Alied Telesis GS970M/10 Скачать руководство пользователя страница 919 | Manualshive

Страница: 919 / 1890

Alied Telesis GS970M/10 Скачать руководство пользователя страница 919

C613-50163-01 Rev C

Command Reference for GS970M Series

919

AlliedWare Plus™ Operating System - Version 5.4.7-0.x

IP

V

4 S

OFTWARE

A

CCESS

C

ONTROL

L

IST

(ACL) C

OMMANDS

(

ACCESS

-

LIST

EXTENDED

TCP UDP

FILTER

)

(access-list extended TCP UDP filter)

Overview

Use this ACL filter to add a new TCP or UDP filter entry to the current extended
access-list. If the sequence number is specified, the new filter is inserted at the
specified location. Otherwise, the new filter is added at the end of the access-list.

The

no

variant of this command removes a TCP or UDP filter entry from the current

extended access-list. You can specify the TCP or UDP filter entry for removal by
entering either its sequence number (e.g.

no 10

), or by entering its TCP or UDP

filter profile without specifying its sequence number.

Note that the sequence number can be found by running the

show access-list (IPv4

Syntax [tcp|udp]

[<

sequence-number

>] {deny|permit} {tcp|udp} <

source

> {eq

<

sourceport

> |lt <

sourceport

>|gt <

sourceport

>|ne <

sourceport

>}

<

destination

> [eq <

destport

>|lt <

destport

>|gt <

destport

>|ne

<

destport

>] [log]

no [<

sequence-number

>]{deny|permit} {tcp|udp} <

source

> {eq

<

sourceport

> |lt <

sourceport

>|gt <

sourceport

>|ne <

sourceport

>}

<

destination

> [eq <

destport

>|lt <

destport

>|gt <

destport

>|ne

<

destport

>] [log]

no <

sequence-number

>

Mode

IPv4 Extended ACL Configuration

Default

Any traffic controlled by a software ACL that does not explicitly match a filter is
denied.

Usage

An ACL can be configured with multiple ACL filters using sequence numbers. If the
sequence number is omitted, the next available multiple of 10 will be used as the
sequence number for the new filter. A new ACL filter can be inserted into the
middle of an existing list by specifying the appropriate sequence number.

NOTE

:

The access control list being configured is selected by running the

(extended numbered)

command or the

access-list extended (named)

command, with

the required access control list number, or name - but with no further parameters
selected.

Software ACLs will

deny

access unless

explicitly permitted

by an ACL action.

Example 1

[creating a list]

To add a new entry to the access-list named

my-list

that will reject TCP packets

from

10.0.0.1

on TCP port

10

to

192.168.1.1

on TCP port

20

, use the

commands:

awplus#

configure terminal

awplus(config)#

access-list extended my-list

awplus(config-ip-ext-acl)#

deny tcp 10.0.0.1/32 eq 10

192.168.1.1/32 eq 20

«
...
917
918
919
920
921
...
»

Содержание GS970M/10

Страница 1: ...C613 50163 01 Rev C CentreCOM GS970M Series MANAGED GIGABIT ETHERNET SWITCH Command Reference for AlliedWare Plus Version 5 4 7 0 x GS970M 10 GS970M 10PS GS970M 18 GS970M 18PS GS970M 28 GS970M 28PS...

Страница 2: ...uction and shipping costs and a CD with the GPL code will be mailed to you GPL Code Request Allied Telesis Labs Ltd PO Box 8011 Christchurch New Zealand Allied Telesis AlliedWare Plus Allied Telesis M...

Страница 3: ...do 69 enable Privileged Exec mode 70 end 72 exit 73 help 74 logout 75 show history 76 Chapter 2 File and Configuration Management Commands 77 Introduction 77 autoboot enable 80 boot config file 81 boo...

Страница 4: ...clear line console 129 clear line vty 130 enable password 131 enable secret 134 exec timeout 137 flowcontrol hardware asyn console 139 length asyn 141 line 142 privilege level 144 security password hi...

Страница 5: ...e http 180 show http 181 Chapter 7 System Configuration and Monitoring Commands 182 Introduction 182 banner exec 184 banner login system 186 banner motd 188 clock set 190 clock summer time date 191 cl...

Страница 6: ...g sensitivity 249 show system fiber monitoring 251 show system pluggable 254 show system pluggable detail 256 show system pluggable diagnostics 259 show test cable diagnostics tdr 261 test cable diagn...

Страница 7: ...10 Scripting Commands 337 Introduction 337 activate 338 echo 339 wait 340 Chapter 11 Interface Commands 341 Introduction 341 description interface 342 interface to configure 343 mru 345 mtu 347 show...

Страница 8: ...ress table logging 402 mac address table static 403 mac address table thrash limit 404 platform load balancing 405 platform stop unreg mc flooding 406 platform vlan stacking tpid 408 polarity 409 show...

Страница 9: ...cking double tagging 467 switchport voice dscp 468 switchport voice vlan 469 switchport voice vlan priority 471 vlan 472 vlan access map 473 vlan database 474 vlan filter 475 Chapter 16 Spanning Tree...

Страница 10: ...stance path cost 533 spanning tree mst instance priority 535 spanning tree mst instance restricted role 536 spanning tree mst instance restricted tcn 538 spanning tree path cost 539 spanning tree port...

Страница 11: ...wer inline interface 597 show power inline interface detail 599 PART 3 Layer 3 Switching 602 Chapter 19 IP Addressing and Protocol Commands 603 Introduction 603 arp aging timeout 605 arp mac disparity...

Страница 12: ...ipv6 nd suppress ra 665 ipv6 neighbor 666 ipv6 opportunistic nd 667 ipv6 route 668 ipv6 unreachables 669 ping ipv6 670 show ipv6 forwarding 671 show ipv6 interface brief 672 show ipv6 neighbors 673 s...

Страница 13: ...6 passive interface RIP 727 recv buffer size RIP 728 redistribute RIP 729 restart rip graceful 730 rip restart grace period 731 route RIP 732 router rip 733 send lifetime 734 show debugging rip 736 sh...

Страница 14: ...version 784 show debugging igmp 785 show ip igmp groups 786 show ip igmp interface 788 show ip igmp snooping mrouter 790 show ip igmp snooping routermode 791 show ip igmp snooping statistics 792 unde...

Страница 15: ...st numbered hardware ACL for IP packets 856 access list numbered hardware ACL for IP protocols 859 access list numbered hardware ACL for MAC addresses 863 access list numbered hardware ACL for TCP or...

Страница 16: ...s 952 default action 953 description QoS policy map 954 egress rate limit 955 match access group 956 match cos 958 match dscp 959 match eth format protocol 960 match inner cos 963 match inner vlan 964...

Страница 17: ...1x initialize supplicant 1018 dot1x keytransmit 1019 dot1x max auth fail 1020 dot1x max reauth req 1022 dot1x port control 1024 dot1x timeout tx period 1026 show debugging dot1x 1028 show dot1x 1029 s...

Страница 18: ...3 auth web server host name 1114 auth web server intercept port 1115 auth web server ipaddress 1116 auth web server page language 1117 auth web server login url 1118 auth web server page logo 1119 aut...

Страница 19: ...tication auth web 1176 aaa authentication dot1x 1178 aaa authentication enable default group tacacs 1180 aaa authentication enable default local 1182 aaa authentication login 1183 aaa authorization co...

Страница 20: ...e 1248 copy local radius user db from file 1250 copy local radius user db to file 1251 crypto pki enroll local deleted 1252 crypto pki enroll local local radius all users deleted 1253 crypto pki enrol...

Страница 21: ...ject name trustpoint configuration 1306 Chapter 37 TACACS Commands 1308 Introduction 1308 authorization commands 1309 aaa authorization commands 1311 aaa authorization config commands 1313 ip tacacs s...

Страница 22: ...source binding 1368 PART 6 Network Availability 1369 Chapter 39 Ethernet Protection Switched Ring EPSRing Commands 1370 Introduction 1370 debug epsr 1372 epsr 1373 epsr configuration 1374 epsr datavl...

Страница 23: ...up synchronize 1431 atmf cleanup 1432 atmf container 1433 atmf container login 1434 atmf controller 1435 atmf distribute firmware 1436 atmf domain vlan 1438 atmf enable 1441 atmf group membership 1442...

Страница 24: ...how atmf area nodes detail 1522 show atmf area summary 1524 show atmf authorization 1525 show atmf backup 1528 show atmf backup area 1532 show atmf backup guest 1534 show atmf container 1536 show atmf...

Страница 25: ...cess group deprecated 1618 ntp authenticate 1619 ntp authentication key 1620 ntp broadcastdelay 1621 ntp discard 1622 ntp peer 1623 ntp restrict 1625 ntp server 1627 ntp source 1629 ntp trusted key de...

Страница 26: ...1688 lldp med notifications 1689 lldp med tlv select 1690 lldp non strict med tlv order check 1693 lldp notification interval 1694 lldp notifications 1695 lldp port number type 1696 lldp reinit 1697 l...

Страница 27: ...H 1763 clear ssh 1764 crypto key destroy hostkey 1765 crypto key destroy userkey 1766 crypto key generate hostkey 1767 crypto key generate userkey 1769 crypto key pubkey chain knownhosts 1770 crypto k...

Страница 28: ...28 time trigger 1829 trap 1831 trigger 1832 trigger activate 1833 type atmf node 1834 type card 1837 type cpu 1838 type interface 1839 type memory 1840 type periodic 1841 type ping poll 1842 type rebo...

Страница 29: ...1871 debug sflow 1872 debug sflow agent 1873 sflow agent address 1874 sflow collector address 1876 sflow collector max datagram size 1878 sflow enable 1879 sflow max header size 1880 sflow polling int...

Страница 30: ...d hardware ACL ICMP entry 872 named hardware ACL IP packet entry 876 named hardware ACL IP protocol entry 880 named hardware ACL MAC entry 886 named hardware ACL TCP or UDP entry 889 aaa accounting au...

Страница 31: ...access list numbered hardware ACL for IP packets 856 access list numbered hardware ACL for IP protocols 859 access list numbered hardware ACL for MAC addresses 863 access list numbered hardware ACL fo...

Страница 32: ...1421 atmf backup guests enable 1422 atmf backup guests now 1423 atmf backup guests synchronize 1424 atmf backup now 1425 atmf backup redundancy enable 1427 atmf backup server 1428 atmf backup stop 143...

Страница 33: ...te login 1475 atmf restricted login 1477 atmf secure mode certificate expire 1481 atmf secure mode certificate expiry 1482 atmf secure mode certificate renew 1483 atmf secure mode enable all 1484 atmf...

Страница 34: ...ep enable 1088 authentication 1241 auth mac accounting 1091 auth mac authentication 1092 auth mac enable 1093 auth mac method 1095 auth mac password 1097 auth mac reauth relearning 1098 auth mac usern...

Страница 35: ...erver ping poll interval 1126 auth web server ping poll reauth timer refresh 1127 auth web server ping poll timeout 1128 auth web server port 1129 auth web server redirect delay time 1130 auth web ser...

Страница 36: ...gmp 747 clear ip mroute statistics 821 clear ip mroute 820 clear ip rip route 698 clear ipv6 mld group 797 clear ipv6 mld interface 798 clear ipv6 mld 796 clear ipv6 mroute statistics 823 clear ipv6 m...

Страница 37: ...client trustpoint 1246 clock set 190 clock summer time date 191 clock summer time recurring 193 clock timezone 195 commit IPv4 893 configure terminal 67 copy filename 87 copy current software 89 copy...

Страница 38: ...crypto pki export local pem deleted 1255 crypto pki export local pkcs12 deleted 1256 crypto pki export pem 1289 crypto pki export pkcs12 1290 crypto pki import pem 1292 crypto pki import pkcs12 1294 c...

Страница 39: ...nt 1774 debug ssh server 1775 debug trigger 1816 default log buffered 269 default log console 270 default log email 271 default log host 272 default log monitor 273 default log permanent 274 default a...

Страница 40: ...pplicant 1018 dot1x keytransmit 1019 dot1x max auth fail 1020 dot1x max reauth req 1022 dot1x port control 1024 dot1x timeout tx period 1026 duplex 391 echo 339 ecofriendly led 196 edit filename 100 e...

Страница 41: ...line 245 fiber monitoring enable 247 fiber monitoring interval 248 fiber monitoring sensitivity 249 findme 197 fingerprint trustpoint configuration mode 1297 flowcontrol switch port 393 flowcontrol ha...

Страница 42: ...41 ip domain name 642 ip gratuitous arp link 620 ip igmp access group 752 ip igmp flood specific query 753 ip igmp immediate leave 754 ip igmp last member query count 755 ip igmp last member query int...

Страница 43: ...me server 643 ip radius source interface 1218 ip redirects 622 ip rip authentication key chain 705 ip rip authentication mode 707 ip rip authentication string 710 ip rip receive version 713 ip rip rec...

Страница 44: ...659 ipv6 multicast forward slow path packet 824 ipv6 multicast route limit 835 ipv6 multicast routing 836 ipv6 nd accept ra pinfo 660 ipv6 nd minimum ra interval 661 ipv6 nd raguard 663 ipv6 nd ra int...

Страница 45: ...pe 1696 lldp reinit 1697 lldp run 1698 lldp timer 1699 lldp tlv select 1700 lldp transmit receive 1702 lldp tx delay 1703 location civic location configuration 1704 location civic location identifier...

Страница 46: ...rmanent exclude 322 log permanent size 325 log permanent 318 log trustpoint 328 login authentication 1198 logout 75 log rate limit nsm 326 loop protection action 397 loop protection action delay time...

Страница 47: ...32 maximum prefix 723 max static routes 202 max static routes 683 mirror interface 359 mkdir 105 mls qos cos 969 mls qos enable 970 mls qos map cos queue to 971 mls qos map premark dscp to 972 modelty...

Страница 48: ...857 platform l3 vlan hashing algorithm 1140 platform load balancing 405 platform load balancing 563 platform mac vlan hashing algorithm 1141 platform stop unreg mc flooding 406 platform vlan stacking...

Страница 49: ...r timeout 1226 reboot 204 recv buffer size RIP 728 redistribute RIP 729 region MSTP 488 reload 205 remark new cos 983 remark map 981 remote mirror interface 361 repeat 1818 restart rip graceful 730 re...

Страница 50: ...t 1205 service advanced vty 152 service dhcp snooping 1346 service http 180 service password encryption 153 service power inline 590 service ssh 1776 service telnet 154 service terminal length deleted...

Страница 51: ...container 1536 show atmf detail 1539 show atmf group members 1543 show atmf group 1541 show atmf guests detail 1547 show atmf guests 1545 show atmf links detail 1552 show atmf links guest detail 1563...

Страница 52: ...ow clock 206 show counter log 329 show counter mail 1745 show counter ntp deprecated 1632 show counter ping poll 1860 show counter snmp server 1643 show cpu history 211 show cpu 208 show crypto key ho...

Страница 53: ...w debugging mstp 490 show debugging platform packet 411 show debugging power inline 591 show debugging radius 1230 show debugging rip 736 show debugging sflow 1884 show debugging snmp 1647 show debugg...

Страница 54: ...how interface brief 352 show interface err disabled 413 show interface memory 215 show interface memory 353 show interface status 355 show interface switchport 414 show interface 349 show ip access li...

Страница 55: ...ing 1396 show ip sockets 631 show ip source binding 1368 show ip traffic 634 show ipv6 access list IPv6 Software ACLs 946 show ipv6 forwarding 671 show ipv6 interface brief 672 show ipv6 mif 845 show...

Страница 56: ...415 show mac address table thrash limit 419 show mac address table 417 show mail 1746 show memory allocations 219 show memory history 221 show memory pools 222 show memory shared 223 show memory 217 s...

Страница 57: ...595 show power inline interface detail 599 show power inline interface 597 show power inline 592 show privilege 156 show process 224 show proxy autoconfig file 1158 show radius local server group 1274...

Страница 58: ...spanning tree mst config 496 show spanning tree mst detail interface 499 show spanning tree mst detail interface 504 show spanning tree mst detail 497 show spanning tree mst instance interface 502 sh...

Страница 59: ...h support 233 show telnet 159 show test cable diagnostics tdr 261 show trigger 1823 show users 160 show version 122 show vlan access map 450 show vlan filter 451 show vlan private vlan 452 show vlan 4...

Страница 60: ...ard root 525 spanning tree hello time 526 spanning tree link type 527 spanning tree max age 528 spanning tree max hops MSTP 529 spanning tree mode 530 spanning tree mst configuration 531 spanning tree...

Страница 61: ...rm downtime 999 storm protection 1000 storm rate 1001 storm window 1002 subject name trustpoint configuration 1306 switchport access vlan 453 switchport atmf agentlink 1596 switchport atmf arealink re...

Страница 62: ...port voice dscp 468 switchport voice vlan priority 471 switchport voice vlan 469 system territory deprecated 237 tacacs server host 1317 tacacs server key 1319 tacacs server timeout 1320 tcpdump 636 t...

Страница 63: ...atmf 1607 undebug dot1x 1046 undebug epsr 1393 undebug igmp 794 undebug ip packet interface 638 undebug lacp 576 undebug loopprot 439 undebug mail 1747 undebug mstp 551 undebug ping poll 1870 undebug...

Страница 64: ...7 0 x vlan database 474 vlan filter 475 vlan mode remote mirror vlan 368 vlan 472 vty access class numbered 939 vty ipv6 access class named 947 wait 340 write file 124 write memory 125 write terminal...

Страница 65: ...C613 50163 01 Rev C Command Reference for GS970M Series 65 AlliedWare Plus Operating System Version 5 4 7 0 x Part 1 Setup and Troubleshooting...

Страница 66: ...ference for the commands used to navigate between different modes This chapter also provides a reference for the help and show commands used to help navigate within the CLI Command List configure term...

Страница 67: ...GATION COMMANDS CONFIGURE TERMINAL configure terminal Overview This command enters the Global Configuration command mode Syntax configure terminal Mode Privileged Exec Example To enter the Global Conf...

Страница 68: ...EGED EXEC MODE disable Privileged Exec mode Overview This command exits the Privileged Exec mode returning the prompt to the User Exec mode To end a session use the exit command Syntax disable Mode Pr...

Страница 69: ...ION COMMANDS DO do Overview This command lets you to run User Exec and Privileged Exec mode commands when you are in any configuration mode Syntax do command Mode Any configuration mode Example awplus...

Страница 70: ...er privilege levels with the enable Privileged Exec mode command If the privilege level specified is higher than the users configured privilege level specified by the username command then the user is...

Страница 71: ...N COMMANDS ENABLE PRIVILEGED EXEC MODE Privilege Exec mode Use the enable password command or the enable secret commands to set the password to enable access to Privileged Exec mode awplus enable 7 aw...

Страница 72: ...other advanced command mode Syntax end Mode All advanced command modes including Global Configuration and Interface Configuration modes Example The following example shows the use of the end command t...

Страница 73: ...used in User Exec mode the exit command terminates the session Syntax exit Mode All command modes including Global Configuration and Interface Configuration modes Example The following example shows...

Страница 74: ...o display a description on how to use the system help use the command awplus help Output Figure 1 1 Example output from the help command When you need help at the command line press If nothing matches...

Страница 75: ...Operating System Version 5 4 7 0 x CLI NAVIGATION COMMANDS LOGOUT logout Overview This command exits the User Exec or Privileged Exec modes and ends the session Syntax logout Mode User Exec and Privil...

Страница 76: ...lists all command line entries including commands that returned an error For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Confi...

Страница 77: ...lename To specify a file in the configs directory in Flash flash configs example cfg Copyingtoorfrom an SD or SDHC card card directory filename To specify a file in the top level directory of the SD c...

Страница 78: ...enames Use hyphens or underscores instead Syntax for directory listings A leading slash indicates the root of the current filesystem location In commands where you need to specify the local filesystem...

Страница 79: ...debug on page 96 dir on page 97 edit on page 99 edit filename on page 100 erase factory default on page 101 erase startup config on page 102 ip tftp source interface on page 103 ipv6 tftp source inter...

Страница 80: ...e file and or configuration file from the external media An example of a valid autoboot txt file is shown in the following figure Figure 2 1 Example autoboot txt file Use the no variant of this comman...

Страница 81: ...ck order see the File Management Feature Overview and Configuration Guide Examples To run the configuration file branch cfg stored on the device s Flash filesystem the next time the device boots up us...

Страница 82: ...N MANAGEMENT COMMANDS BOOT CONFIG FILE To stop running the configuration file branch cfg stored on the device s SD card filesystem when the device boots up use the commands awplus configure terminal a...

Страница 83: ...nagement Feature Overview and Configuration Guide Examples To set the configuration file backup cfg as the backup to the main configuration file use the commands awplus configure terminal awplus confi...

Страница 84: ...f you attempt to setthereleasefileonan SD card and a backup release file is not specified in Flash the following error message is displayed Examples To boot up with the release GS970 5 4 7 0 1 rel fil...

Страница 85: ...Configuration Examples To specify the file GS970 5 4 6 2 4 rel as the backup to the main release file use the commands awplus configure terminal awplus config boot system backup flash GS970 5 4 6 2 4...

Страница 86: ...ION MANAGEMENT COMMANDS CD cd Overview This command changes the current working directory Syntax cd directory name Mode Privileged Exec Example To change to the directory called images use the command...

Страница 87: ...d awplus copy sftp 10 0 1 2 new cfg bob key To use SCP with the username beth to copy the file old cfg into the directory config_files on a remote server that is listening on TCP port 2000 use the com...

Страница 88: ...nfigtest cfg To copy the file config cfg into the current directory from a remote file server and rename it to configtest cfg use the command awplus copy fserver config cfg configtest cfg On an AMF ma...

Страница 89: ...esystem Syntax copy current software destination name Mode Privileged Exec Example To copy the current software as installed in the working directory with the file name my release rel use the command...

Страница 90: ...s scp tftp source name card debug flash nvs scp tftp Mode Privileged Exec Example To copy debug output to an SD or SDHC card with a filename my debug use the following command awplus copy debug card m...

Страница 91: ...copy the running config as current cfg to the remote server listening on TCP port 2000 use the command awplus copy running config scp user server 2000 config_files current cfg Related Commands copy st...

Страница 92: ...g as the file oldconfig cfg in the current directory use the command awplus copy startup config oldconfig cfg Related Commands copy running config Parameter Description source name The filename and pa...

Страница 93: ...Minicom ZMODEM works over a serial connection and does not need any interfaces configured to do a file transfer Syntax copy source name zmodem copy zmodem Mode Privileged Exec Example To copy the loca...

Страница 94: ...e keys and values that are expected in this file are correct After the file is created the create autoboot command will copy the current release and configuration files across to the external media Th...

Страница 95: ...urrent directory use the command awplus delete force one cfg To delete the directory old_configs which is not empty use the command awplus delete recursive old_configs To delete the directory new_conf...

Страница 96: ...fied debug output file Syntax delete debug source name Mode Privileged Exec Example To delete debug output use the following command awplus delete debug Output Figure 2 3 CLI prompt after entering the...

Страница 97: ...awplus dir flash To list all the files in the root of the Flash filesystem use the command awplus dir all flash To list recursively the files in the Flash filesystem use the command awplus dir recursi...

Страница 98: ...y size smallest to largest use the command awplus dir sort reverse size To sort the files by modification time oldest to newest use the command awplus dir sort reverse time Output Figure 2 4 Example o...

Страница 99: ...ditor make sure your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal For more infor...

Страница 100: ...re your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal Syntax edit filename Mode P...

Страница 101: ...he backup release file license files The device is then rebooted and returned to its factory default condition The device can then be used for AMF automatic node recovery Syntax erase factory default...

Страница 102: ...s when it boots up At the next restart the device loads the default configuration file default cfg If default cfg no longer exists then the device loads with the factory default configuration This pro...

Страница 103: ...d is helpful in network configurations where TFTP traffic needs to traverse point to point links or subnets within your network and you do not want to propagate those point to point links through your...

Страница 104: ...configurations where TFTP traffic needs to traverse point to point links or subnets within your network and you do not want to propagate those point to point links through your routing tables In thos...

Страница 105: ...dir name Mode Privileged Exec Usage You cannot name a directory or subdirectory flash nvs usb card tftp scp sftp or http These keywords are reserved for tab completion when using various file commands...

Страница 106: ...mp cfg to startup cfg use the command awplus move temp cfg startup cfg To move the file temp cfg from the root of the Flash filesystem to the directory myconfigs use the command awplus move temp cfg m...

Страница 107: ...stination name card debug flash nvs Mode Privileged Exec Example To move debug outputonto anSD or SDHC card with a filename my debug use the following command awplus move debug card my debug Output Fi...

Страница 108: ...us Operating System Version 5 4 7 0 x FILE AND CONFIGURATION MANAGEMENT COMMANDS PWD pwd Overview This command prints the current working directory Syntax pwd Mode Privileged Exec Example To print the...

Страница 109: ...mples To remove the directory images from the top level of the Flash filesystem use the command awplus rmdir flash images To create a directory called level1 containing a subdirectory called level2 an...

Страница 110: ...2 6 Example output from the show autoboot command Figure 2 7 Example output from the show autoboot command when an external media source is not present Related Commands autoboot enable create autoboo...

Страница 111: ...image flash GS970 5 4 6 2 4 rel Default boot config flash default cfg Current boot config card my cfg file exists Backup boot config flash backup cfg file not found Autoboot status enabled Table 2 1...

Страница 112: ...lated Commands autoboot enable boot config file backup boot system backup show autoboot Backup boot config The configuration file to use during the next boot cycle if the main configuration file canno...

Страница 113: ...displays the contents of a specified file Syntax show file filename Mode Privileged Exec Example To display the contents of the file oldconfig cfg which is in the current directory use the command aw...

Страница 114: ...5M flash rw flash static local Y system rw system virtual local 10 0M 9 8M debug rw debug static local Y 499 0K 431 0K nvs rw nvs static local Y tftp rw tftp network scp rw scp network sftp ro sftp n...

Страница 115: ...ow file Prefixes The prefixes used when entering commands to access the filesystems one of flash system nvs card tftp scp sftp http S V D The memory type static virtual dynamic Lcl Ntwk Whether the me...

Страница 116: ...ion full Display the running config for all features This is the default setting so it is the same as entering show running config feature Display only the configuration for a single feature The featu...

Страница 117: ...6 route IPv6 static route configuration isakmp Internet Security Association Key Management Protocol ISAKMP configuration key chain Authentication key management configuration l2tp profile L2TP tunnel...

Страница 118: ...config Related Commands copy running config show running config interface switch Switch configuration web control Web Control configuration Parameter Description awplus show running config service pas...

Страница 119: ...0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of VLANs ports static channel groups or dynamic LACP channel groups separated by a hyphen e g vlan2 8 or p...

Страница 120: ...se the command awplus show running config interface vlan1 To display the current running configuration of a device for VLANs 1 and 3 5 use the command awplus show running config interface vlan1 vlan3...

Страница 121: ...Feature Overview and Configuration Guide Syntax show startup config Mode Privileged Exec Example To display the contents of the current start up configuration file use the command awplus show startup...

Страница 122: ...All rights reserved c 2001 2003 Cambridge Broadband Ltd All rights reserved c 2003 Sun Microsystems Inc All rights reserved c 2003 2006 Sparta Inc All rights reserved c 2004 Cisco Inc and Information...

Страница 123: ...c 2002 2004 MontaVista Software Inc All rights reserved Copyright c 2005 2010 Red Hat Inc File Utility Library Copyright c Ian F Darwin 1986 1987 1989 1992 1994 1995 Software written by Ian F Darwin a...

Страница 124: ...d copies the running config into the file that is set as the current startup config file This command is a synonym of the write memory and copy running config startup config commands Syntax write file...

Страница 125: ...and copies the running config into the file that is set as the current startup config file This command is a synonym of the write file and copy running config startup config commands Syntax write memo...

Страница 126: ...MMANDS WRITE TERMINAL write terminal Overview This command displays the current configuration of the device This command is a synonym of the show running config command Syntax write terminal Mode Priv...

Страница 127: ...meout on page 137 flowcontrol hardware asyn console on page 139 length asyn on page 141 line on page 142 privilege level on page 144 security password history on page 145 security password forced chan...

Страница 128: ...x USER ACCESS COMMANDS show privilege on page 156 show security password configuration on page 157 show security password user on page 158 show telnet on page 159 show users on page 160 telnet on pag...

Страница 129: ...rminal session exists on the line then the terminal session is terminated If console line settings have changed then the new settings are applied Syntax clear line console 0 Mode Privileged Exec Examp...

Страница 130: ...LINE VTY clear line vty Overview This command resets a VTY line If a session exists on the line then it is closed Syntax clear line vty 0 32 Mode Privileged Exec Example To reset the first VTY line us...

Страница 131: ...r to set a password for entering the Privileged Exec mode when using the enable Privileged Exec mode command There are three methods to enable a password In the examples below for each method note tha...

Страница 132: ...d First use the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The...

Страница 133: ...ncrypted string and not the text string awplus configure terminal awplus config enable password 8 fU7zHzuutY2SA awplus config end This results in the following show output Related Commands enable Priv...

Страница 134: ...entering the Privileged Exec mode when using the enable Privileged Exec mode command There are three methods to enable a password In the examples below for each method note that the configuration is d...

Страница 135: ...use the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The advanta...

Страница 136: ...ed string and not the text string awplus configure terminal awplus config enable secret 8 fU7zHzuutY2SA awplus config end This results in the following show output Related Commands enable Privileged E...

Страница 137: ...ore it times out An exec timeout 0 0 setting will cause the telnet session to wait indefinitely The command exec timeout 0 0 is useful while configuring a device but reduces device security If no inpu...

Страница 138: ...C613 50163 01 Rev C Command Reference for GS970M Series 138 AlliedWare Plus Operating System Version 5 4 7 0 x USER ACCESS COMMANDS EXEC TIMEOUT Related Commands line service telnet...

Страница 139: ...message is sent to the sending device to suspend the transmission until the data in the buffers has been processed Hardware flow control can be configured on terminal console lines e g asyn0 For Reve...

Страница 140: ...control on terminal console line asyn0 use the commands awplus configure terminal awplus config line console 0 awplus config line flowcontrol hardware To disable hardware flow control on terminal con...

Страница 141: ...er than the length of the line the output will be paused and the More prompt allows you to move to the next screen full of data A length of 0 will turn off pausing and data will be displayed to the co...

Страница 142: ...To change the console asyn port speed use this line command to enter Line Configuration mode before using the speed asyn command Set the console speed Baud rate to match the transmission rate of the...

Страница 143: ...To enter Line Configuration mode to configure the console asyn 0 port terminal line use the commands awplus configure terminal awplus config line console 0 awplus config line Related Commands accounti...

Страница 144: ...xec and all User Exec commands However intermediate CLI security will not show configuration commands in Privileged Exec Examples To set the console connection to have the maximum privilege level use...

Страница 145: ...ree most recent passwords use the command awplus configure terminal awplus config security password history 3 To allow the reuse of recent passwords use the command awplus configure terminal awplus co...

Страница 146: ...lifetime command and the reject expired pwd feature must be disabled with the security password reject expired pwd command The no variant of the command disables this feature Syntax security password...

Страница 147: ...me Default The default password lifetime is 0 which will disable the lifetime functionality Mode Global Configuration Example To configure the password lifetime to 10 days use the command awplus confi...

Страница 148: ...imum number of categories should align with the lifetime selected i e the fewer categories specified the shorter the lifetime specified Syntax security password minimum categories 1 4 Default The defa...

Страница 149: ...1 23 Default The default minimum password length is 1 Mode Global Configuration Example To configure the required minimum password length as 8 use the command awplus configure terminal awplus config...

Страница 150: ...ed pwd in a default config file Note that when the reject expired pwd functionality is disabled and a user logs on with an expired password if the forced change feature is enabled with security passwo...

Страница 151: ...which disables warning functionality Mode Global Configuration Example To configure a warning period of three days use the command awplus configure terminal awplus config security password warning 3 R...

Страница 152: ...ure displays the possible options The no service advanced vty command disables the advanced vty help feature Syntax service advanced vty no service advanced vty Default The advanced vty help feature i...

Страница 153: ...device displays passwords in the running config in encrypted form instead of in plain text Use the no service password encryption command to stop the device from displaying newly entered passwords in...

Страница 154: ...ing telnet sessions will still be active Syntax service telnet ip ipv6 no service telnet ip ipv6 Default The IPv4 and IPv6 telnet servers are enabled by default The configured telnet port is TCP port...

Страница 155: ...for GS970M Series 155 AlliedWare Plus Operating System Version 5 4 7 0 x USER ACCESS COMMANDS SERVICE TERMINAL LENGTH DELETED service terminal length deleted Overview This command has been deleted in...

Страница 156: ...15 gives full user access to all Privileged Exec commands Syntax show privilege Mode User Exec and Privileged Exec Usage A user can have an intermediate CLI security level set with this command for p...

Страница 157: ...security password rule configuration settings use the command awplus show security password configuration Output Figure 3 2 Example output from the show security password configuration command Relate...

Страница 158: ...Exec Example To display the system users remaining lifetime or last password change use the command awplus show security password user Output Figure 3 3 Example output from the show security password...

Страница 159: ...shows the Telnet server settings Syntax show telnet Mode User Exec and Privileged Exec Example To show the Telnet server settings use the command awplus show telnet Output Figure 3 4 Example output f...

Страница 160: ...s command Line User Host s Idle Location Priv Idletime Timeout con 0 manager idle 00 00 00 ttyS0 15 10 N A vty 0 bob idle 00 00 03 172 16 11 3 1 0 5 Table 1 Parameters in the output of the show users...

Страница 161: ...st example use the command awplus telnet host example To connect to the telnet server host example on TCP port 100 use the command awplus telnet host example 100 Parameter Description hostname The hos...

Страница 162: ...y enabled then it will be restarted on the new port Changing the port number does not affect the port used by existing sessions Syntax telnet server 1 65535 default Mode Global Configuration Example T...

Страница 163: ...specified by this command The default length will apply unless you have changed the length for some or all lines by using the length asyn command Syntax terminal length length terminal no length lengt...

Страница 164: ...ed on the user s terminal Syntax terminal resize Mode User Exec and Privileged Exec Usage When the user s terminal size is changed then a remote session via SSH or TELNET adjusts the terminal size aut...

Страница 165: ...lege levels if an enable password has been configured for the level the user tries to access and the user enters that password A user at privilege level 1 can access the majority of show commands A us...

Страница 166: ...s To create the user bob with a privilege level of 15 for all show commands including show running configuration and show startup configuration and to access configuration commands in Privileged Exec...

Страница 167: ...e Feature Licensing commands Feature Licensing enables you to use advanced features such as Layer 3 routing To see which Feature Licenses are available for your device see the AlliedWare Plus Datashee...

Страница 168: ...mmand to make it specific to you when you initially add a license Once a license is added any change to the license label first requires removal of the license before adding a license again with a new...

Страница 169: ...lied feature licenses label The license name to show information about This can be used instead of the index number to identify a specific license index index number The index number of the license to...

Страница 170: ...C613 50163 01 Rev C Command Reference for GS970M Series 170 AlliedWare Plus Operating System Version 5 4 7 0 x FEATURE LICENSING COMMANDS SHOW LICENSE Related Commands license show license brief...

Страница 171: ...ed Exec Examples To display a brief summary of information about all feature licenses use the command awplus show license feature brief Related Commands license show license Parameter Description feat...

Страница 172: ...icensing commands For Software Version 5 4 6 2 x and later Subscription Licensing enables you to use OpenFlow To see the OpenFlow subscriptions for your device see the AlliedWare Plus Datasheet For st...

Страница 173: ...nd license update online instead Syntax license update filename Mode Privileged Exec Usage You can download subscription licenses from the Allied Telesis Download Center in order to copy them onto the...

Страница 174: ...pond for 10 or more seconds after typing the command a network routing or firewall configuration error is probably preventing the connection from establishing If this happens you can abort the command...

Страница 175: ...licenses Syntax show license external Mode Privileged Exec Examples To show information about what subscription features the device is licensed for use the following command awplus show license exter...

Страница 176: ...s Introduction Overview This chapter provides an alphabetical reference of commands used to configure the GUI For more information see the Getting Started with Alliedware Plus Command List atmf topolo...

Страница 177: ...the GUI enabled by default Regular nodes not master or controller will always have it disabled Mode Global Configuration mode Usage This command is run from an AMF Master node Topology information ab...

Страница 178: ...then enter the seconds If the GUI timeout is disabled a GUI session will remain active until you terminate it No idle time will be configured The same timeout period will apply to all GUI sessions log...

Страница 179: ...slog sends the messages out as they come NOTE There is a difference between log event and log host messages Log event messages are sent out as they come by syslog Log host messages are set to wait for...

Страница 180: ...ommand to enable the HTTP Hypertext Transfer Protocol service This service which is enabled by default is required to support the AlliedWare Plus GUI Java applet on a Java enabled browser Use the no v...

Страница 181: ...iew This command shows the HTTP server settings Syntax show http Mode User Exec and Privileged Exec Example To show the HTTP server settings use the command awplus show http Output Figure 6 2 Example...

Страница 182: ...n page 184 banner login system on page 186 banner motd on page 188 clock set on page 190 clock summer time date on page 191 clock summer time recurring on page 193 clock timezone on page 195 ecofriend...

Страница 183: ...ory on page 221 show memory pools on page 222 show memory shared on page 223 show process on page 224 show reboot history on page 226 show router id on page 227 show system on page 228 show system env...

Страница 184: ...dWare Plus version and build date is displayed at console login such as Mode Global Configuration Examples To configure a User Exec mode banner after login in this example to tell people to use the en...

Страница 185: ...x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER EXEC To remove the User Exec mode banner after login enter the following commands Related Commands banner login system banner motd awplus configu...

Страница 186: ...he login banner Syntax banner login no banner login Default By default no login banner is displayed at console login Mode Global Configuration Examples To configure a login banner of Authorised users...

Страница 187: ...63 01 Rev C Command Reference for GS970M Series 187 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER LOGIN SYSTEM Related Commands banner exec ban...

Страница 188: ...ax banner motd motd text no banner motd Default By default the device displays the AlliedWare Plus OS version and build date when you login Mode Global Configuration Examples To configure a MotD banne...

Страница 189: ...TION AND MONITORING COMMANDS BANNER MOTD Related Commands banner exec banner login system awplus enable awplus configure terminal Enter configuration commands one per line End with CNTL Z awplus confi...

Страница 190: ...ffset to the local time NOTE If Network Time Protocol NTP is enabled then you cannot change the time or date using this command NTP maintains the clock automatically using an external time source If y...

Страница 191: ...andard time and NZDT UTC 13 00 assummertime with thesummertimesetto begin on the 25th of September 2016 and end on the 2nd of April 2017 awplus config clock summer time NZDT date 25 sep 2 00 2016 2 ap...

Страница 192: ...Command Reference for GS970M Series 192 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS CLOCK SUMMER TIME DATE Related Commands clock summer time recur...

Страница 193: ...every year from now on start week Week of the month when summertime starts in the range 1 5 The value 5 indicates the last week that has the specified day in it for the specified month For example to...

Страница 194: ...nition for New Zealand using NZST UTC 12 00 as the standard time and NZDT UTC 13 00 as summertime with summertime set to start on the last Sunday in September and end on the 1st Sunday in April use th...

Страница 195: ...et to the local time Examples To set the timezone to New Zealand Standard Time with an offset from UTC of 12 hours use the command awplus config clock timezone NZST plus 12 To set the timezone to Indi...

Страница 196: ...default Mode Global Configuration Usage When the eco friendly LED feature is enabled a change in port status will not affect the display of the associated LED When the eco friendly LED feature is dis...

Страница 197: ...nd is used You can specify which interface or interfaces are flashed with the optional interface parameter Example To activate the Find Me feature for the default duration 60 seconds on all ports use...

Страница 198: ...Command Reference for GS970M Series 198 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS FINDME To deactivate the Find Me feature use the following comma...

Страница 199: ...work any device without a user defined hostname will automatically be assigned a name based on its MAC address To efficiently manage your network using AMF we strongly advise that you devise a naming...

Страница 200: ...ating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS HOSTNAME NOTE When AMF is configured running the no hostname command will apply a hostname that is based on the MAC address...

Страница 201: ...e following commands awplus config terminal awplus config max fib routes 2000 75 Parameter Description max fib routes This is the maximum number of routes that can be stored in the device s Forwarding...

Страница 202: ...nd to set the maximum number of static routes to the default of 1000 static routes Syntax max static routes 1 1000 no max static routes Default The default number of static routes is the maximum numbe...

Страница 203: ...ot1x nsm Mode Global Configuration and Privileged Exec Example To disable debugging for all features use the command awplus no debug all To disable all 802 1X debugging use the command awplus no debug...

Страница 204: ...COMMANDS REBOOT reboot Overview This command halts the device and performs a cold restart also known as reload It displays a confirmation request before restarting Syntax reboot reload Mode Privileged...

Страница 205: ...Command Reference for GS970M Series 205 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS RELOAD reload Overview This command performs the same function a...

Страница 206: ...Oct 2016 01 56 06 0000 Timezone NZST Timezone Offset 12 00 Summer time zone NZDT Summer time starts Last Sunday in September at 02 00 00 Summer time ends First Sunday in April at 02 00 00 Summer time...

Страница 207: ...ference for GS970M Series 207 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW CLOCK Related Commands clock set clock summer time date clock summer...

Страница 208: ...Configuration Guide Syntax show cpu sort thrds pri sleep runtime Mode User Exec and Privileged Exec Examples To show the CPU utilization of current processes sorting them by the number of threads the...

Страница 209: ...3 syslog ng 1 0 0 20 sleep 0 356 859 klogd 1 0 0 20 sleep 0 1 910 inetd 1 0 0 20 sleep 0 3 920 portmap 1 0 0 20 sleep 0 0 931 crond 1 0 0 20 sleep 0 1 1090 openhpid 11 0 0 20 sleep 0 233 1111 hpilogd...

Страница 210: ...ds show memory show memory allocations show memory history show memory pools show process sleep Percentage of time that the process is in the sleep state runtime The time that the process has been run...

Страница 211: ...d Configuration Guide Syntax show cpu history Mode User Exec and Privileged Exec Usage This command s output displays three graphs of the percentage CPU utilization per second for the last minute then...

