sources attached to the multicast group Format show ip igmp proxy groups detail Modes Privileged EXEC User EXEC Term Definition Interface The interface number of the IGMP Proxy Group Address The IP address of the multicast group Last Reporter The IP address of host that last sent a membership report for the current group ...

Page 381: ... 2 3 00 02 21 226 4 4 4 5 5 5 48 00 02 21 DELAY_MEMBER Include 3 Group Source List Expiry Time 2 1 2 3 00 02 21 6 1 2 3 00 01 44 8 1 2 3 00 01 44 227 4 4 4 5 5 5 48 00 02 21 DELAY_MEMBER Exclude 0 228 4 4 4 5 5 5 48 00 03 21 DELAY_MEMBER Include 3 Group Source List Expiry Time 9 1 2 3 00 03 21 6 1 2 3 00 03 21 7 1 2 3 00 03 21 Filter Mode Possible values are Include or Exclude Sources The number o...

Page 382: ...ommands on page 6 16 IPv6 MLD Proxy Commands on page 6 23 Note The commands in this chapter require an optional software license for use on the GSM7328Sv1 and GSM7352Sv1 Note There is no specific IP multicast enable for IPv6 Enabling of multicast at global config is common for both IPv4 and IPv6 Note The commands in this chapter are in one of three functional groups Show commands display switch se...

Page 383: ...mmon for both IPv4 and IPv6 Format show ipv6 mroute detail summary Modes Privileged EXEC User EXEC Term Definition Source IP The IP address of the multicast data source Group IP The IP address of the destination of the multicast packet Expiry Time The time of expiry of this entry in seconds Up Time The time elapsed since the entry was created in seconds RPF Neighbor The IP address of the RPF neigh...

Page 384: ... of all the entries in the multicast mroute table containing the given source IP address or source IP address and group IP address pair Outgoing Interface List The list of outgoing interfaces on which the packet is forwarded Format show ipv6 mroute group group address detail summary Modes Privileged EXEC User EXEC Term Definition Source IP The IP address of the multicast data source Group IP The I...

Page 385: ... a particular router Interface Config Term Definition Source IP The IP address of the multicast data source Group IP The IP address of the destination of the multicast packet Expiry Time The time of expiry of this entry in seconds Up Time The time elapsed since the entry was created in seconds RPF Neighbor The IP address of the RPF neighbor Flags The flags associated with this entry Term Definitio...

Page 386: ...outer interface The hello interval is specified in seconds and is in the range 10 3600 no ipv6 pimdm hello interval Use this command to set the PIM DM hello interval to the default value show ipv6 pimdm Use this command to display PIM DM Global Configuration parameters and PIM DM interface status Default disabled Format ipv6 pimdm Mode Global Config Interface Config Format no ipv6 pimdm Mode Globa...

Page 387: ...interface Format show ipv6 pimdm Mode Privileged EXEC User EXEC Term Definition Admin Mode Indicates whether PIM DM is enabled or disabled Interface Valid unit slot and port number separated by forward slashes Interface Mode Indicates whether PIM DM is enabled or disabled on this interface Operational Status The current state of PIM DM on this interface Possible values are Operational or Non Opera...

Page 388: ... interface 0 1 Slot Port 0 1 IP Address 1 1 1 1 Subnet Mask 255 255 255 0 Hello Interval secs 30 secs Neighbor count 3 Designated Router Not Supported Switch show ipv6 pimdm interface Address Interface Neighbor Hello Count Interval 192 168 37 6 0 1 2 30 192 168 36 129 0 2 2 30 Up Time The time since this neighbor has become active on this interface Expiry Time The expiry time of the neighbor on th...

Page 389: ... BSR messages from being sent or received through an interface no ipv6 pimsm bsr border Use this command to disable the interface from being the BSR border ipv6 pimsm bsr candidate This command is used to configure the router to announce its candidacy as a bootstrap router BSR Default disabled Format ipv6 pimsm bsr border Mode Interface Config Format no ipv6 pimsm bsr border Mode Interface Config ...

Page 390: ...ers Description hash mask length Length of a mask 32 bits maximum that is to be ANDed with the group address before the hash function is called All groups with the same seed hash correspond to the same RP For example if this value was 24 only the first 24 bits of the group addresses matter This allows you to get one RP for multiple groups priority Priority of the candidate BSR The range is an inte...

Page 391: ...om 0 to 18000 no ipv6 pimsm join prune interval Use this command to set the join prune interval to the default value ipv6 pimsm register threshold This command configures the Register Threshold rate for the Rendezvous Point router to switch to a source specific shortest path The valid values are from 0 to 2000 kilobits sec Default 30 Format ipv6 pimsm hello interval 0 18000 Mode Interface Config F...

Page 392: ...y the RP The parameter groupmask is the group mask for the group address The optional keyword override indicates that if there is a conflict the RP configured with this command prevails over the RP learned by BSR no ipv6 pimsm rp address This command is used to statically remove the RP address for one or more multicast groups Default 0 Format ipv6 pimsm register threshold 0 2000 Mode Global Config...

Page 393: ... is used to configure the Data Threshold rate for the last hop router to switch to the shortest path The rate is specified in Kilobits per second The possible values are 0 to 2000 no ipv6 pimsm spt threshold This command is used to set the Data Threshold rate for the RP router to the default value Default None Format ipv6 pimsm rp candidate interface unit slot port group address group mask Mode Gl...

Page 394: ...pv6 pimsm ssm default group address prefixlength group mask Mode Global Config Parameter Description default Defines the SSM range access list to 232 8 Format no ipv6 pimsm ssm Mode Global Config Format show ipv6 pimsm Modes Privileged EXEC User EXEC Term Definition PIM SM Admin Mode Indicates whether PIM SM is enabled or disabled Data Threshold Rate Kbps The data threshold rate for the PIM SM rou...

Page 395: ...e values are Operational or Non Operational Format show ipv6 pimsm bsr Mode Privileged EXEC User EXEC Term Definition BSR Address IP address of the BSR Uptime Length of time that this router has been up in hours minutes and seconds BSR Priority Priority as configured in the ip pimsm bsr candidate command Hash Mask Length Length of a mask maximum 32 bits that is to be ANDed with the group address b...

Page 396: ... which PIM hello messages are transmitted on this interface By default the value is 30 seconds Join Prune Interval secs The join prune interval for the PIM SM router The interval is in seconds Neighbor Count The neighbor count for the PIM SM interface Designated Router The IP address of the Designated Router for this interface DR Priority The priority of the Designated Router BSR Border The bootst...

Page 397: ...sent to solicit the multicast group registrations However some network setup does not need a multicast router as multicast traffic is destined to hosts within the same network In this situation the 7000 series has an IGMP MLD Snooping Querier running on one of the switches and Snooping enabled on all the switches For more information see IGMP Snooping Configuration Commands on page 3 139 and MLD S...

Page 398: ...een the general queries sent when the router is the querier on that interface The range for query interval is 1 to 3600 seconds no ipv6 mld query interval Use this command to reset the MLD query interval to the default value for that interface Default Disabled Format ipv6 mld router Mode Global Config Interface Config Default Disabled Format no ipv6 mld router Mode Global Config Interface Config D...

Page 399: ...mmand to set the last member query interval for the MLD interface which is the value of the maximum response time parameter in the group specific queries sent out of this interface The range for last member query interval is 1 to 65535 milliseconds no ipv6 mld last member query interval Use this command to reset the last member query interval parameter of the interface to the default value Default...

Page 400: ...LD is enabled on at least one interface If MLD was not enabled on even one interface there is no group information to be displayed The following fields are displayed as a table when unit slot port is specified Default 2 Format ipv6 mld last member query count last member query count Mode Interface Config Format no ipv6 mld last member query count Mode Interface Config Format show ipv6 mld groups u...

Page 401: ...r FE80 200 FF FE00 3 Field Description Interface Interface through which the multicast group is reachable Group Address The address of the multicast group Last Reporter The IP Address of the source of the last membership report received for this multicast group address on that interface Filter Mode The filter mode of the multicast group on this interface The values it can take are include and excl...

Page 402: ...rational Mode The operational status of MLD on the interface MLD Version Indicates the version of MLD configured on the interface Query Interval Indicates the configured query interval for the interface Query Max Response Time Indicates the configured maximum query response time in seconds advertised in MLD queries on this interface Robustness Displays the configured value for the tuning for the e...

Page 403: ...conds since the querier state has been updated Querier Expiry Time Time left in seconds before the Querier loses its title as querier Wrong Version Queries Indicates the number of queries received whose MLD version does not match the MLD version of the interface Number of Joins The number of times a group membership has been added on this interface Number of Leaves The number of times a group memb...

Page 404: ... on the router you must enable multicast forwarding Also make sure that there are no other multicast routing protocols enabled n the router no ipv6 mld proxy Use this command to disable MLD Proxy on the router Reports Received The number of valid MLD reports received by the router Reports Sent The number of valid MLD reports sent by the router Leaves Received The number of valid MLD leaves receive...

Page 405: ...efault value ipv6 mld proxy reset status Use this command to reset the host interface status parameters of the MLD Proxy router This command is only valid when you enable MLD Proxy on the interface show ipv6 mld proxy Use this command to display a summary of the host interface status parameters The command displays the following parameters only when you enable MLD Proxy Default 1 Format ipv6 mld p...

Page 406: ... Indicates whether MLD Proxy is enabled or disabled This is a configured value Operational Mode Indicates whether MLD Proxy is operationally enabled or disabled This is a status parameter Version The present MLD host version that is operational on the proxy interface Number of Multicast Groups The number of multicast groups that are associated with the MLD Proxy interface Unsolicited Report Interv...

Page 407: ...y information about multicast groups that the MLD Proxy reported Term Definition Interface Index The unit slot port of the MLD proxy Term Definition Ver The MLD version Query Rcvd Number of MLD queries received Report Rcvd Number of MLD reports received Report Sent Number of MLD reports sent Leaves Rcvd Number of MLD leaves received Valid for version 2 only Leaves Sent Number of MLD leaves sent on...

Page 408: ...play information about multicast groups that MLD Proxy reported Last Reporter The IP address of the host that last sent a membership report for the current group on the network attached to the MLD Proxy interface upstream interface Up Time in secs The time elapsed in seconds since last created Member State Possible values are Idle_Member The interface has responded to the latest group membership q...

Page 409: ...he IP address of the multicast group Last Reporter The IP address of the host that last sent a membership report for the current group on the network attached to the MLD Proxy interface upstream interface Up Time in secs The time elapsed in seconds since last created Member State Possible values are Idle_Member The interface has responded to the latest group membership query for this group Delay_M...

Page 410: ... 0 3 IPv6 Multicast Commands 6 29 v1 0 July 2010 FF1E 3 FE80 100 2 3 328 DELAY_MEMBER Exclude 0 FF1E 4 FE80 100 2 3 255 DELAY_MEMBER Include 4 Group Source List Expiry Time 4001 1 00 03 40 5002 2 00 03 40 4001 2 00 03 40 5002 2 00 03 40 ...

Page 411: ... IPv6 Routing Commands on page 7 10 OSPFv3 Commands on page 7 33 DHCPv6 Commands on page 7 68 Note The commands in this chapter require an optional software license for use on the GSM7328Sv1 and GSM7352Sv1 Note The commands in this chapter are in one of three functional groups Note The commands in this chapter are in one of three functional groups Show commands display switch settings statistics a...

Page 412: ...address over the network port Using IPv6 Management commands you can send SNMP traps and queries via the network port The user can manage a device via the network port in addition to a Routing Interface network ipv6 enable Use this command to enable IPv6 operation on the network port no network ipv6 enable Use this command to disable IPv6 operation on the network port network ipv6 address Use this...

Page 413: ...t no network ipv6 gateway Use this command to remove IPv6 gateways on the network port interface Parameter Description address IPv6 prefix in IPv6 global address format prefix length IPv6 prefix length value eui64 Formulate IPv6 address in eui64 format Format no network ipv6 address address prefix length eui64 Mode Privileged EXEC Format network ipv6 gateway gateway address Mode Privileged EXEC Pa...

Page 414: ... devices must have the ping utility enabled and running on top of TCP IP The switch can be pinged from any IP workstation with which the switch is connected through the default VLAN VLAN 1 as long as there is a physical path between the switch and the workstation The terminal interface sends three pings to the target station Use the ipv6 address hostname parameter to ping an interface by using the...

Page 415: ...y enabled and running on top of TCP IP The switch can be pinged from any IP workstation with which the switch is connected through the default VLAN VLAN 1 as long as there is a physical path between the switch and the workstation The terminal interface sends three pings to the target station Use the interface keyword to ping an interface by using the link local address or the global IPv6 address o...

Page 416: ... of IPv4 networks to IPv6 networks These tunnels are divided into two classes configured and automatic The distinction is that configured tunnels are explicitly configured with a destination or endpoint of the tunnel Automatic tunnels in contrast infer the endpoint of the tunnel from the destination address of packets routed into the tunnel To assign an IP address to the tunnel interface see ip ad...

Page 417: ...mode is set to 6to4 automatic Without the optional 6to4 argument the tunnel mode is configured show interface tunnel This command displays the parameters related to tunnel such as tunnel mode tunnel source address and tunnel destination address If you do not specify a tunnel ID the command shows the following information for each configured tunnel Format tunnel source ipv4 address ethernet unit sl...

Page 418: ...assign an IPv6 address to the loopback interface see ipv6 address on page 7 12 interface loopback Use this command to enter the Interface Config mode for a loopback interface The range of the loopback ID is 0 to 7 Term Definition Tunnel ID The tunnel identification number Interface The name of the tunnel interface Tunnel Mode The tunnel mode Source Address The source transport address of the tunne...

Page 419: ... appears Format no interface loopback loopback id Mode Global Config Format show interface loopback loopback id Mode Privileged EXEC Term Definition Loopback ID The loopback ID associated with the rest of the information in the row Interface The interface name IP Address The IPv4 address of the interface Received Packets The number of packets received on this interface Sent Packets The number of p...

Page 420: ...ines the unicast hop count used in ipv6 packets originated by the node The value is also included in router advertisements Valid values for hops are 1 255 inclusive The default not configured means that a value of zero is sent in router advertisements and a value of 64 is sent in packets originated by the node Note that this is not the same as configuring a value of 64 IPv6 Prefix is The IPv6 addr...

Page 421: ...6 routing on an interface including tunnel and loopback interfaces that has not been configured with an explicit IPv6 address When you use this command the interface is automatically configured with a link local address You do not need to use this command if you configured an IPv6 global address on the interface Format ipv6 hop limit hops Mode Global Config Format no ipv6 hop limit Mode Global Con...

Page 422: ...instead of a period a colon now separates each block For simplification leading zeros of each 16 bit block can be omitted One sequence of 16 bit blocks containing only zeros can be replaced with a double colon but not more than one at a time otherwise it is no longer a unique representation Dropping zeros 3ffe ffff 100 f101 0 0 0 1 becomes 3ffe ffff 100 f101 1 Local host 0000 0000 0000 0000 0000 0...

Page 423: ...e the prefix_length The next hop address is the IPv6 address of the next hop that can be used to reach the specified network Specifying Null0 as nexthop parameter adds a static reject route The preference parameter is a value the router uses to compare this route with routes from other route sources that have the same destination The range for preference is 1 255 and the default value is 1 You can...

Page 424: ...to static routes created after invoking the ipv6 route distance command no ipv6 route distance This command resets the default static route preference value in the router to the original default preference Lower route preference values are preferred when determining the best route ipv6 mtu This command sets the maximum transmission unit MTU size in bytes of IPv6 packets on an interface This comman...

Page 425: ...empts This command resets to number of duplicate address detection value to default value ipv6 nd managed config flag This command sets the managed address configuration flag in router advertisements When the value is true end nodes use DHCPv6 When the value is false end nodes automatically configure addresses Default 0 or link speed MTU value 1500 Format ipv6 mtu 1280 1500 Mode Interface Config F...

Page 426: ... of 0 means the interval is unspecified no ipv6 nd ns interval This command resets the neighbor solicit retransmission interval of the specified interface to the default value ipv6 nd other config flag This command sets the other stateful configuration flag in router advertisements sent from the interface Default false Format ipv6 nd managed config flag Mode Interface Config Format no ipv6 nd mana...

Page 427: ...ipv6 nd ra lifetime This command sets the value in seconds that is placed in the Router Lifetime field of the router advertisements sent from the interface The lifetime value must be zero or it must be an integer between the value of the router advertisement transmission interval and 9000 A value of zero means this router is not to be used as the default router Default false Format ipv6 nd other c...

Page 428: ...in milliseconds A value of zero means the time is unspecified by the router no ipv6 nd reachable time This command means reachable time is unspecified for the router ipv6 nd suppress ra This command suppresses router advertisement transmission on an interface Default 1800 Format ipv6 nd ra lifetime lifetime Mode Interface Config Format no ipv6 nd ra lifetime Mode Interface Config Default 0 Format ...

Page 429: ...his command to limit the rate at which ICMPv6 error messages are sent The rate limit is configured as a token bucket with two configurable parameters burst size and burst interval The burst interval specifies how often the token bucket is initialized with burst size tokens burst interval is from 0 to 2147483647 milliseconds msec The burst size is the number of ICMPv6 error messages that can be sen...

Page 430: ...nfig Format show ipv6 brief Mode Privileged EXEC Term Definition IPv6 Forwarding Mode Shows whether the IPv6 forwarding mode is enabled IPv6 Unicast Routing Mode Shows whether the IPv6 unicast routing mode is enabled IPv6 Hop Limit Shows the unicast hop count used in IPv6 packets originated by the node For more information see ipv6 hop limit on page 7 10 ICMPv6 Rate Limit Error Interval Shows how ...

