manualshive.com logo in svg

Planet Networking & Communication SGS-6340-16XR, Command Manual, Page: 510 / 984

Share
Download
Planet Networking & Communication SGS-6340-16XR Command Manual Download Page 510

 

26-2 

Function:   

Set  the  threshold  of  received  messages  of  the  port-based  ARP  scanning  prevention.  If  the  rate  of  received  ARP 

messages exceeds the threshold, the port will be closed. The unit is packet/second. The “no anti-arpscan port-based 

threshold” command will reset the default value, 10 packets/second. 

 

Parameters:   

rate threshold, ranging from 2 to 200.

 

 

Default Settings:   

10 packets /second. 

 

Command Mode:   

Global Configuration Mode. 

 

User Guide:   

the threshold of port-based ARP scanning prevention should be larger than the threshold of IP-based ARP scanning 

prevention, or, the IP-based ARP scanning prevention will fail. 

 

Example:   

Set the threshold of port-based ARP scanning prevention as 10 packets /second. 

Switch (config) #anti-arpscan port-based threshold 10 

 

 

26.3 anti-arpscan ip-based threshold 

Command:   

anti-arpscan ip-based threshold

 <threshold-value>

 

no anti-arpscan ip-based threshold 

 

Function:   

Set  the  threshold  of  received  messages  of  the  IP-based  ARP  scanning  prevention.  If  the  rate  of  received  ARP 

messages exceeds the threshold, the IP messages from this IP will be blocked. The unit is packet/second. The “no 

anti-arpscan ip-

based threshold” command will reset the default value, 3 packets/second. 

 

Parameters:   

rate threshold, ranging from 1 to 200.

 

 

 

Summary of Contents for SGS-6340-16XR

Page 1: ...1 1 ...

Page 2: ...d 1 50 1 1 12 exec timeout 1 50 1 1 13 exit 1 51 1 1 14 help 1 52 1 1 15 hostname 1 52 1 1 16 ip host 1 53 1 1 17 ipv6 host 1 54 1 1 18 ip http server 1 55 1 1 19 language 1 55 1 1 20 login 1 56 1 1 21 password 1 56 1 1 22 privilege 1 57 1 1 23 reload 1 58 1 1 24 service password encryption 1 59 1 1 25 service terminal length 1 59 1 1 26 sysContact 1 60 1 1 27 sysLocation 1 61 1 1 28 set default 1...

Page 3: ...p 1 76 1 2 9 authentication securityipv6 1 77 1 2 10 authorization 1 78 1 2 11 authorization line vty command 1 79 1 2 12 clear line vty 0 31 1 80 1 2 13 crypto key clear rsa 1 80 1 2 14 terminal length 1 80 1 2 15 terminal monitor 1 81 1 2 16 telnet 1 82 1 2 17 telnet server enable 1 83 1 2 18 telnet server max connection 1 83 1 2 19 ssh server authentication retries 1 84 1 2 20 ssh server enable...

Page 4: ...erver community 1 102 1 4 13 snmp server enable 1 103 1 4 14 snmp server enable traps 1 104 1 4 15 snmp server engineid 1 105 1 4 16 snmp server group 1 105 1 4 17 snmp server host 1 106 1 4 18 snmp server securityip 1 108 1 4 19 snmp server securityip 1 108 1 4 20 snmp server trap source 1 109 1 4 21 snmp server user 1 110 1 4 22 snmp server view 1 111 1 5 COMMANDS FOR SWITCH UPGRADE 1 112 1 5 1 ...

Page 5: ... 3 129 3 1 CLEAR CLUSTER NODES 3 129 3 2 CLUSTER AUTO ADD 3 129 3 3 CLUSTER COMMANDER 3 130 3 4 CLUSTER IP POOL 3 131 3 5 CLUSTER KEEPALIVE INTERVAL 3 132 3 6 CLUSTER KEEPALIVE LOSS COUNT 3 133 3 7 CLUSTER MEMBER 3 134 3 8 CLUSTER MEMBER AUTO TO USER 3 135 3 9 CLUSTER RESET MEMBER 3 135 3 10 CLUSTER RUN 3 136 3 11 CLUSTER UPDATE MEMBER 3 137 3 12 DEBUG CLUSTER 3 138 3 13 DEBUG CLUSTER PACKETS 3 13...

Page 6: ...egotiation 4 152 4 1 10 port rate statistics interval 4 153 4 1 11 port scan mode 4 154 4 1 12 rate violation 4 155 4 1 13 show interface 4 156 4 1 14 shutdown 4 159 4 1 15 speed duplex 4 160 4 1 16 storm control 4 161 4 1 17 virtual cable test 4 162 4 1 18 switchport discard packet 4 163 CHAPTER 5 COMMANDS FOR PORT ISOLATION FUNCTION 5 165 5 1 ISOLATE PORT GROUP 5 165 5 2 ISOLATE PORT GROUP SWITC...

Page 7: ...HERNET 7 176 7 6 DEBUG ULDP PACKET 7 176 7 7 ULDP AGGRESSIVE MODE 7 177 7 8 ULDP ENABLE 7 178 7 9 ULDP DISABLE 7 178 7 10 ULDP HELLO INTERVAL 7 179 7 11 ULDP MANUAL SHUTDOWN 7 180 7 12 ULDP RECOVERY TIME 7 180 7 13 ULDP RESET 7 181 7 14 SHOW ULDP 7 182 CHAPTER 8 COMMANDS FOR LLDP FUNCTION 8 183 8 1 CLEAR LLDP REMOTE TABLE 8 183 8 2 DEBUG LLDP 8 183 8 3 DEBUG LLDP PACKETS 8 184 8 4 LLDP ENABLE 8 18...

Page 8: ...IGHBORS INTERFACE ETHERNET 8 196 8 19 SHOW LLDP TRAFFIC 8 196 CHAPTER 9 COMMANDS FOR PORT CHANNEL 9 198 9 1 DEBUG PORT CHANNEL 9 198 9 2 INTERFACE PORT CHANNEL 9 199 9 3 LACP PORT PRIORITY 9 199 9 4 LACP SYSTEM PRIORITY 9 200 9 5 LACP TIMEOUT 9 201 9 6 LOAD BALANCE 9 201 9 7 PORT GROUP 9 202 9 8 PORT GROUP MODE 9 203 9 9 SHOW PORT GROUP 9 204 CHAPTER 10 COMMANDS FOR MTU 10 206 10 1 MTU 10 206 CHAP...

Page 9: ...ESHOLD HIGH 11 215 11 14 ETHERNET OAM ERRORED FRAME SECONDS THRESHOLD LOW 11 216 11 15 ETHERNET OAM ERRORED FRAME SECONDS WINDOW 11 217 11 16 ETHERNET OAM ERRORED SYMBOL PERIOD THRESHOLD HIGH 11 217 11 17 ETHERNET OAM ERRORED SYMBOL PERIOD THRESHOLD LOW 11 218 11 18 ETHERNET OAM ERRORED SYMBOL PERIOD WINDOW 11 219 11 19 ETHERNET OAM LINK MONITOR 11 220 11 20 ETHERNET OAM MODE 11 220 11 21 ETHERNET...

Page 10: ...EIVER THRESHOLD VIOLATION 13 3 13 5 TRANSCEIVER MONITORING 13 4 13 6 TRANSCEIVER MONITORING INTERVAL 13 5 13 7 TRANSCEIVER THRESHOLD 13 5 CHAPTER 14 COMMANDS FOR LLDP MED 14 7 14 1 CIVIC LOCATION 14 7 14 2 DESCRIPTION LANGUAGE PROVINCE STATE CITY COUNTY STREET LOCATIONNUM LOCATION FLOOR ROOM POSTAL OTHERINFO 14 8 14 3 ECS LOCATION 14 9 14 4 LLDP MED FAST COUNT 14 9 14 5 LLDP MED TRAP 14 10 14 6 LL...

Page 11: ... 17 25 17 1 COMMANDS FOR VLAN CONFIGURATION 17 25 17 1 1 debug gvrp event 17 25 17 1 2 debug gvrp packet 17 26 17 1 3 dot1q tunnel enable 17 27 17 1 4 dot1q tunnel selective enable 17 28 17 1 5 dot1q tunnel selective s vlan 17 28 17 1 6 dot1q tunnel tpid 17 29 17 1 7 garp timer join 17 30 17 1 8 garp timer leave 17 31 17 1 9 garp timer leaveAll 17 31 17 1 10 gvrp Global 17 32 17 1 11 gvrp Port 17 ...

Page 12: ... 52 17 1 34 switchport trunk allowed vlan 17 53 17 1 35 switchport trunk native vlan 17 54 17 1 36 vlan 17 54 17 1 37 vlan internal 17 55 17 1 38 vlan ingress enable 17 56 17 1 39 vlan translation 17 57 17 1 40 vlan translation enable 17 58 17 2 COMMANDS FOR MULTI TO ONE VLAN TRANSLATION 17 58 17 2 1 vlan translation n to 1 17 58 17 2 2 show vlan translation n to 1 17 59 17 3 COMMANDS FOR DYNAMIC ...

Page 13: ... show mac address table 18 79 18 2 COMMANDS FOR MAC ADDRESS BINDING CONFIGURATION 18 80 18 2 1 clear port security dynamic 18 80 18 2 2 show port security 18 81 18 2 3 show port security address 18 82 18 2 4 show port security interface 18 83 18 2 5 switchport port security 18 84 18 2 6 switchport port security mac address 18 85 18 2 7 switchport port security maximum 18 85 18 2 8 switchport port ...

Page 14: ...ration 19 106 19 1 20 spanning tree mst cost 19 107 19 1 21 spanning tree cost format 19 109 19 1 22 spanning tree mst loopguard 19 110 19 1 23 spanning tree mst port priority 19 111 19 1 24 spanning tree mst priority 19 111 19 1 25 spanning tree mst rootguard 19 112 19 1 26 spanning tree portfast 19 113 19 1 27 spanning tree port priority 19 114 19 1 28 spanning tree priority 19 115 19 1 29 spann...

Page 15: ...MLS QOS QUEUE BANDWIDTH 20 133 20 13 MLS QOS TRUST 20 134 20 14 POLICY 20 135 20 15 POLICY AGGREGATE 20 137 20 16 POLICY MAP 20 138 20 17 SERVICE POLICY INPUT 20 139 20 18 SERVICE POLICY INPUT VLAN 20 140 20 19 SET 20 140 20 20 SHOW CLASS MAP 20 141 20 21 SHOW POLICY MAP 20 142 20 22 SHOW MLS QOS INTERFACE 20 143 20 23 SHOW MLS QOS MAPS 20 146 20 24 SHOW MLS QOS VLAN 20 148 20 25 TRANSMIT 20 149 C...

Page 16: ...ip icmp 23 4 23 2 4 debug ip packet 23 5 23 2 5 debug ipv6 packet 23 6 23 2 6 debug ipv6 icmp 23 6 23 2 7 debug ipv6 nd 23 7 23 2 8 ip address 23 8 23 2 9 ip default gateway 23 9 23 2 10 ip route 23 10 23 2 11 ipv6 address 23 11 23 2 12 ipv6 default gateway 23 12 23 2 13 ipv6 nd dad attempts 23 13 23 2 14 ipv6 nd ns interval 23 13 23 2 15 ipv6 neighbor 23 14 23 2 16 show ip interface 23 15 23 2 17...

Page 17: ...INATE 24 32 24 7 DEFAULT METRIC 24 32 24 8 DISTANCE 24 33 24 9 DISTRIBUTE LIST 24 34 24 10 IP RIP AGGREGATE ADDRESS 24 35 24 11 IP RIP AUTHENTICATION KEY CHAIN 24 36 24 12 IP RIP AUTHENTICATION MODE 24 36 24 13 IP RIP AUTHENTICATION STRING 24 37 24 14 IP RIP AUTHENTICATION CISCO COMPATIBLE 24 38 24 15 IP RIP RECEIVE PACKET 24 39 24 16 IP RIP RECEIVE VERSION 24 40 24 17 IP RIP SEND PACKET 24 41 24 ...

Page 18: ...OCOLS RIP 24 54 24 35 SHOW IP RIP 24 55 24 36 SHOW IP RIP DATABASE 24 56 24 37 SHOW IP RIP INTERFACE 24 57 24 38 SHOW IP RIP AGGREGATE 24 57 24 39 TIMERS BASIC 24 58 24 40 VERSION 24 59 CHAPTER 25 COMMANDS FOR OSPF 25 61 25 1 AREA AUTHENTICATION 25 61 25 2 AREA DEFAULT COST 25 62 25 3 AREA FILTER LIST 25 62 25 4 AREA NSSA 25 63 25 5 AREA RANGE 25 64 25 6 AREA STUB 25 65 25 7 AREA VIRTUAL LINK 25 6...

Page 19: ...E 25 74 25 20 DEFAULT INFORMATION ORIGINATE 25 75 25 21 DEFAULT METRIC 25 76 25 22 DISTANCE 25 76 25 23 DISTRIBUTE LIST 25 77 25 24 FILTER POLICY 25 78 25 25 HOST AREA 25 79 25 26 IP OSPF AUTHENTICATION 25 80 25 27 IP OSPF AUTHENTICATION KEY 25 81 25 28 IP OSPF COST 25 81 25 29 IP OSPF DATABASE FILTER 25 82 25 30 IP OSPF DEAD INTERVAL 25 83 25 31 IP OSPF DISABLE ALL 25 84 25 32 IP OSPF HELLO INTER...

Page 20: ...RFLOW DATABASE 25 97 25 49 OVERFLOW DATABASE EXTERNAL 25 98 25 50 PASSIVE INTERFACE 25 98 25 51 REDISTRIBUTE 25 99 25 52 REDISTRIBUTE OSPF 25 100 25 53 ROUTER OSPF 25 101 25 54 SHOW IP OSPF 25 101 25 55 SHOW IP OSPF BORDER ROUTERS 25 103 25 56 SHOW IP OSPF DATABASE 25 104 25 57 SHOW IP OSPF INTERFACE 25 105 25 58 SHOW IP OSPF NEIGHBOR 25 106 25 59 SHOW IP OSPF REDISTRIBUTE 25 107 25 60 SHOW IP OSP...

Page 21: ...AN LOG ENABLE 26 6 26 9 ANTI ARPSCAN TRAP ENABLE 26 7 26 10 SHOW ANTI ARPSCAN 26 8 26 11 DEBUG ANTI ARPSCAN 26 9 CHAPTER 27 COMMANDS FOR PREVENTING ARP SPOOFING 27 11 27 1 IP ARP SECURITY UPDATEPROTECT 27 11 27 2 IP ARP SECURITY LEARNPROTECT 27 11 27 3 IP ARP SECURITY CONVERT 27 12 27 4 CLEAR IP ARP DYNAMIC 27 13 27 5 CLEAR IPV6 ND DYNAMIC 27 13 CHAPTER 28 COMMAND FOR ARP GUARD 28 15 28 1 ARP GUAR...

Page 22: ...cp pool 30 28 30 1 18 ip dhcp conflict ping detection enable 30 29 30 1 19 ip dhcp ping packets 30 30 30 1 20 ip dhcp ping timeout 30 31 30 1 21 lease 30 31 30 1 22 max lease time 30 32 30 1 23 netbios name server 30 33 30 1 24 netbios node type 30 34 30 1 25 network address 30 34 30 1 26 next server 30 35 30 1 27 option 30 36 30 1 28 service dhcp 30 37 30 1 29 show ip dhcp binding 30 37 30 1 30 s...

Page 23: ...1 5 31 8 DNS SERVER 31 6 31 9 DOMAIN NAME 31 7 31 10 EXCLUDED ADDRESS 31 7 31 11 IPV6 ADDRESS 31 8 31 12 IPV6 DHCP CLIENT PD 31 9 31 13 IPV6 DHCP CLIENT PD HINT 31 10 31 14 IPV6 DHCP POOL 31 11 31 15 IPV6 DHCP RELAY DESTINATION 31 12 31 16 IPV6 DHCP SERVER 31 13 31 17 IPV6 GENERAL PREFIX 31 13 31 18 IPV6 LOCAL POOL 31 14 31 19 LIFETIME 31 15 31 20 NETWORK ADDRESS 31 16 31 21 PREFIX DELEGATION 31 1...

Page 24: ...FORMATION OPTION SELF DEFINED REMOTE ID 32 30 32 7 IP DHCP RELAY INFORMATION OPTION SELF DEFINED REMOTE ID FORMAT 32 31 32 8 IP DHCP RELAY INFORMATION OPTION SELF DEFINED SUBSCRIBER ID 32 31 32 9 IP DHCP RELAY INFORMATION OPTION SELF DEFINED SUBSCRIBER ID FORMAT 32 32 32 10 IP DHCP RELAY INFORMATION OPTION SUBSCRIBER ID 32 33 32 11 IP DHCP RELAY INFORMATION OPTION SUBSCRIBER ID FORMAT 32 34 32 12 ...

Page 25: ...cp snooping remote id option 34 52 34 1 14 ipv6 dhcp snooping remote id policy 34 53 34 1 15 ipv6 dhcp snooping subscriber id 34 54 34 1 16 ipv6 dhcp snooping subscriber id option 34 55 34 1 17 ipv6 dhcp snooping subscriber id policy 34 55 34 1 18 ipv6 dhcp snooping subscriber id select delimiter 34 56 34 1 19 ipv6 dhcp use class 34 57 34 1 20 remote id subscriber id 34 58 34 2 COMMANDS FOR MONITO...

Page 26: ...LIMITER 35 75 35 18 IP DHCP SNOOPING INFORMATION OPTION REMOTE ID 35 76 35 19 IP DHCP SNOOPING INFORMATION OPTION SELF DEFINED REMOTE ID 35 77 35 20 IP DHCP SNOOPING INFORMATION OPTION SELF DEFINED REMOTE ID FORMAT 35 78 35 21 IP DHCP SNOOPING INFORMATION OPTION SELF DEFINED SUBSCRIBER ID 35 78 35 22 IP DHCP SNOOPING INFORMATION OPTION SELF DEFINED SUBSCRIBER ID FORMAT 35 79 35 23 IP DHCP SNOOPING...

Page 27: ...02 37 1 14 show ip multicast source control access list 37 103 37 2 COMMANDS FOR IGMP SNOOPING 37 104 37 2 1 clear ip igmp snooping vlan 37 104 37 2 2 clear ip igmp snooping vlan 1 4094 mrouter port 37 104 37 2 3 debug igmp snooping all packet event timer mfc 37 105 37 2 4 ip igmp snooping 37 105 37 2 5 ip igmp snooping proxy 37 106 37 2 6 ip igmp snooping vlan 37 107 37 2 7 ip igmp snooping vlan ...

Page 28: ...lan l2 general querier 38 126 38 1 8 ipv6 mld snooping vlan limit 38 127 38 1 9 ipv6 mld snooping vlan mrouter port interface 38 127 38 1 10 ipv6 mld snooping vlan mrouter port learnpim6 38 128 38 1 11 ipv6 mld snooping vlan mrpt 38 129 38 1 12 ipv6 mld snooping vlan query interval 38 129 38 1 13 ipv6 mld snooping vlan query mrsp 38 130 38 1 14 ipv6 mld snooping vlan query robustness 38 131 38 1 1...

Page 29: ...P ACCESS GROUP 40 152 40 16 MAC ACCESS EXTENDED 40 153 40 17 MAC IP ACCESS EXTENDED 40 154 40 18 PERMIT DENY IP EXTENDED 40 155 40 19 PERMIT DENY IP STANDARD 40 156 40 20 PERMIT DENY IPV6 EXTENDED 40 157 40 21 PERMIT DENY IPV6 STANDARD 40 158 40 22 PERMIT DENY MAC EXTENDED 40 159 40 23 PERMIT DENY MAC IP EXTENDED 40 160 40 24 SHOW ACCESS LISTS 40 162 40 25 SHOW ACCESS GROUP 40 164 40 26 SHOW FIREW...

Page 30: ... MOVEMENT 41 177 41 14 DOT1X USER FREE RESOURCE 41 178 41 15 DOT1X MAX USER MACBASED 41 178 41 16 DOT1X MAX USER USERBASED 41 179 41 17 DOT1X PORTBASED MODE SINGLE MODE 41 180 41 18 DOT1X PORT CONTROL 41 181 41 19 DOT1X PORT METHOD 41 182 41 20 DOT1X PRIVATECLIENT ENABLE 41 183 41 21 DOT1X PRIVATECLIENT PROTECT ENABLE 41 183 41 22 DOT1X RE AUTHENTICATE 41 184 41 23 DOT1X RE AUTHENTICATION 41 185 4...

Page 31: ...QUERY TIMEOUT 42 197 42 10 SHOW ARP DYNAMIC COUNT 42 198 42 11 SHOW MAC ADDRESS DYNAMIC COUNT 42 199 42 12 SHOW ND DYNAMIC COUNT 42 199 42 13 SWITCHPORT ARP DYNAMIC MAXIMUM 42 200 42 14 SWITCHPORT MAC ADDRESS DYNAMIC MAXIMUM 42 201 42 15 SWITCHPORT MAC ADDRESS VIOLATION 42 202 42 16 SWITCHPORT ND DYNAMIC MAXIMUM 42 203 42 17 VLAN MAC ADDRESS DYNAMIC MAXIMUM 42 204 CHAPTER 43 COMMANDS FOR AM CONFIG...

Page 32: ...CS SERVER TIMEOUT 45 217 45 5 DEBUG TACACS SERVER 45 218 CHAPTER 46 COMMANDS FOR RADIUS 46 219 46 1 AAA ENABLE 46 219 46 2 AAA ACCOUNTING ENABLE 46 219 46 3 AAA ACCOUNTING UPDATE 46 220 46 4 DEBUG AAA PACKET 46 221 46 5 DEBUG AAA DETAIL ATTRIBUTE 46 222 46 6 DEBUG AAA DETAIL CONNECTION 46 222 46 7 DEBUG AAA DETAIL EVENT 46 223 46 8 DEBUG AAA ERROR 46 224 46 9 RADIUS NAS IPV4 46 224 46 10 RADIUS NA...

Page 33: ... HTTP SECURE PORT 47 238 47 3 IP HTTP SECURE CIPHERSUITE 47 239 47 4 SHOW IP HTTP SECURE SERVER STATUS 47 240 47 5 DEBUG SSL 47 241 CHAPTER 48 COMMANDS FOR IPV6 SECURITY RA 48 242 48 1 IPV6 SECURITY RA ENABLE 48 242 48 2 IPV6 SECURITY RA ENABLE 48 243 48 3 SHOW IPV6 SECURITY RA 48 243 48 4 DEBUG IPV6 SECURITY RA 48 244 CHAPTER 49 COMMANDS FOR MAB 49 245 49 1 AUTHENTICATION MAB 49 245 49 2 CLEAR MA...

Page 34: ...TERMEDIATE AGENT FORMAT 50 259 50 7 PPPOE INTERMEDIATE AGENT REMOTE ID 50 259 50 8 PPPOE INTERMEDIATE AGENT TRUST 50 260 50 9 PPPOE INTERMEDIATE AGENT TYPE SELF DEFINED CIRCUIT ID 50 261 50 10 PPPOE INTERMEDIATE AGENT TYPE SELF DEFINED REMOTE ID 50 262 50 11 PPPOE INTERMEDIATE AGENT TYPE TR 101 CIRCUIT ID ACCESS NODE ID 50 262 50 12 PPPOE INTERMEDIATE AGENT TYPE TR 101 CIRCUIT ID IDENTIFIER STRING...

Page 35: ... VACL IP ACCESS GROUP 52 281 52 4 VACL IPV6 ACCESS GROUP 52 282 52 5 VACL MAC ACCESS GROUP 52 283 52 6 VACL MAC IP ACCESS GROUP 52 283 CHAPTER 53 COMMANDS FOR SAVI 53 285 53 1 COMMANDS FOR SAVI 53 285 53 1 1 ipv6 cps prefix 53 285 53 1 2 ipv6 cps prefix check enable 53 286 53 1 3 ipv6 dhcp snooping trust 53 286 53 1 4 ipv6 nd snooping trust 53 287 53 1 5 savi check binding 53 288 53 1 6 savi enabl...

Page 36: ...g event 53 300 53 2 6 debug ipv6 nd snooping packet 53 300 53 2 7 show savi ipv6 check source binding 53 301 CHAPTER 54 COMMANDS FOR MRPP 54 303 54 1 CONTROL VLAN 54 303 54 2 CLEAR MRPP STATISTICS 54 304 54 3 DEBUG MRPP 54 304 54 4 ENABLE 54 305 54 5 ERRP DOMAIN 54 306 54 6 FAIL TIMER 54 307 54 7 HELLO TIMER 54 307 54 8 MRPP EAPS COMPATIBLE 54 308 54 9 MRPP ENABLE 54 309 54 10 MRPP ERRP COMPATIBLE...

Page 37: ...LAN 55 323 55 11 FLUSH ENABLE ARP 55 323 55 12 FLUSH ENABLE MAC 55 324 55 13 FLUSH ENABLE MAC VLAN 55 325 55 14 PREEMPTION DELAY 55 326 55 15 PREEMPTION MODE 55 326 55 16 PROTECT VLAN REFERENCE INSTANCE 55 327 55 17 SHOW ULPP FLUSH COUNTER INTERFACE 55 328 55 18 SHOW ULPP FLUSH RECEIVE PORT 55 329 55 19 SHOW ULPP GROUP 55 329 55 20 ULPP CONTROL VLAN 55 330 55 21 ULPP FLUSH DISABLE ARP 55 331 55 22...

Page 38: ... 57 341 57 2 MONITOR SESSION SOURCE INTERFACE ACCESS LIST 57 342 57 3 MONITOR SESSION DESTINATION INTERFACE 57 342 57 4 SHOW MONITOR 57 343 CHAPTER 58 COMMANDS FOR SFLOW 58 345 58 1 SFLOW AGENT ADDRESS 58 345 58 2 SFLOW ANALYZER 58 345 58 3 SFLOW COUNTER INTERVAL 58 346 58 4 SFLOW DATA LEN 58 347 58 5 SFLOW DESTINATION 58 348 58 6 SFLOW HEADER LEN 58 348 58 7 SFLOW PRIORITY 58 349 58 8 SFLOW RATE ...

Page 39: ...OW SNTP 61 361 CHAPTER 62 COMMANDS FOR NTP 62 362 62 1 CLOCK TIMEZONE 62 362 62 2 DEBUG NTP ADJUST 62 362 62 3 DEBUG NTP AUTHENTICATION 62 363 62 4 DEBUG NTP EVENTS 62 364 62 5 DEBUG NTP PACKET 62 365 62 6 DEBUG NTP SYNC 62 365 62 7 NTP ACCESS GROUP 62 366 62 8 NTP AUTHENTICATE 62 367 62 9 NTP AUTHENTICATION KEY 62 367 62 10 NTP BROADCAST SERVER COUNT 62 368 62 11 NTP DISABLE 62 369 62 12 NTP ENAB...

Page 40: ...79 64 2 DEBUG DNS 64 379 64 3 DNS SERVER 64 380 64 4 DNS LOOKUP 64 381 64 5 SHOW DNS NAME SERVER 64 382 64 6 SHOW DNS DOMAIN LIST 64 383 64 7 SHOW DNS HOSTS 64 383 64 8 SHOW DNS CONFIG 64 384 64 9 SHOW DNS CLIENT 64 385 64 10 IP DOMAIN LOOKUP 64 385 64 11 IP DOMAIN LIST 64 386 64 12 IP DNS SERVER 64 387 64 13 IP DNS SERVER QUEUE MAXIMUM 64 388 64 14 IP DNS SERVER QUEUE TIMEOUT 64 388 CHAPTER 65 CO...

Page 41: ...FFERED 65 401 65 15 SHOW LOGGING EXECUTED COMMANDS STATE 65 402 65 16 SHOW LOGGING SOURCE 65 403 65 17 SHOW MEMORY 65 403 65 18 SHOW RUNNING CONFIG 65 404 65 19 SHOW RUNNING CONFIG CURRENT MODE 65 405 65 20 SHOW STARTUP CONFIG 65 406 65 21 SHOW SWITCHPORT INTERFACE 65 406 65 22 SHOW TCP 65 407 65 23 SHOW TCP IPV6 65 408 65 24 SHOW TELNET LOGIN 65 409 65 25 SHOW TECH SUPPORT 65 409 65 26 SHOW UDP 6...

Page 42: ...COL 67 420 CHAPTER 68 COMMANDS FOR POE 68 421 68 1 COMMANDS FOR POE CONFIGURATION 68 421 68 1 1 power inline dynamic detect enable 68 421 68 1 2 power inline dynamic detect interval 30 300 68 422 68 1 3 power inline enable Global 68 422 68 1 4 power inline enable Port 68 423 68 1 5 power inline high inrush 68 424 68 1 6 power inline legacy 68 425 68 1 7 power inline max Global 68 425 68 1 8 power ...

Page 43: ...tively And authentication method can be any one or combination of Local RADIUS and TACACS When login method is configuration in combination the preference goes from left to right If the users have passed the authentication method authentication method of lower preferences will be ignored To be mentioned the user can login as long as a authentication method is passed AAA function and RADIUS server ...

Page 44: ...anner motd Function This command is used to configure the information displayed when the login authentication of a telnet or console user is successful the no command configures that the information is not displayed when the authentication is successful Parameters LINE The information displayed when the authentication is successful length limit from 1 to 100 characters Default Do not show the info...

Page 45: ...y and the file name No space is allowed in each part or between two parts 2 The suffix of all file names should be img 3 The length of the full file path should not be longer than 128 characters while the file name cannot be longer than 80 characters Command Mode Admin Mode Default The factory original configuration only specifies the first booting IMG file it is nos img file in the FLASH without ...

Page 46: ... is as follows 1 The file path comprises of three parts device prefix used as the root directory flash sub directory and the file name No space is allowed in each part or between two parts 2 The suffix of all file names should be cfg 3 The length of the full file path should not be longer than 128 characters while the file name cannot be longer than 80 characters Command Mode Admin Mode Default Se...

Page 47: ...id scope for YYYY is 1970 2038 MON meaning month and DD between 1 to 31 Command mode Admin Mode Default upon first time start up it is defaulted to 2006 1 1 0 0 0 Usage guide The switch cannot continue timing with power off hence the current date and time must be first set at environments where exact time is required Example To set the switch current date and time to 2002 8 1 23 0 0 Switch clock s...

Page 48: ...nfiguration Command mode Admin Mode Example Switch config 1 1 7 debug ssh server Command debug ssh server no debug ssh server Function Display SSH server debugging information the no debug ssh server command stops displaying SSH server debugging information Default This function is disabled by default Command mode Admin Mode ...

Page 49: ...None Default None Command mode Admin Mode Usage Guide None Example Switch disable Switch 1 1 9 enable Command enable 1 15 Function Use enable command to enter Admin Mode from User Mode or change the privilege level of the users Command mode User Mode Admin Mode Default None ...

Page 50: ...tch 1 1 10 enable password Command enable password level 1 15 0 7 password no enable password level 1 15 Function Configure the password used for enter Admin Mode from the User Mode The no enable password command deletes this password Parameter level 1 15 is used to specify the privilege level the default level is 15 password is the password for the user If input option 0 on password setting the p...

Page 51: ...ept User Mode Admin Mode Example Quit VLAN mode and return to Admin mode Switch config vlan1 end Switch 1 1 12 exec timeout Command exec timeout minutes seconds no exec timeout Function Configure the timeout of exiting admin mode The no exec timeout command restores the default value Parameters minute is the time value shown in minute and ranges between 0 35791 seconds is the time value shown in s...

Page 52: ...ter the admin mode again The timeout timer will be disabled when the timeout is set to 0 Example Set the admin mode timeout value to 6 minutes Switch config exec timeout 6 Set the admin mode timeout value to 5 minutes 30 seconds Switch config exec timeout 5 30 1 1 13 exit Command Exit Function Quit current mode and return to its previous mode Command mode All Modes Usage Guide This command is to q...

Page 53: ...and line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the inp...

Page 54: ...p host hostname ip_addr no ip host hostname all Function Set the mapping relationship between the host and IP address the no ip host parameter of this command will delete the mapping Parameter hostname is the host name up to 64 characters are allowed ip_addr is the corresponding IP address for the host name takes a dot decimal format all is all of the host name Command mode Global Mode Usage Guide...

Page 55: ...e no command deletes this mapping relationship Parameter hostname is the name of the host containing max 64 characters ipv6_addr is the IPv6 address corresponding to the host name all is all the host address Command Mode Global Mode Usage Guide Configure a fixed corresponding relationship between the host and the IPv6 address applicable in commands such as traceroute6 host etc Example Set the IPv6...

Page 56: ...rface configured with HTTP for the user which is straight and visual easy to understand Example Enable Web Server function and enable Web configurations Switch config ip http server 1 1 19 language Command language chinese english Function Set the language for displaying the help information Parameter chinese for Chinese display english for English display Command mode Admin and Config Mode Defaul...

Page 57: ...o login command cancels the login configuration Command mode Global mode Default No login by default Usage guide By using this command users have to enter the password set by password command to enter normal user mode with console no login cancels this restriction Example Enable password Switch config login 1 1 21 password Command password 0 7 password no password Function Configure the password u...

Page 58: ... password command to enter normal user mode on console Example Switch config password 0 test Switch config login 1 1 22 privilege Command privilege mode level 1 15 LINE no privilege mode level 1 15 LINE Function Configure the level for the specified command the no command restores the original level of the command Parameters mode register mode of the command Tab or is able to show all register mod...

Page 59: ...lt When using no command LINE must be the configured command line If the command line with the parameter the parameter must be matched with the configured command Example Change the level of show ip route command to level 5 Switch config privilege exec level 5 show ip route Change the level of peer A B C D command to level 6 Switch config privilege router msdp level 6 peer 1 2 3 4 Restore the orig...

Page 60: ...password ip ftp and username command will be encrypted by executed this command no service password encryption cancels this function however encrypted passwords remain unchanged Example Encrypt system passwords Switch config service password encryption 1 1 25 service terminal length Command service terminal length 0 512 no service terminal length Function Configure the columns of characters displa...

Page 61: ...to 20 Switch config service terminal length 20 1 1 26 sysContact Command sysContact LINE no sysContact Function Set the factory contact mode the no sysContact command reset the switch to factory settings Parameter LINE is the prompt character string range from 0 to 255 characters Command mode Global Mode Default The factory settings Usage guide The user can set the factory contact mode bases the f...

Page 62: ...LINE is the prompt character string range from 0 to 255 characters Command mode Global Mode Default The factory settings Usage guide The user can set the factory address bases the fact instance Example Set the factory address to test Switch config sysLocation test 1 1 28 set default Command set default Function Reset the switch to factory settings Command mode Admin Mode ...

Page 63: ...mand must be executed to save the operation The switch will reset to factory settings after restart Example Switch set default Are you sure Y N y Switch write Switch reload 1 1 29 setup Command Setup Function Enter the Setup Mode of the switch Command mode Admin Mode Usage Guide Switch provides a Setup Mode in which the user can configure IP addresses etc 1 1 30 show clock Command show clock Funct...

Page 64: ... CPU usage rate Command mode Admin and configuration mode Usage Guide Check the current usage of CPU resource by show cpu usage command Only the chassis switch uses slotno parameter which is used to show the CPU usage rate of the card on specified slot if there is no parameter the default is current card Example Show the current usage rate of CPU Switch show cpu usage Last 5 second CPU IDLE 87 Las...

Page 65: ...d is used to show CPU utilization rate in the past 5 seconds 30 seconds and 5 minutes Example Show CPU utilization rate Switch show cpu utilization Last 5 second CPU USAGE 9 Last 30 second CPU USAGE 11 Last 5 minute CPU USAGE 11 From running CPU USAGE 11 1 1 33 show memory usage Command show memory usage slotno Function Show memory usage rate Command mode Admin and configuration mode ...

Page 66: ...s no parameter the default is current card Example Show the current usage rate of the memory Switch show memory usage The memory total 128 MB free 58914872 bytes usage is 56 10 1 1 34 show privilege Command show privilege Function Show privilege of the current users Parameter None Command Mode All configuration modes Example Show privilege of the current user Switch Config show privilege Current p...

Page 67: ...reviation format is used to the command which can be analyzed successfully For half baked command false command about writing and command that abbreviation cannot be analyzed successfully the level of them cannot be shown Example Show the level of privilege command Switch config show privilege exec show ip route The command show ip route Privilege is 15 1 1 36 show tech support Command show tech s...

Page 68: ...eration is malfunctioned Example Switch show tech support 1 1 37 show version Command show version Function Display the version information of the switch Command mode Admin and Configuration Mode Usage Guide This command is used to show the version of the switch it includes the hardware version and the software version information Example Switch show version 1 1 38 username Command username userna...

Page 69: ...as be configured as preference level of 15 in order to login the switch and make configuration changes in privileged mode and global mode If there are no configured local users with preference level of 15 while only Local authentication is configured for the Console login method the switch can be login without any authentication When using the HTTP method to login the switch only users with prefer...

Page 70: ...lect the language according to their preference 1 1 40 write Command Write Function Save the currently configured parameters to the Flash memory Command mode Admin Mode Usage Guide After a set of configuration with desired functions the setting should be saved to the specified configuration file so that the system can revert to the saved configuration automatically in the case of accidentally powe...

Page 71: ... not be longer than 128 characters while the file name cannot be longer than 80 characters Command Mode Admin Mode Usage Guide Config file saved by Flash Memory can be used for startup file Example Save the current running config as cfg file with name of 123 Switch write running config 123 cfg 1 2 Commands for Telnet 1 2 1 aaa authorization config commands Command aaa authorization config commands...

Page 72: ... no accounting line console vty exec Function Configure the list of the accounting method for the login user with VTY login with Telnet and SSH and Console The no command restores the default accounting method Parameters line selects the accounting line including console vty telnet and ssh start stop sends the accounting start or the accounting stop when the user is logging or exit the login stop ...

Page 73: ...the accounting line including console vty telnet and ssh command 1 15 is the level of the accounting command start stop sends the accounting start or the accounting stop when the user is logging or exit the login stop only sends the accounting stop when the user exits the login only none does not send the accounting start or the accounting stop method is the list of the accounting method it only s...

Page 74: ...de Usage Guide The enable authentication method can be any one or combination of Local RADIUS and TACACS When login method is configuration in combination the preference goes from left to right If the users have passed the authentication method authentication method of lower preferences will be ignored To be mentioned if the user receives corresponding protocol s answer whether refuse or incept it...

Page 75: ...lt The binding ACL to Telnet SSH Web function is closed by default Command Mode Global Mode Example Binding standard IP ACL protocol to access class 1 Switch config authentication ip access class 1 in 1 2 6 authentication ipv6 access class Command authentication ipv6 access class num std name no authentication ipv6 access class Function Binding standard IPv6 ACL protocol to login with Telnet SSH W...

Page 76: ...onsole vty telnet and ssh and web method is the list of the authentication method it must be among local tacacs and radius keywords local uses the local database to authenticate tacacs uses the remote TACACS authentication server to authenticate radius uses the remote RADIUS authentication server to authenticate Default No configuration is enabled for the console login method by default Local auth...

Page 77: ...d the login command makes the Console login to use the passwords configured by the password command for authentication If local authentication is configured while no local users are configured users will be able to login the switch via the Console method Example Configure the telnet and ssh login with the remote RADIUS authentication Switch config authentication line vty login radius Relative Comm...

Page 78: ...tion To configure the security IPv6 address for Telnet and HTTP login method The no form of this command will remove the specified configuration Parameters ipv6 addr is the security IPv6 address which can login the switch Default No security IPv6 addresses are configured by default Command Mode Global Mode Usage Guide IPv6 address of the client which can login the switch is not restricted before t...

Page 79: ...figured respectively And authorization method can be any one or combination of Local RADIUS or TACACS When login method is configuration in combination the preference goes from left to right If the users have passed the authorization method authorization method of lower preferences will be ignored To be mentioned if the user receives corresponding protocol s answer whether refuse or incept it will...

Page 80: ...manner is the highest and the others are in descending order if the authorization with high priority passed it is successful to configure command and the back authorization manner will be ignored Notice as long as one authorization manner receives a clear response of the corresponding agreement Whether it is received or refused the next authorization manner will not be attempted If the clear respo...

Page 81: ...hen inputting Y or y run to delete when inputting do not run to delete print the notice information only When inputting other characters do not run to delete 1 2 13 crypto key clear rsa Command crypto key clear rsa Function Clear the secret key of ssh Command mode Admin Mode 1 2 14 terminal length Command terminal length 0 512 terminal no length Function Set length of characters displayed in each ...

Page 82: ...th is 25 Example Configure length of characters in each display to 20 Switch terminal length 20 1 2 15 terminal monitor Command terminal monitor terminal no monitor Function Copy debugging messages to current display terminal the terminal no monitor command restores to the default value Command mode Admin Mode Usage guide Configures whether the current debugging messages is displayed on this termi...

Page 83: ... remote host to configure When a switch is applied as a Telnet client it can only establish one TCP connection with the remote host To connect to another remote host the current TCP connection must be disconnected with a hotkey CTRL To telnet a host name mapping relationship between the host name and the IP IPv6 address should be previously configured For required commands please refer to ip host ...

Page 84: ...e administrator can use this command to enable or disable the Telnet client to login to the switch Example Disable the Telnet server function in the switch Switch config no telnet server enable 1 2 18 telnet server max connection Command telnet server max connection max connection number default Function Configure the max connection number supported by the Telnet service of the switch Parameters m...

Page 85: ... authentication retries authentication retries no ssh server authentication retries Function Configure the number of times for retrying SSH authentication the no ssh server authentication retries command restores the default number of times for retrying SSH authentication Parameter authentication retries is the number of times for retrying authentication valid range is 1 to 10 Command mode Global ...

Page 86: ...nable command disables SSH function Command mode Global Mode Default SSH function is disabled by default Usage Guide In order that the SSH client can log on the switch the users need to configure the SSH user and enable SSH function on the switch Example Enable SSH function on the switch Switch config ssh server enable 1 2 21 ssh server host key create rsa Command ssh server host key create rsa mo...

Page 87: ...l the time Because it takes quite a long time to compute the new key and some clients are not compatible with the key generated by the modulus 2048 it is recommended to use the key which is generated by the default modulus 1024 Example Generate new host key Switch config ssh server host key create rsa 1 2 22 ssh server max connection Command ssh server max connection max connection number default ...

Page 88: ...out value for SSH authentication the no ssh server timeout command restores the default timeout value for SSH authentication Parameter timeout is timeout value valid range is 10 to 600 seconds Command mode Global Mode Default SSH authentication timeout is 180 seconds by default Usage Guide This command is used to set SSH authentication timeout the default timeout is 180 seconds Example Set SSH aut...

Page 89: ...s which log on currently Command mode Admin Mode Example Switch show ssh server ssh server is enabled ssh server timeout 180s ssh server authentication retries 3 ssh server max connection number 6 ssh server login user number 2 1 2 26 show telnet login Command show telnet login Function Display the information of the Telnet client which currently establishes a Telnet connection with the switch ...

Page 90: ...gh telnet or ssh It includes line number user name and user IP Command mode Admin Mode Usage Guide When inputting this command show the user information who logs in through telnet or ssh It includes line number user name and user IP Because 16 telnet users and 16 ssh users are supported at most currently vty0 15 are used for telnet and 16 31 are used for ssh Example Switch show users Line User Loc...

Page 91: ...t user a login from 192 168 1 20 1 3 Commands for Configuring Switch IP 1 3 1 interface vlan Command interface vlan vlan id no interface vlan vlan id Function Enter the VLAN interface configuration mode the no operation of this command will delete the existing VLAN interface Parameters vlan id is the VLAN ID of an existing VLAN ranging from 1 to 4094 Command Mode Global Configuration Mode ...

Page 92: ... ip address mask secondary command deletes the specified IP address setting Parameter ip address is the IP address in dot decimal format mask is the subnet mask in dot decimal format secondary indicates the IP configured is a secondary IP address Default No IP address is configured upon switch shipment Command mode VLAN Interface Mode Usage Guide A VLAN interface must be created first before the u...

Page 93: ...s Command Mode Interface Configuration Mode Default None Usage Guide The prefix of an IPV6 address should not be a multicast address or other kinds of IPV6 addresses with specific usage Different layer three VLAN interfaces are forbidden to share a same address prefix As for any global unicast address the prefix should be limited in the range from 2001 to 3fff with a length no shorter than 3 And t...

