Ruijie RG-S2600G-I Series Cli Reference Manual Download Page 905

Page: 905 / 1192

CLI Reference Guide

ACL Configuration Commands

VLAN tag field

Source IP address

DSAP (Destination Service

Access Point) field

Destination IP address

SSAP (Source Service Access

Point) field

TCP soure port

Ctrl field

TCP destination port

Org Code field

Sequence number

Encapsulated data type

Confirmation field

IP version number

IP header length and

reserved bits

TOS field

Resrved bits and flags bit

Length of IP packet

Windows size field

Others

Flags field

The offsets of fields in the above table are their offsets in 802.3 data frames of SNAP+tag.

access-list

Use this command to create an access list rule to filter data packets. The

form of this command

deletes the specified access list entries.

Standard IP access list (1 to 99, 1300 to 1999)

access-list

{

deny

permit

} {

source source-wildcard

host

source

any | interface

idx

}

[

time-range

tm-range-name

] [

log

]

Extended IP access list (100 to 199, 2000 to 2699)

access-list

{

deny

permit

}

protocol

{

source source-wildcard

host

source

any| interface

idx

}

{

destination

destination-wildcard

host

destination

any

} [

precedence

precedence

] [

tos

tos

]

[

fragment

] [

range

lower

upper

] [

time-range

time-range-name

] [

log

]

Extended MAC access list (700 to 799)

access-list

{

deny

permit

} {

any

host

source-mac-address

} {

any

host

destination-mac-address

} [

ethernet-type

][

cos

[

out

][

inner

]]

Extended expert access list (2700 to 2899)

access-list

{

deny

permit

} [

protocol

| [

ethernet-type

][

cos

[

out

][

inner

]]] [

VID

[

out

][

inner

]]

{

source

source-wildcard

host

source

any

} {

host

source-mac-address

any

} {

destination

destination-wildcard

host

destination

any

} {

host

destination-mac-address

any

} ][

precedence

precedence

] [

tos

tos

] [

fragment

] [

time-range

time-range-name

]

When you select the Ethernet-type field or cos field:

access-list

{

deny

permit

} {

ethernet-type|

cos

[

out

][

inner

]} [

VID

[

out

][

inner

]]

{

source

source-wildcard

host

source

any

} {

host

source-mac-address

any

} {

destination

destination-wildcard

host

destination

any

} {

host

destination-mac-address

any

} [

time-range

time-range-name

]

When you select the protocol field:

access-list

{deny | permit}

protocol [VID

[

out

][

inne

]] {

source

source-wildcard

| host

source

any

} {

host

source-mac-address

any

}{destination

destination-wildcard

host

destination

any}

{host

destination-mac-address

any} [precedence

precedence

] [

tos

tos

]

[fragment]

[

range

lower

Summary of Contents for RG-S2600G-I Series

Page 1: ...1 CLI Reference Guide RG S2600G I Series Switches RGOS 10 4 3b16...

Page 2: ...ted or otherwise in all or in part by any party in any means Exemption statement This document is provided as is The contents of this document are subject to change without any notice Please obtain th...

Page 3: ...with bolded characters 2 Command Line Format Convention Arial is used as the font for the command line The meanings of specific formats are described below Bold Key words in the command line which sha...

Page 4: ...ioned in the examples of this manual may not be consistent with the actual ones In real network environments you need configure port types according to the support on various products The display info...

Page 5: ...5...

Page 6: ...LINE Configuration Commands 6 File System Configuration Commands 7 Configuration Commands of Configuration File Management 8 CPU LOG Configuration Commands 9 Memory Configuration Commands 10 Syslog C...

Page 7: ...nd original command Syntax of the command represented by the alias Default Settings Some commands in the privileged EXEC mode have default alias names Command mode Global configuration mode Usage guid...

Page 8: ...ne word the command will be displayed in brackets For example if you set sv stand for show version in the privileged EXEC mode then Ruijie s s show sv show version show start chat start terminal servi...

Page 9: ...s Show the aliases settings privilege To attribute the execution rights of a command to a command level use privilege in the global configuration mode The no form of this command recovers the executio...

Page 10: ...e keychain key KeyChain key configuration mode time range Time Range configuration mode Examples Set the password of CLI level 1 as test and attribute the reload rights to reset the device Ruijie conf...

Page 11: ...rivileged EXEC mode show aliases mode Parameter description Parameter Description mode Mode of the command represented by the alias Default Settings N A Command mode EXEC mode Usage guidelines Show al...

Page 12: ...ommand sets the logging banner message which is displayed upon login All characters behind the terminating symbol will be discarded by the system Configuration Examples The following example shows the...

Page 13: ...witch all switchid priority prefix directory filename no boot system priority switch all switchid Parameter Description Parameter Description priority Boot priority of a main program in the range of 1...

Page 14: ...riority parameter is not set the configured filenames of all boot main programs will be deleted If the no boot system command is used to delete all the configured filenames of boot main programs and n...

Page 15: ...Description boot ip Configure the local IP for TFTP transmission during device booting show boot Show the boot related configuration of the device Platform Description N A clock set To configure syst...

Page 16: ...Privileged EXEC mode Usage Guide Some platforms use hardware clock to complement software clock Since battery enables hardware clock to run continuously even though the device is closed or restarts h...

Page 17: ...following the disable command must be lower than the current level Configuration Examples The example below lowers the current privilege level of the device down to level 10 Ruijie disable 10 Related...

Page 18: ...ode Usage Guide No encryption is required in general The encryption type is required generally when the password that has been encrypted with the command for the device are to be copies and pasted The...

Page 19: ...o password and security passwords The password is simple encryption password which can be set only for level 15 The security means the security encryption password which can be set for level 0 15 If t...

Page 20: ...on mode Usage Guide This command is used to enable the specified service Use the no enable service command to disable the specified service The enable service web server command is followed with three...

Page 21: ...form Description execute To execute the commands in the batch files use the privileged EXEC mode command execute execute flash filename Parameter Description Parameter Description flash Parent directo...

Page 22: ...The execution result is as below Ruijie execute flash line_rcms_script text executing script file line_rcms_script text executing done Ruijie configure terminal Enter configuration commands one per l...

Page 23: ...http authentication enable local Parameter Description Keyword Description enable Use the password set by the enable password or enable secret the password must be of the level15 local Use the usernam...

Page 24: ...n enable service Enable or disable the specified service ip http source port This command is used to configure the port for HTTPS services in the global configuration mode ip http source port number P...

Page 25: ...global Telnet connetction When using the telnet command to log in a Telnet server if no source interface or source address is specified for this connnetcion the global setting is used Use the no ip te...

Page 26: ...ck in corresponding line Configuration Examples The example below locks a terminal interface Ruijie config line lockable Ruijie config line end Ruijie lock Password password Again password Locked Pass...

Page 27: ...d is used to delete the line logon password authentication login no login Parameter Description Parameter Description Defaults Command Mode Line configuration mode Usage Guide If the AAA security serv...

Page 28: ...guration mode Usage Guide If the AAA security server is enabled this command is used for the logon authentication with the specified method list Configuration Examples The example below shows how to a...

Page 29: ...al Related Commands Command Description username Configure the local user information Platform Description password To configure the password for line logon execute the line configuration command pass...

Page 30: ...password strong It sets strong password check no repeat times It restricts using the passwords configured in recent times repeatedly times It specifies the passwords configured lately life cycle It co...

Page 31: ...authorization commands Usage Guide Please refer to the chapter of configure CLI authorization commands Configuration Examples Please refer to the chapter of configure CLI authorization commands Relat...

Page 32: ...th day year text cancel Parameter Description Parameter Description text Cause to restart 1 255 bytes in mmm hh mm The system is restarted after specified time interval at hh mm The system is restarte...

Page 33: ...the service password encryption and show running or write command to save the configuration the password transforms into cipher text If you disable the command the password in cipher text cannot be r...

Page 34: ...minutes Ruijie config line exec timeout 5 output Related Commands Command Description Platform Description show boot Use this command to show the boot related configuration of the device show boot co...

Page 35: ...config_main text Service config Disabled 2 The example below shows the configuration of network startup config filename Ruijie show boot network Network config file tftp 192 168 7 24 config text Serv...

Page 36: ...3205120 2008 08 26 05 25 09 flash rgos_bak bin 9 N A N A tftp 192 168 7 24 rgos bin 10 Related Commands Command Description Platform Description N A show clock To view the system time execute the priv...

Page 37: ...ration of a vty line line num Number of the line Command Mode Privileged EXEC mode Usage Guide This command shows the configuration information of a line Configuration Examples The following example s...

Page 38: ...mples Ruijie show mainfile MainFile name rgos bin Related Commands Command Description boot system Set the filename of the boot main program Platform description N A show reload To show the restart se...

Page 39: ...running execute the privileged user command show running config show running config Parameter Description Parameter Description Defaults Command Mode Privileged EXEC mode Usage Guide Configuration Ex...

Page 40: ...gured by the boot config command and the file exists startup config indicates the configuration stored in the configuration file that specified by the boot config command If the configuration file spe...

Page 41: ...information of the system execute the command show version in the privileged EXEC mode show version devices module slots Parameter Description Parameter Description devices Current device information...

Page 42: ...scription Platform Description N A show web server status This command is used to show the configuration and status of a web server show web server status Parameter Description Parameter Description D...

Page 43: ...terminal transmits packets Configuration Examples The following example shows how to configure the rate of the serial port to 57600 bps Ruijie config line console 0 Ruijie config line speed 57600 Rel...

Page 44: ...ernet 0 1 vrf vpn1 Example 2 commands telnet to 2AAA BBBB CCCC Ruijie telnet 2AAA BBBB CCCC Related Commands Command Description ip telnet source interface Specify the IP address of the interface as t...

Page 45: ...lege 15 password 0 pw15 Related Commands Command Description login local Enable local authentication Platform Description username permission Use the username permission command in the global configur...

Page 46: ...onfig username test permission null Example 3 configures the user test to have permissions to read write and execute all files and catalogs except for the file config text Ruijie config username test...

Page 47: ...y no key work or is followed by all the HTTP and HTTPS services are both enabled if the command is followed by http only HTTP service is enabled if the command is followed by https only HTTPS service...

Page 48: ...82379 web1 2 1 145680 upd 3 1 2 1 82378 web1 2 1 145680 upd Related Commands Command Description http update Upgrades specific files manually Platform Description N A http update Use this command to...

Page 49: ...is disabled by default Command Mode Global configuration mode Usage Guide You can use this command to configure the HTTP upgrade mode If this command is configured in the auto detect mode the device w...

Page 50: ...ver address configured by this command If it fails to connect to the address it will seek to connect to addresses in the local record If no address can be connected the upgrade fails The system will r...

Page 51: ...er rgos ruijie com cn on the configured time everyday to detect files that can be upgraded Information of files acquired can be viewed on the Web interface If the no form of the command is used the de...

Page 52: ...ip http authentication Parameter Description Parameter Description enable Adopts the password set with the enable password or enable secret command for verification the password must be 15 level local...

Page 53: ...ide You can use this command to set HTTP service s port Configuration Examples The following example sets HTTP service s port number as 8080 Ruijie configure terminal Enter configuration commands one...

Page 54: ...ds Command Description enable service web server Enables the HTTP service show web server status Shows the web server status Platform Description show web server status Use this command to show Web se...

Page 55: ...ption type 0 means no encryption while 7 means simple encryption encrypted password Password text Defaults Command Mode Global configuration mode Usage Guide To use the HTTP service you need to pass t...

Page 56: ...ide HTTP Service Configuration Commands Ruijie config webmaster level 0 username ruijie password admin Related Commands Command Description enable service web server Enables the HTTP service Platform...

Page 57: ...ed version to the device In addition reset the device after usage so that the device can run on the new version You cannot run the upgrade system command to degrade the system to a version earlier tha...

Page 58: ...ilename Parameter Description Parameter Description filename Name of the file to be synchronized The file is located on the master device and supports only a flash prefix Defaults Command Mode Privile...

Page 59: ...CLI Reference Guide UPGRADE Configuration Commands file OK 10 414 752 bytes Synchornize file to slave devices successfully Related Commands Command Description Platform Description N A...

Page 60: ...ctions out Perform access control over the outgoing connections Default configuration By default no ACL is configured under Line All connections are accepted and all outgoing connections are allowed C...

Page 61: ...first line Number of first line to enter last line Number of last line to enter Default configuration N A Command mode Global configuration mode Usage guidelines Access to the specified LINE mode Exam...

Page 62: ...t input to restore the protocols under Line that can be used for communication to the default value transport input all ssh telnet none default transport input Parameter description Parameter Descript...

Page 63: ...configuration information under Line Note You can restore the default configuration by using the default transport input command The no transport input command is used to disable all the communication...

Page 64: ...arameter to the directory you want to enter Use the pwd command to view the present directory Configuration Examples Example 1 The following example sets usb0 root directory as the present directory R...

Page 65: ...ard on the M2 slot of the chassis with switch id 1 in the VSU mode sw2 m1 disk0 Management board on the M1 slot of the chassis with switch id 2 in the VSU mode sw2 m2 disk0 Management board on the M1...

Page 66: ...card to the U disk Ruijie copy sd0 config text usb0 config text Example 9 Obtain the command line help to judge which file system prefix combinations are supported by the current products and versions...

Page 67: ...in the URL This command supports deleting the files stores in the local storage media i e the URL must be one of the flash usb0 or usb1 slave If the prefix is not specified in the URL it indicates to...

Page 68: ...directory If no parameter is specified the information of the files in the present directory is shown by default This command does not support the wildcard Configuration Examples Example 1 Show the f...

Page 69: ...y you want to create including the path If the created file has been existed the creation will fail If the upper level for the directory to be created is inexistent it fails to create the specified di...

Page 70: ...b0 1 flash and slave Configuration Examples Example 1 Move the log txt to the upper level directory and rename it config txt Ruijie rename tmp log txt config txt Example 2 Move the log txt in the slav...

Page 71: ...be empty Since this command supports abbreviations you can also use the rm command to delete empty directories Configuration Examples If there is tmp directory in the present directory and the directo...

Page 72: ...system information show file systems Parameter Description Parameter Description N A N A Defaults N A Command Mode Privileged EXEC mode Usage Guide Use this command to show the file systems supported...

Page 73: ...de Usage guidelines Use the archive command to switch to the archive configuration mode Use the end command or enter CTRL C to return to the privileged EXEC mode Use the exit command to return to the...

Page 74: ...mands one per line End with CNTL Z Ruijie config archive Ruijie config archive log config Ruijie config archive log config hidekeys Related commands Command Description archive Enter the archive confi...

Page 75: ...switches to the archive log management configuration mode Ruijie configure terminal Enter configuration commands one per line End with CNTL Z Ruijie config archive Ruijie config archive log config Rel...

Page 76: ...nagement configuration mode logging size Use this commad to specify the maximum number of the entries saved in the configuration log The no form of this command is used to restore it to the default va...

Page 77: ...ending the configuration change notification to the remote log server notify syslog no notify syslog Parameter description Parameter Description Default Prohibit sending the configuration notification...

Page 78: ...all configuration logs starting with this record If the end num is specified at the same time it will show the configuration logs with the record number between the start num and end num if the start...

Page 79: ...ing is specified show the configuraitons in the format that is in the configuration files Examples The following example shows the configuration logs numbered 1 to 2 Ruijie show archive log config 1 2...

Page 80: ...1270 bytes Total memory allocated for session tracking 1270 bytes Total memory freed from session tracking 0 bytes Config Log log queue Info Number of entries in the log queue 3 Memory being held in t...

Page 81: ...les Ruijie show cpu CPU Using Rate Information CPU utilization in five seconds 25 CPU utilization in one minute 20 CPU utilization in five minutes 10 NO 5Sec 1Min 5Min Process 0 0 0 0 LISR INT 1 7 2 1...

Page 82: ...tcptimer 37 8 1 0 ef_res 38 0 0 0 ef_rcv_msg 39 0 0 0 ef_inconsistent_daemon 40 0 0 0 ip6_tunnel_rcv_pkt 41 0 0 0 res6t 42 0 0 0 tunrt6 43 0 0 0 ef6_rcv_msg 44 0 0 0 ef6_inconsistent_daemon 45 0 0 0 i...

Page 83: ...86 0 0 0 bcmTX 87 0 0 0 bcmXGS3AsyncTX 88 0 2 1 bcmLINK 0 89 0 0 0 bcmRX 90 0 0 0 mngpkt_rcv_thread 91 0 0 0 mngpkt_recycle_thread 92 0 0 0 stack_task 93 0 0 0 stack_disc_task 94 0 0 0 redun_sync_task...

Page 84: ...U utilization of the tasks The last line refers to the CPU utilization of the idle task which is the same as the System Idle Porcess in the Windows In the example above CPU utilization of idle task wi...

Page 85: ...has been down only when the CPU high and low threshold switches over Examples This example shows how to set the low and high threshold of the cpu log utilization limit to 70 and 80 respectively Ruiji...

Page 86: ...lower threshold The upper routing protocol includes BGP OSPF RIP PIM SM memory lack exit policy bgp ospf pim sm rip no memory lack exit policy Parameter description Parameter Description bgp ospf pim...

Page 87: ...ure the BGP exit policy when the memory lacks Specifying the disabled routing protocol to take precedence to exit the policy can not help the system obtain enough memory resources Note The exit policy...

Page 88: ...llowing table Parameter Description min The memory resources are extremely insufficient It can only keep the kernel running All application modules fails to run if the minimum watermark has been reach...

Page 89: ...ay the usage of the memory for the routing protocols Note Different switches and versions support different routing protocols The main routing protocols are BGP OSPF RIP LDP PIM ISIS and ect Examples...

Page 90: ...e log packets from the memory buffer Ruijie clear logging Related Commands Command Function logging on Record logs on different devices show logging Show the logs in the buffer logging buffered Record...

Page 91: ...level The logs in the memory buffer are temporary and will be cleared in case of device restart or the execution of the clear logging command by privileged user To trace a problem it is required to r...

Page 92: ...everity of logs that are allowed to be displayed on the console The no form of the command disables displaying the logs on the console logging console level no logging console Parameter Description Pa...

Page 93: ...Usage Guide This command enables the log statistics function The statistics begins when the function is enabled If you run no logging count the statistics function is disabled and the statistics data...

Page 94: ...user User level messages 2 mail Mail system 3 daemon System daemons 4 auth1 security authorization message 5 syslog Messages generated internally by syslogd 6 lpr Line printer system 7 news USENET new...

Page 95: ...uration Examples Following is to set the device value of Syslog as kernel Ruijie config logging facility kern Related Commands Command Description logging console Set the severity of logs that are all...

Page 96: ...sage Guide If no Syslog Server is specified or it is not desired to transfer logs in the network due to the consideration of security purpose it is possible to save the logs directly in flash The exte...

Page 97: ...e To print log messages on the VTY window execute first the privileged user command terminal monitor The level of logs to be displayed is defined with logging monitor The log level defined with Loggin...

Page 98: ...sh Record logs on the FLASH logging console Set the log level to be displayed on the console logging monitor Set the log level to be displayed on the VTY window such as telnet window logging trap Set...

Page 99: ...logs and related log configuration parameters in the buffer Platform Description logging rd on Configure this command on the host in global configuration mode to enable log redirection in VSU environm...

Page 100: ...iption Parameter Description number Log information allowed to be redirected per second which ranges from 1 to 10000 Except No rate limit is imposed on log information on and below this error level Th...

Page 101: ...the log server ipv6 address Specify IPV6 address of the log server Defaults By default it does not send the logs to any syslog server Command Mode Global configuration mode Usage Guide This command sp...

Page 102: ...address so that the administrator can identify which device is sending the message through the unique address If no source interface of the device or no IP address of the source interface is configure...

Page 103: ...to fix the source address of all log messages as an address so that the administrator can identify which device is sending the message through the unique address If no IP address is configured for th...

Page 104: ...of user input and log output preventing the user from interrupting when keying in the characters Configuration Examples Ruijie config line console 0 Ruijie config line logging synchronous Print UP DO...

Page 105: ...onfiguration command logging to configure the Syslog Server Then execute logging trap to specify the severity of logs to be sent The show logging command displays the related setting parameters and st...

Page 106: ...to the FLASH Platform Description service private syslog Use this command in global configuration mode to adjust the log format to the private log display format Use the no form of this command to rem...

Page 107: ...on the log switch service timestamps Enable the timestamp in log information Platform Description service sequence numbers Use this command to attach sequential numbers into the logs The no form of t...

Page 108: ...nformation about mnemonic detailed log information For example May 31 23 25 21 SYS 5 CONFIG_I Configured from console by console If the standard log format is enabled the log information on the device...

Page 109: ...nfigured from console by console Ruijie config terminal Enter configuration commands one per line End with CNTL Z Ruijie config service sysname Ruijie config end Ruijie Mar 22 15 35 57 S3250 SYS 5 CON...

Page 110: ...has no RTC the time stamp is automatically set to the device start time Command Mode Global configuration mode Usage Guide When the uptime option is used the time format is the running period from th...

Page 111: ...2 168 200 112 Log Buffer Total 131072 Bytes have written 1336 015487 Sep 19 02 46 13 Ruijie LINK 3 UPDOWN Interface FastEthernet 0 24 changed state to up 015488 Sep 19 02 46 13 Ruijie LINEPROTO 5 UPDO...

Page 112: ...nds Command Function logging on Record logs on different devices clear logging Clear the logs in the buffer Platform Description show logging count Use this command to show the log statistics show log...

Page 113: ...terminal no monitor Parameter Description Parameter Description Defaults By default it is not allowed to display log information on the VTY window Command Mode Privileged user mode Usage Guide This co...

Page 114: ...cluster Command mode Global configuration mode Usage guidelines The no form of this command is used to clear the cluster related information on the device If the device has added to one cluster the m...

Page 115: ...f this command to restore it to the default value cluster discovery hop count number no cluster discovery hop count Parameter description Parameter Description number Scope hop count of the cluster di...

Page 116: ...cters number Optional set the serial number for the commander device within the range of 0 to 255 The default value is 0 Default No cluster is created by default Command mode Global configuration mode...

Page 117: ...member devices and candidate devices This value can be used to check whether the device is invalid and it shall be greater than cluster timer otherwise the cluster topology information generates and...

Page 118: ...command to add a member device to the cluster Use the no form of this command to delete one member device cluster member number mac address H H H password enable password no cluster member number Para...

Page 119: ...d show cluster members in the Privileged EXEC mode to show the related configurations Examples The following example adds the device with MAC address 00d0 f8fe 1007 to the cluster and specify the seri...

Page 120: ...ds Command Description show cluster Show the basic information of the cluster to which the device belongs show cluster candidates Show the candidate devices show cluster member Show the member devices...

Page 121: ...basic information of the cluster to which the device belongs show cluster candidates Show the candidate devices show cluster member Show the member devices cluster timer Use this command to set the cl...

Page 122: ...itches copy cluster tftp Use the command copy cluster tftp to upload or download files through the cluster commander device proxy TFTP for the cluster member device in the Privileged EXEC mode Use the...

Page 123: ...nfig cluster tftp server 172 10 1 1 Ruijie config exit Ruijie rcommand 1 Ruijie 1 Enter the command line interface of the member device Ruijie 1 copy cluster tftp config text flash Use the cluster TFT...

Page 124: ...mber device for the management To return from the logged device execute the exit command in the Privileged EXEC mode Examples The following example logs on the member device 1 from the commander devic...

Page 125: ...the member device Examples The following example shows the basic information of the cluster on the commander device Ruijie show cluster Cluster clus0 Command switch Member number 0 Command switch mac...

Page 126: ...e Related commands Command Description cluster enable Create a cluster cluster member Add a member device into the cluster cluster run Enable the cluster function on the device show cluster candidates...

Page 127: ...nd clusters LcPort Port connecting with the uplink device on the candidate devices UpSN Cluster member number of the uplink device if it is the cluster member UpMAC MAC address of the uplink device Up...

Page 128: ...vices without other members Examples The following example shows the member devices on the commander Ruijie show cluster member SN MAC Name Hops State LcPort UpSN UpMAC UpPort 0 00d0 f8fe 1007 switch...

Page 129: ...mmand device 2 The following example shows the member devices on the member device2 Ruijie show cluster member SN MAC Name Hops State LcPort UpSN UpMAC UpPort 0 00d0 f8fe 1007 switch 1 0 up Cmdr 2 00d...

Page 130: ...uplink device UpMAC MAC address of the uplink device UpPort Port connecting with the member device on the uplink device Related commands Command Description cluster enable Create a cluster cluster me...

Page 131: ...ult All the files are synchronized by default Command mode Redundancy configuration mode Usage guidelines Generally the standard synchronization should be used if there is no special requirement Examp...

Page 132: ...g red auto sync time period 60 Redundancy auto sync time period enabled 60 seconds Ruijie config red exit The following example disables auto sync Ruijie config redundancy Ruijie config red no auto sy...

Page 133: ...helf Reset the master and slave devices Default N A Command mode Privileged EXEC mode Usage guidelines The redundancy reload peer does not affect the data transfer During the resetting of the Slave th...

Page 134: ...Reset the master supervisor engine switchover timeout In the redundancy configuration mode use the switchover timeout command to configure the switchover timeout value for the supervisor engine Use t...

Page 135: ...or the detailed information please refer to auto sync description in previous text show redundancy auto sync Default N A Command mode User mode or Privileged EXEC mode Examples Ruijie enable Ruijie sh...

Page 136: ...s Redundancy states My state 19 ACTIVE peer state 37 STANDBY HOT show redundancy switchtimeout Use show redundancy switchtimeout command to show current redundanct switchover timeout time in user EXEC...

Page 137: ...e 1 In the srm policy configuration mode execute cpu command to enter the owner cpu configuration mode Ruijie config srm policy cpu Ruijie config owner cpu Related commands Command Description resourc...

Page 138: ...source user group named rgos_group and add the snmpd into the group and finally apply the monitoring policy to the group Ruijie configure terminal Ruijie config resource manager Ruijie config srm user...

Page 139: ...nd enter the SRM policy configuration mode policy In the srm configuration mode execute policy command to create the monitoring policy and enter the srm policy configuration mode policy policy name gl...

Page 140: ...licy name In the config res group configuration mode execute policy policy name command to associate the group with monitoring policy policy policy name no policy policy name Parameter description Par...

Page 141: ...slot slot id Specify the board card to be configured subsystem subsystem id Subsystem id range 0 1 equivalent to the cpu id displayed after executing show version command Default N A Command mode Glob...

Page 142: ...the rising value no Remove the waterline Default N A Command mode owner memory or owner cpu configuration mode Usage guidelines Caution The rising waterline of major must be greater than that of mino...

Page 143: ...olicy name Name of monitor policy no Remove the association between resource user and monitoring policy Default N A Command mode srm configuration mode Usage guidelines N A Examples Example 1 Configur...

Page 144: ...rce user and monitoring policy Default N A Command mode srm configuration mode Usage guidelines N A Examples Example 1 Configure a global monitoring policy named rgos_policy and apply to the global re...

Page 145: ...RM configuration mode Usage guidelines N A Examples Example 1 Configure a resource user group named rgos_group Ruijie configure terminal Ruijie config resource manager Ruijie config srm user group rgo...