Страница 212: ...ORY Related Commands show memory show memory allocations show memory pools show process Per minute CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per minute last 60 minutes ave...

Страница 213: ...ged Exec Usage This command displays all debugging information similar to the way the show tech support command displays all show output for use by Allied Telesis authorized service personnel only Exa...

Страница 214: ...friendly command awplus show ecofriendly Front panel port LEDs normal Energy efficient ethernet Port Name Configured Status port1 0 1 Port 1 off port1 0 2 off off port1 0 3 off port1 0 4 Port 4 off po...

Страница 215: ...w interface port list memory Mode User Exec and Privileged Exec Example To display the shared memory used by all interfaces use the command awplus show interface memory To display the shared memory us...

Страница 216: ...ef show interface status show interface switchport awplus show interface memory Vlan blocking state shared memory usage Interface shmid Bytes Used nattch Status port1 0 1 393228 512 1 port1 0 2 458766...

Страница 217: ...rting order for the list of processes If you do not specify this then the list is sorted by percentage memory utilization size Sort by the amount of memory the process is currently using peak Sort by...

Страница 218: ...in the output of the show memory command Parameter Description RAM total Total amount of RAM memory free free Available memory size buffers Memory allocated kernel buffers pid Identifier number for th...

Страница 219: ...y the memory allocations used by all processes on your device use the command awplus show memory allocations Output Figure 7 9 Example output from the show memory allocations command Parameter Descrip...

Страница 220: ...GS970M Series 220 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW MEMORY ALLOCATIONS Related Commands show memory show memory history show memory p...

Страница 221: ...xec and Privileged Exec Usage This command s output displays three graphs of the percentage memory utilization per second for the last minute then per minute for the last hour then per 30 minutes for...

Страница 222: ...the memory pools used by processes use the command awplus show memory pools Output Figure 7 11 Example output from the show memory pools command Related Commands show memory allocations show memory hi...

Страница 223: ...Ware Plus Feature Overview and Configuration Guide Syntax show memory shared Mode User Exec and Privileged Exec Example To display information about the shared memory allocation used on the device use...

Страница 224: ...how memory history Example To display a summary of the current running processes use the command awplus show process Output Figure 7 13 Example output from the show process command Parameter Descripti...

Страница 225: ...of processes waiting for CPU time for the periods stated Current CPU load Current CPU utilization specified by load types RAM total Total memory size free Available memory buffers Memory allocated to...

Страница 226: ...istory command Related Commands show tech support awplus show reboot history date time type description 2016 10 10 01 42 04 Expected User Request 2016 10 10 01 35 31 Expected User Request 2016 10 10 0...

Страница 227: ...OUTER ID show router id Overview Use this command to show the Router ID of the current system Syntax show router id Mode User Exec and Privileged Exec Example To display the Router ID of the current s...

Страница 228: ...ion Guide Syntax show system Mode User Exec and Privileged Exec Example To display configuration information use the command awplus show system Output Figure 7 16 Example output from show system Relat...

Страница 229: ...Configuration Guide Syntax show system environment Mode User Exec and Privileged Exec Example To display the system s environmental status use the command awplus show system environment Output Figure...

Страница 230: ...Plus Feature Overview and Configuration Guide Syntax show system interrupts Mode User Exec and Privileged Exec Example To display information about the number of interrupts for each IRQ in your device...

Страница 231: ...SYSTEM MAC show system mac Overview This command displays the physical MAC address of the device Syntax show system mac Mode User Exec and Privileged Exec Example To display the physical MAC address e...

Страница 232: ...tion for the device For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show system serialnumber Mode Us...

Страница 233: ...hcpsn epsr firewall igmp ip ipv6 mld openflow ospf ospf6 pim rip ripng stack stp system tacacs update outfile filename Parameter Description all Display full information atmf Display ATMF specific inf...

Страница 234: ...e already exists a newfilenameis generated withthe current timestamp If the output filename does not end with gz then gz is appended to the filename Since output files may be too large for Flash on th...

Страница 235: ...figuration Usage This command is used to change the console asyn port speed Set the console speed to matchthetransmissionrateofthe device connectedto theconsole asyn port on your device Example To set...

Страница 236: ...Reference for GS970M Series 236 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SPEED ASYN Related Commands clear line console line show running config...

Страница 237: ...5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SYSTEM TERRITORY DEPRECATED system territory deprecated Overview This command has been deprecated in Software Version 5 4 4 0 1 and later It now...

Страница 238: ...rminal or use the timeout option to stop displaying debugging output on the terminal after a set time Syntax terminal monitor 1 60 terminal no monitor Default Disabled Mode User Exec and Privileged Ex...

Страница 239: ...Reference for GS970M Series 239 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS UNDEBUG ALL undebug all Overview This command applies the functionality...

Страница 240: ...es in optical power received over fiber cables For more information see the Pluggables and Cabling Feature Overview and Configuration Guide Command List clear test cable diagnostics tdr on page 241 de...

Страница 241: ...cable diagnostics tdr Overview Use this command to clear the results of the last cable test that was run Syntax clear test cable diagnostics tdr Mode Privileged Exec Examples To clear the results of...

Страница 242: ...ec Privileged Exec Usage While debugging is enabled by this command for a port all the optical power readings for the port are sent to the console Example To enable debugging messages for active fiber...

Страница 243: ...522 Fiber monitor port2 0 1 Channel 1 Reading 1748 Baseline 1708 Threshold 1356 01 42 52 awplus Pluggable 522 Fiber monitor port2 0 1 Channel 1 Reading 1717 Baseline 1709 Threshold 1357 01 42 54 awpl...

Страница 244: ...only generates a log message Example To set the device to send an SNMP notification when ports 1 0 1 or 1 0 2 receive reduced power use the commands awplus config interface port1 0 1 1 0 2 awplus conf...

Страница 245: ...caused by temperature fluctuations etc could lead to unnecessary alarms There are two ways to configure the baseline The first is to choose a number of readings to average This is the default and reco...

Страница 246: ...Command Reference for GS970M Series 246 AlliedWare Plus Operating System Version 5 4 7 0 x PLUGGABLES AND CABLING COMMANDS FIBER MONITORING BASELINE Related Commands fiber monitoring interval fiber mo...

Страница 247: ...ce or to remove all the configuration and state for the ports respectively Syntax fiber monitoring enable no fiber monitoring enable no fiber monitoring Default Active fiber monitoring is disabled by...

Страница 248: ...e polling interval to the default 5 seconds Syntax fiber monitoring interval 2 60 no fiber monitoring interval Default The interval is set to 5 seconds by default Mode Interface configuration mode for...

Страница 249: ...fined levels in decibels or to a fixed absolute delta in units of 0 0001mW The alarm thresholds can be seen in the show system fiber monitoring output The maximum absolute sensitivity configurable is...

Страница 250: ...nce for GS970M Series 250 AlliedWare Plus Operating System Version 5 4 7 0 x PLUGGABLES AND CABLING COMMANDS FIBER MONITORING SENSITIVITY Related Commands fiber monitoring action fiber monitoring base...

Страница 251: ...monitoring awplus show sys fiber monitoring Fiber Monitoring Status Reading units 0 0001mW Stack member 1 Interface port1 0 1 Status enabled Supported Supported pluggable Debugging disabled Interval 2...

Страница 252: ...d sensitivity threshold for optical power changes on this port Baseline type How the baseline optical power level is calculated either the average of the specified number of previous readings or a spe...

Страница 253: ...Rev C Command Reference for GS970M Series 253 AlliedWare Plus Operating System Version 5 4 7 0 x PLUGGABLES AND CABLING COMMANDS SHOW SYSTEM FIBER MONITORING fiber monitoring interval fiber monitorin...

Страница 254: ...lled pluggable transceivers use the command awplus show system pluggable Output Figure 8 3 Example output from show system pluggable Parameter Description port list The ports to display information ab...

Страница 255: ...gable transceiver Datecode Specifies the manufacturing datecode for the installed pluggable transceiver Checking the manufacturing datecode with the vendor may be useful when determining Laser Diode a...

Страница 256: ...ggable detail command displays the following information SFP Laser Wavelength Specifies the laser wavelength of the installed pluggable transceiver Single mode Fiber Specifies the link length supporte...

Страница 257: ...system pluggable detail for a specific port on a device awplus show system pluggable detail System Pluggable Information Detail Port1 0 9 Vendor Name ATI Device Name AT SP10SR Device Revision A Devic...

Страница 258: ...velength of the installed pluggable transceiver Single Mode Fiber Specifies the link length supported by the pluggable transceiver using single mode fiber OM1 62 5um Fiber Specifies the link length in...

Страница 259: ...Modern optical SFP transceivers support Digital Diagnostics Monitoring DDM functions Diagnostic monitoring features allow you to monitor real time parameters of the pluggable transceiver such as opti...

Страница 260: ...283 3 800 2 800 3 500 3 100 Tx Bias mA Low 15 440 0 440 Low 12 440 2 440 Tx Power mW 0 357 Low 1 175 0 200 Low 0 933 0 251 Rx Power mW Low 1 259 0 049 Low 1 000 0 062 Rx LOS Rx Down Table 9 Parameters...

Страница 261: ...tometer on a fixed copper cable port The displayed status of the cable can be either OK Open Short within pair Short across pair Error Syntax show test cable diagnostics tdr Mode Privileged Exec Examp...

Страница 262: ...The displayed status of the cable can be either OK Short within pair or Open The Open or Short status is accompanied with the distance from the source port to the incorrect termination Syntax test cab...

Страница 263: ...on page 267 clear log permanent on page 268 default log buffered on page 269 default log console on page 270 default log email on page 271 default log host on page 272 default log monitor on page 273...

Страница 264: ...source on page 309 log host time on page 310 log monitor filter on page 312 log monitor exclude on page 315 log permanent on page 318 log permanent filter on page 319 log permanent exclude on page 32...

Страница 265: ...ating System Version 5 4 7 0 x LOGGING COMMANDS CLEAR EXCEPTION LOG clear exception log Overview This command resets the contents of the exception log but does not remove the associated core files Syn...

Страница 266: ...GGING COMMANDS CLEAR LOG clear log Overview This command removes the contents of the buffered and permanent logs Syntax clear log Mode Privileged Exec Example To delete the contents of the buffered an...

Страница 267: ...buffered Overview This command removes the contents of the buffered log Syntax clear log buffered Mode Privileged Exec Example To delete the contents of the buffered log use the following commands awp...

Страница 268: ...Overview This command removes the contents of the permanent log Syntax clear log permanent Mode Privileged Exec Example To delete the contents of the permanent log use the following commands awplus cl...

Страница 269: ...the buffered log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log buffered Default The buffered log is enabled by default Mode Global Configuration Ex...

Страница 270: ...sages sent to the terminal when a log console command is issued By default all messages are sent to the console when a log console command is issued Syntax default log console Mode Global Configuratio...

Страница 271: ...ill be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log email email address Mode Global Configuration Example To restore the default set...

Страница 272: ...ges will be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log host ip addr Mode Global Configuration Example To restore the default setti...

Страница 273: ...sent to the terminal when a terminal monitor command is used Syntax default log monitor Default All messages are sent to the terminal when a terminal monitor command is used Mode Global Configuration...

Страница 274: ...manent log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log permanent Default The permanent log is enabled by default Mode Global Configuration Example...

Страница 275: ...be deleted to make way for new ones Syntax log buffered no log buffered Default The buffered log is configured by default Mode Global Configuration Examples To configured the device to store log mess...

Страница 276: ...e minimum severity of message to send to the buffered log The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emerg...

Страница 277: ...awplus config log buffered msgtext Bridging initialization imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protecti...

Страница 278: ...og use the following commands awplus configure terminal awplus config no log buffered level notices program epsr To remove a filter that sends all messages containing the text Bridging initialization...

Страница 279: ...Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is...

Страница 280: ...Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the following syslo...

Страница 281: ...1 Rev C Command Reference for GS970M Series 281 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG BUFFERED EXCLUDE log buffered log buffered filter log buffered size show log sho...

Страница 282: ...ion has been filled old messages will be deleted to make room for new messages Syntax log buffered size 50 250 Mode Global Configuration Example To allow the buffered log to use up to 100 kB of RAM us...

Страница 283: ...the no variant of this command to configure the device not to send log messages to consoles Syntax log console no log console Mode Global Configuration Examples To configure the device to send log me...

Страница 284: ...rs or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error...

Страница 285: ...sends all messages generated by EPSR that have a severity of notices or higher to consoles use the following commands awplus configure terminal awplus config no log console level notices program epsr...

Страница 286: ...COMMANDS LOG CONSOLE FILTER To remove a default filter that includes sending critical alert and emergency level messages to the console use the following commands awplus configure terminal awplus con...

Страница 287: ...text string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names...

Страница 288: ...SH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the...

Страница 289: ...C613 50163 01 Rev C Command Reference for GS970M Series 289 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG CONSOLE EXCLUDE log console filter show log config...

Страница 290: ...ss Default By default no filters are defined for email log targets Filters must be defined before messages will be sent Mode Global Configuration Example To have log messages emailed to the email addr...

Страница 291: ...The email address to send logging messages to level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level...

Страница 292: ...alization imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn...

Страница 293: ...ing commands awplus configure terminal awplus config no log email admin homebase com To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to the email...

Страница 294: ...msgtext text string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or leve...

Страница 295: ...psr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the fol...

Страница 296: ...C613 50163 01 Rev C Command Reference for GS970M Series 296 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG EMAIL EXCLUDE log email filter log email time show log config...

Страница 297: ...d Use the offset option if the email recipient is in a different time zone to this device Specify the time offset of the email recipient in hours Messages will display the time they were generated on...

Страница 298: ...information converted to the time zone of the email recipient which is 3 hours ahead of the device s local time zone use the following commands awplus configure terminal awplus config log email admin...

Страница 299: ...l Configuration Usage Specifying different facilities for log messages generated on different devices can allow messages from multiple devices sent to a common server to be distinguished from each oth...

Страница 300: ...lity local6 Related Commands show log config ftp FTP daemon local 0 7 The facility labels above have specific meanings while the local facility labels are intended to be put to local use In AlliedWare...

Страница 301: ...chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application The remote server may also request that a certificate is transmitted from the lo...

Страница 302: ...C613 50163 01 Rev C Command Reference for GS970M Series 302 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG HOST log host time log trustpoint show log config...

Страница 303: ...e IP address of a remote syslog server level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names w...

Страница 304: ...21 msgtext Bridging initialization imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn DHCP snooping D...

Страница 305: ...use the following commands awplus configure terminal awplus config no log host 10 32 16 21 level notices program epsr To remove a filter that sends all messages containing the text Bridging initializa...

Страница 306: ...t string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names wher...

Страница 307: ...r Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the follo...

Страница 308: ...3 50163 01 Rev C Command Reference for GS970M Series 308 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG HOST EXCLUDE log host filter log host source log host time show log con...

Страница 309: ...no variant of this command to stop specifying a source interface or address Syntax log host source interface name ipv4 addr ipv6 addr no log host source Default None no source is configured Mode Globa...

Страница 310: ...remote syslog server in hours Messages will display the time they were generated on this device but converted to the time zone of the remote syslog server Examples To send messages to the remote sysl...

Страница 311: ...ime zone use the following commands awplus configure terminal awplus config log host 10 32 16 12 time local offset plus 3 To send messages to the remote syslog server with the IP address 10 32 16 02 w...

Страница 312: ...ollowing numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3...

Страница 313: ...of notices or higher to the terminal use the following commands awplus configure terminal awplus config no log monitor level notices program epsr rmon Remote Monitoring loopprot Loop Protection dhcps...

Страница 314: ...7 0 x LOGGING COMMANDS LOG MONITOR FILTER To remove a default filter that includes sending everything to the terminal use the following commands awplus configure terminal awplus config no log monitor...

Страница 315: ...t text string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names...

Страница 316: ...IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of...

Страница 317: ...C613 50163 01 Rev C Command Reference for GS970M Series 317 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG MONITOR EXCLUDE show log config terminal monitor...

Страница 318: ...to make way for new messages The no variant of this command configures the device not to send any messages to the permanent log Log messages will not be retained over a restart Syntax log permanent n...

Страница 319: ...level The minimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies Syste...

Страница 320: ...e the following commands awplus configure terminal awplus config log permanent msgtext Bridging initialization epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protect...

Страница 321: ...Series 321 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG PERMANENT FILTER Related Commands clear log permanent default log permanent log permanent log permanent exclude log p...

Страница 322: ...ion level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity...

Страница 323: ...Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the follow...

Страница 324: ...1 Rev C Command Reference for GS970M Series 324 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG PERMANENT EXCLUDE log permanent filter log permanent size show log config show l...

Страница 325: ...n filled old messages will be deleted to make room for new messages Syntax log permanent size 50 250 Mode Global Configuration Example To allow the permanent log to use up to 100 kB of NVS use the fol...

Страница 326: ...his log rate limiting feature constrains the rate that log messages are generated by the device Notethatif withinthe giventimeinterval thenumberoflogmessages exceeds the limit then any excess log mess...

Страница 327: ...lliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG RATE LIMIT NSM To return the device the default setting to generate up to 200 log messages per second use the following commands...

Страница 328: ...he certificate received from the remote server must have an issuer chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoi...

Страница 329: ...ceived P4 32 Total Received P5 312 Total Received P6 1602 Total Received P7 372 Table 10 Parameters in output of the show counter log command Parameter Description Total Received Total number of messa...

Страница 330: ...displays the contents of the exception log Syntax show exception log Mode User Exec and Privileged Exec Example To display the exception log use the command awplus show exception log Output Figure 9 2...

Страница 331: ...tion Usage If the optional tail parameter is specified only the latest 10 messages in the buffered log are displayed A numerical value can be specified after the tail parameter to select how many of t...

Страница 332: ...notice awplus kernel Linux version 2 6 32 12 at1 mak er awpmaker03 dl gcc version 4 3 3 Gentoo 4 3 3 r3 p1 2 pie 10 1 5 1 Wed Dec 8 11 53 40 NZDT 2010 2011 Aug 29 07 55 22 kern warning awplus kernel...

Страница 333: ...ple To display the logging configuration use the command awplus show log config Output Figure 9 4 Example output from the show log config command Facility default PKI trustpoints example_trustpoint Bu...

Страница 334: ...annot be set at the same time If console logging is enabled then the terminal logging is turned off Related Commands show counter log show log show log permanent Host 10 32 16 21 Time offset 2 00 Offs...

Страница 335: ...t Output Figure 9 5 Example output from the show log permanent command Related Commands clear log permanent default log permanent log permanent log permanent filter log permanent exclude log permanent...

Страница 336: ...IG LOG show running config log Overview This command displays the current running configuration of the Log utility Syntax show running config log Mode Privileged Exec and Global Configuration Example...

Страница 337: ...e for GS970M Series 337 AlliedWare Plus Operating System Version 5 4 7 0 x Scripting Commands Introduction Overview This chapter provides commands used for command scripts Command List activate on pag...

Страница 338: ...filename extension of either sh or scp only for the AlliedWare Plus CLI to activate the script file The sh filename extension indicates the file is an ASH script and the scp filename extension indica...

Страница 339: ...to the terminal followed by a blank line Syntax echo line Mode User Exec and Privileged Exec Usage This command may be useful in CLI scripts to make the script print user visible comments Example To e...

Страница 340: ...m the command line Usage Use this command to pause script execution in an scp AlliedWare Plus script or an sh ASH script file executed by the activate command The script must contain an enable command...

Страница 341: ...chapter provides an alphabetical reference of commands used to configure and display interfaces Command List description interface on page 342 interface to configure on page 343 mru on page 345 mtu o...

Страница 342: ...nd to add a description to a specific port or interface Syntax description description Mode Interface Configuration Example The following example uses this command to describe the device that a switch...

Страница 343: ...bility and simplify management information gathering and filtering One example of this increased reliability is for OSPF to advertise a local loopback interface as an interface route into the network...

Страница 344: ...0 x INTERFACE COMMANDS INTERFACE TO CONFIGURE The following example shows how to enter Interface mode to configure the local loopback interface awplus configure terminal awplus config interface lo aw...

Страница 345: ...g additional components Source and Destination addresses EtherType field Priority and VLAN tag fields FCS These additional components increase the frame size internally to 1522 bytes Syntax mru mru si...

Страница 346: ...AlliedWare Plus Operating System Version 5 4 7 0 x INTERFACE COMMANDS MRU To restore the MRU size of 1500 bytes on port1 0 2 use the commands awplus configure terminal awplus config interface port1 0...

Страница 347: ...device will send an ICMP destination unreachable 3 packet type and a fragmentation needed and DF set 4 code back to the source For IPv6 packets bigger than the MTU size of the transmitting VLAN inter...

Страница 348: ...C613 50163 01 Rev C Command Reference for GS970M Series 348 AlliedWare Plus Operating System Version 5 4 7 0 x INTERFACE COMMANDS MTU Related Commands show interface...

Страница 349: ...ize for VLAN interfaces and MRU Maximum Received Unit size for switch ports Example To display configuration and status information for all interfaces use the command awplus show interface Parameter D...

Страница 350: ...ash limiting Status Not Detected Action learn disable Timeout 1 s Hardware is Ethernet address is 001a eb54 f3ae index 5001 metric 1 mru 1500 configured duplex auto configured speed auto configured po...

Страница 351: ...ING MULTICAST SNMP link status traps Disabled Bandwidth 1g input packets 295606 bytes 56993106 dropped 5 multicast packets 156 output packets 299172 bytes 67379392 multicast packets 0 broadcast packet...

Страница 352: ...c and Privileged Exec Output Figure 11 4 Example output from the show interface brief command Related Commands show interface show interface memory awplus show int brief Interface Status Protocol port...

Страница 353: ...ort list memory Mode User Exec and Privileged Exec Example To display the shared memory used by all interfaces use the command awplus show interface memory To display the shared memory used by port1 0...

Страница 354: ...rface status show interface switchport awplus show interface memory Vlan blocking state shared memory usage Interface shmid Bytes Used nattch Status port1 0 1 393228 512 1 port1 0 2 458766 512 1 port1...

Страница 355: ...separated by a hyphen e g port1 0 1 1 0 6 or sa1 2 or po1 2 a comma separated list of ports and port ranges e g port1 0 1 port1 0 4 1 0 6 Do not mix switch ports static channel groups and dynamic LAC...

Страница 356: ...ate promiscuous it displays the primary VLAN ID if it has one and promiscuous if it does not have a VLAN ID When the VLAN mode is private host it displays the primary and secondary VLAN IDs When the p...

Страница 357: ...regator and its component ports as admin down While the aggregator is down the device accepts shutdown and no shutdown commands on component ports but these have no effect on port status Ports will no...

Страница 358: ...rence of commands used to configure Port Mirroring and Remote Mirroring also known as RSPAN For more information see the Mirroring Feature Overview and Configuration Guide Command List mirror interfac...

Страница 359: ...e source switch ports to mirror A port list can be a port e g port1 0 2 a continuous range of ports separated by a hyphen e g port1 0 1 1 0 2 a comma separated list of ports and port ranges e g port1...

Страница 360: ...d to mirror a subset of traffic from the mirrored port by using the copy to mirror parameter in hardware ACL commands Example To mirror traffic received and transmitted on port1 0 4 and port1 0 5 to d...

Страница 361: ...o remote mirror interface port list direction receive transmit no remote mirror interface none Default No ports are set to be remote mirrored by default Mode Interface Configuration Usage To prevent u...

Страница 362: ...he source device for remote mirroring remote mirror interface command All mirrored ports on a single device must use the same remote mirror VLAN and priority Access control lists can be used to mirror...

Страница 363: ...tput Figure 12 1 Example output from the show mirror command Mirror Test Port Name port1 0 1 Mirror option Enabled Mirror direction both Monitored Port Name port1 0 2 Mirror Test Port Name port1 0 3 M...

Страница 364: ...ce port Mode User Exec Privileged Exec and Interface Configuration Example To display port mirroring configuration for the port1 0 4 use the following commands awplus configure terminal awplus config...

Страница 365: ...User priority 0 Monitored ports port1 0 1 direction both Remote mirror egress ports Remote mirror VLANs VLAN 259 Table 12 1 Parameters in the output from show remote mirror Parameter Description Remo...

Страница 366: ...ror vlan Remote mirror egress ports On the destination device this displays the remote mirror egress ports the remote mirror VLANs they are associated with Remote mirror VLANs On source destination an...

Страница 367: ...rored traffic we recommend configuring remote monitoring on the receiving device before configuring it on the source device This command would typically be used for the port that transmits the remote...

Страница 368: ...onfiguring the source device The remote mirror VLAN operates in a special mode all traffic on the remote mirror VLAN is flooded and no learning or CPU processing is done for packets in the VLAN BPDU p...

Страница 369: ...63 01 Rev C Command Reference for GS970M Series 369 AlliedWare Plus Operating System Version 5 4 7 0 x PORT MIRRORING AND REMOTE MIRRORING COMMANDS VLAN MODE REMOTE MIRROR VLAN switchport remote mirro...

Страница 370: ...Plus Operating System Version 5 4 7 0 x Interface Testing Commands Introduction Overview This chapter provides an alphabetical reference of commands used for testing interfaces Command List clear test...

Страница 371: ...ax clear test interface port list all Mode Privileged Exec Examples To clear the counters for port1 0 1 use the command awplus clear test interface port1 0 1 To clear the counters for all interfaces u...

Страница 372: ...ter entering this command enter Interface Configuration mode for the desired interfaces and enter the command test interface Do not test interfaces on a device that is part of a live network disconnec...

Страница 373: ...eed 100 NOTE Do not run test interface on live networks because this will degrade network performance Syntax test interface port list all time 1 60 cont no test interface port list all Mode Privileged...

Страница 374: ...d enter the following commands awplus config service test awplus config no spanning tree rstp enable bridge forward awplus config interface vlan1 awplus config if shutdown awplus config if end awplus...

Страница 375: ...C613 50163 01 Rev C Command Reference for GS970M Series 375 AlliedWare Plus Operating System Version 5 4 7 0 x Part 2 Interfaces and Layer 2...

Страница 376: ...on page 380 clear mac address table dynamic on page 381 clear mac address table static on page 383 clear port counter on page 384 clear port security intrusion on page 385 debug loopprot on page 388...

Страница 377: ...3 show interface switchport on page 414 show loop protection on page 415 show mac address table on page 417 show mac address table thrash limit on page 419 show platform on page 420 show platform clas...

Страница 378: ...plex mode The flow control applied by the flowcontrol switch port command operates only on full duplex links whereas back pressure operates only on half duplex links If a port has insufficient capacit...

Страница 379: ...ion 5 4 7 0 x SWITCHING COMMANDS BACKPRESSURE Todisablebackpressureflowcontroloninterfaceport1 0 2enterthefollowing commands awplus configure terminal awplus config interface port1 0 2 awplus config i...

Страница 380: ...e Loop Protection counters Syntax clear loop protection interface port list counters Mode Privileged Exec Examples To clear the counter information for all interfaces awplus clear loop protection coun...

Страница 381: ...mac address table static command Note that an MSTP instance cannot be specified with the command clear mac address table static Examples This example shows how to clear all dynamically learned filteri...

Страница 382: ...C ADDRESS TABLE DYNAMIC This example shows how to clear all dynamically learned filtering database entries whenlearnedthroughdeviceoperationforagivenMSTP instance1 on switchport interface port1 0 2 aw...

Страница 383: ...r all filtering database entries for a specific interface configured through the CLI awplus clear mac address table static interface port1 0 3 This example shows how to clear filtering database entrie...

Страница 384: ...RT COUNTER clear port counter Overview Use this command to clear the packet counters of the port Syntax clear port counter port Mode Privileged Exec Example To clear the packet counter for port1 0 1 u...

Страница 385: ...trusion interface port Mode Privileged Exec Examples To see the port security status on port1 0 1 use the following command awplus show port security interface port1 0 1 To see the intrusion list on p...

Страница 386: ...wplus show port security intrusion interface port1 0 1 Table 2 Example output from the show port security intrusion command awplus show port security intrusion interface port1 0 1 Port Security Intrus...

Страница 387: ...rating System Version 5 4 7 0 x SWITCHING COMMANDS CLEAR PORT SECURITY INTRUSION Related Commands show port security interface show port security intrusion switchport port security switchport port sec...

Страница 388: ...opprot info msg pkt state nsm all Mode Privileged Exec and Global Configuration Example To enable debug for all state transitions use the command awplus debug loopprot state Related Commands show debu...

Страница 389: ...ace packets sent and received by the CPU If a timeout is not specified then a default 5 minute timeout will be applied If a timeout of 0 is specified packet debug will be generated until the no varian...

Страница 390: ...f 5 minutes enter awplus debug platform packet sflow To enable send packet debug with no timeout enter awplus debug platform packet send timeout 0 To enable VLAN packet debug for VLAN 2 with a timeout...

Страница 391: ...LACP channel group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group you can set the duplex mode of all the switch ports in the chan...

Страница 392: ...C613 50163 01 Rev C Command Reference for GS970M Series 392 AlliedWare Plus Operating System Version 5 4 7 0 x SWITCHING COMMANDS DUPLEX Related Commands backpressure polarity speed show interface...

Страница 393: ...and cannot receive any more traffic it notifies the other port to stop sending until the condition clears When the local device detects congestion at its end it notifies the remote device by sending a...

Страница 394: ...nterface port1 0 2 awplus config if flowcontrol receive on awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol send on awplus configure terminal awplus config inte...

Страница 395: ...ll shut down Use the no variant of this command to disable flapping detection at this rate Syntax linkflap action shutdown no linkflap action Default Linkflap action is disabled by default Mode Global...

Страница 396: ...verview and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To enable the loop detect mechanism on the switch and generate loo...

Страница 397: ...nd overview information prior to applying this command Example To disable the interface port1 0 4 and bring the link down when a network loop is detected use the commands awplus configure terminal awp...

Страница 398: ...o variant of this command to reset the loop protection action delay time for an interface to default Syntax loop protection action delay time 0 86400 no loop protection action Default Action delay tim...

Страница 399: ...rotection section in the Switching Feature Overview and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To configure a loop pr...

Страница 400: ...ress table acquire Overview Use this command to enable MAC address learning on the device Use the no variant of this command to disable learning Syntax mac address table acquire no mac address table a...

Страница 401: ...fault of 300 seconds 5 minutes Syntax mac address table ageing time ageing timer none no mac address table ageing time Default The default ageing time is 300 seconds Mode Global Configuration Examples...

Страница 402: ...c address table logging no mac address table logging Default MAC address table logging is disabled by default Mode User Exec Privileged Exec Usage When MAC address table logging is enabled the switch...

Страница 403: ...hed traffic within a single VLAN Do not apply the mac address table static command to Layer 3 switched traffic passing from one VLAN to another VLAN Frames will not be discarded across VLANs because p...

Страница 404: ...able thrash limiting Syntax mac address table thrash limit rate no mac address table thrash limit Default No thrash limiting Mode Global Configuration Usage Use this command to limit thrashing on the...

Страница 405: ...ad balancing Default The default is src dst ip Mode Global configuration Examples To set the load balancing algorithm to include only Layer 2 MAC addresses enter awplus configure terminal awplus confi...

Страница 406: ...g mc flooding no platform stop unreg mc flooding Default This feature is disabled by default Mode Global Configuration Usage This command stops the periodic flooding of unknown or unregistered multica...

Страница 407: ...To enable this feature and stop multicast packet flooding use the following commands awplus configure terminal awplus config platform stop unreg mc flooding To disable this feature and allow multicas...

Страница 408: ...nd 1522 bytes you must increase the MRU size to activate VLAN stacking Go into interface mode for the appropriate ports and use the mru command Syntax platform vlan stacking tpid tpid no platform vlan...

Страница 409: ...ty applies to copper 10BASE T 100BASE T and 1000BASE T switch ports it does not apply to fiber ports See the MDI MDIX Connection Modes section in the Switching Feature Overview and Configuration Guide...

Страница 410: ...NDS SHOW DEBUGGING LOOPPROT show debugging loopprot Overview This command shows Loop Protection debugging information Syntax show debugging loopprot Mode User Exec and Privileged Exec Example To displ...

Страница 411: ...show debugging platform packet Overview This command shows platform to CPU level packet debugging information Syntax show debugging platform packet Mode User Exec and Privileged Exec Example To displa...

Страница 412: ...flowcontrol interface port Mode User Exec and Privileged Exec Example To display the flow control for the port1 0 5 use the command awplus show flowcontrol interface port1 0 5 Output Figure 14 1 Examp...

Страница 413: ...ocols responsible for the shutdown Syntax show interface interface range err disabled Mode User Exec and Privileged Exec Example To show which protocols have shut down ports use the commands awplus sh...

Страница 414: ...ivileged Exec Example To display VLAN information about each switch port enter the command awplus show interface switchport Output Figure 14 3 Example output from the show interface switchport command...

Страница 415: ...guration status use the command awplus show loop protection Figure 14 4 Example output from the show loop protection command To display the counter information use the command awplus show loop protect...

Страница 416: ...liedWare Plus Operating System Version 5 4 7 0 x SWITCHING COMMANDS SHOW LOOP PROTECTION awplus show loop protection counters Switch Loop Detection Counter Interface Tx Rx Rx Invalid Last LDF Rx port1...

Страница 417: ...ample output captured when packets were switched and mac addresses were learned Note the new mac addresses learned for port1 0 4 and port1 0 6 added as dynamic entries Note the first column of the out...

Страница 418: ...lear mac address table static mac address table static awplus config mac address table static 0000 1111 2222 for int port1 0 3 vlan 2 awplus config end awplus awplus show mac address table VLAN Port M...

Страница 419: ...nd to display the current thrash limit set for all interfaces on the device Syntax show mac address table thrash limit Mode User Exec and Privileged Exec Example To display the current use the followi...

Страница 420: ...form command awplus show platform MAC vlan hashing algorithm crc32l L3 hashing algorithm crc32l stop unreg mc flooding off Vlan stacking TPID 0x8100 Table 5 Parameters in the output of the show platfo...

Страница 421: ...th the platform stop unreg mc flooding command This feature prevents flooding of unregistered multicast packets in the occasional situations in which IGMP snooping does not prevent it Vlan stacking TP...

Страница 422: ...represents of the total available Syntax show platform classifier statistics utilization brief Mode Privileged Exec Example To display the platform classifier utilization statistics use the following...

Страница 423: ...ples To display port registers for port1 0 1 and port1 0 2 use the following command awplus show platform port port1 0 1 port1 0 2 To display platform counters for port1 0 1 and port1 0 2 use the foll...

Страница 424: ...on for lport 0x08002002 Phy Driver 542XX Gigabit PHY Driver enabled 1 loopback 0 link 1 speed 1000 max speed 1000 duplex 1 linkscan 2 autonegotiate 1 master 2 tx pause 0 rx pause 0 untagged vlan 4000...

Страница 425: ...tet packets received and transmitted General Counters Receive Counters for traffic received Octets Number of octets received Pkts Number of packets received FCSErrors Number of FCS Frame Check Sequenc...

Страница 426: ...rral Frame counter FrmWExcesDefer Transmit Multiple Deferral Frame counter SingleCollsnFrm Transmit Single Collision Frame counter MultCollsnFrm Transmit Multiple Collision Frame counter LateCollision...

Страница 427: ...Figure 14 10 Example output from the show port security interface command Related Commands clear port security intrusion show port security intrusion switchport port security switchport port security...

Страница 428: ...security intrusion interface port1 0 1 Output Figure 14 11 Example output from the show port security intrusion command for port 1 0 1 Related Commands clear port security intrusion show port securit...

Страница 429: ...er Exec and Privileged Exec Example To display storm control information for port1 0 2 use the following command awplus show storm control port1 0 2 Output Figure 14 12 Example output from the show st...

Страница 430: ...peed except for 100Base FX ports which do not support auto negotiation so default to 100Mbps Usage Switch ports in a static or dynamic LACP channel group must have the same port speed and be in full d...

Страница 431: ...0 2 awplus config if speed auto To set the port to auto negotiate its speed at 100Mbps and 1000Mbps enter the following commands awplus configure terminal awplus config interface port1 0 2 awplus con...

Страница 432: ...ode Interface Configuration Usage Flooding techniques are used to block the forwarding of unnecessary flooded traffic A packet storm occurs when a large number of broadcast packets are received on a p...

Страница 433: ...ntax switchport port security no switchport port security Mode Interface Configuration Examples To enable the port security feature on port1 0 4 use the following commands awplus configure terminal aw...

Страница 434: ...Examples To set port1 0 4 so that the MAC addresses that have been learned by port security age out use the following commands awplus configure terminal awplus config interface port1 0 4 awplus confi...

Страница 435: ...it will be ignored and the specified intrusion action for the port will be carried out Syntax switchport port security maximum 0 256 no switchport port security maximum Mode Interface Configuration Ex...

Страница 436: ...iolation action to default The default violation action is protect Syntax switchport port security violation shutdown restrict protect no switchport port security violation Mode Interface Configuratio...

Страница 437: ...ing this command Examples To set the action to learn disable for port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if thrash limiting actio...

Страница 438: ...set the thrash limiting action to its default use the following command awplus config if no thrash limiting action To set the thrash limiting timeout to its default use the following command awplus c...

Страница 439: ...mmand Reference for GS970M Series 439 AlliedWare Plus Operating System Version 5 4 7 0 x SWITCHING COMMANDS UNDEBUG LOOPPROT undebug loopprot Overview This command applies the functionality of the no...

Страница 440: ...ence for GS970M Series 440 AlliedWare Plus Operating System Version 5 4 7 0 x SWITCHING COMMANDS UNDEBUG PLATFORM PACKET undebug platform packet Overview This command applies the functionality of the...

Страница 441: ...orwarding priority on page 448 show vlan on page 449 show vlan access map on page 450 show vlan filter on page 451 show vlan private vlan on page 452 switchport access vlan on page 453 switchport mode...

Страница 442: ...dWare Plus Operating System Version 5 4 7 0 x VLAN COMMANDS switchport voice dscp on page 468 switchport voice vlan on page 469 switchport voice vlan priority on page 471 vlan on page 472 vlan access...

Страница 443: ...Configuration_Guide Syntax port vlan forwarding priority epsr loop protection none no port vlan forwarding priority Default By default the highest priority protocol is EPSR Mode Global Configuration U...

Страница 444: ...data VLAN configured to VLAN interface vlan30 Initially the EPSR ring is complete with port1 0 2 blocking data VLANs vlan20 and vlan30 and some broadcast traffic flowing through If the user removes v...

Страница 445: ...ure terminal awplus config port vlan forwarding priority loop protection To set EPSR Loop Protection and MAC Thrashing protection protocols to have equal priority for port forwarding and blocking whic...

Страница 446: ...ted primary Mode VLAN Configuration Examples awplus configure terminal awplus config vlan database awplus config vlan vlan 2 name vlan2 state enable awplus config vlan vlan 3 name vlan3 state enable a...

Страница 447: ...vlan id remove secondary vlan id no private vlan primary vlan id association Mode VLAN Configuration Examples The following commands associate primary VLAN 2 with secondary VLAN 3 awplus configure te...

Страница 448: ...otection is set as the highest priority for determining whether a port forwards a VLAN as set by the port vlan forwarding priority command For more information about EPSR see the EPSR Feature Overview...

Страница 449: ...nd awplus show vlan 2 Output Figure 15 2 Example output from the show vlan command Related Commands vlan Parameter Description 1 4094 Display information about the VLAN specified by the VLAN ID all Di...

Страница 450: ...VLANs Syntax show vlan access map name Mode User Exec Privileged Exec Example To display the ACLs in all access maps use the command awplus show vlan access map Output Figure 15 3 Example output from...

Страница 451: ...ode User Exec Privileged Exec Example To display information about the filter that uses the access map named deny_all use the command awplus show vlan filter deny_all Output Figure 15 4 Example output...

Страница 452: ...ation and associations Syntax show vlan private vlan Mode User Exec and Privileged Exec Example To display the private VLAN configuration and associations enter the command awplus show vlan private vl...

Страница 453: ...witchports using the negated form of this command Mode Interface Configuration Usage Any untagged frame received on this port will be associated with the specified VLAN Examples To change the port bas...

Страница 454: ...access ingress filter enable disable Default By default ports are in access mode with ingress filtering on Usage Use access mode to send untagged frames only Mode Interface Configuration Example awplu...

Страница 455: ...ace port1 0 2 awplus config if switchport mode private vlan host awplus config interface port1 0 3 awplus config if switchport mode private vlan promiscuous awplus config interface port1 0 4 awplus co...

Страница 456: ...is disabled as a promiscuous port Mode Interface Configuration Usage A port must be put in trunk mode with switchport mode trunk command before it can be enabled as a promiscuous port To add VLANs to...

Страница 457: ...s config vlan exit awplus config interface port1 0 2 awplus config if switchport mode trunk awplus config if switchport trunk allowed vlan add 2 4 awplus config if switchport mode private vlan trunk p...

Страница 458: ...in trunk mode is enabled to be a secondary port for isolated VLANs by default it will have a native VLAN of none no native VLAN specified Mode Interface Configuration Usage A port must be put in trunk...

Страница 459: ...lus config vlan private vlan 2 isolated awplus config vlan exit awplus config interface port1 0 3 awplus config if switchport mode trunk awplus config if switchport trunk allowed vlan add 2 awplus con...

Страница 460: ...the default VLAN vlan1 and have ingress filtering on Mode Interface Configuration Usage Aportin trunkmodecan be a tagged member ofmultipleVLANs and anuntagged member of one native VLAN To configure w...

Страница 461: ...command to remove the association Syntax switchport private vlan host association primary vlan id add secondary vlan id no switchport private vlan host association Mode Interface Configuration Example...

Страница 462: ...switchport private vlan mapping Mode Interface Configuration Usage This command can be applied to a switch port or a static channel group but not a dynamic LACP channel group LACP channel groups dyna...

Страница 463: ...and remove parameters will add and remove VLANs to and from the port s member set See the note below about restrictions when using the add remove except and all parameters Parameter Description all Al...

Страница 464: ...6 awplus config if switchport trunk allowed vlan except 3 4 Then the configuration is changed after entering the above commands to remove VLAN 3 To add a VLAN where the configuration for port1 0 6 sho...

Страница 465: ...t trunk allowed vlan add 2 The following shows adding a range of VLANs to the port s member set awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk allowed vl...

Страница 466: ...following commands show configuration of VLAN 2 as the native VLAN for port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk native vlan 2 The followi...

