3Com 5500-EI PWR Скачать руководство пользователя страница 748

Страница: 748 / 1314

1-9

# Apply rule 2 of user-defined ACL 5000 on Ethernet 1/0/3 to filter inbound packets. Here, it is assumed

that the ACL and its rule numbered 2 are already configured.

[Sysname] interface Ethernet 1/0/3

[Sysname-Ethernet1/0/3] packet-filter inbound user-group 5000 rule 2

[Sysname-Ethernet1/0/3] quit

# Apply rule 1 of advanced ACL 3000 and rule 2 of Layer 2 ACL 4000 on Ethernet 1/0/4 to filter inbound

packets. Here, it is assumed that the ACLs and their rules are already configured.

[Sysname] interface Ethernet 1/0/4

[Sysname-Ethernet1/0/4] packet-filter inbound ip-group 3000 rule 1 link-group 4000 rule 2

After completing the above configuration, you can use the

display packet-filter

command to view

information about packet filtering.

packet-filter vlan

Syntax

packet-filter

vlan

vlan-id

{

inbound

outbound

}

acl-rule

undo

packet-filter

vlan

vlan-id

{

inbound

outbound

}

acl-rule

View

System view

Parameters

vlan-id

: VLAN ID.

inbound

: Specifies to filter packets received by the ports in the VLAN.

outbound

: Specifies to filter packets to be transmitted by the ports in the VLAN.

acl-rule

: ACL rules to be applied, which can be a combination of the rules of multiple ACLs, as

described in

Table 1-5

Description

Use the

packet-filter vlan

command to apply ACL rules on ports in a VLAN to filter packets.

Use the

undo packet-filter vlan

command to remove the application of ACL rules on ports of a VLAN.

Note that the

packet-filter

vlan

command applies the ACL rules on all ports in a VLAN, allowing you to

apply ACL rules to multiple ports in one operation.

Examples

# Apply all rules of basic ACL 2000 on all ports in VLAN 10 to filter inbound packets. Here, it is assumed

that the ACL and its rules and the VLAN are already configured.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] packet-filter vlan 10 inbound ip-group 2000

Содержание 5500-EI PWR

Страница 1: ...i Table of Contents 1 CLI Configuration Commands 1 1 CLI Configuration Commands 1 1 command privilege level 1 1 display history command 1 4 super 1 4 super authentication mode 1 5 super password 1 6...

Страница 2: ...listed in Table 1 1 Table 1 1 Available CLI views for the view argument CLI view Description acl adv Advanced ACL view acl basic Basic ACL view acl ethernetframe Layer 2 ACL view acl user User defined...

Страница 3: ...e VLAN interface view command Command for which the level is to be set Description Use the command privilege level command to set the level of a specified command in a specified view Use the undo comm...

Страница 4: ...ting with the keyword ftp such as ftp server acl ftp server enable and ftp timeout will be restored to the default level if you have modified the command level of commands ftp server enable and ftp ti...

Страница 5: ...rmerly History commands are those commands that were successfully executed recently and saved in the history command buffer You can set the size of the buffer by the history command max size command W...

Страница 6: ...he correct authentication information Related commands super authentication mode super password Examples Switch from the current user level to user level 3 using super password authentication Sysname...

Страница 7: ...w to high user level switching the HWTACACS authentication is preferred and the super password authentication mode is the backup z When both the super password authentication and the HWTACACS authenti...

Страница 8: ...e cipher text password _ TT8F Y 5SQ Q MAF4 1 corresponds to the plain text password 1234567 Description Use the super password command to set a switching password for a specified user level which will...

Страница 9: ...out 1 13 ip http shutdown 1 14 lock 1 15 parity 1 16 protocol inbound 1 16 screen length 1 18 send 1 18 service type 1 19 set authentication password 1 20 shell 1 21 speed 1 22 stopbits 1 22 telnet 1...

Страница 10: ...he login VTY users must enter the correct authentication password to log in to the switch z If you specify the scheme keyword to authenticate users locally or remotely using usernames and passwords th...

Страница 11: ...ame system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 authentication mode password Sysname ui aux0 set authentication password simple aabbcc After th...

Страница 12: ...tomatically z The auto execute command command may cause you unable to perform common configuration in the user interface so use it with caution z Before executing the auto execute command command and...

Страница 13: ...switch successfully Note that these two commands apply to users logging in through the console port and by means of Telnet Examples Disable copyright information displaying Copyright c 2004 2008 3Com...

Страница 14: ...switch operating as the Telnet server That is when the switch operates as the Telnet server the client uses this IP address to log in to the switch z If the source IP address or source interface is s...

Страница 15: ...source interface z If no source address or source IP interface is specified for the switch 0 0 0 0 is displayed That is the source IP address of Telnet service packets is that of the outbound interfa...

Страница 16: ...Type Tx Rx Modem Privi Auth Int Super F 0 AUX 0 19200 3 N S Current user interface is active F Current user interface is active and work in async mode Idx Absolute index of user interface Type Type an...

Страница 17: ...AUX 0 UXXX XXXX User interface type VTY 8 UUUU X 5 character mode users U 8 UI never used X 5 total UI in use Table 1 2 Description on the fields of the display user interface summary command Field De...

Страница 18: ...eration user work in async mode Table 1 3 Descriptions on the fields of the display users command Field Description UI The numbers in the left sub column are the absolute user interface indexes and th...

Страница 19: ...Level Level of a Web user Login Time Time when a Web user logs in Last Req Time Time when the latest request is made free user interface Syntax free user interface type number View User view Parameter...

Страница 20: ...user name and password If a user logs in to the switch through Web the banner text configured will be displayed on the banner page shell Sets the session banner which appears after a session is estab...

Страница 21: ...with the header legal command and before login authentication z The banner configured with the header shell command is displayed after a non modem user session is established Examples Configure banne...

Страница 22: ...and to set the size of the history command buffer Use the undo history command max size command to revert to the default history command buffer size By default the history command buffer can contain u...

Страница 23: ...1 minute Sysname system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 idle timeout 1 ip http shutdown Syntax ip http shutdown undo ip http shutdown View...

Страница 24: ...event unauthorized operations in the user interface After you execute this command the system prompts you for the password and prompts you to confirm the password The user interface is locked only whe...

Страница 25: ...forms odd checks Description Use the parity command to set the check mode of the user interface Use the undo parity command to revert to the default check mode By default no check is performed Example...

Страница 26: ...22 will be disabled z If the authentication mode is scheme there are three scenarios when the supported protocol is specified as telnet TCP 23 will be enabled when the supported protocol is specified...

Страница 27: ...ew System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 screen length 20 send Syntax send all number type number View User view Parameters all Sends messages to all...

Страница 28: ...et Specifies the users to be of Telnet type terminal Makes terminal services available to users logging in through the console port level level Specifies the user level for Telnet users Terminal users...

Страница 29: ...mand level Examples Configure commands at level 0 are available to the users logging in using the user name of zbr Sysname system view System View return to User View with Ctrl Z Sysname local user zb...

Страница 30: ...4 1 Description Use the set authentication password command to set the local password Use the undo set authentication password command to remove the local password Note that only plain text passwords...

Страница 31: ...ui vty0 4 are you sure Y N y speed Syntax speed speed value undo speed View AUX user interface view Parameters speed value Transmission speed in bps This argument can be 300 600 1200 2400 4800 9600 19...

Страница 32: ...ue of the switch to a value different from that of the terminal emulation utility does not affect the communication between them Examples Set the stop bits to 2 Sysname system view System View return...

Страница 33: ...telnet source interface Syntax telnet source interface interface type interface number undo telnet source interface View System view Parameters interface type interface number Interface type and inter...

Страница 34: ...between the specified source IP address and the Telnet server Note that when the telnet source ip command is executed if the IP address specified is not an IP address of the local device your configu...

Страница 35: ...em view Parameters ip address Source IP address to be set Description Use the telnet server source ip command to specify the source Telnet server IP address Use the undo telnet server source ip comman...

Страница 36: ...nt is not required In this case user interfaces are numbered from 0 to 12 last number User interface number identifying the last user interface to be configured The value of this argument must be larg...

Страница 37: ...the entire system and the system supporting modules Services are supported by these commands Commands concerning file system file transfer protocol FTP trivial file transfer protocol TFTP downloading...

Страница 38: ...ers Telnetting to the local switch from the current user interface outbound Applies the ACL for the users Telnetting to other devices from the current user interface This keyword is unavailable to Lay...

Страница 39: ...ct all Web users by force Sysname free web users all ip http acl Syntax ip http acl acl number undo ip http acl View System view Parameters acl number ACL number ranging from 2000 to 2999 Description...

Страница 40: ...gh SNMP You can also optionally use this command to apply an ACL to perform access control for network management users Use the undo snmp agent community command to cancel community related configurat...

Страница 41: ...create an SNMP group You can also optionally use this command to apply an ACL to filter network management users Use the undo snmp agent group command to remove a specified SNMP group By default the S...

Страница 42: ...acters in plain text a 32 bit hexadecimal number in cipher text if MD5 algorithm is used and a 40 bit hexadecimal number in cipher text if SHA algorithm is used acl number Basic ACL number ranging fro...

Страница 43: ...2 6...

Страница 44: ...1 1 File Attribute Configuration Commands 1 1 display current configuration 1 1 display current configuration vlan 1 5 display saved configuration 1 6 display startup 1 8 display this 1 9 reset saved...

Страница 45: ...n directly input the file name text txt as the file URL File Attribute Configuration Commands display current configuration Syntax display current configuration configuration configuration type interf...

Страница 46: ...e beginning of a line For example regular expression user matches lines beginning with user not Auser Ending sign the string to the left of this character appears only at the end of a line For example...

Страница 47: ...es Display configuration information about all the interfaces on the current switch Sysname display current configuration interface interface Vlan interface1 ip address 192 168 0 30 255 255 255 0 inte...

Страница 48: ...ation include 10 password control login attempt 3 exceed lock time 120 vlan 1 interface Vlan interface1 ip address 192 168 0 30 255 255 255 0 ntp service unicast server 192 168 0 52 ntp service unicas...

Страница 49: ...figuration information with line numbers Description Use the display current configuration vlan command to display the current VLAN configuration of the switch Without the vlan id argument specified t...

Страница 50: ...ithout a configuration file the system will display that no configuration file exists upon execution of the command z If you have saved configuration after the switch starts up the command displays th...

Страница 51: ...net1 0 9 interface Ethernet1 0 10 interface Ethernet1 0 11 interface Ethernet1 0 12 interface Ethernet1 0 13 interface Ethernet1 0 14 interface Ethernet1 0 15 interface Ethernet1 0 16 interface Ethern...

Страница 52: ...tion of a switch Note that z If the switch is not a unit of a fabric this command displays the startup configuration file information of the current switch no matter whether you have specified the uni...

Страница 53: ...Syntax display this by linenum View Any view Parameters by linenum Displays configuration information with line numbers Description Use the display this command to display the current configuration p...

Страница 54: ...set saved configuration command to erase the configuration file saved in the Flash of a switch The following two situations exist z While the reset saved configuration main command erases the configur...

Страница 55: ...ion file main Saves the configuration to the main configuration file Description Use the save command to save the current configuration to a configuration file in the Flash When you use this command t...

Страница 56: ...n cfgbak backup configuration file containing the original configuration information or and a configuration file with the extension cfgtmp temporary configuration file containing the current configura...

Страница 57: ...he main configuration file or the backup configuration file to be used for the next startup of the switch Use the undo startup saved configuration command to specify a switch to use null configuration...

Страница 58: ...amed config cfg as the main configuration file to be used for the next startup of the current switch which is not in any fabric Sysname startup saved configuration config cfg main Please wait Done Whe...

Страница 59: ...own 1 5 vlan 1 6 Port Based VLAN Configuration Commands 1 7 display port 1 7 port 1 7 port access vlan 1 8 port hybrid pvid vlan 1 9 port hybrid vlan 1 9 port link type 1 10 port trunk permit vlan 1 1...

Страница 60: ...ption string to the current VLAN or VLAN interface Use the undo description command to restore the default description string By default the description string of the current VLAN is its VLAN ID such...

Страница 61: ...ce Vlan interface 2 Vlan interface2 current state DOWN Line protocol current state DOWN IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 000f e207 4101 Internet Address is 10 1 1 1 24 Pr...

Страница 62: ...configured IP Address 192 168 0 39 Subnet Mask 255 255 255 0 Description VLAN 0001 Name VLAN 0001 Tagged Ports none Untagged Ports GigabitEthernet1 0 1 GigabitEthernet1 0 2 GigabitEthernet1 0 3 Gigab...

Страница 63: ...nter VLAN interface view VLAN interface is a virtual interface in Layer 3 mode used to realize the layer 3 communication between different VLANs Each VLAN has a VLAN interface which can forward packet...

Страница 64: ...n undo shutdown View VLAN interface view Parameter None Description Use the shutdown command to disable the VLAN interface Use the undo shutdown command to enable the VLAN interface By default the VLA...

Страница 65: ...you want to create and whose view you want to enter This argument ranges from 1 to 4 094 Description Use the vlan command to enter VLAN view If the VLAN identified by the vlan id argument does not exi...

Страница 66: ...iew Any view Parameters hybrid Displays hybrid ports trunk Displays trunk ports Description Use the display port command to display the existing hybrid or trunk ports if any Examples Display the exist...

Страница 67: ...bitEthernet1 0 2 through GigabitEthernet1 0 4 to VLAN 2 Sysname system view System View return to User View with Ctrl Z Sysname vlan 2 Sysname vlan2 port GigabitEthernet 1 0 2 to GigabitEthernet 1 0 4...

Страница 68: ...Description Use the port hybrid pvid vlan command to set the default VLAN ID for the hybrid port Use the undo port hybrid pvid command to restore the default VLAN ID of the port Related commands port...

Страница 69: ...se the command multiple times all VLANs specified in the commands will be allowed to pass through the port The VLAN specified by the vlan id argument must exist Otherwise this command is invalid Relat...

Страница 70: ...ll View Ethernet port view Parameters vlan id list VLAN range to which the trunk port will be added vlan id list vlan id1 to vlan id2 1 10 where vlan id is in the range of 1 to 4094 and can be discret...

Страница 71: ...Sysname system view System View return to User View with Ctrl Z Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 port link type trunk Sysname GigabitEthernet1 0 1 port trunk pvid...

Страница 72: ...col type 50 1 ipx raw 80 2 at 100 3 snap etype 0x0abc 100 4 llc dsap 0xac ssap 0xbd display protocol vlan vlan Syntax display protocol vlan vlan vlan id to vlan id all View Any view Parameter vlan id...

Страница 73: ...end End protocol index in the range of 0 to 4 Note that this argument must be larger than or equal to the protocol index argument all Specifies all protocol indexes If the all keyword in the port hybr...

Страница 74: ...vlan 3 0 to 4 protocol vlan Syntax protocol vlan protocol index at ip ipx ethernetii llc raw snap mode ethernetii etype etype id llc dsap dsap id ssap ssap id snap etype etype id undo protocol vlan p...

Страница 75: ...37 Description Use the protocol vlan command to configure the protocol template used for classifying protocol based VLANs Use the undo protocol vlan command to disable the configuration Related comman...

Страница 76: ...1 17...

Страница 77: ...lay fib ip address 2 2 display fib acl 2 3 display fib 2 4 display fib ip prefix 2 5 display fib statistics 2 5 display icmp statistics 2 6 display ip socket 2 7 display ip statistics 2 8 display tcp...

Страница 78: ...r 3 interfaces is displayed Examples Display information about VLAN interface 1 Sysname display ip interface Vlan interface 1 Vlan interface1 current state UP Line protocol current state UP Internet A...

Страница 79: ...Total number of packets bytes and multicast packets forwarded and received on the interface TTL invalid packet number Number of received invalid TTL packets ICMP packet input number 0 Echo reply 0 Unr...

Страница 80: ...ly down l loopback s spoofing Interface IP Address Physical Protocol Description Vlan interface1 192 168 0 39 up up Vlan inte Table 1 2 Description on the fields of the display ip interface brief comm...

Страница 81: ...dress command without any parameter the switch deletes both primary and secondary IP addresses of the interface z The undo ip address ip address mask mask length command is used to delete the primary...

Страница 82: ...12 1 1 to VLAN interface 1 with subnet mask 255 255 255 0 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 ip address 129 12...

Страница 83: ...amples Display all FIB information Sysname display fib Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Equal cost multi path L Generated by ARP or ESIS Destination Mask Nextho...

Страница 84: ...k2 mask length2 longer longer View Any view Parameters ip address1 ip address2 Destination IP addresses in dotted decimal notation ip address1 and ip address2 together define an address range The FIB...

Страница 85: ...Flag TimeStamp Interface 12 158 10 0 24 12 158 10 1 U t 85391 Vlan interface10 Display FIB entry information which has a destination in the range of 12 158 10 0 24 to 12 158 10 6 24 and has a mask len...

Страница 86: ...gular expression View Any view Parameters Uses a regular expression to match FIB entries For detailed information about regular expression refer to Configuration File Management Command begin Displays...

Страница 87: ...with Ctrl Z Sysname ip ip prefix abc permit 211 71 75 0 24 Sysname display ip ip prefix abc name index conditions ip prefix mask GE LE abc 10 permit 211 71 75 0 24 Display the FIB entries matching IP...

Страница 88: ...MP packets Sysname display icmp statistics Input bad formats 0 bad checksum 0 echo 5 destination unreachable 0 source quench 0 redirects 0 echo reply 10 parameter problem 0 timestamp 0 information req...

Страница 89: ...ench Number of sent source quench packets redirects Number of sent redirection packets echo reply Number of sent replies parameter problem Number of sent parameter problem packets timestamp Number of...

Страница 90: ...92 rcvbuf 8192 sb_cc 0 rb_cc 0 socket option SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE socket state SS_ISCONNECTED SS_PRIV SS_ASYNC Table 2 3 Description on the fields of the display ip s...

Страница 91: ...unknown protocol packets Unknown protocol packets are destined to the local device but the upper layer protocol specified in their IP header cannot be processed by the device For example if a switch i...

Страница 92: ...isplay tcp statistics command to display the statistics about TCP packets Related commands display tcp status reset tcp statistics Examples Display the statistics about TCP connections Sysname display...

Страница 93: ...received offset error Number of offset error packets received short error Number of received packets with length being too small duplicate packets Number of completely duplicate packets received part...

Страница 94: ...d Closed connections Number of connections closed in brackets are connections closed accidentally before receiving SYN from the peer and connections closed initiatively after receiving SYN from the pe...

Страница 95: ...iption Use the display udp statistics command to display the statistics about UDP packets Related commands reset udp statistics Examples Display the statistics about UDP packets Sysname display udp st...

Страница 96: ...ull Number of not delivered packets due to a full socket cache packets input packets missing pcb cache Number of packets without matching PCB cache Sent packets Total Total number of UDP packets sent...

Страница 97: ...fault the device is enabled to send ICMP destination unreachable packets Examples Disable the device from sending ICMP destination unreachable packets Sysname system view System View return to User Vi...

Страница 98: ...packets You can use the display ip statistics command to view the current IP packet statistics Related commands display ip interface Examples Clear the statistics about IP packets Sysname reset ip st...

Страница 99: ...the value ranging from 76 to 3600 Description Use the tcp timer fin timeout command to configure the TCP finwait timer Use the undo tcp timer fin timeout command to restore the default value of the T...

Страница 100: ...minated Related commands tcp timer fin timeout tcp window Examples Configure the value of the TCP synwait timer to 80 seconds Sysname system view System View return to User View with Ctrl Z Sysname tc...

Страница 101: ...fin timeout tcp timer syn timeout Examples Configure the size of the transmission and receiving buffers of the connection oriented socket to 3 KB Sysname system view System View return to User View w...

Страница 102: ...s 1 1 display voice vlan error info 1 1 display voice vlan oui 1 1 display voice vlan status 1 2 display vlan 1 3 voice vlan 1 4 voice vlan aging 1 5 voice vlan enable 1 6 voice vlan legacy 1 7 voice...

Страница 103: ...display the ports on which the voice VLAN function fails to be enabled When ACL number applied to a port reaches to its threshold voice VLAN cannot be enabled on this port Examples Display the ports o...

Страница 104: ...ffff ff00 0000 H3C Aolynk phone 00d0 1e00 0000 ffff ff00 0000 Pingtel phone 00e0 7500 0000 ffff ff00 0000 Polycom phone 00e0 bb00 0000 ffff ff00 0000 3Com phone display voice vlan status Syntax displ...

Страница 105: ...e Current voice vlan enable port mode The ports on which the voice VLAN function is enabled PORT Port number MODE Voice VLAN assignment mode on the port which can be auto or manual COS The CoS precede...

Страница 106: ...LAN voice vlan Syntax voice vlan vlan id enable undo voice vlan enable View System view Parameters vlan id Specifies the ID of the VLAN to be enabled with the voice VLAN function in the range of 2 to...

Страница 107: ...e the voice VLAN function for other VLANs the system will prompt that your configuration fails Sysname voice vlan 4 enable Can t change voice vlan configuration when other voice vlan is running voice...

Страница 108: ...e a port that has not transmitted voice traffic from the voice VLAN timely thus improving network security However this may cause the port to be assigned to or removed from the voice VLAN frequently T...

Страница 109: ...VLAN legacy function By default the voice VLAN legacy function is disabled Examples Enable the voice VLAN legacy function on Ethernet1 0 1 Sysname system view System View return to User View with Ctr...

Страница 110: ...1 2 Default OUI addresses of a switch Number OUI address Vendor 1 0003 6b00 0000 Cisco phone 2 000f e200 0000 H3C Aolynk phone 3 00d0 1e00 0000 Pingtel phone 4 00e0 7500 0000 Polycom phone 5 00e0 bb0...

Страница 111: ...th Ctrl Z Sysname interface Ethernet 1 0 2 Sysname Ethernet1 0 2 undo voice vlan mode auto voice vlan qos Syntax voice vlan qos cos value dscp value trust undo voice vlan qos View Ethernet port view P...

Страница 112: ...enable command to enable the voice VLAN security mode Use the undo voice vlan security enable command to disable the voice VLAN security mode In security mode the ports in a voice VLAN and with voice...

Страница 113: ...Configuration Commands 1 1 display garp statistics 1 1 display garp timer 1 2 garp timer 1 3 garp timer leaveall 1 4 reset garp statistics 1 5 GVRP Configuration Commands 1 6 display gvrp statistics...

Страница 114: ...not specified this command displays the GARP statistics on all the ports The switch automatically collects statistics about GVRP packets sent received and dropped on GVRP enabled ports Upon system reb...

Страница 115: ...rface list View Any view Parameters interface list Specifies a list of Ethernet ports of which the GARP timer settings are to be displayed In this list you can specify individual ports and port ranges...

Страница 116: ...lue Timeout time in centiseconds of the GARP timer Hold Join or Leave to be set Description Use the garp timer command to set a GARP timer that is the Hold timer the Join timer or the Leaver timer for...

Страница 117: ...hold by changing the timeout time of the Join timer This upper threshold is less than the timeout time of the LeaveAll timer You can change the threshold by changing the timeout time of the LeaveAll t...

Страница 118: ...n networking you are recommended to set the GARP LeaveAll timer to 12000 centiseconds 2 minutes Related commands display garp timer Examples Set the GARP LeaveAll timer to 100 centiseconds Sysname sys...

Страница 119: ...the GVRP statistics on the specified ports You need to provide the interface list argument in the format of interface type interface number to interface type interface number 1 10 where the interface...

Страница 120: ...xamples Display the global GVRP status Sysname display gvrp status GVRP is enabled The above information indicates that GVRP is enabled globally gvrp Syntax gvrp undo gvrp View System view Ethernet po...

Страница 121: ...annot register or deregister VLAN information dynamically It only propagates static VLAN information Besides the port permits only static VLANs that is it propagates only static VLAN information to th...

Страница 122: ...s Configure Ethernet1 0 1 to operate in fixed GVRP registration mode Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet1 0 1 Sysname Ethernet1 0 1 gvrp registra...

Страница 123: ...rval 1 18 giant frame statistics enable 1 19 interface 1 20 jumboframe enable 1 20 link delay 1 21 loopback 1 22 loopback detection control enable 1 23 loopback detection enable 1 24 loopback detectio...

Страница 124: ...o 262143 for a GigabitEthernet port Description Use the broadcast suppression command to limit broadcast traffic allowed to be received on each port in system view or on a specified port in Ethernet p...

Страница 125: ...hat can be received per second by the Ethernet 1 0 1 port to 1 000 Sysname Ethernet1 0 1 broadcast suppression pps 1000 copy configuration Syntax copy configuration source interface type interface num...

Страница 126: ...pping port rate limiting priority trust mode QoS profile the qos profile port based configuration cannot be copied and so on STP The enable disable state of STP on the port link attribute of the port...

Страница 127: ...tion Copying QOS configuration Copying GARP configuration Copying STP configuration Copying speed duplex configuration Copying speed configuration to interface Ethernet1 0 1 failed Copying QoS rate li...

Страница 128: ...mmand to display the configured description Examples Set description string home for the Ethernet 1 0 1 port Sysname system view System View return to User View with Ctrl Z Sysname interface ethernet...

Страница 129: ...Related commands display interface Examples Display the brief configuration information about the Ethernet 1 0 1 port Sysname display brief interface Ethernet 1 0 1 Interface Eth Ethernet GE GigabitEt...

Страница 130: ...r description of the interface command Description Use the display interface command to display port configuration When using this command z If you specify neither port type nor port number the comman...

Страница 131: ...red 0 collisions 0 late collisions 0 lost carrier no carrier Table 1 4 Description on the fields of the display interface command Field Description Ethernet1 0 1 current state Current Ethernet port st...

Страница 132: ...s Count in packets and in bytes of incoming normal packets on the port including incoming normal packets and normal PAUSE frames The number of normal incoming broadcast packets the number of normal in...

Страница 133: ...Output normal packets bytes broadcasts multicasts pauses Count in packets and in bytes of outgoing normal packets on the port including outgoing normal packets and normal Pause frames The number of no...

Страница 134: ...ission display link delay Syntax display link delay View Any view Parameters None Description Use the display link delay command to display the information about the ports with the link delay command...

Страница 135: ...is running Loopback detection is enabled globally Detection interval time is 30 seconds Time interval for loopback detection is 30 seconds There is no port existing loopback link No loopback port exis...

Страница 136: ...d By others Number of packets dropped because of other reasons display storm constrain Syntax display storm constrain interface interface type interface number begin exclude include regular expression...

Страница 137: ...rent status of the port which can be normal or control Trap on trap information is output when a type of traffic received on the port exceeds the upper threshold or falls below the lower threshold off...

Страница 138: ...Last 300 seconds output 0 packets sec 0 bytes sec Input total 0 packets 0 bytes 0 broadcasts 0 multicasts 0 pauses Input normal packets bytes broadcasts multicasts pauses Input 0 input errors 0 runts...

Страница 139: ...he port is in auto negotiation mode Related commands speed Examples Set the Ethernet 1 0 1 port to auto negotiation mode Sysname system view System View return to User View with Ctrl Z Sysname interfa...

Страница 140: ...tion and execute the shutdown command or the undo shutdown command on Ethernet 1 0 1 No Up Down log information is output for Ethernet 1 0 1 Sysname Ethernet1 0 1 undo enable log updown Sysname Ethern...

Страница 141: ...ured with the flow control no pauseframe sending command can receive and process remote pause frames but cannot send pause frames actively when it is congested By default flow control is disabled on E...

Страница 142: ...ation is as follows Last 100 seconds input 0 packets sec 0 bytes sec Last 100 seconds output 0 packets sec 0 bytes sec Related commands display interface Examples Set the interval to perform statistic...

Страница 143: ...NULL or VLAN interface interface number Port number in the format of Unit ID slot number port number where Unit ID is in the range of 1 to 8 The slot number is 0 if the port is an Ethernet port the sl...

Страница 144: ...ernet 1 0 1 Sysname Ethernet1 0 1 jumboframe enable link delay Syntax link delay delay time undo link delay View Ethernet port view Parameters delay time Port state change delay to be set This argumen...

Страница 145: ...he port of the switch The external loop test can locate the hardware failures on the port For 100M port the self loop headers are made from four cores of the 8 core cables for 1000M port the self loop...

Страница 146: ...the trunk or hybrid port when loopback is found on the port the system sets the port to the block state where the port cannot forward data packets sends log messages to the terminal and removes the co...

Страница 147: ...is removed 2 If a loop is found on a trunk or hybrid port the system merely sends log messages to the terminal but does not set the port to the block state or remove the corresponding MAC forwarding...

Страница 148: ...type interface number 1 10 where z interface type is the port type and interface number is the port number z Keyword to is used to specify a range of ports The port number after to must be equal to o...

Страница 149: ...l Z Sysname loopback detection interval time 10 loopback detection per vlan enable Syntax loopback detection per vlan enable undo loopback detection per vlan enable View Ethernet port view Parameters...

Страница 150: ...ction function refer to loopback detection enable If a loop is found at a port z With the function enabled on the port the system will shut down the port and send log messages to the terminal After th...

Страница 151: ...t operating in this mode adjust its MDI mode between MDI and MDI X automatically z An RJ 45 interface can operate in MDI or MDI X mode z To connect two RJ 45 interfaces operating in the same MDI mode...

Страница 152: ...ulticast suppression setting on the current port When incoming multicast traffic on the port exceeds the multicast traffic threshold you set the system drops the packets exceeding the threshold to red...

Страница 153: ...ared Examples Clear the statistics of Ethernet 1 0 1 Sysname reset counters interface ethernet 1 0 1 reset packet drop interface Syntax reset packet drop interface interface type interface number View...

Страница 154: ...3 linkDown portIndex is 4227650 ifAdminStatus is 2 ifOperStatus is 2 Apr 13 23 13 53 807 2000 Sysname L2INF 5 PORT LINK STATUS CHANGE 1 Ethernet1 0 4 is DOWN Apr 13 23 13 53 927 2000 Sysname L2INF 5 V...

Страница 155: ...uto Specifies the port speed to the auto negotiation mode Description Use the speed command to set the port speed Use the undo speed command to restore the port speed to the default setting By default...

Страница 156: ...to 10 1000 storm constrain Syntax storm constrain broadcast multicast unicast max packets min packets pps kbps undo storm constrain all broadcast multicast unicast View Ethernet port view Parameters b...

Страница 157: ...cording to your configuration Related commands display storm constrain storm constrain control storm constrain enable Examples Set the upper and lower thresholds of broadcast traffic on Ethernet 1 0 1...

Страница 158: ...type of traffic on the port exceeds the upper threshold If you want to bring up the port again you can execute the undo shutdown command or the undo storm constrain all broadcast multicast unicast com...