Page 146: ...SRM Configuration Commands subsystem subsystem i d Subsystem id range 0 1 equivalent to the cpu id displayed after executing show version command Default N A Command mode Global configuration mode Us...

Page 147: ...2 APP_TASK printk_task 0x3 APP_TASK_TS waitqueue_process 0x4 PROT_TASK tasklet_task 0x5 PROT_TASK cmic_pause_detect 0x6 PROT_TASK idle 0x7 IDLE kevents 0x8 PROT_TASK snmpd 0x9 PROT_TASK snmp_trapd 0xa...

Page 148: ...ons show resource notification owner all cpu memory slot slot id subsystem subsystem id Parameter description Parameter Description all Statistics of all ROs cpu Statistics of CPU memory Statistics of...

Page 149: ...if cr U D ma U D mi U D rgnos_group cr 0 0 ma 0 0 mi 0 0 Single User Group User Notif cr U D ma U D mi U D ktimer cr 0 0 ma 0 0 mi 0 0 Owner memory RU Global Global Notif cr U D ma U D mi U D global N...

Page 150: ...minor waterlines U refers to UP event notification D refers to DOWN event notification Related commands Command Description show resource owner Display information about SRM resource owner show resou...

Page 151: ...ntime ms 5Sec 1Min 5Min rgnos_group 1590380 0 0 0 RU Runtime ms 5Sec 1Min 5Min rl_con 171420 0 0 0 stat_get_and_send 1585180 1 1 1 cmic_pause_detect 1585180 0 0 0 mem_info_task 1602670 0 0 0 idle_vlan...

Page 152: ...er memory Total Size B 536870912 Used Size B 143081472 Used Ratio 27 RU Group Allocated Size B Alloc Cnt Free Cnt local 1 0 0 0 RU Allocated Size B Alloc Cnt Free Cnt Ktimer 0 7065 14 atimer 92 2343 3...

Page 153: ...e byte Alloc Cnt Memory allocation count Free Cnt Memory releasing count Runtime ms Runtime millisecond 5Sec Percentage of cpu resources occupied by the resource user in 5 seconds 1Min Percentage of c...

Page 154: ...policy Name rgnos_global_policy Type Global In Use No RO memory critical rising 98 interval 2600 falling 40 interval 2600 major rising 80 interval 4000 falling 30 interval 4000 minor rising 45 interv...

Page 155: ...rval 2900 major rising 86 interval 3800 falling 40 interval 3800 minor rising 61 interval 5900 falling 10 interval 5900 Field Description Policy Name Name of monitoring policy Type Type of monitoring...

Page 156: ...imer Single User Group Field Description Policy Monitoring policy Resource User Resource user group User Type Group type including Global Group Multi User Group and Single User Group with the meaning...

Page 157: ...the cpu id displayed after executing show version command Default N A Command mode Global configuration mode Usage guidelines N A Examples Example 1 Display all RU group information Ruijie show resour...

Page 158: ...policy User Resource user Resource Owner Resource owner Allocated Size B Allocated memory size byte Alloc Cnt Memory allocation count Free Cnt Memory releasing count Runtime ms Runtime millisecond 5S...

Page 159: ...ion Examples The following example configures the maximum number of policy based routes to 100 Ruijie config initialization route pbr 1 256 Max number of policy based route entry Ruijie config initial...

Page 160: ...he maximum number of the shared pools initialization route shared pool max_num no initialization route shared pool Parameter Description Parameter Description max_num The maximum number of the shared...

Page 161: ...ng value and the default value of all types of hardware entry capacities Configuration Examples The following example displays the hardware entry capacity Ruijie show initialization route config runni...

Page 162: ...figuration Commands 6 Protocol VLAN Configuration Commands 7 Private VLAN Configuration Commands 8 Share VLAN Configuration Commands 9 Voice VLAN Configuration Commands 10 MAC VLAN Configuration Comma...

Page 163: ...rier detection signals DCD of the interface link turns from the Down status to the Up status If the DCD changes within the delay the system will ignore such changes without disconnecting the upper dat...

Page 164: ...y counters or the clear counters command to clear counters If no interface is specified the counters on all interfaces will be cleared Configuration Examples Ruijie clear counters gigabitethernet 1 1...

Page 165: ...ion Use this command to set an interface alias Add no in the command to restore the default description string no description Parameter Description Parameter Description string Interface alias Default...

Page 166: ...uplex Parameter Description Parameter Description auto Self adaptive full duplex and half duplex full Full duplex half Half duplex Defaults Auto Command Mode Interface configuration mode Usage Guide T...

Page 167: ...rol on Enable the flow control receive Receiving direction of the non symmetric flow control send Sending direction of the non symmetric flow control Defaults By default flow control is disabled Comma...

Page 168: ...he equipment and extended modules Defaults Command Mode Global configuration mode Usage Guide Based on certain rules you can add other ports to an aggregate port All the members of an aggregate port a...

Page 169: ...er so this interface type cannot be deleted Use show interfaces or show interfaces fastEthernet to display the interface configuration Configuration Examples Ruijie config interface fastEthernet 1 2 R...

Page 170: ...interface configuration mode interface tenGigabitEthernet mod num port num Parameter Description Parameter Description mod num port num The range varies with the device and the extended module Comman...

Page 171: ...Parameter Description Parameter Description vlan id VLAN ID Its range depends by products Defaults Command Mode Global configuration mode Usage Guide Use show interfaces or show interfaces vlan to dis...

Page 172: ...is used to show the line status and locate the cause of a line failure for example the line is broken Configuration Examples Ruijie config interface gigabitEthernet 0 1 Ruijie config if GigabitEthern...

Page 173: ...point Related Commands Command Description Platform Description medium type Use this command to select the medium type for an interface Add no in the command to restore it to the default setting mediu...

Page 174: ...ombo interface cannot automatically determine whether the current port is an SFP or 10 100 1000M BASE T interface mtu Use this command to set the MTU on the interface mtu num Parameter Description Par...

Page 175: ...o shutdown command If you shut down the interface the configuration of the interface does not take effect You can view the interface status by using the show interfaces command If you use the script t...

Page 176: ...e For an interface such as Ethernet interface AP interface and SVI interface this command determines whether to send LinkTrap on the interface If the function is enabled the SNMP sends the LinkTrap wh...

Page 177: ...uto The transmission rate of the interface is adaptive Defaults Auto Command Mode Interface configuration mode Usage Guide If an interface is an aggregate port member its rate may vary with that of th...

Page 178: ...Defaults All the interfaces work in Layer 2 mode by default Command Mode Interface configuration mode Usage Guide This command applies only to physical interfaces The switchport command is used to di...

Page 179: ...VLAN 1 Command Mode Interface configuration mode Usage Guide Enter one VLAN ID The system will create a new one and add the interface to the VLAN if you enter a new VLAN ID If the VLAN ID already exis...

Page 180: ...tion mode Usage Guide If a switch port is an access port it can be a member port of only one VLAN Use switchport access vlan to specify the member of the VLAN A trunk port can be a member port of vari...

Page 181: ...ist remove removes a specified VLAN list from the allowed VLAN list except adds all the VLANs other than those in the specified VLAN list to the allowed VLAN list native vlan vlan id Specify the nativ...

Page 182: ...ion mtu status module module id vlan vlan id switchport trunk transceiver alarm diagnosis usage Parameter Description Parameter Description interface id Interface including Ethernet interface aggregat...

Page 183: ...parameter is specified The functions of showing the optical module information raising fault alarms and diagnosing parameters must be used together with the optical modules of the RG network To show t...

Page 184: ...isions 0 interface resets Example 2 shows the interface information when the Gi0 1 is an Access port SwitchA show interfaces gigabitEthernet 0 1 Index dec 1 hex 1 GigabitEthernet 0 1 is DOWN line prot...

Page 185: ...protocol is Bridge loopback not set Keepalive interval is 10 sec set Carrier delay is 2 sec RXload is 1 Txload is 1 Queueing strategy FIFO Output queue 0 0 0 drops Input queue 0 75 0 drops Switchport...

Page 186: ...ng YES Vendor Serial Number 101680093602489 Example 6 shows the current measured value of the optical module diagnosis parameter on the Gi0 1 port Ruijie show interfaces gigabitEthernet 0 1 transceive...

Page 187: ...es 0 packets received of length in octets 64 0 65 127 4 128 255 0 256 511 0 512 1023 0 1024 1518 0 Interface GigabitEthernet 1 0 2 5 minutes input rate 0 bits sec 0 packets sec 5 minutes output rate 0...

Page 188: ...0 bits sec 0 packets sec InOctets 408 InUcastPkts 4 InMulticastPkts 0 InBroadcastPkts 0 OutOctets 408 OutUcastPkts 4 OutMulticastPkts 0 OutBroadcastPkts 0 Undersize packets 0 Oversize packets 0 colli...

Page 189: ...ics of all member ports on VLAN 1 only shows the information of parts of the ports not the information of all ports Ruijie show interfaces counters vlan 1 Interface GigabitEthernet 1 0 1 5 minutes inp...

Page 190: ...bers 0 CRC alignment errors 0 AlignmentErrors 0 FCSErrors 0 dropped packet events due to lack of resources 0 packets received of length in octets 64 0 65 127 4 128 255 0 256 511 0 512 1023 0 1024 1518...

Page 191: ...rnet 1 0 23 down 1 Unknown Unknown copper GigabitEthernet 1 0 24 down 1 Unknown Unknown copper GigabitEthernet 1 0 25 down 1 Unknown Unknown copper Example 14 shows the bandwidth usage value of the sp...

Page 192: ...CLI ReferenceInterface Configuration Commands Interface Configuration Commands Platform Description...

Page 193: ...mode Usage guidelines If you have bound an IP address and a MAC address the switch will discard the packets that have the same source IP address but different source MAC address Examples This is an ex...

Page 194: ...he version must be RGOS10 1 and later address bind ip address Use this command to configure IP address MAC address binding address bind ip address mac address no address bind ip address Parameter desc...

Page 195: ...bal configuration mode Default value Strict mode Usage guidelines There are three IP address binding modes compatible loose and strict The following table shows the forwarding rules corresponding to b...

Page 196: ...ink intf id no address bind uplink intf id Parameter description Parameter Description intf id Exceptional port Command mode Global configuration mode Usage guidelines If you have bound an IP address...

Page 197: ...sses of the specified interface vlan vlan id Clear all the dynamic MAC addresses of the specified VLAN Command mode Privileged EXEC mode Usage guidelines Use show mac address table dynamic to display...

Page 198: ...estore it to the default setting mac address table aging time seconds no mac address table aging time Parameter description Parameter Description seconds Aging time of the dynamic MAC address in secon...

Page 199: ...the frame according to the destination MAC address only Default configuration No filtering address is configured by default When configuring this command without the source or destination specified t...

Page 200: ...aximum number of the entries in the MAC address notification table is 50 Command mode Global configuration mode Usage guidelines The MAC address notification function is specific for only dynamic MAC...

Page 201: ...e forwarded to Default configuration No static MAC address is configured by default Command mode Global configuration mode Usage guidelines A static MAC address has the same function as the dynamic MA...

Page 202: ...ive mode Parameter description N A Command mode Global configuration mode Usage guidelines After the management and learning mode of the dynamic MAC address is set to the dispersive mode the device ca...

Page 203: ...rm description mac manage learning uniform learning synchronization Use this command to synchronize the dynamic MAC address in the whole device in the uniform mode no mac manage learning uniform learn...

Page 204: ...ss Binding MAC Addr 3 3 3 3 00d0 f811 1112 3 3 3 4 00d0 f811 1117 Related commands Command Description address bind Enable IP address MAC address binding show address bind uplink Use this command to s...

Page 205: ...address and filtering address show mac address table address mac addr interface interface id vlan vlan id Parameter description Parameter Description address mac addr Specified MAC address interface...

Page 206: ...address show mac address table aging time Use this command to display the aging time of the dynamic MAC address show mac address table aging time Command mode Privileged EXEC mode Examples Ruijie show...

Page 207: ...ified vlan show mac address table dynamic Use this command to show the dynamic MAC address show mac address table dynamic address mac addr interface interface id vlan vlan id Parameter description Par...

Page 208: ...nd mode Privileged EXEC mode Examples Ruijie show mac address table filtering Vlan MAC Address Type Interface 1 0000 2222 2222 FILTER Not available Related commands Command Description clear mac addre...

Page 209: ...Command Description show mac address table static Show the static MAC address show mac address table filtering Show the filtering MAC address show mac address table dynamic Show the dynamic MAC addre...

Page 210: ...the dispersive mode show mac address table notification Use this command to show the MAC address notification configuration and the MAC address notification table show mac address table notification i...

Page 211: ...c Use this command to show the static MAC address show mac address table static addr mac addr interface interface id vlan vlan id Parameter description Parameter Description mac addr Destination MAC a...

Page 212: ...1003 STATIC gigabitethernet 1 1 Related commands Command Description show mac address table static Show the static MAC address show mac address table filtering Show the filtering MAC address show mac...

Page 213: ...ion Disabled Command mode Interface configuration mode Usage guidelines Use show mac address table notification interface to display configuration Examples Ruijie config interface gigabitethernet 1 1...

Page 214: ...forwarded through different ports The packets with the same source and destination IP address pairs are forwarded through the same links At layer 3 this load balancing style is recommended dst ip Traf...

Page 215: ...ncing algorithm configuration Configuration Examples Configure the MAC address based load balancing Ruijie config aggregateport load balance dst mac Related Commands Command Description show aggregate...

Page 216: ...escription Parameter Description aggregate port number Interface number of the aggregate port load balance Show the load balance algorithm on the aggregate port summary Show the summary of the aggrega...

Page 217: ...regation group numbers supported for different products active Places a port into an active negotiating state in which the port initiates negotiations with remote ports by sending LACP packets passive...

Page 218: ...the ports with the function of forbidding the member ports to add to or leave the AP enabled and the function of forbidding the member ports to add to or leave the AP cannot be enabled on the LACP mem...

Page 219: ...system priority is 32768 Command mode Global configuration mode Usage guidelines LACP system priority consists of the Layer2 management MAC address and its priority value where the MAC address is fixe...

Page 220: ...e show LACP summary Flags S Device is sending Slow LACPDUs F Device is sending fast LACPDUs A Device is in active mode P Device is in passive mode Aggregate port 3 Local information LACP port Oper Por...

Page 221: ...ggregated Down represents the disconnection port state susp indicates that the port is not aggregated LACP Port Priority Show the LACP port priority Oper Key Show the port operation key Port Number Sh...

Page 222: ...figuration mode that is the switchport access vlan vlan id command For the two commands of adding the interface to the VLAN the command configured later will overwrite the one configured before and ta...

Page 223: ...Access Native Protected VLAN lists AggregatePort 10 enabled ACCESS 20 1 Disabled ALL Related Commands Command Description show interface interface id switchport Show the layer 2 interfaces Platform D...

Page 224: ...mode Usage Guide To return to the privileged EXEC mode input end or pressing Ctrl C To return to the global configuration mode input exit Configuration Examples Ruijie show vlan id 1 VLAN Name Status...

Page 225: ...mands Command Description switchport mode Specify the interface as Layer 2 mode switch port mode switchport trunk Use this command to specify a native VLAN and the allowed VLAN list for the trunkport...

Page 226: ...native VLAN and the allowed VLAN list for the trunkport Platform Description N A switchport trunk Use this command to specify a native VLAN and the allowed VLAN list for the trunk port Use the no form...

Page 227: ...er you can prevent the traffic from passing over the trunk port by configuring allowed VLAN lists on a trunk port Use the show interfaces switchport command to display configuration Configuration Exam...

Page 228: ...A Command mode Global configuration mode Usage Guide To return to the privileged EXEC mode input end or pressing Ctrl C To return to the global configuration mode input exit Configuration Examples Rui...

Page 229: ...escription Parameter Description num Profile indexes type Type of message and Ethernet Defaults N A Command mode Global configuration mode Usage Guide N A Configuration Examples Ruijie config protocol...

Page 230: ...de N A Configuration Examples Ruijie config if protocol vlan profile 1 vlan 101 Related Commands Command Description show protocol vlan profile N A show protocol vlan profile num N A no protocol vlan...

Page 231: ...CLI ReferenceInterface Configuration Commands Protocol VLAN Configuration Commands Examples Related Commands Command Description N A N A Platform Description N A...

Page 232: ...rimary Configure it as the primary VLAN no Delete the corresponding private VLAN configuration Default configuration No private VLAN is configured Command mode VLAN configuration Mode Examples Ruijie...

Page 233: ...scription The software version must be RGOS10 1 and later private vlan mapping Use this command to map the secondary VLAN to the L3 SVI interface private vlan mapping svlist add svlist remove svlist n...

Page 234: ...vate vlan host Related commands Command Description show vlan private vlan Platform description The software version must be RGOS10 1 and later switchport private vlan host association Use this comman...

Page 235: ...n p_vid Primary VID s_vid Secondary VID no Delete the host port from the private VLAN Command mode Interface configuration mode Examples Ruijie config interface gigabitEthernet 0 2 Ruijie config if sw...

Page 236: ...ption show vlan private vlan Platform description The software version must be RGOS10 1 and later switchport private vlan promiscuous trunk Use this command to configure the ports as a promiscuous tru...

Page 237: ...uration of private VLAN show vlan private vlan community primary isolated Parameter description Parameter Description primary Show the primary VLAN information community Show the community VLAN inform...

Page 238: ...rsion must be RGOS10 1 and later switchport hybrid native vlan Use this command to configure the default VLAN of a hybrid port switchport hybrid native vlan vid no switchport hybrid native vlan Parame...

Page 239: ...escription Parameter Description no Restore the output rules of the hybrid port to the default settings Default configuration No output rules are configured Command mode Interface mode Examples Ruijie...

Page 240: ...the no share command to cancel the share vlan Enter the end command or Ctrl C to return to the privileged EXEC mode Enter the exit command to return to the global configuration mode Examples Ruijie co...

Page 241: ...s Enter the end command or Ctrl C to return to the privileged EXEC mode Enter the exit command to return to the global configuration mode Examples Ruijie show mac address table share Vlan MAC Address...

Page 242: ...sage guidelines Use this command to enable the Voice VLAN and specify the Voice Vlan ID Caution 1 The corresponding VLAN shall be created before configuring the Voice VLAN 2 The default VLAN is VLAN1...

Page 243: ...inutes The Voice VLAN aging time Default Settings 1440 minutes Command mode Global configuration mode Usage guidelines If the device has not received any voice packets from the port within the aging t...

Page 244: ...lowing example shows how to set the Voice VLAN CoS value as 5 Ruijie config voice vlan cos 5 Related commands Command Description show voice vlan Show Voice VLAN configurations and the current state v...

Page 245: ...e no form of this command to disable this function voice vlan enable no voice vlan enable Parameter description Parameter Description Default Settings Disabled Command mode Interface configuration mod...

Page 246: ...r the OUI address text The description for the OUI address Default Settings By default no OUI has been configured Command mode Global configuration mode Usage guidelines Use this command to identify t...

Page 247: ...he Voice VLAN on each port are independent and different ports can work in different working modes In different working modes the methods of enabling the Voice VLAN function on the port are different...

Page 248: ...ands Command Description show voice vlan Show Voice VLAN configurations and the current state voice vlan security enable Use this command to enable the Voice VLAN security mode in the global configura...

Page 249: ...n voice vlan tag that free from the Voice VLAN security normal mode the devices forward or discard those packets according to the VLAN rule Examples The following example shows how to enable the Voice...

Page 250: ...PORT MODE Fa0 1 Auto Related commands Command Description voice vlan vlan id Set a voice vlan voice vlan aging minutes Set the Voice VLAN aging time voice vlan cos cos value Set the CoS value for the...

Page 251: ...ne 0060 b900 0000 ffff ff00 0000 Philips NEC phone 00d0 1e00 0000 ffff ff00 0000 Pingtel phone 00e0 7500 0000 ffff ff00 0000 Polycom phone 00e0 bb00 0000 ffff ff00 0000 3com phone The following lists...

Page 252: ...source MAC address of the voice flow which needs to jump from the other VLAN to the voice VLAN Examples The following example shows the MAC address of the voice device learnt on the current device Ru...

Page 253: ...ceInterface Configuration Commands Voice VLAN Configuration Commands commands voice vlan mac address mac addr mask oui mask description text Set the OUI address for the voice packet recognized by the...

Page 254: ...Ruijie configure terminal Enter configuration commands one per line End with CNTL Z Ruijie config interface fastethernet 0 10 Ruijie config if mac vlan enable Ruijie config if no mac vlan enable Ruiji...

Page 255: ...is used to delete the relationship between the MAC address and VLAN Examples Ruijie configure terminal Enter configuration commands one per line End with CNTL Z Ruijie config mac vlan mac address 0001...

Page 256: ...parameter mac address is specified without the parameter mask the MAC VLAN entry of the single MAC address is shown If the parameters mac address and mask are both specified the MAC VLAN entries in t...

Page 257: ...w the MAC VLAN enabled port list show mac vlan interface Parameter description Parameter Description Command mode Privileged EXEC mode Usage guidelines With the MAC VLAN function enabled on the port u...

Page 258: ...his MAC address are received no Indicates that the BPDU frames from any MAC address are received Defaults Disabled Command Mode Interface configuration mode Usage Guide Configuration Examples Ruijie c...

Page 259: ...o force the interface to send the RSTP BPDU frames and check the BPDU frames clear spanning tree detected protocols interface interface id Parameter Description Parameter Description interface id ID o...

Page 260: ...unters Show statistics of STP receiving transmitting packets Defaults N A Command Mode Privileged EXEC mode Usage Guide Configuration Examples Ruijie show spanning tree hello time Related Commands Com...

Page 261: ...the portfast on an interface spanning tree bpduguard Enable the BPDU guard on an interface spanning tree link type Set the link type of an interface to point to point Platform Description show spanni...

Page 262: ...s max age seconds no spanning tree forward time hello time max age Parameter Description Parameter Description forward time seconds Interval at which the port status changes hello time seconds Interva...

Page 263: ...ation mode Usage Guide Configuration Examples Ruijie config interface gigabitethernet 1 1 Ruijie config if spanning tree autoedge disabled Related Commands Command Function show spanning tree interfac...

Page 264: ...isable the BPDU guard function on the interface spanning tree bpduguard enabled disabled Parameter Description Parameter Description enabled Enable BPDU guard on an interface disabled Disable BPDU gua...

Page 265: ...cription Platform Description spanning tree guard loop This command is used to enable loop guard on an interface to prevent the root port or backup port from generating loop as the result that they ca...

Page 266: ...e configuration mode Usage Guide Configuration Examples Ruijie config spanning tree guard none Related Commands Command Description Platform Description spanning tree guard root This command is used t...

Page 267: ...on the interface will not be processed spanning tree ignore tc no spanning tree ignore tc Parameter Description Parameter Description Defaults By default the TC filtering function is disabled Command...

Page 268: ...spanning tree link type point to point Related Commands Command Description show spanning tree interface Show the STP configuration of an interface Platform Description spanning tree loopguard default...

Page 269: ...he device before being dropped which ranges from 1 to 40 Defaults The default is 20 hops Command Mode Global configuration mode Usage Guide In the region the BPDU frame sent by the root bridge include...

Page 270: ...mand Mode Global configuration mode Usage Guide Configuration Examples Ruijie config spanning tree mode stp Related Commands Command Description show spanning tree Show the spanning tree configuration...

Page 271: ...32 characters You can use the no name command to restore the default setting revision version Set the MST version which ranges from 0 to 65535 You can use the no name command to restore the default s...

Page 272: ...he default value is calculated by the link rate of the interface automatically 1000 Mbps 20000 100 Mbps 200000 10 Mbps 2000000 Command Mode Interface configuration mode Usage Guide A higher cost value...

Page 273: ...iguration mode Usage Guide When a loop occurs in the region the interface of a higher priority will be in charge of forwarding If all interfaces have the same priority the interface with a smaller num...

Page 274: ...ance id Instance ID in the range of 0 to 64 priority Device priority for which sixteen integers are available 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 and 61...

Page 275: ...t method This command is used to configure the path cost of a port You can use the no option of the command to restore the default setting spanning tree pathcost method long standard short no spanning...

Page 276: ...tfast Related Commands Command Description show spanning tree interface Show the STP configuration of the interface Platform Description spanning tree portfast bpdufilter default This command is used...

Page 277: ...iguration mode Usage Guide Once the BPDU guard is enabled on the interface you will enter the error disabled status if the BPDU message is received at the interface You can use the show spanning tree...

Page 278: ...onfiguration to default This command does not have the no option spanning tree reset Parameter Description Parameter Description Command Mode Global configuration mode Usage Guide Configuration Exampl...

Page 279: ...guard Related Commands Command Description Platform Description spanning tree tc protection This command is used to enable tc protection globally You can use the no option of this command to disable...

Page 280: ...ation mode Usage Guide Configuration Examples Ruijie config spanning tree tc protection tc guard Related Commands Command Description Platform Description spanning tree tx hold count This command is u...

Page 281: ...tion Commands MSTP Configuration Commands Usage Guide Configuration Examples Ruijie config spanning tree tx hold count 5 Related Commands Command Description show spanning tree Show the global MSTP co...

Page 282: ...t transmission of BPDU frames is disabled on a device by default Command Modes Global configuration mode Usage Guidelines Examples Example 1 Enable transparent transmission of BPDU frames on a device...

Page 283: ...Ruijie config no bridge frame forwarding protocol gvrp Related Commands Command Description Platform Description bridge frame forwarding protocol 802 1x Use the bridge frame forwarding protocol 802 1x...

Page 284: ...f this command to disable transparent transmission of reserved multicast frames bridge frame forwarding protocol reserved multicast no bridge frame forwarding protocol reserved multicast Parameter Des...

Page 285: ...tocol cisco pvst no bridge frame forwarding protocol cisco pvst Parameter Description Parameter Description Defaults Transparent transmission of PVST frames is enabled on a device by default Command M...

Page 286: ...ault Allow sending the GVRP advertisement on the port Command mode Interface configuration mode Usage guidelines Use the show gvrp configuration to show the related configurations Examples Ruijie conf...

Page 287: ...nfiguration Show the GVRP configurations gvrp enable Use this command to enable the GVRP function Use the no form of this command to restore it to the default setting gvrp enable no gvrp enable Parame...

Page 288: ...configurations Examples Ruijie config if gvrp registration mode normal Related commands Command Description show gvrp configuration Show the GVRP configurations gvrp timer Use this command to set the...

Page 289: ...t so that the Leave timer begins counting The actual sending interval is ranging from leaveall to leaveall join Default Join timer 200ms Leave timer 600ms Leaveall timer 10000ms Command mode Global co...

Page 290: ...to show the GVRP configurations show gvrp configuration Parameter description Parameter Description Default NA Command mode Privileged EXEC mode Usage guidelines Use the show gvrp configuration to sho...

Page 291: ...mode normal reg mode normal Port GigabitEthernet 3 11 app mode normal reg mode normal Port GigabitEthernet 3 12 app mode normal reg mode normal Related commands Command Description show gvrp statisti...