Page 431: ...tion Unreachable messages may be sent If you use the brief parameter the following information displays for all configured IPv6 interfaces If you specify an interface the following information also appears Format show ipv6 interface brief unit slot port tunnel 0 7 loopback 0 7 Mode Privileged EXEC Term Definition Interface The interface in unit slot port format IPv6 Routing Operational Mode Shows ...

Page 432: ...me value of the interface in router advertisements Router Advertisement Reachable Time The amount of time in milliseconds to consider a neighbor reachable after neighbor discovery confirmation Router Advertisement Interval The frequency in seconds that router advertisements are sent Router Advertisement Managed Config Flag Shows whether the managed configuration flag is set enabled for router adve...

Page 433: ...IPv6 Destination Unreachables Enabled No IPv6 prefixes configured If an IPv6 prefix is configured on the interface the following information also appears show ipv6 neighbor Use this command to display information about the IPv6 neighbors Term Definition IFPv6 Prefix is The IPv6 prefix for the specified interface Preferred Lifetime The amount of time the advertised prefix is a preferred prefix Vali...

Page 434: ... one of the following keywords connected ospf static The all specifies that all routes including best and non best routes are displayed Otherwise only the best routes are displayed IPv6 Address IPV6 address of neighbor or interface MAC Address Link layer Address IsRtr Shows whether the neighbor is a router If the value is TRUE the neighbor is known to be a router and FALSE otherwise A value of FAL...

Page 435: ...l ipv6 prefix ipv6 prefix length unit slot port protocol protocol summary all all Modes Privileged EXEC User EXEC Term Definition Route Codes The key for the routing protocol codes that might appear in the routing table output Term Definition Code The code for the routing protocol that created this routing entry IPv6 Prefix IPv6 Prefix Length The IPv6 Prefix and prefix length of the destination IP...

Page 436: ...0 1 via fe80 200 42ff fe7d 2f19 00h 00m 23s 0 5 OI 7000 64 110 6 via fe80 200 4fff fe35 c8bb 00h 01m 47s 0 11 show ipv6 route preferences Use this command to show the preference value associated with the type of route Lower numbers have a greater preference A route with a preference of 255 cannot be used to forward traffic Format show ipv6 route preferences Mode Privileged EXEC Term Definition Loc...

Page 437: ...utes 1 Static Routes 2 OSPF Routes 0 Intra Area Routes 0 Inter Area Routes 0 External Type 1 Routes 0 External Type 2 Routes 0 Reject Routes 1 Total routes 3 Number of Prefixes 64 3 Format show ipv6 route summary all Modes Privileged EXEC User EXEC Term Definition Connected Routes Total number of connected routes in the routing table Static Routes Total number of static routes in the routing table...

Page 438: ... traffic on a specific interface If you do not specify an interface the command displays information about traffic on all interfaces Format show ipv6 vlan Modes Privileged EXEC User EXEC Term Definition MAC Address used by Routing VLANs Shows the MAC address Column Headings Definition VLAN ID The VLAN ID of a configured VLAN Logical Interface The interface in unit slot port format that is associat...

Page 439: ...ly the input interface for some of the datagrams Received Datagrams Discarded Due To Invalid Address Number of input datagrams discarded because the IPv6 address in their IPv6 header s destination field was not a valid address to be received at this entity This count includes invalid addresses for example 0 and unsupported addresses for example addresses with unallocated prefixes Forentities which...

Page 440: ...ere discarded e g for lack of buffer space Note that this counter would include datagrams counted in ipv6IfStatsOutForwDatagrams if any such packets met this discretionary discard criterion Fragments Created Number of output datagram fragments that have been generated as a result of fragmentation at this output interface Datagrams Successfully Fragmented Number of IPv6 datagrams that have been suc...

Page 441: ...ertisement messages received by the interface ICMPv6 Redirect Messages Received Number of Redirect messages received by the interface Transmitted Number of ICMPv6 Group Membership Query messages received by the interface Total ICMPv6 Messages Transmitted Total number of ICMP messages which this interface attempted to send Note that this counter includes all those counted by icmpOutErrors ICMPv6 Me...

Page 442: ...ICMPv6 Router Solicit Messages Transmitted Number of ICMP Router Solicitation messages sent by the interface ICMPv6 Router Advertisement Messages Transmitted Number of ICMP Router Advertisement messages sent by the interface ICMPv6 Neighbor Solicit Messages Transmitted Number of ICMP Neighbor Solicitation messages sent by the interface ICMPv6 Neighbor Advertisement Messages Transmitted Number of I...

Page 443: ...mmand sets the OSPF area to which the specified router interface belongs The areaid is an IPv6 address formatted as a 4 digit dotted decimal number or a decimal value in the range of 0 4294967295 The areaid uniquely identifies the area to which the interface connects Assigning an area id which does not exist on an interface causes the area to be created with default values Format clear ipv6 statis...

Page 444: ...at a router s Hello packets have not been seen before its neighbor routers declare that the router is down The value for the length of time must be the same for all routers attached to a common network This value should be some multiple of the Hello Interval i e 4 Valid values range for seconds is from 1 to 2147483647 no ipv6 ospf dead interval This command sets the default OSPF dead interval for ...

Page 445: ...PF maximum transmission unit MTU mismatch detection OSPF Database Description packets specify the size of the largest IP packet that can be sent without fragmentation on the interface When a router receives a Database Description packet it examines the MTU advertised by the neighbor By default if the MTU is larger than the router can accept the Database Description packet is rejected and the OSPF ...

Page 446: ...d router election It is normally not useful to set a tunnel to OSPF network type broadcast no ipv6 ospf network This command sets the interface type to the default value ipv6 ospf priority This command sets the OSPF priority for the specified router interface The priority of the interface is a priority integer from 0 to 255 A value of 0 indicates that the router is not eligible to become the desig...

Page 447: ... 3600 1 hour no ipv6 ospf retransmit interval This command sets the default OSPF retransmit Interval for the specified interface ipv6 ospf transmit delay This command sets the OSPF Transit Delay for the specified interface The transmit delay is specified in seconds In addition it sets the estimated number of seconds it takes to transmit a link state update packet over this interface Valid values f...

Page 448: ...or the stub area The operator must specify the area id and an integer value between 1 16777215 area nssa OSPFv3 This command configures the specified areaid to function as an NSSA no area nssa OSPFv3 This command disables nssa from the specified area id Format no ipv6 ospf transmit delay Mode Interface Config Format ipv6 router ospf Mode Global Config Format area areaid default cost 1 16777215 Mod...

Page 449: ... OSPFv3 This command disables the default route advertised into the NSSA area nssa no redistribute OSPFv3 This command configures the NSSA ABR so that learned external routes will not be redistributed to the NSSA no area nssa no redistribute OSPFv3 This command disables the NSSA ABR so that learned external routes are redistributed to the NSSA Format area areaid nssa default info originate metric ...

Page 450: ... election process when it attains border router status no area nssa translator role OSPFv3 This command disables the nssa translator role from the specified area id area nssa translator stab intv OSPFv3 This command configures the translator stabilityinterval of the NSSA The stabilityinterval is the period of time that an elected translator continues to perform its duties after it determines that ...

Page 451: ...ange The ipaddr is a valid IP address The subnetmask is a valid subnet mask area stub OSPFv3 This command creates a stub area for the specified area ID A stub area is characterized by the fact that AS External LSAs are not propagated into the area Removing AS External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area Format area areaid nssa tran...

Page 452: ...rt mode to the default for the stub area identified by areaid area virtual link OSPFv3 This command creates the OSPF virtual interface for the specified areaid and neighbor The neighbor parameter is the Router ID of the neighbor Format area areaid stub Mode Router OSPFv3 Config Format no area areaid stub Mode Router OSPFv3 Config Default enabled Format area areaid stub no summary Mode Router OSPFv...

Page 453: ...s the default dead interval for the OSPF virtual interface on the virtual interface identified by areaid and neighbor The neighbor parameter is the Router ID of the neighbor area virtual link hello interval OSPFv3 This command configures the hello interval for the OSPF virtual interface on the virtual interface identified by areaid and neighbor The neighbor parameter is the Router ID of the neighb...

Page 454: ...rtual link retransmit interval OSPFv3 This command configures the default retransmit interval for the OSPF virtual interface on the virtual interface identified by areaid and neighbor The neighbor parameter is the Router ID of the neighbor area virtual link transmit delay OSPFv3 This command configures the transmit delay for the OSPF virtual interface on the virtual interface identified by areaid ...

Page 455: ...interface bandwidth to link cost The link cost is computed as the ratio of a reference bandwidth to the interface bandwidth ref_bw interface bandwidth where interface bandwidth is defined by the bandwidth command Because the default reference bandwidth is 100 Mbps OSPF uses the same default link cost for all interfaces whose bandwidth is 100 Mbps or greater Use the auto cost command to change the ...

Page 456: ... command to drop the adjacency with all OSPF neighbors On each neighbor s interface send a one way hello Adjacencies may then be re established To drop all adjacencies with a specific router ID specify the neighbor s Router ID using the optional parameter neighbor id Format no auto cost reference bandwidth Mode Router OSPFv3 Config Format clear ipv6 ospf Mode Privileged EXEC Format clear ipv6 ospf...

Page 457: ... configuration and re originate prefixes as necessary default information originate OSPFv3 This command is used to control the advertisement of default routes no default information originate OSPFv3 This command is used to control the advertisement of default routes Format clear ipv6 ospf neighbor interface unit slot port neighbor id Mode Privileged EXEC Format clear ipv6 ospf redistribution Mode ...

Page 458: ...oute can be intra inter or external All the external type routes are given the same preference value The range of preference value is 1 to 255 no distance ospf OSPFv3 This command sets the default route preference value of OSPF routes in the router The type of OSPF route can be intra inter or external All the external type routes are given the same preference value Format default metric 1 16777214...

Page 459: ...erflow state that a router will wait before attempting to leave the overflow state This allows the router to again originate non default AS external LSAs When set to 0 the router will not leave overflow state until restarted The range for seconds is 0 to 2147483647 seconds no exit overflow interval OSPFv3 This command configures the default exit overflow interval for OSPF Default enabled Format en...

Page 460: ...routers attached to the OSPF backbone and or any regular OSPF area The range for limit is 1 to 2147483647 no external lsdb limit This command configures the default external LSDB limit for OSPF maximum paths OSPFv3 This command sets the number of paths that OSPF can report for a given destination where maxpaths is platform dependent no maximum paths This command resets the number of paths that OSP...

Page 461: ... passive interface OSPFv3 Use this command to set the interface or tunnel as passive It overrides the global passive mode that is currently effective on the interface or tunnel no passive interface OSPFv3 Use this command to set the interface or tunnel as non passive It overrides the global passive mode that is currently effective on the interface or tunnel Default disabled Format passive interfac...

Page 462: ...y identifying the router ospf id The ipaddress is a configured value trapflags OSPFv3 Use this command to enable individual OSPF traps enable a group of trap flags at a time or enable all the trap flags at a time The different groups of trapflags and each group s specific trapflags to enable or disable are listed in Cross Ref Table 2 Default metric unspecified type 2 tag 0 Format redistribute stat...

Page 463: ...the flags give the command as trapflags all Table 2 Trapflag Groups OSPFv3 Group Flags errors authentication failure bad packet config error virt authentication failure virt bad packet virt config error if rx ir rx packet lsa lsa maxage lsa originate overflow lsdb overflow lsdb approaching overflow retransmit packets virt packets rtb rtb entry info state change if state change neighbor state chang...

Page 464: ... if rx all if rx packet lsa all lsa maxage lsa originate overflow all lsdb overflow lsdb approaching overflow retransmit all packets virt packets rtb all rtb entry info state change all if state change neighbor state change virtif state change virtneighbor state change Mode Router OSPFv3 Config Format no trapflags all errors all authentication failure bad packet config error virt authentication fa...

Page 465: ...er is configured to re distribute routes learned by other protocols or disabled if the router is not configured for the same Stub Router When OSPF runs out of resources to store the entire link state database or any other state information OSPF goes into stub router mode As a stub router OSPF re originates its own router LSAs setting the cost of all non stub interfaces to infinity To restore OSPF ...

Page 466: ...gment External LSDB Limit The maximum number of non default AS external LSAs entries that can be stored in the link state database Default Metric Default value for redistributed routes Default Passive Setting Shows whether the interfaces are passive by default Default Route Advertise Indicates whether the default routes received from other source protocols are advertised or not Always Shows whethe...

Page 467: ...routes are External Type 1 or External Type 2 Tag The decimal value attached to each external route Subnets For redistributing routes into OSPF the scope of redistribution for the specified protocol Distribute List The access list used to filter redistributed routes Format show ipv6 ospf abr Modes Privileged EXEC User EXEC Term Definition Type The type of the route to the destination It can be eit...

Page 468: ...area s link state database excluding AS External LSAs Area LSA Checksum A number representing the Area LSA Checksum for the specified AreaID excluding the external LS type 5 link state advertisements Stub Mode Represents whether the specified Area is a stub area or not The possible values are enabled and disabled This is a configured value Import Summary LSAs Shows whether to import summary LSAs e...

Page 469: ...efault Metric Type The metric type for the default route advertised into the NSSA Translator Role The NSSA translator role of the ABR which is always or candidate Translator Stability Interval The amount of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router Translator State Shows whether the ABR translat...

Page 470: ...y the number of each type of LSA in the database and the total number of LSAs in the database Format show ipv6 ospf areaid database external inter area prefix router link network nssa external prefix router unknown area as link lsid adv router rtrid self originate Modes Privileged EXEC User EXEC Term Definition Link Id A number that uniquely identifies an LSA that a router originates from all othe...

Page 471: ...nknown Total number of link source unknown LSAs in the OSPFv3 link state database Area Unknown Total number of area unknown LSAs in the OSPFv3 link state database AS Unknown Total number of as unknown LSAs in the OSPFv3 link state database Type 5 Ext Total number of AS external LSAs in the OSPFv3 link state database Self Originated Type 5 Total number of self originated AS external LSAs in the OSP...

Page 472: ...s to the age of LSA packets before transmission Authentication Type The type of authentication the interface performs on LSAs it receives Metric Cost The priority of the path Low costs have a higher priority than high costs Passive Status Shows whether the interface is passive or not OSPF MTU ignore Shows whether to ignore MTU mismatches in database descriptor packets sent from neighboring routers...

Page 473: ...erval The frequency in seconds at which the interface sends Hello packets Dead Interval The amount of time in seconds the interface waits before assuming a neighbor is down Retransmit Interval The frequency in seconds at which the interface sends LSA Retransmit Delay Interval The number of seconds the interface adds to the age of LSA packets before transmission LSA Ack Interval The amount of time ...

Page 474: ...in the OSPF header does not match the version of the OSPF process handling the packet Virtual Link Not Found The number of received OSPF packets discarded where the ingress interface is in a non backbone area and the OSPF header identifies the packet as belonging to the backbone but OSPF does not have a virtual link to the packet s sender Area Mismatch The number of OSPF packets discarded because ...

Page 475: ...m 0 to 255 A value of 0 indicates that the router is not eligible to become the designated router on this network Intf ID The interface ID of the neighbor Interface The interface of the local router in unit slot port format State The state of the neighboring routers Possible values are Down initial state of the neighbor conversation no recent information has been received from the neighbor Attempt...

Page 476: ...l not even start to form if there is a mismatch in certain crucial OSPF capabilities Router Priority The router priority for the specified interface Dead Timer Due The amount of time in seconds to wait before the router assumes the neighbor is unreachable State The state of the neighboring routers Events Number of times this neighbor relationship has changed state or an error has occurred Retransm...

Page 477: ...ition Area ID A 32 bit identifier for the created stub area Type of Service Type of service associated with the stub metric For this release Normal TOS is the only supported type Metric Val The metric value is applied based on the TOS It defaults to the least metric of the type of service among the interfaces to other areas The OSPF cost for a route is a function of the metric value Import Summary...

Page 478: ... The type of authentication the interface performs on LSAs it receives State The OSPF Interface States are down loopback waiting point to point designated router and backup designated router This is the state of the OSPF interface Neighbor State The neighbor state Format show ipv6 ospf virtual link brief Modes Privileged EXEC User EXEC Term Definition Area ID The area id of the requested OSPFV3 ar...

Page 479: ...v6 dhcp relay destination Use this command to configure an interface for DHCPv6 relay functionality Use the destination keyword to set the relay server IPv6 address The relay address parameter is an IPv6 address of a DHCPv6 relay server Use the interface keyword to set the relay server interface The relay interface parameter is an interface unit slot port to reach a relay server The optional remot...

Page 480: ...esent the DHCPv6 the remote id sub option Note If relay address is an IPv6 global address then relay interface is not required If relay address is a link local or multicast address then relay interface is required Finally if you do not specify a value for relay address then you must specify a value for relay interface and the DHCPV6 ALL AGENTS multicast address i e FF02 1 2 is used to relay DHCPv6...

Page 481: ...apabilities are configured no ipv6 dhcp pool This command removes the specified DHCPv6 pool domain name IPv6 This command sets the DNS domain name which is provided to DHCPv6 client by DHCPv6 server DNS domain name is configured for stateless server support Domain name consist of no more than 31 alpha numeric characters DHCPv6 pool can have multiple number of domain names with maximum of 8 no doma...

Page 482: ...UID value Example 00 01 00 09 f8 79 4e 00 04 76 73 43 76 Name is 31 characters textual client s name which is useful for logging or tracing only Valid lifetime is the valid lifetime for the delegated prefix in seconds and preferred lifetime is the preferred lifetime for the delegated prefix in seconds no prefix delegation This command deletes a specific prefix delegation client Format dns server d...

Page 483: ...ws the DHCPv6 unique identifier Format show ipv6 dhcp statistics Mode Privileged EXEC Term Definition DHCPv6 Solicit Packets Received Number of solicit received statistics DHCPv6 Request Packets Received Number of request received statistics DHCPv6 Confirm Packets Received Number of confirm received statistics DHCPv6 Renew Packets Received Number of renew received statistics DHCPv6 Rebind Packets ...