Страница 467: ...e Interface Configuration Usage Use VLAN stacking to separate traffic from different customers to that they can be managed over a provider network Note that you must also set an MRU of 1504 or higher...

Страница 468: ...e advertised Mode Interface Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the po...

Страница 469: ...Mode Interface Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the port using this...

Страница 470: ...Operating System Version 5 4 7 0 x VLAN COMMANDS SWITCHPORT VOICE VLAN Egress VLAN Name 58 in the RADIUS Accept message when authenticating a phone attached to this port Tosettheseattributes ontheloc...

Страница 471: ...tag also known as the Class of Service CoS or 802 1p priority When LLDP MED capable IP phones receivethis network policy information they transmitvoicedata with the specified priority Syntax switchpor...

Страница 472: ...e mtu Default By default VLANs are enabled when they are created Mode VLAN Configuration Examples To enable vlan 45 use the commands awplus configure terminal awplus config vlan database awplus config...

Страница 473: ...LAN ACLs and ACL processing order Use the no variant of this command to delete a VLAN access map Syntax vlan access map name no vlan access map name Default By default no VLAN access maps exist Mode G...

Страница 474: ...ter the VLAN Configuration mode Syntax vlan database Mode Global Configuration Usage Use this command to enter the VLAN configuration mode You can then add or delete a VLAN or modify its values Exampl...

Страница 475: ...efault no VLAN filters exist Mode Global Configuration Example To apply ACL 3001 to VLAN 48 where the ACL drops IP traffic from any source to any destination use the commands awplus configure terminal...

Страница 476: ...and MSTP on page 479 debug mstp RSTP and STP on page 480 instance priority MSTP on page 484 instance vlan MSTP on page 486 region MSTP on page 488 revision MSTP on page 489 show debugging mstp on page...

Страница 477: ...n page 524 spanning tree guard root on page 525 spanning tree hello time on page 526 spanning tree link type on page 527 spanning tree max age on page 528 spanning tree max hops MSTP on page 529 spann...

Страница 478: ...age Use this command with the instance parameter in MSTP mode Specifying this command with the interface parameter only not the instance parameter will work in STP and RSTP mode Examples awplus clear...

Страница 479: ...ew Use this command to clear the detected protocols for a specific port or all ports Use this command in RSTP or MSTP mode only Syntax clear spanning tree detected protocols interface port Mode Privil...

Страница 480: ...1 Use the debug mstp topology change interface command to generate debugging messageswhen the device receives an indicationof a topology change in a BPDU from another device The debugging can be acti...

Страница 481: ...his command uses the keyword mstp it displays debugging output for RSTP and STP protocols as well as the MSTP protocol Due to the likely volume of output these debug messages are best viewed using the...

Страница 482: ...IST int pathcost 0 17 23 42 awplus MSTP 1417 CIST bridge id 0000 0000cd1000fe 17 23 42 awplus MSTP 1417 CIST hops remaining 20 17 23 42 awplus MSTP 1417 MSTI flags Agree Forward Learn role Desig 17 23...

Страница 483: ...ebugging mstp terminal monitor undebug mstp awplus terminal monitor awplus debug mstp packet rx decode interface port1 0 4 awplus 17 30 17 awplus MSTP 1417 port1 0 4 xSTP BPDU rx start 17 30 17 awplus...

Страница 484: ...instance MSTP selects the device with the lowest MAC address to be the root bridge Give the device a higher priority for becoming the root bridge for a particular instance by assigning it a lower pri...

Страница 485: ...0M Series 485 AlliedWare Plus Operating System Version 5 4 7 0 x SPANNING TREE COMMANDS INSTANCE PRIORITY MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spanning tree ms...

Страница 486: ...MST Configuration Usage The VLANs must be created before being associated with an MST instance MSTI If the VLAN range is not specified the MSTI will not be created This command removes the specified...

Страница 487: ...eference for GS970M Series 487 AlliedWare Plus Operating System Version 5 4 7 0 x SPANNING TREE COMMANDS INSTANCE VLAN MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spa...

Страница 488: ...t to the default Syntax region region name no region Default By default the region name is My Name Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI c...

Страница 489: ...n revision number Default The default of revision number is 0 Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same o...

Страница 490: ...ion on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mstp Mode User Exec and Privileged Exec mode Exam...

Страница 491: ...nter has been included for RSTP and MSTP You can see the topology change counter for RSTP by using the show spanning tree command You can see the topology change counter for MSTP by using the show spa...

Страница 492: ...Timer 0 topo change timer 0 port1 0 1 forward transitions 0 port1 0 1 Version Rapid Spanning Tree Protocol Received None Send STP port1 0 1 No portfast configured Current portfast off port1 0 1 portfa...

Страница 493: ...t1 0 3 Designated Path Cost 0 port1 0 3 Configured Path Cost 200000 Add type Explicit ref count 1 port1 0 3 Designated Port Id 839f Priority 128 port1 0 3 Root 80000000cd20f093 port1 0 3 Designated Br...

Страница 494: ...the topology change counter for MSTP by using the show spanning tree mst instance command Example To display a summary of spanning tree status information use the command awplus show spanning tree bri...

Страница 495: ...ce Configuration Example To display bridge level information about the CIST and VLAN to MSTI mappings enter the command awplus show spanning tree mst Output Figure 16 5 Example output from show spanni...

Страница 496: ...sage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example To display MSTP c...

Страница 497: ...ff2d 1 CIST Reg Root Id 80000000cd24ff2d 1 CIST Bridge Id 80000000cd24ff2d 1 portfast bpdu filter disabled 1 portfast bpdu guard disabled 1 portfast errdisable timeout disabled 1 portfast errdisable t...

Страница 498: ...egional Root 80000000cd24ff2d port1 0 3 Designated Bridge 80000000cd24ff2d port1 0 3 Message Age 0 Max Age 20 port1 0 3 CIST Hello Time 2 Forward Delay 15 port1 0 3 CIST Forward Timer 0 Msg Age Timer...

Страница 499: ...ort e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward...

Страница 500: ...o point Current shared Instance 2 Vlans 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 Id 8...

Страница 501: ...Exec Privileged Exec and Interface Configuration Example To display detailed information for instance 2 and all switch ports associated with that instance use the command awplus show spanning tree mst...

Страница 502: ...ee mst instance 2 interface port1 0 2 Output Figure 16 10 Example output from show spanning tree mst instance Parameter Description instance id Specify an MSTP instance in the range 1 15 port The port...

Страница 503: ...instance and all interfaces associated with them for port1 0 4 use the command awplus show spanning tree mst interface port1 0 4 Output Figure 16 11 Example output from show spanning tree mst interfa...

Страница 504: ...ort e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward...

Страница 505: ...o point Current shared Instance 2 Vlans 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 Id 8...

Страница 506: ...display BPDU statistics for all spanning tree instances and all switch ports associated with all spanning tree instances use the command awplus show spanning tree statistics Output Figure 16 13 Exampl...

Страница 507: ...llo timer INACTIVE Hello Time Value 0 Forward Delay Timer INACTIVE Forward Delay Timer Value 0 Message Age Timer INACTIVE Message Age Timer Value 0 Topology Change Timer INACTIVE Topology Change Timer...

Страница 508: ...spanning tree statistics instance instance id Mode Privileged Exec Example To display BPDU statistics information for MST instance 2 and all switch ports associated with that MST instance use the comm...

Страница 509: ...ormation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree statistics instance instance id interfac...

Страница 510: ...d for Instance 1 INST_PORT port1 0 2 Information Statistics Config Bpdu s xmitted port inst 0 0 Config Bpdu s received port inst 0 0 TCN Bpdu s xmitted port inst 0 0 TCN Bpdu s received port inst 0 0...

Страница 511: ...about each MST instance for port1 0 2 use the command awplus show spanning tree statistics interface port1 0 2 Output Figure 16 16 Example output from show spanning tree statistics interface Parameter...

Страница 512: ...0 Message Age Timer INACTIVE Message Age Timer Value 0 Topology Change Timer INACTIVE Topology Change Timer Value 0 Hold Timer INACTIVE Hold Timer Value 0 Other Port Specific Info Max Age Transitions...

Страница 513: ...them including the VLAN range index value for the device Syntax show spanning tree vlan range index Mode Privileged Exec Example To display information about MST instances and the VLANs associated wi...

Страница 514: ...an edge port If it does not receive any BPDUs in the first three seconds after linkup enabling or entering RSTP or MSTP mode it sets itself to be an edgeport and enters the forwarding state Use this...

Страница 515: ...roprietary STP protocols with unsupported BPDUs by forwarding BDPU Bridge Protocol Data Unit frames unchanged through the switch You must disable RSTP with the no spanning tree rstp enable command bef...

Страница 516: ...untagged frames in Global Configuration mode with STP disabled which forwards any ingress STP BPDU frames to all ports that are untagged members of the ingress port s native VLAN enter the commands a...

Страница 517: ...the switched LAN running the AlliedWare Plus Operating System must have Cisco interoperability enabled When the AlliedWare Plus Operating System is interoperating with Cisco the only criteria used to...

Страница 518: ...utput of some show commands Use the no variant of this command to set a port to its default state not an edge port Syntax spanning tree edgeport no spanning tree edgeport Default Not an edge port Mode...

Страница 519: ...the spanning tree mode is set to RSTP To change the mode see spanning tree mode command Examples To enable STP in Global Configuration mode enter the below commands awplus configure terminal awplus c...

Страница 520: ...s Operating System Version 5 4 7 0 x SPANNING TREE COMMANDS SPANNING TREE ENABLE To disable RSTP in Global Configuration mode enter the below commands awplus configure terminal awplus config no spanni...

Страница 521: ...tree errdisable timeout enable no spanning tree errdisable timeout enable Default By default the errdisable timeout is disabled Mode Global Configuration Usage The BPDU guard feature shuts down the p...

Страница 522: ...by the BPDU guard feature Use this command for RSTP or MSTP Syntax spanning tree errdisable timeout interval 10 1000000 no spanning tree errdisable timeout interval Default By default the port is re e...

Страница 523: ...Mode Interface Configuration mode for a switch port interface only Examples Set the value to enforce the spanning tree protocol STP awplus configure terminal awplus config interface port1 0 2 awplus c...

Страница 524: ...ing to learning and from learning to forwarding This value is used only when the device is acting as the root bridge Devices not acting asthe RootBridgeuse adynamic valuefor the forwarddelayset by the...

Страница 525: ...use this command for RSTP STP or MSTP Use the no variant of this command to disable the root guard feature for the port Syntax spanning tree guard root no spanning tree guard root Mode Interface Confi...

Страница 526: ...o restore the default of the hello time Syntax spanning tree hello time hello time no spanning tree hello time Default Default is 2 seconds Mode Global Configuration and Interface Configuration for sw...

Страница 527: ...variant of this command to return the port to the default link type Syntax spanning tree link type point to point shared no spanning tree link type Default The default link type is point to point Mode...

Страница 528: ...efault of spanning tree max age is 20 seconds Mode Global Configuration Usage Max age is the maximum time in seconds for which a message is considered valid Configure this value sufficiently high so t...

Страница 529: ...tax spanning tree max hops hop count no spanning tree max hops hop count Default The default max hops in a MST region is 20 Mode Global Configuration Usage Specifying the max hops for a BPDU prevents...

Страница 530: ...panning tree protocol mode on the device is RSTP Mode Global Configuration Usage With no configuration the device will have spanning tree enabled and the spanning tree mode will be set to RSTP Use thi...

Страница 531: ...nfiguration Overview Use this command to enter the MST Configuration mode to configure the Multiple Spanning Tree Protocol Syntax spanning tree mst configuration Mode Global Configuration Examples The...

Страница 532: ...ation mode for a switch port or channel group Usage You can disable automatic configuration of member ports of a VLAN to an associated MSTI by using a no spanning tree mst instance command to remove t...

Страница 533: ...rom the IEEE 802 1q 2003 standard Mode Interface Configuration mode for a switch port interface only Usage Before you can use this command to set a path cost in a VLAN configuration you must explicitl...

Страница 534: ...eturn the path cost to its default value on instance 3 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no spanning tree mst instance 3 path cost Related C...

Страница 535: ...MSTI The port with the lowest value has the highest priority so it will be chosen as root port over a port that is equivalent in all other aspects but with a higher priority value Examples To set the...

Страница 536: ...nce instance id restricted role Default The restricted role for an MSTI instance on a switch port is disabled by default Mode Interface Configuration mode for a switch port interface only Usage The ro...

Страница 537: ...erating System Version 5 4 7 0 x SPANNING TREE COMMANDS SPANNING TREE MST INSTANCE RESTRICTED ROLE Related Commands instance vlan MSTP spanning tree priority port priority spanning tree mst instance s...

Страница 538: ...e instance id restricted tcn no spanning tree mst instance instance id restricted tcn Default Disabled By default switch ports propagate TCNs Mode Interface Configuration mode for a switch port interf...

Страница 539: ...to the port s path cost for the CIST Syntax spanning tree path cost pathcost no spanning tree path cost Default The default path cost values and the range of recommended path cost values depend on the...

Страница 540: ...ax spanning tree portfast no spanning tree portfast Default Not an edge port Mode Interface Configuration mode for a switch port interface only Usage Portfast makes a port move from a blocking state t...

Страница 541: ...7 0 x SPANNING TREE COMMANDS SPANNING TREE PORTFAST STP Example awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast Related Commands spanning tree edgep...

Страница 542: ...ter Default BPDU Filter is not enabled on any ports by default Mode Global Configuration and Interface Configuration Usage This command filters the BPDUs and passes only data to continue to act as an...

Страница 543: ...TFAST BPDU FILTER To enable STP BPDU filtering in Interface Configuration mode enter the commands awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast bp...

Страница 544: ...s by default Mode Global Configuration or Interface Configuration Usage This command blocks the port s to all devices and data when enabled BPDU Guard is a port security feature that changes how a por...

Страница 545: ...ently running values of bpdu guard Example To enable STP BPDU guard in Global Configuration mode enter the below commands awplus configure terminal awplus config spanning tree portfast bpdu guard To e...

Страница 546: ...n MSTP mode is configured this will apply to the CIST Use the no variant of this command to reset it to the default Syntax spanning tree priority priority no spanning tree priority Default The default...

Страница 547: ...to the default Syntax spanning tree priority priority no spanning tree priority Default The default priority is 128 Mode Interface Configuration mode for a switch port interface only Usage To force a...

Страница 548: ...for a switch port interface only to restrict the port from becoming a root port Use the no variant of this command to disable the restricted role functionality Syntax spanning tree restricted role no...

Страница 549: ...idge Protocol Data Units from being sent on a port If this command is enabled after a topology change a bridge is prevented from sending a TCN to its designated bridge Use the no variant of this comma...

Страница 550: ...Overview Use this command to set the maximum number of BPDU transmissions that are held back Use the no variant of this command to restore the default transmit hold count value Syntax spanning tree tr...

Страница 551: ...nd Reference for GS970M Series 551 AlliedWare Plus Operating System Version 5 4 7 0 x SPANNING TREE COMMANDS UNDEBUG MSTP undebug mstp Overview This command applies the functionality of the no debug m...

Страница 552: ...ows across the links as evenly as possible Link aggregation hashes one or more of the source and destination MAC address IP address and UDP TCP ports to select a link on which to send a packet So pack...

Страница 553: ...orm load balancing on page 563 show debugging lacp on page 564 show diagnostic channel group on page 565 show etherchannel on page 567 show etherchannel detail on page 568 show etherchannel summary on...

Страница 554: ...same port speed and be in full duplex mode Once the LACP channel group has been created it is treated as a device port and can be referred to in most other commands that apply to device ports To refe...

Страница 555: ...face port1 0 6 awplus config if channel group 2 mode active To remove device port1 0 6 from any created LACP channel groups use the command below awplus configure terminal awplus config interface port...

Страница 556: ...GREGATION COMMANDS CLEAR LACP COUNTERS clear lacp counters Overview Use this command to clear all counters of all present LACP aggregators channel groups or a given LACP aggregator Syntax clear lacp 1...

Страница 557: ...g lacp all Related Commands show debugging lacp undebug lacp Parameter Description all Turn on all debugging for LACP cli Specifies debugging for CLI messages Echoes commands to the console event Spec...

Страница 558: ...e Global Configuration Usage Do not mix LACP configurations manual and dynamic When LACP global passive mode is turned on by using the lacp global passive mode enable command we do not recommend using...

Страница 559: ...aggregation based on their priority with the higher priority numerically lower ports selected first Use the no variant of this command to reset the priority of port to the default Syntax lacp port pri...

Страница 560: ...ning the system responsible for resolving conflicts in the choice of aggregation groups Use the no variant of this command to reset the system priority of the local system to the default Syntax lacp s...

Страница 561: ...ation if no updates are seen for 3 seconds i e 3 consecutive updates are lost The device indicates its preference by means of the Timeout field in the Actor section of its LACPDUs If the Timeout field...

Страница 562: ...lliedWare Plus Operating System Version 5 4 7 0 x LINK AGGREGATION COMMANDS LACP TIMEOUT The following commands set the LACP short timeout for 1 second on port1 0 2 awplus configure terminal awplus co...

Страница 563: ...load balancing Default The default is src dst ip Mode Global configuration Examples To set the load balancing algorithm to include only Layer 2 MAC addresses enter awplus configure terminal awplus co...

Страница 564: ...ommand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging lacp Mode User Exec and Privileged Exec Example awplus show debugging lacp Out...

Страница 565: ...annel group Mode User Exec and Privileged Exec Example awplus show diagnostic channel group Output Figure 17 2 Example output from the show diagnostic channel group command awplus show diagnostic chan...

Страница 566: ...7 0 x LINK AGGREGATION COMMANDS SHOW DIAGNOSTIC CHANNEL GROUP Related Commands show tech support Channel Group Info based on HW Note Pos position in hardware table Only entries from first device are...

Страница 567: ...ration Guide which is available on our website at alliedtelesis com Syntax show etherchannel 1 32 Mode User Exec and Privileged Exec Example awplus show etherchannel Output Figure 17 3 Example output...

Страница 568: ...Exec and Privileged Exec Example awplus show etherchannel detail Output Example output from show etherchannel detail awplus show etherchannel detail Aggregator po1 IfIndex 4601 Mac address 00 00 cd 3...

Страница 569: ...the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show etherchannel summary Mode User Exec and Privileged...

Страница 570: ...ACP system ID and priority For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our websit...

Страница 571: ...rmation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show...

Страница 572: ...etherchannel Parameter Description port Name of the device port to display LACP information about awplus show port etherchannel port1 0 2 LACP link info port1 0 2 7007 Link port1 0 2 IfIndex 7007 Agg...

Страница 573: ...miting command is set to vlan disable the output will also show the VLANs on which thrashing is detected For information on filtering and saving command output see the Getting Started with AlliedWare...

Страница 574: ...to be removed the static channel group is deleted All the ports in a channel group must have the same VLAN configuration they must belong to the same VLANs and have the same tagging status and can on...

Страница 575: ...the commands awplus configure terminal awplus config interface sa2 awplus config if To make it possible to use QoS Storm Protection on static channel group 2 on port1 0 6 with an ACL named test acl u...

Страница 576: ...Command Reference for GS970M Series 576 AlliedWare Plus Operating System Version 5 4 7 0 x LINK AGGREGATION COMMANDS UNDEBUG LACP undebug lacp Overview This command applies the functionality of the no...

Страница 577: ...the PoE Feature Overview and Configuration_Guide the Support for Allied Telesis Enterprise_MIBs_in AlliedWare Plus for information about which PoE MIB objects are supported theSNMPFeatureOverviewand C...

Страница 578: ...re Plus Operating System Version 5 4 7 0 x POWER OVER ETHERNET COMMANDS show debugging power inline on page 591 show power inline on page 592 show power inline counters on page 595 show power inline i...

Страница 579: ...621 Syntax clear power inline counters interface port list Mode Privileged Exec Usage The PoE counters are displayed with the show power inline counters command Examples To clear the PoE counters for...

Страница 580: ...f PoE event and info debug messages on the console use the following commands awplus terminal monitor awplus debug power inline event info To enable PoE debugging and start the display of all PoE debu...

Страница 581: ...01 Rev C Command Reference for GS970M Series 581 AlliedWare Plus Operating System Version 5 4 7 0 x POWER OVER ETHERNET COMMANDS DEBUG POWER INLINE Related Commands show debugging power inline termin...

Страница 582: ...of pre IEEE 802 3af Power Ethernet standard legacy Powered Devices PDs Syntax power inline allow legacy no power inline allow legacy Default Detection of legacy PDs is enabled on all ports Mode Global...

Страница 583: ...a list of PoE ports or a range of PoE ports with the preceding interface to configure command If you specify a range or list of ports they must all be PoE capable ports Examples To add the description...

Страница 584: ...sabled Syntax power inline enable no power inline enable Default PoE is enabled by default on all ports Mode Interface Configuration for one or more ports Usage No PoE log messages are generated for p...

Страница 585: ...o variant of this command sets the maximum power supplied to a PoE port to the default which is set to the maximum power limit for the class of the connected Powered Device PD Syntax power inline max...

Страница 586: ...e at the PD Examples To set the maximum power supplied to ports in the range port1 0 1 to port1 0 4 to 6450mW per port use the following commands awplus configure terminal awplus config interface port...

Страница 587: ...priorities for two PoE ports are the same then the lower numbered PoE port is given power before the higher numbered PoE port See the PoE Feature Overview and Configuration Guide for further informati...

Страница 588: ...E PRIORITY To reset the priority level to the default of low on port1 0 1 to port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 1 port1 0 4 awplus config if...

Страница 589: ...er usage threshold is 80 of the nominal power rating Mode Global Configuration Usage Use the snmp server enable trap command to configure SNMP notification An SNMP notification is sent when the usage...

Страница 590: ...for all PoE ports Syntax service power inline no service power inline Default PoE functionality is enabled by default Mode Global Configuration Examples To disable PoE use the following commands awpl...

Страница 591: ...ging power inline Mode User Exec and Privileged Exec Example To display PoE debug settings use the following command awplus show debugging power inline Output Figure 18 1 Example output from the show...

Страница 592: ...370W Power Allocated 246W Actual Power Consumption 151W Operational Status On Power Usage Threshold 80 296W PoE Interface Interface Admin Pri Oper Power Device Class Max mW port1 0 1 Enabled Low Power...

Страница 593: ...er inline priority command Low is the lowest priority this is the default High is the second highest priority Crit critical is the highest priority If the switch cannot supply all ports it will supply...

Страница 594: ...cription is shown for PDs not configured with the power inline description command Class The class of the connected PD if power is being supplied to the PD Max mW The power in milliwatts mW allocated...

Страница 595: ...d Configuration Guide Syntax show power inline counters port list Mode User Exec and Privileged Exec Examples To display all PoE event counters for all PoE ports use the command awplus show power inli...

Страница 596: ...signal has been lost The PoE MPS signal is lost when a PD is disconnected from the PSE Also increments pethPsePortMPSAbsentCounter in the PoE MIB Overload The number of instances when a PD exceeds its...

Страница 597: ...ific information for the port range1 0 1 to 1 0 4 use the following command awplus show power inline interface port1 0 1 port1 0 4 Output Figure 18 4 Example output from the show power inline interfac...

Страница 598: ...e not connected to a PD Disabled displays if the PoE port is administratively disabled Syncing displays if PoE is still initializing the port when you issue the command Fault displays if there is a pr...

Страница 599: ...E port specific information for the port range 1 0 1 to 1 0 3 use the command awplus show power inline interface port1 0 1 1 0 3 detail Output Figure 18 5 Example output from the show power inline int...

Страница 600: ...from the PSE Denied displays when supplying power would make the PSE go over the power budget Disabled displays when the PoE port is administratively disabled Off displays when PoE has been disabled...

Страница 601: ...Command Reference for GS970M Series 601 AlliedWare Plus Operating System Version 5 4 7 0 x POWER OVER ETHERNET COMMANDS SHOW POWER INLINE INTERFACE DETAIL Related Commands show power inline show powe...

Страница 602: ...C613 50163 01 Rev C Command Reference for GS970M Series 602 AlliedWare Plus Operating System Version 5 4 7 0 x Part 3 Layer 3 Switching...

Страница 603: ...view and Configuration Guide Command List arp aging timeout on page 605 arp mac disparity on page 606 arp IP address MAC on page 609 arp log on page 610 arp opportunistic nd on page 613 arp reply bc d...

Страница 604: ...ev C Command Reference for GS970M Series 604 AlliedWare Plus Operating System Version 5 4 7 0 x IP ADDRESSING AND PROTOCOL COMMANDS tcpdump on page 636 traceroute on page 637 undebug ip packet interfa...

Страница 605: ...oes not fill with entries for hosts that are no longer active Static ARP entries are not aged or automatically deleted By default the time limit for dynamic ARP entries is 300 seconds on all interface...

Страница 606: ...the disparate ARP has a multicast MAC address in the ARP reply the switch drops the ARP reply and does not learn any associated addresses If the disparate ARP has a unicast MAC address in the ARP repl...

Страница 607: ...a disparate ARP response an ARP entry is created for the IP MAC in the content of the ARP packet The difference with the arp mac disparity multicast igmp command is that the egress port is set to the...

Страница 608: ...IP ADDRESSING AND PROTOCOL COMMANDS ARP MAC DISPARITY To disable support for MS NLB in unicast mode on interface vlan2 use the following commands awplus configure terminal awplus config interface vla...

Страница 609: ...mac address port number alias no arp ip addr Mode Global Configuration Examples To add the IP address 10 10 10 9 with the MAC address 0010 2533 4655 into the ARP cache and have your device respond to...

Страница 610: ...ve the option to change how the MAC address is displayed in the ARP log message The output can either use the notation HHHH HHHH HHHH or HH HH HH HH HH HH Enter arp log to use HHHH HHHH HHHH notation...

Страница 611: ...wplus configure terminal awplus config arp log awplus config exit awplus show log include ARP_LOG 2016 Oct 6 06 21 01 user notice awplus HSL 1007 ARP_LOG port1 0 1 vlan1 add 0013 4078 3b98 192 168 2 4...

Страница 612: ...w log include ARP_LOG Parameter Description ARP_LOG Indicates that ARP log entry information follows port number Indicates device port number for the ARP log entry vid Indicates the VLAN ID for the AR...

Страница 613: ...guration Usage When opportunistic neighbor discovery is enabled the device will reply to any received unsolicited ARP packets but not gratuitous ARP packets The source MAC address for the unsolicited...

Страница 614: ...onses that contain a broadcast destination MAC Use the no variant of this command to turn off processing of ARP replies that arrive with a broadcast destination MAC Syntax arp reply bc dmac no arp rep...

Страница 615: ...ip address Mode Privileged Exec Usage To display the entries in the ARP cache use the show arp command To remove static ARP entries use the no variant of the arp IP address MAC command Example To clea...

Страница 616: ...rface to show debugging for either all interfaces or a single interface all Specify all Layer 3 interfaces on the device ip address Specify an IPv4 address If this keyword is specified then only packe...

Страница 617: ...s on the device use the command awplus debug ip packet interface all To turn on TCP packet debugging on vlan1 and IP address 192 168 2 4 use the command awplus debug ip packet interface vlan1 address...

Страница 618: ...configure a primary address on the interface before configuring a secondary address NOTE Use show running config interface not show ip interface brief when you need to view a secondary address configu...

Страница 619: ...COL COMMANDS IP ADDRESS IP ADDRESSING AND PROTOCOL To add the IP address 10 10 11 50 24 to the local loopback interface lo use the following commands awplus configure terminal awplus config interface...

Страница 620: ...Default The default Gratuitous ARP time limit for all switchports is 8 seconds Mode Global Configuration Usage Every switchport will send a sequence of 3 Gratuitous ARP packets to each VLAN that the s...

Страница 621: ...ng System Version 5 4 7 0 x IP ADDRESSING AND PROTOCOL COMMANDS IP GRATUITOUS ARP LINK To restrict the sending of Gratuitous ARP packets to one every 20 seconds use the commands awplus configure termi...

Страница 622: ...ce Usage ICMP redirect messages are used to notify hosts that a better route is available to a destination ICMP redirects are used when a packet is routed into the device on the same interface that th...

Страница 623: ...se these messages to obtain information regarding the topology of a network Disabling destination unreachable messages using the no ip unreachables command secures your network against this type of pr...

Страница 624: ...e destination unreachable messages use the commands awplus configure terminal awplus config no ip unreachables To enable destination unreachable messages use the commands awplus configure terminal awp...

Страница 625: ...it in the IP header interval 0 128 Specify the time interval in seconds between sending ping packets The default is 1 You can use decimal places to specify fractions of a second For example to ping ev...

Страница 626: ...ser Exec and Privileged Exec Usage Running this command with no additional parameters will display all entries in the ARP routing and forwarding table Example To display all ARP entries in the ARP cac...

Страница 627: ...how arp command Parameter Meaning IP Address IP address of the network device this entry maps to MAC Address Hardware address of the network device Interface Interface over which the network device is...

Страница 628: ...lay theIP interface debugging statuswhen theterminal monitoroff use the command awplus terminal no monitor awplus show debug ip packet Output Figure 19 4 Example output from the show debugging ip pack...

Страница 629: ...v C Command Reference for GS970M Series 629 AlliedWare Plus Operating System Version 5 4 7 0 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW DEBUGGING IP PACKET Related Commands debug ip packet interface t...

Страница 630: ...rmation for the assigned IP address for interface port1 0 2 use the command awplus show ip interface port1 0 2 brief To show the IP addresses assigned to vlan2 and vlan3 use the command awplus show ip...

Страница 631: ...verify that the socket being used is opening correctly If there is a local and remote endpoint a connection is established with the ports indicated Note that this command does not display sockets tha...

Страница 632: ...his column are tcp IP Protocol 6 udp IP Protocol 17 raw Indicates that socket is for a non port orientated protocol i e a protocol other than TCP or UDP where all packets of a specified IP protocol ty...

Страница 633: ...socket any source port will be accepted This is indicated by For active TCP sessions the IP address will display the remote address and port the session was established with For raw sockets the entry...

Страница 634: ...ode Privileged Exec Example To display IP traffic statistics use the command awplus show ip traffic Output Figure 19 8 Example output from the show ip traffic command IP 261998 packets received 261998...

Страница 635: ...s 635 AlliedWare Plus Operating System Version 5 4 7 0 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW IP TRAFFIC 155 delayed acks sent 21187 headers predicted 736 pure ACKs 80497 pure ACKs predicted UDP 1...

Страница 636: ...ump Syntax tcpdump line Mode Privileged Exec Example To start a tcpdump running to capture IP packets enter the command awplus tcpdump ip Output Figure 19 9 Example output from the tcpdump command Rel...

Страница 637: ...MMANDS TRACEROUTE traceroute Overview Use this command to trace the route to the specified IPv4 host Syntax traceroute ip addr hostname Mode User Exec and Privileged Exec Example awplus traceroute 10...

Страница 638: ...M Series 638 AlliedWare Plus Operating System Version 5 4 7 0 x IP ADDRESSING AND PROTOCOL COMMANDS UNDEBUG IP PACKET INTERFACE undebug ip packet interface Overview This command applies the functional...

Страница 639: ...to configure the Domain Name Service DNS client For more information about DNS for Switches see the Domain Name System DNS for AlliedWare Plus Switches Feature Overview and Configuration Guide Command...

Страница 640: ...d deletes a domain from the list Syntax ip domain list domain name no ip domain list domain name Mode Global Configuration Usage If there are no domains in the DNS list then your device uses the domai...

Страница 641: ...and disables the DNS client The client will not attempt to resolve domain names You must use IP addresses to specify hosts in commands Syntax ip domain lookup no ip domain lookup Mode Global Configura...

Страница 642: ...ame Mode Global Configuration Usage If there are no domains in the DNS list created using the ip domain list command then your device uses the domain specified with this command If any domain exists i...

Страница 643: ...a DNS name server to forward requests to Name servers can be learned through the following means Manual configuration using the ip name server command Learned from DHCP server with Option 6 This comma...

Страница 644: ...nd output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show hosts Mode User Exec and Privileged Exec Example To display the default domain use the comma...

Страница 645: ...s when sending a DNS inquiry to a DNS server For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip...

Страница 646: ...ncomplete hostnames when sending a DNS inquiry to a DNS server For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Gu...

Страница 647: ...the ip name server command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip name server Mode...

Страница 648: ...ess on page 651 ipv6 address autoconfig on page 653 ipv6 enable on page 655 ipv6 eui64 linklocal on page 657 ipv6 forwarding on page 658 ipv6 multicast forward slow path packet on page 659 ipv6 nd acc...

Страница 649: ...and Reference for GS970M Series 649 AlliedWare Plus Operating System Version 5 4 7 0 x IPV6 COMMANDS show ipv6 neighbors on page 673 show ipv6 route on page 674 show ipv6 route summary on page 676 tra...

Страница 650: ...AlliedWare Plus Operating System Version 5 4 7 0 x IPV6 COMMANDS CLEAR IPV6 NEIGHBORS clear ipv6 neighbors Overview Use this command to clear all dynamic IPv6 neighbor entries Syntax clear ipv6 neighb...

Страница 651: ...ge Note that link local addresses are retained in the system until they are negated by using the no variant of the command that established them See the ipv6 enable command for more information Also n...

Страница 652: ...for GS970M Series 652 AlliedWare Plus Operating System Version 5 4 7 0 x IPV6 COMMANDS IPV6 ADDRESS Related Commands ipv6 address autoconfig ipv6 enable ipv6 eui64 linklocal show running config show...

Страница 653: ...scovery messages Configured routers respond with a Router Advertisement RA containing configuration parameters for IPv6 hosts The SLAAC process derives the interface identifier of the IPv6 address fro...

Страница 654: ...d Reference for GS970M Series 654 AlliedWare Plus Operating System Version 5 4 7 0 x IPV6 COMMANDS IPV6 ADDRESS AUTOCONFIG Related Commands ipv6 address ipv6 enable show ipv6 interface brief show ipv6...

Страница 655: ...ion Routing does not forward packets with link local addresses IPv6 requires that a link local address is assigned to each interface that has the IPv6 protocol enabled and when addresses are assigned...

Страница 656: ...d Reference for GS970M Series 656 AlliedWare Plus Operating System Version 5 4 7 0 x IPV6 COMMANDS IPV6 ENABLE Related Commands ipv6 address ipv6 address autoconfig show ipv6 interface brief show ipv6...

Страница 657: ...ocal address on an IPv6 enabled interface Syntax ipv6 eui64 linklocal no ipv6 eui64 linklocal Default The command ipv6 eui64 linklocal is enabled by default on any IPv6 enabled interface Mode Interfac...

Страница 658: ...g globally for all interface on your device with this command Use the no variant of this command to disable IPv6 unicast forwarding globally for all interfaces on your device IPv6 unicast forwarding a...

Страница 659: ...he smallest MTU among the outgoing interfaces for the multicast group It will also ensure that a received packet that is larger than the MTU value will result in the generation of an ICMP Too Big mess...

Страница 660: ...led on an interface SLAAC is also enabled SLAAC addressing along with the EUI 64 process uses the prefix information included in a received RA to generate an automatic link local address on the IPv6 i...

Страница 661: ...t The RA interval for a VLAN interface is unset by default Mode Interface Configuration for a VLAN interface Examples To set the minimum RA interval for the VLAN interface vlan2 use the following comm...

Страница 662: ...Interface Configuration for a VLAN interface Usage Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command as shown in the example below Example To set the...

Страница 663: ...rd blocks RAs from untrusted hosts Blocking RAs stops untrusted hosts from flooding malicious RAs and stops any misconfigured hosts from disrupting traffic on the local network Enabling RA Guard on a...

Страница 664: ...dWare Plus Operating System Version 5 4 7 0 x IPV6 COMMANDS IPV6 ND RAGUARD Output Exampleoutputfromusing showrunning configinterfaceport1 0 2toverify RA Guard Related Commands show running config int...

Страница 665: ...uto configuration Use no parameter with this command to enable Router Advertisement transmission Syntax ipv6 nd suppress ra no ipv6 nd suppress ra Default Router Advertisement RA transmission is suppr...

Страница 666: ...r a specific IPv6 neighbor entry To clear all dynamic address entries use the clear ipv6 neighbors command Example To create a static neighbor entry for IPv6 address 2001 0db8 a2 on vlan 4 MAC address...

Страница 667: ...nfiguration Usage When opportunistic neighbor discovery is enabled the device will reply to any received unsolicited ICMPv6 ND packets The source MAC address for the unsolicited ICMPv6 ND packet is ad...

Страница 668: ...ateway ip gateway name distvalue Mode Global Configuration Usage Administrative distance can be modified so static routes do not take priority over other routes Example awplus configure terminal awplu...

Страница 669: ...ges to obtain information regarding the topology of a network Disabling destination unreachable messages using the no ipv6 unreachables command secures your network against this type of probing NOTE D...

Страница 670: ...The number of data bytes to send excluding the 8 byte ICMP header The default is 56 64 ICMP data bytes interface interface list The interface or range of configured IP interfaces to use as the source...

Страница 671: ...IPV6 COMMANDS SHOW IPV6 FORWARDING show ipv6 forwarding Overview Use this command to display IPv6 forwarding status Syntax show ipv6 forwarding Mode User Exec and Privileged Exec Example awplus show...

Страница 672: ...arted with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 interface brief Mode User Exec and Privileged Exec Examples awplus show ipv6 interface brief Output Figure 21 2 Exa...

Страница 673: ...PV6 COMMANDS SHOW IPV6 NEIGHBORS show ipv6 neighbors Overview Use this command to display all IPv6 neighbors For information on filtering and saving command output see the Getting Started with AlliedW...

Страница 674: ...tion connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing information extracted from the database static Displays only the IPv6 static routes yo...

Страница 675: ...e entries for an IP route use the following command awplus show ipv6 route database Output Figure 21 4 Example output of the show ipv6 route database command IPv6 Routing Table Codes C connected S sta...

Страница 676: ...see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the fol...

Страница 677: ...route to the specified IPv6 host Syntax traceroute ipv6 ipv6 addr hostname Mode User Exec and Privileged Exec Example To run a traceroute for the IPv6 address 2001 0db8 a2 use the following command aw...

Страница 678: ...mmands that are common across the routing IP protocols For more information see the Route Selection Feature Overview and Configuration Guide Command List ip route on page 679 ipv6 route on page 681 ma...

Страница 679: ...over other routes Examples To add the destination 192 168 3 0 with the mask 255 255 255 0 as a static route available through the device at 10 10 0 2 with the default administrative distance use the...

Страница 680: ...th the default administrative distance use the commands awplus configure terminal awplus config no ip route 192 168 3 0 255 255 255 0 10 10 0 2 To add the destination 192 168 3 0 with the mask 255 255...

Страница 681: ...gateway ip gateway name distvalue Mode Global Configuration Usage Administrative distance can be modified so static routes do not take priority over other routes Example awplus configure terminal awp...

Страница 682: ...mmands awplus config terminal awplus config max fib routes 2000 75 Parameter Description max fib routes This is the maximum number of routes that can be stored in the device s Forwarding Information d...

Страница 683: ...maximum number of static routes to the default of 1000 static routes Syntax max static routes 1 1000 no max static routes Default The default number of static routes is the maximum number of static ro...

Страница 684: ...e FIB use the command awplus show ip route static Output Eachentry inthe outputfromthiscommandhasa codepreceding it indicating the source of the routing entry The first few lines of the output list th...

Страница 685: ...routes are marked as Connected routes C and always preferred over routes for the same network learned from other routing protocols Related Commands ip route show ip route database Codes C connected S...

Страница 686: ...ged Exec Example To display the static routes in the RIB use the command awplus show ip route database static Output Figure 22 2 Example output from the show ip route database command Related Commands...

Страница 687: ...utput modifiertoken to save the output to a file use the output redirection token Syntax show ip route summary Mode User Exec and Privileged Exec Example To display a summary of the current RIB entrie...

Страница 688: ...ption connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing information extracted from the database static Displays only the IPv6 static routes y...

Страница 689: ...ase entries for an IP route use the following command awplus show ipv6 route database Output Figure 22 5 Example output of the show ipv6 route database command IPv6 Routing Table Codes C connected S s...

Страница 690: ...t see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the fo...

Страница 691: ...behavior on page 695 cisco metric behavior RIP on page 697 clear ip rip route on page 698 debug rip on page 699 default information originate RIP on page 700 default metric RIP on page 701 distance RI...

Страница 692: ...offset list RIP on page 726 passive interface RIP on page 727 recv buffer size RIP on page 728 redistribute RIP on page 729 restart rip graceful on page 730 rip restart grace period on page 731 route...

Страница 693: ...s configure terminal awplus config key chain mychain awplus config keychain key 1 awplus config keychain key accept lifetime 03 03 01 Sep 3 2016 04 04 02 Oct 6 2016 Parameter Description start date Sp...

Страница 694: ...g System Version 5 4 7 0 x RIP COMMANDS ACCEPT LIFETIME or awplus configure terminal awplus config key chain mychain awplus config keychain key 1 awplus config keychain key accept lifetime 03 03 01 3...

Страница 695: ...RIP being advertised does not match the subnetting used on the outgoing RIPv1 interface it will be filtered The alliedware behavior command returns your router s RIPv1 behavior to the AlliedWare form...

Страница 696: ...evice to AlliedWare Plus like behavior when sending and receiving RIPv1 update messages enter the commands awplus configure terminal awplus config router rip awplus config router no alliedware behavio...

Страница 697: ...behavior enable disable no cisco metric behavior Default By default the Cisco metric behavior is disabled Mode Router Configuration Examples To enable the routing metric update to behave as per the Ci...

Страница 698: ...ip rip route 10 0 0 0 8 Parameter Description ip dest network prefix length Removes entries which exactly match this destination address from RIP routing table Enter the IP address and prefix length o...

Страница 699: ...Mode Privileged Exec and Global Configuration Example The following example displays information about the RIP packets that are received and sent out from the device awplus debug rip packet Related C...

Страница 700: ...are being redistributed the RIP protocol will advertise this default route irrespective of whether the default information originate command has been configured or not However if the router has not re...

Страница 701: ...o 1 Mode RIP Router Configuration Usage This command is used with the redistribute RIP command to make the routing protocol use the specified metric value for all redistributed routes regardless of th...