Page 94: ...P client function is disabled by default Command mode VLAN Interface Mode Usage Guide Obtaining IP address through BootP Manual configuration and DHCP are mutually exclusive enabling any two methods for obtaining IP address is not allowed Note To obtain IP address via BootP a DHCP server or a BootP server is required in the network Example Get IP address through BootP Switch config interface vlan ...

Page 95: ...obtained in DHCP Note To obtain IP address via DHCP a DHCP server is required in the network Default the DHCP client function is disabled by default Command mode VLAN Interface Mode Usage Guide Obtaining IP address by DHCP Manual configuration and BootP are mutually exclusive enabling any 2 methods for obtaining an IP address is not allowed Example Getting an IP address through DHCP Switch config ...

Page 96: ...ying SNMP the SNMP debugging is available to locate the problem causes Example Switch debug snmp mib 1 4 2 debug snmp kernel Command debug snmp kernel no debug snmp kernel Function Enable the SNMP kernel debugging the no debug snmp kernel command disables the debugging function Command Mode Admin Mode Usage Guide When user encounters problems in applying SNMP the SNMP debugging is available to loc...

Page 97: ...lt RMON is enabled by default Example Enable RMON Switch config rmon enable Disable RMON Switch config no rmon enable 1 4 4 show private mib oid Command show private mib oid Function Show the original oid of the private mib Command mode Admin and configuration mode Usage Guide Check the beginning oid of the private mib by show private mib oid command ...

Page 98: ...e Example Switch show snmp 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get request PDUs 0 Get next PDUs 0 Set request PDUs 0 SNMP packets output 0 Too big errors Max packet size 1500 0 No such name errors 0 Bad values errors 0 General errors ...

Page 99: ...packets received by get requests get next PDUs Number of packets received by getnext requests set request PDUs Number of packets received by set requests snmp packets output Total number of SNMP packet outputs too big errors Number of Too_ big error SNMP packets maximum packet size Maximum length of SNMP packets no such name errors Number of packets requesting for non existent MIB objects bad valu...

Page 100: ...lay the group information commands Command Mode Admin and Configuration Mode Example Switch show snmp group Group Name initial Security Level noAuthnoPriv Read View one Write View no writeview specified Notify View one Displayed Information Explanation Group Name Group name Security level Security level Read View Read view name Write View Write view name Notify View Notify view name no writeview s...

Page 101: ...nd Configuration Mode Example Switch show snmp status Trap enable RMON enable Community Information V1 V2c Trap Host Information V3 Trap Host Information Security IP Information Displayed information Description Community string Community string Community access Community access permission Trap rec address IP address which is used to receive Trap Trap enable Enable or disable to send Trap Security...

Page 102: ...ne ID 1234567890 Auth Protocol MD5 Priv Protocol DES CBC Row status active Displayed Information Explanation User name User name Engine ID Engine ID Priv Protocol Employed encryption algorithm Auth Protocol Employed identification algorithm Row status User state 1 4 11 show snmp view Command show snmp view Function Display the view information commands Command Mode Admin and Configuration Mode ...

Page 103: ...red community string Parameter string is the configured community string If key option is set as 0 the specified community string is not encrypted if key option is set as 7 the specified community string is encrypted ro rw is the specified access mode to MIB ro for read only and rw for read write num std is the access class number for standard numeric ACL ranging between 1 99 name is the access cl...

Page 104: ...config no snmp server community 0 private Bind the read only community string public to readable view pviewr Switch config snmp server community ro 0 public read pviewr Bind the read write community string private to readable view pviewr and writable view pvieww Switch config snmp server community rw 0 private read pviewr write pvieww 1 4 13 snmp server enable Command snmp server enable no snmp se...

Page 105: ... no snmp server enable traps command disables the switch to send Trap message Command mode Global Mode Default Forbid to send Trap message Usage Guide When Trap message is enabled if Down Up in device ports or of system occurs the device will send Trap messages to NMS that receives Trap messages Example Enable to send Trap messages Switch config snmp server enable traps Disable to send Trap messag...

Page 106: ...e Set current engine ID to A66688999F Switch config snmp server engineid A66688999F Restore the default engine ID Switch config no snmp server engineid 1 4 16 snmp server group Command snmp server group group string NoauthNopriv AuthNopriv AuthPriv read read string write write string notify notify string access num std name ipv6 access ipv6 num std ipv6 name no snmp server group group string Noaut...

Page 107: ...er for standard numeric IPv6 ACL ranging between 500 599 name is the access class name for standard IPv6 ACL the character string length is ranging between 1 32 Usage Guide There is a default view v1defaultviewname in the system It is recommended to use this view as the view name of the notification If the read or write view name is empty corresponding operation will be disabled Example Create a g...

Page 108: ...rypted and authentication encrypted and authentication user string is the community character string applied when sending the Trap message at v1 v2 and will be the user name at v3 Usage Guide The Community character string configured in this command is the default community string of the RMON event group If the RMON event group has no community character string configured the community character s...

Page 109: ...etween NMS administration station IPv4 or IPv6 address and security IPv4 or IPv6 address configured by the command so it send SNMP packet could be processed by switch the command only applies to SNMP Allows configuration the IPv4 or IPv6 address of the network manage station receiving the SNMP Trap message but the IP addresses are less than 20 in all Example Configure security IP address of NMS ma...

Page 110: ...ration Parameter ipv4 address IPv4 address is used to send trap packet in dotted decimal notation ipv6 address IPv6 address is used to send trap packet in colon hexadecimal Command Mode Global Mode Usage Guide If there is no configuration select the source address according to the interface address sent by actual trap packet when configure the IP address adopt the configured source address as the ...

Page 111: ...ontaining 8 32 character num std is the access class number for standard numeric ACL ranging between 1 99 name is the access class name for standard ACL the character string length is ranging between 1 32 ipv6 num std is the access class number for standard numeric IPv6 ACL ranging between 500 599 name is the access class name for standard IPv6 ACL the character string length is ranging between 1 ...

Page 112: ...string is OID number or corresponding node name containing 1 255 characters include exclude include exclude this OID Usage Guide The command supports not only the input using the character string of the variable OID as parameter But also supports the input using the node name of the parameter Example Create a view the name is readview including iso node but not including the iso 3 node Switch conf...

Page 113: ...v6address hostname filename amongst username is the FTP user name password is the FTP user password ipaddress ipv6address is the IPv4 or IPv6 address of the FTP server client hostname is the name of the host mapping with the IPv6 address it does not support the file download and upload with hosts mapping with IPv4 addresses filename is the name of the FTP upload download file Special keywords of t...

Page 114: ...1 1 1 FTP server username is Switch password is superuser Switch copy nos img ftp Switch superuser 10 1 1 1 nos img 2 Obtain system file nos img from the FTP server 10 1 1 1 the username is Switch password is superuser Switch copy ftp Switch superuser 10 1 1 1 nos img nos img 3 Save images in the FLASH to the FTP server of 2004 1 2 3 6 Switch copy nos img ftp username password 2004 1 2 3 6 nos img...

Page 115: ...ddress is the IPv4 or IPv6 address of the TFTP server client hostname is the name of the host mapping with the IPv6 address it does not support the file download and upload with hosts mapping with IPv4 addresses filename is the name of the TFTP upload download file Special keyword of the filename Keywords Source or destination addresses running config Running configuration files startup config It ...

Page 116: ... nos img 5 Save the running configuration files Switch copy running config startup config Relevant Command write 1 5 3 ftp dir Command ftp dir ftp server url Function Browse the file list on the FTP server Parameter The form of ftp server url is ftp username password ipv4address ipv6address amongst username is the FTP user name password is the FTP user password ipv4address ipv6address is the IPv4 ...

Page 117: ... Global Mode Usage Guide When FTP server function is enabled the switch can still perform ftp client functions FTP server is not started by default Example Enable FTP server service Switch config Switch config ftp server enable Relative command ip ftp 1 5 5 ftp server timeout Command ftp server timeout seconds Function Set data connection idle time Parameter seconds is the idle time threshold in s...

Page 118: ...ssword no ip ftp username username Function Configure the username and password for logging in to the FTP the no operation of this command will delete the configured username and password simultaneously Parameters username is the username of the FTP link its range should not exceed 32 characters password is the password of the FTP link if input option 0 on password setting the password is not encr...

Page 119: ...r Switch config 1 5 7 show ftp Command show ftp Function Display the parameter settings for the FTP server Command mode Admin and Configuration Mode Default Do not display Example Switch show ftp Timeout 600 Displayed information Description Timeout Timeout time 1 5 8 show tftp Command show tftp Function Display the parameter settings for the TFTP server ...

Page 120: ...ission times 1 5 9 tftp server enable Command tftp server enable no tftp server enable Function Start TFTP server the no ftp server enable command shuts down TFTP server and prevents TFTP user from logging in Default Disable TFTP Server Command mode Global Mode Usage Guide When TFTP server function is enabled the switch can still perform TFTP client functions TFTP server is not started by default ...

Page 121: ...smission number Command tftp server retransmission number number Function Set the retransmission time for TFTP server Parameter number is the time to re transfer the valid range is 1 to 20 Default Retransmit 5 times Command mode Global Mode Example Modify the retransmission to 10 times Switch config Switch config tftp server retransmission number 10 ...

Page 122: ...the transmission timeout value for TFTP server Parameter seconds is the timeout value the valid range is 5 to 3600s Default The system default timeout setting is 600 seconds Command mode Global Mode Example Modify the timeout value to 60 seconds Switch config Switch config tftp server transmission timeout 60 ...

Page 123: ...gth ranges from 1 to 80 Command Mode Admin Mode Default Settings The default working directory is Flash Usage Guide After this command implemented the current storage device will switch to the new working directory which can be viewed by the pwd command Example Change the working directory of the current storage device to flash Switch cd flash Switch pwd flash Switch 2 2 copy Command copy source f...

Page 124: ...e Default Settings None Usage Guide 1 In this command when the prefix of the source file URL is ftp or tftp that of the destination file URL should not be either of them 2 To use this command the designated source file should exist and the destination file should not be named the same as any existing directory or file otherwise there might be a prompt warning about a failed copy operation or an at...

Page 125: ...ed Command Mode Admin Mode Default Settings None Usage Guide The designated file will be deleted after implementing this command Example Delete file flash nos img Switch delete flash nos5 img Delete file flash nos5 img Y N y Deleted file flash nos img 2 4 dir Command dir WORD Function Display the information of the designated directory on the storage device ...

Page 126: ...mmand will display information of files and sub directories in the designated directory Note This command does not support a recursive display of all sub directories Example Display information of the directory flash Switch dir flash nos img 2 449 496 1980 01 01 00 01 06 startup config 2 064 1980 01 01 00 30 12 Total 7 932 928 byte s in 4 file s free 4 966 400 byte s Switch 2 5 format Command form...

Page 127: ...y Function Create a sub directory in the designated directory on a certain storage device Parameters directory is the sub directory name a sequence of consecutive characters whose length ranges from 1 to 80 Command Mode Admin Mode Default Settings None Usage Guide The new created directory should not be named the same as any other directory or file in the designated directory or located on a flash...

Page 128: ...current working directory Switch pwd flash Switch 2 8 rename Command rename source file url new filename Function Rename a designated file on the switch Parameters source file url is the source file in which whether specifying or not its path are both acceptable new filename is a filename without specifying its path Command Mode Admin Mode Default Settings None ...

Page 129: ... 11 0 img Rename flash nos5 img to flash nos 6 1 11 0 img ok 2 9 rmdir Command rmdir directory Function Delete a sub directory in the designated directory on a certain device Parameters directory is the sub directory name a sequence of consecutive characters whose length ranges from 1 to 80 Command Mode Admin Mode Default Settings None Usage Guide The directory to be deleted should exist and be em...

Page 130: ... and other switches Default No parameter means to clear information of all switches Command Mode Admin Mode Usage Guide After executing this command the information of this node will be deleted from the chain list saved on commander switch In 30 seconds the commander will recreate a cluster topology and re add this node But after being read the candidate id of the switch might change The command c...

Page 131: ...ded to the cluster Usage Guide After enabling this command on a commander switch candidate switches will be automatically added as members Example Enable the auto adding function in the commander switch Switch config cluster auto add 3 3 cluster commander Command cluster commander cluster name no cluster commander Function Set the switch as a commander switch and create a cluster Parameter cluster...

Page 132: ...uster commander ip is the head address of the address pool of which the valid format is 10 x x x in dotted decimal notation the address pool should be big enough to hold 128 members which requires the last byte of addresses to be less than 126 254 128 126 IP address pool should never be changed with commander configured The change can only be done after the no cluster commander command being execu...

Page 133: ...nder switch the value of the parameter will be distributed to all member switches via the TCP connections between the commander and members After executing it on a non commander switch the configuration value will be saved but not used until the switch becomes a commander Before that its keepalive interval is the one distributed by its commander Commander will send DP messages within the cluster o...

Page 134: ... until the switch becomes a commander Before that its loss count value is the one distributed by its commander commander calculates the loss count after sending each DP message by adding 1 to the loss count of each switch and clearing that of a switch after receiving a DR message from the latter When a loss count reaches the configured value 3 by default without receiving any DR message the comman...

Page 135: ...comes a member Members added this way will be actually treated as those added in mac addr mode with all config files in mac addr mode If more than one switch is added as member simultaneously no member id is allowed neither when using nodes sn mode Default None Command Mode Global Mode Usage Guide After executing this command the switch will add those identified in nodes sn or mac address into the...

Page 136: ...nd on a switch to change automatically added members to manually added ones Example change automatically added members to manually added ones Switch config cluster member auto to user 3 9 cluster reset member Command cluster reset member id member id mac address mac addr Function In the commander switch this command can be used to reset the member switch Parameter member id ranging from 1 to 128 U...

Page 137: ...ommander switch reset the member switch 1 Switch cluster reset member 1 3 10 cluster run Command cluster run key WORD vid VID no cluster run Function Enable cluster function the no cluster run command disables cluster function Parameter key all keys in one cluster should be the same no longer than 16 characters vid vlan id of the cluster whose range is 1 4094 Command mode Global Mode Default Clust...

Page 138: ...8 Use hyphen or semicolon to specify more than one member src url the location of source files to be copied dst filename the specified filename for saving the file in the switch flash scii means that the file transmission follows ASCII standard binary means that the file transmission follows binary standard which is de default mode when src url is a FTP address its form will be ftp username passwo...

Page 139: ... the member id being 1 src ul being ftp switch switch 192 168 1 1 nos img and dst url being nos img Switch cluster update member 1 ftp switch switch 192 168 1 1 nos img nos img 3 12 debug cluster Command debug cluster statemachine application tcp no debug cluster statemachine application tcp Function Enable the application debug of cluster the no operation of this command will disable that Paramet...

Page 140: ... debug the no command disables the debug Parameters DP discovery messages DR responsive messages CP command messages receive receive messages send send messages Default None Command Mode Admin Mode Usage Guide Enable the debug of cluster messages After enabling classification all DP DR and CP messages sent or received in the cluster will be printed Example Enable the debug of receiving DP messages...

Page 141: ...tches in a commander Switch show cluster Status Enabled Cluster VLAN 1 Role commander IP pool 10 254 254 1 Cluster name MIS_zebra Keepalive interval 30 Keepalive loss count 3 Auto add Disabled Number of Members 0 Number of Candidates 3 in a member Switch show cluster Status Enabled Cluster VLAN 1 Role Member Commander Ip Address 10 254 254 1 Internal Ip Address 10 254 254 2 Commander Mac Address 0...

Page 142: ...member id member id of the switch mac addr the CPU mac addresses of member switches Default No parameters means to display information of all member switches Command Mode Admin and Configuration Mode Usage Guide Executing this command on a commander switch will display the configuration information of all cluster member switches Example Execute this command on a commander switch to display the con...

Page 143: ... Admin and Configuration Mode Usage Guide Executing this command on the switch will display the information of the candidate member switches Example Display configuration information of all cluster candidate switches Switch show cluster candidates Cluster Candidates SN Mac Description Hostname xxx xx xx xx xx xx xx xxxxxxxxxxxxxxxxxxxxxx24 xxxxxxxxxxxxxxxxxxxxxx24 1 00 01 02 03 04 06 WGSW 52040 2 ...

Page 144: ...SS Upstream Upstream leaf local port remote port node x xxx xxxxxxxxxx12 xxxxxxxxxx12 xx xx xx xx xx xx xx xxxxxxxxxx12 xxxxxxxxxx12 x 1 1 SGS 6340 LAB_SWITCH_1 CM 01 02 03 04 05 01 root root 2 SGS 6340 LAB_SWITCH_2 M 01 02 03 04 05 02 eth 1 1 eth 1 2 N 3 SGS 6340 LAB_SWITCH_3 CA 01 02 03 04 05 03 eth 1 1 eth 1 3 Y 4 SGS 6340 LAB_SWITCH_4 CA 01 02 03 04 05 04 eth 1 1 eth 1 4 Y 2 2 SGS 6340 LAB_SWI...

Page 145: ...1 1 Upstream node 01 02 03 04 05 01 Upstream remote port eth 1 2 Upstream speed 100full Switch Switch show cluster topology mac address 01 02 03 04 05 02 Topology role Member Member status Active member user config SN 2 MAC Address 01 02 03 04 05 02 Description SGS 6340 Hostname LAB_SWITCH_2 Upstream local port eth 1 1 Upstream node 01 02 03 04 05 01 Upstream remote port eth 1 2 Upstream speed 100...

Page 146: ...ommander switch This command can only be executed on member switches Example In the member switch enter the configuration interface of the commander switch Switch rcommand commander 3 19 rcommand member Command rcommand member mem id Function In the commander switch this command is used to remotely manage the member switches in the cluster Parameter mem id commander the member id allocated by comm...

Page 147: ... Commands for Network Port Configuration 4 1 Commands for Ethernet Port Configuration 4 1 1 bandwidth Command bandwidth control bandwidth transmit receive both no bandwidth control Function Enable the bandwidth limit function on the port the no command disables this function Parameter bandwidth is the bandwidth limit which is shown in kbps ranging between 1 1000000K both refers to the bandwidth li...

Page 148: ...is 50 the bandwidth will be modified as 64K Example Set the bandwidth limit of 1 1 8 port is 40000K Switch config interface ethernet 1 1 8 Switch Config If Port Range bandwidth control 40000 both 4 1 2 clear counters interface Command clear counters interface ethernet interface list vlan vlan id port channel port channel number interface name Function Clears the statistics of the specified port Pa...

Page 149: ...f 1 1 2 ports which is used by financial department engineering as the name of 1 9 ports which belongs to the engineering department while the name of 1 12 ports is assigned with Server which is because they connected to the server In this way the port distribution state will be brought to the table Example Specify the description of 1 1 2 port as financial Switch config interface ethernet 1 1 2 S...

Page 150: ...revent drastic degradation of network performance Note Port flow control function is not recommended unless the users need a slow speed low performance network with low packet loss Flow control will not work between different cards in the switch When enable the port flow control function speed and duplex mode of both ends should be the same Example Enabling the flow control function in ports 1 1 8...

Page 151: ...test on an Ethernet port Command mode Port Mode Default Loopback test is disabled in Ethernet port by default Usage Guide Loopback test can be used to verify the Ethernet ports are working normally After loopback has been enabled the port will assume a connection established to itself and all traffic sent from the port will be received at the very same port Example Enabling loopback test in Ethern...

Page 152: ...y default Usage Guide Auto identification is recommended Generally straight through cable is used for switch PC connection and crossover cable is used for switch switch connection Example Setting the cable type support of Ethernet ports 1 1 8 to straight through cable only Switch config interface ethernet 1 1 8 Switch Config If Port Range mdi normal 4 1 8 media type Command media type copper coppe...

Page 153: ...bo port in which Note 1 Combo port is a conception involving the physical layer and the LLC sublayer of the datalink layer The status of a combo port will not affect any operation in the MAC sublayer of the datalink layer and upper layers If the bandwidth limit for a combo port is 1Mbps then this 1Mbps applies to the active port of this combo port regardless of the port type being copper or fiber ...

Page 154: ...use speed duplex command instead Example Port 21 of Switch1 is connected to port 21 of Switch2 the following will disable the negotiation for both ports Switch1 config interface ethernet1 21 Switch1 Config If Ethernet1 21 negotiation off Switch2 config interface ethernet1 21 Switch2 Config If Ethernet1 21 negotiation off 4 1 10 port rate statistics interval Command port rate statistics interval in...

Page 155: ... Mode Global Mode Default Poll mode Usage Guide There are two modes that can respond up down event of the port The interrupt mode means that interrupt hardware to announce the up down change the poll mode means that software poll can obtain the port event the first mode is rapid If using poll mode the convergence time of MRPP is several hundred milliseconds if using interrupt mode the convergence ...

Page 156: ...e max packet reception rate of the port the unit is packets s 0 86400 the restoration time interval after the port shutdown the unit is s recovery means this port can restore to be UP after some time 0 86400 means the reception timeout of the port for example when the packet reception rate of a port exceeds the restriction the port will be shutdown After the timeout of user s configuration is past...

Page 157: ...ts port channel number is the number of the aggregation interface interface name is the name of the interface such as port channel1 detail show the detail of the port Command Mode Admin and Configuration Mode Default Information not displayed by default Usage Guide While for vlan interfaces the port MAC address IP address and the statistic state of the data packet will be shown As for Ethernet por...

Page 158: ...dress is 00 00 00 00 00 01 MTU is 1500 bytes BW is 0 Kbit Encapsulation ARPA loopback not set 5 minute input rate 0 bytes sec 0 packets sec 5 minute output rate 0 bytes sec 0 packets sec The last 5 second input rate 0 bytes sec 0 packets sec The last 5 second output rate 0 bytes sec 0 packets sec Input packets statistics Input queue 0 600 0 drops 0 packets input 0 bytes 0 no buffer 0 input errors ...

Page 159: ...kets 0 output errors 0 collisions 0 late collisions 0 pause frame Show the important information of all layer 2 ports Switch show interface ethernet status Codes A Down administratively down a auto f force G Gigabit Interface Link Protocol Speed Duplex Vlan Type Alias Name 1 1 UP UP f 100M f full 1 G TX 1 2 UP UP a 100M a full trunk G TX 1 3 UP DOWN auto auto 1 G TX 1 4 A Down DOWN auto auto 1 G T...

Page 160: ...1 4 5m 0 0 0 0 5s 0 0 0 0 4 1 14 shutdown Command shutdown no shutdown Function Shuts down the specified Ethernet port the no command opens the port Command mode Port Mode Default Ethernet port is open by default Usage Guide When Ethernet port is shut down no data frames are sent in the port and the port status displayed when the user types the show interface command is down Example Opening ports ...

Page 161: ...e type of 100Base FX module auto detected automatic detection no phy integrated there is no phy integratd 100Base FX module phy integrated phy integratd 100Base FX module force1g half is the forced 1000Mbps speed at half duplex mode force1g full is the forced 1000Mbps speed at full duplex mode nonegotiate disables auto negotiation forcibly for 1000Mb port master forces the 1000Mb port to be master...

Page 162: ...broadcast to limit broadcast traffic Kbits means the number of packets allowed to pass per second the ranging from 1 to 1000000 PPS means number of the allowing packets per second the range is 1 to 1488095 Command mode Port Mode Default No limit is set by default So broadcasts multicasts and unknown destination unicasts are allowed to pass at line speed Usage Guide All ports in the switch belong t...

Page 163: ... error will be displayed how many meters it is away from the port Parameter interface list Port ID Command Mode Admin Mode Default Settings No link test Usage Guide The RJ 45 port connected with the twisted pair under test should be in accordance with the wiring sequence rules of IEEE802 3 or the wire pairs in the test result may not be the actual ones On a 100M port only two pairs are used 1 2 an...

Page 164: ...witch virtual cable test interface ethernet 1 25 Interface Ethernet1 25 Cable pairs Cable status Error length meters 1 2 open 5 3 6 open 5 4 5 open 5 7 8 short 5 4 1 18 switchport discard packet Command switchport discard packet all untag no switchport discard packet all untag Function Configure the port not to receive any packet or untag the no command cancel the restriction of discard it means t...

Page 165: ... is not suggested to be configured only if there is the special requirement Example Configure the port of 1 8 not to receive all packets Switch config interface ethernet 1 8 Switch config if ethernet1 8 switchport discard packet all ...

Page 166: ...fault None Usage Guide Users can create different port isolation groups based on their requirements For example if a user wants to isolate all downlink ports in a vlan of a switch he can implement that by creating a port isolation group and adding all downlink ports of the vlan into it No more than 16 port isolation groups can a switch have When the users need to change or redo the configuration o...

Page 167: ...ould not be added into an aggregation group But one port can be a member of one or more port isolation groups Parameters WORD is the name identification of the group no longer than 32 characters If there is no such group with the specified name create one ethernet means that the ports to be isolated is Ethernet ones followed by a list of Ethernet ports supporting symbols like and For example ether...

Page 168: ...cters no parameter means to display the configuration of all port isolation groups Command Mode Admin Mode and Global Mode Default Display the configuration of all port isolation groups Usage Guide Users can view the configuration of port isolation with this command Example Display the port isolation configuration of the port isolation group named as test Switch config show isolate port group test...

Page 169: ...ameters None Command Mode Admin Mode Default Disabled by default Usage Guide Display the message sending receiving and state changes with this command Example Switch debug loopback detection Jan 01 03 29 18 2006 Send loopback detection probe packet dev Ethernet1 10 vlan id 1 Jan 01 03 29 18 2006 Send loopback detection probe packet dev Ethernet1 10 vlan id 2 6 2 loopback detection control Command ...

Page 170: ...k the port will not recovery the state of be controlled after enabling control operation on the port If the overtime is configured the ports will recovery normal state when the overtime is time out If the control method is block the corresponding relationship between instance and vlan id should be set manually by users it should be noticed when be used Example Enable the function of loopback detec...

Page 171: ...me is a useful time for shutdown control mode because the port can keep on detection loopback in the other modes so suggest not to use this command Examples Enable automatic recovery of the loopback detection control mode after 30s Switch config loopback detection control recovery timeout 30 6 4 loopback detection interval time Command loopback detection interval time loopback no loopback no loopb...

Page 172: ...cked the no operation of this command will disable the function of detecting loopbacks through this port or the specified VLAN Parameters vlan list the list of VLANs allowed passing through the port Given the situation of a trunk port the specified VLANs can be checked So this command is used to set the vlan list to be checked Default Disable the function of detecting the loopbacks through the por...

Page 173: ... list Function Display the state of loopback detection on all ports if no parameter is provided or the state and result of the specified ports according to the parameters Parameters interface list the list of ports to be displayed for example ethernet 1 1 Command Mode Admin and Configuration Mode Usage Guide Display the state and result of loopback detection on ports with this command Example Disp...

Page 174: ...no command disables the debugging Parameters hello packet s type is hello it s announcement packet including common announcement packet RSY and Flush packet probe packet s type is probe it s detection packet echo packet s type is echo it means response of detection packet unidir packet s type is unidir it s announcement packet that discover the single link all All ULDP packets Command mode Admin m...

Page 175: ...bled Usage Guide Use this command to display the error message Example Display the error message Switch debug uldp error 7 3 debug uldp event Command debug uldp event no debug uldp event Function Enable the message debug function to display the event the no form command disables this function Parameter None Command Mode Admin Mode Default Disabled ...

Page 176: ...enable debugging information for ULDP for the specified interface The no form of this command will disable the debugging information Parameters IFname is the interface name Command Mode Admin Configuration Mode Default Disabled by default Usage Guide This command can be used to display the information about state transitions of the specified interfaces Example Print the information about state tra...

Page 177: ...name Name of the interface Command Mode Admin Mode Default Disabled Usage Guide Use this command to display the Hello packet details receiving on the interface Ethernet 1 1 Switch debug uldp hello receive interface Ethernet 1 1 7 6 debug uldp packet Command debug uldp packet receive send no debug uldp packet receive send Function Enable receives and sends packet debug function after that Display t...

Page 178: ...e Parameters None Command Mode Global Configuration Mode and Port Configuration Mode Default Normal mode Usage Guide The ULDP working mode can be configured only if it is enabled globally When ULDP aggressive mode is enabled globally all the existing fiber ports will work in aggressive mode For the copper ports and fiber ports which are available after the configuration is available aggressive mod...

Page 179: ...default ULDP is not configured Usage Guide ULDP can be configured for the ports only if ULDP is enabled globally If ULDP is enabled globally it will be effect for all the existing fiber ports For copper ports and fiber ports which are available after ULDP is enabled this command should be issued in the port configuration mode to make ULDP be effect Example Enable ULDP in global configuration mode ...

Page 180: ... uldp hello interval integer no uldp hello interval Function To configure the interval for ULDP to send hello messages The no form of this command will restore the default interval for the hello messages Parameters integer The interval for the Hello messages with its value limited between 5 and 100 seconds 10 seconds by default Command Mode Global Configuration Mode Default 10 seconds by default U...

Page 181: ... configure ULDP to work in manual shutdown mode The no command will restore the automatic mode Parameters None Command Mode Global Configuration Mode Default Auto mode Usage Guide This command can be issued only if ULDP has been enabled globally Example To enable manual shutdown globally Switch config uldp manual shutdown 7 12 uldp recovery time Command uldp recovery time integer no uldp recovery ...

Page 182: ...y default which means the recovery is disabled Usage Guide If an interface is shutdown by ULDP and the recovery timer times out the interface will be reset automatically If the recovery timer is set to 0 the interface will not be reset Example To set the recovery timer to be 600 seconds Switch config uldp recovery time 600 7 13 uldp reset Command uldp reset Function To reset the port when ULDP is ...

Page 183: ...e If interface name is specified ULDP configuration and status about the specified interface as well as its neighbors will be displayed Parameters interface name is the interface name Command Mode Admin and Configuration Mode Default None Usage Guide If no parameters are appended the global ULDP information will be displayed If the interface name is specified information about the interface and it...

Page 184: ...tries Command Mode Port Configuration Mode Usage Guide Clear the Remote table entries on this port Example Clear the Remote table entries on this port Switch Config If Ethernet 1 1 clear lldp remote table 8 2 debug lldp Command debug lldp no debug lldp Function Enable the debug information of LLDP function the no operation of this command will disable the debug information of LLDP function ...

Page 185: ...debug switch of LLDP function on the switch Switch debug lldp 8 3 debug lldp packets Command debug lldp packets interface ethernet IFNAME no debug lldp packets interface ethernet IFNAME Function Display the message receiving and message sending information of LLDP on the port the no operation of this command will disable the debug information switch Parameters None Default Disable the debug inform...

Page 186: ...nterface ethernet 1 1 Jan 01 00 02 40 2006 LLDP PDU TX PORT ethernet 1 1 8 4 lldp enable Command lldp enable lldp disable Function Globally enable LLDP function disable command globally disables LLDP function Parameters None Default Disable LLDP function Command Mode Global Mode Usage Guide If LLDP function is globally enabled it will be enabled on every port Example Enable LLDP function on the sw...

Page 187: ...figuration mode Command Mode Port Configuration Mode Usage Guide When LLDP is globally enabled it will be enabled on every port the switch on a port is used to disable this function when it is unnecessary on the port Example Disable LLDP function of port on the port ethernet 1 5 of the switch Switch config in ethernet 1 5 Switch Config If Ethernet1 5 lldp disable 8 6 lldp mode Command lldp mode se...

Page 188: ...ration Mode Usage Guide Choose the operating state of the lldp Agent on the port Example Configure the state of port ethernet 1 5 of the switch as receive Switch config in ethernet 1 5 Switch Config If Ethernet1 5 lldp mode receive 8 7 lldp msgTxHold Command lldp msgTxHold value no lldp msgTxHold Function Set the multiplier value of the aging time carried by update messages sent by the all ports w...

Page 189: ...ors max num value no lldp neighbors max num Function Set the maximum number of entries can be stored in Remote MIB Parameters value is the configured number of entries ranging from 5 to 500 Default The maximum number of entries can be stored in Remote MIB is 100 Command Mode Port Configuration Mode Usage Guide The maximum number of entries can be stored in Remote MIB Example Set the Remote as 200 ...

Page 190: ...terval is 5 seconds Command Mode Global Mode Usage Guide After configuring the notification time interval a trap message will be sent at the end of this time interval whenever the Remote Table changes Example Set the time interval of sending Trap messages as 20 seconds Switch config lldp notification interval 20 8 10 lldp tooManyNeighbors Command lldp tooManyNeighbors discard delete Function Set w...

Page 191: ...nsmit delay seconds no lldp transmit delay Function Since local information might change frequently because of the variability of the network environment there could be many update messages sent in a short time So a delay is required to guarantee an accurate statistics of local information When transmit delay is the default value and tx interval is configured via some commands transmit delay will ...

Page 192: ...port sysName the system name sysDesc The description of the system sysCap the capability of the system Default The messages carry no optional TLV by default Command Mode Port Configuration Mode Usage Guide When configuring the optional TLV each TLV can only appear once in a message portDesc optional TLV represents the name of local port sysName optional TLV represents the name of local system sysD...

Page 193: ...ction of sending Trap messages is enabled on the port Example Enable the Trap function on port ethernet 1 5 of the switch Switch config in ethernet1 5 Switch Config If Ethernet1 5 lldp trap enable 8 14 lldp tx interval Command lldp tx interval integer no lldp tx interval Function Set the interval of sending update messages on all the ports with LLDP function enabled the value of which ranges from ...

Page 194: ...ue of the aging time of messages is the product of the multiplier and the interval of sending messages The maximum aging time is 65535 seconds When tx interval is the default value and transmit delay is configured via some commands tx interval will become four times of the latter instead of the default 40 Example Set the interval of sending messages as 40 seconds Switch config lldp tx interval 40 ...

Page 195: ...mand show lldp Function Display the configuration information of global LLDP such as the list of all the ports with LLDP enabled the interval of sending update messages the configuration of aging time the interval needed by the sending module to wait for re initialization the interval of sending TRAP the limitation of the number of the entries in the Remote Table Parameters None Default Do not dis...

Page 196: ...ration information of LLDP on the port such as the working state of LLDP Agent Parameters IFNAME Interface name Default Do not display the configuration information of LLDP on the port Command Mode Admin Mode Global Mode Usage Guide Users can check the configuration information of LLDP on the port by using show lldp interface ethernet XXX Example Check the configuration information of LLDP on the ...

Page 197: ...rs None Default Do not display the LLDP neighbor information of the port Command Mode Admin Mode Global Mode Usage Guide Users can check the LLDP neighbor information of the port by using show lldp neighbors interface ethernet XXX Example Check the LLDP neighbor information of the port after LLDP is enabled on the port Switch config show lldp neighbors interface ethernet 1 1 8 19 show lldp traffic...

Page 198: ...uide Users can check the statistics of LLDP data packets by using show lldp traffic Example Check the statistics of LLDP data packets after LLDP is enabled on the switch Switch config show lldp traffic PortName Ageouts FramesDiscarded FramesInErrors FramesIn FramesOut TLVsDiscarded TLVsUnrecognized Ethernet1 1 0 0 0 0 7 0 0 ...

Page 199: ...g information event debug event information fsm debug the state machine packet debug LACP packet information timer debug the timer information Command mode Admin mode Default Disable the debugging of port channel Usage Guide Open the debug switch to check the debug information of port channel Example 1 debug the state machine for port group 1 Switch debug port channel 1 fsm 2 debug LACP packet inf...

Page 200: ...h restoration will be performed only once if an aggregated group is ungrouped and aggregated again the initial user configuration will not be restored If it is configuration for modules such as shutdown configuration then the configuration to current port will apply to all member ports in the corresponding port group Example Entering configuration mode for port channel 1 Switch config interface po...

Page 201: ... priority Command lacp system priority system priority no lacp system priority Function Set the system priority of LACP protocol Parameters system priority The system priority of LACP protocol ranging from 0 to 65535 Command mode Global Mode Default The default priority is 32768 Usage Guide Use this command to modify the system priority of LACP protocol the no command restores the default value Ex...

Page 202: ... mode as short in LACP protocol Switch Config If Ethernet1 1 lacp timeout short 9 6 load balance Command load balance src mac dst mac dst src mac src ip dst ip dst src ip Function Set load balance mode for port group Parameter src mac performs load balance according to the source MAC dst mac performs load balance according to the destination MAC dst src mac performs load balance according to the s...

Page 203: ...erent with the current load balance mode of port group then modify the load balance of port group as the specific load balance of command line otherwise return a message to notice that the current mode is already configured Example Set load balance mode of port group Switch config interface port channel 1 Switch Config If Port Channel1 load balance src mac 9 7 port group Command port group port gr...

Page 204: ...not belong to a port channel by default LACP not enabled by default Usage Guide If the specified port group does not exist then print a error message All ports in a port group must be added in the same mode i e all ports use the mode used by the first port added Adding a port in on mode is a forced action which means the local end switch port aggregation does not rely on the information of the oth...

Page 205: ...ot exist then print a error message otherwise display the current port channel information of the specified group number Example 1 Display summary information for port group 1 Switch show port group brief ID port group number Mode port group mode such as on active or passive Ports different types of port number of a port group the first is selected ports number the second is standby ports number a...

Page 206: ...t1 8 Selected 32768 1 ACDEF Ethernet1 20 Unselected 32768 1 ACG Ethernet1 23 Standby 32768 1 AC Remote Actor Partner Priority Oper Key SystemID Flag Ethernet1 1 1 32768 1 0x8000 00 30 4f 01 02 04 CDEF Ethernet1 2 2 32768 1 0x8000 00 30 4f 01 02 04 CDEF Ethernet1 3 3 32768 1 0x8000 00 30 4f 01 02 04 CDEF Ethernet1 4 4 32768 1 0x8000 00 30 4f 01 02 04 CDEF Ethernet1 5 5 32768 1 0x8000 00 30 4f 01 02...

Page 207: ...e the MTU value of frames that can be received in byte ranging from 1500 16000 The corresponding frame size is 1518 1522 16018 16022 Without setting is parameter the allowed max frame size is 16018 16022 Default MTU function not enabled by default Command Mode Global Mode Usage Guide Set switch of both ends mtu necessarily or mtu frame will be dropped at the switch has not be set Example Enable th...

Page 208: ...c information Command Mode Admin mode Default N A Usage Guide N A Example Clear the statistic information of OAM packets and link event on all ports Switch config clear ethernet oam 11 2 debug ethernet oam error Command debug ethernet oam error interface ethernet IFNAME no debug ethernet oam error interface ethernet IFNAME Function Enable the debugging of OAM error information no command disables ...

Page 209: ...ry Transmit interface ethernet IFNAME no debug ethernet oam fsm all Discovery Transmit interface ethernet IFNAME Function Enable the debugging of OAM state machine no command disables it Parameters IFNAME name of the port that the debugging will be enabled or disabled Command Mode Admin mode Default Disable Usage Guide N A Example Enable the debugging of Discovery state machine for ethernet1 1 Swi...

Page 210: ...min mode Default Disable Usage Guide N A Example Enable the debugging of packets received or sent for ethernet1 1 Switch debug ethernet oam packet detail all interface ethernet1 1 11 5 debug ethernet oam timer Command debug ethernet oam timer all pdu_timer local_lost_link_timer interface ethernet IFNAME no debug ethernet oam timer all pdu_timer local_lost_link_timer interface ethernet IFNAME Funct...

Page 211: ... 1 Switch debug ethernet oam timer all interface ethernet1 1 11 6 ethernet oam Command ethernet oam no ethernet oam Function Enable ethernet oam of ports no command disables ethernet oam of ports Parameters None Command Mode Port mode Default Disable Usage Guide N A Example Enable ethernet oam of Ethernet 1 4 Switch config interface ethernet 1 4 ...

Page 212: ...od serious link event is induced if the number of errored frame is larger than or equal to the high threshold and the device notifies the peer by sending Information OAMPDU of which the value of Link Fault flag in Flags field is 1 Note that the high threshold can not be less than the low threshold Example Configure the high threshold of errored frame event on Ethernet 1 4 to be 3000 Switch Config ...

Page 213: ...e low threshold can not be larger than the high threshold Example Configure the low threshold of errored frame event on Ethernet 1 4 to 100 Switch Config If Ethernet1 4 ethernet oam errored frame threshold low 100 11 9 ethernet oam errored frame window Command ethernet oam errored frame window seconds no ethernet oam errored frame window Function Configure the detection period of errored frame eve...

Page 214: ...the high threshold of errored frame period event no command restores the default value Parameters high frames the high detection threshold of errored frame period event ranging from 2 to 4294967295 none cancel the high threshold configuration Command Mode Port mode Default none Usage Guide During the specific detection period serious link event is induced if the number of errored frame is larger t...

Page 215: ...er of errored frame is larger than or equal to the low threshold and the device notifies the peer by event notification OAMPDU Note that the low threshold should not be larger than the high threshold Example Configure the low threshold of errored frame period event on port 1 4 to be 100 Switch Config If Ethernet1 4 ethernet oam errored frame period threshold low 100 11 12 ethernet oam errored fram...

Page 216: ...the detection period is the number of seconds in window of the configuration Example Configure the detection period of errored frame period event on port 1 4 to be 10s Switch Config If Ethernet1 4 ethernet oam errored frame period window 50 11 13 ethernet oam errored frame seconds threshold high Command ethernet oam errored frame seconds threshold high high seconds none no ethernet oam errored fra...

Page 217: ...me seconds threshold low low seconds no ethernet oam errored frame seconds threshold low Function Configure the low threshold of errored frame seconds event no command restores the default value Parameters low seconds the low detection threshold of errored frame seconds event ranging from 1 to 65535 seconds Command Mode Port mode Default 1 Usage Guide During the specific detection period errored f...

Page 218: ... port after the time of specific detection period If the number of errored frame seconds is larger than or equal to the threshold corresponding event is induced and the device notified the peer through OAMPDU Example Configure the detection period of errored frame seconds event on port 1 4 to be 120s Switch Config If Ethernet1 4 ethernet oam errored frame seconds window 600 11 16 ethernet oam erro...

Page 219: ...s 1 Note that the high threshold should not be less than the low threshold Example Set the high threshold of errored symbol event on port 1 4 to none Switch Config If Ethernet1 4 ethernet oam errored symbol period threshold high none 11 17 ethernet oam errored symbol period threshold low Command ethernet oam errored symbol period threshold low low symbols no ethernet oam errored symbol period thre...

Page 220: ...hernet oam errored symbol period window seconds no ethernet oam errored symbol period window Function Configure the detection period of errored symbol event no command restores the default value Parameters seconds is the time for counting the specified frame number its range from 5 to 300 unit is 200ms Command Mode Port mode Default 5 Usage Guide Detect errored symbols of the port after the time o...

Page 221: ...nabled when enabling OAM function of the port When OAM link monitor is disabled although local link error is not monitored Event information OAMPDU from the peer is still normally received and processed Example Enable the link monitor of port 1 4 Switch Config If Ethernet1 4 ethernet oam link monitor 11 20 ethernet oam mode Command ethernet oam mode active passive no ethernet oam mode Function Con...

Page 222: ...the mode of OAM function on ethernet 1 4 to passive mode Switch Config If Ethernet1 4 ethernet oam mode passive 11 21 ethernet oam period Command ethernet oam period seconds no ethernet oam mode Function Configure the transmission period of Information OAMPDU no command restores the default value Parameters seconds sending period ranging from 1 to 2 seconds Command Mode Port mode Default 1s Usage ...

Page 223: ...Port mode Default Enable Usage Guide With remote failure indication is enabled if critical event or link fault event is occurred locally it will notify the peer by sending Information OAMPDU log the fault information and send SNMP trap warning When the remote failure indication is disabled although local critical event or link fault event is not monitored failure indication information from the pe...

Page 224: ...timeout Example Set the timeout of OAM connection for ethernet 1 4 to be 6 seconds Switch Config If Ethernet1 4 ethernet oam timeout 6 11 24 show ethernet oam Command show ethernet oam local remote interface ethernet IFNAME Function Show Ethernet OAM connection of specified or all ports Parameters Overview information of all Ethernet OAM connections will be shown if no parameters is input local sh...

Page 225: ...30 4f28 020a active L R Field Description Interface port with Ethernet OAM enabled Local Mode Working mode of the local port OAM Local Capability Functions are supported by local port OAM L Link Monitor R Remote Loopback U Unidirection V Variable Retrieval Remote MAC Addr MAC address of the peer Remote Mode OAM working mode of the peer Remote Capability Functions are supported by OAM of the peer L...