Page 484: ... malformed packets statistics Received DHCPv6 Packets Discarded Number of DHCP discarded statistics Total DHCPv6 Packets Received Total number of DHCPv6 received statistics DHCPv6 Advertisement Packets Transmitted Number of advertise sent statistics DHCPv6 Reply Packets Transmitted Number of reply sent statistics DHCPv6 Reconfig Packets Transmitted Number of reconfigure sent statistics DHCPv6 Rela...

Page 485: ... Use the unit slot port parameter to specify the interface Mode Shows whether the interface is a IPv6 DHCP relay or server Term Definition Pool Name The pool name specifying information for DHCPv6 server distribution to DHCPv6 clients Server Preference The preference of the server Option Flags Shows whether rapid commit is enabled Term Definition Relay Address The IPv6 address of the relay server ...

Page 486: ...system burned in MAC address and a timestamp value Host Name of the client Prefix Prefix Length IPv6 address and mask length for delegated prefix Preferred Lifetime Preferred lifetime in seconds for delegated prefix Valid Lifetime Valid lifetime in seconds for delegated prefix DNS Server Address Address of DNS server address Domain Name DNS domain name Format show ipv6 dhcp binding ipv6 address Mo...

Page 487: ...ix type IAPD IANA or IATA Client Address Address of DHCP Client Client Interface IPv6 Address of DHCP Client Expiration Address of DNS server address Valid Lifetime Valid lifetime in seconds for delegated prefix Preferred Lifetime Preferred lifetime in seconds for delegated prefix Term Definition ...

Page 488: ...ge 8 19 DiffServ Service Commands on page 8 25 DiffServ Show Commands on page 8 26 MAC Access Control List ACL Commands on page 8 32 IP Access Control List ACL Commands on page 8 37 IPv6 Access Control List ACL Commands on page 8 44 Auto Voice over IP Commands on page 8 48 Note The commands in this chapter are in one of two functional groups Show commands display switch settings statistics and oth...

Page 489: ...bout 802 1p priority see Voice VLAN Commands on page 3 48 no classofservice dot1p mapping This command maps each 802 1p priority to its default internal traffic class value classofservice ip dscp mapping This command maps an IP DSCP value to an internal traffic class The ipdscp value is specified as either an integer from 0 to 63 or symbolically through one of the following keywords af11 af12 af13...

Page 490: ...If you configure an interface to use Dot1p the mode does not appear in the output of the show running config command because Dot1p is the default no classofservice trust This command sets the interface mode to the default value Format classofservice ip dscp mapping ipdscp trafficclass Mode Global Config Format no classofservice ip dscp mapping Mode Global Config Note The classofservice trust dot1p...

Page 491: ...ceed 100 no cos queue min bandwidth This command restores the default for each queue s minimum bandwidth value cos queue strict This command activates the strict priority scheduler mode for each specified queue no cos queue strict This command restores the default weighted scheduler mode for each specified queue Format cos queue min bandwidth bw 0 bw 1 bw n Modes Global Config Interface Config For...

Page 492: ...a specific interface The unit slot port parameter is optional and is only valid on platforms that support independent per port class of service mappings If specified the 802 1p mapping table of the interface is displayed If omitted the most recent global configuration settings are displayed For more information see Voice VLAN Commands on page 3 48 The following information is repeated for each use...

Page 493: ...yed The following information is repeated for each user priority show classofservice ip dscp mapping This command displays the current IP DSCP mapping to internal traffic classes for the global configuration settings The following information is repeated for each user priority Format show classofservice ip precedence mapping unit slot port Mode Privileged EXEC Term Definition IP Precedence The IP ...

Page 494: ...onfiguration settings are displayed Format show classofservice trust unit slot port Mode Privileged EXEC Term Definition Non IP Traffic Class The traffic class used for non IP traffic This is only displayed when the COS trust mode is set to trust IP Precedence or IP DSCP on platforms that support IP DSCP Untrusted Traffic Class The traffic class used for all untrusted traffic This is only displaye...

Page 495: ...teria The attributes of a DiffServ policy define the way the switch processes packets You can define policy attributes on a per class instance basis The switch applies these attributes when a match occurs Packet processing begins when the switch tests the match criteria for a packet The switch applies a policy to a packet when it finds a class match within that policy The following rules apply whe...

Page 496: ...isting class definition is to delete the class and re create it diffserv This command sets the DiffServ operational mode to active While disabled the DiffServ configuration is retained and can be changed but it is not activated When enabled DiffServ services are activated no diffserv This command sets the DiffServ operational mode to inactive While disabled the DiffServ configuration is retained a...

Page 497: ...tch condition this command enters the class map mode The class map name is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying an existing DiffServ class The class type of match all indicates all of the individual match conditions must be true for a packet to be considered a member of the class This command may be used without specifying a class type to enter the Clas...

Page 498: ...s map rename This command changes the name of a DiffServ class The class map name is the name of an existing DiffServ class The new class map name parameter is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the class Note The CLI mode is changed to Class Map Config or Ipv6 Class Map Config when this command is successfully executed depending on the ipv4 ipv6 keyw...

Page 499: ...mand adds to the specified class definition a match condition whereby all packets are considered to belong to the class match class map This command adds to the specified class definition the set of match conditions defined for another class The refclassname is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition Format match ethertyp...

Page 500: ...be the same Only one other class may be referenced by a class Any attempts to delete the refclassname class while the class is still referenced by any class map name fails The combined match criteria of class map name and refclassname must be an allowed combination based on the class type Any subsequent changes to the refclassname class match criteria must maintain this validity or the change atte...

Page 501: ...2 dd ee ff The macmask parameter is a layer 2 MAC address bit mask which need not be contiguous and is formatted as six two digit hexadecimal numbers separated by colons e g ff 07 23 ff fe dc match dstip This command adds to the specified class definition a match condition based on the destination IP address of a packet The ipaddr parameter specifies an IP address The ipmask parameter specifies an...

Page 502: ...r is required The port number is an integer from 0 to 65535 match ip dscp This command adds to the specified class definition a match condition based on the value of the IP DiffServ Code Point DSCP field in a packet which is defined as the high order six bits of the Service Type octet in the IP header the low order two bits are not checked The dscpval value is specified as either an integer from 0...

Page 503: ...value of tosmask is a two digit hexadecimal number from 00 to ff The tosmask denotes the bit positions in tosbits that are used for comparison against the IP TOS field in a packet For example to check for an IP TOS value having bits 7 and 5 set and bit 1 clear where bit 7 is most significant use a tosbits value of a0 hex and a tosmask of a2 hex Default none Format match ip dscp dscpval Mode Class ...

Page 504: ... ip tcp udp A value of ip matches all protocol number values To specify the match condition using a numeric value notation the protocol number is a standard value assigned by IANA and is interpreted as an integer from 0 to 255 Note This free form version of the IP DSCP Precedence TOS match specification gives the user complete control when specifying which bits of the IP Service Type field are che...

Page 505: ...ess of a packet The ipaddr parameter specifies an IP address The ipmask parameter specifies an IP address bit mask and must consist of a contiguous set of leading 1 bits match srcip6 This command adds to the specified class definition a match condition based on the source IP address of a packet match srcl4port This command adds to the specified class definition a match condition based on the sourc...

Page 506: ... policy association to an interface to form a service Specify the policy name when you create the policy Each traffic class defines a particular treatment for packets that match the class definition You can associate multiple traffic classes with a single policy When a packet satisfies the conditions of more than one class preference is based on the order in which you add the classes to the policy...

Page 507: ...ted traffic stream are to be dropped at ingress mirror This command specifies that all incoming packets for the associated traffic stream are copied to a specific egress interface physical port or LAG Format assign queue queueid Mode Policy Class Map Config Incompatibilities Drop Format drop Mode Policy Class Map Config Incompatibilities Assign Queue Mark all forms Mirror Police Redirect Note This...

Page 508: ... of an existing DiffServ class map class This command creates an instance of a class definition within the specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements The classname is the name of an existing DiffServ class Note This command is not available on the GSM7328Sv1 or GSM7352Sv1 platforms Format redirect unit slot port Mode P...

Page 509: ...outer 802 1Q tag of a double VLAN tagged packet If the packet does not already contain this header one is inserted The CoS value is an integer from 0 to 7 mark ip dscp mark ip dscp This command marks all packets for the associated traffic stream with the specified IP DSCP value Note The CLI mode is changed to Policy Class Map Config when this command is successfully executed Format class classname...

Page 510: ...The conforming burst size is specified in kilobytes KB and is an integer from 1 to 128 For each outcome the only possible actions are drop set cos transmit set dscp transmit set prec transmit or transmit In this simple form of the police command the conform action defaults to transmit and the violate action defaults to drop For set dscp transmit a dscpval value is required and is specified as eith...

Page 511: ...fServ policy The policyname parameter is the name of an existing DiffServ policy This command may be issued at any time If the policy is currently referenced by one or more interface service attachments this delete attempt fails Format police simple 1 4294967295 1 128 conform action drop set prec transmit 0 7 set dscp transmit 0 63 set cos transmit 0 7 transmit violate action drop set prec transmi...

Page 512: ...ffServ is not used in the outbound direction This set of commands consists of service addition removal The CLI command root is service policy service policy This command attaches a policy to an interface in the inbound direction The policyname parameter is the name of an existing DiffServ policy This command causes a service to create a reference to the policy Format policy map rename policyname n...

Page 513: ...when the DiffServ administrative mode is enabled show class map This command displays all configuration information for the specified class The class name is the name of an existing DiffServ class Format service policy in policymapname Modes Global Config Interface Config Note Each interface can have one policy attached Note This command causes a service to remove its reference to the policy This ...

Page 514: ...ch Criteria The Match Criteria fields are only displayed if they have been configured Not all platforms support all match criteria values They are displayed in the order entered by the user The fields are evaluated in accordance with the class type The possible Match Criteria fields are Destination IP Address Destination Layer 4 Port Destination MAC Address Ethertype Source MAC Address VLAN Class ...

Page 515: ...Rule Table Policy Table Size Current Max The current number of entries rows and the maximum allowed entries rows in the Policy Table Policy Instance Table Size Current Max Current number of entries rows and the maximum allowed entries rows in the Policy Instance Table Policy Attribute Table Size Current Max Current number of entries rows and the maximum allowed entries rows in the Policy Attribute...

Page 516: ...d if mark ip description is not specified Mark IP Precedence The mark re mark value used as the IP Precedence for traffic matching this class This is not displayed if mark ip precedence is not specified Mirror Copies a classified traffic stream to a specified egress port physical port or LAG This can occur in addition to any marking or policing action It may also be specified along with a QoS queu...

Page 517: ...n which they were created Policy Type The policy type Only inbound is supported Class Members List of all class names associated with this policy Format show diffserv service unit slot port in Mode Privileged EXEC Term Definition DiffServ Admin Mode The current setting of the DiffServ administrative mode An attached policy is only in effect on an interface while DiffServ is in an enabled mode Inte...

Page 518: ... is in an enabled mode Term Definition Interface Valid unit slot and port number separated by forward slashes Direction The traffic direction of this interface service OperStatus The current operational status of this DiffServ service interface Policy Name The name of the policy attached to the interface in the indicated direction Note This command is only allowed while the DiffServ administrative...

Page 519: ...ing rules apply to MAC ACLs The maximum number of ACLs you can create is hardware dependent The limit applies to all ACLs regardless of type The system supports only Ethernet II frame types The maximum number of rules per MAC ACL is hardware dependent For the GSM7328Sv1 GSM7352Sv1 and GSM7328FS if you configure an IP ACL on an interface you cannot configure a MAC ACL on the same interface In Disca...

Page 520: ...CL no mac access list extended This command deletes a MAC ACL identified by name from the system mac access list extended rename This command changes the name of a MAC Access Control List ACL The name parameter is the name of an existing MAC ACL The newname parameter is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list This command fails if a MAC...

Page 521: ...e same relative order as shown in the command format The Ethertype may be specified as either a keyword or a four digit hexadecimal value from 0x0600 0xFFFF The currently supported ethertypekey values are appletalk arp ibmsna ipv4 ipv6 ipx mplsmcast mplsucast netbios novell pppoe rarp Each of these translates into its equivalent Ethertype value s Note The no form of this command is not supported s...

Page 522: ...tion A lower number indicates higher precedence order If a sequence number is already in use for this interface and direction the specified mac access list replaces the currently attached mac access list using that sequence number If the sequence number is not specified for this command a sequence number that is one greater than the highest sequence number currently in use for this interface and d...

Page 523: ...al Config Interface Config Format show mac access lists name Mode Privileged EXEC Term Definition Rule Number The ordered rule number identifier defined within the MAC ACL Action The action associated with each rule The possible values are Permit or Deny Source MAC Address The source MAC address for this rule Destination MAC Address The destination MAC address for this rule Ethertype The Ethertype...

Page 524: ...ce you cannot configure an IP ACL on the same interface Wildcard masking for ACLs operates differently from a subnet mask A wildcard mask is in essence the inverse of a subnet mask With a subnet mask the mask has ones 1 s in the bit positions that are used for the network address and has zeros 0 s for the bit positions that are not used In contrast a wildcard mask has 0 s in a bit position that mu...

Page 525: ...4 port match condition for the IP ACL rule You can use the port number which ranges from 0 65535 or you specify the portkey which can be one of the following keywords domain echo ftp ftpdata http smtp snmp telnet tftp and www Each of these keywords translates into its equivalent port number which is used as both the start and end of a port range dstip dstmask Specifies a destination IP address and...

Page 526: ...ds defined for the IP header of an IPv4 frame The name parameter is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the IP access list If an IP ACL by this name already exists this command enters IPv4 Access_List config mode to allow updating the existing IP ACL no ip access list This command deletes the IP ACL identified by name from the system Format no access l...

Page 527: ...yword or the protocol source address and destination address values must be specified The source and destination IP address fields may be specified using the Format ip access list rename name newname Mode Global Config Note The no form of this command is not supported since the rules within an IP ACL cannot be deleted individually Rather the entire IP ACL must be deleted and re specified Note An i...

Page 528: ...e number may be specified to indicate the order of this IP access list relative to other IP access lists already assigned to this interface and direction A lower number indicates higher precedence order If a sequence number is already in use for this interface and direction the specified access list replaces the currently attached IP access list using that sequence number If the sequence number is...

Page 529: ... ACL trap mode show ip access lists This command displays an IP ACL accesslistnumber is the number used to identify the IP ACL Default none Format no ip access group accesslistnumber vlan vlan id in Mode Interface Config Global Config Default disabled Format acl trapflags Mode Global Config Format no acl trapflags Mode Global Config Format show ip access lists accesslistnumber Mode Privileged EXEC...

Page 530: ...e source IP Mask for this rule Source L4 Port Keyword The source port for this rule Destination IP Address The destination IP address for this rule Destination IP Mask The destination IP Mask for this rule Destination L4 Port Keyword The destination port for this rule IP DSCP The value specified for IP DSCP IP Precedence The value specified IP Precedence IP TOS The value specified for IP TOS Log D...

Page 531: ...ame The name parameter is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the IPv6 access list ACL ID Access List name for a MAC or IPv6 access list or the numeric identifier for an IP access list Sequence Number An optional sequence number may be specified to indicate the order of this access list relative to other access lists already assigned to this interface ...

Page 532: ...31 characters uniquely identifying the IPv6 access list This command fails is an IPv6 ACL by the name newname already exists deny permit IPv6 This command creates a new rule for the current IPv6 access list Each rule is appended to the list of configured rules for the list Note The CLI mode changes to IPv6 Access List Config mode when you successfully execute this command Format ipv6 access list n...

Page 533: ...ile the redirect parameter allows the traffic matching this rule to be forwarded to the specified unit slot port The assign queue and redirect parameters are only valid for a permit rule ipv6 traffic filter This command either attaches a specific IPv6 ACL identified by name to an interface or associates with a VLAN ID in a given direction The name parameter must be the name of an existing IPv6 ACL...

Page 534: ...rection show ipv6 access lists This command displays an IPv6 access list and all of the rules that are defined for the IPv6 ACL Use the name parameter to identify a specific IPv6 ACL to display Note You should be aware that the out option may or may not be available depending on the platform Format ipv6 traffic filter name vlan vlan id in out sequence 1 4294967295 Modes Global Config Interface Con...

Page 535: ... time sensitive traffic auto voip all Use this command to enable VoIP Profile on the interfaces of the switch Match All Indicates whether this access list applies to every packet Possible values are True or False Protocol The protocol to filter for this rule Source IP Address The source IP address for this rule Source L4 Port Keyword The source port for this rule Destination IP Address The destina...

Page 536: ...uto voip Use this command to disable VoIP Profile on the interface show auto voip Use this command to display the VoIP Profile settings on the interface or interfaces of the switch Default disabled Format auto voip all Mode Global Config Format no auto voip all Mode Global Config Default disabled Format auto voip Mode Interface Config Format no auto voip all Mode Interface Config Format show auto ...

Page 537: ... 50 v1 0 July 2010 Field Description AutoVoIP Mode The Auto VoIP mode on the interface Traffic Class The CoS Queue or Traffic Class to which all VoIP traffic is mapped to This is not configurable and defaults to the highest CoS queue available in the system for data traffic ...

Page 538: ...on page 9 40 DNS Client Commands on page 9 55 Packet Capture Commands on page 9 61 Cable Test Command on page 9 83 sFlow Commands on page 9 84 Software License Commands on page 9 89 Note The commands in this chapter are in one of four functional groups Show commands display switch settings statistics and other information Configuration commands configure features and options of the switch For ever...

Page 539: ...r and if necessary a DNS server There are three stepss to Auto Install 1 Configuration or assignment of an IP address for the device 2 Assignment of a TFTP server 3 Obtain a configuration file for the device from the TFTP server show autoinstall This command displays the current status of the Auto Config process Example switch show autoinstall AutoInstall Mode Stopped AutoSave Mode Disabled AutoIn...