Страница 702: ...ip addr prefix length access list Mode RIP Router Configuration Examples To set the administrative distance to 8 for the RIP routes within the 10 0 0 0 8 network that match the access list mylist use...

Страница 703: ...ates using access list or prefix list If you do not specify the name of the interface the filter will be applied to all interfaces Examples In this example the following commands are used to apply an...

Страница 704: ...lupdate is configured the device advertises the full RIP route table in outgoing triggered updates including routes that have not changed This enables faster convergence times or allows inter operatio...

Страница 705: ...ication Use the ip rip authentication key chain command for multiple keys authentication See the RIP Feature Overview and Configuration Guide for illustrated RIP configuration examples For multiple ke...

Страница 706: ...s config keychain key key string toyota awplus config keychain key accept lifetime 10 00 00 Oct 08 2016 duration 43200 awplus config keychain key send lifetime 10 00 00 Oct 08 2016 duration 43200 awpl...

Страница 707: ...single key authentication Use the ip rip authentication key chain command for multiple keys authentication See the RIP Feature Overview and Configuration Guide for illustrated RIP configuration examp...

Страница 708: ...on for the given interface text or MD5 using the following commands awplus config if ip rip authentication mode md5 text Example 1 In the following example of a configuration for multiple keys authent...

Страница 709: ...e 3 The following example specifies mykey as the authentication string with MD5 authentication for the VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ip...

Страница 710: ...RIP Feature Overview and Configuration Guide Use the following steps to configure a route to enable RIPv2 authentication using a single key or password 1 Define the authentication string or password...

Страница 711: ...e following example the VLAN interface vlan2 is configured to have an authentication string as guest Any received RIP packet in that interface should have the same string as password awplus configure...

Страница 712: ...eption of RIP packets Use the no variant of this command to disable this feature Syntax ip rip receive packet no ip rip receive packet Default Receive packet is enabled Mode Interface Configuration fo...

Страница 713: ...ific VLAN interface and overrides any the version specified by the version RIP command RIP can be run in version 1 or version 2 mode Version 2 has more features than version 1 in particular RIP versio...

Страница 714: ...he current interface Use the no variant of this command to disable this feature Syntax ip rip send packet no ip rip send packet Default Send packet is enabled Mode Interface Configuration for a VLAN i...

Страница 715: ...more features than version 1 in particular RIP version 2 supports authentication and classless routing Once the RIP version is set RIP packets of that version will be received and sent on all the RIP...

Страница 716: ...d to send RIP version 1 packets only awplus configure terminal awplus config interface vlan4 awplus config if ip rip send version 1 In the following example the VLAN interface vlan4 is configured to s...

Страница 717: ...he version RIP command RIP can be run in version 1 compatible mode Version 2 has more features than version 1 in particular RIP version 2 supports authentication and classless routing Once the RIP ver...

Страница 718: ...3 50163 01 Rev C Command Reference for GS970M Series 718 AlliedWare Plus Operating System Version 5 4 7 0 x RIP COMMANDS IP RIP SEND VERSION 1 COMPATIBLE Related Commands ip rip send version version R...

Страница 719: ...luding routes in updates sent to the same gateway from which they were learned Without the poisoned parameter using this command causes routes learned from a neighbor to be omitted from updates sent t...

Страница 720: ...no key keyid Mode Keychain Configuration Usage This command allows you to enter the keychain key mode where a password can be set for the key Example The following example configures a key number 1 an...

Страница 721: ...eys Syntax key chain key chain name no key chain key chain name Mode Global Configuration Usage This command allows you to enter the keychain mode from which you can specify keys on this key chain Exa...

Страница 722: ...amples In the following example the password for key1 in the key chain named mychain is set to password prime awplus configure terminal awplus config key chain mychain awplus config keychain key 1 awp...

Страница 723: ...limiting of the number of RIP routes stored in the routing table Syntax maximum prefix maxprefix threshold no maximum prefix Mode Router Configuration Example To configure the maximum number of RIP ro...

Страница 724: ...mand to exchange nonbroadcast routing information It can be used multiple times for additional neighbors The passive interface RIP command disables sending routing updates on an interface Use the neig...

Страница 725: ...ed network or VLANs will be automatically advertised in RIP updates RIP updates will be sent and received within the specified network or VLAN Example Use the following commands to activate RIP routin...

Страница 726: ...networks match the access list the offset is applied to the metrics No change occurs if the offset value is zero Examples In this example the router examines the RIP updates being sent out from interf...

Страница 727: ...ce Use the no variant of this command to disable this function Syntax passive interface interface no passive interface interface Default Disabled Mode RIP Router Configuration Example Use the followin...

Страница 728: ...ffer size to the system default 196608 bits Syntax recv buffer size 8192 2147483647 no recv buffer size 8192 2147483647 Default 196608 bits is the system default when reset using the no variant of thi...

Страница 729: ...ode RIP Router Configuration Example To apply the metric value 15 to static routes being redistributed into RIP use the commands awplus configure terminal awplus config router rip awplus config router...

Страница 730: ...d is executed the RIP process immediately shuts down It notifies the system that RIP has performed a graceful shutdown Routes that have been installed into the route table by RIP are preserved until t...

Страница 731: ...ful restart Use the no variant of this command to disable this function Syntax rip restart grace period 1 65535 no rip restart grace period 1 65535 Mode Global Configuration Default The default RIP gr...

Страница 732: ...ngth Default No static RIP route is added by default Mode RIP Router Configuration Usage Use this command to add a static RIP route After adding the RIP route the route can be checked in the RIP routi...

Страница 733: ...ess Use the no variant of this command to disable the RIP routing process Syntax router rip no router rip Mode Global Configuration Example This command is used to begin the RIP routing process awplus...

Страница 734: ...config keychain key send lifetime 03 03 01 Jan 3 2016 04 04 02 Dec 6 2016 Parameter Description start date Specifies the start time and date in the format hh mm ss day month year or hh mm ss month day...

Страница 735: ...C613 50163 01 Rev C Command Reference for GS970M Series 735 AlliedWare Plus Operating System Version 5 4 7 0 x RIP COMMANDS SEND LIFETIME Related Commands key key string key chain accept lifetime...

Страница 736: ...ugging status for these debugging options nsmdebugging RIP eventdebugging RIP packet debugging and RIP nsm debugging For information on filtering and saving command output see the Getting Started with...

Страница 737: ...us show ip protocols rip Output Figure 23 1 Example output from the show ip protocols rip command Routing Protocol is rip Sending updates every 30 seconds with 50 next due in 12 seconds Timeout after...

Страница 738: ...Feature Overview and Configuration Guide Syntax show ip rip Mode User Exec and Privileged Exec Example awplus show ip rip Output Figure 23 2 Example output from the show ip rip command Related Comman...

Страница 739: ...out the RIP database For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip rip database full Mode...

Страница 740: ...ce Overview Use this command to display information about the RIP interfaces You can specify an interface name to display information about a specific interface Syntax show ip rip interface interface...

Страница 741: ...e specified by the garbage parameter expires the metric 16 route is finally removed from the routing table Until the garbage time expires the route is included in all updates sent by the router All th...

Страница 742: ...nts nsm packet Mode Privileged Exec Example To disable the options set for debugging RIP information events use the following command awplus undebug rip packet Related Commands debug rip Parameter Des...

Страница 743: ...ion will be received and sent on all the RIP enabled interfaces Setting the version command has no impact on receiving updates only on sending them The ip rip send version command overrides the value...

Страница 744: ...C613 50163 01 Rev C Command Reference for GS970M Series 744 AlliedWare Plus Operating System Version 5 4 7 0 x Part 4 Multicast Applications...

Страница 745: ...lticasting This chapter describes the commands to configure IGMP Querier behaviour and selection and IGMP Snooping Command List clear ip igmp on page 747 clear ip igmp group on page 748 clear ip igmp...

Страница 746: ...suppression on page 773 ip igmp snooping routermode on page 774 ip igmp snooping tcn query solicit on page 776 ip igmp source address check on page 778 ip igmp static group on page 779 ip igmp startup...

Страница 747: ...AND IGMP SNOOPING COMMANDS CLEAR IP IGMP clear ip igmp Overview Use this command to clear all IGMP group membership records on all interfaces Syntax clear ip igmp Mode Privileged Exec Example awplus c...

Страница 748: ...nterface can be specified Specifying this will mean that only entries with the group learned on the interface will be deleted Examples To delete all group records use the command awplus clear ip igmp...

Страница 749: ...particular interface Syntax clear ip igmp interface interface Mode Privileged Exec Usage This command applies to interfaces configured for IGMP or IGMP Snooping Example To delete records for vlan1 use...

Страница 750: ...component of IGMP Syntax debug igmp all decode encode events fsm tib no debug igmp all decode encode events fsm tib Modes Privileged Exec and Global Configuration Example awplus configure terminal awp...

Страница 751: ...t of this command to return all IGMP related configuration to the default on this interface Syntax ip igmp no ip igmp Default Disabled Mode Interface Configuration for a VLAN interface Usage An IP add...

Страница 752: ...yntax ip igmp access group access list number access list name no ip igmp access group Default By default there are no access lists configured on any interface Mode Interface Configuration for a VLAN...

Страница 753: ...L2 switched network running IGMP it is considered more robust to flood all specific queries In most cases the benefit of flooding specific queries to all VLAN member ports outweighs the disadvantages...

Страница 754: ...name no ip igmp immediate leave Default Disabled by default Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP or IGMP Snooping Exampl...

Страница 755: ...ery count 2 7 no ip igmp last member query count Default The default last member query count value is 2 Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces...

Страница 756: ...mp last member query interval Default 1000 milliseconds Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP or IGMP Snooping Example To...

Страница 757: ...e default limit which is reset by the no variant of this command is 512 Mode Global Configuration and Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configu...

Страница 758: ...port Usage We recommend using this command with IGMP snooping fast leave on the relevant VLANs To enable fast leave use the command awplus config if ip igmp snooping fast leave Thedevicekeepscountofth...

Страница 759: ...nts to 10 groups on port 1 0 1 which is in vlan1 use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if ip igmp maximum groups 10 awplus config if exit awplus co...

Страница 760: ...t The default timeout interval is 255 seconds Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP The timeout value should not be less t...

Страница 761: ...if a stream of Query Solicitation QS packets are sent to the IGMP Querier eliciting a rapid stream of IGMP Queries This command applies to interfaces on which the device is acting as an IGMP Querier...

Страница 762: ...GS970M Series 762 AlliedWare Plus Operating System Version 5 4 7 0 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP QUERY HOLDTIME Related Commands ip igmp query interval ip igmp snooping tcn query solicit s...

Страница 763: ...d for IGMP Note that the IGMP query interval is automatically set to a greater value than the IGMP query max response time For example if you set the IGMP query max response time to 2 seconds using th...

Страница 764: ...reset the period between sending IGMP host query messages to the default 125 seconds for vlan10 use the following commands awplus configure terminal awplus config interface vlan10 awplus config if no...

Страница 765: ...ple if you set the IGMP query interval to 3 seconds using the ip igmp query interval command and the current IGMP query interval is less than 3 seconds then the IGMP query maximum response time will b...

Страница 766: ...eference for GS970M Series 766 AlliedWare Plus Operating System Version 5 4 7 0 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP QUERY MAX RESPONSE TIME Related Commands ip igmp query interval show ip igmp i...

Страница 767: ...options are ignored Use the no variant of this command to disable strict RA option validation Syntax ip igmp ra option no ip igmp ra option Default The default state of RA validation is unset Mode Int...

Страница 768: ...ce Syntax ip igmp robustness variable 1 7 no ip igmp robustness variable Default The default robustness variable value is 2 Mode Interface Configuration for a VLAN interface Usage This command applies...

Страница 769: ...disabled globally Syntax ip igmp snooping no ip igmp snooping Default By default IGMP Snooping is enabled both globally and on all VLANs Mode Global Configuration and Interface Configuration for a VLA...

Страница 770: ...up message is received without sending out a group specific query Use the no variant of this command to disable fast leave processing Syntax ip igmp snooping fast leave no ip igmp snooping fast leave...

Страница 771: ...to remove the static configuration of the port as a multicast router port Syntax ip igmp snooping mrouter interface port no ip igmp snooping mrouter interface port Mode Interface Configuration for a...

Страница 772: ...IP address because it only masquerades as a proxy IGMP querier for faster network convergence It does not start or automatically cease the IGMP Querier operation if it detects query message s from a m...

Страница 773: ...e already downstream ports for this group on this interface Use the no variant of this command to disable report suppression Syntax ip igmp snooping report suppression no ip igmp snooping report suppr...

Страница 774: ...iguration Parameter Description all All reserved multicast addresses 224 0 0 x Packets from all possible addresses in range 224 0 0 x are treated as coming from routers default Default set of reserved...

Страница 775: ...TERMODE Examples To set ip igmp snooping routermode for all default reserved addresses enter awplus config ip igmp snooping routermode default To remove the multicast address 224 0 0 5 from the custom...

Страница 776: ...enabled by default and cannot be disabled using the Global Configuration mode command However Query Solicitation can be disabled for specified interfaces using the no variant of this command from the...

Страница 777: ...configure terminal awplus config no ip igmp snooping tcn query solicit To enable Query Solicitation for vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if...

Страница 778: ...guration for a VLAN interface Usage This is a security feature and should be enabled unless IGMP Reports from outside the local subnet are expected for example if Multicast VLAN Registration is active...

Страница 779: ...mbership entries Syntax ip igmp static group ip address source ip source addr interface port no ip igmp static group ip address source ip source addr interface port Mode Interface Configuration for a...

Страница 780: ...7 0 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP STATIC GROUP Example The following example show how to statically add group and source records for IGMP on vlan3 awplus configure terminal awplus config...

Страница 781: ...p The default IGMP startup query count is 2 Syntax ip igmp startup query count startup query count no ip igmp startup query count Default The default IGMP startup query count is 2 Mode Interface Confi...

Страница 782: ...rval Default The default IGMP startup query interval is one quarter of the IGMP query interval value NOTE The IGMP startup query interval must be one quarter of the IGMP query interval Mode Interface...

Страница 783: ...ce mode for one or more switch ports or aggregators Usage Because all ports are trusted by default use this command in its no variant to stop IGMP processing packets on ports you do not trust For exam...

Страница 784: ...rface Use the no variant of this command to return to the default version Syntax ip igmp version 1 3 no ip igmp version Default The default IGMP version is 3 Mode Interface Configuration for a VLAN in...

Страница 785: ...the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging igmp Mode User Exec and Privileged Exec Example To display the IGMP debugging options set enter...

Страница 786: ...A B C D interface Interface name for which to display local information IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 224 0 1 1 port1 0 1 00 00 09 00 04 17 10 1...

Страница 787: ...on 5 4 7 0 x IGMP AND IGMP SNOOPING COMMANDS SHOW IP IGMP GROUPS Expires Time in hours minutes and seconds until the entry expires Last Reporter Last host to report being a member of the multicast gro...

Страница 788: ...specify a switch port number the output displays the number of groups the port belongs to and the port s group membership limit if a limit has been set with the command ip igmp maximum groups awplus...

Страница 789: ...me is 500 milliseconds IGMP querier timeout is 255 seconds IGMP max query response time is 10 seconds Last member query response interval is 1000 milliseconds Group Membership interval is 260 seconds...

Страница 790: ...ation Guide Syntax show ip igmp snooping mrouter interface interface Mode User Exec and Privileged Exec Example To show all multicast router interfaces use the command awplus show ip igmp snooping mro...

Страница 791: ...ng command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip igmp snooping routermode Mode User Exec and Privileged Exec Example To show the r...

Страница 792: ...nterface vlan1 vlan2 Output Figure 24 6 Example output from the show ip igmp snooping statistics command for VLANs Parameter Description ip address Optionally specify the address of the multicast grou...

Страница 793: ...4 7 0 x IGMP AND IGMP SNOOPING COMMANDS SHOW IP IGMP SNOOPING STATISTICS Figure 24 7 Example output from the show ip igmp snooping statistics command for a switch port awplus show ip igmp interface p...

Страница 794: ...mand Reference for GS970M Series 794 AlliedWare Plus Operating System Version 5 4 7 0 x IGMP AND IGMP SNOOPING COMMANDS UNDEBUG IGMP undebug igmp Overview This command applies the functionality of the...

Страница 795: ...clear ipv6 mld interface on page 798 debug mld on page 799 ipv6 mld immediate leave on page 800 ipv6 mld limit on page 801 ipv6 mld snooping on page 803 ipv6 mld snooping fast leave on page 805 ipv6...

Страница 796: ...tem Version 5 4 7 0 x MLD SNOOPING COMMANDS CLEAR IPV6 MLD clear ipv6 mld Overview Use this command to clear all MLD local memberships on all interfaces Syntax clear ipv6 mld Mode Privileged Exec Exam...

Страница 797: ...a particular group Syntax clear ipv6 mld group ipv6 address Mode Privileged Exec Example awplus clear ipv6 mld group Related Commands clear ipv6 mld clear ipv6 mld interface Parameter Description Clea...

Страница 798: ...clear ipv6 mld interface Overview Use this command to clear MLD interface entries Syntax clear ipv6 mld interface interface Mode Privileged Exec Example awplus clear ipv6 mld interface vlan2 Related C...

Страница 799: ...ncode events fsm tib no debug mld all decode encode events fsm tib Mode Privileged Exec and Global Configuration Examples awplus configure terminal awplus config debug mld all awplus configure termina...

Страница 800: ...example shows how to enable the immediate leave feature on an interface for a specific range of multicast groups In this example the router assumes that the group access list consists of groups that...

Страница 801: ...learned with the ipv6 mld limit command The default limit of group membership entries that can be learned is 512 entries Mode Global Configuration and Interface Configuration for a specified VLAN int...

Страница 802: ...ing awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 mld limit 100 The following example configures an MLD limit of 100 group membe...

Страница 803: ...enabled both globally and on all VLANs Mode Global Configuration and Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage For MLD Snooping to operate on particula...

Страница 804: ...lan2 enter the following commands awplus configure terminal awplus config interface vlan2 awplus config no ipv6 mld snooping To disable MLD Snooping for the VLAN interfaces vlan2 vlan4 enter the follo...

Страница 805: ...fast leave processing Syntax ipv6 mld snooping fast leave no ipv6 mld snooping fast leave Default MLD Snooping fast leave processing is disabled Mode Interface Configuration for a specified VLAN inte...

Страница 806: ...interface Note that if static IPv6 multicast routing is being used with EPSR and the destination VLAN is an EPSR data VLAN then multicast router mrouter ports must be statically configured This minimi...

Страница 807: ...interface to the multicast router for VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld snooping mrouter interface port1 0 5 This example shows how...

Страница 808: ...on Syntax ipv6 mld snooping querier no ipv6 mld snooping querier Mode Interface Configuration for a specified VLAN interface Usage This command can only be configured on a single VLAN interface not on...

Страница 809: ...aybe configured to suppress reports from hosts When a querier sends a query only the first report for particular set of group s from a host will be forwarded to the querier by the MLD Snooping device...

Страница 810: ...ersion 5 4 7 0 x MLD SNOOPING COMMANDS IPV6 MLD SNOOPING REPORT SUPPRESSION This example shows how to disable report suppression for MLD reports on VLAN interfaces vlan2 vlan4 awplus configure termina...

Страница 811: ...dd a static group record use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 To add a static group and source record use t...

Страница 812: ...ting System Version 5 4 7 0 x MLD SNOOPING COMMANDS IPV6 MLD STATIC GROUP To add a static group record on a specific port on vlan2 use the following commands awplus configure terminal awplus config in...

Страница 813: ...mld command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mld Mode Privileged Exec...

Страница 814: ...ace detail Mode User Exec and Privileged Exec Examples The following command displays local membership information for all interfaces awplus show ipv6 mld groups Output Figure 25 2 Example output for...

Страница 815: ...rfaces enabled for MLD awplus show ipv6 mld interface Output Parameter Description interface Interface name awplus show ipv6 mld interface Interface vlan1 Index 301 MLD Enabled Active Querier Version...

Страница 816: ...c and Privileged Exec Examples The following command displays the multicast router interfaces in vlan2 awplus show ipv6 mld snooping mrouter vlan2 Output The following command displays the multicast r...

Страница 817: ...ping statistics interface interface Mode User Exec and Privileged Exec Example The following command displays MLDv2 statistical information for vlan1 awplus show ipv6 mld snooping statistics interface...

Страница 818: ...1 0db8 32 is ff3x 20 2001 0db8 64 Where an RP address is 2001 0db8 1 the embedded RP multicast prefix is ff7x 120 2001 0db8 96 For ASM Any Source Multicast the IPV6 multicastaddressesallocatedfor docu...

Страница 819: ...st packet on page 829 ip multicast route limit on page 830 ip multicast wrong vif suppression on page 831 ip multicast routing on page 832 ipv6 mroute on page 833 ipv6 multicast route limit on page 83...

Страница 820: ...entries in its IPv4 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast protocol has its own clear mult...

Страница 821: ...ntries from the IP multicast routing table Syntax clear ip mroute statistics ipv4 group addr ipv4 source addr Mode Privileged Exec Example awplus clear ip mroute statistics 225 1 1 2 192 168 4 4 awplu...

Страница 822: ...outing Information Base MRIB clears the relevant IPv6 multicast route entries in its IPv6 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to t...

Страница 823: ...e the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Syntax clear ipv6 mroute statisti...

Страница 824: ...f the smallest MTU among the outgoing interfaces for the multicast group It will also ensure that a received packet that is larger than the MTU value will result in the generation of an ICMP Too Big m...

Страница 825: ...nsm mcast fib msg awplus configure terminal awplus config debug nsm mcast mrt awplus configure terminal awplus config debug nsm mcast mtrace awplus configure terminal awplus config debug nsm mcast mtr...

Страница 826: ...wplus configure terminal awplus config debug nsm mcast6 all awplus configure terminal awplus config debug nsm mcast6 fib msg awplus configure terminal awplus config debug nsm mcast6 mif awplus configu...

Страница 827: ...that source This command enables the user to statically configure the device with multicast routes back to given sources When performing the RPF check on a stream from a given IPv4 source the multicas...

Страница 828: ...raversed in order to arrive at the current router Examples The following example creates a static multicast IPv4 route back to the sources in the 10 10 3 0 24 subnet The multicast route is via the hos...

Страница 829: ...that create the multicast route possibly causing degradation in the quality of the multicast stream such as the pixelation of video and audio data NOTE If you use this command ensure that the ip igmp...

Страница 830: ...Configuration Usage This command limits the number of multicast IPv4 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter i...

Страница 831: ...ong vif suppression no ip multicast wrong vif suppression Default By default this feature is disabled Mode Global Configuration Usage Use this command if there is excessive CPU load and multicast traf...

Страница 832: ...st routing no ip multicast routing Default By default IPv4 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base M...

Страница 833: ...ia different paths to those used for unicast In this case the interface via which a multicast stream from a given source enters a router may not be the same as the interface that connects to the best...

Страница 834: ...e current router will forward multicast instead it refers to the route the multicast will have traversed in order to arrive at the current router Examples The following example creates a static multic...

Страница 835: ...l Configuration Usage This command limits the number of multicast IPv6 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter...

Страница 836: ...ticast routing Default By default IPv6 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MRIB cleans up Multic...

Страница 837: ...not be forwarded to other VLANs but ports in the same VLANs as the receiving port will still receive the multicast packets CAUTION We do not recommend disabling multicast routing in a live network So...

Страница 838: ...oup and source IPv4 address Figure 26 1 Example output from the show ip mroute command Parameter Description ipv4 group addr Group IPv4 address in dotted decimal notation in the format A B C D ipv4 so...

Страница 839: ...3 uptime 00 03 24 stat expires 00 01 28 Owner PIM SM Flags TF Incoming interface vlan2 Outgoing interface list vlan3 1 awplus show ip mroute count IP Multicast Statistics Total 1 routes using 132 byte...

Страница 840: ...Output Figure 26 5 Example output from the show ip mvif command Figure 26 6 Example output from the show ip mvif command with the interface parameter vlan2 specified Parameter Description interface Th...

Страница 841: ...show ip rpf Overview Use this command to display Reverse Path Forwarding RPF information for the specified IPv4 source address Syntax show ip rpf source addr Mode User Exec and Privileged Exec Exampl...

Страница 842: ...mple output of this command displaying the IPv6 multicast routing table for a single static IPv6 Multicast route Figure 26 7 Example output from the show ipv6 mroute command Parameter Description ipv6...

Страница 843: ...tistics Total 1 routes using 152 bytes memory Route limit Route threshold 1024 1024 Total NOCACHE WRONGmif WHOLEPKT recv from fwd 6 0 0 Total NOCACHE WRONGmif WHOLEPKT sent to clients 6 0 0 Immediate...

Страница 844: ...status of multicast forwarding slow path packet setting Syntax show ipv6 multicast forwarding Mode User Exec Example To show the status of the multicast forwarding slow path packet setting use the fol...

Страница 845: ...ow ipv6 mif awplus show ipv6 mif vlan2 Output Figure 26 11 Example output from the show ipv6 mif command Figure 26 12 Example output from the show ipv6 mif command with the interface parameter vlan2 s...

Страница 846: ...C613 50163 01 Rev C Command Reference for GS970M Series 846 AlliedWare Plus Operating System Version 5 4 7 0 x Part 5 Access and Security...

Страница 847: ...the command title ends with words in parentheses these words indicate usage instead of keywords to enter into the CLI For example the title access list numbered hardware ACL for ICMP indicates that th...

Страница 848: ...s access list numbered hardware ACL for IP packets Global Configuration awplus config access list numbered hardware ACL for ICMP Global Configuration awplus config access list numbered hardware ACL fo...

Страница 849: ...sses on page 863 access list numbered hardware ACL for TCP or UDP on page 866 access list hardware named hardware ACL on page 870 named hardware ACL ICMP entry on page 872 named hardware ACL IP packet...

Страница 850: ...h a filter is permitted Usage FirstcreateanIPaccess listthatappliestheappropriatepermit denyrequirements with the access list numbered hardware ACL for IP packets command the access list numbered hard...

Страница 851: ...hw acl to switch port interface port1 0 2 enter the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if access group hw acl To apply an ACL to static channe...

Страница 852: ...list Syntax access list 3000 3699 action icmp source ip dest ip icmp type number vlan 1 4094 no access list 3000 3699 Parameter Description 3000 3699 An ID number for this hardware IP access list act...

Страница 853: ...ll destination addresses The following are the valid formats for specifying the destination any Match any destination IP address host ip addr Match a single destination host with the IP address given...

Страница 854: ...hem to the CPU the mirror port or a specific VLAN on a specific port Use such ACLs with caution They could prevent control packets from reaching the correct destination such as EPSR healthcheck messag...

Страница 855: ...for GS970M Series 855 AlliedWare Plus Operating System Version 5 4 7 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS ACCESS LIST NUMBERED HARDWARE ACL FOR ICMP Command changes Version 5 4 6 2 1 sen...

Страница 856: ...ax access list 3000 3699 action ip source ip dest ip vlan 1 4094 no access list 3000 3699 Table 27 2 IP and ICMP parameters in access list hardware IP numbered Parameter Description 3000 3699 An ID nu...

Страница 857: ...hin the specified subnet Specify the subnet by entering a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 dest ip The destinatio...

Страница 858: ...e correct destination such as EPSR healthcheck messages and VCStack messages Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To create an access list that will perm...

Страница 859: ...st Syntax access list 3000 3699 action proto 1 255 source ip dest ip vlan 1 4094 no access list 3000 3699 Table 27 3 Parameters in access list hardware IP numbered Parameter Description 3000 3699 An I...

Страница 860: ...al format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 dest ip The destination addresses to match against You can specify a single host a subnet or all destination...

Страница 861: ...monitoring RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC938 29 ISO TP4 ISO Transport Protocol Class 4 RFC905 30 Bulk Data Transfer Protocol RFC969 33...

Страница 862: ...nt control packets from reaching the correct destination such as EPSR healthcheck messages and VCStack messages Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To c...

Страница 863: ...nner vlan 1 4094 no access list 4000 4699 Parameter Description 4000 4699 Hardware MAC access list action The action that the switch will take on matching packets deny Reject packets that match the so...

Страница 864: ...ss unless explicitly denied by an ACL action Examples To create an access list that will permit packets with a source MAC address of 0000 00ab 1234 and any destination address use the commands awplus...

Страница 865: ...0 00ab use the commands awplus configure terminal awplus config access list 4001 copy to mirror 0000 00ab 1234 0000 0000 FFFF any You also need to configure the mirror port with the mirror interface c...

Страница 866: ...re access list Syntax access list 3000 3699 action tcp udp source ip source ports dest ip dest ports vlan 1 4094 no access list 3000 3699 Parameter Description 3000 3699 An ID number for this hardware...

Страница 867: ...DP port numbers Port numbers are specified as integers between 0 and 65535 You can specify one or more port numbers as follows eq 0 65535 Match a single port number lt 0 65535 Match all port numbers t...

Страница 868: ...ess unless explicitly denied by an ACL action Examples To create an access list that will permit TCP packets with a destination address of 192 168 1 1 a destination port of 80 and any source address a...

Страница 869: ...they have a destination addressof 192 168 1 1 adestinationport of80 and anysourceaddress and source port enter the commands awplus configure terminal awplus config access list 3000 copy to mirror tcp...

Страница 870: ...IPv4 Hardware ACL Configuration mode If the named hardware ACL does not exist it will be created after entry If the named hardware ACL already exists then this command puts you into IPv4 Hardware ACL...

Страница 871: ...5 4 7 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS ACCESS LIST HARDWARE NAMED HARDWARE ACL Related Commands access group named hardware ACL ICMP entry named hardware ACL IP protocol entry named...

Страница 872: ...gitssequencenumber e g nopermiticmp192 168 1 0 24any icmp type 11 You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless ex...

Страница 873: ...k Match any source IP address within the specified subnet Specify the subnet by entering a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192...

Страница 874: ...f you do not specify a sequence number the switch puts the entry at the end of the ACL and assigns it the next available multiple of 10 as its sequence number Then use the access group or the match ac...

Страница 875: ...e of 5 use the commands awplus configure terminal awplus config access list hardware my list awplus config ip hw acl 100 permit icmp 192 168 1 0 24 any icmp type 5 To remove an access list filter entr...

Страница 876: ...s sequence number e g no deny ip 192 168 0 0 16 any You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless explicitly denie...

Страница 877: ...bnet by entering the IPv4 address then a forward slash then the prefix length ip addr reverse mask Match any source IP address within the specified subnet Specify the subnet by entering a reverse mask...

Страница 878: ...C address a range through a mask the address learned from DHCP snooping or any any Match against any source MAC address source mac The source MAC address to match against followed by the mask Enter th...

Страница 879: ...he access list named my list that will permit any IP packet with a source address of 192 168 1 1 use the commands awplus configure terminal awplus config access list hardware my list awplus config ip...

Страница 880: ...umber e g no deny proto 2 192 168 0 0 16 any You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an...

Страница 881: ...ip addr Match a single source host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any source IP address within the specified subnet Specify the subnet by enterin...

Страница 882: ...HHH HHHH where each H is a hexadecimal number Enter the mask in the format HHHH HHHH HHHH where each H is a hexadecimal number For a mask each value is either 0 or F where FF Ignore and 00 Match dhcps...

Страница 883: ...ring RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC938 29 ISO TP4 ISO Transport Protocol Class 4 RFC905 30 Bulk Data Transfer Protocol RFC969 33 DCCP Da...

Страница 884: ...e multiple of 10 as its sequence number Then use the access group or the match access group command to apply this ACL to a port VLAN or QoS class map Note that the ACL will only apply to incoming data...

Страница 885: ...lus Operating System Version 5 4 7 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS NAMED HARDWARE ACL IP PROTOCOL ENTRY match access group show running config show access list IPv4 Hardware ACLs Co...

Страница 886: ...g its sequence number e g no permit mac aaaa bbbb cccc 0000 0000 0000 any You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access u...

Страница 887: ...will only apply to incoming data packets You can use ACLs to redirect packets by sending them to the CPU the mirror port or a specific VLAN on a specific port Use such ACLs with caution They could pre...

Страница 888: ...onfig access list hardware my list awplus config ip hw acl permit mac 0000 00ab 1234 0000 0000 0000 any To remove a filter entry that permit packets with a source MAC address of 0000 00ab 1234 and any...

Страница 889: ...specifying its sequence number e g no permit udp 192 168 0 0 16 any You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless...

Страница 890: ...ring the IPv4 address then a forward slash then the prefix length ip addr reverse mask Match any source IP address within the specified subnet Specify the subnet by entering a reverse mask in dotted d...

Страница 891: ...able multiple of 10 as its sequence number host ip addr Match a single destination host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any destination IP address...

Страница 892: ...uch ACLs with caution They could prevent control packets from reaching the correct destination such as EPSR healthcheck messages and VCStack messages Example To add a filter entry to access list named...

Страница 893: ...ACL is not written to hardware until you exit IPv4 Hardware ACL Configuration mode By entering this command you can ensure that the current state of a hardware access list that is being edited is writ...

Страница 894: ...ss list To show the access list with an ID of 20 awplus show access list 20 The following error message is displayed if you try to show an undefined access list awplus show access list 2 Parameter Des...

Страница 895: ...perating System Version 5 4 7 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS SHOW ACCESS LIST IPV4 HARDWARE ACLS Related Commands access list extended named access list numbered hardware ACL for M...

Страница 896: ...d Exec Example To show all access lists attached to port1 0 1 use the command awplus show interface port1 0 1 access group Output Figure 27 1 Example output from the show interface access group comman...

Страница 897: ...elf For more information on link aggregation see the following references the Link Aggregation Feature Overview_and Configuration Guide Link Aggregation Commands NOTE Text in parenthesis in command na...

Страница 898: ...Prompts Command Name Command Mode Prompt show ip access list Privileged Exec awplus access group Global Configuration awplus config access list extended named Global Configuration awplus config access...

Страница 899: ...Rev C Command Reference for GS970M Series 899 AlliedWare Plus Operating System Version 5 4 7 0 x IPV4 SOFTWARE ACCESS CONTROL LIST ACL COMMANDS show ip access list on page 938 vty access class numbere...

Страница 900: ...list extended list name no access list extended list name Syntax icmp access list extended list name deny permit icmp source destination icmp type type number log no access list extended list name de...

Страница 901: ...n enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a s...

Страница 902: ...Echo replies 3 Destination unreachable messages 4 Source quench messages 5 Redirect change route messages 8 Echo requests 11 Time exceeded messages 12 Parameter problem messages 13 Timestamp requests...

Страница 903: ...all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with the IP address given by...

Страница 904: ...jects packets that match the type source and destination filtering specified with this command permit The access list permits packets that match the type source and destination filtering specified wit...

Страница 905: ...rmat For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 log Logs the results ip protocol The IP protocol number as defined by IANA Internet Assigned Numbers Authority ww...

Страница 906: ...agram Congestion Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Proto...

Страница 907: ...tware ACLs will deny access unless explicitly permitted by an ACL action Examples You can enter the extended named ACL in the Global Configuration mode together with the ACL filter entry on the same l...

Страница 908: ...nation no access list 100 199 2000 2699 deny permit ip source destination Parameter Description 100 199 IP extended access list 2000 2699 IP extended access list expanded range Parameter Description 1...

Страница 909: ...rmitted by an ACL action Examples You can enter the extended ACL in the Global Configuration mode together with the ACL filter entry on the same line as shown below awplus configure terminal awplus co...

Страница 910: ...ermit icmp source destination icmp type icmp value log no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list den...

Страница 911: ...ered command or the access list extended named command with the required access control list number or name but with no further parameters selected Software ACLs will deny access unless explicitly per...

Страница 912: ...found by running theshowaccess list IPv4 Software ACLs command Syntax ip sequence number deny permit ip source destination no deny permit ip source destination no sequence number Parameter Description...

Страница 913: ...e following commands to enter the IPv4 Extended ACL Configuration mode and define a numbered extended access list 101 awplus configure terminal awplus config access list 101 awplus config ip ext acl T...

Страница 914: ...st 10 0 0 1 host 192 168 1 1 awplus config ip ext acl 20 permit ip any any Example 3 list number Use the following commands to remove the access list filter entry with sequence number 20 from extended...

Страница 915: ...Ls command Syntax proto sequence number deny permit proto ip protocol source destination log no deny permit proto ip protocol source destination log no sequence number Parameter Description sequence n...

Страница 916: ...Description RFC 1 Internet Control Message RFC792 2 Internet Group Management RFC1112 3 Gateway to Gateway RFC823 4 IP in IP RFC2003 5 Stream RFC1190 RFC1819 6 TCP Transmission Control Protocol RFC793...

Страница 917: ...elected Software ACLs will deny access unless explicitly permitted by an ACL action Example 1 creating a list Use the following commands to add a new access list filter entry to the access list named...

Страница 918: ...COL FILTER Example 2 adding to a list Use the following commands to add a new access list filter entry at sequence position 5 in the access list named my list that will accept packets from source addr...

Страница 919: ...r deny permit tcp udp source eq sourceport lt sourceport gt sourceport ne sourceport destination eq destport lt destport gt destport ne destport log no sequence number Mode IPv4 Extended ACL Configura...

Страница 920: ...DED TCP UDP FILTER Example 2 adding to a list To insert a new entry with sequence number 5 of the access list named my list that will accept UDP packets from 10 1 1 0 24 network to 192 168 1 0 24 netw...

Страница 921: ...ermit access list standard standard access list name deny permit source no access list standard standard access list name deny permit source Mode Global Configuration Default Any traffic controlled by...

Страница 922: ...you can configure your access lists by using the command access list standard named filter NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples To define a standa...

Страница 923: ...999 deny permit source no access list 1 99 1300 1999 deny permit source Mode Global Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Usa...

Страница 924: ...access list standard numbered filter NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples To create ACL number 67 that will deny packets from subnet 172 16 10 use...

Страница 925: ...sequence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax sequence number deny permit source exact match any no deny permit source exact match any no sequence number Mo...

Страница 926: ...the access list standard named command with the required access control list name but with no further parameters selected Software ACLs will deny access unless explicitly permitted by an ACL action Ex...

Страница 927: ...ence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax sequence number deny permit source host host address any no deny permit source host host address any no sequence n...

Страница 928: ...f an existing list by specifying the appropriate sequence number NOTE The access control list being configured is selected by running the access list standard numbered command with the required access...

Страница 929: ...os ipoptions land ping of death smurf broadcast ip address synflood teardrop action shutdown trap mirror Mode Interface Configuration for a switch port interface Default DoS attack detection is not co...

Страница 930: ...ct normal traffic switching between ports but other protocols such as IGMP and STP may be affected This defense is not recommended where a large number of fragmented packets are expected smurf This ty...

Страница 931: ...he interface if an attack is detected use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if dos ipoptions action shutdown To configure ping of death DoS detecti...

Страница 932: ...re access lists within the ranges 1 199 1300 1999 and 2000 2699 and named standard and extended access lists The no variant of this command removes the limit on the number of filters that can be added...

Страница 933: ...To show all access lists configured on the switch awplus show access list To show the access list with an ID of 20 awplus show access list 20 Parameter Description 1 99 IP standard access list 100 199...

Страница 934: ...ACCESS LIST IPV4 SOFTWARE ACLS Note the following error message is displayed if you attempt to show an undefined access list awplus show access list 2 Related Commands access list standard named acce...

Страница 935: ...1 Example output from the show dos interface command prior to a DoS attack Parameter Description port list Specify the switch port or port list to display DoS configuration options set with the dos co...

Страница 936: ...down with the shutdown command ipoptions Displays Enabled when the ipoptions parameter is configured with thedos command plus the action Shutdown port Mirror port or Trap port and the number of insta...

Страница 937: ...s Enabled when the synflood parameter is configured with the dos command plus the action Shutdown port Mirror port or Trap port and the number of instances of any synflood DoS attacks that have occurr...

Страница 938: ...2000 2699 access list name Mode User Exec and Privileged Exec Example awplus show ip access list Output Figure 28 3 Example output from the show ip access list command Parameter Description 1 99 IP s...

Страница 939: ...uld be to permit a specific address or range of addresses and rely on the deny all filter to block all other access Use the no variant of this command to remove the access list Syntax vty access class...

Страница 940: ...more information on link aggregation see the following references the Link Aggregation Feature Overview_and_Configuration Guide Link Aggregation Commands Note that text in parenthesis in command name...

Страница 941: ...tandard filter on page 944 show ipv6 access list IPv6 Software ACLs on page 946 vty ipv6 access class named on page 947 Table 29 1 IPv6 Software Access List Commands and Prompts Command Name Command M...

Страница 942: ...ed by a software ACL that does not explicitly match a filter is denied Usage Use IPv6 standard access lists to control the transmission of IPv6 packets on an interface and restrict the content of rout...

Страница 943: ...and preferred method moves you to the config ipv6 std acl prompt for the selected IPv6 standard access list and from here you can configure the filters for this selected IPv6 standard access list NOT...

Страница 944: ...ipv6 source address prefix length any no sequence number Mode IPv6 Standard ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Usage...

Страница 945: ...med my list enter the commands awplus configure terminal awplus config ipv6 access list standard my list awplus config ipv6 std acl no deny any Alternately to remove the ACL filter entry with sequence...

Страница 946: ...use the following command awplus show ipv6 access list Output Figure 29 1 Example output from show ipv6 access list Example To show the IPv6 access list named deny_icmp use the following command awpl...

Страница 947: ...ddress or range of addresses and rely on the deny all filter to block all other access Use the no variant of this command to remove the access list Syntax vty ipv6 access class access name no vty ipv6...

Страница 948: ...page 950 class map on page 951 clear mls qos interface policer counters on page 952 default action on page 953 description QoS policy map on page 954 egress rate limit on page 955 match access group...

Страница 949: ...7 show mls qos interface on page 988 show mls qos interface policer counters on page 989 show mls qos interface queue counters on page 991 show mls qos interface storm status on page 993 show mls qos...

Страница 950: ...ass map If your class map does not exist you can create it by using the class map command Syntax class name default no class name Mode Policy Map Configuration Example The following example creates th...

Страница 951: ...and to create a class map Use the no variant of this command to delete the named class map Syntax class map name no class map name Mode Global Configuration Example This example creates a class map ca...

Страница 952: ...aps by not specifying a class map Syntax clear mls qos interface port policer counters class map class map Mode Privileged Exec Example To reset the policy counters to zero for all class maps for port...