Страница 159: ...ce Ethernet 1 0 1 Sysname Ethernet1 0 1 undo storm constrain enable log storm constrain interval Syntax storm constrain interval interval value undo storm constrain interval View System view Parameter...

Страница 160: ...ppression setting on the port When incoming unknown unicast traffic exceeds the unknown unicast traffic threshold you set the system drops the packets exceeding the threshold to reduce the unknown uni...

Страница 161: ...lty point z Pair impedance mismatch z Pair skew z Pair swap z Pair polarity z Insertion loss z Return loss z Near end crosstalk By default the system does not test the cable connected to the Ethernet...

Страница 162: ...k aggregation interface 1 1 display link aggregation summary 1 2 display link aggregation verbose 1 3 display lacp system id 1 4 lacp enable 1 5 lacp port priority 1 5 lacp system priority 1 6 link ag...

Страница 163: ...command to display the link aggregation details about a specified port or port range Note that as ports in a manual link aggregation groups do not acquire the information about their peers automatica...

Страница 164: ...gregation summary Syntax display link aggregation summary View Any view Parameters None Description Use the display link aggregation summary command to display summary information of all aggregation g...

Страница 165: ...ACP packet is received the partner ID is displayed as 0x8000 0000 0000 0000 Select Ports Number of the selected ports Unselect Ports Number of the unselected ports Share Type Load sharing type Shar lo...

Страница 166: ...Ethernet1 0 2 S 32768 1 Ethernet1 0 3 U 32768 1 Remote Actor Partner Priority Key SystemID Flag Ethernet1 0 2 0 0 0 0x0000 0000 0000 0000 Ethernet1 0 3 0 0 0 0x0000 0000 0000 0000 Table 1 3 Descripti...

Страница 167: ...D lacp enable Syntax lacp enable undo lacp enable View Ethernet port view Parameters None Description Use the lacp enable command to enable LACP on the current port Use the undo lacp enable command to...

Страница 168: ...o User View with Ctrl Z Sysname interface Ethernet1 0 1 Sysname Ethernet1 0 1 lacp port priority 64 lacp system priority Syntax lacp system priority system priority undo lacp system priority View Syst...

Страница 169: ...tion concerning manual and static aggregation groups and their descriptions still exists but that of the dynamic aggregation groups and their descriptions gets lost You can use the display link aggreg...

Страница 170: ...k aggregation group agg id undo port link aggregation group View Ethernet port view Parameters agg id Aggregation group ID in the range of 1 to 416 Description Use the port link aggregation group comm...

Страница 171: ...Port number to Specifies a port index range with the two interface type interface number argument pairs around it as the two ends Description Use the reset lacp statistics command to clear LACP statis...

Страница 172: ...i Table of Contents 1 Port Isolation Configuration Commands 1 1 Port Isolation Configuration Commands 1 1 display isolate port 1 1 port isolate 1 1...

Страница 173: ...ame display isolate port Isolated port s on UNIT 1 Ethernet1 0 2 Ethernet1 0 3 Ethernet1 0 4 The information above shows that Ethernet1 0 2 Ethernet1 0 3 and Ethernet1 04 are in the isolation group Ne...

Страница 174: ...system view z Assigning an isolated port to an aggregation group causes all the ports in the aggregation group on the local unit to join the isolation group z The Switch 5500 EI supports cross device...

Страница 175: ...rity authorization ignore 1 6 port security enable 1 7 port security guest vlan 1 8 port security intrusion mode 1 9 port security max mac count 1 11 port security ntk mode 1 12 port security oui 1 13...

Страница 176: ...C address entries For each security MAC address entry the output of the command displays the MAC address the VLAN that the MAC address belongs to state of the MAC address which is always security port...

Страница 177: ...isplay mac address security count 6 mac address es found Display the number of security MAC address entries for VLAN 1 Sysname display mac address security vlan 1 count 4 mac address es found in vlan...

Страница 178: ...guration Examples Display the global port security configurations and those of all ports Sysname display port security Equipment port security is enabled AddressLearn trap is Enabled Intrusion trap is...

Страница 179: ...d The sending of 802 1x user logoff trap messages is enabled Dot1x logfailure trap is Enabled The sending of 802 1x user authentication failure trap messages is enabled RALM logon trap is Enabled The...

Страница 180: ...H format interface interface type interface number Specify the port on which the security MAC address is to be added The interface type interface number arguments indicate the port type and port numbe...

Страница 181: ...isplay mac address interface Ethernet 1 0 1 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME s 0001 0001 0001 1 Security Ethernet1 0 1 NOAGED 1 mac address es found on port Ethernet1 0 1 port security aut...

Страница 182: ...ax port security enable undo port security enable View System view Parameters None Description Use the port security enable command to enable port security Use the undo port security enable command to...

Страница 183: ...h a guest VLAN specified fail the authentication the port is added to the guest VLAN and users of the port can access only the resources in the guest VLAN z Multiple users may connect to one port in t...

Страница 184: ...ndo port security intrusion mode View Ethernet port view Parameters blockmac Adds the source MAC addresses of illegal packets to the blocked MAC address list As a result the packets sourced from the b...

Страница 185: ...ou can only use the display port security command to view blocked MAC addresses Related commands display port security port security timer disableport Examples Configure the intrusion protection mode...

Страница 186: ...tion mode on Ethernet 1 0 1 as disableport As a result when intrusion protection is triggered the port will be disconnected permanently Sysname system view System View return to User View with Ctrl Z...

Страница 187: ...security max mac count command on the port Examples Set the maximum number of MAC addresses allowed on the port to 100 Sysname system view System View return to User View with Ctrl Z Sysname port secu...

Страница 188: ...Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname port security enable Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 port security ntk mode ntk withbroadc...

Страница 189: ...t security port mode Examples Configure an OUI value of 00ef ec00 0000 setting the OUI index to 5 Sysname system view System View return to User View with Ctrl Z Sysname port security oui 00ef ec00 00...

Страница 190: ...entication macAddressWithRad ius In this mode MAC address authentication is applied on users trying to access the network mac else userlogin se cure macAddressElseUse rLoginSecure In this mode MAC add...

Страница 191: ...ready passed MAC address authentication However users who have already passed 802 1x authentication do not need to go through MAC address authentication In this mode only one 802 1x authenticated user...

Страница 192: ...re the port as a reflector port for port mirroring z Configure the port as a Fabric port z Configure link aggregation Related commands display port security Examples Set the security mode of Ethernet...

Страница 193: ...rface Ethernet 1 0 1 Sysname Ethernet1 0 1 port security max mac count 4 Sysname Ethernet1 0 1 port security port mode autolearn port security timer disableport Syntax port security timer disableport...

Страница 194: ...er guest vlan reauth command to configure the interval at which the switch triggers MAC address authentication after a port is added to its guest VLAN Use the undo port security timer guest vlan reaut...

Страница 195: ...authentication Description Use the port security trap command to enable the sending of specified type s of trap messages Use the undo port security trap command to disable the sending of specified typ...

Страница 196: ...ion trap is Enabled Disableport Timeout 20 s OUI value Ethernet1 0 1 is link down Port mode is AutoLearn NeedtoKnow mode is needtoknowonly Intrusion mode is disableportTemporarily Max mac address num...

Страница 197: ...i Table of Contents 1 Port MAC IP Binding Commands 1 1 Port MAC IP Binding Commands 1 1 am user bind 1 1 display am user bind 1 2...

Страница 198: ...ddress MAC address to be bound ip address IP address to be bound interface type Type of the port to be bound interface number Number of the port to be bound Description Use the am user bind command to...

Страница 199: ...mation on a specified port interface type Port type interface number Port number ip addr ip addr Displays only the binding information of a specified IP address mac addr mac addr Displays only the bin...

Страница 200: ...P Configuration Commands 1 1 DLDP Configuration Commands 1 1 display dldp 1 1 dldp 1 2 dldp authentication mode 1 3 dldp interval 1 4 dldp reset 1 5 dldp unidirectional shutdown 1 5 dldp work mode 1 6...

Страница 201: ...play the DLDP configuration of a unit or a port Examples Display information about all DLDP enabled ports on unit 1 Sysname display dldp 1 dldp interval 10 dldp work mode enhance dldp authentication m...

Страница 202: ...tive active advertisement probe disable or delaydown dldp link state Port state up or down The neighbor number of the port Number of the neighbor ports neighbor mac address MAC address of a neighbor p...

Страница 203: ...ation mode View System view Parameters none Sets the authentication mode on the port to none Performs no authentication on the port simple Sets the authentication mode on the port to plain text simple...

Страница 204: ...ending advertisement packets in seconds in the range of 1 to 100 It is 5 by default Description Use the dldp interval command to set the interval between sending advertisement packets for all DLDP ena...

Страница 205: ...and to reset the DLDP status of all the ports disabled by DLDP In Ethernet port view Use the dldp reset command to reset the DLDP status of the current port disabled by DLDP After the dldp reset comma...

Страница 206: ...By default the DLDP handling mode after a unidirectional link is found is auto Related commands dldp work mode Examples Configure DLDP to automatically disable the corresponding port when a unidirect...

Страница 207: ...p delaydown timer Syntax dldp delaydown timer delaydown time undo dldp delaydown timer View System view Parameters delaydown time Delaydown timer to be set in seconds This argument ranges from 1 to 5...

Страница 208: ...1 8 Examples Set the delaydown timer to 5 seconds Sysname system view System View return to User View with Ctrl Z Sysname dldp delaydown timer 5...

Страница 209: ...nfiguration Commands 1 1 MAC Address Table Management Configuration Commands 1 1 display mac address aging time 1 1 display mac address 1 2 mac address 1 3 mac address aging destination hit enable 1 5...

Страница 210: ...ters None Description Use the display mac address aging time command to display the aging time of the dynamic MAC address entries in the MAC address table Related commands mac address mac address time...

Страница 211: ...ddress entries specified by related parameters in the command When this keyword is used the command displays only the number of specified MAC address entries rather than related information about thes...

Страница 212: ...state of the MAC address entry which can be one of the following z Config static Indicates a manually configured static address entry z Learned Indicates a dynamically learnt address entry z Config dy...

Страница 213: ...ber vlan vlan id Removes a specified static dynamic or blackhole MAC address entry interface interface type interface number Removes all the MAC address entries concerning a specified port vlan vlan i...

Страница 214: ...address entries for the destination MAC addresses This increases the MAC address table update frequency improves the usability of the MAC address table and reduces broadcasts By default the destinatio...

Страница 215: ...n to 600 Sysname system view System View return to User View with Ctrl Z Sysname interface GigabitEthernet 1 0 3 Sysname GigabitEthernet1 0 3 mac address max mac count 600 mac address timer Syntax mac...

Страница 216: ...itch to be unable to update its MAC address table in time In this case the MAC address table cannot reflect the position changes of network devices in time Examples Set the aging time of MAC address e...

Страница 217: ...mmands 1 1 Auto Detect Configuration Commands 1 1 detect group 1 1 detect list 1 2 display detect group 1 3 ip route static detect group 1 4 option 1 5 retry 1 6 standby detect group 1 6 timer loop 1...

Страница 218: ...ew Parameters group number Detected group number ranging from 1 to 25 Description Use the detect group command to create a detected group and enter detected group view Use the undo detect group comman...

Страница 219: ...etected and the Auto Detect enabled switch are not on the same network segment the ICMP packets will be forwarded to the specified next hop Description Use the detect list command to add a detected ob...

Страница 220: ...next hop 1 202 13 1 55 1 2 3 4 Table 1 1 Description on the fields of the display detect group command Field Description detect group 1 Detected group number 1 detect loop time s Detecting interval in...

Страница 221: ...u specify this keyword when executing this command any packet destined for the specified IP address is discarded and the system informs the source that the destination is unreachable blackhole Specifi...

Страница 222: ...een the detected objects is and When a detecting operation is being carried out the switch detects each detected object contained in the detected group in turn by their sequence number z If you specif...

Страница 223: ...the time waiting for an ICMP Reply configured with the time wait command the switch re sends an ICMP Request until the maximum retry times configured with the retry command is reached If still no ICMP...

Страница 224: ...o 15 Description Use the timer loop command to set the detecting interval that is the frequency to perform auto detect operations Use the undo timer loop command to restore the default By default auto...

Страница 225: ...ed If still no ICMP Reply is received the destination IP address is considered as unreachable Examples Set a timeout of 3 seconds waiting for an ICMP reply in detected group 10 Sysname system view Sys...

Страница 226: ...tected group 10 is unreachable Sysname system view System View return to User View with Ctrl Z Sysname interface vlan interface 1 Sysname Vlan interface1 vrrp vrid 1 track detect group 10 reduced 20 A...

Страница 227: ...e diameter 1 16 stp compliance 1 16 stp config digest snooping 1 18 stp cost 1 20 stp dot1d trap 1 21 stp edged port 1 22 stp loop protection 1 23 stp max hops 1 25 stp mcheck 1 25 stp mode 1 27 stp n...

Страница 228: ...ii stp transmit limit 1 44 vlan mapping modulo 1 45 vlan vpn tunnel 1 46...

Страница 229: ...on change multiple spanning tree protocol MSTP does not recalculate spanning trees immediately after the configuration change it does this only after you activate the new MST region related settings o...

Страница 230: ...rrors in the protocol state of the BPDU packets In order to avoid this problem you can enable BPDU dropping on Ethernet ports Once the function is enabled on a port the port will not receive or forwar...

Страница 231: ...ted MST regions You can use this command to find the MST region the switch currently belongs to or check to see whether or not the MST region related configuration is correct Related commands instance...

Страница 232: ...specified ports in the order of MSTI ID MSTP state information includes 1 Global CIST parameters Protocol operating mode switch priority in the CIST instance MAC address hello time max age forward del...

Страница 233: ...z FORWARDING The port learns MAC addresses and forwards user traffic z DISCARDING The port does not learn MAC addresses or forward user traffic z LEARNING The port learns MAC addresses but does not fo...

Страница 234: ...d external path cost CIST RegRoot IRPC CIST regional root and internal path cost CIST RootPortId CIST root port ID BPDU Protection Indicates whether BPDU protection is enabled globally TC Protection T...

Страница 235: ...he port can send which can be legacy or 802 1s Config indicates the configured value and Active indicates the actual value Port Config Digest Snooping Indicates whether digest snooping is enabled on t...

Страница 236: ...locking the port z Root Protected root guard function z Loop Protected loop guard function z Formatcompatibility Protected MSTP BPDU format incompatibility protection function display stp portdown Syn...

Страница 237: ...region configuration including the region name region revision level and VLAN to instance mappings configured for the switch Related commands stp region configuration Examples Display the configuratio...

Страница 238: ...s of the display stp root command Field Description MSTID MSTI ID in the MST region Root Bridge ID ID of the root bridge ExtPathCost Cost of the external path from the switch to the root bridge The de...

Страница 239: ...and all VLANs that are mapped to the specified MSTI are remapped to the CIST By default all VLANs are mapped to the CIST VLAN to instance mappings are recorded in the VLAN to instance mapping table of...

Страница 240: ...hello reset stp Syntax reset stp interface interface list View User view Parameters interface list Ethernet port list You can specify multiple Ethernet ports by providing this argument in the form of...

Страница 241: ...STP revision level along with MST region name and VLAN to instance mapping table determines the MST region which a switch belongs to When the MST region name and VLAN to instance mapping table are bot...

Страница 242: ...s in STP compatible mode RSTP mode or MSTP mode depending on the MSTP mode setting which is configurable with the stp mode command z To control MSTP flexibly you can use the undo stp enable command to...

Страница 243: ...implement rapid transition But they resume non edge ports automatically upon receiving configuration BPDUs which causes spanning trees recalculation and network topology jitter Normally no configurati...

Страница 244: ...dge diameter command to restore the network diameter to the default value By default the network diameter is 7 After you configure the network diameter of a switched network MSTP adjusts its hello tim...

Страница 245: ...to set the mode in which a port recognizes and sends MSTP packets Use the undo stp interface compliance command to restore the default The default mode is auto namely all ports recognize the BPDU form...

Страница 246: ...able the digest snooping feature Configured in system view the setting takes effect globally configured in interface view the setting takes effect on the current port only z Use the stp interface conf...

Страница 247: ...when your switch is connected to another manufacturer s switches adopting proprietary spanning tree protocols z To enable the digest snooping feature the interconnected switches and another manufactu...

Страница 248: ...the proprietary standard selected the path cost of an Ethernet port ranges from 1 to 200000 interface list Ethernet port list You can specify multiple Ethernet ports by providing this argument in the...

Страница 249: ...Ethernet 1 0 2 to Ethernet 1 0 4 in MSTI 2 to 400 in system view Sysname system view System View return to User View with Ctrl Z Sysname stp interface Ethernet 1 0 2 to Ethernet 1 0 4 instance 2 cost...

Страница 250: ...face number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Description z Use the stp edged port enable command...

Страница 251: ...ct even if you have configured it on the port Examples Configure Ethernet 1 0 1 as an edge port z Configure Ethernet 1 0 1 as an edge port in Ethernet port view Sysname system view System View return...

Страница 252: ...or a certain period the switch selects a new root port the original root port becomes a designated port and the blocked ports turn to the forwarding state This may cause loops in the network The loop...

Страница 253: ...guration BPDU And a switch discards the configuration BPDUs whose remaining hops are 0 After a configuration BPDU reaches a root bridge of a spanning tree in a MST region the value of the remaining ho...

Страница 254: ...ally But when the STP enabled downstream switch is then replaced by an MSTP enabled switch the port cannot automatically transit to the MSTP mode but still remains in the STP compatible mode In this c...

Страница 255: ...to configure an MSTP enabled switch to operate in STP compatible mode z RSTP compatible mode where the ports of a switch send RSTP BPDUs to neighboring devices If RSTP enabled switches exist in a swi...

Страница 256: ...their states rapidly The rapid transition feature aims to resolve this problem When a 3Com switch 5500 EI running MSTP is connected in the upstream direction to another manufacture s switch adopting p...

Страница 257: ...andard STP uses path costs to indicate the quality of links A smaller path cost indicates a higher link quality The path cost of a port is related to the rate of the link connecting the port The highe...

Страница 258: ...ports on the aggregated link which is measured in 100 Kbps You can use the stp cost command to manually configure the path cost of a port in a specified MSTI For details see stp cost Examples Configu...

Страница 259: ...by default and so MSTP automatically determines the type of the link connected to the current port The rapid transition feature is not applicable to ports on non point to point links If an Ethernet po...

Страница 260: ...port priority command to restore the default port priority of the current port in the specified MSTI z Use the stp interface port priority command to set a port priority for the specified ports in the...

Страница 261: ...ystem view Parameters instance instance id Specifies an MSTI ID ranging from 0 to 16 The value of 0 indicates the CIST Description Use the stp portlog command to enable log and trap message output for...

Страница 262: ...priority to be set This argument ranges from 0 to 61 440 and must be a multiple of 4 096 such as 0 4 096 and 8 192 There are totally 16 available switch priorities Description Use the stp priority co...

Страница 263: ...s of the switch z All VLANs are mapped to the CIST in the VLAN to instance mapping table z The MSTP revision level is 0 You can modify the three parameters after entering MST region view by using the...

Страница 264: ...ork by using the stp root primary command The switch will then figure out the following three time parameters hello time forward delay and max age As the hello time figured out by the network diameter...

Страница 265: ...ndary root bridges for an MSTI If the switch operating as the root bridge fails or is turned off the secondary root bridge with the least MAC address becomes the root bridge You can specify the networ...

Страница 266: ...system view By default the root guard function is disabled Because of configuration errors or malicious attacks the valid root bridge in the network may receive configuration BPDUs with their priorit...

Страница 267: ...ection disable command to disable the TC BPDU attack guard function By default the TC BPDU guard attack function is enabled and the MAC address table and ARP entries can be removed for up to six times...

Страница 268: ...upon receiving a TC BPDU and triggers a timer set to 10 seconds by default at the same time Before the timer expires the switch only performs the removing operation for limited times up to six times b...

Страница 269: ...by the forward delay configured on the root bridge The forward delay setting configured on a root bridge applies to all non root bridges As for the configuration of the three time related parameters n...

Страница 270: ...s namely the hello time forward delay and max age parameters the following formulas must be met to prevent frequent network jitter 2 forward delay 1 second max age Max age 2 hello time 1 second You ar...

Страница 271: ...nds stp timer forward delay stp timer hello stp bridge diameter Examples Set the max age to 1 000 centiseconds Sysname system view System View return to User View with Ctrl Z Sysname stp timer max age...

Страница 272: ...r 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Description z Use the stp transmit limit command to set the maximum number of configuration BPDUs...

Страница 273: ...system view System View return to User View with Ctrl Z Sysname stp interface Ethernet 1 0 2 to Ethernet 1 0 4 transmit limit 15 vlan mapping modulo Syntax vlan mapping modulo modulo View MST region v...

Страница 274: ...p VLANs to MSTIs with the modulo being 16 Sysname system view System View return to User View with Ctrl Z Sysname stp region configuration Sysname mst region vlan mapping modulo 16 vlan vpn tunnel Syn...

Страница 275: ...n make sure the links between operator s networks are trunk links z If a fabric port exists on a switch you cannot enable the VLAN VPN function for any port of the switch Examples Enable the VLAN VPN...

Страница 276: ...ing table statistics protocol 1 12 2 Static Route Configuration Commands 2 1 Static Route Configuration Commands 2 1 delete static routes all 2 1 ip route static 2 2 3 RIP Configuration Commands 3 1 R...

Страница 277: ...4 18 display ospf nexthop 4 21 display ospf peer 4 22 display ospf request queue 4 25 display ospf retrans queue 4 26 display ospf routing 4 27 display ospf vlink 4 28 filter policy export 4 29 filter...

Страница 278: ...cost 5 1 apply tag 5 2 display ip ip prefix 5 2 display route policy 5 3 if match acl ip prefix 5 4 if match cost 5 4 if match interface 5 5 if match ip next hop 5 6 if match tag 5 6 ip ip prefix 5 7...

Страница 279: ...routing information without the specified character string For details about regular expressions refer to Configuration File Management Operation of this manual Description Use the display ip routing...

Страница 280: ...ting Table public net Destination Mask Protocol Pre Cost Nexthop Interface 4 4 4 0 24 DIRECT 0 0 4 4 4 1 Vlan interface4 Display the routing information without the character string interface4 in the...

Страница 281: ...ACL 2100 1 rule Acl s step is 1 rule 0 permit source 192 168 1 0 0 0 0 255 For details about the display acl command refer to ACL Command Display the information of routes that match ACL 2100 Sysname...

Страница 282: ...iveU Retain Gateway Unicast Age 21 34 13 Cost 0 0 Table 1 2 Description on the fields of the display ip routing table command Field Description Destination Destination address Mask Subnet mask Protoco...

Страница 283: ...ise route when advertising routes in accordance with a routing policy NotInstall A NotInstall route cannot be added to the core routing table but may be advertised A route with the highest priority is...

Страница 284: ...outing table ip address mask This command only displays the routes exactly matching the specified destination address and mask z display ip routing table ip address longer match This command displays...

Страница 285: ...displays the verbose information of both active and inactive routes Without this argument provided this command displays the summary of active routes only Description Use the display ip routing table...

Страница 286: ...re Cost Nexthop Interface 10 1 1 0 24 DIRECT 0 0 10 1 1 2 Vlan interface1 10 1 1 2 32 DIRECT 0 0 127 0 0 1 InLoopBack0 For descriptions of the above fields see Table 1 1 Display the detailed informati...

Страница 287: ...fied brief information of only the routes in the active state is displayed Description Use the display ip routing table protocol command to display the route information of a specific protocol Example...

Страница 288: ...nodes Routes Number of routes display ip routing table statistics Syntax display ip routing table statistics View Any view Parameters None Description Use the display ip routing table statistics comma...

Страница 289: ...display ip routing table verbose Syntax display ip routing table verbose View Any view Parameters None Description Use the display ip routing table verbose command to display the detailed information...

Страница 290: ...eld Description Holddown Number of suppressed routes Delete Number of deleted routes Hidden Number of hidden routes reset ip routing table statistics protocol Syntax reset ip routing table statistics...

Страница 291: ...ng table statistics protocol all Display the routing statistics in the IP routing table Sysname display ip routing table statistics Routing tables Proto route active added deleted DIRECT 4 4 0 0 STATI...

Страница 292: ...em view Parameters None Description Use the delete static routes all command to delete all static routes The system will request your confirmation before it deletes all the configured static routes Re...

Страница 293: ...r this destination will be discarded and the source host will be informed that the destination is unreachable blackhole Indicates a blackhole route If a static route to a destination is marked with bl...

Страница 294: ...the mask are both 0 0 0 0 what you are configuring is a default route All the packets that fail to find a routing entry will be forwarded through this default route z You cannot configure an interface...

Страница 295: ...eck for RIP 1 packets By default RIP 1 performs the must be zero field check According to the protocol RFC 1058 specifications some fields in RIP 1 packets must be zero and these fields are called zer...

Страница 296: ...from another routing protocol the routes will be redistributed with the default cost specified with the default cost command Related commands import route Examples Redistribute static routes and set...

Страница 297: ...packets z on Enabled z off Disabled Default cost Default cost for redistributed routes Summary State of the automatic route summarization function z on Enabled z off Disabled Preference RIP preferenc...

Страница 298: ...dress of the interface running RIP You need to use the network command to enable the network segment on which the address resides Interface Name of the interface running RIP The IP address of the inte...

Страница 299: ...Description on the fields of the display rip routing command Field Description Destination Mask Destination address Mask Cost Cost NextHop Net hop address Age Time elapsed after the route is advertise...

Страница 300: ...oing routing information Use the undo filter policy export command to disable RIP from filtering the outgoing routing information Note that if protocol is specified RIP filters only the outgoing route...

Страница 301: ...e the undo filter policy gateway command to disable RIP from filtering the routing information advertised by a specified address Use the filter policy import command to enable RIP to filter the incomi...

Страница 302: ...routes are redistributed in the range of 1 to 65535 This argument is valid only for ospf ospf ase and ospf nssa value Cost for redistributed routes in the range of 0 16 If no cost is specified when re...

Страница 303: ...P runs only on the interface attached to the specified network For an interface not on the specified network RIP neither receives sends routes on it nor forwards interface route through it Therefore y...

Страница 304: ...tination 202 38 165 1 Sysname system view System View return to User View with Ctrl Z Sysname rip Sysname rip peer 202 38 165 1 preference Syntax preference value undo preference View RIP view Paramet...

Страница 305: ...Reset the RIP system configuration Sysname system view System View return to User View with Ctrl Z Sysname rip Sysname rip reset Reset RIP s configuration and restart RIP Y N y rip Syntax rip undo ri...

Страница 306: ...tipulated by RFC2082 rfc2453 Specifies that MD5 cipher text authentication packets will use the packet format stipulated by RFC2453 key string MD5 cipher text authentication key If it is typed in the...

Страница 307: ...cipher text authentication with the authentication key of aaa and the packet format of rfc2453 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 10 Sysna...

Страница 308: ...on an interface is added to the routing table the additional metric will be added to the route Therefore if you increase the additional metric the metric of RIP routes received on the interface will...

Страница 309: ...tem View return to User View with Ctrl Z Sysname interface Vlan interface 10 Sysname Vlan interface10 rip metricout 2 rip output Syntax rip output undo rip output View Interface view Parameters None D...

Страница 310: ...ion needs to be disabled to ensure the correct execution of the protocol So disable the split horizon function only when necessary Examples Disable the split horizon function on the interface VLAN int...

Страница 311: ...IP 2 broadcast mode RIP 2 multicast mode Table 3 5 Send mode of RIP packets RIP version RIP 1 broadcast packet RIP 2 broadcast packet RIP 2 multicast packet RIP 1 RIP 2 broadcast mode RIP 2 multicast...

Страница 312: ...Vlan interface 10 Sysname Vlan interface10 undo rip work summary Syntax summary undo summary View RIP view Parameters None Description Use the summary command to enable RIP 2 automatic route summariza...

Страница 313: ...that of the Period Update timer Adjusting the Period Update timer will affect the Garbage collection timer The modification of RIP timers is validated immediately As specified in RFC 1058 RIP is cont...

Страница 314: ...n is disabled When the number of equivalent routes reaches the upper limit z If this function is enabled the newly learned equivalent route replaces the existing equivalent route in the routing table...

Страница 315: ...nt is not provided the summary route will be advertised not advertise Specifies not to advertise the summary route Description Use the abr summary command to enable route summarization on an area bord...

Страница 316: ...42 0 0 255 255 0 0 area Syntax area area id undo area area id View OSPF view Parameters area id ID of an OSPF area which can be a decimal integer ranging from 0 to 4294967295 or in the form of an IP a...

Страница 317: ...he specified network If an NSSA area is configured this command also summarizes the redistributed Type 7 LSAs falling into the specified network If the local router acts as an NSSA ABR this command su...

Страница 318: ...tion mode on interfaces When configuring virtual link authentication you can use the authentication mode command to specify the authentication mode as MD5 cipher text or simple text for the backbone a...

Страница 319: ...reasonably set the default cost of redistributed routes the default interval for redistributing routes and the limit of routes that can be redistributed at one time Examples Set the default cost inter...

Страница 320: ...an NSSA ASBR only when a default route is available on the ASBR can the router generate the default route into the attached area Related commands stub nssa Examples Set area 1 to a Stub area and the c...

Страница 321: ...command to generate a default route in the OSPF routing domain Use the undo default route advertise command to disable OSPF from redistributing a default route By default OSPF does not redistribute a...

Страница 322: ...Display the information about the OSPF ABRs and ASBRs Sysname display ospf abr asbr OSPF Process 1 with Router ID 1 1 1 1 Routing Table to ABR and ASBR I Intra i Inter A ASBR B ABR S SumASBR Destinati...

Страница 323: ...n Description Use the display ospf asbr summary command to display the summary information of OSPF redistributed routes If you do not specify an IP address or subnet mask the summary information of al...

Страница 324: ...ters process id OSPF process ID in the range of 1 to 65535 If you do not specify a process ID this command applies to all current OSPF processes Description Use the display ospf brief command to displ...

Страница 325: ...iption RouterID Router ID of the router Border Router Whether the router is a border router z Area ABR z AS ASBR z Nssa Area AS NSSA ABR Spf schedule interval Interval of SPF schedule Routing preferen...

Страница 326: ...state machine z DOWN No protocol packet is sent or received on the interface z Waiting The interface starts sending and receiving Hello packets and is trying to identify the Backup designated router f...

Страница 327: ...lay ospf cumulative OSPF Process 1 with Router ID 1 1 1 1 Cumulations IO Statistics Type Input Output Hello 0 10430 DB Description 0 0 Link State Req 0 0 Link State Update 0 0 Link State Ack 0 0 ASE 0...