Page 540: ...from a TFTP server boot autoinstall stop The command is used to A user may terminate the Auto Install process at any time prior to the downloading of the config file This is most optimally done when the switch is disconnected from the network or if the requisite configuration files have not been configured on TFTP servers Termination of the Auto Install process ends further periodic requests for a...

Page 541: ...allows reduced down time when you upgrade or downgrade the software delete This command deletes the supplied image file from the permanent storage The image to be deleted must be a backup image If this image is the active image or if this image is activated an error message displays The optional unit parameter is valid only on Stacks Error will be returned if this parameter is provided on Standalo...

Page 542: ...backup images on the supplied unit node of the Stack If you do not specify a unit number the command displays image details for all nodes on the Stack The command also displays any text description associated with an image This command when used on a Standalone system displays the switch activation status For a standalone system the unit parameter is not valid filedescr This command associates a g...

Page 543: ...s section describes the commands you use to view information about system features components and configurations show arp switch This command displays the contents of the IP stack s Address Resolution Protocol ARP table The IP stack only learns ARP entries associated with the management interfaces network or service ports ARP entries associated with routing interfaces are not listed Format update ...

Page 544: ...EXEC Term Definition File The file in which the event originated Line The line number of the event Task Id The task ID of the event Code The event code Time The time this event occurred Unit The unit for the event Note Event log information is retained across a switch reset Note The show version command and the show hardware command display the same information In future releases of the software t...

Page 545: ...e machine model as defined by the Vital Product Data Serial Number The unique box serial number for this switch FRU Number The field replaceable unit number Part Number Manufacturing part number Maintenance Level Hardware changes that are significant to software Manufacturer Manufacturer descriptor field Burned in MAC Address Universally assigned network address Software Version The release versio...

Page 546: ...her layer protocol Broadcast Packets Received The total number of packets received that were directed to the broadcast address Note that this does not include multicast packets Packets Transmitted Without Error The total number of packets transmitted out of the interface Transmit Packets Errors The number of outbound packets that could not be transmitted because of errors Collisions Frames The bes...

Page 547: ...rs The number of outbound packets that could not be transmitted because of errors Address Entries Currently In Use The total number of Forwarding Database Address Table entries now active on the switch including learned and static entries VLAN Entries Currently In Use The number of VLAN entries presently occupying the VLAN table Time Since Counters Last Cleared The elapsed time in days hours minut...

Page 548: ...smitted to a Multicast address including those that were discarded or not sent Broadcast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to the Broadcast address including those that were discarded or not sent Transmit Packets Discarded The number of outbound packets which were chosen to be discarded even though no errors had been detected to pr...

Page 549: ...owing information displays if you do not enter a parameter the keyword all or the MAC address and VLAN ID If you enter vlan vlan_id only the Mac Address Interface and Status fields appear Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this switch were last cleared Format show mac addr table macaddr vlan_id all count interface unit slot ...

Page 550: ...ddress is also the value of an existing instance of dot1dStaticAddress It is identified with interface 0 1 and is currently used when enabling VLANs for routing Self The value of the corresponding instance is the address of one of the switch s physical interfaces the system s own MAC address GMRP Learned The value of the corresponding was learned via GMRP and applies to Multicast Other The value o...

Page 551: ...bcmLINK 0 0 35 DHCP snoop 0 10 Dynamic ARP Inspection 0 10 dot1s_timer_task 0 10 dhcpsPingTask 0 20 show mbuf total This command shows the total system buffer pools status The following shows an example of CLI display output for the command switch show mbuf total mbufSize 9284 0x2444 Current Time 0x1897fa Note It is not necessarily the traffic to the CPU but different tasks that keep the CPU busy ...

Page 552: ... configure another switch with the same configuration If the optional scriptname is provided with a file name extension of scr the output is redirected to a script file Note Show running config does not display the User Password even if you set one different from the default Note If you issue the show running config command from a serial connection access to the switch through remote connections s...

Page 553: ...nd displays switch information Format show running config all scriptname changed Mode Privileged EXEC Format show running config interface unit slot port VLAN id LAG id Mode Interface Config Format show sysinfo Mode Privileged EXEC Term Definition Switch Description Text used to identify this switch System Name Name used to identify the switch The factory default is blank To configure the system n...

Page 554: ...o be displayed on the screen i e pagination for the show running config and show running config all commands The terminal length size is either zero or a number in the range of 5 to 48 After the user configured number of lines is displayed in one page the system prompts the user More or q uit Press q or Q to quit or press any key to display the next set of 5 48 lines The command terminal length 0 ...

Page 555: ...ction describes the commands you use to configure system logging and to view logs and the logging settings logging buffered This command enables logging to an in memory log that keeps up to 128 logs no logging buffered This command disables logging to in memory log Format no terminal length Mode Privileged EXEC Format show terminal length Mode Privileged EXEC Default disabled critical when enabled...

Page 556: ...g and configures logging to stop when the log file capacity is full logging cli command This command enables the CLI command logging feature which enables the 7000 series software to log all CLI commands issued on the system no logging cli command This command disables the CLI command Logging feature Default enabled Format logging buffered wrap Mode Privileged EXEC Format no logging buffered wrap ...

Page 557: ...gure up to eight hosts The ipaddr hostname is the IP address of the logging host The addresstype indicates the type of address ipv4 or ipv6 or dns being passed The port value is a port number from 1 to 65535 You can specify the severitylevel value as either an integer from 0 to 7 or symbolically through one of the following keywords emergency 0 alert 1 critical 2 error 3 warning 4 notice 5 info 6 ...

Page 558: ...mmand disables syslog logging show logging This command displays logging configuration information Format logging host remove hostindex Mode Global Config Default disabled Format logging syslog port portid Mode Global Config Format no logging syslog Mode Global Config Format show logging Mode Privileged EXEC Term Definition Logging Client Local Port Port on the collector relay to which syslog mess...

Page 559: ...g Shows whether syslog logging is enabled Log Messages Received Number of messages received by the log process This includes messages that are dropped or ignored Log Messages Dropped Number of messages that could not be processed due to error or lack of resources Log Messages Relayed Number of messages sent to the collector relay Format show logging buffered Mode Privileged EXEC Term Definition Bu...

Page 560: ... Port The server port number which is the port on the local host from which syslog messages are sent Host Status The state of logging to configured syslog hosts If the status is disable no logging occurs Format show logging traplogs Mode Privileged EXEC Term Definition Number of Traps Since Last Reset The number of traps since the last boot Trap Log Capacity The number of traps the system can reta...

Page 561: ...are emergency 0 alert 1 critical 2 error 3 warning 4 notice 5 info 6 debug 7 no logging persistent Use this command to disable the persistent logging in the switch System Utility and Clear Commands This section describes the commands you use to help troubleshoot connectivity issues and to restore various configurations to their factory defaults Default Disable Format logging persistent severity le...

Page 562: ...eged EXEC Parameter Description ipaddr hostname The ipaddr value should be a valid IP address The hostname value should be a valid hostname initTtl Use initTtl to specify the initial time to live TTL the maximum number of router hops between the local and remote system Range is 0 to 255 maxTtl Use maxTtle to specify the maximum TTL Range is 1 to 255 maxFail Use maxFail to terminate the traceroute ...

Page 563: ...252 0 msec 0 msec 1 msec 3 172 31 0 9 277 msec 276 msec 277 msec 4 10 254 1 1 289 msec 327 msec 282 msec 5 10 254 21 2 287 msec 293 msec 296 msec 6 192 168 76 2 290 msec 291 msec 289 msec 7 0 0 0 0 0 msec Hop Count 6 Last TTL 7 Test attempt 19 Test Success 18 traceroute ipv6 Use the traceroute command to discover the routes that packets actually take when traveling to their destination through the...

Page 564: ...t values It does not reset the switch clear mac addr table This command clears the dynamically learned MAC addresses of the switch clear logging buffered This command clears the messages maintained in the system log clear counters This command clears the statistics for a specified unit slot port for all the ports or for the entire switch based upon the argument Format clear config Mode Privileged ...

Page 565: ...ults without powering off the switch You are prompted to confirm that the password reset should proceed clear port channel This command clears all port channels LAGs clear traplog This command clears the trap log clear vlan This command resets VLAN configuration parameters to the factory defaults Format clear igmpsnooping Mode Privileged EXEC Format clear pass Mode Privileged EXEC Format clear por...

Page 566: ...adecimal characters logout This command closes the current telnet connection or resets the current serial connection ping Use this command to determine whether another computer is on the network Ping provides a synchronous response when initiated from the CLI and Web interfaces Format enable password passwor encrypted Mode Privileged EXEC Note Save configuration changes before logging out Format l...

Page 567: ...count 3 interval 1 size 255 Pinging 192 168 254 222 with 255 bytes of data Received Response Unreachable Destination Received Response Unreachable Destination Received Response Unreachable Destination 192 168 254 222 PING statistics 3 packets transmitted 3 packets received 0 packet loss round trip msec min avg max 0 0 0 In Case Of Request TimedOut Switch ping 1 1 1 1 count 1 interval 3 Pinging 1 1...

Page 568: ...This command resets the switch without powering it off Reset means that all network connections are terminated and the boot code executes The switch uses the stored configuration to initialize the switch You are prompted to confirm that the reset should proceed The LEDs on the switch indicate a successful reset save This command makes the current configuration changes permanent by writing the conf...

Page 569: ... server filepath is the path to the file and filename is the name of the file you want to upload or download For SFTP and SCP the username parameter is the username for logging into the remote server via SSH For platforms that support a USB device the copy command can be used to transfer files from and to the USB device The syntax for the USB file is usb filename The USB device can be either a sou...

Page 570: ...cript In case of any error the command lists all the lines at the end of the validation process and prompts you to confirm before copying the script file url nvram script destfilename noval When you use this option the copy command will not validate the downloaded script file An example of the CLI command follows NETGEAR Switch CLI Routing copy tftp 1 1 1 1 file scr nvram script file scr noval url...

Page 571: ...odem zmodem or TFTP url image1 image2 Download an image from the remote server to either image In a stacking environment the downloaded image is distributed to the stack nodes image1 image2 url Upload either image to the remote server image1 image2 Copy image1 to image2 image2 image1 Copy image2 to image1 image1 image2 unit unit image1 image2 Copy an image from the management node to a given node ...

Page 572: ...bles Simple Network Time Protocol SNTP client mode sntp client port This command sets the SNTP client port id to a value from 1 65535 no sntp client port This command resets the SNTP client port back to its default value Default disabled Format sntp client mode broadcast unicast Mode Global Config Format no sntp client mode Mode Global Config Default 123 Format sntp client port portid Mode Global ...

Page 573: ...l set the poll timeout for SNTP unicast clients in seconds to a value from 1 30 no sntp unicast client poll timeout This command will reset the poll timeout for SNTP unicast clients to its default value sntp unicast client poll retry This command will set the poll retry for SNTP unicast clients to a value from 0 to 10 Default 6 Format sntp unicast client poll interval poll interval Mode Global Con...

Page 574: ... from the server is based on Coordinated Universal Time UTC which is the same as Greenwich Mean Time GMT This may not be the time zone in which the switch is located Use the clock timezone command to configure a time zone specifying the number of hours and optionally the number of minutes difference from UTC To set the switch clock to UTC use the no form of the command Format sntp unicast client p...

Page 575: ... clock timezone Mode Global Config Format show sntp Mode Privileged EXEC Term Definition Last Update Time Time of last clock update Last Unicast Attempt Time Time of last transmit query in unicast mode Last Attempt Status Status of the last SNTP request in unicast mode or unsolicited message in broadcast mode Broadcast Count Current number of unsolicited broadcast messages that have been received ...

Page 576: ...or hostname of configured SNTP Server Server Type Address Type of Server Server Stratum Claimed stratum of the server for the last received valid packet Server Reference ID Reference clock identifier of the server for the last received valid packet Server Mode SNTP Server mode Server Maximum Entries Total number of SNTP Servers allowed Server Current Entries Total number of SNTP configured Term De...

Page 577: ...n address allocations Last Attempt Time Last server attempt time for the specified server Last Update Status Last server attempt status for the server Total Unicast Requests Number of requests to the server Failed Unicast Requests Number of failed requests from server Format show clock detail Mode Privileged EXEC Term Definition Time The time provided by the time source Time Source The time source...

Page 578: ...ntifier is required instead of hardware addresses The unique identifier is a concatenation of the media type and the MAC address For example the Microsoft client identifier for Ethernet address c819 2488 f177 is 01c8 1924 88f1 77 where 01 represents the Ethernet media type For more information refer to the Address Resolution Protocol Parameters section of RFC 1700 Assigned Numbers for a list of me...

Page 579: ...ifies the default router list for a DHCP client address1 address2 address8 are valid IP addresses each made up of four decimal bytes ranging from 0 to 255 IP address 0 0 0 0 is invalid no default router This command removes the default router list Default none Format client name name Mode DHCP Pool Config Format no client name Mode DHCP Pool Config Default none Format default router address1 addre...

Page 580: ...re address of a DHCP client Hardware address is the MAC address of the hardware platform of the client consisting of 6 bytes in dotted hexadecimal format Type indicates the protocol of the hardware platform It is 1 for 10 MB Ethernet and 6 for IEEE 802 no hardware address This command removes the hardware address of the DHCP client Default none Format dns server address1 address2 address8 Mode DHC...

Page 581: ...ration of the lease for an IP address that is assigned from a DHCP server to a DHCP client The overall lease time should be between 1 86400 minutes If you specify infinite the lease is set for 60 days You can also specify a lease duration Days is an integer from 0 to 59 Hours is an integer from 0 to 23 Minutes is an integer from 0 to 59 no lease This command restores the default value of the lease...

Page 582: ...bnet mask for the specified address pool The prefix length is an integer from 0 to 32 no network This command removes the subnet number and mask bootfile The command specifies the name of the default boot image for a DHCP client The filename specifies the boot image file no bootfile This command deletes the boot image name Default none Format network networknumber mask prefixlength Mode DHCP Pool ...

Page 583: ...vailable to DHCP clients One IP address is required although one can specify up to eight addresses in one command line Servers are listed in order of preference address1 is the most preferred server address2 is the next most preferred server and so on no netbios name server This command removes the NetBIOS name server list Default none Format domain name domain Mode DHCP Pool Config Format no doma...

Page 584: ...e This command removes the NetBIOS node Type next server This command configures the next server in the boot process of a DHCP client The address parameter is the IP address of the next server in the boot process which is typically a TFTP server no next server This command removes the boot server list Default none Format netbios node type type Mode DHCP Pool Config Format no netbios node type Mode...

Page 585: ... for example a3 4f 22 0c colon for example a3 4f 22 0c or white space for example a3 4f 22 0c no option This command removes the DHCP Server options The code parameter specifies the DHCP option code ip dhcp excluded address This command specifies the IP addresses that a DHCP server should not assign to DHCP clients Low address and high address are valid IP addresses each made up of four decimal by...

Page 586: ...ress as part of a ping operation By default the number of packets sent to a pool address is 2 which is the smallest allowed number when sending packets Setting the number of packets to 0 disables this command no ip dhcp ping packets This command prevents the server from pinging pool addresses and sets the number of packets to 0 service dhcp This command enables the DHCP server Format no ip dhcp ex...

Page 587: ...ddress pool no ip dhcp bootp automatic This command disables the allocation of the addresses to the bootp client The address are from the automatic address pool ip dhcp conflict logging This command enables conflict logging on DHCP server Format no service dhcp Mode Global Config Default disabled Format ip dhcp bootp automatic Mode Global Config Format no ip dhcp bootp automatic Mode Global Config...

Page 588: ...from 0 to 255 IP address 0 0 0 0 is invalid clear ip dhcp server statistics This command clears DHCP server statistics counters clear ip dhcp conflict The command is used to clear an address conflict from the DHCP Server database The server detects conflicts using a ping DHCP server clears all conflicts If the asterisk character is used as the address parameter Format no ip dhcp conflict logging M...

Page 589: ...ss Modes Privileged EXEC User EXEC Term Definition IP address The IP address of the client Hardware Address The MAC Address or the client identifier Lease expiration The lease expiration time of the IP address assigned to the client Type The manner in which IP address was assigned to the client Format show ip dhcp global configuration Modes Privileged EXEC User EXEC Term Definition Service DHCP Th...

Page 590: ...The name of the configured pool Pool Type The pool type Lease Time The lease expiration time of the IP address assigned to the client DNS Servers The list of DNS servers available to the DHCP client Default Routers The list of the default routers available to the DHCP client Field Definition Network The network number and the mask for the DHCP address pool Field Definition Client Name The name of ...

Page 591: ...ormed Bindings The number of truncated or corrupted messages that were received by the DHCP server Message Definition DHCP DISCOVER The number of DHCPDISCOVER messages the server has received DHCP REQUEST The number of DHCPREQUEST messages the server has received DHCP DECLINE The number of DHCPDECLINE messages the server has received DHCP RELEASE The number of DHCPRELEASE messages the server has r...

Page 592: ...nabled the DNS client provides a hostname lookup service to other components ip domain lookup Use this command to enable the DNS client no ip domain lookup Use this command to disable the DNS client Format show ip dhcp conflict ip address Modes Privileged EXEC User EXEC Term Definition IP address The IP address of the host as recorded on the DHCP server Detection Method The manner in which the IP ...

Page 593: ... name For an unqualified hostname xxx a DNS query is made to find the IP address corresponding to xxx yahoo com no ip domain name Use this command to remove the default domain name configured using the ip domain name command ip domain list Use this command to define a list of default domain names to complete unqualified names By default the list is empty Each name must be no more than 256 characte...

Page 594: ...erver The preference of the servers is determined by the order they were entered no ip name server Use this command to remove a name server ip host Use this command to define static host name to address mapping in the host cache name is host name ip address is the IP address of the host Format no ip domain list name Mode Global Config Format ip name server server address1 server address2 server ad...