Страница 953: ...ult action of permit Syntax default action permit deny send to cpu copy to cpu copy to mirror send to mirror no default action Default The default is permit Mode Policy Map Configuration Examples To s...

Страница 954: ...al description of the policy map This can be up to 80 characters long Use the no variant of this command to remove the current description from the policy map Syntax description line no description Mo...

Страница 955: ...al awplus config interface port1 0 1 awplus config if egress rate limit 64k Egress rate limit has been set to 64 Kb To disable egress rate limiting on a port use the commands awplus configure terminal...

Страница 956: ...ming data packets Examples To configure a class map named cmap1 which matches traffic against access list 3001 which allows IP traffic from any source to any destination use the commands awplus config...

Страница 957: ...ig ip hw acl permit ip any any awplus config class map cmap3 awplus config cmap match access group hw_acl To apply ACL 3001 to VLAN 48 where the ACL drops IP traffic from any source to any destination...

Страница 958: ...variant of this command to remove CoS Syntax match cos 0 7 no match cos Mode Class Map Configuration Examples To set the class map s CoS to 4 use the commands awplus configure terminal awplus config...

Страница 959: ...ion Usage Use the match dscp command to define the match criterion after creating a class map Examples To configure a class map named cmap1 with criterion that matches DSCP 56 use the commands awplus...

Страница 960: ...s enter the parameter name ethii untagged EthII Untagged Packets enter the parameter name ethii any EthII Tagged or Untagged Packets enter the parameter name netwareraw tagged Netware Raw Tagged Packe...

Страница 961: ...ber 0807 enter the parameter name or its number banyan systems Protocol Number 0BAD enter the parameter name or its number bbn simnet Protocol Number 5208 enter the parameter name or its number dec mo...

Страница 962: ...figure terminal awplus config class map cmap1 awplus config cmap no match eth format protocol appletalk Protocol Number 809B enter the parameter name or its number ibm sna Protocol Number 80D5 enter t...

Страница 963: ...d to remove CoS Syntax match inner cos 0 7 no match inner cos Mode Class Map Configuration Examples To set the class map s inner cos to 4 use the commands awplus configure terminal awplus config class...

Страница 964: ...ed in double tagged networks to match on a VLAN ID belonging to the client network For more information on VLAN double tagged networks see the VLAN Feature Overview and Configuration Guide Examples To...

Страница 965: ...Use the no variant of this command to remove IP precedence values from a class map Syntax match ip precedence 0 7 no match ip precedence Mode Class Map Configuration Example To configure a class map n...

Страница 966: ...bcast l2mcast l2ucast no match mac type Mode Class Map Configuration Examples To set the class map s MAC type to Layer 2 multicast use the commands awplus configure terminal awplus config class map cm...

Страница 967: ...yntax match tcp flags ack fin psh rst syn urg no match tcp flags ack fin psh rst syn urg Mode Class Map Configuration Examples To set the class map s TCP flags to ack and syn use the commands awplus c...

Страница 968: ...ria Syntax match vlan 1 4094 no match vlan Mode Class Map Configuration Examples To configure a class map named cmap1 to include traffic from VLAN 3 use the commands awplus configure terminal awplus c...

Страница 969: ...nterface to the default CoS setting for untagged frames entering the interface Syntax mls qos cos 0 7 no mls qos cos Default By default all untagged frames are assigned a CoS value of 0 Note that for...

Страница 970: ...his command to globally disable QoS and remove all QoS configuration The no variant of this command removes all class maps policy maps and policers that have been created Running the no mls qos comman...

Страница 971: ...t setting The default mappings for this command are Syntax mls qos map cos queue cos priority to queue number no mls qos map cos queue Mode Global Configuration Examples To map CoS 2 to queue 0 use th...

Страница 972: ...p command set this command mls qos map premark dscp enables you to make the following changes remap the DSCP leaving the other settings unchanged remap any or all of CoS outputqueue or bandwidth class...

Страница 973: ...o use a new DSCP of 2 a new CoS of 3 and a new bandwidth class of yellow use the command awplus configure terminal awplus config mls qos map premark dscp 1 to new dscp 2 new cos 3 new bandwidth class...

Страница 974: ...nfigured on the class map Syntax no police Mode Policy Map Class Configuration Usage This command disables any policer previously configured on the class map Example To disable policing on a class map...

Страница 975: ...does not only apply to red traffic If a remark map is configured on the same class map as the policer then the remark map will apply to green colored and yellow colored traffic irrespectiveof the val...

Страница 976: ...ction of the remark map applied to it and is then transmitted Example To configure a single rate meter measuring traffic of 10 Mbps that drops a sustained burst of traffic over this rate use the comma...

Страница 977: ...ackets classed as red will be discarded Parameter Description cir Specify the Committed Information Rate CIR 1 40000000 kbps pir Specify the Peak Information Rate PIR 1 40000000 kbps cbs Specify the C...

Страница 978: ...arameter of the policer So even if action is configured to drop red the remark map will be applied to green and yellow traffic So the action parameter only applies to red colored traffic If action is...

Страница 979: ...y Map Configuration mode to configure the specified policy map Use the no variant of this command to delete an existing policy map Syntax policy map name no policy map name Mode Global Configuration E...

Страница 980: ...You can then use the priority queue command to reset the selected queues to priority queuing Note that the emptying sequence for priority queuing is always highest queue number to lowest queue number...

Страница 981: ...ts Syntax remark map bandwidth class green yellow red to new dscp 0 63 new bandwidth class green yellow red no remark map bandwidth class green yellow red to new dscp 0 63 new bandwidth class green ye...

Страница 982: ...configure terminal awplus config policy map pmap1 awplus config pmap class cmap1 awplus config pmap c remark map bandwidth class green to new dscp 2 To reset the DSCP for all bandwidth classes use th...

Страница 983: ...ew cos internal external both Mode Policy Map Class Configuration Usage The default CoS to Queue mappings are shown in the following table The relationship between this command and the CoS to queue ma...

Страница 984: ...INPUT FROM THE XISTING O3 VALUE 7ITH THE REMARK NEW COS COMMAND SET TO INTERNAL OR BOTH THE QUEUE MAPPING TAKES ITS INPUT FROM THE VALUE SET BY THE COMMAND REMARK NEW COS OTE THAT ALTHOUGH THE O3 TO 1...

Страница 985: ...nterface association Syntax service policy input policy map no service policy input policy map Mode Interface Configuration Usage This command can be applied to switch ports or static channel groups b...

Страница 986: ...for classifying traffic Syntax show class map class map name Mode User Exec and Privileged Exec Example To display a QoS class map s match criteria for classifying traffic use the command awplus show...

Страница 987: ...erview Use this command to display whether QoS is enabled or disabled on the switch Syntax show mls qos Mode User Exec and Privileged Exec Example To display whether QoS is enabled or disabled use the...

Страница 988: ...the current settings for the interface This includes its default CoS and queue scheduling used for each queue and any policies maps that are attached Syntax show mls qos interface port Mode User Exec...

Страница 989: ...he counters are based on metering performed on the specified class map Therefore the Dropped Bytes counter is the number of bytes dropped due to metering This is different from packets dropped via a d...

Страница 990: ...ersion 5 4 7 0 x QOS COMMANDS SHOW MLS QOS INTERFACE POLICER COUNTERS This output shows a policer configured with remarking through action remark transmit so although bytes are marked as Red none are...

Страница 991: ...port s queue which will be a sum of all egress queues Syntax show mls qos interface port queue counters queue number Mode User Exec and Privileged Exec Example To show the counters for all queues on p...

Страница 992: ...SHOW MLS QOS INTERFACE QUEUE COUNTERS Port queue length Number of frames in the port s queue This will be the sum of all egress queues on the port Egress Queue length Number of frames in a specific eg...

Страница 993: ...er Exec and Privileged Exec Example To see the QSP status on port1 0 1 use the command awplus show mls qos interface port1 0 1 storm status Output Figure 30 6 Example output from the show mls qos inte...

Страница 994: ...current configuration of the cos queue map Syntax show mls qos maps cos queue Mode User Exec and Privileged Exec Example To display the current configuration of the cos queue map use the command awplu...

Страница 995: ...CP CoS and or bandwidth class of a packet matching the class map based on a lookup DSCP value Syntax show mls qos maps premark dscp 0 63 Mode User Exec and Privileged Exec Example To display the prema...

Страница 996: ...presents of the total available Syntax show platform classifier statistics utilization brief Mode Privileged Exec Example To display the platform classifier utilization statistics use the following co...

Страница 997: ...ws their associated class maps Syntax show policy map name Mode User Exec and Privileged Exec Example To display a listing of the policy maps configured on the switch use the command awplus show polic...

Страница 998: ...action portdisable vlandisable linkdown no storm action Mode Policy Map Class Configuration Examples To apply the storm protection of vlandisable to the policy map named pmap2 and the class map named...

Страница 999: ...0 seconds Syntax storm downtime 1 86400 no storm downtime Default 10 seconds Mode Policy Map Class Configuration Examples To re enable the port in 1 minute use the following commands awplus configure...

Страница 1000: ...ariant of this command disables Policy Based Storm Protection Syntax storm protection no storm protection Default By default storm protection is disabled Mode Policy Map Class Configuration Examples T...

Страница 1001: ...te Default No default Mode Policy Map Class Configuration Usage This setting is made in conjunction with the storm window command Examples To limit the data rate to 100Mbps use the following commands...

Страница 1002: ...default Mode Policy Map Class Configuration Usage This command should be set in conjunction with the storm rate command Examples To set the QSP window size to 5000 ms use the following commands awplus...

Страница 1003: ...ents of the packet existing either at ingress or applied by the class map will pass unchanged Syntax trust dscp no trust Mode Policy Map Configuration Because policy maps are applied to ports you can...

Страница 1004: ...able queues 0 1 2 3 4 5 6 7 no wrr queue disable queues 0 1 2 3 4 5 6 7 Mode Interface Configuration Examples To disable queue 1 from transmitting traffic use the commands awplus configure terminal aw...

Страница 1005: ...cified The minimum is 651Kb Syntax wrr queue egress rate limit bandwidth queues 0 1 2 3 4 5 6 7 no wrr queue egress rate limit bandwidth queues 0 1 2 3 4 5 6 7 Mode Interface Configuration Example To...

Страница 1006: ...hted round robin based scheduling to static aggregated interfaces for example awplus config interface sa2 Attempting to apply weighted round robin based scheduling on aggregated interfaces will displa...

Страница 1007: ...thentication on page 1010 debug dot1x on page 1011 dot1x control direction on page 1012 dot1x eap on page 1014 dot1x eapol version on page 1015 dot1x initialize interface on page 1017 dot1x initialize...

Страница 1008: ...C Command Reference for GS970M Series 1008 AlliedWare Plus Operating System Version 5 4 7 0 x 802 1X COMMANDS show dot1x supplicant on page 1041 show dot1x supplicant interface on page 1043 undebug d...

Страница 1009: ...efault list name no dot1x accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_acct on the vlan10 interface use t...

Страница 1010: ...1x authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_auth on the vlan10 interface use the commands awplus...

Страница 1011: ...aware that this is a very verbose output It is mostly useful to capture this as part of escalating an issue to ATI support Examples Use this command without any parameters to turn on normal 802 1X de...

Страница 1012: ...yntax dot1x control direction in both no dot1x control direction Default The authentication port direction is set to both by default Mode Interface Configuration for a static channel a dynamic LACP ch...

Страница 1013: ...CONTROL DIRECTION To set the port direction to the default both for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth prof...

Страница 1014: ...he commands awplus configure terminal awplus config dot1x eap forward To set the transmit mode of EAP packet to discard to discard EAP packets use the commands awplus configure terminal awplus config...

Страница 1015: ...Examples To set the EAPOL protocol version to 2 for port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x eapol version 2 To set the EAPOL prot...

Страница 1016: ...C Command Reference for GS970M Series 1016 AlliedWare Plus Operating System Version 5 4 7 0 x 802 1X COMMANDS DOT1X EAPOL VERSION Validation Commands auth profile Global Configuration show dot1x show...

Страница 1017: ...command awplus dot1x initialize interface port1 0 2 To unauthorize switch port1 0 1 and attempt reauthentication on switch port1 0 1 use the command awplus dot1x initialize interface port1 0 1 To unau...

Страница 1018: ...hiscommand Theattemptistriggered by the first packet from the supplicant trying to access the network resources Syntax dot1x initialize supplicant macadd username Mode Privileged Exec Example To initi...

Страница 1019: ...LACP channel group or a switch port Usage Use this command to enable key transmission over an Extensible Authentication Protocol EAP packet between the authenticator and supplicant Use the no variant...

Страница 1020: ...maximum number of login attempts for supplicants on an interface The supplicant is moved to the auth fail VLAN from the Guest VLAN after the number of failed login attempts using 802 1X authentication...

Страница 1021: ...al awplus config auth profile student awplus config auth profile dot1x max auth fail 1 To configure the maximum number of login attempts for a supplicant on authentication profile student to the defau...

Страница 1022: ...tication attempts after failure Examples To configure the maximum number of reauthentication attempts for interface port1 0 2 to a single 1 reauthentication request use the commands awplus configure t...

Страница 1023: ...eauthentication attempts for authentication profile student to the default maximum number of two 2 reauthentication attempts use the commands awplus configure terminal awplus config auth profile stude...

Страница 1024: ...rt controlis set to auto the 802 1X authentication feature is executed on the interface but only if the aaa authentication dot1x command has been issued Examples To enable port authentication on the i...

Страница 1025: ...minal awplus config auth profile student awplus config auth profile dot1x port control auto To enable port authentication force authorized on authentication profile student use the commands awplus con...

Страница 1026: ...ttempts to request an ID Examples To set the transmit timeout period to 5 seconds on interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if d...

Страница 1027: ...Command Reference for GS970M Series 1027 AlliedWare Plus Operating System Version 5 4 7 0 x 802 1X COMMANDS DOT1X TIMEOUT TX PERIOD Validation Commands auth profile Global Configuration show dot1x sh...

Страница 1028: ...ing and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging dot1x Mode User Exec and Privileged Exec Usage This is a sampl...

Страница 1029: ...how dot1x all Parameter Description all Displays all authentication information for each port available on the switch Table 1 Example output from the show dot1x all command awplus show dot1x all 802 1...

Страница 1030: ...d false KR rxKey false KT keyAvailable false keyTxEnabled false criticalState off dynamicVlanId 2 802 1X statistics for interface port1 0 6 EAPOL Frames Rx 5 EAPOL Frames Tx 16 EAPOL Start Frames Rx 0...

Страница 1031: ...S SHOW DOT1X authEaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 BackendResponses 2 BackendAccessChallenges 1 BackendO...

Страница 1032: ...figuration Guide Syntax show dot1x diagnostics interface interface list Mode Privileged Exec Example See the sample output below showing 802 1X authentication diagnostics for port1 0 5 awplus show dot...

Страница 1033: ...Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthenticating 1 authFailWhileAuthenti...

Страница 1034: ...saving command output see the Getting Started with AlliedWare_Plus Feature Overview and Configuration Guide Syntax show dot1x interface interface list diagnostics sessionstatistics statistics supplic...

Страница 1035: ...rized reAuthenticate disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 PAE connectTimeout 30 BE suppTimeout 30 serverTimeout 30 CD adminControlledDirections in KT keyTxEnabled f...

Страница 1036: ...EaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 BackendResponses 2 BackendAccessChallenges 1 BackendOtherrequestToSupp...

Страница 1037: ...status of the port for 802 1X control portStatus 802 1X status of the port authorized unauthorized reAuthenticate Reauthentication enabled disabled status on port reAuthPeriod Value holds meaning onl...

Страница 1038: ...nt CD Controlled Directions State machine adminControlledDi r ections Administrative value Both In operControlledDir e ctions Operational Value Both In KR Key receive state machine rxKey True when EAP...

Страница 1039: ...authentication session statistics for port1 0 6 awplus show dot1x sessionstatistics interface port1 0 6 Parameter Description interface Specify a port to show interface list The interfaces or ports t...

Страница 1040: ...x statistics interface port1 0 6 Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel...

Страница 1041: ...meter awplus show dot1x supplicant 00d0 59ab 7037 brief Parameter Description macadd MAC hardware address of the Supplicant brief Brief summary of the Supplicant state authenticationMethod dot1x total...

Страница 1042: ...icationMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 Interface VID Mode MAC...

Страница 1043: ...Configuration Guide Syntax show dot1x supplicant interface interface list brief Mode Privileged Exec Examples See sample output below showing the supplicant on the interface port1 0 6 awplus show dot1...

Страница 1044: ...cant address 0000 cd07 7b60 authenticationMethod 802 1X Two Step Authentication firstAuthentication Pass Method mac secondAuthentication Pass Method dot1x portStatus Authorized currentId 3 abort F fai...

Страница 1045: ...rface sa1 supplicant brief Interface sa1 authenticationMethod dot1x Two Step Authentication firstMethod mac secondMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupp...

Страница 1046: ...and Reference for GS970M Series 1046 AlliedWare Plus Operating System Version 5 4 7 0 x 802 1X COMMANDS UNDEBUG DOT1X undebug dot1x Overview This command applies the functionality of the no variant of...

Страница 1047: ...ynamic vlan creation on page 1053 auth guest vlan on page 1056 auth guest vlan forward on page 1059 auth host mode on page 1061 auth log on page 1063 auth max supplicant on page 1065 auth profile Glob...

Страница 1048: ...mode on page 1110 auth web server dhcp ipaddress on page 1111 auth web server dhcp lease on page 1112 auth web server dhcp wpad option on page 1113 auth web server host name on page 1114 auth web serv...

Страница 1049: ...ption Authentication Profile on page 1137 erase proxy autoconfig file on page 1138 erase web auth https file on page 1139 platform l3 vlan hashing algorithm on page 1140 platform mac vlan hashing algo...

Страница 1050: ...n feature enables assignment to a different VLAN if a supplicant fails authentication To enable the auth fail vlan feature with Web Authentication you need to set the Web Authentication Server virtual...

Страница 1051: ...lus configure terminal awplus config interface port1 0 2 awplus config if auth auth fail vlan 100 To disable the auth fail vlan feature for port1 0 2 use the following commands awplus configure termin...

Страница 1052: ...ode Examples To enable the critical port feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth critical To disable...

Страница 1053: ...ssigned to ports Dynamic VLANs may be associated with authenticated MAC addresses if the type parameter is applied with the rule parameter The rule parameter deals with the case where there are multip...

Страница 1054: ...VLAN ID assigned for the MAC Base VLAN is displayed using the show platform table vlan command To configure Dynamic Vlan with Web Authentication you need to set Web Authentication Server virtual IP ad...

Страница 1055: ...nable the Dynamic VLAN assignment feature on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile auth dynamic vlan c...

Страница 1056: ...f a port is in multi supplicant mode with per port dynamic VLAN configuration after the first successful authentication subsequent hosts cannot use the guest VLAN due to the change in VLAN ID This may...

Страница 1057: ...ands awplus configure terminal awplus config vlan database awplus config vlan vlan 100 awplus config vlan exit awplus config interface port1 0 2 awplus config if dot1x port control auto awplus config...

Страница 1058: ...mand Reference for GS970M Series 1058 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH GUEST VLAN auth guest vlan forward dot1x port control show dot1x show dot1x interf...

Страница 1059: ...ng is disabled by default Mode Interface Configuration mode for a specified switch port or Authentication Profile mode Usage Before using this command you must configure the guest VLAN with the auth g...

Страница 1060: ...th guest vlan forward 10 0 0 1 dns To enable the tcp forwarding port 137 on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config a...

Страница 1061: ...use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth host mode multi supplicant Parameter Description single host Single host mode In this mode...

Страница 1062: ...h host mode To set the host mode to multi supplicant on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile auth hos...

Страница 1063: ...ging of MAC authentication failures to the log file for supplicants client devices connected to interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0...

Страница 1064: ...gure the logging of web authentication failures to the log file for supplicants client devices connected to authentication profile student use the commands awplus configure terminal awplus config auth...

Страница 1065: ...rofile mode Examples To set the maximum number of supplicants to 10 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth...

Страница 1066: ...eference for GS970M Series 1066 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH MAX SUPPLICANT Related Commands auth profile Global Configuration show dot1x show dot1x...

Страница 1067: ...No port authentication profiles are created by default Mode Global Configuration Usage A port authentication profile is a configuration object that aggregates multiple port authentication commands The...

Страница 1068: ...s a authentication profile created using the auth profile Global Configuration command to a static channel a dynamic LACP channel group or a switch port You can only attach one profile to an interface...

Страница 1069: ...t or Authentication Profile mode Examples To enable reauthentication on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth...

Страница 1070: ...ace goes down so supplicants must reauthenticate Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port or Authentication Profile mode Usage Note that 802 1X p...

Страница 1071: ...nal awplus config auth profile student awplus config auth profile auth roaming disconnected To require supplicants using authentication profile student to reauthenticate when moving between ports if t...

Страница 1072: ...tion MAC authentication or Web authentication must be configured before using this feature The port that the supplicant is moving to must have the same authentication configuration as the port the sup...

Страница 1073: ...ing authentication for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth roaming enable Related Commands a...

Страница 1074: ...t entry in A B C D P format max reauth req The number of reauthentication attempts before becoming unauthorized 1 10 Count of reauthentication attempts default 2 port control Port control commands aut...

Страница 1075: ...nterface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth supplicant ip 192 168 10 0 24 To disable reauthentication for the supplicant s...

Страница 1076: ...ontaining a specific string mac addr mask The mask comprises a string of three period separated bytes where each byte comprises four hexadecimal characters that will generally be either 1or 0 When the...

Страница 1077: ...for port 1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth supplicant mac 0000 5E00 0000 mask ffff ff00 0000 port control force authorized To de...

Страница 1078: ...43 port control force authorized To delete the supplicant MAC address 0000 5E00 5343 for authentication profile student use the commands awplus configure terminal awplus config auth profile student aw...

Страница 1079: ...ant has the state connecting then the supplicant is deleted When auth web server session keep or auth two step enableis enabled we recommend you configure a longer connect timeout period Examples To s...

Страница 1080: ...TIMEOUT CONNECT TIMEOUT To reset the connect timeout period to the default 30 seconds for authentication profile student use the commands awplus configure terminal awplus config auth profile student a...

Страница 1081: ...0 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout quiet period 10 To reset the quiet period to the...

Страница 1082: ...a switch port or Authentication Profile mode Examples To set the reauthentication period to 1 day for interface port1 0 2 use the following commands awplus configure terminal awplus config interface p...

Страница 1083: ...970M Series 1083 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH TIMEOUT REAUTH PERIOD Related Commands auth profile Global Configuration auth reauthentication show dot...

Страница 1084: ...to 120 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout server timeout 120 To set the server timeout...

Страница 1085: ...ence for GS970M Series 1085 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH TIMEOUT SERVER TIMEOUT Related Commands auth profile Global Configuration show dot1x show do...

Страница 1086: ...r timeout to 2 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout supp timeout 2 To reset the server t...

Страница 1087: ...rence for GS970M Series 1087 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH TIMEOUT SUPP TIMEOUT Related Commands auth profile Global Configuration show dot1x show dot...

Страница 1088: ...security risk an unauthorized user can access the network with an authorized device or an authorized user can access the network with an unauthorized device Two step authentication solves this problem...

Страница 1089: ...ing commands awplus configure terminal awplus config interface port1 0 2 awplus config if switchport mode access awplus config if auth web enable awplus config if dot1x port control auto awplus config...

Страница 1090: ...s Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH TWO STEP ENABLE Relat ed Commands auth profile Global Configuration show auth two step supplicant brief show auth show auth interface...

Страница 1091: ...t list name no auth mac accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_acct on the vlan10 interface use the...

Страница 1092: ...uth mac authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_auth on the vlan10 interface use the commands aw...

Страница 1093: ...is enabled Note that re authentication is correct behavior without spanning tree edgeport enabled Applying switchport mode access on ports is also good practice to set the ports to access mode with in...

Страница 1094: ...CATION COMMANDS AUTH MAC ENABLE To disable MAC authentication on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile...

Страница 1095: ...ce Configuration for a static channel a dynamic LACP channel group or a switch port or Authentication Profile mode Examples To set the MAC Authentication method to pap on interface port1 0 2 use the f...

Страница 1096: ...CATION COMMANDS AUTH MAC METHOD To disable MAC authentication on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile...

Страница 1097: ...s particularly important if some MAC based supplicants on the network are intelligent devices such as computers and or you are using two step authentication see the Ensuring Authentication Methods Req...

Страница 1098: ...ntication re learning feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth mac reauth relearning To disable the r...

Страница 1099: ...s provided to allow other vendors AlliedWare and AlliedWare Plus switches to share the same format on the RADIUS server Example To configure the format of the MAC address in the username and password...

Страница 1100: ...list name no auth web accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_acct on the vlan10 interface use the c...

Страница 1101: ...th web authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_auth on the vlan10 interface use the commands awp...

Страница 1102: ...ng command and vice versa You need to configure an IPv4 address for the VLAN interface on which Web Authentication is running Examples To enable Web Authentication on static channel group 2 use the fo...

Страница 1103: ...CATION COMMANDS AUTH WEB ENABLE To disable Web authentication on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile...

Страница 1104: ...p address ip address prefix length dns tcp 1 65535 udp 1 65535 Or no auth web forward arp dhcp dns tcp 1 65535 udp 1 65535 Default Packet forwarding for port authentication is enabled by default for a...

Страница 1105: ...hport mode access awplus config if auth web enable awplus config if auth dynamic vlan creation awplus config if auth web forward 192 168 1 10 dns To disable the ARP forwarding feature on interface por...

Страница 1106: ...student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth web forward arp To delete the tcp forwarding port 137 on authentication profil...

Страница 1107: ...channel group or a switch port or Authentication Profile mode Examples To set the lock count to 5 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface p...

Страница 1108: ...S970M Series 1108 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH WEB MAX AUTH FAIL Related Commands auth profile Global Configuration auth timeout quiet period show au...

Страница 1109: ...ntication Profile mode Example To set the Web Authentication method to eap md5 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus conf...

Страница 1110: ...disable blocking mode for the Web Authentication server Syntax auth web server blocking mode no auth web server blocking mode Default By default blocking mode is disabled for the Web Authentication se...

Страница 1111: ...ication Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancements working together You ca...

Страница 1112: ...See the AAA and Port Authentication Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhance...

Страница 1113: ...ed to use WPAD the supplicant s web browser will use TCP port 80 as usual Therefore the packet can be intercepted by Web Authentication as normal and the Web Authentication Login page can be sent Howe...

Страница 1114: ...TTPS protocol the web browser will validate the certificate If the certificate is invalid the web page gives a warning message before displaying server content However the web page will not give warni...

Страница 1115: ...port number In this case Web Authentication cannot intercept the connection To overcome this limitation you can use this command to tell the switch which additional port it should intercept and then...

Страница 1116: ...h web server ipaddress ip address no auth web server ipaddress Default The Web Authentication server address on the system is not set by default Mode Global Configuration Examples To set the IP addres...

Страница 1117: ...English by default Mode Global Configuration Examples To set Japanese as the presentation language of Web authentication pages use the following commands awplus configure terminal awplus config auth...

Страница 1118: ...Configuration Guide for details Use the no variant of this command to delete the URL Syntax auth web server login url URL no auth web server login url Default The built in login page is set by default...

Страница 1119: ...and Port Authentication Feature Overview and Configuration Guide Syntax auth web server page logo auto default hidden no auth web server page logo Default Logo type is auto by default Mode Global Conf...

Страница 1120: ...re Overview and Configuration Guide Syntax auth web server page sub title hidden text sub title no auth web server page sub title Default Allied Telesis is displayed by default Mode Global Configurati...

Страница 1121: ...and Port Authentication Feature Overview and Configuration Guide Syntax auth web server page success message text success message no auth web server page success message Default No success message is...

Страница 1122: ...e Syntax auth web server page title hidden text title no auth web server page title Default Web Access Authentication Gateway is displayed by default Mode Global Configuration Examples To set the cust...

Страница 1123: ...A and Port Authentication Feature Overview and Configuration Guide Syntax auth web server page welcome message text welcome message no auth web server page welcome message Default No welcome message i...

Страница 1124: ...enticated by Web Authentication Syntax auth web server ping poll enable no auth web server ping poll enable Default The ping polling feature for Web Authentication is disabled by default Mode Global C...

Страница 1125: ...Use the no variant of this command to resets the fail count for the ping polling feature to the default 5 pings Syntax auth web server ping poll failcount 1 100 no auth web server ping poll failcount...

Страница 1126: ...ing polling 30 seconds Syntax auth web server ping poll interval 1 65535 no auth web server ping poll interval Default The interval for ping polling is 30 seconds by default Mode Global Configuration...

Страница 1127: ...no variant of this command to reset the reauth timer refresh parameter to the default setting disabled Syntax auth web server ping poll reauth timer refresh no auth web server ping poll reauth timer...

Страница 1128: ...reset the timeout of ping polling to the default 1 second Syntax auth web server ping poll timeout 1 30 no auth web server ping poll timeout Default The default timeout for ping polling is 1 second M...

Страница 1129: ...Authentication server HTTP port number is set to 80 by default Mode Global Configuration Examples To set the HTTP port number 8080 for the Web Authentication server use the following commands awplus...

Страница 1130: ...irect delay time Default The default redirect delay time is 5 seconds Mode Global Configuration Examples To set the delay time to 60 seconds for the Web Authentication server use the following command...

Страница 1131: ...ntax auth web server redirect url url no auth web server redirect url Default The redirect URL for the Web Authentication server feature is not set by default null Mode Global Configuration Examples T...

Страница 1132: ...is disabled by default Mode Global Configuration Usage This function doesn t ensure to keep session information in all cases Authenticated supplicant may be redirected to unexpected page when session...

Страница 1133: ...yntax auth web server ssl no auth web server ssl Default HTTPS functionality for the Web Authentication server feature is disabled by default Mode Global Configuration Examples To enable HTTPS functio...

Страница 1134: ...variant of this command to delete registered port number Syntax auth web server ssl intercept port 1 65535 no auth web server ssl intercept port 1 65535 Default 443 TCP is registered by default Mode G...

Страница 1135: ...to configuration PAC file to your switch The Web Authentication supplicant can get the downloaded file from the system web server Syntax copy filename proxy autoconfig file Mode Privileged Exec Exampl...

Страница 1136: ...be in PEM Privacy Enhanced Mail format and contain the private key and the server certificate Syntax copy filename web auth https file Mode Privileged Exec Example To download the server certificate...

Страница 1137: ...ault No description configured by default Mode Authentication Profile Example To add a description to the authentication profile student use the following commands awplus configure terminal awplus con...

Страница 1138: ...Y AUTOCONFIG FILE erase proxy autoconfig file Overview Use this command to remove the proxy auto configuration file Syntax erase proxy autoconfig file Mode Privileged Exec Example To remove the proxy...

Страница 1139: ...auth https file Overview Use this command to remove the SSL server certificate for web based authentication Syntax erase web auth https file Mode Privileged Exec Example To remove the SSL server certi...

Страница 1140: ...ore than four different IP addresses produce the same hash key When this situation occurs collisions can sometimes be avoided by changing the hashing algorithm from its default of crc32l Several diffe...

Страница 1141: ...more than four different MAC addresses produce the same hash key When this situation occurs collisions can sometimes be avoided by changing the hashing algorithm from its default of crc32l Several di...

Страница 1142: ...namic or LACP channel group or a switch port awplus show auth all 802 1X Port Based Authentication Enabled MAC based Port Authentication Disabled WEB based Port Authentication Enabled RADIUS server ad...

Страница 1143: ...authenticationMethod WEB based Authentication Two Step Authentication firstAuthentication Pass Method dot1x secondAuthentication Pass Method web portStatus Authorized currentId 3 abort F fail F start...

Страница 1144: ...face list Mode Privileged Exec Example To display authentication diagnostics for port1 0 6 enter the command awplus show auth diagnostics interface port1 0 6 Parameter Description interface Specify po...

Страница 1145: ...r interface port1 0 6 Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthenticating 1...

Страница 1146: ...nterface interface list diagnostics sessionstatistics statistics supplicant brief Mode Privileged Exec Example To display the Web based authentication status for port1 0 6 enter the command awplus sho...

Страница 1147: ...t1 0 1 Authentication Info for interface port1 0 1 portEnabled true portControl Auto portStatus Authorized reAuthenticate disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 BE su...

Страница 1148: ...ionstatistics show dot1x statistics interface show dot1x supplicant interface Authentication Diagnostics for interface port1 0 6 Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWh...

Страница 1149: ...2 3 Example output from the show auth sessionstatistics command Parameter Description interface Specify ports to show interface list The interfaces or ports to configure An interface list can be an in...

Страница 1150: ...play Web Authentication statistics for port1 0 4 enter the command awplus show auth statistics interface port1 0 4 Related Commands show dot1x interface Parameter Description interface list The interf...

Страница 1151: ...nt To display authenticated supplicant information for device with MAC address 0000 5E00 5301 enter the command awplus show auth supplicant 0000 5E00 5301 Output Figure 32 4 Example output from show a...

Страница 1152: ...l F start F timeout F success T PAE state Authenticated portMode Auto PAE reAuthCount 0 rxRespId 0 PAE quietPeriod 60 maxReauthReq 2 BE state Idle reqCount 0 idFromServer 0 CD adminControlledDirection...

Страница 1153: ...lliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS SHOW AUTH SUPPLICANT Related Commands aaa accounting auth mac aaa accounting auth web aaa accounting dot1x aaa authentication...

Страница 1154: ...uthenticated supplicant on the interface port1 0 3 enter the command awplus show auth supplicant interface port1 0 3 To display brief summary output for the authenticated supplicant enter the command...

Страница 1155: ...step supplicant interface port1 0 6 brief Output Figure 32 7 Example output from show auth two step supplicant brief Related Commands auth two step enable Parameter Description interface The interface...

Страница 1156: ...2 8 Example output from the show auth web server command Related Commands auth web server ipaddress auth web server port auth web server redirect delay time auth web server redirect url auth web serve...

Страница 1157: ...how the web authentication page information use the command awplus show auth web server page Figure 32 9 Example output from the show auth web server page command Related Commands auth web forward aut...

Страница 1158: ...e Syntax show proxy autoconfig file Mode Privileged Exec Example To display the contents of the proxy auto configuration PAC file enter the command awplus show auth proxy autoconfig file Output Figure...

Страница 1159: ...e 1165 aaa accounting dot1x on page 1167 aaa accounting login on page 1169 aaa accounting update on page 1172 aaa authentication auth mac on page 1174 aaa authentication auth web on page 1176 aaa auth...

Страница 1160: ...page 1197 login authentication on page 1198 proxy port on page 1199 radius secure proxy aaa on page 1200 server radsecproxy aaa on page 1201 server mutual authentication on page 1203 server name chec...

Страница 1161: ...ly none group group name radius no aaa accounting auth mac default list name Default RADIUS accounting for MAC based Authentication is disabled by default Mode Global Configuration Usage This command...

Страница 1162: ...DIUS servers use the commands awplus configure terminal awplus config aaa accounting auth mac default start stop group radius To disable RADIUS accounting for MAC based Authentication use the commands...

Страница 1163: ...ly none group group name radius no aaa accounting auth web default list name Default RADIUS accounting for Web based authentication is disabled by default Mode Global Configuration Usage This command...

Страница 1164: ...ervers use the commands awplus configure terminal awplus config aaa accounting auth web default start stop group radius To disable the default RADIUS accounting method for Web based authentication use...

Страница 1165: ...led by default Mode Global Configuration Usage This command only supports a default method list this means that it is applied to every console and VTY line The stop only parameter indicates that the c...

Страница 1166: ...privilege levels 1 7 and 15 use the following commands awplus configure terminal awplus config aaa accounting commands 1 default stop only group tacacs awplus config aaa accounting commands 7 default...

Страница 1167: ...me start stop stop only none group group name radius no aaa accounting dot1x default list name Default RADIUS accounting for 802 1X based authentication is disabled by default there is no default serv...

Страница 1168: ...and use all available RADIUS Servers use the commands awplus configure terminal awplus config aaa accounting dot1x default start stop group radius To disable RADIUS accounting for 802 1X based authent...

Страница 1169: ...accounting method list for login shell sessions configured by an aaa accounting login command If the method list being deleted is already applied to a console or VTY line accounting on that line will...

Страница 1170: ...p name use the specified RADIUS server group configured with the aaa group server command There is one way to define servers where TACACS accounting messages are sent group tacacs use all TACACS serve...

Страница 1171: ...1171 AlliedWare Plus Operating System Version 5 4 7 0 x AAA COMMANDS AAA ACCOUNTING LOGIN Related Commands aaa accounting commands aaa authentication login aaa accounting login aaa accounting update...

Страница 1172: ...ode Global Configuration Usage Use this command to enable the device to send periodic AAA login accounting reports to the accounting server When periodic accounting report is enabled interim accountin...

Страница 1173: ...AAA COMMANDS AAA ACCOUNTING UPDATE To disable periodic accounting update wherever accounting has been configured use the following commands awplus configure terminal awplus config no aaa accounting up...

Страница 1174: ...sed Port Authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a named authentication method list...

Страница 1175: ...commands awplus configure terminal awplus config no aaa authentication auth mac default To enable MAC based authentication for named list vlan10_auth with RADIUS server group rad_group_vlan10 use the...

Страница 1176: ...web default list name Default Web based authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a n...

Страница 1177: ...tication use the commands awplus configure terminal awplus config no aaa authentication auth web default To enable Web based authentication for named list vlan10_auth with RADIUS server group rad_grou...

Страница 1178: ...ation is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a named authentication method list default the defau...

Страница 1179: ...d authentication for named list vlan10_auth with RADIUS server group rad_group_vlan10 use the commands awplus configure terminal awplus config aaa authentication dot1x vlan10_auth group rad_group_vlan...

Страница 1180: ...ified privilege level is equal to or less than the users maximum privilege level then they are granted access to that level If the user attempts to access a privilege level that is higher than their m...

Страница 1181: ...LI Examples To enable a privilege level authentication method that will not allow the user to access Privileged Exec mode if the TACACS server goes offline or is not reachable during enable password a...

Страница 1182: ...tion Usage The privilege level configured for a particular user in the local user database is the privilege threshold above which the user is prompted for an enable Privileged Exec mode command Exampl...

Страница 1183: ...e default method list This will return the default method list to its default state local is the default Syntax aaa authentication login default list name local group radius tacacs group name no aaa a...

Страница 1184: ...for user login to first use all available RADIUS servers for user login authentication and then use the local user database use the following commands awplus configure terminal awplus config aaa auth...

Страница 1185: ...sent to the first available configured TACACS server the first server configured for authorization Parameter Description privilege level The privilege level of the set of commands the method list will...

Страница 1186: ...fallback is not configured and all servers become unreachable then all commands except logout exit and quit will be denied The default method list is defined with a local fallback unless configured d...

Страница 1187: ...ion Usage If authorization of configuration mode commands is not enabled then all configuration commands are accepted by default including command authorization commands NOTE Authorization of configur...

Страница 1188: ...bal Configuration Usage Use this command to create an AAA group of RADIUS servers and to enter Server Group Configurationmode inwhich you canadd servers to thegroup Use a server groupto specify a subs...

Страница 1189: ...x AAA COMMANDS AAA GROUP SERVER Related Commands aaa accounting auth mac aaa accounting auth web aaa accounting dot1x aaa accounting login aaa authentication auth mac aaa authentication auth web aaa...

Страница 1190: ...iguration Default The default for the lockout time is 300 seconds 5 minutes Usage While locked out all attempts to login with the locked account will fail The lockout can be manually cleared by anothe...

Страница 1191: ...ed login counter reaches the limit configured by this command that user account is locked out for a specified duration configured by the aaa local authentication attempts lockout time command When a s...

Страница 1192: ...the console SSH and Telnet Use the novariantof this commandtoresetthe minimumtimeperiod to itsdefault value Syntax aaa login fail delay 1 10 no aaa login fail delay 1 10 Default 1 second Mode Global c...

Страница 1193: ...e login default login accounting is applied after issuing the no accounting login command Accounting is disabled with default Syntax accounting login default list name no accounting login Default By d...

Страница 1194: ...od list with privilege level 15 to VTY lines 0 to 5 use the following commands awplus configure terminal awplus config line vty 0 5 awplus config line authorization commands 15 TAC15 To reset the comm...

Страница 1195: ...and Reference for GS970M Series 1195 AlliedWare Plus Operating System Version 5 4 7 0 x AAA COMMANDS AUTHORIZATION COMMANDS aaa authorization config commands tacacs server host Command changes Version...

Страница 1196: ...ear aaa local user lockout username username all Mode Privileged Exec Examples To unlock the user account bob use the following command awplus clear aaa local user lockout username bob To unlock all u...

Страница 1197: ...accounting all authentication authorization Default AAA debugging is disabled by default Mode Privileged Exec Examples To enable authentication debugging for AAA use the command awplus debug aaa authe...

Страница 1198: ...ion Default The default login authentication method list as specified by the aaa authentication login command is used to authenticate user login If this has not been specified the default is to use th...

Страница 1199: ...o proxy port Default The default port is 1645 Mode RadSecProxy AAA Configuration Mode Usage It is not necessary to change the value from the default unless UDP port 1645 is required for another purpos...

Страница 1200: ...figuration mode This application allows local RADIUS based clients on system to communicate with remote RadSec servers via a secure TLS proxy Syntax radius secure proxy aaa Mode Global Configuration M...

Страница 1201: ...ut value for RADIUS servers will be used The global timeout may be changed using the radius server timeout command The default global timeout is 5 seconds Each server may be configured to use certific...

Страница 1202: ...ERVER RADSECPROXY AAA Example To add a server which waits 3 seconds before receiving replies use the commands awplus configure terminal awplus config radius secure proxy aaa awplus config radsecproxy...

Страница 1203: ...sing the RadSecProxy AAA application to not transmit a certificate to the server NOTE Ifmutualauthenticationisdisabledontheclient AAA applicationbutenabled on the server a connection will not be estab...

Страница 1204: ...subject field of the client s X 509 certificate must match the domain name or IP address specified in the server radsecproxy aaa command Use the no variant of this command to set the global behavior f...

Страница 1205: ...server must have an issuer chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the tru...