Страница 328: ...ated Number of originated LSAs LSAs Received Number of received LSAs generated by other routers Router Number of all Router LSAs SumNet Number of all Sumnet LSAs SumASB Number of all SumASB LSAs Neigh...

Страница 329: ...0 DD unknown LSA type 0 LS ACK neighbor state low 0 LS ACK wrong ack 0 LS ACK duplicate ack 0 LS ACK unknown LSA type 0 LS ACK ACK length wrong 0 LS REQ neighbor state low 0 LS REQ empty request 0 LS...

Страница 330: ...neighbor state LS ACK wrong ack Link state acknowledgment packet ack error LS ACK duplicate ack Link state acknowledgment packet ack duplication LS ACK unknown LSA type Link state acknowledgment packe...

Страница 331: ...ignated Router 10 110 10 2 Timers Hello 10 Dead 40 Poll 10 Retransmit 5 Transmit Delay 1 Table 4 6 Description on the fields of the display ospf interface command Field Description Cost Cost of the in...

Страница 332: ...mmand applies to all current OSPF processes area id OSPF area ID which can be a decimal integer ranging from 0 to 4294967295 or in the form of an IP address brief Displays brief database information a...

Страница 333: ...Rtr 1 1 1 1 1 1 1 1 449 36 80000004 0 SpfTree Rtr 3 3 3 3 3 3 3 3 429 36 8000000a 0 Clist Net 10 153 18 89 3 3 3 3 429 32 80000003 0 SpfTree SNet 10 153 17 0 1 1 1 1 355 28 80000003 10 Inter List ASB...

Страница 334: ...ea reachable to the attached area z Inter List The LSA is in another area z Sum Infinity The LSA is in an unreachable area z Ase List The LSA is outside the AS and is reachable z Ase Infinity The LSA...

Страница 335: ...apability z DC On demand link support z N NSSA external LSA support z P Capability of an NSSA ABR to translate Type 7 LSAs into Type 5 LSAs Net mask Network mask E type Type of external route z 1 Type...

Страница 336: ...ace to the next hop display ospf peer Syntax display ospf process id peer brief statistics View Any view Parameters process id OSPF process ID in the range of 1 to 65535 If you do not specify a proces...

Страница 337: ...the initial Database Description DD sequence number z Exchange In this state the router is sending DD packets to the neighbor describing its entire link state database z Loading In this state the rout...

Страница 338: ...to establish neighbor relation which indicates that OSPF router does not receive the message from a certain neighbor router within a period of time Attempt It is enabled in an NBMA environment such as...

Страница 339: ...nd applies to all current OSPF processes Description Use the display ospf request queue command to display the information about the OSPF request queue Examples Display the information about the OSPF...

Страница 340: ...ss 200 with Router ID 103 160 1 1 Retransmit List The Router s Neighbors is RouterID 162 162 162 162 Address 103 169 2 2 Interface 103 169 2 5 Area 0 0 0 1 Retrans list Type ASE LSID 129 11 77 0 AdvRo...

Страница 341: ...Cost Type NextHop AdvRouter Area 10 110 0 0 16 1 Net 10 110 10 1 10 10 10 1 0 0 0 0 10 10 0 0 16 1 Stub 10 10 0 1 3 3 3 3 0 0 0 0 Total Nets 2 Intra Area 2 Inter Area 0 ASE 0 NSSA 0 Table 4 15 Descri...

Страница 342: ...mmand Field Description Virtual link Neighbor id ID of a virtual link neighbor router State State of a neighbor router It can be Down Init Attempt 2 Way Exstart Exchange Loading or Full Cost Route cos...

Страница 343: ...nfiguration Description Use the filter policy export command to configure the filtering of outgoing redistributed routes Use the undo filter policy export command to disable such filtering By default...

Страница 344: ...n Description Use the filter policy import command to configure the filtering of incoming routes Use the undo filter policy import command to disable such filtering By default no filtering of incoming...

Страница 345: ...to 16777214 and defaults to 1 type value Specifies the type of redistributed routes The type value is 1 or 2 and defaults to 2 tag value Specifies the tag of redistributed routes A tag can be used by...

Страница 346: ...utput log information when a neighbor changes to the Full state or to the Down state Neighbor states include Down Init Attempt 2 Way Exstart Exchange Loading and Full Examples Enable logging of neighb...

Страница 347: ...Use the network command to enable an interface to run the OSPF protocol Use the undo network command to disable an interface from running OSPF By default the interface does not belong to any area To...

Страница 348: ...ly when a default route is available on the ASBR can it generate the default route in a Type 7 LSA into the attached area The no import route keyword is usable only on an NSSA ABR that is also the ASB...

Страница 349: ...igure area 1 as NSSA area Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 area 1 Sysname ospf 1 area 0 0 0 1 network 36 0 0 0 0 255 255 255 Sysname ospf 1...

Страница 350: ...ame ospf 120 ospf authentication mode Syntax ospf authentication mode simple password md5 key id key undo ospf authentication mode simple md5 View Interface view Parameters simple Plain authentication...

Страница 351: ...tion Set the authentication key identifier to 15 and the authentication key to abc Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 area 1 Sysname ospf 1 a...

Страница 352: ...ority of an interface is 1 The DR election priority of an interface determines the qualification of the interface The interface with a higher priority will be preferred when an election conflict occur...

Страница 353: ...View Interface view Parameters None Description Use the ospf mtu enable command to add the interface MTU to the MTU field in DD packets Use the undo ospf mtu enable command to restore the default By d...

Страница 354: ...access NBMA If Frame Relay ATM HDLC or X 25 is adopted OSPF defaults the network type to NBMA z Point to Multipoint P2MP OSPF will not default the network type of any link layer protocol to P2MP The...

Страница 355: ...Parameters seconds Dead interval of the OSPF neighbor It is in seconds and ranges from 1 to 65535 Description Use the ospf timer dead command to configure the dead interval of the OSPF neighbor Use t...

Страница 356: ...or nbma Hello packets are periodically sent to find and maintain neighbors and used for DR BDR election The hello seconds value must be identical on interfaces attached to the same network segment Oth...

Страница 357: ...e20 ospf timer poll 130 ospf timer retransmit Syntax ospf timer retransmit interval undo ospf timer retransmit View Interface view Parameters interval Interval in seconds for retransmitting LSA on an...

Страница 358: ...1 second Each LSA in the LSDB has an age that is incremented by 1 every second but the age does not change during transmission Therefore it is necessary to add a transmission delay into its age time w...

Страница 359: ...nce ase View OSPF view Parameters value OSPF protocol preference in the range of 1 to 255 ase Indicates the preference of a redistributed external route of the AS Description Use the preference comman...

Страница 360: ...y z OSPF configuration before the restart will not lose After this command is issued the system will prompt you to confirm whether to re enable OSPF Examples Reset all the OSPF processes Sysname reset...

Страница 361: ...the router ID regardless of whether the interfaces are up or down z A new router ID is selected only after the existing router ID is deleted or modified Other cases for example when the interface with...

Страница 362: ...erface Examples Disable interface VLAN interface 20 from transmitting OSPF packet Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 silent interface Vlan in...

Страница 363: ...fer to the SNMP RMON part in this manual Examples Enable the TRAP function for OSPF process 100 Sysname system view System View return to User View with Ctrl Z Sysname snmp agent trap enable ospf 100...

Страница 364: ...efault cost command to configure the default route cost In addition you can specify the no summary argument in the stub command to disable the receiving of Type 3 LSAs by the Stub area connected to th...

Страница 365: ...rtually linked peer keyid MD5 authentication key ID It ranges from 1 to 255 It must be equal to the authentication key ID of the virtually linked peer key MD5 authentication key If you use simple text...

Страница 366: ...ode The router ID of Router A is 10 1 1 1 and that of Router B is 10 1 1 2 z Configure Router A RouterA system view System View return to User View with Ctrl Z RouterA ospf 1 RouterA ospf 1 area 0 0 0...

Страница 367: ...remove the configuration By default no cost is applied to routes satisfying matching rules The apply clause is one that sets a cost for the routes satisfying matching rules in a routing policy Relate...

Страница 368: ...amed policy and node 1 with the matching mode being permit Apply the tag 100 to routes matching ACL 2000 Sysname system view System View return to User View with Ctrl Z Sysname route policy policy per...

Страница 369: ...imit of subnet mask length of the matched IP address LE Less equal that is upper limit of subnet mask length of the matched IP address display route policy Syntax display route policy route policy nam...

Страница 370: ...the range of 2000 to 3999 ip prefix name Name of the IP prefix list used for filtering a string of up to 19 characters Description Use the if match command to match routes permitted by an ACL or IP pr...

Страница 371: ...ce of this list Sysname route policy if match cost 8 if match interface Syntax if match interface interface type interface number undo if match interface View Route policy view Parameters interface ty...

Страница 372: ...with next hops specified in an ACL or IP prefix list Use the undo if match ip next hop command to remove the matching rule with an ACL Use the undo if match ip next hop ip prefix command to remove th...

Страница 373: ...rs It identifies an address prefix list uniquely index number Identifier of an entry in the IP address prefix list in the range 1 to 2047 The entry with a smaller index number will be tested first per...

Страница 374: ...tch the prefix ranges of these two parts If you specify network len as 0 0 0 0 0 it matches the default route only To match all the routes use 0 0 0 0 0 less equal 32 Examples Define an ip prefix name...

Страница 375: ...clause defines the actions after filtering through this node The filtering relationship between the if match clauses of the node is AND That is all if match clauses of the node must be met The filter...

Страница 376: ...mands display memory Syntax display memory unit unit id Mode Any view Parameters unit id Unit ID Description Use the display memory command to display the memory usage Examples Display the current mem...

Страница 377: ...ys the current memory limit configuration free memory and state information about connections such as times of disconnection times of reconnection and whether the current state is normal Examples Disp...

Страница 378: ...ts value range depends on the free memory of the current switch This value defaults to 4 Description Use the memory limit limit value command to configure the lower limit of the switch free memory Whe...

Страница 379: ...a safety value By default when the free memory of the switch recovers to a safety value connections of all the routing protocols will always recover when the free memory of the switch decreases to a l...

Страница 380: ...t when the free memory of the switch recovers to a safety value connections of all the routing protocols will always recover when the free memory of the switch decreases to a lower limit the connectio...

Страница 381: ...ng packet 1 13 multicast source deny 1 14 reset multicast forwarding table 1 15 reset multicast routing table 1 16 unknown multicast drop enable 1 16 2 IGMP Configuration Commands 2 1 IGMP Configurati...

Страница 382: ...source policy 3 19 static rp 3 20 4 MSDP Configuration Commands 4 1 MSDP Configuration Commands 4 1 cache sa enable 4 1 display msdp brief 4 1 display msdp peer status 4 2 display msdp sa cache 4 4 d...

Страница 383: ...time 5 10 igmp snooping max response time 5 10 igmp snooping nonflooding enable 5 11 igmp snooping querier 5 12 igmp snooping query interval 5 13 igmp snooping router aging time 5 14 igmp snooping que...

Страница 384: ...information in all VLANs count Displays the number of static multicast MAC entries Description Use the display mac address multicast static command to display the information about the multicast MAC a...

Страница 385: ...nd displays only those forwarding entries that match the specified multicast address otherwise the command displays all the forwarding entries Description Use the display mpm forwarding table command...

Страница 386: ...rd table contains one S G entry display mpm group Syntax display mpm group vlan vlan id View Any view Parameters vlan vlan id Specifies a VLAN With a VLAN specified this command displays the IGMP grou...

Страница 387: ...group address Address of the IP multicast group Static host port s Static host ports Dynamic host port s Dynamic host ports MAC group s MAC multicast groups Host port s Member ports of the IP multicas...

Страница 388: ...ption Use the display multicast forwarding table command to display the information of multicast forwarding tables As the multicast forwarding table directly guides the forwarding of multicast traffic...

Страница 389: ...iew Any view Parameters group address Multicast group address in the range of 224 0 0 0 to 239 255 255 255 With this argument provided the command displays the multicast routing entries for the specif...

Страница 390: ...meout in 123 sec Upstream interface Vlan interface1 4 4 4 6 Downstream interface list NULL Matched 3 entries The following table describes the fields in the displayed information Table 1 5 display mul...

Страница 391: ...ecified port Related commands multicast source deny Examples Display the multicast source port suppression status of Ethernet 1 0 1 Sysname display multicast source deny interface Ethernet 1 0 1 Ether...

Страница 392: ...e0a 0805 and a forwarding port of Ethernet 1 0 1 in VLAN 1 Sysname system view System View return to User View with Ctrl Z Sysname mac address multicast 0100 5e0a 0805 interface Ethernet 1 0 1 vlan 1...

Страница 393: ...ch the multicast traffic for 192 168 4 1 G flows to the receivers Sysname mtracert 192 168 4 1 Type Ctrl C to quit multicast traceroute facility From last hop router 192 168 2 2 trace reverse path to...

Страница 394: ...packets arrive Previous hop router address IP address of the router from which this local device receives multicast packets sent by the source Input packet count on incoming interface Total number of...

Страница 395: ...routing table currently contains more entries than configured If you execute this command again the new configuration will overwrite the existing configuration Examples Set the maximum number of entri...

Страница 396: ...ding entries after entry creation By default this function is not enabled Examples Enable the multicast packet buffering feature Sysname system view System View return to User View with Ctrl Z Sysname...

Страница 397: ...fault the multicast source port suppression feature is disabled on all the ports With the multicast source port suppression feature enabled on a port the port drops all multicast data packets while it...

Страница 398: ...Mask length of the multicast group address or multicast source address For a multicast group address this argument is in the range of 4 to 32 for a multicast source address this argument is in the ra...

Страница 399: ...st source address this argument is in the range of 0 to 32 The system default is 32 in both cases incoming interface interface type interface number Clears the routing entries that match the specified...

Страница 400: ...undo unknown multicast drop enable command to disable the function of dropping unknown multicast packets By default the function of dropping unknown multicast packets is disabled Examples Enable the u...

Страница 401: ...isplays the IGMP multicast group information about the specified interface Description Use the display igmp group command to display the IGMP multicast group information Without any parameters provide...

Страница 402: ...all interfaces running IGMP Description Use the display igmp interface command to display the IGMP configuration and running information on the specified interface or all interfaces Examples Display...

Страница 403: ...ult Value of startup query interval for IGMP in seconds 15 The IGMP startup query interval is 15 seconds default Value of last member query interval for IGMP in seconds 1 The IGMP last member query in...

Страница 404: ...face Vlan interface 10 Sysname Vlan interface10 igmp enable igmp group limit Syntax igmp group limit limit undo igmp group limit View Interface view Parameters limit The maximum number of multicast gr...

Страница 405: ...ax igmp group policy acl number 1 2 port interface list undo igmp group policy port interface list View Interface view Parameters acl number Basic ACL number defining a multicast group range The value...

Страница 406: ...mmand is configured but not other VLAN interfaces Examples Configure a multicast group filter on VLAN interface 10 so that the hosts on the subnet attached to the interface can join only multicast gro...

Страница 407: ...n to User View with Ctrl Z Sysname acl number 2000 Sysname acl basic 2000 rule permit source 225 1 1 1 0 Sysname acl basic 2000 quit Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 port access...

Страница 408: ...10 Sysname Vlan interface10 igmp host join 225 0 0 1 port Ethernet 1 0 1 igmp host join vlan Syntax igmp host join group address vlan vlan id undo igmp host join group address vlan vlan id View Ethern...

Страница 409: ...astmember queryinterval command to configure the IGMP last member query interval namely the interval between IGMP group specific queries the IGMP querier sends upon receiving an IGMP leave message Use...

Страница 410: ...face 10 Sysname Vlan interface10 igmp max response time 8 igmp proxy Syntax igmp proxy interface type interface number undo igmp proxy View Interface view Parameters interface type interface number Sp...

Страница 411: ...roup specific query messages the switch sends upon receiving an IGMP Leave message The effective range is 2 to 5 Description Use the igmp robust count command to configure the IGMP robustness variable...

Страница 412: ...thin the other querier present interval it assumes that the current querier is down and a new querier election process takes place In IGMP version 1 the selection of a querier is determined by the mul...

Страница 413: ...mp version 1 2 undo igmp version View Interface view Parameters 1 Specifies IGMP version 1 2 Specifies IGMP version 2 Description Use the igmp version command to specify the version of IGMP to run on...

Страница 414: ...nge group mask Mask of the multicast group address 255 255 255 255 by default Description Use the reset igmp group command to clear IGMP multicast group information on the interface The groups removed...

Страница 415: ...store the default By default no range limit is configured namely all received messages are considered legal The source keyword in the rule command is translated into BSR address in the bsr policy comm...

Страница 416: ...ault no C BSR is configured For the configuration of the candidate BSR the larger bandwidth should be guaranteed because a large amount of information will be exchanged between the BSR and other devic...

Страница 417: ...onfigure VLAN interface 10 of the switch as a C RP which will serve multicast groups 225 0 0 0 to 225 255 255 255 after it wins RP election Sysname system view System View return to User View with Ctr...

Страница 418: ...ysname pim quit Sysname acl number 3000 Sysname acl adv 3000 rule 0 permit source 1 1 1 1 0 destination 225 1 0 0 0 0 255 255 display pim bsr info Syntax display pim bsr info View Any view Parameters...

Страница 419: ...M configuration information on all interfaces Sysname display pim interface PIM information of VLAN interface 2 IP address of the interface is 10 10 1 20 PIM is enabled PIM version is 2 PIM mode is Sp...

Страница 420: ...ighbor information With an interface specified the command displays the PIM neighbor information on the specified interface otherwise the command displays the PIM neighbor information on all interface...

Страница 421: ...erface Displays multicast routing entries containing the specified incoming interface interface type interface number Specifies an interface by its type and number If you specify null the command disp...

Страница 422: ...or PIM DM Flag Flag of S G or G entry in the PIM routing table z SPT The S G entry is on the SPT z RPT The S G or G entry is on the RPT z WC Indicates the G entry z LOC The switch is connected with th...

Страница 423: ...RP information Examples Display the RP information about all multicast groups Sysname display pim rp info PIM SM RP SET information BSR is 4 4 4 6 Group MaskLen 224 0 0 0 4 RP 4 4 4 6 Version 2 Priori...

Страница 424: ...pim bsr boundary command to configure the current interface as the BSR service boundary namely the PIM SM domain border Use the undo pim bsr boundary command to remove the configured PIM SM domain bo...

Страница 425: ...isabled Typically PIM DM should be enabled on all interfaces Before enabling PIM DM you must enable multicast routing first Related commands multicast routing enable Examples Enable PIM DM on VLAN int...

Страница 426: ...neighbor policy Syntax pim neighbor policy acl number undo pim neighbor policy View Interface view Parameters acl number Basic ACL number in the range of 2 000 to 2 999 Description Use the pim neighbo...

Страница 427: ...disabled Typically PIM SM should be enabled on all interfaces Before enabling PIM SM you must enable multicast routing first Related commands multicast routing enable Examples Enable the PIM SM protoc...

Страница 428: ...system view System View return to User View with Ctrl Z Sysname multicast routing enable Sysname interface Vlan interface 10 Sysname Vlan interface10 pim timer hello 40 prune delay Syntax prune delay...

Страница 429: ...ering register messages Use the undo register policy command to remove a rule for filtering register messages By default no rule for filtering register messages is configured Examples Configure a rule...

Страница 430: ...ddress mask Mask of the multicast group address or multicast source address 255 255 255 255 by default mask length Mask length of the multicast group address or multicast source address in the range o...

Страница 431: ...the order number of the ACL in the group policy list where order value has an effective range of 1 to the largest order value in the existing group policy list 1 but the value range should not includ...

Страница 432: ...y keyword in the spt switch threshold command on a switch that may become an RP namely a static RP or a C RP Examples Disable RPT to SPT switchover on a switch that will never become an RP Sysname sys...

Страница 433: ...e and group addresses defined in the ACL rule Use the undo source policy command to remove the configuration If a basic ACL is employed in the command the switch filters all the received multicast dat...

Страница 434: ...configure a static RP Use the undo static rp command to remove the static RP configuration A static RP functions as a backup for the dynamically elected RP to improve network robustness When the RP e...

Страница 435: ...ism By default the SA message caching mechanism is enabled With the SA message caching mechanism enabled the switch sends no SA request message to the specified MSDP peer upon receiving a Join message...

Страница 436: ...as client in connecting state z Shutdown Deactivated z Down Connection failed Up Down time Time passed since MSDP peer connection establishment failure AS Number of the autonomous system where the MSD...

Страница 437: ...from this peer 0 SA cache maximum for the peer none Input queue size 0 Output queue size 0 Counters for MSDP message Count of RPF check failure 0 Incoming outgoing SA messages 0 0 Incoming outgoing SA...

Страница 438: ...ing SA Requests status Whether enabled to send an SA request message to the designated MSDP peer upon receiving a new Join message Minimum TTL to forward SA with encapsulated data Minimum TTL of multi...

Страница 439: ...G entries z If no AS number is specified this command displays the S G entries related to all ASs Examples Display all S G entries in the SA cache Sysname display msdp sa cache MSDP Total Source Acti...

Страница 440: ...ured Examples Display the number of S G entries in the SA cache Sysname display msdp sa count Number of cached Source Active entries counted by Peer Peer s Address Number of SA 10 10 10 10 5 Number of...

Страница 441: ...the S G entries in this domain that need to be advertised when an MSDP peer creates an SA message Use the undo import source command to cancel the configuration By default an SA message advertise any...

Страница 442: ...tracert Syntax msdp tracert source address group address rp address max hops max hops next hop info sa info peer info skip hops skip hops View Any view Parameters source address Specifies a multicast...

Страница 443: ...max hops Next Hop info Next Hop Router Address 0 0 0 0 SA info Count of SA messages received for this S G RP 0 Count of encapsulated data packets received for this S G RP 0 SA cache entry uptime 00 30...

Страница 444: ...ry will expire in hours minutes seconds Peering Uptime 10 minutes The time of the peering session between the local switch and a Peer RPF neighbor Count of Peering Resets Count of session resets origi...

Страница 445: ...o remove an MSDP peering connection If an MSDP peer of the switch is a BGP peer to this switch at the same time the same IP address must be used for both the MSDP peering connection and the BGP peerin...

Страница 446: ...ion router CstmrA peer mesh group Syntax peer peer address mesh group name undo peer peer address mesh group View MSDP view Parameters peer address IP address of the MSDP peer to be added into the mes...

Страница 447: ...those multicast data packets with a TTL value greater than or equal to 10 can be forwarded to the MSDP peer 110 10 10 1 Sysname system view System View return to User View with Ctrl Z Sysname msdp Sy...

Страница 448: ...the specified MSDP peer that the device can cache Use the undo peer sa cache maximum command to restore the default configuration By default the device can cache a maximum of 2 048 S G entries learned...

Страница 449: ...ommands peer Examples Configure a filtering rule so that only those SA messages permitted by the ACL 3100 are forwarded to the MSDP peer 125 10 7 6 Sysname system view System View return to User View...

Страница 450: ...in the range of 225 1 1 0 24 and ignore all other SA request messages Sysname system view System View return to User View with Ctrl Z Sysname acl number 2001 Sysname acl basic 2001 rule permit source...

Страница 451: ...cast group 225 5 4 3 from the SA cache Sysname reset msdp sa cache 225 5 4 3 reset msdp statistics Syntax reset msdp statistics peer address View User view Parameters peer address Address of the MSDP...

Страница 452: ...o receive SA messages rp policy ip prefix name Specifies a filtering policy based on RP addresses to filter RPs in SA messages where ip prefix name is the IP address prefix list containing 1 to 19 cha...

Страница 453: ...peer ip ip prefix Examples Configure a static RPF peer Sysname system view System View return to User View with Ctrl Z Sysname ip ip prefix list1 permit 130 10 0 0 16 greater equal 16 less equal 32 S...

Страница 454: ...z aging time of multicast member ports z non flooding feature status Related commands igmp snooping igmp snooping router aging time igmp snooping max response time igmp snooping host aging time igmp s...

Страница 455: ...st static group vlan multicast static router port multicast static router port vlan Examples Display the information about the multicast groups in VLAN 100 Sysname display igmp snooping group vlan 100...

Страница 456: ...s MAC multicast group MAC group address Address of a MAC multicast group Host port s Member ports display igmp snooping statistics Syntax display igmp snooping statistics View Any view Parameters None...

Страница 457: ...ives z one IGMP general query messages z zero IGMP specific query messages z zero IGMPv1 report messages z three IGMPv2 report messages z zero IGMP leave messages z zero IGMP error packets IGMP Snoopi...

Страница 458: ...le IGMP Snooping ok igmp snooping fast leave Syntax igmp snooping fast leave vlan vlan list undo igmp snooping fast leave vlan vlan list View System view Ethernet port view Parameters vlan vlan list S...

Страница 459: ...ata for that group Examples Enable fast leave processing on Ethernet 1 0 1 in VLAN 2 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1...

Страница 460: ...oup to replace an existing multicast group with the lowest IP address vlan vlan list Specifies a VLAN list With the vlan list argument you can provide one or more individual VLAN IDs in the form of vl...

Страница 461: ...for a multicast group the configuration of the maximum number of multicast groups that can be joined does not take effect on the port Examples Configure to allow Ethernet 1 0 1 in VLAN 2 to join a max...

Страница 462: ...ation performed in Ethernet port view takes effect on the port no matter which VLAN it belongs to if no VLAN is specified if one or more VLANs are specified the configuration takes effect on the port...

Страница 463: ...0 to 1 000 Description Use the igmp snooping host aging time command to configure the aging time of multicast member ports Use the undo igmp snooping host aging time command to restore the default agi...

Страница 464: ...User View with Ctrl Z Sysname igmp snooping max response time 15 igmp snooping nonflooding enable Syntax igmp snooping nonflooding enable undo igmp snooping nonflooding enable View System view Paramet...

Страница 465: ...ticast drop enable multicast source deny display multicast source deny Examples Enable IGMP Snooping non flooding after you enable IGMP Snooping globally and disable both port stacking and unknown mul...

Страница 466: ...the interval at which the switch sends IGMP general queries Use the undo igmp snooping query interval command to restore the default By default the IGMP query interval is 60 seconds These commands are...

Страница 467: ...f the router port to 500 seconds Sysname system view System View return to User View with Ctrl Z Sysname igmp snooping router aging time 500 igmp snooping query pkt deny Syntax igmp snooping query pkt...

Страница 468: ...mand to configure the IGMP Snooping version in the current VLAN Use the undo igmp snooping version command to restore the default IGMP Snooping version This command can take effect only if IGMP Snoopi...

Страница 469: ...source address only when IGMPv3 Snooping is running in the VLAN port interface list Configures the specified port or ports under the current VLAN interface as simulated member host s for the specifie...

Страница 470: ...vlan10 quit Sysname interface Vlan interface 10 Sysname Vlan interface10 igmp host join 225 0 0 1 port Ethernet 1 0 1 igmp host join Syntax igmp host join group address source ip source address vlan v...

Страница 471: ...m View return to User View with Ctrl Z Sysname igmp snooping enable Enable IGMP Snooping ok Sysname vlan 1 Sysname vlan1 igmp snooping enable Sysname vlan1 igmp snooping version 3 Sysname vlan1 quit S...

Страница 472: ...face view Parameters group address IP address of the multicast group to join in the range of 224 0 0 0 to 239 255 255 255 interface interface list Specifies a port list With the interface list argumen...

Страница 473: ...1 to 4094 Description Use the multicast static group vlan command to configure the current port as a static member port for the specified multicast group and specify the VLAN the port belongs to Use...

Страница 474: ...face type interface number View VLAN view Parameters interface type interface number Specifies a port by its type and number Description Use the multicast static router port command to configure the s...

Страница 475: ...a multicast VLAN nor the specified VLAN the configuration does not take effect z If the current port does not belong to any multicast VLAN but it belongs to the specified VLAN the configuration takes...

Страница 476: ...ated from user VLANs this method also enhances the information security z One port belongs to only one multicast VLAN z The port connected to a user terminal must be a hybrid port z The multicast memb...

Страница 477: ...5 24 Sysname vlan 2 Sysname vlan2 service type multicast...

Страница 478: ...x version check 1 20 reset dot1x statistics 1 21 2 Quick EAD Deployment Configuration Commands 2 1 Quick EAD Deployment Configuration Commands 2 1 dot1x free ip 2 1 dot1x timer acl timeout 2 2 dot1x u...

Страница 479: ...ii system guard ip enable 4 5 system guard l3err enable 4 6 system guard tcn enable 4 7 system guard tcn rate threshold 4 7...

Страница 480: ...at up to 10 port lists can be provided Description Use the display dot1x command to display 802 1x related information such as configuration information operation information session information and s...

Страница 481: ...y logoff checker is disabled Version Check is disabled The port is an authenticator Authentication Mode is Auto Port Control Type is Port based ReAuthenticate is disabled Max number of on line users i...

Страница 482: ...it Period Setting of the Transmission period timer the tx period Handshake Period Setting of the handshake period timer the handshake period ReAuth Period Re authentication interval ReAuth MaxTimes Ma...

Страница 483: ...isable means the switch does not checks client version z Enable means the switch checks client version The port is an authenticator The port acts as an authenticator system Authentication Mode is Auto...

Страница 484: ...port only after 802 1x is enabled both globally and on the port z The settings of 802 1x and MAC address learning limit are mutually exclusive Enabling 802 1x on a port will prevent you from setting t...

Страница 485: ...ser names are transmitted rather than passwords Therefore this method is safer In EAP authentication a switch authenticates supplicant systems by encapsulating 802 1x authentication information in EAP...

Страница 486: ...Ethernet port view Parameters vlan id VLAN ID of a guest VLAN in the range 1 to 4094 interface list Ethernet port list in the form of interface list interface type interface number to interface type...

Страница 487: ...because the switch does not send authentication request packets in this case Examples Configure the switch to operate in the port based authentication mode Sysname system view System View return to Us...

Страница 488: ...king function Sysname system view System View return to User View with Ctrl Z Sysname dot1x handshake enable dot1x handshake secure Syntax dot1x handshake secure undo dot1x handshake secure View Ether...

Страница 489: ...f the port The string 1 10 means that up to 10 port lists can be provided Description Use the dot1x max user command to set the maximum number of users an Ethernet port can accommodate Use the undo do...

Страница 490: ...rt list in the form of interface list interface type interface number to interface type interface number 1 10 in which interface type specifies the type of an Ethernet port and interface number is the...

Страница 491: ...based authentication mode the users connected to the port are authenticated separately Thus log off of a user will not affect other users z In port based authentication mode all the users connected to...

Страница 492: ...f the user By default the quiet period timer is disabled Related commands display dot1x dot1x timer Examples Enable the quiet period timer Sysname system view System View return to User View with Ctrl...