Page 292: ...nPropagated 0 LeavePropagated 0 Related commands Command Description clear gvrp statistics Clear the statistics of one interface or all interfaces show gvrp status Use this command to show the GVRP st...

Page 293: ...suffix number street number suffix landmark additional location information name postal code building unit floor room type of place postal community name post office box additional code ca word Param...

Page 294: ...cription show lldp location civic location identifier id interface interface name static Show the LLDP Civic Address information Platform description Only supported by switch products clear lldp stati...

Page 295: ...ault Command mode Privilege mode Usage guidelines If the interface parameter is specified clear the LLDP neighbor information of the specified interface If the interface parameter is not specified cle...

Page 296: ...ce type is Switch 2 indicates the device type is LLDP MED terminal Default 1 Command mode LLDP Civic Address configuration mode Usage guidelines Enter the LLDP Civic Address configuration mode and con...

Page 297: ...ally Examples Disable LLDP globally and on the interface Ruijie configure terminal Ruijie config no lldp enable Ruijie config interface gigabitethernet 0 1 Ruijie config if GigabitEthernet 0 1 no lldp...

Page 298: ...n Only supported by switch products lldp error detect Configure the LLDP error detection including the detection of VLAN configurations on both sides of the link port state detection port aggregation...

Page 299: ...vice learn the local device information as soon as possible The fast sending mechanism shortens the sending cycle of LLDP packets to 1s The device will continuously send a certain number of LLDP packe...

Page 300: ...ice information on the neighbor device can be controlled by adjusting TTL multiplier Examples Configure TTL multiplier to 5 Ruijie configure terminal Ruijie config lldp hold multiplier 5 Related comma...

Page 301: ...LDP Civic Address information Platform description Only supported by switch products lldp location elin identifier Configure the encapsulated urgent phone number of Location Identification TLV Use no...

Page 302: ...rtised is the IPv4 address of the lowest ID VLAN carried on the port Command mode Interface configuration mode Usage guidelines By default the management address is advertised in LLDP packets and is t...

Page 303: ...and receive LLDP packets The precondition for enabling LLDP on the interface is that LLDP has been enabled globally and LLDP operates in tx rx or txrx mode Examples Configure LLDP operating mode as t...

Page 304: ...config Ruijie config lldp network policy profile 1 Ruijie config lldp network policy Related commands Command Description show lldp network policy profile profile num Show the LLDP network policy Plat...

Page 305: ...of this command to restore to the default interval lldp timer notification interval seconds no lldp timer notification interval Parameter description Parameter Description seconds Configure the interv...

Page 306: ...configuration mode Usage guidelines To prevent LLDP from being initialized too frequently due to the frequent operating mode change you can configure port initialization delay Examples Configure LLDP...

Page 307: ...DPDU transmission delay to 3 seconds Ruijie configure terminal Ruijie config lldp timer tx delay 3 Related commands Command Description show lldp status Display LLDP status information Platform descri...

Page 308: ...ile num power over ethernet no lldp tlv enable basic tlv all port description system capability system description system name dot1 tlv all port vlan id protocol vlan id vlan name dot3 tlv all link ag...

Page 309: ...zationally specific TLVs if the all parameter is specified all corresponding optional TLVs will be advertised When configuring LLDP MED TLVs if the all parameter is specified all LLDP MED TLVs other t...

Page 310: ...y the voice application type voice signaling Specify the voice signaling application type vlan id Optional Specify the VLAN ID of voice flows Range 1 4094 cos Optional Class of service cvalue Optional...

Page 311: ...the LLDP information of local device The information will be encapsulated in the TLVs and sent to the neighbor device show lldp local information global interface interface name Parameter description...

Page 312: ...ame Port id GigabitEthernet 0 1 Port description Management address subtype 802 mac address Management address 00d0 f822 33aa Interface numbering subtype Interface number 0 Object identifier 802 1 org...

Page 313: ...e system System capabilities enabled Capabilities currently enabled by the system LLDP MED capabilities LLDP MED capabilities supported by the system Device class MED device class which is divided int...

Page 314: ...Auto negotiation advertising capability of the port Operational MAU type Speed and duplex state of the port PoE support Indicates whether POE is supported Link aggregation supported Indicates whether...

Page 315: ...tatic Show the address information or urgent phone number information configured by all users Default Command mode Privilege mode Usage guidelines If a policy ID is specified show the specific address...

Page 316: ...terface name detail Parameter description Parameter Description interface name Interface name detail Show all information of neighbor devices Default Command mode Privilege mode Usage guidelines If th...

Page 317: ...er 0 Object identifier LLDP MED capabilities Device class HardwareRev FirmwareRev SoftwareRev SerialNum Manufacturer name Asset tracking identifier Port ID type Interface name Port id GigabitEthernet...

Page 318: ...System name System name System description The description of the system including hardware software versions and operational system information System capabilities supported Functions supported by th...

Page 319: ...uto negotiation speed and duplex status PoE support Whether to support PoE Link aggregation supported Whether to support link aggregation Link aggregation enabled Whether to enable link aggregation Ag...

Page 320: ...mand Description Platform description Only supported by switch products show lldp statistics Display LLDP statistics show lldp statistics global interface interface name Parameter description Paramete...

Page 321: ...of neighbor information deleted Number of times of removing neighbor information The number of neighbor information dropped Number of times of dropping neighbor information The number of neighbor inf...

Page 322: ...status of LLDP Enable Neighbor information last changed time 1hour 52minute 22second Transmit interval 30s Hold multiplier 4 Reinit delay 2s Transmit delay 2s Notification interval 5s Fast start count...

Page 323: ...ort Error detect enable Whether error detection is enabled on the port Number of neighbors Number of neighbors Number of MED neighbors Number of MED neighbors Related commands Command Description Plat...

Page 324: ...d TLV Port VLAN ID TLV YES YES Port And Protocol VLAN ID TLV YES YES VLAN Name TLV YES YES IEEE 802 3 extend TLV MAC Physic TLV YES YES Power via MDI TLV YES YES Link Aggregation TLV YES YES Maximum F...

Page 325: ...nfiguration N A Command mode Interface configuration mode Examples Here is an example of configuring vid in the tag of input message as 4 22 adding the vid in the tag as 3 Ruijie configure Ruijie conf...

Page 326: ...ijie config interface gigabitEthernet 0 1 Ruijie config if switchport mode access Ruijie config if dot1q relay vid 100 translate local vid 10 20 Ruijie config if end Related commands Command Descripti...

Page 327: ...ow translation table interface intf id Platform description The software version must be RGOS10 4 and later dot1q new outer vlan vid translate old outer vlan vid inner vlan v list Use this command to...

Page 328: ...4 and later dot1q tunnel cos inner cos value remark cos outer cos value Use this command to map the priority from the outer tag to the inner tag for the packets on the interface dot1q tunnel cos inner...

Page 329: ...anufacturer ID Command mode Interface configuration mode Examples Ruijie config interface g0 3 Ruijie config if frame tag tpid 0x9100 Ruijie config if end Ruijie show frame tag tpid Port tpid Gi0 3 0x...

Page 330: ...e destination VLAN mac address mapping index id source vlan src vlan id destination vlan dst vlan list no mac address mapping index id source vlan src vlan id destination vlan dst vlan list Parameter...

Page 331: ...orresponding dot1q tunnel interface configuration Default configuration No dot1q tunnel interface is configured Command mode Interface configuration mode Examples Here is an example of configuring the...

Page 332: ...lated commands Command Description show vlan Platform description The software version must be RGOS10 1 and later switchport dot1q tunnel allowed vlan Use this command to configure the allowed VLAN of...

Page 333: ...RGOS10 3 and later switchport dot1q tunnel native vlan Use this command to configure the default vlan id of dot1q tunnel switchport dot1q tunnel native vlan vid no switchport dot1q tunnel native vlan...

Page 334: ...d mode Interface configuration mode Examples Here is an example of configuring outer vid of input message whose source address is 1 1 1 1 as 3 Ruijie configure Ruijie config ip access list standard 2...

Page 335: ...d to_6 Ruijie config std nacl permit host 1 1 1 2 Ruijie config std nacl exit Ruijie config interface gigabitEthernet 0 1 Ruijie config if switchport mode trunk Ruijie config if traffic redirect acces...

Page 336: ...fic redirect access group 20 nested vlan 10 in Ruijie config if end Related commands Command Description show traffic redirect Platform description The software version must be RGOS10 1 and later vlan...

Page 337: ...e software version must be RGOS10 4 and later vlan mapping out vlan src vlan remark dest vlan Use this command to configure the policy list of the one to one VLAN mapping in the outgoing direction on...

Page 338: ...set the dot1q tunnel port to receive L2 protocol message l2protocol tunnel stp gvrp no l2protocol tunnel stp gvrp Parameter description Parameter Description stp Receive stp message gvrp Receive gvrp...

Page 339: ...e Ruijie configure Ruijie config interface fa 0 1 Ruijie config if l2protocol tunnel gvrp enable Ruijie config if end Related commands Command Description show l2protocol tunnel gvrp stp Platform desc...

Page 340: ...l transparent transmission function Ruijie config if l2protocol tunnel gvrp tunnel dmac 011AA9 000005 Ruijie config if end Related commands Command Description show l2protocol tunnel gvrp stp Platform...

Page 341: ...erface Default configuration The tpid is not modified Command mode Privileged EXEC mode Examples Ruijie show frame tag tpid Ports tpid Gi0 1 0x9100 Platform description The software version must be RG...

Page 342: ...tion N A Command mode Privileged EXEC mode Examples Ruijie show interface dot1q tunnel Interface Gi0 3 Native vlan 10 Allowed vlan list 4 6 10 30 60 Tagged vlan list 4 6 30 60 Platform description The...

Page 343: ...escription Parameter Description index id MAC address copy policy ID Default configuration N A Command mode Privileged EXEC mode Examples ruijie show interface mac address mapping 1 Ports Destination...

Page 344: ...stration table interface intf id Parameter description Parameter Description intf id Specific Interface Default configuration Null policy list Command mode Privileged EXEC mode Examples Ruijie show re...

Page 345: ...be RGOS10 3 and later show translation table Use this command to show vid modify policy list of protocol based access trunk hybrid port show translation table interface intf id Parameter description P...

Page 346: ...ion Parameter Description gvrp Show configuration of transparently transmitting gvrp protocol stp Show configuration of transparently transmitting stp protocol Default configuration N A Command mode P...

Page 347: ...ion Commands 3 DHCP Configuration Commands 4 DHCPv6 Configuration Commands 5 DNS Module Configuration Commands 6 FTP Server Configuration Commands 7 FTP CLIENT Configuration Commands 8 Network Connect...

Page 348: ...is arpa for the Ethernet interface alias Optional RGOS will respond to the ARP request from this IP address after this parameter is defined Defaults There is no static mapping record in the ARP cache...

Page 349: ...icast message from attacking the CPU User could set the num parameter of this command to decide whether it attacks the CPU in specific network environment or disable this function Use the arp anti ip...

Page 350: ...faults This function is not enabled on the interface to send the free ARP request regularly Command Mode Interface configuration mode Usage Guide If an interface of the switch is used as the gateway o...

Page 351: ...s 1s Command Mode Global configuration mode Usage Guide The switch sends the ARP request message frequently and thus causing problems like network busy In this case you can set the retry interval of t...

Page 352: ...sy In this case you can set the retry times of the ARP request smaller In general the retry times should not be set too large Configuration Examples The following configuration will set the local ARP...

Page 353: ...dynamically from FastEthernet port 0 1 to 120 seconds interface fastEthernet 0 1 arp timeout 120 Related Commands Command Description clear arp cache Clear the ARP cache list show interface Show the i...

Page 354: ...r Description Parameter Description N A N A Defaults GSN trusted ARP is not aging by default Command Mode Global configuration mode Usage Guide Use this command to set trusted ARP aging Aging time is...

Page 355: ...mit the quantity of the unresolved entries Configuration Examples The following configuration sets the maximum number of the unresolved items as 500 arp unresolve 500Ruijie config interface vfc bind m...

Page 356: ...ar arp cache interface Vlan 1 Related Commands Command Description arp Add a static mapping record to the ARP cache table Platform Description The parameter trusted is not supported by routers clear i...

Page 357: ...0 stands for the host bit with 8 bits in one group in decimal format Groups are separated by dots secondary Indicates the secondary IP address that has been configured gateway ip address Configure th...

Page 358: ...bridge networks that have not been divided into different subnets Use of secondary IP addresses will make it very easy to upgrade this network to an IP layer based routing network The equipment config...

Page 359: ...p address no ip broadcast addresss Parameter Description Parameter Description ip address Broadcast address of IP network Defaults The default IP broadcast address is 255 255 255 255 Command Mode Inte...

Page 360: ...et After the directed broadcast packet reaches a device that is directly connected to this subnet the device converts the directed broadcast packet into a flooding broadcast packet typically the broad...

Page 361: ...arameter Description Parameter Description N A N A Defaults By default no ICMP mask response message is sent Command mode Interface configuration mode Usage Guide Sometimes a network device needs the...

Page 362: ...same physical network segment must have the same IP MTU for the interconnected interface If the interface configuration command mtu is used to set the maximum transmission unit value of the interface...

Page 363: ...h is Ethernet MAC address of the device itself Configuration Examples The following is an example of enabling ARP on FastEthernet port 0 1 interface fastEthernet 0 1 ip proxy arp Related Commands Comm...

Page 364: ...mand is supported on the Layer 2 switch only ip source route Use this command to allow the RGOS software to process an IP packet with source route information in global configuration mode The no form...

Page 365: ...d interface should be associated to an interface with an IP address The source IP address of the IP packet generated by an unnumbered interface is the IP address of the associated interface In additio...

Page 366: ...ination unreachable messages The no form of this command disables this function ip unreachables no ip unreachables Parameter Description Parameter Description N A N A Defaults Enabled Command Mode Int...

Page 367: ...the GSN scheme it should be used together with the GSN scheme In the following three cases the STP protocol clears not only the dynamic MAC address of a port but also the trusted entries including tr...

Page 368: ...s incomplete Show all the unresolved dynamic ARP entries mac address Show the ARP entry with the specified mac address Defaults N A Command Mode Any Usage Guide N A Configuration Examples The followin...

Page 369: ...pa VLAN 1 The following is the output result of show arp 192 168 195 0 255 255 255 0 Ruijie show arp 192 168 195 0 255 255 255 0 Protocol Address Age min Hardware Type Interface Internet 192 168 195 6...

Page 370: ...N A Platform Description N A show arp detail Use this command to show the details of the Address Resolution Protocol ARP cache table show arp detail interface type interface number ip mask mac addres...

Page 371: ...20 1 1 1 000f e200 0001 Static 20 1 1 1 000f e200 0001 Static Vl3 20 1 1 1 000f e200 0001 Static Vl3 Gi2 0 1 193 1 1 70 00e0 fe50 6503 Dynamic 1 Vl3 Gi2 0 1 192 168 0 1 0012 a990 2241 Dynamic 10 Gi2...

Page 372: ...sociated with the IP addresses Related Commands Command Description Platform Description This command is supported on the Layer 3 switch but not supported on the router show arp packet statistics Use...

Page 373: ...se this command to show the aging time of a dynamic ARP entry on the interface show arp timeout Parameter Description Parameter Description N A N A Defaults N A Command Mode Any Usage Guide N A Config...

Page 374: ...e output of show ip arp Ruijie show ip arp Protocol Address Age min Hardware Type Interface Internet 192 168 7 233 23 0007 e9d9 0488 ARPA FastEthernet 0 0 Internet 192 168 7 112 10 0050 eb08 6617 ARPA...

Page 375: ...Related Commands Command Description N A N A Platform Description This command is not supported on the Layer 2 switch show ip interface Use this command to show the IP status information of an interfa...

Page 376: ...ip interface brirf command Ruijie show ip interface brief Interface IP Address Pri IP Address Sec Status Protocol GigabitEthernet 0 10 2 2 2 2 24 3 3 3 3 24 down down GigabitEthernet 0 11 no address n...

Page 377: ...roadcast is forwarded ICMP mask reply is Show whether an ICMP mask response message is sent Send ICMP redirect is Show whether an ICMP redirection message is sent Send ICMP unreachabled is Show whethe...

Page 378: ...redirection packet Outgoing access list is Show whether an outgoing access list has been configured for an interface Inbound access list is Show whether an incoming access list has been configured for...

Page 379: ...tion ip default gateway Configure the default gateway which is only supported on the Layer 2 switch Platform Description N A show ip redirects Use this command to show the default gateway show arp tim...

Page 380: ...command to remove the default gateway ip default gateway no ip default gateway Parameter Description Parameter Description N A N A Defaults By default no default gateway is configured Command Mode Glo...

Page 381: ...tion is executed Command Mode Global configuration mode Usage Guide In order to validate this command enable the trusted ARP function first This command is needed only when the VLAN sent by the server...

Page 382: ...d Configuration Examples Ruijie clear ipv6 neighbors Related Commands Command Description ipv6 neighbor Configure the neighbor show ipv6 neighbors Show the neighbor information Platform Description N...

Page 383: ...it interface ID Defaults N A Command Mode Interface configuration mode Usage Guide When an IPv6 interface is created and the link status is UP the system will automatically generate a local IP address...

Page 384: ...ving the RA Route Advertisement message the device could use the prefix information of the RA message to automatically generate the EUI 64 interface address If the RA message contains the flag of the...

Page 385: ...ot be disabled with no ipv6 enable Configuration Examples Ruijie config if ipv6 enable Related Commands Command Description show ipv6 interface Show the related information of an interface Platform De...

Page 386: ...ng example configures manually a general prefix as my prefix Ruijie config ipv6 general prefix my prefix 2001 1111 2222 48 Related Commands Command Description ipv6 address prefix name sub bits prefix...

Page 387: ...tion Examples Related Commands Command Description Platform Description ipv6 neighbor Use this command to configure a static neighbor Use the no form of this command to remove the setting ipv6 neighbo...

Page 388: ...atic one The configured static neighbor is always in the Reachable status Use clear ipv6 neighbors to clear all the neighbors dynamically learned through NDP Use show ipv6 neighbors to view the neighb...

Page 389: ...collision check for the down up interface Whenever the state of an interface changes from down to up the address collision check function of the interface will be enabled Configuration Examples Ruiji...

Page 390: ...nd other config flag no ipv6 nd other config flag Parameter Description Parameter Description N A N A Defaults The flag bit is not set by default Command mode Interface configuration mode Usage Guide...

Page 391: ...o short interval Configuration Examples Ruijie conifig if ipv6 nd ns interval 2000 Related Commands Command Description show ipv6 interface Show the interface information Platform Description N A ipv6...

Page 392: ...nd can be used to configure the parameters of each prefix including whether to advertise the prefix By default the prefix advertised in RA is the one set with ipv6 address on the interface To add othe...

Page 393: ...nd ra hoplimit Parameter Description Parameter Description value Hopcount Defaults The default value is 64 Command Mode Interface configuration mode Usage Guide It is used to set the hopcount of the...

Page 394: ...ong the link occupies network bandwidth while sending the RA message the actual interval for sending the RA message will be fluctuated 20 based on the set value If the key word min max is specified th...

Page 395: ...interval Configuration Examples Ruijie conifig if ipv6 nd ra lifetime 2000 Related Commands Command Description show ipv6 interface Show the interface information ipv6 nd ra interval Set the interval...

Page 396: ...or in the range 0 to 3600000 milliseconds Defaults The default value in RA is 0 unspecified the reachable time for the neighbor is 30000ms 30s when the device discovers the neighbor Command Mode Inter...

Page 397: ...mmand Mode Interface configuration mode Usage Guide This command suppresses the sending of the RA message on an interface Configuration Examples Ruijie config if ipv6 nd suppress ra Related Commands C...

Page 398: ...MPv6 redirect message when the switch receives and forwards an IPv6 packet through an interface Use the no form of this command to disable the function ipv6 redirects no ipv6 redirects Parameter Descr...

Page 399: ...91 The next hop IP address and the next hop outgoing interface can be specified at the same time Note that if the next hop IP address is a link local address the outgoing interface must be specified v...

Page 400: ...Description show ipv6 route Show the IPv6 route information Platform Description N A ipv6 source route Use this command to forward the IPv6 packet with route header The no form of this command disable...

Page 401: ...The following table shows the meanings of symbols returned by the ping command Signs Meaning The response to each request sent is received The response to the request sent is not received within a re...

Page 402: ...ter Description Parameter Description interface name Interface name Defaults N A Command Mode Privileged EXEC mode Usage Guide N A Configuration Examples The following example shows all IPv6 address c...

Page 403: ...m the DHCPv6 agent Configuration Examples The following example shows the information of the general prefix Ruijie show ipv6 general prefix There is 1 general prefix IPv6 general prefix my prefix acqu...

Page 404: ...TU is 1500 bytes ICMP error messages limited to one every 10 milliseconds ICMP redirects are enabled ND DAD is enabled number of DAD attempts 1 ND reachable time is 30000 milliseconds ND advertised re...

Page 405: ...able time is 0 milliseconds ND advertised retransmit time is 0 milliseconds ND advertised CurHopLimit is 64 Prefixes total 1 fec0 1 1 1 64 Def Auto vltime 2592000 pltime 604800 flags LA Description of...

Page 406: ...configured with the corresponding IPv6 address CFG Indicate that the prefix is manually configured Adv Indicate that the prefix will not be advertised vltime Valid lifetime of the prefix measured in...

Page 407: ...w ipv6 neighbors verbose IPv6 Address Linklayer Addr Interface 2001 1 00d0 f800 0001 vlan 1 State Reach H Age asked 0 fe80 200 ff fe00 1 00d0 f800 0001 vlan 1 State Reach H Age asked 0 Field Meaning I...

Page 408: ...mer milliseconds until the response from the neighbor is received or the number of the sent NSs hits MAX_UNICAST_SOLICIT 3 Unknown state R indicate the neighbor is considered as a device H The neighbo...

Page 409: ...statistics Use the following command to show the statistics of all IPv6 neighbors show ipv6 neighbors statistics all Parameter Description Parameter Description vrf name VRF name Defaults N A Command...

Page 410: ...total interface name Parameter Description Parameter Description total Show total statistics of all interfaces interface name Interface name Defaults N A Command Mode Privileged EXEC mode Usage Guide...

Page 411: ...Parameter Description Parameter Description static Show the static routes vrf name VRF name local Show the local routes connected Show the directly connected routes Defaults N A Command Mode Privileg...

Page 412: ...e Platform Description N A show ipv6 route summary Use the following command to show the statistics of one IPv6 route table show ipv6 route vrf vrf name summary Use the following command to show the s...

Page 413: ...Description N A show ipv6 routers In the IPv6 network some neighbor routers send out the advertisement messages Use this command to show the neighbor routers and the advertisement show ipv6 routers i...

Page 414: ...id lifetime 2592000 sec preferred lifetime 604800 sec Related Commands Command Description N A N A Platform Description N A tunnel destination Use this command to specify the destination address for t...

Page 415: ...unnel Platform Description N A tunnel mode gre Use this command to configure GRE tunnel mode Use the no form of this command to restore it to the default IPv6 tunnel mode tunnel mode gre ip tunnel mod...

Page 416: ...Use the no form of this command to restore it to the default IPv6 tunnel mode tunnel mode ipv6 no tunnel mode Parameter Description Parameter Description N A N A Defaults The default mode is ipv6ip Co...

Page 417: ...tunnel by default You can also use tunnel mode ipv6ip without any parameter to set a tunnel to manual tunnel For an auto tunnel no destination address is specified Configuration Examples The following...

Page 418: ...of an interface When you configure an auto tunnel for example 6to4 and isatap it is recommended to specify the source address A device shall not be configured multiple tunnels with the same encapsula...

Page 419: ...tunnel destination Configure the destination IP address of a tunnel Platform Description N A tunnel vrf Use this command to configure the VRF to which the outer layer addresses of a tunnel belong The...

Page 420: ...t Ruijie config interface tunnel 1 Ruijie config tunnel1 tunnel mode ipv6ip Ruijie config tunnel1 tunnel vrf red Related Commands Command Description tunnel mode Configure the mode of a tunnel ip vrf...

Page 421: ...SS corresponds to one network range which must be from low address to high address so as to allow the duplication of network segment range between multiple CLASSs If the CLASS associated with the addr...

Page 422: ...so that DHCP clients can download the file from the corresponding server such as TFTP Other servers are defined by the next server command Examples The example below defines the device conf as the st...

Page 423: ...CLASS s assigned addresses have been to the upper limit then continue to assign addresses for the next CLASS and so on Each CLASS corresponds to one network segment range that must be from low addres...

Page 424: ...ernet0 1 For the definition of the media code refer to the Address Resolution Protocol Parameters section in RFC1700 This command is used only when the DHCP is defined by manual binding Examples The e...

Page 425: ...lient name river Related commands Command Description host Define the IP address and network mask which is used to configure the DHCP manual binding ip dhcp pool Define the name of the DHCP address po...

Page 426: ...of this command can be used to delete the definition of the DNS server dns server ip address ip address2 ip address8 no dns server Parameter description Parameter Description ip address Define the IP...

Page 427: ...string of the DHCP client Default No suffix domain name by default Command mode DHCP address pool configuration mode Usage guidelines After the DHCP client obtains specified suffix domain name it can...

Page 428: ...hen the DHCP is defined by manual binding Examples The example below defines the MAC address 00d0 f838 bf3d with the type ethernet hardware address 00d0 f838 bf3d Related commands Command Description...

Page 429: ...g Examples The example below sets the client IP address as 192 168 12 91 and the network mask as 255 255 255 240 host 192 168 12 91 255 255 255 240 Related commands Command Description client identifi...

Page 430: ...tEthernet 0 port obtain the IP address automatically interface fastEthernet 0 ip address dhcp Related commands Command Description dns server Define the DNS server of DHCP client ip dhcp pool Define t...

Page 431: ...ption time The interval at which the system writes the DHCP lease binding database information into the flash The range is from 600 to 86400 seconds Default Disabled Command mode Global configuration...

Page 432: ...dress no ip dhcp excluded address low ip address high ip address Parameter description Parameter Description low ip address Exclude the IP address or exclude the start IP address within the range of t...

Page 433: ...icates disabling the ping operation The Ping operation sends two packets by default Default The Ping operation sends two packets by default Command mode Global configuration mode Usage guidelines When...

Page 434: ...ime that the DHCP server waits for a ping response packet Examples In the configuration example below the waiting time of the ping response packet is 600ms ip dhcp ping timeout 600 Related commands Co...

Page 435: ...ool0 Related commands Command Description host Define the IP address and network mask which is used to configure the DHCP manual binding ip dhcp excluded address Define the IP addresses that the DHCP...

Page 436: ...in hours It is necessary to define the days before defining the hours minutes Optional Lease time in minutes It is necessary to define the days and hours before defining the minutes infinite Infinite...

Page 437: ...t No WINS server is defined by default Command mode DHCP address pool configuration mode Usage guidelines When more than one WINS server is defined the former has higher priory The DHCP client will se...

Page 438: ...broadcast method 2 Peer to peer which directly requests the WINS server to carry out the NetBIOS name resolution 3 Mixed which requests the name resolution by the broadcast method firstly and then ca...