Page 226: ...al _mode Working mode of Ethernet OAM active the port is set as active mode passive the port is set as passive mode Period Transmission period of packets Timeout Timeout of connection local_pdu The way in which the local end processes Ethernet OAMPDUs RX_INFO the port only receives Information OAMPDUs and does not send any Ethernet OAMPDUs LF_INFO the port only sends Information OAMPDU packets wit...

Page 227: ...ot Link Fault Whether occur a Link Fault event 0 for no and 1 for yes Dying Gasp Whether occur a Dying Gasp event 0 for no and 1 for yes Critical Event Whether occur a Critical Event 0 for no and 1 for yes Max_OAMPDU_Size The maximum length of OAMPDU is supported OAMPDU Show the number of the OAMPDU packets sent and received which is the sum of three kinds of packets Information Show the number of...

Page 228: ...CARD the port only sends OAMPDU packets and discards others local_par_action Working mode of the local receiver in the following FWD receiving any packets is allowed DISCARD only OAMPDU packets is received while others are discarded LB OAM remote loopback is enabled on the port In this case all the packets except OAMPDU packets received are returned to their sources along the ways they come Loopba...

Page 229: ...c information of OAM link events for all ports will be shown if this parameter is not specified Command Mode Admin mode Default N A Usage Guide N A Example Show the statistic information of link events on Ethernet 1 1 Switch show ethernet oam events local interface 1 1 ethernet1 1 link events OAM_local_errored symbol period events event time stamp 3539 errored symbol window 200ms 5 errored symbol ...

Page 230: ...event 0 Field Description OAM_local_errored symbol period events Statistic information of the local errored symbol events OAM_local_errored frame period events Statistic information of the local errored frame period events OAM_local_errored frame events Statistic information of the local errored frame events OAM_local_errored frame seconds summary events Statistic information of the local errored ...

Page 231: ...ncluding detection period and threshold of the events and so on Parameters IFNAME the port that the statistic information of OAM link events needs to be shown the statistic information of OAM link events for all ports will be shown if this parameter is not specified Command Mode Admin mode Default N A Usage Guide N A Example Show configuration of link events on ethernet 1 1 Switch show ethernet oa...

Page 232: ...or PORT SECURITY 12 1 clear port security Command clear port security all configured dynamic sticky address mac addr interface interface id vlan vlan id Function Clear the secure MAC entries for the interfaces Parameter all All secure MAC entries on the interfaces configured The configured secure MAC dynamic The dynamic secure MAC learnt by the interface sticky The secure MAC of sticky mac addr Th...

Page 233: ...ss vlan Function Show port security configuration Parameter interface id Show port security configuration of the interface address Show the secure address of the interface vlan Show the maximum number of each VLAN configured on trunk hybrid interface Default None Command Mode Any modes Usage Guide None Example Show all secure MACs on the interfaces Switch show port security address interface ether...

Page 234: ... the interfaces are tagged with FDB_TYPE_PORT_SECURITY_DYNAMIC After disabling port security of the interfaces clear all secure MACs or change them into the dynamic MACs Example Enable port security on the interface Switch config if ethernet1 1 switchport port security 12 4 switchport port security aging Command switchport port security aging static time value type absolute inactivity no switchpor...

Page 235: ...lt Do not enable port security aging the default aging time is 0 Aging mode is absolute by default The static entries are not aged by default Command Mode Port mode Usage Guide None Example Configure the aging time of the secure MAC as 1 second on the interface Switch config if ethernet1 1 switchport port security aging time 1 12 5 switchport port security mac address Command switchport port secur...

Page 236: ...dress vlan vlan id no switchport port security mac address sticky mac address vlan vlan id Function Configure the static secure MAC with the sticky type on the interface the no command cancels the configured secure MAC Parameter mac address Configure the specified MAC address as the static secure MAC with the sticky type vlan id The specified VLAN of the MAC address it only takes effect on trunk a...

Page 237: ...nfigure the maximum number of the secure MAC allowed by the interface its range between 1 and 128 It is determined by the maximum MAC number of the device vlan id Configure the maximum value for the specified VLAN it only takes effect on trunk and hybrid interfaces Default After enabling port security if there is no other configuration the maximum number of the secure MAC is 1 on the interface The...

Page 238: ...C address Parameter protect Protect mode it will trigger the action that do not learn the new MAC drop the package and do not send the warning restrict Restrict mode it will trigger the action that do not learn the new MAC drop the package send snmp trap and record the configuration in syslog shutdown Shutdown mode is the default mode Under this condition the interface is disabled directly send sn...

Page 239: ...rface ethernet interface list The interface list that the threshold violation of the transceiver monitoring needs to be cleared Command Mode Admin mode Default None Usage Guide None Example Clear he threshold violation of the transceiver monitoring on port 21 25 26 28 Switch clear transceiver threshold violation interface ethernet 1 21 25 26 28 13 2 debug transceiver Command debug transceiver on o...

Page 240: ...Parameter interface ethernet interface list The interface list that the monitoring of the transceiver needs to be shown detail Show the detailed monitoring of the transceiver Command Mode User mode admin mode and global mode Default None Usage Guide Temperature can be accurate to the integer other values can be accurate to the second bit after the radix point When the parameter exceeds the warning...

Page 241: ...ter interface ethernet interface list The interface list that the transceiver monitoring needs to be shown Command Mode Admin mode and global mode Default None Usage Guide None Example Show the transceiver monitoring Switch config show transceiver threshold violation interface ethernet 1 21 22 Ethernet 1 21 transceiver threshold violation information Transceiver monitor is enabled Monitor interval...

Page 242: ...rnet 1 22 transceiver threshold violation information Transceiver monitor is disabled Monitor interval is set to 30 minutes The last threshold violation doesn t exist 13 5 transceiver monitoring Command transceiver monitoring enable disable Function Enable disable the transceiver monitoring Parameter enable disable Enable or disable the function Command Mode Port mode Default Disable Usage Guide N...

Page 243: ...rameter minutes The interval of the transceiver monitoring needs to be set Command Mode Global mode Default 15 minutes Usage Guide None Example Set the interval of the transceiver monitoring as 1 minute Switch config transceiver monitoring interval 1 13 7 transceiver threshold Command transceiver threshold default temperature voltage bias rx power tx power high alarm low alarm high warn low warn v...

Page 244: ...g with W if exceeding the threshold low warn Low warn of the monitoring index namely there is warning with W if exceeding the threshold Command Mode Port mode Default The threshold is set by the manufacturer Usage Guide The range of the threshold parameters is shown for each monitoring index in the following Temperature 128 00 128 00 Voltage 0 00 7 00 V Bias current 0 00 140 00 mA x power 50 00 9 ...

Page 245: ...ch endpointDev Set device type to be LLDP MED Endpoint country code Set country code which consist of 2 letters such as DE or US it should accord the country code of ISO 3166 standard Default No location with Civic Address LCI format is configured on the port Command Mode Port mode Usage Guide Configure device type and country code of the location with Civic Address LCI format and enter Civic Addr...

Page 246: ...anta clara street street such as 1301 Shoreway Road locationNum house number such as 9 location name and occupant of a location such as Carrillo s Holiday Market floor floor number such as 13 room room number such as 1308 postal postal zip code such as 10027 1234 otherInfo Additional location information such as South Wing address detailed address information it cannot exceed 250 characters Defaul...

Page 247: ... ECS ELIN format is configured Command Mode Port mode Usage Guide Length range of the location character string between 10 and 25 with ECS ELIN format Example Configure the location of ECS ELIN format on port 19 Switch Config If Ethernet1 19 ecs location 880 445 3381 14 4 lldp med fast count Command lldp med fast count value no lldp med fast count Function When the fast LLDP MED startup mechanism ...

Page 248: ...onfig lldp med fast count 5 14 5 lldp med trap Command lldp med trap enable disable Function Configure the specified port to enable or disable the function for sending TRAP message when LLDP MED network topology is changed Parameters enable Enable LLDP MED TRAP for the port disable Disable LLDP MED TRAP for the port Default Disable LLDP MED TRAP Command Mode Port mode Usage Guide Enable or disable...

Page 249: ...on Parameter None Default Port does not enable the function for Sending LLDP MED TLV Command Mode Port mode Usage Guide After configuring this command if the port is able to send LLDP MED TLV the sent LLDP packets with LLDP MED TLV supported by all switches However LLDP packets sent by the port without any LLDP MED TLV after the switch configured the corresponding no command Example Port 19 enable...

Page 250: ...ty TLV However LLDP packets sent by the port without LLDP MED Capability TLV after the switch configured the corresponding no command Note LLDP MED Capability TLV is the important LLDP MED TLV if do not configure the port to send LLDP MED Capability TLV firstly other LLDP MED TLV will not be sent Example Port 19 enables the function for sending LLDP MED Capability TLV Switch Config If Ethernet1 19...

Page 251: ...ot support PoE or PoE function of the port is disabled although configuring this command LLDP MED Extended Power Via MDI TLV will not be sent Example Port 19 enables the function for sending LLDP MED Extended Power Via MDI TLV Switch Config If Ethernet1 19 lldp transmit med tlv extendPoe 14 9 lldp transmit med tlv inventory Command lldp transmit med tlv inventory no lldp transmit med tlv inventory...

Page 252: ...ansmit med tlv inventory 14 10 lldp transmit med tlv networkPolicy Command lldp transmit med tlv networkPolicy no lldp transmit med tlv networkPolicy Function Configure the specified port to send LLDP MED Network Policy TLV The no command disables the capability Parameter None Default The function is disabled for sending LLDP MED Network Policy TLV Command Mode Port mode Usage Guide After configur...

Page 253: ...licy of the specified application type is unknown the fields such as VLAN ID L2 priority and DSCP are ignored network connection device will not send TLV of the specified application type tag Configure the specified application to uses tagged or untagged VLAN method tagged Configure the flow of the specified application to use the tagged vlan method here the fields such as VLAN ID Layer2 priority ...

Page 254: ...olicy for a port it will send multi LLDP MED network policy TLV to a LLDP packet If user does not configure any network policy no LLDP MED network policy TLV is sent to LLDP packet Example Configure the network policy with the application type of voice on port 19 Switch Config If Ethernet1 19 network policy voice tag tagged vid 2 cos 6 dscp 23 14 12 show lldp Command show lldp Function Show the gl...

Page 255: ...nterval 5 LLDP txDelay 1 LLDP MED FastStart Repeat Count 4 END 14 13 show lldp interface ethernet IFNAME Command show lldp interface ethernet IFNAME Function Show LLDP and LLDP MED configurations on the current port Parameter interface ethernet IFNAME Port name Command Mode Admin mode Default None Usage Guide None Example Show LLDP and LLDP MED configuration of the port 19 Switch show lldp interfa...

Page 256: ...it Status Disable MED Fast Transmit Status Disable 14 14 show lldp neighbors Command show lldp neighbors interface ethernet IFNAME Function Show LLDP and LLDP MED information of the neighbors for the port Parameter None Default None Command Mode Admin mode Usage Guide With this command checking LLDP and LLDP MED information of the neighbors after the port received LLDP packets sent by the neighbor...

Page 257: ...7 39 53 2011 SoftWare Version 6 2 30 0 BootRom Version 4 0 1 HardWare Version Device serial number Copyright C 2001 2011 by Vendor All rights reserved Chapter 15 Commands for bpdu tunnel 15 1 bpdu tunnel dmac Command bpdu tunnel dmac mac no bpdu tunnel dmac Function Configure the tunnel MAC address globally the no command restores the default tunnel MAC address Parameter mac MAC address Command Mo...

Page 258: ...nnel stp Command bpdu tunnel stp no bpdu tunnel stp Function Configure the specified port to forward stp packets across the tunnel the no command cancels the operation Parameter None Command Mode Port mode Default Port does not forward any protocol packets across the tunnel Usage Guide Disable stp function on the port before configuring this command Example Configure Ethernet 4 5 to forward stp pa...

Page 259: ... protocol packets across the tunnel Usage Guide Disable gvrp function on the port before configuring this command Example Configure Ethernet 4 5 to forward gvrp packets across the tunnel Switch Config in ethernet 4 5 Switch Config if ethernet 4 5 bpdu tunnel gvrp 15 4 bpdu tunnel uldp Command bpdu tunnel uldp no bpdu tunnel uldp Function Configure the specified port to forward uldp packets across ...

Page 260: ...el Switch Config in ethernet 4 5 Switch Config if ethernet 4 5 bpdu tunnel uldp 15 5 bpdu tunnel lacp Command bpdu tunnel lacp no bpdu tunnel lacp Function Configure the specified port to forward lacp packets across the tunnel the no command cancels the operation Parameter None Command Mode Port mode Default Port does not forward any protocol packets across the tunnel Usage Guide Disable lacp func...

Page 261: ...gure the specified port to forward dot1x packets across the tunnel the no command cancels the operation Parameter None Command Mode Port mode Default Port does not forward any protocol packets across the tunnel Usage Guide Disable dot1x function on the port before configuring this command Example Configure Ethernet 4 5 to forward dot1x packets across the tunnel Switch Config in ethernet 4 5 Switch...

Page 262: ...t configure EEE energy saving function for the appointed port There is not the EEE energy saving function on port as default After configuring the port to enable EEE energy saving function the port will enter the energy saving state if stop to send packets to the port the state of port is down When sending packets to the port the mode will changed from power saving mode to normal mode Example Enab...

Page 263: ...sfer of state machine and the expiration of timer Parameters ethernet physical port port channel aggregate port IFNAME port name Command Mode Admin mode Default GVRP event debugging is disabled Usage Guide Use this command to enable GVRP event debugging Example Show GVRP event debugging Switch config debug gvrp event interface ethernet 1 1 Jan 16 02 25 14 2006 GVRP EVENT LO VO interface ethernet 1...

Page 264: ...cket ethernet physical port port channel aggregate port IFNAME port name Command Mode Admin mode Default GVRP packet debugging is disabled Usage Guide Use this command to enable the debugging of GVRP packet Example Show information of sending and receiving GVRP packet Switch config debug gvrp packet receive interface ethernet 1 1 Receive packet smac 00 21 27 aa 0f 46 dmac 01 80 C2 00 00 21 length ...

Page 265: ...0 and the VLAN ID is the VLAN ID the port belongs to Data packets with double tags will be forwarded according to MAC address and external tag till the external tag is removed when transmitted outside from the access port Since the length of the data packet may be over sized when packed with external tag it is recommended to use this command associating the Jumbo function Normally this command is ...

Page 266: ...tes with hybrid mode and it should not be used with dot1q tunnel enable synchronously Example Enable dot1q tunnel selective enable of port1 Switch config Switch config interface ethernet 1 1 Switch Config If Ethernet1 1 dot1q tunnel selective enable 17 1 5 dot1q tunnel selective s vlan Command dot1q tunnel selective s vlan s vlan c vlan c vid list no dot1q tunnel selective s vlan s vlan c vlan c v...

Page 267: ... port If it is a single value it can be configured more than one Example Packets of VLAN 100 through VLAN 200 are tagged with the tag of VLAN 1000 as the outer VLAN tag on Ethernet1 1 Switch config Switch config interface ethernet 1 1 Switch Config If Ethernet1 1 dot1q tunnel selective s vlan 1000 c vlan 100 200 Switch Config If Ethernet1 1 dot1q tunnel selective enable Switch Config If Ethernet1 ...

Page 268: ... port enable qinq function at least Example Set the switch TPID to be 0x9100 Switch config dot1q tunnel tpid 0x9100 Switch config 17 1 7 garp timer join Command garp timer join 200 500 Function Set the value of garp join timer note that the value of join timer must be less than half leave timer Parameters 200 500 the value of timer in millisecond Command Mode Global mode Default 200 ms Usage Guide...

Page 269: ...lt 600 ms Usage Guide Check whether the value satisfy the range If so modify the value of garp timer to the specified value otherwise return a configuration error Example Set the value of garp leave timer as 600ms Switch config garp timer leave 600 17 1 9 garp timer leaveAll Command garp timer leaveall 5000 60000 Function Set the value of garp leaveAll timer note that the value of leaveAll timer m...

Page 270: ...ration error Example Set the value of garp leaveAll as 20000ms Switch config garp timer leaveall 20000 17 1 10 gvrp Global Command gvrp no gvrp Function Enable disable GVRP function globally Parameters None Command Mode Global mode Default Disabled Usage Guide Enable GVRP function globally and only in this way GVRP module can work normally Example Enable GVRP function globally Switch config gvrp ...

Page 271: ...ode Default Disabled Usage Guide GVRP function can only be enabled on trunk and hybrid ports and enabling GVRP will return an error on access port After GVRP enabled on port this port will be added to GVRP i e adding corresponding state machine to GVRP of the port Example Enable GVRP of port Switch config if ethernet1 1 gvrp 17 1 12 no garp timer Command no garp timer join leave leaveall Function ...

Page 272: ...leave leaveAll timer to the default value otherwise return a configuration error Example Restore garp timer to the default value Switch config no garp timer leaveall 17 1 13 name Command name vlan name no name Function Specify a name a descriptive string for the VLAN the no operation of the command will delete the name of the VLAN Parameters vlan name is the specified name string Command Mode VLAN...

Page 273: ...Isolated VLAN and Community VLAN Ports in Primary there are three Private VLANs Primary VLAN Isolated VLAN and Community VLAN can communicate with ports of Isolated VLAN and Community VLAN related to this Primary VLAN Ports in Isolated VLAN are isolated between each other and only communicate with ports in Primary VLAN they related to ports in Community VLAN can communicate both with each other an...

Page 274: ...s from vlan 300 Switch Config Vlan300 exit 17 1 15 private vlan association Command private vlan association secondary vlan list no private vlan association Function Set Private VLAN association the no command cancels Private VLAN association Parameter secondary vlan list Sets Secondary VLAN list which is associated to Primary VLAN There are two types of Secondary VLAN Isolated VLAN and Community ...

Page 275: ...d VLAN200 and Community VLAN300 to Primary VLAN100 Switch Config Vlan100 private vlan association 200 300 17 1 16 show dot1q tunnel Command show dot1q tunnel Function Display the information of all the ports at dot1q tunnel state Parameter None Command Mode Admin and Configuration Mode Usage Guide This command is used for displaying the information of the ports at dot1q tunnel state Example Displa...

Page 276: ...e Admin mode Default 200 600 10000 milliseconds for join leave leaveAll timer respectively Usage Guide Show the corresponding value of the timer specified in the command Example Show the value of all garp timers currently Switch show garp timer join Garp join timer s value is 200 ms 17 1 18 show gvrp fsm information Command show gvrp fsm information interface ethernet port channel IFNAME Function ...

Page 277: ... 1 VA Very anxious Active member AA Anxious Active member QA Quiet Active member VP Very anxious Passive member AP Anxious Passive member QP Quiet Passive member VO Very anxious Observer AO Anxious Observer QO Quiet Observer LA Leaving Acitve member LO leaving Observer Interface ethernet 1 1 gvrp fsm information Index VLANID Applicant Registrar 1 100 VO LV 2 300 VP IN 17 1 19 show gvrp leaveAll fs...

Page 278: ...rt Switch show gvrp leaveall fsm information interface ethernet 1 1 Interface leaveAll fsm Ethernet1 1 passive 17 1 20 show gvrp leavetimer running information Command show gvrp leavetimer running information vlan 1 4094 interface Ethernet port channel IFNAME Function Show running of all leavetimer on current port Parameters 1 4094 VLAN tag Ethernet physical port port channel aggregate port IFNAME...

Page 279: ...g information interface ethernet 1 1 VLANID running state expired time 100 UP 0 2 s 300 DOWN non 17 1 21 show gvrp port member Command show gvrp active port member Function Shows all ports with GVRP enabled active means the port is in active state with GVRP enabled Parameters active means the port is in active state Command Mode Admin mode Default GVRP is disabled on port Usage Guide Show all port...

Page 280: ...d show gvrp port dynamic static registered vlan interface Ethernet port channel IFNAME Function Show the dynamic or static registration VLANs on current port Parameters dynamic dynamic registration static static registration Ethernet physical port port channel aggregate port IFNAME port name Command Mode Admin mode Default No dynamic or static registration VLANs on port Usage Guide Show the corres...

Page 281: ...lan200 17 1 23 show gvrp timer running information Command show gvrp timer join leaveall running information interface ethernet port channel IFNAME Function Show running of all join leaveAll timer on current port Parameters join join timer leaveall leaveAll timer ethernet physical port port channel aggregate port IFNAME port name Command Mode Admin mode Default Join timer is disabled and leaveAll ...

Page 282: ...w gvrp vlan registerd port Command show gvrp vlan 1 4094 registered port Function Show the ports with specified VLAN registered Parameters 1 4094 VLAN tag Command Mode Admin mode Default No ports with specified VLAN registered Usage Guide None Example Show all ports with current VLAN registered Switch show gvrp vlan 100 registered port Ethernet1 3 T Ethernet1 4 T Ethernet1 5 T Ethernet1 6 T Ethern...

Page 283: ...ation valid length is 1 to 11 characters Command mode Admin Mode and Configuration Mode Usage Guide If no vlan id or vlan name is specified then information for all VLANs in the switch will be displayed Example Display the status for the current VLAN display statistics for the current VLAN Switch show vlan VLAN Name Type Media Ports 1 default Static ENET Ethernet1 1 Ethernet1 2 Ethernet1 3 Etherne...

Page 284: ...ow vlan translation Function Display the information of all the ports at VLAN translation state Parameter None Command Mode Admin and Configuration Mode Usage Guide Display the information of all the ports at VLAN translation state Example Display current VLAN translation state information Switch show vlan translation Interface Ethernet1 1 vlan translation is enable Interface Ethernet1 2 vlan tran...

Page 285: ...alid range is 1 to 4094 Command mode Port Mode Default All ports belong to VLAN1 by default Usage Guide Only ports in Access mode can join specified VLANs and an Access port can only join one VLAN at a time Example Add some Access port to VLAN100 Switch config interface ethernet 1 8 Switch Config If Ethernet1 8 switchport mode access Switch Config If Ethernet1 8 switchport access vlan 100 Switch C...

Page 286: ...lanList is empty Usage Guide Tag the corresponding position for forbidden vlanList and clear allow vlanList flags in ports A port leaves these VLANs if it joins them statically and it sends message to GVRP module to enable corresponding registered machine of the port to enter forbidden mode Example Port quits the corresponding VLAN and the corresponding registered machine of GVRP to enter forbidde...

Page 287: ...ntag mode by setting allowed vlan set VLAN to untag mode the frame sent via hybrid port without VLAN tag set VLAN to tag mode the frame sent via hybrid port with corresponding VLAN tag The same VLAN can not be allowed with tag and untag mode by a Hybrid port at the same time If configure the tag or untag allowed VLAN to untag or tag allowed VLAN the last configuration will cover the previous Examp...

Page 288: ... hybrid Switch Config If Ethernet1 5 switchport hybrid native vlan 100 Switch Config If Ethernet1 5 exit 17 1 31 switchport interface Command switchport interface ethernet portchannel interface name interface list no switchport interface ethernet portchannel interface name interface list Function Specify Ethernet port to VLAN the no command deletes one or one set of ports from the specified VLAN P...

Page 289: ...ulti VLANs to pass with tag or untag mode Command mode Port Mode Default The port is in Access mode by default Usage Guide Ports in trunk mode is called Trunk ports Trunk ports can allow traffic of multiple VLANs to pass through VLAN in different switches can be interconnected with the Trunk ports Ports under access mode are called Access ports An access port can be assigned to one and only one VL...

Page 290: ...rnet1 8 switchport mode access Switch Config If Ethernet1 8 exit Switch config interface ethernet 1 10 Switch Config If Ethernet1 10 switchport mode hybrid Switch Config If Ethernet1 10 exit 17 1 33 switchport mode trunk allow null Command switchport mode trunk allow null Function Add a port as trunk mode When enabling GVRP the mode that adds the ports with trunk mode to all VLANs is not appropria...

Page 291: ... keyword all all VIDs the range from 1 to 4094 add add assigned VIDs behind allow vlan except all VID add to allow vlan except assigned VIDs remove delete assigned allow vlan from allow vlan list Command mode Port Mode Default Trunk port allows all VLAN traffic by default Usage Guide The user can use this command to set the VLAN traffic allowed to passthrough the Trunk port traffic of VLANs not in...

Page 292: ...k port is 1 Usage Guide PVID concept is defined in 802 1Q PVID in Trunk port is used to tag untagged frames When an untagged frame enters a Trunk port the port will tag the untagged frame with the native PVID set with this commands for VLAN forwarding Example Set the native VLAN for a Trunk port to 100 Switch config interface ethernet 1 5 Switch Config If Ethernet1 5 switchport mode trunk Switch C...

Page 293: ...ge Guide VLAN1 is the default VLAN and cannot be configured or deleted by the user The maximal VLAN number is 4094 It should be noted that dynamic VLANs learnt by GVRP cannot be deleted by this command Example Create VLAN100 and enter the configuration mode for VLAN 100 Switch config vlan 100 Switch Config Vlan100 17 1 37 vlan internal Command vlan 2 4094 internal Function Specify the internal VLA...

Page 294: ...nternal 17 1 38 vlan ingress enable Command vlan ingress enable no vlan ingress enable Function Enable the VLAN ingress filtering for a port the no vlan ingress enable command disables the ingress filtering Command mode Global Mode Default Enable VLAN ingress filtering function Usage Guide After VLAN ingress filtering is enabled on the port when the system receives data it will check source port f...

Page 295: ...ge Guide The command is for configuring the translation relation of the VLAN translation function The data packets will be matched according to the configured translation relations and its VLAN ID will be changed to the one in the configured item once matched while forward the packets of the original VLAN if not match This command can not be used with dot1q tunnel enable at the same time Example M...

Page 296: ...ion and dot1q tunnel are mutually exclusive it is recommended to enable vlan translation on trunk port and manually disable port filtering Example Enable VLAN translation function on port1 Switch config Switch config interface ethernet 1 1 Switch Config If Ethernet1 1 vlan translation enable 17 2 Commands for Multi to One VLAN Translation 17 2 1 vlan translation n to 1 Command vlan translation n t...

Page 297: ...nlink port of this function and the uplink port for connecting backbone network which must be join in the original and the translated VLAN with tagged mode This function should not be used with dot1q tunnel and VLAN translation at the same time Note Multi to One VLAN translation should be enabled after MAC learning Example On Ethernet 1 1 translate the data traffic from VLAN with the range between...

Page 298: ...tion Usage Guide When it is Example Show all port configurations with Multi to One VLAN translation function Switch show vlan translation n to 1 Interface Ethernet1 1 vlan translation n to 1 enable vlan 1 4 to 100 vlan translation n to 1 enable vlan 5 8 13 to 101 Interface Ethernet1 2 vlan translation n to 1 enable vlan 1 4 to 100 17 3 Commands for Dynamic VLAN Configuration 17 3 1 dynamic vlan ma...

Page 299: ...ase use this command Example Set the MAC based VLAN preferred Switch config Switch config dynamic vlan mac vlan prefer 17 3 2 dynamic vlan subnet vlan prefer Command dynamic vlan subnet vlan prefer Function Set the IP subnet based VLAN preferred Parameter None Command Mode Global Mode Default MAC based VLAN is preferred by default Usage Guide Configure the preference of dynamic vlan on switch The ...

Page 300: ...iority id is the level of priority and is used in the VLAN tag with a valid range of 0 7 all refers to all the MAC addresses Command Mode Global Mode Default No MAC address joins the VLAN by default Usage Guide With this command user can add specified MAC address to specified VLAN If there is a non VLAN label data packet enters from the switch port from the specified MAC address it will be assigne...

Page 301: ... Mode Global Mode Default No MAC VLAN is configured by default Usage Guide Set specified VLAN for MAC VLAN Example Set VLAN100 to MAC VLAN Switch config Switch config mac vlan vlan 100 17 3 5 protocol vlan Command protocol vlan etype etype id vlan vlan id no protocol vlan etype etype id vlan vlan id all Function Add the correspondence between the protocol and the VLAN namely specify the protocol t...

Page 302: ...ed with specified VLAN ID and enter the specified VLAN No matter which port the packets go through their belonging VLAN is the same The command will not interfere with VLAN labeled data packets It is recommended to configure ARP protocol together with the IP protocol or else some application may be affected Example Assign the IP protocol data packet encapsulated by the EthernetII to VLAN200 Switch...

Page 303: ...nction Display the configuration of MAC based VLAN on the switch Parameter None Command Mode Admin Mode and other configuration Mode Usage Guide Display the configuration of MAC based VLAN on the switch Example Display the configuration of the current MAC based VLAN Switch show mac vlan MAC Address VLAN_ID Priority 00 11 22 77 ab 9d 2 2 00 11 22 26 8d f3 2 2 00 11 22 11 22 33 5 5 ...

Page 304: ...he bracket indicate the ports mode A means Access port T means Trunk port H means Hybrid port Example Display the ports of enabling MAC based VLAN currently Switch show mac vlan interface Ethernet1 1 A Ethernet1 2 A Ethernet1 3 A Ethernet1 4 A Ethernet1 5 H Ethernet1 6 T 17 3 9 show protocol vlan Command show protocol vlan Function Display the configuration of Protocol based VLAN on the switch Par...

Page 305: ...0 show subnet vlan Command show subnet vlan Function Display the configuration of the IP subnet based VLAN on the switch Parameter None Command Mode Admin Mode and other Configuration Mode Usage Guide Display the configuration of the IP subnet based VLAN on the switch Example Display the configuration of the current IP subnet based VLAN Switch show subnet vlan IP Address Mask VLAN_ID 192 168 1 165...

Page 306: ...erface Ethernet1 1 A Ethernet1 2 A Ethernet1 3 A Ethernet1 4 A Ethernet1 5 H Ethernet1 6 T 17 3 12 subnet vlan Command subnet vlan ip address ipv4 addrss mask subnet mask vlan vlan id priority priority id no subnet vlan ip address ipv4 addrss mask subnet mask all Function Add a correspondence between the IP subnet and the VLAN namely add specified IP subnet into specified VLAN the no form of this ...

Page 307: ...AN These packets will always come to the same VLAN no matter through which port did they enter This command will not interfere with VLAN labeled data packets Example Add the network equipment with IP subnet of 192 168 1 0 24 to VLAN 300 Switch config Switch config subnet vlan ip address 192 168 1 1 mask 255 255 255 0 vlan 300 priority 0 17 3 13 switchport mac vlan enable Command switchport mac vla...

Page 308: ...itchport subnet vlan enable Function Enable the IP subnet based VLAN on the port the no form of this command disables the IP subnet based VLAN function on the port Parameter None Command Mode Port Mode Default The IP subnet based VLAN is enabled on the port by default Usage Guide After adding the IP subnet to specified VLAN the IP subnet based VLAN function will be globally enabled This command ca...

Page 309: ...Usage Guide Display Voice VLAN Configuration Example Display the Current Voice VLAN Configuration Switch show voice vlan Voice VLAN ID 2 Ports ethernet1 1 ethernet1 3 Voice name MAC Address Mask Priority financePhone 00 11 22 77 ab 9d 0xff 5 manager 00 22 33 26 8d f3 0xfe 6 Mr_Lee 00 33 44 11 22 33 0x80 5 NULL 00 44 55 11 22 33 0x0 5 17 4 2 switchport voice vlan enable Command switchport voice vla...

Page 310: ...able 17 4 3 voice vlan Command voice vlan mac mac address mask mac mask priority priority id name voice name no voice vlan mac mac address mask mac mask name voice name all Function Specify certain voice equipment to join in Voice VLAN the no form of this command will let the equipment leave the Voice VLAN Parameter Mac address is the voice equipment MAC address shown in xx xx xx xx xx xx format m...

Page 311: ...4f 11 22 00 to 00 30 4f 11 22 ff to the Voice VLAN Switch config Switch config voice vlan vlan 100 Switch config voice vlan mac 00 30 4f 11 22 00 mask 0 priority 5 name test 17 4 4 voice vlan vlan Command voice vlan vlan vlan id no voice vlan Function Configure the specified VLAN to Voice VLAN the no voice vlan command cancels the Voice VLAN configuration of this VLAN Parameter Vlan id is the numb...

Page 312: ...17 74 Example Set VLAN100 to Voice VLAN Switch config Switch config voice vlan vlan 100 ...

Page 313: ...able Parameter None Command mode Admin Mode Usage Guide If enable the function of the hash collision mac table that issued ffp mac address table avoid collision the mac cannot be cleared Example Clear the hash collision mac table Switch clear collision mac address table 18 1 2 clear mac address table dynamic Command clear mac address table dynamic address mac addr vlan vlan id interface ethernet p...

Page 314: ...ferent sources the types are as follows DYNAMIC STATIC APPLICATION SYSTEM DYNAMIC is the dynamic MAC address entries learned by switch it can be aged by switch automatically Example Delete all dynamic MAC Switch clear mac address table dynamic 18 1 3 mac address learning cpu control Command mac address learning cpu control no mac address learning cpu control Function Enable MAC learning through CP...

Page 315: ... Sets the aging time for the dynamic entries of MAC address table Parameter aging time is the aging time seconds range from 10 to 1000000 0 to disable aging Command Mode Global Mode Default Default aging time is 300 seconds Usage Guide If no destination address of the packets is same with the address entry in aging time the address entry will get aged The user had better set the aging time accordi...

Page 316: ...ss filter both is based on source address and destination address filter the default is both Command Mode Global Mode Default When VLAN interface is configured and is up the system will generate a static address mapping entry of which the inherent MAC address corresponds to the VLAN number Usage Guide In certain special applications or when the switch is unable to dynamically learn the MAC address...

Page 317: ...1 Switch config mac address table static multicast address 01 00 5e 00 00 01 vlan 1 interface ethernet1 1 18 1 6 showCollisionMacTable Command show collision mac address table Function Show the hash collision mac table Parameter None Command mode Global Mode Usage Guide If enable the function of the hash collision mac table that issued ffp mac address table avoid collision the collision mac which ...

Page 318: ...is command can display various classes of MAC address entries Users can also use show mac address table to display all the MAC address entries Example Display all the filter MAC address entries Switch show mac address table blackhole 18 2 Commands for Mac Address Binding configuration 18 2 1 clear port security dynamic Command clear port security dynamic address mac addr interface interface id Fun...

Page 319: ...lear port security dynamic interface Ethernet 1 1 18 2 2 show port security Command show port security Function Display the secure MAC addresses of the port Command mode Admin and Configuration Mode Default The switch is not display port security configuration Usage Guide This command displays the secure port MAC address information Example Switch show port security Security Port MaxSecurity Addr ...

Page 320: ...ity address Command show port security address interface interface id Function Display the secure MAC addresses of the port Command mode Admin and Configuration Mode Parameter interface id stands for the port to be displayed Usage Guide This command displays the secure port MAC address information if no port is specified secure MAC addresses of all ports are displayed The following is an example S...

Page 321: ...ands for the port to be displayed Default Configuration of secure ports is not displayed by default Usage Guide This command displays the detailed configuration information for the secure port Example Switch show port security interface ethernet 1 1 Port Security Enabled Port status Security Up Violation mode Protect Maximum MAC Addresses 1 Total MAC Addresses 1 Configured MAC Addresses 1 Lock Tim...

Page 322: ...rt port security no switchport port security Function Enable MAC address binding function for the port the no command disables the MAC address binding function for the port Command mode Port Mode Default MAC address binding is not enabled by default Usage Guide The MAC address binding function and Port Aggregation functions are mutually exclusive Therefore if MAC binding function for a port is to ...

Page 323: ...ust be enabled before static secure MAC address can be added Example Adding MAC 00 30 4f FE 2E D3 to port1 Switch config interface Ethernet 1 1 Switch Config If Ethernet1 1 switchport port security mac address 00 30 4f FE 2E D3 18 2 7 switchport port security maximum Command switchport port security maximum value no switchport port security maximum Function Sets the maximum number of secure MAC ad...

Page 324: ...ximum secure MAC address number as 4 for port1 Switch config interface Ethernet 1 1 Switch Config If Ethernet1 1 switchport port security maximum 4 18 2 8 switchport port security violation Command switchport port security violation protect shutdown recovery 30 3600 no switchport port security violation Function Configure the port violation mode The no restores the violation mode to protect Comman...

Page 325: ... Example Set the violation mode of port 1 to shutdown Switch config interface Ethernet 1 1 Switch Config If Ethernet1 1 switchport port security violation shutdown recovery 60 18 3 Commands for MAC Notification 18 3 1 clear mac notification statistics Command clear mac notification statistics Function Clear the statistics of MAC notification trap Parameter None Default None Command Mode Admin mode...

Page 326: ... disabling the MAC address notification other configuration can be shown but the function is invalid Example Enable the MAC address notification Switch Config mac address table notification 18 3 3 mac address table notification history size Command mac address table notification history size 0 500 no mac address table notification history size Function Configure the maximum history size for storin...

Page 327: ...erval 0 86400 no mac address table notification interval Function Configure the interval for sending the MAC address notification the no command restores the default interval Parameter interval interval for sending the notification unit is second its range from 0 to 86400 Default 30s Command Mode Global mode Usage Guide After the global switch is disabled this command is also able to be configured...

Page 328: ...ses Default No MAC address notification Command Mode Port mode Usage Guide After the global switch is disabled this command is also able to be configured sequentially Example Send the trap notification after the MAC address is added to Ethernet 1 5 Switch Config in ethernet 1 5 Switch Config if ethernet 1 5 mac notification added 18 3 6 show mac notification summary Command show mac notification s...

Page 329: ...C address notification interval 10 MAC address notification history log size 120 MAC address added 0 MAC address removed 0 MAC address snmp traps generated 0 18 3 7 snmp server enable traps mac notification Command snmp server enable traps mac notification no snmp server enable traps mac notification Function Enable the trap notification of MAC address globally the no command disables the trap not...

Page 330: ...is used with MAC notification switch When the switch is disabled other configuration can be shown but the function is invalid Example Enable the trap notification of MAC address Switch Config snmp server enable traps mac notification ...

Page 331: ...ode Usage Guide This command is to quit MSTP region mode without saving the current configuration The previous MSTP region configuration is valid Example Quit MSTP region mode without saving the current configuration Switch Config Mstp Region abort Switch config 19 1 2 exit Command exit Function Save current MSTP region configuration quit MSTP region mode and return to global mode Command mode MST...

Page 332: ...lid range is from 0 to 64 in the command no instance instance id vlan vlan list instance id sets the instance number The valid number is from 0 to 64 vlan list sets consecutive or non consecutive VLAN numbers refers to consecutive numbers and refers to non consecutive numbers Command mode MSTP Region Mode Default Before creating any Instances there is only the instance 0 and VLAN 1 4094 all belong...

Page 333: ...s the MSTP region name The length of the name should be less than 32 characters Command mode MSTP Region Mode Default Default MSTP region name is the MAC address of this bridge Usage Guide This command is to set MSTP region name The bridges with same MSTP region name and same other attributes are considered in the same MSTP region Example Set MSTP region name to mstp test Switch config spanning tr...

Page 334: ...cified instance and MSTP region name restore the default of modify value is 0 Example Delete instance 1 Switch Config Mstp Region no instance 1 19 1 6 revision level Command revision level level no revision level Function In MSTP region mode this command is to set revision level for MSTP configuration the command no revision level restores the default setting to 0 Parameter level is revision level...

Page 335: ...ch Config Mstp Region revision level 2000 19 1 7 show Command show Function Display the information of current running system Command mode MSTP Region Mode Usage Guide This command can check the detail information of system Example Display the information of current running system Switch Config Mstp Region show 19 1 8 spanning tree Command spanning tree no spanning tree Function Enable MSTP in glo...

Page 336: ...config interface ethernet 1 2 Switch Config If Ethernet1 2 no spanning tree 19 1 9 spanning tree cost Command spanning tree cost cost no spanning tree cost Function Sets path cost of the current port the command no spanning tree cost restores the default setting Parameter cost sets path cost The valid range is from 1 to 200 000 000 Command mode Port Mode Default By default the port cost is relevan...

Page 337: ...elections of port and the designated port of the instance Example On the port1 2 set the port cost is 3000000 Switch Config If Ethernet1 2 spanning tree cost 3000000 19 1 10 spanning tree digest snooping Command spanning tree digest snooping no spanning tree digest snooping Function Configure the port to use the authentication string of partner port the command no spanning tree digest snooping res...

Page 338: ...N relation is accord for all the equipment If there are more than one equipment connected all the connected ports should execute this command Example Configure the authentication string of partner port Switch config interface ethernet 1 2 Switch Config If Ethernet1 2 spanning tree digest snooping Switch Config If Ethernet1 2 19 1 11 spanning tree format Command spanning tree format standard privac...

Page 339: ...es the unmatched packet to DISCARDING to prevent both sides consider themselves the root which leads to circuits When the AUTO format is set and over one equipment which is not compatible with each other are connected on the port e g a equipment running through a HUB or Transparent Transmission BPDU is connected with several equipments running MSTP the format alter counts will be recorded and the ...

Page 340: ...tree hello time Command spanning tree hello time time no spanning tree hello time Function Set switch Hello time The command no spanning tree hello time restores the default setting Parameter time is Hello time in seconds The valid range is from 1 to 10 Command mode Global Mode Default Hello Time is 2 seconds by default Usage Guide Hello time is the interval that the switch sends BPDUs Hello time ...

Page 341: ...nd mode Port Mode Default The link type is auto by default The MSTP detects the link type automatically Usage Guide When the port is full duplex MSTP sets the port link type as point to point When the port is half duplex MSTP sets the port link type as shared Example Force the port 1 7 8 as point to point type Switch config interface ethernet 1 7 8 Switch Config Port Range spanning tree link type ...

Page 342: ...k incorrectly 2 Bridge_Forward_Delay 1 0 seconds Bridge_Max_Age Bridge_Max_Age 2 Bridge_Hello_Time 1 0 seconds Example In global mode set max age time to 25 seconds Switch config spanning tree maxage 25 19 1 16 spanning tree max hop Command spanning tree max hop hop count no spanning tree max hop Function Set maximum hops of BPDU in the MSTP region the command no spanning tree max hop restores the...

Page 343: ...ning tree mcheck Command spanning tree mcheck Function Force the port to run in the MSTP mode Command mode Port Mode Default The port is in the MSTP mode by default Usage Guide If a network which is attached to the current port is running IEEE 802 1D STP the port converts itself to run in STP mode The command is used to force the port to run in the MSTP mode But once the port receives STP messages...

Page 344: ...lobal Mode Default The switch is in the MSTP mode by default Usage Guide When the switch is in IEEE802 1D STP mode it only sends standard IEEE802 1D BPDU and TCN BPDU It drops any MSTP BPDUs Example Set the switch in the STP mode Switch config spanning tree mode stp 19 1 19 spanning tree mst configuration Command spanning tree mst configuration no spanning tree mst configuration Function Enter the...

Page 345: ...o the MSTP configuration Only if the switches with the same MST configuration identifier are considered as in the same MSTP region Example Enter MSTP region mode Switch config spanning tree mst configuration Switch Config Mstp Region 19 1 20 spanning tree mst cost Command spanning tree mst instance id cost cost no spanning tree mst instance id cost Function Sets path cost of the current port in th...

Page 346: ... 200000 N 1Gbps N 20000 N 10Gbps N 2000 N Port Speed Port Type Port Cost 802 1D 2008 802 1T 0 65535 200 000 000 10Mbps Half duplex Full duplex aggregation link with 2 ports aggregation link with 3 ports aggregation link with 4 ports 100 99 95 95 95 2 000 000 1 999 999 1 000 000 666 666 500 000 100Mbps Half duplex Full duplex aggregation link with 2 ports aggregation link with 3 ports aggregation l...

Page 347: ...et the MSTP port cost in the instance 2 to 3000000 Switch Config If Ethernet1 2 spanning tree mst 2 cost 3000000 19 1 21 spanning tree cost format Command spanning tree cost format dot1d dot1t Function In global mode users can select path cost format with dot1d or dot1t the default format is dot1t Command Mode Global mode Default count path cost with dot1t format Usage Guide There are two formats ...

Page 348: ...nce id loopguard Function Enable the loopguard function for specified instance the no command disables this function Parameter instance id MSTP instance ID Command mode Port Mode Default Disable loopguard function Usage Guide The command can avoid root port or alternate port to be changed as designated port due to invalid unilateralism link When the receiving timer is time the configured port with...