Страница 493: ...ax retry version value Maximum number of times that a switch sends version request packets to a user This argument ranges from 1 to 10 Description Use the dot1x retry version max command to set the ma...

Страница 494: ...d Description Use the dot1x re authenticate command to enable 802 1x re authentication on specific ports or on all ports of the switch Use the undo dot1x re authenticate command to disable 802 1x re a...

Страница 495: ...face number 1 10 in which interface type specifies the type of an Ethernet port and interface number is the number of the port The string 1 10 means that up to 10 port lists can be provided Descriptio...

Страница 496: ...client to ask the latter to disable the use of multiple network adapters proxies and IE proxy after the user passes the authentication z The 802 1x proxy checking function needs the cooperation of H3C...

Страница 497: ...ket if it does not receive the response from the RADIUS server when this timer times out The server timeout value argument ranges from 100 to 300 in seconds By default the RADIUS server timer is set t...

Страница 498: ...ired way you can use the dot1x timer command to set the timers as needed This may be necessary in some special situations or in tough network environments Normally the defaults are recommended Note th...

Страница 499: ...x version check command to enable 802 1x client version checking for specified Ethernet ports Use the undo dot1x version check command to disable 802 1x client version checking for specified Ethernet...

Страница 500: ...ption Use the reset dot1x statistics command to clear 802 1x related statistics To retrieve the latest 802 1x related statistics you can use this command to clear the existing 802 1x related statistic...

Страница 501: ...in the range 0 to 32 Description Use the dot1x free ip command to configure a free IP range A free IP range is an IP range that users can access before passing 802 1x authentication Use the undo dot1...

Страница 502: ...ot1x configuration commands Examples Set the ACL timeout period to 40 minutes Sysname system view System View return to User View with Ctrl Z Sysname dot1x timer acl timeout 40 dot1x url Syntax dot1x...

Страница 503: ...2 3 System View return to User View with Ctrl Z Sysname dot1x url http 192 168 19 23...

Страница 504: ...ion HABP Mode Server Sending HABP request packets every 20 seconds Bypass VLAN 2 Table 3 1 Description on the fields of the display habp command Field Description HABP Mode Indicates the HABP mode of...

Страница 505: ...splay habp table command Field Description MAC MAC addresses contained in the HABP MAC address table Holdtime Hold time of the entries in the HABP MAC address table An entry is removed from the table...

Страница 506: ...ts with version errors Sent failed Number of the HABP packets that failed to be sent habp enable Syntax habp enable undo habp enable View System view Parameters None Description Use the habp enable co...

Страница 507: ...enabled the habp server vlan command cannot take effect Examples Specify the switch to operate as an HABP server and the HABP packets to be broadcast in VLAN 2 Assume that HABP is enabled Sysname syst...

Страница 508: ...3 5 Examples Configure the switch to send HABP request packets once in every 50 seconds Sysname system view System View return to User View with Ctrl Z Sysname habp timer 50...

Страница 509: ...d times of aging time 3 Number of suspicious hosts that can be detected 30 Number of suspicious hosts detected 0 Table 4 1 Description on the fields of the display system guard ip state command Field...

Страница 510: ...tem guard ip record M Master port of link aggregation Index Source IP Destination IP Port 1 000 000 000 000 000 000 000 000 0 0 0 2 000 000 000 000 000 000 000 000 0 0 0 3 000 000 000 000 000 000 000...

Страница 511: ...Description Use the display system guard tcn state command to view the status of TCN Examples View the status of TCN System Guard Sysname display system guard tcn state System guard TCN state enabled...

Страница 512: ...e range of 1 to 100 record times threshold Maximum number of times an IP address must be hit before an action can be taken in the range of 1 to 10 isolate time Isolation time in the range of 3 to 100...

Страница 513: ...ress aging time Sysname system view System View return to User View with Ctrl Z Sysname system guard ip detect threshold 50 3 5 system guard ip enable Syntax system guard ip enable undo system guard i...

Страница 514: ...yer 3 error control feature disabled the switch delivers all Layer 3 packets which the switch considers to be error packets including IP packets with the options field to the CPU for further processin...

Страница 515: ...RP entries from being frequently deleted by STP or RSTP in addition when the TCN TC packet rate exceeds the preset threshold proper measures can be taken based on the output trap and log information B...

Страница 516: ...trap or log information by default if more than 10 TCN TC packets are received within 10 seconds If the TCN TC packet receiving rate is lower than the set threshold within a 10 second monitoring cycle...

Страница 517: ...r 1 15 idle cut 1 16 level 1 17 local user 1 18 local user password display mode 1 19 messenger 1 20 name 1 20 password 1 21 radius scheme 1 22 scheme 1 23 self service url 1 24 service type 1 25 stat...

Страница 518: ...se timeout 1 58 user name format 1 59 HWTACACS Configuration Commands 1 60 data flow format 1 60 display hwtacacs 1 61 display stop accounting buffer 1 62 hwtacacs nas ip 1 62 hwtacacs scheme 1 63 key...

Страница 519: ...iii...

Страница 520: ...ISP domain The max user number argument ranges from 1 to 2 072 Description Use the access limit command to set the maximum number of access users that can be contained in current ISP domain Use the u...

Страница 521: ...nt ISP domain Use the undo accounting command to cancel the accounting scheme configuration for current ISP domain By default no separate accounting scheme is configured for an ISP domain When you use...

Страница 522: ...it will not disconnect the user as long as the accounting optional command has been executed z The accounting optional command is commonly used in the cases where only authentication is needed and acc...

Страница 523: ...ng the user to a remote port you must use nas ip ip address to specify a remote access server IP address When binding the user to a local port you need not use nas ip ip address port port number Sets...

Страница 524: ...name local command the local scheme is used as the secondary authentication scheme in case no RADIUS server is available That is if the communication between the switch and a RADIUS server is normal n...

Страница 525: ...ntication radius scheme rd local authentication super Syntax authentication super hwtacacs scheme hwtacacs scheme name undo authentication super View ISP domain view Parameters hwtacacs scheme name Na...

Страница 526: ...hwtacacs scheme ht authorization Syntax authorization none hwtacacs scheme hwtacacs scheme name undo authorization View ISP domain view Parameters none Specifies not to use any authorization scheme h...

Страница 527: ...s the VLAN descriptor Description Use the authorization vlan command to specify an authorized VLAN for a local user A user passing the authentication of the local RADIUS server can access network reso...

Страница 528: ...number ip ip address Cuts down all user connections with a specified IP address mac mac address Cuts down the user connection with a specified MAC address Here mac address is in H H H format radius s...

Страница 529: ...form of H H H radius scheme radius scheme name Displays all user connections using a specified RADIUS scheme Here radius scheme name is a string of up to 32 characters hwtacacs scheme hwtacacs scheme...

Страница 530: ...00 04 03 02 52 22 Online 00h00m29s On Unit 1 Total 1 connections matched 1 listed Total 1 connections matched 1 listed Here Port NO 0x10003001 means by the binary bits Table 1 1 Description of the Por...

Страница 531: ...r block Scheme AAA scheme that the domain uses Access Limit Maximum number of local user connections in the domain Vlan assignment mode VLAN assignment mode which can be Integer or String Domain User...

Страница 532: ...can specify one of the following user types ftp lan access generally this type of users are Ethernet access users for example 802 1x users ssh telnet and terminal this type of user is a terminal user...

Страница 533: ...Current AccessNum Number of current access users Bind location Whether or not bound to a port Vlan ID VLAN of the user Authorization VLAN Authorized VLAN of the user IP address IP address of the user...

Страница 534: ...u execute the domain command the system creates a new ISP domain if the specified ISP domain does not exist Once an ISP domain is created it is in the active state You can manually specify an ISP doma...

Страница 535: ...e that contains multiple the first will be used as the domain delimiter z If you have configured to use as the delimiter the must not appear more than once in the username If is the delimiter the user...

Страница 536: ...me domain aabbcc net New Domain added Sysname isp aabbcc net idle cut enable 50 500 level Syntax level level undo level View Local user view Parameters level Privilege level to be set for the user It...

Страница 537: ...t be longer than 128 characters If the username includes one or more characters and the last is followed by numerals it must be followed by at least five numerals to avoid confusion This is because an...

Страница 538: ...ce Adopts the forcible cipher mode so that all local users the passwords will be displayed in cipher text auto Adopts the automatic mode so that each local user s password will be displayed in the mod...

Страница 539: ...le of 5 Description Use the messenger time enable command to enable the messenger function and set the related parameters Use the messenger time disable command to disable the messenger function Use t...

Страница 540: ...ame of VLAN 100 to test Sysname system view System View return to User View with Ctrl Z Sysname vlan 100 Sysname vlan100 name test password Syntax password simple cipher password undo password View Lo...

Страница 541: ...s a password in plain text Related commands display local user Examples Set the password of user1 to 20030422 and specify to display the password in plain text Sysname system view System View return t...

Страница 542: ...reference a RADIUS scheme in current ISP domain the referenced RADIUS scheme must already exist z If you execute the scheme radius scheme radius scheme name local command the local scheme is used as t...

Страница 543: ...k If the actual URL of the self service server contains a question mark you should change it to an elect bar Description Use the self service url enable command to enable the self service server locat...

Страница 544: ...is an FTP user lan access Specifies that this is a LAN access user who is generally an Ethernet access user for example 802 1x user telnet Authorizes the user to access the Telnet service ssh Authoriz...

Страница 545: ...rrent local user in local user view By default an ISP domain local user is in the active state once it is created After an ISP domain is set to the block state except for online users users in this do...

Страница 546: ...teger If the RADIUS authentication server assigns integer type of VLAN IDs you can set the VLAN assignment mode to integer on the switch this is also the default mode on the switch Then upon receiving...

Страница 547: ...VLAN ID assigned by the RADIUS server is a character string containing only digits for example 1024 the switch first regards it as an integer VLAN ID the switch transforms the string to an integer val...

Страница 548: ...er when it performs accounting for an online user it will not disconnect the user as long as the accounting optional command has been executed This command is commonly used in the cases where only aut...

Страница 549: ...ion at restart function is disabled The purpose of this function is to solve this problem users cannot re log into the switch after the switch restarts because they are regarded as already online Afte...

Страница 550: ...ge any more z After configuring the accounting on enable command you need to execute the save command so that the command can take effect when the switch restarts z This function requires the cooperat...

Страница 551: ...in uppercase Sysname system view System View return to User View with Ctrl Z Sysname radius scheme system Sysname radius system calling station id mode mode2 uppercase data flow format Syntax data flo...

Страница 552: ...adius scheme Sysname radius radius1 data flow format data kilo byte packet kilo packet display local server statistics Syntax display local server statistics View Any view Parameters None Description...

Страница 553: ...1813 Auth Server Encryption Key Not configured Acct Server Encryption Key Not configured Accounting method required Accounting On packet enable send times 15 interval 3s TimeOutValue in second 3 Retry...

Страница 554: ...e timeout time RetryTimes Maximum number of transmission attempts of a RADIUS request RealtimeACCT in minute Real time accounting interval in minutes Permitted send realtime PKT failed counts maximum...

Страница 555: ...ine 0 Stop 0 StateErr 0 Received and Sent packets statistic Unit 1 Sent PKT total 0 Received PKT total 0 RADIUS received packets statistic Code 2 Num 0 Err 0 Code 3 Num 0 Err 0 Code 5 Num 0 Err 0 Code...

Страница 556: ...er name user name View Any view Parameters radius scheme radius scheme name Displays the buffered stop accounting requests of a specified RADIUS scheme Here radius scheme name is a string of up to 32...

Страница 557: ...e request and transmit the buffered one until the maximum number of transmission attempts set by the retry stop accounting command is reached Related commands reset stop accounting buffer stop account...

Страница 558: ...he accounting shared key you set on the switch must be respectively consistent with the shared key on the authentication authorization server and the shared key on the accounting server Related comman...

Страница 559: ...IUS services Sysname system view System View return to User View with Ctrl Z Sysname local server enable local server nas ip Syntax local server nas ip ip address key password undo local server nas ip...

Страница 560: ...u cannot set the 802 1x authentication method as eap by using the dot1x authentication method eap command Related commands radius scheme state local server enable Examples Allow the local RADIUS serve...

Страница 561: ...1 primary accounting Syntax primary accounting ip address port number undo primary accounting View RADIUS scheme view Parameters ip address IP address of the primary accounting server to be used in d...

Страница 562: ...ault IP address and port number of the primary RADIUS authentication authorization server which are 0 0 0 0 and 1812 respectively In the system default RADIUS scheme system the default IP address of t...

Страница 563: ...Use the radius client enable command to enable RADIUS authentication and accounting ports Use the undo radius client command to disable RADIUS authentication and accounting ports By default RADIUS aut...

Страница 564: ...w and the configuration in RADIUS scheme view takes precedence over that in system view Note that z You can set the source IP address of outgoing RADIUS messages to avoid messages returned from RADIUS...

Страница 565: ...nt to interact with the RADIUS servers You should first create a RADIUS scheme and enter its view before performing RADIUS protocol configurations z A RADIUS scheme can be referenced by multiple ISP d...

Страница 566: ...ng server turns down By default this function is disabled This configuration takes effect on all RADIUS scheme The switch considers a RADIUS server as being down if it has tried the configured maximum...

Страница 567: ...ated within a specified time period Here start time is the start time of the time period stop time is the end time of the time period and both are in the format of hh mm ss mm dd yyyy or hh mm ss yyyy...

Страница 568: ...if it gets no response from the RADIUS server after the server response timeout timer expires If the switch gets no answer after it has tried the maximum number of times to transmit a RADIUS request t...

Страница 569: ...ltiple times in an accounting attempt the maximum number of transmission attempts is set by the retry command in RADIUS scheme view If no response is received after the switch tries the maximum number...

Страница 570: ...cal to billing and will eventually affect the charges of users they are important to both users and ISPs Therefore the switch should do its best to transmit them to RADIUS accounting servers When gett...

Страница 571: ...address and UDP port number of the secondary accounting server for RADIUS scheme radius1 to 10 110 1 1 and 1813 respectively Sysname system view System View return to User View with Ctrl Z Sysname ra...

Страница 572: ...support H3C s RADIUS server which is generally a CAMS that is use the procedure and message format of private RADIUS protocol to interact with an H3C s RADIUS server standard Specifies to support sta...

Страница 573: ...dary servers authentication authorization servers or accounting servers in a RADIUS scheme note that z When the switch fails to communicate with the primary server due to some server trouble the switc...

Страница 574: ...billing and will eventually affect the charges they are important to both users and ISPs Therefore the switch should do its best to transmit them to RADIUS accounting servers When getting no response...

Страница 575: ...IUS servers and the corresponding timer in the switch system is called the response timeout timer of RADIUS servers You can use the timer command to set the timeout time of this timer and if the switc...

Страница 576: ...with Ctrl Z Sysname radius scheme radius1 New Radius scheme Sysname radius radius1 timer quiet 10 timer realtime accounting Syntax timer realtime accounting minutes undo timer realtime accounting View...

Страница 577: ...try realtime accounting radius scheme Examples Set the real time accounting interval of RADIUS scheme radius1 to 51 minutes Sysname system view System View return to User View with Ctrl Z Sysname radi...

Страница 578: ...system view System View return to User View with Ctrl Z Sysname radius scheme radius1 New Radius scheme Sysname radius radius1 timer response timeout 5 user name format Syntax user name format with d...

Страница 579: ...s from the usernames to be sent to RADIUS server in RADIUS scheme radius1 Sysname system view System View return to User View with Ctrl Z Sysname radius scheme radius1 New Radius scheme Sysname radius...

Страница 580: ...tatistics View Any view Parameters hwtacacs scheme name HWTACACS scheme name a string of 1 to 32 characters This name is case insensitive If this argument is not specified the system displays informat...

Страница 581: ...ounting buffer hwtacacs scheme hwtacacs scheme name View Any view Parameters hwtacacs scheme hwtacacs scheme name Displays the buffered stop accounting requests of a specified HWTACACS scheme Here hwt...

Страница 582: ...l interface trouble It is recommended to use a Loopback interface address as the source IP address z You can specify only one source IP address by using this command When you re execute this command a...

Страница 583: ...n Sets a shared key for HWTACACS authentication messages authorization Sets a shared key for HWTACACS authorization messages string Shared key to be set a string of up to 16 characters Description Use...

Страница 584: ...server from being unable to reach their destination due to physical interface trouble It is recommended to use a Loopback interface address as the source IP address z You can set only one source IP a...

Страница 585: ...z You are not allowed to set the same IP address for both primary and secondary accounting servers If you do this your setting will fail z If you re execute the command the new setting will overwrite...

Страница 586: ...ng will fail z If you re execute the command the new setting will overwrite the old one z You can remove an authentication server setting only when there is no active TCP connection that is sending au...

Страница 587: ...CP connection that is sending authorization messages to the server Related commands display hwtacacs Examples Set the IP address and UDP port number of the primary authorization server for HWTACACS sc...

Страница 588: ...racters Description Use the reset stop accounting buffer command to clear stop accounting requests that are buffered on the switch due to getting no response Related commands stop accounting buffer en...

Страница 589: ...ng ip address port undo secondary accounting View HWTACACS scheme view Parameters ip address IP address of the secondary accounting server to be used a valid unicast address in dotted decimal notation...

Страница 590: ...d port number of the secondary HWTACACS authentication server to be used by the current scheme Use the undo secondary authentication command to restore the default IP address and port number of the se...

Страница 591: ...fault IP address and port number of the secondary HWTACACS authorization server which are 0 0 0 0 and 49 respectively Note that z You are not allowed to set the same IP address for both primary and se...

Страница 592: ...ait 10 minutes before it tries to restore the status of the primary server to active Sysname system view System View return to User View with Ctrl Z Sysname hwtacacs scheme hwt1 Sysname hwtacacs hwt1...

Страница 593: ...as possible when the number of users is relatively great 1000 The following table lists the recommended intervals for different numbers of users Table 1 7 Numbers of users and recommended intervals Nu...

Страница 594: ...0 user name format Syntax user name format with domain without domain View HWTACACS scheme view Parameters with domain Specifies to include ISP domain names in the usernames to be sent to TACACS serve...

Страница 595: ...in more than one ISP domain Otherwise such errors may occur the TACACS server regards two different users having the same name but belonging to different ISP domains as the same user because the usern...

Страница 596: ...ve one specified or all security policy server address settings You can configure up to eight security policy server addresses in each RADIUS scheme The switch only responds to those session control m...

Страница 597: ...2 2 security policy server 192 168 0 1 user name format without domain...

Страница 598: ...tication authmode usernameasmacaddress 1 6 mac authentication authmode usernamefixed 1 6 mac authentication authpassword 1 7 mac authentication authusername 1 8 mac authentication domain 1 8 mac authe...

Страница 599: ...ultiple Ethernet ports by providing this argument in the form of interface list interface type interface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 p...

Страница 600: ...ed Authentication mode Username type used in the MAC address authentication z UsernameFixed Uses the fixed username for authentication z UsernameAsMacAddress Uses the MAC address of a user as the user...

Страница 601: ...the switch sets the user to be in quiet state During quiet period the switch does not process the authentication request of this user Ethernet1 0 1 is link up The link connected to Ethernet1 0 1 port...

Страница 602: ...ing executed in Ethernet port view the mac authentication command enables MAC address authentication on the current port To make the MAC address authentication take effect you must enable MAC address...

Страница 603: ...By default MAC address authentication is disabled on a port z This command is essential for MAC address authentication to work on a port or on particular ports after MAC address authentication is glo...

Страница 604: ...password for MAC address authentication as the specified fixed password instead of user MAC addresses password is a string of 1 to 63 characters Description Use the mac authentication authmode usernam...

Страница 605: ...mac authentication authmode usernamefixed mac authentication authpassword Syntax mac authentication authpassword password undo mac authentication authpassword View System view Parameters password Pass...

Страница 606: ...e system view System View return to User View with Ctrl Z Sysname mac authentication authusername vipuser mac authentication domain Syntax mac authentication domain isp name undo mac authentication do...

Страница 607: ...0 After a user fails to pass the authentication performed by a switch the switch quiets for a specific period the quiet period before it authenticates the user again server timeout value Server timeou...

Страница 608: ...ation Enhanced Function Configuration Commands mac authentication guest vlan Syntax mac authentication guest vlan vlan id undo mac authentication guest vlan View Ethernet port view Parameters vlan id...

Страница 609: ...hentication cannot be enabled for a port configured with a Guest VLAN z The Guest VLAN function for MAC address authentication does not take effect when port security is enabled Related commands mac a...

Страница 610: ...mum number of MAC address authentication users allowed to access Ethernet 1 0 2 to 100 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 2 Sysname Ethernet...

Страница 611: ...es Configure the switch to re authenticate users in Guest VLANs at the interval of 60 seconds Sysname system view System View return to User View with Ctrl Z Sysname mac authentication timer guest vla...

Страница 612: ...tication connection 1 2 web authentication customize 1 3 web authentication cut connection 1 5 web authentication enable 1 6 web authentication free ip 1 6 web authentication free user 1 7 web authent...

Страница 613: ...ntication configuration information Sysname display web authentication configuration Status enabled Web Server IP 30 1 1 2 Port 80 Idle cut time 900 sec Max online time 1800 sec Max connection of devi...

Страница 614: ...e user information Interface Configuration Configuration information about Web authentication enabled ports Interface_number Index of a Web authentication enabled port method User access method on the...

Страница 615: ...rm name file all View System view Parameters corp name Specifies the company name to be displayed on Web authentication pages corporation text Company name a string of 1 to 64 characters that can cont...

Страница 616: ...eb authentication pages Examples Customize information to be displayed on Web authentication pages as follows z Company name 3Com Corporation z E mail mailto relations 3com com z Phone number 1 800 87...

Страница 617: ...ecifies an user by the user s MAC address user name user name Specifies a user by the user s name which is a string of 1 to 184 characters interface type interface number Specifies all users on a port...

Страница 618: ...eatures is enabled and vice versa 802 1x MAC authentication port security port aggregation and XRN Examples Enable Web authentication globally Sysname system view System View return to User View with...

Страница 619: ...free ip 10 1 1 0 24 web authentication free user Syntax web authentication free user ip ip address mac mac address undo web authentication free user ip ip address mac mac address all View System view...

Страница 620: ...ximum number of online Web authentication users on the port in the range of 1 to 128 Description Use the web authentication max connection command to set the maximum number of online Web authenticatio...

Страница 621: ...Web authentication users to be online at the same time z designated In this mode the port allows only one Web authentication user to be online at a time This configuration takes effect only when Web a...

Страница 622: ...e system logs off the user You are recommended to set the interval to a value that is greater than half of the MAC address entry aging time but less than the MAC address entry aging time Examples Set...

Страница 623: ...umber Port number of the Web authentication server It ranges from 1 to 50000 with 80 as the default Description Use the web authentication web server ip command to set the IP address and port number o...

Страница 624: ...tatistics 1 3 reset vrrp statistics 1 4 vrrp method 1 5 vrrp ping enable 1 6 vrrp vlan interface vrid track 1 6 vrrp vrid authentication mode 1 7 vrrp vrid preempt mode 1 8 vrrp vrid priority 1 9 vrrp...

Страница 625: ...verbose command to display the detailed VRRP state information refer to Table 1 2 for details z If you do not specify a VLAN interface or a VRRP group the command will display the state information of...

Страница 626: ...lay vrrp verbose Run Method VIRTUAL MAC Virtual Ip Ping Disable Interface Vlan interface1 VRID 1 Adver Timer 1 Admin Status UP State Master Config Pri 100 Run Pri 100 Preempt Mode YES Delay Time 0 Aut...

Страница 627: ...on Use the display vrrp statistics command to display the VRRP statistics information of VRRP group s Refer to Table 1 3 for the displayed information z If neither a VLAN interface nor a VRRP group is...

Страница 628: ...ntication types Auth Type Mismatch Number of mismatched authentication types Packet Length Errors Number of VRRP packet length errors Address List Errors Number of the virtual IP address list errors B...

Страница 629: ...mac undo vrrp method View System view Parameters real mac Maps the real MAC address of the switch to the virtual IP address of the VRRP group virtual mac Maps the virtual MAC address of the VRRP grou...

Страница 630: ...nfigured before any VRRP group is created If a VRRP group already exists on the switch you are not allowed to execute the command Examples Enable a VRRP group to respond to ping packets destined for i...

Страница 631: ...ing function configured on the IP address owner cannot take effect z The port to be tracked can be in the VLAN whose VLAN interface has the VRRP group configured z Up to eight ports can be tracked sim...

Страница 632: ...all the VRRP groups on an interface This is determined by the protocol which defines that all the VRRP groups on an interface share the same authentication type and authentication key Besides all the...

Страница 633: ...RRP group Setting a preemption delay period aims at z In an unstable network backups in a VRRP group possibly cannot receive VRRP advertisements from the master in time due to network congestions This...

Страница 634: ...it can work properly Examples Set the priority to 120 on VLAN interface 2 for the switch in the VRRP group Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interf...

Страница 635: ...es This argument ranges from 1 to 255 and defaults to 10 Description Use the vrrp vrid track interface command to set a VLAN interface to be tracked Use the undo vrrp vrid track interface command to d...

Страница 636: ...rity decreases This argument ranges from 1 to 255 and defaults to 10 Description Use the vrrp vrid track detect group command to enable the auto detect function when employing VRRP Use the undo vrrp v...

Страница 637: ...red Description Use the vrrp vrid virtual ip command to create a VRRP group and configure the virtual IP address for the VRRP group or add a virtual IP address to the virtual IP address list of an exi...

Страница 638: ...m View return to User View with Ctrl Z Sysname interface Vlan interface 2 Sysname Vlan interface2 vrrp vrid 1 virtual ip 10 10 10 10 Add a virtual IP address to an existing VRRP group Sysname Vlan int...

Страница 639: ...rp detection enable 2 1 arp detection trust 2 2 arp filter source 2 3 arp filter binding 2 3 arp max learning num 2 4 arp protective down recover enable 2 5 arp protective down recover interval 2 5 ar...

Страница 640: ...he undo arp check enable command to disable the ARP entry checking function With the ARP entry checking function enabled the switch cannot learn any ARP entry with a multicast MAC address Configuring...

Страница 641: ...iodically you need to create the VRRP backup group and perform corresponding configurations Refer to the part discussing VRRP in this manual for details Examples Enable the master switch of the VRRP b...

Страница 642: ...uments must belong to the VLAN z Currently static ARP entries cannot be configured on the ports of an aggregation group Related commands reset arp display arp Examples Create a static ARP mapping entr...

Страница 643: ...splay all the ARP entries Sysname display arp Type S Static D Dynamic IP Address MAC Address VLAN ID Port Name AL ID Aging Type 10 2 72 162 000a 000a 0aaa N A N A N A S 192 168 0 77 0000 e8f5 6a4a 1 E...

Страница 644: ...ries to be displayed For detailed information about regular expressions refer to Configuration File Management Command in this manual begin Displays the first ARP entry containing the specified string...

Страница 645: ...t Command in this manual begin Displays the number of ARP entries counted from the first one containing the specified string exclude Displays the number of ARP entries that do not contain the specifie...

Страница 646: ...arp period resending enable command to disable this function By default this function is enabled the gratuitous ARP packets are sent at an interval of 30 seconds After you enable a VLAN interface to...

Страница 647: ...earning enable command to disable the gratuitous ARP packet learning function By default the gratuitous ARP packet learning function is enabled Examples Enable the gratuitous ARP packet learning funct...

Страница 648: ...1 9 Examples Clear static ARP entries Sysname reset arp static...

Страница 649: ...p anti attack valid check enable command to enable ARP source MAC address consistency check Use the undo arp anti attack valid check enable command to disable this function By default ARP source MAC a...

Страница 650: ...VLAN By default ARP attack detection is disabled on the switch Examples Enable ARP attack detection on all ports in VLAN 1 Sysname system view System View return to User View with Ctrl Z Sysname vlan...

Страница 651: ...e command to remove the configuration By default ARP packet filtering based on the gateway s IP address is disabled Note that z This command should be configured on a port directly connected to hosts...

Страница 652: ...net 1 0 2 Sysname system view Sysname interface ethernet1 0 2 Sysname Ethernet1 0 2 arp filter binding 192 168 100 1 000d 88f8 528c arp max learning num Syntax arp max learning num number undo arp max...

Страница 653: ...very function is disabled Examples Enable the port state auto recovery function of the switch Sysname system view System View return to User View with Ctrl Z Sysname arp protective down recover enable...

Страница 654: ...0 arp rate limit Syntax arp rate limit rate undo arp rate limit View Ethernet port view Parameters rate Maximum ARP packet receiving rate on the port in the range of 10 to 1 024 pps Description Use th...

Страница 655: ...imit function on Ethernet 1 0 11 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 11 Sysname Ethernet1 0 11 arp rate limit enable arp restricted forwardin...

Страница 656: ...RP trusted port state and discarded invalid ARP packets those failed to pass ARP attack detection on the specified port If ARP attack detection is disabled the statistics of ARP trusted port state and...

Страница 657: ...ses both static and dynamic IP addresses and MAC addresses of authenticated 802 1x clients and uses the mappings for ARP attack detection after IP to MAC static bindings and DHCP snooping entries are...

Страница 658: ...he undo arp proxy enable command to disable common proxy ARP on the VLAN interface By default common proxy ARP is disabled on the VLAN interfaces of a switch Related commands display arp proxy Example...

Страница 659: ...p proxy Interface Vlan interface1 Proxy ARP status enabled Local Proxy ARP status disabled Interface Vlan interface2 Proxy ARP status enabled Local Proxy ARP status disabled Interface Vlan interface3...

Страница 660: ...N interface Use the undo local proxy arp enable command to disable local proxy ARP on the VLAN interface By default local proxy ARP is disabled on the VLAN interfaces of a switch Examples Enable local...

Страница 661: ...t can transmit Resilient ARP packets If the unit id argument is not specified this command is to display the Resilient ARP state information of all units If the unit id argument is specified this comm...

Страница 662: ...enable resilient arp interface vlan interface Syntax resilient arp interface Vlan interface vlan id undo resilient arp interface Vlan interface vlan id View System view Parameters vlan id VLAN interf...

Страница 663: ...4 3 Sysname resilient arp interface vlan interface 2...

Страница 664: ...1 16 dhcp server option 1 17 dhcp server ping 1 18 dhcp server relay information enable 1 18 dhcp server static bind 1 19 dhcp server tftp server domain name 1 20 dhcp server tftp server ip address 1...

Страница 665: ...nooping 3 1 dhcp snooping information enable 3 1 dhcp snooping information format 3 2 dhcp snooping information packet format 3 3 dhcp snooping information remote id 3 3 dhcp snooping information stra...

Страница 666: ...iii ip address dhcp alloc 5 2 BOOTP Client Configuration Commands 5 3 display bootp client 5 3 ip address bootp alloc 5 4...