Страница 1206: ...C613 50163 01 Rev C Command Reference for GS970M Series 1206 AlliedWare Plus Operating System Version 5 4 7 0 x AAA COMMANDS SERVER TRUSTPOINT server radsecproxy aaa server name check...

Страница 1207: ...ocked account successfully logs into the system after waiting for the lockout time this command will display nothing for that particular account Syntax show aaa local user locked Mode User Exec and Pr...

Страница 1208: ...aaa accounting auth mac aaa authentication auth web aaa authentication dot1x awplus show aaa server group User List Name Method Acct Event login auth default local login acct dot1x auth default radius...

Страница 1209: ...displays the current debugging status for AAA Authentication Authorization Accounting Syntax show debugging aaa Mode User Exec and Privileged Exec Example To display the current debugging status of AA...

Страница 1210: ...er groups use the command awplus show radius server group To display a information for a RADIUS server group named rad_group_list1 use the command awplus show radius server group rad_group_list1 Outpu...

Страница 1211: ...DIUS SERVER GROUP Figure 33 5 Example output from show radius server group rad_group_list1 Related Commands aaa group server awplus show radius server group rad_group_list1 RADIUS Group Configuration...

Страница 1212: ...1 Rev C Command Reference for GS970M Series 1212 AlliedWare Plus Operating System Version 5 4 7 0 x AAA COMMANDS UNDEBUG AAA undebug aaa Overview This command applies the functionality of the no debug...

Страница 1213: ...entifier on page 1214 auth radius send service type on page 1215 deadtime RADIUS server group on page 1216 debug radius on page 1217 ip radius source interface on page 1218 radius server deadtime on p...

Страница 1214: ...entifierof NASID100 as the NAS Identifier attribute use the commands awplus configure terminal awplus config auth radius send nas identifier NASID100 To use the VLAN ID as the NAS Identifier attribute...

Страница 1215: ...n requests The Service Type attribute has a value of Framed 2 for 802 1x Call Check 10 for MAC authentication Unbound 5 for Web authentication Use the no variant of this command to stop including the...

Страница 1216: ...RADIUS server is set to 0 minutes by default Syntax deadtime 0 1440 no deadtime Default The deadtime is set to 0 minutes by default Mode Server Group Configuration Usage If the RADIUS server does not...

Страница 1217: ...all Default RADIUS debugging is disabled by default Mode Privileged Exec Examples To enable debugging for RADIUS packets use the command awplus debug radius packet To enable debugging for RADIUS even...

Страница 1218: ...ce interface interface ip address no ip radius source interface Default Source IP address of outgoing RADIUS packets depends on the interface the packets leave Mode Global Configuration Examples To co...

Страница 1219: ...S deadtime configured on the system is 0 seconds Mode Global Configuration Usage The RADIUS client considers a RADIUS server to be dead if it fails to respond to a request after it has been retransmit...

Страница 1220: ...0 65535 auth port 0 65535 key key string retransmit 0 100 timeout 1 1000 no radius server host host name ip address acct port 0 65535 auth port 0 65535 Parameter Description host name Server host name...

Страница 1221: ...The time interval in seconds to wait for the RADIUS server to reply before retransmitting a request or considering the server dead This setting overrides the global value set by the radius server time...

Страница 1222: ...er 10 0 0 20 use the following commands awplus configure terminal awplus config no radius server host 10 0 0 20 To configure rad1 company com for authentication only use the following commands awplus...

Страница 1223: ...t key shared between this client and its RADIUS servers If no secret key is specified for a particular RADIUS server using the radius server host c ommand this global key is used After enabling AAA au...

Страница 1224: ...ault RADIUS retransmit count on the device is 3 Mode Global Configuration Examples To set the RADIUS retransmit count to 1 use the following commands awplus configure terminal awplus config radius ser...

Страница 1225: ...C Command Reference for GS970M Series 1225 AlliedWare Plus Operating System Version 5 4 7 0 x RADIUS COMMANDS RADIUS SERVER RETRANSMIT Related Commands radius server deadtime radius server host show...

Страница 1226: ...is 5 seconds Mode Global Configuration Examples To globally set the device to wait 20 seconds before retransmitting a RADIUS request to unresponsive RADIUS servers use the following commands awplus co...

Страница 1227: ...0 x RADIUS COMMANDS RADIUS SERVER TIMEOUT To reset the global timeout period for RADIUS servers to the default use the following command awplus configure terminal awplus config no radius server timeou...

Страница 1228: ...on port for accounting requests to the server To disable accounting for the server set acct port to 0 If the accounting port is missing the default port number is 1812 Use the no variant of this comma...

Страница 1229: ...minal awplus config aaa group server radius RAD_AUTH1 awplus config sg server 192 168 1 1 acct port 0 awplus config sg server 192 168 2 1 auth port 1000 acct port 0 To create a RADIUS server group RAD...

Страница 1230: ...displays the current debugging status for the RADIUS servers Syntax show debugging radius Mode User Exec and Privileged Exec Example To display the current debugging status of RADIUS servers use the c...

Страница 1231: ...he show radius command showing RADIUS servers Example See the sample output below showing RADIUS client status and RADIUS configuration awplus show radius RADIUS Global Configuration Source Interface...

Страница 1232: ...e Interface The interface name or IP address to be used for the source address of all outgoing RADIUS packets Secret Key A shared secret key to a radius server Timeout A time interval in seconds Retra...

Страница 1233: ...as been dead for Alive The server is alive Error The server is not responding Dead The server is detected as dead and it will not be used for deadtime period The time displayed in the output shows the...

Страница 1234: ...vileged Exec Example See the sample output below showing RADIUS client statistics and RADIUS configuration awplus show radius statistics Output Figure 34 4 Example output from the show radius statisti...

Страница 1235: ...C Command Reference for GS970M Series 1235 AlliedWare Plus Operating System Version 5 4 7 0 x RADIUS COMMANDS UNDEBUG RADIUS undebug radius Overview This command applies the functionality of the no de...

Страница 1236: ...l authentication on page 1244 client name check on page 1245 client trustpoint on page 1246 clear radius local server statistics on page 1247 copy fdb radius users to file on page 1248 copy local radi...

Страница 1237: ...page 1268 server enable on page 1269 show crypto pki certificates deleted on page 1270 show crypto pki certificates local radius all users deleted on page 1271 show crypto pki certificates user delete...

Страница 1238: ...r group If the specified attribute is already defined then it is replaced with the new value Use the no variant of this command to delete an attribute from the local RADIUS server user group Syntax at...

Страница 1239: ...mes use the following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute help A list of Vendor specific Attribut...

Страница 1240: ...e following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute Service Type 6 To delete the attribute Service Ty...

Страница 1241: ...enabled by default Mode RADIUS Server Configuration Examples The following commands enable EAP MD5 authentication methods on the local RADIUS server awplus configure terminal awplus config radius ser...

Страница 1242: ...he global behavior defined by client name check or no client name check will be used If name checking is enabled the Common Name portion of the subject field of the client s X 509 certificate must mat...

Страница 1243: ...163 01 Rev C Command Reference for GS970M Series 1243 AlliedWare Plus Operating System Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS CLIENT RADSECPROXY SRV client trustpoint radius secure proxy local...

Страница 1244: ...tual certificate validation The local server application will still transmit the local server certificate to the client but will not expect or validate a certificate from the client Syntax client mutu...

Страница 1245: ...ion of the subject field of the client s X 509 certificate must match the domain name or IP address specified in the client radsecproxy aaa command Use the no variant of this command to set the global...

Страница 1246: ...with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the trustpoint list will be unchanged If no client trus...

Страница 1247: ...lears the number of successful and failed logins for each local RADIUS server user Examples To clear the NAS Network Access Server statistics stored on the device use the command awplus clear radius l...

Страница 1248: ...sers created use a MAC address which can be used for MAC authentication Parameter Description local radius user db Copy the local RADIUS server users created to the local RADIUS server flash Copy the...

Страница 1249: ...ADIUS server use the command awplus copy fdb radius users local radius user db To register the local RADIUS server users from the interface port1 0 1 to the local RADIUS server use the command awplus...

Страница 1250: ...cal RADIUS server user database before copying the contents of specified file Syntax copy source url local radius user db add replace Default When no copy method is specified with this command the rep...

Страница 1251: ...rated Values format Syntax copy local radius user db flash nvs card tftp scp destination url Mode Privileged Exec Example Copy the current local RADIUS server user data to http datahost user csv awplu...

Страница 1252: ...L RADIUS SERVER COMMANDS CRYPTO PKI ENROLL LOCAL DELETED crypto pki enroll local deleted Overview This command is no longer available Please use the following command instead crypto pki enroll trustpo...

Страница 1253: ...ENROLL LOCAL LOCAL RADIUS ALL USERS DELETED crypto pki enroll local local radius all users deleted Overview This command is no longer available Please use the following command instead crypto pki enr...

Страница 1254: ...VER COMMANDS CRYPTO PKI ENROLL LOCAL USER DELETED crypto pki enroll local user deleted Overview This command is no longer available Please use the following command instead crypto pki enroll trustpoin...

Страница 1255: ...MANDS CRYPTO PKI EXPORT LOCAL PEM DELETED crypto pki export local pem deleted Overview This command is no longer available Please use the crypto pki export pem command instead crypto pki export trustp...

Страница 1256: ...O PKI EXPORT LOCAL PKCS12 DELETED crypto pki export local pkcs12 deleted Overview This command is no longer available Please use the crypto pki export pkcs12 command instead crypto pki export trustpoi...

Страница 1257: ...US SERVER COMMANDS CRYPTO PKI TRUSTPOINT LOCAL DELETED crypto pki trustpoint local deleted Overview This command is no longer available Please use the following command instead crypto pki trustpoint t...

Страница 1258: ...C Command Reference for GS970M Series 1258 AlliedWare Plus Operating System Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS DEBUG CRYPTO PKI DELETED debug crypto pki deleted Overview This command is no...

Страница 1259: ...uration Usage When both domain styles are enabled the first domain style configured has the highest priority A username login string is matched against the first domain style enabled Then if the usern...

Страница 1260: ...d command or the egress vlan name command and specify the tagged parameter Examples To set the Egress VLANID attribute for the NormalUsers local RADIUS server user group to VLAN identifier 200 with ta...

Страница 1261: ...01 Rev C Command Reference for GS970M Series 1261 AlliedWare Plus Operating System Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS EGRESS VLAN ID Related Commands attribute egress vlan name switchport...

Страница 1262: ...the egress vlan id command or the egress vlan name command and specify the tagged parameter Examples To configure the Egress VLAN Name attribute for the RADIUS server user group NormalUsers with the V...

Страница 1263: ...01 Rev C Command Reference for GS970M Series 1263 AlliedWare Plus Operating System Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS EGRESS VLAN NAME Related Commands attribute egress vlan id switchport...

Страница 1264: ...roup Syntax group user group name no group user group name Mode RADIUS Server Configuration Examples The following command creates the user group NormalUsers awplus configure terminal awplus config ra...

Страница 1265: ...p address key nas keystring no nas ip address Mode RADIUS Server Configuration Examples The following commands add the NAS with an IP address of 192 168 1 2 to the list of clients that may send authen...

Страница 1266: ...ion mode This application allows remote RadSec clients to communicate with the local RADIUS server process via a secure TLS proxy Syntax radius secure proxy local server Mode Global Configuration Mode...

Страница 1267: ...tion Example Local RADIUS Server commands are available from config radsrv configuration mode To change mode from User Exec mode to the Local RADIUS Server mode config radsrv use the commands awplus c...

Страница 1268: ...ort Default The default local RADIUS server UDP authentication port number is 1812 Mode RADIUS Server Configuration Examples The following commands set the RADIUS server authentication port to 10000 a...

Страница 1269: ...he local RADIUS server stops operating Syntax server enable no server enable Default The local RADIUS server is disabled by default and must be enabled for use with this command Mode RADIUS Server Con...

Страница 1270: ...ersion 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES DELETED show crypto pki certificates deleted Overview This command is no longer available Please use the following command in...

Страница 1271: ...n 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES LOCAL RADIUS ALL USERS DELETED show crypto pki certificates local radius all users deleted Overview This command is no longeravail...

Страница 1272: ...ting System Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES USER DELETED show crypto pki certificates user deleted Overview This command is no longeravailablebecause userce...

Страница 1273: ...Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI TRUSTPOINTS DELETED show crypto pki trustpoints deleted Overview This command is no longer available Please use the following command in...

Страница 1274: ...figuration Guide Syntax show radius local server group user group name Mode User Exec and Privileged Exec Example The following command displays Local RADIUS server user group information awplus show...

Страница 1275: ...eature Overview and Configuration Guide Syntax show radius local server nas ip address Mode User Exec and Privileged Exec Example The following command displays NAS information awplus show radius loca...

Страница 1276: ...command displays Local RADIUS server statistics awplus show radius local server statistics Output Related Commands clear radius local server statistics radius server local server enable server auth p...

Страница 1277: ...US server user information for user Tom awplus show radius local server user Tom The following command displays all Local RADIUS server information for all users awplus show radius local server user T...

Страница 1278: ...L RADIUS SERVER COMMANDS SHOW RADIUS LOCAL SERVER USER Related Commands group user RADIUS server Table 8 Parameters in the output from the show radius local server user command Parameter Description U...

Страница 1279: ...pplicant MAC address to configure the user name and user password parameters to use local RADIUS server for MAC Authentication See the AAA and Port_Authentication Feature Overview and Configuration_Gu...

Страница 1280: ...onfigure terminal awplus config radius server local awplus config radsrv user Tom password QwerSD group NormalUsers The following commands remove user Tom from the local RADIUS server awplus configure...

Страница 1281: ...p Syntax vlan vid vlan name no vlan Default VLAN information is not set by default Mode RADIUS Server Group Configuration Examples The following commands set VLAN ID 200 to the group named NormalUsers...

Страница 1282: ...1284 crypto pki authenticate on page 1285 crypto pki enroll on page 1286 crypto pki enroll user on page 1287 crypto pki export pem on page 1289 crypto pki export pkcs12 on page 1290 crypto pki import...

Страница 1283: ...bit lengths are more secure but require more computation time The specified key must not already exist Example To create a key with the label example server key and a bit length of 2048 use the comma...

Страница 1284: ...with zeros The specified key must exist but must not be in use for any existing server certificates A key may not be deleted if it is associated with the server certificate or server certificate signi...

Страница 1285: ...ollment setting is terminal then this command prompts the user to paste a certificate Privacy Enhanced Mail PEM file at the CLI terminal If the certificate is a valid selfsigned CA certificate then it...

Страница 1286: ...is command results in the direct generation of the server certificate signed by the root CA for the trustpoint If the trustpoint represents an external certificate authority then this command results...

Страница 1287: ...DIUS server The specified trustpoint must represent a locally self signed certificate authority The private key and certificate are packaged into a PKCS 12 formatted file suitable for export using the...

Страница 1288: ...rsion 5 4 7 0 x PUBLIC KEY INFRASTRUCTURE COMMANDS CRYPTO PKI ENROLL USER To enroll all local RADIUS users with the trustpoint example use the following commands awplus enable awplus crypto pki enroll...

Страница 1289: ...ged Exec Usage The specified trustpoint must already exist and it must already be authenticated Example To display the PEM file for the trustpoint example to the terminal use the following commands aw...

Страница 1290: ...e server certificate and thecorrespondingprivatekey iftheserverhasbeen enrolledtothetrustpoint The command prompts for a passphrase to encrypt the private key If a RADIUS username is specified this co...

Страница 1291: ...TURE COMMANDS CRYPTO PKI EXPORT PKCS12 Example To export the PKCS 12 file example pk12 for the trustpoint example to the URL tftp backup use the following commands awplus enable awplus crypto pki expo...

Страница 1292: ...sure they are proper CA certificates and that the issuer chain ends in a root CA certificate already installed for the trustpoint If there is no root CA certificate for the trustpoint i e if the trust...

Страница 1293: ...C KEY INFRASTRUCTURE COMMANDS CRYPTO PKI IMPORT PEM To import the PEM file for the trustpoint example from the URL tftp server_a use the following commands awplus enable awplus crypto pki import examp...

Страница 1294: ...where N is a non negative integer This operation is only valid if the server certificate does not already exist for the trustpoint i e if the server is not enrolled to the trustpoint PKCS 12 files for...

Страница 1295: ...icate the trustpoint as a local self signed certificate authority The no variant of this command destroys the trustpoint by removing all CA and server certificates associated with the trustpoint as we...

Страница 1296: ...the root CA certificate Privacy Enhanced Mail PEM file at the terminal when the crypto pki authenticate command is issued It will create a Certificate Signing Request CSR file for the local server wh...

Страница 1297: ...tch any pre accepted value then the user will be prompted to verify the certificate contents and fingerprint visually This command is useful when certificates from an external certificate authority ar...

Страница 1298: ...50163 01 Rev C Command Reference for GS970M Series 1298 AlliedWare Plus Operating System Version 5 4 7 0 x PUBLIC KEY INFRASTRUCTURE COMMANDS FINGERPRINT TRUSTPOINT CONFIGURATION MODE crypto pki impor...

Страница 1299: ...ned by the specified certificate the command will be rejected If the specified certificate is the root CA certificate and the trustpoint represents a locally selfsigned CA then the corresponding priva...

Страница 1300: ...request The optional numeric parameter defines the bit length for the key and is only applicable for keys that are implicitly created during enrollment This command does not affect server certificates...

Страница 1301: ...gerprint a hash of the key contents to help uniquely identify a key and a list of trustpoints in which the server certificate is using the key The specified keys must exist Example To show all keys us...

Страница 1302: ...s with the server certificate and then displays its issuer and continues up the issuer chain until the root CA certificate is reached For each certificate the command displays the certificate type the...

Страница 1303: ...CN local loc lc Issuer C NZ CN local_Signing_CA Valid From Nov 11 15 35 21 2015 GMT Valid To Aug 31 15 35 21 2018 GMT Fingerprint 5A81D34C 759CC4DA CFCA9F65 0303AD83 410B03AF Intermediate CA certific...

Страница 1304: ...trustpoints using the crypto pki export pkcs12 command Syntax crypto pki enrollment user username Mode Privileged Exec Example To show the list of trustpoints to which user exampleuser1 is enrolled us...

Страница 1305: ...onfigured to use the trustpoint and the trustpoint parameters that were configured from trustpoint configuration mode The specified trustpoints must already exist Example To show the details of the tr...

Страница 1306: ...tion Usage The subject name is specified as a variable number of fields where each field begins with a forward slash character Each field is of the form XX value where XX is the abbreviation of the no...

Страница 1307: ...01 Rev C Command Reference for GS970M Series 1307 AlliedWare Plus Operating System Version 5 4 7 0 x PUBLIC KEY INFRASTRUCTURE COMMANDS SUBJECT NAME TRUSTPOINT CONFIGURATION Related Commands crypto p...

Страница 1308: ...gure the device to use TACACS servers For more information about TACACS see the TACACS Feature Overview and Configuration Guide Command List authorization commands on page 1309 aaa authorization comma...

Страница 1309: ...thod list with privilege level 15 to VTY lines 0 to 5 use the following commands awplus configure terminal awplus config line vty 0 5 awplus config line authorization commands 15 TAC15 To reset the co...

Страница 1310: ...d Reference for GS970M Series 1310 AlliedWare Plus Operating System Version 5 4 7 0 x TACACS COMMANDS AUTHORIZATION COMMANDS aaa authorization config commands tacacs server host Command changes Versio...

Страница 1311: ...sent to the first available configured TACACS server the first server configured for authorization Parameter Description privilege level The privilege level of the set of commands the method list wil...

Страница 1312: ...al fallback is not configured and all servers become unreachable then all commands except logout exit and quit will be denied The default method list is defined with a local fallback unless configured...

Страница 1313: ...ation Usage If authorization of configuration mode commands is not enabled then all configuration commands are accepted by default including command authorization commands NOTE Authorization of config...

Страница 1314: ...sures that all TACACS packets sent from the device will have the same source IP address Once configured this affects all TACACS packets namely accounting authentication and authorization If the specif...

Страница 1315: ...gured Timeout 5 sec Server Host Server IP Address Status 192 168 1 10 Alive 192 168 1 11 Unknown Table 1 Parameters in the output of the show tacacs command Output Parameter Meaning Source Interface I...

Страница 1316: ...3 50163 01 Rev C Command Reference for GS970M Series 1316 AlliedWare Plus Operating System Version 5 4 7 0 x TACACS COMMANDS SHOW TACACS Command changes Version 5 4 6 2 1 Source Interface parameter ad...

Страница 1317: ...configured is regarded as the primary server and if the primary server fails then the backup servers are consulted in turn A backup server is consulted if the primary server fails not if a login authe...

Страница 1318: ...llowing commands awplus configure terminal awplus config tacacs server host tac1 company com To set the secret key to secret on the TACACS server 192 168 1 1 use the following commands awplus configur...

Страница 1319: ...is client and its TACACS servers If no secret key is specified for a particular TACACS server using the tacacs server host command this global key is used Examples To set the global secret key to secr...

Страница 1320: ...The no variant of this command resets the transmit timeout to the default 5 seconds Syntax tacacs server timeout seconds no tacacs server timeout Default The default timeout value is 5 seconds Mode Gl...

Страница 1321: ...witch ports e g port1 0 2 Command List arp security on page 1323 arp security violation on page 1324 clear arp security statistics on page 1326 clear ip dhcp snooping binding on page 1327 clear ip dhc...

Страница 1322: ...ing on page 1346 show arp security on page 1348 show arp security interface on page 1349 show arp security statistics on page 1351 show debugging arp security on page 1353 show debugging ip dhcp snoop...

Страница 1323: ...to disable ARP security on the VLANs Syntax arp security no arp security Default Disabled Mode Interface Configuration VLANs Usage Enable ARP security to provide protection against ARP spoofing DHCP...

Страница 1324: ...has ARP security enabled it drops the packet This command sets the switch to perform additional actions in response to ARP violations If a port has been shut down in response to a violation to bring...

Страница 1325: ...or GS970M Series 1325 AlliedWare Plus Operating System Version 5 4 7 0 x DHCP SNOOPING COMMANDS ARP SECURITY VIOLATION Related Commands arp security show arp security interface show arp security stati...

Страница 1326: ...ax clear arp security statistics interface port list Mode Privileged Exec Example To clear statistics for ARP security on interface port1 0 1 use the command awplus clear arp security statistics inter...

Страница 1327: ...st Mode Privileged Exec Usage This command removes dynamic entries from the database Note that dynamic entries can also be deleted by using the novariant of theip dhcp snooping binding command Dynamic...

Страница 1328: ...cp snooping statistics interface port list Mode Privileged Exec Example To clear statistics for the DHCP snooping on interface port1 0 1 use the command awplus clear ip dhcp snooping statistics interf...

Страница 1329: ...Overview Use this command to enable ARP security debugging Use the no variant of this command to disable debugging for ARP security Syntax debug arp security no debug arp security Default Disabled Mod...

Страница 1330: ...et detail no debug ip dhcp snooping all acl db packet detail Default Disabled Mode Privileged Exec Example To enable access list debugging for DHCP snooping use the commands awplus debug ip dhcp snoop...

Страница 1331: ...t one port connected to a DHCP server configured as a trusted port by using the ip dhcp snooping trust command Any ACLs on a port that permit traffic matching DHCP snooping entries and block other tra...

Страница 1332: ...to untrusted ports Use the no variant of this command to disable DHCP Relay Agent Option 82 insertion Syntax ip dhcp snooping agent option no ip dhcp snooping agent option Default DHCP Relay Agent Opt...

Страница 1333: ...e If the switch is connected via untrusted ports to edge switches that insert DHCP Relay Agent Option 82 information into DHCP packets you may need to allow these DHCP packets through the untrusted po...

Страница 1334: ...number Mode Interface Configuration for a VLAN interface Usage The Circuit ID sub option is included in the DHCP Relay Agent Option 82 field of forwarded client DHCP packets DHCP snooping Option 82 i...

Страница 1335: ...e DHCP Relay Agent Option 82 field of forwarded client DHCP packets DHCP snooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingis...

Страница 1336: ...ng binding ipaddr macaddr vlan vid interface port expiry expiry time no ip dhcp snooping binding ipaddr Mode Privileged Exec Usage Note that dynamic entries can also be deleted from the DHCP snooping...

Страница 1337: ...on This can be removed if necessary hidden file dhcp dsn gz Example To set the location of the DHCP snooping database to non volatile storage on the switch use the commands awplus configure terminal a...

Страница 1338: ...ted from the DHCP snooping database when matching DHCP release messages are received Mode Global Configuration Usage DHCP clients send a release message when they no longer wish to use the IP address...

Страница 1339: ...the switch not to delete entries when ports go down Syntax ip dhcp snooping delete by linkdown no ip dhcp snooping delete by linkdown Default Disabled by default DHCP Snooping bindings are not delete...

Страница 1340: ...dhcp snooping acl command In general the default 1 will work well on an edge port with a single directly connected DHCP client If the port is on an aggregation switch that is connected to an edge swit...

Страница 1341: ...cp snooping trust Default All ports are untrusted by default Mode Interface Configuration port Usage Typically ports connecting the switch to trusted elements in the network towards the core are set a...

Страница 1342: ...t Enabled source MAC addresses are verified by default Mode Global Configuration Usage When MAC address verification is enabled the switch treats DHCP packets with source MAC address and client hardwa...

Страница 1343: ...command IP packets dropped by DHCP snooping filters do not resultin other DHCP snooping violation actions Example To set the switch to send an SNMP notification and set the link status to link down i...

Страница 1344: ...xamples To add a static entry to the DHCP snooping database for a client with the IP address 192 168 1 2 MAC address 0001 0002 0003 on port1 0 6 of vlan6 use the command awplus configure terminal awpl...

Страница 1345: ...or GS970M Series 1345 AlliedWare Plus Operating System Version 5 4 7 0 x DHCP SNOOPING COMMANDS IP SOURCE BINDING Related Commands clear ip dhcp snooping binding ip dhcp snooping binding show ip dhcp...

Страница 1346: ...abled on the particular VLAN by using the ip dhcp snooping command have at least one port connected to a DHCP server configured as a trusted port by using the ip dhcp snooping trust command If you dis...

Страница 1347: ...Examples To enable DHCP snooping on the switch use the command awplus configure terminal awplus config service dhcp snooping To disable DHCP snooping on the switch use the command awplus configure ter...

Страница 1348: ...ty interface show arp security statistics Table 1 Example output from the show arp security command awplus show arp security ARP Security Information Total VLANs enabled 2 Total VLANs disabled 11 vlan...

Страница 1349: ...P security configuration for ports use the command awplus show arp security interface Parameter Description port list The ports to display ARP security information about The port list can include swit...

Страница 1350: ...rp security statistics show log snmp server enable trap Table 4 Parameters in the output from the show arp security interface command Parameter Description Action The action the switch takes when it d...

Страница 1351: ...escription detail Display detailed statistics interface port list Display statistics for the specified ports Table 5 Example output from the show arp security statistics command awplus show arp securi...

Страница 1352: ...show log Table 7 Example output from the show arp security statistics detail command awplus show arp security statistics detail DHCP Snooping ARP Security Statistics Interface port1 0 3 In Packets 20...

Страница 1353: ...rity debugging configuration Syntax show debugging arp security Mode User and Privileged Exec Example To display the debugging settings for ARP security on the switch use the command awplus show debug...

Страница 1354: ...ged Exec Example To display the DHCP snooping debugging configuration use the command awplus show debugging ip dhcp snooping Related Commands debug ip dhcp snooping show log Table 9 Example output fro...

Страница 1355: ...p snooping show arp security show ip dhcp snooping acl show ip dhcp snooping binding show ip dhcp snooping interface Table 10 Example output from the show ip dhcp snooping command DHCP Snooping Inform...

Страница 1356: ...hardware ACL information use the command awplus show ip dhcp snooping acl hardware Parameter Description detail Detailed DHCP Snooping ACL information hardware DHCP Snooping hardware ACL information...

Страница 1357: ...20 20 0000 aaaa bbbb port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 3 dhcps...

Страница 1358: ...ximum Bindings 2 port1 0 4 Template filters 7 port1 0 4 Attached hardware filters 14 port1 0 4 Current bindings 1 1 free port1 0 4 Client 1 120 120 120 120 port1 0 4 Templates cheese via class map cma...

Страница 1359: ...option interface interface list Mode User Exec and Privileged Exec Examples To display DHCP snooping Option 82 information for all interfaces use the command awplus show ip dhcp snooping agent option...

Страница 1360: ...ip dhcp snooping interface awplus show ip dhcp snooping agent option DHCP Snooping Option 82 Configuration Key C Id Circuit Id Format R Id Remote Id S Id Subscriber Id Option 82 insertion Enabled Opt...

Страница 1361: ...Type 1 2 3 4 aaaa bbbb cccc 7 1 0 6 Infinite Stat 1 2 3 6 any 4077 1 0 6 Infinite Stat 1 3 4 5 any 1 sa1 Infinite Stat 111 111 100 101 0000 0000 0001 111 112 1 1 1 1 0 6 4076 Dyna 111 111 101 108 0000...

Страница 1362: ...ing Type The source of the entry Dyna dynamically entered by snooping DHCP traffic configured by the ip dhcp snooping binding command or loaded from the database backup file Stat added statically by t...

Страница 1363: ...configuration information for If no ports are specified information for all ports is displayed Table 16 Example output from the show ip dhcp snooping interface command awplus show ip dhcp snooping in...

Страница 1364: ...and Parameter Description Port The port interface name Status The port status untrusted default or trusted Full Leases The number of entries in the DHCP snooping database for the port Max Leases The m...

Страница 1365: ...aces use the command awplus show ip dhcp snooping statistics Parameter Description detail Display detailed statistics interface interface list Display statistics for the specified interfaces The inter...

Страница 1366: ...erface port1 0 5 All counters 0 Interface port1 0 6 All counters 0 Table 20 Parameters in the output from the show ip dhcp snooping statistics command Parameter Description Interface The interface nam...

Страница 1367: ...ing the packet would cause the maximum number of bindings on a port to be exceeded Reply Received On Untrusted Port A BOOTP reply was received on an untrusted port Source MAC CHADDR Mismatch The L2 So...

Страница 1368: ...Related Commands ip source binding show ip dhcp snooping binding Table 21 Example output from the show ip source binding command awplus show ip source binding IP Source Bindings Client MAC Expires IP...

Страница 1369: ...C613 50163 01 Rev C Command Reference for GS970M Series 1369 AlliedWare Plus Operating System Version 5 4 7 0 x Part 6 Network Availability...

Страница 1370: ...th AlliedWare Plus Feature Overview and Configuration Guide Command List debug epsr on page 1372 epsr on page 1373 epsr configuration on page 1374 epsr datavlan on page 1375 epsr enhancedrecovery enab...

Страница 1371: ...C613 50163 01 Rev C Command Reference for GS970M Series 1371 AlliedWare Plus Operating System Version 5 4 7 0 x ETHERNET PROTECTION SWITCHED RING EPSRING COMMANDS undebug epsr on page 1393...

Страница 1372: ...on from being sent to the console msg Send the decoded received and transmitted EPSR packets to the console Using this parameter with the no debug epsr command will explicitly exclude the above packet...

Страница 1373: ...ues for an EPSR instance These are only valid for master nodes NOTE This command will only run on switches that are capable of running as an EPSR master node However even if your switch cannot functio...

Страница 1374: ...SRING COMMANDS EPSR CONFIGURATION epsr configuration Overview Use this command to enter EPSR Configuration mode so that EPSR can be configured Syntax epsr configuration Mode Global Configuration Examp...

Страница 1375: ...094 using the epsr datavlan command Examples To add vlan3 to the EPSR instance called blue use the command awplus config epsr epsr blue datavlan vlan3 To add vlan2 and vlan3 to the EPSR instance calle...

Страница 1376: ...re than one break partially mends For more information see the EPSR Feature Overview and Configuration Guide The no variant of this command disables the enhanced recovery mode Syntax epsr epsr instanc...

Страница 1377: ...n whatever switch is the master within your EPSR network This command creates a master EPSR instance Your switch is unable to run this command because it cannot function as an EPSR master node To incl...

Страница 1378: ...ic channels an algorithm selects the two ports or channels with the lowest number to be the ring ports However if the switch has only one channel group is defined to the control vlan EPSR will not ope...

Страница 1379: ...ion Syntax epsr epsr instance priority 0 127 no epsr instance priority Default The default priority of an EPSR instance on an EPSR node is 0 The negated form of this command resets the priority of an...

Страница 1380: ...Syntax epsr epsr instance state enabled disabled Mode EPSR Configuration Example To enable the EPSR instance called blue use the command awplus config epsr epsr blue state enabled Related Commands ep...

Страница 1381: ...nstance The traps will no longer be sent when the EPSR instance changes state Syntax epsr epsr instance trap no epsr epsr instance trap Mode EPSR Configuration Example To enable traps for the EPSR ins...

Страница 1382: ...ROTECTION SWITCHED RING EPSRING COMMANDS SHOW DEBUGGING EPSR show debugging epsr Overview This command shows the debugging modes enabled for EPSR Syntax show debugging epsr Mode User Exec and Privileg...

Страница 1383: ...lay for a non superloop topology network NOTE The above output is only displayed on an EPSR master Output superloop topology The following examples show the output display for superloop topology netwo...

Страница 1384: ...Priority 12 Table 3 Parameters displayed in the output of the show epsr command Parameter on Master Node Parameter on Transit Node Description Name Name The name of the EPSR instance Mode Mode The mo...

Страница 1385: ...physical control of it Note that on a master configured for SuperLoop Prevention non zero priority its secondary ring port can be physically forwarding but logically blocking This situation arises wh...

Страница 1386: ...de master controlvlan primary port epsr mode transit controlvlan show epsr counters Enhanced Recovery Enhanced Recovery Whether the EPSR instance has enhanced recovery mode enabled SLP Priority SLP Pr...

Страница 1387: ...ports on the switch use the command awplus show epsr common segments Related Commands show epsr show epsr summary show epsr counters Table 4 Example output from the show epsr common segments command E...

Страница 1388: ...data VLANs are not assigned to the ring ports The instance is a master with its secondary port on a common segment Syntax show epsr instance config check Mode User Exec and Privileged Exec Example To...

Страница 1389: ...iew This command displays information about the specified EPSR instance Syntax show epsr epsr instance Mode User Exec and Privileged Exec Example To show the current settings of the EPSR instance call...

Страница 1390: ...Overview This command displays counter information about the specified EPSR instance Syntax show epsr epsr instance counters Mode User Exec and Privileged Exec Example To show the counters of the EPSR...

Страница 1391: ...OW EPSR COUNTERS show epsr counters Overview This command displays counter information about all EPSR instances Syntax show epsr counters Mode User Exec and Privileged Exec Example To show the counter...

Страница 1392: ...put from the show epsr summary command EPSR Summary Information Abbreviations M Master node T Transit node C is on a common segment with other instances P instance on a common segment has physical con...

Страница 1393: ...r GS970M Series 1393 AlliedWare Plus Operating System Version 5 4 7 0 x ETHERNET PROTECTION SWITCHED RING EPSRING COMMANDS UNDEBUG EPSR undebug epsr Overview This command applies the functionality of...

Страница 1394: ...Plus Operating System Version 5 4 7 0 x RRP Snooping Commands Introduction Overview This section provides an alphabetical reference for commands used to configure the Router Redundancy Protocol RRP C...

Страница 1395: ...isabled Mode Global Configuration Usage Use this command to enable the RRP Snooping feature You cannot use RRP Snooping at the same time as the following features STP RSTP or MSTP except for edge port...

Страница 1396: ...ooping command The following table shows the output display for the show ip rrp snooping command Related Commands ip rrp snooping awplus show ip rrp snooping Status Enabled Vlan Master Virtual MAC Add...

Страница 1397: ...C613 50163 01 Rev C Command Reference for GS970M Series 1397 AlliedWare Plus Operating System Version 5 4 7 0 x Part 7 Network Management...

Страница 1398: ...only link to one other AMF node They cannot form cross links or virtual links AMF naming convention When AMF is enabled on a device it will automatically be assigned a host name If a host name has al...

Страница 1399: ...backup guests synchronize on page 1424 atmf backup now on page 1425 atmf backup redundancy enable on page 1427 atmf backup server on page 1428 atmf backup stop on page 1430 atmf backup synchronize on...

Страница 1400: ...tmf secure mode certificate expire on page 1481 atmf secure mode certificate expiry on page 1482 atmf secure mode certificate renew on page 1483 atmf secure mode enable all on page 1484 atmf select ar...

Страница 1401: ...f links on page 1550 show atmf links detail on page 1552 show atmf links guest on page 1561 show atmf links guest detail on page 1563 show atmf links statistics on page 1567 show atmf nodes on page 15...

Страница 1402: ...us Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS switchport atmf crosslink on page 1599 switchport atmf guestlink on page 1601 switchport atmf link on page 1603 t...

Страница 1403: ...ode AMF Container Configuration Usage The AMF area link connects the AMF controller on a VAA host to the AMF container Once a container has been created with the atmf container command and an area lin...

Страница 1404: ...LESIS MANAGEMENT FRAMEWORK AMF COMMANDS AREA LINK To remove an area link from container vac wlg 1 use the commands awplus configure terminal awplus config atmf container vac wlg 1 awplus config atmf c...

Страница 1405: ...mber of areas supported on a controller depends on the license installed on that controller You must give each area in an AMF network a unique name and ID number Only one local area can be configured...

Страница 1406: ...ries 1406 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AREA Related Commands atmf area password show atmf area show atmf area summary show a...

Страница 1407: ...cally on both of the area that locally contains the controller and the remote AMF area masters The command show running config atmf will display the encrypted version of this password The encryption k...

Страница 1408: ...ries 1408 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AREA PASSWORD Related Commands atmf area show atmf area show atmf area summary show a...

Страница 1409: ...asters must be authorized by the controller and the AMF remote area masters will also need to authorized access from the AMF controller Example To authorize all AMF nodes in the pending authorization...

Страница 1410: ...0M Series 1410 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AUTHORIZE show atmf secure mode certificates show atmf secure mode statistics Co...

Страница 1411: ...mf authorize provision mac mac address no atmf authorize provision all Default The default timeout is 60 minutes Mode Privileged Exec Example To provisionally authorize all non secure AMF nodes use th...

Страница 1412: ...PROVISION To authorize a node with a MAC address of 0000 cd28 0880 for 2 hours use the command awplus authorize provision timeout 120 mac 0000 cd28 0880 To remove all provisional authorization on an A...

Страница 1413: ...o schedule backup requests to begin at 11 am and execute twice per day 11 am and 11 pm use the following command node_1 configure terminal node_1 config atmf backup 11 00 frequency 2 CAUTION File name...

Страница 1414: ...a Note that this command can only be run on an AMF controller Syntax atmf backup area masters delete area area name node node name Mode Privileged Exec Example To delete the backup of the remote area...

Страница 1415: ...ult Remote area backups are disabled by default Usage Use the following commands to configure the remote area master backups atmf backup to configure when the backups begin and how often they run atmf...

Страница 1416: ...leged Exec Example To back up all local master nodes in all areas controlled by controller 1 use the command controller 1 atmf backup area masters now To back up all local masters in the AMF area name...

Страница 1417: ...een the active remote file server and the backup remote file server Files are copied from the active server to the remote server Note that this command is only valid on AMF controllers Syntax atmf bac...

Страница 1418: ...the maximum configurable speed of 1000 kBps In effect zero means unlimited Use the no variant of this command to reset to its default value of zero the maximum bandwidth in kilobytes per second kBps...

Страница 1419: ...backup file from the external media of a specified AMF node Note that this command can only be run from an AMF master node Syntax atmf backup delete node name Mode Privileged Exec Example To delete th...

Страница 1420: ...kup enable Default Automatic AMF backup functionality is enabled on the AMF master when it is configured and external media i e an SD card or a USB storage device or remote server is detected Mode Glo...

Страница 1421: ...Syntax atmf backup guests delete node name guest port Mode User Exec Privileged Exec Example On a parent node named node1 which in this case the user has a direct console connection to usethefollowin...

Страница 1422: ...disable the ability of the guest nodes to be backed up Syntax atmf backup guests enable no atmf backup guests enable Default Guest node backups are enabled by default Mode Global Config Usage We recom...

Страница 1423: ...s now node name guest port Default N A Mode Privileged Exec Example Use the following command to manually trigger the backup of all guests in the AMF network awplus atmf backup guests now Example To m...

Страница 1424: ...undancy backup media such as USB storage devices This facility ensures that each device contains the same backup image files Note that this backup synchronization process will occur as part of the reg...

Страница 1425: ...ent backups on both masters you can apply the backup now command to the master working set This is shown in Example 4 below Example 1 In this example an AMF member has not been assigned a host name Th...

Страница 1426: ...nnex and store the configuration on both masters use the following process From the AMF_master_1 set the working set to comprise only of the automatic group master nodes AMF_Master_1 atmf working set...

Страница 1427: ...er supports any removable media SD card USB it uses the removable media as the redundant backup for the AMF data backup This feature is valid only if remote file servers are configured on the AMF Mast...

Страница 1428: ...ommands AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 1 192 168 1 1 username backup1 Parameter Description id Remote server backup server identifier 1 2 The backup server i...

Страница 1429: ...2 with a hostname and username use the command AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 2 www example com username backup2 To configure server 2 with a hostname and u...

Страница 1430: ...his command separately on each master node or add both masters to a working set and issue this command to the working set Note that this command can only be run on a master node Syntax atmf backup sto...

Страница 1431: ...to its backup remote file server Note that this process happens automatically each time the network is backed up Note that this command can only be run from a master node Syntax atmf backup synchroniz...

Страница 1432: ...ile the backup release file license files It then reboots to put the device in a clean state ready to be used as a replacement node on a provisioned port Syntax atmf cleanup Mode Privileged Exec Usage...

Страница 1433: ...onfiguration Guide for more information on running multiple tenants on a single VAA host Use the no variant of this command to remove an AMF container Syntax atmf container container name no atmf cont...

Страница 1434: ...ration Guide for more information on running multiple tenants on a single VAA host Syntax atmf container login container name Mode Privileged Exec Usage If you try to login to a AMF container that has...

Страница 1435: ...a valid AMF controller license is not available on the device the device will accept this command but will not act as a controller until you install a valid license The following message will warn you...