Page 595: ...nd to remove the static host name to IPv6 address mapping in the host cache ip domain retry Use this command to specify the number of times to retry sending Domain Name System DNS queries The parameter number indicates the number of times to retry sending a DNS query to the DNS server This number ranges from 0 to 100 Format no ip host name Mode Global Config Default none Format ipv6 host name v6 a...

Page 596: ...e this command to return to the default setting clear host Use this command to delete entries from the host name to address cache This command clears the entries from the DNS cache maintained by the software This command clears both IPv4 and IPv6 entries Format no ip domain retry number Mode Global Config Default 3 Format ip domain timeout seconds Mode Global Config Format no ip domain timeout sec...

Page 597: ...m Stanford edu rediff com Domain Name lookup Enabled Number of retries 5 Retry timeout period 1500 Name servers Preference order 176 16 1 18 176 16 1 19 Configured host name to address mapping Host Addresses accounting gm com 176 16 8 8 Host Total Elapsed Type Addresses Format show hosts name Mode User EXEC Field Description Host Name Domain host name Default Domain Default domain name Default Dom...

Page 598: ...real can be used to decode and review the packets in detail Capturing can be performed in a variety of modes either transmit side only receive side only or both The number of packets captured will depend on the size of the captured packets capture transmit packet This command enables the capturing of transmit packets no capture transmit packet This command disables the capturing of transmit packet...

Page 599: ...full writes to the buffer will wrap around to allow continuous packet caputure show capture packets This command displays packets being captured from the buffer The output of the show command can be redirected to a text file The resultant text file can be fed to the text2pcap utility or the Ethereal public domain packet analyzer which can then be translated to a cap file Format no capture receive ...

Page 600: ...debug arp Use this command to disable ARP debug protocol messages debug auto voip Use this command to enable Auto VOIP debug messages Use the optional parameters to trace H323 SCCP or SIP packets respectively Mode Global Config Default Enabled Caution The output of debug commands can be long and may adversely affect system performance Default disabled Format debug arp Mode Privileged EXEC Format n...

Page 601: ...trace output The output of debug trace commands will appear on all login sessions for which debug console has been enabled The configuration of this command remains in effect for the life of the login session The effect of this command is not persistent across resets no debug console This command disables the display of debug trace output on the login session in which it is executed Format no debu...

Page 602: ...ug igmpsnooping packet This command enables tracing of IGMP Snooping packets received and transmitted by the switch no debug igmpsnooping packet This command disables tracing of IGMP Snooping packets Default disabled Format debug dot1x Mode Privileged EXEC Format no debug dot1x Mode Privileged EXEC Default disabled Format debug igmpsnooping packet Mode Privileged EXEC Format no debug igmpsnooping ...

Page 603: ... disabled Format debug igmpsnooping packet transmit Mode Privileged EXEC Parameter Definition TX A packet transmitted by the device Intf The interface that the packet went out on Format used is unit slot port internal interface number Unit is always shown as 1 for interfaces on a non stacking device Src_Mac Source MAC address of the packet Dest_Mac Destination multicast MAC address of the packet S...

Page 604: ... are displayed in the trace message Format no debug igmpsnooping transmit Mode Privileged EXEC Default disabled Format debug igmpsnooping packet receive Mode Privileged EXEC Parameter Definition RX A packet received by the device Intf The interface that the packet went out on Format used is unit slot port internal interface number Unit is always shown as 1 for interfaces on a non stacking device S...

Page 605: ...eived DVMRP packets and transmit traces only transmitted DVMRP packets When neither keyword is used in the command then all DVMRP packet traces are dumped Vital information such as source address destination address control packet type packet length and the interface on which the packet is received or transmitted is displayed on the console Group Multicast group address in the IGMP header Format n...

Page 606: ...is displayed on the console no debug ip igmp packet Use this command to disable debug tracing of IGMP packet reception and transmission debug ip mcache packet Use this command for tracing MDATA packet reception and transmission receive traces only received data packets and transmit traces only transmitted data packets When neither keyword is used in the command then all data packet traces are dump...

Page 607: ...l PIMDM packet traces are dumped Vital information such as source address destination address control packet type packet length and the interface on which the packet is received or transmitted is displayed on the console no debug ip pimdm packet Use this command to disable debug tracing of PIMDM packet reception and transmission Format debug ip mcache packet receive transmit Mode Privileged EXEC F...

Page 608: ...ype packet length and the interface on which the packet is received or transmitted is displayed on the console no debug ip pimsm packet Use this command to disable debug tracing of PIMSM packet reception and transmission debug ip vrrp Use this command to enable VRRP debug protocol messages no debug ip vrrp Use this command to disable VRRP debug protocol messages Default disabled Format debug ip pi...

Page 609: ...transmission debug ipv6 mld packet Use this command to trace MLDv6 packet reception and transmission receive traces only received MLDv6 packets and transmit traces only transmitted MLDv6 packets When neither keyword is used in the command then all MLDv6 packet traces are dumped Vital information such as source address destination address control packet type packet length and the interface on which...

Page 610: ...n and transmission debug ipv6 pimsm packet Use this command to trace PIMSMv6 packet reception and transmission receive traces only received PIMSMv6 packets and transmit traces only transmitted PIMSMv6 packets When neither keyword is used in the command then all PIMSMv6 packet traces are dumped Vital information such as source address destination address control packet type packet length and the in...

Page 611: ...snooping packet reception and transmission receive traces only received MLD snooping packets and transmit traces only transmitted MLD snooping packets When neither keyword is used in the command then all MLD snooping packet traces are dumped Vital information such as source address destination address control packet type packet length and the interface on which the packet is received or transmitte...

Page 612: ...48 Src Ip 10 50 50 1 DestIp 192 168 50 2 AreaId 0 0 0 0 Type DB_DSCR Mtu 1500 Options E Flags I M MS Seq 126166 15 JAN 02 11 03 36 10 50 50 1 2 OSPF 46300472 ospf_debug c 297 25434 Pkt RX Intf 2 0 48 Src Ip 192 168 50 2 DestIp 192 168 50 1 AreaId 0 0 0 0 Type LS_REQ Length 1500 15 JAN 02 11 03 36 10 50 50 1 2 OSPF 46300472 ospf_debug c 293 25435 Pkt TX Intf 2 0 48 Src Ip 10 50 50 1 DestIp 192 168 ...

Page 613: ...estIp The destination IP address in the IP header of the packet AreaId The area ID in the OSPF header of the packet Type Could be one of the following HELLO Hello packet DB_DSCR Database descriptor LS_REQ LS Request LS_UPD LS Update LS_ACK LS Acknowledge Parameter Definition Netmask The netmask in the hello packet DesignRouter Designated Router IP address Backup Backup router IP address Field Defi...

Page 614: ...ackets debug ospfv3 packet Use this command to enable OSPFv3 packet debug trace no debug ospfv3 packet Use this command to disable tracing of OSPFv3 packets Field Definition Length Length of packet Field Definition Length Length of packet Format no debug ospf packet Mode Privileged EXEC Default disabled Format debug ospfv3 packet Mode Privileged EXEC Format no debug ospfv3 packet Mode Privileged E...

Page 615: ... 50 1 DEST_IP 10 50 50 2 Type ECHO_REPLY The following parameters are displayed in the trace message no debug ping packet This command disables tracing of ICMP echo requests and responses Default disabled Format debug ping packet Mode Privileged EXEC Parameter Definition TX RX TX refers to a packet transmitted by the device RX refers to packets received by the device Intf The interface that the pa...

Page 616: ...Format debug rip packet Mode Privileged EXEC Parameter Definition TX RX TX refers to a packet transmitted by the device RX refers to packets received by the device Intf The interface that the packet came in or went out on Format used is unit slot port internal interface number Unit is always shown as 1 for interfaces on a non stacking device Src_IP The source IP address in the IP header of the pac...

Page 617: ...ace no debug sflow packet Use this command to disable sFlow debug packet trace debug spanning tree bpdu This command enables tracing of spanning tree BPDUs received and transmitted by the switch Format no debug rip packet Mode Privileged EXEC Default disabled Format debug sflow packet Mode Privileged EXEC Format no debug sflow packet Mode Privileged EXEC Default disabled Format debug spanning tree...

Page 618: ...00 Root Priority 0x8000 Path Cost 0 The following parameters are displayed in the trace message Format no debug spanning tree bpdu Mode Privileged EXEC Default disabled Format debug spanning tree bpdu receive Mode Privileged EXEC Parameter Definition RX A packet received by the device Intf The interface that the packet came in on Format used is unit port slot internal interface number Unit is alwa...

Page 619: ...c2 00 Root_Priority 0x8000 Path_Cost 0 The following parameters are displayed in the trace message Format no debug spanning tree bpdu receive Mode Privileged EXEC Default disabled Format debug spanning tree bpdu transmit Mode Privileged EXEC Parameter Definition TX A packet transmitted by the device Intf The interface that the packet went out on Format used is unit port slot internal interface num...

Page 620: ...Mode Privileged EXEC Note The cable test feature is supported only for copper cable It is not supported for optical fiber cable If the port has an active link while the cable test is run the link can go down for the duration of the test Format cablestatus unit slot port Mode Privileged EXEC Field Description Cable Status One of the following statuses is returned Normal The cable is working correct...

Page 621: ... is displayed if the cable length could not be determined Format sflow receiver rcvr_idx owner owner string timeout rcvr_timeout max datagram size ip ipv6 ip port port Mode Global Config Field Description Receiver Owner The identity string for the receiver the entity making use of this sFlowRcvrTable entry The range is 127 characters The default is a null string The empty string indicates that the...

Page 622: ...0 0 Receiver Port The destination Layer4 UDP port for sFlow datagrams The range is 1 65535 The default is 6343 Format no sflow receiver indx ip ip address maxdatagram size owner string timeout interval port 14 port Mode Global Config Format sflow sampler rcvr indx rate sampling rate maxheadersize size Mode Interface Config Field Description Receiver Index The sFlow Receiver for this sFlow sampler ...

Page 623: ...ling A value of N means that out of N incoming packets 1 packet will be sampled The range is 1024 65536 and 0 The default is 0 Format no sflow sampler rcvr indx rate sampling rate maxheadersize size Mode Interface Config Format sflow poller rcvr indx interval poll interval Mode Interface Config Field Description Receiver Index Enter the sFlow Receiver associated with the sampler poller A value of ...

Page 624: ...P Address 10 131 12 66 show sflow pollers Use this command to display the sFlow polling instances created on the switch Use for range Format no sflow poller rcvr indx interval poll interval Mode Interface Config Format show sflow agent Mode Privileged EXEC Field Description sFlow Version Uniquely identifies the version and implementation of this MIB The version string must have the following struc...

Page 625: ...successive samples of the counters associated with this data source Format show sflow receivers index Mode Privileged EXEC Field Description Receiver Index The sFlow Receiver associated with the sampler poller Owner String The identity string for receiver the entity making use of this sFlowRcvrTable entry Time Out The time in seconds remaining before the receiver is released and stops sending samp...

Page 626: ...GSM72xxPS or GSM73xxSv1 is the Master of the stack It will not be available in case GSM73xxSv2 is the Master of a Stack Format show sflow samplers Mode Privileged EXEC Field Description Sampler Data Source The sFlowDataSource slot port for this sFlow sampler This agent will support Physical ports only Receiver Index The sFlowReceiver configured for this sFlow sampler Packet Sampling Rate The stati...

Page 627: ...rough the GUI show license This command displays the license status License Date indicates the date of the license License Status indicates whether license is active or inactive Example The following shows example CLI display output for the command GSM7352PS show license License date Apr 9 2010 License copy 1 License Status Active Description License key is active GSM7352PS show license features T...

Page 628: ... page 10 20 Access Commands on page 10 28 User Account Commands on page 10 29 SNMP Commands on page 10 40 RADIUS Commands on page 10 52 TACACS Commands on page 10 67 Configuration Scripting Commands on page 10 71 Pre login Banner and System Prompt Commands on page 10 73 Warning The commands in this chapter are in one of three functional groups Show commands display switch settings statistics and o...

Page 629: ...ator enable password 2 Management CPU IP address and network mask 3 System name and location information The tool is interactive and uses questions to guide you through the steps required to perform its task At the end of the session it will ask you if you want to save the changed information To see exactly what has been changed by ezconfig at the end of the session use the show running config com...

Page 630: ...assword Y N Q y Enter new password Confirm new password Password Changed The enable password required for switch configuration via the command line interface is currently not configured Do you wish to change it Y N Q y Enter new password Confirm new password Password Changed Assigning an IP address to your switch management Current IP Address Configuration IP address 0 0 0 0 Subnet mask 0 0 0 0 Ga...

Page 631: ...vileged EXEC mode From the Privileged EXEC mode you can configure the network interface network parms This command sets the IP address subnet mask and gateway of the device The IP address and the gateway must be on the same subnet There are changes detected do you wish to save the changes permanently Y N y The configuration changes have been saved succesfully Please enter show running config to se...

Page 632: ...cally administered MAC addresses The following rules apply Bit 6 of byte 0 called the U L bit indicates whether the address is universally administered b 0 or locally administered b 1 Bit 7 of byte 0 called the I G bit indicates whether the destination address is an individual address b 0 or a group address b 1 The second character of the twelve character macaddr must be 2 6 A or E A locally admin...

Page 633: ...Java applet show network This command displays configuration settings associated with the switch s network interface The network interface is the logical interface used for in band connectivity with the switch via any of the switch s front panel ports The configuration parameters associated with the switch s network interface do not affect the configuration of the front panel ports through which t...

Page 634: ...fault value is 0 0 0 0 IPv6 Administrative Mode Whether enabled or disabled IPv6 Address Length The IPv6 address and length IPv6 Default Router The IPv6 default router address Burned In MAC Address The burned in MAC address used for in band connectivity Locally Administered MAC Address If desired a locally administered MAC address can be configured for in band connectivity To take effect MAC Addre...

Page 635: ...onfigure a variety of system settings including user accounts From the Global Config mode you can enter other command modes including Line Config mode line This command gives you access to the Line Config mode which allows you to configure various Telnet settings ssh settings and the console port serial baudrate This command specifies the communication rate of the terminal interface The supported ...

Page 636: ...nd sets the maximum connect time in minutes without console activity login authentication To specify login authentication method list for remote telnet or console use the login authentication command in line configuration mode no login authentication To return to the default specified by the login authentication command Format no serial baudrate Mode Line Config Default 5 Format serial timeout 0 1...

Page 637: ...User EXEC Term Definition Serial Port Login Timeout minutes The time in minutes of inactivity on a Serial port connection after which the Switch will close the connection Any numeric value between 0 and 160 is allowed the factory default is 5 A value of 0 disables the timeout Baud Rate bps The default baud rate at which the serial port will try to connect The available values are 1200 2400 4800 96...

Page 638: ...the Telnet listening port and disconnects all open Telnet sessions telnet This command establishes a new outbound Telnet connection to a remote host The host value must be a valid IP address or host name Valid values for port should be a valid decimal integer in the range of 0 to 65535 where the default value is 23 If debug is used the current Telnet options enabled is displayed The optional line ...

Page 639: ...utput telnet This command regulates new outbound Telnet connections If enabled new outbound Telnet sessions can be established until the system reaches the maximum number of simultaneous outbound Telnet sessions allowed An established session remains active until the session is ended or an abnormal network error ends it Note If the Telnet Server Admin Mode is disabled Telnet sessions cannot be est...

Page 640: ...ue of 0 indicates that no outbound Telnet session can be established no session limit This command sets the maximum number of simultaneous outbound Telnet sessions to the default value session timeout This command sets the Telnet session timeout value The timeout value unit of time is minutes Format no transport output telnet Mode Line Config Default 5 Format session limit 0 5 Mode Line Config For...

Page 641: ...sessions that can be established to the default value telnetcon timeout This command sets the Telnet connection session timeout value in minutes A session is active as long as the session has not been idle for the value set The time is a decimal value from 1 to 160 Format no session timeout Mode Line Config Default 4 Format telnetcon maxsessions 0 4 Mode Privileged EXEC Format no telnetcon maxsess...

Page 642: ...ue for active sessions does not become effective until the session is reaccessed Also any keystroke activates the new timeout duration Format no telnetcon timeout Mode Privileged EXEC Format show telnet Modes Privileged EXEC User EXEC Term Definition Outbound Telnet Login Timeout The number of minutes an outbound Telnet session is allowed to remain inactive before being logged off Maximum Number o...

Page 643: ...he short form of the ip ssh server enable command Format show telnetcon Modes Privileged EXEC User EXEC Term Definition Remote Connection Login Timeout minutes This object indicates the number of minutes a remote connection session is allowed to remain inactive before being logged off May be specified as a number from 1 to 160 The factory default is 5 Maximum Number of Remote Connection Sessions T...

Page 644: ...le This command disables the IP secure shell server sshcon maxsessions This command specifies the maximum number of SSH connection sessions that can be established A value of 0 indicates that no ssh connection can be established The range is 0 to 5 Format ip ssh Mode Privileged EXEC Default 1 and 2 Format ip ssh protocol 1 2 Mode Privileged EXEC Default disabled Format ip ssh server enable Mode Pr...

Page 645: ...ive sessions does not become effective until the session is re accessed Also any keystroke activates the new timeout duration no sshcon timeout This command sets the SSH connection session timeout value in minutes to the default Changing the timeout value for active sessions does not become effective until the session is re accessed Also any keystroke activates the new timeout duration show ip ssh...

Page 646: ... the device regardless of whether they are self signed or downloaded from an outside source Term Definition Administrative Mode This field indicates whether the administrative mode of SSH is enabled or disabled Protocol Level The protocol level may have the values of version 1 version 2 or both versions 1 and version 2 SSH Sessions Currently Active The number of SSH sessions currently active Max S...