Page 439: ...ion mode Usage guidelines This command defines the subnet and subnet mask of a DHCP address pool and provides the DHCP server with an address space which can be assigned to the clients Unless excluded...

Page 440: ...ervers can be configured Default N A Command mode DHCP address pool configuration mode Usage guidelines When more than one startup server is defined the former will possess higher priory The DHCP clie...

Page 441: ...of current DHCP option refer to RFC 2131 Examples The configuration example below defines the option code 19 which determines whether the DHCP client can enable the IP packet forwarding 0 indicates to...

Page 442: ...configures a global CLASS and enter the Option82 matching information configuration mode Ruijie config ip dhcp class myclass Ruijie config dhcp class relay agent information Ruijie config dhcp class r...

Page 443: ...225654565 Ruijie config dhcp class relayinfo relay information hex 060223 Related commands Command Description ip dhcp class Define a CLASS and enter the global CLASS configuraiton mode relay agent in...

Page 444: ...ameter description N A Default Disabled Command mode Global configuration mode Usage guidelines The DHCP server can assign the IP addresses to the clients automatically and provide them with the netwo...

Page 445: ...show ip dhcp binding Show the address binding of the DHCP server clear ip dhcp conflict Use this command to clear the DHCP address conflict record in privileged user mode clear ip dhcp conflict ip add...

Page 446: ...tatistics counter records the DHCP address pool automatic binding manual binding and expired binding Furthermore it also carries out the statistics to the number of sent and received DHCP messages The...

Page 447: ...off the debugging switch debug ip dhcp server events packet no debug ip dhcp server events packet Parameter description Parameter Description events Show the DHCP message packet Show the DHCP packet...

Page 448: ...default gateway addr 192 168 5 1 Next timer fires after 00 04 29 Retry count 0 Client ID redgaint 00d0 f8fb 5740 Fa0 0 Related commands Command Description ip address dhcp The device uses DHCP to oba...

Page 449: ...dress of the DHCP client Lease expiration The expiration date of the lease The Infinite indicates it is not limited by the time The IDLE indicates the address is in the free status currently for it is...

Page 450: ...IP address The IP addresses which cannot be assigned to the DHCP client Detection Method The conflict detection method Related commands Command Description clear ip dhcp confict Clear the DHCP confli...

Page 451: ...ng of various fields in the show result is described as follows Field Description Address pools Number of address pools Lease count Number of allocated lease Automatic bindings Number of automatic add...

Page 452: ...CLI Reference DHCP Configuration Commands commands clear ip dhcp server statistics Delete the DHCP server statistics...

Page 453: ...hich may lead the client to request for the configurations from the server again Configuration Examples Ruijie clear ipv6 dhcp client vlan 1 Related Commands Command Description N A N A Platform Descr...

Page 454: ...lear ipv6 dhcp conflict 2008 50 2 Related Commands Command Description show ipv6 dhcp conflict Show address conflict information Platform Description N A clear ipv6 dhcp relay statistics Use this comm...

Page 455: ...Configuration Examples The following example shows how to clear the DHCPv6 server statistics Ruijie config clear ipv6 dhcp server statistics Related Commands Command Description N A N A Platform Desc...

Page 456: ...ain name Use this command to set the domain name for the DHCPv6 server Use the no form of this command to remove the domain name domain name domain no domain name domain Parameter Description Paramete...

Page 457: ...the preferred lifetime of the address allocated to the client Defaults By default no IA_NA address prefix is configured The default valid lifetime is 3600s 1 hour The default preferred lifetime is 360...

Page 458: ...mand enabled the DHCPv6 client sends the prefix request to the DHCPv6 server The keyword rapid commit allows the client and the server two message interaction process With this keyword configured the...

Page 459: ...nd Description ipv6 dhcp server Enable the DHCPv6 server function on the interface show ipv6 dhcp pool Show the DHCPv6 pool information Platform Description N A ipv6 dhcp relay destination Use this co...

Page 460: ...e relay reply message can be forwarded without the relay function enabled on the interface Configuration Examples The following example shows how to set the relay destination address on the interface...

Page 461: ...fastethernet 0 1 Ruijie config if ipv6 dhcp server pool1 Related Commands Command Description ipv6 dhcp pool Set the DHCPv6 pool show ipv6 dhcp pool Show the DHCPv6 pool information Platform Descripti...

Page 462: ...orm of this command to remove the local prefix pool prefix delegation pool poolname lifetime valid lifetime preferred lifetime no prefix delegation pool poolname Parameter Description Parameter Descri...

Page 463: ...DHCPv6 pool ipv6 local pool Set a local prefix pool prefix delegation Statically bind the client with the address prefix show ipv6 dhcp pool Show the DHCPv6 pool information Platform Description N A...

Page 464: ...NA address binding information are shown If the ipv6 address is specified the binding information for the specified address is shown Configuration Examples Ruijie show ipv6 dhcp binding Client DUID 00...

Page 465: ...Use this command to show the DHCPv6 interface information show ipv6 dhcp interface interface name Parameter Description Parameter Description interface name Set the interface name Defaults N A Comman...

Page 466: ...the specified interface information is shown Configuration Examples Ruijie show ipv6 dhcp pool DHCPv6 pool dhcp pool DNS server 2011 1 1 DNS server 2011 1 2 Domain name example com Related Commands Co...

Page 467: ...information of all relay client Ruijie show ipv6 dhcp relay destination all Interface Vlan1 enable relay port Destination address es Output Interface 3001 2 FF02 1 2 the specified address Vlan2 the s...

Page 468: ...RECONFIGURE 0 REPLY 8 RELAY FORWARD 8 RELAY REPLY 0 Related Commands Command Description clear ipv6 dhcp relay statistics Clear the statistical information Platform Description N A show ipv6 dhcp ser...

Page 469: ...received 0 Relay forward received 0 Information request received 0 Unknown message type received 0 Error message received 0 DHCPv6 packet sent 0 Advertise sent 0 Reply sent 0 Relay reply sent 0 Send...

Page 470: ...wing example enables the DNS domain name resolution function Ruijie config ip domain lookup Related commands Command Description show hosts Show the DNS related configuration information ip host Use t...

Page 471: ...ipv6 address The IPv6 address of the domain name server Default configuration N A Command mode Global configuration mode Usage guidelines Add the IP address of the DNS server Once this command is exe...

Page 472: ...00 20 1 12 Related commands Command Description show hosts Show the DNS related configuration information clear host Use this command to clear the dynamically learned host name in the privileged user...

Page 473: ...e Usage guidelines Show the DNS related configuration information Examples Ruijie show hosts Name servers are 192 168 5 134 static Host type Address TTL sec switch static 192 168 5 243 www ruijie com...

Page 474: ...tion during FTP server operation Examples The following example shows how to enable outputting the debugging messages in the FTP Server Ruijie debug ftpserver FTPSRV_DEBUG RECV SYST FTPSRV_DEBUG REPLY...

Page 475: ...ent only Ruijie config ftp server topdir syslog Ruijie config ftp server enable The following example shows how to disable the FTP Server Ruijie config no ftp server enable ftp server password Use thi...

Page 476: ...encrypted password is generated by plain text password encryption and its format must comply with the encryption specification If the encrypted password is used for the setting the client must use th...

Page 477: ...to the files on the FTP server with the top directory correctly specified Without this command configured FTP client fails to access to any file or directory on the FTP server Examples The following e...

Page 478: ...he following example shows how to set the session idle timeout as 5m Ruijie config ftp server timeout 5 The following example shows how to restore the session idle timeout to the default value 30m Rui...

Page 479: ...pass the identity verification if the username is removed Examples The following example shows how to set the username as user Ruijie config ftp server username user The following example shows how to...

Page 480: ...the related status information of the FTP server Ruijie show ftp server ftp server information enable Y topdir timeout 20min username config Y password config Y type BINARY control connect Y ftp serv...

Page 481: ...e than 32 bytes The password does not contain dot at sign slash and space This parameter is mandatory dest address IP address of the FTP server remote directory Name of the optional directory on the F...

Page 482: ...ass 192 168 23 69 root remote file Related Commands Command Description copy tftp Uses TFTP to transfer files Platform Description default ftp client Use the default ftp client command to restore the...

Page 483: ...mode for the specified VRF Defaults The default FTP transfer mode is binary Command Modes Global configuration mode Usage Guidelines This command sets the file transfer mode to the text ASCII mode Ex...

Page 484: ...Description ftp client source address Use the ftp client source address command to configure the source address of the FTP client for transmitted FTP packets Use the no form of this command to remove...

Page 485: ...ge Guidelines This command configures a source IP address for a client to connect to the server Examples Set the active mode for FTP connection Ruijie config ftp client source address 192 168 23 236 R...

Page 486: ...dress length Specifies the length of the packet to be sent times Specifies the number of packets to be sent seconds Specifies the timeout time data Specifies the data to fill in seconds Specifies the...

Page 487: ...server firstly For the concrete configuration refer to the DNS Configuration section Examples The example below shows the ordinary ping Ruijie ping 192 168 5 1 Sending 5 100 byte ICMP Echoes to 192 1...

Page 488: ...ping ipv6 are also available For the ordinary functions of ping ipv6 five packets of 100Byte in length are sent to the specified IP address within the specified period 2s by default If response is rec...

Page 489: ...to be sent source Specifies the source IPv4 address or the source interface The loopback interface address for example 127 0 0 1 is not allowed to be the source address seconds Specifies the timeout t...

Page 490: ...msec 12 msec 16 msec 4 5 61 154 8 129 12 msec 28 msec 12 msec 6 61 154 8 17 8 msec 12 msec 16 msec 7 61 154 8 250 12 msec 12 msec 12 msec 8 218 85 157 222 12 msec 12 msec 12 msec 9 218 85 157 130 16 m...

Page 491: ...route ipv6 ip address probe number timeout seconds ttl minimum maximum Parameter description Parameter Description Ipv6 address Specifies an IPv6 address number Specifies the number of probe packets t...

Page 492: ...ays 1 4 and the spent time are displayed Such information is helpful for network analysis 2 When some gateways in the network fail Ruijie traceroute ipv6 3004 1 press Ctrl C to break Tracing the route...

Page 493: ...ts sent and received on the interface Use the no form of this command to remove the configuration ip tcp adjust mss max segment size no ip tcp adjust mss Parameter description Parameter Description ma...

Page 494: ...o the MSS value configured on the interface It is suggested to configure the same value on the ingress interface and egress interface or else the MSS option of SYN packets going through the device wil...

Page 495: ...sending the reset packet when the port unreachable packet is received Use the no form of this command to remove the configuration ip tcp not send rst no ip tcp not send rst Parameter description Param...

Page 496: ...Global configuration mode Usage guidelines Based on the RFC1191 the TCP path mtu function improves the network bandwidth utilization and data transmission when the user uses TCP to transmit the data...

Page 497: ...ault Settings 20 seconds Command mode Global configuration mode Usage guidelines If there is SYN attack in the network reducing the SYN timeout value can prevent resource consumption but it takes no e...

Page 498: ...of receiving buffer will provide notable TCP transmission performance The sending buffer is utilized to buffer the data of application program Each byte in the buffer has its sequence number and byte...

Page 499: ...connect tcp connect status TCB Local Address Foreign Address State cf25000 0 0 0 0 2650 0 0 0 0 0 LISTEN c441000 0 0 0 0 23 0 0 0 0 0 LISTEN c441800 1 1 1 1 23 1 1 1 2 64201 ESTABLISHED c444cc0 23 0...

Page 500: ...session CLOSED The session has been closed LISTEN Listening state SYNSENT In the three way handshake phase when the SYN packets have been sent out SYNRCVD In the three way handshake phase when the SY...

Page 501: ...packet is received TIMEWAIT The FIN packet sent by the local end has been acknowledged and the local end has also acknowledged the FIN packet Related commands Command Description show tcp pmtu Use th...

Page 502: ...212 23 23 is the port number Foreign Address The remote address and the port number The number after the last is the port number For example 2002 2 23 and 192 168 195 212 23 23 is the port number PMTU...

Page 503: ...v4 listen on 23 have total 1 connections Tcpv6 listen on 23 have connections TCB Foreign Address Port State c429980 3000 2 64572 ESTABLISHED Tcpv6 listen on 23 have total 1 connections The following t...

Page 504: ...ocal end has been acknowledged CLOSEWAIT The local end has received the FIN packet from the peer end LASTACK The local end has received the FIN packet from the peer end and then sent out its FIN packe...

Page 505: ...CLI Reference TCP Configuration Commands Related commands Command Description...

Page 506: ...ets matching to this route Broadcast the packets in the virtual LAN also called as flooding or drop the packets Broadcom chips do not support the flooding while the Marvell chips do By default the chi...

Page 507: ...ware forwarding table with the software forwarding table Currently there is no solution to the hardware hash bucket collision ip ref synchronize all Parameter Description Parameter Description Default...

Page 508: ...ion Default configuratio n None Command mode Privilege mode Usage guide This command can be used to display current packet statistics of REF Configuratio n examples Ruijie show ip ref statistic inform...

Page 509: ...face_number Parameter Description Parameter Description glean Gleans the adjacent nodes local Local adjacent nodes ip IP of the next hop interface_type Specifies the type of interface interface_number...

Page 510: ...next_hop mac interface forward_adj 192 168 17 1 0000 2004 094f FastEthernet 1 1 Example 3 Display the adjacent node information associated with the specified IP Ruijie show ip ref adjacency 192 168 1...

Page 511: ...lt Specifies default route ip Specifies the destination IP address of route mask Specifies the route mask Default configuratio n None Command mode Privileged EXEC mode Usage guide Display the related...

Page 512: ...ard_adj 192 168 17 1 0000 2004 094f FastEthernet 1 1 Example 3 Display all the routing information matching the IP MASK in the REF table Ruijie show ip ref route 192 168 17 0 255 255 255 0 IP MASK s r...

Page 513: ...CLI Reference IPv4 REF Configuration Commands Platform description N A Command history Version Description...

Page 514: ...IP Routing Configuration Commands 1 IP Routing Configuration Commands...

Page 515: ...static route distance Optional The management distance of the static route tag Optional The tag of the static route permanent Optional Permanent route ID disable enable Optional Disablement or enablem...

Page 516: ...an Ethernet interface do not set the next hop as an interface for example ip route 0 0 0 0 0 0 0 0 Fastethernet 0 0 In this case the switch may consider that all unknown destination networks are dire...

Page 517: ...r VoIP gateway The S2600 I series products support only the IPv4 or IPv6 static routes and IPv4 or IPv6 directly connected route Configure the static route to obtain the IPv4 or IPv6 static route Conf...

Page 518: ...32 IPv4 static routes Examples The following example sets the upper threshold of the static routes to 10 and then restores the setting to the default value ip static route limit 10 no ip static route...

Page 519: ...ent distance of the static route can enable route backup which is called floating route in this case The S2600 I series products support up to 16 IPv6 static routes The IPv6 static route supports only...

Page 520: ...routes in the range of 1 to 16 Default configuration N A Command mode Global configuration mode Usage guidelines The goal is to control the number of static routes The S2600 I series products support...

Page 521: ...static route takes no effect if the IPv6 routing function is disabled The S2600 I series products support only the IPv4 or IPv6 static routes and IPv4 or IPv6 directly connected route Configure the st...

Page 522: ...tatistics of the routing table Default configuration All routes are displayed by default Command mode Privileged EXEC mode global configuration mode interface configuration mode routing protocol confi...

Page 523: ...be C directly connected route S static route R RIP route B BGP route O OSPF route I IS IS route E2 Route type which may be E1 OSPF external route type 1 E2 OSPF external route type 2 N1 OSPF NSSA ext...

Page 524: ...te weight distance metric weight S 23 0 0 0 8 1 0 2 via 192 1 1 20 S 172 0 0 0 16 1 0 4 via 192 0 0 1 show ipv6 route Use the command to display the configuration of the IPv6 routing table show ipv6 r...

Page 525: ...OI OSPF inter area OE1 OSPF external type 1 OE2 OSPF external type 2 ON1 OSPF NSSA external type 1 ON2 OSPF NSSA external type 2 NOT in hardware forwarding table L 1 128 via Loopback local host C 10 6...

Page 526: ...nternal route SU IS IS summary route L1 IS IS level 1 route L2 IS IS level 2 route ia IS IS area internal route 20 64 Network address and mask of the destination network 1 0 Manage metric Via 10 4 Nex...

Page 527: ...Multicast Configuration Commands 1 IGMP Snooping Configuration Commands 2 MLD Snooping Configuration Commands...

Page 528: ...mode In addition the profile must be applied to the interface in order to make the profile configuration take effect Examples The following is an example of deny the forwarding of the multicast strea...

Page 529: ...he switch learns dynamically execute the ip igmp snooping dyn mr aging time command ip igmp snooping dyn mr aging time time no ip igmp snooping dyn mr aging time Parameter description Parameter Descri...

Page 530: ...n the system will remove the corresponding multicast group on the corresponding interface upon the receipt of the IGMP leave message Examples The following example shows how to enable the fast leave f...

Page 531: ...gabit port 0 1 Ruijie config interface fastEthernet 0 1 Ruijie config if ip igmp snooping filter 1 Related commands Command Description ip igmp profile Create a profile ip igmp snooping host aging tim...

Page 532: ...lticast address yet in different VLANs the IGMP snooping function handles only the same group as that in the multicast address table GDA other multicast frames are forwarded Examples The following exa...

Page 533: ...p snooping ivgl Enable igmp snooping and enter the IVGL mode ip igmp snooping limit ipmc To add a multicast source IP address check entry execute the ip igmp snooping limit ipmc command in the global...

Page 534: ...groups To configure the maximum number of groups that can be added dynamically to this interface execute the ip igmp snooping max groups command in the interface configuration mode The no form of thi...

Page 535: ...icast neighbor device with multicast routing protocol enabled By default the dynamic routing interface learning function is enabled You can use the no form of this command to disable this function and...

Page 536: ...Command mode Global configuration mode Usage guidelines Apply the IGMP Profile to a multicast preview function When the user doesn t have access to the multicast streams namely the user might be filt...

Page 537: ...alue is 60 seconds Command mode Global configuration mode Usage guidelines NA Examples The following example sets the multicast preview interval as 100 seconds on the 100M port of 0 1 Ruijie config ip...

Page 538: ...escription Supported after release 10 4 3 ip igmp snooping querier address To enable the IGMP querier you also need to specify a source IP address for query packets Execute the global configuration co...

Page 539: ...vlan querier address Enable the source IP check in VLAN Platform description Supported after release 10 4 3 ip igmp snooping querier max response time To configure the maximum response time advertise...

Page 540: ...ify the interval for IGMP querier to send query packets execute the global configuration command of ip igmp snooping querier query interval Use no form of this command to restore the query interval to...

Page 541: ...expiry Use no form of this command to restore to the default value ip igmp snooping querier timer expiry num no ip igmp snooping querier timer expiry Parameter description Parameter Description num No...

Page 542: ...n Use no form of this command to restore to the default setting ip igmp snooping querier version num no ip igmp snooping querier Parameter description Parameter Description num IGMP version number 1 2...

Page 543: ...f the switch does not receive the member join message in the specified time it considers that the member has left and then deletes the member This command lets you adjust the waiting time after receiv...

Page 544: ...example shows how to enable the multicast source IP address check function and configure a default source IP address Ruijie config ip igmp snooping source check default server 192 168 4 243 Related c...

Page 545: ...ooping suppression enable To enable IGMP snooping suppression execute the ip igmp snooping suppression enable command in the global configuration mode The no form of this command is used to disable IG...

Page 546: ...snooping and enter the SVGL mode Ruijie config ip igmp snooping svgl Related commands Command Description ip igmp snooping ivgl Enable igmp snooping and enter the IVGL mode ip igmp snooping ivgl svgl...

Page 547: ...ip igmp snooping svgl Enable igmp snooping and enter the SVGL mode ip igmp snooping ivgl svgl Enable igmp snooping and enter the hybrid mode ip igmp snooping svgl subvlan To specify the subvlan of mu...

Page 548: ...ute the ip igmp snooping svgl vlan command in the global configuration mode The no form of this command restores the Shared VLAN to vlan 1 ip igmp snooping svgl vlan vid no ip igmp snooping svgl vlan...

Page 549: ...nnel port the default VLAN of port A is VLAN 1 and packets from VLAN 1 and VLAN 10 can pass through port A When multicast requests of VLAN 10 are sent to port A IGMP Snooping will create the multicast...

Page 550: ...his command is used to disable the igmp snooping ip igmp snooping vlan vid no ip igmp snooping vlan vid Parameter description Parameter Description vid VLAN ID Default Disabled Command mode Global con...

Page 551: ...nterface ID Default N A Command mode Global configuration mode Usage guidelines When the source port check function is enabled only the multicast flows from the routing interface are forwarded and oth...

Page 552: ...p Related commands Command Description ip igmp snooping mrouter learn pim dvmrp Enable the dynamic routing interface learning function on the multicast routing port globally ip igmp snooping vlan quer...

Page 553: ...n querier address Use no form of this command to remove the source IP address configured ip igmp snooping vlan vid querier address a b c d no ip igmp snooping vlan vid querier address Parameter descri...

Page 554: ...LAN execute the global configuration command of ip igmp snooping vlan querier max response time Use no form of this command to restore to the default value ip igmp snooping vlan vid querier max respon...

Page 555: ...rval Use no form of this command to restore the query interval to the default value ip igmp snooping vlan vid querier query interval num no ip igmp snooping vid querier query interval Parameter descri...

Page 556: ...igmp snooping vlan vid querier timer expiry num no ip igmp snooping vlan vid querier timer expiry Parameter description Parameter Description vid VLAN ID num Non querier expiration timer 60 300 unit s...

Page 557: ...form of this command to restore to the default setting ip igmp snooping vlan vid querier version num no ip igmp snooping vlan vid querier Parameter description Parameter Description vid VLAN ID num IG...

Page 558: ...ast IP address interface type interface name Interface name Default By default no static member ports are configured Command mode Global configuration mode Usage guidelines Multiple multicast IP addre...

Page 559: ...the range of multicast streams execute the range command in the profile configuration mode You can specify either a single multicast address or a range of multicast addresses Use the no form of the c...

Page 560: ...debug switch The no form of this command closes debug switch debug igmp snp debug igmp snp event debug igmp snp packet debug igmp snp msf debug igmp snp warning undebug igmp snp undebug igmp snp even...

Page 561: ...les Ruijie config if show ip igmp profile Profile 1 Permit range 224 0 1 0 239 255 255 255 show ip igmp snooping Use this command to show related information of igmp snooping show ip igmp snooping gda...

Page 562: ...s The following example demonstrates how to process 100 multicast group on the interface fa0 1 Ruijie config if ip igmp snooping gda table Abbr M mrouter D dynamic S static VLAN Address Member ports 1...

Page 563: ...n profile number Set the profile number The valid range is 1 1024 Default Settings N A Command mode Global configuration mode Usage guidelines MLD Profile is the group filter for the usage of the mult...

Page 564: ...ed range Default Settings N A Command mode Profile configuration mode Usage guidelines The value of low ipv6 address shall be smaller than the one of high ipv6 address With the address range configure...

Page 565: ...elated commands Command Description ipv6 mld profile Create one profile range Set the multicast address range permit Set the profile action permit permit Use this command to allow the multicast flow p...

Page 566: ...scription Parameter Description Default Settings Disabled Command mode Global configuration mode Usage guidelines In this mode the multicast flow between the VLANs are independent The host can only re...

Page 567: ...rt of this multicast address even if some member ports don t belong to the Shared VLAN In the SVGL mode use the MLD profile to allocate a batch of multicast address range within which the member port...

Page 568: ...That is to say the member port of the multicast forwarding entry can be forwarded across the VLANs while the member ports of the corresponding multicast forwarding entries within other multicast addr...

Page 569: ...same VLAN Examples The following example shows how to enable the mld snooping and set the ivgl svgl mode the specified profile1 group address belongs to the SVGL application range Ruijie config ipv6...

Page 570: ...LD general query packet Use the no form of this command to restore it to the default value ipv6 mld snooping query max response time time no ipv6 mld snooping query max response time Parameter descrip...

Page 571: ...mld snooping function for the specified vlan Use the no form of this command to disable this function ipv6 mld snooping vlan vid no ipv6 mld snooping vlan vid Parameter description Parameter Descript...

Page 572: ...interface on the layer 2 multicast device Those multicast flow through the non mroute interface are invalid and will be discarded With the source port check function enabled use the dynamically learne...

Page 573: ...fastEthernet 0 1 Related commands Command Description ipv6 mld snooping source check port Set the multicast source port check ipv6 mld snooping vlan static interface Use this command to set a static...

Page 574: ...tion mode Use the no form of this command to disable this function ipv6 mld snooping fast leave enable no ipv6 mld snooping fast leave enable Parameter description Parameter Description Default Settin...

Page 575: ...ast group to the layer 3 device but not the other MLD Report packets in the same IPv6 multicast group reducing the packet number in the network This command is used to enable the IPv6 MLD snooping sup...

Page 576: ...te interface are illegal and discarded This command is used to enabled the source port check globally Once this function is enabld all multicast flow must come from the mroute interface or they ll be...

Page 577: ...group allowed to join the interface dynamically in the interface configuration mode Use the no form of this command to cancel the limit ipv6 mld snooping max groups number no ipv6 mld snooping max gro...

Page 578: ...information learned dynamically Examples The following example shows how to clear the forwarding table information learned dynamically Ruijie clear ipv6 mld snooping gda table debug mld snp Use this c...

Page 579: ...terface statistics Show the snooping statistics vlan vlan id Show the snooping information of the specified vlan Default Settings N A Command mode Privileged EXEC mode Usage guidelines Use this comman...

Page 580: ...le and all member ports information of one multicast group Ruijie show ipv6 mld snooping gda table Abbr M mrouter D dynamic S static VLAN Address Member ports 1 FF88 1 GigabitEthernet 0 7 S The follow...

Page 581: ...Command mode Privileged EXEC mode Usage guidelines Use this command to show the related MLD profile configurations Examples The following example shows the MLD profile configurations Ruijie show ipv6...

Page 582: ...s 7 GSN Configuration Commands 8 Port based Flow Control Configuration Commands 9 CPU Protection Configuration Commands 10 DoS Protection Configuration Commands 11 DHCP Snooping Configuration Commands...

Page 583: ...character string method It must be one of the keywords listed in the following table One method list can contain up to four methods Keyword Description local Use the local user name database for authe...

Page 584: ...cation enable default list name method1 method2 no aaa authentication enable default Parameter description Parameter Description default When this parameter is used the following defined authenticatio...

Page 585: ...Define a local user database aaa authentication login Use this command to enable AAA Login authentication and configure the Login authentication method list The no form of this command is used to del...

Page 586: ...s used for authentication If the RADIUS security server does not respond the local user database is used for authentication Ruijie config aaa authentication login list 1 group radius local Related com...

Page 587: ...d can be used for authentication only when the current method does not work Examples The following example defines an AAA PPP authentication method list named rds_ppp In the authentication method list...

Page 588: ...ine is ineffective till it is defined Examples The following example defines an AAA Login authentication method list named list 1 In the authentication method list first the local user database is use...