Страница 1436: ...enameisupdatedusingthe bootsystemcommand Theoldrelease will become the backup release file If a release file exists in a remote device such as TFTP or HTTP for example then the URL should specify the...

Страница 1437: ...se File Status Team1 x510 5 4 6 1 4 rel Release ready Team2 x610 5 4 6 1 4 rel Release ready Team3 x610 5 4 6 1 4 rel Release ready Continue the rolling reboot y n y Copying Release x510 5 4 6 1 4 rel...

Страница 1438: ...ain VLANs each having the same VID and each being applied to a horizontal slice domain of the AMF It follows therefore thatthedomain VLANsare only applied to ports that form cross links and not to por...

Страница 1439: ...l execute the command in parallel leave the AMF network and attempt to rejoin through the new VLAN 4 Create the working set again using the commands master config exit master atmf working set group al...

Страница 1440: ...OMMANDS ATMF DOMAIN VLAN To reset the AMF domain VLAN to its default of 4091in an existing AMF network use the following commands master atmf working set group all test 10 configure terminal test conf...

Страница 1441: ...s configured the AMF feature starts automatically when the device starts up Mode Global Configuration Usage The device does not auto negotiate AMF domain specific settings such as the Network Name You...

Страница 1442: ...des that are configured as masters are automatically assigned to the master group Use the no variant of this command to remove the membership Syntax atmf group group list no atmf group group list Mode...

Страница 1443: ...nd sales first add the nodes to the working set master_node atmf working set member_node_1 member_node_2 This command returns the following output confirming that the nodes member_node_1 and member_no...

Страница 1444: ...mode discovery method model type http enable setting guest port user name and password The no variant of this command removes the guest class Note that you cannot remove a guest class that is assigne...

Страница 1445: ...63 01 Rev C Command Reference for GS970M Series 1445 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF GUEST CLASS show atmf links guest show atm...

Страница 1446: ...mmand to reset to the default Syntax atmf log verbose 1 3 no atmf log verbose Default The default log display is 3 Usage This command is intended for use in large networks where verbose output can mak...

Страница 1447: ...all devices the same setting so they can all rejoin the AMF network Use the no variant of this command to remove the assigned subnet Syntax atmf management subnet a b 0 0 no atmf management subnet Def...

Страница 1448: ...s 10 nodes test 10 3 Enter the new subnet address using the commands test 10 configure terminal test config 10 atmf management subnet a b 0 0 The nodes will execute the command in parallel leave the A...

Страница 1449: ...ANAGEMENT SUBNET To reset the AMF management subnet address to its default of 172 31 0 0 in an existing AMF network use the following commands master atmf working set group all test 10 configure termi...

Страница 1450: ...nd try to rejoin it The AMF network will not be complete until you have given all devices the same setting so they can all rejoin the AMF network Use the no variant of this command to restore the VID...

Страница 1451: ...logging into their consoles directly NOTE The management VLAN will automatically be assigned an IP subnet address based on the value configured by the command atmf management subnet The default VLAN I...

Страница 1452: ...er nodes may exist in a network and they must be connected by an AMF crosslink NOTE Master nodes are an essential component of an AMF network In order to run AMF an AMF License is required for each ma...

Страница 1453: ...ode Global Configuration Usage The default value of 1300 will work for all AMF networks including those that involve virtual links over IPsec tunnels If there are virtual links over IPsec tunnels anyw...

Страница 1454: ...uring an AMF master node see the command atmf master Use the no variant of this command to remove the AMF network name Syntax atmf network name name no atmf network name Mode Global Configuration Usag...

Страница 1455: ...vision nodename no atmf provision Default No AMF provisioning Mode Interface Configuration for a switchport a static aggregator or a dynamic channel group Usage The port should be configured as an AMF...

Страница 1456: ...ust delete it before using the atmf provision node clone command When using this command it is important to be aware of the following A copy of media atmf atmf_name nodes source_node flash will be mad...

Страница 1457: ...the new provisioned node device3 Figure 41 2 Sample output from the show atmf backup command device1 atmf provision node device3 clone device2 Copying Successful operation device1 show atmf backup Sch...

Страница 1458: ...ing this command to set a backup configuration file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the AMF remot...

Страница 1459: ...c Usage When using this command to set a backup release file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the...

Страница 1460: ...provision node clone must be executed before you can use other atmf provision node commands with the specified node name If a backup or provisioned node already exists for the specified node name then...

Страница 1461: ...AMF Feature Overview and Configuration Guide Related commands atmf provision node clone device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct...

Страница 1462: ...y want to use the atmf provision node delete command to delete a provisioned node that was created in error or that is no longer needed This command cannot be used to delete backups created by the AMF...

Страница 1463: ...f provision node create device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct 2016 03 00 Backup Bandwidth Unlimited Backup Media USB Total 7446...

Страница 1464: ...copy of the certificate file is deleted from AMF backup media Use the no variant of this command to set it back to the default This command can only be run on AMF master nodes Syntax atmf provision n...

Страница 1465: ...tmf provision nodes command Related commands show atmf provision nodes device1 show atmf provision nodes ATMF Provisioned Node Information Backup Media SD Total 3827 0MB Free 3481 1MB Node Name device...

Страница 1466: ...in the command has already been set up Otherwise an error message is shown when the command is run NOTE We advise that after running this command you return to a known working directory typically flas...

Страница 1467: ...reboot the next node in the sequence This command can take a significant amount of time to complete Syntax atmf reboot rolling force url Mode Privileged Exec Usage You can load the software from a va...

Страница 1468: ...pecify the exact release filename without using wild card characters On bootup the software release is verified Should an upgrade fail the upgrading unit will revert back to its previous software vers...

Страница 1469: ...am3 Working set join ATMF_NETWORK 3 atmf reboot rolling ATMF Rolling Reboot Nodes Timeout Node Name Minutes SW_Team1 14 SW_Team2 8 SW_Team3 8 Continue the rolling reboot y n y ATMF Rolling Reboot Rebo...

Страница 1470: ...olling Reboot Nodes Timeout Node Name Minutes New Release File Status SW_Team1 8 x510 5 4 6 0 1 rel Release Ready SW_Team2 10 x510 5 4 6 0 1 rel Release Ready SW_Team3 8 Not Supported HW_Team1 6 Incom...

Страница 1471: ...vice will poll all known AMF masters and controllers and execute an election process based on the last successful backup and its timestamp to determine which to use If no valid backup master or contro...

Страница 1472: ...rsion 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF RECOVER Example To recover the AMF node named Node_10 from the AMF master node named Master_2 use the following command Master_2 a...

Страница 1473: ...ment by reloading its backup file set that is located within the AMF backup system Note that this command must be run on the edge node device that connects to the guest node Syntax atmf recover guest...

Страница 1474: ...unction to their normal operational mode and in doing so assists with resolving the recovery problem You can repeat this process until the recovery failure has been resolved For more information see t...

Страница 1475: ...ser account that does not exist on the second node provided that atmf restricted login is disabled and the user account on the first node has privilege level 15 Moreover it is possible to use a RADIUS...

Страница 1476: ...ession on Node20 and return to Node10 s command line use the following command Node20 exit Node10 In this example user User1 is a valid user of node5 They can remotely login from node5 to node3 by usi...

Страница 1477: ...ork This allows access to the atmf working set command from any node in the AMF network Syntax atmf restricted login no atmf restricted login Mode Privileged Exec Default Master nodes operate with atm...

Страница 1478: ...eference for GS970M Series 1478 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF RESTRICTED LOGIN Command changes Version 5 4 6 2 1 changes to A...

Страница 1479: ...F network Use the no variant of this command to disable AMF secure mode on an AMF node Syntax atmf secure mode no atmf secure mode Default Secure mode is disabled by default Mode Global Configuration...

Страница 1480: ...ESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF SECURE MODE clear atmf secure mode certificates clear atmf secure mode statistics show atmf show atmf authorization show atmf secure mode show atmf secure m...

Страница 1481: ...vileged Exec Example To remove an AMF node named node3 from an AMF network use the following command on the AMF master awplus atmf secure mode certificate expire node3 To remove an AMF node named node...

Страница 1482: ...obal Configuration Example To set AMF secure mode certificate expiry to 7 days use the commands awplus configure terminal awplus config atmf secure mode certificate expiry 7 To set AMF secure mode cer...

Страница 1483: ...network Secure mode certificates renew automatically but this command could be used to renew a certificate in a situation where the automatic renewal may happen while the device is not attached to th...

Страница 1484: ...nt of this command to disable AMF secure mode on an entire network Syntax atmf secure mode enable all no atmf secure mode enable all Default Secure mode is disabled by default Mode Privileged Exec Usa...

Страница 1485: ...that ticks every 10 seconds for a maximum of 10 times and checks if all the secure mode capable nodes rejoin the AMF network NOTE Enabling or disabling secure mode on the network saves the running con...

Страница 1486: ...e Privileged Exec Usage After running this command use the atmf working set command to select the set of nodes you want to access in the remote area Example To access nodes in the area Canterbury use...

Страница 1487: ...s command allows a virtual tunnel to be created between two remote sites over a layer 3 link The tunnel encapsulates AMF packets and allows them to be sent transparently across a Wide Area Network WAN...

Страница 1488: ...f virtual crosslink id 10 ip 192 168 200 1 remote id 5 remote ip 192 168 100 1 To remove this virtual crosslink run the following commands on the local site siteA configure terminal siteA config no at...

Страница 1489: ...r If the tunnel is configured to connect a head office and branch office over the Internet typically this would involve using some type of managed WAN service such as a site to site VPN Tunnels are on...

Страница 1490: ...92 168 1 1 remote id 2 remote ip 192 168 2 1 Node_20 config atmf virtual link id 2 ip 192 168 2 1 remote id 1 remote ip 192 168 1 1 Example 2 To set up an area virtual link to a remote site assuming I...

Страница 1491: ...nything other than the local device the prompt will change to the AMF network name followed by the size of the working set shown in square brackets This command has to be run at privilege level 15 In...

Страница 1492: ...ing set use the command node1 atmf working set group all NOTE This command adds the implicit group all to the working set where all comprises all nodes in the AMF This command displays an output scree...

Страница 1493: ...the no variant of this command to remove a bridge group from an AMF container Syntax bridge group bridge id no bridge group Mode AMF Container Configuration Usage Each container has two virtual interf...

Страница 1494: ...OMMANDS CLEAR ATMF LINKS STATISTICS clear atmf links statistics Overview This command resets the values of all AMF link port and global statistics to zero Syntax clear atmf links statistics Mode Privi...

Страница 1495: ...atmf secure mode certificates If this is the only master on the network you will see the following warning On an AMF member you will see the following message Related Commands atmf authorize atmf sec...

Страница 1496: ...ear atmf secure mode statistics Overview Use this command to reset all secure mode statistics to 0 Syntax clear atmf secure mode statistics Mode Privileged Exec Example To reset the AMF secure mode st...

Страница 1497: ...rosslink arealink database neighbor error all Default All debugging facilities are disabled Mode User Exec and Global Configuration Usage If no additional parameters are specified then the command out...

Страница 1498: ...613 50163 01 Rev C Command Reference for GS970M Series 1498 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS DEBUG ATMF Related Commands no debug all...

Страница 1499: ...l 1 both Tx and Rx a timeout of 60 seconds with no filters applied NOTE An alias to the no variant of this command undebug atmf can be found elsewhere in this chapter Mode User Exec and Global Configu...

Страница 1500: ...ifname Interface port or virtual link pkt type Sets the filter on packets with a particular AMF packet type 1 Crosslink Hello BPDU packet with crosslink links information Enter 1 to select this packe...

Страница 1501: ...KET To enable send and receive 500 packets only on vlink1 for packet types 1 7 and 11 use the command node_1 debug atmf packet num pkts 500 filter interface vlink1 pkt type 1 7 11 This example applies...

Страница 1502: ...itchport atmf guestlink command to separately assign an individual switch port to each of the guest nodes The MAC addresses of each of the guests of that class can then be learned from ARP or Neighbor...

Страница 1503: ...MF COMMANDS DISCOVERY Example 2 To return the discovery method for the guest class TQ4600 1 to its default of dynamic use the following commands Node1 conf t Node1 config atmf guest class TQ4600 1 Nod...

Страница 1504: ...VAA host See the AMF Feature Overview and Configuration Guide for more information on running multiple tenants on a single VAA host Use the no variant of this command to remove the description from an...

Страница 1505: ...e the backup release file license files The device is then rebooted and returned to its factory default condition The device can then be used for AMF automatic node recovery Syntax erase factory defau...

Страница 1506: ...port number no http enable Default http enable is off If http enable is selected without a port parameter the port number will default to 80 Mode ATMF Guest Configuration Mode Example 1 To enable HTT...

Страница 1507: ...ce for GS970M Series 1507 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS HTTP ENABLE Related Commands atmf guest class switchport atmf guestlink sh...

Страница 1508: ...ype tq to the guest class called tq_device use the following commands node1 conf t node1 config atmf guest class tq_device node1 config atmf guest modeltype tq node1 config atmf guest end Example 2 To...

Страница 1509: ...Started with AlliedWare Plus Feature Overview and Configuration Guide Example 1 To show summary information on AMF node_1 use the following command node_1 show atmf summary Example 2 To show informati...

Страница 1510: ...node_1 show atmf tech Table 2 Output from the show atmf session command node_1 show atmf session CLI Session Neighbors Session ID 73518 Node Name node_1 PID 7982 Link type Broadcast cli MAC Address 0...

Страница 1511: ...MAC 0014 2299 137d Parent Domain Parent Domain Controller Parent Domain Controller MAC 0000 0000 0000 Number of Domain Events 0 Crosslink Ports Blocking 0 Uplink Ports Waiting on Sync 0 Crosslink Seq...

Страница 1512: ...N The VLAN created for traffic between Nodes of different domain up down links VLAN ID In this example VLAN 4092 is configured as the Management VLAN Management Subnet Network prefix for the subnet Ma...

Страница 1513: ...troller 1 show atmf area The following figure shows example output from running this command on a controller The following figure shows example output from running this command on a remote master Para...

Страница 1514: ...ea has not been established This could meanthat a port or vlan is down or that inconsistent VLANs have been configured using the switchport atmf arealink remote area command N A for the area of the co...

Страница 1515: ...w atmf area summary show atmf area nodes show atmf area nodes detail Table 8 Output from the show atmf area detail command controller 1 show atmf area detail ATMF Area Detail Information Controller di...

Страница 1516: ...The area name for guest information node name The name of the node that connects to the guests main building Area Guest Node Information Device MAC IP IPv6 Type Address Parent Port Address 0008 5d10...

Страница 1517: ...970M Series 1517 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF AREA GUESTS Related Commands show atmf area show atmf area nodes show atm...

Страница 1518: ...etail northern node1 Output Figure 41 9 Example output from the show atmf guest detail command Parameter Description area name The name assigned to the AMF area An area is an AMF network that is under...

Страница 1519: ...rt number on the parent node Guest Description A brief description of the guest node as manually entered into the description interface command for the guest node port on the parent node Device Type T...

Страница 1520: ...Example To show summarized information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes The following figure shows partial example output from running t...

Страница 1521: ...des detail ATMF Master Whether the node is an AMF master node for its area Y if it is and N if it is not SC The device configuration one of C Chassis SBx8100 series S Stackable VCS or N Standalone Par...

Страница 1522: ...Example To show information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes detail The following figure shows partial example output from running this...

Страница 1523: ...from the show atmf area nodes detail command Parameter Definition Node name The name assigned to a particular node Parent node name The node to which the current node has an active uplink Domain id Bo...

Страница 1524: ...f area summary The following figure shows example output from running this command Related Commands show atmf area show atmf area nodes show atmf area nodes detail Parameter Description area name Disp...

Страница 1525: ...y AMF nodes which are requesting authorization on an AMF controller or AMF master use the command awplus show atmf authorization pending To display AMF nodes which have provisional authorization use t...

Страница 1526: ...authorization Authorization expiry time is set using atmf secure mode certificate expiry Pending Authorizations NZ Requests Node Name Product Parent Node Interface area_1_node_3 x210 9GT master_1 por...

Страница 1527: ...mf show atmf secure mode show atmf secure mode certificates Command changes Version 5 4 7 0 3 command added Table 41 3 Parameters in the output from show atmf authorization provisional Parameter Descr...

Страница 1528: ...n logs Displays detailed log information server status Displays connectivity diagnostics information for each configured remote file server synchronize Display the file server synchronization status l...

Страница 1529: ...up logs Backup Redundancy Enabled Local media SD Total 3788 0MB Free 1792 8MB State Inactive Remote file server is not available Log File Location card atmf ATMF logs rsync_ node name log Node Name Lo...

Страница 1530: ...be a combination of either Idle Starting Doing Stopping or manual scheduled Started The date and time that the currently executing task was initiated in the format DD MMM YYYY HH MM Current Node The n...

Страница 1531: ...ssues note that the backup may still be deemed successful depending on the errors Stopped meaning that the backup attempt was manually aborted Good meaning that the backup was completed successfully I...

Страница 1532: ...e master nodes in one or more areas Note that this command is only available on AMF controllers Syntax show atmf backup area area name node name logs Mode Privileged Exec Example To show information a...

Страница 1533: ...Time 15 Oct 2016 04 30 Backup Bandwidth Unlimited Backup Media FILE SERVER 1 Total 128886 5MB Free 26234 2MB Server Config 1 Configured Mounted Active Host 10 37 74 1 Username root Path tftpboot backu...

Страница 1534: ...st status use the command x930 master show atmf backup guest Output Figure 41 13 Example output from show atmf backup guest Parameter Description node name The name of parent guest node guest port The...

Страница 1535: ...2 21 46 Good USB 19 Jan 2016 22 21 46 Good Table 41 1 Parameters in the output from show atmf backup guest Parameter Description Guest Backup The status of the guest node backup process Scheduled Back...

Страница 1536: ...a single VAA host See the AMF Feature Overview and_Configuration Guide for more information on running multiple tenants on a single VAA host Syntax show atmf container detail container name Mode Priv...

Страница 1537: ...te command Memory The amount of memory the container is using on the VAA host CPU The percentage of CPU time the container is using on the VAA at the time the show command is run awplus show atmf cont...

Страница 1538: ...AMF management IP address CPU use The CPU usage of the container since it was enabled Memory use Container memory usage Link Each container has two links 1 An AMF area link this connects the containe...

Страница 1539: ...ut screen from this command is shown below Parameter Description detail Displays output in greater depth atmf 1 show atmf detail ATMF Detail Information Network Name Test_network Network Mtu 1300 Node...

Страница 1540: ...AMF root node Domain State The state of Node in a Domain in AMF network as Controller Backup Recovery State The AMF node recovery status Indicates whether a node recovery is in progress on this devic...

Страница 1541: ...of these groups Syntax show atmf group user defined automatic Default All groups are displayed Mode Privileged Exec Example 1 To display group membership of node2 use the following command node2 show...

Страница 1542: ...ion master poe x8100 node1 node2 node3 node4 node5 node6 ATMF group information sysadmin x8100 AMF_NETWORK 6 Table 43 Sample output from the show atmf group command for a working set AMF_NETWORK 6 sho...

Страница 1543: ...ers based on their own criteria which can be used to select groups of nodes Syntax show atmf group members user defined automatic Mode Privileged Exec Example To display group membership of all nodes...

Страница 1544: ...le 46 Parameter definitions from the show atmf group members command Parameter Definition Automatic Groups Lists the Automatic Groups and their nodal composition The sample output shows AMF nodes base...

Страница 1545: ...e command awplus show atmf guests Output Figure 41 17 Example output from the show atmf guests command master show atmf guests Guest Information Device Device Parent Guest IP IPv6 Name Type Node Port...

Страница 1546: ...tmf guestlink show atmf backup guest show atmf links guest Parent Node The name of the AMF node that directly connects to the guest node Guest Port The port on the parent node that directly connects t...

Страница 1547: ...and specify the node name or show atmf links guest detail which shows information about the guest nodes and also about their link to their parent node Note that the parameters that are displayed depe...

Страница 1548: ...t is discovered from the device or failing that auto assigned by AMF The auto assigned name consists of parent node name attached port number You can change this by configuring a description on the po...

Страница 1549: ...nce for GS970M Series 1549 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF GUESTS DETAIL Related Commands atmf guest class switchport atmf...

Страница 1550: ...mf links brief Figure 41 19 Example output from show atmf links brief Parameter Description brief A brief summary of AMF links their configuration and status Example core show atmf links ATMF Link Bri...

Страница 1551: ...od to ensure link is stable Incompatible Neighbor rejected the link because of inconsistency in AMF configurations OneWay Link is up and has waited the hold down period and now attempting to link to a...

Страница 1552: ...detail The output from this command will display all the internal data held for AMF links The following example gives details of the links that are summarized in the example in show atmf links Paramet...

Страница 1553: ...4610 Example core 4610 Transaction ID 2 2 MAC Address eccd 6dd1 64d0 0000 cd37 054b Link State Full Full Domain Nodes Tree Node Building A Links on Node 1 Link 0 Building A 4630 Example core 4630 Forw...

Страница 1554: ...de Depth 0 Transaction ID 6 Flags 32 Domain Controller Domain Controller MAC 0000 0000 0000 Downlink Domain Information Domain Dept A s domain Domain Controller Dept A Domain Controller MAC eccd 6d20...

Страница 1555: ...st Domain Dorm D s domain Node Building A Ifindex 0 Transaction ID 20 Flags 32 Domain Dorm D s domain Node Building B Ifindex 0 Transaction ID 20 Flags 32 Domain Dorm D s domain Node Example core Ifin...

Страница 1556: ...cent MAC eccd 6ddf 6cdf Adjacent Domain Controller Dorm D Adjacent Domain Controller MAC 0000 cd37 082c Port Forwarding State Forwarding Port BPDU Receive Count 95 Port Sequence Number 11 Port Adjacen...

Страница 1557: ...wn Link has been shut down by user configuration Port BPDU Receive Count The number of AMF protocol PDU s received Adjacent Node Name The name of the adjacent node connected to this node Adjacent Ifin...

Страница 1558: ...ier for the neighbor in crosslink Flags Used in domain messages to exchange the state ATMF_DOMAIN_FLAG_DOWN 0 ATMF_DOMAIN_FLAG_UP 1 ATMF_DOMAIN_FLAG_BLOCK 2 ATMF_DOMAIN_FLAG_NOT_PRESENT 4 ATMF_DOMAIN_...

Страница 1559: ...Virtual router id for the local port Port Status Shows status of the local port on the Node as UP DOWN Port State AMF state of the local port Adjacent Node nodename of the adjacent node Adjacent Inter...

Страница 1560: ...d Reference for GS970M Series 1560 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF LINKS DETAIL Related Commands no debug all clear atmf l...

Страница 1561: ...ation about AMF guests that are connectible from node1 use the command node1 show atmf links guest Output Figure 41 20 Example output from show atmf links guest Parameter Description interface interfa...

Страница 1562: ...chport atmf guestlink show atmf backup guest Model Type The model type of the guest node as entered by the modeltype command Can be one of the following alliedware aw tq other DC The discovery method...

Страница 1563: ...t Display details for all ports with guest nodes connected Mode User Exec Privileged Exec Usage Use this command to display the guest nodes connected to a single parent node If you want to see a list...

Страница 1564: ...on node1 1 0 17 Firmware Version 3 2 1 A02 Table 41 2 Parameters in the output from show atmf links guest detail Parameter Description Interface The port on the parent node that connects to the guest...

Страница 1565: ...e is in the process of retrieving any other available information from the guest firmware version etc The information available depends on what device the guest node is Full The AMF device has retriev...

Страница 1566: ...p guest Serial Number The serial number of the guest node Firmware Name The name of the firmware operating on the guest node Firmware Version The version of the firmware operating on the guest node HT...

Страница 1567: ...evice1 show atmf links statistics Parameter Description interface Specifies that the command applies to a specific interface port or range of ports Where both the interface and port number are unspeci...

Страница 1568: ...checksum or type Type7 0 Incarnation is not possible with the data received Type8 0 Discard crosslink hello received not correct state Type9 0 Discard crosslink domain hello received on non crosslink...

Страница 1569: ...no debug all clear atmf links statistics show atmf device1 show atmf links statistics interface port1 0 5 ATMF Port Statistics Transmit Receive port1 0 5 Crosslink Hello 231 232 port1 0 5 Crosslink He...

Страница 1570: ...other improvements Syntax show atmf nodes guest all Mode Privileged Exec Usage You can use this command to display one of three sets of nodes all nodes except guest nodes by specifying show atmf nodes...

Страница 1571: ...e at the end node1 show atmf nodes all Node and Guest Information Local device SC Switch Configuration C Chassis S Stackable N Standalone G Guest Node Guest Device ATMF Parent Node Name Type Master SC...

Страница 1572: ...nd is run Example To show the details of all the provisioned nodes in the backup use the command NodeName show atmf provision nodes Figure 41 24 Sample output from the show atmf provision nodes comman...

Страница 1573: ...secure mode Output Figure 41 25 Example output from show atmf secure mode on an AMF master Figure 41 26 Example output from show atmf secure mode on an AMF node ATMF Secure Mode Secure Mode Status En...

Страница 1574: ...icate Expiry Certificate expiry time Set with atmf secure mode certificate expiry Certificates Total Total number of certificates Certificates Revoked Certificates that have been revoked by the AMF ma...

Страница 1575: ...arning The default username and password is enabled Good SNMP V1 or V2 is disabled Warning Telnet server is enabled Good ATMF is enabled Secure Mode is on Good ATMF Topology GUI is disabled No trustpo...

Страница 1576: ...MF secure mode link audits for a node use the command awplus show atmf secure mode audit link Output Figure 41 28 Example output from show atmf secure mode audit link Related Commands show atmf show a...

Страница 1577: ...AMF secure mode certificates for a node named area_2_node_1 in an area named area 2 use the command awplus show atmf secure mode certificates detail area area 2 node area_2_node_1 Output Figure 41 29...

Страница 1578: ...AMF commands Valid statuses are Active Revoked and Rejected Certificates Detail area_2_node_1 area area 2 MAC Address 0000 cd37 0003 Status Active Serial Number A24SC8001 Product x510 28GTX Key Finge...

Страница 1579: ...ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF SECURE MODE CERTIFICATES Related Commands atmf authorize atmf secure mode atmf secure mode certificate expire atmf secure mode certificate re...

Страница 1580: ...aster or member node use the command awplus show atmf secure mode sa detail neighbor Output Figure 41 31 Example output from show atmf secure mode sa Parameter Description detail Display detailed secu...

Страница 1581: ...eccd 6d82 6c16 Flags 000003c0 Id 83 40000053 Type Neighbor Gateway State Complete Remote MAC Address 001a eb54 e53b Flags 000003c0 Id 175 400000af Type Neighbor Gateway State Complete Remote MAC Addr...

Страница 1582: ...ller master neighbor relationship Broadcast SA for working set broadcast requests State Current state of the Security Association The state must be Complete before a member node is trusted and can be...

Страница 1583: ...ple To display AMF secure mode statistics on a master or member node use the command awplus show atmf secure mode statistics Output Figure 41 33 Example output from show atmf secure mode statistics on...

Страница 1584: ...re mode atmf secure mode certificate renew clear atmf secure mode statistics show atmf secure mode Command changes Version 5 4 7 0 3 command added ATMF Secure Mode Statistics Local Certificates Valid...

Страница 1585: ...how atmf tech Table 42 Sample output from the show atmf tech command node1 show atmf tech ATMF Summary Information ATMF Status Enabled Network Name ATMF_NET Node Name node1 Role Master Current ATMF No...

Страница 1586: ...igned to the node within the AMF network Role The role configured on the device within the AMF either master or member Current ATMF Nodes A count of the AMF nodes in the AMF network Node Address The i...

Страница 1587: ...et address used for this traffic Domain IP Address the IP address allocated for this traffic Domain Mask the Netmask used to create a subnet for this traffic 255 255 128 0 prefix 17 Device Type Shows...

Страница 1588: ...nnects to a virtual link The first link has the IP address 192 168 1 1 and has a Local ID of 1 The second has the IP address 192 168 2 1 and has the Local ID of 2 Example 2 To display AMF virtual link...

Страница 1589: ...named vlink1 equivalent to an L2TP tunnel Local ID The local ID of the virtual link This matches the vlink number State The operational state of the vlink either Up or Down This state is always displa...

Страница 1590: ...nd displays the nodes that form the current AMF working set Syntax show atmf working set Mode Privileged Exec Example To show current members of the working set use the command ATMF_NETWORK 6 show atm...

Страница 1591: ...f Mode User Exec and Global Configuration Example To display the AMF debugging status use the command node_1 show debugging atmf Figure 41 35 Sample output from the show debugging atmf command Related...

Страница 1592: ...y the AMF packet debugging status use the command node_1 show debug atmf packet Figure 41 36 Sample output from the show debugging atmf packet command Related Commands debug atmf debug atmf packet Tab...

Страница 1593: ...splays the running system information that is specific to AMF Syntax show running config atmf Mode User Exec and Global Configuration Example To display the current configuration of AMF use the follow...

Страница 1594: ...is disabled Mode AMF Container Configuration Usage The first time the state enable command is executed on a container it assigns the container to an area and configures it as an AMF master This is ac...

Страница 1595: ...ner vac wlg 1 use the commands awplus configure terminal awplus config atmf container vac wlg 1 awplus config atmf container state enable To stop the AMF container vac wlg 1 use the commands awplus co...

Страница 1596: ...s are not visible to AMF networks Mode Interface mode for a switch port Note that the link between the x600 and the AMF network must be a single link not an aggregated link Usage The x600 Series switc...

Страница 1597: ...group Usage Run this command on the port or aggregator at both ends of the link Each area must have the area name configured and the same area password must exist on both ends of the link Running this...

Страница 1598: ...or GS970M Series 1598 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SWITCHPORT ATMF AREALINK REMOTE AREA Related Commands atmf area atmf area pass...

Страница 1599: ...st for the selected port or aggregated link Syntax switchport atmf crosslink no switchport atmf crosslink Mode Interface Configuration for a switchport a static aggregator or a dynamic channel group U...

Страница 1600: ...gure terminal Node_1 config interface sa1 Node_1 config if switchport atmf crosslink Node_1 config if switchport trunk allowed vlan add 2 Node_1 config if switchport trunk native vlan none In this exa...

Страница 1601: ...configure switch port 1 0 44 to be a guest link that will connect to a guest node having a guest class of camera and an IPv4 address of 192 168 3 3 use the following commands node1 configure terminal...

Страница 1602: ...tlink node1 config if end Example 4 To configure switch ports 1 0 52 to 1 0 54 to be guest links for the guest class camera use the following commands node1 configure terminal node1 config int port1 0...

Страница 1603: ...el group Usage Up down links and virtual links interconnect domains in a vertical hierarchy with the highest domain being the core domain In effect they form a tree of interconnected AMF domains This...

Страница 1604: ...e leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node1 atmf working set group all This command returns...

Страница 1605: ...d returns the following display node1 TR Type Details Description Ac Te Tr Repeat Scr Days Date 001 Periodic 2 min Periodic Status Chk Y N Y Continuous 1 smtwtfs 005 ATMF node leave E mail on ATMF Exi...

Страница 1606: ...3 50163 01 Rev C Command Reference for GS970M Series 1606 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS TYPE ATMF NODE Related Commands show trigg...

Страница 1607: ...ence for GS970M Series 1607 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS UNDEBUG ATMF undebug atmf Overview This command is an alias for the no v...

Страница 1608: ...has the guest class of phone1 use the following commands node1 conf t node1 config amf guest class phone1 node1 config atmf guest username reception password secret node1 config atmf guest end Example...

Страница 1609: ...50163 01 Rev C Command Reference for GS970M Series 1609 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS USERNAME show atmf links guest show atmf no...

Страница 1610: ...of commands used to configure management stacking For introductory information about management stacking in AlliedWare Plus including overview and configuration information see the Management Stacking...

Страница 1611: ...other nodes in the management stack Syntax mstack command node no mstack command node Mode Global Config Usage A management stacking command node has to be present for a management stack to form Only...

Страница 1612: ...ing configured Use the no variant of this command to disable turn off the management stacking feature on the node Syntax mstack enable no mstack enable Mode Global Configuration Usage To use managemen...

Страница 1613: ...turned to the originating node The software will not allow you to run multiple remote login sessions You must exit an existing session before starting a new one In the remote login command the hostnam...

Страница 1614: ...em Version 5 4 7 0 x MANAGEMENT STACKING COMMANDS MSTACK REMOTE LOGIN Example 2 In this example user whitney is a valid user of command node and node3 She can remotely login from command node to node3...

Страница 1615: ...des Mode Privileged Exec Example To display management stacking information for all nodes in the management stack use the command command node show mstack nodes Figure 42 1 Sample output from the show...

Страница 1616: ...this command to remove any mstack link that may exist for the selected link Syntax switchport mstack link no switchport mstack link Mode Interface Configuration Usage Running this command will automat...

Страница 1617: ...ation on filtering and saving command output see the Getting Started with AlliedWare_Plus Feature Overview and Configuration Guide Command List ntp access group deprecated on page 1618 ntp authenticat...

Страница 1618: ...Series 1618 AlliedWare Plus Operating System Version 5 4 7 0 x NTP COMMANDS NTP ACCESS GROUP DEPRECATED ntp access group deprecated Overview This command has been deprecated in Software Version 5 4 6...

Страница 1619: ...to authenticate the associations with other systems for security purposes The no variant of this command disables NTP authentication Syntax ntp authenticate no ntp authenticate Mode Global Configurat...

Страница 1620: ...an MD5 authentication key number 134343 and a key value mystring use the commands awplus configure terminal awplus config ntp authentication key 134343 md5 mystring To disable the authentication key...

Страница 1621: ...broadcastdelay delay no ntp broadcastdelay Default 0 microsecond offset which can only be applied with the no variant of this command Mode Global Configuration Examples To set the estimated round trip...

Страница 1622: ...e 192 168 1 0 16 subnet if they arrive more frequently than every 5 seconds and also send kiss of death messages use the commands awplus configure terminal awplus config ntp discard minimum 5 awplus c...

Страница 1623: ...192 0 2 23 awplus configure terminal awplus config ntp peer 192 0 2 23 awplus config ntp peer 192 0 2 23 prefer awplus config ntp peer 192 0 2 23 prefer version 4 awplus config ntp peer 192 0 2 23 pre...

Страница 1624: ...plus config ntp peer 2001 0db8 010d 1 prefer awplus config ntp peer 2001 0db8 010d 1 prefer version 4 awplus config ntp peer 2001 0db8 010d 1 prefer version 4 key 1234 awplus config ntp peer 2001 0db8...

Страница 1625: ...address Apply this restriction to the specified IPv4 or IPv6 host Enter an IPv4 address in the format A B C D Enter an IPv6 address in the format X X X X host subnet Apply this restriction to the spe...

Страница 1626: ...2 0 2 1 and the subnet 192 168 1 0 16 to authenticate NTP sessions with this device use the commands awplus configure terminal awplus config ntp restrict 192 0 2 1 notrust awplus config ntp restrict 1...

Страница 1627: ...us config ntp server 192 0 1 23 awplus config ntp server 192 0 1 23 prefer awplus config ntp server 192 0 1 23 prefer version 4 awplus config ntp server 192 0 1 23 prefer version 4 key 1234 awplus con...

Страница 1628: ...2 awplus config ntp server 2001 0db8 010e 2 prefer awplus config ntp server 2001 0db8 010e 2 prefer version 4 awplus config ntp server 2001 0db8 010e 2 prefer version 4 key 1234 awplus config ntp serv...

Страница 1629: ...d using this command is matched to the interface When selecting a source IP address to use for NTP messages to the peer if the configured NTP client source IP address is unavailable then default behav...

Страница 1630: ...configure the NTP source interface with the IPv6 address 2001 0db8 010e 2 enter the commands awplus configure terminal awplus config ntp source 2001 0db8 010e 2 To remove a configured address for the...

Страница 1631: ...edWare Plus Operating System Version 5 4 7 0 x NTP COMMANDS NTP TRUSTED KEY DEPRECATED ntp trusted key deprecated Overview This command has been deprecated in Software Version 5 4 6 1 1 Please use the...

Страница 1632: ...GS970M Series 1632 AlliedWare Plus Operating System Version 5 4 7 0 x NTP COMMANDS SHOW COUNTER NTP DEPRECATED show counter ntp deprecated Overview From version 5 4 6 1 x onwards this command has been...

Страница 1633: ...05 256 377 27 144 0 775 0 193 system peer backup candidate outlier x false ticker Table 2 Parameters in the output from the show ntp associations command Parameter Description system peer The peer tha...

Страница 1634: ...r when When last polled seconds ago h hours ago or d days ago poll Time between NTP requests from the device to the server reach An indication of whether or not the NTP server is responding to request...

Страница 1635: ...stricted 0 rate limited 0 KoD responses 0 processed for time 306 Table 43 1 Parameters in the output from show ntp counters Parameter Description uptime How long NTP has been running since it was last...

Страница 1636: ...atch any restrict statements in the NTP restrictions NTP drops these packets See the command ntp restrict for more information rate limited The number of packets dropped because the packet rate exceed...

Страница 1637: ...uplicate 0 bad header 0 kod received 0 Table 43 2 Parameters in the output from show ntp counters associations Parameter Description Peer An NTP peer or server that the device is associated with sent...

Страница 1638: ...er The number of packets where one or more header fields are invalid kod received The number of Kiss of Death packets received from the peer KoD packets indicate that this device is sending NTP packet...

Страница 1639: ...show ntp status For information about the output displayed by this command see ntp org Figure 43 3 Example output from the show ntp status command awplus show ntp status associd 0 status 061b leap_non...

Страница 1640: ...ommand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug snmp on page 1642 show counter snmp server on page 1643 show debugging snmp on pa...

Страница 1641: ...neID local reset on page 1666 snmp server group on page 1667 snmp server host on page 1669 snmp server legacy ifadminstatus on page 1671 snmp server location on page 1672 snmp server source interface...

Страница 1642: ...nmp detail To start SNMP debugging showing all SNMP debugging information use the command awplus debug snmp all Related Commands show debugging snmp terminal monitor undebug snmp Parameter Description...

Страница 1643: ...mple output from the show counter snmp server command SNMP SERVER counters inPkts 11 inBadVersions 0 inBadCommunityNames 0 inBadCommunityUses 0 inASNParseErrs 0 inTooBigs 0 inNoSuchNames 0 inBadValues...

Страница 1644: ...ved SNMP Messages inTooBigs The number of SNMP PDUs received by the SNMP agent where the value of the error status field is tooBig This is sent by an SNMP manager to indicate that an exception occurre...

Страница 1645: ...e SNMP agent has sent outTooBigs The number of SNMP PDUs that the SNMP agent has generated with the value tooBig in the error status field This is sent to the SNMP manager to indicate that an exceptio...

Страница 1646: ...MP agent s window UnknownUserNames The number of received packets that the SNMP agent has dropped because they referenced an unknown user UnknownEngineIDs The number of received packets that the SNMP...

Страница 1647: ...iew This command displays whether SNMP debugging is enabled or disabled Syntax show debugging snmp Mode User Exec and Privileged Exec Example To display the status of SNMP debugging use the command aw...

Страница 1648: ...leged Exec Example To display the current configuration of SNMP on your device use the command awplus show running config snmp Output Figure 44 3 Example output from the show running config snmp comma...

Страница 1649: ...x show snmp server Mode Privileged Exec Example To display the status of the SNMP server use the command awplus show snmp server Output Figure 44 4 Example output from the show snmp server command Rel...

Страница 1650: ...ies configured on the device SNMP communities are specific to v1 and v2c Syntax show snmp server community Mode Privileged Exec Example To display the SNMP server communities use the command awplus sh...

Страница 1651: ...x show snmp server group Mode Privileged Exec Example To display the SNMP groups configured on the device use the command awplus show snmp server group Output Figure 44 6 Example output from the show...

Страница 1652: ...he SNMP server users and is used with SNMP version 3 only Syntax show snmp server user Mode Privileged Exec Example To display the SNMP server users configured on the device use the command awplus sho...

Страница 1653: ...the SNMP server views and is used with SNMP version 3 only Syntax show snmp server view Mode Privileged Exec Example To display the SNMP server views configured on the device use the command awplus sh...

Страница 1654: ...gregation e g sa2 po2 To specify where notifications are sent use the snmp server host command To configure the device globally to send other notifications use the snmp server enable trap command Exam...

Страница 1655: ...d Reference for GS970M Series 1655 AlliedWare Plus Operating System Version 5 4 7 0 x SNMP COMMANDS SNMP TRAP LINK STATUS Related Commands show interface snmp trap link status suppress snmp server ena...

Страница 1656: ...is started when the first link status notification of a particular type linkUp or linkDown is sent for an interface If the threshold number of notifications of this type is sent before the timerreache...

Страница 1657: ...7 0 x SNMP COMMANDS SNMP TRAP LINK STATUS SUPPRESS To disable the suppression link status notifications for port 1 0 2 use following commands awplus configure terminal awplus config interface port1 0...

Страница 1658: ...ipv6 no snmp server ip ipv6 Default By default the SNMP agent is enabled for both IPv4 and IPv6 If neither the ip parameter nor the ipv6 parameter is specified for this command then SNMP is enabled o...

Страница 1659: ...Version 5 4 7 0 x SNMP COMMANDS SNMP SERVER Related Commands show snmp server show snmp server community show snmp server user snmp server community snmp server contact snmp server enable trap snmp s...

Страница 1660: ...no snmp server community community name view view name access list Mode Global Configuration Example The following command creates an SNMP community called public with read only access to all MIB var...

Страница 1661: ...his command removes the contact information from the system Syntax snmp server contact contact info no snmp server contact Mode Global Configuration Example To set the system contact information to su...

Страница 1662: ...ode Global Configuration Usage This command cannot be used to enable link status notifications globally To enable link status notifications for particular interfaces use the snmp trap link status comm...

Страница 1663: ...awplus config snmp server enable trap atmfnode To enable the device to send MAC address Thrash Limiting traps use the following commands awplus configure terminal awplus config snmp server enable trap...

Страница 1664: ...the current engine ID is also system generated Syntax snmp server engineID local engine id default no snmp server engineID local Mode Global Configuration Usage All devices must have a unique engine I...