Page 647: ...any existing generated or downloaded DSA key files no crypto key generate dsa Use this command to delete the DSA key files from the device Hypertext Transfer Protocol HTTP Commands This section describes the commands you use to configure HTTP and secure HTTP access to the switch Access to the switch by using a Web browser is enabled by default Everything you can view and configure by using the CLI...

Page 648: ...re affected no ip http server This command disables access to the switch through the Web interface When access is disabled the user cannot login to the switch s Web server ip http secure server This command is used to enable the secure socket layer for secure HTTP no ip http secure server This command is used to disable the secure socket layer for secure HTTP Default enabled Format ip http server ...

Page 649: ...essions in hours Configuring this value to zero will give an infinite hard timeout When this timeout expires the user will be forced to re authenticate This timer begins on initiation of the web session and is unaffected by the activity level of the connection no ip http session hard timeout This command restores the hard timeout for un secure HTTP sessions to the default value Default Enabled For...

Page 650: ...entication is used if the radius server is down no ip http authentication This command restores the authentication methods to the default ip http session maxsessions This command limits the number of allowable un secure HTTP sessions Zero is the configurable minimum Format ip http authentication method1 method2 Mode Global ConfigC Term Definition Local Uses the local username database for authenti...

Page 651: ...to re authenticate This timer begins on initiation of the Web session and is re started with each access to the switch no ip http session soft timeout This command resets the soft timeout for un secure HTTP sessions to the default value ip http secure session maxsessions This command limits the number of secure HTTP sessions Zero is the configurable minimum Format no ip http session maxsessions Mo...

Page 652: ...be set to zero infinite no ip http secure session soft timeout This command restores the soft timeout for secure HTTP sessions to the default value ip http secure session hard timeout This command configures the hard timeout for secure HTTP sessions in hours When this timeout expires the user is forced to re authenticate This timer begins on initiation of the Web session and is unaffected by the a...

Page 653: ...as an authentication method after radius no authentication is used if the radius server is down no ip https authentication This command restores the authentication methods to the default for http server users ip http secure port This command is used to set the SSL port where port can be 1 65535 and the default is port 443 Format no ip http secure session hard timeout Mode Privileged EXEC Format ip...

Page 654: ...rivileged EXEC Default SSL3 and TLS1 Format ip http secure protocol SSL3 TLS1 Mode Privileged EXEC Format show ip http Mode Privileged EXEC Term Definition HTTP Mode Unsecure The unsecure HTTP server administrative mode Java Mode The java applet administrative mode which applies to both secure and un secure web connections Maximum Allowable HTTP Sessions The number of allowable un secure http sess...

Page 655: ...erial port connections to the switch Secure Protocol Level s The protocol level may have the values of SSL3 TSL1 or both SSL3 and TSL1 Maximum Allowable HTTPS Sessions The number of allowable secure http sessions HTTPS Session Hard Timeout The hard timeout for secure http sessions in hours HTTPS Session Soft Timeout The soft timeout for secure http sessions in minutes Certificate Present Indicates...

Page 656: ...erial port connection Idle Time Time this session has been idle Session Time Total time this session has been connected Session Type Shows the type of session which can be HTTP HTTPS telnet serial or SSH Note You cannot delete the admin user There is only one user allowed with read write privileges You can configure up to five read only users on the system Format username name password password le...

Page 657: ...or the specified login user The valid accessmode values are readonly or readwrite The username is the login user name for which the specified access mode applies The default is readwrite for the admin user and readonly for all other users You must enter the username in the same case you used when you added the user To see the case of the username enter the show users command Format no username use...

Page 658: ...and therefore must be at least eight characters in length The username is the user name associated with the authentication protocol You must enter the username in the same case you used when you added the user To see the case of the username enter the show users command no username snmpv3 authentication This command sets the authentication protocol to be used for the specified user to none The use...

Page 659: ...me associated with the specified encryption You must enter the username in the same case you used when you added the user To see the case of the username enter the show users command no username snmpv3 encryption This command sets the encryption protocol to none The username is the login user name for which the specified encryption protocol will be used show users This command displays the configu...

Page 660: ... the SNMPv3 user is able to set and retrieve parameters on the system If the value is set to ReadOnly the SNMPv3 user is only able to retrieve parameter information The SNMPv3 access mode may be different than the CLI and Web access mode SNMPv3 Authentication The authentication protocol to be used for the specified login user SNMPv3 Encryption The encryption protocol to be used for the specified l...

Page 661: ...d range is 0 64 no passwords min length Use this command to set the minimum password length to the default value Term Definition User Name The full name of the user Format show users login history user name Mode Privileged EXEC Term Definition Login Time The time at which the user logged in Username The user name used to login Protocol The protocol that the user used to login Location The location...

Page 662: ... passwords history Use this command to set the password history to the default value passwords aging Use this command to implement aging on passwords for local users When a user s password expires the user will be prompted to change it before logging in again The valid range is 1 365 The default is 0 or no aging no passwords aging Use this command to set the password aging to the default value Def...

Page 663: ...l console The valid range is 1 5 The default is 0 or no lockout count enforced no passwords lock out Use this command to set the password lock out count to the default value show passwords configuration Use this command to display the configured password management settings Default 0 Format passwords lock out 1 5 Mode Global Config Format no passwords lock out Mode Global Config Format show passwo...

Page 664: ...method in the command line For example if none is specified as an authentication method after radius no authentication is used if the radius server is down where Default Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in list name Character string used to name the list of authentication methods activated when a user logs in Up to 12 ...

Page 665: ...urns an error not if it fails To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line For example if none is specified as an authentication method after radius no authentication is used if the radius server is down All aaa authentication enable default requests sent by the switch to a RADIUS or TACACS server include the us...

Page 666: ...on is used if the radius server is down line Uses the line password for authentication none Uses no authentication radius Uses the list of all RADIUS servers for authentication Uses username enabx where x is the privilege level tacacs Uses the list of all TACACS servers for authentication Uses username enabx where x is the privilege level Note If the default list is not set only the enable passwor...

Page 667: ...s the same as copy system running config nvram startup config SNMP Commands This section describes the commands you use to configure Simple Network Management Protocol SNMP on the switch You can configure the switch to act as an SNMP agent so that it can communicate with SNMP managers on your network Keyword Description local Uses the local username database for authentication none Uses no authent...

Page 668: ...length of name can be up to 16 case sensitive characters no snmp server community This command removes this community name from the table The name is the community name to be deleted Default none Format snmp server sysname name location loc contact con Mode Global Config Note Community names in the SNMP Community Table must be unique When making multiple entries using the same community name the f...

Page 669: ...dress for an SNMP community to 0 0 0 0 The name is the applicable community name snmp server community ipmask This command sets a client IP mask for an SNMP community The address is the associated community SNMP packet sending address and is used along with the client IP address value to denote a range of IP addresses from which SNMP clients may use that community to access the device A value of 2...

Page 670: ...th this community cannot manage the switch until the Status is changed back to Enable no snmp server community mode This command deactivates an SNMP community If the community is disabled no SNMP requests using this community are accepted In this case the SNMP manager associated with this community cannot manage the switch until the Status is changed back to Enable snmp server community ro This co...

Page 671: ...dress is received on a locked port no snmp server enable traps violation This command disables the sending of new violation traps snmp server enable traps This command enables the Authentication Flag Format snmp server community rw name Mode Global Config Note For other port security commands see Protected Ports Commands on page 3 52 Default disabled Format snmp server enable traps violation Mode ...

Page 672: ...is command disables Link Up Down traps for the entire switch snmp server enable traps multiusers This command enables Multiple User traps When the traps are enabled a Multiple User Trap is sent when a user logs in to the terminal interface EIA 232 or Telnet and there is an existing terminal interface session Format no snmp server enable traps Mode Global Config Note This command may not be availab...

Page 673: ...nmptrap This command adds an SNMP trap receiver The maximum length of name is 16 case sensitive alphanumeric characters The snmpversion is the version of SNMP The version parameter options are snmpv1 or snmpv2 The SNMP trap address can be set using both an IPv4 address format as well as an IPv6 global address format The following shows an example of the CLI command Netgear Switch snmptrap mytrap i...

Page 674: ... ipaddr pair must be unique Multiple entries can exist with the same name as long as they are associated with a different ipaddr The reverse scenario is also acceptable The name is the community name used when sending the trap to the receiver but the name is not directly associated with the SNMP Community Table See snmp server community on page39 Default snmpv2 Format snmptrap name ipaddr snmpvers...

Page 675: ...and deactivates an SNMP trap Disabled trap receivers are unable to receive traps snmp trap link status This command enables link status traps by interface Note IP addresses in the SNMP trap receiver table must be unique If you make multiple entries using the same IP address the first entry is retained and processed All duplicate entries are ignored Format snmptrap ipaddr name ipaddrold ipaddrnew M...

Page 676: ...ces Format snmp trap link status Mode Interface Config Note This command is valid only when the Link Up Down Flag is enabled Format no snmp trap link status Mode Interface Config Note This command is valid only when the Link Up Down Flag is enabled See snmp server enable traps linkmode on page 10 45 Format snmp trap link status all Mode Global Config Note This command is valid only when the Link U...

Page 677: ...me The community string to which this entry grants access A valid entry is a case sensitive alphanumeric string of up to 16 characters Each row of this table must contain a unique community name Client IP Address An IP address or portion thereof from which this device will accept SNMP packets with the associated community The requesting entity s IP address is ANDed with the Subnet Mask before bein...

Page 678: ...ring is case sensitive and can be up to 16 alphanumeric characters IP Address The IPv4 address to receive SNMP traps from this device IPv6 Address The IPv6 address to receive SNMP traps from this device SNMP Version SNMPv2 Status The receiver s status enabled or disabled Format show trapflags Mode Privileged EXEC Term Definition Authentication Flag Can be enabled or disabled The factory default is...

Page 679: ...ether DVMRP traps are sent OSPFv2 Traps Can be enabled or disabled The factory default is disabled Indicates whether OSPF traps are sent If any of the OSPF trap flags are not enabled then the command displays disabled Otherwise the command shows all the enabled OSPF traps information OSPFv3 Traps Can be enabled or disabled The factory default is disabled Indicates whether OSPF traps are sent If an...

Page 680: ...s configured while enabling this attribute the RADIUS client uses that IP address while sending NAS IP Address attribute in RADIUS communication no radius server attribute The no version of this command disables the NAS IP Address attribute global parameter for RADIUS client When this parameter is disabled the RADIUS client does not send the NAS IP Address attribute in RADIUS requests Default disa...

Page 681: ...arameter the command configures the IP address or hostname to use to connect to a RADIUS authentication server You can configure up to 3 servers per RADIUS client If the maximum number of configured servers is reached the command fails until you remove one of the servers by issuing the no form of the command If you use the optional port parameter the command configures the UDP port number to use w...

Page 682: ...ed from the configuration Similarly if the acct token is used the previously configured RADIUS accounting server is removed from the configuration The ipaddr dnsname parameter must match the IP address or dns name of the previously configured RADIUS authentication accounting server The following shows an example of the command Switch Config radius server host acct 192 168 37 60 Switch Config radiu...

Page 683: ...ommand is executed the secret is prompted Text based configuration supports Radius server s secrets in encrypted and non encrypted format When you save the configuration these secret keys are stored in encrypted format only If you want to enter the key in encrypted format enter the key along with the encrypted keyword In the show running config command s display these secret keys are displayed in ...

Page 684: ...vers can be configured for each number of servers that have the same name When the RADIUS client has to perform transactions with an authenticating RADIUS server of specified name the client uses the primary server that has the specified server name by default If the RADIUS client fails to communicate with the primary server for any reason the client uses the backup servers configured with the sam...

Page 685: ... radius server retransmit The no version of this command sets the value of this global parameter to the default value radius server timeout This command configures the global parameter for the RADIUS client that specifies the timeout value in seconds after which a request must be retransmitted to the RADIUS server if no response is received The timeout value is an integer in the range of 1 to 30 F...

Page 686: ...etries Maximum number of transmission attempts in the range 1 30 Format no radius server timeout Mode Global Config Format show radius Mode Privileged EXEC Term Definition Number of Configured Authentication Servers The number of RADIUS Authentication servers that have been configured Number of Configured Accounting Servers The number of RADIUS Accounting servers that have been configured Number o...

Page 687: ...times a request packet is retransmitted Time Duration The configured timeout value in seconds for request re transmissions RADIUS Accounting Mode A global parameter to indicate whether the accounting mode for all the servers is enabled or not RADIUS Attribute 4 Mode A global parameter to indicate whether the NAS IP Address attribute has been enabled to use in RADIUS requests RADIUS Attribute 4 Val...

Page 688: ...e port used for communication with the authenticating server Type Specifies whether this server is a primary or secondary type Current Host Address The IP address of the currently active authenticating server Secret Configured Yes or No Boolean value that indicates whether this server is configured with a secret Number of Retransmits The configured value of the maximum number of times a request pa...

Page 689: ...or Enable Number of Retransmits 4 Time Duration 10 RADIUS Accounting Mode Disable RADIUS Attribute 4 Mode Enable RADIUS Attribute 4 Value 192 168 37 60 show radius accounting This command displays a summary of configured RADIUS accounting servers If you do not specify any parameters then only the accounting mode and the RADIUS accounting server details are displayed Format show radius accounting n...

Page 690: ...lt_RADIUS_Server Host Address 192 168 37 200 RADIUS Accounting Mode Disable Port 1813 Secret Configured Yes show radius accounting statistics This command displays a summary of statistics for the configured RADIUS accounting servers Server Name The name of the accounting server Port The port used for communication with the accounting server Secret Configured Yes or No Boolean value indicating whet...

Page 691: ...etransmission The number of RADIUS Accounting Request packets retransmitted to this RADIUS accounting server Responses The number of RADIUS packets received on the accounting port from this server Malformed Responses The number of malformed RADIUS Accounting Response packets received from this server Malformed packets include packets with an invalid length Bad authenticators or signature attribute...

Page 692: ...r dnsname The DNS name of the server servername The alias name to identify the server RADIUS Server Name The name of the authenticating server Server Host Address The IP address of the host Access Requests The number of RADIUS Access Request packets sent to this server This number does not include retransmissions Access Retransmissions The number of RADIUS Access Request packets retransmitted to t...

Page 693: ...esponses 0 Bad Authenticators 0 Pending Requests 0 Malformed Access Responses The number of malformed RADIUS Access Response packets received from this server Malformed packets include packets with an invalid length Bad authenticators or signature attributes or unknown types are not included as malformed access responses Bad Authenticators The number of RADIUS Access Response packets containing in...

Page 694: ...ear text over the network TACACS uses TCP to ensure reliable delivery and a shared key configured on the client and daemon server to encrypt all messages tacacs server host Use the tacacs server host command in Global Configuration mode to configure a TACACS server This command enters into the TACACS configuration mode The ip address hostname parameter is the IP address or hostname of the TACACS s...

Page 695: ...crypted format enter the key along with the encrypted keyword In the show running config command s display these secret keys are displayed in encrypted format You cannot show these keys in plain text format no tacacs server key Use the no tacacs server key command to disable the authentication and encryption key for all TACACS communications between the switch and the TACACS daemon The key string ...

Page 696: ...acters Text based configuration supports TACACS server s secrets in encrypted and non encrypted format When you save the configuration these secret keys are stored in encrypted format only If you want to enter the key in encrypted format enter the key along with the encrypted keyword In the show running config command s display these secret keys are displayed in encrypted format You cannot show th...

Page 697: ...lue is used The timeout parameter has a range of 1 30 and is the timeout value in seconds show tacacs Use the show tacacs command to display the configuration and statistics of a TACACS server Default 0 Format priority priority Mode TACACS Config Format timeout timeout Mode TACACS Config Format show tacacs ip address hostname Mode Privileged EXEC Term Definition Host Address The IP address or host...

Page 698: ...rations Scripts must conform to the following rules Script files are not distributed across the stack and only live in the unit that is the master unit at the time of the file download The file extension must be scr A maximum of ten scripts are allowed on the switch The combined size of all script files on the switch shall not exceed 2048 KB The maximum number of configuration file command lines i...

Page 699: ...witch script list This command lists all scripts present on the switch as well as the remaining available space Note To specify a blank password for a user in the configuration script you must specify it as a space within quotes For example to change the password for user jane from a blank password to hello the script entry is as follows users passwd jane hello hello Format script apply scriptname...

Page 700: ...en script on any given device Pre login Banner and System Prompt Commands This section describes the commands you use to configure the pre login banner and the system prompt The pre login banner is the text that displays before you login at the User prompt copy pre login banner The copy command includes the option to upload or download the CLI Banner to or from the switch You can specify local URL...

Page 701: ...The length of name may be up to 64 alphanumeric characters Default none Format copy Code Sample Variable tftp ipaddr filepath filename Code Sample Variable nvram clibanner copy nvram clibanner Code Sample Variable tftp ipaddr filepath filename Code Sample Variable Mode Privileged EXEC Format set prompt prompt_string Mode Privileged EXEC ...

Page 702: ...tanding of the system configuration and details of the problem will assist NETGEAR Inc in determining the root cause of such a problem The Log Messages chapter includes the following sections Core on page 11 1 Utilities on page 11 4 Management on page 11 6 Switching on page 11 10 QoS on page 11 16 Routing IPv6 Routing on page 11 17 Multicast on page 11 21 Stacking on page 11 23 Technologies on pag...

Page 703: ...terface creation out of order NIM NIM event x intf x component x in wrong phase An event was issued to NIM during the wrong configuration phase probably Phase 1 2 or WMU NIM NIM Failed to notify users of interface change Event was not propagated to the system NIM NIM failed to send message to NIM message Queue NIM message queue full or non existent NIM NIM Failed to notify the components of L7_CRE...

Page 704: ...ut the sizes version size expected version size differ The configuration file which was loaded was of a different size than expected for the version number This message indicates the configuration file needed to be migrated to the version number appropriate for the code image This message may appear after upgrading the code image to a more current release SYSTEM Migrating config file filename from...