Page 349: ...t Mode Default The default port priority is 128 Usage Guide By setting the port priority users can control the port ID of the instance in order to control the root port and designated port of the instance The lower the value of the port priority is the higher the priority is Example Set the port priority as 32 on the port 1 2 for the instance 1 Switch config interface ethernet 1 2 Switch Config If...

Page 350: ... ID can influence the elections of root bridge and designated port for the specified instance Example Set the priority for Instance 2 to 4096 Switch config spanning tree mst 2 priority 4096 19 1 25 spanning tree mst rootguard Command spanning tree mst instance id rootguard no spanning tree mst instance id rootguard Function Enable the rootguard function for specified instance the rootguard functio...

Page 351: ... 2 19 1 26 spanning tree portfast Command spanning tree portfast bpdufilter bpduguard recovery 30 3600 no spanning tree portfast Function Set the current port as boundary port and BPDU filter BPDU guard as specified mode or default mode the command no spanning tree portfast sets the current port as non boundary port Parameter bpdufilter configure the border port mode as BPDU filter bpduguard confi...

Page 352: ...tion Set the port priority the command no spanning tree port priority restores the default setting Parameter port priority sets port priority The valid range is from 0 to 240 The value should be the multiples of 16 such as 0 16 32 48 240 Command mode Port Mode Default The default port priority is 32768 Usage Guide By setting the port priority to designated port The lower the value of the port prio...

Page 353: ...d Mode Global Mode Default Priority is 32768 Usage Guide The bridge ID can be altered by changing the priority of the switch Further the priority information can also be used for voting of the root bridge and the specified ports The bridge priority value of the switch is smaller however the priority is higher Example Configure the priority is 4096 Switch config spanning tree priority 4096 19 1 29 ...

Page 354: ...ng The rootguard function can maintain a relative stable spanning tree topology when a new switch is added to the network Example Set the port 1 is root port Switch Config If Ethernet1 1 spanning tree rootguard 19 1 30 spanning tree tcflush Global mode Command spanning tree tcflush enable disable protect no spanning tree tcflush Function Configure the spanning tree flush mode once the topology cha...

Page 355: ...e is not recommended Example Configure the spanning tree flush mode once the topology changes is not flush to TC Switch config spanning tree tcflush disable Switch config 19 1 31 spanning tree tcflush Port mode Command spanning tree tcflush enable disable protect no spanning tree tcflush Function Configure the spanning tree flush mode for port once the topology changes no spanning tree tcflush res...

Page 356: ...e flush mode once the topology change is not flush to TC Switch config interface ethernet 1 2 Switch Config If Ethernet1 2 spanning tree tcflush disable Switch Config If Ethernet1 2 19 1 32 spanning tree transmit hold count Command spanning tree transmit hold count tx hold count value no spanning tree transmit hold count Function Set the max transmit hold count of port Parameter tx hold count valu...

Page 357: ... MSTP debugging Users should enable the detailed debugging information and then they can use this command to display the relevant debugging information In general this command is used by skilled technicians Example Enable to receive the debugging information of BPDU messages on the port1 1 Switch debug spanning tree Switch debug spanning tree bpdu rx interface e1 1 19 2 2 show mst pending Command ...

Page 358: ...n show mst pending Name switch Revision 0 Instance Vlans Mapped 00 1 29 31 39 41 4093 03 30 04 40 05 4094 Switch Config Mstp Region 19 2 3 show spanning tree Command show spanning tree mst instance id interface interface list detail Function Display the MSTP Information Parameter interface list sets interface list instance id sets the instance ID The valid range is from 0 to 64 detail sets the det...

Page 359: ... 128 1 Current port list in Instance 0 Ethernet1 1 Ethernet1 2 Total 2 PortName ID ExtRPC IntRPC State Role DsgBridge DsgPort Ethernet1 1 128 001 0 0 FWD ROOT 16384 00304f010f52 128 007 Ethernet1 2 128 002 0 0 BLK ALTR 16384 00304f010f52 128 011 Instance 3 Self Bridge Id 0 00 30 4f 01 0e 30 Region Root Id this switch Int RootPathCost 0 Root Port ID 0 Current port list in Instance 3 Ethernet1 1 Eth...

Page 360: ...current bridge for the current instance Root Id The priority and the MAC address of the root bridge for the current instance Ext RootPathCost Total cost from the current bridge to the root of the entire network Int RootPathCost Cost from the current bridge to the region root of the current instance Root Port ID Root port of the current instance on the current bridge MSTP Port List Of The Current I...

Page 361: ...e Command mode Admin Mode Usage Guide In the Admin mode this command can show the parameters of the MSTP configuration such as MSTP name revision VLAN and instance mapping Example Display the configuration of the MSTP on the switch Switch show spanning tree mst config Name switch Revision 0 Instance Vlans Mapped 00 1 29 31 39 41 4094 03 30 04 40 ...

Page 362: ...y class map In single bucket mode the messages can be only red or green when passing policy When printing the information in profile means green and out profile means red In dual bucket mode there are three colors green yellow red of messages in profile means green out profile means red and yellow Example Count the packets which satisfy c1 rule Switch config policy map p1 Switch Config PolicyMap p...

Page 363: ...ault Command mode Policy map configuration mode Usage Guide Before setting up a policy class a policy map should be created and the policy map mode entered In the policy map mode classification and nexthop configuration can be performed on packet traffic classified by class map Example After add a policy class map c1 to the policy map add a policy class map c2 and insert it to the front of c1 Swit...

Page 364: ...g a class map named c1 Switch config class map c1 Switch Config ClassMap c1 exit Switch config no class map c1 20 4 clear mls qos statistics Command clear mls qos statistics interface interface name vlan vlan id Function Clear accounting data of the specified ports or VLAN Policy Map If there are no parameters clear accounting data of all policy map Parameters vlan id VLAN ID interface name The in...

Page 365: ...p Function Drop data package that match the class the no command cancels the assigned action Parameters None Default Do not set the action Command mode Policy class map configuration mode Usage Guide Drop the specified packet after configure this command Example Drop the packet which satisfy c1 Switch config policy map p1 Switch Config PolicyMap p1 class c1 Switch Config PolicyMap p1 Class c1 drop...

Page 366: ...eter is a IP Precedence list consisting of maximum 8 IP Precedence values with a valid range of 0 7 ipv6 access group acl index or name match specified IPv6 ACL the parameter is the number or name of the IPv6 ACL it only supports standard ipv6 acl ipv6 flowlabel flowlabel list match specified IPv6 flow label the parameter is IPv6 flow label value the range is 0 1048575 vlan vlan list match specifi...

Page 367: ...cos is the default CoS value for the port the valid range is 0 to 7 Default The default CoS value is 0 Command mode Port Configuration Mode Usage Guide Configure the default CoS value for switch port In default configuration the message ingress cos from this port are default value whether the message with tag If the message without tag the message cos value for tag is enactmented Example Setting t...

Page 368: ...ty value is separated by the space and the range of the dropping priority is 0 to 2 dscp intp defines the mapping from DSCP to intp queue dscp dp defines the mapping from dscp value to the dropping priority dscp dscp defines the mapping from ingress dscp value to egress dscp value in dscp list is the inputting dscp value and there are 8 at most They are separated by the space and the range is 0 to...

Page 369: ... mapping value to the default 0 8 16 24 32 40 48 56 to 0 1 2 3 3 2 1 0 Switch config mls qos map cos intp 0 1 2 3 3 2 1 0 20 9 mls qos queue algorithm Command mls qos queue algorithm sp wrr wdrr no mls qos queue algorithm Function After configure this command the queue management algorithm is set Parameters sp The strict priority the queue number of bigger then the priority is higher wrr Select wr...

Page 370: ...R is meaningless WRR allocates bandwidth by using 4 weight values The different chips support the different weight range if the setting exceeds the chip range it will prompt the right range Default The queue weight is 1 2 3 4 5 6 7 8 Command mode Global Mode Usage Guide If the weight of queue is configured as 0 this queue will be scheduled with SP algorithm This time WRR algorithm will become SWRR...

Page 371: ...ht range when the chip supports 4 queues it s parameter turns into weight1 weight4 Default The queue weight is 10 20 40 80 160 320 640 1280 Command mode Port Mode Usage Guide If the queue weight is configured as 0 it uses SP algorithm to manage while WRR turns into SWDRR When removing the queue the system will manage SP queue at first then manage WDRR queue SP queue executes the strict priority ma...

Page 372: ...h guarantee and maximum bandwidth limit can be configured at the different or same queue The queue bandwidth pledge for egress is relative to management mode for example one port is the strict priority queue the highest priority is queue 1 now it will satisfy this queue traffic when block is happened But if user want the lower priority of queue having bandwidth it can remain bandwidth via this com...

Page 373: ...Mode policy bits_per_second normal_burst_bytes pir peak_rate_bps maximum_burst_bytes conform action ACTION exceed action ACTION violate action ACTION ACTION definition drop transmit set dscp transmit dscp_value set prec transmit ip_precedence_value set cos transmit cos_value set internal priority inp_value set Drop Precedence dp_value no policy Function The non aggregation policy command supportin...

Page 374: ...he dual rate dual bucket mode Notice this configuration only exists in dual bucket mode violate action The actions to take when the PIR is exceeded which means the messages are red the default as drop conform action The action to take when the CIR is not exceeded which means the messages are green the default as transmit exceed action The actions to take when the CIR is exceeded but PIR isn t whic...

Page 375: ...s 1000 CBS as 2000 and the action when CIR is not exceeded as transmitting the messages after changing DSCP to 23 and the action triggered by exceeding CIR as transmit without changing the messages Switch config class map cm Switch config classmap cm match cos 0 Switch config classmap cm exit Switch config policy map 1 Switch config policymap 1 class cm Switch config policymap 1 class cm policy 10...

Page 376: ... exit Switch config policy map 1 Switch config policymap 1 class cm Switch config policymap 1 class cm policy aggregate color 20 16 policy map Command policy map policy map name no policy map policy map name Function Creates a policy map and enters the policy map mode the no policy map policy map name command deletes the specified policy map Parameters policy map name is the policy map name Defaul...

Page 377: ...ss direction of switch port no command will delete all the policy maps applied on the ingress direction of the port if there is not the specified policy map name Default No policy map is bound to port by default Command mode Port Configuration Mode Usage Guide Only one policy map can be applied to each direction of each port or VLAN interface It is not recommended to use policy map on VLAN and VLA...

Page 378: ... will deletes all the policy maps applied in the ingress direction of the vlan interface if there is not the specified policy map name Default No policy map is bound to VLAN interface by default Command mode Global Configuration Mode Usage Guide Only one policy map can be applied to each direction of each port or VLAN interface It is not recommended to use policy map on VLAN and VLAN s port at the...

Page 379: ...ap Mode Usage Guide Only the classified traffic which matches the matching standard will be assigned with the new values Example Set the IP Precedence of the packets matching c1 class rule to 3 Switch config policy map p1 Switch Config PolicyMap p1 class c1 Switch Config PolicyMap p1 Class c1 set ip precedence 3 Switch Config PolicyMap p1 Class c1 exit Switch Config PolicyMap p1 exit 20 20 show cl...

Page 380: ...ation Class map name c1 Name of the Class map used by 1 times Used times match acl name 1 Classifying rule for the class map 20 21 show policy map Command show policy map policy map name Function Displays policy map of QoS Parameters policy map name is the policy map name Default N A Command mode Admin Mode Usage Guide Displays all configured policy map or specified policy map information Example ...

Page 381: ...R 1000 CBS 1000 PIR 200 PBS 3000 conform action transmit exceed action drop violate action drop Policy implemented 20 22 show mls qos interface Command show mls qos interface interface id policy queuing vlan vlan id begin include exclude regular expression Function Displays QoS configuration information on a port Parameters interface id is the port ID vlan id VLAN ID policy is the policy setting o...

Page 382: ...how mls qos interface ethernet 1 2 Ethernet1 2 Default COS 0 Trust COS Attached Policy Map for Ingress p1 Classmap classified in profile out profile in packets c1 20 10 10 c2 NA NA NA If Class Map is not configured Accounting show NA Egress Internal Priority TO Queue map INTP 0 1 2 3 4 5 6 7 Queue 0 1 2 3 4 5 6 7 Queue Algorithm WRR Queue weights Queue 0 1 2 3 4 5 6 7 WrrWeight 1 2 3 4 5 6 7 8 Wdr...

Page 383: ... for Class Map show NA Internal Priority TO Queue map Internal Priority to queue mapping Queue Algorithm WRR or WDRR or PQ queue out method Queue weights Queue weights configuration Bandwidth Guarantee Configuration Bandwidth guarantee configuration Switch config show mls qos interface ethernet1 2 queuing Ethernet1 2 Egress Internal Priority TO Queue map INTP 0 1 2 3 4 5 6 7 Queue 0 1 2 3 4 5 6 7 ...

Page 384: ... 0 Display Information Explanation Ethernet1 2 Port name Attached Policy Map for Ingress p1 Policy name bound to port ClassMap ClassMap name classified Total data packets match this ClassMap in profile Total in profile data packets match this ClassMap out profile Total out profile data packets match this ClassMap Switch show mls qos vlan 100 Vlan 100 Attached Policy Map for Ingress p1 Classmap cla...

Page 385: ... DSCP Default None Command mode Admin and Configuration Mode Usage Guide Display the map configuration information of QoS Example Display configuration information of the mapping table Ingress COS TO Internal Priority map COS 0 1 2 3 4 5 6 7 INTP 0 1 2 3 4 5 6 7 Ingress DSCP TO Internal Priority map d1 d2 0 1 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 3 3 4...

Page 386: ... 40 40 40 40 48 48 5 48 48 48 48 48 48 56 56 56 56 6 56 56 56 56 Ingress DSCP TO Drop Precedence map d1 d2 0 1 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 3 0 0 0 0 0 0 0 0 0 0 4 0 0 0 0 0 0 0 0 0 0 5 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 20 24 show mls qos vlan Command show mls qos vlan v id Parameters v id the ranging from 1 to 4094 Command Mode Admin mode Default N...

Page 387: ...tached Policy Map for Ingress 7 Classmap classified in profile out profile in packets 7 0 0 0 20 25 transmit Command transmit no transmit Function Transmit data package that match the class the no command cancels the assigned action Parameters None Default Do not set the action Command mode Policy class map configuration mode Usage Guide Send the packet directly after configure this command ...

Page 388: ... Send the packet which satisfy c1 Switch config policy map p1 Switch Config PolicyMap p1 class c1 Switch Config PolicyMap p1 Class c1 transmit Switch Config PolicyMap p1 Class c1 exit Switch Config PolicyMap p1 exit ...

Page 389: ... nomenclatural extensive MAC ACL digital standard IPv6 ACL and nomenclatural standard IPv6 ACL Parameters of Time range and Port range can not be set in ACL the type of ACL should be Permit IFNAME the destination port of redirection Command Mode Physical Port Configuration Mode Usage Guide no access group aclname redirect command is used to delete flow based redirection Flow based redirection func...

Page 390: ...ction in the system 2 Specify ports in IFNAME display the information of the flow based redirection configured in the ports listed in the interface list Command Mode Admin Mode and Configuration Mode Usage Guide This command is used to display the information of current flow based redirection in the system port Examples Switch config show flow based redirect Flow based redirect config on interface...

Page 391: ...f ACL ip dscp dscp list and ipv6 dscp dscp list match the specified DSCP value the parameter is a list of DSCP consisting of maximum 8 DSCP values the ranging is 0 to 63 ip precedence ip precedence list match the specified IP Precedence the parameter is an IP Precedence list consisting of maximum 8 IP Precedence values with a valid range of 0 to 7 ipv6 access group acl index or name match the spec...

Page 392: ...c1 Switch config classmap c1 match ip precedence 0 Switch config classmap c1 exit 22 2 service policy Command service policy policy map name in no service policy policy map name in Function Bind the specified policy of flexible QinQ to the ingress of the port the no command cancels the binding Parameters service policy policy map name The specified policy map name of flexible QinQ Default No polic...

Page 393: ...nd vid value to the packets which match the class map no command cancels the operation Parameters s vid new vid specifies VID of an external VLAN Tag Default Do not assign the value Command Mode Policy class map configuration mode Usage Guide Only assign the new value again for the classified flow that correspond the match standard This switch only supports to modify the outer layer of vlan it doe...

Page 394: ... external VLAN Tag VID as 3 for the packet which satisfy c2 class rule Switch config policy map p1 Switch Config PolicyMap p1 class c2 Switch Config PolicyMap p1 Class c2 set s vid 3 Switch Config PolicyMap p1 Class c2 exit ...

Page 395: ...ormation of VLAN interface Parameter text is the description information of VLAN interface the length should not exceed 256 characters Default Do not configure Command Mode VLAN interface mode Usage Guide The description information of VLAN interface behind description and shown under the configured VLAN Example Configure the description information of VLAN interface as test vlan Switch config int...

Page 396: ...ce Layer 3 interface VLANs should be configured first for details see the VLAN chapters When VLAN interface Layer 3 interface is created with this command the VLAN interface Layer 3 interface configuration mode will be entered After the creation of the VLAN interface Layer 3 interface interface vlan command can still be used to enter Layer 3 Port Mode Configure 16 interface vlan to manage device t...

Page 397: ...played information Explanation C connected Direct route namely the segment directly connected with the layer 3 switch S static Static route the route manually configured by users R RIP derived RIP route acquired by layer 3 switch through the RIP protocol O OSPF derived OSPF route acquired by layer 3 switch through the OSPF protocol A OSPF ASE Route introduced by OSPF B BGP derived BGP route acquir...

Page 398: ...ormation of receiving and sending packets for IP kernel protocol including the statistic of receiving packets sending packets and dropping packets and the error information of receiving and sending packets for IP protocol ICMP protocol TCP protocol and UDP protocol Example Clear statistic information of IP protocol Switch clear ip traffic 23 2 2 clear ipv6 neighbor Command clear ipv6 neighbors Fun...

Page 399: ...and cannot clear static neighbor Example Clear neighbor list Switch clear ipv6 neighbors 23 2 3 debug ip icmp Command debug ip icmp no debug ip icmp Function The debugging for receiving and sending ICMP packets Parameter None Default None Command mode Admin Mode Usage Guide None ...

Page 400: ...able the IP packet debug function the no debug IP packet command disables this debug function Parameter None Default IP packet debugging information is disabled by default Command mode Admin Mode Usage Guide Displays statistics for IP packets received sent including source destination address and bytes etc Example Enable IP packet debug Switch debug ip packet IP PACKET sent src 200 1 1 35 dst 224 ...

Page 401: ... 2786 dst fe80 1 size 64 proto 58 from Vlan1 Displayed information Explanation IPv6 PACKET rcvd Receive IPv6 data report Src fe80 203 fff fe01 2786 Source IPv6 address Dst fe80 1 Destination IPv6 address size 64 Size of data report proto 58 Protocol field in IPv6 header from Vlan1 IPv6 data report is collected from Layer 3 port vlan1 23 2 6 debug ipv6 icmp Command debug ipv6 icmp no debug ipv6 icm...

Page 402: ...Command debug ipv6 nd ns na rs ra redirect no debug ipv6 nd ns na rs ra redirect Function Enable the debug of receiving and sending operations for specified types of IPv6 ND messages The ns na rs ra and redirect parameters represent neighbor solicitation neighbor advertisement route solicitation route advertisement and route redirect No specification means to enable the debug for all five types of...

Page 403: ...planation IPv6 ND rcvd Receive ND data report type 136 ND Type src fe80 203 fff fe01 2786 Source IPv6 address dst fe80 203 fff fe01 59ba Destination IPv6 address 23 2 8 ip address Command ip address ip address mask secondary no ip address ip address mask secondary Function Set IP address and net mask of switch the no ip address ip address mask secondary command deletes the IP address configuration...

Page 404: ...P all can be used on SNMP Web Telnet management Furthermore the switch also provides BOOTP DHCP manner to get IP address Example The IP address of switch VLAN1 interface is set to 192 168 1 10 24 Switch Config if Vlan1 ip address 192 168 1 10 255 255 255 0 23 2 9 ip default gateway Command ip default gateway A B C D no ip default gateway A B C D Function Configure the default gateway of the router...

Page 405: ...nd subnet mask shown in dotted decimal notation ip prefix and prefix length are respectively the destination IP address and the length of prefix gateway address is the next hop IP address shown in dotted decimal notation gateway interface is the next hop interface distance is the distance value of route management the range is 1 to 255 Default The default distance value of route management is 1 Co...

Page 406: ...dress site local address and link local address for the interface Parameter Parameter ipv6 address is the prefix of IPv6 address parameter prefix length is the prefix length of IPv6 address which is between 3 128 eui 64 means IPv6 address is generated automatically based on eui64 interface identifier of the interface Command Mode Interface Configuration Mode Default None Usage Guide IPv6 address p...

Page 407: ...of the router The no command cancels the configuration Parameter X X X X is IPv6 address of the gateway for example 2002 100 1 Default Do not configure IPv6 default gateway of the router Command mode Global mode Usage Guide Configure IPv6 default gateway of the router to specify the default next hop IPv6 address to which the packets will be sent Example Specify an IPv6 default gateway Switch confi...

Page 408: ...lt The default request message number is 1 Usage Guide When configuring an IPv6 address it is required to process IPv6 Duplicate Address Detection this command is used to configure the ND message number of Duplicate Address Detection to be sent value being 0 means no Duplicate Address Detection is executed Example The Neighbor Solicitation Message number sent in succession by interface when settin...

Page 409: ...commended Example Set Vlan1 interface to send out Neighbor Solicitation Message time interval to be 8 seconds Switch Config if Vlan1 ipv6 nd ns interval 8 23 2 15 ipv6 neighbor Command ipv6 neighbor ipv6 address hardware address interface interface type interface name no ipv6 neighbor ipv6 address Function Set static neighbor table entry Parameters Parameter ipv6 address is static neighbor IPv6 ad...

Page 410: ...t 1 1 23 2 16 show ip interface Command show ip interface ifname vlan vlan id brief Function Show the brief information of the configured layer 3 interface Parameters ifname Interface name vlan id VLAN ID Default Show all brief information of the configured layer 3 interface when no parameter is specified Command mode All modes Usage Guide None Example Restarter show ip interface vlan1 brief Index...

Page 411: ...230439 forwarded 0 dropped 0 no route ICMP statistics Rcvd 0 total 0 errors 0 time exceeded 0 redirects 0 unreachable 0 echo 0 echo replies 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp 0 timestamp replies Sent 0 total 0 errors 0 time exceeded 0 redirects 0 unreachable 0 echo 0 echo replies 0 mask requests 0 mask replies 0 quench 0 parameter 0 timestamp 0 timestamp replies TCP st...

Page 412: ...nnot be fragmented number of fragments sent etc Sent 0 generated 0 forwarded 0 dropped 0 no route Statistics for total packets sent including number of local packets forwarded packets dropped packets and packets without route ICMP statistics ICMP packet statistics Rcvd 0 total 0 errors 0 time exceeded 0 redirects 0 unreachable 0 echo 0 echo replies 0 mask requests 0 mask replies 0 quench 0 paramet...

Page 413: ... is displayed and you can also specify a specific Layer 3 interface Example Switch show ipv6 interface Vlan1 Vlan1 is up line protocol is up dev index is 2004 Device flag 0x1203 UP BROADCAST ALLMULTI MULTICAST IPv6 is enabled Link local address es fe80 203 fff fe00 10 PERMANENT Global unicast address es 3001 1 subnet is 3001 1 64 PERMANENT Joined group address es ff02 1 ff02 16 ff02 2 ff02 5 ff02 ...

Page 414: ...llisecond s ND advertised retransmit time is 0 millisecond s Displayed information Explanation Vlan1 Layer 3 interface name up up Layer 3 interface status dev index Internal index No fe80 203 fff fe00 10 Automatically configured IPv6 address of Layer 3 interface 3001 1 Configured IPv6 address of Layer 3 interface 23 2 19 show ipv6 route Command show ipv6 route database Function Display IPv6 routin...

Page 415: ...333 1 2 3 64 via fe80 20c ceff fe13 eac1 Vlan12 1024 C 3ffe 501 ffff 1 64 via Vlan4 256 O 3ffe 501 ffff 100 64 via Vlan5 1024 O 3ffe 3240 800d 1 64 via Vlan1 1024 O 3ffe 3240 800d 2 64 via Vlan2 1024 O 3ffe 3240 800d 10 64 via Vlan12 1024 O 3ffe 3240 800d 20 64 via fe80 20c ceff fe13 eac1 Vlan12 1024 C fe80 64 via Vlan1 256 C ff00 8 via Vlan1 256 Displayed information Explanation IPv6 Routing Tabl...

Page 416: ...ort State 2002 ca60 c801 1 250 baff fef2 a4f4 00 50 ba f2 a4 f4 Vlan1 Ethernet1 2 reachable 3ffe 3240 800d 1 100 00 30 4f 01 27 86 Vlan1 Ethernet1 3 reachable 3ffe 3240 800d 1 8888 00 02 01 00 00 00 Vlan1 Ethernet1 1 permanent 3ffe 3240 800d 1 250 baff fef2 a4f4 00 50 ba f2 a4 f4 Vlan1 Ethernet1 4 reachable 3ffe 3240 800d 2 8888 00 02 01 00 01 01 Vlan2 Ethernet1 16 permanent 3ffe 3240 800d 2 203 f...

Page 417: ...rmation Parameter None Default None Command Mode Admin and Configuration Mode Example Switch show ipv6 traffic IP statistics Rcvd 90 total 17 local destination 0 header errors 0 address errors 0 unknown protocol 13 discards Frags 0 reassembled 0 timeouts 0 fragment rcvd 0 fragment dropped 0 fragmented 0 couldn t fragment 0 fragment sent Sent 110 generated 0 forwarded 0 dropped 0 no route ICMP stat...

Page 418: ...ets statistics 23 3 Commands for ARP Configuration 23 3 1 arp Command arp ip_address mac_address interface ethernet portName no arp ip_address Function Configures a static ARP entry the no arp ip_address command deletes a ARP entry of the specified IP address Parameters ip_address is the IP address at the same field with interface address mac_address is the MAC address ethernet stands for Ethernet...

Page 419: ...Function Clears ARP table Command mode Admin Mode Example Switch clear arp cache 23 3 3 clear arp traffic Command clear arp traffic Function Clear the statistic information of ARP messages of the switch For box switches this command will only clear statistics of APP messages received and sent from the current boardcard Command mode Admin Mode Example Switch clear arp traffic ...

Page 420: ...destination address etc Example Enable ARP debugging Switch debug arp receive Jan 01 01 05 53 2006 IP ARP rcvd type REQUEST src 172 16 1 251 00 e0 4c 88 ad bc dst 172 16 1 110 00 00 00 00 00 00 flag 0x0 pkt type 1 intf Vlan100 Jan 01 01 05 53 2006 IP ARP rcvd type REQUEST src 172 16 1 251 00 e0 4c 88 ad bc dst 172 16 1 110 00 00 00 00 00 00 flag 0x0 pkt type 1 intf Vlan100 e Jan 01 01 05 53 2006 I...

Page 421: ... 51 38 Vlan50 Ethernet1 11 Dynamic 50 1 1 9 00 00 00 00 00 09 Vlan50 Ethernet1 1 Static 150 1 1 2 00 00 58 fc 48 9f Vlan150 Ethernet1 4 Dynamic Displayed information Explanation Total arp items Total number of ARP entries Valid ARP entry number matching the filter conditions and attributing the legality states Matched ARP entry number matching the filter conditions Verifying ARP entry number at ve...

Page 422: ...For box switches this command will only show statistics of APP messages received and sent from the current boardcard Command mode Admin and Config Mode Usage Guide Display statistics information of received and sent APP messages Example Switch show arp traffic ARP statistics Rcvd 10 request 5 response Sent 5 request 10 response ...

Page 423: ...h the first three letters of the month such as Jan year specifies the year of valid start ranging between 1993 2035 end time specifies the due of the time period of which the form should be end time hh mm ss month day year hh mm ss day month year hh mm ss specify the concrete valid time of accept lifetime in hours minutes and second day specifies the date of valid ranging between 1 31 month specif...

Page 424: ...routes which match the destination address from the RIP route table specifies the IP address prefix and its length of the destination address kernel delete kernel routes from the RIP route table static delete static routes from the RIP route table connected delete direct routes from the RIP route table rip only delete RIP routes from the RIP route table ospf only delete OSPF routes from the RIP ro...

Page 425: ...essages The no debug rip events nsm packet recv send detail all command close corresponding debugging switch Parameter events shows the debugging messages of RIP events nsm shows the communication messages between RIP and NSM packet shows the debugging messages of RIP data packets recv shows the messages of the received data packets send shows the messages of the sent data packets detail shows the...

Page 426: ...gging messages Default Close the debug by default Command Mode Admin Mode Example Switch debug rip redistribute message send Switch no debug rip redistribute message send 24 5 debug rip redistribute route receive Command debug rip redistribute route receive no debug rip redistribute route receive Function To enable debugging of received messages from NSM for RIP The no form of this command will di...

Page 427: ...0 0 0 0 to be redistributed into the RIP The no default information originate disable this function Default Disabled Command Mode Router mode Example Switch config terminal Switch config router rip Switch config router default information originate 24 7 default metric Command default metric value no default metric Function Set the default metric value of the introduced route The no default metric ...

Page 428: ...e adopted if no specific route metric value is set Example Set the default route metric value to 3 for introducing routes from other routing protocols into the RIP routes Switch config router default metric 3 Relevant Commands Redistribute 24 8 distance Command distance number A B C D M access list name access list number no distance A B C D M Function Set the managing distance with this command T...

Page 429: ...list number access list name prefix prefix list name in out ifname no distribute list access list number access list name prefix prefix list name in out ifname Function This command uses access list or prefix list to filter the route update packets sent and received The no distribute list access list number access list name prefix prefix list name in out ifname command cancels this route filter fu...

Page 430: ...he no form of this command will delete this configuration Parameter A B C D M IPv4 address and mask length Command Mode Router Mode or Interface Configuration Mode Default Disabled Usage Guide If to configure aggregation route under router mode RIP protocol must be enabled If configured under interface configuration mode RIP protocol may not be enabled but the aggregation router can operation afte...

Page 431: ...ode Usage Guide If the authentication is only configured without configuring the key chain or password used by the interface the authentication does no effect If mode has not been configured prior to configuring this command the mode will be set to plaintext authentication The no ip rip authentication key command will cancel the authentication which only cancels the authentication process when sen...

Page 432: ...authentication and data packet authentication i e MD5 authentication This command should be used associating the ip rip authentication key or ip rip authentication string Independently configuration will not lead to authentication process Example Switch config terminal Switch config interface vlan 1 Switch Config if Vlan1 ip rip authentication mode md5 Related Command ip rip authentication key cha...

Page 433: ...will cancel the authentication which only cancels the authentication process when sending or receiving data packet other than set non authentication mode Input ip rip authentication string aaa aaa to set the password as aaa aaa which is 7 characters Example Switch config terminal Switch config interface vlan 1 Switch Config if Vlan1 ip rip authentication string guest Related Command ip rip authent...

Page 434: ...Switch config terminal Switch config interface vlan 1 Switch Config if Vlan1 ip rip authentication cisco compatible Related Command ip rip authentication mode 24 15 ip rip receive packet Command ip rip receive packet no ip rip receive packet Function Set the interface to be able to receivable RIP packets the no ip rip receive packet command set the interface to be unable to receivable RIP packets ...

Page 435: ... interface receives The default version is 2 the no ip rip receive version command restores the value set by using the version command Parameter 1 and 2 respectively stands for RIP version 1 and RIP version 2 1 2 stands for the RIP versions 1 2 Default Version 2 Command Mode Interface Configuration Mode Example Switch config terminal Switch config interface vlan 1 Switch Config if Vlan1 ip rip rec...

Page 436: ...onfig terminal Switch config interface vlan 1 Switch Config if Vlan1 ip rip send packet Related Command ip rip receive packet 24 18 ip rip send version Command ip rip send version 1 2 1 compatible 1 2 no ip rip send version Function Set the version information of the RIP packets the interface receives The default version is 2 the no ip rip send version command restores the value set by using the v...

Page 437: ...lit horizon Function Enable split horizon The no ip rip split horizon disables the split horizon Parameter poisoned means configure the split horizon with poison reverse Default Split Horizon with poison reverse by default Command Mode Interface Configuration Mode Usage Guide The split horizon is for preventing the Routing Loops namely preventing the layer 3 switches from broadcasting the routes w...

Page 438: ...no key keyid command deletes one key Parameter keyid is key ID ranging between 0 2147483647 Command Mode Keychain mode and keychain key mode Usage Guide The command permits entering the keychain key mode and set the passwords corresponding to the keys Example Switch config terminal Switch config key chain mychain Switch config keychain key 1 Switch config keychain key Relevant Commands key chain k...

Page 439: ...hain is the name string of the keychain the length of which is not specifically limited Command Mode Global Mode Example Switch config terminal Switch config key chain mychain Switch config keychain Relevant Commands key key string accept lifetime send lifetime 24 22 key string Command key string text no key string text Function Configure a password corresponding to a key The no key string text co...

Page 440: ...fig keychain key 1 Switch config keychain key key string prime Related Command key key chain accept lifetime send lifetime 24 23 maximum prefix Command maximum prefix maximum prefix threshold no maximum prefix Function Configure the maximum number of RIP routes in the route table The no maximum prefix command cancels the limit Parameter maximum prefix the maximum number of RIP route ranging betwee...

Page 441: ...ix 150 24 24 neighbor Command neighbor A B C D no neighbor A B C D Function Specify the destination address requires targeted peer sending The no neighbor A B C D command cancels the specified address and restores all gateways to trustable Parameter A B C D is the specified destination address for the sending shown in dotted decimal notation Default Not sending to any targeted peer destination add...

Page 442: ...ce Default Not running RIP protocol Command Mode Router mode and address family mode Usage Guide Use this command to configure the network for sending or receiving RIP update packets If the network is not configured all interfaces of the network will not be able to send or receive data packets Example Switch config terminal Switch config router rip Switch config router network 10 0 0 0 8 Switch co...

Page 443: ... or name to be applied number is the added offset value ranging between 0 16 ifname is the specific interface name Default Default offset value is the metric value defined by the system Command Mode Router mode and address family mode Example Switch config terminal Switch config router rip Switch config router offset list 1 in 5 vlan 1 Related Command access list 24 27 passive interface Command pa...

Page 444: ...ssive interface vlan 1 Related Command show ip rip 24 28 recv buffer size Command recv buffer size size no recv buffer size Function This command configures the size of UDP receiving buffer zone of RIP the no recv buffer size command restores the system default Parameter size is the buffer zone size in bytes ranging between 8192 2147483647 Default 8192 bytes Command Mode Router mode ...

Page 445: ... from direct routes static introduce from static routes ospf introduce from OSPF routes process id is OSPF process ID if there is no parameter that means the process by default range between 1 to 65535 isis introduce from ISIS routes bgp introduce from BGP routes value is the metric value assigned to the introduced route ranging between 0 to 16 word is the probe pointing to the route map for intro...

Page 446: ...D M command deletes this route Parameter Specifies this destination IP address prefix and its length Command Mode Router mode Usage Guide The command add a static RIP route and is mainly used for debugging Routes configured by this command will not appear in kernel route table but in the RIP route database Example Switch config terminal Switch config router rip Switch config router route 1 0 0 0 8...

Page 447: ...2 send lifetime Command send lifetime start time end time duration seconds infinite no send lifetime Function Use this command to specify a key on the keychain as the time period of sending keys The no send lifetime cancels this configuration Parameter start time parameter specifies the starting time of the time period which is start time hh mm ss month day year hh mm ss day month year hh mm ss Sp...

Page 448: ...ranging between 1993 2035 seconds is the valid period of the key in seconding and ranging between 1 2147483646 Default No default configuration Command Mode Keychain key mode Example The example below shows the send lifetime configuration on the keychain named mychain for key 1 Switch config terminal Switch config key chain mychain Switch config keychain key 1 Switch config keychain key send lifet...

Page 449: ...ng Protocol is rip Sending updates every 30 seconds with 50 next due in 8 seconds Timeout after 180 seconds garbage collect after 120 seconds Outgoing update filter list for all interface is not set Incoming update filter list for all interface is not set Default redistribution metric is 1 Redistributing static Default version control send version 2 receive version 2 Interface Send Recv Key chain ...

Page 450: ...ault redistribution metric is 1 Redistributing static Redistributing the static route into the RIP route Default version control send version 2 receive version 2 Interface Send Recv Key chain Ethernet0 0 8 2 2 The configuration of interface receiving and sending packets Receive version is 2 keychain 1 not configured Routing for Networks Vlan1 Vlan2 The segment running RIP is the Vlan 1 and Vlan 2 ...

Page 451: ...tion network address 12 1 1 0 the network prefix length as 24 next hop address at 20 1 1 1 It is learnt from the Ethernet port E1 8 with a metric value of 2 and still has 2 minutes 51 seconds before time out 24 36 show ip rip database Command show ip rip database Function Show the routes in the RIP route database Command Mode Admin mode Example Switch show ip rip database Codes R RIP K Kernel C Co...

Page 452: ... Example Switch show ip rip interface vlan 1 Vlan1 is up line protocol is up Routing Protocol RIP Receive RIP packets Send RIP packets Passive interface Disabled Split horizon Enabled with Poisoned Reversed IP interface address 10 1 1 1 24 24 38 show ip rip aggregate Command show ip rip aggregate Function To display the information of IPv4 aggregation route Command Mode Admin and Configuration Mod...

Page 453: ...ic Count Suppress 192 168 0 0 16 Vlan1 1 2 0 192 168 4 0 22 1 2 0 192 168 4 0 24 1 1 1 Vlan1 1 1 1 Displayed information Explanation Network Route prefix and prefix length Aggregated Ifname To configure the interface name of the aggregation route If the route aggregated globally then display Metric Metric of aggregation route Count The number of learned aggregation route Suppress The times of aggr...

Page 454: ...ulted at120 Command Mode Router mode Usage Guide The system is defaulted broadcasting RIPng update packets every 30 seconds and the route is considered invalid after 180 seconds but still exists for another 120 seconds before it is deleted from the routing table Example Set the RIP update time to 20 seconds and the timeout period to 80 second the garbage collecting time to 60 seconds Switch Config...

Page 455: ...yer 3 switch only sends receives the RIP I data packets 2 refers to that each interface of the layer 3 switch only sends receives the RIP II data packets The RIP II data packet is the default version Example Configure the version of all RIP data packets sent received by router interfaces to version 2 Switch config router version 2 Related Command ip rip receive version ip rip send version ...

Page 456: ...tion Command Mode OSPF protocol mode Usage Guide Set the authentication mode to plaintext authentication or MD5 authentication The authentication mode is also configurable under interface mode of which the priority is higher than those in the area It is required to use ip ospf authentication key to set the password while no authentication mode configured at the interface and the area is plaintext ...

Page 457: ...anges between 0 16777215 Default Default OSPF cost is 1 Command Mode OSPF protocol mode Usage Guide The command is only adaptive to the ABR router connected to the stub area or NSSA area Example Set the default cost of area 1 to 10 Switch config router area 1 default cost 10 25 3 area filter list Command area id filter list access prefix in out no area id filter list access prefix in out Function ...

Page 458: ... a filter on the area 1 Switch config access list 1 deny 172 22 0 0 0 0 0 255 Switch config access list 1 permit any Switch config router ospf 100 Switch config router area 1 filter list access 1 in 25 4 area nssa Command area id nssa TRANSLATOR no redistribution DEFAULT ORIGINATE no summary no area id nssa TRANSLATOR no redistribution DEFAULT ORIGINATE no summary Function Set the area to Not So S...

Page 459: ...mmary shows not injecting area route to the NSSA Default No NSSA area defined by default Command Mode OSPF protocol mode Usage Guide The same area can not be both NSSA and stub at the same time Example Set area 3 to NSSA Switch config terminal Switch config router ospf 100 Switch config router area 0 0 0 51 nssa Switch config router area 3 nssa default information originate metric 34 metric type 2...

Page 460: ...utes inside an area If the network IDs in this area are not configured continuously a summary route can be advertised by configuring this command on ABR This route consists of all single networks belong to specific range Example Switch config terminal Switch config router ospf 100 Switch config router area 1 range 192 16 0 0 24 25 6 area stub Command area id stub no summary no area id stub no summ...

Page 461: ...lt cost 25 7 area virtual link Command area id virtual link A B C D AUTHENTICATION AUTH_KEY INTERVAL no area id virtual link A B C D AUTHENTICATION AUTH_KEY INTERVAL Function Configure a logical link between two backbone areas physically divided by non backbone area The no area id virtual link A B C D AUTHENTICATION AUTH_KEY INTERVAL command removes this virtual link Parameter id is the area numbe...

Page 462: ...ault is 5 seconds transmit delay The time delay before a router sending a group messages default is 1 second Command Mode OSPF protocol mode Usage Guide In the OSPF all non backbone areas will be connected to a backbone area If the connection to the backbone area is lost virtual link will repair this connection You can configure virtual link between any two backbone area routers connected with the...

Page 463: ...cquired by divide the interface bandwidth with reference bandwidth This command is mainly for differentiate high bandwidth links If several high bandwidth links exist their cost can be assorted by configuring a larger reference bandwidth value Example Switch config terminal Switch config router ospf 100 Switch config router auto cost reference bandwidth 50 Relative Command ip ospf cost 25 9 compat...

Page 464: ...ocess id process Function Use this command to clear and restart OSPF routing processes One certain OSPF process will be cleared by specifying the process ID or else all OSPF processes will be cleared Default No default configuration Command Mode Admin mode Example Switch clear ip ospf process 25 11 debug ospf events Command debug ospf events abr asbr lsa nssa os router vlink no debug ospf events a...

Page 465: ... and global mode Example Switch debug ospf events router 25 12 debug ospf ifsm Command debug ospf ifsm status events timers no debug ospf ifsm status events timers Function Open debugging switches showing the OSPF interface states the no debug ospf ifsm status events timers command closes this debugging switches Default Closed Command Mode Admin mode and global mode Example Switch debug ospf ifsm ...

Page 466: ...esh closes the debugging switches Default Closed Command Mode Admin mode and global mode Example Switch debug ospf lsa generate 25 14 debug ospf nfsm Command debug ospf nfsm status events timers no debug ospf nfsm status events timers Function Open debugging switches showing OSPF neighbor state machine the no debug ospf nfsm status events timers command closes this debugging switch Default Closed ...

Page 467: ...n mode and global mode Example Switch debug ospf nsm interface 25 16 debug ospf packet Command debug ospf packet dd detail hello ls ack ls request ls update recv detail no debug ospf packet dd detail hello ls ack ls request ls update recv detail Function Open debugging switches showing OSPF packet messages the no debug ospf packet dd detail hello ls ack ls request ls update recv detail command clo...

Page 468: ...gging switch Default Closed Command Mode Admin mode and global mode Example Switch debug ospf route spf 25 18 debug ospf redistribute message send Command debug ospf redistribute message send no debug ospf redistribute message send Function To enable debugging of sending command from OSPF process redistributed to other OSPF process routing The no form of command disables debugging of sending comma...

Page 469: ...bute route receive Command debug ospf redistribute route receive no debug ospf redistribute route receive Function To enable disable debugging switch of received routing message from NSM for OSPF process Parameter None Default Disabled Command Mode Admin Mode Usage Guide None Example To enable debugging switch of received routing message from NSM for OSPF process Switch debug ospf redistribute rou...

Page 470: ...0 16777214 default metric value is 0 METRICTYPE metric type 1 2 set the OSPF external link type of default route 1 Set the OSPF external type 1 metric value 2 Set the OSPF external type 2 metric value ROUTEMAP route map WORD WORD specifies the route map name to be applied Default Default metric value is 10 default OSPF external link type is 2 Command Mode OSPF protocol mode Usage Guide When introd...

Page 471: ...not compatible the route introducing still goes through If the metric value can not be translated the default value provides alternative option to carry the route introducing on This command will result in that all introduced route will use the same metric value This command should be used associating redistribute Example Switch config terminal Switch config router ospf 100 Switch config router de...

Page 472: ...anging between 1 255 Default Default distance value is 110 Command Mode OSPF protocol mode Usage Guide Manage distance shows the reliability of the routing message source The distance value may range between 1 255 The larger the manage distance value is the lower is its reliability Example Switch config terminal Switch config router ospf 100 Switch config router distance ospf inter area 20 intra a...