Page 589: ...Usage guidelines RGOS supports authorization of the commands executed by the users When the users input and attempt to execute a command AAA sends this command to the security server This command is t...

Page 590: ...mmands in the non configuration mode for example privileged EXEC mode you can use the no form of this command to disable the authorization function in the configuration mode and execute the commands i...

Page 591: ...rization console Related commands Command Description aaa new model Enable the AAA security service aaa authorization commands Define the AAA command authorization authorization commands Apply the com...

Page 592: ...entication function has been enabled It can not enter the CLI if it fails to enable the aaa authorization exec You must apply the exec authorization method to the terminal line otherwise the configure...

Page 593: ...and SLIP If authorization is configured all the authenticated users or interfaces will be authorized automatically Three different authorization methods can be specified Like authorization the next m...

Page 594: ...lines Once the default command authorization method list has been configured it is applied to all terminals automatically Once the non default command authorization method list has been configured it...

Page 595: ...e Line configuration mode Usage guidelines Once the default execauthorization method list has been configured it is applied to all terminals automatically Once the non default command authorization me...

Page 596: ...h command level is executed default When this parameter is used the following defined method list is used as the default method for command accouting list name Name of the command accouting method lis...

Page 597: ...nt the network access fees or manage user activities The no form of this command is used to disable the accounting function aaa accounting exec default list name start stop method1 method2 no aaa acco...

Page 598: ...network service requests from users using RADIUS and sends the accounting messages at the start and end time of access Ruijie config aaa accounting network start stop group radius Related commands Com...

Page 599: ...s The following example performs accounting of the network service requests from users using RADIUS and sends the accounting messages at the start and end time of access Ruijie config aaa accounting n...

Page 600: ...s command to set the interval of sednign the accounting update message The no form of this command is used to restore it to the default value aaa accounting update periodic interval no aaa accounting...

Page 601: ...nds list name Use a defined command accouting method list Default Disabled Command mode Line configuration mode Usage guidelines Once the default command accouting method list has been configured it i...

Page 602: ...list name Use a defined Exec accouting method list Default Disabled Command mode Line configuration mode Usage guidelines Once the default exec accouting method list has been configured it is applied...

Page 603: ...ied domain Default No domain is configured Command mode Global configuration mode Usage guidelines Use this command to configure the domain name based AAA service The default is to configure the defau...

Page 604: ...A service configuration enable this service Examples The following example enables the domain name based AAA service Ruijie config aaa domain enable Related commands Command Description aaa new model...

Page 605: ...level username Define a local user database accounting network Use this command to configure the Network accounting list The no form of this command is used to remove the setting accounting network d...

Page 606: ...tting authentication dot1x default list name no authentication dot1x Parameter description Parameter Description default Use this parameter to specify the default method list list name The name of the...

Page 607: ...list name The name of the specified method list Default With no method list specified if users send the request the device will attempt to specify the default method list for users Command mode Domain...

Page 608: ...ormation will be displayed Examples The following example shows the domain named domain com Ruijie config show aaa domain domain com Domain domain com State Active Username format Without domain Acces...

Page 609: ...Related commands Command Description aaa new model Enable the AAA security service aaa domain enable Enable the domain name based AAA service show aaa domain enable Show the domain configuration usern...

Page 610: ...rvice show aaa domain Show the domain configuration aaa group server Use this command to configure the AAA server group The no form of this command is used to delete the server group aaa group server...

Page 611: ...f_name VRF name Default Configuration N A Command mode Server group configuration mode Usage guidelines This command selects VRF for the specified server groups Examples The following example selects...

Page 612: ...ode Server group configuration mode Usage guidelines Add a server to the specified server group The default value is used if no port is specified Examples The following example adds a server to the se...

Page 613: ...oups configured for AAA Ruijie show aaa group Group Name ss Group Type radius Referred 2 Server List IP Address 192 168 217 64 Authentication Port 1812 Accounting Port 1813 Referred 1 Related commands...

Page 614: ...ommand to configure the length of lockout time when the login user has attempted for more than the limited times aaa local authentication lockout time lockout time Parameter description In the range o...

Page 615: ...If AAA is not enabled none of the AAA commands can be configured Examples The following example shows how to enable the AAA security service Ruijie config aaa new model Related commands Command Descri...

Page 616: ...nfiguration of the switch show aaa lockout Show the lockout configuration parameter of current login debug aaa Use this command to turn on the AAA service debugging switch The no form of this command...

Page 617: ...ccounting network default start stop group radius Authorization method list aaa authorizating network default group radius Related commands Command Description aaa authentication Define a user authent...

Page 618: ...ence AAA Configuration Commands Related commands Command Description show running config Show the current configuration of the switch show aaa lockout Show the lockout configuration parameter of curre...

Page 619: ...ined on the RADIUS server use this command to set the source IP address of the RADIUS packet This command uses the first IP address of the specified interface as the source IP address of the RADIUS pa...

Page 620: ...Some RADIUS security servers mainly used to 802 1x authentication may identify the IETF format only In this case the RADIUS Calling Station ID attribute shall be set as the IETF format type Examples T...

Page 621: ...test username name Optional Enable the active detection to the RADIUS security server and specify the username used by the active detection idle time time Optional Set the interval of sending the test...

Page 622: ...er host in the IPv6 environment Ruijie config radius server host 3000 100 Related commands Command Description aaa authentication Define the AAA authentication method list radius server key Define a s...

Page 623: ...cket retransmissions radius server timeout Define the timeout for the RADIUS packet radius server retransmit Use this command to configure the number of packet retransmissions before the device consid...

Page 624: ...e to wait for a response from the security server after retransmitting the RADIUS packet The no format of this command is used to restore it to the default setting radius server timeout seconds no rad...

Page 625: ...t from the Radius server within the specified time the Radius server is considered to be unreachable The value is in the range of 1s to 120s tries number Configure the successive timeout times When se...

Page 626: ...in minutes when the device stops sending any requests to the unreachable Radius server The value is in the range of 1 min to 1440 min 24h Default The default value of minutes is 0 min that is the devi...

Page 627: ...1 to 255 type Private attribute type Default Only the default configuration of private attributes in Ruijie is recognized id Function Type 1 max down rate 1 2 qos 2 3 user ip 3 4 vlan id 4 5 version t...

Page 628: ...me 2 13 14 file name 3 14 15 file name 4 15 16 max up rate 75 17 version to server 17 18 flux max high32 18 19 flux max low32 19 20 proxy avoid 20 21 dailup avoid 21 22 ip privilege 22 23 login privil...

Page 629: ...l configuration mode Usage guidelines Set the qos value sent by the RADIUS server as the cos value and the dscp value by default Examples The following example sets the qos value sent by the RADIUS se...

Page 630: ...nfigure vendor type radius set qos cos Set the qos value sent by the RADIUS server as the cos value of the interface debug radius Use this command to turn on the RADIUS debugging switch The no form of...

Page 631: ...P 192 168 4 13 Accounting Port 45 Authen Port 74 Test Username Not Configured Test Idle Time 60 Minutes Test Ports Authen and Accounting Server State Active Current duration 765s previous duration 0s...

Page 632: ...eadtime 0 Minute Server Retries 3 Server Dead Critera Time 10 Seconds Tries 10 Related commands Command Description radius server host Define the RADIUS security server radius server retransmit Define...

Page 633: ...vlan id 4 5 last supplicant vers 5 ion 6 net ip 6 7 user name 7 8 password 8 9 file directory 9 10 file count 10 11 file name 0 11 12 file name 1 12 13 file name 2 13 14 file name 3 14 15 file name 4...

Page 634: ...Description radius server host Define the RADIUS security server radius server retransmit Define the number of RADIUS packet retransmissions radius server key Define a shared password for the RADIUS...

Page 635: ...age guidelines By dividing TACACS servers into several groups the tasks of anthentication authorization and accounting can be implemented by different server groups Examples The following example conf...

Page 636: ...oup servers when one server does not reply it will send the request to the next server Examples The following example configures a TACACS server group named tac1 and a TACACS server address 1 1 1 1 in...

Page 637: ...vpn1 Related commands Command Description aaa group server tacacs Configure TACACS server group server Configure server list of TACACS server group ip tacacs source interface Use this command to conf...

Page 638: ...interface tacacs server host Use this command to configure IP address of TACACS server host tacacs server host ip address ipv6 address port integer timout integer key string no tacacs server host ip...

Page 639: ...description Parameter Description string Text of shared password 0 7 Encryption type of password 0 indicates no encryption 7 indicates being simply encrypted Default Configuration No specified shared...

Page 640: ...er Description seconds Timeout time s in the range 1 to 1000s Default Configuration 5s Command mode Global configuration mode Usage guidelines Use this command to adjust the timeout time of reply pack...

Page 641: ...mand to show the interoperation condition with each TACACS server show tacacs Parameter description N A Default configuration N A Command mode Privileged EXEC mode Usage guidelines Use this command to...

Page 642: ...CLI Reference TACACS Configuration Commands host...

Page 643: ...Only addresses in this table can be authenticated by 802 1X Use the show dot1x auth address table command to show the authentication address table Configuration Examples The following example shows h...

Page 644: ...st on an interface and use the group radius for authentication Ruijie configure terminal Ruijie config aaa new model Ruijie config aaa authentication dot1x default group radius Ruijie config interface...

Page 645: ...ng Platform Description dot1x auth fail vlan Use this command to set the 802 1X authentication failure VLAN dot1x auth fail vlan vid no dot1x auth fail vlan vid Parameter Description Parameter Descrip...

Page 646: ...lts EAP MD5 mode Command Mode Global configuration mode Usage Guide Use the show dot1x command to show the 802 1X setting Configuration Examples This example shows how to set the 802 1X authentication...

Page 647: ...uto Req Enabled User Detect Enabled Packet Num 0 Req Interval 30 Second Related Commands Command Description show dot1x auto req The command is used to show the setting of the active authentication fu...

Page 648: ...to show the setting of the active authentication function Platform Description dot1x auto req req interval Use this command to set the interval of sending authentication request messages Use the no f...

Page 649: ...req user detect no dot1x auto req user detect Parameter Description Defaults Enabled Command Mode Global configuration mode Usage Guide This command is used to cease sending authentication request mes...

Page 650: ...ion for the client Configuration Examples The following example shows to how to enable the online probe function for the client Ruijie configure terminal Ruijie config dot1x client probe enable Ruijie...

Page 651: ...e are other authentication methods in the 802 1x authentication method list in addition to the RADIUS authentication method the IAB function will not be enabled Such as the aaa authentication dot1x de...

Page 652: ...CLI Reference 802 1X Configuration Commands Ruijie config if end...

Page 653: ...naccessible authentication bypass function is enabled on the interface due to the server failure when the RADIUS server recovers the identities of all the users who have been authorized through the in...

Page 654: ...ction is disabled the port will not switch to the VLAN after IAB is enabled Configuration Examples Ruijie configure terminal Enter configuration commands one per line End with CNTL Z Ruijie config int...

Page 655: ...tion Defaults Disabled Command Mode Global configuration mode Usage Guide Use the show dot1x dynamic vlan command to view the setting of 802 1X Configuration Examples The following example shows how t...

Page 656: ...and is used to view the 802 1x setting Platform Description dot1x guest vlan Use this command to set whether to allow guest vlan jump Use the no form of the command to disable the function dot1x guest...

Page 657: ...on Commands Configuration Examples The following example shows how to set 802 1x guest vlan jumping Ruijie configure terminal Ruijie config interface gigabitEthernet 4 5 Ruijie config if dot1x guest v...

Page 658: ...Examples The following example shows how to set the 802 1x MAC bypass authentication Ruijie configure terminal Ruijie config interface fa 0 1 Ruijie config dot1x mac auth bypass Ruijie config end Ruij...

Page 659: ...s Command Description show dot1x port control interface The command is used to show the interface s 802 1x information Platform Description dot1x mac auth bypass violation Use this command to set the...

Page 660: ...f the command to restore the default setting dot1x mac move permit no dot1x mac move permit Parameter Description Defaults Disabled Command Mode Global configuration mode Usage Guide With this functio...

Page 661: ...mmand to set the maximum number of authentication requests sent to the server Use the no form of the command to restore the default setting dot1x max req count no dot1x max req Parameter Description P...

Page 662: ...to allow users to change usernames Use the no form of this command to restore the default setting dot1x multi account enable no dot1x multi account enable Parameter Description Defaults Switching to o...

Page 663: ...Command Description show dot1x The command is used to view the 802 1x setting Platform Description dot1x port control mode By default 802 1x controls users by controlling their MACs and only authenti...

Page 664: ...default user limit is configured for a port when single host is adopted only one user can to use the network regardless of the parameter Configuration Examples Example 1 shows how to set the port to p...

Page 665: ...ijie config dot1x private supplicant only Ruijie config end Ruijie Related Commands Command Function show dot1x private supplicant only The command is used to view the setting Platform Description dot...

Page 666: ...nd Ruijie show dot1x probe timer Hello Interval 30 Seconds Hello Alive 120 Seconds Related Commands Command Description Show dot1x probe timer It shows the client probe timer s configuration Platform...

Page 667: ...imum Request 3 times Filter Non RG Supp Disabled Client Oline Probe Disabled Eapol Tag Enable Disabled Authorization Mode Group Server Related Commands Command Description show dot1x It is used to sho...

Page 668: ...et Timer Period 1000 sec Tx Timer Period 10 sec Supplicant Timeout 10 sec Server Timeout 10 sec Re authen Max 5 times Maximum Request 3 times Filter Non RG Supp Disabled Client Oline Probe Disabled Ea...

Page 669: ...out quiet period Use this command to set the time in seconds for a device to wait for re authentication after the authentication failure for example wrong authentication password Use the no form of th...

Page 670: ...es Filter Non RG Supp Disabled Client Oline Probe Disabled Eapol Tag Enable Disabled Authorization Mode Group Server Related Commands Command Description show dot1x It is used to view the 802 1x setti...

Page 671: ...Filter Non RG Supp Disabled Client Oline Probe Disabled Eapol Tag Enable Disabled Authorization Mode Group Server Related Commands Command Description show dot1x It is used to view the 802 1x setting...

Page 672: ...Period 1000 sec Quiet Timer Period 1000 sec Tx Timer Period 3 sec Supplicant Timeout 3 sec Server Timeout 10 sec Re authen Max 3 times Maximum Request 3 times Filter Non RG Supp Disabled Client Oline...

Page 673: ...ween a device and applicants to 10s Ruijie configure terminal Ruijie config dot1x timeout supp timeout 10 Ruijie config end Ruijie show dot1x 802 1X Status Enabled Authentication Mode EAP MD5 Authed U...

Page 674: ...command to view the 802 1X setting Configuration Examples The following example shows how to set the interval of re transmission to 10s Ruijie configure terminal Ruijie config dot1x timeout tx period...

Page 675: ...authen Max 3 times Maximum Request 3 times Filter Non RG Supp Disabled Client Oline Probe Disabled Eapol Tag Enable Disabled Authorization Mode Group Server Ruijie Related Commands Command Description...

Page 676: ...nsmission interval Platform Description show dot1x auth address table Use this command to display the table of 802 1Xaddresses that can be authenticated show dot1x auth address table address mac addr...

Page 677: ...dot1x timeout quiet period It is used to set the waiting time for re authentication dot1x timeout re authperiod It is used to set the re authentication interval for an applicant dot1x timeout server t...

Page 678: ...authentication times dot1x re authentication It is used to set whether periodic re authentication is required dot1x timeout quiet period It is used to set the waiting time for re authentication dot1x...

Page 679: ...ication It is used to set whether periodic re authentication is required dot1x timeout quiet period It is used to set the waiting time for re authentication dot1x timeout re authperiod It is used to s...

Page 680: ...ed to set a port to participate in authentication dot1x reauth max It is used to set the maximum number of applicant re authentication times dot1x re authentication It is used to set whether periodic...

Page 681: ...equest re transmission times dot1x port control auto It is used to set a port to participate in authentication dot1x reauth max It is used to set the maximum number of applicant re authentication time...

Page 682: ...cation request re transmission times dot1x port control auto It is used to set a port to participate in authentication dot1x reauth max It is used to set the maximum number of applicant re authenticat...

Page 683: ...mission times dot1x port control auto It is used to set a port to participate in authentication dot1x reauth max It is used to set the maximum number of applicant re authentication times dot1x re auth...

Page 684: ...ransmission times dot1x port control auto It is used to set a port to participate in authentication dot1x reauth max It is used to set the maximum number of applicant re authentication times dot1x re...

Page 685: ...hentication mode dot1x max req It is used to set the maximum number of authentication request re transmission times dot1x port control auto It is used to set a port to participate in authentication do...

Page 686: ...ut quiet period quiet period 60 sec Ruijie Related Commands Command Description dot1x auth mode It is used to set the 802 1x authentication mode dot1x max req It is used to set the maximum number of a...

Page 687: ...summary Defaults Command Mode Privileged mode Usage Guide The command is used to view the information of a specific user Configuration Examples The following example shows how to view the information...

Page 688: ...ntication times dot1x re authentication It is used to set whether periodic re authentication is required dot1x timeout quiet period It is used to set the waiting time for re authentication dot1x timeo...

Page 689: ...shows how to enable the global client download function Ruijie configure terminal Ruijie config dot1x redirect Related Commands Command Description N A N A Platform Description N A http redirect This...

Page 690: ...HTTP the access device redirects the user s access request in the client download page to guide the user to download install and authenticate the client Configuration Examples Example 1 Set the IP ad...

Page 691: ...16 0 1 free of authentication Ruijie config http redirect direct site 172 16 0 1 Related Commands Command Description show http redirect View the HTTP redirection configuration Platform Description N...

Page 692: ...n destination port http redirect port port num no http redirect port port num Parameter Description Parameter Description port num Destination port of the HTTP request Defaults The HTTP packets of use...

Page 693: ...uthenticated user It is in the range of 1 to 255 port session num The maximum number of HTTP sessions that can be originated by an unauthenticated user connected to each port It is in the range of 1 t...

Page 694: ...timeout for the redirection connection maintenance After the three way handshake succeeds the redirection connection is maintained until the user sends an HTTP GET HEAD packet and the system returns...

Page 695: ...255 255 Off 192 168 5 140 255 255 255 255 Off 218 30 66 101 255 255 0 0 Off 218 30 66 101 255 255 255 255 Off Direct hosts Address Mask Port ARP Binding 192 168 1 1 255 255 255 255 Fa0 1 On Field Des...

Page 696: ...the IP address of the authentication server http redirect direct site Set the network resources free of authentication http redirect homepage Set the address of the authentication homepage http redire...

Page 697: ...host This command is used to display the users free of Web authentication show web auth direct host Parameter Description Parameter Description N A N A Defaults N A Command Mode Privileged EXEC mode U...

Page 698: ...b auth port control Parameter Description Parameter Description N A N A Defaults N A Command Mode Privileged EXEC mode Usage Guide N A Configuration Examples Example 1 Display the authentication confi...

Page 699: ...XEC mode Usage Guide N A Configuration Examples Example 1 Display the global Web authentication configuration and statistics Ruijie show web auth user Current user num 4 Address Online Time Limit Time...

Page 700: ...e authenticated VLAN list The no form of this command is used to cancel the setting web auth allow vlan list no web auth allow vlan list Parameter Description Parameter Description list Set the VLAN l...

Page 701: ...of authentication ip mask Mask of the IPv4 address free of authentication optional port interface name Bind user s IP address with a port of the access device optional arp If ARP CHECK is enabled on...

Page 702: ...ser port is LinkDown and does not detect LinkUp in 60s it considers that the user is offline User traffic based check The user s traffic does not increase in 15 min the user is considered offline Meth...

Page 703: ...mands Command Description http redirect Set the IP address of the authentication server http redirect homepage Set the address of the authentication homepage web auth port control Enable the Web authe...

Page 704: ...n server http redirect homepage Set the address of the authentication homepage web auth portal key Set the communication key between the access device and the authentication server Platform Descriptio...

Page 705: ...ange the interval at which the online user information is updated Configuration Examples Example 1 Set the interval at which the online user information is updated to 30s Ruijie config web auth update...

Page 706: ...SSH2 can use it If only a DSA key is generated only SSH2 can use it A client only adopts either a DSA or an RSA public key algorithm to authenticate the server in one connection But different clients...

Page 707: ...ter Description rsa Delete the RSA key dsa Delete the DSA key Defaults N A Command Mode Global configuration mode Usage Guide This command deletes the public key of the SSH Server After the key is del...

Page 708: ...1 Or Ruijie disconnect ssh vty 1 Related Commands Command Description show ssh Show the information about the established SSH connection clear line vty line_number Disconnect the current VTY connecti...

Page 709: ...tion Parameter Description retry times Authentication retry times in range of 0 to 5 Defaults The default authentication retry times are 3 Use the no ip ssh authentication retries command to restore t...

Page 710: ...tion mode Usage Guide N A Configuration Examples The following example sets the associated RSA and DSA public key files of User Test Ruijie configure terminal Ruijie config ipssh peer test public key...

Page 711: ...n of the SSH server Use the no form of this command to restore the default setting ip ssh version 1 2 no ipssh version Parameter Description Parameter Description 1 Support the SSH1 client connection...

Page 712: ...how crypto key mypubkey rsa dsa Parameter Description Parameter Description rsa Show the RSA key dsa Show the DSA key Defaults N A Command Mode Privileged EXEC mode Usage Guide This command is used to...

Page 713: ...ip ssh Related Commands Command Description ip ssh version 1 2 Configure the version for the SSH Server ip ssh time out time Set the authentication timeout for the SSH Server ip ssh authentication ret...

Page 714: ...CLI Reference SSH Configuration Commands connection status and user name Configuration Examples Ruijie show ssh Related Commands Command Description N A N A Platform Description N A...

Page 715: ...this command takes effect only after the GSN function is enabled Examples Ruijie config if security address bind enable Related commands Command Description security gsn enable Enable the global GSN...

Page 716: ...unity public The following example shows how to set the v3 username to start Ruijie config security v3 user start security event interval Use this command to set the minimum interval of security event...

Page 717: ...GSN Examples The following example shows how to enable GSN Ruijie config security gsn enable smp server host Use this command to configure the IP address for the corresponding smp server smp server ho...

Page 718: ...jie show security event interval Event sending interval seconds 5 Related commands Command Description security event interval interval Configure the minimum interval of security event show smp server...

Page 719: ...Examples Use the language chinese english command in the global configuration mode to switchover the Chinese English interface Related commands Command Description view gsn Show the main status and c...

Page 720: ...ts Use show running config to display configuration Examples Ruijie config protected ports route deny Related commands Command Description show running config Show whether the route deny between prote...

Page 721: ...storms A device can implement the storm suppression to a broadcast a multicast or a unicast storm respectively When excessive broadcast multicast or unknown unicast packets are received the switch tem...

Page 722: ...Description show interfaces Show the interface information Platform description For S32 and S37 series the cross device protected ports are not supported ACL shall not be installed under the protected...

Page 723: ...his example shows how to enable port security on interface gigabitethernet 1 1 and the way to deal with violation is shutdown Ruijie config interface gigabitethernet 1 1 Ruijie config if switchport po...

Page 724: ...Ruijie config if switchport port security aging static Related commands Command Description show port security Show port security settings switchport port security binding Use this command to configu...

Page 725: ...ity settings switchport port security Enable the port security switchport port security binding interface Configure the secure address binding in the privileged EXEC mode Switchport port security mac...

Page 726: ...2 168 1 100 on the interface g 0 10 Ruijie config switchport port security binding interface g 0 10 192 168 1 100 2 This example shows how to bind the IP address 192 168 1 100 and MAC address 00d0 f80...

Page 727: ...port Default configuration N A Command mode Interface configuration mode Usage guidelines N A Examples The example below describes how to configure a static secure address 00d0 f800 5555 with VID 2 f...

Page 728: ...n id is only supported on the TRUNK port Default configuration N A Command mode Privileged EXEC mode Usage guidelines N A Examples The example below describes how to configure a static secure address...

Page 729: ...address vlan id Vlan ID of the MAC address Note the configuration of vlan id is only supported on the TRUNK port Default configuration The Sticky MAC address learning is disabled by default Command m...

Page 730: ...witchport port security maximum value no switchport port security maximum Parameter description Parameter Description value Maximum number of the secure address in the range of 1 to 128 Default config...

Page 731: ...able the port IP address number limit nac author user maximum value no nac author user maximum Parameter description Parameter Description value The limited IP address number in the range of 1 to 1024...

Page 732: ...w nac author user Related commands Command Description nac auth user maximum value Set the limited number of port IP address show port security Use this command to show port security settings show por...

Page 733: ...lation switchport port security aging Specify the aging time for the secure address on the interface switchport port security mac address Configure the secure address table show storm control Use this...

Page 734: ...ttl error hop limit local telnet local snmp local http local tftp local other ipv4 uc ipv6 uc mld ns other traffic class traffic class num Parameter description Parameter Description traffic class nu...

Page 735: ...4 Known_ mc 1 Unknown_ mc 1 Broadcast 0 Error_ttl 0 Route 5 RIPv1 5 IPv4 ctrl 5 MLD 3 Error_Hop_Limit 0 IPv6 ctrl 5 Route6 5 Other 0 For the S5760 series Packet Type Queue ID BPDU 6 ARP 5 TPP 6 802 1...

Page 736: ...MLD 3 NS 5 Other 0 Command mode Global configuration mode Examples The following example sets the traffic class for the BPDU packet Ruijie config cpu protect type bpdu traffic class 5 Ruijie config en...

Page 737: ...te for the queue in the range of 32 131072kbps Default For S2900 series and S5760 series the default bandwidth of the queue 7 is 100000kbps and other queues is 1000kbps For S3760 series the default ba...

Page 738: ...series the default bandwidth of the queue 7 is 100000kbps and other queues is 1000kbps For S3760 series the default bandwidth of all queues is 1000kbps Command mode Global configuration mode Examples...

Page 739: ...ation mode Examples The following example sets the maximum rate for the CPU port as 2000kbps Ruijie configure terminal Ruijie config cpu protect cpu bandwidth 2000 Ruijie config end Ruijie show cpu pr...

Page 740: ...nable 3000 Ruijie config end Ruijie show cpu protect mac address storm control MAC address storm control state enable MAC address storm control rate 3000 address second Caution This command is not sup...

Page 741: ...rate for all queues show cpu protect cpu Show the maximum rate for CPU port show cpu protect traffic class id id_num Use this command to show the maximum rate for each queue show cpu protect traffic...

Page 742: ...otect traffic class all Command mode Privileged EXEC mode Usage guidelines This command shows the maximum rate for all queues Examples The following example shows the maximum rate for all queues Ruiji...

Page 743: ...ue for each packet type show cpu protect traffic class id id_num Show the maximum rate for each queue id_num valid range is 0 7 show cpu protect traffic class all Show the maximum rate for all queues...

Page 744: ...CLI Reference CPU Protection Configuration Commands Caution This command is not supported on S3760 series...

Page 745: ...configuration mode Usage guidelines N A Examples The following example shows how to enable the anti attack of the self consumption Ruijie config ip deny invalid l4port The following example shows how...

Page 746: ...ts Ruijie config ip deny invalid tcp The following example shows how to disable the anti attack of the invalid TCP packets Ruijie config no ip deny invalid tcp Related commands Command Description sho...

Page 747: ...command to enable the ingress filtering to defend against DoS attack Use the no form of this command to disable this function ip deny spoofing source no ip deny spoofing source Parameter description P...

Page 748: ...how to disable the ingress filtering on the routed port Fa 0 5 Ruijie config int fa 0 5 Ruijie config if FastEthernet no ip deny spoofing source Related commands Command Description show ip deny inval...

Page 749: ...ings N A Command mode Privileged EXEC mode Usage guidelines N A Examples Ruijie show ip deny invalid tcp DoS Protection Mode State protect against invalid tcp attack On Related commands Command Descri...

Page 750: ...nds Command mode Privileged EXEC mode Usage guidelines N A Examples Ruijie show ip deny land DoS Protection Mode State protect against land attack On Related commands Command Description no ip deny la...

Page 751: ...g function is enabled Note that DHCP Snooping cannot coexist with private VLAN Examples The following is an example of enabling the DHCP snooping function Ruijie configure terminal Ruijie config ip dh...

Page 752: ...default once the DHCP Snooping is enabled globally it takes effect for all VLANs Command mode Global configuration mode Usage guidelines Use this command to configure effective DHCP snooping VLAN by...

Page 753: ...ip dhcp snooping Switch DHCP snooping status ENABLE Verification of hwaddr field status DISABLE DHCP snooping database write delay time 0 seconds DHCP snooping option 82 status ENABLE DHCP snooping Su...

Page 754: ...ooping database write delay time 0 seconds DHCP snooping option 82 status ENABLE DHCP Snooping Support Bootp bind status ENABLE Interface Trusted Rate limit pps Related commands Command Description sh...

Page 755: ...option remote id as the customized character string The no form of this command will disable this function no ip dhcp snooping information option format remote id string ascii string hostname Paramete...

Page 756: ...e DHCP snooping database into the flash Default Disabled Command mode Global configuration mode Usage guidelines This function can avoid loss of user information after restart In that case users need...

Page 757: ...Usage guidelines Use this command to write the dynamic user information of the DHCP binding database into flash in real time Examples The following is an example of writing the dynamic user informati...

Page 758: ...formation of the DHCP snooping ip dhcp snooping trust Use this command to set the ports of the switch as trusted ports The no form of this command sets the ports as untrust ports no ip dhcp snooping t...

Page 759: ...s command will disable this function no ip dhcp snooping vlan vlan id information option change vlan to vlan vlan id Parameter description Parameter Description vlan The specified vlan to change Defau...

Page 760: ...N where the DHCP request packets are ascii string The user defined content to fill to the Circuit ID Default Disabled Command mode Interface configuration mode Usage guidelines This command is used to...

Page 761: ...DHCP packets by hardware CCP based rate limit takes precedence over DHCP Snooping based rate limit For CPP please refer to specific chapters You can view the rate limit setting on the corresponding in...

Page 762: ...ng Ruijie show ip dhcp snooping Switch DHCP snooping status ENABLE Verification of hwaddr field status DISABLE DHCP snooping database write delay time 0 seconds DHCP snooping option 82 status ENABLE D...

Page 763: ...gs 1 MacAddress IpAddress Lease Type VLAN Interface 00d0 f801 0101 192 168 1 1 static 1 fastethernet 0 1 Related commands Command Description ip dhcp snooping binding Add the static user information t...

Page 764: ...ding database debug ip dhcp snooping Use this command to trun on the debugging switch of the DHCP snooping debug ip dhcp snooping Default Turned off Command mode Privileged EXEC mode Examples The foll...

Page 765: ...rted on all switches Related commands Command Description ip dhcp snooping help Use this command to show the configuration help of dhcp command ip dhcp snooping help Parameter description N A Default...

Page 766: ...tion of all VLANs is disabled Command mode Global configuration mode Usage guidelines To execute this command enable the DAI function firstly Examples The following configuration is to check the ARP m...

Page 767: ...ce including the trust state and rate limit of the interface Platform description On the NFPP supported switches interface rate is limited by NFPP rather than DAI Therefore if you execute this command...

Page 768: ...port Ruijie config ip arp inspection Ruijie config interface gigabitEthernet 0 2 Ruijie config if ip arp inspection limit rate 10 DHCP Snooping Database Related Configuration When the corresponding D...

Page 769: ...atically interface id Add user interface id statically ip mac The global binding type is IP MAC ip only The global binding type is IP only Default configuration No static binding user Command mode Glo...

Page 770: ...lines This command enables IP Source Guard function on the interface to do IP based or IP MAC based detection IP Source Guard takes effect only on DHCP Snooping untrusted port In other words IP Source...

Page 771: ...ping Show binding information of dynamic user static Show binding information of static user vlan id Show user binding information of corresponding vlan Interface id Show user binding information of c...

Page 772: ...Source Guard supports the following filtering modes inactive no snooping vlan the interface isn t within the range of DHCP Snooping VLAN and IP Source Guard is inactive inactive trust port the interf...

Page 773: ...CLI Reference IPSource Guard Configuration Commands Platform description This command is supported on all switches...

Page 774: ...tion mode Usage Guide N A Configuration Examples The following example shows how to enable the IPv6 ND Snooping function Ruijie configure terminal Enter configuration commands one per line End with CN...

Page 775: ...ing trust Related Commands Command Description show ipv6 nd snooping Show the ipv6 nd snooping configurations Platform Description N A show ipv6 nd snooping Use this command to show the IPv6 nd snoopi...

Page 776: ...CLI Reference ND Snooping Configuration Commands...

Page 777: ...he show ip dhcpv6 snooping command to view whether the DHCPv6 snooping function is enabled Examples The following is an example of enabling the DHCPv6 snooping function Ruijie config ipv6 dhcp snoopin...

Page 778: ...orted on all switches ipv6 dhcp snooping database write delay Use this command to configure the switch to write the dynamic user information of the DHCPv6 snooping binding database into the flash peri...

Page 779: ...p snooping database write to flash Parameter description N A Default N A Command mode Global configuration mode Usage guidelines Use this command to write the dynamic user information of the DHCPv6 bi...

Page 780: ...HCPv6 request packets on the interface fastethernet 0 1 Ruijie config interface fastethernet 0 1 Ruijie config if ipv6 dhcp snooping filter dhcp pkt Platform description This command is supported on a...

Page 781: ...nooping View the configuration information of the DHCPv6 snooping Platform description This command is supported on all switches ipv6 dhcp snooping information option Use this command to enable the fu...

Page 782: ...ation information of the DHCPv6 snooping Platform description This command is supported on all switches ipv6 dhcp snooping information option format remote id Use this command to enable the function o...

Page 783: ...es ipv6 dhcp snooping link detection Use this command to clear the dynamic binding entry on an interface when the interface links down Use the no form of this command to disable this function ipv6 dhc...

Page 784: ...Default All ports are untrust ports Command mode Interface configuration mode Usage guidelines Use this command to set the port as trust port The DHCPv6 Server response messages received under the tru...

Page 785: ...mode Usage guidelines With the global DHCPv6 sooping enabled this function is enabled in all VLANs by default Examples The following example disables the DHCPv6 snooping function in VLAN1 Ruijie confi...

Page 786: ...option change vlan to vlan 4093 Ruijie config if end Platform description This command is supported on all switches 35 2 ipv6 dhcp snooping vlan vlan id information option format type interface id str...

Page 787: ...nformation option format type interface id string port name Ruijie config if end Platform description This command is supported on all switches ipv6 source binding Use this command to add the static b...

Page 788: ...g dynamic binding entries Platform description This command is supported on all switches ipv6 verify source Use this command to set the address binding on the interface Use the no form of this command...

Page 789: ...ding database manually as needed renew ipv6 dhcp snooping database Parameter description Parameter Description Default Disabled Command mode Privileged EXEC mode Usage guidelines This command is used...

Page 790: ...atabase write delay time 0 seconds DHCPv6 snooping option 18 37 status ENABLE DHCPv6 ignore dest not found DISABLE DHCPv6 snooping link detection DISABLE Interface Trusted Filter DHCP FastEthernet0 10...

Page 791: ...of bindings 1 Mac Address Ipv6 Address Lease s VLAN Interface 00d0 f801 0101 2001 10 42368 2 fa 0 1 Platform description This command is supported on all switches show ipv6 dhcp snooping prefix Use th...

Page 792: ...64 42368 2 fa 0 1 Platform description This command is supported on all switches show ipv6 dhcp snooping statistics Use this command to show the statistical information of the dhcpv6 packets show ipv6...

Page 793: ...are inexistent or error and the packets are discarded Binding fail The entry binding fails and the packets are discarded due to a lack of the hardware resources Unknown packet The unknown DHCP packets...

Page 794: ...the MAC address prefix entry vlan vlan_id Show the VLAN prefix entry interface interface_name Show the interface prefix entry dhcp snooping Show the DHCPv6 snooping dynamic binding entry static Show...

Page 795: ...ac address Clear the MAC address binding entry vlan vlan_id Clear the VLAN binding entry interface interface_name Clear the interface binding entry Default N A Command mode Privileged EXEC mode Usage...

Page 796: ...lines This command is used to clear the generated user information in the dhcpv6 snooping prefix list Examples Ruijie clear ipv6 dhcp snooping prefix Platform description This command is supported on...

Page 797: ...ion Parameter Description event The event debugging message Trace the DHCPv6 SNP event processing in real time such as the VLAN AP change process generating and deleting the binding entry the switchov...

Page 798: ...t Disabled Command mode Interface configuration mode Usage guidelines Use the show anti arp spoofing command to view the configuration Examples Ruijie config interface fastEthernet 0 1 Ruijie config i...

Page 799: ...CLI Reference Anti arp spoofing Configuration Commands Related commands Command Description anti arp spoofing ip Configure the anti arp spoofing...

Page 800: ...ps Route packets 3000pps Protocol packets 3000pps Command mode Global configuration mode Examples Ruijie config cpu protect sub interface manage pps 200 Related commands Command Description cpu protec...

Page 801: ...guard attack threshold Use this command to set the global attack threshold When the packet rate exceeds the attack threshold the attack occurs arp guard attack threshold per src ip per src mac per por...

Page 802: ...ig nfpp arp guard attack threshold per port 50 Related commands Command Description nfpp arp guard policy Show the rate limit threshold and attack threshold show nfpp arp guard summary Show the config...

Page 803: ...guard isolate period seconds permanent Parameter description Parameter Description seconds Set the isolate time in seconds The valid range is 0 or 30 86400 permanent Permanent isolation Default Setti...

Page 804: ...tware monitoring if the isolate period is not 0 the software monitored attacker will be auto isolated by the hardware and the timeout time will be the isolate period The monitor period is valid with t...

Page 805: ...e clear a part of monitored hosts to remind the administrator of the invalid configuration and removing the monitored hosts When the maximum monitored host number has been exceeded it prompts the mess...

Page 806: ...ie config nfpp Ruijie config nfpp arp guard rate limit per src ip 2 Ruijie config nfpp arp guard rate limit per src mac 3 Ruijie config nfpp arp guard rate limit per port 50 Related commands Command D...

Page 807: ...uard scan threshold 20 Related commands Command Description nfpp arp guard scan threshold Set the scan threshold on the port show nfpp arp guard summary Show the configurations show nfpp arp guard sca...

Page 808: ...Description arp guard attack threshold Set the global attack threshold nfpp arp g uard polic y Set the limit threshold and attack threshold sho w nfpp arp g uard host s Show the monitored host clear n...

Page 809: ...anti ARP attack function on the interface nfpp arp guard enable Parameter description Parameter Description Default Settings The anti ARP attack function is not enabled on the interface Command mode...

Page 810: ...ion seconds Set the isolate period in second The valid range is 0 or 30 86400 0 indicates no isolation permanent Permanent isolation Default Settings By default the isolate period is not configured Co...

Page 811: ...imit threshold and the attack threshold for each port rate limit pps Set the rate limit threshold with the valid range of 1 9999 attack threshold pps Set the attack threshold with the valid range of 1...

Page 812: ...s Clear the isolated host nfpp arp guard scan threshold Use this command to set the scan threshold nfpp arp guard scan threshold pkt cnt Parameter description Parameter Description pkt cnt Set the sca...

Page 813: ...ack threshold per src mac per port pps Parameter description Parameter Description per src mac Set the attack threshold for each source MAC address per port Set the attack threshold for each port pps...

Page 814: ...nd to enable the DHCP anti attack function dhcp guard enable Parameter description Parameter Description Default Settings Disabled Command mode NFPP configuration mode Usage guidelines N A Examples Ru...

Page 815: ...180 Related commands Command Description nfpp dhcp guard isolate period Set the isolate time on the interface show nfpp dhcp guard summary Show the configurations dhcp guard monitor period Use this co...

Page 816: ...rd hosts Show the monitored host list clear nfpp dhcp guard hosts Clear the isolated host dhcp guard monitored host limit Use this command to set the maxmum monitored host number dhcp guard monitored...

Page 817: ...urations dhcp guard rate limit Use this command to set the rate limit threshold globally dhcp guard rate limit per src mac per port pps Parameter description Parameter Description per src mac Set the...

Page 818: ...ace id mac address Parameter description Parameter Description vid Set the VLAN ID interface id Set the interface name and number mac address Set the MAC address Default Settings N A Command mode Priv...

Page 819: ...ription Default Settings The DHCP anti attack function is not enabled on the interface Command mode Interface configuration mode Usage guidelines The interface DHCP anti attack configuration is prior...

Page 820: ...is not configured Command mode Interface configuration mode Usage guidelines N A Examples Ruijie config interface G0 1 Ruijie config if nfpp dhcp guard isolate period 180 Related commands Command Des...

Page 821: ...rface configuration mode Usage guidelines The attack threshold value shall be equal to or greater than the rate limit threshold Examples Ruijie config interface G 0 1 Ruijie config if nfpp dhcp guard...

Page 822: ...id range is 1 9999 Default Settings By default the attack threshold for each source MAC address is 10pps and the attack threshold for each port is 300pps Command mode NFPP configuration mode Usage gui...

Page 823: ...late period Use this command to set the isolate time globally dhcpv6 guard isolate period seconds permanent Parameter description Parameter Description seconds Set the isolate time in seconds The vali...

Page 824: ...tion seconds Set the monitor time in seconds The valid range is 180 86400 Default Settings 600s Command mode NFPP configuration mode Usage guidelines When the attacker is detected if the isolate perio...

Page 825: ...1 4294967295 Default Settings 1000 Command mode NFPP configuration mode Usage guidelines If the monitored host number has reached the default 1000 the administrator shall set the max number smaller t...

Page 826: ...er port Set the rate limit for each port pps Set the rate limit in the range of 1 9999 Default Settings The default rate limit for each source MAC address is 5pps the default rate limit for each port...

Page 827: ...ss Default Settings N A Command mode Privileged EXEC mode Usage guidelines Use this command without the parameter to clear all monitored hosts Examples Ruijie clear nfpp dhcpv6 guard hosts vlan 1 inte...

Page 828: ...config interface G0 1 Ruijie config if nfpp dhcpv6 guard enable Related commands Command Description dhcpv6 guard enable Enable the anti ARP attack function sho w nfpp dhcp v6 g uard sum mary Show the...

Page 829: ...d policy Use this command to set the rate limit threshold and the attack threshold nfpp dhcpv6 guard policy per src mac per port rate limit pps attack threshold pps Parameter description Parameter Des...

Page 830: ...uard attac k thr esho ld Set the global attack threshold dhcp v6 g uard rate l imit Set the global rate limit threshold show nfpp dhcpv6 guard summary Show the configurations show nfpp dhcpv6 guard h...

Page 831: ...ge guidelines N A Examples Ruijie config nfpp Ruijie config nfpp icmp guard attack threshold per src ip 600 Ruijie config nfpp icmp guard attack threshold per port 1200 Related commands Command Descri...

Page 832: ...time globally icmp guard isolate period seconds permanent Parameter description Parameter Description seconds Set the isolate time in seconds The valid range is 0 or 30 86400 permanent Permanent isola...

Page 833: ...uration mode Usage guidelines When the attacker is detected if the isolate period is 0 the attacker will be monitored by the software and the timeout time will be the monitor period During the softwar...

Page 834: ...has reached the default 1000 the administrator shall set the max number smaller than 1000 and it will prompt the message that ERROR The value that you configured is smaller than current monitored host...

Page 835: ...for each port And the default rate limit threshold value for each port varies with the products For the S2600G I series the default value is 400 Command mode NFPP configuration mode Usage guidelines N...

Page 836: ...ed host CPU without any rate limit and warning configuration Configure the mask to set all hosts in one network segment free from monitoring UP to 500 trusted hosts are supported Examples Ruijie confi...

Page 837: ...rd hosts vlan 1 interface g0 1 Related commands Command Description icmp guard attack threshold Set the global attack threshold nfpp icmp guar d polic y Set the limit threshold and attack threshold sh...

Page 838: ...nti ARP attack function sho w nfpp icmp guar d sum mary Show the configurations nfpp icmp guard isolate period Use this command to set the isolate period in the interface configuration mode nfpp icmp...

Page 839: ...mit pps attack threshold pps Parameter description Parameter Description per src ip Set the rate limit threshold and the attack threshold for each source IP address per port Set the rate limit thresho...

Page 840: ...ost clear nfpp icmp guard hosts Clear the isolated host IP guardConfiguration Commands The IP guard configuration commands include Caution It is worth mentioning that ip guard is for the attack of the...

Page 841: ...guidelines The attack threshold shall be equal to or larger than the rate limit threshold Examples Ruijie config nfpp Ruijie config nfpp ip guard attack threshold per src ip 2 Ruijie config nfpp ip g...

Page 842: ...the interface ip guard isolate period Use this command to set the isolate time globally ip guard isolate period seconds permanent Parameter description Parameter Description seconds Set the isolate ti...

Page 843: ...tected if the isolate period is 0 the attacker will be monitored by the software and the timeout time will be the monitor period During the software monitoring if the isolate period is not 0 the softw...

Page 844: ...the administrator shall set the max number smaller than 1000 and it will prompt the message that ERROR The value that you configured is smaller than current monitored hosts 1000 please clear a part of...

Page 845: ...ld for each source IP address and each port is 20pps and 100pps respectively Command mode NFPP configuration mode Usage guidelines N A Examples Ruijie config nfpp Ruijie config nfpp ip guard rate limi...

Page 846: ...nd Description nfpp ip guard scan threshold Set the scan threshold on the port show nfpp ip guard summary Show the configurations ip guard trusted host Use this command to set the trusted hosts free f...

Page 847: ...trusted host 1 1 1 0 255 255 255 0 Related commands Command Description sho w nfpp ip gu ard trust ed h ost Show the configurations clear nfpp ip guard hosts Use this command to clear the monitored ho...

Page 848: ...enable the ICMP anti attack function on the interface nfpp ip guard enable Parameter description Parameter Description Default Settings The IP anti scan function is not enabled on the interface Comma...

Page 849: ...ion seconds Set the isolate period in second The valid range is 0 or 30 86400 0 indicates no isolation permanent Permanent isolation Default Settings By default the isolate period is not configured Co...

Page 850: ...hreshold with the valid range of 1 9999 attack threshold pps Set the attack threshold with the valid range of 1 9999 Default Settings By default the rate limit threshold and the attack threshold are n...

Page 851: ...pkt cnt Parameter description Parameter Description pkt cnt Set the scan threshold with the valid range of 1 9999 Default Settings By default the sport based scan threshold is not configured Command...

Page 852: ...he redirect packets pps Set the attack threshold in pps The valid range is 1 9999 Default Settings By default the default attack threshold for the ns na rs and ra redirect on each port is 30 Command m...

Page 853: ...ie config nfpp Ruijie config nfpp nd guard enable Related commands Command Description nffp nd guard enable Enable the ND anti attack function on the interface show nfpp nd guard summary Show the conf...

Page 854: ...pp nd guard rate limit per port rs 5 Ruijie config nfpp nd guard rate limit per port ra redirect 5 Related commands Command Description nfpp nd guard policy Set the rate limit and the attack threshold...

Page 855: ...r port ns na rs ra redirect rate limit pps attack threshold pps Parameter description Parameter Description ns na Set the neighbor request and neighbor advertisement rs Set the router request ra redir...

Page 856: ...ort For the trusted port with ND snooping enabled ND snooping advertises ND guard to set the rate limit threshold and attack threshold for the three categories of packets as 800pps and 900pps respecti...

Page 857: ...ameter Description name Defined guard name vid VLAN ID interface id Interface name ip address IP address ipv6 address IPv6 address Default Settings N A Command mode Privileged EXEC mode Usage guidelin...

Page 858: ...able Related commands Command Description show nfpp define summary Show the user defined anti attack configurations isolate period Use this command to set the isolate time isolate period seconds perma...

Page 859: ...efined anti attack match etype type src mac smac src mac mask smac_mask dst mac dmac dst mac mask dst_mask protocol protocol src ip sip src ip mask sip mask src ipv6 sipv6 src ipv6 masklen sipv6 maskl...

Page 860: ...attack type and specify the message fileds to be matched Examples Ruijie config nfpp Ruijie config nfpp nfpp define tcp Ruijie config nfpp define match etype 0x0800 protocol 0x06 Related commands Com...

Page 861: ...r has been exceeded it prompts the message that NFPP_DEFINE 4 SESSION_LIMIT Attempt to exceed limit of name s 1000 monitored hosts to remind the administrator Examples Ruijie config nfpp Ruijie config...

Page 862: ...rather than being monitored by the software Examples Ruijie config nfpp Ruijie config nfpp nfpp define tcp Ruijie config nfpp define monitor period 1000 Related commands Command Description show nfpp...

Page 863: ...elete the configurations of all trusted hosts with the no form of this command Default Settings N A Command mode NFPP define configuration mode Usage guidelines The administrator can use this command...

Page 864: ...c mac per src ip per port rate limit pps attack threshold pps Parameter description Parameter Description per src ip Perform the rate statistics based on the source IP VID and port per src mac Perform...

Page 865: ...will be printed and the trap will be sent For the classification based on the user the user will be isolated according to the isolate period Examples Ruijie config nfpp Ruijie config nfpp nfpp define...

Page 866: ...mary Show the user defined anti attack configurations nfpp define name isolate period Use this command to set the local isolate period in the interface configuration mode nfpp define name isolate per...

Page 867: ...threshold pps Parameter description Parameter Description per src ip Set the attack threshold for each source IP address per port Set the attack threshold for each port rate limit pps Set the rate lim...

Page 868: ...Ruijie config if nfpp define tcp policy per port 50 100 Related commands Command Description defin e pol icy Set the global rate limit threshold and attack threshold show nfpp define summary Show the...

Page 869: ...mand mode Privileged EXEC mode Usage guidelines N A Examples Ruijie clear nfpp log 32 log buffer entries were cleared Related commands Command Description show nfpp log Show the NFPP log configuration...

Page 870: ...ence NFPP Configuration Commands Default Settings 256 Command mode NFPP configuration mode Usage guidelines N A Examples Ruijie config nfpp Ruijie config nfpp log buffer entries 50 Related Command Des...

Page 871: ...NFPP Configuration Commands commands l o g b u f f e r l o g s n u m b e r _ o f _ m e s s a g e i n t e r v a l l e n g t h S h o w t h e r a t e o f t h e s y s l o g g e n e r a t e d fr o m t h e...

Page 872: ...CLI Reference NFPP Configuration Commands s h o w n f p p l o g S h o w t h e N F P P l o g c o n fi g u r a ti o n o r t h e l o g b u ff e r a r e a...

Page 873: ...ite the log to the buffer area but generate the syslog immediately With both the number_of_message and length_in_seconds values are 0 it indicates not to write the log to the buffer area but generate...

Page 874: ...Command mode NFPP configuration mode Usage guidelines Use this command to filter the logs and records the logs within the specified VLAN range or the specified port Examples The following example sho...

Page 875: ...h all attributes is displayed in the log buffer area The administrator shall increase the capacity of the log buffer area or improve the rate of generating the syslog The generated syslog in the log b...

Page 876: ...P 1 Gi0 1 1 1 1 2 ISOLATE_FAILED 2009 05 30 16 23 15 ARP 1 Gi0 1 0000 0000 0001 SCAN 2009 05 30 16 30 10 ARP Gi0 2 PORT_ATTACKED 2009 05 30 16 30 10 Field Description Protocol ARP IP ICMP DHCP DHCPv6...

Page 877: ...s The following example shows the statistical information of the monitored host Ruijie show nfpp arp guard hosts statistics success fail total 100 20 120 The following example shows the monitored host...

Page 878: ...ress The IP address mac address The MAC address Default Settings N A Command mode Privileged EXEC mode Usage guidelines N A Examples Ruijie show nfpp arp guard scan statistics ARP scan table has 4 rec...

Page 879: ...ARP scan list show nfpp arp guard summary Use this command to show the configurations show nfpp arp guard summary Parameter description Parameter Description Default Settings N A Command mode Privileg...

Page 880: ...on Related commands Command Description arp guard attack threshold Set the global attack threshold arp guard enable Enable the anti ARP attack function arp guard isolate period Set the global isolate...

Page 881: ...he VLAN ID interface id The interface name ip address The IP address mac address The MAC address Default Settings N A Command mode Privileged EXEC mode Usage guidelines N A Examples The following exam...

Page 882: ...Settings N A Command mode Privileged EXEC mode Usage guidelines N A Examples Ruijie show nfpp dhcp guard summary Format of column Rate limit and Attack threshold is per src ip per src mac per port Int...

Page 883: ...me dhcp guard monitor period Set the monitor period dhcp guard monitored host li mit Set the maximum number of the monitored hosts dhcp guard rate limit Set the global rate limit threshold nfpp dhcp g...

Page 884: ...pv6 guard hosts statistics success fail total 100 20 120 The following example shows the monitored host Ruijie show nfpp dhcpv6 guard hosts If column 1 shows it means hardware failed to isolate host V...

Page 885: ...mit Attack threshold Global Enable 300 5 150 10 300 Gi 0 1 Enable 180 6 8 Gi 0 2 Disable 200 5 30 10 50 Maximum count of monitored hosts 1000 Monitor period 300s Field Description Interface Global Glo...

Page 886: ...eshold nfpp dhcpv6 guard enable Enable the DHCPv6 anti attack function on the interface nfpp dhcpv6 guard isolate period Set the isolate time nfpp dhcpv6 guard policy Set the rate limit threshold and...

Page 887: ...onitored host Ruijie show nfpp icmp guard hosts If column 1 shows it means hardware failed to isolate host VLAN interface IP address remain time s 1 Gi0 1 1 1 1 1 110 2 Gi0 2 1 1 2 1 61 Total 2 host s...

Page 888: ...ld Description Interface Global Global configuration Status Enable Disable the anti attack function Rate limit In the format of the rate limit threshold for the source IP address the rate limit thresh...

Page 889: ...ard policy Set the rate limit threshold and attack threshold show nfpp icmp guard trusted host Use this command to show the trusted host free from being monitored show nfpp icmp guard summary Paramete...

Page 890: ...d The interface name ip address The IP address mac address The MAC address Default Settings N A Command mode Privileged EXEC mode Usage guidelines N A Examples The following example shows the statisti...