Page 705: ... DHCP Filtering Error on call to sysapiCfgFileWrite file Error on trying to save configuration Table 11 6 NVStore Log Messages Component Message Cause NVStore Building defaults for file XXX A component s configuration file does not exist or the file s checksum is incorrect so the component s default configuration file is built NVStore Error on call to osapiFsWrite routine on file XXX Either the fi...

Page 706: ... attempting to read data from the RADIUS server RADIUS RADIUS Accounting Response failed to validate id xxx The RADIUS Client received an invalid message from the server RADIUS RADIUS User xxx needs to respond for challenge An unexpected challenge was received for a configured user RADIUS RADIUS Could not allocate a buffer for the packet Resource issue with RADIUS Client service RADIUS RADIUS Acce...

Page 707: ...CS TACACS received invalid packet type from server Received packet type that is not supported TACACS TACACS invalid major version in received packet Major version mismatch TACACS TACACS invalid minor version in received packet Minor version mismatch Table 11 9 LLDP Log Message Component Message Cause LLDP lldpTask invalid message type xx xxxxxx xx Unsupported LLDP packet received Table 11 10 SNTP ...

Page 708: ...he specified connection type EmWeb ewsNetHTTPReceive failure in NetReceiveLoop closing connection Socket receive failure EmWeb EmWeb connection allocation failed Memory allocation failure for the new connection EmWeb EMWEB TransmitPending EWOULDBLOCK error sending data Socket error on send EmWeb ewaNetHTTPEnd internal error handle not in Handle table EmWeb handle index not valid EmWeb ewsNetHTTPRe...

Page 709: ...ftp upload result Unknown error returned while uploading file using TFTP from web interface WEB Web UI Screen with unspecified access attempted to be brought up Failed to get application specific authorization handle provided to EmWeb Server by the application in ewsAuthRegister The specified web page will be served in read only mode Table 11 15 CLI_WEB_MGR Log Messages Component Message Cause CLI...

Page 710: ...ode SSLT SSLT Msg Queue is full event XXXX Failed to send the received message to the SSLT message queue as message queue is full XXXX indicates the event to be sent SSLT SSLT Unknown UI event in message event XXXX Failed to dispatch the received UI event to the appropriate SSLT function as it s an invalid event XXXX indicates the event to be dispatched SSLT ssltApiCnfgrCommand Failed calling sslt...

Page 711: ...port configuration cannot be saved Protected Ports protectedPortCnfgrInitPhase1Process Unable to create r w lock for protectedPort This appears when protectedPortCfgRWLock Fails Protected Ports protectedPortCnfgrInitPhase2Process Unable to register for VLAN change callback This appears when nimRegisterIntfChange with VLAN fails Protected Ports Cannot add intIfNum xxx to group yyy This appears when...

Page 712: ...he table IPsubnet vlans vlanIpSubnetVlanChangeCallback Failed to add an Entry This appears when a dtl fails to add an entry for a vlan add notify event IPsubnet vlans vlanIpSubnetVlanChangeCallback Failed to delete an Entry This appears when a dtl fails to delete an entry for an vlan delete notify event Table 11 21 Mac based VLANs Log Messages Component Message Cause Mac based VLANS MAC VLANs Fail...

Page 713: ... failed Failed sending message to RADIUS server 802 1X dot1xRadiusAcceptProcess error calling radiusAccountingStart ifIndex xxx Failed sending accounting start to RADIUS server 802 1X function failed sending terminate cause intf xxx Failed sending accounting stop to RADIUS server Table 11 23 IGMP Snooping Log Messages Component Message Cause IGMP Snooping function osapiMessageSend failed IGMP Snoo...

Page 714: ...FAILURE The garpPduQueue is full logs specific of the GPDU internal interface number vlan id buffer handle etc GARP GVRP GMRP garpMapIntfIsConfigurable gmrpMapIntfIsConfigurable Error accessing GARP GMRP config data for interface d in garpMapIntfIsConfigurable A default configuration does not exist for this interface Typically a case when a new interface is created and has no pre configuration GAR...

Page 715: ...dvlantagIntfIsConfigurable Error accessing dvlantag config data for interface d A default configuration does not exist for this interface Typically a case when a new interface is created and has no pre configuration Table 11 28 IPv6 Provisioning Log Message Component Message Cause IPV6 Provisioning ipv6ProvIntfIsConfigurable Error accessing IPv6 Provisioning config data for interface d A default c...

Page 716: ...nMemberSetModify dot1qVlanTaggedMemberSetModify Dynamic entry d can only be modified after it is converted to static If this vlan is a learnt via GVRP then we cannot modify it s member set via management Table 11 31 802 1S Log Messages Component Message Cause 802 1S dot1sIssueCmd Dot1s Msg Queue is full Event u on interface u for instance u The message Queue is full 802 1S dot1sStateMachineRxBpdu ...

Page 717: ...ssages Component Message Cause ACL Total number of ACL rules x exceeds max y on intf i The combination of all ACLs applied to an interface has resulted in requiring more rules than the platform supports ACL ACL name rule x This rule is not being logged The ACL configuration has resulted in a requirement for more logging rules than the platform supports The specified rule is functioning normally ex...

Page 718: ...rv Policy invalid for service intf policy name intIfNum x direction y The DiffServ policy definition is not compatible with the capabilities of the interface specified Check the platform release notes for information on configuration limitations Table 11 37 DHCP Relay Log Messages Component Message Cause DHCP relay REQUEST hops field more than config value The DHCP relay agent has processed a DHCP...

Page 719: ...the current size of the database OSPFv2 The number of LSAs 25165 in the OSPF LSDB has exceeded the LSDB memory allocation When the OSPFv2 LSDB becomes full OSPFv2 logs this message OSPFv2 reoriginates its router LSAs with the metric of all non stub links set to the maximum value to encourage other routers to not compute routes through the overloaded router OSPFv2 Dropping the DD packet because of ...

Page 720: ...eriodically verifies the checksum of each LSA in memory OSPFv3 logs this Table 11 40 Routing Table Manager Log Messages Component Message Cause Routing Table Manager RTO is full Routing table contains 8000 best routes 8000 total routes The routing table manager also called RTO stores a limited number of best routes based on hardware capacity When the routing table becomes full RTO logs this alert ...

Page 721: ...VRRP ignored an incoming message whose time to live TTL in the IP header was not 255 Table 11 42 ARP Log Message Component Message Cause ARP ARP received mapping for IP address xxx to MAC address yyy This IP address may be configured on two stations When we receive an ARP response with different MAC address from another station with the same IP address as ours This might be a case of misconfigurat...

Page 722: ...ting IGMP data pipe Error opening IGMP data pipe When we fail to create open IGMP data pipe for Mcast data messages IGMP Error getting memory for source record When we are unable to allocate memory for a source record in the received IGMP V3 report IGMP Failed getting memory for new group When we are unable to allocate memory for a group record in the received IGMP V3 V2 V1 report Table 11 47 IGMP...

Page 723: ...oute entry into cache PIM_SM Config error Trying to add static RP Dynamic RP with same ip addr exists Router learns RP group mapping through Bootstrap messages received This message pops when the static RP is configured which conflicts the mapping learnt dynamically through Bootstrap messages PIM SM Inner xxx source group address of register message is invalid This log message appears when a regis...

Page 724: ...ering a neighbor DVMRP dvmrp_recv_prune failed getting memory for prune Failed to allocate memory while receiving a prune DVMRP dvmrp_new_route failed getting memory for route Failed to get memory for a new route entry DVMRP dvmrp_prepare_routes failed getting memory for dvmrp_ann_rt Failed to get memory while announcing a new route entry Table 11 51 EDB Log Message Component Message Cause EDB EDB...

Page 725: ... hapiBroadQosCosQueueConfig Failed to configure minimum bandwidth Available bandwidth x Attempting to configure the bandwidth beyond it s capabilities OS USL failed to put sync response on queue A response to a sync request was not enqueued This could indicate that a previous sync request was received after it was timed out OS USL failed to sync ipmc table on unit x Either the transport failed or ...

Page 726: ...due to a transport failure or API issue on remote unit A synchronization retry will be issued OS Invalid LAG id x Possible synchronization issue between the BCM driver and HAPI OS Invalid uport calculated from the BCM uport bcmx_l2_addr lport x Uport not valid from BCM driver OS Invalid USP calculated from the BCM uport nbcmx_l2_addr lport x USP not able to be calculated from the learn event for B...

Page 727: ... indicates the file system may be corrupted OSAPI ftruncate failed File is open for reading only ftruncate is called to correctly set the file s size in the file system after a write The file is opened for R W so this msg indicates the file system may be corrupted OSAPI ftruncate failed File descriptor refers to a file on which this operation is impossible ftruncate is called to correctly set the ...

Page 728: ... call to remove the interface from the route table the attempt to get the ipv4 interface mask from the stack failed OSAPI osapiCleanupIf NetIpDel During the call to remove the interface from the route table the attempt to delete the primary ipv4 address from the stack failed OSAPI osapiSemaTake failed The requested semaphore can not be taken because the call is made from an ISR or the semaphore ID...

Page 729: ...P and HTTPS web connections In addition Captive Portal can be configured to use an optional HTTP port in support of HTTP Proxy networks If configured this additional port is then used exclusively by Captive Portal Note that this optional port is in addition to the standard HTTP port 80 which is currently being used for all other web traffic Capitve Portal Global Commands The commands in this secti...

Page 730: ...port Use this command to reset the HTTP port to the default number 80 https port Use this command to configure an additional HTTPS port for captive portal to monitor The valid range is from 0 to 65535 Default disabled Format no enable Mode Captive Portal Configuration mode Default 80 Format http port 0 65535 Mode Captive Portal Configuration mode Format no http port Mode Captive Portal Configurati...

Page 731: ...eds to be served again in order for the client to gain access to the network no authentication timeout Use this command to reset the authentication timeout to the default show captive portal Use this command to display the status of the captive portal feature Format no https port Mode Captive Portal Configuration mode Default 300 Format authentication timeout 60 600 Mode Captive Portal Configurati...

Page 732: ... shows the reason why the operational is disabled CP IP Address It is the captive portal server IP address Format show captive portal status Mode Privileged EXEC mode Term Definition Additional HTTP Port The additional HTTP port for captive portal to monitor Captive portal only monitors port 80 by default Additional HTTP Secure Port The additional HTTPs port for captive portal to monitor Captive p...

Page 733: ...The commands in this section are related to captive portal configurations configuration Captive Portal Use this command to enter the captive portal instance mode The captive portal configuration identified by CP ID 1 is the default CP configuration The system supports a total of ten CP configurations Active Captive Portals The number of active captive portal instances System Supported Users The ma...

Page 734: ...configuration name Use this command to configure the name for a captive portal configuration The cp name can be up to 32 alphanumeric characters in length Format no configuration 1 10 Mode Captive Portal Configuration mode Default enable Format enable Mode Captive Portal Instance mode Defaul enable Format no enable Mode Captive Portal Instance mode Default Configuration 1 has the name Default by d...

Page 735: ...d to allow access for guest users users that do not have assigned user names and passwords User verification can also be configured to allow access for authenticated users Authenticated users are required to enter a valid user name and password that must first be validated against the local database or a RADIUS server Network access is granted once user verification has been confirmed Format no na...

Page 736: ...command user group 1 10 to create a group ID The default group ID is 1 for a captive portal configuration no group Use this command to reset the group number to the default redirect Captive Portal Use this command to enable the redirect mode for a captive portal configuration Use the no form of this command to disable redirect mode no redirect Use this command to disable redirect mode Default 1 Fo...

Page 737: ... The rate is in bits per seconds 0 indicates limit not enforced no max bandwidth down Use this command to reset the maximum rate to the default max bandwidth up Use this command to configure the maximum rate at which a client can send data into the network The rate is in bits per seconds 0 indicates limit not enforced Format no redirect Mode Captive Portal Instance mode Format redirect url url Mod...

Page 738: ...r this limit has been reached the user will be disconnected The number of octets is in bytes 0 indicates limit not enforced no max input octets Use this command to reset the limit to the default Default 0 Format max bandwidth up 0 536870911 Mode Captive Portal Instance mode Format no max bandwidth up Mode Captive Portal Instance mode Default 0 Format max input octets 0 4294967295 Mode Captive Port...

Page 739: ...ommand to configure the maximum number of octets the user is allowed to transfer i e the sum of octets transmitted and received After this limit has been reached the user will be disconnected The number of total octets is in bytes 0 indicates limit not enforced Use the no form of this command to reset the limit to the default no max total octets Use this command to reset the limit to the default D...

Page 740: ...n timeout to the default idle timeout Use this command to configure the idle timeout for a captive portal configuration 0 indicates timeout not enforced After an idle session has been reached this the user will be disconnected no idle timeout Use this command to reset the idle timeout to the default Format max total octets 0 4294967295 Mode Captive Portal Instance mode Default 0 Format session tim...

Page 741: ...ations using a text based format no locale This command is intended to delete a locale The default locale cannot be deleted interface Captive Portal Use this command to associate an interface with a captive portal configuration no interface Use this command to remove an association with a captive portal configuration Format no idle timeout Mode Captive Portal Instance mode Default 1 Format locale ...

Page 742: ...ng a captive portal instance is a temporary command executed by the administrator and not saved in the configuration no block Use this command to unblock traffic Captive Portal Status Commands This section describes commands that return captive portal status show captive portal configuration Use this command to display the operational status of each captive portal configuration Format no interface...

Page 743: ...he captive portal ID If you do not specify an interface number all the interfaces assigned to the captive portal configuration will be displayed Format show captive portal configuration 1 10 Mode Privileged EXEC mode Term Definition CP ID The captive portal ID CP Name The captive portal instance name Operational Status The operational status is enabled or disabled Disable Reason If the operational...

Page 744: ...Interface Description Unit 1 Slot 0 Port 1 Gigab Operational Status Disabled Disable Reason Interface Not Attached Block Status Not Blocked Authenticated Users 0 Term Definition CP ID The captive portal ID CP Name The captive portal name Interface The interface associated with the CP ID Interface Description The interface description Operational Status The operational status is enabled or disabled...

Page 745: ...roup Name The name of the group associated with this captive portal instance Redirect URL Mode The redirect mode for this captive portal instance Redirect URL The redirect URL is up to 512 characters Session Timeout Logout once session timeout is reached seconds Idle Timeout Logout once idle timeout is reached seconds Max Bandwidth Up Maximum client transmit rate b s Limits the bandwidth at which ...

Page 746: ...Guest Group Name group123 Redirect URL Mode Enabled Redirect URL www cnn com Session Timeout seconds 86400 Idle Timeout seconds 600 Max Bandwidth Up bytes sec 0 Max Bandwidth Down bytes sec 0 Max Input Octets bytes 0 Max Output Octets bytes 0 Max Total Octets bytes 0 show captive portal configuration locales Use this command to display locales associated with a specific captive portal configuratio...

Page 747: ...ive portal client status Use this command to display client connection details or a connection summary for connected captive portal users macaddr is Client MAC address If no macaddr is entered all the client status will be displayed Format show captive portal trapflags Mode Privileged EXEC mode Format show captive portal client macaddr status Mode Privileged EXEC mode Term Definition Client MAC Ad...

Page 748: ...IP Address 10 254 96 47 Protocol Mode https Verification Mode Local CP ID 1 CP Name cp1 Interface 1 0 1 Interface Description Unit 1 Slot 0 Port 1 Gigabit Level User Name user123 Session Time 0d 00 00 13 show captive portal client statistics Use this command to display the statistics for a specific captive portal client The macaddr is client MAC address Term Definition CP ID The captive portal ID ...

Page 749: ...tes Received The number of bytes received from the client Bytes Transmitted The number of bytes transmitted to the client Packets Received The number of packets received from the client Packets Transmitted The number of packets transmitted from the client Format show captive portal interface unit slot port client status Mode Privileged EXEC mode Term Definition Client Intf Interface on which the c...

Page 750: ...tocol Verification 0002 BC00 1290 10 254 96 47 1 cp1 http local 0002 BC00 1291 10 254 96 48 2 cp2 http local show captive portal configuration client status Use this command to display the clients authenticated to all captive portal configurations or a to specific configuration 1 10 is the captive portal ID Verification The user verification mode Format show captive portal configuration 1 10 clien...

Page 751: ...002 BC00 1290 10 254 96 47 1 0 1 Unit 1 Slot 0 Port 1 Gigabit 0002 BC00 1291 10 254 96 48 1 0 2 Unit 1 Slot 0 Port 2 Gigabit captive portal client deauthenticate Use this command to deauthenticate a specific captive portal client The macaddr is the Client MAC address Captive Portal Interface Commands The following section describes captive portal interface commands show captive portal interface co...

Page 752: ...ands The following section describes captive portal local user commands user password Use this command to create a local user or change the password for an existing user The user id is user ID in the range of 1 128 The password is the user passord in the range of 8 64 characters You can also enter encrypted password using the parameter encrypted Format show captive portal interface configuration 1...

Page 753: ...fore execute this command You can create the local user using user password first user group Use this command to associate a group with a captive portal user A user must be associated with at least one group so the last group cannot be dis associated 1 128 is the user ID and 1 10 is the group ID Format user user id password password encrypted enc password Mode Captive Portal Configuration mode For...

Page 754: ...user session timeout Use this command to reset the session timeout to the default user idle timeout Use this command to set the session idle timeout value for a captive portal user 1 128 is the user ID The range of idle timeout is 0 900 seconds 0 indicates use global configuration Format no user 1 128 group 1 10 Mode Captive Portal Configuration mode Defaul 0 Format user 1 128 session timeout time...

Page 755: ...th down Use this command to reset the limit to the default user max bandwidth up Use this command to configure the bandwidth at which the client can send data into the Network 1 128 is the user ID The range of bps is 0 536870911 bps 0 indicates use global configuration Format no user 1 128 idle timeout timeout Mode Captive Portal Configuration mode Default 0 Format user 1 128 max bandwidth down bp...