Page 473: ...advertisement based on the access list list 1 of the BGP route Switch config terminal Switch config access list l1 permit 172 10 0 0 0 0 255 255 Switch config router ospf 100 Switch config router distribute list 1 out bgp Switch config router redistribute bgp 25 24 filter policy Command filter policy access list name no filter policy Function Use access list to filter the route obtained by OSPF th...

Page 474: ...6 segment Switch config terminal Switch config access list 1 permit 172 10 0 0 0 0 255 255 Switch config router ospf Switch config router filter policy 1 25 25 host area Command host host address area area id cost cost no host host address area area id cost cost Function Use this command to set a stub host entire belongs to certain area The no host host address area area id cost cost command cance...

Page 475: ...spf ip address authentication message digest null no ip ospf ip address authentication Function Specify the authentication mode required in sending and receiving OSPF packets on the interfaces the no ip ospf ip address authentication command cancels the authentication Parameter ip address is the interface IP address shown in dotted decimal notation message digest Use MD5 authentication null no aut...

Page 476: ...e the no ip ospf ip address authentication cancels the authentication key Parameter ip address is the interface IP address shown in dotted decimal notation LINE specifies the key required in the plaintext authentication Default Authentication not required in receiving OSPF packets on the interface Command Mode Interface Configuration Mode Example Switch config terminal Switch config interface vlan...

Page 477: ...bandwidth Command Mode Interface Configuration Mode Example Switch config terminal Switch config interface vlan 1 Switch Config if Vlan1 ip ospf cost 3 25 29 ip ospf database filter Command ip ospf ip address database filter all out no ip ospf ip address database filter Function The command opens LSA database filter switch on specific interface the no ip ospf ip address database filter command clo...

Page 478: ...al length of the neighboring layer 3 switches shown in seconds and ranging between 1 65535 Default The default dead interval is 40 seconds normally 4 times of the hello interval Command Mode Interface Configuration Mode Usage Guide If no Hello data packet received after the dead interval period then this layer 3 switch is considered inaccessible and invalid This command modifies the dead interval ...

Page 479: ...ace Configuration Mode Usage Guide This command resets the network area command and stops group process on specific interface Example Switch config terminal Switch config interface vlan 1 Switch Config if Vlan1 ip ospf disable all 25 32 ip ospf hello interval Command ip ospf ip address hello interval time no ip ospf ip address hello interval Function Specify the hello interval on the interface the...

Page 480: ...mitted The less the hello interval value is the sooner the network topological structure is discovered as well larger the cost The ensure the normal operation of OSPF protocol the hello interval parameter between the layer 3 switches adjacent to the interface must be in accordance Example Switch config terminal Switch config interface vlan 1 Switch Config if Vlan1 ip ospf hello interval 20 Relevan...

Page 481: ...acent relationship will not be created The last configuration of this command will overwrite the previous one to prevent the system from communicating with the former key id Example Switch config terminal Switch config interface vlan 1 Switch Config if Vlan1 ip ospf message digest key 2 MD5 yourpassword 25 34 ip ospf mtu Command ip ospf mtu mtu no ip ospf mtu Function Specify the mtu value of the ...

Page 482: ...nd ip ospf ip address mtu ignore no ip ospf ip address mtu ignore Function Use this command so that the mtu size is not checked when switching DD the no ip ospf ip address mtu ignore will ensure the mtu size check when performing DD switch Parameter ip address is the interface IP address show in dotted decimal notation Default Check mtu size in DD switch Command Mode Interface Configuration Mode E...

Page 483: ...t point to multipoint Set the OSPF network type to point to multipoint Default The default OSPF network type is broadcast Command Mode Interface Configuration Mode Example The configuration below set the OSPF network type of the interface vlan 1 to point to point Switch config terminal Switch config interface vlan 1 Switch Config if Vlan1 ip ospf network point to point 25 37 ip ospf priority Comma...

Page 484: ...witch or Backup Defined layer 3 switch Example Configure the priority of DR electing Configure the interface vlan 1 to no election right namely set the priority to 0 Switch config terminal Switch config interface vlan 1 Switch Config if Vlan1 ip ospf priority 0 25 38 ip ospf retransmit interval Command ip ospf ip address retransmit interval time no ip ospf ip address retransmit interval Function S...

Page 485: ... to 10 seconds Switch config terminal Switch config interface vlan 1 Switch Config if Vlan1 ip ospf retransmit interval 10 25 39 ip ospf transmit delay Command ip ospf ip address transmit delay time no ip ospf ip address transmit delay Function Set the transmit delay value of LSA transmitting the no ip ospf ip address transmit delay restores the default value Parameter ip address is the interface ...

Page 486: ...ay 3 25 40 key Command key keyid no key keyid Function This command is for managing and adding keys in the key chain The no key keyid command deletes one key Parameter keyid is key ID ranging between 0 2147483647 Command Mode keychain Mode and keychain key Mode Usage Guide The command permits entering the keychain key mode and set the passwords corresponding to the keys Example Switch config termi...

Page 487: ...imited Command Mode Global Mode and Keychain Mode Example Switch config terminal Switch config key chain mychain Switch config keychain 25 42 log adjacency changes detail Command log adjacency changes detail no log adjacency changes detail Function Configure to keep a log for OSPF adjacency changes or not Default Don t l keep a log for OSPF adjacency changes by default Command Mode OSPF Protocol C...

Page 488: ... in the OSPF process the no max concurrent dd command restores the default Parameter value ranges between 1 65535 which is the capacity of processing the concurrent dd data packet Default Not set no concurrent dd limit Command Mode OSPF protocol mode Usage Guide Specify the max concurrent number of dd in the OSPF process Example Set the max concurrent dd to 20 Switch config terminal Switch config ...

Page 489: ...e before neighbor relationship come into shape ranging between 1 65535 Default No default configuration Command Mode OSPF protocol mode Usage Guide Use this command on NBMA network to configure neighbor manually Every known non broadcasting neighbor router should be configured with a neighbor entry The configured neighbor address should be the main address of the interface The poll interval should...

Page 490: ...cal system if shown in decimal integer it ranges between 0 4294967295 Default No default Command Mode OSPF protocol mode Usage Guide When certain segment belongs to certain area interface the segment belongs will be in this area starting hello and database interaction with the connected neighbor Example Switch config terminal Switch config router ospf 100 Switch config router network 10 1 1 0 24 a...

Page 491: ...alizing method and is especially useful in the multiple host environment Example Configure abr as standard Switch config terminal Switch config router ospf 100 Switch config router ospf abr type standard 25 47 ospf router id Command ospf router id address no ospf router id Function Specify a router ID for the OSPF process The no ospf router id command cancels the ID number Parameter address IPv4 a...

Page 492: ... command is for configuring the max LSA number The no overflow database command cancels the limit Default Not configured Parameter maxdbsize Max LSA numbers ranging between 0 4294967294 soft Soft limit warns when border exceeded hard Hard limit directly close ospf instance when border exceeded If there is not soft or hard configured the configuration is taken as hard limit Command Mode OSPF Protoc...

Page 493: ...defaulted at 4294967294 maxtime the seconds the router has to wait before exiting the database overflow ranging between 0 65535 Command Mode OSPF protocol mode Example Switch config terminal Switch config router ospf Switch config router overflow database external 5 3 25 50 passive interface Command passive interface ifname ip address no passive interface ifname ip address Function Configure that ...

Page 494: ...other routing protocols into OSPF Parameter kernel introduce from kernel route connected introduce from direct route static introduce from static route rip introduce from the RIP route isis introduce from ISIS route bgp introduce from BGP route metric value is the introduced metric value ranging between 0 16777214 metric type 1 2 is the metric value type of the introduced external route which can ...

Page 495: ...istribution of process ID routing to this process When input the optional parameters of metric metric type and routermap then restores default configuration Parameter process id is OSPF process ID 0 by default metric value is the metric for redistributed routing range between 0 to 16777214 metric type 1 2 is the metric type for redistributed routing only can be 1 or 2 and 2 by default route map wo...

Page 496: ...process_id specifies the ID of the OSPF process to be created the ranging from 1 to 65535 vrf name specifies the name of VPN routing forward instance Command Mode Global mode Usage Guide Before using this command using ip vrf command creates one VPN routing forward instance at first VPN routing forward instance is relating with OSPF instance by this command Example Switch config terminal Switch co...

Page 497: ...f external LSA 0 Checksum Sum 0x000000 Number of opaque AS LSA 0 Checksum Sum 0x000000 Number of non default external LSA 0 External LSA database is unlimited Number of LSA originated 0 Number of LSA received 0 Number of areas attached to this router 1 Area 0 BACKBONE Inactive Number of interfaces in this area is 0 0 Number of fully adjacent neighbors in this area is 0 Area has message digest auth...

Page 498: ...tached to this router 1 Area 0 BACKBONE Inactive Number of interfaces in this area is 0 0 Number of fully adjacent neighbors in this area is 0 Area has no authentication SPF algorithm executed 0 times Number of LSA 0 Checksum Sum 0x000000 25 55 show ip ospf border routers Command show ip ospf process id border routers Function Display the intra domain route entries for the switch to reach ABR and ...

Page 499: ...er advertiser_router opaque area linkstate_id self originate adv router advertiser_router opaque as linkstate_id self originate adv router advertiser_router opaque link linkstate_id self originate adv router advertiser_router router linkstate_id self originate adv router advertiser_router summary linkstate_id self originate adv router advertiser_router self originate max age Function Display the O...

Page 500: ...um Route 6 1 0 0 192 168 1 2 68 0x8000002b 0x5757 6 1 0 0 22 6 1 1 0 192 168 1 2 879 0x8000002a 0xf8bc 6 1 1 0 24 22 1 1 0 192 168 1 2 308 0x8000000c 0xc8f0 22 1 1 0 24 ASBR Summary Link States Area 0 0 0 2 Link ID ADV Router Age Seq CkSum 192 168 1 1 192 168 1 2 1702 0x8000002a 0x89c7 AS External Link States Link ID ADV Router Age Seq CkSum Route 2 2 2 0 192 168 1 1 1499 0x80000056 0x3a63 E2 2 2 ...

Page 501: ...Delay is 5 sec State Waiting Priority 1 No designated router on this network No backup designated router on this network Timer intervals configured Hello 35 Dead 35 Wait 35 Retransmit 5 Hello due in 00 00 16 Neighbor Count is 0 Adjacent neighbor count is 0 25 58 show ip ospf neighbor Command show ip ospf process id neighbor neighbor_id all detail all interface ifaddress Function Display the OSPF a...

Page 502: ...ad Time Address Interface 192 168 1 1 1 Full Backup 00 00 32 6 1 1 1 Vlan1 192 168 1 3 1 Full DR 00 00 36 20 1 1 3 Vlan2 192 168 1 3 1 Full 00 00 30 20 1 1 3 VLINK2 Displayed information Explanation Neighbor ID ID Neighbor ID Priority Priority State Neighbor relation state Dead time Neighbor dead time Address Interface Address Interface Interface name 25 59 show ip ospf redistribute Command show i...

Page 503: ...rocess 3 bgp ospf process 2 redistribute information ospf process 1 bgp ospf process 3 redistribute information ospf process 1 bgp Switch show ip ospf 2 redistribute ospf process 2 redistribute information ospf process 1 bgp 25 60 show ip ospf route Command show ip ospf process id route Function Display the OSPF routing table messages Parameter process id is the process ID ranging between 0 65535 ...

Page 504: ... 1 2 Vlan1 Area 0 0 0 0 O 13 1 1 0 24 10 is directly connected Vlan4 Area 0 0 0 3 O 14 1 1 0 24 10 is directly connected Vlan5 Area 0 0 0 4 IA 15 1 1 0 24 20 via 13 1 1 2 Vlan4 Area 0 0 0 3 IA 15 1 1 2 32 20 via 13 1 1 2 Vlan4 Area 0 0 0 3 E1 100 1 0 0 16 21 via 10 1 1 1 Vlan1 E1 100 2 0 0 16 21 via 10 1 1 1 Vlan1 25 61 show ip ospf virtual links Command show ip ospf process id virtual links Funct...

Page 505: ... 1 via interface Vlan1 Transmit Delay is 1 sec State Down Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in inactive Adjacency state Down 25 62 show ip route process detail Command show ip route database process detail Function Display the IP routing table with specific process ID or Tag Parameters The parameter of database means displaying all the routers no parameter ...

Page 506: ...ed Vlan2 00 06 13 process 12 C 192 168 2 0 24 is directly connected Vlan2 25 63 show ip protocols Command show ip protocols Function Display the running routing protocol messages Command Mode Admin and configuration mode Example Switch show ip protocols Use show ip protocols command will show the messages of the routing protocol running on current layer 3 switch For example the displayed messages ...

Page 507: ...lue Function Summarize or restrain external route with specific address scope Parameter A B C D M address scope shown in dotted decimal notation IPv4 address plus mask length not advertised restrain the external routes tag tag value is the identification label of the external routes which ranges between 0 4294967295 and is defaulted at 0 Command Mode OSPF protocol mode Usage Guide When routes are ...

Page 508: ...imer The no timers spf command restores relevant values to default Parameter spf delay 5 seconds by default spf holdtime 10 seconds by default Command Mode OSPF protocol mode Usage Guide This command configures the delay time between receiving topology change and SPF calculation further configured the hold item between two discontinuous SPF calculation Example Switch config terminal Switch config ...

Page 509: ...en remotely managing a switch with a method like telnet users should set the uplink port as a Super Trust port before enabling anti ARP scan function preventing the port from being shutdown because of receiving too many ARP messages After the anti ARP scan function is disabled this port will be reset to its default attribute that is distrusted port Example Enable the ARP scanning prevention functi...

Page 510: ...eshold of IP based ARP scanning prevention or the IP based ARP scanning prevention will fail Example Set the threshold of port based ARP scanning prevention as 10 packets second Switch config anti arpscan port based threshold 10 26 3 anti arpscan ip based threshold Command anti arpscan ip based threshold threshold value no anti arpscan ip based threshold Function Set the threshold of received mess...

Page 511: ...can trust port supertrust port Function Configure a port as a trusted port or a super trusted port no anti arpscan trust port supertrust port command will reset the port as an distrusted port Parameters None Default Settings By default all the ports are non trustful Command Mode Port configuration mode User Guide If a port is configured as a trusted port then the ARP scanning prevention function w...

Page 512: ...net4 5 anti arpscan trust port 26 5 anti arpscan trust ip Command anti arpscan trust ip ip address netmask no anti arpscan trust ip ip address netmask Function Configure trusted IP no anti arpscan trust ip ip address netmask command reset the IP to non trustful IP Parameters ip address Configure trusted IP address netmask Net mask of the IP Default Settings By default all the IP are non trustful D...

Page 513: ...nd will disable the function Parameters None Default Settings Enable the automatic recovery function Command Mode Global configuration mode User Guide If the users want the normal state to be recovered after a while the port is closed or the IP is disabled they can configure this function Example Enable the automatic recovery function of the switch Switch config anti arpscan recovery enable 26 7 a...

Page 514: ...r Guide Automatic recovery function should be enabled first Example Set the automatic recovery time as 3600 seconds Switch config anti arpscan recovery time 3600 26 8 anti arpscan log enable Command anti arpscan log enable no anti arpscan log enable Function Enable ARP scanning prevention log function no anti arpscan log enable command will disable this function Parameters None Default Settings En...

Page 515: ...le no anti arpscan trap enable Function Enable ARP scanning prevention SNMP Trap function no anti arpscan trap enable command disable ARP scanning prevention SNMP Trap function Parameters None Default Settings Disable ARP scanning prevention SNMP Trap function Command Mode Global configuration mode User Guide After enabling ARP scanning prevention SNMP Trap function users will receive Trap message...

Page 516: ...dmin Mode User Guide Use show anti arpscan trust port if users only want to check trusted ports The reset follow the same rule Example Check the operating state of ARP scanning prevention function after enabling it Switch config show anti arpscan Total port 28 Name Port property beShut shutTime seconds Ethernet1 1 untrust N 0 Ethernet1 2 untrust N 0 Ethernet1 3 untrust N 0 Ethernet1 4 untrust N 0 ...

Page 517: ...ntrust N 0 Ethernet4 14 untrust N 0 Ethernet4 15 untrust N 0 Ethernet4 16 untrust N 0 Ethernet4 17 untrust N 0 Ethernet4 18 untrust N 0 Ethernet4 19 untrust N 0 Ethernet4 20 untrust N 0 Ethernet4 21 untrust N 0 Ethernet4 22 untrust N 0 Ethernet4 23 untrust N 0 Ethernet4 24 untrust N 0 Prohibited IP IP shutTime seconds 1 1 1 2 132 Trust IP 192 168 99 5 255 255 255 255 192 168 99 6 255 255 255 255 2...

Page 518: ...ode Admin Mode User Guide After enabling debug switch of ARP scanning prevention users can check corresponding debug information or enable the port based or IP based debug switch separately whenever a port is closed by ARP scanning prevention or recovered automatically and whenever IP t is closed or recovered Example Enable the debug function for ARP scanning prevention of the switch Switch config...

Page 519: ...de Global Mode Interface configuration User Guide Forbid ARP table automatic update the ARP packets conflicting with current ARP item e g with same IP but different MAC or port will be dropped the others will be received to update aging timer or create a new item so the current ARP item keep unchanged and the new item can still be learned Example Switch Config if Vlan1 ip arp security updateprotec...

Page 520: ...g the automatic learning and updating of ARP Unlike ip arp security updateprotect once this command implemented there will still be timeout even if the switch keeps sending Request Reply messages Example Switch Config if Vlan1 ip arp security learnprotect Switch config ip arp security learnprotect 27 3 ip arp security convert Command ip arp security convert Function Change all of dynamic ARP to st...

Page 521: ...t Switch config ip arp security convert 27 4 clear ip arp dynamic Command clear ip arp dynamic Function Clear all of dynamic ARP on interface Parameter None Command Mode Interface Configuration Usage Guide This command will clear dynamic entries before binding ARP Once implemented this command will lose its effect Example Switch Config if Vlan1 clear ip arp dynamic 27 5 clear ipv6 nd dynamic Comma...

Page 522: ... None Command mode Interface Configuration Usage Guide This command will clear dynamic entries before binding ND Once implemented this command will lose its effect Example Switch Config if Vlan1 clear ipv6 nd dynamic ...

Page 523: ... ARP GUARD will be filtered If the source IP addresses of the ARP messagse match the ARP GUARD address configured on this port these messages will be judged as ARP cheating messages which will be directly dropped instead of sending to the CPU of the switch or forwarding 16 ARP GUARD addresses can be configured on each port Example Configure the ARP GUARD address on port ethernet1 1 as 100 1 1 1 sw...

Page 524: ...iguring gratuitous ARP in global configuration mode all the Layer 3 interfaces in the switch will be enabled to send gratuitous ARP request If gratuitous ARP is configured in interface configuration mode then only the specified interface is able to send gratuitous ARP requests When configuring the gratuitous ARP the update interval configuration from interface configuration mode has higher prefere...

Page 525: ...mand show ip gratuitous arp interface vlan vlan id will display information about the gratuitous ARP configuration about the specified VLAN interface Example 1 To display information about gratuitous ARP configuration in both global and interface configuration modes Switch show ip gratuitous arp Gratuitous ARP send is Global enabled Interval Time is 300 s Gratuitous ARP send enabled interface vlan...

Page 526: ...age Guide Specify the name of the file to be imported for the client This is usually used for diskless workstations that need to download a configuration file from the server on boot up This command is together with the next sever Example The path and filename for the file to be imported is c temp nos img Switch dhcp 1 config bootfile c temp nos img Related Command next server 30 1 2 clear ip dhcp...

Page 527: ...rdware address binding manually if all is specified then all auto binding records will be deleted thus all addresses in the DHCP address pool will be reallocated Example Removing all IP hardware address binding records Switch clear ip dhcp binding all Related Command show ip dhcp binding 30 1 3 clear ip dhcp conflict Command clear ip dhcp conflict address all Function Deletes an address present in...

Page 528: ...nflict logging show ip dhcp conflict 30 1 4 clear ip dhcp server statistics Command clear ip dhcp server statistics Function Deletes the statistics for DHCP server clears the DHCP server count Parameters None Command mode Admin Mode Usage Guide DHCP count statistics can be viewed with show ip dhcp server statistics command all information is accumulated You can use the clear ip dhcp server statist...

Page 529: ...f the requesting client identifier matches the specified identifier DHCP server assigns the IP address defined in host command to the client Example Specifying the IP address 10 1 128 160 to be bound to user with the unique id of 00 10 5a 60 af 12 in manual address binding Switch dhcp 1 config client identifier 00 10 5a 60 af 12 Switch dhcp 1 config host 10 1 128 160 24 Related Command host 30 1 6...

Page 530: ...of DHCP relay Command mode Admin Mode Default Disable the debugging 30 1 8 debug ip dhcp server Command debug ip dhcp server events linkage packets no debug ip dhcp server events linkage packets Function Enables DHCP server debug information the no debug ip dhcp server events linkage packets command disables the debug information for DHCP server Default Debug information is disabled by default Com...

Page 531: ...should be in the same subnet as the DHCP client IP the switch supports up to 8 gateway addresses The gateway address assigned first has the highest priority and therefore address1 has the highest priority and address2 has the second and so on Example Configuring the default gateway for DHCP clients to be 10 1 128 2 and 10 1 128 100 Switch dhcp 1 config default router 10 1 128 2 10 1 128 100 30 1 1...

Page 532: ...3 as the DNS server address for DHCP clients Switch dhcp 1 config dns server 10 1 128 3 30 1 11 domain name Command domain name domain no domain name Function Configures the Domain name for DHCP clients the no domain name command deletes the domain name Parameters domain is the domain name up to 255 characters are allowed Command Mode DHCP Address Pool Mode Default None Usage Guide Specifies a dom...

Page 533: ...thernet and 6 for IEEE 802 Default The default protocol type is Ethernet Command Mode DHCP Address Pool Mode Usage Guide This command is used with the host when binding address manually If the requesting client hardware address matches the specified hardware address the DHCP server assigns the IP address defined in host command to the client Example Specify IP address 10 1 128 160 to be bound to t...

Page 534: ...o the IP address class This command is used with hardware address command or client identifier command when binding addresses manually If the identifier or hardware address of the requesting client matches the specified identifier or hardware address the DHCP server assigns the IP address defined in host command to the client Example Specifying IP address 10 1 128 160 to be bound to user with hard...

Page 535: ...ynamically by the DHCP server until the conflicting records are deleted Example Disable logging for DHCP server Switch config no ip dhcp conflict logging Related Command clear ip dhcp conflict 30 1 15 ip dhcp disable Command ip dhcp disbale no ip dhcp disable Function The port disables DHCP services the no command enables DHCP services Parameter None Default Enable Command Mode Port mode Usage Gui...

Page 536: ...Parameters low address is the starting IP address high address is the ending IP address Default Only individual address is excluded by default Command mode Global Mode Usage Guide This command can be used to exclude one or several consecutive addresses in the pool from being assigned dynamically so that those addresses can be used by the administrator for other purposes Example Reserving addresses...

Page 537: ...Mode and enter the DHCP address configuration mode Example Defining an address pool named 1 Switch config ip dhcp pool 1 Switch dhcp 1 config 30 1 18 ip dhcp conflict ping detection enable Command ip dhcp conflict ping detection enable no ip dhcp conflict ping detection enable Function Enable Ping detection of conflict on DHCP server the no operation of this command will disable the function Param...

Page 538: ...ets ip dhcp ping timeout 30 1 19 ip dhcp ping packets Command ip dhcp ping packets request num no ip dhcp ping packets Function Set the max number of Ping request Echo Request message to be sent in Ping detection of conflict on DHCP server whose default value is 2 the no operation of this command will restore the default value Parameters request num is the number of Ping request message to be sent...

Page 539: ... waiting for a reply message after each Ping request message in Ping detection of conflict Default Settings The timeout period is 500ms by default Command Mode Global Configuration Mode Examples Set the timeout period in ms of waiting for each reply message Echo Request in Ping detection of conflict on DHCP server as 600ms Switch config ip dhcp ping time out 600 Related Command ip dhcp conflict pi...

Page 540: ...ity of DHCP while too short duration results in increased network traffic and overhead The default lease duration of switch is 1 day Example Setting the lease of DHCP pool 1 to 3 days 12 hours and 30 minutes Switch dhcp 1 config lease 3 12 30 30 1 22 max lease time Command max lease time days hours minutes infinite no max lease time Function Set the maximum lease time for the addresses in the addr...

Page 541: ...ss pool1 to 3 days 12 hours and 30 minutes Switch dhcp 1 config max lease time 3 12 30 30 1 23 netbios name server Command netbios name server address1 address2 address8 no netbios name server Function Configures WINS servers address the no netbios name server command deletes the WINS server Parameters address1 address8 are IP addresses in decimal format Default No WINS server is configured by def...

Page 542: ...oint node type number is the node type in Hex from 0 to FF Default No client node type is specified by default Command Mode DHCP Address Pool Mode Usage Guide If client node type is to be specified it is recommended to set the client node type to h node that broadcasts after point to point communication Example Setting the node type for client of pool 1 to broadcasting node Switch dhcp 1 config ne...

Page 543: ...ol Mode Usage Guide This command sets the scope of addresses that can be used for dynamic assignment by the DHCP server one address pool can only have one corresponding segment This command is exclusive with the manual address binding command hardware address and host Example Configuring the assignable address in pool 1 to be 10 1 128 0 24 Switch dhcp 1 config network address 10 1 128 0 24 30 1 26...

Page 544: ...ode the no option code command cancels the setting for option Parameters code is the code for network parameters string is the ASCII string up to 255 characters hex is a value in Hex that is no greater than 510 and must be of even length ipaddress is the IP address in decimal format up to 63 IP addresses can be configured Command Mode DHCP Address Pool Mode Default None Usage Guide The switch prov...

Page 545: ...th DHCP server and DHCP relay are included in the DHCP service When DHCP services are enabled both DHCP server and DHCP relay are enabled Switch can only assign IP address for the DHCP clients and enable DHCP relay when DHCP server function is enabled Example Enabling DHCP server Switch config service dhcp 30 1 29 show ip dhcp binding Command show ip dhcp binding ip addr type all manual dynamic co...

Page 546: ...2 3A 5C D3 60 Automatic Displayed information Explanation IP address IP address assigned to a DHCP client Hardware address MAC address of a DHCP client Lease expiration Valid time for the DHCP client to hold the IP address Type Type of assignment manual binding or dynamic assignment 30 1 30 show ip dhcp conflict Command show ip dhcp conflict Function Displays log information for addresses that hav...

Page 547: ...option82 Parameters None Command mode Admin and configuration mode Default None Usage guide None Example Set the admin mode timeout value to 6 minutes Switch show ip dhcp relay information option ip dhcp server relay information option i e option 82 is enabled ip dhcp relay information option i e option 82 is enabled 30 1 32 show ip dhcp server statistics Command show ip dhcp server statistics Fun...

Page 548: ...K 6 DHCPNAK 0 DHCPRELAY 1907 DHCPFORWARD 0 Switch Displayed information Explanation Address pools Number of DHCP address pools configured Database agents Number of database agents Automatic bindings Number of addresses assigned automatically Manual bindings Number of addresses bound manually Conflict bindings Number of conflicting addresses Expired bindings Number of addresses whose leases are exp...

Page 549: ...ets DHCPNAK Number of DHCPNAK packets DHCPRELAY Number of DHCPRELAY packets DHCPFORWARD Number of DHCPFORWARD packets 30 2 Commands for DHCP Relay Configuration 30 2 1 ip dhcp broadcast suppress Command ip dhcp broadcast suppress no ip dhcp broadcast suppress Function Enable DHCP broadcast suppress function the no command disables the function Parameter None Default Disable Command Mode Global mod...

Page 550: ... vlan list Default None Command Mode Global mode Usage Guide share vlan may include many sub vlan but a sub vlan only corresponds to a share vlan When layer 2 device of DHCP Relay receive DHCP Request firstly judge whether VLAN with layer 3 interface for receiving package If there is layer 3 interface in package use the interface to process DHCP Relay or else use layer 3 interface of share vlan to...

Page 551: ...t in the ip helper address command and described later Example Setting DHCP packets to be forwarded to 192 168 1 5 Switch config ip forward protocol udp boots Switch config interface vlan 1 Switch Config if Vlan1 ip helper address 192 168 1 5 30 2 4 ip helper address Command ip helper address ip address no ip helper address ip address Function Specifies the destination address for the DHCP relay t...

Page 552: ...ould be used for configuration 30 2 5 show ip forward protocol Command show ip forward protocol Function Show the configured port ID of the protocol which support the forwarding of broadcast packets it means the port ID for forwarding DHCP packets Command mode Admin and configuration mode Example Switch show ip forward protocol Forward protocol UDP port 67 active 30 2 6 show ip helper address Comm...

Page 553: ...30 45 Example Switch show ip helper address Forward protocol Interface Forward server 67 active Vlan1 192 168 1 1 ...

Page 554: ...yed through the command show ipv6 dhcp binding If DHCPv6 client does not use the DHCPv6 allocated IPv6 address but when the life time of the IPv6 address does not end the DHCPv6 server will not remove its bind for this address In this situation the address binding information can be removed manually through this command and if no parameter is appended this command will remove all the address bindi...

Page 555: ...n Example When administrator checks the conflict logs administrator discovers that address 2001 1 with the conflict record is not used so its record will be cleared from address conflict files Switch clear ipv6 dhcp conflict 2001 1 31 3 clear ipv6 dhcp statistics Command clear ipv6 dhcp statistics Function Clear the statistic records of DHCPv6 packets the statistic counter of DHCPv6 packets is cle...

Page 556: ...e the debugging messages for protocol packets of DHCPv6 prefix delegation client the no form of this command will disable the debugging information Default Disabled Command Mode Admin Mode Example Switch debug ipv6 dhcp client packet 31 5 debug ipv6 dhcp detail Command debug ipv6 dhcp detail no debug ipv6 dhcp detail Function To display the debug information of all kinds of packets received or sen...

Page 557: ...ebug ipv6 dhcp relay packet Function To enable the debugging information for protocol packets of DHCPv6 relay the no form of this command will disable the debugging Default Disabled Command Mode Admin Mode Example Switch debug ipv6 dhcp relay packet 31 7 debug ipv6 dhcp server Command debug ipv6 dhcp server event packet no debug ipv6 dhcp server event packet ...

Page 558: ...ebug ipv6 dhcp server packet 31 8 dns server Command dns server ipv6 address no dns server ipv6 address Function To configure the IPv6 address of the DNS server for DHCPv6 client the no form of this command will remove the DNS configuration Parameter ipv6 address is the IPv6 address of DNS Server Default No configured address pool of DNS Server by default Command Mode DHCPv6 Address Pool Configura...

Page 559: ...e the domain name Parameter domain name is the domain name less than 32 characters Command Mode DHCPv6 Address Pool Configuration Mode Default The domain name parameter of address pool is not configured by default Usage Guide At most 3 domain names can be configured for each address pool Example To set the domain name of DHCPv6 client as test com cn Switch dhcp 1 config domain name test com cn 31 ...

Page 560: ...a8 123 1 from DHCPv6 address allocation Switch config excluded address 2001 da8 123 1 31 11 ipv6 address Command ipv6 address prefix name ipv6 prefix prefix length no ipv6 address prefix name ipv6 prefix prefix length Function To configure the specified interface to use prefix delegation for address allocation The no form of this command will disable the using of prefix delegation for address allo...

Page 561: ...Vlan1 ipv6 address my prefix 0 0 0 2008 2008 64 31 12 ipv6 dhcp client pd Command ipv6 dhcp client pd prefix name rapid commit no ipv6 dhcp client pd Function To configure DHCPv6 prefix delegation client for the specified interface The no form of this command will disable the DHCPv6 prefix delegation client and remove the allocated address prefix Parameters prefix name is the string with its lengt...

Page 562: ...been configured by the ipv6 general prefix command the same prefix learnt from prefix delegation will be disagreed Example Switch Config if Vlan1 ipv6 dhcp client pd ClientA rapid commit 31 13 ipv6 dhcp client pd hint Command ipv6 dhcp client pd hint prefix prefix length no ipv6 dhcp client pd hint prefix prefix length Function Designate the prefix demanded by the client and its length The no oper...

Page 563: ...no form of this command will remove the configuration of the address pool Parameter poolname is the address pool name of DHCPv6 with its length no more than 32 Default Any DHCPv6 address pool are not configured by default Command Mode Global Mode Usage Guide This command should be launched in global configuration mode and falls in DHCPv6 address pool configuration mode if launched successfully To ...

Page 564: ... addess is a global unicast address the interface parameter should not be configured If ipv6 address is an local address the interface parameter is required be configured The destination address for the DHCPv6 server will be the multicast address of ALL_DHCP_Servers FF05 1 3 if the interface parameter is configured only Command Mode Interface Configuration Mode Default By default destination addre...

Page 565: ...f the DHCPv6 server with its value allowed between 0 and 255 and with 0 by default the bigger the preference value is the higher the priority of the DHCPv6 server If the allow hint option has been specified the client expected value of parameters will be appended in its request packets Command Mode Interface Configuration Mode Default DHCPv6 address pool based on port is not configured by default ...

Page 566: ... of the general prefix The configured address prefix will be reserved in the general address prefix pool At most 8 general prefix can be configured at the same time When trying to remove a configured general prefix name the operation will fail if any interfaces used the configured prefix Only one general prefix for a prefix name The general prefix cannot use the same prefix definition with prefixe...

Page 567: ...n is removed the associated prefix delegation command will be in effective either 31 19 lifetime Command lifetime valid time infinity preferred time infinity no lifetime Function To configure the life time for the addresses or the address prefixes allocated by DHCPv6 The no form of this command will restore the default setting Parameters valid time and preferred time are the valid life time and pr...

Page 568: ...is 64 and the eui 64 option has been configured the DHCPv6 server will allocate IPv6 addresses according to the EUI 64 standard or the DHCPv6 server will be allocating addresses sequentially Default No address pool is configured by default Command Mode DHCPv6 Address Pool Configuration Mode Usage Guide This command configures the address pool for the DHCPv6 server to allocate addresses only one ad...

Page 569: ...nd the preferred life time of the IPv6 address allocated to the clients respectively in seconds and its value is allowed between 1 and 31536000 However preferred time should be less than valid time If not configured the default valid time will be 2592000 while preferred time will be 604800 Command Mode DHCPv6 Address Pool Configuration Mode Default Disabled Usage Guide This command configures the ...

Page 570: ...configured the default valid time will be 2592000 while preferred time will be 604800 Command Mode DHCPv6 address pool configuration mode Default The prefix delegation name used by DHCPv6 address pool is not configured Usage Guide This command configures the name of the address prefix pool for address allocation If configured the addresses in the prefix address pool will be allocated to the client...

Page 571: ...Pv6 server function DHCPv6 relay function DHCPv6 prefix delegation function All of the above services are configured on ports Only when DHCPv6 server function is enabled the IP address assignment of DHCPv6 client DHCPv6 relay and DHCPv6 prefix delegation functions enabled can be configured on ports Example To enable DHCPv6 server Switch config service dhcpv6 31 24 show ipv6 dhcp Command show ipv6 ...

Page 572: ... prefix binding information of DHCPv6 Parameter ipv6 address is the specified IPv6 address count show the number of DHCPv6 address bindings Command Mode Admin and Configuration Mode Usage Guide To show all the address and prefix binding information of DHCPv6 include type DUID IAID prefix valid time and so on Example Switch show ipv6 dhcp binding Client iatype IANA iaid 0x0e001d92 DUID 00 01 00 01 ...

Page 573: ...terface Parameter interface name is the name and number of interface if the interface name parameter is not provided then all the DHCPv6 interface information will be shown Command Mode Admin and Configuration Mode Usage Guide To show the information for DHCPv6 interface include Port Mode Prefix delegation client DHCPv6 server DHCPv6 relay and the relative conformation information under all kinds ...

Page 574: ...ynamic assignment information for DHCPv6 address pool include the name of DHCPv6 address pool the prefix of DHCPv6 address pool excluded address DNS server configuration relative prefix information and so on To display assigned address binding number of address pool that is used as address assignment server To display assigned prefix number of address pool that is used as prefix delegation server ...

Page 575: ...6REQUEST 0 DHCP6REPLY 0 DHCP6RENEW 0 DHCP6REBIND 0 DHCP6RELEASE 0 DHCP6DECLINE 0 DHCP6CONFIRM 0 DHCP6RECONFIGURE 0 DHCP6INFORMREQ 0 DHCP6RELAYFORW 0 DHCP6RELAYREPLY 0 Message Send DHCP6SOLICIT 0 DHCP6ADVERTISE 0 DHCP6REQUEST 0 DHCP6REPLY 0 DHCP6RENEW 0 DHCP6REBIND 0 DHCP6RELEASE 0 DHCP6DECLINE 0 DHCP6CONFIRM 0 DHCP6RECONFIGURE 0 DHCP6INFORMREQ 0 DHCP6RELAYFORW 0 DHCP6RELAYREPLY 0 ...

Page 576: ... number of DHCPv6 CONFIRM packets DHCP6RECONFIGURE The number of DHCPv6 RECONFIGURE packets DHCP6INFORMREQ The number of DHCPv6 INFORMREQ packets DHCP6RELAYFORW The number of DHCPv6 RELAYFORW packets DHCP6RELAYREPLY The number of DHCPv6 RELAYREPLY packets Message Send The statistic of sending DHCPv6 packets DHCP6SOLICIT The number of DHCPv6 SOLICIT packets DHCP6ADVERTISE The number of DHCPv6 ADVER...

Page 577: ...d and the prefix value Example Switch show ipv6 general prefix 31 31 show ipv6 local pool Command show ipv6 local pool Function To show the statistic information of DHCPv6 prefix pool Command Mode Admin and Configuration Mode Usage Guide To show the statistic information of DHCPv6 prefix pool include the name of prefix pool the prefix and prefix length as well as assigned prefix length the number ...

Page 578: ...er and to display the corresponding option82 operation information Identified option 82 information of the request message and the option 82 information returned by the reply message Example Display the information of data packets processing in DHCP Relay Agent Switch config debug ip dhcp relay packet 32 2 ip dhcp relay information option Command ip dhcp relay information option no ip dhcp relay i...

Page 579: ...nt will transmit the udp broadcast messages whose destination port is 67 Example Enable the option82 function of the Relay Agent Switch config service dhcp Switch config ip forward protocol udp bootps Switch config ip dhcp relay information option 32 3 ip dhcp relay information option delimiter Command ip dhcp relay information option delimiter colon dot slash space no ip dhcp relay information op...

Page 580: ...remote id Function Set the suboption2 remote ID option content of option 82 added by DHCP request packets They are received by the interface The no command sets the additive suboption2 remote ID option format of option 82 as standard Parameters standard means the default VLAN MAC format remote id means the remote id content of option 82 specified by users its length can not exceed 64 characters Co...

Page 581: ...lt means that remote id is the VLAN MAC address with hexadecimal format vs hp means that remote id is compatible with the remote id format of HP manufacturer Default default Command Mode Global mode Usage Guide The default remote id format defined as below Remote option 2 6 MAC 1 byte 1 byte 6 byte type Length MAC means VLAN MAC address The compatible remote id format with HP manufacturer defined ...

Page 582: ...mum length is 64 Command Mode Global Mode Default Using standard method Usage Guide After configure this command if users do not configure remote id on interface it will create remote id suboption for option82 according to self defined method For mac use the format such as 00 02 d1 2e 3a 0d if it is filled to packets with ascii format but hex format occupies 6 bytes Each option will be filled to p...

Page 583: ...Set self defined method of remote id as hex for relay option82 Switch config ip dhcp relay information option self defined remote id format hex 32 8 ip dhcp relay information option self defined subscriber id Command ip dhcp relay information option self defined subscriber id vlan port id switch id mac hostname remote mac string WORD no ip dhcp relay information option self defined subscriber id F...

Page 584: ...t ID for box switch it is 1 a byte means Module the default is 0 two bytes means port ID beginning from 1 mac and remote mac occupy 6 bytes Each option will be filled to packets according to the configured order of the commands and divide them with delimiter delimiter is ip dhcp relay information option delimiter configuration Example Set self defined method of circuit id suboption as port mac for...

Page 585: ...hernet1 12 circuit id is the circuit id contents of option82 specified by users which is a string no longer than 64 characters The no ip dhcp relay information option subscriber id command will set the format of added option82 sub option1 Circuit ID option as standard format Parameters None Command Mode Interface configuration mode Default Settings The system uses the standard format to set the ci...

Page 586: ...urer Command Mode Global mode Default ascii User Guide VLAN and port information with ASCII format such as Vlan1 Ethernet1 11 VLAN and port information with hexadecimal format defined as below 1 8 0 6 VLAN Slot Module Port 1 byte 1 byte 1 byte 1 byte 2 byte 1 byte 1 byte 2 byte Suboption type Length Circuit ID type Length VLAN field fills in VLAN ID For chassis switch Slot means slot number for bo...

Page 587: ...option 82 segment in the existing message with its own option 82 and forward the message to the server to process The no ip dhcp relay information policy will set the retransmitting policy of the option 82 DCHP message as replace Parameters None Command Mode Interface configuration mode Default Settings The system uses replace mode to replace the option 82 segment in the existing message with its ...

Page 588: ... default User Guide If the users want the switch DHCP server to identify option82 and return option 82 information in the reply message this command needs to be set or the switch DHCP server will ignore the option82 Example Set the DHCP server to support option82 Switch Config if Vlan1 ip dhcp server relay information enable 32 14 show ip dhcp relay information option Command show ip dhcp relay in...

Page 589: ...ample Switch show ip dhcp relay information option ip dhcp server relay information option i e option 82 is disabled ip dhcp relay information option i e option 82 is enabled Vlan2 ip dhcp relay information policy keep ip dhcp relay information option subscriber id standard Vlan3 ip dhcp relay information policy replace ip dhcp relay information option subscriber id foobar ...

Page 590: ...e The no command deletes the configured option 43 Parameter LINE The configured option 43 character string with ascii format its length range between 1 and 255 Default No option 43 character string is configured Command Mode ip dhcp pool mode Usage Guide None Example Configure option 43 with ascii format to be AP 1000 switch config ip dhcp pool a switch dhcp a config option 43 ascii AP 1000 ...

Page 591: ...sing hex method to configure option 43 the string needs to be written according to TLV Type Length Value format For example issue ip address of 10 1 1 1 through option 43 then the hex string here should be 01040A010101 Type 0x01 it means IP address Length 0x04 it means the length of IP address is 4 Bytes Value 0x0A010101 it means the hexadecimal format of 10 1 1 1 Example Configure option 43 with ...

Page 592: ...8 1 1 then option 43 filled in packets is C0A80101 Example Configure option 43 with IP format to be 192 168 1 1 switch config ip dhcp pool a switch dhcp a config option 43 ip 192 168 1 1 33 4 option 60 ascii LINE Command option 60 ascii LINE no option 60 Function Configure option 60 character string with ascii format in ip dhcp pool mode The no command deletes the configured option 60 Parameter LI...

Page 593: ... 60 Function Configure option 60 character string with hex format in ip dhcp pool mode The no command deletes the configured option 60 Parameter WORD The configured option 60 character string with hex format such as a1241b Default No option 60 is configured Command Mode ip dhcp pool mode Usage Guide None Example Configure option 60 with hex format to be 41502031303030 switch config ip dhcp pool a ...

Page 594: ... A B C D The configured option 60 with IP format such as 192 168 1 1 Default No option 60 is configured Command Mode ip dhcp pool mode Usage Guide Using this command to configure option 60 such as 192 168 1 1 option 60 of packets matched with the configured option 60 is C0A80101 Example Configure option 60 with IP format to be 192 168 1 1 switch config ip dhcp pool a switch dhcp a config option 60...

Page 595: ...figuration mode Usage Guide It is necessary to check the address range assigned to class in order to make sure that it doesn t exceed the address range of relevant address pool A class is assigned a single address range and the address range assigned to different class in the same address pool can overlap If you do not use this command to assign address range for a DHCPv6 class then the range for ...

Page 596: ...figuration mode Usage Guide It is recommended to define this class first using global command of IPv6 DHCP class No class will be created if you input a class name which doesn t exist Example Associate the DHCPv6 class named CLASS1 to dhcpv6 pool 1 Switch Config ipv6 dhcp pool 1 Switch dhcp 1 config class CLASS1 34 1 3 ipv6 dhcp class Command ipv6 dhcp class class name no ipv6 dhcp class class nam...