Страница 667: ...HCP address pool view Parameters domain name Name of a domain a string of 1 to 24 characters You can use the domain command to create a domain Description Use the accounting domain command to enable t...

Страница 668: ...bims server command to remove specified BIMS server information from the DHCP global address pool By default the related information of the BIMS server is not specified If you execute the bims server...

Страница 669: ...write the previous one Examples Specify the bootfile name aaa cfg in DHCP global address pool 0 for the client Sysname system view Enter system view return to user view with Ctrl Z Sysname dhcp server...

Страница 670: ...system view Sysname system view System View return to User View with Ctrl Z Enable DHCP Sysname dhcp enable dhcp select global Syntax VLAN interface view dhcp select global undo dhcp select System vie...

Страница 671: ...client Sysname dhcp select global interface vlan interface 1 to vlan interface 3 Configure all interfaces to operate in global DHCP address pool mode so that when a DHCP packet is received from a DHC...

Страница 672: ...d The corresponding implementation is as follows z After a DHCP interface address pool is created by executing the dhcp select interface command UDP 67 and UDP 68 ports used by DHCP are enabled z Afte...

Страница 673: ...terface number keyword and argument combination specifies a port range all Specifies all ports Description Use the dhcp server bims server command to specify the IP address port number and shared key...

Страница 674: ...number argument specifies an interface number Description Use the dhcp server bootfile name command to specify the bootfile name in interface address pool for the client Use the undo dhcp server bootf...

Страница 675: ...ver dns list Syntax In VLAN interface view use the following commands to specify the DNS server IP address in the current DHCP interface address pool for the client dhcp server dns list ip address 1 8...

Страница 676: ...er system view Sysname system view System View return to User View with Ctrl Z Enter VLAN interface 1 view Sysname interface Vlan interface 1 Configure the DNS server IP address 1 1 1 254 for the DHCP...

Страница 677: ...o dhcp server domain name command to remove the configured domain name suffix By default no domain name suffix is configured for the DHCP client Related commands domain name Examples Enter system view...

Страница 678: ...fies an interface number the interface interface type interface number to interface type interface number keyword and argument combination specifies an interface range all Specifies all interface addr...

Страница 679: ...er forbidden ip command to cancel the forbiddance By default all IP addresses in an address pool are allowed to be automatically assigned Related commands dhcp server ip pool network static bind ip ad...

Страница 680: ...following functions z UDP 67 and UDP 68 ports used by DHCP are enabled only when DHCP is enabled z UDP 67 and UDP 68 ports are disabled when DHCP is disabled The corresponding implementation is as fol...

Страница 681: ...ber argument specifies an interface number the interface interface type interface number to interface type interface number keyword and argument combination specifies an interface range all In compari...

Страница 682: ...fies the m typed node Nodes of this type are p nodes with some broadcasting features h node Specifies the h typed node Nodes of this type are b nodes with peer to peer communicating features interface...

Страница 683: ...ii ascii string Specifies a string that is of 1 to 63 characters Note that each character of the string must be an ASCII character hex hex string 1 10 Specifies strings each of which comprises 1 to 8...

Страница 684: ...ranges from 0 to 10 and defaults to 2 Value 0 means no ping operation will be performed timeout milliseconds Specifies the timeout time in milliseconds the device waits for an echo response The millis...

Страница 685: ...ess mac address View VLAN interface view Parameters ip address IP address to be statically bound Note that the specified IP address must belong to the same network segment as that of the current VLAN...

Страница 686: ...s 10 1 1 2 to the MAC address 0000 e03f 0305 Assume that the DHCP interface address pool of VLAN interface 1 already exists and the IP address belongs to the address pool Sysname Vlan interface1 dhcp...

Страница 687: ...Sysname interface Vlan interface 1 Sysname Vlan interface1 dhcp server tftp server domain name domain1 dhcp server tftp server ip address Syntax In VLAN interface view use the following commands to sp...

Страница 688: ...l for the client dhcp server voice config ncp ip ip address as ip ip address voice vlan vlan id enable disable fail over ip address dialer string undo dhcp server voice config ncp ip as ip voice vlan...

Страница 689: ...herwise other sub options do not take effect By default a DHCP server interface address pool does not assign Option 184 and the corresponding sub options to the client Related commands voice config Ex...

Страница 690: ...interface interface type interface number all View Any view Parameters ip ip address Specifies an IP address pool pool name Specifies a global address pool The pool name argument a string of 1 to 35...

Страница 691: ...e expired IP addresses of global address pools Interface pool The information about the expired IP addresses of interface address pools IP address Bound IP addresses Client identifier Hardware address...

Страница 692: ...erface this command applies to all VLAN interfaces all Specifies all address pools Description Use the display dhcp server ip in use command to display the address binding information of one IP addres...

Страница 693: ...se expiration Time when the lease expires Type Address binding type display dhcp server statistics Syntax display dhcp server statistics View Any view Parameters None Description Use the display dhcp...

Страница 694: ...e 0 Dhcp Release 1 Dhcp Inform 0 Statistics about the DHCP packets received from DHCP clients Boot Reply 4 Dhcp Offer 1 Dhcp Ack 3 Dhcp Nak 0 Statistics about the DHCP packets sent to DHCP clients Bad...

Страница 695: ...ield Description Global pool Information about global address pools Interface pool Information about interface address pools Pool name Address pool name network Assignable IP address range Child node...

Страница 696: ...dns list command to configure one or multiple DNS server IP addresses in a DHCP global address pool for the DHCP client Use the undo dns list command to remove one or all DNS server IP addresses confi...

Страница 697: ...he DHCP global address pool 0 for the DHCP client Sysname dhcp server ip pool 0 Sysname dhcp pool 0 domain name mydomain com expired Syntax expired day day hour hour minute minute unlimited undo expir...

Страница 698: ...ore than one IP address separate two neighboring IP addresses with a space all Specifies all configured gateway IP addresses Description Use the gateway list command to configure one or multiple gatew...

Страница 699: ...NS server IP addresses configured for the DHCP client By default no WINS server IP address is configured If you execute the nbns list command repeatedly the new configuration overwrites the previous o...

Страница 700: ...Examples Enter system view Sysname system view System View return to User View with Ctrl Z Specify b node as the NetBIOS node type in the DHCP global address pool 0 for the clients Sysname dhcp server...

Страница 701: ...haracter hex hex string 1 10 Specifies strings each of which comprises of 1 to 8 hexadecimal digits The 1 10 means that you can provide up to 10 such strings When entering more than one strings separa...

Страница 702: ...ip in use all interface interface type interface number ip ip address pool pool name View User view Parameters all Clears the dynamic address binding information about all IP addresses interface inter...

Страница 703: ...packets request packets response packets Related commands display dhcp server statistics Examples Clear the statistics on a DHCP server Sysname reset dhcp server statistics static bind client identifi...

Страница 704: ...me dhcp server ip pool 0 Sysname dhcp pool 0 static bind ip address 10 1 1 1 mask 255 255 255 0 Sysname dhcp pool 0 static bind client identifier aaaa bbbb static bind ip address Syntax static bind ip...

Страница 705: ...host to which the IP address is to be bound You need to provide this argument in the form of H H H Description Use the static bind mac address command to specify a MAC address to which an IP address...

Страница 706: ...name in a global address pool for the DHCP client Use the undo tftp server domain name command to remove the TFTP server name from a global address pool By default no TFTP server name is specified Usi...

Страница 707: ...onfig ncp ip as ip voice vlan fail over View DHCP address pool view Parameters ncp ip ip address Specifies the IP address of the primary network calling processor as ip ip address Specifies the IP add...

Страница 708: ...184 in global address pool 123 The NCP IP address is 1 1 1 1 and the IP address of the alternate server is 2 2 2 2 The voice VLAN is enabled with the ID being 3 The fail over IP address is 3 3 3 3 an...

Страница 709: ...resses match a binding on the DHCP relay agent if not the client cannot access outside networks via the DHCP relay agent Use the address check disable command to disable IP address match checking on t...

Страница 710: ...dshake function is enabled Note that Currently the DHCP relay agent handshake function on a S5500 EI series switch can only interoperate with a Windows 2000 DHCP server Examples Disable the DHCP relay...

Страница 711: ...p replace undo dhcp relay information strategy View System view Parameters drop Specifies to drop messages containing Option 82 keep Specifies to forward messages containing Option 82 without any chan...

Страница 712: ...se the dhcp security static command to configure a static DHCP address binding entry Use the undo dhcp security command to remove one or all address binding entries or all address binding entries of a...

Страница 713: ...amic binding entries to 60 seconds Sysname dhcp security tracker 60 dhcp server Syntax dhcp server groupNo undo dhcp server View VLAN interface view Parameters groupNo DHCP server group number This ar...

Страница 714: ...and DHCP services are disabled At the same time UDP 67 and UDP 68 ports used by DHCP are disabled Examples Enter system view Sysname system view System View return to User View with Ctrl Z Enter VLAN...

Страница 715: ...separated by a space Description Use the dhcp server ip command to configure the DHCP server IP address es in a specified DHCP server group Use the undo dhcp server command to remove all DHCP server...

Страница 716: ...1 1 1 0001 0001 0001 Static 192 168 10 2 000d 88f7 b090 Dynamic_ack 2 dhcp security item s found Table 2 1 Description on the fields of the display dhcp security command Field Description IP Address I...

Страница 717: ...d Description IP address of DHCP server group 0 DHCP server IP addresses of DHCP server group 0 Messages from this server group Number of the packets the DHCP relay receives from the DHCP server group...

Страница 718: ...terface command to display information about the DHCP server group to which a VLAN interface is mapped Related commands dhcp server display dhcp server Examples Display information about the DHCP serv...

Страница 719: ...2 11 Related commands dhcp server display dhcp server Examples Clear the statistics information of DHCP server group 2 Sysname reset dhcp server 2...

Страница 720: ...er without recording the IP to MAC bindings of the DHCP clients By default the DHCP snooping function is disabled Note that z You need to disable DHCP relay agent before enabling DHCP snooping on the...

Страница 721: ...n format Syntax dhcp snooping information format hex ascii View System view Parameters hex Specifies the storage format of Option 82 as HEX namely hexadecimal string ascii Specifies the storage format...

Страница 722: ...s the extended or standard one By default the padding format for Option 82 is the extended one Examples Configure the padding format for Option 82 as the standard one Sysname system view System View r...

Страница 723: ...cket keep If a packet contains Option 82 DHCP snooping keeps and forwards this packet replace If a packet contains Option 82 DHCP snooping replaces the original Option 82 field with the Option 82 fiel...

Страница 724: ...sub option string Content of the circuit ID sub option a string of 3 to 63 ASCII characters Description Use the dhcp snooping information vlan circuit id command to configure the content of the circu...

Страница 725: ...e content of the remote ID in Option 82 Use the undo dhcp snooping information remote id command to restore the default remote ID in Option 82 With vlan vlan id specified the customized remote ID sub...

Страница 726: ...re an Ethernet port to a DHCP snooping untrusted port By default with the DHCP snooping enabled all the ports of a switch are untrusted ports Note that After DHCP snooping is enabled you need to speci...

Страница 727: ...Sysname display dhcp snooping DHCP Snooping is enabled The client binding table for all untrusted ports Type D Dynamic S Static Unit ID 1 Type IP Address MAC Address Lease VLAN Interface D 10 1 1 1 00...

Страница 728: ...ured If you specify a VLAN all the IP static binding entries for the specified VLAN will be displayed If you specify a port all the IP static binding entries for the specified port will be displayed E...

Страница 729: ...ess Enables IP filtering based on source MAC addresses of the packets Description Use the ip check source ip address command to enable IP filtering based on the DHCP snooping table and the IP static b...

Страница 730: ...rce MAC address and the port By default no binding among source IP address source MAC address and the port number is configured To create a static binding after IP filtering is enabled with the mac ad...

Страница 731: ...eset dhcp snooping command to remove DHCP snooping entries from a switch If no ip address is specified all DHCP snooping entries are removed Examples Remove all DHCP snooping entries from the switch S...

Страница 732: ...disable port state auto recovery With the port state auto recovery function a port that is shut down because the DHCP traffic rate limit configured on it is exceeded can automatically be brought up a...

Страница 733: ...t are shut down after the dhcp protective down recover interval command is last executed Examples Set the port state auto recovery interval to 30 seconds Sysname system view System View return to User...

Страница 734: ...tion to limit DHCP traffic for an Ethernet port You can use this command to limit the DHCP traffic passing through an Ethernet port When the number of DHCP packets received on the port per second exce...

Страница 735: ...s that operate as DHCP clients support a maximum lease duration of 24 days currently Examples Display the information about the address allocation of DHCP clients Sysname display dhcp client verbose D...

Страница 736: ...ase period Server IP IP address of the DHCP server selected Transaction ID Transaction ID Default router Gateway address Next timeout will happen after 0 days 11 hours 56 minutes 1 seconds The timer e...

Страница 737: ...h DHCP Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 ip address dhcp alloc BOOTP Client Configuration Commands display boot...

Страница 738: ...s bootp alloc undo ip address bootp alloc View VLAN interface view Parameters None Description Use the ip address bootp alloc command to configure a VLAN interface to obtain an IP address through BOOT...

Страница 739: ...cription 1 2 display acl 1 3 display drv qacl_resource 1 4 display packet filter 1 5 display time range 1 6 packet filter 1 7 packet filter vlan 1 9 rule for Basic ACLs 1 10 rule for Advanced ACLs 1 1...

Страница 740: ...user defined ACL match order Specifies the match order for ACL rules Following two match orders exist z auto Specifies to match ACL rules according to the depth first rule z config Specifies to match...

Страница 741: ...255 255 rule 1 permit source 1 0 0 0 0 255 255 255 As shown in the output information the switch sorts the rules of ACL 2000 in the depth first order a rule with more zeros in the source IP address w...

Страница 742: ...display acl Syntax display acl all acl number View Any view Parameters all Displays all ACLs acl number Number of the ACL to be displayed in the range of 2000 to 5999 Description Use the display acl...

Страница 743: ...rce 3 3 3 0 0 0 0 255 Detailed information of a rule display drv qacl_resource Syntax display drv qacl_resource View Any view Parameters None Description Use the display drv qacl_resource to display t...

Страница 744: ...e used rules spare mask Number of the remaining masks spare rule Number of the remaining rules Apply ACL 2001 to port GigabitEthernet 1 0 49 Sysname system view System View return to User View with Ct...

Страница 745: ...Table 1 3 Description on the fields of the display packet filter command Field Description Ethernet1 0 1 Port on which packet filtering is performed Inbound Direction of the packet filtering Inbound o...

Страница 746: ...Field Description Current time is 17 01 34 May 21 2007 Monday Current system time Time range Name of the time range Active Status of the time range which can be z Active The time range is active curre...

Страница 747: ...rom 4000 to 4999 z The user group acl number keyword specifies a user defined ACL The acl number argument ranges from 5000 to 5999 z The rule rule id keyword specifies a rule of an ACL The rule argume...

Страница 748: ...packet filter vlan vlan id inbound outbound acl rule View System view Parameters vlan id VLAN ID inbound Specifies to filter packets received by the ports in the VLAN outbound Specifies to filter pack...

Страница 749: ...ACL 4000 on all ports in VLAN 40 to filter inbound packets Here it is assumed that the ACLs and their rules and the VLAN are already configured Sysname packet filter vlan 40 inbound ip group 3000 rule...

Страница 750: ...by using the display acl command fragment Removes the settings concerning non tail fragments in the ACL rule source Removes the settings concerning source address in the ACL rule time range Removes t...

Страница 751: ...er 2000 Sysname acl basic 2000 rule 1 deny source 192 168 0 1 0 Sysname acl basic 2000 quit Create basic ACL 2001 and define rule 1 to deny packets that are non tail fragments Sysname acl number 2001...

Страница 752: ...oviding 0 for the sour wildcard argument The any keyword specifies any source address destination dest addr dest wildcard any Destination address Specifies the destination address information for the...

Страница 753: ...r example you need to input 0 0 255 255 to specify the subnet mask 255 255 0 0 If you specify the dscp keyword you can directly input a value ranging from 0 to 63 or input one of the keywords listed i...

Страница 754: ...n binary routine 0 000 priority 1 001 immediate 2 010 flash 3 011 flash override 4 100 critical 5 101 internet 6 110 network 7 111 If you specify the tos keyword you can directly input a value ranging...

Страница 755: ...numerals the value range is 0 to 65535 With the range operator the value of port2 does not need to be greater than that of port1 because the switch can automatically judge the value range If the valu...

Страница 756: ...1 13 Table 1 13 ICMP specific ACL rule information Parameters Type Function Description icmp type icmp type icmp code Type and message code information of ICMP packets Specifies the type and message c...

Страница 757: ...o TCP or UDP icmp type Removes the settings concerning the ICMP type and message code in the ACL rule This keyword is only available to the ACL rules with their protocol type set to ICMP precedence Re...

Страница 758: ...with the source IP address of 192 168 0 1 and DSCP priority of 46 Sysname system view System View return to User View with Ctrl Z Sysname acl number 3000 Sysname acl adv 3000 rule 1 deny ip source 192...

Страница 759: ...format of H H H vlan id Source VLAN ID in the range of 1 to 4 094 dest dest mac addr dest mac mask Destination MAC address information Specifies the destination MAC address range for the ACL rule des...

Страница 760: ...atically If the ACL has no rules the rule is numbered 0 otherwise the number of the rule will be the greatest rule number plus one If the current greatest rule number is 65534 however the system will...

Страница 761: ...ytes when the rule string contains four hexadecimal numerals the maximum value of offset is 78 bytes and so on z The valid length of the mask offset is 128 hexadecimal numerals 64 bytes For example as...

Страница 762: ...you modify the rule string rule mask offset combinations however the new combinations will replace all of the original ones z If you do not specify the rule id argument when creating an ACL rule the r...

Страница 763: ...ackets sourced from 192 168 0 1 it is assumed that no port is enabled with the VLAN VPN function In the following rule command line 0806 is the protocol number of ARP 16 is the offset of the protocol...

Страница 764: ...ring does not comply with the rule that a user defined rule string can contain up to eight mask offset units and any two offset units cannot belong to the same offset group The ACL cannot be assigned...

Страница 765: ...nd time days of the week from start time start date to end time end date from start time start date to end time end date to end time end date View System view Parameters all Removes all the time range...

Страница 766: ...d in a time range the time range is active only when the system time is within the defined absolute time section If multiple absolute time sections are defined in a time range the time range is active...

Страница 767: ...1 28 From 12 00 Jan 1 2008 to 12 00 Jun 1 2008...

Страница 768: ...lay qos interface traffic statistic 1 10 display queue scheduler 1 11 line rate 1 12 mirrored to 1 13 priority 1 15 priority trust 1 16 protocol priority protocol type 1 17 qos cos local precedence ma...

Страница 769: ...esent z High speed traffic is forwarded over a low speed link or traffic received from multiple interfaces at the same speed is forwarded through an interface at the same speed By enabling the burst f...

Страница 770: ...rities for certain protocol packets generated by it The supported protocols are Telnet SNMP ICMP and OSPF Depending on your configuration the IP or DSCP precedence is displayed for a specified protoco...

Страница 771: ...lay qos cos local precedence map command to display the 802 1p priority to local precedence mapping illustrated by an 802 1p priority to local precedence mapping table as shown in the following exampl...

Страница 772: ...ways 1 The unit ID ranges from 1 to 8 depending on the unit ID of the switch in the fabric For example if two switches form a fabric with the unit IDs being 3 and 5 respectively the unit IDs of the tw...

Страница 773: ...weight of queue 2 3 weight of queue 3 4 weight of queue 4 5 weight of queue 5 9 weight of queue 6 13 weight of queue 7 15 Ethernet1 0 1 traffic remark vlanid Inbound Matches Acl 2000 rule 0 running R...

Страница 774: ...Sets IP precedence for packets z local precedence Sets local precedence for packets Redirected to z interface indicates that the packets are redirected to the port z cpu indicates that the packets are...

Страница 775: ...Kbps Burst bucket size 16 Kbyte Refer to Table 1 3 for the description on the output fields display qos interface mirrored to Syntax display qos interface interface type interface number unit id mirro...

Страница 776: ...e value range for the unit id argument refer to Table 1 2 Description Use the display qos interface traffic limit command to display the traffic policing configuration of a port or a unit Related comm...

Страница 777: ...1 0 1 traffic priority Ethernet1 0 1 traffic priority Inbound Matches Acl 2000 rule 0 running Priority action dscp ef Refer to Table 1 3 for the description on the output fields display qos interface...

Страница 778: ...configuration is to be displayed unit id Unit ID of the switch whose VLAN mapping configuration is to be displayed For the value range for the unit id argument refer to Table 1 2 Description Use the d...

Страница 779: ...ic statistic Examples Display the traffic accounting configuration and traffic statistics of Ethernet 1 0 1 Sysname display qos interface Ethernet1 0 1 traffic statistic Ethernet1 0 1 traffic statisti...

Страница 780: ...he range of this argument varies with port type as follows z Fast Ethernet port 64 to 99 968 z GigabitEthernet port 64 to 1 000 000 The granularity of port rate limit is 64 kbps Assume that the value...

Страница 781: ...8 Kbps Burst bucket size 32 Kbyte mirrored to Syntax mirrored to inbound outbound acl rule monitor interface cpu undo mirrored to inbound outbound acl rule View Ethernet port view Parameters inbound D...

Страница 782: ...ckets to the CPU Description Use the mirrored to command to configure traffic mirroring Use the undo mirrored to command to cancel the configuration Traffic monitoring provides a finer mirroring granu...

Страница 783: ...splay the traffic mirroring configuration of Ethernet 1 0 1 and Ethernet 1 0 2 Sysname display qos interface Ethernet 1 0 1 mirrored to Ethernet1 0 1 mirrored to Inbound Matches Acl 2000 rule 0 runnin...

Страница 784: ...Sysname interface Ethernet1 0 1 Sysname Ethernet1 0 1 priority 6 priority trust Syntax priority trust undo priority View Ethernet port view Parameters None Description Use the priority trust command...

Страница 785: ...pecifies the protocol type which could be Telnet SNMP ICMP or OSPF ip precedence ip precedence Specifies an IP precedence in digits for the specified protocol in the range 0 to 7 Alternatively you can...

Страница 786: ...cs3 24 cs4 32 cs5 40 cs6 48 cs7 56 ef 46 Description Use the protocol priority command to set the global IP precedence or DSCP precedence for the specified type of protocol packets generated by the cu...

Страница 787: ...local prec cos1 map local prec cos2 map local prec cos3 map local prec cos4 map local prec cos5 map local prec cos6 map local prec cos7 map local prec undo qos cos local precedence map View System vi...

Страница 788: ...ing Table 1 8 The default 802 1p priority to local precedence mapping 802 1p priority Local precedence 0 2 1 0 2 1 3 3 4 4 5 5 6 6 7 7 Related commands display qos cos local precedence map Examples Co...

Страница 789: ...h queue5 width queue6 width queue7 width Customizes the bandwidth values to be allocated for queues 0 through 7 in kbps In system view the bandwidth ranges from 0 to 99968 The bandwidth varies with th...

Страница 790: ...you configure queues 0 and 2 to adopt SP and queues 3 through 7 to adopt WRR in system view you can modify the weights of queues 3 through 7 in port view but cannot modify the queue scheduling algorit...

Страница 791: ...ue 0 through queue 7 to 1 2 3 4 5 6 7 and 8 Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 queue scheduler wrr 1 2 3 4 5 6 7 8 Display the global queue scheduling configuration Sysname Etherne...

Страница 792: ...ches Acl 2008 rule 0 running 13775 packets inprofile 2061 packets outprofile Matches Acl 4008 rule 0 running 2606 packets inprofile 0 packet outprofile Clear the statistics about inbound packets match...

Страница 793: ...he ACL rules referenced must be those defined with the permit keyword union effect Specifies that all the ACL rules including those identified by the acl rule argument in this command and those applie...

Страница 794: ...pped egress port interface type interface number Enables traffic policing for the outbound packets of the port identified by interface type interface number The interface type interface number argumen...

Страница 795: ...policing for packets matching specific ACL rules Related commands display qos interface traffic limit Examples Configure traffic policing for inbound packets sourced from VLAN 200 on Ethernet 1 0 1 se...

Страница 796: ...pre value argument or in words as shown in Table 1 10 Alternatively you can specify the from ipprec keyword for the switch to extract the IP precedence for the 802 1p priority Table 1 10 802 1p prior...

Страница 797: ...etframe 4000 rule permit cos 5 Sysname acl ethernetframe 4000 quit Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 traffic priority inbound link group 4000 cos 1 Set the DSCP precedence of inbo...

Страница 798: ...can also provide one of the keywords listed in Table 1 7 for the dscp value argument ip precedence pre value from cos Sets the IP precedence You can assign a value in digits in the range of 0 to 7 for...

Страница 799: ...ethernetframe 4000 quit Sysname traffic priority vlan 2 inbound link group 4000 cos 1 traffic redirect Syntax traffic redirect inbound outbound acl rule cpu interface interface type interface number...

Страница 800: ...for information about Combo ports z If the traffic is configured to be redirected to an aggregation group the traffic is redirected to the master port of the aggregation group Refer to Link Aggregatio...

Страница 801: ...are to be mapped Description Use the traffic remark vlanid command to enable VLAN mapping and set the target VLAN ID for packets matching specific ACL rules Use the undo traffic remark vlanid command...

Страница 802: ...nterface traffic statistic reset traffic statistic Examples Enable traffic accounting on Ethernet 1 0 1 for the inbound packets sourced from the IP network segment 1 1 1 0 24 Sysname system view Syste...

Страница 803: ...to enable the WRED function Use the undo wred command to restore the default By default the WRED function is disabled Examples Enable the WRED function for queue 2 on Ethernet 1 0 1 specifying to drop...

Страница 804: ...t of Ethernet ports You can specify multiple Ethernet ports by providing this argument in the form of interface type interface number to interface type interface number Description Use the apply qos p...

Страница 805: ...a string of 1 to 184 characters and in the form of aa cc with aa for user name and cc for domain name Description Use the display qos profile command to display the configuration of a QoS profile or...

Страница 806: ...ofile packet filter inbound ip group 2000 rule 0 Filter the inbound packets matching rule 0 of ACL 2000 traffic limit inbound ip group 3000 rule 0 64 Limit the rate of the inbound packets matching rul...

Страница 807: ...e packet filtering action to a QoS profile Use the undo packet filter command to remove the packet filtering action from a QoS profile Examples Add the packet filtering action to the QoS profile named...

Страница 808: ...profile is applied to the port manually use the undo apply qos profile command to remove the QoS profile from the port z If the QoS profile is applied to the port dynamically log off the user connect...

Страница 809: ...ets received through the interface acl rule ACL rules to be applied for traffic classification This argument can be the combination of multiple ACLs For more information about this argument refer to T...

Страница 810: ...outbound packets of the port identified by interface type interface number If you specify this keyword this command applies to the outbound unicast packets that pass the port and match the ACL rules z...

Страница 811: ...ffic priority inbound outbound acl rule View QoS profile view Parameters inbound Performs priority marking on the inbound packets outbound Performs priority marking on the outbound packets acl rule AC...

Страница 812: ...l precedence automatically If local precedence marking is also configured there will be two local precedence values for the traffic resulting in conflict In this case the device will display an error...

Страница 813: ...ds 1 1 display mirroring group 1 1 mirroring group 1 3 mirroring group mirroring port 1 3 mirroring group monitor port 1 4 mirroring group reflector port 1 5 mirroring group remote probe vlan 1 6 mirr...

Страница 814: ...ay the parameter settings of the destination groups for remote mirroring remote source Specifies to display the parameter settings of the source groups for remote mirroring Description Use the display...

Страница 815: ...roup which can be active or inactive mirroring port Source port in port mirroring This field is available only for local mirroring groups or remote source mirroring groups both inbound outbound The di...

Страница 816: ...the undo mirroring group command to remove a port mirroring group The mirroring group you created can take effect only after you configure other parameters for it Note that a Switch 5500 EI supports...

Страница 817: ...oring group mirroring port command to configure the source ports for a local mirroring group or a remote source mirroring group Use the undo mirroring group mirroring port command to remove the source...

Страница 818: ...an existing mirroring group a member port of an aggregation group a fabric port or a port enabled with LACP or STP as the destination port z Before configuring a destination port for a local mirroring...

Страница 819: ...tection packet filtering QoS port security and so on z When a port is configured as a reflector port the switch configures its link state as up duplex mode as full and port rate as the maximum rate su...

Страница 820: ...ysname system view System View return to User View with Ctrl Z Sysname vlan 100 Sysname vlan100 remote probe vlan enable Sysname vlan100 quit Sysname mirroring group 1 remote source Sysname mirroring...

Страница 821: ...e Ethernet 1 0 1 as the source port and mirror all packets received on and sent from this port Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname...

Страница 822: ...Ethernet 1 0 4 as a destination port in Ethernet port view Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 4 Sysname Ethernet1 0 4 monitor port remote p...

Страница 823: ...commands mirroring group remote probe vlan Examples Configure VLAN 5 as the remote probe VLAN Sysname system view System View return to User View with Ctrl Z Sysname vlan 5 Sysname vlan5 remote probe...

Страница 824: ...i Table of Contents 1 Web Cache Redirection Configuration Commands 1 1 Web Cache Redirection Configuration Commands 1 1 display webcache 1 1 webcache address 1 2 webcache redirect vlan 1 4...

Страница 825: ...lay Web cache redirection configuration and the status of Web cache Sysname display webcache webcache IP address 1 1 1 1 webcache MAC address 000f e20f 0000 webcache port Ethernet1 0 1 webcache VLAN 1...

Страница 826: ...ion function is enabled but Web cache detection is not started z Enable and detecting Indicates that the redirection function is enabled and the system is detecting the Web cache device z Enable but h...

Страница 827: ...will not take effect z The VLAN interface of the VLAN which the Web cache server belongs to must be up otherwise the Web cache redirection function will not take effect z If you configured both the We...

Страница 828: ...efore configuring a VLAN as a redirected VLAN you need to create the VLAN interface for the VLAN z You can configure multiple redirected VLANs by executing the webcache redirect vlan command repeatedl...

Страница 829: ...upply 1 4 display poe temperature protection 1 5 poe disconnect 1 6 poe enable 1 6 poe legacy enable 1 7 poe max power 1 7 poe mode 1 8 poe power management 1 9 poe priority 1 9 poe temperature protec...

Страница 830: ...connect The PoE disconnect mode is AC display poe interface Syntax display poe interface interface type interface number View Any view Parameters interface type interface number Port type and port num...

Страница 831: ...PoE status on the port z user command set port to off PoE to the port is turned off by the user z Standard PD was detected A standard PD is detected z detection is in process PDs are being detected Po...

Страница 832: ...Power status on the port ON OFF ENABLE PoE enabled disabled status on the port MODE PoE mode on the port z signal PoE through the signal cable z spare PoE through the spare cable PRIORITY PoE priorit...

Страница 833: ...oe interface power PORT INDEX POWER mW PORT INDEX POWER mW Ethernet1 0 1 0 Ethernet1 0 2 0 Ethernet1 0 3 0 Ethernet1 0 4 0 Ethernet1 0 5 0 Ethernet1 0 6 0 Ethernet1 0 7 0 Ethernet1 0 8 0 Ethernet1 0 9...

Страница 834: ...Version Version of the PSE complex programmable logical device CPLD PSE Power Management mode PoE management mode on the port when the PSE is overloaded z The auto keyword indicates that the auto mod...

Страница 835: ...and to restore the default The default PD disconnection detection mode is AC Note that change to the PD disconnection detection mode may lead to power off of some PDs Examples Set the PD disconnection...

Страница 836: ...tem view Parameters None Description Use the poe legacy enable command to enable the PD compatibility detection function Use the undo poe legacy enable command to disable the PD compatibility detectio...

Страница 837: ...display poe interface power commands to display the power supply information of a port Examples Set the maximum power supplied by Ethernet 1 0 3 to 15000 mW Sysname system view System View return to...

Страница 838: ...ing Use the undo poe power management command to restore the default mode By default the PoE management mode on port is auto You can use the poe priority command to set the PoE priority of a port Exam...

Страница 839: ...ailable power of the whole switch is less than 18 8 W and there is no port with low priority the port with the inserted PD cannot supply power Examples Set the PoE priority of Ethernet 1 0 3 to critic...

Страница 840: ...PSE completely and then reload the PoE processing software filename Update file name with a length of 1 to 64 characters and with the extension s19 Description Use the poe update command to update the...

Страница 841: ...tware of the fabric switch remotely on any device in the fabric Examples Upgrade the PSE processing software poe2046 s19 in the flash of unit 2 to upgrade the PSE processing software of all the units...

Страница 842: ...iew Parameters profile name Name of a PoE profile a string of 1 to 15 characters It starts with a letter from a to z or from A to Z and it cannot be any of reserved keywords like all interface user un...

Страница 843: ...o query which PoE profile is applied to a port However the command cannot be used to query which PoE features in a PoE profile are applied successfully Examples Apply the existing PoE profile profile...

Страница 844: ...Description Use the poe profile command to create a PoE profile and then enter PoE profile view If the PoE profile is already created you will enter PoE profile view directly Use the undo poe profile...

Страница 845: ...nge unit id 1 2 display ftm 1 4 display xrn fabric 1 7 fabric member auto update software enable 1 7 fabric save unit id 1 8 fabric port enable 1 10 ftm fabric vlan 1 12 xrn fabric authentication mode...

Страница 846: ...D of the current switch note the following z If the modified unit ID is not used in the XRN fabric the system sets its priority to 5 and saves it in the Flash memory of the current switch z If the mod...

Страница 847: ...mbering mode Description Use the change unit id command to configure the unit ID of a specified switch in an XRN fabric to a new value By default when a switch is added to an XRN fabric it uses the au...

Страница 848: ...0f e20f 5132 10 Left 1 A 3 000f e20f 5252 10 Right 1 A 4 000f e20f 8922 10 Left 1 A 5 000f cbb7 2142 10 Right 1 A 6 000f cbb7 3264 10 Left 1 A 7 000f cbb7 2260 10 Right 1 A 8 000f cbb7 2734 10 Left 1...

Страница 849: ...atistics topology database Displays the topology database information of the fabric Description Use the display ftm command to display the protocol information or the topology database information of...

Страница 850: ...name of the fabric are different z Isolated different version The software version of the directly connected device and that of the current device are different z Isolated auth failure The XRN fabric...

Страница 851: ...D A M 1 000f e20f 5002 10 Left Right 1 A 2 000f e20f 5132 10 Left Right 1 A 3 000f e20f 5252 10 Left Right 1 A 4 000f cbb7 3264 5 Left Right 1 M 5 000f cbb7 2142 10 Left Right 1 A 6 000f e20f 8922 10...

Страница 852: ...t 1 Second 2 From the above example you can see the following z The name of the fabric is Sysname z The system operation mode is Layer 3 forwarding z The current device is 1 marked by z The name of th...

Страница 853: ...le the candidate switch to download software and discovery neighbors and thus be added to the fabric normally z If the candidate switch is going to download software from a unit in an XRN fabric you a...

Страница 854: ...Left 1 A 5 000f cbb7 2142 10 Right 1 A 6 000f cbb7 3264 10 Left 1 A 7 000f cbb7 2260 10 Right 1 A 8 000f cbb7 2734 10 Left 1 A Save the unit IDs of all the units in an XRN fabric to the unit Flash mem...

Страница 855: ...cessfully Unit 4 removed unit ID successfully Unit 5 removed unit ID successfully Unit 6 removed unit ID successfully Unit 7 removed unit ID successfully Unit 8 removed unit ID successfully Display th...

Страница 856: ...the second group Only one group of ports can be configured as fabric ports at a time Given a group either GigabitEthernet 1 0 25 49 or GigabitEthernet 1 0 27 51 can be configured as the left fabric po...

Страница 857: ...it XRN data among devices avoiding packets being sent to non fabric ports You need to specify the XRN fabric VLAN before the XRN fabric is established Because after the fabric is established the VLAN...

Страница 858: ...on mode simple hello port link type xrn fabric Syntax port link type xrn fabric View Ethernet port view Parameters None Description Use the port link type command to configure an Ethernet port as the...

Страница 859: ...name reset ftm statistics set unit name Syntax set unit unit id name unit name View System view Parameters unit id Unit ID of a device unit name Name of the specified unit a string of 1 to 64 characte...

Страница 860: ...sysname command to restore the default fabric name Before a new device is added into a fabric make sure that the fabric name of the device and the fabric name of the devices in the fabric are consist...

Страница 861: ...timer port delay 1 12 Cluster Configuration Commands 1 13 add member 1 13 administrator address 1 13 auto build 1 14 build 1 16 cluster 1 18 cluster enable 1 18 cluster switch to 1 19 cluster mac 1 2...

Страница 862: ...black list 1 39 display cluster base members 1 40 display cluster base topology 1 40 display cluster black list 1 41 display cluster current topology 1 42 display ntdp single device mac address 1 43...

Страница 863: ...operating information including the global NDP status the interval to send NDP packets the holdtime of NDP information and the NDP status and neighbor information on all ports If executed with the in...

Страница 864: ...Timer Interval for the switch to send NDP packets which is configured through the ndp timer hello command Aging Timer Holdtime for neighbors to keep the NDP information of the switch which is configur...

Страница 865: ...and in system view without the interface keyword specified NDP will be enabled globally if you specify the interface keyword in the command NDP will be enabled on the specified ports In Ethernet port...

Страница 866: ...in instability of the NDP port neighbor table Examples Set the holdtime of the NDP information sent by the switch to 60 seconds Sysname system view System View return to User View with Ctrl Z Sysname...

Страница 867: ...e NDP statistics on specific ports When executing the command if you specify the interface keyword the command will clear NDP statistics on the specified ports if you do not specify the interface keyw...

Страница 868: ...e 1 2 Description on the fields of the display ntdp command Field Description NTDP is running NTDP is enabled globally on this device Hops Hop count for topology collection which is configured through...

Страница 869: ...ce list command Field Description MAC MAC address of a device collected by NTDP HOP Hops from this device to the collected device IP IP address and mask length of the management VLAN interface on the...

Страница 870: ...n Hostname System name of a device collected by NTDP MAC MAC address of the collected device Hop Hops from this device to the collected device Platform Software platform of the collected device IP IP...

Страница 871: ...1 ntdp enable ntdp explore Syntax ntdp explore View User view Parameters None Description Use the ntdp explore command to manually start a topology collection process NTDP is able to periodically coll...

Страница 872: ...he range of topology collection by setting the maximum hops from the collecting device to the collected devices For example if you set the maximum hops to two the switch initiating the topology collec...

Страница 873: ...up the management switch will collect the topology information of the network at the topology collection interval you set and automatically add the candidate switches it discovers into the cluster z...

Страница 874: ...n Use the ntdp timer port delay command to configure the topology request forwarding delay between two ports that is the interval at which the device forwards the topology requests through the NTDP en...

Страница 875: ...to the cluster You can only use this command on the management device of a cluster If you do not specify the member number when adding a new cluster member the management device assigns the next avai...

Страница 876: ...device Setting the management device MAC address on a device can add the device to the cluster and enable the device to identify the management device even if it restarts You can add a device to a clu...

Страница 877: ...ce the device cannot be added to the cluster z After a cluster is built automatically ACL 3998 and ACL 3999 will automatically generate a rule respectively to prohibit packets whose source and destina...

Страница 878: ...37 863 2000 aaa_0 Sysname CLST 5 LOG 1 Member 000f e200 2420 is joined in cluster aaa Apr 3 08 12 37 996 2000 aaa_0 Sysname CLST 5 LOG 1 Member 000f e202 2180 is joined in cluster aaa Apr 3 08 12 38 1...

Страница 879: ...g functions are implemented as follows z When you create a cluster by using the build or auto build command UDP port 40000 is opened at the same time z When you remove a cluster by using the undo buil...

Страница 880: ...00 12 a9 90 22 40 role change NTDPIndex 0 00 00 00 00 00 12 a9 90 22 40 Role 1 aaa_0 Sysname cluster cluster Syntax cluster View System view Parameters None Description Use the cluster command to ent...

Страница 881: ...Sysname cluster enable cluster switch to Syntax cluster switch to member number mac address H H H administrator View User view Parameters member number Member number of a member device ranging from 1...

Страница 882: ...tching Examples Switch from the management device to number 6 member device and then switch back to the management device aaa_0 Sysname cluster switch to 6 aaa_6 Sysname quit aaa_0 Sysname cluster mac...

Страница 883: ...c syn interval command to set the interval for the management device to send HGMP V2 multicast MAC synchronization packets periodically You can only use this command on a management device By default...

Страница 884: ...n Therefore to remove a device from a cluster permanently you can use the following methods z Use the delete member command with the to black list keyword specified to remove a device and add the devi...

Страница 885: ...he cluster cluster status holdtime and interval to send handshake packets Executing this command on a device that does not belong to any cluster will display an error Examples Display cluster informat...

Страница 886: ...he management device display cluster candidates Syntax display cluster candidates mac address H H H verbose View Any view Parameters mac address H H H Specifies a candidate device by its MAC address H...

Страница 887: ...dates command Field Description MAC MAC address of the candidate device Hop Hops from the management device to the candidate device IP IP address of the candidate device Platform Platform of the candi...

Страница 888: ...rmation about all the devices in a cluster Description Use the display cluster members command to display information about one specific or all devices in a cluster This command is only applicable to...

Страница 889: ...16 1 1 11 24 Version 3Com Corporation Switch 5500 EI Software Version 3Com OS V3 03 02s56e Copyright c 2004 2008 3Com Corporation and its licensors All rights reserved Switch 5500 EI Switch 5500 EI O...

Страница 890: ...vice You can use the ftp server command on the management device to configure the shared FTP server of the cluster which is used for software version update and configuration file backup of the cluste...

Страница 891: ...n the management device takes effect on the management device only and will not be applied to the member devices through the cluster management packets After the IP address of the shared FTP server is...

Страница 892: ...vice receives NDP information form a member device within the holdtime the member device stays in the normal state and does not need to be added to the cluster again z Note that you need only execute...

Страница 893: ...User View with Ctrl Z Sysname cluster Sysname cluster ip pool 10 200 0 1 20 logging host Syntax logging host ip address undo logging host View Cluster view Parameters ip address IP address of the devi...

Страница 894: ...t already joins a cluster If you want to change the management VLAN on a device where a cluster has already been created you must first remove the cluster configuration on the device then re specify a...

Страница 895: ...yntax reboot member member number mac address H H H eraseflash View Cluster view Parameters member number Member number of a member device ranging from 1 to 255 mac address H H H Specifies the MAC add...

Страница 896: ...shared SNMP NMS setting By default no shared SNMP NMS is configured After setting the IP address of an SNMP NMS for the cluster the member devices in the cluster can send trap messages to the SNMP NM...

Страница 897: ...ghts and directory configuration refer to the user guide of the TFTP server software Related commands tftp put tftp server z You need to specify the cluster keyword completely in the command z For des...

Страница 898: ...address undo tftp server View Cluster view Parameters ip address IP address of a TFTP server to be configured for the cluster Description Use the tftp server command to configure a shared TFTP server...

Страница 899: ...al By default the interval between sending handshake packets is 10 seconds In a cluster the management device keeps connections with the member devices through handshake packets Through the periodic h...

Страница 900: ...onding ARP entry but the corresponding MAC address of the IP address does not exist in the MAC address table the trace of the device fails z To trace a specific device using the tracemac command make...

Страница 901: ...so that all devices or the device with the specified MAC address can join the cluster By default no MAC address is added to the cluster blacklist You can only use this command on the cluster administ...

Страница 902: ...ster base members SN Device MAC Adress Status 0 aaa_0 Sysname 000f e200 30a0 UP 1 aaa_1 5500 EI 000f e200 86e4 UP Table 1 10 Description on the fields of display cluster base members Field Description...

Страница 903: ...e topology PeerPort ConnectFlag NativePort SysName DeviceMac aaa_0 3Com 000f e202 2180 P_0 40 P_0 6 Sysname 000f e200 2200 P_0 28 P_3 0 1 Sysname 000f e200 1774 P_0 22 P_1 0 2 aaa_5 3Com 000f e200 511...

Страница 904: ...display cluster current topology Syntax display cluster current topology mac address mac address1 to mac address mac address2 member id member id1 to member id member id2 View Any view Parameters mac...

Страница 905: ...opology of the current cluster aaa_0 Sysname display cluster current topology PeerPort ConnectFlag NativePort SysName DeviceMac ConnectFlag normal connect odd connect in blacklist lost device new devi...

Страница 906: ...le device mac address 000f e200 3956 Hostname 3Com MAC 000f e200 3956 Hop 0 Platform Switch 5500 EI IP Version 3Com Corporation Switch 5500 EI Software Version 3Com OS V3 03 02s56e Copyright c 2004 20...

Страница 907: ...address mac address Accepts adding the device with the specified MAC address to the standard topology of the cluster member id member id Accepts adding the device with the specified member ID to the...

Страница 908: ...ash View Cluster view Parameters local flash Restores the standard topology of the cluster from the local Flash memory Description Use the topology restore from command to restore the standard topolog...

Страница 909: ...topology is topology top Do not modify the file name This command is applicable to only the management device of a cluster Related commands topology restore from Examples Enter Cluster view aaa_0 Sysn...

Страница 910: ...p agent local engineid 1 16 snmp agent log 1 16 snmp agent mib view 1 17 snmp agent packet max size 1 19 snmp agent sys info 1 19 snmp agent target host 1 21 snmp agent trap enable 1 22 snmp agent tra...

Страница 911: ...an SNMP agent By default each device has a default engine ID You should ensure that each engine ID is unique within an SNMP domain The creation of username and generation of cipher text password are r...

Страница 912: ...NMP Agent disabled To display the current configuration username information of SNMPv3 use the display snmp agent usm user command Examples Display the information about all the existing SNMPv1 SNMPv2...

Страница 913: ...the information about an SNMP group including group name security mode related views and storage mode A group is used to define security mode and related views Users in the same group have the common...

Страница 914: ...ed z permanent Modification is permitted but deletion is forbidden z readOnly Read only that is no modification no deletion z other Other storage types display snmp agent mib view Syntax display snmp...

Страница 915: ...Volatile View Type excluded View status active The above output information indicates that MIB view ViewDefault includes all MIB objects under the ISO MIB subtree except snmpUsmMIB snmpVacmMIB and snm...

Страница 916: ...tatistics command output description Field Description Messages delivered to the SNMP entity The total number of messages delivered to the SNMP entity from the transport service Messages which were fo...

Страница 917: ...Request PDUs which have been accepted and processed by the SNMP protocol entity GetNextRequest PDU accepted and processed The total number of SNMP Get Next PDUs which have been accepted and processed...

Страница 918: ...NMP running in the system Description Use the display snmp agent sys info command to display the system SNMP information about the current device including contact information geographical location of...

Страница 919: ...nction is enabled on the modules Sysname display snmp agent trap list configuration trap enable flash trap enable ospf trap enable standard trap enable system trap enable vrrp trap enable Enable traps...

Страница 920: ...nd SNMP agent can be ensured by configuring whether to perform authentication and privacy or not You can configure whether to perform authentication and privacy when you create an SNMPv3 group and con...

Страница 921: ...rate port interface linkUp linkDown traps when the state of the port interface changes To enable this function on a port interface use the enable snmp trap updown command to enable this function globa...

Страница 922: ...e SNMP agent closes UDP ports used by SNMP agents and SNMP trap as well snmp agent calculate password Syntax snmp agent calculate password plain password mode md5 sha local engineid specified engineid...

Страница 923: ...agent calculate password aaaa mode md5 local engineid The result of the password is B02A2E48346E2CBFFCE809C99CF1F6C snmp agent community Syntax snmp agent community read write community name acl acl n...

Страница 924: ...read write permission to MIB objects Sysname snmp agent community write mgr Remove the community named comaccess Sysname undo snmp agent community comaccess snmp agent group Syntax 1 Version 1 and ver...

Страница 925: ...groups created using the snmp agent group v3 command do not authenticate or encrypt packets Related commands snmp agent mib view snmp agent usm user Examples Create an SNMPv1 group named v1group Sysn...

Страница 926: ...an SNMP entity is formed by appending the device information to the enterprise number The device information can be determined according to the device which can be an IP address a MAC address or a use...

Страница 927: ...f the information center set the output destinations of SNMP logs will be decided z The severity level of SNMP logs is informational that is the logs are taken as general prompt information of the dev...

Страница 928: ...ust be the same as the sub OID at the corresponding position of the MIB subtree OID 0 indicates fuzzy matching meaning the OID of the node to be accessed is not necessarily the same as the sub OID at...

Страница 929: ...from 484 to 17 940 Description Use the snmp agent packet max size command to set the maximum SNMP packet size allowed by an agent Use undo snmp agent packet max size command to restore the default max...

Страница 930: ...er according to the system information The SNMP versions of the device and the NMS must be consistent otherwise data exchange cannot be completed The device processes the SNMP messages of the correspo...

Страница 931: ...ticate the packets without encryption privacy Configures to authenticate and encrypt the packets Description Use snmp agent target host command to set a destination host to receive the SNMP traps gene...

Страница 932: ...cases of authentication failures coldstart Specifies to send SNMP cold start traps when the device is rebooted linkdown Specifies to send SNMP linkDown traps when a port becomes down linkup Specifies...

Страница 933: ...link is down Apr 2 05 53 15 883 2000 3Com L2INF 2 PORT LINK STATUS CHANGE 1 Trap 1 3 6 1 6 3 1 1 5 3 linkDown portIndex is 4227634 ifAdminStatus is 2 ifOperStatus is 2 Apr 2 05 53 16 094 2000 3Com IFN...

Страница 934: ...NMP trap queue Related commands snmp agent trap enable snmp agent target host Examples Set the SNMP trap aging time to 60 seconds Sysname system view System View return to User View with Ctrl Z Sysnam...

Страница 935: ...f this interface Description Use the snmp agent trap source command to configure the source address for the SNMP traps sent Use the undo snmp agent trap source command to cancel the configuration By d...

Страница 936: ...ent usm user v1 v2c command to add a user to an SNMP group Use the undo snmp agent usm user v1 v2c command to remove a user from an SNMP group This command is applicable to SNMPv1 and SNMPv2c and is e...

Страница 937: ...undo snmp agent usm user v3 user name group name local engineid engineid string View System view Parameters user name Username a string of 1 to 32 characters group name Name of the group correspondin...

Страница 938: ...he original engine ID becomes invalid Note that z If the password is in cipher text the pri password argument can be obtained by the snmp agent calculate password command To make the calculated cipher...

Страница 939: ...authentication and privacy passwords should be in cipher text Set the security mode to authentication with privacy the authentication algorithm to md5 the privacy algorithm to des56 the authentication...

Страница 940: ...last sampled value Related commands rmon alarm Examples Display the configuration of all the alarm entries Sysname display rmon alarm Alarm table 1 owned by user1 is VALID Samples type absolute Variab...

Страница 941: ...rm is triggered when the falling threshold is reached Latest value The value of the latest sample display rmon event Syntax display rmon event event entry View Any view Parameters event entry RMON eve...

Страница 942: ...isplayed Description Use the display rmon eventlog command to display the log of an RMON event On creating an RMON event you can configure to record the event information into the logbuffer when an ev...

Страница 943: ...The sampling type is absolute display rmon history Syntax display rmon history interface type interface number unit unit number View Any view Parameters interface type Interface type interface number...

Страница 944: ...tem collects statistics of the port at this interval buckets Number of the records in the history control table Latest sampled values Latest sampled values dropevents Number of the packet dropping eve...

Страница 945: ...ype absolute Variable formula 1 3 6 1 2 1 16 1 1 1 4 1 100 Description Sampling interval 10 sec Rising threshold 10000 linked with event 1 Falling threshold 2000 linked with event 1 When startup enabl...

Страница 946: ...splay rmon statistics interface type interface number unit unit number View Any view Parameters interface type Interface type interface number Interface number unit unit number Specifies a unit number...

Страница 947: ...ts received etherStatsBroadcastPkts Number of broadcast packets received etherStatsMulticastPkts Number of multicast packets received etherStatsUndersizePkts Number of undersize packets received ether...

Страница 948: ...1 to 127 characters Description Use the rmon alarm command to add an alarm entry to the alarm table If you do not specify the owner text keyword argument combination the owner of the entry is display...

Страница 949: ...t identifies event 1 z Lower threshold 5 z The event entry2 argument identifies event 2 z Owner user1 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 S...

Страница 950: ...try to an event table you need to specify the event index You need also to specify the corresponding actions including logging the event sending traps to the NMS and the both for the network device to...

Страница 951: ...history control entry numbered 15 Sysname Ethernet1 0 1 undo rmon history 15 rmon prialarm Syntax rmon prialarm entry number prialarm formula prialarm des sampling timer delta absolute changeratio ris...

Страница 952: ...event command z You can define up to 50 extended alarm entries With an extended alarm entry defined in an extended alarm group the device performs the following operations accordingly z Sampling the a...

Страница 953: ...statistics Syntax rmon statistics entry number owner text undo rmon statistics entry number View Ethernet port view Parameters entry number Statistics entry Index in the range 1 to 65535 owner text Sp...

Страница 954: ...tics entry with a different index for the port You can use the display rmon statistics command to display the information about the statistics entry Examples Add the statistics entry numbered 20 to ta...

Страница 955: ...Helper Configuration Commands 1 1 UDP Helper Configuration Commands 1 1 display udp helper server 1 1 reset udp helper packet 1 1 udp helper enable 1 2 udp helper port 1 2 udp helper server 1 4 udp h...

Страница 956: ...cified VLAN interface is displayed Examples Display the UDP broadcast relay forwarding information on VLAN interface 1 Sysname display udp helper server interface Vlan interface 1 Interface name Serve...

Страница 957: ...destination server Use the undo udp helper enable command to disable UDP Helper function By default UDP Helper is disabled Note that On an S5500 EI Series Ethernet Switch the reception of directed br...

Страница 958: ...port numbers 53 138 137 49 69 and 37 Note that z You need to enable the UDP Helper function before specifying any UDP port otherwise the system prompts error information When the UDP helper function...

Страница 959: ...helper server command without specifying the ip address argument removes all the destination servers configured on the current interface z You can specify up to 20 destination server IP addresses on a...

Страница 960: ...by one Use the undo udp helper ttl keep enable command to restore the default By default the UDP Helper TTL keep function is disabled Note that you need to enable UDP Helper before enabling the TTL k...

Страница 961: ...authentication enable 1 6 ntp service authentication keyid 1 7 ntp service broadcast client 1 7 ntp service broadcast server 1 8 ntp service in interface disable 1 8 ntp service max dynamic sessions 1...

Страница 962: ...t and ntp service multicast server commands enables the NTP feature and opens UDP port 123 at the same time z Execution of the undo form of one of the above six commands disables all implementation mo...

Страница 963: ...ock is the clock of another switch on the network the value of this field will be the IP address of that switch stra Stratum of the clock of the synchronization source reach Reachability count of the...

Страница 964: ...TP services Examples View the status of the NTP service of the local switch Sysname display ntp service status Clock status synchronized Clock stratum 4 Reference clock ID 1 1 1 11 Nominal frequency 1...

Страница 965: ...dispersion of the remote NTP server in milliseconds Reference time Reference timestamp display ntp service trace Syntax display ntp service trace View Any view Parameters None Description Use the disp...

Страница 966: ...led control query refers to query of state of the NTP service including alarm information authentication status clock source information and so on synchronization Synchronization right This level of r...

Страница 967: ...eer 2076 Configure the access right from the remote device in ACL 2028 to the local NTP server as server Sysname system view System View return to User View with Ctrl Z Sysname ntp service access serv...

Страница 968: ...he Message Digest 5 MD5 algorithm After configuring the NTP authentication key you need to use the ntp service reliable authentication keyid command to specify the authentication key as a trusted key...

Страница 969: ...figure authentication keyid key id if authentication is not required version number Specifies the NTP version number The number argument ranges from 1 to 3 and defaults to 3 Description Use the ntp se...

Страница 970: ...ssions Syntax ntp service max dynamic sessions number undo ntp service max dynamic sessions View System view Parameters number Maximum number of the dynamic NTP sessions that can be established locall...

Страница 971: ...the multicast IP address being 224 0 1 2 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 ntp service multicast client 224 0...

Страница 972: ...ntp service reliable authentication keyid key id undo ntp service reliable authentication keyid key id View System view Parameters key id Authentication key ID in the range of 1 to 4294967295 Descript...

Страница 973: ...s way the IP address of the interface is the source IP address of all NTP packets sent by the local device Examples Specify the source IP addresses of all sent NTP packets as the IP address of VLAN in...

Страница 974: ...the clock of local Ethernet switch and that of the remote device can be synchronized to each other Examples Configure the local switch to obtain time information from the peer with the IP address 128...

Страница 975: ...scription Use the ntp service unicast server command to configure an Ethernet switch to operate in the NTP client mode Use the undo ntp service unicast server command to remove the configuration By de...

Страница 976: ...rt dsa 1 15 public key peer 1 17 public key peer import sshkey 1 18 public key code begin 1 19 public key code end 1 20 rsa local key pair create 1 21 rsa local key pair destroy 1 22 rsa peer public k...

Страница 977: ...pair rsa Displays the public keys of the current switch s RSA key pairs Description Use the display public key local command to display the public key information of the current switch s key pairs Th...

Страница 978: ...013082011F02818100D757262C4584C44C211F18BD96E5F061C4F0A4 23F7FE6B6B85B34CEF72CE14A0D3A5222FE08CECE65BE6C265854889DC1EDBD13EC8B274DA9F75BA26CCB987 723602787E922BA84421F22C3C89CB9B06FD60FE01941DDD77FE6B...

Страница 979: ...y generated key pair may have 1024 or 1023 bits You can configure an SSH peer s public key on the current switch by using the public key peer command or the public key peer import sshkey command Relat...

Страница 980: ...c keys of the current switch s RSA key pairs Sysname display rsa local key pair public Time of Key pair created 20 08 35 2000 04 02 Key name Sysname_Host Key type RSA encryption Key Key code 3047 0240...

Страница 981: ...the public keys of all SSH peers keyname Specifies a key by its name which is a string of 1 to 64 characters Description Use the display rsa peer public key command to display information about the l...

Страница 982: ...394276CE5AAF5AF01DA8B0F33E0 8335E0C3820911B90BF4D19085CADCE0B50611B9F6696D31930203010001 display ssh server Syntax display ssh server session status View Any view Parameters session Displays SSH sessi...

Страница 983: ...ts Sysname display ssh server session Conn Ver Encry State Retry SerType Username VTY 0 2 0 AES started 0 stelnet kk VTY 1 2 0 AES started 0 sFTP abc Table 1 1 Description on the fields of the display...

Страница 984: ...It cannot contain any of these characters slash backslash colon asterisk question mark less than sign greater than sign and the vertical bar sign In addition the sign can appear up to once the userna...

Страница 985: ...test sftp display ssh2 source ip Syntax display ssh2 source ip View Any view Parameters None Description Use the display ssh2 source ip command to display the current source IP address or the IP addr...

Страница 986: ...ed is 192 168 1 1 peer public key end Syntax peer public key end View Public key view Parameters None Description Use the peer public key end command to return from public key view to system view Rela...

Страница 987: ...interface by using the authentication mode scheme command z For a user interface if you have executed the authentication mode password or authentication mode none command the protocol inbound ssh comm...

Страница 988: ...mples Create local RSA key pairs Sysname system view System View return to User View with Ctrl Z Sysname public key local create rsa The range of public key size is 512 2048 NOTES If the key modulus i...

Страница 989: ...ation of the local DSA key pair Sysname display public key local dsa public Time of Key pair created 03 17 33 2000 04 06 Key name Key type DSA encryption Key Key code 3081F03081A806072A8648CE380401308...

Страница 990: ...roy these keys Y N y public key local export rsa Syntax public key local export rsa openssh ssh1 ssh2 filename View System view Parameters rsa Specifies the host public key of the current switch s RSA...

Страница 991: ...Input the bits in the modulus default 1024 Generating keys Display the host public key in the OpenSSH format Sysname public key local export rsa openssh ssh rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgMSPi xIkH...

Страница 992: ...the SSH2 format use the public key local export dsa ssh2 filename command z The host public key displayed on the screen is in a format that is not transformed and cannot be used as the public key data...

Страница 993: ...me of the public key a string of 1 to 64 characters Description Use the public key peer command to enter public key view Use the undo public key peer command to delete the configuration of peer public...

Страница 994: ...sue this command the system will automatically identify the format of the public key transforms the public key into the PKCS format and saves the public key locally This public key configuration metho...

Страница 995: ...iew and use the public key code begin command to enter the public key edit view Then you can input the key by pasting the copied characters or pressing the keys on the keyboard It must be a hexadecima...

Страница 996: ...ded z If the key is valid it is saved in the local public key list Related commands rsa peer public key public key peer public key code begin Examples Exit public key edit view and save the public key...

Страница 997: ...pair public command displays two public keys the host public key and server public key when the switch is working in SSH1 compatible mode but only one public key the host public key when the switch is...

Страница 998: ...ver Key type RSA encryption Key Key code 3067 0260 C9BEF5C8 1AF3E457 AD007039 DDB21785 28B0204F A9ED61A6 AD381860 9491B700 0286568F 4CAF27B1 1B17B1A2 0D516E74 8DAFA6C1 0F71624B B8BE6FB2 F550E7B9 BABD5...

Страница 999: ...mmand to enter public key view Use the undo rsa peer public key command to remove the setting After using this command you can use the public key code begin command to configure the peer public key Th...

Страница 1000: ...key file from the peer through FTP TFTP z Only public key files in the format of SSH1 or SSH2 are supported z Currently only public keys with the modulues being in the range 512 to 2048 bits can be im...

Страница 1001: ...cation mode is specified by using the ssh user authentication type command Use the undo ssh authentication type default command to remove the specified default authentication mode That is no default a...

Страница 1002: ...ameters server ip IP address of the server server name Name of the server a string of 1 to 184 characters keyname Name of the public key of the server a string of 1 to 64 characters Both the publickey...

Страница 1003: ...r View with Ctrl Z Sysname ssh client 192 168 0 1 assign publickey pub ppk ssh client first time enable Syntax ssh client first time enable undo ssh client first time View System view Parameters None...

Страница 1004: ...View System view Parameters times Authentication retry times in the range of 1 to 5 Description Use the ssh server authentication retries command to set the authentication retry times for SSH connect...

Страница 1005: ...les Configure the server to be compatible with SSH1 x clients Sysname system view System View return to User View with Ctrl Z Sysname ssh server compatible ssh1x enable ssh server rekey interval Synta...

Страница 1006: ...nds Authentication timeout time ranging from 1 to 120 in seconds Description Use the ssh server timeout command to set the authentication timeout time for SSH connections Use the undo ssh server timeo...

Страница 1007: ...it tears down the connection An SSH user created with this command uses the default authentication type specified by the ssh authentication type default command If no default authentication type is sp...

Страница 1008: ...h user assign command to assign an existing public key to a specified SSH user on the SSH server side Use the undo ssh user assign command to remove the association The public key of the client is sub...

Страница 1009: ...and publickey publickey Specifies the authentication mode for the SSH user as publickey RSA key or DSA key authentication rsa Specifies the authentication mode for the SSH user as publickey RSA key o...

Страница 1010: ...ion for SSH users Sysname system view System View return to User View with Ctrl Z Sysname ssh user kk authentication type publickey Display the SSH user information Sysname display ssh user informatio...

Страница 1011: ...e_group prefer_ctos_cipher 3des des aes128 prefer_stoc_cipher 3des des aes128 prefer_ctos_hmac sha1 sha1_96 md5 md5_96 prefer_stoc_hmac sha1 sha1_96 md5 md5_96 View System view Parameters host ip Serv...

Страница 1012: ...blish a connection with an SSH server and at the same time specify the preferred key exchange algorithm encryption algorithms and HMAC algorithms between the server and client Note that when logging i...

Страница 1013: ...he SSH client Sysname system view System View return to User View with Ctrl Z Sysname ssh2 source interface Vlan interface 1 ssh2 source ip Syntax ssh2 source ip ip address undo ssh2 source ip View Sy...

Страница 1014: ...the SSH clients can only access the SSH server using the IP address of the specified interface as the destination This improves the service manageability when the SSH server has multiple IP addresses...

Страница 1015: ...can only access the SSH server using the specified IP address as the destination This improves the service manageability when the SSH server has multiple IP addresses Examples Specify source IP addre...

Страница 1016: ...ename 1 12 reset recycle bin 1 12 rmdir 1 15 undelete 1 15 update fabric 1 16 File Attribute Configuration Commands 1 17 boot attribute switch 1 17 boot boot loader 1 18 boot boot loader backup attrib...

Страница 1017: ...tarting with flash For example the URL of file text txt in the root directory of the Flash on the current unit is flash text txt z To access a file in the current directory enter the path name or file...

Страница 1018: ...ame of the target file Description Use the copy command to copy a file If the fileurl dest argument identifies an existing file the existing file will be overwritten after the command is executed succ...

Страница 1019: ...the specified file is removed to the recycle bin and you can use the undelete command to restore it You can delete files based on file attribute z If you execute the delete running files command all t...

Страница 1020: ...test test txt Y N y Delete file unit1 flash test test txt Done Delete all the main Web files on the local unit Sysname delete running files Delete all the running files Y N n Delete the running image...

Страница 1021: ...bric If executed without the fabric keyword the command will display information about files and folders in the root directory of the current device z If executed with the file url argument the comman...

Страница 1022: ...rwh 4 Apr 01 2000 23 55 24 snmpboots 1 rw 4724347 Apr 01 2000 23 59 45 test bin 2 rw 1475 Apr 01 2000 23 59 53 config cfg 3 rw 1737 Apr 02 2000 00 46 21 cfg cfg 4 rw 279296 Apr 02 2000 00 21 55 love...

Страница 1023: ...ration command after this command is configured successfully otherwise this command may not be executed correctly Examples Execute the batch file named test bat under the directory flash Sysname syste...

Страница 1024: ...be displayed when you delete a file Sysname delete unit1 flash te txt Delete file unit1 flash te txt Done Examples Set the prompt mode to quiet for file related operations Sysname system view System...

Страница 1025: ...sname format unit1 flash All data on unit1 flash will be lost proceed with format Y N y Format unit1 flash completed mkdir Syntax mkdir directory View User view Parameters directory Name of a director...

Страница 1026: ...of a file in the Flash memory Description Use the more command to display the contents of a specified file Currently the file system only supports to display the contents of text files Examples Displ...

Страница 1027: ...is used as the target file name by default Examples Move the file 1 txt from flash to flash a within unit1 with the name unchanged Sysname move unit1 flash 1 txt unit1 flash a Move unit1 flash 1 txt...

Страница 1028: ...Target path name or file name Description Use the rename command to rename a file or a directory If the target file name or directory name is the same with any existing file name or directory name yo...

Страница 1029: ...l not ask for your confirmation Use the reset recycle bin fabric command to permanently delete files in the recycle bin of all the devices in the fabric The system will not prompt you to confirm delet...

Страница 1030: ...cfg 2 rw 4036197 May 14 2000 10 13 18 main bin 3 rw 2386 Apr 26 2000 13 30 30 back cfg 4 drw May 08 2000 09 49 25 test 5 rwh 716 Apr 24 2007 16 17 30 hostkey 6 rwh 572 Apr 24 2007 16 17 44 serverkey...

Страница 1031: ...unit1 flash dd undelete Syntax undelete file url View User view Parameters file url Path name or file name of a file in the Flash memory Description Use the undelete command to restore a deleted file...

Страница 1032: ...he file used for upgrading will be copied to the root directories of other units in the fabric z When you execute the update fabric command the system first collects the free space information of each...

Страница 1033: ...to set test bin to be running agent next time to boot Y N y The test bin is configured successfully File Attribute Configuration Commands boot attribute switch Syntax boot attribute switch all app co...

Страница 1034: ...e in the fabric to be with the main attribute The app file specified by this command becomes the main startup file when the device starts up next time If you execute the boot boot loader command witho...

Страница 1035: ...ion applies to the local unit only Before configuring the main or backup attribute for a file in the fabric make sure the file already exists on all devices in the fabric This is because Ethernet swit...

Страница 1036: ...named boot web to be with the main attribute Sysname boot web package boot web main display boot loader Syntax display boot loader unit unit id View Any view Parameters unit unit id Specifies the uni...

Страница 1037: ...b package is flash http3 1 5 0040 web The main web package is unit1 flash http3 1 5 0040 web The backup web package is unit1 flash startup bootrom access enable Syntax startup bootrom access enable un...

Страница 1038: ...of a TFTP server dest hostname Host name of a TFTP server filename cfg Name of the configuration file to which the current configuration will be backed up a string of 5 to 56 characters including the...

Страница 1039: ...e fabric system source addr IP address of a TFTP server source hostname Host name of a TFTP server filename cfg Name of the configuration file to be restored to a string of 5 to 56 characters includin...

Страница 1040: ...name restore fabric startup configuration from 1 1 1 253 bbb cfg Restore startup configuration from 1 1 1 253 Please wait File will be transferred in binary mode Downloading file from remote tftp serv...

Страница 1041: ...ion Commands 1 7 ascii 1 7 binary 1 8 bye 1 8 cd 1 9 cdup 1 9 close 1 10 delete 1 10 dir 1 11 disconnect 1 12 display ftp source ip 1 12 ftp 1 13 ftp cluster remote server source interface 1 13 ftp cl...

Страница 1042: ...32 quit 1 33 remove 1 33 rename 1 34 rmdir 1 34 sftp 1 35 sftp source interface 1 36 sftp source ip 1 37 2 TFTP Configuration Commands 2 1 TFTP Configuration Commands 2 1 display tftp source ip 2 1 t...

Страница 1043: ...Examples Display the FTP server related settings of the switch assuming that the switch is operating as an FTP server Sysname display ftp server FTP server is running Max user number 1 User count 0 T...

Страница 1044: ...nly use this address as the destination address to connect to the FTP server z If neither source interface nor source IP address is specified 0 0 0 0 will be displayed In this case the FTP client can...

Страница 1045: ...s characters behind the tenth will be displayed in the second line with a left aligning mode Take username username test for example the result is Sysname display ftp user UserName HostIP Port Idle Ho...

Страница 1046: ...152 1029 0 flash Disconnect the user named admin from the FTP server Sysname system view System View return to User View with Ctrl Z Sysname ftp disconnect admin The user connection will be disconnec...

Страница 1047: ...timeout time of an FTP client When the idle time of the FTP client exceeds this timeout time the FTP server terminates the connection with the FTP client Use the undo ftp timeout command to restore t...

Страница 1048: ...no source interface is specified for an FTP server and an FTP client can use any reachable interface address on the FTP server as the destination address to connect to the FTP server Related commands...

Страница 1049: ...omitted to avoid repetition For the configuration of the command for entering FTP client view refer to ftp z When executing the FTP client configuration commands in this section confirm whether the c...

Страница 1050: ...Related commands ascii Examples Specify to transfer files in binary mode ftp binary 200 Type set to I bye Syntax bye View FTP client view Parameters None Description Use the bye command to terminate t...

Страница 1051: ...cd flash temp Display the current working directory ftp pwd 257 flash temp is current directory cdup Syntax cdup View FTP client view Parameters None Description Use the cdup command to exit the curre...

Страница 1052: ...w This command has the same effect as that of the disconnect command Examples Terminate the FTP connection without quitting FTP client view ftp close 221 Server closing ftp delete Syntax delete remote...

Страница 1053: ...mand Related commands pwd Examples Display the information about all the files in the current directory on the remote FTP server ftp dir 227 Entering Passive Mode 192 168 0 152 4 0 125 ASCII mode data...

Страница 1054: ...eived in 5 818 second s 11 00 byte s sec disconnect Syntax disconnect View FTP client view Parameters None Description Use the disconnect command to terminate an FTP connection without quitting FTP cl...

Страница 1055: ...View User view Parameters cluster Connects to the configured FTP server of a cluster For the configuration of the FTP server of a cluster refer to the Cluster part of this manual remote server Host n...

Страница 1056: ...e interface to connect to the FTP server whose IP address is 192 168 8 8 Sysname ftp 192 168 8 8 source interface Vlan interface 1 ftp cluster remote server source ip Syntax ftp cluster remote server...

Страница 1057: ...em decides which interface will be used for accessing FTP servers By default the switch uses the IP address of the outbound interface in the local routing table as the source IP address for connecting...

Страница 1058: ...witch uses every time it connects to an FTP server Sysname system view System View return to User View with Ctrl Z Sysname ftp source ip 192 168 0 1 get Syntax get remotefile localfile View FTP client...

Страница 1059: ...nt to modify the local working directory you need to terminate the connection with the FTP server quit FTP client view execute the cd command in user view and reconnect to the FTP server Examples Disp...

Страница 1060: ...125 ASCII mode data connection already open transfer starting for s3r01 btm s3r01_15 btm config cfg default diag test test txt mytest bak a txt myopenssh public temp c swithc001 226 Transfer complete...

Страница 1061: ...a control connection with an FTP server If you have connected to an FTP server you cannot use the open command to connect to another server and you need to terminate the connection with the current FT...

Страница 1062: ...e firewall may block the connection request because the FTP server initiates the connection with Port1 through an external network and thus data transmission will be affected Therefore you are recomme...

Страница 1063: ...flash temp is current directory quit Syntax quit View FTP client view Parameters None Description Use the quit command to terminate FTP control connection and FTP data connection and return to user v...

Страница 1064: ...whether the FTP server provides help information about FTP protocol commands Examples Display the syntax of the user command ftp remotehelp user 214 Syntax USER sp username rename Syntax rename remot...

Страница 1065: ...on the FTP server Assume that the directory is empty ftp rmdir flash temp1 200 RMD command successful user Syntax user username password View FTP client view Parameters username Username used to log i...

Страница 1066: ...nished successfully FTP 100 byte s received in 5 109 second s 20 00 byte s sec Disable the verbose function ftp undo verbose Download the file with name test cfg ftp get test cfg FTP 1740 byte s recei...

Страница 1067: ...meout time out value undo sftp timeout View System view Parameters time out value Timeout time in the range 1 to 35 791 in minutes The default value is 10 Description Use the sftp timeout command to s...

Страница 1068: ...amples Terminate the connection with the remote SFTP server sftp client bye Bye Sysname cd Syntax cd remote path View SFTP client view Parameters remote path Path of the target directory on the remote...

Страница 1069: ...y Examples Change the working path and return to the parent directory sftp client cdup Received status Success Current Directory is delete Syntax delete remote file 1 10 View SFTP client view Paramete...

Страница 1070: ...specified directory on the remote SFTP server If a or l is not specified the command displays details about the files and folders in the specified directory in a list If no remote path is specified t...

Страница 1071: ...face otherwise this command displays the IP address 0 0 0 0 Examples Display the source IP address for the current SFTP client Sysname display sftp source ip The source IP you specified is 192 168 1 1...

Страница 1072: ...tt txt This operation may take a long time please wait Remote file tt bak Local file tt txt Received status End of file Received status Success Downloading file successfully ended help Syntax help all...

Страница 1073: ...iles in the current working directory This command has the same effect as that of the dir command Examples Display the files in the current directory sftp client ls rwxrwxrwx 1 noone nogroup 1759 Aug...

Страница 1074: ...By default the local file name is used for the remote file if no remote file name is specified Examples Upload the file named config cfg to the remote SFTP server and save it as 1 txt sftp client put...

Страница 1075: ...Bye Sysname remove Syntax remove remote file 1 10 View SFTP client view Parameters remote file 1 10 Name of a file on the server 1 10 indicates that up to ten file names can be input These file names...

Страница 1076: ...txt sftp client rename temp bat temp txt File successfully renamed rmdir Syntax rmdir remote path 1 10 View SFTP client view Parameters remote path 1 10 Name of a directory on the remote SFTP server...

Страница 1077: ...nge algorithm diffie hellman group1 sha1 It is the default key exchange algorithm z dh_exchange_group Key exchange algorithm diffie hellman group exchange sha1 prefer_ctos_cipher Preferred client to s...

Страница 1078: ...ou want to save the server s public key Y N y Enter password sftp client sftp source interface Syntax sftp source interface interface type interface number undo sftp source interface View System view...

Страница 1079: ...d IP address is not the IP address of the local device the system prompts that the configuration fails Use the undo sftp source ip command to remove the specified source IP address Then the client acc...

Страница 1080: ...s displayed If neither source IP address nor source interface is specified for the TFTP client 0 0 0 0 is displayed Related commands tftp source ip tftp source interface Examples Display the source IP...

Страница 1081: ...d or specified on a TFTP client To enter another working directory you need to modify the working directory on the TFTP server and relog in The 3com switch 5500 EI supports the TFTP file size negotiat...

Страница 1082: ...ver IP address or the host name of a TFTP server a string of 1 to 20 characters If the switch belongs to a cluster the value cluster means to connect to the TFTP server of the cluster For the configur...

Страница 1083: ...File name used when a file is downloaded and saved to the switch put Specifies to upload a file to the TFTP server source file url Path and name of the file to be uploaded to the TFTP server dest file...

Страница 1084: ...mpt appears to show the command fails to be executed Examples Connect to the remote TFTP server whose IP address is 192 168 8 8 through the source IP address 192 168 0 1 and download the file named te...

Страница 1085: ...ise a prompt appears to show the configuration fails Use the undo tftp source ip command to cancel the source IP address setting The switch uses the IP address of the outbound interface in the local r...

Страница 1086: ...ed for the connection between a TFTP client and a TFTP server Use the undo tftp server acl command to cancel all ACLs adopted Examples Specify to adopt ACL 2000 on the TFTP client Sysname system view...

Страница 1087: ...center enable 1 7 info center logbuffer 1 8 info center loghost 1 9 info center loghost source 1 10 info center monitor channel 1 10 info center snmp channel 1 11 info center source 1 12 info center...

Страница 1088: ...ffer logbuffer snmpagent channel6 channel7 channel8 channel9 Description Use the display channel command to display the settings of an information channel If no argument is specified in the command th...

Страница 1089: ...0 channel name console Monitor channel number 1 channel name monitor SNMP Agent channel number 5 channel name snmpagent Log buffer enabled max buffer size 1024 current buffer size 512 current message...

Страница 1090: ...debugging information XRN SWITCH OF Device Unit 1 Information about the information output state of the device enabled or disabled showing whether the log trap and debugging information output are en...

Страница 1091: ...log buffer Examples Display the status of the log buffer and the records in the log buffer Sysname display logbuffer Logging buffer configuration and contents enabled Allowed max buffer size 1024 Act...

Страница 1092: ...ics of the log buffer Examples Display the summary of the log buffer Sysname display logbuffer summary EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG 0 0 0 0 94 0 1 0 The above information indicates tha...

Страница 1093: ...us is 1 ifOperStatus is 1 Omitted info center channel name Syntax info center channel channel number name channel name undo info center channel channel number View System view Parameters channel numbe...

Страница 1094: ...annel9 Description Use the info center console channel command to set the channel through which information is output to the console Use the undo info center console channel command to restore the def...

Страница 1095: ...ffersize undo info center logbuffer channel size View System view Parameters channel Sets the channel through which information outputs to the log buffer channel number Channel number ranging from 0 t...

Страница 1096: ...r snmpagent channel6 channel7 channel8 channel9 facility local number The logging facility of the log host The local number argument ranges from local0 to local7 with the corresponding value ranging f...

Страница 1097: ...ommand to configure the source interface through which information is sent to the log host Use the undo info center loghost source command to cancel the source interface configuration Related commands...

Страница 1098: ...0 Sysname system view System View return to User View with Ctrl Z Sysname info center monitor channel 0 info center snmp channel Syntax info center snmp channel channel number channel name undo info c...

Страница 1099: ...rules By default the output rules for the system information are listed in Table 1 4 This command can be used to set the filter and redirection rules of log trap and debugging information For example...

Страница 1100: ...llowed Enabled disabled Severity Enabled disabled Severity Enabled disabled Severity Console default all modules Enabled warnings Enabled debuggin g Enabled debuggin g Monitor terminal default all mod...

Страница 1101: ...ion are echoed after the output note that the command prompt is echoed in command edit state but is not echoed in interactive state Use the undo info center synchronous command to disable synchronous...

Страница 1102: ...g information output is enabled and log and trap information output is disabled for the master switch in the fabric Debugging log and trap information output for other switches in the fabric is disabl...

Страница 1103: ...r example 7 z hh mm ss sss The local time with hh ranging from 00 to 23 mm and ss ranging from 00 to 59 and sss ranging from 0 to 999 z yyyy Represents the year none Specifies not to include time stam...

Страница 1104: ...ystem View return to User View with Ctrl Z Sysname info center timestamp loghost no year date info center timestamp utc Syntax info center timestamp utc undo info center timestamp utc View System view...

Страница 1105: ...es 0 overwritten messages 0 Information timestamp setting with utc log date trap date debug boot XRN SWITCH OF Device Unit 1 LOG disable TRAP disable DEBUG enable If you configure to add the UTC time...

Страница 1106: ...command takes effect only after the information center function is enabled Related commands info center enable display info center Examples Enable the system to output trap information to the trap buf...

Страница 1107: ...to enable debugging terminal display Use the undo terminal debugging command to disable debugging terminal display By default debugging terminal display is disabled You can execute the terminal debug...

Страница 1108: ...le users and terminal users This command works only on the current terminal The debugging log trap information can be output on the current terminal only after this command is executed in user view z...

Страница 1109: ...Use the terminal trapping command to enable trap terminal display Use the undo terminal trapping command to disable trap terminal display By default trap terminal display is enabled Examples Enable t...

Страница 1110: ...vity Test Commands 2 1 Network Connectivity Test Commands 2 1 ping 2 1 tracert 2 3 3 Device Management Commands 3 1 Device Management Commands 3 1 boot boot loader 3 1 boot bootrom 3 1 display boot lo...

Страница 1111: ...ii xmodem get 3 18...

Страница 1112: ...from 2000 to 2099 MM represents month ranging from 1 to 12 and DD represents day ranging from 1 to 31 Description Use the clock datetime command to set the current date and time of the Ethernet switch...

Страница 1113: ...ption Use the clock summer time command to set the summer time including the name time range and time offset After the setting you can use the display clock command to check the results Examples Set t...

Страница 1114: ...k timezone command to restore the local time zone to the default UTC time zone After the setting you can use the display clock command to check the setting The log information time and the debugging i...

Страница 1115: ...sname Return to system view from Ethernet port view Sysname system view System View return to User View with Ctrl Z Sysname interface ethernet 1 0 1 Sysname Ethernet1 0 1 quit Sysname return Syntax re...

Страница 1116: ...he system name will affect the CLI prompt For example if the system name of the switch is 3Com the prompt for user view is 3Com Examples Set the system name of the Ethernet switch to LSW Sysname syste...

Страница 1117: ...the system Sysname display clock 18 36 31 beijing Sat 2002 02 02 Time Zone beijing add 01 00 00 Summer Time bj one off 01 00 00 2003 01 01 01 00 00 2003 08 08 01 00 00 Table 1 1 Description on the fie...

Страница 1118: ...on display version Syntax display version View Any view Parameters None Description Use the display version command to display the version information about the switch system Specifically you can use...

Страница 1119: ...ing information and thus will affect the efficiency of the system Therefore it is recommended not to enable debugging for multiple functions at the same time To disable all debugging at a time you can...

Страница 1120: ...t the file name diag flash default diag The file is already existing overwrite it Y N y Output information to file flash default diag Please wait After saving the information you can use the more defa...

Страница 1121: ...l monitor command you will disable the monitoring of the log trap and debugging information on the current terminal Thereby no log trap or debugging information will be displayed on the terminal z The...

Страница 1122: ...sending interface by its type and number With the interface specified the TTL of packets are set to 1 automatically to test the directly connected device the IP address of the device is in the same ne...

Страница 1123: ...packet including the number of bytes packet sequence number TTL and response time of the response packet if the response packet is received within the timeout time If no response packet is received wi...

Страница 1124: ...r of packets to be sent each time The num packet argument ranges from 0 to 65 535 and defaults to 3 w timeout Specifies the timeout time to wait for ICMP error packets The timeout argument ranges from...

Страница 1125: ...ms 19 ms 19 ms 4 128 32 136 23 128 32 136 23 19 ms 39 ms 39 ms 5 128 32 168 22 128 32 168 22 20 ms 39 ms 39 ms 6 128 32 197 4 128 32 197 4 59 ms 119 ms 39 ms 7 131 119 2 5 131 119 2 5 59 ms 59 ms 39...

Страница 1126: ...it NO flash which is used to indicate that the specified file is stored in the Flash memory of a specified switch Description Use the boot boot loader command to specify the host software that will be...

Страница 1127: ...d display boot loader Syntax display boot loader unit unit id View Any view Parameters unit id Unit ID of a switch Description Use the display boot loader command to display the host software app file...

Страница 1128: ...utes Table 3 2 Description on the fields of the display cpu command Field Description CPU busy status CPU usage status 12 in last 5 seconds 12 in last 1 minute 12 in last 5 minutes The CPU usage in th...

Страница 1129: ...omVer AddrLM Type State 0 0 24 REV C NULL 001 510 IVL MAIN Normal 0 1 4 REV C NULL 001 NULL IVL 4 GE Normal Table 3 3 Description on the fields of the display device command Field Description SlotNo S...

Страница 1130: ...sage of a specified switch Examples Display the memory usage of this switch Sysname display memory Unit 1 System Available Memory bytes 30045312 System Used Memory bytes 15698468 Used Rate 52 Table 3...

Страница 1131: ...eboot Syntax display schedule reboot View Any view Parameters None Description Use the display schedule reboot command to display information about scheduled reboot Related commands schedule reboot at...

Страница 1132: ...Temperature is high Temp low Temperature is low Voltage high Voltage is high Voltage low Voltage is low Transceiver info I O error Transceiver information read and write error Transceiver info checks...

Страница 1133: ...ault WIS WAN Interface Sublayer local fault Receive optical power fault Receive optical power fault PMA PMD receiver local fault PMA PMD Physical Medium Attachment Physical Medium Dependent receiver l...

Страница 1134: ...nformation Current alarm information of the transceiver TX fault TX fault display transceiver diagnosis interface Syntax display transceiver diagnosis interface interface type interface number View An...

Страница 1135: ...ion to 0 01 dBM TX power dBM Digital diagnosis parameter TX power in dBM with the precision to 0 01 dBM display transceiver interface Syntax display transceiver interface interface type interface numb...

Страница 1136: ...vers If the transceiver supports multiple transfer medium every two values of the transfer distance are separated by a comma The corresponding transfer medium is included in the bracket following the...

Страница 1137: ...nfo interface Field Description Manu Serial Number Serial number generated during debugging and testing Manufacturing Date Debugging and testing date The date takes the value of the system clock of th...

Страница 1138: ...nge If yes it prompts whether or not to proceed This prevents the system from losing the configurations in case of shutting down the system without saving the configurations Examples Directly restart...

Страница 1139: ...n of one minute that is the switch will reboot within one minute after the specified reboot date and time Note that z After you execute the schedule reboot at command with a specified future date the...

Страница 1140: ...ote that z The switch timer is precise to one minute When the reboot time reaches the switch will reboot in one minute at most z You can set the reboot delay in two formats the hour minute format and...

Страница 1141: ...egularity command to cancel the configured reboot period By default the reboot period of the switch is not configured The switch timer can be set to a precision of one minute that is the switch will r...

Страница 1142: ...sis and solution of the problems of the device By default real time monitoring of the running status of the system is enabled Enabling of this function consumes some amounts of CPU resources Therefore...

Страница 1143: ...ed on unit 2 successfully Do you want to set s5500 app to be running agent next time to boot Y N y The s5500 app is configured successfully xmodem get Syntax xmodem get file url device name View User...

Страница 1144: ...3 19 WARNING xmodem is a slow transfer protocol limited to the current speed settings of the auxiliary ports During the course of the download no exec input output will be available...

Страница 1145: ...vlan vpn inner cos trust 1 4 vlan vpn priority 1 4 vlan vpn tpid 1 6 2 Selective QinQ Configuration Commands 2 1 Selective QinQ Configuration Commands 2 1 mac address mapping 2 1 raw vlan id inbound 2...

Страница 1146: ...lan vpn Ethernet1 0 6 VLAN VPN status enabled VLAN VPN VLAN 1 VLAN VPN inner cos trust status disable VLAN VPN TPID 8100 Table 1 1 Description on the fields of the display port vlan vpn command Field...

Страница 1147: ...By default transparent IGMP message transmission is disabled on a port For a VLAN VPN disabled port the switch can transmit an IGMP message received on the port within the VLAN that the IGMP message...

Страница 1148: ...acket already carries a VLAN tag the packet becomes a dual tagged packet z Otherwise the packet becomes a packet carrying the default VLAN tag of the port If XRN fabric is enabled on a device the VLAN...

Страница 1149: ...the outer tag priority of packets For descriptions on receiving port priority refer to QoS QoS Profile Operation Note that z This feature can be enabled only on VLAN VPN enabled ports z This command...

Страница 1150: ...n outer tag that has the corresponding priority Use the undo vlan vpn priority command to remove the configuration By default no mapping between the inner tag priority and the outer tag priority is co...

Страница 1151: ...TPID value The default TPID value is 0x8100 For the position and function of the TPID field in a packet refer to VLAN Operation The TPID field in an Ethernet frame has the same position with the prot...

Страница 1152: ...1 7 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 2 Sysname Ethernet1 0 2 vlan vpn tpid 9100...

Страница 1153: ...he range 1 to 4094 all Removes all the inter VLAN MAC address replicating configurations created on the current port Description Use the mac address mapping command to configure the inter VLAN MAC add...

Страница 1154: ...aw vlan id inbound all vlan id list View QinQ view Parameters vlan id list Lists of VLAN IDs After receiving packets of these VLANs the switch will encapsulate the packets with the specified outer VLA...

Страница 1155: ...l Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 vlan vpn vid 20 Sysname Ethernet1 0 1 vid 20 raw vlan id inbound 8 to 15 vlan vpn vid Syntax vlan vpn vid vlan id undo vlan vpn vid vlan id V...

Страница 1156: ...ich VLANs packets will be encapsulated with the specified outer VLAN tag Otherwise the configuration of the outer VLAN tag is of no use Related commands raw vlan id inbound Examples Specify Ethernet 1...

Страница 1157: ...le BPDU tunnel for link aggregation control protocol LACP pagp Enable Disable BPDU tunnel for port aggregation protocol PAGP pvst Enable Disable BPDU tunnel for per VLAN spanning tree PVST stp Enable...

Страница 1158: ...ork cannot be transparently transmitted properly z If XRN fabric is enabled on one port of a device the BPDU tunnel feature cannot be enabled on any port of the device Examples Enable BPDU tunnel for...

Страница 1159: ...e266 c3ab Sysname system view System View return to User View with Ctrl Z Sysname bpdu tunnel tunnel dmac 010f e266 c3ab display bpdu tunnel Syntax display bpdu tunnel View Any view Parameters None De...

Страница 1160: ...ion 1 18 history keep time 1 19 history record enable 1 20 history records 1 20 http operation 1 21 http string 1 22 remote ping 1 22 remote ping agent clear 1 23 remote ping agent enable 1 23 remote...

Страница 1161: ...ii ttl 1 37 username 1 38 remote ping Server Commands 1 39 remote ping server enable 1 39 remote ping server tcpconnect 1 40 remote ping server udpecho 1 40...

Страница 1162: ...igure the advantage factor which is used to count Mos and ICPIF value in a jitter voice test Use the undo adv factor command to restore the default This command applies only to jitter voice test Examp...