Page 756: ...this command to reset the limit to the default user max output octets Use this command to limit the number of octets the user is allowed to receive After this limit has been reached the user will be disconnected The 1 128 is the user ID The range of the octets is 0 4294967295 0 indicates to use the global limit Format no user 1 128 max bandwidth up Mode Captive Portal Configuration mode Default 0 ...

Page 757: ... is the user ID The range of octets is 0 4294967295 0 indicates to use the global limit Use the no form of this command to reset the limit to the default no user max total octets Use this command to reset the limit to the default show captive portal user Use this command to display all configured users or a specific user in the captive portal local user database Default 0 Format no user 1 128 max ...

Page 758: ...he client can send data into the network If the value is 0 then use the value configured for the captive portal Max Bandwidth Down bytes sec Maximum client receive rate b s Limits the bandwidth at which the client can receive data from the network If the value is 0 or then use the value configured for the captive portal Max Input Octets bytes Maximum number of octets the user is allowed to transmi...

Page 759: ...dwidth Up bytes sec 0 Max Bandwidth Down bytes sec 0 Max Input Octets bytes 0 Max Output Octets bytes 0 Max Total Octets bytes 0 Group ID Group Name 1 Default 2 group2 clear captive portal users Use this command to delete all captive portal user entries Captive Portal User Group Commands The following section describes captive portal user group commands user group Create Use this command to create...

Page 760: ... 10 is the user group ID The name can be a string up to 32 characters user group rename Use this command to change a group s ID to a different group ID Default 1 Format user group 1 10 Mode Captive Portal Configuration mode Format user group 1 10 Mode Captive Portal Configuration mode Format user group 1 10 name name Mode Captive Portal Configuration mode Format user group group id rename new grou...

Page 761: ...3 7 38 area nssa default info originate OSPF 4 42 area nssa default info originate OSPFv3 7 39 area nssa no redistribute OSPF 4 43 area nssa no redistribute OSPFv3 7 39 area nssa no summary OSPF 4 43 area nssa no summary OSPFv3 7 40 area nssa translator role OSPF 4 44 area nssa translator role OSPFv3 7 40 area nssa translator stab intv OSPF 4 44 area nssa translator stab intv OSPFv3 7 40 area rang...

Page 762: ...st 3 135 arp cachesize 4 3 arp dynamicrenew 4 3 arp purge 4 4 arp resptime 4 4 arp retries 4 4 arp timeout 4 5 assign queue 8 20 authentication timeout 12 3 authorization network radius 10 52 auto cost OSPF 4 49 auto cost OSPFv3 7 45 auto negotiate 3 3 auto negotiate all 3 4 auto summary 4 83 auto voip 8 49 auto voip all 8 48 bandwidth 4 50 block 12 14 boot autoinstall auto save 9 3 boot autoinsta...

Page 763: ... inspection statistics 3 138 clear ip dhcp binding 9 51 clear ip dhcp conflict 9 51 clear ip dhcp server statistics 9 51 clear ip dhcp snooping binding 3 129 clear ip dhcp snooping statistics 3 129 clear ip ospf 4 51 clear ip ospf configuration 4 51 clear ip ospf counters 4 51 clear ip ospf neighbor 4 52 clear ip ospf neighbor interface 4 52 clear ip ospf redistribution 4 52 clear ip route all 4 1...

Page 764: ...nform color 8 21 copy 9 32 copy pre login banner 10 73 cos queue min bandwidth 8 4 cos queue strict 8 4 crypto certificate generate 10 19 crypto key generate dsa 10 20 crypto key generate rsa 10 20 debug arp 9 63 debug auto voip 9 63 debug clear 9 64 debug console 9 64 debug dot1x packet 9 65 debug igmpsnooping packet 9 65 debug igmpsnooping packet receive 9 67 debug igmpsnooping packet transmit 9...

Page 765: ...mation originate OSPF 4 53 default information originate OSPFv3 7 47 default information originate RIP 4 84 default metric OSPF 4 53 default metric OSPFv3 7 48 default metric RIP 4 84 default router 9 42 delete 9 4 deleteport Global Config 3 92 deleteport Interface Config 3 92 description 3 5 diffserv 8 9 disconnect 10 28 distance ospf OSPF 4 54 distance ospf OSPFv3 7 48 distance rip 4 84 distribu...

Page 766: ...t vlan 3 65 dot1x initialize 3 65 dot1x max req 3 66 dot1x max users 3 66 dot1x port control 3 67 dot1x port control all 3 67 dot1x re authenticate 3 68 dot1x re authentication 3 68 dot1x system auth control 3 69 dot1x timeout 3 69 dot1x unauthenticated vlan 3 70 dot1x user 3 71 drop 8 20 dvlan tunnel ethertype 3 46 enable OSPF 4 39 enable OSPFv3 7 49 enable Privileged EXEC access 10 4 enable RIP ...

Page 767: ...p access list rename 8 40 ip address 4 9 ip arp inspection filter 3 134 ip arp inspection limit 3 133 ip arp inspection trust 3 133 ip arp inspection validate 3 132 ip arp inspection vlan 3 131 ip arp inspection vlan logging 3 132 ip dhcp bootp automatic 9 50 ip dhcp conflict logging 9 50 ip dhcp excluded address 9 48 ip dhcp ping packets 9 49 ip dhcp pool 9 41 ip dhcp snooping 3 120 ip dhcp snoop...

Page 768: ...tocol 10 27 ip http secure server 10 21 ip http secure session hard timeout 10 25 ip http secure session maxsessions 10 24 ip http secure session soft timeout 10 25 ip http server 10 21 ip http session hard timeout 10 22 ip http session maxsessions 10 23 ip http session soft timeout 10 24 ip https authentication 10 26 ip icmp echo reply 4 92 ip icmp error interval 4 92 ip igmp 5 26 ip igmp last me...

Page 769: ...ntication 4 56 ip ospf cost 4 56 ip ospf dead interval 4 57 ip ospf hello interval 4 57 ip ospf mtu ignore 4 60 ip ospf network 4 58 ip ospf priority 4 58 ip ospf retransmit interval 4 59 ip ospf transmit delay 4 59 ip pimdm Global Config 5 12 ip pimdm Interface Config 5 13 ip pimdm hello interval 5 13 ip pimsm bsr border 5 17 ip pimsm bsr candidate 5 17 ip pimsm dr priority 5 18 ip pimsm hello in...

Page 770: ... 3 123 ip verify source 3 125 ip vrrp Global Config 4 25 ip vrrp Interface Config 4 25 ip vrrp authentication 4 27 ip vrrp ip 4 26 ip vrrp mode 4 26 ip vrrp preempt 4 27 ip vrrp priority 4 28 ip vrrp timers advertise 4 29 ip vrrp track interface 4 29 ip vrrp track ip route 4 30 ipv6 access list 8 44 ipv6 access list rename 8 45 ipv6 address 7 12 ipv6 dhcp pool 7 71 ipv6 dhcp relay destination 7 69...

Page 771: ...val 7 17 ipv6 nd ra lifetime 7 17 ipv6 nd reachable time 7 18 ipv6 nd suppress ra 7 18 ipv6 ospf 7 33 ipv6 ospf areaid 7 33 ipv6 ospf cost 7 34 ipv6 ospf dead interval 7 34 ipv6 ospf hello interval 7 35 ipv6 ospf mtu ignore 7 35 ipv6 ospf network 7 36 ipv6 ospf priority 7 36 ipv6 ospf retransmit interval 7 37 ipv6 ospf transmit delay 7 37 ipv6 pimdm 6 4 ipv6 pimdm hello interval 6 5 ipv6 pimsm bsr...

Page 772: ...lacp actor system priority 3 97 lacp admin key 3 93 lacp collector max delay 3 93 lacp partner admin key 3 98 lacp partner admin state individual 3 98 lacp partner admin state longtimeout 3 99 lacp partner admin state passive 3 100 lacp partner port id 3 100 lacp partner port priority 3 101 lacp partner system id 3 102 lacp partner system priority 3 102 lease 9 44 line 10 8 lldp med 3 181 lldp med...

Page 773: ...29 mac access group 8 35 mac access list extended 8 33 mac access list extended rename 8 33 macfilter 3 115 macfilter adddest 3 116 macfilter adddest all 3 117 macfilter addsrc 3 118 macfilter addsrc all 3 118 mark cos 8 22 mark ip precedence 8 23 match any 8 12 match class map 8 12 match cos 8 13 match destination address mac 8 14 match dstip 8 14 match dstip6 8 15 match dstl4port 8 15 match ethe...

Page 774: ... 12 6 netbios name server 9 46 netbios node type 9 47 network DHCP Pool Config 9 45 network area OSPF 4 40 network ipv6 address 7 2 network ipv6 enable 7 2 network ipv6 gateway 7 3 network javamode 10 6 network mac address 10 5 network mac type 10 5 network mgmt_vlan 3 31 network parms 10 4 network protocol 10 5 next server 9 47 no monitor 3 114 option 9 48 passive interface OSPF 4 62 passive inte...

Page 775: ...load balance 3 107 port channel name 3 109 port channel static 3 103 port channel system priority 3 109 port security 3 167 port security mac address 3 168 port security mac address move 3 169 port security max dynamic 3 167 port security max static 3 168 prefix delegation IPv6 7 72 priority 10 70 private group name 3 55 protocol group 3 38 protocol vlan group 3 39 protocol vlan group all 3 40 pro...

Page 776: ... list 10 72 script show 10 73 script validate 10 73 serial baudrate 10 8 serial timeout 10 9 service dhcp 9 49 service dhcpv6 7 69 service policy 8 25 session limit 10 13 session timeout 10 13 session timeout Captive Portal 12 12 set garp timer join 3 57 set garp timer leave 3 57 set garp timer leaveall 3 58 set gmrp adminmode 3 61 set gmrp interfacemode 3 62 set gvrp adminmode 3 59 set gvrp inter...

Page 777: ...router interface 3 159 set mld querier 3 162 set mld querier election participate 3 164 set mld querier query_interval 3 163 set mld querier timer expiry 3 164 set prompt 10 74 set slot disable 2 4 set slot power 2 5 sflow poller 9 86 sflow receiver 9 84 sflow sampler 9 85 show access lists 8 43 show arp 4 6 show arp access list 3 139 show arp brief 4 7 show arp switch 4 7 show arp switch 9 6 show...

Page 778: ...w classofservice ip dscp mapping 8 6 show classofservice ip precedence mapping 8 6 show classofservice trust 8 7 show clock 9 40 show diffserv 8 27 show diffserv service 8 30 show diffserv service brief 8 30 show dos control 3 203 show dot1q tunnel 3 47 show dot1x 3 72 show dot1x clients 3 76 show dot1x users 3 77 show dvlan tunnel 3 48 show eventlog 9 7 show forwardingdb agetime 3 205 show garp 3...

Page 779: ...3 126 show ip dhcp snooping database 3 127 show ip dhcp snooping statistics 3 128 show ip dvmrp 5 9 show ip dvmrp interface 5 9 show ip dvmrp neighbor 5 10 show ip dvmrp nexthop 5 11 show ip dvmrp prune 5 11 show ip dvmrp route 5 12 show ip helper address 4 38 show ip http 10 27 show ip igmp 5 31 show ip igmp groups 5 31 show ip igmp interface 5 32 show ip igmp interface membership 5 33 show ip ig...

Page 780: ... show ip ospf stub table 4 80 show ip ospf virtual link 4 81 show ip ospf virtual link brief 4 82 show ip pimdm 5 14 show ip pimdm interface 5 14 show ip pimdm interface stats 5 15 show ip pimdm neighbor 5 15 show ip pimsm 5 23 show ip pimsm bsr 5 23 show ip pimsm interface 5 24 show ip pimsm neighbor 5 25 show ip pimsm rp mapping 5 26 show ip pimsm rphash 5 25 show ip rip 4 89 show ip rip interfa...

Page 781: ...oxy groups detail 6 27 show ipv6 mld proxy interface 6 25 show ipv6 mroute 6 2 show ipv6 mroute group 6 3 show ipv6 mroute source 6 3 show ipv6 neighbor 7 23 show ipv6 ospf 7 55 show ipv6 ospf abr 7 57 show ipv6 ospf area 7 57 show ipv6 ospf asbr 7 59 show ipv6 ospf database 7 59 show ipv6 ospf database database summary 7 60 show ipv6 ospf interface 7 61 show ipv6 ospf interface brief 7 62 show ip...

Page 782: ...9 90 show license features 9 90 show lldp 3 175 show lldp interface 3 175 show lldp local device 3 180 show lldp local device detail 3 180 show lldp med 3 185 show lldp med interface 3 186 show lldp med local device detail 3 187 show lldp med remote device 3 189 show lldp med remote device detail 3 190 show lldp remote device 3 177 show lldp remote device detail 3 178 show lldp statistics 3 176 sh...

Page 783: ...policy map interface 8 31 show port 3 8 show port description 3 9 show port protocol 3 8 show port status 3 9 show port channel 3 111 show port channel 3 112 show port channel brief 3 110 show port channel system priority 3 112 show port security 3 169 show port security dynamic 3 169 show port security static 3 170 show port security violation 3 170 show private group 3 56 show process cpu 9 13 s...

Page 784: ...t summary 3 29 show spanning tree summary 3 30 show spanning tree vlan 3 30 show stack port 2 10 show stack port counters 2 11 show stack port diag 2 11 show storm control 3 90 show supported cardtype 2 7 show supported switchtype 2 9 show switch 2 8 show switchport protected 3 53 show sysinfo 9 16 show tacacs 10 70 show tech support 9 17 show telnet 10 15 show telnetcon 10 16 show terminal length...

Page 785: ... 45 snmp server enable traps multiusers 10 45 snmp server enable traps stpmode 10 46 snmp server enable traps violation 10 44 snmptrap 10 46 snmptrap ipaddr 10 48 snmptrap mode 10 48 snmptrap snmpversion 10 47 sntp broadcast client poll interval 9 34 sntp client mode 9 35 sntp client port 9 35 sntp server 9 37 sntp unicast client poll interval 9 36 sntp unicast client poll retry 9 36 sntp unicast ...

Page 786: ...l broadcast 3 78 storm control broadcast Global Config 3 80 storm control broadcast level 3 79 storm control broadcast level Global Config 3 81 storm control broadcast rate 3 80 storm control broadcast rate Global Config 3 81 storm control flowcontrol 3 89 storm control multicast 3 82 storm control multicast Global Config 3 84 storm control multicast level 3 83 storm control multicast level Global...

Page 787: ... 7 6 traceroute ipv6 9 26 traffic shape 8 5 transport input telnet 10 12 transport output telnet 10 12 trapflags OSPF 4 63 trapflags OSPFv3 7 52 tunnel destination 7 7 tunnel mode ipv6ip 7 7 tunnel source 7 7 update bootcode 9 6 user group name 12 32 user group rename 12 32 user group 12 25 user group Create 12 31 user idle timeout 12 26 user max bandwidth down 12 27 user max bandwidth up 12 27 us...

Page 788: ...filter 3 33 vlan makestatic 3 33 vlan name 3 34 vlan participation 3 34 vlan participation all 3 35 vlan port acceptframe all 3 35 vlan port ingressfilter all 3 36 vlan port priority all 3 51 vlan port pvid all 3 36 vlan port tagging all 3 37 vlan priority 3 51 vlan protocol group 3 37 vlan protocol group add protocol 3 38 vlan protocol group remove 3 38 vlan pvid 3 40 vlan routing 4 24 vlan taggi...

Reviews:

No comments

Related manuals for GSM7328Sv2 - ProSafe 24+4 Gigabit Ethernet L3 Managed Stackable Switch

Garland P1GCCAS Installation Manual preview
P1GCCAS
Brand: Garland Pages: 4
National Instruments NI 9871 Operating Instructions Manual preview
NI 9871
Brand: National Instruments Pages: 24
National Instruments NI 9478 Operating Instructions Manual preview
NI 9478
Brand: National Instruments Pages: 32
National Instruments FIELDPOINT FP-1600 Operating Instructions Manual preview
FIELDPOINT FP-1600
Brand: National Instruments Pages: 8
Watchguard Firebox SOHO 6 Wireless Instructions Manual preview
Firebox SOHO 6 Wireless
Brand: Watchguard Pages: 8
DCE ANS-205 User Manual preview
ANS-205
Brand: DCE Pages: 5
Axis AXIS P1354 Installation Manual preview
AXIS P1354
Brand: Axis Pages: 104
NetComm 3G25W-R Manual preview
3G25W-R
Brand: NetComm Pages: 69
Buffalo LinkStation Quick Setup Manual preview
LinkStation
Brand: Buffalo Pages: 2
Ubiquiti PBE-M5-400-ISO Quick Start Manual preview
PBE-M5-400-ISO
Brand: Ubiquiti Pages: 28
PairGain T1L2PY0AA Manual preview
T1L2PY0AA
Brand: PairGain Pages: 80
Planet WNAP-7335 Quick Installation Manual preview
WNAP-7335
Brand: Planet Pages: 2
LevelOne FBR-1412TX User Manual preview
FBR-1412TX
Brand: LevelOne Pages: 83
Omron JUNMA PULSE Datasheet preview
JUNMA PULSE
Brand: Omron Pages: 4
Allied Telesis IS230-10GP Web User Manual preview
IS230-10GP
Brand: Allied Telesis Pages: 136
Supero AOC-SIMLP-3+ User Manual preview
AOC-SIMLP-3+
Brand: Supero Pages: 66
HeimVision HM243 User Manual preview
HM243
Brand: HeimVision Pages: 167
Crestron C2N-NPA8 Operation Manual preview
C2N-NPA8
Brand: Crestron Pages: 40

Brands by name

Popular brands

Load more brands