Page 597: ...4 1 4 ipv6 dhcp relay remote id Command ipv6 dhcp relay remote id remote id no ipv6 dhcp relay remote id Function This command is used to set the form of adding option 37 in received DHCPv6 request packets of which remote id is the remote id in user defined option 37 and it is a string with a length of less than 128 The no operation of this command restores remote id in option 37 to enterprise num...

Page 598: ...cp relay remote id option Command ipv6 dhcp relay remote id option no ipv6 dhcp relay remote id option Function This command enables switch relay to support the option 37 the no form of this command disables it Parameters None Default Disable the relay option 37 Command Mode Global configuration mode Usage Guide Only after this command is configured DHCPv6 relay agent can add option 37 in DHCPv6 r...

Page 599: ... option 38 Default Set subscriber id in option 38 to vlan name together with port name Command Mode Interface configuration mode Usage Guide Because the option 38 information added by switch may associate with third party DHCPv6 servers users can specify the subscriber id content based on server condition when standard subscriber id of the switch cannot satisfy the demand of server The vlan name t...

Page 600: ... id option 34 1 8 ipv6 dhcp relay subscriber id select delimiter Command ipv6 dhcp relay subscriber id select sp sv pv spv delimiter WORD delimiter WORD no ipv6 dhcp relay subscriber id select delimiter Function Configures user configuration options to generate subscriber id The no form of this command restores to its original default configuration i e vlan name together with port name Parameters ...

Page 601: ...ct sp delimiter 34 1 9 ipv6 dhcp server remote id option Command ipv6 dhcp server remote id option no ipv6 dhcp server remote id option Function This command enables DHCPv6 server to support the identification of option 37 the no form of this command disables it Parameters None Default Do not support option 37 Command Mode Global configuration mode Usage Guide Configure this command if option 37 o...

Page 602: ...lected The no operation of it restores the default configuration i e selecting option 37 and option 38 of the original packets Parameters None Default Selecting option 37 and option 38 of the original packets Command Mode Interface configuration mode Usage Guide Make sure that the server has been enabled to support option 37 and option 38 before use this command The system selects option 37 and op...

Page 603: ...essed by DHCPv6 server otherwise they will be ignored option 38 is not supported by default Example Enable DHCPv6 server to support option 38 Switch Config ipv6 dhcp server subscriber id option 34 1 12 ipv6 dhcp snooping remote id Command ipv6 dhcp snooping remote id remote id no ipv6 dhcp snooping remote id Function This command is used to set the form of adding option 37 in received DHCPv6 reque...

Page 604: ...mote id of the switch cannot satisfy the demand of server The enterprise number together with vlan MAC address is used as the remote id by default Example Enable abc as remote id of DHCPv6 option 37 Switch Config if Ethernet1 1 ipv6 dhcp snooping remote id abc 34 1 13 ipv6 dhcp snooping remote id option Command ipv6 dhcp snooping remote id option no ipv6 dhcp snooping remote id option Function Thi...

Page 605: ...h option 37 among which the drop mode means that the system simply discards it with option 37 keep mode means that the system keeps option 37 unchanged and forwards the packets to the server and replace mode means that the system replaces option 37 of current packets with its own before forwarding it to the server The no operation of this command sets reforward policy of DHCPv6 packets with option...

Page 606: ...on of this command restores subscriber id in option 38 to vlan name together with port name such as Vlan2 Ethernet1 2 Parameters subscriber id user defined content of option 38 Default Set subscriber id in option 38 to vlan name together with port name Command Mode Port mode Usage Guide Because option 38 information added by switch may associate with third party DHCPv6 servers users can specify su...

Page 607: ...Only after this command is configured DHCPv6 SNOOPING can add option 38 in DHCPv6 packets before sending it to server or relay agent Make sure that DHCPv6 SNOOPING has been enabled before executing this command The system disables option 38 of DHCPv6 SNOOPING by default Example Enable option 38 in DHCPv6 SNOOPING Switch Config ipv6 dhcp snooping enable Switch Config ipv6 dhcp snooping subscriber i...

Page 608: ...nfiguration mode Usage Guide Since DHCPv6 client packets may already include option 38 information corresponding processing policy of DHCPv6 SNOOPING is requested to develop If the reforward policy is set as replace option 38 has to be enabled in advance The system disables option 38 of DHCPv6 SNOOPING by default Example Set the reforward policy of DHCPv6 packets with option 38 as keep for DHCPv6 ...

Page 609: ...ode Usage Guide This command has no effect on ports with self defined subscriber id If a user redefines subscriber id of the port after configuring the command the user defined one prevails This configuration is null by default Example Switch config ipv6 dhcp snooping subscriber id select sv delimiter 34 1 19 ipv6 dhcp use class Command ipv6 dhcp use class no ipv6 dhcp use class Function This comm...

Page 610: ...iber id subscriber id Function This command configures option 37 and option 38 that match the class in IPv6 DHCP class configuration mode Parameters remote id a string with a length ranging from 1 to 128 bytes is used to match remote id in option 37 subscriber id a string with a length ranging from 1 to 128 bytes is used to match subscriber id in option 38 match zero or more characters Default Non...

Page 611: ...ll also be displayed This command is applied in the server side as well as the relay side Parameters None Command Mode Admin mode Usage Guide Enable disable the display of detailed debug about packets sent and received by DHCPv6 Example Switch debug ipv6 dhcp detail Jan 01 01 38 45 2006 DHCPv6 DETAILS contents of SOLICIT packet Jan 01 01 38 45 2006 transaction ID 0x00b2d47c Jan 01 01 38 45 2006 el...

Page 612: ...45 2006 subscriber id option 38 option len 16 Jan 01 01 38 45 2006 subscriber id 0x0a0b0c0d 34 2 2 debug ipv6 dhcp relay packet Command debug ip dhcp relay packet Function Display the information of relay packet processing Parameters None Command Mode Admin mode Usage Guide This command is used to display the process of relay packet processed by relay agent together with the action information of ...

Page 613: ...ket discard and so on Example switch debug ipv6 dhcp snooping packet dhcpv6 snooping packet debug is on switch Jan 05 00 26 40 2006 DHCP6SNP EVENT Parse packet SOLICIT from fe80 200 ff fe00 1 src MAC 00 00 00 00 00 01 interface Ethernet1 23 vlan 24 Jan 05 00 26 40 2006 DHCP6SNP PACKET Receive DHCPv6 packet SOLICIT from fe80 200 ff fe00 1 src MAC 00 00 00 00 00 01 dst MAC 33 33 00 01 00 02 interfac...

Page 614: ...and to check relay agents configuration status for option 37 and option 38 Example Switch show ipv6 dhcp relay option remote id option enable subscriber id option enable Interface Vlan 1 remote id option configure abc 34 2 5 show ipv6 dhcp snooping option Command show ipv6 dhcp snooping option Function Display the configuration information of system snooping including the enable switch for option ...

Page 615: ...nd to check snooping configuration status for option 37 and option 38 Example Switch show ipv6 dhcp snooping option remote id option enable subscriber id option enable The slot port vlan select option is port and vlan The delimiter is ...

Page 616: ... the state of DHCP SNOOPING task when it adds ARP list entries dot1x users and trusted user list entries according to binding data 35 2 debug ip dhcp snooping event Command debug ip dhcp snooping event no debug ip dhcp snooping event Function This command is use to enable the DHCP SNOOPING debug switch to debug the state of DHCP SNOOPING task Command Mode Admin mode Usage Guide This command is mai...

Page 617: ...sing procedure adding alarm information adding binding information transmitting DHCP messages adding peeling option 82 and etc 35 4 debug ip dhcp snooping packet interface Command debug ip dhcp snooping packet interface ethernet InterfaceName no debug ip dhcp snooping packet ethernet InterfaceName Function This command is used to enable the DHCP SNOOPING debug switch to debug the information that ...

Page 618: ... of communication messages received and sent by DHCP snooping and helper server 35 6 enable trustview key Command enable trustview key 0 7 password no enable trustview key Function To configure DES encrypted key for private packets this command is also the switch for the private packets encrypt and hash function enabled or not Parameter password is character string length less than 16 which use as...

Page 619: ...xample Enable encrypt or hash function of private message Switch config enable trustview key 0 switch 35 7 ip dhcp snooping Command ip dhcp snooping enable no ip dhcp snooping enable Function Enable the DHCP Snooping function Parameters None Command Mode Globe mode Default Settings DHCP Snooping is disabled by default Usage Guide When this function is enabled it will monitor all the DHCP Server pa...

Page 620: ...khole second Users can set how long after the execution of defense action to recover The unit is second and valid range is 10 3600 Command Mode Port mode Default Settings No default defense action Usage Guide Only when DHCP Snooping is globally enabled can this command be set Trusted port will not detect fake DHCP Server so will never trigger the corresponding defense action When a port turns into...

Page 621: ...ult Settings The default value is 10 Usage Guide Set the max number of defense actions to avoid the resource exhaustion of the switch caused by attacks If the number of alarm information is larger than the set value then the earliest defense action will be recovered forcibly in order to send new defense actions Example Set the number of port defense actions as 100 switch config ip dhcp snooping ac...

Page 622: ...n is enabled the binding function can be enabled Example Enable the DHCP Snooping binding function switch config ip dhcp snooping binding enable Relative Command ip dhcp snooping enable 35 11 ip dhcp snooping binding dot1x Command ip dhcp snooping binding dot1x no ip dhcp snooping binding dot1x Function Enable the DHCP Snooping binding DOT1X function Parameters None Command Mode Port mode Default ...

Page 623: ...me no ip dhcp snooping binding user mac interface Ethernet ifname Function Configure the information of static binding users Parameters mac The MAC address of the static binding user which is the only index of the binding user ipaddress The IP address of the static binding user ifname The access interface of static binding user Command Mode Globe mode Default Settings DHCP Snooping has no static b...

Page 624: ...s Usage Guide When this function is enabled DHCP SNOOPING will treat the captured binding information as trusted users allowed to access all resources This command is mutually exclusive to ip dhcp snooping binding dot1x command Only after DHCP SNOOPING binding function is enabled the binding user function can be set This command is not limited by ip dhcp snooping based on VLAN but it is only limit...

Page 625: ...e number is 1024 Considering the limited hardware resources of the switch the actual number of trust users distributed depends on the resource amount If a bigger max number of users is set using this command DHCP Snooping will distribute the binding information of untrust users to hardware to be trust users as long as there is enough available resources Otherwise DHCP Snooping will change the dist...

Page 626: ...uest messages and forward the message The format of option1 in option 82 Circuit ID option is standard vlan name plus physical port name like vlan1 ethernet1 12 That of option2 in option 82 remote ID option is CPU MAC of the switch like 00304f023301 If a DHCP request message with option 82 options is received DHCP Snooping will replace those options in the message with its own If a DHCP reply mess...

Page 627: ...arameter None Command Mode Global Mode Default Drop DHCP packets with option82 option received by untrusted ports Usage Guide Usually the switch with DHCP snooping function connects the terminal user directly so close allow untrusted by default to avoid option82 option added by user privately Please set uplink port as trust port when enabling the uplink of DHCP snooping function Example Enable the...

Page 628: ...Switch config ip dhcp snooping information option delimiter dot 35 18 ip dhcp snooping information option remote id Command ip dhcp snooping information option remote id standard remote id no ip dhcp snooping information option remote id Function Set the suboption2 remote ID option content of option 82 added by DHCP request packets they are received by the port The no command sets the additive sub...

Page 629: ...ined remote id Function Set creation method for option82 users can define the parameters of remote id suboption by themselves Parameters WORD the defined character string of remote id by themselves the maximum length is 64 Command Mode Global Mode Default Using standard method Usage Guide After configure this command if users do not configure ip dhcp snooping information option remote id globally ...

Page 630: ...ping option82 Parameters None Command Mode Global Mode Default ascii Usage Guide self defined format use ip dhcp snooping information option type self defined remote id to create remote id format Example Set self defined format of remote id as hex for snooping option82 Switch config ip dhcp snooping information option self defined remote id format hex 35 21 ip dhcp snooping information option self...

Page 631: ...filled format of vlan occupies 2 bytes port occupies 4 bytes a byte means slot for chassis switch it means slot ID for box switch it is 1 a byte means Module the default is 0 two bytes means port ID beginning from 1 mac and remote mac occupy 6 bytes Each option will be filled to packets according to the configured order of the commands and divide them with delimiter delimiter is ip dhcp snooping i...

Page 632: ...ber id Function Set the suboption1 circuit ID option content of option 82 added by DHCP request packets they are received by the port The no command sets the additive suboption1 circuit ID option format of option 82 as standard Parameters standard means the standard format of VLAN name and physical port name such as Vlan2 Ethernet1 12 circuit id means the circuit id content of option 82 specified ...

Page 633: ...r id is VLAN and port information with ACSII format vs hp means that subscriber id is compatible with the format of HP manufacturer Command Mode Global mode Default ascii User Guide VLAN and port information with ASCII format such as Vlan1 Ethernet1 11 VLAN and port information with hexadecimal format defined as below 1 8 0 6 VLAN Slot Module Port 1 byte 1 byte 1 byte 1 byte 2 byte 1 byte 1 byte 2...

Page 634: ... DHCP message rate limit Parameters pps The number of DHCP messages transmitted in every minute ranging from 0 to 100 Its default value is 100 0 means that no DHCP message will be transmitted Command Mode Globe mode Default Settings The default value is 100 Usage Guide After enabling DHCP snooping the switch will monitor all the DHCP messages and implement software transmission The software perfor...

Page 635: ...t turns into a trusted port from a non trusted port the original defense action of the port will be automatically deleted all the security history records will be cleared except the information in system log Example Set port ethernet1 1 as a DHCP Snooping trusted port switch config interface ethernet 1 1 switch Config Ethernet 1 1 ip dhcp snooping trust 35 27 ip user helper address Command ip user...

Page 636: ...ERVER configuration can also be used to sent DOT1X user data from the server the detail of usage is described in the chapter of dot1x configuration Two HELPER SERVER addresses are allowed DHCP SNOOPING will try to connect to PRIMARY SERVER in the first place Only when the PRIMARY SERVER is unreachable will the switch HELPER SERVER connects to SECONDARY SERVER Please pay attention source address is...

Page 637: ...er However if TrustView is applied version two should be applied Example To configure the switch choose private packet version two to communicate with inter security management background system switch config ip user private packet version two 35 29 show ip dhcp snooping Command show ip dhcp snooping interface ethernet interfaceName Function Display the current configuration information of dhcp sn...

Page 638: ...ing 0 interface trust action recovery alarm num bind num Ethernet1 1 trust none 0second 0 0 Ethernet1 2 untrust none 0second 0 0 Ethernet1 3 untrust none 0second 0 0 Ethernet1 4 untrust none 0second 0 1 Ethernet1 5 untrust none 0second 2 0 Ethernet1 6 untrust none 0second 0 0 Ethernet1 7 untrust none 0second 0 0 Ethernet1 8 untrust none 0second 0 1 Ethernet1 9 untrust none 0second 0 0 Ethernet1 10...

Page 639: ...ets The number of discarded packets caused by the communication failure within the system If the CPU of the switch is too busy to schedule the DHCP SNOOPING task and thus can not handle the received DHCP messages such situation might happen DHCP Snooping alarm count The number of alarm information binding count The number of binding information expired binding The number of binding information whi...

Page 640: ...y interval The automatic recovery time of the port maximum of alarm info The max number of automatic defense actions that can be recorded by the port binding dot1x Whether the binding dot1x function is enabled on the port binding user Whether the binding user function is enabled on the port Alarm info The number of alarm information Binding info The number of binding information Expired Binding Th...

Page 641: ... 11 192 168 40 1 Ethernet1 1 1 S 00 00 00 00 00 10 192 168 40 10 Ethernet1 2 1 D 00 00 00 00 00 11 192 168 40 11 Ethernet1 4 1 D 00 00 00 00 00 12 192 168 40 12 Ethernet1 4 1 D 00 00 00 00 00 13 192 168 40 13 Ethernet1 4 1 SU 00 00 00 00 00 14 192 168 40 14 Ethernet1 4 1 SU 00 00 00 00 00 15 192 168 40 15 Ethernet1 5 1 SL 00 00 00 00 00 16 192 168 40 16 Ethernet1 5 1 SL The flag explanation of the...

Page 642: ... off messages as well as the number of forced accounting update messages can be displayed Example Switch show trustview status Primary TrustView Server 200 101 0 9 9119 TrustView version2 message inform successed TrustView inform free resource successed TrustView inform web redirect address successed TrustView inform user binding data successed TrustView version2 message encrypt digest enabled Key...

Page 643: ...d option 82 to DHCP request messages and forward the message The format of option1 in option 82 Circuit ID option is standard vlan name plus physical port name like vlan1 ethernet1 12 That of option2 in option 82 remote ID option is CPU MAC of the switch like 00304f023301 If a DHCP request message with option 82 options is received DHCP Snooping will replace those options in the message with its o...

Page 644: ... control multicast access list the no access list 6000 7999 deny permit ip source source wildcard host source host ip any source destination destination wildcard host destination destination host ip any destination command deletes the access list Parameter 6000 7999 destination control access list number deny permit deny or permit source multicast source address source wildcard multicast source ad...

Page 645: ...ildcard host source host ip any source destination destination wildcard host destination destination host ip any destination no access list 5000 5099 deny permit ip source source wildcard host source host ip any destination destination wildcard host destination destination host ip any destination Function Configure source control multicast access list the no access list 5000 5099 deny permit ip so...

Page 646: ...ermit ip 10 1 1 0 0 0 0 255 232 0 0 0 0 0 0 255 37 1 3 ip multicast destination control access group Command ip multicast destination control access group 6000 7999 no ip multicast destination control access group 6000 7999 Function Configure multicast destination control access list used on interface the no ip multicast destination control access group 6000 7999 command deletes the configuration ...

Page 647: ...and mask length 6000 7999 Destination control access list number Default None Command Mode Global Mode Usage Guide The command is only working under global multicast destination control enabled after configuring the command if IGMP SPOOPING or IGMP is enabled for adding the members to multicast group If configuring multicast destination control on specified net segment of transmitted igmp report a...

Page 648: ... xx xx 6000 7999 Destination control access list number Default None Command Mode Global Mode Usage Guide The command is only working under global multicast destination control enabled after configuring the command if IGMP SPOOPING is enabled for adding the members to multicast group If configuring multicast destination control to source MAC address of transmitted igmp report and match configured ...

Page 649: ...ue through the switch matching priority of specified range multicast data packet and the TOS is specified to the same value simultaneously Carefully the packet transmitted in UNTAG mode does not modify its priority Example Switch config ip multicast policy 10 1 1 0 24 225 1 1 0 24 cos 7 37 1 7 ip multicast source control Command ip multicast source control no ip multicast source control Function C...

Page 650: ...t source control 37 1 8 ip multicast source control access group Command ip multicast source control access group 5000 5099 no ip multicast source control access group 5000 5099 Function Configure multicast source control access list used on interface the no ip multicast source control access group 5000 5099 command deletes the configuration Parameter 5000 5099 Source control access list number De...

Page 651: ...n control the NO command is to recover and disable the multicast destination control globally Parameters None Default Disabled Command Mode Global Configuration Mode Usage Guide Only after globally enabling the multicast destination control the other destination control configuration can take effect the destination access list can be applied to ports VLAN MAC and SIP After configuring this command...

Page 652: ...ame interface name or interface aggregation name such as Ethernet1 1 port channel 1 or ethernet1 1 Default None Command Mode Admin Mode and Global Mode Usage Guide The command displays multicast destination control rules of configuration including detail option and access list information applied in detail Example Switch config show ip multicast destination control ip multicast destination control...

Page 653: ...ys destination control multicast access list of configuration Example Switch sh ip multicast destination control acc access list 6000 deny ip any any destination access list 6000 deny ip any host destination 224 1 1 1 access list 6000 deny ip host 2 1 1 1 any destination access list 6001 deny ip host 2 1 1 1 225 0 0 0 0 255 255 255 access list 6002 permit ip host 2 1 1 1 225 0 0 0 0 255 255 255 ac...

Page 654: ...ip multicast source control detail show ip multicast source control interface Interfacename detail Function Display multicast source control configuration Parameter detail expresses if it displays information in detail Interfacename interface name such as Ethernet 1 1 or ethernet1 1 Default None Command Mode Admin Mode and Global Mode Usage Guide The command displays multicast source control rules...

Page 655: ...list Command show ip multicast source control access list show ip multicast source control access list 5000 5099 Function Display source control multicast access list of configuration Parameter 5000 5099 access list number Default None Command Mode Admin Mode and Global Mode Usage Guide The command displays source control multicast access list of configuration Example Switch sh ip multicast source...

Page 656: ...sage Guide Use show command to check the deleted group record Example Delete all groups Switch clear ip igmp snooping vlan 1 groups Relative Command show ip igmp snooping vlan 1 4094 37 2 2 clear ip igmp snooping vlan 1 4094 mrouter port Command clear ip igmp snooping vlan 1 4094 mrouter port ethernet IFNAME IFNAME Function Delete the mrouter port of the specific VLAN Parameters 1 4094 the specifi...

Page 657: ...ction Enable the IGMP Snooping switch of the switch the no debug igmp snooping all packet event timer mfc disables the debugging switch Command Mode Admin Mode Default IGMP Snooping debugging switch is disabled on the switch by default Usage Guide The command is used for enable the IGMP Snooping debugging switch of the switch switch IGMP data packet message can be shown with packet parameter event...

Page 658: ...ission every VLAN config the function of IGMP snooping The no ip igmp snooping command disables this function Example Enable IGMP Snooping Switch config ip igmp snooping 37 2 5 ip igmp snooping proxy Command ip igmp snooping proxy no ip igmp snooping proxy Function Enable IGMP Snooping proxy function the no command disables the function Parameter None Command Mode Global Mode Default Enable Exampl...

Page 659: ...gure IGMP Snooping on specified VLAN the global IGMP Snooping should be first enabled Disable IGMP Snooping on specified VLAN with the no ip igmp snooping vlan vlan id command Example Enable IGMP Snooping for VLAN 100 in Global Mode Switch config ip igmp snooping vlan 100 37 2 7 ip igmp snooping vlan immediate leave Command ip igmp snooping vlan vlan id immediate leave no ip igmp snooping vlan vla...

Page 660: ...nooping Example Enable the IGMP Snooping fast leave function for VLAN 100 Switch config ip igmp snooping vlan 100 immediate leave 37 2 8 ip igmp snooping vlan l2 general querier Command ip igmp snooping vlan vlan id l2 general querier no ip igmp snooping vlan vlan id l2 general querier Function Set this VLAN to layer 2 general querier Parameter vlan id is ID number of the VLAN ranging is 1 4094 Co...

Page 661: ...atic configured port 37 2 9 ip igmp snooping vlan l2 general querier source Command ip igmp snooping vlan vlanid L2 general query source A B C D no ip igmp snooping vlan vlanid L2 general query source Function Configure source address of query of igmp snooping Parameters vlanid the id of the VLAN with limitation to 1 4094 A B C D is the source address of the query operation Command Mode Global mod...

Page 662: ...ronment and for VLAN which has source of layer 2 query configuration the VLAN can be queried only if the version number has been specified This command is used to query the layer 2 version number Example Switch config ip igmp snooping vlan 2 L2 general query version 2 37 2 11 ip igmp snooping vlan limit Command ip igmp snooping vlan vlan id limit group g_limit source s_limit no ip igmp snooping vl...

Page 663: ...igured to no limit It is recommended to use default value and if layer 3 IGMP is in operation please make this configuration in accordance with the IGMP configuration as possible Example Switch config ip igmp snooping vlan 2 limit group 300 37 2 12 ip igmp snooping vlan interface ethernet port channel IFNAME limit Command ip igmp snooping vlan 1 4094 interface ethernet port channel IFNAME limit gr...

Page 664: ...ormation if it is replace find a dynamic group and source from the port to conduct deleting and replacing and then add the new group and source information The premise of using this command is that this VLAN is enabled IGMP Snooping function No command configures as no limitation Example Switch config ip igmp snooping vlan 2 interface ethernet 1 11 limit group 300 source 200 strategy replace Switc...

Page 665: ... 37 2 14 ip igmp snooping vlan mrouter port learnpim Command ip igmp snooping vlan vlan id mrouter port learnpim no ip igmp snooping vlan vlan id mrouter port learnpim Function Enable the function that the specified VLAN learns mrouter port according to pim packets the no command will disable the function Parameter vlan id The specified VLAN ID ranging from 1 to 4094 Command Mode Global Mode Defau...

Page 666: ...ter port Parameter vlan id VLAN ID ranging between 1 4094 value mrouter port survive period ranging between 1 65535 seconds Command Mode Global mode Default 255s Usage Guide This command validates on dynamic mrouter ports but not on mrouter port To use this command IGMP Snooping of this VLAN should be enabled previously Example Switch config ip igmp snooping vlan 2 mrpt 100 37 2 16 ip igmp snoopin...

Page 667: ...iguration as possible if layer 3 IGMP is running Example Switch config ip igmp snooping vlan 2 query interval 130 37 2 17 ip igmp snooping vlan query mrsp Command ip igmp snooping vlan vlan id query mrsp value no ip igmp snooping vlan vlan id query mrsp Function Configure the maximum query response period The no ip igmp snooping vlan vlan id query mrsp command restores to the default value Paramet...

Page 668: ...obustness value no ip igmp snooping vlan vlan id query robustness Function Configure the query robustness The no ip igmp snooping vlan vlan id query robustness command restores to the default value Parameter vlan id VLAN ID ranging between 1 4094 value ranging between 2 10 Command Mode Global mode Default 2 Usage Guide It is recommended to use the default settings Please keep this configure in acc...

Page 669: ...iguration is recommended here If IGMP snooping needs to be configured the source address for forwarded IGMP messages can be 0 0 0 0 If it is required by the upstream that IGMP messages should use the same network address the source address of IGMP messages should be configured to be the same with upstream Example Switch config ip igmp snooping vlan 2 report source address 10 1 1 1 37 2 20 ip igmp ...

Page 670: ... snooping vlan 3 specific query mrsp 2 Swith config no ip igmp snooping vlan 3 specific query mrspt 37 2 21 ip igmp snooping vlan static group Command ip igmp snooping vlan vlan id static group A B C D source A B C D interface ethernet port channel IFNAME no ip igmp snooping vlan vlan id static group A B C D source A B C D interface ethernet port channel IFNAME Function Configure static group on s...

Page 671: ...and ip igmp snooping vlan vlan id suppression query time value no ip igmp snooping vlan vlan id suppression query time Function Configure the suppression query time The no ip igmp snooping vlan vlan id suppression query time command restores to the default value Parameter vlan id VLAN ID ranging between 1 4094 value ranging between 1 65535 seconds Command Mode Global mode Default 255s Usage Guide ...

Page 672: ...le 1 Show IGMP Snooping summary messages of the switch Switch config show ip igmp snooping Global igmp snooping status Enabled L3 multicasting running Igmp snooping is turned on for vlan 1 querier Igmp snooping is turned on for vlan 2 Displayed Information Explanation Global igmp snooping status Whether the global igmp snooping switch on the switch is on L3 multicasting whether the layer 3 multica...

Page 673: ...tion Explanation Igmp snooping L2 general querier Whether the VLAN enables l2 general querier function and show whether the querier state is could query or suppressed Igmp snooping query interval Query interval of the VLAN Igmp snooping max response time Max response time of the VLAN Igmp snooping robustness IGMP Snooping robustness configured on the VLAN Igmp snooping mrouter port keep alive time...

Page 674: ...ss Command Mode Admin Configuration Mode Usage Guide Use show command to check the deleted group record Example Delete all groups Switch clear ipv6 mld snooping vlan 1 groups Relative Command show ipv6 mld snooping vlan 1 4094 38 1 2 clear ipv6 mld snooping vlan 1 4094 mrouter port Command clear ipv6 mld snooping vlan 1 4094 mrouter port ethernet IFNAME IFNAME Function Delete the mrouter port of t...

Page 675: ...packet event timer mfc no debug mld snooping all packet event timer mfc Function Enable the debugging of the switch MLD Snooping the no form of this command disables the debugging Command Mode Admin Mode Default The MLD Snooping Debugging of the switch is disabled by default Usage Guide This command is used for enabling the switch MLD Snooping debugging which displays the MLD data packet message p...

Page 676: ... allow every VLAN to be configured with MLD Snooping the no form of this command will disable MLD Snooping on all the VLANs as well as the global MLD snooping Example Enable MLD Snooping under global mode Switch config ipv6 mld snooping 38 1 5 ipv6 mld snooping vlan Command ipv6 mld snooping vlan vlan id no ipv6 mld snooping vlan vlan id Function Enable MLD Snooping on specified VLAN the no form o...

Page 677: ...v6 mld snooping vlan vlan id immediate leave no ipv6 mld snooping vlan vlan id immediate leave Function Enable immediate leave function of the MLD protocol in specified VLAN the no form of this command disables the immediate leave function of the MLD protocol Parameter vlan id is the id number of specified VLAN with valid range of 1 4094 Command Mode Global Mode Default Disabled by default Usage G...

Page 678: ...is recommended to configure an L2 general querier on a segment If before configure with this command MLD snooping is not enabled on this VLAN this command will no be executed When disabling the L2 general querier function MLD snooping will not be disabled along with it Main function of this command is sending general queries periodically to help the switches within this segment learn mrouter port ...

Page 679: ...roup requesting for joining in will be rejected for preventing hostile attacks To use this command MLD snooping must be enabled on VLAN The no form of this command restores the default other than set to no limit For the safety considerations this command will not be configured to no limit It is recommended to use default value and if layer 3 MLD is in operation please make this configuration in ac...

Page 680: ...ace ethernet1 13 38 1 10 ipv6 mld snooping vlan mrouter port learnpim6 Command ipv6 mld snooping vlan vlan id mrouter port learnpim6 no ipv6 mld snooping vlan vlan id mrouter port learnpim6 Function Enable the function that the specified VLAN learns mrouter port according to pimv6 packets the no command will disable the function Parameter vlan id The specified VLAN ID ranging from 1 to 4094 Comman...

Page 681: ...ter port Parameter vlan id VLAN ID the valid range is 1 4094 value mrouter port keep alive time with a valid range of 1 65535 secs Command Mode Global Mode Default 255s Usage Guide This configuration is applicable on dynamic mrouter port but not on static mrouter port To use this command MLD snooping must be enabled on the VLAN Example Switch config ipv6 mld snooping vlan 2 mrpt 100 38 1 12 ipv6 m...

Page 682: ...guration in accordance with the MLD configuration as possible Example Switch config ipv6 mld snooping vlan 2 query interval 130 38 1 13 ipv6 mld snooping vlan query mrsp Command ipv6 mld snooping vlan vlan id query mrsp value no ipv6 mld snooping vlan vlan id query mrsp Function Configure the maximum query response period The no form of this command restores the default value Parameter vlan id VLA...

Page 683: ...lan id query robustness value no ipv6 mld snooping vlan vlan id query robustness Function Configure the query robustness the no form of this command restores to the default value Parameter vlan id VLAN ID the valid range is 1 4094 value the valid range is 2 10 Command Mode Global Mode Default 2 Usage Guide It is recommended to use default value and if layer 3 MLD is in operation please make this c...

Page 684: ... X The address of group or source ethernet Name of Ethernet port port channel Port aggregation ifname Name of interface Command Mode Global mode Default No configuration by default Usage Guide When a group is a static while also a dynamic group it should be taken as a static group Deleting static group can only be realized by the no form of the command Example Switch config ip igmp snooping vlan 1...

Page 685: ...different switches within the same segment must be in accordance It is recommended to use the default value Example Switch config ipv6 mld snooping vlan 2 suppression query time 270 38 1 17 show ipv6 mld snooping Command show ipv6 mld snooping vlan vlan id Parameter vlan id is the number of VLAN specified to display the MLD Snooping messages Command Mode Admin Mode Usage Guide If no VLAN number is...

Page 686: ...erier 2 Display the detailed MLD Snooping information of vlan1 Switch show ipv6 mld snooping vlan 1 Mld snooping information for vlan 1 Mld snooping L2 general querier Yes COULD_QUERY Mld snooping query interval 125 s Mld snooping max response time 10 s Mld snooping robustness 2 Mld snooping mrouter port keep alive time 255 s Mld snooping query suppression time 255 s MLD Snooping Connect Group Mem...

Page 687: ...igured on the VLAN Mld snooping mrouter port keep alive time Keep alive time of the dynamic mrouter on this VLAN Mld snooping query suppression time timeout of the VLAN as l2 general querier at suppressed status MLD Snooping Connect Group Membership Group membership of the VLAN namely the correspondence between the port and S G Mld snooping vlan 1 mrouter port Mrouter port of the VLAN including bo...

Page 688: ...ed by default Usage Guide The multicast VLAN function can not be enabled on Private VLAN To disabling the multicast VLAN function of the VLAN configuration of VLANs associated with the multicast VLAN should be deleted Note that the default VLAN can not be configured with this command and only one multicast VLAN is allowed on a switch Examples Switch config vlan 2 Switch Config Vlan2 multicast vlan...

Page 689: ...multicast VLAN to this port so to reduce the data traffic The VLAN associated with the multicast VLAN should not be a Private VLAN A VLAN can only be associated with another VLAN after the multicast VLAN is enabled Only one multicast VLAN can be enabled on a switch Examples Switch config vlan 2 Switch Config Vlan2 multicast vlan association 3 4 39 3 multicast vlan association interface Command mul...

Page 690: ...t port and the port is only configured as ACCESS mode 4 The port it will be associated cannot belong to the multicast VLAN in the same way the associated port cannot be divided in multicast VLAN 5 When the associated port mode is set as non ACCESS mode the mode cannot be changed Example Suppose vlan2 is multicast VLAN Switch config vlan2 multicast vlan association interface ethernet 1 2 Switch con...

Page 691: ...ine the time range of different commands within one week and every week to circulate subject to this time Parameters Friday Friday Monday Monday Saturday Saturday Sunday Sunday Thursday Thursday Tuesday Tuesday Wednesday Wednesday daily Every day of the week weekdays Monday thru Friday weekend Saturday thru Sunday start_time start time HH MM SS hour minute second end_time end time HH MM SS hour mi...

Page 692: ...iod from 14 30 00 to 16 45 00 on Monday Wednesday Friday and Sunday Switch Config Time Range admin_timer periodic Monday Wednesday Friday Sunday 14 30 00 to 16 45 00 40 2 absolute start Command no absolute start start_time start_data end end_time end_data Functions Define an absolute time range this time range operates subject to the clock of this equipment Parameters start_time start time HH MM S...

Page 693: ...tination dIpAddr igmp type precedence prec tos tos time range time range name access list num deny permit tcp sIpAddr sMask any source host source sIpAddr s port sPort range sPortMin sPortMax dIpAddr dMask any destination host destination dIpAddr d port dPort range dPortMin dPortMax ack fin psh rst urg syn precedence prec tos tos time range time range name access list num deny permit udp sIpAddr s...

Page 694: ...When the user assign specific num for the first time ACL of the serial number is created then the lists are added into this ACL the access list which marked 200 299 can configure not continual reverse mask of IP address igmp type represent the type of IGMP packet and usual values please refer to the following description 17 0x11 IGMP QUERY packet 18 0x12 IGMP V1 REPORT packet 22 0x16 IGMP V2 REPOR...

Page 695: ... mode Default No access lists configured Usage Guide When the user assign specific num for the first time ACL of the serial number is created then the lists are added into this ACL Examples Create a numeric standard IP access list whose serial No is 20 and permit date packets with source address of 10 1 1 0 24 to pass and deny other packets with source address of 10 1 1 0 16 Switch config access l...

Page 696: ...thernet 802 3 packet Command Mode Global mode Default Configuration No access list configured Usage Guide When the user assign specific num for the first time ACL of the serial number is created then the lists are added into this ACL Examples Permit tagged eth2 with any source MAC addresses and any destination MAC addresses and the packets pass Switch config access list 1100 permit any source mac ...

Page 697: ... source wildcard any source host source source host ip destination destination wildcard any destination host destination destination host ip precedence precedence tos tos time range time range name Functions Define an extended numeric MAC IP ACL rule no command deletes a extended numeric MAC IP ACL access list rule Parameters num access list serial No this is a decimal s No from 3100 3299 deny if ...

Page 698: ...which is a number from 0 7 tos optional packets can be filtered by service type which ia number from 0 15 icmp type optional ICMP packets can be filtered by packet type which is a number from 0 255 icmp code optional ICMP packets can be filtered by packet code which is a number from 0 255 igmp type optional ICMP packets can be filtered by IGMP packet name or packet type which is a number from 0 25...

Page 699: ... the user assign specific num for the first time ACL of the serial number is created then the lists are added into this ACL Examples Permit the passage of packets with source MAC address 00 00 XX XX 00 01 and deny passage of packets with source MAC address 00 00 00 XX 00 ab Switch config access list 700 permit 00 00 00 00 00 01 00 00 FF FF 00 00 Switch config access list 700 deny 00 00 00 00 00 ab...

Page 700: ...nable of firewall disable means to disable firewall Default It is no use if default is firewall Command Mode Global mode Usage Guide Whether enabling or disabling firewall access rules can be configured But only when the firewall is enabled the rules can be used in specific orientations of specific ports When disabling the firewall all ACL tied to ports will be deleted Examples Enable firewall Swi...

Page 701: ...ers of length of 1 to 32 Command Mode Global Mode Default No access list is configured by default Usage Guide When this command is issued for the first time an empty access list will be created Example To create a extended IP access list name tcpFlow Switch config ip access list extended tcpFlow 40 11 ip access standard Command ip access standard name no ip access standard name Function Create a n...

Page 702: ...cess list num std deny permit sIPv6Prefix sPrefixlen any source host source sIPv6Addr no ipv6 access list num std Functions Creates a numbered standard IP access list if the access list already exists then a rule will add to the current access list the no access list num std num ext command deletes a numbered standard IP access list Parameters num std is the list number list range is between 500 5...

Page 703: ...1 48 40 13 ipv6 access standard Command ipv6 access list standard name no ipv6 access list standard name Function Create a name based standard IPv6 access list the no ipv6 access list standard name command deletes the name based standard IPv6 access list including all entries Parameter name is the name for access list the character string length is from 1 to 32 Command Mode Global Mode Default No ...

Page 704: ...mmand is run for the first time only an empty access list with no entry will be created Example Create an extensive IPv6 access list named tcpFlow Switch config ipv6 access list extended tcpFlow 40 15 ip ipv6 mac mac ip access group Command ip ipv6 mac mac ip access group name in traffic statistic no ip ipv6 mac mac ip access group name in Function Apply an access list on some direction of port an...

Page 705: ...avior has a conflict When binding ACL to port there are some limits as below 1 Each port can bind a MAC IP ACL a IP ACL a MAC ACL and a IPv6 ACL It only supports the standard ipv6 type when binding the IPV6 ACL to the port 2 When binding four ACLs and data packet matching the multi ACLs simultaneity the priority from high to low are shown as below Ingress IPv6 ACL Ingress MAC IP ACL Ingress MAC AC...

Page 706: ...cluded Examples Create an MAC ACL named mac_acl Switch config mac access list extended mac_acl Switch Config Mac Ext Nacl mac_acl 40 17 mac ip access extended Command mac ip access list extended name no mac ip access list extended name Functions Define a name manner MAC IP ACL or enter access list configuration mode no mac ip access list extended name command deletes this ACL Parameters name name ...

Page 707: ...precedence prec tos tos time range time range name no deny permit tcp sIpAddr sMask any source host source sIpAddr s port sPort range sPortMin sPortMax dIpAddr dMask any destination host destination dIpAddr d port dPort range dPortMin dPortMax ack fin psh rst urg syn precedence prec tos tos time range time range name no deny permit udp sIpAddr sMask any source host source sIpAddr s port sPort rang...

Page 708: ... time range name Command Mode Name extended IP access list configuration mode Default No access list configured Examples Create the extended access list deny icmp packet to pass and permit udp packet with destination address 192 168 0 1 and destination port 32 to pass Switch config access list ip extended udpFlow Switch Config IP Ext Nacl udpFlow deny igmp any any destination Switch Config IP Ext ...

Page 709: ... sPortMax dIPv6Prefix dPrefixlen any destination host destination dIPv6Addr d port dPort range dPortMin dPortMax syn ack urg rst fin psh dscp dscp flow label fl time range time range name no deny permit udp sIPv6Prefix sPrefixlen any source host source sIPv6Addr s port sPort range sPortMin sPortMax dIPv6Prefix dPrefixlen any destination host destination dIPv6Addr d port dPort range dPortMin dPortM...

Page 710: ...e range name time range name Command Mode IPv6 nomenclature extended access control list mode Default No access control list configured Example Create an extended access control list named udpFlow denying the igmp packets while allowing udp packets with destination address 2001 1 2 3 1 and destination port 32 Switch config ipv6 access list extended udpFlow Switch Config IPv6 Ext Nacl udpFlow deny ...

Page 711: ... permit any source mac host source mac host_smac smac smac mask any destination mac host destination mac host_dmac dmac dmac mask untagged eth2 ethertype protocol protocol mask no deny permit any source mac host source mac host_smac smac smac mask any destination mac host destination mac host_dmac dmac dmac mask untagged 802 3 no deny permit any source mac host source mac host_smac smac smac mask ...

Page 712: ...ple the reverse mask format of one byte is 00001111b mask format is 11110000 and this is not permitted 00010011 Command Mode Name extended MAC access list configuration mode Default configuration No access list configured Example The forward source MAC address is not permitted as 00 12 11 23 XX XX of 802 3 data packet Switch config mac access list extended macExt Switch Config Mac Ext Nacl macExt ...

Page 713: ...ard any destination host destination destination host ip precedence precedence tos tos time range time range name Functions Define an extended name MAC IP ACL rule no form deletes one extended numeric MAC IP ACL access list rule Parameters num access list serial No this is a decimal s No from 3100 3199 deny if rules are matching deny to access permit if rules are matching permit to access any sour...

Page 714: ...a report is enabled to form a match when in connection precedence optional packets can be filtered by priority which is a number from 0 7 tos optional packets can be filtered by service type which ia number from 0 15 icmp type optional ICMP packets can be filtered by packet type which is a number from 0 255 icmp code optional ICMP packets can be filtered by packet code which is a number from 0 255...

Page 715: ...nation mac tagged eth2 14 2 0800 Displayed information Explanation access list 10 used 1 time s Number ACL10 0 time to be used access list 10 deny any source Deny any IP packets to pass access list 100 used 1 time s Nnumber ACL100 1 time to be used access list 100 deny ip any source any destination Deny IP packet of any source IP address and destination address to pass access list 100 deny tcp any...

Page 716: ...port will be revealed Examples Switch show access group interface name Ethernet 1 1 IP Ingress access list used is 100 traffic statistics Disable interface name Ethernet1 2 IP Ingress access list used is 1 packet s number is 11110 Displayed information Explanation interface name Ethernet 1 1 Tying situation on port Ethernet1 1 IP Ingress access list used is 100 No 100 numeric expansion ACL tied to...

Page 717: ...nation fire wall is enable Packet filtering function enabled 40 27 show ipv6 access lists Command show ipv6 access lists num acl name Function Show the configured IPv6 access control list Parameter num is the number of specific access control list the valid range is 500 699 amongst 500 599 is digit standard IPv6 ACL number 600 699 is the digit extended IPv6 ACL number acl name is the nomenclature ...

Page 718: ...ed 1 time s ipv6 access list 500 deny any source ipv6 access list 510 used 1 time s ipv6 access list 510 deny ip any source any destination ipv6 access list 510 deny tcp any source any destination ipv6 access list 520 used 1 time s ipv6 access list 520 permit ip any source any destination 40 28 show time range Command show time range word Functions Reveal configuration information of time range fu...

Page 719: ... periodic Monday 0 0 0 to Friday 23 59 59 40 29 time range Command no time range time_range_name Functions Create the name of time range as time range name enter the time range mode at the same time Parameters time_range_name time range name must start with letter or number and the length cannot exceed 32 characters long Command Mode Global mode Default No time range configuration Usage Guide None...

Page 720: ... sending packets pkt receive Enable the debug information of dot1x about receiving packets internal Enable the debug information of dot1x about internal details all Enable the debug information of dot1x about all details mentioned above userbased user based authentication interface name the name of the interface Command Mode Admin Mode Usage Guide By enabling the debug information of dot1x details...

Page 721: ...rmation of errors that occur in the processes of the Radius protocol operation which might help diagnose the cause of faults if there is any Example Enable the debug information of dot1x about errors Switch debug dot1x error 41 3 debug dot1x fsm Command debug dot1x fsm all aksm asm basm ratsm interface interface name no debug dot1x fsm all aksm asm basm ratsm interface interface name Function Enab...

Page 722: ...ate machine Switch debug dot1x fsm asm interface ethernet1 1 41 4 debug dot1x packet Command debug dot1x packet all receive send interface interface name no debug dot1x packet all receive send interface interface name Function Enable the debug information of dot1x about messages the no operation of this command will disable that debug information Command Mode Admin Mode Parameters send Enable the ...

Page 723: ... interface name for interface name and port number Command mode Global Mode Default N A Usage Guide The dot1x address filter function is implemented according to the MAC address filter table dot1x address filter table is manually added or deleted by the user When a port is specified in adding a dot1x address filter table entry that entry applies to the port only when no port is specified the entry...

Page 724: ...h and RADIUS server the switch needs to authenticate the user by EAP relay EAPoR authentication if the switch connects to the RADIUS server by PPP the switch will use EAP local end authentication CHAP authentication The switch should use different authentication methods according to the connection between the switch and the authentication server Example Setting EAP local end authentication for the...

Page 725: ...1x function of the switch and enable 802 1x for port1 12 Switch config dot1x enable Switch config interface ethernet 1 12 Switch Config If Ethernet1 12 dot1x enable 41 8 dot1x ipv6 passthrough Command dot1x ipv6 passthrough no dot1x ipv6 passthrough Function Enable IPv6 passthrough function on a switch port only applicable when access control mode is userbased the no operation of this command will...

Page 726: ...f time because of lacking exclusive authentication supplicant system or the version of the supplicant system being too low In Guest VLAN users can get 802 1x supplicant system software update supplicant system or update some other applications such as anti virus software the patches of operating system When a user of a port within Guest VLAN starts an authentication the port will remain in Guest V...

Page 727: ...10 dot1x macfilter enable Command dot1x macfilter enable no dot1x macfilter enable Function Enables the dot1x address filter function in the switch the no dot1x macfilter enable command disables the dot1x address filter function Command mode Global Mode Default dot1x address filter is disabled by default Usage Guide When dot1x address filter function is enabled the switch will filter the authentic...

Page 728: ...ed among different ports delete the user for the new certification The command should be enable to delete the user Example When the dot1x certification according to mac is down delete the user who passed the certification of the port Switch config dot1x macbased port down flush 41 12 dot1x max req Command dot1x max req count no dot1x max req Function Sets the number of EAP request MD5 frame to be ...

Page 729: ... the authentication function after the user moves the port the no command disables the function Command Mode Global mode Default Disable the authentication function after the user moves the port Usage Guide Enable the authentication function after the user moves the port so the switch allows user to process this authentication In the condition that the switch connects with hub when the user will b...

Page 730: ...l has been applied this command configures the limited resources which can be accessed by the un authenticated users For port based and MAC based access control users could access no network resources before authentication If TrustView management system is available the free resource can be configured in TrustView server and the TrustView server will distribute the configuration to the switches To...

Page 731: ...ated exceeds the number of allowed user additional users will not be able to access the network Example Setting port 1 3 to allow 5 users Switch Config If Ethernet1 3 dot1x max user macbased 5 41 16 dot1x max user userbased Command dot1x max user userbased number no dot1x max user userbased Function Set the upper limit of the number of users allowed access the specified port when using user based ...

Page 732: ...ingle mode Function Set the single mode based on portbase authentication mode the no command disables this function Parameters None Command mode Port Mode Default Disable the single mode Usage Guide This command takes effect when the access mode of the port is set as portbase only Before configuring the single mode if the port has enabled dot1x port method portbased command and exist online users ...

Page 733: ...ant force authorized sets port to authorized status unauthenticated data is allowed to pass through the port force unauthorized will set the port to non authorized mode the switch will not provide authentication for the supplicant and prohibit data from passing through the port Command mode Port configuration Mode Default When 802 1x is enabled for the port auto is set by default Usage Guide If th...

Page 734: ...ion the host will be able to access all the resources When MAC based authentication is applied multiple host which are connected to one port can access all the network resources after authentication When either of the above two kinds of access control is applied un authenticated host cannot access any resources in the network When user based access control is applied un authenticated users can onl...

Page 735: ...solution the switch must be enabled to use private 802 1x protocol or many applications will not be able to function For detailed information please refer to DCBI integrated solution If the switch forces the authentication client to use private 802 1x protocol the standard client will not be able to work Example To force the authentication client to use private 802 1x authentication protocol Switc...

Page 736: ...interface interface name Function Enables real time 802 1x re authentication no wait timeout requires for all ports or a specified port Parameters interface name stands for port number omitting the parameter for all ports Command mode Global Mode Usage Guide This command is a Global Mode command It makes the switch to re authenticate the client at once without waiting for re authentication timer t...

Page 737: ...ed the switch will re authenticate the supplicant at regular interval This function is not recommended for common use Example Enabling the periodical re authentication for authenticated users Switch config dot1x re authentication 41 24 dot1x timeout quiet period Command dot1x timeout quiet period seconds no dot1x timeout quiet period Function Sets time to keep silent on supplicant authentication f...

Page 738: ...ion Sets the supplicant re authentication interval the no dot1x timeout re authperiod command restores the default setting Parameters seconds is the interval for re authentication in seconds the valid range is 1 to 65535 Command mode Global Mode Default The default value is 3600 seconds Usage Guide dot1x re authentication must be enabled first before supplicant re authentication interval can be mo...

Page 739: ...me the no dot1x timeout tx period command restores the default setting Parameters seconds is the interval for re transmission of EAP request frames in seconds the valid range is 1 to 65535 Command mode Global Mode Default The default value is 30 seconds Usage Guide Default value is recommended Example Setting the EAP request frame re transmission interval to 1200 seconds Switch config dot1x timeou...

Page 740: ...sthrough function of the switch and enable the 802 1x for port 1 1 Switch config dot1x enable Switch config dot1x unicast enable Switch config interface ethernet1 1 Switch Config If Ethernet1 1 dot1x enable 41 28 show dot1x Command show dot1x interface interface list Function Displays dot1x parameter related information if parameter information is added corresponding dot1x status for corresponding...

Page 741: ...cast Disable 802 1x is enabled on ethernet Ethernet1 1 Authentication Method Port based Max User Number 1 Status Authorized Port control Auto Supplicant 00 30 4f FE 2E D3 Authenticator State Machine State Authenticated Backend State Machine State Idle Reauthentication State Machine State Stop Displayed information Explanation Global 802 1x Parameters Global 802 1x parameter information reauth enab...

Page 742: ...ient Whether the switch supports the privateclient 802 1x is enabled on ethernet Ethernet1 1 Indicates whether dot1x is enabled for the port Authentication Method Port authentication method MAC based port based user based Status Port authentication status Port control Port authorization status Supplicant Authenticator MAC address Authenticator State Machine Authenticator state machine status Backe...

Page 743: ...he max number allowed users will see debug information no debug ip arp count command is used to disable the number limitation function debug of ARP in the VLAN Parameters None Command Mode Admin Mode Default Settings None Usage Guide Display the debug information of the number of dynamic ARP in the VLAN Examples Switch debug vlan mac count Jun 14 16 04 40 2007 Current arp count 21 is more than or ...

Page 744: ...efault Settings None Usage Guide Display the debug information of the number of dynamic neighbor in the VLAN Examples Switch debug vlan mac count Jun 14 16 04 40 2007 Current neighbor count 21 is more than or equal to the maximum limit in vlan 1 42 3 debug switchport arp count Command debug switchport arp count no debug switchport arp count Function When the number limitation function debug of ARP...

Page 745: ...earning will be stopped and some mac will be delete 42 4 debug switchport mac count Command debug switchport mac count no debug switchport mac count Function When the number limitation function debug of MAC on the port if the number of dynamic MAC and the number of MAC on the port is larger than the max number allowed users will see debug information no debug switchport mac count command is used t...

Page 746: ...tion debug of ND on the port if the number of dynamic ND and the number of ND on the port is larger than the max number allowed users will see debug information no debug switchport nd count command is used to disable the number limitation function debug of ND on the port Parameters None Command Mode Admin Mode Default Settings None Usage Guide Display the debug information of the number of dynamic...

Page 747: ...ngs None Usage Guide Display the debug information of the number of dynamic MAC in the VLAN Examples Switch debug vlan mac count Jun 14 16 04 40 2007 Current mac count 21 is more than or equal to the maximum limit in vlan 1 Jun 14 16 04 40 2007 Mac learning will be stopped and some mac will be delete 42 7 ip arp dynamic maximum Command ip arp dynamic maximum value no ip arp dynamic maximum Functio...

Page 748: ...itch config interface ethernet Switch Config if Vlan1 ip arp dynamic maximum 50 Disable the number limitation function of dynamic ARP in VLAN 1 Switch Config if Vlan1 no ip arp dynamic maximum 42 8 ipv6 nd dynamic maximum Command ipv6 nd dynamic maximum value no ipv6 nd dynamic maximum Function Set the max number of dynamic NEIGHBOR allowed in the VLAN and at the same time enable the number limita...

Page 749: ...m 50 Disable the number limitation function of dynamic NEIGHBOR in VLAN 1 Switch Config if Vlan1 no ipv6 nd dynamic maximum 42 9 mac address query timeout Command mac address query timeout seconds Function Set the timeout value of querying dynamic MAC Parameter seconds is timeout value in second ranging from 30 to 300 Default Settings Default value is 60 seconds Command Mode Global mode Usage Guid...

Page 750: ...id is the specified vlan ID portName is the name of layer 2 port Command Mode Admin and Configuration Mode Usage Guide Use this command to display the number of dynamic ARP of corresponding port and VLAN Examples Display the number of dynamic ARP of the port and VLAN which are configured with number limitation function of ARP Switch config show arp dynamic count interface ethernet 1 3 Port MaxCoun...

Page 751: ... Guide Use this command to display the number of dynamic MAC of corresponding port and VLAN Examples Display the number of dynamic MAC of the port and VLAN which are configured with number limitation function of MAC Switch config show mac address dynamic count interface ethernet 1 3 Port MaxCount CurrentCount Ethernet1 3 5 1 Switch config show mac address dynamic count vlan 1 Vlan MaxCount Current...

Page 752: ...umber limitation function of ND Switch config show nd dynamic count interface ethernet 1 3 Port MaxCount CurrentCount Ethernet1 3 5 1 Switch config show nd dynamic count vlan 1 Vlan MaxCount CurrentCount 1 55 15 42 13 switchport arp dynamic maximum Command switchport arp dynamic maximum value no switchport arp dynamic maximum Function Set the max number of dynamic ARP allowed by the port and at th...

Page 753: ...Config If Ethernet1 2 switchport arp dynamic maximum 20 Disable the number limitation function of dynamic ARP in port 1 2 mode Switch Config If Ethernet1 2 no switchport arp dynamic maximum 42 14 switchport mac address dynamic maximum Command switchport mac address dynamic maximum value no switchport mac address dynamic maximum Function Set the max number of dynamic MAC address allowed by the port...

Page 754: ... number to be set is 20 Switch config interface ethernet 1 2 Switch Config If Ethernet1 2 switchport mac address dynamic maximum 20 Disable the number limitation function of dynamic MAC address in port 1 2 mode Switch Config If Ethernet1 2 no switchport mac address dynamic maximum 42 15 switchport mac address violation Command switchport mac address violation protect shutdown recovery 5 3600 no sw...

Page 755: ...utdown recovery 60 42 16 switchport nd dynamic maximum Command switchport nd dynamic maximum value no switchport nd dynamic maximum Function Set the max number of dynamic NEIGHBOR allowed by the port and at the same time enable the number limitation function of dynamic NEIGHBOR on the port no switchport nd dynamic maximum command is used to disable the number limitation function of dynamic NEIGHBO...

Page 756: ... mac address dynamic maximum command is used to disable the number limitation function of dynamic MAC address in the VLAN Parameters value upper limit of the number of MAC address in the VLAN ranging from 1 to 4096 Default Settings The number limitation function of dynamic MAC address in the VLAN is disabled Command Mode VLAN Configuration Mode Usage Guide When configuring the max number of dynami...

Page 757: ...ic MAC address in VLAN 1 the max number to be set is 50 Switch config vlan1 Switch Config if Vlan1 vlan mac address dynamic maximum 50 Enable the number limitation function of dynamic MAC address in VLAN 1 Switch Config if Vlan1 no vlan mac address dynamic maximum ...

Page 758: ... Globally enable disable AM function Parameters None Default AM function is disabled by default Command Mode Global Mode Usage Guide None Example Enable AM function on the switch Switch config am enable Disable AM function on the switch Switch config no am enable 43 2 am port Command am iport no am port ...

Page 759: ...Ethernet 1 3 no am port 43 3 am ip pool Command am ip pool ip address num no am ip pool ip address num Function Set the AM IP segment of the interface allow deny the IP messages or APR messages from a source IP within that segment to be forwarded via the interface Parameters ip address the starting address of an address segment in the IP address pool num is the number of consecutive addresses foll...

Page 760: ...ow deny the IP messages or APR messages from a source IP within that segment to be forwarded via the interface Parameter mac address is the source MAC address ip address is the source IP address of the packets which is a 32 bit binary number represented in four decimal numbers Default MAC IP address pool is empty Command Mode Port Mode Usage Guide None Example Configure that the interface 1 3 of t...

Page 761: ...ools Default Both address pools are empty at the beginning Command Mode Global Mode Usage Guide None Example Delete all configured IP address pools Switch config no am all ip pool 43 6 show am Command show am interface interface name Function Display the configured AM entries Parameters interface name is the name of the interface of which the configuration information will be displayed No paramete...

Page 762: ... 30 am mac ip pool 00 02 04 06 08 09 20 10 10 5 am ip pool 50 20 10 1 20 Interface Ethernet1 6 am port Interface Ethernet1 1 am interface am ip pool 10 10 10 1 20 am ip pool 10 20 10 1 20 Display the AM configuration entries of ehternet1 5 of the switch Switch show am interface ethernet 1 5 AM is enabled Interface Etherne1 5 am interface am ip pool 50 10 10 1 30 am mac ip pool 00 02 04 06 08 09 20...

Page 763: ... the source IP address is equal to the destination IP address Command Mode Global Mode Usage Guide By enabling this function data packet whose source IP address is equal to its destination address will be dropped Example Drop the data packet whose source IP address is equal to its destination address l Switch config dosattack check srcip equal dstip enable 44 2 dosattack check tcp flags enable Com...

Page 764: ...iating the dosattack check ipv4 first fragment enable command Example Drop one or more types of above four packet types Switch config dosattack check tcp flags enable 44 3 dosattack check srcport equal dstport enable Command dosattack check srcport equal dstport enable no dosattack check srcport equal dstport enable Function Enable the function by which the switch will check if the source port is ...

Page 765: ...ttack check srcport equal dstport enable 44 4 dosattack check icmp attacking enable Command no dosattack check icmp attacking enable Function Enable the ICMP fragment attack checking function on the switch the no form of this command disables this function Parameter None Default Disable the ICMP fragment attack checking function on the switch Command Mode Global Mode Usage Guide With this function...

Page 766: ...et length of the ICMPv4 data packet permitted by the switch Default The value is 0x200 by default Command Mode Global Mode Usage Guide To use this function you have to enable dosattack check icmp attacking enable first Example Set the max net length of the ICMPv4 data packet permitted by the switch to 100 Switch config dosattack check icmp attacking enable Switch config dosattack check icmpV4 size...

Page 767: ...ary indicates it s a primary server Command Mode Global Mode Default No TACACS authentication configured on the system by default Usage Guide This command is for specifying the IP address port number timeout timer value and the key string of the TACACS server used on authenticating with the switch The parameter port is for define an authentication port number which must be in accordance with the a...

Page 768: ...bal Mode Usage Guide The key is used on encrypted packet communication between the switch and the TACACS server The configured key must be in accordance with the one on the TACACS server or else no correct TACACS authentication will be performed It is recommended to configure the authentication server key to ensure the data security Example Configure test as the TACACS server authentication key Sw...

Page 769: ...be returned when the switch send TACACS packet We suggest using the IP address of loopback interface as source IP address it avoids that the packets from TACACS server are dropped when the interface link down Example Configure the source ip address of TACACS packet as 192 168 2 254 Switch tacacs server nas ipv4 192 168 2 254 45 4 tacacs server timeout Command tacacs server timeout seconds no tacac...

Page 770: ...ample Configure the timeout timer of the tacacs server to 30 seconds Switch config tacacs server timeout 30 45 5 debug tacacs server Command debug tacacs server no debug tacacs server Function Open the debug message of the TACACS the no debug tacacs server command closes the TACACS debugging messages Command Mode Admin Mode Parameter None Usage Guide Enable the TACACS debugging messages to check t...

Page 771: ...fault AAA authentication is not enabled by default Usage Guide The AAA authentication for the switch must be enabled first to enable IEEE 802 1x authentication for the switch Example Enabling AAA function for the switch Switch config aaa enable 46 2 aaa accounting enable Command aaa accounting enable no aaa accounting enable Function Enables the AAA accounting function in the switch the no aaa acc...

Page 772: ... message is sent to the RADIUS accounting server on accounting end Note The switch send the user offline message to the RADIUS accounting server only when accounting is enabled the user offline message will not be sent to the RADIUS authentication server Example Enabling AAA accounting for the switch Switch config aaa accounting enable 46 3 aaa accounting update Command aaa accounting update enabl...

Page 773: ... send Enable the debug information of AAA about sending packets receive Enable the debug information of AAA about receiving packets all Enable the debug information of AAA about both sending and receiving packets interface number the number of interface interface name the name of interface Command Mode Admin Mode Usage Guide By enabling the debug information of AAA about sending and receiving pack...

Page 774: ...interface Command Mode Admin Mode Usage Guide By enabling the debug information of AAA about Radius attribute details users can check Radius attribute details of Radius messages which might help diagnose the cause of faults if there is any Example Enable the debug information of aaa about Radius attribute details on interface 1 1 Switch debug detail attribute interface Ethernet 1 1 46 6 debug aaa ...

Page 775: ...t Command debug aaa detail event no debug detail event Function Enable the debug information of aaa about events the no operation of this command will disable that debug information Parameters None Command Mode Admin Mode Usage Guide By enabling the debug information of aaa about events users can check the information of all kinds of event generated in the operation process of Radius protocol whic...

Page 776: ...f errors that occurs in the operation process of Radius protocol which might help diagnose the cause of faults if there is any Example Enable the debug information of aaa about errors Switch debug aaa error 46 9 radius nas ipv4 Command radius nas ipv4 ip address no radius nas ipv4 Function Configure the source IP address for RADIUS packet sent by the switch The no radius nas ipv4 command deletes t...

Page 777: ...packets from RADIUS server are dropped when the interface link down Example Configure the source ip address of RADIUS packet as 192 168 2 254 Switch radius nas ipv4 192 168 2 254 46 10 radius nas ipv6 Command radius nas ipv6 ipv6 address no radius nas ipv6 Function Configure the source IPv6 address for RADIUS packet sent by the switch The no command deletes the configuration Parameter ipv6 address...

Page 778: ...v4 address ipv6 address Function Specifies the IPv4 IPv6 address and the port number whether be primary server for RADIUS accounting server the no command deletes the RADIUS accounting server Parameters ipv4 address ipv6 address stands for the server IPv4 IPv6 address port number for server listening port number from 0 to 65535 string is the key string If key option is set as 0 the key is not encr...

Page 779: ...ing host 2004 1 2 3 2 port 3000 primary 46 12 radius server authentication host Command radius server authentication host ipv4 address ipv6 address port port number key 0 7 string primary access mode dot1x telnet no radius server authentication host ipv4 address ipv6 address Function Specifies the IPv4 address or IPv6 address and listening port number cipher key whether be primary server or not an...

Page 780: ...the authentication is successed or failed switch does not send the authentication request to the next If primary is specified then the specified RADIUS server will be the primary server It will use the cipher key which be configured by radius server key string global command if the current RADIUS server not configure key string Besides it can designate the current RADIUS server only use 802 1x aut...

Page 781: ... key Command radius server key 0 7 string no radius server key Function Specifies the key for the RADIUS server authentication and accounting the no radius server key command deletes the key for RADIUS server Parameters string is a key string for RADIUS server If key option is set as 0 the key is not encrypted and its range should not exceed 64 characters if key option is set as 7 the key is encry...

Page 782: ...Default The default value is 3 times Usage Guide This command specifies the retransmission time for a packet without a RADIUS server response after the switch sends the packet to the RADIUS server If authentication information is missing from the authentication server AAA authentication request will need to be re transmitted to the authentication server If AAA request retransmission count reaches ...

Page 783: ...tch waits for corresponding response packets after sending RADIUS Server request packets If RADIUS server response is not received in the specified waiting time the switch resends the request packet or sets the server as invalid according to the current conditions Example Setting the RADIUS authentication timeout timer value to 30 seconds Switch config radius server timeout 30 46 17 radius server ...

Page 784: ...sers supported by NAS The smaller the interval the less the maximum number of the users supported by NAS the bigger the interval the more the maximum number of the users supported by NAS The following is the recommended ratio of interval of sending fee counting update messages to the maximum number of the users supported by NAS The maximum number of users The interval of sending fee counting updat...

Page 785: ...pID ChapID OnTime UserIP MAC total 0 46 19 show aaa authenticating user Command show aaa authenticating user Function Display the authenticating users Command mode Admin and Configuration Mode Usage Guide Usually the administrator concerns only information about the authenticating user the other information displays is used for troubleshooting by the technical support Example Switch show aaa authe...

Page 786: ...ng Authentication key authentication server sum 2 Configure the number of authentication server authentication server 0 sock_addr 2 100 100 100 60 1812 The address protocol group IP and interface number of the first authentication server Is Primary 1 Is the primary server Is Server Dead 0 The server whether dead Socket No 0 The local socket number lead to this server authentication server 1 sock_a...

Page 787: ...interval of the dead server Account Time Interval 0min The account time interval 46 21 show radius authenticated user count Command show radius authenticated user count Function Show the number of on line users who have already passed the authentication Parameter None Command mode Admin and configuration mode Default None Usage guide None Example Switch show radius authenticated user count The aut...

Page 788: ...ge Guide None Example Switch show radius authenticating user count The authenticating user num is 10 46 23 show radius count Command show radius authenticated user authenticating user count Function Displays the statistics for users of RADIUS authentication Parameters authenticated user displays the authenticated users online authenticating user displays the authenticating users Command mode Admin...

Page 789: ... the show radius count command Example 1 Display the statistics for RADIUS authenticated users Switch show radius authenticated user count The authenticated online user num is 0 2 Display the statistics for RADIUS authenticated users and others Switch show radius authenticating user count ...

Page 790: ... for enable and disable SSL function After enable SSL function the users visit the switch through https client switch and client use SSL connect can form safety SSL connect channel After that all the data which transmit of the application layer will be encrypted then ensure the privacy of the communication Example Enable SSL function Switch config ip http secure server 47 2 ip http secure port Com...

Page 791: ...must use the changed one For example https device port_number SSL function must reboot after every change Example Configure the port number is 1028 Switch config ip http secure port 1028 47 3 ip http secure ciphersuite Command ip http secure ciphersuite des cbc3 sha rc4 128 sha des cbc sha no ip http secure ciphersuite Function Configure delete secure cipher suite by SSL used Parameter des cbc3 sh...

Page 792: ... 7 0 or above is required Example Configure the secure cipher suite is rc4 128 sha Switch config ip http secure ciphersuite rc4 128 sha 47 4 show ip http secure server status Command show ip http secure server status Function Show the status for the configured SSL Parameter None Command Mode Admin and Configuration Mode Example Switch show ip http secure server status HTTP secure server status Ena...

Page 793: ... Show the configured SSL information the no command closes the DEBUG Parameter None Command Mode Admin Mode Example Switch debug ssl Jan 01 01 02 05 2006 ssl will to connect to web server 127 0 0 1 9998 Jan 01 01 02 05 2006 connect to http security server success ...

Page 794: ...able IPv6 security RA function Parameters None Command Mode Global Configuration Mode Default The IPv6 security RA function is disabled by default Usage Guide Only after enabling the global security RA function the security RA on a port can be enabled Globally disabling security RA will clear all the configured security RA ports The global security RA function and the global IPv6 SAVI function are...

Page 795: ...bled by default Usage Guide Only after globally enabling the security RA function can the security RA on a port be enabled Globally disabling security RA will clear all the configured security RA ports Example Enable IPv6 security RA on a port Switch Config If Ethernet1 2 ipv6 security ra enable 48 3 show ipv6 security ra Command show ipv6 security ra interface interface list Function Display all ...

Page 796: ...ity ra Command debug ipv6 security ra no debug ipv6 security ra Function Enable the debug information of IPv6 security RA the no operation of this command will disable the debug information of IPv6 security RA Command Mode Admin Mode Parameters None Usage Guide Users can check the proceeds of message handling of IPv6 security RA which will help investigate the causes to problems if there is any Ex...

Page 797: ... authentication mode none means the authentication is needless Default Using RADIUS authentication mode Command Mode Global mode Usage Guide none option is used to the fleeing function of MAC address authentication If all configured RADIUS servers don t respond switch will adopt none authentication mode to allow that MAC address authentication users access the network directly Example Configure th...

Page 798: ...e Usage Guide None Example Delete all MAB binding Switch clear mac authentication bypass binding all 49 3 debug mac authentication bypass Command debug mac authentication bypass packet event binding Function Enable the debugging of the packet information event information or binding information for MAB authentication Parameters packet Enable the debugging of the packet information for MAB authenti...

Page 799: ...ication bypass binding limit Function Set the max binding number of MAB The no command will restore the default binding number as 3 Parameters 1 100 the max binding number of MAB ranging from 1 to 100 Command Mode Port Mode Default The max binding number of MAB is 3 Usage Guide Set the max binding number of MAB When the binding number reaches to the max value the port will stop binding if the max ...

Page 800: ...d port MAB function The no command disables MAB function Parameters None Command Mode Global Mode and Port Mode Default Disable the global and port MAB function Usage Guide To process MAB authentication of a port enable the global MAB function first and then enable the MAB function of the corresponding port Example Enable the global and port Eth1 1 MAB function Switch Config mac authentication byp...

Page 801: ...atuitous ARP to correct the error ARP entries generated by gratuitous ARP of the conflict detection This command is used to detect the spoofing garp when occuring the address conflict MAB function is not deal with the packet any more Notice when enabling the check function all ARP will be processed the software check it will add switch s load Example Enable spoofing garp check function Switch Conf...

Page 802: ... of offline detect time it will delete this binding and forbid the flow to pass Example Configure offline detect time as 200s Switch Config mac authentication bypass timeout offline detect 200 49 8 mac authentication bypass timeout quiet period Command mac authentication bypass timeout quiet period 1 60 no mac authentication bypass timeout quiet period Function Set quiet period of MAB authenticati...

Page 803: ... stale period 0 60 no mac authentication bypass timeout stale period Function Set the time that delete the binding user after MAB port is down The no command restores the default value Parameters 1 60 The time that delete the binding ranging from 0 to 60s Command Mode Global Mode Default 30s Usage Guide If the time that delete the binding as 0 delete all user binding of this port as soon as the MA...

Page 804: ...er as username and password to authenticate Usage Guide There are two methods for MAB authentication use MAC address of MAB user as username and password to authenticate or use the specified username and password to authenticate If there is no specified username and password the device uses the first method to authenticate by default Example All MAB users use the same username and password to auth...

Page 805: ...f 88 Ethernet1 1 1 MAB_QUIET 03 0a eb 6a 7f 88 Ethernet1 1 1 MAB_QUIET 02 0a eb 6a 7f 88 Ethernet1 1 1 MAB_AUTHENTICATED 00 0a eb 6a 7f 8e Ethernet1 1 1 MAB_AUTHENTICATED Displayed information Explanation The Number of all binding The binding number of all MAB users include the successful authentication user and the failing authentication user at quiet period state MAC MAC address Interface The bi...

Page 806: ...Binding State Lease 164 seconds left Displayed information Explanation MAB enable MAB function enabled or not Binding info The MAB binding number of the specified port MAB Binding built at The time when the user binding was created VID The VLAN that MAB user belongs Port The binding port Client MAC MAC address Binding State Authentication state Binding State Lease Remain time before the binding re...

Page 807: ...oE packet debug for the specified port the no command disables it Parameter receive Enable the debug that receive PPPoE packet send Enable the debug that send PPPoE packet ehernet Physical port interface name Port name Command Mode Admin mode Default Disable PPPoE packet debug for the specified port Usage Guide Enable PPPoE packet debug for the specified port to show PPPoE packet received and sent...

Page 808: ...PoE intermediate agent function Usage Guide After enable global PPPoE IA function process the packet of PPPoE discovery stage according to the related configuration Example Enable global PPPoE intermediate agent function Switch config pppoe intermediate agent 50 3 pppoe intermediate agent Port Command pppoe intermediate agent no pppoe intermediate agent Function Enable PPPoE intermediate agent fun...

Page 809: ...oE server and the port mode is trust Example Enable PPPoE intermediate agent function of the port ethernet 1 2 Switch config if ethernet1 2 pppoe intermediate agent 50 4 pppoe intermediate agent circuit id Command pppoe intermediate agent circuit id string no pppoe intermediate agent circuit id string Function Configure circuit ID of the port the no command cancels this configuration Parameter str...

Page 810: ...mediate agent delimiter Command pppoe intermediate agent delimiter WORD no pppoe intermediate agent delimiter Function Configure the delimiter among the fields in circuit id and remote id the no command cancels the configuration Parameter WORD the delimiter its range is space Command Mode Global mode Default The fields is comparted with 0 Usage Guide After configuring the delimiter the added field...

Page 811: ...al mode Default This configuration is null Usage Guide Encapsulation circuit id and remote id with hex ASCII format to vendor tag Notice The global pppoe intermediate agent function must be enabled Example Configure the trust port 1 1 to enable vendor tag strip function Switch config pppoe intermediate agent format remote id ascii 50 7 pppoe intermediate agent remote id Command pppoe intermediate ...

Page 812: ...ort ethernet1 2 Switch config if ethernet1 2 pppoe intermediate agent remote id abcd 50 8 pppoe intermediate agent trust Command pppoe intermediate agent trust no pppoe intermediate agent trust Function Configure the port as trust port the no command configures the port as untrust port Parameter None Command Mode Port mode Default Untrust port Usage Guide The port which connect to server must be c...

Page 813: ...mand cancels the configuration Parameter vlan VLAN ID port Port ID id switch id mac the local MAC address id switch id hostname the local host name id remote mac the remote MAC address string WORD the specified keyword Command Mode Global mode Default This configuration is null Usage Guide This configuration and type tr 101 circuit id are mutually exclusive it will clear the corresponding configur...

Page 814: ...string WORD the specified keyword Command Mode Global mode Default This configuration is null Usage Guide Configuration order of this command according to the fields order in remote id Example Configure the self defined remote id as string abcd mac hostname Switch config pppoe intermediate agent type self defined remote id string abcd mac hostname 50 11 pppoe intermediate agent type tr 101 circuit...

Page 815: ...switch s MAC it occupies 6 bytes For example MAC address is 0a0b0c0d0e0f Slot ID is 12 Port Index is 34 Vlan ID is 567 the default circuit id value is 0a0b0c0d0e0f eth 12 034 0567 Example Configure access node id value of circuit ID as abcd in vendor tag Switch config pppoe intermediate agent access node id abcd After port ethernet1 3 of vlan3 receives PPPoE packets circuit id value of the added v...

Page 816: ...Index delimiter Vlan ID access node id occupies n bytes n 48 eth is space e t h space it occupies 5 bytes Slot ID occupies 2 bytes Port Index occupies 3 bytes Vlan ID occupies 4 bytes delimiter occupies 1 byte Example Configure access node id as xyz use spv combination mode delimiter with between Slot ID and Port ID delimiter with between Port ID and Vlan ID Switch config pppoe intermediate agent ...

Page 817: ... tag Note 1 Must enable global pppoe intermediate agent function 2 It must be configured on trust port Example Trust port ethernet1 1 enables vendor tag strip function Switch config if ethernet1 1 pppoe intermediate agent trust Switch config if ethernet1 1 pppoe intermediate agent vendor tag strip 50 14 show pppoe intermediate agent access node id Command show pppoe intermediate agent access node ...

Page 818: ...ntermediate agent identifier string option delimiter Function Show the configured identifier string the combination format and delimiter of slot port and vlan Parameter None Command Mode Admin mode Default The configuration information is null Usage Guide Show the configured identifier string the combo format and delimiter of slot port and vlan Example Show the configuration information for pppoe ...

Page 819: ... name port name Command Mode Admin mode Default The configuration information is null Usage Guide Check the configuration information of the corresponding port show whether the port is trust port strip function is enabled rate limit is enabled show the configured circuit ID and remote ID Example Show pppoe intermediate agent configuration information of port ethernet1 2 Switch show pppoe intermedi...

Page 820: ... Port ID list divide the ports with If the parameter is null delete all web portal binding Command Mode Admin Mode Default None Usage Guide Clear the specified the specific port or all ports dynamic binding information of web portal Example Clear the binding information of web portal authentication switch clear webportal binding interface Interface setting mac Configure mac address cr switch clear...

Page 821: ...o limitation Usage Guide Enable the binding debugging of web portal authentication the no command disables the binding debugging Example Enable the binding debugging of web portal authentication switch debug webportal binding NULL 0 packet binding debug is on 51 3 debug webportal error Command debug webportal error no debug webportal error Function Enable disable the error debugging of web portal ...

Page 822: ...portal authentication switch debug webportal error NULL 0 error error debug is on 51 4 debug webportal event Command debug webportal event no debug webportal event Function Enable disable the event debugging of web portal authentication Parameter None Command Mode Admin Mode Default There is no limitation Usage Guide Enable the event debugging of web portal authentication the no command disables t...

Page 823: ...s the packet receive Enable the debugging that web portal receives the packet all Enable the debugging that web portal receives and sends the packet ethernet IFNAME IFNAME The port name The port name is null that means to enable all ports Command Mode Admin Mode Default There is no limitation Usage Guide Enable the packet debugging of web portal authentication the no command disables the packet de...

Page 824: ...Port Mode Default Disable the function Usage Guide Enable dhcp snooping binding web portal function the no command disables the function Example Enable dhcp snooping binding web portal function switch config ip dhcp snooping binding enable switch config interface ethernet 1 1 switch config if ethernet1 1 ip dhcp snooping binding webportal 51 7 show webportal Command show webportal interface ethern...

Page 825: ...n Example Show the parameter and enable information of web portal authentication switch show webportal interface ethernet 1 1 webportal enable webportal binding limit 128 51 8 show webportal binding Command show webportal binding interface ethernet IFNAME IFNAME Function Show the binding information of web portal authentication Parameter ethernet IFNAME IFNAME The port name the name or ID of the p...

Page 826: ...t modifiers cr switch show webportal binding interface ethernet 1 1 Interface Ethernet1 1 user config webportal enable Enable Binding info 0 IP MAC Interface Vlan ID 51 9 webportal binding limit Command webportal binding limit 1 256 no webportal binding limit Function Configure the max webportal binding number allowed by the port Parameter 1 256 the max binding number allowed by the port the max w...

Page 827: ...binding number of the port Example Set the max webportal binding number allowed by the port as 128 switch config interface ethernet 1 1 switch config if ethernet1 1 webportal binding limit 128 51 10 webportal enable Command webportal enable no webportal enable Function Enable disable the global web portal authentication Parameter None Command Mode Global Mode Default Do not enable the global web p...

Page 828: ...on of the port Parameter None Command Mode Port Mode Default Do not enable web portal authentication of the port Usage Guide Enable web portal authentication of the port The no command disables web portal authentication of the port it is mutually exclusive with 802 1x on port Example Enable disable web portal authentication on port switch config interface ethernet 1 1 switch config if ethernet1 1 ...

Page 829: ...ddress of the sending interface Usage Guide The configured source address must be the local IP address or else it maybe not process the packet communication with portal server It is recommended to use the loopback interface address as the source address to avoid the return packet is unreachable when the physical interface is down and nas ip should be configured in web portal The no command deletes...

Page 830: ...bal Mode Default There is no redirection address Usage Guide Enable web portal authentication globally before configuring its HTTP redirection address The no command cancels the configured redirection address Example Configure the redirection address of web portal authentication as 173 16 1 211 switch config webportal redirect 173 16 1 211 ...

Page 831: ...needs to clear the VACL statistic information If do not input VLAN ID then clear all VLAN statistic information Command mode Admin Mode Default None Usage Guide Egress direction filtering is not supported by switch Example Clear VACL statistic information of Vlan1 Switch clear vacl statistic vlan 1 52 2 show vacl vlan Command show vacl in out vlan 1 4094 begin include exclude regular expression Fu...

Page 832: ...h the intervocalic character for example will match the character but it is not match the end of the character string w match the letter the number or the underline b match the beginning or the end of the words W match any characters which are not alphabet letter number and underline B match the locations which are not the begin or end of the word x match any characters except x aeiou match any ch...

Page 833: ...unction packet s number is 5 The sum of out profile data packets matching this VACL 52 3 vacl ip access group Command vacl ip access group 1 299 WORD in out traffic statistic vlan WORD no vacl ip access group 1 299 WORD in out vlan WORD Function This command configure VACL of IP type on the specific VLAN Parameter 1 299 WORD Configure the numeric IP ACL include standard ACL rule 1 99 extended ACL ...

Page 834: ...in vlan WORD Function This command configure VACL of IPv6 on the specific VLAN Parameter 500 599 WORD Configure the IPv6 digital standard access table rule or IPv6 command standard access table rule in Filter the ingress traffic traffic statistic Enable the statistic of matched packets number vlan WORD The VLAN will be bound to VACL Command mode Global Mode Default None Usage Guide Use or to input...

Page 835: ...tistic of matched packets number vlan WORD The VLAN will be bound to VACL Command mode Global Mode Default None Usage Guide Use or to input the VLAN or multi VLANs but do not exceed 128 and CLI length cannot exceed 80 characters Egress direction filtering is not supported by switch Example Configure the numeric MAC ACL for Vlan 1 5 Switch config vacl mac access group 700 in traffic statistic vlan ...

Page 836: ...lan WORD The VLAN will be bound to VACL Command mode Global Mode Default None Usage Guide Use or to input the VLAN or multi VLANs but do not exceed 128 and CLI length cannot exceed 80 characters Egress direction filtering is not supported by switch Example Configure the numeric MAC IP ACL for Vlan 1 2 5 Switch config vacl mac ip access group 3100 in traffic statistic vlan 1 2 5 ...

Page 837: ...x Parameter ipv6 address the address prefix of link like 2001 64 vid vlan ID of the current link Command Mode Global Mode Default None Usage Guide Users should configure local address prefix fe80 64 of the link before enable the function of matching address prefix of the link it accepts the packets of which source addresses are the local addresses of the link Example Configure the address prefix o...

Page 838: ...ish the corresponding IPv6 address binding If users enable the matched address prefix of the link configure the local address prefix of fe80 64 first to accept the packets with the source address as local link address Disable address prefix check function by default Example Enable SAVI address prefix check function Switch config ipv6 cps prefix check enable 53 1 3 ipv6 dhcp snooping trust Command ...

Page 839: ... trust port Switch config interface ethernet1 1 Switch config if ethernet1 1 ipv6 dhcp snooping trust 53 1 4 ipv6 nd snooping trust Command ipv6 nd snooping trust no ipv6 nd snooping trust Function Configure the port as slaac trust and RA trust port this port will not establish dynamic slaac binding any more and forwards RA packets The no command deletes the port trust function Parameter None Comm...

Page 840: ...de only check the port state for conflict binding if the state is up keep the conflict binding and do not set new binding If the state is down delete the conflict binding to set a new one probe mode besides checking the port state for conflict binding it will send NS packets to probe the usability of the corresponding user when the port state is up If receiving the responded NA packets from users ...

Page 841: ...disables this global function Parameter None Command Mode Global Mode Default Disable the global SAVI function Usage Guide Command configuration can be processed for SAVI function after enabling the global SAVI function Because SAVI function has already contained security RA function global SAVI function and security RA function are mutually exclusive in the global mode Example Enable SAVI functio...

Page 842: ...xceeds the configured number this port does not create new dynamic binding any more if the configured number is 0 this port does not create any dynamic binding Example Configure the binding number to be 100 for port ethernet1 1 Switch config interface ethernet1 1 Switch config if ethernet1 1 savi ipv6 binding num 100 53 1 8 savi ipv6 check source binding Command savi ipv6 check source binding ip i...

Page 843: ... binding configured by handwork is overtime the corresponding binding will be deleted but the configuration is still be kept so the binding still be shown If the binding needs to take effect again it should delete it first and configure a new binding again When the binding type is static type do not configure lifetime period the lifetime period is infinite Example Configure the dynamic binding of ...

Page 844: ...ring function of the port Usage Guide The global SAVI function must be enabled before configuring this command Example Enable the control filtering function of the packets on port ethernet1 1 Switch config interface ethernet1 1 Switch config if ethernet1 1 savi ipv6 check source ip address mac address 53 1 10 savi ipv6 dhcp only slaac only dhcp slaac enable Command savi ipv6 dhcp only slaac only d...

Page 845: ...cene detects DAD NS packets of all types dhcp slaac combination application scene detects all DHCPv6 and DAD NS packets Disable all kinds of application scene detection function for SAVI by default Example Enable the specified dhcp only application scene for SAVI Switch config savi ipv6 dhcp only enable 53 1 11 savi ipv6 mac binding limit Command savi ipv6 mac binding limit limit num no savi ipv6 ...

Page 846: ...i max dad delay max dad delay no savi max dad delay Function Configure the dynamic binding at DETECTION state and send lifetime period of DAD NS packet detection no command restores the default value Parameter max dad delay set the ranging between 1 and 65535 seconds its default value is 1 second Command Mode Port Mode Default 1 second Usage Guide It is recommended to use the default value Example...

Page 847: ...efault value is 1 second Command Mode Global Mode Default 1 second Usage Guide It is recommended to user the default value Example Set the redetection lifetime as 2 seconds Switch config savi max dad prepare delay 2 53 1 14 savi max slaac life Command savi max slaac life max slaac life no savi max slaac life Function Configure lifetime period of slaac dynamic binding at BOUND state no command rest...

Page 848: ...from up to down no command restores the default value Parameter protect time set the ranging between 1 and 300 seconds its default value is 30 seconds Command Mode Global Mode Default 30 seconds Usage Guide After the configured lifetime period is overtime the port is still at down state the binding of this port will be deleted If the port state is changed from down to up state during the configure...

Page 849: ...no debug ipv6 dhcp snooping binding Function Enable binding debug of dhcp type for SAVI no command disables the debug Parameter None Command Mode Admin Mode Default None Usage Guide After enable this function the relative binding of dhcp type or static type create the print information for misarranging The no command disables this function Example Enable the binding debug of dhcp type Switch debug...

Page 850: ...t None Usage Guide After enable event debug the relative event information of dhcp type will be print for misarranging The no command disables this function Example Enable binding event debug of dhcp type Switch debug ipv6 dhcp snooping event 53 2 3 debug ipv6 dhcp snooping packet Command debug ipv6 dhcp snooping packet no debug ipv6 dhcp snooping packet Function Enable the debug of DHCPv6 packets...

Page 851: ... dhcp snooping packet 53 2 4 debug ipv6 nd snooping binding Command debug ipv6 nd snooping binding no debug ipv6 nd snooping binding Function Enable the binding debug of slaac type for SAVI no command disables the binding debug Parameter None Command Mode Admin Mode Default None Usage Guide After enable binding debug the relative binding of slaac type will create the print information for misarran...

Page 852: ...e for SAVI no command disables the event debug Parameter None Command Mode Admin Mode Default None Usage Guide After enable event debug the relative event information of slaac type will be print for misarranging The no command disables this function Example Enable the event debug of slaac type Switch debug ipv6 nd snooping event 53 2 6 debug ipv6 nd snooping packet Command debug ipv6 nd snooping p...

Page 853: ...ts will be print for misarranging The no command disables this function Example Enable ND packets debug Switch debug ipv6 nd snooping packet 53 2 7 show savi ipv6 check source binding Command show savi ipv6 check source binding interface if name Function Show the global SAVI binding entry list Parameter if name port name such as interface ethernet 1 1 Command Mode Admin Mode Default None ...

Page 854: ... state Expires The bound lifetime period Example Show the global binding state of SAVI Switch config show savi ipv6 check source binding Static binding count 0 Dynamic binding count 3 Binding count 3 MAC IP VLAN Port Type State Expires 00 25 64 bb 8f 04 fe80 225 64ff febb 8f04 1 Ethernet1 5 slaac BOUND 14370 00 25 64 bb 8f 04 2001 13 1 Ethernet1 5 slaac BOUND 14370 00 25 64 bb 8f 04 2001 10 1 Ethe...

Page 855: ... avoid confusion it is recommended that the ID is non configured VLAN ID and the same to MRPP ring ID In configuration of MRPP ring of the same MRPP loop switches the control VLAN ID must be the same otherwise the whole MRPP loop may not be able to work normally or form broadcast The mrpp enable command must be start before the control vlan command be used If primary port secondary port node mode ...

Page 856: ...id range is from 1 to 4096 if not specified ID it clears all of MRPP ring statistic information Command Mode Admin Mode Default None Usage Guide None Example Clear statistic information of MRPP ring 4000 of switch Switch clear mrpp statistics 4000 54 3 debug mrpp Command debug mrpp no debug mrpp Function Open MRPP debug information no description command disables MRPP debug information Command Mod...

Page 857: ...RPP ring the no enable command disables this enabled MRPP ring Command Mode MRPP ring mode Default Default disable MRPP ring Usage Guide Executing this command it must enable MRPP protocol and if other commands have configured the MRPP ring is enabled Example Configure MRPP ring 4000 of switch to primary node and enable the MRPP ring Switch config mrpp enable Switch config mrpp ring 4000 Switch mr...

Page 858: ...main domain id Function Create ERRP domain the no command deletes the configured ERRP domain Parameter domain id domain ID of ERRP the range between 1 and 15 Command Mode Global mode Usage Guide If domain ID of ERRP needs to be configured the compatible mode of ERRP should be enabled firstly When executing this command it should create a new ERRP domain if there is no ERRP domain However the no co...

Page 859: ...rom primary port of primary node on configured fail timer the whole loop is fail Transfer node of MRPP doesn t need this timer and configure To avoid time delay by transfer node forwards Hello packet the value of fail timer must be more than or equal to 3 times of Hello timer On time delay loop it needs to modify the default and increase the value to avoid primary node doesn t receive Hello packet...

Page 860: ...n configured Hello timer interval if secondary port of primary node can receive this packet in configured period the whole loop is normal otherwise fail Transfer node of MRPP ring doesn t need this timer and configure Example Configure hello timer of MRPP ring 4000 to 3 seconds Switch config mrpp ring 4000 Switch mrpp ring 4000 hello timer 3 54 8 mrpp eaps compatible Command mrpp eaps compatible n...

Page 861: ...PS globally Switch Config mrpp enable Switch Config mrpp eaps compatible 54 9 mrpp enable Command mrpp enable no mrpp enable Function Enable MRPP protocol module the no mrpp enable command disables MRPP protocol Parameter None Command Mode Global Mode Default The system doesn t enable MRPP protocol module Usage Guide If it needs to configure MRPP ring it enables MRPP protocol Executing no mrpp ena...

Page 862: ...ly Furthermore the port with ERRP compatible mode should be configured as hybrid or trunk mode and allow the packets with Control Vlan information Example Enable the compatible function of ERRP globally Switch Config mrpp enable Switch Config mrpp errp compatible Switch Config mrpp ring 2 Switch mrpp ring 2 control vlan 4000 Switch config if ethernet1 51 switchport mode hybrid Switch config if eth...

Page 863: ...oll time 200 54 12 mrpp ring Command mrpp ring ring id no mrpp ring ring id Function Create MRPP ring and access MRPP ring mode the no mrpp ring ring id command deletes configured MRPP ring Parameter ring id is MRPP ring ID the valid range is from 1 to 4096 Command Mode Global Mode Usage Guide If this MRPP ring doesn t exist it create new MRPP ring when executing the command and then it enter MRPP...

Page 864: ...ary port to send Hello packet secondary port is used to receive Hello packet from primary node There are no difference on function between primary port and secondary of secondary node The mrpp enable command must be enabled before the control vlan command be used If primary port secondary port node mode and enable commands all be configured after control vlan then the mrpp ring function is enabled...

Page 865: ...ry node There are no difference on function between primary port and secondary of secondary node The mrpp enable command must be enabled before the control vlan command be used If primary port secondary port node mode and enable commands all be configured after control vlan then the mrpp ring function is enabled Example Configure secondary port of MRPP ring to 1 3 Switch config interface ethernet1...

Page 866: ... node MRPP ring 4000 Switch config mrpp ring 4000 Switch mrpp ring 4000 node mode master 54 16 show mrpp Command show mrpp ring id Function Display MRPP ring configuration Parameter ring id is MRPP ring ID the valid range is from 1 to 4096 if not specified ID it display all of MRPP ring configuration Command Mode Admin and Configuration Mode Default None ...

Page 867: ... statistic information of data packet of MRPP ring receiving and transferring Parameter ring id is MRPP ring ID the valid range is from 1 to 4096 if not specified ID it displays all of MRPP ring statistic information Command Mode Admin and Configuration Mode Default None Usage Guide None Example Display statistic information of MRPP ring 4000 of switch Switch show mrpp statistic 4000 ...

Page 868: ... name is the name of the port Default None Command mode Admin mode Usage Guide None Example Clear the statistic information of the flush packets for the port1 1 Switch clear ulpp flush counter interface e1 1 ULPP flush counter has been reset 55 2 control vlan Command control vlan integer no control vlan Function Configure the control VLAN of ULPP group the no command restores the default value ...

Page 869: ...nfigured this VLAN can t be deleted It must belong to the VLAN protected by ULPP group to avoid flush packets loopback Example Configure the sending control VLAN of ULPP group as 10 Switch config ulpp group 20 Switch ulpp group 20 control vlan 10 55 3 debug ulpp error Command debug ulpp error no debug ulpp error Function Show the error information of ULPP The no operation disables showing the erro...

Page 870: ...Show the event information of ULPP The no operation disables showing the event information of ULPP Parameter None Default Do not display Command mode Admin mode Usage Guide None Example Show the event information of ULPP Switch debug ulpp event ULPP group 1 state changes Master port ethernet 1 1 in ULPP group 1 changed state to Forwading Slave port ethernet 1 2 in ULPP group 1 changed state to Sta...

Page 871: ...ables the shown contents Parameter name is the name of the port Default Do not display Command mode Admin mode Usage Guide None Example Show the contents of the receiving flush packets for the port1 1 Switch debug ulpp flush content interface e1 1 Flush packet content Destination MAC 01 03 0f cc cc cc Source MAC 00 a0 cc d7 5c ea Type 8100 Vlan ID 1 Length 518 Control Type 2 Control Vlan 10 MAC nu...

Page 872: ...tents of the packets The no operation disables the shown information Parameter name is the name of the port Default Do not display Command mode Admin mode Usage Guide None Example Show the information that send the flush packets for the port1 1 Switch debug ulpp flush send interface e1 1 Flush packet send on port Ethernet 1 1 55 7 description Command description string no description Function Conf...

Page 873: ...group 20 Switch ulpp group 20 description switch 55 8 flush disable arp Command flush disable arp Function Disable sending the flush packets of deleting ARP Parameter None Default By default enable the sending function of the flush packets which are deleted by ARP Command mode ULPP group configuration mode Usage Guide If configure this command when the link is switched it will not actively send th...

Page 874: ...ddress Parameter None Default By default enable sending the flush packets of updating MAC address Command mode ULPP group configuration mode Usage Guide If configure this command when the link is switched it will not actively send the flush packets to notify the upstream device to update the MAC address table Example Disable sending the flush packets of updating MAC address Switch config ulpp grou...

Page 875: ...sage Guide If configure this command when the link is switched it will not actively send the flush packets to notify the upstream device to delete the dynamic unicast mac according to vlan Example Disable sending the flush packets deleted by mac vlan Switch config ulpp group 1 Switch ulpp group 1 flush disable mac vlan 55 11 flush enable arp Command flush enable arp Function Enable sending the flu...

Page 876: ...he flush packets of deleting ARP Switch config ulpp group 20 Switch ulpp group 20 flush enable arp 55 12 flush enable mac Command flush enable mac Function Enable sending the flush packets of updating MAC address Parameter None Default By default enable sending the flush packets of updating MAC address Command mode ULPP group configuration mode Usage Guide If enable this function when the link is ...

Page 877: ... deleting the dynamic unicast mac according to vlan Parameter None Default Disable Command mode ULPP group configuration mode Usage Guide If configure this command when the link is switched it will actively send the flush packets to notify the upstream device to delete the dynamic unicast mac according to vlan Example Enable sending the flush packets deleted by mac vlan Switch config ulpp group 1 ...

Page 878: ...roup configuration mode Usage Guide The preemption delay is the delay time before the master port is preempted as the forwarding state for avoiding the link oscillation in a short time After the preemption mode is enabled the preemption delay takes effect Example Configure the preemption delay as 50s for ULPP group Switch config ulpp group 20 Switch ulpp group 20 preemption delay 50 55 15 preempti...

Page 879: ...emption mode of ULPP group Switch config ulpp group 20 Switch ulpp group 20 preemption mode 55 16 protect vlan reference instance Command protect vlan reference instance instance list no protect vlan reference instance instance list Function Configure the protective VLANs of ULPP group the no command cancels the protective VLANs Parameter instance list is MSTP instance list such as i j k The numbe...

Page 880: ...oup Switch config ulpp group 20 Switch ulpp group 20 protect vlan reference instance 1 55 17 show ulpp flush counter interface Command show ulpp flush counter interface ethernet IFNAME IFNAME Function Show the statistic information of the flush packets Parameter IFNAME is the name of the ports Default None Command mode Admin mode Usage Guide Show the statistic information of the flush packets such...

Page 881: ... Command mode Admin mode Usage Guide None Example Show the information that the port receives flush packets Switch show ulpp flush receive port ULPP flush receive portlist Portname Type Control Vlan Ethernet1 1 ARP 1 Ethernet1 3 MAC 1 3 5 10 55 19 show ulpp group Command show ulpp group group id Function Show the configuration information of the ULPP groups which have been configured ...

Page 882: ...rt the preemption mode the preemption delay etc Example Show the configuration information of ULPP group1 Switch show ulpp group 1 ULPP group 1 information Description abc Preemption mode on Preemption delay 30s Control VLAN 1 Protected VLAN Reference Instance 1 Member Role State Ethernet1 1 MASTER FORWARDING Ethernet1 2 SLAVE STANDBY 55 20 ulpp control vlan Command ulpp control vlan vlan list no ...

Page 883: ... receiving control VLAN for the port This VLAN must correspond the existent VLAN after it is configured this VLAN can t be deleted Example Configure the receiving control VLAN as 10 Switch config interface ethernet 1 1 Switch config If Ethernet1 1 ulpp control vlan 10 55 21 ulpp flush disable arp Command ulpp flush disable arp Function Disable receiving the flush packets of deleting ARP Parameter ...

Page 884: ...ac Command ulpp flush disable mac Function Disable receiving the flush packets of updating MAC address Parameter None Default By default disable receiving the flush packets of updating MAC address Command mode Port mode Usage Guide If this command is configured then it will not receive the flush packets of updating MAC address Example Disable receiving the flush packets of updating MAC address Swi...

Page 885: ...bling this function forward the hardware of the flush packets with mac vlan type received in port It will not be analyzed Example Disable receiving the flush packets deleted by mac vlan of port Switch config interface e1 2 Switch config if ethernet1 2 ulpp flush disable mac vlan 55 24 ulpp flush enable arp Command ulpp flush enable arp Function Enable receiving the flush packets of deleting ARP Pa...

Page 886: ...t1 1 ulpp flush enable arp 55 25 ulpp flush enable mac Command ulpp flush enable mac Function Enable receiving the flush packets of updating MAC address Parameter None Default By default disable receiving the flush packets of updating MAC address Command mode Port mode Usage Guide Enable receiving the flush packets of updating MAC address table Example Enable receiving the flush packets of updatin...

Page 887: ...lush packets handled mac vlan type and delete the dynamic unicast mac according to vlan information in the packets Example Enable receiving the flush packets deleted by mac vlan of port Switch config interface e1 2 Switch config if ethernet1 2 ulpp flush enable mac vlan 55 27 ulpp group Command ulpp group integer no ulpp group integer Function Create a ULPP group If this group exists then enter th...

Page 888: ...ter the mode of ulpp group 20 Switch config ulpp group 20 Switch ulpp group 20 55 28 ulpp group master Command ulpp group integer master no ulpp group integer master Function Configure the master port of ULPP group the no command deletes the master port Parameter integer is the ID of ULPP group range from 1 to 48 Default There is no master port configured by default Command mode Port mode ...

Page 889: ...slave no ulpp group integer slave Function Configure the slave port of ULPP group the no command deletes the slave port Parameter integer is the ID of ULPP group the range from 1 to 48 Default There is no slave port configured by default Command mode Port mode Usage Guide There is no sequence requirement for the master and slave port configuration in a group but the protective VLANs must be config...

Page 890: ... The no operation disables showing ULSM events Parameter None Default None Command mode Admin Mode Usage Guide None Example Show the event information of ULSM Switch debug ulsm event Downlink synchoronized with ULSM group change state to Down 56 2 show ulsm group Command show ulsm group group id Function Show the configuration information of ULSM group ...

Page 891: ...f ULSM group1 Switch show ulsm group 1 ULSM group 1 information ULSM group state Down Member Role State Down by ULSM ethernet1 1 UpLINK Down ethernet1 2 DownLINK Down Yes 56 3 ulsm group Command ulsm group group id no ulsm group group id Function Create a ULSM group The no command deletes the ULSM group Parameter group id is the ID of ULSM group range from 1 to 32 Default There is no ULSM group co...

Page 892: ...Parameter group id The ID of ULSM group the range from 1 to 32 uplink Configure the port as the uplink port downlink Configure the port as the downlink port Default The port does not belong to any ULSM group Command mode Port Mode Usage Guide Configure the uplink downlink ports of ULSM group Each ULSM group can configure 8 uplink ports and 16 downlink ports at most Example Configure port1 3 as the...

Page 893: ...d by the interface while tx for the datagram sent out and both means both of income and outcome datagram Command mode Global mode Usage Guide This command is used to configure the source interfaces for the mirror It is not restricted the source interface of the mirror on the switch The source can be one interface or can be multiple interfaces Both of the income and outcome datagram can be mirrored...

Page 894: ...mmand is used to configure the source interfaces for the mirror It is not restricted the source interface of the mirror on the switch The source can be one interface or can be multiple interfaces For flow mirror only datagram received can be mirrored The parameters can be rx tx both The related access list should be prepared before this command is issued For how to configure the access list please...

Page 895: ...nk And the maximum throughput of the interface is recommended to be larger than the total throughput of the interfaces to be mirrored If the destination is removed the mirror path configured will be removed at the same time And if the destination interface is reconfigured the interface CPU mirror path will be recovered To be mentioned the flow mirror can only be recovered after the destination of ...

Page 896: ...s command is used to display the source and destination ports for the configured mirror sessions For port mirroring CPU mirroring and flow mirroring the mirror mode of the source can be displayed Example Switch show monitor ...

Page 897: ...y IP address which is shown in dotted decimal notation Command Mode Global Mode Default None default value Usage Guide The proxy address is used to mark the sample proxy which is similar to OSPF or the Router ID in the BGP However it is not necessary to make the sFlow sample proxy work properly Example Sample the proxy address at global mode switch config sflow agent address 192 168 1 200 58 2 sfl...

Page 898: ...d Example Switch config sflow analyzer sflowtrend 58 3 sflow counter interval Command sflow counter interval interval value no sflow counter interval Function Configure the max interval of the sFlow statistic sampling the no form of this command deletes the statistic sampling interval value Parameter interval value is the value of the interval with a valid range of 20 120 and shown in second Comma...

Page 899: ...ion Configure the max length of the sFlow packet data the no sflow data len command restores the default value Parameter length value is the value of the length with a value range of 500 1470 Command Mode Port Mode Default The value is 1400 by default Usage Guide When combining several samples to a sFlow group to be sent the length of the group excluding the MAC head and IP head parts should not e...

Page 900: ...otation collector port is the destination port of the sent sFlow packets Command Mode Global Mode and Port Mode Default The destination port of the sFlow packet is defaulted at 6343 and the analyzer has no default address Usage Guide If the analyzer address is configured at Port Mode this IP address and port configured at Port Mode will be applied when sending the sample packet Or else the address...

Page 901: ... length of the head of the group has to be copied to the sFlow packet and sent out The length of the copied content is configured by this command Example Configure the length of the packet data head copied in the sFlow data sampling to 50 Switch Config If Ethernet1 2 sflow header len 50 58 7 sflow priority Command sflow priority priority value no sflow priority Function Configure the priority when...

Page 902: ...w rate input input rate output output rate no sflow rate input output Function Configure the sample rate of the sFlow hardware sampling The no form of this command deletes the sampling rate value Parameter input rate is the rate of ingress group sampling the valid range is 1000 16383500 output rate is the rate of egress group sampling the valid range is 1000 16383500 Command Mode Port Mode Default...

Page 903: ...w sflow Sflow version 1 2 Agent address is 172 16 1 100 Collector address have not configured Collector port is 6343 Sampler priority is 2 Sflow DataSource type 2 index 194 Ethernet1 2 Collector address is 192 168 1 200 Collector port is 6343 Counter interval is 0 Sample rate is input 0 output 0 Sample packet max len is 1400 Sample header max len is 50 Sample version is 4 Displayed Information Exp...

Page 904: ... port is 6343 Default value of the port on E1 1 interface sampling proxy is 6343 Counter interval is 20 The statistic sampling interval on e1 1 interface is 20 seconds Sample rate is input 10000 output 0 The ingress traffic rate of e1 1 interface sampling proxy is 10000 and no egress traffic sampling will be performed Sample packet max len is 1400 The length of the sFlow group data sent by the e1 ...

Page 905: ... VLAN should be configured before RSPAN can function When configuring RSPAN VLAN it should be made sure that specialized VLAN such as the default VLAN dynamic VLAN private VLAN multicast VLAN and layer 3 interface enabled VLAN should not be configured as RSPAN VLAN If any existing sessions are still working when RSPAN is disabled these sessions will be still working regardless the configuration ch...

Page 906: ...lt Not configured Usage Guide To configure local mirror session to RSPAN The VLAN id is the RSPAN VLAN The mirrored data grams will be attached with RSPAN tags Example Switch config monitor session 1 remote vlan 5 59 3 monitor session reflector port Command monitor session session reflector port interface number no monitor session session reflector port interface number Function To configure refle...

Page 907: ...be the reflector mode Hence the configuration of reflector port and the destination port are exclusive The no command is used to restore the reflector port to normal port The source port in access or trunk mode should not be added to RSPAN VLAN When the reflector port is configured as springboard of CPU TX direction mirroring it must be configured as TRUNK port and allows the RSPAN VLAN data passi...

Page 908: ...ress of the tunnel that this equipment is in Command Mode Global Mode Default None Usage Guide The switch supports 4 mirror destination It should be noted that the destination only can be the physical port or the tunnel it should not be the members of the port aggregation and the port throughput should greater than or equal to the sum of the throughput of all source ports which is monitored by it ...

Page 909: ...nnel which is configured as the physical ports or tunnel it should not be configured as the member of the port aggregation group And the maximum throughput of the port is recommended to be larger than the total throughput of the source ports to be mirrored If the destination tunnel of a session is removed the mirror path configured in the session will be removed at the same time And if the destina...

Page 910: ...ame the length should not exceed 16 add subtract the action of timezone 0 23 the hour value 0 59 the minute value Command Mode Global mode Default None Usage Guide The timezone name is invalid with the blank the hour and minute value must be in the specific range Example Configure the action as add for the eighth timezone globally Switch config clock timezone aaa add 8 61 2 debug sntp Command debu...

Page 911: ...acket 61 3 sntp polltime Command sntp polltime interval no sntp polltime Function Sets the interval for SNTP clients to send requests to NTP SNTP the no sntp polltime command cancels the polltime sets and restores the default setting Parameters interval is the interval value from 16 to 16284 Default The default polltime is 64 seconds Command Mode Global Mode Example Setting the client to send requ...

Page 912: ... vlan Configure the virtual LAN vlan no Virtual LAN number ranging from 1 to 4094 loopback Configure loopback interface loopback no Loopback identifier ranging from 1 to 1024 version Configure the version for the server version_no Version number ranging from 1 to 4 the default is 4 Default Do not configure the time server Command Mode Global mode Usage Guide None Example Configure the time server ...

Page 913: ...ntp Function Displays current SNTP client configuration and server status Parameters N A Command Mode Admin and Configuration Mode Example Displaying current SNTP configuration Switch show sntp SNTP server Version Last Receive 2 1 0 2 1 6 ...

Page 914: ... timezone name the length should not exceed 16 add subtract the action of timezone 0 23 the hour value 0 59 the minute value Command Mode Global mode Default None Usage Guide The timezone name is invalid with the blank the hour and minute value must be in the specific range Example Configure the action as add for the eighth timezone globally Switch config clock timezone aaa add 8 62 2 debug ntp ad...

Page 915: ...To enable the debug switch of displaying local time adjust information Switch debug ntp adjust 62 3 debug ntp authentication Command debug ntp authentication no debug ntp authentication Function To display NTP authentication information the no form command disabled the switch of displaying NTP authentication information Parameter None Default Disabled Command Mode Admin Mode ...

Page 916: ...tication 62 4 debug ntp events Command debug ntp events no debug ntp events Function To enable disable debug switch of displaying NTP event Parameter None Default Disable the debug switch of displaying NTP event Command Mode Admin Mode Usage Guide To enable debug switch of displaying NTP event after that if some server changed from available to unavailable or from unavailable to available the rece...

Page 917: ... switch of receiving NTP packet If there is no parameter that means should enable the sending and receiving switch of NTP packet in the same time Default Disabled Command Mode Admin Mode Usage Guide None Example To enable the debug switch of displaying NTP packet information Switch debug ntp packet 62 6 debug ntp sync Command debug ntp sync no debug ntp sync Function To enable disable debug switch...

Page 918: ...onization information Switch debug ntp sync 62 7 ntp access group Command ntp access group server acl no ntp access group server acl Function To configure cancel the access control list of NTP Server Parameter acl ACL number range is from 1 to 99 Default Not configure the access control of NTP Server Command Mode Global Mode Usage Guide None ...

Page 919: ...henticate no ntp authenticate Function To enable cancel NTP authentication function Parameter None Default Disabled Command Mode Global Mode Usage Guide None Example To enable NTP authentication function Switch config ntp authenticate 62 9 ntp authentication key Command ntp authentication key key id md5 value no ntp authentication key key id ...

Page 920: ...None Example To define the authentication key of NTP authentication the key id is 20 the md5 is abc Switch config ntp authentication key 20 md5 abc 62 10 ntp broadcast server count Command ntp broadcast server count number no ntp broadcast server count Function Set the max number of broadcast or multicast servers supported by the NTP client The no operation will cancel the configuration and restor...

Page 921: ...unt 70 62 11 ntp disable Command ntp disable no ntp disable Function To disable enable the NTP function on port Parameter None Default To enable NTP function on all ports Command Mode vlan Configuration Mode Usage Guide None Example To disable the NTP function on vlan1 interface Switch config interface vlan 1 Switch Config if Vlan1 ntp disable ...

Page 922: ...Mode Usage Guide None Example To enable NTP function Switch config ntp enable 62 13 ntp ipv6 multicast client Command ntp ipv6 multicast client no ntp ipv6 multicast client Function Configure the specified interface to receive IPv6 NTP multicast packets the no command will cancels the specified interface to receive IPv6 NTP multicast packets Parameter None ...

Page 923: ...erface vlan 1 Switch Config if Vlan1 ntp ipv6 multicast client 62 14 ntp multicast client Command ntp multicast client no ntp multicast client Function Configure the specified interface to receive NTP multicast packets the no command will cancels the specified interface to receive NTP multicast packets Parameter None Command mode vlan mode Default Interface does not receive NTP multicast packets U...

Page 924: ...ime server of time source the no form of this command cancels the specified time server of time source Parameter ip address IPv4 address of time server ipv6 address IPv6 address of time server version The version information configured for server version_no The version number of server range is from 1 to 4 default is 4 key To configure key for server key id The key id Default Disabled Command Mode...

Page 925: ...key range is from 1 to 4294967295 Default Trusted key is not configured by default Command Mode Global Mode Usage Guide None Example To configure the specified key 20 to trusted key Switch config ntp trusted key 20 62 17 show ntp status Command show ntp status Function To display time synchronization status include synchronized or not layers address of time source and so on Parameter None ...

Page 926: ...session ip address ipv6 address Function To display the information of all NTP session or one specific session include server ID server layer and the local offset according to server The symbol means this server is the selected local time source Parameter ip address The IPv4 address of some specifics configured time server ipv6 address The IPv6 address of some specifics configured time server If n...

Page 927: ...mand Mode Admin and Configuration Mode Usage Guide None Example Switch show ntp session server stream type rootdelay rootdispersion trustlevel 1 1 1 2 2 unicast 0 010s 0 002s 10 2 2 2 2 3 unicast 0 005s 0 000s 10 ...

Page 928: ...to 12 date from 1 to 31 offset is the time offset the range from 1 to 1440 unit is minute default value is 60 minutes Default There is no summer time range Command Mode Global Mode Usage Guide This command sets the absolute start and end time for summer time When the system time reaches to the start time point of summer time the clock is changed and increase offset value the system enters summer t...

Page 929: ...e range Command Mode Global Mode Usage Guide This command sets the start and the end time for the recurrent summer time When the system time reaches to the start time point of summer time the clock is changed and increase offset value the system enters summer time When the system time reaches to the end time point of summer time the clock is changed again subtract offset value from system time the...

Page 930: ...offset the range from 1 to 1440 unit is minute default value is 60 minutes Default There is no summer time range Command Mode Global Mode Usage Guide This command sets the start and end time for the recurrent summer time flexibly When the system time reaches to the start time point of summer time the clock is changed and increase offset value the system enters summer time When the system time reac...

Page 931: ...ress all is to delete the domain entry of all address in dynamic cache Command Mode Admin Mode Default Disabled Usage Guide This command is used to manually delete the domain name and address entry in dynamic cache this command is much useful when domain name have lived long time in cache Example To delete the address of 202 108 22 5 of domain entry Switch clear dynamic host 202 108 22 5 64 2 debu...

Page 932: ...s server 10 1 120 241 ping www sina com cn 202 108 33 32 Type c to abort Sending 5 56 byte ICMP Echos to 202 108 33 32 timeout is 2 seconds Jan 01 00 03 15 2006 Host www sina com cn Address 202 108 33 32 Success rate is 0 percent 0 5 round trip min avg max 0 0 0 ms 64 3 dns server Command dns server ip address ipv6 address priority value no dns server ip address ipv6 address Function To configure ...

Page 933: ...S server with quick search speed and used frequently can be configured to highest priority If priority is not configured to search DNS server must according to the configuration order When the switch serves as a DNS SERVER the queries to the DNS SERVER won t follow the above privilege rule instead the requests will be sent to all configured servers at the same time Example To configure the priorit...

Page 934: ...dding If configured many servers and domain name suffix longer time will be required for domain name mapping Example To look up the IPv4 address of www sina com Switch config dns lookup ipv4 www sina com 64 5 show dns name server Command show dns name server Function To display the information of configured DNS server Parameter None Command Mode Admin and Configuration Mode Example Switch show dns...

Page 935: ...d DNS domain name Parameter None Command Mode Admin and Configuration Mode Example Switch show dns domain list DNS DOMAIN LIST com cn edu cn 64 7 show dns hosts Command show dns hosts Function To display the dynamic domain name information of resolute by switch Parameter None Command Mode Admin and Configuration Mode ...

Page 936: ...ns config Command show dns config Function Display the configured global DNS information on the switch Parameter None Command Mode Admin and Configuration Mode Example Switch config show dns config ip dns server enable ip domain lookup enable the maximum of dns client in cache is 3000 timeout is 5 dns client number in cache is 0 dns dynamic host in cache is 0 dns name server number is 1 dns domain...

Page 937: ...de Example Switch config show dns client DNS REQUEST LIST Total number of dns request is 2 Address Request Id 192 168 11 141 1 192 168 11 138 2 64 10 ip domain lookup Command ip domain lookup no ip domain lookup Function To enable disable DNS function whether the switch will send dynamic DNS domain queries to the real DNS server or not Parameter None Command Mode Global Mode ...

Page 938: ...NS before will be invalid after aging Example To enable DNS function can resolve the domain name dynamic Switch config ip domain lookup 64 11 ip domain list Command ip domain list WORD no ip domain list WORD Function To configure delete domain name suffix Parameter WORD is the character string of domain name suffix less than 63 characters Command Mode Global Mode Default Disabled Usage Guide This ...

Page 939: ... SERVER function Parameter None Command Mode Global Mode Default Disabled by default Usage Guide After the DNS SERVER function is enabled the switch will be able to receive and handle DNS Requests from the clients by looking up locally or forward the request to the real DNS server Example Configure to enable the dns server function of the switch Switch config ip dns server ...

Page 940: ...ent the switch will cache the client s information But the number of client information in the queue should not exceed the configured maximum number otherwise the client s request won t be handled Example Set the max number of client information in the switch queue as 2000 Switch config ip dns server queue maximum 2000 64 14 ip dns server queue timeout Command ip dns server queue timeout 1 100 no ...

Page 941: ...will cache the client s information But the time of maintaining the client information should not exceed the configured maximum timeout value otherwise the client s information will be cleared out Example Configure the maximum timeout value of caching the client information on the switch as 10s Switch config ip dns server queue timeout 10 ...

Page 942: ... Guide Using this command can clear the command history of all users Example Switch clear history all users 65 2 clear logging Command clear logging sdram Function This command is used to clear all the information in the log buffer zone Command Mode Admin Mode Usage Guide When the old information in the log buffer zone is no longer concerned we can use this command to clear all the information ...

Page 943: ...from 100 to 1000 Command Mode Global mode Usage Guide The system can save 100 recent command history of all users at best by default using this command can set the max command history number Example Switch config history all users max length 500 65 4 logging Command logging ipv4 addr ipv6 addr facility local number level severity no logging ipv4 addr ipv6 addr facility local number Function The co...

Page 944: ... is the local0 the default severity level is warnings Usage Guide Only when the log host is configured by the logging command this command will be available We can configure many IPv4 and IPv6 log hosts Example 1 Send the log information with a severity level equal to or higher than warning to the log server with an IPv4 address of 100 100 100 5 and save to the log recording equipment local1 Switc...

Page 945: ...Switch Config logging 10 1 1 1 Switch Config logging executed commands enable 65 6 logging loghost sequence number Command logging loghost sequence number no logging loghost sequence number Function Add the loghost sequence number for the log the no command does not include the loghost sequence number Command Mode Port mode Default Do not include the sequence number Usage Guide Use logging command...

Page 946: ...nvoked And ping parameters can be entered interactively Example Example 1 To ping with default parameters Switch ping 10 1 128 160 Type c to abort Sending 5 56 byte ICMP Echos to 10 1 128 160 timeout is 2 seconds Success rate is 40 percent 2 5 round trip min avg max 0 0 0 ms In the example above the switch is made to ping the device at 10 1 128 160 The command did not receive ICMP reply packets fo...

Page 947: ...0 Datagram size in byte 56 1000 Timeout in milli seconds 2000 500 Extended commands n n Display Information Explanation VRF name VRM name If MPLS is not enabled this field will be left empty Target IP address The IP address of the target device Use source address option n Whether or not to use ping with source address Source IP address To specify the source IP address for ping Repeat count 5 Numbe...

Page 948: ...l fill the icmp6 echo requests with the specified source address for ping Example 1 To issue ping6 command with default parameters Switch ping6 2001 1 2 4 Type c to abort Sending 5 56 byte ICMP Echos to 2001 1 2 4 timeout is 2 seconds Success rate is 100 percent 5 5 round trip min avg max 1 320 1600 ms 2 To issue the ping6 command with source IPv6 address specified switch ping6 src 2001 1 2 3 2001...

Page 949: ...er or not use source IPv6 address Disabled by default Source IPv6 address Source IPv6 address Repeat count 5 Number of the ping packets Datagram size in byte 56 Packet size of the ping command 56 byte by default Timeout in milli seconds 2000 Timeout for ping command 2 seconds by default Extended commands n Extended configuration Disabled by default The network is reachable The network is unreachab...

Page 950: ...ile at the next boot time flash nos img Current booted img file flash nos img The startup config file at the next boot time flash startup cfg Current booted startup config file flash startup cfg If the CFG file of the next booting is set as NULL the CFG part mentioned above will be displayed as follows The startup config file at the next boot time NULL Current booted startup config file flash star...

Page 951: ...ved in the system flash memory Command Mode Admin Mode and Configuration Mode Example To list the files and their size in the flash Switch show flash boot rom 329 828 1900 01 01 00 00 00 SH boot conf 94 1900 01 01 00 00 00 SH nos img 2 449 496 1980 01 01 00 01 06 startup config 2 064 1980 01 01 00 30 12 65 12 show history Command show history Function Display the recent user command history Comman...

Page 952: ...ow the recent command history of all users Parameter detail shows user name of the executing command IP address of the user will be shown when logging in the executing command through Telnet or SSH Command Mode Admin and configuration mode Usage Guide This command is used to show the recent command history of all users including time logging type executing command etc Notice The user can only chec...

Page 953: ...buffer channel This command is not supported on low end switches Parameter level critical warnings means the level of critical information begin index is the index start value of the log message the valid range is 1 65535 end index is the index end value of the log message and the valid range is 1 65535 When only display logging buffered information of the line card must be added range parameter b...

Page 954: ...level is warning and above in the log buffer zone channel Switch show logging buffered level warning 65 15 show logging executed commands state Command show logging executed commands state Function Show the state of logging executed commands Parameter None Command Mode Admin mode Default None Usage Guide Use this command to display the state enable or disable Example Switch show logging executed c...

Page 955: ...de Check the log information source include information channel the information severity level by show logging mstp command Example Show the log information source of MSTP Switch show logging source mstp system module log switch status Channel Onoff Severity logbuff on warning loghost on warning terminal on warning 65 17 show memory Command show memory usage Function Display the contents in the me...

Page 956: ...ords 64 002100 0000 0000 0000 0000 0000 0000 0000 0000 002110 0000 0000 0000 0000 0000 0000 0000 0000 002120 0000 0000 0000 0000 0000 0000 0000 0000 002130 0000 0000 0000 0000 0000 0000 0000 0000 002140 0000 0000 0000 0000 0000 0000 0000 0000 002150 0000 0000 0000 0000 0000 0000 0000 0000 002160 0000 0000 0000 0000 0000 0000 0000 0000 002170 0000 0000 0000 0000 0000 0000 0000 0000 65 18 show runni...

Page 957: ...ing config 65 19 show running config current mode Command show running config current mode Function Show the configuration under the current mode Command mode All configuration modes Default None Usage Guide Enter into any configuration mode and input this command under this mode it can show all the configurations under the current mode Example Switch config if ethernet1 1 show run c Interface Eth...

Page 958: ...onfig command differs from show startup config in that when the user finishes a set of configurations show running config displays the added on configurations whilst show startup config won t display any configurations However if write command is executed to save the active configuration to the Flash memory the displays of show running config and show startup config will be the same 65 21 show swi...

Page 959: ...of interfaces with MAC address learning ability Mode Trunk Current interface VLAN mode Port VID 1 Current VLAN number the interface belongs Trunk allowed Vlan ALL VLAN permitted by Trunk 65 22 show tcp Command show tcp Function Display the current TCP connection status established to the switch Command mode Admin Mode Example Switch show tcp LocalAddress LocalPort ForeignAddress ForeignPort State ...

Page 960: ...mand mode Admin and configuration mode Example Switch show tcp ipv6 LocalAddress LocalPort RemoteAddress RemotePort State IF VRF 80 0 LISTEN 0 0 23 0 LISTEN 0 0 Displayed Information Explanation LocalAddress Local IPv6 address of TCP connection LocalPort Local port of TCP connection RemoteAddress Remote IPv6 address of TCP connection RemotePort Remote Port of TCP connection State The current state...

Page 961: ...ted to the switch Example Switch show telnet login Authenticate login by local Login user aa 65 25 show tech support Command show tech support Function Display various information about the switch and the running tasks This command is used to diagnose the switch by the technical support specialist Command Mode Admin mode and configuration mode Usage Guide When failure occurred on the switch this c...

Page 962: ...0 CLOSED Displayed information Description LocalAddress Local address of the UDP connection LocalPort Local pot number of the UDP connection ForeignAddress Remote address of the UDP connection ForeignPort Remote port number of the UDP connection State Current status of the UDP connection 65 27 show udp ipv6 Command show udp ipv6 Function Show the current UDP connection Command mode Admin and confi...

Page 963: ...sion Function Display the switch version Command mode Admin Mode Usage Guide Use this command to view the version information for the switch including hardware version and software version Example Switch show version 65 29 traceroute Command traceroute source ipv4 addr ip addr host hostname hops hops timeout timeout Function This command is tests the gateway passed in the route of a packet from th...

Page 964: ...st hostname hops hops timeout timeout Function This command is for testing the gateways passed by the data packets from the source device to the destination device so to check the accessibility of the network and further locating the network failure Parameter addr is the assigned source host IPv6 address in colonned hex notation ipv6 addr is the IPv6 address of the destination host shown in colonn...

Page 965: ...65 413 Usage Guide Traceroute6 is normally used to locate destination network inaccessible failures Example Switch traceroute6 2004 1 2 3 4 Relevant Command ipv6 host ...

Page 966: ... With this command users can reboot the switch without shutdown its power after a specified period of time usually when updating the switch version The switch can be rebooted after a period of time instead of immediately after its version being updated successfully This command will not be reserved which means that it only has one time effect After this command is configured it will prompt the reb...

Page 967: ...the switch that is to cancel the configuration of command reload after This command will not be reserved Example Prevent the switch to automatically reboot after the specified time Switch reload cancel Reload cancel successful Related Commands reload reload after show reload 66 3 show reload Command show reload Function Display the user s configuration of command reload after Parameters None Comma...

Page 968: ... configuration of command reload after In the following case the user set the switch to be rebooted in 10 hours and 1 second and there are still 9 hours 59 minutes and 48 seconds left before rebooting it Switch show reload The original reload after configuration is 10 00 01 System will be rebooted after 09 59 48 from now Related Commands reload reload after reload cancel ...

Page 969: ...rotocol of the packet including dot1x stp snmp arp telnet http dhcp igmp ssh Command Mode Global Mode Usage Guide This command clear the statistics of the CPU received packets of the protocol type it is supposed to be used with the help of the technical support Example Clear the statistics of the CPU receives ARP packets Switch config clear cpu rx stat protocol arp 67 2 cpu rx ratelimit protocol C...

Page 970: ...different type of protocol Usage Guide The rate limit set by this command have an effect on CPU receiving packets so it is supposed to be used with the help of the technical support Example Set the rate of the ARP packets to 500pps Switch config cpu rx ratelimit protocol arp 500 67 3 cpu rx ratelimit total Command cpu rx ratelimit total packets no cpu rx ratelimit total Function Set the total rate...

Page 971: ...ebug driver receive send command turns off the on off Parameter receive send show the information of receiving or sending packets interface interface list all interface list is the Ethernet port number all indicate all the Ethernet ports protocol protocol type discard all protocol type is the type of the protocol of the packet including snmp telnet http dhcp igmp arp ssh icmpv6 dot1x gvrp stp lacp...

Page 972: ...s the protocol type of the packets if do not input parameters show all statistic packets Command Mode Admin and configuration mode Default None Usage Guide This command is used to debug it is supposed to be used with the help of the technical support Example Show the statistics of CPU receiving ARP packets Switch show cpu rx protocol arp Type Rate limit TotPkts CurState arp 500 3 allowed ...

Page 973: ...ommand Mode Port Configuration Mode Usage Guide Enable disable the dynamic detection function of POE power through this command Example 1 Enable the dynamic detection function of POE power of port 1 0 1 10 Switch config interface ethernet 1 0 1 10 Switch config if port range power inline dynamic detect enable Example 2 Disable the dynamic detection function of POE power of port 1 0 1 10 Switch con...

Page 974: ...e unit is second Default 120s Command Mode Port Configuration Mode Usage Guide Configure the dynamic detection interval of POE power of the port through this command Example Configure the dynamic detection interval of POE power of the port 1 0 1 10 as 100s Switch config interface ethernet 1 0 1 10 Switch config if port range power inline dynamic detect interval 100 68 1 3 power inline enable Globa...

Page 975: ... Mode Default Enable Usage Guide Enabled Automatically detect PD In such a state PSE will automatically detect and classify a PD and provide power supply for it according to the classification If a PD connection is detected its specified output power will be satisfied as long as there is enough available power after which the corresponding LED indicator will be updated Otherwise the power distribu...

Page 976: ...r disabled on ports Examples Disable power supply on ports1 3 4 5 6 Switch Config interface ethernet 1 0 1 3 6 Switch Config Port Range no power inline enable 68 1 5 power inline high inrush Command power inline high inrush enable no power inline high inrush enable Function Enable the allowed high inrush current when nonstandard PD is powered instantaneously disable the allowed high inrush current...

Page 977: ...non standard IEEE PD Parameters None Command Mode Global Mode Default Do not provide power supply for non standard IEEE PD Usage Guide With this function enabled the switch will be compatible with and provide power supply for non standard IEEE PD Examples Set the switch to provide power supply for non standard IEEE PD Switch Config power inline legacy enable 68 1 7 power inline max Global Command ...

Page 978: ...lobal max output power to 50W Switch Config power inline max 50 68 1 8 power inline max Port Command power inline max max wattage no power inline max Function Set the max output power of a specified port Parameters max wattage the value of the max output power in mW ranging from 1 to 15400mW 802 3af 1 to 3000mW 802 3at with a granularity of 100mW Any value less than 100mW will be taken as 100mW th...

Page 979: ...y management policy mode is disabled Usage Guide Decide whether to use priority policy in power management policy The enable command will make priority policy in effect while no command will recover the first come first served policy With priority policy enabled port priority can be configured individually In priority mode when not enough PSE power is available ports with low priority will be clos...

Page 980: ... Command Mode Port Mode Default Port priority is low Usage Guide This command will take effect in the mode of power inline police enable Without enough available power for newly connected PD ports with higher priority will get power supply first Examples Set the priority of Port 1 to high and that of Port 2 to critical Switch Config interface ethernet 1 0 1 Switch Config Ethernet1 0 1 power inline...

Page 981: ...ble The global max value of available power Power Used The global value of used power Power Remaining The global value of remaining power Min Voltage The global threshold of under voltage Max Voltage The global threshold of over voltage Police The power priority policy status enabled or disabled Legacy The non standard PD detection status enabled or disabled Disconnect The PD disconnection mode HW...

Page 982: ...V Police Off Legacy Off Disconnect Ac Mode Signal HW Version 30 SW Version 05 0 5 68 2 1 2 show power inline interface ethernet Command show power inline interface ethernet interface number interface name Function Display the PoE configuration and status on specified ports Parameters interface list a list of specified ports specifying all ports by default Command Mode Admin Mode Default None ...

Page 983: ...supply priority Critical the highest level priority High the high level priority Low the low level priority Class Class Usage PD Input Power W 0 Default 0 44 12 95 1 Optional 0 44 3 84 2 Optional 3 84 6 49 3 Optional 6 49 12 95 4 Reserved treated as class 0 and reserved for future use It is impossible for a compatible PD to provide a class 4 signal Examples Display the current PoE status on port 1...

Page 984: ... Parameters None Command Mode Admin Mode Default None Usage Guide With debugging enabled relative information will be printed in the key processes while implementing commands for further debugging reference whenever an error occurs The no command will disable the debugging Examples Enable PoE debugging Switch debug power inline ...

Reviews:

No comments