Page 891: ...ples Ruijie show nfpp ip guard summary Format of column Rate limit and Attack threshold is per src ip per src mac per port Interface Status Isolate period Rate limit Attack threshold Scan threshold Gl...

Page 892: ...ip guard monitor period Set the monitor period ip guard monitored host li mit Set the maximum number of the monitored hosts ip guard rate limit Set the global rate limit threshold nfpp ip guard enabl...

Page 893: ...ow nfpp nd guard trusted host Use this command to show the configurations show nfpp nd guard summary Parameter description Parameter Description Default Settings N A Command mode Privileged EXEC mode...

Page 894: ...Enable the ND anti attack function nd guard rate limit Set the global rate limit threshold nfpp nd guard enable Enable the ND anti attack function on the interface nfpp nd guard policy Set the rate li...

Page 895: ...e isolated successfully and 20 hosts fails Ruijie show nfpp define hosts tcp Define tcp If column 1 shows it means hardware do not isolate host VLAN interface IP address MAC address remain time s 1 Gi...

Page 896: ...tack threshold is per src ip per src mac per port Interface Status Isolate period Rate limit Attack threshold Global Enable 300 5 150 10 300 G 0 1 Enable 180 6 8 G 0 2 Disable 200 5 30 10 50 Field Des...

Page 897: ...Usage guidelines N A Examples The following example shows the trusted host configurations Ruijie show nfpp define trusted host tcp Define tcp IP address mask 1 1 1 0 255 255 255 0 1 1 2 0 255 255 255...

Page 898: ...mmand in the privileged EXEC mode to switchover the Chinese English interface Related commands Command Description nfpp arp guard policy help Use this command to show the example information of the co...

Page 899: ...in the privileged EXEC mode to switchover the Chinese English interface Related commands Command Description nfpp help Use this command to show the example information of the command beginning with th...

Page 900: ...mands Usage guidelines N A Examples Note Use the language Chinese English command in the privileged EXEC mode to switchover the Chinese English interface Related commands Command Description nfpp help...

Page 901: ...CLI Reference NFPP Configuration Commands...

Page 902: ...ACL QOS Configuration Commands 1 ACL Configuration Commands 2 QoS Configuration Commands...

Page 903: ...ip or it can be numbers 0 to 255 that represent the IP protocol It is described when some important protocols such as icmp tcp udp are listed individually interface idx Interface index src Packet sou...

Page 904: ...on host VID vid VLAN ID VID inner vid VID of the tag ethernet type Ethernet protocol type 0x value can be entered match all tcpf Match all bits of the TCP flag text Remark text in Filter the incoming...

Page 905: ...t source any interface idx destination destination wildcard host destination any precedence precedence tos tos fragment range lower upper time range time range name log Extended MAC access list 700 to...

Page 906: ...mac address any operator port port precedence precedence tos tos fragment range lower upper time range time range name List remark access list id list remark text Parameter Description Parameter Desc...

Page 907: ...ide To filter the data by using the access control list you must first define a series of rule statements by using the access list You can use ACLs of the appropriate types according to the security n...

Page 908: ...dod host prohibited dod net prohibited echo echo reply fragment time exceeded general parameter problem host isolated host precedence unreachable host redirect host tos redirect host tos unreachable h...

Page 909: ...route failed time exceeded timestamp reply timestamp request ttl exceeded unreachable The TCP ports are as follows A port can be specified by port name and port number bgp chargen cmd daytime discard...

Page 910: ...ber biff bootpc bootps discard dnsix domain echo isakmp mobile ip nameserver netbios dgm netbios ns netbios ss ntp pim auto rp rip snmp snmptrap sunrpc syslog tacacs talk tftp time who xdmcp The Ether...

Page 911: ...tion procedure is as below Ruijie config access list 702 deny host 00d0f8000c0c any aarp Ruijie config interface gigabitethernet 1 1 Ruijie config if mac access group 702 in 4 Example of the extended...

Page 912: ...ure terminal Enter configuration commands one per line End with CNTL Z Ruijie config clear expert access list counters 2700 Ruijie config end Ruijie show access lists 2700 expert access list extended...

Page 913: ...t 192 168 21 59 any log Ruijie configure terminal Enter configuration commands one per line End with CNTL Z Ruijie config clear ip access list counters 101 Ruijie config end Ruijie show access lists 1...

Page 914: ...e configure terminal Enter configuration commands one per line End with CNTL Z Ruijie config clear ipv6 access list counters v6 list Ruijie config end Ruijie show access lists v6 list ipv6 access list...

Page 915: ...mac access list counters 700 Ruijie config end Ruijie show access lists 700 mac access list extended mac acl 10 permit host 0023 56ac 8965 any arp 20 deny any any etype any cos 6 Related Commands Comm...

Page 916: ...ation mac address any precedence precedence tos tos fragment range lower upper time range time range name When you select the ethernet type field or cos field sn deny ethernet type cos out inner in VI...

Page 917: ...t time range time range name Transmission Control Protocol TCP sn deny tcp source ipv6 prefix prefix length hostsource ipv6 address any operator port port destination ipv6 prefix prefix length host de...

Page 918: ...t 1 1 The configuration procedure is as below Ruijie config ip access list extended ip ext acl Ruijie config ext nacl deny tcp host 192 168 4 12 eq 100 any Ruijie config ext nacl show access lists ip...

Page 919: ...access list extended v6 acl 11 deny ipv6 host 192 168 4 12 any Ruijie config ipv6 nacl exit Ruijie config interface gigabitethernet 1 1 Ruijie config if ipv6 traffic filter v6 acl in Related Commands...

Page 920: ...following example shows how to apply the access list accept_00d0f8xxxxxx only to Gigabit interface 0 1 Ruijie config interface GigaEthernet 0 1 Ruijie config if expert access group accept_00d0f8xxxxxx...

Page 921: ...of this command to restore the default matching mode of fragmentation packets expert access list new fragment mode id name no expert access list new fragment mode id name Parameter Description Parame...

Page 922: ...tes the name of the ACL Defaults The packet matching counter of the expert ACL is disabled Command mode Global configuration mode Usage Guide Use the show expert access lists command to view the confi...

Page 923: ...layer 4 information of original traffic of the intranet The temporary access list is created based on the following rules Protocol unchanged source IP and destination IP are strictly exchanged with e...

Page 924: ...99 for extended ACL name Name of the ACL Defaults None Command mode Global configuration mode Usage Guide There are differences between a standard ACL and an extended ACL The extended ACL is more prec...

Page 925: ...indicates that no ACL logging is output Defaults The default interval at which the packet matching log of IPv4 ACL is updated is five minutes Command mode Global configuration mode Usage Guide This c...

Page 926: ...on mode Usage Guide Use the show access lists command to view the setting of ACL Configuration Examples Example 1 enables the packet counter for the standard ACL Ruijie config ip access list counter s...

Page 927: ...agged with fragment all packets including the first and all subsequent fragmentation packets will be matched Command mode Global configuration mode Usage Guide This command is used to switch and contr...

Page 928: ...the ACL entries Ruijie show access lists ip access list standard 1 10 permit host 192 168 4 12 20 deny any any Ruijie config Ruijie config ip access list resequence 1 21 43 Ruijie config exit Ruijie s...

Page 929: ...cket matching log of the IPv6 ACL is updated Use the no form of this command to restore the default value ipv6 access list log update interval time no ipv6 access list log update interval Parameter De...

Page 930: ...to enable the packet matching counter for all ACEs under the extended IPv6 ACL Use the no form of this command to disable the function ipv6 access list counter name no ipv6 access list countername Pa...

Page 931: ...scription Parameter Description name Name of Ipv6 ACL in Filter the incoming packets of the interface out Filter the outgoing packets of the interface Defaults No ACL is applied on the interface Comma...

Page 932: ...e preceding one are deleted Configuration Examples Ruijie ip access list extended 102 Ruijie config ext nacl list remark this acl is to filter the host 192 168 4 12 Ruijie config ext nacl show access...

Page 933: ...to apply the access list accept_00d0f8xxxxxx only to Gigabit interface 1 Ruijie config interface GigaEthernet 1 1 Ruijie config if mac access group accept__00d0f8xxxxxx_only in Related Commands Comma...

Page 934: ...Es under the extended MAC ACL Use the no form of this command to disable the function mac access list counter id name no mac access list counter id name Parameter Description Parameter Description id...

Page 935: ...Description Parameter Description sn Sequence number of the ACL entry Defaults Command mode ACL configuration mode Usage Guide Use this command to delete an ACL entry in ACL configuration mode Config...

Page 936: ...cedence tos tos fragment time range time range name Transmission Control Protocol TCP sn permit tcp source source wildcard host source any operator port port destination destination wildcard host dest...

Page 937: ...rt destination destination wildcard host destination any host destination mac address any operator port port precedence precedence tos tos fragment range lower upper time range time range name Address...

Page 938: ...deny any any any any Ruijie config exp nacl This example shows how to use the extended IP ACL The purpose is to permit the host with the IP address 192 168 4 12 to provide services through the TCP por...

Page 939: ...6 ACL The purpose is to permit the host with the IP address 192 168 4 12 and apply the ACL to interface gigabitethernet 1 1 The configuration procedure is as below Ruijie config ipv6 access list exten...

Page 940: ...02 Ruijie config ext nacl remark first_remark Ruijie config ext nacl permit tcp 1 1 1 1 0 0 0 0 2 2 2 2 0 0 0 0 Ruijie config ext nacl remark second_remark Ruijie config ext nacl permit tcp 3 3 3 3 0...

Page 941: ...formation Platform Description This command is not supported by routers security global access group Use this command to configure the global security channel security global access group id name no s...

Page 942: ...uration mode Usage Guide Use this command to configure the uplink port of the security channel on the interface Configuration Examples Ruijie config if security uplink enable Related Commands Command...

Page 943: ...Commands Command Description ip access group Apply the IP ACL to the interface mac access group Apply the mac ACL to the interface expert access group Apply the expert ACL to the interface ipv6 traff...

Page 944: ...mac access list Define the extended MAC ACL expert access list Define the extended expert ACL ipv6 access list Define the extended IPv6 ACL Platform Description show expert access group Use this comm...

Page 945: ...mode Usage Guide Show the IP ACL configured of the interface If no interface is specified the associated IP ACLs of all the interfaces will be shown Configuration Examples Ruijie show ip access group...

Page 946: ...pe of IPv6 ACL Platform Description show mac access group Use this command to show the configured MAC ACL of the interface show mac access group interface interface Parameter Description Parameter Des...

Page 947: ...rded by Layer 3 devices Use the no form of this command to disable this function svi router acls enable no svi router acls enable Parameter Description Parameter Description no Disable the svi router...

Page 948: ...es all the packets in the same way But if you associate a policy map with an interface and the trust mode on one interface the QoS of this interface is enabled automatically To disable the QoS functio...

Page 949: ...r Description cos The QoS trust mode of the port is CoS dscp The QoS trust mode of the port is DSCP ip precedence The QoS trust mode of the port is IP PRE no Restore it to the default value Default co...

Page 950: ...igabitethernet 1 1 Ruijie config if mls qos cos 7 Related commands show mls qos interface interface id interface rate limit Use this command to set the rate limit on the port rate limit input output b...

Page 951: ...cp no set ip dscp Use the following command to set the cos value of the packets With the none tos configured the DSCP value of the packets will not be modified set cos new cos none tos no set cos Use...

Page 952: ...scp 10 Set the bandwidth as 1M the burst traffic as 4096k and the method for handing the excessive part to assign the new DSCP value of 16 Ruijie config pmap c police 1000000 4096 exceed action dscp 1...

Page 953: ...ue no priority queue Parameter description Parameter Description priority queue Set the output queue scheduling algorithm to SP no priority queue Set the output queue scheduling algorithm to WRR Defau...

Page 954: ...uing wrr queue bandwidth Use this command to set the weight ratio for the WRR algorithm Use the no form of the command to restore it to the default wrr queue bandwidth weight1 weightn no war queue ban...

Page 955: ...uration See the default configuration Command mode Global configuration mode Examples Ruijie config mls qo map cos dscp 8 10 16 18 24 26 32 34 Related commands Command Description show mls qos maps Sh...

Page 956: ...on the interface Use the no form of the command to restore it to the default rate limit input output bps burst size no rate limit Parameter description Parameter Description input Specify the input s...

Page 957: ...d round robin scheduling no Restore to the default value Default configuration The queue scheduling algorithm is wrr by default Command mode Global configuration mode Examples Ruijie config mls qos sc...

Page 958: ...mapping mls qos map ip prec dscp dscp1 dscp8 no mls qos map ip prec dscp Parameter description Parameter Description dscp Specify the DSCP value no Restore to the default value Default configuration...

Page 959: ...q schedule algorithm Examples The following example sets the queue to use wfq schedule algorithm Ruijie config mls qos scheduler wfq Ruijie config show mls qos scheduler The following example configur...

Page 960: ...show mls qos scheduler The following example configures queue 1 and queue 3 to use SP Ruijie config wfq queue 1 sp Ruijie config wfq queue 3 sp Ruijie config show running Related commands Command Desc...

Page 961: ...hall be distributed on the former 24 ports or the latter 24 ports Examples The following example sets the interface gigabitEthernet 1 3 as the member of virtual group 3 Ruijie config interface gigabit...

Page 962: ...uration All policy maps are shown by default Command mode Privileged EXEC mode Examples Ruijie show policy map show mls qos interface Use this command to display the QoS configuration on the interface...

Page 963: ...ation This command is used to show the police information associated with the virtual group Command mode Privileged EXEC mode Examples Ruijie show mls qos virtual group 1 Ruijie show mls qos virtual g...

Page 964: ...de Privileged EXEC mode Examples Ruijie show mls qos maps show mls qos rate limit Use this command to show the information about rate limit on the interface show mls qos rate limit interface interface...

Page 965: ...ommands summary Show the information on all virtual groups Command mode Privileged EXEC mode Examples Ruijie show virtual group 1 Ruijie show virtual group summary Related commands Command Description...

Page 966: ...EUP Configuration Commands 3 RLDP Configuration Command 4 DLDP Configuration Commands 5 TPP Configuration Commands 6 BFD Configuration Commands 7 RNS Track Configuration Commands 8 GRTD Configuration...

Page 967: ...ld not exceed 44 md name Set the name of the maintenance domain where the maintenance association is Default Disabled Command mode Configuration mode Usage guidelines The summary length of the mainten...

Page 968: ...jie config no ethernet cfm md MD_A Related commands Command Description show cfm md Show the maintenance domain information cfm service instance vlan md ma Use this command to create the service insta...

Page 969: ...nstance Use this command to set the MEP maintenance association end point list The no form of this command can be used to delete the MEP maintenance association end point cfm mep list mep list service...

Page 970: ...st service instance Show the MEP maintenance association end point list information cfm mep service instance Use this command to set the MEP maintenance association end point The no form of this comma...

Page 971: ...n intermediate point The no form of this command can be used to delete the rule of generating the maintenance domain intermediate point cfm mip rule explicit default service instance instance id no cf...

Page 972: ...o the default value cfm cc interval interval type service instance instance id no cfm cc interval service instance instance id Parameter description Parameter Description interval type Configure CCM t...

Page 973: ...cfm cc service instance enable Use this command to enable the function of transmitting CCM on MEP The no form of this command can be used to disable this function cfm cc service instance instance id...

Page 974: ...to restore the lowest bug level to the default value cfm alarm priority priority value service instance instance id mep mep id no cfm alarm priority Parameter description Parameter Description instanc...

Page 975: ...aintenance association end point id in the range of 1 8191 remote mep remote mep id Remote MEP id remote mac mac address MAC address of the remote MP including the maintenance association end point an...

Page 976: ...cription size entries count The system is able to save the response information corresponding to the auto executed linktrace for entries count times in total The valid range is 1 100 no Disable the li...

Page 977: ...Remote MEP id remote mac mac address MAC address of the remote MP including the maintenance association end point and maintenance domain intermediate point count count value The number of the LBM to...

Page 978: ...scription ma name Maintain association name md name Maintain domain name Default By default all maintenance associations are shown Command mode Privileged EXEC mode Usage guidelines N A Examples The e...

Page 979: ...A Command mode Privileged EXEC mode Usage guidelines N A Examples Ruijie show cfm mep 100 service instance 1 Related commands Command Description cfm mep service instance Show the MEP maintenance ass...

Page 980: ...show cfm mp interface interface id Parameter description Parameter Description interface id Interface id Default By default information of maintenance points on all interfaces including the MEP mainte...

Page 981: ...ssociation end point id in the range of 1 8191 Default N A Command mode Privileged EXEC mode Usage guidelines N A Examples Ruijie show cfm remote mep service instance 1 mep 100 show cfm service instan...

Page 982: ...the range of 1 8191 Default By default all instances are shown Command mode Privileged EXEC mode Usage guidelines N A Examples The example below shows the linktrace information of one MEP maintenance...

Page 983: ...100 Default By default all auto detected linktrace information is shown Command mode Privileged EXEC mode Usage guidelines N A Examples The example below shows all the auto detected linktrace informa...

Page 984: ...and then add a port into the specified link state track group Examples The following example shows how to create a link state track group Ruijie config link state track 1 Related commands Command Des...

Page 985: ...1 Ruijie config interface fa 0 2 Ruijie config if link state group 1 upstream Related commands Command Description link state track Enable a link state track group mac address table move update max u...

Page 986: ...erface switchport backup interface interface id no switchport backup Parameter description Parameter Description Interface id Interface ID of the backup link Default N A Command mode Interface configu...

Page 987: ...the bandwidth preemption mode the interface with high bandwidth has priority over other interfaces to transmit the data In the forced preemption mode the primary has priority over backup interfaces to...

Page 988: ...e loss of L2 data flow You need to enable the switch of receiving the MAC address update messages on the uplink switch Examples Ruijie config mac address table move update receive Related commands Com...

Page 989: ...escription mac address table move update receive Enable REUP to receive MAC address update packets mac address table move update transit Use this command to enable REUP to transmit the mac address tab...

Page 990: ...e guidelines When a link is switched the VLAN enabled to transmit MAC address update packets will send MAC address update packets to its uplink device Examples The following example configures VLANs t...

Page 991: ...Related commands Command Description show mac address table update group detail Show the mac address table update group information switchport backup interface interface id prefer instance Use this c...

Page 992: ...this command to show the information of a link state track group show link state group num Parameter description Parameter Description num ID of a link state track group Default None Command mode Pri...

Page 993: ...by Interface Pair Gi0 23 Gi0 24 Preemption Mode Off Preemption Delay 35 seconds Bandwidth Gi0 23 1000 Mbits Gi0 24 1000 Mbits show mac address table update group detail Use this command to show the ma...

Page 994: ...c address table update group detail Mac address table Update Group 1 Received mac address table update message count 7 Group member Receive Count Last Receive Switch ID Receive Time GigabitEthernet 0...

Page 995: ...bled Examples The following example shows how to enable RLDP Ruijie config rldp enable Related commands Command Description rldp port Enable the RLDP function on the port rldp detect interval Use this...

Page 996: ...detection packets on the port If the neighboring port does not respond when this detection number is exceeded the link is considered faulty Use the no form of this command to restore it to the default...

Page 997: ...ing Warn the user shutdown svi Shutdown the SVI the port belongs to shutdown port Shutdown the port block Disable the learning forwarding function of the port Default N A Command mode Interface config...

Page 998: ...show rldp interface interface id Parameter description Parameter Description interface id Interface ID Command mode Privileged EXEC mode debug rldp Use this command to turn on the RLDP service debuggi...

Page 999: ...CLI Reference RLDP Configuration Command Command mode Privileged EXEC mode...

Page 1000: ...3600 in ticket 1 ticket 10ms retry value The retransmission times The valid range is 1 3600 resume value The resume times of the link of the peer device detected Before changing the link state from DO...

Page 1001: ...et the DLDP detection in the passive mode Use the no form of this command to return to the default active DLDP detection mode dldp passive no dldp passive Parameter description Parameter Description D...

Page 1002: ...e dldp link configured Down times times of the dldp link chaning from UP to DOWN since last reset Up times times of the dldp link changing from DOWN to UP since last reset Start times means the last r...

Page 1003: ...opip Clear the UP and DOWN times recorded if the nexthop exists Command mode Privileged EXEC mode Usage guidelines The dldp records the number of UP and DOWN With this command executed the UP and DOWN...

Page 1004: ...CLI Reference DLDP Configuration Commands Ruijie config if FastEthernet 0 0 clear dldp 20 1 1 1 10 1 1 1...

Page 1005: ...CLI Reference DLDP Configuration Commands...

Page 1006: ...nst topology oscillation due to attacks It should be used with the cpu topology limit command Examples The following example shows how to enable and disable the global topology protection function Rui...

Page 1007: ...do not support this command Examples The following example shows how to configure the topology protection function for the port Ruijie config if tp guard port enable Ruijie config if no tp guard port...

Page 1008: ...CLI Reference TPP Configuration Commands Related commands Command Description topology guard Enable the topology protection function globally...

Page 1009: ...value Count of BFD control message not received from the peer in the configured interval multiplier value valid range from 3 to 50 Defaults No BFD session parameters by default Those parameters must b...

Page 1010: ...sable the BFD configuration for the OSPF or the RIP protocol on the interface 1 Use the bfd all interfaces or the no bfd all interfaces command in the OSPF or RIP router configuration mode 2 Use the i...

Page 1011: ...packets which avoids the packets dropped by the URPF in case that this function is used with other functions such as the URPF at the same time process pst Associate this session with the bdf status of...

Page 1012: ...ets attack the device which lead to the BFD session turbulence the device can be protected by enabling the BFD protection policy However if the BFD function and the BFD protection policy are enabled a...

Page 1013: ...he no ip deny land command to disable the DDOS Land based attack prevention function With both ends of the BFD session enabled the Echo mode takes effect Configuration Examples The example below shows...

Page 1014: ...dampening Use this command to set the bfd up dampening time Use the no form of this command to restore the default value bfd up dampening milliseconds no up dampening Parameter Description Parameter D...

Page 1015: ...uration of BFD for OSPF 1 Use the bfd all interfaces or no bfd all interfaces command to enable or disable the configuration of BFD for the routing protocols on all interfaces in the OSPF router confi...

Page 1016: ...Use the ip rip bfd disable command to enable or disable the configuration of BFD for RIP on the specified interface in interface configuration mode Configuration Examples The example below shows how...

Page 1017: ...the configuration Configuration Examples The example below shows how to configure the BFD for the static routes and detects the forwarding path between the neighbor 172 16 0 2 through BFD Ruijie confi...

Page 1018: ...een configured before the configuration Configuration Examples The example below shows how to configure the BFD for the static routes and detects the forwarding path between the neighbor 2001 1 2 thro...

Page 1019: ...s command to configure the BFD for PBR and detects whether the next hop of the configured PBR is valid or not by the Track method Use the no form of this command to disable this function set ip next h...

Page 1020: ...t 0 1 172 16 0 2 Ruijie config route map end Related Commands Command Description bfd Set the BFD session parameters Platform Description N A show bfd neighbors Use this command to show the BFD sessio...

Page 1021: ...ccurs in the BFD session for the LSP backward IP co operation Configuration Examples The following shows the result of the command show bfd neighbors Ruijie show bfd neighbors OurAddr NeighAddr LD RD...

Page 1022: ...ied or not MinTxInt The minimum sending interval for the local session MinRxInt The minimum receiving interval for the local session Multiplier The timeout detection times for the local session Receiv...

Page 1023: ...hether the master or backup router is active or not through BFD Command Mode Interface configuration mode Usage Guide Note that the BFD session parameters must have been configured before the configur...

Page 1024: ...CLI Reference BFD Configuration Commands Related Commands Command Description bfd Set the BFD session parameters Platform Description N A...

Page 1025: ...change of the track object status For example the status of a track object changes from up to down if the delay down 180 command is configured the down status will be advertised after 180 seconds If...

Page 1026: ...on N A frequency milliseconds Use this command to set the interval of sending the packets which must be more than or equal to the timeout time frequency milliseconds Parameter Description Parameter De...

Page 1027: ...he ICMP echo packets Defaults N A Command Mode IP RNS configuration mode Usage Guide This command enables ip rns object to send icmp echo packets and the destination ip address is the ip address confi...

Page 1028: ...ription N A set ip nexthop nexthop track Use this command to bind the nexthop in the route map to a track object If this track object status is down the nexthop configured will not take effect set ip...

Page 1029: ...specific RNS object configuration The configuration information varies with the packet type Configuration Examples N A Related Commands Command Description N A N A Platform Description N A show ip rns...

Page 1030: ...umber Parameter Description Parameter Description track number Set the track object number in the range of 1 700 Defaults N A Command Mode Privileged EXEC mode Usage Guide Use this command to show the...

Page 1031: ...ets Platform Description N A track interface line protocol Use this command to configure a track object to track the interface status and enter the track mode The no form of this command is used to de...

Page 1032: ...ption Parameter Description object number Set the track object number in the range of 1 to 700 entry number Set the RNS object number in the range of 1 to 700 Defaults N A Command Mode Global configur...

Page 1033: ...he default routing entry is used by the icmp echo packets Command Mode ICMP echo configuration mode Usage Guide N A Configuration Examples Use this command to specify a vrf routing table to select the...

Page 1034: ...e Global configuration mode Usage guidelines Use the diagnostic bootup level command to set the bootup test level Three levels of bootup test can be configured bypass bootup test minimal bootup test a...

Page 1035: ...ent records Default The default number of diagnostic event records is 500 Command mode Global configuration mode Usage guidelines Use the diagnostic event log size command to set the number of diagnos...

Page 1036: ...erval slot slot_id sub_system subsys_id test all test id range test range Parameter description Parameter Description slot slot_id Optional Slot ID sub_system subsys_id Optional Subsystem ID value ran...

Page 1037: ...erval of the second test item of slot 2 back to the default value ruijie config no diagnostic monitor interval slot 2 test 2 ruijie config Field Description slot 2 test 2 The second test item of slot...

Page 1038: ...active Caution The health monitoring test status for a destructive test cannot be set to active You can view the attributes of test items of modules by using the show diagnostic content command Exampl...

Page 1039: ...on Parameter Description slot slot_id Slot ID sub_system subsys_id Optional Subsystem ID value range 0 1 whose meaning is equivalent to cpu id in the show version command test all test id range test r...

Page 1040: ...f consecutive failed health monitoring tests for all test items of a BOX device back to the default value ruijie config no diagnostic monitor threshold test all ruijie config Related commands Command...

Page 1041: ...global configuration mode For example you can set a test item of a slot to be conducted at 12 12 on January 20 2010 or at a fixed time each day or each week diagnostic schedule slot slot_id sub_system...

Page 1042: ...ame time Caution If you set a test plan at a certain time you cannot other test plans at this time Examples Example 1 The following example sets items 1 and 2 of module 2 to be conducted at 10 10 a m...

Page 1043: ...test slot slot_id sub_system subsys_id port all range port_range port_id loopback mac phy none Parameter description Parameter Description range_value Port No The format is 1 1 24 The number 1 before...

Page 1044: ...tick as timeout time unit diagnostic packet slot slot_id sub_system subsys_id length lengtn_size num num_count time_out tick_count Parameter description Parameter Description slot slot_id Slot ID sub...

Page 1045: ...bsys_id Optional Subsystem ID value range 0 1 whose meaning is equivalent to cpu id in the show version command test all test id range test range Test items all means all items range means a range for...

Page 1046: ...no yes ruijie Related commands Command Description show diagnostic result Show the results of command line tests Platform description N A diagnostic stop Use this command to stop diagnostic tests of a...

Page 1047: ...privileged EXEC mode show diagnostic bootup level Parameter description Parameter Description level Bootup test level Default This command has no default setting Command mode Privileged EXEC mode Usa...

Page 1048: ...default setting Command mode Privileged EXEC mode Usage guidelines Note You can use the show module command to display module information Examples Example 1 The following example displays diagnostic...

Page 1049: ...N A 5 TestNorFlash DX not config N A 6 TestI2C C DX not config N A 7 TestPCI C DX not config N A 8 TestDdr DX B not config N A Ruijie Field Description ID Test item ID Test Name Test item name Attribu...

Page 1050: ..._system subsys_id Optional Subsystem ID value range 0 1 whose meaning is equivalent to cpu id in the show version command test all test id range test range Test items all means all items range means a...

Page 1051: ...tCpld This test verifies the cpld work exactly or not TestNandFlash This test verifies the NandFlash work exactly or not TestNorFlash This test verifies the NorFlash work exactly or not TestI2C This t...

Page 1052: ...de Privileged EXEC mode Usage guidelines Use the show diagnostic events command to display all event information generated by GRTD Examples Example 1 Use the show diagnostic events command to display...

Page 1053: ...test all test id range test range Optional Test item Default This command has no default setting Command mode Privileged EXEC mode Usage guidelines N A Examples Example 1 Use the show diagnostic resul...

Page 1054: ...diagnostic schedule Use this command to display the planned test timetables for modules in privileged EXEC mode show diagnostic schedule slot slot_id sub_system subsys_id Parameter description Parame...

Page 1055: ...and Description diagnostic schedule Set the planned test timetables for modules Platform description N A show diagnostic status Use this command to display all current diagnostic test status in privil...

Page 1056: ...Diagnostics Dev Slot Description Current Running Test Run by 1 0 S5750 48GT 4SFP E N A N A 3 0 RG S5750 48GT 4SFP E N A N A Ruijie Field Description Slot Slot ID and the 0 indicates the host Dev Devic...

Page 1057: ...mode so the first command executed is enable to enter the privilege mode No password is required from the user in action cli you will pass authentication directly Pattern string contains multiple res...

Page 1058: ...record Clear CLI records generated during the execution of SEM policy Platform description N A action counter In SEM configuration mode use this command to configure the policy action that operates th...

Page 1059: ...onfig applet commit Ruijie config applet exit Related commands Command Description smart manager applet Define the command line based SEM policy action exit In SEM configuration mode use this command...

Page 1060: ...e config applet action 10 exit 0 Ruijie config applet commit Ruijie config applet exit The following example monitors the command line using synchronization mode when user inputs the line yes the aaa...

Page 1061: ...anager applet Test_1 Ruijie config applet event tag monitor_log syslog pattern memory fail Ruijie config applet action 00 switchover Ruijie config applet commit Ruijie config applet exit Related comma...

Page 1062: ...generated the message the event application with the same sub system and type will be triggered Examples The following example monitors the event published by the action publish event with the sub sy...

Page 1063: ...ig applet event tag monitor_memory sysmon memory scope system free entry op lt entry val 20000 Ruijie config applet action 00 reload Ruijie config applet commit Ruijie config applet exit Related comma...

Page 1064: ...rt manager applet Test_1 Ruijie config applet event tag none_event none Ruijie config applet action 00 set var_for_test Test_1 running Ruijie config applet action 10 syslog msg var_for_test Ruijie con...

Page 1065: ..._cpu sysmon cpu scope system entry op gt entry val 95 Ruijie config applet action 00 syslog msg system busy Ruijie config applet commit Ruijie config applet exit Related commands Command Description s...

Page 1066: ...rp sync yes Ruijie config applet action 00 cli command enable Ruijie config applet action 10 wait 5 Ruijie config applet action 20 exit 1 Ruijie config applet commit Ruijie config applet exit Related...

Page 1067: ...Roll back the policy configurations Platform description N A description In SEM configuration mode use this command to confiure the description of SEM policy The no form of this command clears the des...

Page 1068: ...o skip yes no mode variable occurs num occurrences period period value no ip msdp mesh group mesh name peer address Parameter description Parameter Description event name Event name correlate andnot a...

Page 1069: ...ompletes If the returned value is not 0 the command will be executed normally If the returned value is 0 the command will not be executed When option sync is set to no option skip is available If you...

Page 1070: ...e command Ruijie config smart manager applet Test_1 Ruijie config applet event tag monitor_input cli pattern show ip route sync no skip no Ruijie config applet action 00 syslog msg show ip route runni...

Page 1071: ...f the minotored event Default configuration By default no event is configured Command mode SEM configuration mode Usage Guideline The event application command is used to monitor the events published...

Page 1072: ...applet Define the command lined based SEM policy action publish event Publish the action of application event event counter In SEM configuration mode this command monitors the SEM counter The no form...

Page 1073: ...the combinations between the command counter and entry op entry val are patterned successfully an event is triggered Then the current patterning stops meaning the event detection fails When triggered...

Page 1074: ...and or interface name interface type interface number parameter counter name entry op operator entry val entry value entry type value increment rate poll interval poll int value exit op operator exit...

Page 1075: ...lue type to recover comparison optional exit time exit time value The minimum time between triggering and monitoring recovery optional average factor average factor value It is used by rate and is the...

Page 1076: ...ransmit_rate_bps Interface transmit rate in bits sec transmit_rate_pps Interface transmit rate in pkts sec txload Transmit rate as a fraction of 255 Available events Variable Name Function _interface_...

Page 1077: ...poll int value exit op operator exit val exit value slot slot num slave subsystem subsystem id no event tag event name Parameter description Parameter Description event name The event name correlate a...

Page 1078: ...nfiguration mode Usage Guideline The event system command is used to monitor the following items CPU utilization by the system type cpu scope system CPU utilization by a certain task type cpu scope ta...

Page 1079: ...plet commit Ruijie config applet exit Related commands Command Description smart manager applet Define the command line based SEM policy Platform description N A event none In SEM configuration mode t...

Page 1080: ...me Function _policy_name Policy name _none_argc Number of parameters _none_arg1 Parameter 1 _none_arg2 Parameter 2 _none_arg3 Parameter 3 _none_arg4 Parameter 4 _none_arg5 Parameter 5 Examples The fol...

Page 1081: ...tion of the previous events in the case of multiple events optional The values are and or and andnot type plugin remove The monitored plug in and removal events optional slot slot num slave The monito...

Page 1082: ...The no form of this command is used to delete an event with the specified name event tag event name correlate andnot and or snmp oid oid value get type exact next entry op operator entry val entry va...

Page 1083: ...lue The value to recover comparison optional exit type value increment rate The value type to recover comparison optional exit time exit time value The minimum time between triggering the policy and m...

Page 1084: ...tform description N A event snmp notification This command is used to configure a monitor of SNMP Traps in SEM configuration mode The no form of this command is used to delete an event with the specif...

Page 1085: ...est_1 Ruijie config applet event tag monitor_trap snmp notification oid 1 3 6 1 2 1 52 2 1 op gt oid val 1000 Ruijie config applet action 00 syslog msg have trap _snmp_notif_oid value _snmp_notif_oid_...

Page 1086: ...icate whether to skip the SNMP operation the default setting is no Default configuration No event is configured Command mode SEM configuration mode Usage Guideline Available events Variable Name Funct...

Page 1087: ...event name The event name correlate andnot and or The relation between the current event and the combination of the previous events in the case of multiple events optional The values are and or and a...

Page 1088: ...pplet exit Related commands Command Description smart manager applet Define the command line based SEM policy Platform description N A event timer This command is used to configure a time based event...

Page 1089: ...onal Default configuration No event is configured Command mode SEM configuration mode Usage Guideline Time based events can be divided into the following four classes A specific data and time A time p...

Page 1090: ...cache Ruijie config applet commit Ruijie config applet exit Example 4 Clear route at 0 o clock everyday Ruijie config intelligence manager applet Test_4 Ruijie config applet event tag monitor_timer t...

Page 1091: ...rop The packet statistics type op operator The comparing method eq equal to ge greater than or equal to gt greater than le less than or equal to lt less than ne unequal to value value The comparison v...

Page 1092: ...grtd This command is used to configure a GRTD based event in SEM configuration mode The no form of this command is used to delete an event with the specified name event tag event name correlate andnot...

Page 1093: ...gured Command mode SEM configuration mode Usage Guideline Available events Variable Name Function _grtd_test_slot Board that trigger an event _grtd_test_type Event type _grtd_test_name Test name _grtd...

Page 1094: ...e Usage Guideline N A Examples The following example rolls back the policy configurations Ruijie config smart manager applet Test_1 Ruijie config applet event tag none event none Ruijie config applet...

Page 1095: ...d configure the size of CLI action outputs policy record per instance record size per policy per policy record size per policy no policy record Parameter description Parameter Description per instance...

Page 1096: ...f per instance record size per policy the earliest records will be overwritten When the gross size of the log file of CLI action outputs generated during the running of a specific policy exceeds the v...

Page 1097: ...er Description applet name Define the name of the SEM policy which should consist of numbers letters and underline class class options optional Specify the class of the policy The default class is def...

Page 1098: ...m variables that are generated by each kind of event refer to use guide Note The policy configuration does not take effect until the commit command is used in SEM configuration mode to submit it A pol...

Page 1099: ...n current event and the combination of all the previous events Therefore the first event is blocked out for the parallel relationship and the default relation is and Event variables available to all p...

Page 1100: ...ion Parameter Description variable name Define the variable name string Define the variable value Default configuration By default the SEM global variable is not defined Command mode Global configurat...

Page 1101: ...ription Parameter Description events Set the maximum number of SEM history information to be saved sizes Set the specified number its the maximum value is 50 and default value is 50 also Default confi...

Page 1102: ...A Examples The following example sets the bootup delay to 120 seconds Ruijie config smart manager policy bootup delay 120 Related commands Command Description smart manager applet Define the command...

Page 1103: ...d The following example clears all CLI ouput records generated by running the SEM policy Ruijie smart manager policy record clean all Related commands Command Description action cli Execute the CLI po...

Page 1104: ...gered with _none_argc argc Ruijie config applet commit Ruijie config applet exit Related commands Command Description smart manager applet Define the command line based SEM policy smart manager schedu...

Page 1105: ...escription smart manager applet Define the command line based SEM policy Platform description N A smart manager scheduler hold In the privileged EXEC mode this command holds the SEM scheduler smart ma...

Page 1106: ...ger scheduler modify class class options queue priority high last low normal Parameter description Parameter Description class class options Specify the class of the running policy queue priority high...

Page 1107: ...e releases all monitors and all queue transmissions Ruijie smart manager scheduler release all Related commands Command Description smart manager applet Define the command line based SEM policy smart...

Page 1108: ...he thread pool specified the policy will not be executed Examples The following example configures up to 5 available threads for th e thread pool of Class B and Class D Ruijie config smart manager sch...

Page 1109: ...ger scheduler Show the SEM scheduler information trigger Use this command to configure the trigger attributes of the policy in SEM configuration mode trigger occurs occurs value occurs period occurs p...

Page 1110: ...olicy named Test_1 to run with 10 seconds delay after being triggered Ruijie config smart manager applet Test_1 Ruijie config applet event tag none event none Ruijie config applet trigger delay 10 Rui...

Page 1111: ...1 00 4 counter 01 00 5 interface 01 00 6 sysmon 01 00 7 none 01 00 8 oir 01 00 9 snmp 01 00 10 snmp notification 01 00 11 timer 01 00 12 snmp object 01 00 The following example executes the show smart...

Page 1112: ...Command Description show smart manager environment In the privileged EXEC mode this command shows the global variable information show smart manager environment all variable name Parameter description...

Page 1113: ...e show smart manager environment var_none inexistent global variables Ruijie show smart manager environment var_none No such environment variable defined Related commands Command Description smart man...

Page 1114: ...Actv success Wed Nov11 10 15 23 2009 timer watchdog applet Test_1 6 2822 Actv success Wed Nov11 10 15 25 2009 timer watchdog applet Test_1 The following example executes the show smart manager history...

Page 1115: ...licy all No Status Policy Name 1 commit Test_1 2 not commit Test_2 show smart manager policy registered In the privileged EXEC mode this command shows the policy registered show smart manager policy r...

Page 1116: ...Thu Oct 21 13 46 16 2010 event_1 timer watchdog time 1 action 00 syslog msg Action_00 action 10 wait 360 action 20 syslog msg Action_20 Related commands Command Description smart manager applet Defin...

Page 1117: ...38 2009 none Test_1 4 3162 N A running Wed Nov11 10 28 39 2009 none Test_1 5 3163 N A running Wed Nov11 10 28 39 2009 none Test_1 6 3164 N A running Wed Nov11 10 28 40 2009 none Test_1 The following e...

Page 1118: ...guration N A Command mode Privileged EXEC mode Usage Guideline Use this command to show the policies of pending running Examples The following example executes the show smart manager policy pending co...

Page 1119: ...none Test_1 maxrun 31536000 000 3 3193 N P pend Wed Nov11 10 28 54 2009 none Test_1 maxrun 31536000 000 4 3194 N P pend Wed Nov11 10 28 54 2009 none Test_1 maxrun 31536000 000 5 3195 N P pend Wed Nov1...

Page 1120: ...show smart manager scheduler thread detailed Applet threads service class default total 1 running 0 idle 1 2 Applet threads service class A B C total 32 running 3 idle 29 class A 1 calss B 2 show sma...

Page 1121: ...1 SEM grtd v310_throttle 1 0 7 SEM call home v310_throttle 1 0 6 Event Detectors Name Version application 01 00 syslog 01 00 cli 01 00 counter 01 00 interface 01 00 sysmon 01 00 none 01 00 oir 01 00 s...

Page 1122: ...e Guidelines This command can only be executed in VSU mode Configuration Examples Example 1 enables BFD dual active detection Ruijie config switch virtual domain 1 Ruijie config vs domain dual active...

Page 1123: ...Command Mode config vs domain configuration mode Usage Guidelines This command can only be executed in the VSU mode The exclude interface must be a routing interface but not a VSL interface Users can...

Page 1124: ...onfiguration Command Mode config vs domain configuration mode Usage Guidelines The BFD detection interfaces must be routed ports on different devices Configuration Examples The following example confi...

Page 1125: ...ce create the interface The latter configured detection interface will cover the formerly configured one Configuration Examples The following example configures aggregate port 1 as a detection interfa...

Page 1126: ...rt 1 no dad relay enable Ruijie config if AggregatePort 1 exit Related Commands Command Description dual active detection Configure dual active detection dual active bfd interface Configure BFD dual a...

Page 1127: ...member port in the standalone mode Ruijie config vsl aggregateport 1 Ruijie config vsl ap 1 port member interface GigabitEthernet 0 1 Ruijie config vsl ap 1 no port member interface GigabitEthernet 0...

Page 1128: ...console of the master or any device session device sw_id master Parameter Description Parameter Description device Configure redirection to the console of the member device sw_id Member device ID in t...

Page 1129: ...ines This command can be executed in both the VSU and standalone modes The current switch ID can be viewed in the VSU mode and the currently configured switch ID can be viewed in the standalone mode C...

Page 1130: ...mode three member switches Ruijie show switch virtual Switch_id Domain_id Priority Status Role 1 1 1 1 100 100 OK ACTIVE switch 1 2 2 1 1 100 100 OK CANDIDATE switch 2 3 3 1 1 100 100 OK STANDBY swit...

Page 1131: ...tual balance Aggregate port LFF enable Related Commands Command Description show switch virtual Show the domain ID ID and role of every device Platform Description N A show switch virtual config Show...

Page 1132: ...convert mode standalone Show the VSU configuration information in the VSU mode Ruijie show switch virtual config switch_id 1 mac 00d0 f810 1111 switch virtual domain 1 switch 1 switch 1 priority 200 s...

Page 1133: ...member interface GigabitEthernet 0 2 Related Commands Command Description show switch virtual Show the domain ID the ID and role of each device Platform Description N A show switch virtual dual active...

Page 1134: ...1 0 1 UP GigabitEthernet 2 0 2 UP Example 3 checks the status of AP based dual active detection Ruijie show switch virtual dual active aggregateport Aggregateport dual active detection enabled Yes Agg...

Page 1135: ...1 100000 100000 1d 4h 29m VSL Status has two values DOWN and UP Example 2 shows the VSL port information Ruijie show switch virtual link port VSL AP 1 1 Port State Peer port Rx Tx Uptime GigabitEther...

Page 1136: ...1 mac 001a a97e 0ecf description switch1 vsl ap 1 vsl ap 2 of switch 6 vsl ap 2 vsl ap 1 of switch 2 switch 2 mac 001a a97e 0ed1 description switch2 vsl ap 1 vsl ap 2 of switch 1 vsl ap 2 vsl ap 1 of...

Page 1137: ...evice in a VSU system has an ID In the VSU mode the interface name changes from slot port into switch slot port format where the switch is the switch ID that the interface locates To select the master...

Page 1138: ..._id Indicates the ID of the switch that needs to be configured with a priority dev_name Indicates the device name description Default Configuration N A Command Mode config vs domain configuration mode...

Page 1139: ...he standalone mode The configuration becomes valid only after the device restarts The no form of this command is used to restore the default value 100 of the domain ID Configuration Examples Modify th...

Page 1140: ...d only after the device restarts This command cannot modify sw_id In the standalone mode if sw_id is set to 1 running the switch 2 priority 200 command does not work You can first use switch 2 to modi...

Page 1141: ...sage Guidelines This command can only be executed in the VSU mode instead of the standalone mode The configuration becomes valid only after the device restarts The no form of this command is used to r...

Page 1142: ...hether to overwrite config text with standalone text writes related configurations of VSU in config_vsu_dat and finally restarts the switch This command can be executed in both the standalone and VSU...

Page 1143: ...ocal priority forwarding feature namely to change into the cross switch traffic balancing mode switch virtual aggregateport lff enable no switch virtual aggregateport lff enable Parameter Description...

Page 1144: ...devices that have the same domain ID can form a VSU system The domain ID must be unique in a WLAN Configuration Examples Configure the domain ID to 1 Ruijie config switch virtual domain 1 Ruijie conf...

Page 1145: ...P member interface Platform Description N A vsu convert to stack Use this command to convert the VSU system to the stack system vsu convert to stack Parameter Description Parameter Description N A N A...

Page 1146: ...CLI Reference VSU Configuration Commands Examples Ruijie vsu conver to stack Related Commands Command Description N A N A...

Page 1147: ...Management and Monitoring 1 SNMP Configuration Commands 2 RMON Configuration Commands 3 NTP Configuration Commands 4 SNTP Configuration Commands 5 SPAN Configuration Commands 6 RSPAN Configuration Co...

Page 1148: ...guration mode Usage Guide This command disables the SNMP agent services of all versions supported on the device Configuration Examples The example below disables the SNMP agent service Ruijie config n...

Page 1149: ...ie show snmp Chassis 60FF60 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0...

Page 1150: ...sage Guide This command is used to configure whether to send LinkTrap of an interface such as the Ethernet interface AP interface and SVI interface When the function is enabled if the link status of t...

Page 1151: ...p server community Use this command to specify the SNMP community access string in global configuration mode The no format of the command cancels the SNMP community access string snmp server community...

Page 1152: ...nd store the community string as a ciphertext In this case after the configuration of the service password encryption command is removed the community string is still displayed and stored as a ciphert...

Page 1153: ...mode The no form of this command is used to disable the SNMP server to actively send the SNMP Trap massage to NMS snmp server enable traps snmp no snmp server enable traps Parameter Description Parame...

Page 1154: ...NMPv3 priv Authenticate and encrypt the messages transmitted by the user group This applies to only SNMPv3 readview Associate with a read only view aclnum Sequence number of the ACL in the range of 1...

Page 1155: ...e type of the SNMP trap message sent actively such as snmp Defaults By default no SNMP host is specified If no type of the SNMP trap message is specified all types of the SNMP trap message will be inc...

Page 1156: ...on snmp server location text no snmp server location Parameter Description Parameter Description text String describing the system Defaults Null Command Mode Global configuration mode Configuration Ex...

Page 1157: ...ain spaces Defaults The device network element code information is null Command Mode Global configuration mode Usage Guide Configuration Examples The following example sets a device network element co...

Page 1158: ...ueue length length Parameter Description Parameter Description length Queue length in the range of 1 to 1000 Defaults 10 Command Mode Global configuration mode Usage Guide The SNMP trap message queue...

Page 1159: ...otification function The RGOS sends the SNMP trap messages to the NMS to notify the system pending before the device is reloaded or rebooted Configuration Examples The example below enables the SNMP s...

Page 1160: ...Command Description snmp server enable traps Enable the function of sending Trap message initiatively snmp server host Specify a host for NMS Platform Description snmp server trap source Use this com...

Page 1161: ...SNMP trap message in global configuration mode The no form of this command is used to restore the default value snmp server trap timeout seconds no snmp server trap timeout Parameter Description Para...

Page 1162: ...Command Mode Global configuration mode Usage Guide Configuration Examples The following example specifies the protocol port 15000 to receive SNMP packets Ruijie config snmp server udp port 15000 Rela...

Page 1163: ...used for encryption The system will change the password to the corresponding encryption key md5 Enable the MD5 authentication protocol While the sha enables the SHA authentication protocol aclnumber S...

Page 1164: ...e Specify the MIB object to associate with the view include Include the sub trees of the MIB object in the view exclude Exclude the sub trees of the MIB object from the view Defaults By default a defa...

Page 1165: ...sampling type is changed value sampling When the sampling time is up the system will draw the changing values during the sampling interval rising threshold valueevent number Set as the value of the up...

Page 1166: ...ory control entry in the range of 1 to 65535 ownerownername Set the entry ownername in a character string composed of 1 to 64 characters the character string is case sensitive and does not include spa...

Page 1167: ...the statistics information sheet in range of 1 to 65535 owner ownername Set the entry ownername in a character string composed of 1 to 64 characters The character string is case sensitive and does not...

Page 1168: ...tring composed of 1 to 64 characters owner owner name Set the entry ownername in a character string composed of 1 to 64 characters The character string is case sensitive and does not include space Def...

Page 1169: ...2 1 2 2 1 12 6 sampleType 2 alarmValue 0 startupAlarm 3 risingThreshold 20 fallingThreshold 10 risingEventIndex 1 fallingEventIndex 1 owner zhangesan stats 1 Related Commands Command Description rmon...

Page 1170: ...tion ifInNUcastPkts type 4 community rmon lastTimeSent 0 d 0 h 0 m 0 s owner zhangsan status 1 Related Commands Command Description rmon event number log trap community description description string...

Page 1171: ...dex 1 sampleIndex 198 intervalStart 0d 14h 0m 47s dropEvents 0 octets 67988 pkts 726 broadcastPkts 502 multiPkts 189 crcAlignErrors 0 underSizePkts 0 overSizePkts 0 fragments 0 jabbers 0 collisions 0...

Page 1172: ...rnet 0 1 owner zhangsan status 0 dropEvents 0 octets 1884085 pkts 3096 broadcastPkts 161 multiPkts 97 crcAlignErrors 0 underSizePkts 0 overSizePkts 1200 fragments 0 jabbers 0 collisions 0 packets64Oct...

Page 1173: ...ig no ntp Related commands Command Description ntp server Specify a NTP server ntp access group Use this command to configure the access control priority of the ntp service Use the no form of this com...

Page 1174: ...from the smallest to the largest to access restriction and the first matched rule shall prevail The matching order is peer serve serve only query only Caution Control query function is not supported...

Page 1175: ...specified by ntp authentication key and ntp trusted key Examples After an authentication key is configured and specified as the global trusted key enable the authentication mechanism Ruijie config ntp...

Page 1176: ...e global trusted key The upeer limit of the keys is 1024 However each server can only support one key Examples The following example configures an authentication key with ID 6 Ruijie config ntp authen...

Page 1177: ...figuration example below disables the function of receiving the NTP message on the interface Ruijie config no ntp disable ntp master Use this command to configure the local time as the NTP master the...

Page 1178: ...In addition before using this command if the system has never been synchronized with an external clock source it is necessary to manually calibrate the system clock to prevent too much bias Examples T...

Page 1179: ...te the encrypted communication with the server In the same condition for instance precision the prefer clock is used for synchronization It should be noted that the configured interface is that config...

Page 1180: ...ronizes the NTP realtime Ruijie config ntp synchronize Related commands Command Description ntp server Specify a NTP server Platform description N A ntp trusted key Use this command to set a key at th...

Page 1181: ...source Use the no form of this command to disable the update calendar function ntp update calendar no ntp update calendar Parameter description N A Default By default update the calendar periodically...

Page 1182: ...e below enables the NTP debugging switch Ruijie config debug ntp show ntp status Use this command to show the NTP information show ntp status Parameter description N A Default N A Command mode Privile...

Page 1183: ...s of SNTP Examples Ruijie config sntp enable Related commands Command Description show sntp Show the SNTP configuration clock update calendar Synchronize the software clock with the hardware clock clo...

Page 1184: ...sntp enable Enable SNTP show sntp Show the SNTP configuration clock update calendar Synchronizes the software clock with the hardware clock Platform description N A sntp server Use this command to set...

Page 1185: ...sntp enable Enable SNTP Platform description N A show sntp Use this command to show the parameters of SNTP show sntp Command mode Privileged EXEC mode Usage guidelines This command shows the paramete...

Page 1186: ...description Parameter Description session_number SPAN session number source interface interface id Specify the source port interface id interface ID which can be physical interface not SVI destinatio...

Page 1187: ...sion status Note session 1 supports global port mirroring crossing line cards To configure the SPAN crossing the line cards only the session 1 can be used Examples The example below describes how to c...

Page 1188: ...e Usage guidelines N A Examples This example shows how to use show monitor to display SPAN session 1 Ruijie show monitor session 1 sess num 1 src intf GigabitEthernet 3 1 frame type Both dest intf Gig...

Page 1189: ...itch Set remote source mirroring monitor session session num source interface interface name rx tx both no monitor session session num source interface interface name rx tx both Set the mirroring refl...

Page 1190: ...gabitEthernet1 1 switch Related Commands Command Description show monitor Show mirroring session information Platform Description N A remote span Use this command to enable the remote port mirroring f...

Page 1191: ...CLI Reference Guide RSPAN Configuration Commands Platform Description N A...

Page 1192: ...CLI Reference Guide...

Search results

Summary of Contents for RG-S2600G-I Series

Reviews:

Related manuals for RG-S2600G-I Series

Brands by name

Popular brands

Ruijie RG-S2600G-I Series, Cli Reference Manual

Search results

Summary of Contents for RG-S2600G-I Series

Reviews:

Related manuals for RG-S2600G-I Series

Brands by name

Popular brands