Страница 1163: ...cmp test type icmp Sysname remote ping administrator icmp count 10 datafill Syntax datafill string undo datafill View remote ping test group view Parameters string Data for padding test packets It is...

Страница 1164: ...None First 68 bytes jitter G 711 A Law First 16 bytes jitter G 711 muHmm Law First 16 bytes jitter G 729 A Law First 16 bytes Examples Configure a packet padding string 12 ab cd Sysname system view Sy...

Страница 1165: ...administrator icmp test type icmp Sysname remote ping administrator icmp datasize 50 description Syntax description string undo description View remote ping test group view Parameters string Brief de...

Страница 1166: ...it must be an IP address Examples Set the destination IP address of an ICMP test to 169 254 10 3 Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator icmp...

Страница 1167: ...te ping administrator tcp destination port 9000 display remote ping Syntax display remote ping results history jitter administrator name operation tag View Any view Parameters results Displays results...

Страница 1168: ...estination IP address Send operation times Number of probes made Receive response times Number of received response packets Min Max Average Round Trip Time Minimum maximum average roundtrip time in mi...

Страница 1169: ...ived 2 unknown Unknown error 3 internalError System internal error 4 requestTimeOut Request timed out 5 unknownDestinationAddress Unknown destination address 6 noRouteToTarget Destination unreachable...

Страница 1170: ...ult command Field Description DNS Resolve Time Time used for a DNS resolution HTTP Operation Time Total time used to establish an HTTP connection DNS Resolve Min Time Minimal time used for a DNS resol...

Страница 1171: ...umber 25 Positive SD Sum 85 Positive DS Sum 42 Positive SD average 2 Positive DS average 1 Positive SD Square Sum 267 Positive DS Square Sum 162 Min Negative SD 1 Min Negative DS 1 Max Negative SD 6 M...

Страница 1172: ...the source to the destination Max Negative DS Maximum absolute value of negative jitter delays from the destination to the source Negative SD Number Number of negative jitter delays from the source to...

Страница 1173: ...lt DNS Resolve Current Time 10 DNS Resolve Min Time 6 DNS Resolve Times 10 DNS Resolve Max Time 10 DNS Resolve Timeout Times 0 DNS Resolve Failed Times 0 Table 1 6 Description on the fields of the dis...

Страница 1174: ...Trip Time 0 Packet lost in test 0 Disconnect operation number 0 Operation timeout number 0 System busy operation number 0 Connection fail number 0 Operation sequence errors 0 Drop operation number 0...

Страница 1175: ...tter value from source to destination destination to source is the minimum of positive value Max Positive SD DS The jitter value from source to destination destination to source is the maximum of posi...

Страница 1176: ...address is configured z This command applies to DNS and HTTP tests only z For an HTTP test if configuring the destination address as the host name you must configure the IP address of the DNS server t...

Страница 1177: ...em view System View return to User View with Ctrl Z Sysname remote ping administrator dns Sysname remote ping administrator dns test type dns Sysname remote ping administrator dns dns resolve target w...

Страница 1178: ...ote ping test group view Parameters size File size in the range 1 to 10000 Kbytes Description Use the filesize command to configure the size of the file to be uploaded in an FTP test Use the undo file...

Страница 1179: ...by default Related commands count z The frequency command does not apply to DHCP tests z The frequency command supports fabric only when the test type of this test group is ICMP With fabric enabled yo...

Страница 1180: ...FTP test Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator ftp Sysname remote ping administrator ftp test type ftp Sysname remote ping administrator ft...

Страница 1181: ...history record as needed z If you need to save history record enable it z If you disable the history record after enabling it the saved history record will be deleted and the maximum number of the hi...

Страница 1182: ...with Ctrl Z Sysname remote ping administrator icmp Sysname remote ping administrator icmp test type icmp Sysname remote ping administrator icmp history records 10 http operation Syntax http operation...

Страница 1183: ...g command to configure the HTTP operation string and HTTP version Use the undo http string command to remove the configured HTTP operation string and version By default no HTTP operation string and HT...

Страница 1184: ...group Examples Create an remote ping test group of which the administrator name is administrator and operation tag is icmp Sysname system view System View return to User View with Ctrl Z Sysname remot...

Страница 1185: ...remote ping client Sysname system view System View return to User View with Ctrl Z Sysname remote ping agent enable remote ping agent max requests Syntax remote ping agent max requests max number und...

Страница 1186: ...erval between sending jitter test packets Use the undo jitter interval command to restore the default By default the interval between sending jitter test packets is 20 milliseconds Related commands ji...

Страница 1187: ...ets in a probe for a jitter test Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator jitter Sysname remote ping administrator jitter test type jitter Sysn...

Страница 1188: ...failtimes View remote ping test group view Parameters times Number of consecutive failed probes in the range of 1 to 15 Description Use the probe failtimes command to configure the number of consecuti...

Страница 1189: ...command to disable debugging for a trap By default no trap is output Examples Send a trap message after an ICMP test is finished Sysname system view System View return to User View with Ctrl Z Sysnam...

Страница 1190: ...ace View remote ping test group view Parameters interface type interface number Interface type and interface number Description For ICMP tests use the source interface command to specify a source inte...

Страница 1191: ...ce z The interface to be specified must be Up otherwise the test will fail Examples Configure the source interface that sends test packets in DHCP tests as VLAN interface 1 Sysname system view System...

Страница 1192: ...sname remote ping administrator icmp source ip 169 254 10 2 source port Syntax source port port number undo source port View remote ping test group view Parameters port number Protocol source port num...

Страница 1193: ...r configuration and restore the default By default the statistics interval for a test is once every 60 minutes and up to two groups of statistics information can be retained Delete all statistics info...

Страница 1194: ...e range 1 to 2147483647 in seconds Description Use the test time begin command to configure the start time and the lasting time of a test Use the undo test time command to stop the test and remove the...

Страница 1195: ...delay change of UDP packet transmission z snmpquery Indicates an SNMP test z tcpprivate Indicates a TCP test on a specified unknown port z tcppublic Indicates a TCP test on port 7 z udpprivate Indicat...

Страница 1196: ...mote ping test Related commands display remote ping The result of the remote ping test cannot be displayed automatically and you need to use the display remote ping command to display the test result...

Страница 1197: ...for three consecutive times Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator icmp Sysname remote ping administrator icmp test type icmp Sysname remote...

Страница 1198: ...acket header in the range of 0 to 255 Description Use the tos command to configure the ToS value in a remote ping test packet header Use the undo tos command to remove the ToS value in a remote ping t...

Страница 1199: ...P and tracert tests z The sendpacket passroute command voids the ttl command Examples Set the TTL of remote ping ICMP test packets to 16 Sysname system view System View return to User View with Ctrl Z...

Страница 1200: ...tor remote ping Server Commands z A remote ping server is required for only jitter TCP and UDP tests z You are not recommended to configure remote ping jitter UDP TCP servers on ports 1 through 1023 w...

Страница 1201: ...for fixed functions such as port 1701 Otherwise the remote ping test may fail Description Use the remote ping server tcpconnect command to create a TCP listening service on the remote ping server Use...

Страница 1202: ...cho command to enable UDP listening on a remote ping server Use the undo remote ping server udpecho command to disable UDP listening When performing a jitter test or a UDP connection test on a specifi...

Страница 1203: ...ommands 1 1 DNS Configuration Commands 1 1 display dns domain 1 1 display dns dynamic host 1 1 display dns server 1 2 display ip host 1 3 dns domain 1 4 dns resolve 1 5 dns server 1 5 ip host 1 6 nslo...

Страница 1204: ...protocols Description Use the display dns domain command to display the DNS suffixes Related commands dns domain Examples Display DNS suffixes Sysname display dns domain No Domain name 0 aaa com Table...

Страница 1205: ...ame Domain name Ipaddress IP address of the corresponding domain name TTL Time for which an entry is cached in seconds Alias Alias for the domain name There can be four aliases at most DNS resolution...

Страница 1206: ...er which is assigned automatically by the system and starts from 1 display ip host Syntax display ip host View Any view Parameters None Description Use the display ip host command to display mappings...

Страница 1207: ...omain name you entered for resolution Use the undo dns domain command to delete the configured DNS suffix No DNS suffix is configured by default You can configure a maximum of 10 DNS suffixes You must...

Страница 1208: ...ew System View return to User View with Ctrl Z Sysname dns resolve dns server Syntax dns server ip address undo dns server ip address View System view Parameters ip address IP address of the DNS Serve...

Страница 1209: ...to remove the mapping No mappings are created by default Each host name can correspond to only one IP address When IP addresses are configured for the same host for multiple times only the IP address...

Страница 1210: ...ost com Address 192 168 3 2 Display the corresponding IP address for www host com Sysname nslookup type a www host com Trying DNS server 10 72 66 36 Name www host com Address 192 168 3 2 reset dns dyn...

Страница 1211: ...vlan 1 3 link aggregation group 1 3 port 1 4 port smart link group 1 5 reset smart link packets counter 1 6 smart link flush enable 1 6 smart link group 1 7 2 Monitor Link Configuration Commands 2 1 M...

Страница 1212: ...ved 000f e20f 5566 Device ID of last flush packet received 000f e20f 5566 Control VLAN ID of last flush packet received 1 Table 1 1 Description on the fields of the display smart link flush command Fi...

Страница 1213: ...ormation about smart link group 1 Sysname display smart link group 1 Smart Link Group 1 information Device ID 000f e212 3456 Control VLAN ID 1 Member Role State Flush count Last flush time Ethernet1 0...

Страница 1214: ...th Ctrl Z Sysname smart link group 1 Sysname smlk group1 flush enable control vlan 1 link aggregation group Syntax link aggregation group group id master slave undo link aggregation group group id Vie...

Страница 1215: ...r master Specifies the specified port as the master port of the smart link group slave Specifies the specified port as the slave port of the smart link group Description Use the port command to assign...

Страница 1216: ...smart link group Use the undo port smart link group command to remove the current port from the specified smart link group The port where you configure the command cannot be a link aggregation group m...

Страница 1217: ...interface number undo smart link flush enable port interface type interface number to interface type interface number View Ethernet port view system view Parameters vlan id Control VLAN ID in the ran...

Страница 1218: ...ush messages received from control VLAN 1 Sysname system view System View return to User View with Ctrl Z Sysname smart link flush enable control vlan 1 port Ethernet 1 0 5 to Ethernet 1 0 10 smart li...

Страница 1219: ...o members before executing the undo smart link group command Examples Create a smart link group Sysname system view System View return to User View with Ctrl Z Sysname smart link group 1 New Smart Lin...

Страница 1220: ...group 1 Sysname display monitor link group 1 Monitor link group 1 information Member Role Status Last up time Last down time SMLK 2 UPLINK UP 16 37 20 2006 4 21 16 37 20 2006 4 20 AGG 1 DOWNLINK UP T...

Страница 1221: ...oup member can be a single port a manual or static link aggregation group but not a dynamic link aggregation group Uplink port can also be a smart link group Use this command only on the link aggregat...

Страница 1222: ...cuting the undo monitor link group command Examples Create a monitor link group Sysname system view System View return to User View with Ctrl Z Sysname monitor link group 1 New Monitor Link Group has...

Страница 1223: ...trl Z Sysname monitor link group 1 Sysname mtlk group1 port Ethernet 1 0 7 downlink port monitor link group Syntax port monitor link group group id uplink downlink undo port monitor link group group i...

Страница 1224: ...ink group group id uplink undo smart link group group id View Monitor link group view Parameters group id Smart link group ID ranging 1 to 24 uplink Specifies the specified smart link group as the upl...

Страница 1225: ...i Table of Contents 1 Access Management Configuration Commands 1 1 Access Management Configuration Commands 1 1 am enable 1 1 am ip pool 1 1 am trap enable 1 2 display am 1 3...

Страница 1226: ...able command to disable the function By default Access management function is disabled Before enabling access management you are recommended to cancel the static ARP configuration to ensure that the b...

Страница 1227: ...Note that z Before configuring the access management IP address pool of a port you need to configure the interface IP address of the VLAN to which the port belongs and the IP addresses in the access...

Страница 1228: ...he format of interface type interface number to interface type interface number 1 10 where interface type is port type interface number is port number and 1 10 means that you can specify up to ten por...

Страница 1229: ...ess Management state of a port enabled or disabled IP Pools Access management IP pools NULL means the access management IP pool is not configured Each IP address range is represented as X X X X number...

Страница 1230: ...g 1 14 lldp admin status 1 15 lldp check change interval 1 16 lldp compliance admin status cdp 1 17 lldp compliance cdp 1 17 lldp enable 1 18 lldp encapsulation snap 1 18 lldp fast count 1 19 lldp hol...

Страница 1231: ...ring devices through a port If no keyword or argument is specified this command displays all the LLDP information to be sent including the global LLDP information and the LLDP information about the LL...

Страница 1232: ...LAN name of VLAN 1 VLAN 0001 Auto negotiation supported Yes Auto negotiation enabled Yes OperMau speed 1000 duplex Full PoE supported No Link aggregation supported Yes Link aggregation enabled No Aggr...

Страница 1233: ...ier Asset tracking ID LLDP local information of port number interface type interface number LLDP information about a port Port ID subtype Port ID type Port ID Port ID Port description Port description...

Страница 1234: ...aggregation is enabled Aggregation port ID Aggregation group ID which is 0 if link aggregation is not enabled Maximum frame Size Maximum frame size supported MED information MED LLDP information Medi...

Страница 1235: ...received through a port With no keyword argument specified this command displays the LLDP information received through all the ports Examples Display the LLDP information received through all the por...

Страница 1236: ...tion Class 0 Link aggregation supported Yes Link aggregation enabled No Aggregation port ID 0 Maximum frame Size 1536 Neighbor index 2 Update time 0 days 0 hours 1 minutes 1 seconds Chassis type MAC a...

Страница 1237: ...ximum frame Size 1536 Table 1 2 display lldp neighbor information command output description Field Description LLDP neighbor information LLDP information about a neighboring device LLDP neighbor infor...

Страница 1238: ...rrently enabled Management address type Management address type Management address Management address Management address interface type Type of the interface identified by the management address Manag...

Страница 1239: ...re LLDP enabled are of this type z Class indicating a media terminal device A device of this type is media capable That is besides the capabilities of a normal terminal device it also supports media s...

Страница 1240: ...type which can be z Primary indicating a primary power supply z Backup indicating a backup power supply PoE service type PoE service type Port PSE Priority Port PSE priority which can be z Unknown z...

Страница 1241: ...The number of LLDP frames discarded 0 The number of LLDP error frames 0 The number of LLDP TLVs discarded 0 The number of LLDP TLVs unrecognized 0 The number of LLDP neighbor information aged out 0 T...

Страница 1242: ...s transmitted on the port The number of CDP frames received Total number of the CDP frames received on the port The number of CDP frames discarded Total number of the CDP frames dropped on the port Th...

Страница 1243: ...alization delay Transmit delay Delay period to send LLDPDUs Trap interval Interval to send traps Fast start times Number of the LLDPDUs to be sent successively when a new neighboring device is detecte...

Страница 1244: ...through a port If no port is specified this command displays all the TLVs that are currently sent through all the ports Examples Display all the TLVs that are currently sent through all the ports Sys...

Страница 1245: ...System name TLV z System description TLV z System capabilities TLV z Management address TLV IEEE 802 1 extended TLV IEEE 802 1 extended TLVs including z Port VLAN ID TLV z Port and protocol VLAN ID T...

Страница 1246: ...sname Ethernet1 0 1 lldp admin status rx lldp check change interval Syntax lldp check change interval value undo lldp check change interval View Ethernet interface view Parameters value LLDP polling i...

Страница 1247: ...configure CDP compatible LLDP to work in TxRx mode on the specified port s Examples Configure CDP compatible LLDP to operate in TxRx mode on Ethernet 1 0 1 Sysname system view Sysname interface ether...

Страница 1248: ...dp enable command to enable LLDP Use the undo lldp enable command to disable LLDP By default LLDP is disabled globally and is enabled on a port Note that LLDP takes effect on a port only when it is en...

Страница 1249: ...ew Sysname interface ethernet 1 0 1 Sysname Ethernet1 0 1 lldp encapsulation snap lldp fast count Syntax lldp fast count value undo lldp fast count View System view Parameters value Number of the LLDP...

Страница 1250: ...ocal device information by configuring the TTL multiplier Note that the TTL can be up to 65535 seconds TTLs longer than it will be rounded off to 65535 seconds To enable local device information to be...

Страница 1251: ...me interface ethernet 1 0 1 Sysname Ethernet1 0 1 lldp management address tlv 192 6 0 1 lldp notification remote change enable Syntax lldp notification remote change enable undo lldp notification remo...

Страница 1252: ...ation interval 8 lldp timer reinit delay Syntax lldp timer reinit delay value undo lldp timer reinit delay View System view Parameters value Initialization delay period to be set in the range 1 to 10...

Страница 1253: ...l to send LLDPDUs Use the undo lldp timer tx interval command to restore the default By default the interval to send LLDPDUs is 30 seconds To enable local device information to be updated on neighbori...

Страница 1254: ...nt This argument defaults to the least protocol VLAN ID dot3 tlv Sends IEEE 802 3 defined LLDP TLVs link aggregation Sends link aggregation group TLVs mac physic Sends MAC PHY configuration status TLV...

Страница 1255: ...LLDP TLV z To disable MAC PHY configuration status TLV sending you need to disable LLDP MED capabilities TLV sending first z Specifying the all keyword for basic LLDP TLVs and organization defined LLD...

Страница 1256: ...ging 1 4 password control length 1 4 password control login attempt 1 5 password control history 1 6 password control alert before expire 1 6 password control authentication timeout 1 7 password contr...

Страница 1257: ...on Enabled 1 type s 1 character s per type Password history Enabled Max history record 4 Password alert before expire 7 days Password authentication timeout 60 seconds Password attempt times 3 times P...

Страница 1258: ...lacklist command to display the information about one or all users who have been added to the blacklist because of password attempt failure Example Display the information about all the users who have...

Страница 1259: ...ination of characters from the following four types letters A to Z a to z numbers 0 to 9 and 32 special characters including the space and _ z The password must conform to the related configuration of...

Страница 1260: ...ce z If both global and local settings are available the local settings take effect Example Set the global password aging time to 100 days Sysname system view System View return to User View with Ctrl...

Страница 1261: ...to 10 exceed Specifies the processing mode used after login failure lock A processing mode In this mode a user who fails to log in is added to the blacklist and cannot log in the device until the adm...

Страница 1262: ...mber undo password control history View System view Parameter max record number Maximum number of history records allowed for each user The effective range is 2 to 15 Description Use the password cont...

Страница 1263: ...authentication timeout Syntax password control authentication timeout authentication timeout undo password control authentication timeout View System view Parameter authentication timeout Timeout tim...

Страница 1264: ...and password composition check functions are all enabled Using any of the password control aging enable password control length enable and password control history enable commands you can enable the p...

Страница 1265: ...password length Sysname undo password control length enable Password minimum length disabled for all users Disable the password aging feature This operation also disables the password control feature...

Страница 1266: ...specify the type length type length keyword argument combination the global setting is adopted Example Configure a global password composition policy a password must contain at least three character...

Страница 1267: ...osition type number policy type type length type length undo password control super composition View System view Parameter type number policy type Sets the minimum number of character types that a sup...

Страница 1268: ...ed Description Use the reset password control history record command to delete the history password records of all users Use the reset password control history record user name user name command to de...

Страница 1269: ...l 2 Sysname reset password control history record super level 2 Are you sure to delete super s history records of level 2 Y N If you input Y the system deletes the history records of the super passwor...

Страница 1270: ...st Sysname reset password control blacklist user name test Are you sure to delete the specified user in blacklist Y N y Check the current user information in the blacklist as you can see the user test...

Страница 1271: ...6 ACL Command 1 1 active region configuration 16 MSTP Command 1 1 add member 32 Cluster Command 1 13 address check 25 DHCP Commands 2 1 administrator address 32 Cluster Command 1 13 adv factor 42 Remo...

Страница 1272: ...arp send gratuitous enable vrrp 24 ARP Commands 1 2 arp static 24 ARP Commands 1 2 arp timer aging 24 ARP Commands 1 3 asbr summary 17 Routing Protocol Command 4 2 ascii 38 FTP SFTP TFTP Command 1 7...

Страница 1273: ...mmand 3 2 broadcast suppression 08 Port Basic Configuration Command 1 1 bsr policy 18 Multicast Command 3 1 build 32 Cluster Command 1 16 burst mode enable 27 QoS QoS Profile Command 1 1 bye 38 FTP SF...

Страница 1274: ...System Management Command 1 2 copy configuration 08 Port Basic Configuration Command 1 2 copyright info enable 02 Login Command 1 4 count 42 Remote ping Command 1 1 c rp 18 Multicast Command 3 2 crp p...

Страница 1275: ...protective down recover enable 25 DHCP Commands 4 1 dhcp protective down recover interval 25 DHCP Commands 4 1 dhcp rate limit 25 DHCP Commands 4 2 dhcp rate limit enable 25 DHCP Commands 4 3 dhcp re...

Страница 1276: ...CP Commands 2 7 dhcp snooping 25 DHCP Commands 3 1 dhcp snooping information enable 25 DHCP Commands 3 1 dhcp snooping information format 25 DHCP Commands 3 2 dhcp snooping information packet format 2...

Страница 1277: ...luster 32 Cluster Command 1 22 display cluster base members 32 Cluster Command 1 40 display cluster base topology 32 Cluster Command 1 40 display cluster black list 32 Cluster Command 1 41 display clu...

Страница 1278: ...ng Command 1 8 display dldp 13 DLDP Command 1 1 display dns domain 43 DNS Command 1 1 display dns dynamic host 43 DNS Command 1 1 display dns server 43 DNS Command 1 2 display domain 20 AAA Command 1...

Страница 1279: ...lay icmp statistics 05 IP Address and Performance Optimization Command 2 6 display igmp group 18 Multicast Command 2 1 display igmp interface 18 Multicast Command 2 2 display igmp snooping configurati...

Страница 1280: ...Command 1 4 display link aggregation interface 09 Link Aggregation Command 1 1 display link aggregation summary 09 Link Aggregation Command 1 2 display link aggregation verbose 09 Link Aggregation Co...

Страница 1281: ...t forwarding table 18 Multicast Command 1 4 display multicast routing table 18 Multicast Command 1 6 display multicast source deny 18 Multicast Command 1 8 display ndp 32 Cluster Command 1 1 display n...

Страница 1282: ...uting table 18 Multicast Command 3 7 display pim rp info 18 Multicast Command 3 8 display poe disconnect 30 PoE PoE Profile Command 1 1 display poe interface 30 PoE PoE Profile Command 1 1 display poe...

Страница 1283: ...and 1 36 display remote ping 42 Remote ping Command 1 6 display remote ping statistics 42 Remote ping Command 1 12 display resilient arp 24 ARP Commands 4 1 display rip 17 Routing Protocol Command 3 2...

Страница 1284: ...on 36 SSH Command 1 8 display ssh2 source ip 36 SSH Command 1 9 display ssh server source ip 36 SSH Command 1 9 display startup 03 Configuration File Management Command 1 8 display stop accounting buf...

Страница 1285: ...Maintenance and Debugging Command 3 11 display trapbuffer 39 Information Center Command 1 5 display udp statistics 05 IP Address and Performance Optimization Command 2 13 display udp helper server 34...

Страница 1286: ...s server 43 DNS Command 1 5 dns list 25 DHCP Commands 1 30 dns server 42 Remote ping Command 1 15 domain 20 AAA Command 1 14 domain delimiter 20 AAA Command 1 15 domain name 25 DHCP Commands 1 30 dot1...

Страница 1287: ...n Command 1 16 enable snmp trap updown 33 SNMP RMON Command 1 11 execute 37 File System Management Command 1 6 exit 38 FTP SFTP TFTP Command 1 29 expired 25 DHCP Commands 1 31 F fabric member auto upd...

Страница 1288: ...and 1 3 ftp server enable 38 FTP SFTP TFTP Command 1 4 ftp source interface 38 FTP SFTP TFTP Command 1 15 ftp source ip 38 FTP SFTP TFTP Command 1 15 ftp timeout 38 FTP SFTP TFTP Command 1 5 ftp opera...

Страница 1289: ...ping Command 1 21 http string 42 Remote ping Command 1 22 hwtacacs nas ip 20 AAA Command 1 62 hwtacacs scheme 20 AAA Command 1 63 I icmp redirect send 05 IP Address and Performance Optimization Comman...

Страница 1290: ...ulticast Command 5 5 igmp snooping general query source ip 18 Multicast Command 5 6 igmp snooping group limit 18 Multicast Command 5 7 igmp snooping group policy 18 Multicast Command 5 8 igmp snooping...

Страница 1291: ...mmand 1 16 info center timestamp loghost 39 Information Center Command 1 16 info center timestamp utc 39 Information Center Command 1 17 info center trapbuffer 39 Information Center Command 1 18 insta...

Страница 1292: ...FTP TFTP Command 1 17 level 20 AAA Command 1 17 line rate 27 QoS QoS Profile Command 1 12 link aggregation group 44 Smart Link Monitor Link Command 1 3 link aggregation group 44 Smart Link Monitor Lin...

Страница 1293: ...mmand 1 31 log peer change 17 Routing Protocol Command 4 32 loopback 08 Port Basic Configuration Command 1 22 loopback detection control enable 08 Port Basic Configuration Command 1 23 loopback detect...

Страница 1294: ...Command 1 10 mac authentication interface 21 MAC Address Authentication Command 1 5 mac authentication max auth num 21 MAC Address Authentication Command 1 11 mac authentication timer 21 MAC Address A...

Страница 1295: ...roup vlan 18 Multicast Command 5 20 multicast static router port 18 Multicast Command 5 21 multicast static router port vlan 18 Multicast Command 5 21 multicast storing enable 18 Multicast Command 1 1...

Страница 1296: ...NTP Command 1 7 ntp service broadcast client 35 NTP Command 1 7 ntp service broadcast server 35 NTP Command 1 8 ntp service in interface disable 35 NTP Command 1 8 ntp service max dynamic sessions 35...

Страница 1297: ...nd 1 16 passive 38 FTP SFTP TFTP Command 1 19 password 20 AAA Command 1 21 password 42 Remote ping Command 1 26 password 47 Password Control Command 1 3 password control aging 47 Password Control Comm...

Страница 1298: ...olicy 18 Multicast Command 3 12 pim sm 18 Multicast Command 3 13 pim timer hello 18 Multicast Command 3 13 ping 40 System Maintenance and Debugging Command 2 1 poe disconnect 30 PoE PoE Profile Comman...

Страница 1299: ...le 11 Port Security Command 1 7 port security guest vlan 11 Port Security Command 1 8 port security intrusion mode 11 Port Security Command 1 9 port security max mac count 11 Port Security Command 1 1...

Страница 1300: ...port rsa 36 SSH Command 1 14 public key peer 36 SSH Command 1 17 public key peer import sshkey 36 SSH Command 1 18 public key code begin 36 SSH Command 1 19 public key code end 36 SSH Command 1 20 put...

Страница 1301: ...42 Remote ping Command 1 23 remote ping agent max requests 42 Remote ping Command 1 24 remote ping server enable 42 Remote ping Command 1 39 remote ping server tcpconnect 42 Remote ping Command 1 40 r...

Страница 1302: ...MAC Address Authentication Command 1 9 reset msdp peer 18 Multicast Command 4 16 reset msdp sa cache 18 Multicast Command 4 17 reset msdp statistics 18 Multicast Command 4 17 reset multicast forwardi...

Страница 1303: ...nd 1 4 resilient arp enable 24 ARP Commands 4 1 resilient arp interface vlan interface 24 ARP Commands 4 2 restore startup configuration 37 File System Management Command 1 23 retry 15 Auto Detect Com...

Страница 1304: ...pair destroy 36 SSH Command 1 22 rsa peer public key 36 SSH Command 1 23 rsa peer public key import sshkey 36 SSH Command 1 24 rule for Advanced ACLs 26 ACL Command 1 12 rule for Basic ACLs 26 ACL Co...

Страница 1305: ...20 set unit name 31 XRN Fabric Command 1 14 sftp 38 FTP SFTP TFTP Command 1 35 sftp server enable 38 FTP SFTP TFTP Command 1 24 sftp source interface 38 FTP SFTP TFTP Command 1 36 sftp source ip 38 FT...

Страница 1306: ...mmand 1 24 snmp agent trap queue size 33 SNMP RMON Command 1 24 snmp agent trap source 33 SNMP RMON Command 1 25 snmp agent usm user 02 Login Command 2 4 snmp agent usm user v1 v2c 33 SNMP RMON Comman...

Страница 1307: ...ct group 15 Auto Detect Command 1 6 startup bootrom access enable 37 File System Management Command 1 21 startup saved configuration 03 Configuration File Management Command 1 13 state 20 AAA Command...

Страница 1308: ...eement check 16 MSTP Command 1 27 stp pathcost standard 16 MSTP Command 1 29 stp point to point 16 MSTP Command 1 30 stp port priority 16 MSTP Command 1 32 stp portlog 16 MSTP Command 1 33 stp portlog...

Страница 1309: ...System Guard Command 4 7 system guard tcn rate threshold 19 802 1x and System Guard Command 4 7 system monitor enable 40 System Maintenance and Debugging Command 3 17 system view 40 System Maintenance...

Страница 1310: ...ommand 2 5 tftp source ip 38 FTP SFTP TFTP Command 2 6 tftp tftp server source interface 38 FTP SFTP TFTP Command 2 4 tftp tftp server source ip 38 FTP SFTP TFTP Command 2 4 tftp server 32 Cluster Com...

Страница 1311: ...ffic priority vlan 27 QoS QoS Profile Command 1 30 traffic redirect 27 QoS QoS Profile Command 1 31 traffic remark vlanid 27 QoS QoS Profile Command 1 33 traffic share across interface 17 Routing Prot...

Страница 1312: ...n vpn enable 41 VLAN VPN Command 1 3 vlan vpn inner cos trust 41 VLAN VPN Command 1 4 vlan vpn priority 41 VLAN VPN Command 1 4 vlan vpn tpid 41 VLAN VPN Command 1 6 vlan vpn tunnel 16 MSTP Command 1...

Страница 1313: ...5 web authentication enable 22 Web Authentication Command 1 6 web authentication free ip 22 Web Authentication Command 1 6 web authentication free user 22 Web Authentication Command 1 7 web authentica...

Страница 1314: ...A 44 Z...

Результаты поиска

Содержание 5500-EI PWR

Отзывы:

Похожие инструкции для 5500-EI PWR

Бренды по названию

Популярные бренды

3Com 5500-EI PWR, Справочное руководство

Результаты поиска

Содержание 5500-EI PWR

Отзывы:

Похожие инструкции для 5500-EI PWR

Бренды по названию

Популярные бренды