Страница 1665: ...onfig snmp server engineid local asdgdfh231234d awplus config exit awplus show snmp server SNMP Server Enabled IP Protocol IPv4 SNMPv3 Engine ID configured name asdgdfh231234d SNMPv3 Engine ID actual...

Страница 1666: ...Pv3 engine ID by resetting the SNMPv3 engine If the current engine ID is user defined usethe snmp server engineID local command to set SNMPv3 engineID to a system generated value Syntax snmp server en...

Страница 1667: ...mp server group groupname auth noauth priv Mode Global Configuration Examples To add SNMP group for ordinary users user the following commands awplus configure terminal awplus config snmp server group...

Страница 1668: ...C Command Reference for GS970M Series 1668 AlliedWare Plus Operating System Version 5 4 7 0 x SNMP COMMANDS SNMP SERVER GROUP Related Commands snmp server show snmp server show snmp server group show...

Страница 1669: ...SNMP v2c or the authentication encryption parameters and user name SNMP v3 Syntax snmp server host ipv4 address ipv6 address traps version 1 community name snmp server host ipv4 address ipv6 address i...

Страница 1670: ...traps to the IPv6 host destination 2001 db8 8a2e 7334 with the SNMPv2c community name private use the following command awplus configure terminal awplus config snmp server host version 2c private2001...

Страница 1671: ...ect the administrative state of the interface Syntax snmp server legacy ifadminstatus no snmp server legacy ifadminstatus Default Legacy ifAdminStatus is turned off by default so by default the SNMP i...

Страница 1672: ...o variant of this command removes the configured location from the system Syntax snmp server location location name no snmp server location Mode Global Configuration Example To set the location to ser...

Страница 1673: ...e of the traps and informs messages Mode Global Configuration Usage An SNMP trap or inform message that is sent from an SNMP server carries the notification IP address of its originating interface Use...

Страница 1674: ...delay time no snmp server startup trap delay Default The SNMP server trap delay time is 30 seconds The no variant restores the default Mode Global Configuration Example To delay the device sending SN...

Страница 1675: ...words must be the same for both entities Use the encrypted parameter when you want to enter already encrypted passwords in encrypted form as displayed in the running and startup configs stored on the...

Страница 1676: ...command To enter existing SNMP user authuser with existing passwords as a member of group newusergroup with authentication protocol md5 plus the encrypted authentication password 0x1c74b9c22118291b0c...

Страница 1677: ...C613 50163 01 Rev C Command Reference for GS970M Series 1677 AlliedWare Plus Operating System Version 5 4 7 0 x SNMP COMMANDS SNMP SERVER USER Related Commands show snmp server user snmp server view...

Страница 1678: ...removes the specified view on the device The view must already exist Syntax snmp server view view name mib name included excluded no snmp server view view name Mode Global Configuration Examples The...

Страница 1679: ...Rev C Command Reference for GS970M Series 1679 AlliedWare Plus Operating System Version 5 4 7 0 x SNMP COMMANDS UNDEBUG SNMP undebug snmp Overview This command applies the functionality of the no debu...

Страница 1680: ...network information gathered using LLDP is transferred to a Network Management System by SNMP For security reasons we recommend using SNMPv3 for this purpose see the SNMP Feature Overview and Configur...

Страница 1681: ...location identifier on page 1708 location civic location id on page 1709 location coord location configuration on page 1710 location coord location identifier on page 1712 location coord location id...

Страница 1682: ...pplied LLDP statistics for all ports are cleared Syntax clear lldp statistics interface port list Mode Privileged Exec Examples To clear the LLDP statistics on ports 1 0 1 and 1 0 6 use the command aw...

Страница 1683: ...r information is cleared for all ports Syntax clear lldp table interface port list Mode Privileged Exec Examples To clear the table of neighbor information received on ports 1 0 1 and 1 0 6 use the co...

Страница 1684: ...peration no debug lldp all Default By default no debug is enabled for any ports Mode Privileged Exec Examples To enable debugging of LLDP receive on ports 1 0 1 and 1 0 6 use the command awplus debug...

Страница 1685: ...63 01 Rev C Command Reference for GS970M Series 1685 AlliedWare Plus Operating System Version 5 4 7 0 x LLDP COMMANDS DEBUG LLDP Related Commands show debugging lldp show running config lldp terminal...

Страница 1686: ...detects a new LLDP MED capable device The no variant of this command resets the LLDPD MED fast start count to the default 3 Syntax lldp faststart count 1 10 no lldp faststart count Default The default...

Страница 1687: ...multiplier Default The default holdtime multiplier value is 4 Mode Global Configuration Usage The Time To Live defines the period for which the information advertised to the neighbor is valid If the...

Страница 1688: ...e MAC address of the device s baseboard if no VLAN IP addresses are configured for the port Mode Interface Configuration Usage To see the management address that will be advertised use the show lldp i...

Страница 1689: ...ications relating to the specified ports Syntax lldp med notifications no lldp med notifications Default The sending of LLDP MED notifications is disabled by default Mode Interface Configuration Examp...

Страница 1690: ...olicy location inventory management lldp med tlv select all no lldp med tlv select capabilities network policy location inventory management no lldp med tlv select all Parameter Description capabiliti...

Страница 1691: ...ory TLV Set in advertisements transmitted via ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp med tlv select inventor...

Страница 1692: ...TLV SELECT Related Commands lldp tlv select location elin location id location civic location identifier location civic location configuration location coord location identifier location coord locati...

Страница 1693: ...ied to LLDP MED advertisements according to ANSI TIA 1057 and LLDP MED TLVs in non standard order are discarded Mode Global Configuration Usage The ANSI TIA 1057 specifies standard order for TLVs in L...

Страница 1694: ...ant of this command sets the notification interval back to its default Syntax lldp notification interval 5 3600 no lldp notification interval Default The default notification interval is 5 seconds Mod...

Страница 1695: ...otifications Default The sending of LLDP SNMP notifications is disabled by default Mode Interface Configuration Examples To enable sending of LLDP SNMP notifications for ports 1 0 1 and 1 0 6 use the...

Страница 1696: ...ult port identifier type is number The no variant of this command sets the port identifier type to the default Mode Global Configuration Examples To set the type of port identifier used to enumerate L...

Страница 1697: ...is command sets the reinitialization delay back to its default setting Syntax lldp reinit 1 10 no lldp reinit Default The default reinitialization delay is 2 seconds Mode Global Configuration Examples...

Страница 1698: ...riant of this command disables the operation of LLDP on the device The LLDP configuration remains unchanged Syntax lldp run no lldp run Default LLDP is disabled by default Mode Global Configuration Ex...

Страница 1699: ...ntax lldp timer 5 32768 no lldp timer Default The default transmit interval is 30 seconds Mode Global Configuration Examples To set the transmit interval to 90 seconds use the commands awplus configur...

Страница 1700: ...his command disables the specified optional TLVs or all optional TLVs for transmission in LLDP advertisements via the specified ports Syntax lldp tlv select tlv lldp tlv select all no lldp tlv select...

Страница 1701: ...commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp tlv select all To exclude the management address and system name TLVs from advertisements transmitt...

Страница 1702: ...ransmission of LLDP advertisements on ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp transmit To enable LLDP adverti...

Страница 1703: ...its default setting Syntax lldp tx delay 1 8192 no lldp tx delay Default The default transmission delay timer is 2 seconds Mode Global Configuration Examples To set the transmission delay timer to 12...

Страница 1704: ...to delete civic address parameters from the location Syntax country country state state no state county county no county city city no city division division no division neighborhood neighborhood no n...

Страница 1705: ...l community name postal community name no postal community name post office box post office box no post office box additional code additional code no additional code seat seat no seat primary road nam...

Страница 1706: ...ng street direction CA Type 16 trailing street suffix Trailing street suffix CA Type 17 street suffix Street suffix CA Type 18 street suffix or type house number House number CA Type 19 house number s...

Страница 1707: ...ess location For more information about civic address format see the LLDP Feature Overview and Configuration Guide To specify the civic address location use the location civic location identifier comm...

Страница 1708: ...s civic address location identifier use the location civic location configuration command To associate this civic location identifier with particular ports use the location elin location id command Up...

Страница 1709: ...port can be transmitted in Location Identification TLVs via the port Before using this command create the location using the following commands location civic location identifier command location civ...

Страница 1710: ...as 34 bit fixed point binary numbers with a 25 bit fractional part irrespective of the number of digits entered by the user Likewise Parameter Description lat resolution Latitude resolution as a numb...

Страница 1711: ...arch area To specify the coordinate identifier use the location coord location identifier command To remove coordinate information delete the coordinate location by using the no variant of that comman...

Страница 1712: ...or each type of location information up to a total of 1200 locations To configure this coordinate location use the location coord location configuration command To associate this coordinate location w...

Страница 1713: ...can be transmitted in Location Identification TLVs via the port Before using this command configure the location using the following commands location coord location identifier command location coord...

Страница 1714: ...to a total of 1200 locations To assign this ELIN location to particular ports so that it can be advertised in TLVs from those ports use the location elin location id command Examples To create a new E...

Страница 1715: ...Configuration Usage An ELIN location associated with a port can be transmitted in Location Identification TLVs via the port Before using this command configure the location using the location elin lo...

Страница 1716: ...ugging lldp interface port1 0 1 1 0 6 Output Figure 45 1 Example output from the show debugging lldp command Parameter Description port list The ports for which the LLDP debug settings are shown LLDP...

Страница 1717: ...C613 50163 01 Rev C Command Reference for GS970M Series 1717 AlliedWare Plus Operating System Version 5 4 7 0 x LLDP COMMANDS SHOW DEBUGGING LLDP Related Commands debug lldp...

Страница 1718: ...secs Reinitialization Delay 2 secs 2 Tx Delay 2 secs 2 Port Number Type Ifindex Port Number Fast Start Count 5 3 LLDP Global Status Total Neighbor Count 47 Neighbors table last updated 0 hrs 0 mins 4...

Страница 1719: ...ue to a change in LLDP local information Port Number Type The type of port identifier used to enumerate LLDP MIB local port entries as set by the lldp port number type command Fast Start Count The num...

Страница 1720: ...is inactive on this port because it is a mirror analyser port Notification Abbreviations RC LLDP Remote Tables Change TC LLDP MED Topology Change TLV Abbreviations Base Pd Port Description Sn System N...

Страница 1721: ...nge Notification Management Addr Management address advertised to neighbors Base TLVs Enabled for Tx List of optional Base TLVs enabled for transmission Pd Port Description Sn System Name Sd System De...

Страница 1722: ...ldp transmit receive command which TLVs it is configured to send lldp tlv select command lldp med tlv select command Examples To display local information transmitted via port 1 0 1 use the command aw...

Страница 1723: ...Ability Disabled Power Class Unknown Link Aggregation Supported Disabled Maximum Frame Size 1522 LLDP MED Device Type Network Connectivity LLDP MED Capabilities LLDP MED Capabilities Network Policy Lo...

Страница 1724: ...tem description System Capabilities Supported Capabilities that the local port supports System Capabilities Enabled Enabled capabilities on the local port Management Addresses Management address assoc...

Страница 1725: ...ze capability of the implemented MAC and PHY LLDP MED Device Type LLDP MED device type LLDP MED Capabilities Capabilities LLDP MED capabilities supported on the local port Network Policy List of netwo...

Страница 1726: ...s description interface hostname lldp transmit receive Power Value The total power the switch can source over a maximum length cable to a PD device on the port The value shows the power value in Watts...

Страница 1727: ...p neighbors interface port1 0 1 port1 0 6 Output Figure 45 4 Example output from the show lldp neighbors command Parameter Description port list The ports for which the neighbor information is to be s...

Страница 1728: ...al Port Local port on which the neighbor information was received Neighbor Chassis ID Chassis ID that uniquely identifies the neighbor Neighbor Port Name Port ID of the neighbor Neighbor Sys Name Syst...

Страница 1729: ...lldp neighbors detail base dot1 dot3 med interface port list Mode User Exec and Privileged Exec Examples To display detailed neighbor information received via all ports use the command awplus show ll...

Страница 1730: ...ID 1 Port Protocol VLAN Supported Yes Enabled Yes VIDs 5 VLAN Names default vlan5 Protocol IDs 9000 0026424203000000 888e01 8100 88090101 00540000e302 0800 0806 86dd MAC PHY Auto negotiation Supported...

Страница 1731: ...ported Capabilities that the neighbor supports System Capabilities Enabled Capabilities that are enabled on the neighbor Management Addresses List of neighbor s management addresses Port VLAN ID PVID...

Страница 1732: ...ximum frame size capability LLDP MED Device Type LLDP MED Device type LLDP MED Capabilities LLDP MED capabilities supported Network Policy List of network policies Location Identification Location inf...

Страница 1733: ...23 In Errored 0 In Dropped 0 TLVs Unrecognized 0 Discarded 0 Neighbors New Entries 20 Deleted Entries 20 Dropped Entries 0 Entry Age outs 20 Table 49 Parameters in the output of the show lldp statisti...

Страница 1734: ...neighbors has been removed from the neighbor table Neighbors Dropped Entries Number of times the information advertised by neighbors could not be entered into the neighbor table because of insufficie...

Страница 1735: ...tistics interface To display LLDP statistics information for ports 1 0 1 and 1 0 6 use the command awplus show lldp statistics interface port1 0 1 port1 0 6 Output Parameter Description port list The...

Страница 1736: ...ognized Number of LLDP TLVs received that are not recognized but the TLV type is in the range of reserved TLV types TLVs Discarded Number of LLDP TLVs discarded for any reason Neighbors New Entries Nu...

Страница 1737: ...civic location interface port1 0 1 To display coordinate location information configured on the identifier 1 use the command awplus show location coord location identifier 1 Parameter Description civi...

Страница 1738: ...elin location id location civic location identifier location civic location configuration location coord location identifier location coord location configuration location elin location Table 53 Examp...

Страница 1739: ...ence for commands used to configure SMTP For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug...

Страница 1740: ...ding emails The no variant of this command turns off debugging for sending emails Syntax debug mail no debug mail Mode Privileged Exec Examples To turn on debugging for sending emails use the command...

Страница 1741: ...s To delete a unique mail item 20060912142356 1234 from the queue use the command awplus delete mail 20060912142356 1234 To delete all mail from the queue use the command awplus delete mail all Relate...

Страница 1742: ...d a mail server using the mail smtpserver command Syntax mail to to subject subject file filename Mode Privileged Exec Example To send an email to rei nerv comwith the subject dummy plug configuration...

Страница 1743: ...mmand You must specify a sending email address with this command before you can send any email Syntax mail from from Mode Global Configuration Example To set the email address from which you are sendi...

Страница 1744: ...ice sends email to You must specify a mail server with this command before you can send any email Syntax mail smtpserver ip address Mode Global Configuration Example To specify a mail server at 192 16...

Страница 1745: ...t from the show counter mail command Example To show the emails in the queue use the command awplus show counter mail Related Commands debug mail delete mail mail mail from show mail Mail Client SMTP...

Страница 1746: ...ing System Version 5 4 7 0 x SMTP COMMANDS SHOW MAIL show mail Overview This command displays the emails in the queue Syntax show mail Mode Privileged Exec Example To display the emails in the queue u...

Страница 1747: ...Rev C Command Reference for GS970M Series 1747 AlliedWare Plus Operating System Version 5 4 7 0 x SMTP COMMANDS UNDEBUG MAIL undebug mail Overview This command applies the functionality of the no debu...

Страница 1748: ...N Feature Overview and Configuration Guide RMON is disabled by default in AlliedWare Plus No RMON alarms or events are configured For information on filtering and saving command output see the Getting...

Страница 1749: ...The variable SNMP MIB Object Identifier OID name to be monitored in the format etherStatsEntry field stats index For example etherStatsEntry 5 22 is the OID for the etherStatsPkts field in the etherS...

Страница 1750: ...value with the form etherStatsEntry field stats index for example etherStatsEntry 22 5 Example To configure an alarm to monitor the change per minute in the etherStatsPkt value for interface 22 define...

Страница 1751: ...history index buckets 1 65535 interval 1 3600 owner owner no rmon collection history history index Default The default interval is 1800 seconds and the default buckets is 50 buckets Mode Interface Con...

Страница 1752: ...collection stats collection index Default RMON statistics are not enabled by default Mode Interface Configuration Example To enable the collection of RMON statistics with a statistics index of 200 use...

Страница 1753: ...x log description description owner owner trap trap rmon event event index log trap description description owner owner no rmon event event index Default No event is configured by default Mode Global...

Страница 1754: ...alarm Overview Use this command to display the alarms and threshold configured for the RMON probe NOTE Only the alarms for switch port interfaces not for VLAN interfaces can be shown Syntax show rmon...

Страница 1755: ...lowing etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts etherStatsOversizePkts etherStatsFragments etherS...

Страница 1756: ...ce for GS970M Series 1756 AlliedWare Plus Operating System Version 5 4 7 0 x RMON COMMANDS SHOW RMON EVENT Example To display the events configured for the RMON probe use this command awplus show rmon...

Страница 1757: ...utput from the show rmon history command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizeP...

Страница 1758: ...Operating System Version 5 4 7 0 x RMON COMMANDS SHOW RMON HISTORY etherStatsPkts1024to1518Octets Example To display the parameters specified on all the currently defined RMON history collections us t...

Страница 1759: ...m the show rmon statistics command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts et...

Страница 1760: ...63 01 Rev C Command Reference for GS970M Series 1760 AlliedWare Plus Operating System Version 5 4 7 0 x RMON COMMANDS SHOW RMON STATISTICS etherStatsPkts1024to1518Octets Related Commands rmon collecti...

Страница 1761: ...hostkey on page 1765 crypto key destroy userkey on page 1766 crypto key generate hostkey on page 1767 crypto key generate userkey on page 1769 crypto key pubkey chain knownhosts on page 1770 crypto k...

Страница 1762: ...ow ssh server deny users on page 1792 ssh on page 1793 ssh client on page 1795 ssh server on page 1797 ssh server allow users on page 1799 ssh server authentication on page 1801 ssh server deny users...

Страница 1763: ...nd of your message to save the text and re enter the normal command line mode The banner message is preserved if the device restarts The no variant of this command deletes the login banner from the de...

Страница 1764: ...ly delete an SSH session if you are a system manager or the user who initiated the session If all is specified then all active SSH sessions are deleted Syntax clear ssh 1 65535 all Mode Privileged Exe...

Страница 1765: ...key generate hostkey command to generate that key before you enable the SSH server Syntax crypto key destroy hostkey dsa ecdsa rsa rsa1 Mode Global Configuration Example To destroy the RSA host key u...

Страница 1766: ...A user key for the SSH user remoteuser use the commands awplus configure terminal awplus config crypto key destroy userkey remoteuser rsa Related Commands crypto key generate hostkey show ssh show cry...

Страница 1767: ...ey generate hostkey dsa 768 1024 crypto key generate hostkey rsa rsa1 768 32768 crypto key generate hostkey ecdsa 256 384 Default The default key length for RSA and DSA is 1024 bits The default key si...

Страница 1768: ...5 4 7 0 x SECURE SHELL SSH COMMANDS CRYPTO KEY GENERATE HOSTKEY To generate an ECDSA host key with an elliptic curve size of 384 bits use the commands awplus configure terminal awplus config crypto k...

Страница 1769: ...tions for the user bob use the commands awplus configure terminal awplus config crypto key generate userkey bob rsa 2048 To generate a DSA user key for the user lapo use the commands awplus configure...

Страница 1770: ...ipv6 hostname rsa dsa rsa1 no crypto key pubkey chain knownhosts 1 65535 Default If no cryptography algorithm is specified then rsa is used as the default cryptography algorithm Mode Privilege Exec Us...

Страница 1771: ...the remote server then SSH clients will inform the user that the public key of the server is altered or unknown Examples To add the RSA host key of the remote SSH host IPv4 address 192 0 2 11 to the k...

Страница 1772: ...as text into the terminal To add a key as text into the terminal first enter the command crypto key pubkey chain userkey username and hit Enter Enter the key as text Note that the key you enter as tex...

Страница 1773: ...hain userkey joeType CNTL D to finish AAAAB3NzaC1yc2EAAAABIwAAAIEAr1s7SokW5aW2fcOw1TStpb9J20b WluhnUC768EoWhyPW6FZ2t5360O5M29EpKBmGqlkQaz5V0mU9IQe66 5YyD4Ux OKSDtTI 7jtjDcoGWHb2u4sFwRpXwJZcgYrXW16 6Nv...

Страница 1774: ...s the SSH client from generating diagnostic debugging message Syntax debug ssh client brief full no debug ssh client Default SSH client debugging is disabled by default Mode Privileged Exec and Global...

Страница 1775: ...debugging facility This stops the SSH server from generating diagnostic debugging messages Syntax debug ssh server brief full no debug ssh server Default SSH server debugging is disabled by default M...

Страница 1776: ...essions use the clear ssh command Syntax service ssh ip ipv6 no service ssh ip ipv6 Default The Secure Shell server is disabled by default Both IPv4 and IPv6 Secure Shell server are enabled when you i...

Страница 1777: ...r GS970M Series 1777 AlliedWare Plus Operating System Version 5 4 7 0 x SECURE SHELL SSH COMMANDS SERVICE SSH Related Commands crypto key generate hostkey show running config ssh show ssh server ssh s...

Страница 1778: ...mmand displays the banner message configured on the device The banner message is displayed to the remote user before user authentication starts Syntax show banner login Mode User Exec Privileged Exec...

Страница 1779: ...ey hostkey dsa ecdsa rsa rsa1 Mode User Exec Privileged Exec and Global Configuration Examples To show the public keys generated on the device for SSH server use the command awplus show crypto key hos...

Страница 1780: ...HELL SSH COMMANDS SHOW CRYPTO KEY HOSTKEY Related Commands crypto key destroy hostkey crypto key generate hostkey Table 1 Parameters in output of the show crypto key hostkey command Parameter Descript...

Страница 1781: ...se the command awplus show crypto key pubkey chain knownhosts 1 Output Figure 48 2 Example output from the show crypto key public chain knownhosts command Related Commands crypto key pubkey chain know...

Страница 1782: ...at are registered with the SSH server use the command awplus show crypto key pubkey chain userkey manager Output Figure 48 3 Example output from the show crypto key public chain userkey command Relate...

Страница 1783: ...a pub Output Figure 48 4 Example output from the show crypto key userkey command Related Commands crypto key generate userkey Parameter Description username User name of the local SSH user whose keys...

Страница 1784: ...192 168 1 ssh server allow users john ssh server deny user john a company com ssh server Table 5 Parameters in the output of the show running config ssh command Parameter Description ssh server SSH se...

Страница 1785: ...RE SHELL SSH COMMANDS SHOW RUNNING CONFIG SSH Related Commands service ssh show ssh server ssh server allow users Add the user and hostname to the allow list ssh server deny users Add the user and hos...

Страница 1786: ...sh command Secure Shell Sessions ID Type Mode Peer Host Username State Filename 414 ssh server 172 16 23 1 root open 456 ssh client 172 16 23 10 manager user auth 459 scp client 172 16 23 12 root down...

Страница 1787: ...ce has accepted a new session host auth host to host authentication is in progress user auth User authentication is in progress authenticated User authentication is complete open The session is in pro...

Страница 1788: ...ient Output Figure 48 7 Example output from the show ssh client command Related Commands show ssh server Secure Shell Client Configuration Port 22 Version 2 1 Connect Timeout 30 seconds Session Timeou...

Страница 1789: ...e Shell Server Configuration SSH Server Enabled Port 22 Version 2 Services scp sftp User Authentication publickey password Resolve Hosts Disabled Session Timeout 0 Off Login Timeout 60 seconds Maximum...

Страница 1790: ...seconds that the SSH server will wait to receive data from the SSH client The server disconnects if this timer limit is reached If set at 0 the idle timer remains off Maximum Startups The maximum numb...

Страница 1791: ...er use the command awplus show ssh server allow users Output Figure 48 9 Example output from the show ssh server allow users command Related Commands ssh server allow users ssh server deny users Usern...

Страница 1792: ...lobal Configuration Example To display the user entries in the deny list of the SSH server use the command awplus show ssh server deny users Output Figure 48 10 Example output from the show ssh server...

Страница 1793: ...sername is used for login to the remote SSH server when user authentication is required Otherwise the current user name is used username User name to login on the remote server port SSH server port If...

Страница 1794: ...the command awplus ssh ip user manager 192 0 2 5 To login to the remote SSH server at 192 0 2 5 that is listening TCP port 2000 use the command awplus ssh port 2000 192 0 2 5 To login to the remote S...

Страница 1795: ...session timeout 0 3600 connect timeout 1 600 no ssh client port version session timeout connect timeout Parameter Description port The default TCP port of the remote SSH server If an SSH client specif...

Страница 1796: ...ion timeout 600 To configure the connect timeout of SSH client to 10 seconds use the command awplus ssh client connect timeout 10 To restore the connect timeout to its default use the command awplus n...

Страница 1797: ...ports both SSHv2 and SSHv1client connections Default v1v2 v2only Supports SSHv2 client connections only 1 65535 The TCP port number that the server listens to for incoming SSH sessions Default 22 sess...

Страница 1798: ...ections waiting authentication from SSH server to 3 use the commands awplus configure terminal awplus config ssh server max startups To set max startups parameters of SSH server to the default configu...

Страница 1799: ...existing entry Syntax ssh server allow users username pattern hostname pattern no ssh server allow users username pattern hostname pattern Mode Global Configuration Examples To allow the user john to...

Страница 1800: ...0 x SECURE SHELL SSH COMMANDS SSH SERVER ALLOW USERS To delete the existing user entry john 192 168 1 in the allow list use the commands awplus configure terminal awplus config no ssh server allow use...

Страница 1801: ...rver authentication password publickey no ssh server authentication password publickey Default Both RSA public key authentication and password authentication are enabled by default Mode Global Configu...

Страница 1802: ...authentication for users connecting through SSH use the commands awplus configure terminal awplus config no ssh server authentication password To disable publickey authentication for users connecting...

Страница 1803: ...rver deny users username pattern hostname pattern Mode Global Configuration Examples To deny the user john to access SSH login from any host use the commands awplus configure terminal awplus config ss...

Страница 1804: ...0 x SECURE SHELL SSH COMMANDS SSH SERVER DENY USERS To delete the existing user entry john 192 168 2 in the deny list use the commands awplus configure terminal awplus config no ssh server deny users...

Страница 1805: ...o its default value of 6 Syntax ssh server max auth tries 1 32 no ssh server max auth tries Default 6 attempts Mode Global Configuration Usage By default users must wait one second after a failed logi...

Страница 1806: ...no variant of this command disables this feature Syntax ssh server resolve hosts no ssh server resolve hosts Default This feature is disabled by default Mode Global Configuration Usage Your device ha...

Страница 1807: ...e device accepts SCP connections The SCP service is enabled by default as soon as the SSH server is enabled The no variant of this command disables the SCP service on the SSH server Once disabled SCP...

Страница 1808: ...ns The SFTP service is enabled by default as soon as the SSH server is enabled If the SSH server is disabled SFTP service is unavailable The no variant of this command disables SFTP service on the SSH...

Страница 1809: ...eference for GS970M Series 1809 AlliedWare Plus Operating System Version 5 4 7 0 x SECURE SHELL SSH COMMANDS UNDEBUG SSH CLIENT undebug ssh client Overview This command applies the functionality of th...

Страница 1810: ...eference for GS970M Series 1810 AlliedWare Plus Operating System Version 5 4 7 0 x SECURE SHELL SSH COMMANDS UNDEBUG SSH SERVER undebug ssh server Overview This command applies the functionality of th...

Страница 1811: ...output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active trigger on page 1813 day on page 1814 debug trigger on page 1816 description trigger o...

Страница 1812: ...S970M Series 1812 AlliedWare Plus Operating System Version 5 4 7 0 x TRIGGER COMMANDS type memory on page 1840 type periodic on page 1841 type ping poll on page 1842 type reboot on page 1843 type time...

Страница 1813: ...o active Mode Trigger Configuration Usage Configure a trigger first before you use this command to activate it Forinformationaboutconfiguringatrigger seethe TriggersFeatureOverviewand Configuration Gu...

Страница 1814: ...Port LEDs in the Triggers Feature Overview and Configuration Guide Examples To permit trigger 55 to activate on the 1 October 2016 use the commands awplus configure terminal awplus config trigger 55...

Страница 1815: ...erating System Version 5 4 7 0 x TRIGGER COMMANDS DAY To permit trigger 12 to activate on a Mondays Wednesdays and Fridays use the commands awplus configure terminal awplus config trigger 12 awplus co...

Страница 1816: ...d messages about how your device is processing the trigger commands and activating the triggers The no variant of this command disables trigger debugging Syntax debug trigger no debug trigger Mode Pri...

Страница 1817: ...or this trigger Syntax description description no description Mode Trigger Configuration Examples To give trigger 240 the description daily status report use the commands awplus configure terminal awp...

Страница 1818: ...limited number of times To reset a trigger to this default specify either yes or forever Syntax repeat forever no once yes 1 4294967294 Mode Trigger Configuration Examples To allow trigger 21 to activ...

Страница 1819: ...ir position in the script list The all parameter removes all scripts from the trigger Syntax script 1 5 filename no script 1 5 filename all Mode Trigger Configuration Examples To configure trigger 71...

Страница 1820: ...sh cpu_trig sh from trigger 71 s script list use the commands awplus configure terminal awplus config trigger 71 awplus config trigger no script flash cpu_trig sh To remove all the scripts from trigge...

Страница 1821: ...r off from the debug trigger command Syntax show debugging trigger Mode User Exec and Privileged Exec Example To display the current configuration of trigger debugging use the command awplus show debu...

Страница 1822: ...mand displays the current running configuration of the trigger utility Syntax show running config trigger Mode Privileged Exec Example To display the current configuration of the trigger utility use t...

Страница 1823: ...ion about all triggers full Displays detailed information about all triggers Table 1 Example output from the show trigger command awplus show trigger TR Type Details Name Ac Te Tr Repeat Scr Days Date...

Страница 1824: ...e number of times a trigger has activated use the show trigger 1 250 command Scr Number of scripts associated with the trigger Days Date Days or date when the trigger may be activated For the days opt...

Страница 1825: ...vation not activated Number of scripts 0 1 not configured 2 not configured 3 not configured 4 not configured 5 not configured Trigger 2 Description no description Type and details Card out Days smtwtf...

Страница 1826: ...ontinuous or for a set number of times When the trigger can repeat only a set number of times then the number of times the trigger has been activated is displayed in brackets Modified The date and tim...

Страница 1827: ...r has been activated Time triggers activated today Number of times a time trigger has been activated today Periodic triggers activated today Number of times a periodic trigger has been activated today...

Страница 1828: ...activates the scripts associated with the trigger will be run as normal Syntax test no test Mode Trigger Configuration Usage Configure a trigger first before you use this command to diagnose it For i...

Страница 1829: ...t midnight during which the trigger may activate By default the value of this parameter is 23 59 59 that is the trigger may activate at any time If the value specified for before is later than the val...

Страница 1830: ...rigger 63 to activate between midnight and 10 30am use the commands awplus configure terminal awplus config trigger 63 awplus config trigger time before 10 30 00 To allow trigger 64 to activate betwee...

Страница 1831: ...ich MIB objects are supported the SNMP Feature Overview and Configuration_Guide the SNMP Commands chapter Since SNMP traps are enabled by default for all defined triggers a common usage will be for th...

Страница 1832: ...onal parameters can be specified At a minimum the trigger type information must be specified before the trigger can become active The no variant of this command removes a specified trigger and all con...

Страница 1833: ...e This command manually activates a trigger without the normal trigger conditions being met The trigger is activated even if it is configured as inactive The scripts associated with the trigger will b...

Страница 1834: ...config trigger 5 node1 config trigger type atmf node leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set nod...

Страница 1835: ...er This command returns the following display Display the triggers configured on each of the nodes in the AMF Network AMF Net 3 show running config trigger This command returns the following display n...

Страница 1836: ...4 7 0 x TRIGGER COMMANDS TYPE ATMF NODE Related Commands show trigger Node1 trigger 1 type periodic 2 script 1 atmf scp trigger 5 type atmf node leave description E mail on ATMF Exit script 1 email_m...

Страница 1837: ...configuration card triggers are activated on the master for either the insertion or removal of a card on the master only For example trigger configurations that use the type card command see Capture...

Страница 1838: ...M Activity in the Triggers Feature Overview and Configuration Guide Examples To configure trigger 28 to be a CPU trigger that activates when CPU usage exceeds 80 use the following commands awplus conf...

Страница 1839: ...one of these events occurs by using the any option Syntax type interface interface up down any Mode Trigger Configuration Example To configure trigger 19 to be an interface trigger that activates when...

Страница 1840: ...memory trigger that activates when memory usage exceeds 50 use the following commands awplus configure terminal awplus config trigger 12 awplus config trigger type memory 50 up To configure trigger 40...

Страница 1841: ...configured If you attempt to add more than 10 triggers the following error message is displayed For an example trigger configuration that uses the type periodic command see See Daily Statistics in the...

Страница 1842: ...e or unreachable Syntax type ping poll 1 100 up down Mode Trigger Configuration Example To configure trigger 106 to activate when ping poll 12 detects that its target device is now unreachable use the...

Страница 1843: ...Overview This command configures a trigger that activates when your device is rebooted Syntax type reboot Mode Trigger Configuration Example To configure trigger 32 to activate when your device reboo...

Страница 1844: ...d limit of 10 triggers of the type time and type periodic can be configured If you attempt to add more than 10 triggers the following error message is displayed Example To configure trigger 86 to acti...

Страница 1845: ...Command Reference for GS970M Series 1845 AlliedWare Plus Operating System Version 5 4 7 0 x TRIGGER COMMANDS UNDEBUG TRIGGER undebug trigger Overview This command applies the functionality of the no d...

Страница 1846: ...command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active ping polling on page 1848 clear ping poll on page 1849 critical interval on pag...

Страница 1847: ...ing on page 1852 fail count on page 1853 ip ping polling on page 1854 length ping poll data on page 1855 normal interval on page 1856 ping poll on page 1857 sample size on page 1858 show counter ping...

Страница 1848: ...olling is unreachable The no variant of this command disables a ping poll instance The polling instance no longer sends ICMP echo requests to the polled device This also resets all counters for this p...

Страница 1849: ...mmand The device status changes to reachable once the device responses have reached the up count Syntax clear ping poll 1 100 all Mode Privileged Exec Examples To reset the ping poll instance 12 use t...

Страница 1850: ...of one second Syntax critical interval 1 65536 no critical interval Default The default is 1 second Mode Ping Polling Configuration Examples To set the critical interval to 2 seconds for the ping poll...

Страница 1851: ...for the specified ping poll Syntax debug ping poll 1 100 no debug ping poll 1 100 all Mode Privileged Exec Examples To enable debugging for ping poll instance 88 use the command awplus debug ping poll...

Страница 1852: ...lete the description set Syntax description description no description Mode Ping Polling Configuration Examples To add the text Primary Gateway to describe the ping poll instance 45 use the commands a...

Страница 1853: ...e The no variant of this command resets the fail count to the default Syntax fail count 1 100 no fail count Default The default is 5 Mode Ping Polling Configuration Examples To specify the number of p...

Страница 1854: ...e 5 to poll the device with the IP address 192 168 0 1 use the commands awplus configure terminal awplus config ping poll 5 awplus config ping poll ip 192 168 0 1 To set ping poll instance 10 to poll...

Страница 1855: ...dropping packets of the size you are interested in The no variant of this command resets the data bytes to the default of 32 bytes Syntax length 4 1500 no length Default The default is 32 Mode Ping P...

Страница 1856: ...ng Configuration Examples To specify a time period of 60 seconds between pings when the device is reachable for ping poll instance 45 use the commands awplus configure terminal awplus config ping poll...

Страница 1857: ...nt the polling instance to poll It is not necessary to specify any further commands unless you want to change a command s default The no variant of this command deletes the specified ping poll Syntax...

Страница 1858: ...hat does not always reply to pings may be declared unreachable You cannot set this command s value lower than the fail count value The polling instance uses the number of pings specified by the up cou...

Страница 1859: ...erence for GS970M Series 1859 AlliedWare Plus Operating System Version 5 4 7 0 x PING POLLING COMMANDS SAMPLE SIZE Related Commands critical interval fail count normal interval ping poll show ping pol...

Страница 1860: ...displays the counters for the specified ping poll only If you do not specify a ping poll then this command displays counters for all ping polls Ping polling counters Ping poll 1 PingsSent 15 PingsFail...

Страница 1861: ...hile the target device is in the Up state This is a cumulative counter for multiple occurrences of the Up state PingsFailedDownState Number of unanswered pings while the target device is in the Down s...

Страница 1862: ...te Displays polling instances based on whether the device they are polling is currently reachable or unreachable up Displays polling instance where the device state is reachable down Displays polling...

Страница 1863: ...the polled device may be going down Critical Down The device is unreachable but the polling instance received a reply to the last ping packet so the polled device may be coming back up Destinatio n Th...

Страница 1864: ...ce is reachable Down The device is unreachable Critic a l Up The device is reachable but recently the polling instance has not received some ping replies so the polled device may be going down Critic...

Страница 1865: ...of pings that must be unanswered within the total number of pings specified by the sample size command for the polling instance to consider the device unreachable This is set using the fail count comm...

Страница 1866: ...address no source ip Mode Ping Polling Configuration Examples To configure the ping polling instance 43 to use the source IP address 192 168 0 1 in ping packets use the commands awplus configure term...

Страница 1867: ...and Reference for GS970M Series 1867 AlliedWare Plus Operating System Version 5 4 7 0 x PING POLLING COMMANDS SOURCE IP Related Commands description ping polling ip ping polling length ping poll data...

Страница 1868: ...timeout 1 30 no timeout Default The default is 1 second Mode Ping Polling Configuration Examples To specify the timeout as 5 seconds for ping poll instance 43 use the commands awplus configure termina...

Страница 1869: ...e Ping Polling Configuration Examples To set the upcount to 5 consecutive pings for ping polling instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping po...

Страница 1870: ...d Reference for GS970M Series 1870 AlliedWare Plus Operating System Version 5 4 7 0 x PING POLLING COMMANDS UNDEBUG PING POLL undebug ping poll Overview This command applies the functionality of the n...

Страница 1871: ...page 1872 debug sflow agent on page 1873 sflow agent address on page 1874 sflow collector address on page 1876 sflow collector max datagram size on page 1878 sflow enable on page 1879 sflow max heade...

Страница 1872: ...mpling and or polling debug is disabled Mode Privileged Exec Examples To enable sFlow debug messagelogging for polling and sampling on port1 0 1 and port1 0 7 use the commands awplus debug sflow inter...

Страница 1873: ...to particular ports For example sending an sFlow datagram to the collector The no variant of this command applies the command default Syntax debug sflow agent no debug sflow agent Default The sFlow ag...

Страница 1874: ...ion or deletion of VLAN interfaces each of which will have its own specific IP address Note that sFlow is rendered inactive whenever the agent address is not set The no variant of this command applies...

Страница 1875: ...C613 50163 01 Rev C Command Reference for GS970M Series 1875 AlliedWare Plus Operating System Version 5 4 7 0 x SFLOW COMMANDS SFLOW AGENT ADDRESS Related Commands show running config sflow show sflow...

Страница 1876: ...535 no sflow collector ip ipv6 port Default The collector address is 0 0 0 0 which renders sFlow inactive and the UDP port is 6343 Mode Global Configuration Examples To set the sFlow collector address...

Страница 1877: ...mmand awplus configure terminal awplus config sflow collector ipv6 2001 0db8 1 To remove the sFlow collector IPv6 address and leave the UDP port unchanged use the command awplus configure terminal awp...

Страница 1878: ...d resets the maximum datagram size to the default Syntax sflow collector max datagram size 200 1500 no sflow collector max datagram size Default 1400 bytes Mode Global Configuration Example To set the...

Страница 1879: ...tional status to active To activate sFlow the following conditions need to be met sFlow is enabled The sFlow agent address is set The sFlow collector address is set to a valid non zero IPv4 or IPv6 ad...

Страница 1880: ...ault Syntax sflow max header size 14 200 no sflow max header size Default The max header size is 128 bytes Mode Interface Configuration Usage The header size is measured from the first byte of the Eth...

Страница 1881: ...y this command will be included in the sFlow packet samples For example with the default of 128 applied up to 128 82 46 bytes of user data could be included in the sFlow datagram samples sent between...

Страница 1882: ...and The no variant of this command applies the default Syntax sflow polling interval 0 1 16777215 no sflow polling interval Default The polling interval is 0 polling disabled Mode Interface Configurat...

Страница 1883: ...received i e one in every 1000 frames sent from the specified port A value of 0 disables sampling on the specified port s The no variant of this command applies the default Syntax sflow sampling rate...

Страница 1884: ...and awplus show debugging sflow interface port1 0 1 1 0 9 Output Figure 51 1 Sample obtained for an sFlow agent To display sFlow debug settings for all ports use the command awplus show debugging sflo...

Страница 1885: ...0163 01 Rev C Command Reference for GS970M Series 1885 AlliedWare Plus Operating System Version 5 4 7 0 x SFLOW COMMANDS SHOW DEBUGGING SFLOW Related Commands show running config sflow show sflow inte...

Страница 1886: ...ow running config sflow Mode Privileged Exec and Global Configuration Example To display the sFlow running configuration information use the command awplus show running config sflow Output Figure 51 2...

Страница 1887: ...0 0 Collector UDP Port 6343 6343 Tx Max Datagram Size 1200 1400 sFlow Agent Status Polling sampling Tx Inactive because sFlow is disabled Agent Addr is not set Collector Addr is 0 0 0 0 Polling sampli...

Страница 1888: ...running config sflow show sflow interface Tx Max Datagram Size The maximum size of the sFlow datagrams sent to the collector Polling sampling Tx Whether sFlow sampling and or polling and hence sFlow d...

Страница 1889: ...System Version 5 4 7 0 x SFLOW COMMANDS SHOW SFLOW INTERFACE show sflow interface Overview This command displays sFlow agent sampling and polling configuration for specified ports Syntax show sflow in...

Страница 1890: ...and Reference for GS970M Series 1890 AlliedWare Plus Operating System Version 5 4 7 0 x SFLOW COMMANDS UNDEBUG SFLOW undebug sflow Overview This command applies the functionality of the no variant of...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды