manualshive.com logo in svg

Allied Telesis IX5-28GPX, Справочник по командам, Страница: 1715 / 2231

Поделиться
Скачать
Allied Telesis IX5-28GPX Скачать руководство пользователя страница 1715

C613-50152-01 Rev C

Command Reference for IX5-28GPX

1715

AlliedWare Plus™ Operating System - Version 5.4.7-0.x

A

LLIED

 T

ELESIS

 M

ANAGEMENT

 F

RAMEWORK

™ (AMF) C

OMMANDS

ATMF

 

SECURE

-

MODE

 

ENABLE

-

ALL

atmf secure-mode enable-all

Overview

Use this command to enable AMF secure mode on an entire network. AMF secure 
mode makes an AMF network more secure by:

Adding an authorization mechanism before an AMF member is allowed to 
join an AMF network.

The encryption of all AMF packets sent between AMF nodes.

Adding support for user login authentication by RADIUS or , and 
removing the requirement to have the same privileged user account in the 
local user database on all devices in the AMF network.

Adding additional logging which enables network administrators to monitor 
attempts to gain unauthorized access to the AMF network.

Once this command is run on an AMF network, the AMF masters and AMF 
controllers manage the addition of AMF nodes and AMF areas to the AMF network.

This command can only be run on an AMF master.

Use the 

no

 variant of this command to disable AMF secure mode on an entire 

network.

Syntax

atmf secure-mode enable-all

no atmf secure-mode enable-all

Default

Secure mode is disabled by default.

Mode

Privileged Exec

Usage

When an AMF network is running in AMF secure mode the 

atmf restricted-login

 

feature is automatically enabled. This restricts the 

atmf working-set

 command to 

users that are logged on to an AMF master. This feature cannot be disabled 
independently of secure mode.

When AMF secure mode is enabled the AMF controllers and masters in the AMF 
network form a group of certificate authorities. A node may only join a secure AMF 
network once it has been authorized by a master or controller. When enabled, all 
devices in the AMF network must be running in secure mode. Unsecured devices 
will not be able to join a secure AMF network.

Running 

atmf secure-mode enable-all

:

Groups all AMF members in a working set.

Executes 

clear atmf secure-mode certificates

 on the working set of members, 

which removes existing secure mode certificates from all the nodes.

Groups all the AMF masters in a working set.

Executes 

atmf authorize provision

 

all

 on the working set of masters, so all 

masters provision all nodes.

Groups all AMF nodes in a working set.

Содержание IX5-28GPX

Страница 1: ...C613 50152 01 Rev C IX5 28GPX HIGH AVAILABILITY HIGH POWER VIDEO SURVEILLANCE POE SWITCH Command Reference for AlliedWare Plus Version 5 4 7 0 x ...

Страница 2: ...duction and shipping costs and a CD with the GPL code will be mailed to you GPL Code Request Allied Telesis Labs Ltd PO Box 8011 Christchurch New Zealand Allied Telesis AlliedWare Plus Allied Telesis Management Framework EPSRing SwitchBlade VCStack and VCStack Plus are trademarks or registered trademarks in the United States and elsewhere of Allied Telesis Inc Microsoft and Internet Explorer are r...

Страница 3: ...enable Privileged Exec mode 79 end 81 exit 82 help 83 logout 84 show history 85 Chapter 2 File and Configuration Management Commands 86 Introduction 86 autoboot enable 90 boot config file 91 boot config file backup 93 boot system 94 boot system backup 96 cd 97 copy filename 98 copy current software 100 copy debug 101 copy running config 102 copy startup config 103 copy zmodem 104 create autoboot 1...

Страница 4: ...lear line console 140 clear line vty 141 enable password 142 enable secret 145 exec timeout 148 flowcontrol hardware asyn console 150 length asyn 152 line 153 privilege level 155 security password history 156 security password forced change 157 security password lifetime 158 security password minimum categories 159 security password minimum length 160 security password reject expired pwd 161 secur...

Страница 5: ...banner exec 198 banner login system 200 banner motd 202 clock set 204 clock summer time date 205 clock summer time recurring 207 clock timezone 209 continuous reboot prevention 210 ecofriendly led 212 ecofriendly lpi 213 findme 215 findme trigger 217 hostname 218 max fib routes 220 max static routes 221 no debug all 222 reboot 223 reload 224 show clock 225 show continuous reboot prevention 227 sho...

Страница 6: ...er monitoring interval 275 fiber monitoring sensitivity 276 show system fiber monitoring 278 show system pluggable 281 show system pluggable detail 283 show system pluggable diagnostics 286 show test cable diagnostics tdr 288 test cable diagnostics tdr interface 289 Chapter 8 Logging Commands 290 Introduction 290 clear exception log 292 clear log 293 clear log buffered 294 clear log permanent 295 ...

Страница 7: ...ing config log 364 Chapter 9 Scripting Commands 365 Introduction 365 activate 366 echo 367 wait 368 Chapter 10 Interface Commands 369 Introduction 369 description interface 370 interface to configure 371 mru 373 mtu 375 show interface 377 show interface brief 380 show interface memory 381 show interface status 383 shutdown 385 Chapter 11 Port Mirroring and Remote Mirroring Commands 386 Introductio...

Страница 8: ...ng time 428 mac address table logging 429 mac address table static 430 mac address table thrash limit 431 platform hwfilter size 432 platform load balancing 433 platform stop unreg mc flooding 435 platform vlan stacking tpid 437 polarity 438 show debugging loopprot 439 show debugging platform packet 440 show flowcontrol interface 441 show interface err disabled 442 show interface switchport 443 sh...

Страница 9: ...rt mode access 491 switchport mode private vlan 492 switchport mode private vlan trunk promiscuous 493 switchport mode private vlan trunk secondary 495 switchport mode trunk 497 switchport private vlan host association 498 switchport private vlan mapping 499 switchport trunk allowed vlan 500 switchport trunk native vlan 503 switchport vlan translation 504 switchport vlan translation default drop 5...

Страница 10: ...STP 564 spanning tree bpdu 565 spanning tree cisco interoperability MSTP 567 spanning tree edgeport RSTP and MSTP 568 spanning tree enable 569 spanning tree errdisable timeout enable 571 spanning tree errdisable timeout interval 572 spanning tree force version 573 spanning tree forward time 574 spanning tree guard root 575 spanning tree hello time 576 spanning tree link type 577 spanning tree max ...

Страница 11: ... lacp 625 Chapter 17 Power over Ethernet Commands 626 Introduction 626 clear power inline counters interface 628 debug power inline 629 power inline allow legacy 631 power inline description 632 power inline enable 633 power inline max 634 power inline priority 636 power inline usage threshold 638 service power inline 639 show debugging power inline 640 show power inline 641 show power inline coun...

Страница 12: ...y arp 694 ip proxy arp 695 ip redirects 696 local proxy arp 697 ip unreachables 698 optimistic nd 700 ping 701 show arp 702 show debugging ip packet 704 show ip interface 706 show ip sockets 707 show ip traffic 710 tcpdump 712 traceroute 713 undebug ip packet interface 714 Chapter 20 Domain Name Service DNS Commands 715 Introduction 715 clear ip dns forwarding cache 717 debug ip dns forwarding 718...

Страница 13: ...v6 nd other config flag 752 ipv6 nd prefix 753 ipv6 nd ra interval 755 ipv6 nd ra lifetime 756 ipv6 nd raguard 757 ipv6 nd reachable time 759 ipv6 nd retransmission time 760 ipv6 nd suppress ra 761 ipv6 neighbor 762 ipv6 opportunistic nd 763 ipv6 route 764 ipv6 unreachables 765 ping ipv6 766 show ipv6 forwarding 767 show ipv6 interface brief 768 show ipv6 neighbors 769 show ipv6 route 770 show ipv...

Страница 14: ...ption 813 ip igmp robustness variable 814 ip igmp snooping 815 ip igmp snooping fast leave 816 ip igmp snooping mrouter 817 ip igmp snooping querier 818 ip igmp snooping report suppression 819 ip igmp snooping routermode 820 ip igmp snooping tcn query solicit 822 ip igmp source address check 824 ip igmp ssm 825 ip igmp ssm map enable 826 ip igmp ssm map static 827 ip igmp static group 829 ip igmp ...

Страница 15: ...w debugging mld 876 show ipv6 mld groups 877 show ipv6 mld interface 878 show ipv6 mld snooping mrouter 879 show ipv6 mld snooping statistics 880 Chapter 25 Multicast Commands 881 Introduction 881 clear ip mroute 883 clear ip mroute statistics 884 clear ipv6 mroute 885 clear ipv6 mroute statistics 886 ipv6 multicast forward slow path packet 887 debug nsm mcast 888 debug nsm mcast6 889 ip mroute 89...

Страница 16: ...n 961 access list extended named 964 access list extended numbered 972 access list extended ICMP filter 974 access list extended IP filter 976 access list extended IP protocol filter 979 access list extended TCP UDP filter 983 access list standard named 986 access list standard numbered 988 access list standard named filter 990 access list standard numbered filter 992 clear ip prefix list 994 dos ...

Страница 17: ...t protocol 1064 match inner cos 1067 match inner vlan 1068 match ip precedence 1069 match mac type 1070 match tcp flags 1071 match vlan 1072 mls qos cos 1073 mls qos enable 1074 mls qos map cos queue to 1075 mls qos map premark dscp to 1076 no police 1078 police single rate action 1079 police twin rate action 1081 policy map 1083 priority queue 1084 remark map 1085 remark new cos 1087 service poli...

Страница 18: ...gging dot1x 1136 show dot1x 1137 show dot1x diagnostics 1140 show dot1x interface 1142 show dot1x sessionstatistics 1147 show dot1x statistics interface 1148 show dot1x supplicant 1149 show dot1x supplicant interface 1151 undebug dot1x 1154 Chapter 32 Authentication Commands 1155 Introduction 1155 auth auth fail vlan 1158 auth critical 1160 auth dynamic vlan creation 1161 auth guest vlan 1164 auth...

Страница 19: ...eb server page logo 1227 auth web server page sub title 1228 auth web server page success message 1229 auth web server page title 1230 auth web server page welcome message 1231 auth web server ping poll enable 1232 auth web server ping poll failcount 1233 auth web server ping poll interval 1234 auth web server ping poll reauth timer refresh 1235 auth web server ping poll timeout 1236 auth web serv...

Страница 20: ...n login 1291 aaa authorization commands 1293 aaa authorization config commands 1295 aaa group server 1296 aaa local authentication attempts lockout time 1298 aaa local authentication attempts max fail 1299 aaa login fail delay 1300 accounting login 1301 authorization commands 1302 clear aaa local user lockout 1304 debug aaa 1305 login authentication 1306 proxy port 1307 radius secure proxy aaa 130...

Страница 21: ...local radius all users deleted 1361 crypto pki enroll local user deleted 1362 crypto pki export local pem deleted 1363 crypto pki export local pkcs12 deleted 1364 crypto pki trustpoint local deleted 1365 debug crypto pki deleted 1366 domain style 1367 egress vlan id 1368 egress vlan name 1370 group 1372 nas 1373 radius secure proxy local server 1374 radius server local 1375 server auth port 1376 s...

Страница 22: ...tion commands 1419 aaa authorization config commands 1421 ip tacacs source interface 1422 show tacacs 1423 tacacs server host 1425 tacacs server key 1427 tacacs server timeout 1428 Chapter 38 DHCP Snooping Commands 1429 Introduction 1429 arp security 1431 arp security violation 1432 clear arp security statistics 1434 clear ip dhcp snooping binding 1435 clear ip dhcp snooping statistics 1436 debug ...

Страница 23: ...Introduction 1479 clear counter stack 1481 debug stack 1482 delete stack wide force 1483 mac address table vcs sync mode 1484 reboot rolling 1485 reload rolling 1486 remote command deleted 1487 remote login 1488 show counter stack 1489 show debugging stack 1493 show running config stack 1494 show provisioning stack 1495 show stack 1496 show stack detail 1498 show stack resiliencylink 1502 stack di...

Страница 24: ...ts 1556 undebug vrrp packet 1557 virtual ip 1558 virtual ipv6 1560 vrrp vmac 1562 Chapter 41 Ethernet Protection Switched Ring EPSRing Commands 1563 Introduction 1563 debug epsr 1565 epsr 1566 epsr configuration 1568 epsr datavlan 1569 epsr enhancedrecovery enable 1570 epsr mode master controlvlan primary port 1571 epsr mode transit controlvlan 1572 epsr priority 1573 epsr state 1574 epsr trap 157...

Страница 25: ...topology change 1624 trap G 8032 1626 undebug g8032 1627 PART 7 Network Management 1628 Chapter 43 Allied Telesis Management Framework AMF Commands 1629 Introduction 1629 area link 1634 atmf area 1636 atmf area password 1638 atmf authorize 1640 atmf authorize provision 1642 atmf backup 1644 atmf backup area masters delete 1645 atmf backup area masters enable 1646 atmf backup area masters now 1647 ...

Страница 26: ...se cert 1695 atmf provision node locate 1697 atmf reboot rolling 1698 atmf recover 1702 atmf recover guest 1704 atmf recover led off 1705 atmf remote login 1706 atmf restricted login 1708 atmf secure mode 1710 atmf secure mode certificate expire 1712 atmf secure mode certificate expiry 1713 atmf secure mode certificate renew 1714 atmf secure mode enable all 1715 atmf select area 1717 atmf virtual ...

Страница 27: ...tmf secure mode audit 1806 show atmf secure mode audit link 1807 show atmf secure mode certificates 1808 show atmf secure mode sa 1811 show atmf secure mode statistics 1814 show atmf tech 1816 show atmf virtual links 1819 show atmf working set 1821 show debugging atmf 1822 show debugging atmf packet 1823 show running config atmf 1824 state 1825 switchport atmf agentlink 1827 switchport atmf areali...

Страница 28: ...w counter dhcp client 1883 show counter dhcp relay 1884 show counter dhcp server 1887 show dhcp lease 1889 show ip dhcp binding 1891 show ip dhcp pool 1893 show ip dhcp relay 1897 show ip dhcp server statistics 1898 show ip dhcp server summary 1900 subnet mask 1901 Chapter 45 DHCP for IPv6 DHCPv6 Commands 1902 Introduction 1902 address prefix 1904 address range 1906 clear counter ipv6 dhcp client ...

Страница 29: ... 1967 show counter ntp deprecated 1968 show ntp associations 1969 show ntp counters 1971 show ntp counters associations 1973 show ntp status 1975 Chapter 47 SNMP Commands 1976 Introduction 1976 debug snmp 1978 show counter snmp server 1979 show debugging snmp 1983 show running config snmp 1984 show snmp server 1985 show snmp server community 1986 show snmp server group 1987 show snmp server user 1...

Страница 30: ...nit 2034 lldp run 2035 lldp timer 2036 lldp tlv select 2037 lldp transmit receive 2039 lldp tx delay 2040 location civic location configuration 2041 location civic location identifier 2045 location civic location id 2046 location coord location configuration 2047 location coord location identifier 2049 location coord location id 2050 location elin location 2051 location elin location id 2052 show ...

Страница 31: ...rypto key pubkey chain knownhosts 2107 crypto key pubkey chain userkey 2109 debug ssh client 2111 debug ssh server 2112 service ssh 2113 show banner login 2115 show crypto key hostkey 2116 show crypto key pubkey chain knownhosts 2118 show crypto key pubkey chain userkey 2119 show crypto key userkey 2120 show running config ssh 2121 show ssh 2123 show ssh client 2125 show ssh server 2126 show ssh s...

Страница 32: ... 2178 type reboot 2179 type stack disabled master 2180 type stack link 2181 type stack master fail 2182 type stack member 2183 type time 2184 type usb 2185 undebug trigger 2186 Chapter 53 Ping Polling Commands 2187 Introduction 2187 active ping polling 2189 clear ping poll 2190 critical interval 2191 debug ping poll 2192 description ping polling 2193 fail count 2194 ip ping polling 2195 length pin...

Страница 33: ...agent 2214 sflow agent address 2215 sflow collector address 2217 sflow collector max datagram size 2219 sflow enable 2220 sflow max header size 2221 sflow polling interval 2223 sflow sampling rate 2224 show debugging sflow 2225 show running config sflow 2227 show sflow 2228 show sflow interface 2230 undebug sflow 2231 ...

Страница 34: ...ended TCP UDP filter 1043 ipv6 access list standard filter 1047 named hardware ACL ICMP entry 936 named hardware ACL IP packet entry 940 named hardware ACL IP protocol entry 944 named hardware ACL MAC entry 950 named hardware ACL TCP or UDP entry 953 named IPv6 hardware ACL ICMP entry 1011 named IPv6 hardware ACL IP protocol entry 1019 named IPv6 hardware ACL IPv6 packet entry 1015 named IPv6 hard...

Страница 35: ...cation attempts max fail 1299 aaa login fail delay 1300 access group 914 access list extended numbered 972 access list numbered hardware ACL for ICMP 916 access list numbered hardware ACL for IP packets 920 access list numbered hardware ACL for IP protocols 923 access list numbered hardware ACL for MAC addresses 927 access list numbered hardware ACL for TCP or UDP 930 access list standard numbered...

Страница 36: ...rs now 1647 atmf backup area masters synchronize 1648 atmf backup bandwidth 1649 atmf backup delete 1650 atmf backup enable 1651 atmf backup guests delete 1652 atmf backup guests enable 1653 atmf backup guests now 1654 atmf backup guests synchronize 1655 atmf backup now 1656 atmf backup redundancy enable 1658 atmf backup server 1659 atmf backup stop 1661 atmf backup synchronize 1662 atmf backup 16...

Страница 37: ...n node license cert 1695 atmf provision node locate 1697 atmf provision 1686 atmf reboot rolling 1698 atmf recover guest 1704 atmf recover led off 1705 atmf recover 1702 atmf remote login 1706 atmf restricted login 1708 atmf secure mode certificate expire 1712 atmf secure mode certificate expiry 1713 atmf secure mode certificate renew 1714 atmf secure mode enable all 1715 atmf secure mode 1710 atm...

Страница 38: ... supplicant ip 1182 auth supplicant mac 1184 auth timeout connect timeout 1187 auth timeout quiet period 1189 auth timeout reauth period 1190 auth timeout server timeout 1192 auth timeout supp timeout 1194 auth two step enable 1196 authentication 1349 auth mac accounting 1199 auth mac authentication 1200 auth mac enable 1201 auth mac method 1203 auth mac password 1205 auth mac reauth relearning 12...

Страница 39: ...uccess message 1229 auth web server page title 1230 auth web server page welcome message 1231 auth web server ping poll enable 1232 auth web server ping poll failcount 1233 auth web server ping poll interval 1234 auth web server ping poll reauth timer refresh 1235 auth web server ping poll timeout 1236 auth web server port 1237 auth web server redirect delay time 1238 auth web server redirect url ...

Страница 40: ...unter ipv6 dhcp client 1908 clear counter ipv6 dhcp server 1909 clear counter stack 1481 clear exception log 292 clear g8032 erp instance statistics 1592 clear g8032 erp instance 1591 clear gvrp statistics 653 clear ip dhcp binding 1844 clear ip dhcp snooping binding 1435 clear ip dhcp snooping statistics 1436 clear ip dns forwarding cache 717 clear ip igmp group 792 clear ip igmp interface 793 cl...

Страница 41: ... address table static 411 clear mls qos interface policer counters 1056 clear ping poll 2190 clear port counter 412 clear port security intrusion 413 clear power inline counters interface 628 clear radius local server statistics 1355 clear spanning tree detected protocols RSTP and MSTP 529 clear spanning tree statistics 528 clear ssh 2101 clear test cable diagnostics tdr 268 clear test interface 3...

Страница 42: ... autoboot 105 critical interval 2191 crypto key destroy hostkey 2102 crypto key destroy userkey 2103 crypto key generate hostkey 2104 crypto key generate rsa 1391 crypto key generate userkey 2106 crypto key pubkey chain knownhosts 2107 crypto key pubkey chain userkey 2109 crypto key zeroize 1392 crypto pki authenticate 1393 crypto pki enroll local deleted 1360 crypto pki enroll local local radius ...

Страница 43: ...ebug atmf 1728 debug crypto pki deleted 1366 debug dot1x 1119 debug epsr 1565 debug fiber monitoring 269 debug g8032 1594 debug gvrp 654 debug igmp 794 debug ip dhcp snooping 1438 debug ip dns forwarding 718 debug ip packet interface 681 debug lacp 607 debug lldp 2021 debug loopprot 416 debug mail 2077 debug mld 851 debug mstp RSTP and STP 530 debug nsm mcast 888 debug nsm mcast6 889 debug ping po...

Страница 44: ...host 299 default log monitor 300 default log permanent 301 default action 1057 default router 1845 delete debug 107 delete mail 2078 delete stack wide force 1483 delete 106 description amf container 1735 description Authentication Profile 1245 description interface 370 description ping polling 2193 description QoS policy map 1058 description trigger 2154 dir 108 disable Privileged Exec mode 77 dis...

Страница 45: ...reauth req 1130 dot1x port control 1132 dot1x timeout tx period 1134 duplex 419 echo 367 ecofriendly led 212 ecofriendly lpi 213 edit filename 111 edit 110 egress rate limit 1059 egress vlan id 1368 egress vlan name 1370 enable G 8032 1595 enable Privileged Exec mode 79 enable VRRP 1533 enable password 142 enable secret 145 end 81 enrollment trustpoint configuration mode 1404 epsr configuration 15...

Страница 46: ...g action 271 fiber monitoring baseline 272 fiber monitoring enable 274 fiber monitoring interval 275 fiber monitoring sensitivity 276 findme trigger 217 findme 215 fingerprint trustpoint configuration mode 1405 flowcontrol switch port 420 flowcontrol hardware asyn console 150 g8032 erp instance 1597 g8032 forced switch erp instance 1599 g8032 manual switch erp instance 1600 g8032 physical ring 160...

Страница 47: ...p snooping agent option remote id 1443 ip dhcp snooping agent option 1440 ip dhcp snooping binding 1444 ip dhcp snooping database 1445 ip dhcp snooping delete by client 1446 ip dhcp snooping delete by linkdown 1447 ip dhcp snooping max bindings 1448 ip dhcp snooping subscriber id 1449 ip dhcp snooping trust 1450 ip dhcp snooping verify mac address 1451 ip dhcp snooping violation 1452 ip dhcp snoop...

Страница 48: ... 689 ip helper address 691 ip igmp access group 796 ip igmp flood specific query 797 ip igmp immediate leave 798 ip igmp last member query count 799 ip igmp last member query interval 800 ip igmp limit 801 ip igmp maximum groups 802 ip igmp mroute proxy 804 ip igmp proxy service 805 ip igmp querier timeout 806 ip igmp query holdtime 807 ip igmp query interval 809 ip igmp query max response time 81...

Страница 49: ...94 ip mroute 890 ip multicast allow register fragments 892 ip multicast forward first packet 893 ip multicast route limit 894 ip multicast wrong vif suppression 895 ip multicast routing 896 ip name server 728 ip proxy arp 695 ip radius source interface 1326 ip redirects 696 ip route 775 ip source binding 1453 ip tacacs source interface 1422 ip tftp source interface 114 ip unreachables 698 ipv6 acc...

Страница 50: ...limit 859 ipv6 mld querier timeout 861 ipv6 mld query interval 862 ipv6 mld query max response time 863 ipv6 mld robustness variable 864 ipv6 mld snooping fast leave 867 ipv6 mld snooping mrouter 868 ipv6 mld snooping querier 870 ipv6 mld snooping report suppression 871 ipv6 mld snooping 865 ipv6 mld static group 873 ipv6 mld version 875 ipv6 mld 854 ipv6 mroute 897 ipv6 multicast forward slow pat...

Страница 51: ...4 ipv6 route 777 ipv6 tftp source interface 115 ipv6 traffic filter 1028 ipv6 unreachables 765 lacp global passive mode enable 608 lacp port priority 609 lacp system priority 610 lacp timeout 611 lease 1869 length asyn 152 length ping poll data 2196 level G 8032 1604 license 179 line 153 link address 1933 linkflap action 422 lldp faststart count 2023 lldp holdtime multiplier 2024 lldp management a...

Страница 52: ...ocation id 2046 location coord location configuration 2047 location coord location identifier 2049 location coord location id 2050 location elin location 2051 location elin location id 2052 log buffered filter 303 log buffered exclude 306 log buffered size 309 log buffered 302 log console filter 311 log console exclude 314 log console 310 log email filter 318 log email exclude 321 log email time 3...

Страница 53: ...p protection loop detect 423 loop protection timeout 426 mac address table acquire 427 mac address table ageing time 428 mac address table logging 429 mac address table static 430 mac address table thrash limit 431 mac address table vcs sync mode 1484 mail from 2080 mail smtpserver 2081 mail 2079 match access group 1060 match cos 1062 match dscp 1063 match eth format protocol 1064 match inner cos ...

Страница 54: ...rk dscp to 1076 modeltype 1739 move debug 118 move 117 mru 373 mtu 375 multicast 901 nas 1373 network DHCP 1871 next server 1872 no crypto pki certificate 1407 no debug all 222 no police 1078 normal interval 2197 ntp access group deprecated 1953 ntp authenticate 1954 ntp authentication key 1955 ntp broadcastdelay 1956 ntp discard 1957 ntp master 1958 ntp peer 1959 ntp restrict 1961 ntp server 1963...

Страница 55: ...lan stacking tpid 437 polarity 438 police single rate action 1079 police twin rate action 1081 policy map 1083 port vlan forwarding priority 473 power inline allow legacy 631 power inline description 632 power inline enable 633 power inline max 634 power inline priority 636 power inline usage threshold 638 preempt mode 1534 prefix delegation pool 1937 priority 1536 priority queue 1084 private vlan...

Страница 56: ...rver timeout 1334 range 1879 raps channel 1607 reboot rolling 1485 reboot 223 region MSTP 538 reload rolling 1486 reload 224 remark new cos 1087 remark map 1085 remote command deleted 1487 remote login 1488 remote mirror interface 389 repeat 2155 revision MSTP 539 rmdir 120 rmon alarm 2086 rmon collection history 2088 rmon collection stats 2089 rmon event 2090 route 1880 router ipv6 vrrp interface...

Страница 57: ...er enable 1377 server mutual authentication 1311 server name check 1312 server trustpoint 1313 service advanced vty 163 service dhcp relay 1881 service dhcp server 1882 service dhcp snooping 1455 service http 194 service password encryption 164 service power inline 639 service ssh 2113 service telnet 165 service terminal length deleted 166 service test 400 service policy input 1089 set ip next hop...

Страница 58: ...mary 1755 show atmf area 1744 show atmf authorization 1756 show atmf backup area 1763 show atmf backup guest 1765 show atmf backup 1759 show atmf container 1767 show atmf detail 1770 show atmf group members 1774 show atmf group 1772 show atmf guests detail 1778 show atmf guests 1776 show atmf links detail 1783 show atmf links guest detail 1794 show atmf links guest 1792 show atmf links statistics ...

Страница 59: ...uth two step supplicant brief 1263 show auth 1250 show auth web server page 1265 show auth web server 1264 show autoboot 121 show banner login 2115 show boot 122 show class map 1092 show clock 225 show continuous reboot prevention 227 show counter dhcp client 1883 show counter dhcp relay 1884 show counter dhcp server 1887 show counter ipv6 dhcp client 1939 show counter ipv6 dhcp server 1941 show c...

Страница 60: ...1413 show crypto pki trustpoints deleted 1381 show debugging aaa 1317 show debugging arp security 1462 show debugging atmf packet 1823 show debugging atmf 1822 show debugging dot1x 1136 show debugging epsr 1576 show debugging g8032 1610 show debugging gvrp 662 show debugging igmp 835 show debugging ip dhcp snooping 1463 show debugging ip dns forwarding 729 show debugging ip packet 704 show debuggi...

Страница 61: ...49 show dot1x 1137 show ecofriendly 235 show epsr epsr instance counters 1585 show epsr epsr instance 1584 show epsr common segments 1582 show epsr config check 1583 show epsr counters 1586 show epsr summary 1587 show epsr 1577 show etherchannel detail 617 show etherchannel summary 618 show etherchannel 616 show exception log 357 show file systems 125 show file 124 show flowcontrol interface 441 s...

Страница 62: ...ding 1891 show ip dhcp pool 1893 show ip dhcp server statistics 1898 show ip dhcp server summary 1900 show ip dhcp snooping acl 1465 show ip dhcp snooping agent option 1468 show ip dhcp snooping binding 1470 show ip dhcp snooping interface 1472 show ip dhcp snooping statistics 1474 show ip dhcp snooping 1464 show ip dhcp relay 1897 show ip dns forwarding cache 732 show ip dns forwarding server 733...

Страница 63: ...ss list IPv6 Software ACLs 1049 show ipv6 dhcp binding 1944 show ipv6 dhcp interface 1947 show ipv6 dhcp pool 1949 show ipv6 dhcp 1943 show ipv6 forwarding 767 show ipv6 interface brief 768 show ipv6 mif 909 show ipv6 mld groups 877 show ipv6 mld interface 878 show ipv6 mld snooping mrouter 879 show ipv6 mld snooping statistics 880 show ipv6 mroute 906 show ipv6 multicast forwarding 908 show ipv6 ...

Страница 64: ...ow loop protection 444 show mac address table thrash limit 448 show mac address table 446 show mail 2083 show memory allocations 241 show memory history 243 show memory pools 245 show memory shared 246 show memory 239 show mirror interface 392 show mirror 391 show mls qos interface policer counters 1097 show mls qos interface queue counters 1099 show mls qos interface storm status 1101 show mls qo...

Страница 65: ... 644 show power inline interface detail 648 show power inline interface 646 show power inline 641 show privilege 167 show process 247 show provisioning stack 1495 show proxy autoconfig file 1266 show radius local server group 1382 show radius local server nas 1383 show radius local server statistics 1384 show radius local server user 1385 show radius server group 1318 show radius statistics 1342 s...

Страница 66: ...1987 show snmp server user 1988 show snmp server view 1989 show snmp server 1985 show spanning tree brief 544 show spanning tree mst config 546 show spanning tree mst detail interface 549 show spanning tree mst detail interface 554 show spanning tree mst detail 547 show spanning tree mst instance interface 552 show spanning tree mst instance 551 show spanning tree mst interface 553 show spanning t...

Страница 67: ...256 show system pci device 257 show system pci tree 258 show system pluggable detail 283 show system pluggable diagnostics 286 show system pluggable 281 show system serialnumber 259 show system 253 show tacacs 1423 show tech support 260 show telnet 170 show test cable diagnostics tdr 288 show trigger 2160 show users 171 show version 134 show vlan access map 481 show vlan classifier group interface...

Страница 68: ...host 2006 snmp server legacy ifadminstatus 2008 snmp server location 2009 snmp server source interface 2010 snmp server startup trap delay 2011 snmp server user 2012 snmp server view 2015 snmp server 1994 sntp address 1951 source ip 2207 spanning tree autoedge RSTP and MSTP 564 spanning tree bpdu 565 spanning tree cisco interoperability MSTP 567 spanning tree edgeport RSTP and MSTP 568 spanning tr...

Страница 69: ...ee portfast STP 590 spanning tree portfast bpdu filter 592 spanning tree portfast bpdu guard 594 spanning tree priority bridge priority 596 spanning tree priority port priority 597 spanning tree restricted role 598 spanning tree restricted tcn 599 spanning tree transmit holdcount 600 speed asyn 262 speed 459 ssh client 2132 ssh server allow users 2136 ssh server authentication 2138 ssh server deny...

Страница 70: ...ration 1414 subnet mask 1901 sub ring 1621 switch provision stack 1518 switchport access vlan 489 switchport atmf agentlink 1827 switchport atmf arealink remote area 1828 switchport atmf crosslink 1830 switchport atmf guestlink 1832 switchport atmf link 1834 switchport enable vlan 490 switchport mode access 491 switchport mode private vlan trunk promiscuous 493 switchport mode private vlan trunk s...

Страница 71: ... tagging 506 switchport voice dscp 507 switchport voice vlan priority 511 switchport voice vlan 508 system territory deprecated 264 tacacs server host 1425 tacacs server key 1427 tacacs server timeout 1428 tcpdump 712 telnet server 173 telnet 172 terminal length 174 terminal monitor 265 terminal resize 175 test cable diagnostics tdr interface 289 test interface 401 test 2165 thrash limiting 466 ti...

Страница 72: ...ed master 2180 type stack link 2181 type stack master fail 2182 type stack member 2183 type time 2184 type usb 2185 undebug aaa 1320 undebug all 266 undebug atmf 1838 undebug dot1x 1154 undebug epsr 1588 undebug g8032 1627 undebug igmp 845 undebug ip packet interface 714 undebug lacp 625 undebug loopprot 468 undebug mail 2084 undebug mstp 601 undebug ping poll 2211 undebug platform packet 469 unde...

Страница 73: ...89 vlan access map 513 vlan classifier activate 514 vlan classifier group 515 vlan classifier rule ipv4 516 vlan classifier rule proto 517 vlan database 520 vlan filter 521 vlan mode remote mirror vlan 396 vlan mode stack local vlan 1520 vlan mode stack local vlan 522 vlan statistics 524 vlan 512 vrrp vmac 1562 vty access class numbered 1005 vty ipv6 access class named 1051 wait 368 write file 135...

Страница 74: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 74 AlliedWare Plus Operating System Version 5 4 7 0 x Part 1 Setup and Troubleshooting ...

Страница 75: ...erence for the commands used to navigate between different modes This chapter also provides a reference for the help and show commands used to help navigate within the CLI Command List configure terminal on page 76 disable Privileged Exec mode on page 77 do on page 78 enable Privileged Exec mode on page 79 end on page 81 exit on page 82 help on page 83 logout on page 84 show history on page 85 ...

Страница 76: ...ATION COMMANDS CONFIGURE TERMINAL configure terminal Overview This command enters the Global Configuration command mode Syntax configure terminal Mode Privileged Exec Example To enter the Global Configuration command mode note the change in the command prompt enter the command awplus configure terminal awplus config ...

Страница 77: ...GED EXEC MODE disable Privileged Exec mode Overview This command exits the Privileged Exec mode returning the prompt to the User Exec mode To end a session use the exit command Syntax disable Mode Privileged Exec Example To exit the Privileged Exec mode enter the command awplus disable awplus Related Commands enable Privileged Exec mode end exit ...

Страница 78: ...ON COMMANDS DO do Overview This command lets you to run User Exec and Privileged Exec mode commands when you are in any configuration mode Syntax do command Mode Any configuration mode Example awplus configure terminal awplus config do ping 192 0 2 23 Parameter Description command Specify the command and its parameters ...

Страница 79: ...r privilege levels with the enable Privileged Exec mode command If the privilege level specified is higher than the users configured privilege level specified by the username command then the user is prompted for the password for that level Note that a separate password can be configured for each privilege level using the enable password and the enable secret commands from the Global Configuration...

Страница 80: ... COMMANDS ENABLE PRIVILEGED EXEC MODE Privilege Exec mode Use the enable password command or the enable secret commands to set the password to enable access to Privileged Exec mode awplus enable 7 awplus Related Commands disable Privileged Exec mode enable password enable secret exit service password encryption username ...

Страница 81: ...ther advanced command mode Syntax end Mode All advanced command modes including Global Configuration and Interface Configuration modes Example The following example shows the use of the end command to return to the Privileged Exec mode directly from Interface mode awplus configure terminal awplus config interface vlan2 awplus config if end awplus Related Commands disable Privileged Exec mode enabl...

Страница 82: ...used in User Exec mode the exit command terminates the session Syntax exit Mode All command modes including Global Configuration and Interface Configuration modes Example The following example shows the use of the exit command to exit Interface mode and return to Configure mode awplus configure terminal awplus config interface vlan2 awplus config if exit awplus config Related Commands disable Priv...

Страница 83: ... display a description on how to use the system help use the command awplus help Output Figure 1 1 Example output from the help command When you need help at the command line press If nothing matches the help list will be empty Delete characters until entering a shows the available options Enter after a complete parameter to show remaining valid command parameters e g show Enter after part of a pa...

Страница 84: ...perating System Version 5 4 7 0 x CLI NAVIGATION COMMANDS LOGOUT logout Overview This command exits the User Exec or Privileged Exec modes and ends the session Syntax logout Mode User Exec and Privileged Exec Example To exit the User Exec mode use the command awplus logout ...

Страница 85: ...lists all command line entries including commands that returned an error For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show history Mode User Exec and Privileged Exec Example To display the commands entered during the current session use the command awplus show history Output Figure 1 2 Example ou...

Страница 86: ...is syntax Example Copying in local Flash memory flash directory filename To specify a file in the configs directory in Flash flash configs example cfg Copyingtoorfrom a USB storage device usb directory filename To specify a file in the top level directory of the USB stick usb example cfg Copying with HTTP http username password hostname host ip filepath filename To specify a file in the configs di...

Страница 87: ... Use hyphens or underscores instead Syntax for directory listings A leading slash indicates the root of the current filesystem location In commands where you need to specify the local filesystem s Flash base directory you may use flash or flash or flash For example these commands are all the same dir flash dir flash dir flash Copying with SFTP sftp location directory filename To specify a file in ...

Страница 88: ...ember use the remote login command Command List autoboot enable on page 90 boot config file on page 91 boot config file backup on page 93 boot system on page 94 boot system backup on page 96 cd on page 97 copy filename on page 98 copy current software on page 100 copy debug on page 101 copy running config on page 102 copy startup config on page 103 copy zmodem on page 104 create autoboot on page 1...

Страница 89: ...D CONFIGURATION MANAGEMENT COMMANDS show boot on page 122 show file on page 124 show file systems on page 125 show running config on page 127 show running config interface on page 131 show startup config on page 133 show version on page 134 write file on page 135 write memory on page 136 write terminal on page 137 ...

Страница 90: ...n file from the external media An example of a valid autoboot txt file is shown in the following figure Figure 2 1 Example autoboot txt file Use the no variant of this command to disable the Autoboot feature NOTE This command is not supported in a stacked configuration Syntax autoboot enable no autoboot enable Default The Autoboot feature operates the first time the device is powered up in the fie...

Страница 91: ...llback order see the File Management Feature Overview and Configuration Guide Examples To run the configuration file branch cfg stored on the device s Flash filesystem the next time the device boots up use the commands awplus configure terminal awplus config boot config file flash branch cfg To stop running the configuration file branch cfg stored on the device s Flash filesystem when the device b...

Страница 92: ...GEMENT COMMANDS BOOT CONFIG FILE To stop running the configuration file branch cfg stored on the switch s USB storage device filesystem when the device boots up use the commands awplus configure terminal awplus config no boot config file usb branch cfg Related Commands boot config file backup boot system boot system backup show boot ...

Страница 93: ...agement Feature Overview and Configuration Guide Examples To set the configuration file backup cfg as the backup to the main configuration file use the commands awplus configure terminal awplus config boot config file backup flash backup cfg To remove the configuration file backup cfg as the backup to the main configuration file use the commands awplus configure terminal awplus config no boot conf...

Страница 94: ...epts a release file on a USB storage device if a USB storage device is inserted in all stack members and all stack members have a bootloader version that supports booting from it If a stack member has a USB storage device removed an error message is displayed For example if stack member 2 does not have a USB storage device inserted the following message is displayed Examples To boot up with the re...

Страница 95: ...7 0 1 rel Answering y at the prompt will cause the system to delete the specified file awplus config y Related Commands boot config file boot config file backup boot system backup show boot Insufficient flash available on stack member 2 11370496 to synchronize file IX5 5 4 7 0 1 rel 14821895 List of release files on stack member 2 IX5 5 4 6 2 4 rel 14822400 Select files to free up space Delete awp...

Страница 96: ...l Configuration Examples To specify the file IX5 5 4 6 2 4 rel as the backup to the main release file use the commands awplus configure terminal awplus config boot system backup flash IX5 5 4 6 2 4 rel To stop specifying a backup to the main release file use the commands awplus configure terminal awplus config no boot system backup Related Commands boot config file boot config file backup boot sys...

Страница 97: ...ON MANAGEMENT COMMANDS CD cd Overview This command changes the current working directory Syntax cd directory name Mode Privileged Exec Example To change to the directory called images use the command awplus cd images Related Commands dir pwd show file systems Parameter Description directory name Name and path of the directory ...

Страница 98: ...mand awplus copy sftp 10 0 1 2 new cfg bob key To use SCP with the username beth to copy the file old cfg into the directory config_files on a remote server that is listening on TCP port 2000 use the command awplus copy scp beth serv 2000 config_files old cfg old cfg To copy the file newconfig cfg onto your device s Flash from a USB storage device use the command awplus copy usb newconfig cfg flas...

Страница 99: ...lus copy fserver config cfg configtest cfg To copy the file test txt from the top level of Flash on stack member 2 to the current directory in the stack master use the command awplus copy awplus 2 flash test txt test txt Note that you must specify either the NVS or Flash filesystem on the backup stack member flash in this example On an AMF managed network to distribute the file file txt to the top...

Страница 100: ...system Syntax copy current software destination name Mode Privileged Exec Example To copy the current software as installed in the working directory with the file name my release rel use the command awplus copy current software my release rel Related Commands boot system backup show boot Parameter Description destination name The filename and path where you would like the current running release s...

Страница 101: ...tftp usb source name debug flash nvs scp tftp usb Mode Privileged Exec Example To copy debug output to a USB storage device with a filename my debug use the following command awplus copy debug usb my debug Output Figure 2 2 CLI prompt after entering the copy debug command Related Commands delete debug move debug Parameter Description destination name The filename and path where you would like the ...

Страница 102: ...opy the running config as current cfg to the remote server listening on TCP port 2000 use the command awplus copy running config scp user server 2000 config_files current cfg Related Commands copy startup config write file write memory Parameter Description source name The filename and path of a configuration file This must be a valid configuration file with a cfg filename extension Specify this w...

Страница 103: ... as the file oldconfig cfg in the current directory use the command awplus copy startup config oldconfig cfg Related Commands copy running config Parameter Description source name The filename and path of a configuration file This must be a valid configuration file with a cfg filename extension Specify this to copy the script in the file into the startup config file Note that this does not make th...

Страница 104: ...inicom ZMODEM works over a serial connection and does not need any interfaces configured to do a file transfer Syntax copy source name zmodem copy zmodem Mode Privileged Exec Example To copy the local file asuka key using ZMODEM use the command awplus copy asuka key zmodem Related Commands copy filename show file systems Parameter Description source name The filename and path of the source file Se...

Страница 105: ...ys and values that are expected in this file are correct After the file is created the create autoboot command will copy the current release and configuration files across to the external media The external media is then available to restore a release file and or a configuration file to the device Syntax create autoboot usb Mode Privileged Exec Example To create an autoboot txt file on a USB stora...

Страница 106: ...rrent directory use the command awplus delete force one cfg To delete the directory old_configs which is not empty use the command awplus delete recursive old_configs To delete the directory new_configs which is not empty without prompting if any read only files are being deleted use the command awplus delete force recursive new_configs Related Commands erase startup config rmdir Parameter Descrip...

Страница 107: ...ied debug output file Syntax delete debug source name Mode Privileged Exec Example To delete debug output use the following command awplus delete debug Output Figure 2 3 CLI prompt after entering the delete debug command Related Commands copy debug move debug Parameter Description source name The filename and path where the debug output originates See Introduction on page 86 for valid URL syntax E...

Страница 108: ...ename For example to specify a file in the configs directory on member 2 of a stack enter awplus 2 flash configs example cfg Examples To list the files in the current working directory use the command awplus dir To list the non hidden files in the root of the Flash filesystem use the command awplus dir flash Parameter Description all List all files recursive List the contents of directories recurs...

Страница 109: ...wplus dir sort name To list the files by size smallest to largest use the command awplus dir sort reverse size To sort the files by modification time oldest to newest use the command awplus dir sort reverse time To list the files within the Flash filesystem for stack member 2 use the command awplus dir awplus 2 flash Note that you must specify the filesystem on the stack member flash in this examp...

Страница 110: ...itor make sure your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal For more information about using the editor including control sequences see the File Management Feature Overview and Configuration Guide Syntax edit filename Mode Privileged Exec Examples To create and edit a new te...

Страница 111: ...e your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal Syntax edit filename Mode Privileged Exec Example To view the file bob key stored in the security directory of a TFTP server use the command awplus edit tftp security bob key Related Commands copy filename edit show file Paramet...

Страница 112: ...vice is then rebooted and returned to its factory default condition The device can then be used for AMF automatic node recovery Syntax erase factory default Mode Privileged Exec Usage This command is an alias to the atmf cleanup command Note that this command can only be used on standalone switches not stacked switches Example To erase data use the command Node_1 erase factory default This command...

Страница 113: ... when it boots up At the next restart the device loads the default configuration file default cfg If default cfg no longer exists then the device loads with the factory default configuration This provides a mechanism for you to return the device to the factory default settings Syntax erase startup config Mode Privileged Exec Example To delete the file currently set as the startup config use the co...

Страница 114: ... is helpful in network configurations where TFTP traffic needs to traverse point to point links or subnets within your network and you do not want to propagate those point to point links through your routing tables In those circumstances the TFTP server cannot dynamically determine the source of the TFTP request and therefore cannot send the requested data to the correct device Specifyingasourcein...

Страница 115: ...configurations where TFTP traffic needs to traverse point to point links or subnets within your network and you do not want to propagate those point to point links through your routing tables In those circumstances the TFTP server cannot dynamically determine the source of the TFTP request and therefore cannot send the requested data to the correct device Specifyingasourceinterfaceoraddressenables...

Страница 116: ...ir name Mode Privileged Exec Usage You cannot name a directory or subdirectory flash nvs usb card tftp scp sftp or http These keywords are reserved for tab completion when using various file commands Example To make a new directory called images in the current directory use the command awplus mkdir images Related Commands cd dir pwd Parameter Description name The name and path of the directory tha...

Страница 117: ...p cfg to startup cfg use the command awplus move temp cfg startup cfg To move the file temp cfg from the root of the Flash filesystem to the directory myconfigs use the command awplus move temp cfg myconfigs temp cfg Related Commands delete edit show file show file systems Parameter Description source name The filename and path of the source file See Introduction on page 86 for valid syntax destin...

Страница 118: ...stination name debug flash nvs usb Mode Privileged Exec Example To movedebug output onto a USB storagedevicewith a filename my debug use the following command awplus move debug usb my debug Output Figure 2 5 CLI prompt after entering the move debug command Related Commands copy debug delete debug Parameter Description destination name The filename and path where you would like the debug output mov...

Страница 119: ...s Operating System Version 5 4 7 0 x FILE AND CONFIGURATION MANAGEMENT COMMANDS PWD pwd Overview This command prints the current working directory Syntax pwd Mode Privileged Exec Example To print the current working directory use the command awplus pwd Related Commands cd ...

Страница 120: ...ve the directory images from the top level of the Flash filesystem use the command awplus rmdir flash images To create a directory called level1 containing a subdirectory called level2 and then force the removal of both directories use the commands awplus mkdir level1 awplus mkdir level1 level2 awplus rmdir force level1 To remove a directory called test from the top level of the Flash filesystem o...

Страница 121: ...Figure 2 6 Example output from the show autoboot command Figure 2 7 Example output from the show autoboot command when an external media source is not present Related Commands autoboot enable create autoboot show boot awplus show autoboot Autoboot configuration Autoboot status enabled USB file autoboot txt exists yes Restore information on USB Autoboot enable in autoboot txt yes Restore release fi...

Страница 122: ...oot image flash IX5 5 4 6 2 4 rel Default boot config flash default cfg Current boot config usb my cfg file exists Backup boot config flash backup cfg file not found Autoboot status enabled Table 2 1 Parameters in the output from show boot Parameter Description Current software The current software release that the device is using Current boot image The boot image currently configured for use duri...

Страница 123: ...ated Commands autoboot enable boot config file backup boot system backup show autoboot Backup boot config The configuration file to use during the next boot cycle if the main configuration file cannot be loaded Autoboot status The status of the Autoboot feature either enabled or disabled Table 2 1 Parameters in the output from show boot cont Parameter Description ...

Страница 124: ...displays the contents of a specified file Syntax show file filename Mode Privileged Exec Example To display the contents of the file oldconfig cfg which is in the current directory use the command awplus show file oldconfig cfg Related Commands edit edit filename show file systems Parameter Description filename Name of a file on the local Flash filesystem or name and directory path of a file ...

Страница 125: ...M flash rw flash static local Y system rw system virtual local 10 0M 9 8M debug rw debug static local Y 499 0K 431 0K nvs rw nvs static local Y tftp rw tftp network scp rw scp network sftp ro sftp network http ro http network rsync rw rsync network Table 3 Parameters in the output of the show file systems command Parameter Description Size B Available The total memory available to this filesystem ...

Страница 126: ...ow file Prefixes The prefixes used when entering commands to access the filesystems one of flash system nvs usb tftp scp sftp http S V D The memory type static virtual dynamic Lcl Ntwk Whether the memory is located locally or via a network connection Avail Whether the memory is accessible Y yes N no not applicable Table 3 Parameters in the output of the show file systems command cont Parameter Des...

Страница 127: ...on full Display the running config for all features This is the default setting so it is the same as entering show running config feature Display only the configuration for a single feature The features available depend on your device and will be some of the following list access list ACL configuration antivirus Antivirus configuration application Application configuration as path Autonomous syste...

Страница 128: ... route IPv6 static route configuration isakmp Internet Security Association Key Management Protocol ISAKMP configuration key chain Authentication key management configuration l2tp profile L2TP tunnel profile configuration lldp LLDP configuration log Logging utility configuration malware protection Malware protection configuration nat Network Address Translation configuration power inline Power ove...

Страница 129: ...g switch Switch configuration web control Web Control configuration Parameter Description awplus show running config service password encryption hostname MyNode no banner motd username manager privilege 15 password 8 1 bJoVec4D JwOJGPr7YqoExA0GVasdE0 no service ssh autoboot enable service telnet service http no clock timezone snmp server snmp server contact Documentation Area snmp server location ...

Страница 130: ...g config show running config interface switch 1 provision IX5 28 vlan database vlan 2 15 state enable interface port1 0 1 1 0 6 switchport switchport mode access interface port1 0 25 1 0 26 switchport switchport mode access switchport access vlan 14 interface vlan1 ip address 192 168 1 1 24 ipv6 enable ipv6 mld interface vlan12 ip address 192 168 3 1 24 ipv6 forwarding line con 0 line vty 0 4 end ...

Страница 131: ... 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of VLANs ports static channel groups or dynamic LACP channel groups separated by a hyphen e g vlan2 8 or port1 0 1 1 0 4 or sa1 2 or po1 2 a comma separated list of the above e g vlan2 vlan20 30 Do not mix interface types in a list The specified interfaces must exist dot1x Displays running configuration fo...

Страница 132: ...e the command awplus show running config interface vlan1 To display the current running configuration of a device for VLANs 1 and 3 5 use the command awplus show running config interface vlan1 vlan3 vlan5 Output Figure 2 11 Example output from a show running config interface port1 0 2 command Related Commands copy running config show running config awplus show running config interface port1 0 2 in...

Страница 133: ...eature Overview and Configuration Guide Syntax show startup config Mode Privileged Exec Example To display the contents of the current start up configuration file use the command awplus show startup config Output Figure 2 12 Example output from the show startup config command Related Commands boot config file backup copy running config copy startup config erase startup config show boot awplus show...

Страница 134: ...SION show version Overview This command displays the version number and copyright details of the current AlliedWare Plus OS your device is running Syntax show version Mode User Exec and Privileged Exec Example To display the version details of your currently installed software use the command awplus show version Related Commands boot system backup show boot ...

Страница 135: ... copies the running config into the file that is set as the current startup config file This command is a synonym of the write memory and copy running config startup config commands Syntax write file Mode Privileged Exec Example To write configuration data to the start up configuration file use the command awplus write file Related Commands copy running config write memory show running config ...

Страница 136: ...nd copies the running config into the file that is set as the current startup config file This command is a synonym of the write file and copy running config startup config commands Syntax write memory Mode Privileged Exec Example To write configuration data to the start up configuration file use the command awplus write memory Related Commands copy running config write file show running config ...

Страница 137: ...MANDS WRITE TERMINAL write terminal Overview This command displays the current configuration of the device This command is a synonym of the show running config command Syntax write terminal Mode Privileged Exec Example To display the current configuration of your device use the command awplus write terminal Related Commands show running config ...

Страница 138: ...eout on page 148 flowcontrol hardware asyn console on page 150 length asyn on page 152 line on page 153 privilege level on page 155 security password history on page 156 security password forced change on page 157 security password lifetime on page 158 security password minimum categories on page 159 security password minimum length on page 160 security password reject expired pwd on page 161 secu...

Страница 139: ...x USER ACCESS COMMANDS show privilege on page 167 show security password configuration on page 168 show security password user on page 169 show telnet on page 170 show users on page 171 telnet on page 172 telnet server on page 173 terminal length on page 174 terminal resize on page 175 username on page 176 ...

Страница 140: ...minal session exists on the line then the terminal session is terminated If console line settings have changed then the new settings are applied Syntax clear line console 0 Mode Privileged Exec Example To reset the console line asyn use the command awplus clear line console 0 awplus The new settings for console line 0 have been applied Related Commands clear line vty flowcontrol hardware asyn cons...

Страница 141: ...INE VTY clear line vty Overview This command resets a VTY line If a session exists on the line then it is closed Syntax clear line vty 0 32 Mode Privileged Exec Example To reset the first VTY line use the command awplus clear line vty 1 Related Commands privilege level line show telnet show users Parameter Description 0 32 Line number ...

Страница 142: ...5 by default Previously the default was level 1 Mode Global Configuration Usage This command enables the Network Administrator to set a password for entering the Privileged Exec mode when using the enable Privileged Exec mode command There are three methods to enable a password In the examples below for each method note that the configuration is different and the configuration file output is diffe...

Страница 143: ...and First use the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The advantage of using an encrypted password is that the configuration file does not show mypasswd it will only show the encrypted string fU7zHzuutY2SA NOTE Do not use encrypted passwords for GUI users ...

Страница 144: ...onfiguration file will show only the encrypted string and not the text string awplus configure terminal awplus config enable password 8 fU7zHzuutY2SA awplus config end This results in the following show output Related Commands enable Privileged Exec mode enable secret service password encryption privilege level show privilege username show running config awplus show run Current configuration hostn...

Страница 145: ... is level 15 by default Mode Global Configuration Usage This command enables the Network Administrator to set a password for entering the Privileged Exec mode when using the enable Privileged Exec mode command There are three methods to enable a password In the examples below for each method note that the configuration is different and the configuration file output is different but the password st...

Страница 146: ...st use the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The advantage of using an encrypted password is that the configuration file does not show mypasswd it will only show the encrypted string fU7zHzuutY2SA NOTE Do not use encrypted passwords for GUI users The GUI...

Страница 147: ...ration file will show only the encrypted string and not the text string awplus configure terminal awplus config enable secret 8 fU7zHzuutY2SA awplus config end This results in the following show output Related Commands enable Privileged Exec mode enable secret service password encryption privilege level show privilege username show running config awplus show run Current configuration hostname awpl...

Страница 148: ...re it times out An exec timeout 0 0 setting will cause the telnet session to wait indefinitely The command exec timeout 0 0 is useful while configuring a device but reduces device security If no input is detected during the interval then the current connection resumes If no connections exist then the terminal returns to an idle state and disconnects incoming sessions Examples To set VTY connection...

Страница 149: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 149 AlliedWare Plus Operating System Version 5 4 7 0 x USER ACCESS COMMANDS EXEC TIMEOUT Related Commands line service telnet ...

Страница 150: ...message is sent to the sending device to suspend the transmission until the data in the buffers has been processed Hardware flow control can be configured on terminal console lines e g asyn0 For Reverse Telnet connections hardware flow control must be configured to match on both the Access Server and the Remote Device For terminal console sessions hardware flow control must be configured to match ...

Страница 151: ...control on terminal console line asyn0 use the commands awplus configure terminal awplus config line console 0 awplus config line flowcontrol hardware To disable hardware flow control on terminal console line asyn0 use the commands awplus configure terminal awplus config line console 0 awplus config line no flowcontrol hardware Related Commands clear line console show running config speed asyn ...

Страница 152: ...r than the length of the line the output will be paused and the More prompt allows you to move to the next screen full of data A length of 0 will turn off pausing and data will be displayed to the console as long as there is data to display Examples To set the terminal session length on the console to 10 rows use the command awplus configure terminal awplus config line console 0 awplus config line...

Страница 153: ...To change the console asyn port speed use this line command to enter Line Configuration mode before using the speed asyn command Set the console speed Baud rate to match the transmission rate of the device connected to the console asyn port on your device Note that line configuration commands do not take effect immediately Line configuration commands take effect after one of the following commands...

Страница 154: ...o enter Line Configuration mode to configure the console asyn 0 port terminal line use the commands awplus configure terminal awplus config line console 0 awplus config line Related Commands accounting login clear line console clear line vty flowcontrol hardware asyn console length asyn login authentication privilege level speed asyn ...

Страница 155: ...ec and all User Exec commands However intermediate CLI security will not show configuration commands in Privileged Exec Examples To set the console connection to have the maximum privilege level use the following commands awplus configure terminal awplus config line console 0 awplus config line privilege level 15 To set all VTY connections to have the minimum privilege level use the following comm...

Страница 156: ...ee most recent passwords use the command awplus configure terminal awplus config security password history 3 To allow the reuse of recent passwords use the command awplus configure terminal awplus config no security password history Related Commands security password forced change security password lifetime security password minimum categories security password minimum length security password rej...

Страница 157: ...lifetime command and the reject expired pwd feature must be disabled with the security password reject expired pwd command The no variant of the command disables this feature Syntax security password forced change no security password forced change Default The forced change feature is disabled by default Mode Global Configuration Example To force a user to change their expired password at the next...

Страница 158: ...e Default The default password lifetime is 0 which will disable the lifetime functionality Mode Global Configuration Example To configure the password lifetime to 10 days use the command awplus configure terminal awplus config security password lifetime 10 Related Commands security password forced change security password history security password minimum categories security password minimum lengt...

Страница 159: ...mum number of categories should align with the lifetime selected i e the fewer categories specified the shorter the lifetime specified Syntax security password minimum categories 1 4 Default The default number of categories that the password must satisfy is 1 Mode Global Configuration Example To configure the required minimum number of character categories to be 3 use the command awplus configure ...

Страница 160: ...1 23 Default The default minimum password length is 1 Mode Global Configuration Example To configure the required minimum password length as 8 use the command awplus configure terminal awplus config security password minimum length 8 Related Commands security password history security password forced change security password lifetime security password minimum categories security password reject ex...

Страница 161: ...d pwd in a default config file Note that when the reject expired pwd functionality is disabled and a user logs on with an expired password if the forced change feature is enabled with security password forced change command a user may have to change the password during login depending on the password lifetime specified by the security password lifetime command The no variant of the command disable...

Страница 162: ...hich disables warning functionality Mode Global Configuration Example To configure a warning period of three days use the command awplus configure terminal awplus config security password warning 3 Related Commands security password forced change security password history security password lifetime security password minimum categories security password minimum length security password reject expir...

Страница 163: ...re displays the possible options The no service advanced vty command disables the advanced vty help feature Syntax service advanced vty no service advanced vty Default The advanced vty help feature is enabled by default Mode Global Configuration Examples To disable the advanced vty help feature use the command awplus configure terminal awplus config no service advanced vty To re enable the advance...

Страница 164: ...ain text Use the no service password encryption command to stop the device from displaying newly entered passwords in encrypted form This does not change the display of existing passwords NOTE Do not use encrypted passwords for GUI users The GUI requires unencrypted user passwords only not encrypted user passwords Do not use option 8 for GUI users Syntax service password encryption no service pass...

Страница 165: ...ng telnet sessions will still be active Syntax service telnet ip ipv6 no service telnet ip ipv6 Default The IPv4 and IPv6 telnet servers are enabled by default The configured telnet port is TCP port 23 by default Mode Global Configuration Examples To enable both the IPv4 and IPv6 telnet servers use the following commands awplus configure terminal awplus config service telnet To enable the IPv6 tel...

Страница 166: ...nce for IX5 28GPX 166 AlliedWare Plus Operating System Version 5 4 7 0 x USER ACCESS COMMANDS SERVICE TERMINAL LENGTH DELETED service terminal length deleted Overview This command has been deleted in Software Version 5 4 5 0 1 and later ...

Страница 167: ...15 gives full user access to all Privileged Exec commands Syntax show privilege Mode User Exec and Privileged Exec Usage A user can have an intermediate CLI security level set with this command for privilege levels 7 14 to access all show commands in Privileged Exec mode and all commands in User Exec mode but no configuration commands in Privileged Exec mode Example To show the current privilege l...

Страница 168: ...security password rule configuration settings use the command awplus show security password configuration Output Figure 3 2 Example output from the show security password configuration command Related Commands show running config security password show security password user Security Password Configuration Minimum password length 8 Minimum password character categories to match 3 Number of previou...

Страница 169: ...Exec Example To display the system users remaining lifetime or last password change use the command awplus show security password user Output Figure 3 3 Example output from the show security password user command Related Commands show running config security password show security password configuration User account and password information UserName Privilege Last PWD Change Remaining lifetime man...

Страница 170: ...shows the Telnet server settings Syntax show telnet Mode User Exec and Privileged Exec Example To show the Telnet server settings use the command awplus show telnet Output Figure 3 4 Example output from the show telnet command Related Commands clear line vty service telnet show users telnet server Telnet Server Configuration Telnet server Enabled Protocol IPv4 IPv6 Port 23 ...

Страница 171: ... command Line User Host s Idle Location Priv Idletime Timeout con 0 manager idle 00 00 00 ttyS0 15 10 N A vty 0 bob idle 00 00 03 172 16 11 3 1 0 5 Table 1 Parameters in the output of the show users command Parameter Description Line Console port user is connected to User Login name of user Host s Status of the host the user is connected to Idle How long the host has been idle Location URL locatio...

Страница 172: ...t example use the command awplus telnet host example To connect to the telnet server host example on TCP port 100 use the command awplus telnet host example 100 Parameter Description hostname The host name of the remote system ip Keyword used to specify the IPv4 address or host name of a remote system ipv4 addr An IPv4 address of the remote system ipv6 Keyword used to specify the IPv6 address of a...

Страница 173: ... enabled then it will be restarted on the new port Changing the port number does not affect the port used by existing sessions Syntax telnet server 1 65535 default Mode Global Configuration Example To enable the telnet server on TCP port 2323 use the following commands awplus configure terminal awplus config telnet server 2323 Related Commands show telnet Parameter Description 1 65535 The TCP port...

Страница 174: ...pecified by this command The default length will apply unless you have changed the length for some or all lines by using the length asyn command Syntax terminal length length terminal no length length Mode User Exec and Privileged Exec Examples The following example sets the number of lines to 15 awplus terminal length 15 The following example removes terminal length set previously awplus terminal...

Страница 175: ...d on the user s terminal Syntax terminal resize Mode User Exec and Privileged Exec Usage When the user s terminal size is changed then a remote session via SSH or TELNET adjusts the terminal size automatically However this cannot normally be done automatically for a serial or console port This command automatically adjusts the terminal size for a serial or console port Examples The following examp...

Страница 176: ...ege levels if an enable password has been configured for the level the user tries to access and the user enters that password A user at privilege level 1 can access the majority of show commands A user at privilege level 7 can access the majority of show commands including platform show commands Privilege Level 15 to access the Privileged Exec command mode is required to access configuration comma...

Страница 177: ... To create the user bob with a privilege level of 15 for all show commands including show running configuration and show startup configuration and to access configuration commands in Privileged Exec command mode and the password bobs_secret use the commands awplus configure terminal awplus config username bob privilege 15 password bobs_secret To create a user junior_admin with a privilege level of...

Страница 178: ... Licensing enables you to use advanced features such as Layer 3 routing To see which Feature Licenses are available for your device see the AlliedWare Plus Datasheet For step by step instructions about how to license AlliedWare Plus devices see the Licensing Feature Overview and Configuration_Guide Command List license on page 179 show license on page 181 show license brief on page 183 show licens...

Страница 179: ...specific to you when you initially add a license Once a license is added any change to the license label first requires removal of the license before adding a license again with a new license label The default feature license labels are issued along with encrypted license keys by e mail for you to apply using this command to activate features You can change default feature license labels but they ...

Страница 180: ...network traffic Only install licenses in scheduled maintenance periods for devices in a live environment Examples To activate the license called IPv6 that has the key 12345678ABCDE123456789ABCDE use the command awplus license IPv6 12345678ABCDE123456789ABCDE To deactivate the license called IPv6 use the command awplus no license ipv6 Output Figure 4 1 Example of a license command entry to remove a...

Страница 181: ...on about all enabled licenses use the command awplus show license To display full information about the licenses with index number 1 use the command awplus show license index 1 Output Figure 4 2 Example output from show license Parameter Description feature Only display license information for any applied feature licenses label The license name to show information about This can be used instead of...

Страница 182: ...ion Name of the region for the Base License features Index Index identifying entry The index is assigned automatically by the software It is not configured License name Name of the license key bundle case sensitive Customer name Customer name Quantity of licenses Quantity of licensed installations Type of license Full or Trial License issue date Date the license was generated License expiry date E...

Страница 183: ...display a brief summary of information about all feature licenses use the command awplus show license feature brief Output Figure 4 3 Example output from show license brief Parameter Description feature Only display license information for any applied feature licenses label The license name to show information about This can be used instead of the index number to identify a specific license index ...

Страница 184: ...ief Parameter Description Board region Name of the region for the Base License features Index Index identifying entry The index is assigned automatically by the software It is not configured License name Name of the license key bundle case sensitive Quantity Quantity of licensed installations Customer name Customer name Type Full or Trial Period Expiry date for trial license Current enabled featur...

Страница 185: ... on stack member 2 use the command awplus show license brief member 2 To display a briefsummary aboutall enabledlicenses on all stack members use the command awplus show license brief member all To display a brief summary about the license name1 on all stack members use the command awplus show license name1 brief member all Output Figure 4 4 Example output from show license brief member Parameter ...

Страница 186: ...ief member Parameter Description Board region Name of the region for the Base License features Index Index identifying entry The index is assigned automatically by the software It is not configured License name Name of the license key bundle case sensitive Quantity Quantity of licensed installations Customer name Customer name Type Full or Trial Period Expiry date for trial license Current enabled...

Страница 187: ...show license member all command to display full list output of all licenses per stack member Examples To display full information about all enabled licenses on all stack members use the command awplus show license member all To display full information about all enabled licenses on stack member 2 use the command awplus show license member 2 To display full information about the license name1 on al...

Страница 188: ...P Index 2 License name PIM Trial Customer name PIM Trial Quantity of licenses 10 Type of license 30 day trial License issue date 12 Jul 2014 License expiry date 12 Jul 2014 Features included PIM PIM 100 Table 4 4 Parameters in the output of show license member Parameter Description Board region Name of the region for the Base License features Index Index identifying entry The index is assigned aut...

Страница 189: ... Introduction Overview This chapter provides an alphabetical reference of commands used to configure the GUI For more information see the Getting Started with Alliedware Plus Command List atmf topology gui enable on page 190 gui timeout on page 191 log event host on page 193 service http on page 194 show http on page 195 ...

Страница 190: ...the GUI enabled by default Regular nodes not master or controller will always have it disabled Mode Global Configuration mode Usage This command is run from an AMF Master node Topology information about your network is displayed in the GUI For example Node Name status i e link state node status and recovery status Role i e Master or Controller and IP address Example To enable AMF Vista Manager on ...

Страница 191: ...ce and then enter the seconds If the GUI timeout is disabled a GUI session will remain active until you terminate it No idle time will be configured The same timeout period will apply to all GUI sessions logged into a specific stand alone device or stack Examples Use this command to configure the GUI timeout period for 3 minutes and 30 seconds for a GUI session awplus gui timeout 3 30 Use this com...

Страница 192: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 192 AlliedWare Plus Operating System Version 5 4 7 0 x GUI COMMANDS GUI TIMEOUT Related Commands show running config ...

Страница 193: ...log sends the messages out as they come NOTE There is a difference between log event and log host messages Log event messages are sent out as they come by syslog Log host messages are set to wait for a number of messages 20 to send them out together for traffic optimization Example To enable Node 1 to log event messages from host ipv6 address 192 0 2 31 use the following commands Node1 configure t...

Страница 194: ...mmand to enable the HTTP Hypertext Transfer Protocol service This service which is enabled by default is required to support the AlliedWare Plus GUI Java applet on a Java enabled browser Use the no variant of this command to disable the HTTP feature Syntax service http no service http Default Enabled Mode Global Configuration Validation Commands show running config ...

Страница 195: ...ew This command shows the HTTP server settings Syntax show http Mode User Exec and Privileged Exec Example To show the HTTP server settings use the command awplus show http Output Figure 5 2 Example output from the show http command Related Commands clear line vty service http awplus show http HTTP Server Configuration HTTP server Enabled Port 80 ...

Страница 196: ...ogin system on page 200 banner motd on page 202 clock set on page 204 clock summer time date on page 205 clock summer time recurring on page 207 clock timezone on page 209 continuous reboot prevention on page 210 ecofriendly led on page 212 ecofriendly lpi on page 213 findme on page 215 findme trigger on page 217 hostname on page 218 max fib routes on page 220 max static routes on page 221 no debu...

Страница 197: ...1 show memory history on page 243 show memory pools on page 245 show memory shared on page 246 show process on page 247 show reboot history on page 250 show router id on page 252 show system on page 253 show system environment on page 254 show system interrupts on page 255 show system mac on page 256 show system pci device on page 257 show system pci tree on page 258 show system serialnumber on pa...

Страница 198: ...Ware Plus version and build date is displayed at console login such as Mode Global Configuration Examples To configure a User Exec mode banner after login in this example to tell people to use the enable command to move to Privileged Exec mode enter the following commands To restore the default User Exec mode banner after login enter the following commands AlliedWare Plus TM 5 4 7 01 03 17 12 00 0...

Страница 199: ...x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER EXEC To remove the User Exec mode banner after login enter the following commands Related Commands banner login system banner motd awplus configure terminal awplus config no banner exec awplus config exit awplus exit awplus login manager Password awplus ...

Страница 200: ...e login banner Syntax banner login no banner login Default By default no login banner is displayed at console login Mode Global Configuration Examples To configure a login banner of Authorised users only to be displayed when you login enter the following commands To remove the login banner enter the following commands awplus configure terminal awplus config banner login Type CNTL D to finish Autho...

Страница 201: ...50152 01 Rev C Command Reference for IX5 28GPX 201 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER LOGIN SYSTEM Related Commands banner exec banner motd ...

Страница 202: ...x banner motd motd text no banner motd Default By default the device displays the AlliedWare Plus OS version and build date when you login Mode Global Configuration Examples To configure a MotD banner of System shutdown at 6pm today to be displayed when you log in enter the following commands To delete the login banner enter the following commands Parameter Description motd text The text to appear...

Страница 203: ...ION AND MONITORING COMMANDS BANNER MOTD Related Commands banner exec banner login system awplus enable awplus configure terminal Enter configuration commands one per line End with CNTL Z awplus config no banner motd awplus config exit awplus exit awplus login manager Password AlliedWare Plus TM 5 4 7 01 03 17 12 00 00 awplus ...

Страница 204: ...fset to the local time NOTE If Network Time Protocol NTP is enabled then you cannot change the time or date using this command NTP maintains the clock automatically using an external time source If you wish to manually alter the time or date you must first disable NTP Example To set the time and date on your system to 2pm on the 2nd of October 2016 use the command awplus clock set 14 00 00 2 oct 2...

Страница 205: ...ndard time and NZDT UTC 13 00 assummertime with thesummertimesetto begin on the 25th of September 2016 and end on the 2nd of April 2017 awplus config clock summer time NZDT date 25 sep 2 00 2016 2 apr 2 00 2017 60 To remove any summertime settings on the system use the command awplus config no clock summer time Parameter Description timezone name A description of the summertime zone up to 6 charac...

Страница 206: ...v C Command Reference for IX5 28GPX 206 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS CLOCK SUMMER TIME DATE Related Commands clock summer time recurring clock timezone ...

Страница 207: ...very year from now on start week Week of the month when summertime starts in the range 1 5 The value 5 indicates the last week that has the specified day in it for the specified month For example to start summertime on the last Sunday of the month enter 5 for start week and sun for start day start day Day of the week when summertime starts Valid values are mon tue wed thu fri sat or sun start mont...

Страница 208: ...ition for New Zealand using NZST UTC 12 00 as the standard time and NZDT UTC 13 00 as summertime with summertime set to start on the last Sunday in September and end on the 1st Sunday in April use the command awplus config clock summer time NZDT recurring 5 sun sep 2 00 1 sun apr 2 00 60 To remove any summertime settings on the system use the command awplus config no clock summer time Related Comm...

Страница 209: ...t to the local time Examples To set the timezone to New Zealand Standard Time with an offset from UTC of 12 hours use the command awplus config clock timezone NZST plus 12 To set the timezone to Indian Standard Time with an offset from UTC of 5 30 hours use the command awplus config clock timezone IST plus 5 30 To set the timezone back to UTC with no offsets use the command awplus config no clock ...

Страница 210: ...ontinuous reboot prevention period threshold action Default Continuous reboot prevention is disabled by default The default period value is 600 the default threshold value is 1 and the default action is linkdown Mode Global Configuration Usage Note that user initiated reboots via the CLI and software version auto synchronization reboots are not counted toward the threshold value Parameter Descript...

Страница 211: ...o stopreboot use the commands awplus configure terminal awplus config continuous reboot prevention period 500 action stopreboot To return the period and action to the defaults and keep the continuous reboot prevention feature enabled use the commands awplus configure terminal awplus config no continuous reboot prevention period action To disable continuous reboot prevention use the commands awplus...

Страница 212: ...ED feature is enabled a change in port status will not affect the display of the associated LED When the eco friendly LED feature is disabled and power is returned to port LEDs the LEDs will correctly show the current state of the ports In a stacked environment enabling the eco friendly LED feature on the stack master will apply the feature to every member of the stack For an example of how to con...

Страница 213: ...endly lpi no ecofriendly lpi Default The eco friendly LPI feature is disabled by default Mode Interface Configuration for a switch port or Interface Configuration for a range of switch ports Usage For an example of how to configure a trigger to enable the eco friendly LPI feature see the Triggers Feature Overview and Configuration Guide All ports configured for LPI must support LPI in hardware and...

Страница 214: ...D MONITORING COMMANDS ECOFRIENDLY LPI To disable the eco friendly feature on a range of switch ports port1 0 2 port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 2 port1 0 4 awplus config if no ecofriendly lpi Related Commands duplex ecofriendly led show ecofriendly show interface speed ...

Страница 215: ...stored automatically after either the default time or a specified timehas elapsed or a no findme command is used You can specify which interface or interfaces are flashed with the optional interface parameter You can specify a particular stack member with the optional member parameter All available interfaces are flashed by default NOTE The interface and member parameters are mutually exclusive Ex...

Страница 216: ...twice Each alternate flash will be amber if that device has amber LEDs This pattern will repeat until timeout default or set or no findme commands are used To deactivate the Find Me feature use the following command awplus no findme To activate the Find Me feature for the default duration on stack member 2 use the following command awplus findme member 2 In the example above all ports on member 2 ...

Страница 217: ...ig Usage Note that findme trigger is not available if you have set the switch to take the following actions in response to an event For loop detection the actions log only and none For MAC address thrash limiting the actions learn disable and none Example To enable action LED flashing for the loop protection function awplus findme trigger loopprot Related Commands findme loop protection loop detec...

Страница 218: ...ith a numeric suffix For example awplus 1 awplus 2 and so on The hostname command can then be used to change the stack name and the stack master s host name For example for the hostname Lab the stack master s hostnamewill be Lab and theotherstackmemberswill havehostnames Lab 1 Lab 2 and so on In case of stack master fail over or stack split the new stack will use the previous stack name as its hos...

Страница 219: ...awplus configure terminal awplus config hostname HQ Sales This changes the prompt to HQ Sales config To revert to the default hostname awplus use the command HQ Sales config no hostname This changes the prompt to awplus config NOTE When AMF is configured running the no hostname command will apply a hostname that is based on the MAC address of the device node for example node_0000_5e00_5301 Related...

Страница 220: ... following commands awplus config terminal awplus config max fib routes 2000 75 Parameter Description max fib routes This is the maximum number of routes that can be stored in the device s Forwarding Information dataBase In practice other practical system limits would prevent this maximum being reached 1 4294967294 The allowable configurable range for setting the maximum number of FIB routes 1 100...

Страница 221: ...d to set the maximum number of static routes to the default of 1000 static routes Syntax max static routes 1 1000 no max static routes Default The default number of static routes is the maximum number of static routes 1000 Mode Global Configuration Example To reset the maximum number of static routes to the default maximum use the command awplus configure terminal awplus config no max static route...

Страница 222: ...t1x nsm Mode Global Configuration and Privileged Exec Example To disable debugging for all features use the command awplus no debug all To disable all 802 1X debugging use the command awplus no debug all dot1x To disable all IPv6 debugging use the command awplus no debug all ipv6 To disable all NSM debugging use the command awplus no debug all nsm Related Commands undebug all Parameter Description...

Страница 223: ...he whole stack you can either use this reboot command to reboot all stack members immediately or to minimize downtime reboot the stack members in a rolling sequence by using the reboot rolling command Examples To restart a stand alone device use the command awplus reboot reboot system y n y To restart all devices in a stack use the command awplus reboot Are you sure you want to reboot the whole st...

Страница 224: ... C Command Reference for IX5 28GPX 224 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS RELOAD reload Overview This command performs the same function as the reboot command ...

Страница 225: ...ct 2016 01 56 06 0000 Timezone NZST Timezone Offset 12 00 Summer time zone NZDT Summer time starts Last Sunday in September at 02 00 00 Summer time ends First Sunday in April at 02 00 00 Summer time offset 60 mins Summer time recurring Yes Table 1 Parameters in the output of the show clock command Parameter Description Local Time Current local time UTC Time Current UTC time Timezone The current co...

Страница 226: ... Reference for IX5 28GPX 226 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW CLOCK Related Commands clock set clock summer time date clock summer time recurring clock timezone ...

Страница 227: ...us reboot prevention configuration Syntax show continuous reboot prevention Mode User Exec and Privileged Exec Examples To show the current continuous reboot prevention configuration use the command awplus show continuous reboot prevention Output Figure 6 2 Example output from the show continuous reboot prevention command Related Commands continuous reboot prevention show reboot history Continuous...

Страница 228: ... and Privileged Exec Examples To show the CPU utilization of current processes sorting them by the number of threads the processes are using use the command awplus show cpu sort thrds To show CPU utilization for a specific stack member in this example stack member 2 use the following command awplus show cpu 2 Parameter Description stack ID Stack member number from 1 to 8 sort Changes the sorting o...

Страница 229: ... corerotate 1 0 0 20 sleep 0 0 853 syslog ng 1 0 0 20 sleep 0 356 859 klogd 1 0 0 20 sleep 0 1 910 inetd 1 0 0 20 sleep 0 3 920 portmap 1 0 0 20 sleep 0 0 931 crond 1 0 0 20 sleep 0 1 1090 openhpid 11 0 0 20 sleep 0 233 1111 hpilogd 1 0 0 20 sleep 0 0 1240 hsl 1 0 0 20 sleep 0 79 1453 authd 1 0 0 20 sleep 0 85 Table 2 Parameters in the output of the show cpu command Parameter Description Stack mem...

Страница 230: ...allocations show memory history show memory pools show process state Process state one of run sleep zombie and dead sleep Percentage of time that the process is in the sleep state runtime The time that the process has been running for measured in jiffies A jiffy is the duration of one tick of the system timer interrupt Table 2 Parameters in the output of the show cpu command cont Parameter Descrip...

Страница 231: ...utput displays three graphs of the percentage CPU utilization per second for the last minute then per minute for the last hour then per 30 minutes for the last 30 hours If this command is entered on the stack master it will print graphs for all the stack members A stack member heading will be displayed to distinguish the different graphs for every stack member Examples To display a graph showing t...

Страница 232: ...istory command Per second CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per second last 60 seconds average CPU load Per minute CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per minute last 60 minutes average CPU load maximum Per 30 minute CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per 30 minutes last 60 values 30 hours a...

Страница 233: ...nd Reference for IX5 28GPX 233 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW CPU HISTORY Related Commands show memory show memory allocations show memory pools show process ...

Страница 234: ...ed Exec Usage This command displays all debugging information similar to the way the show tech support command displays all show output for use by Allied Telesis authorized service personnel only Example To display all debugging information use the command awplus show debugging Output Figure 6 5 Example output from the show debugging command awplus show debugging AAA debugging status Authenticatio...

Страница 235: ...d awplus show ecofriendly Front panel port LEDs normal Energy efficient ethernet Port Name Configured Status port1 0 1 Port 1 lpi lpi port1 0 2 lpi lpi port1 0 3 lpi lpi port1 0 4 off off port1 0 5 lpi off port1 0 6 Port 6 off off port1 0 7 off port1 0 8 off port1 0 9 off port1 0 10 off Table 3 Parameters in the output of the show ecofriendly command Parameter Description normal The eco friendly L...

Страница 236: ...riding the configuration set with the ecofriendly led command Power to the port LEDs is disabled Port Displays the port number as assigned by the switch Name Displays the port name if a name is configured for a port number Configured The eco friendly LPI feature is configured on the port Either LPI or off is displayed Status The eco friendly LPI feature is active on the port Either LPI or off is d...

Страница 237: ... interface port list memory Mode User Exec and Privileged Exec Example To display the shared memory used by all interfaces use the command awplus show interface memory To display the shared memory used by port1 0 1 and port1 0 5 to port1 0 6 use the command awplus show interface port1 0 1 port1 0 5 1 0 6 memory Parameter Description port list Display information about only the specified port or po...

Страница 238: ...f show interface status show interface switchport awplus show interface memory Vlan blocking state shared memory usage Interface shmid Bytes Used nattch Status port1 0 1 393228 512 1 port1 0 2 458766 512 1 port1 0 3 360459 512 1 port1 0 4 524304 512 1 port1 0 5 491535 512 1 port1 0 6 557073 512 1 lo 425997 512 1 po1 1179684 512 1 po2 1212453 512 1 sa3 1245222 512 1 awplus show interface port1 0 1 ...

Страница 239: ... processes use the command awplus show memory Output Figure 6 9 Example output from show memory Parameter Description stack ID Stack member number from 1 to 8 sort Changes the sorting order for the list of processes If you do not specify this then the list is sorted by percentage memory utilization size Sort by the amount of memory the process is currently using peak Sort by the amount of memory t...

Страница 240: ...he show memory command Parameter Description Stack member Stack member number RAM total Total amount of RAM memory free free Available memory size buffers Memory allocated kernel buffers pid Identifier number for the process name Short name used to describe the process mem Percentage of memory utilization the process is currently using size Amount of memory currently used by the process peak Great...

Страница 241: ...the memory allocations used by all processes on your device use the command awplus show memory allocations Output Figure 6 10 Example output from the show memory allocations command Parameter Description process Displays the memory allocation used by the specified process awplus show memory allocations Memory allocations for imi Current 15093760 peak 15093760 Statically allocated memory binary exe...

Страница 242: ...or IX5 28GPX 242 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW MEMORY ALLOCATIONS Related Commands show memory show memory history show memory pools show memory shared show tech support ...

Страница 243: ...tack ID Mode User Exec and Privileged Exec Usage This command s output displays three graphs of the percentage memory utilization per second for the last minute then per minute for the last hour then per 30 minutes for the last 30 hours Examples To show a graph displaying the historical memory usage for either a single unstacked device or a complete stack use the command awplus show memory history...

Страница 244: ...OW MEMORY HISTORY Output Figure 6 11 Example output from the show memory history command Related Commands show memory allocations show memory pools show memory shared show tech support STACK member 1 Per minute memory utilization history 100 90 80 70 60 50 40 30 20 10 Oldest Newest Memory utilization per minute last 60 minutes average memory utilisation ...

Страница 245: ...he memory pools used by processes use the command awplus show memory pools Output Figure 6 12 Example output from the show memory pools command Related Commands show memory allocations show memory history show tech support Parameter Description process Displays the memory pools used by the specified process awplus show memory pools Memory pools for imi Current 15290368 peak 15290368 Statically all...

Страница 246: ...are Plus Feature Overview and Configuration Guide Syntax show memory shared Mode User Exec and Privileged Exec Example To display information about the shared memory allocation used on the device use the command awplus show memory shared Output Figure 6 13 Example output from the show memory shared command Related Commands show memory allocations show memory history show memory awplus show memory ...

Страница 247: ...nd Privileged Exec Usage This command displays a snapshot of currently running processes If you want to see CPU or memory utilization history instead use the commands show cpu history or show memory history Example To display a summary of the current running processes use the command awplus show process To display a summary of the current running processes on stack member 2 use the command awplus ...

Страница 248: ... ng 1 0 0 16 sleep 88 kernel threads pid name cpu pri state sleep 71 aio 0 0 20 sleep 0 3 events 0 0 10 sleep 98 Table 5 Parameters in the output from the show process command Parameter Description Stack member Stack member number CPU averages Average CPU utilization for the periods stated System load averages The average number of processes waiting for CPU time for the periods stated Current CPU ...

Страница 249: ...NFIGURATION AND MONITORING COMMANDS SHOW PROCESS Related Commands show cpu show cpu history pri Process priority state Process state one of run sleep stop zombie or dead sleep Percentage of time the process is in the sleep state Table 5 Parameters in the output from the show process command cont Parameter Description ...

Страница 250: ...quest 2016 10 10 01 35 31 Expected User Request 2016 10 10 01 16 25 Unexpected Rebooting due to critical process network nsm failure 2016 10 10 01 11 04 Unexpected Rebooting due to critical process network nsm failure 2016 10 09 20 46 40 Unexpected Rebooting due to VCS duplicate member ID 2016 10 09 19 56 16 Expected User Request 2016 10 09 20 36 06 Unexpected Rebooting due to VCS duplicate master...

Страница 251: ...oot prevention show tech support Continuous reboot prevention A continuous reboot prevention event has occurred The action taken is configured with the continuous reboot prevention command The next time period during which reboot events are counted begins from this event User request User initiated reboot via the CLI Table 6 Parameters in the output from the show reboot history command Parameter D...

Страница 252: ...UTER ID show router id Overview Use this command to show the Router ID of the current system Syntax show router id Mode User Exec and Privileged Exec Example To display the Router ID of the current system use the command awplus show router id Output Figure 6 16 Example output from the show router id command awplus show router id Router ID 10 55 0 2 automatic ...

Страница 253: ...show system Mode User Exec and Privileged Exec Example To display configuration information use the command awplus show system Output Figure 6 17 Example output from show system Related Commands show system environment awplus show system System Status Mon Nov 16 08 42 16 2015 Board ID Bay Board Name Rev Serial number Base 386 IX5 28GPX X5 0 A25DD5002 PSU 335 PSU1 PWR800 C 0 421LC7023 RAM Total 495...

Страница 254: ...iew and Configuration Guide Syntax show system environment Mode User Exec and Privileged Exec Example To display the system s environmental status use the command awplus show system environment Output Figure 6 18 Example output from the show system environment command Related Commands show system Stack Environment Monitoring Status Stack member 1 Overall Status Normal Resource ID 1 Name x510 28GTX...

Страница 255: ...ts Mode User Exec and Privileged Exec Example To display information about the number of interrupts for each IRQ in your device use the command awplus show system interrupts Output Figure 6 19 Example output from the show system interrupts command Related Commands show system environment awplus show system interrupts CPU0 5 10428098 Enabled 0 MIPS linux kernel bde 6 0 Enabled 0 MIPS bcma usb ohci ...

Страница 256: ...o display the physical MAC address enter the following command awplus show system mac Output Figure 6 20 Example output from the show system mac command Output Figure 6 21 Example output showing how to use the stack virtual mac command and the show system mac command Related Commands stack virtual mac awplus show system mac eccd 6d9d 4eed system awplus configure terminal Enter configuration comman...

Страница 257: ... 32 bit non prefetchable size 64M 00 0d 0 Class 0200 11ab 00d1 rev 01 Flags bus master 66Mhz medium devsel latency 128 IRQ 116 Memory at 57fff000 32 bit non prefetchable size 4K Memory at 50000000 32 bit non prefetchable size 64M Member1 show system pci device 00 00 0 Class 0600 14e4 5300 rev 01 Subsystem 14e4 5300 Flags bus master fast devsel latency 0 IRQ 5 Memory at 18000000 64 bit non prefetch...

Страница 258: ...ommand to display the PCI tree on your device Syntax show system pci tree Mode User Exec and Privileged Exec Example To display information about the PCI tree on your device use the command awplus show system pci tree Output Figure 6 23 Example output from the show system pci tree command Related Commands show system environment show system pci device awplus show system pci tree 00 0c 0 11ab 00d1 ...

Страница 259: ...ion for the device For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show system serialnumber Mode User Exec and Privileged Exec Example To display the serial number information for the device use the command awplus show system serialnumber Output Figure 6 24 Example output from the show system serial...

Страница 260: ...cpsn epsr firewall igmp ip ipv6 mld openflow ospf ospf6 pim rip ripng stack stp system tacacs update outfile filename Parameter Description all Display full information atmf Display ATMF specific information auth Display authentication related information bgp Display BGP related information card Display Chassis Card specific information dhcpsn Display DHCP Snooping specific information epsr Displa...

Страница 261: ... already exists a newfilenameis generated withthe current timestamp If the output filename does not end with gz then gz is appended to the filename Since output files may be too large for Flash on the device we recommend saving files to external memory or a TFTP server whenever possible to avoid device lockup This method is not likely to be appropriate when running the working set option of AMF ac...

Страница 262: ...iguration Usage This command is used to change the console asyn port speed Set the console speed to matchthetransmissionrateofthe device connectedto theconsole asyn port on your device Example To set the terminal console asyn0 port speed from the device to 57600 bps then exit the session use the commands awplus configure terminal awplus config line console 0 awplus config line speed 57600 awplus c...

Страница 263: ...and Reference for IX5 28GPX 263 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SPEED ASYN Related Commands clear line console line show running config show startup config speed ...

Страница 264: ... 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SYSTEM TERRITORY DEPRECATED system territory deprecated Overview This command has been deprecated in Software Version 5 4 4 0 1 and later It now has no effect It is no longer useful to specify a system territory so there is no alternative command ...

Страница 265: ...minal or use the timeout option to stop displaying debugging output on the terminal after a set time Syntax terminal monitor 1 60 terminal no monitor Default Disabled Mode User Exec and Privileged Exec Examples To display debugging output on a terminal enter the command awplus terminal monitor To specify timeout of debugging output after 60 seconds enter the command awplus terminal monitor 60 To s...

Страница 266: ...nd Reference for IX5 28GPX 266 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS UNDEBUG ALL undebug all Overview This command applies the functionality of the no debug all command ...

Страница 267: ...s in optical power received over fiber cables For more information see the Pluggables and Cabling Feature Overview and Configuration Guide Command List clear test cable diagnostics tdr on page 268 debug fiber monitoring on page 269 fiber monitoring action on page 271 fiber monitoring baseline on page 272 fiber monitoring enable on page 274 fiber monitoring interval on page 275 fiber monitoring sen...

Страница 268: ...cable diagnostics tdr Overview Use this command to clear the results of the last cable test that was run Syntax clear test cable diagnostics tdr Mode Privileged Exec Examples To clear the results of a previous cable diagnostics test use the following commands awplus clear test cable diagnostics tdr Related Commands show test cable diagnostics tdr test cable diagnostics tdr interface ...

Страница 269: ...c Privileged Exec Usage While debugging is enabled by this command for a port all the optical power readings for the port are sent to the console Example To enable debugging messages for active fiber monitoring of port 1 0 2 to be sent to the console use the commands awplus debug fiber monitoring interface port 1 0 2 awplus terminal monitor To disable debugging messages for active fiber monitoring...

Страница 270: ...522 Fiber monitor port2 0 1 Channel 1 Reading 1748 Baseline 1708 Threshold 1356 01 42 52 awplus Pluggable 522 Fiber monitor port2 0 1 Channel 1 Reading 1717 Baseline 1709 Threshold 1357 01 42 54 awplus Pluggable 522 Fiber monitor port2 0 1 Channel 1 Reading 1780 Baseline 1709 Threshold 1357 01 42 56 awplus Pluggable 522 Fiber monitor port2 0 1 Channel 1 Reading 1685 Baseline 1710 Threshold 1358 01...

Страница 271: ...nly generates a log message Example To set the device to send an SNMP notification when ports 1 0 1 or 1 0 2 receive reduced power use the commands awplus config interface port1 0 1 1 0 2 awplus config if fiber monitoring action trap To set the device to send an SNMP notification and to shut down the port when ports 1 0 1 or 1 0 2 receive reduced power use the commands awplus config interface port...

Страница 272: ...aused by temperature fluctuations etc could lead to unnecessary alarms There are two ways to configure the baseline The first is to choose a number of readings to average This is the default and recommended method The second is to set a fixed value in units of x0 0001mW If a fixed value is required the easiest way is to enable fiber monitoring on the port and use the show system fiber monitoring c...

Страница 273: ... C Command Reference for IX5 28GPX 273 AlliedWare Plus Operating System Version 5 4 7 0 x PLUGGABLES AND CABLING COMMANDS FIBER MONITORING BASELINE Related Commands fiber monitoring interval fiber monitoring sensitivity ...

Страница 274: ...e or to remove all the configuration and state for the ports respectively Syntax fiber monitoring enable no fiber monitoring enable no fiber monitoring Default Active fiber monitoring is disabled by default Mode Interface Configuration mode for a fiber port Examples To enable active fiber monitoring on a ports 1 0 1 and 1 0 2 use the commands awplus config interface port1 0 1 1 0 2 awplus config i...

Страница 275: ... polling interval to the default 5 seconds Syntax fiber monitoring interval 2 60 no fiber monitoring interval Default The interval is set to 5 seconds by default Mode Interface configuration mode for a fiber port Example To set the fiber monitoring polling interval for port 1 0 2 to 30 seconds use the commands awplus config interface port1 0 2 awplus config if fiber monitoring interval 30 To reset...

Страница 276: ...ined levels in decibels or to a fixed absolute delta in units of 0 0001mW The alarm thresholds can be seen in the show system fiber monitoring output The maximum absolute sensitivity configurable is 0 0025 mW Note that 0 0025 mW equates to a reduction of approximately 1dB at the maximum attenuation of an AT SPLX10 1 Example To set the fiber monitoring sensitivity for port 1 0 2 to a relative sensi...

Страница 277: ...erence for IX5 28GPX 277 AlliedWare Plus Operating System Version 5 4 7 0 x PLUGGABLES AND CABLING COMMANDS FIBER MONITORING SENSITIVITY Related Commands fiber monitoring action fiber monitoring baseline show system fiber monitoring ...

Страница 278: ...onitoring awplus show sys fiber monitoring Fiber Monitoring Status Reading units 0 0001mW Stack member 1 Interface port1 0 1 Status enabled Supported Supported pluggable Debugging disabled Interval 2 seconds Sensitivity 1 00dB Baseline type average of last 35 values greater than 50 Status Baseline value 496 Alarm threshold 393 Alarm no Last 12 Readings 498 498 498 498 498 498 498 498 498 498 498 4...

Страница 279: ... sensitivity threshold for optical power changes on this port Baseline type How the baseline optical power level is calculated either the average of the specified number of previous readings or a specified fixed value in 0 0001mW Status Current values for the following parameters Baseline value The baseline value calculated according to the configured baseline method in 0 0001mW Alarm threshold Th...

Страница 280: ... 01 Rev C Command Reference for IX5 28GPX 280 AlliedWare Plus Operating System Version 5 4 7 0 x PLUGGABLES AND CABLING COMMANDS SHOW SYSTEM FIBER MONITORING fiber monitoring interval fiber monitoring sensitivity ...

Страница 281: ...luggable Example To display brief information about pluggable transceivers installed in port1 0 25 through port1 0 26 use the command awplus show system pluggable port1 0 25 1 0 26 Output Figure 7 3 Example output from show system pluggable port1 0 25 1 0 26 Parameter Description port list The ports to display information about The port list can be a switch port e g port1 0 25 a continuous range o...

Страница 282: ...nsceiver Serial Number Specifies the serial number for the installed pluggable transceiver Datecode Specifies the manufacturing datecode for the installed pluggable transceiver Checking the manufacturing datecode with the vendor may be useful when determining Laser Diode aging issues For more information see How To Troubleshoot Fiber and Pluggable Issues in the Getting Started with AlliedWare Plus...

Страница 283: ...detail command displays the following information SFP Laser Wavelength Specifies the laser wavelength of the installed pluggable transceiver Single mode Fiber Specifies the link length supported by the pluggable transceiver using single mode fiber OM1 62 5μ m Fiber Specifies the link length in meters m or kilometers km supported by the pluggable transceiver using 62 5 micron multi mode fiber OM2 5...

Страница 284: ...plus show system pluggable detail Output Figure 7 4 Example output from show system pluggable detail for a specific port on a device awplus show system pluggable port1 0 25 detail System Pluggable Information Detail Port1 0 25 Vendor Name AGILENT Device Name HFCT 5710L Device Revision A Device Type 1000BASE LX Serial Number 0402142241184360 Manufacturing Datecode 040214 SFP Laser Wavelength Link L...

Страница 285: ...lliedWare Plus Feature Overview and Configuration Guide SFP Laser Wavelength Specifies the laser wavelength of the installed pluggable transceiver Single Mode Fiber Specifies the link length supported by the pluggable transceiver using single mode fiber OM1 62 5um Fiber Specifies the link length in μm micron supported by the pluggable transceiver using 62 5 micron multi mode fiber OM2 50um Fiber S...

Страница 286: ...n optical SFP and SFP transceivers support Digital Diagnostics Monitoring DDM functions Diagnostic monitoring features allow you to monitor real time parameters of the pluggable transceiver such as optical output power optical input power temperature laser bias current and transceiver supply voltage Additionally RX LOS Loss of Signal is shown when the received optical level is below a preset thres...

Страница 287: ...Low 12 589 0 040 Rx LOS Rx Down Port1 0 26 Status Alarms Warnings Reading Alarm Max Min Warning Max Min Temp Degrees C 29 387 100 00 40 00 85 000 10 00 Vcc Volts 3 378 3 630 2 970 3 465 3 135 Tx Bias mA 2 802 6 000 1 000 5 000 1 000 Tx Power mW 2 900 11 000 0 600 10 000 0 850 Rx Power mW 1 739 18 000 0 000 10 000 0 200 Rx LOS Rx Up Table 8 Parameters in the output from the show system pluggables d...

Страница 288: ...ometer on a fixed copper cable port The displayed status of the cable can be either OK Open Short within pair Short across pair Error Syntax show test cable diagnostics tdr Mode Privileged Exec Examples To show the results of a cable diagnostics test use the following command awplus show test cable diagnostics tdr Output Figure 7 6 Example output from the show test cable diagnostics tdr command Re...

Страница 289: ...he displayed status of the cable can be either OK Short within pair or Open The Open or Short status is accompanied with the distance from the source port to the incorrect termination Syntax test cable diagnostics tdr interface interface Mode KEY mode_privexec Example To run a cable test on the cable inserted into port1 0 1 use the following command awplus test cable diagnostics tdr interface port...

Страница 290: ...on page 294 clear log permanent on page 295 default log buffered on page 296 default log console on page 297 default log email on page 298 default log host on page 299 default log monitor on page 300 default log permanent on page 301 log buffered on page 302 log buffered filter on page 303 log buffered exclude on page 306 log buffered size on page 309 log console on page 310 log console filter on ...

Страница 291: ...source on page 336 log host time on page 337 log monitor filter on page 339 log monitor exclude on page 342 log permanent on page 345 log permanent filter on page 346 log permanent exclude on page 349 log permanent size on page 352 log rate limit nsm on page 353 log trustpoint on page 355 show counter log on page 356 show exception log on page 357 show log on page 358 show log config on page 360 s...

Страница 292: ...G clear exception log Overview This command resets the contents of the exception log but does not remove the associated core files NOTE When this command is used within a stacked environment it will remove the contents of the exception logs in all stack members Syntax clear exception log Mode Privileged Exec Example awplus clear exception log ...

Страница 293: ...ents of the buffered and permanent logs NOTE When this command is used within a stacked environment it will remove the contents of the buffered and permanent logs in all stack members Syntax clear log Mode Privileged Exec Example To delete the contents of the buffered and permanent log use the command awplus clear log Related Commands clear log buffered clear log permanent show log ...

Страница 294: ...d log NOTE When this command is used within a stacked environment it will remove the contents of the buffered logs in all stack members Syntax clear log buffered Mode Privileged Exec Example To delete the contents of the buffered log use the following commands awplus clear log buffered Related Commands default log buffered log buffered log buffered filter log buffered size log buffered exclude sho...

Страница 295: ...TE When this command is used within a stacked environment it will remove the contents of the permanent logs in all stack members Syntax clear log permanent Mode Privileged Exec Example To delete the contents of the permanent log use the following commands awplus clear log permanent Related Commands default log permanent log permanent log permanent filter log permanent exclude log permanent size sh...

Страница 296: ...the buffered log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log buffered Default The buffered log is enabled by default Mode Global Configuration Example To restore the buffered log to its default settings use the following commands awplus configure terminal awplus config default log buffered Related Commands clear log buffered log buffered log bu...

Страница 297: ...ages sent to the terminal when a log console command is issued By default all messages are sent to the console when a log console command is issued Syntax default log console Mode Global Configuration Example To restore the log console to its default settings use the following commands awplus configure terminal awplus config default log console Related Commands log console log console filter log c...

Страница 298: ...ll be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log email email address Mode Global Configuration Example To restore the default settings for log messages sent to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config default log email admin alliedtelesis com Related Commands lo...

Страница 299: ...es will be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log host ip addr Mode Global Configuration Example To restore the default settings for messages sent to the remote syslog server with IP address 10 32 16 21 use the following commands awplus configure terminal awplus config default log host 10 32 16 21 Related Commands log host l...

Страница 300: ...sent to the terminal when a terminal monitor command is used Syntax default log monitor Default All messages are sent to the terminal when a terminal monitor command is used Mode Global Configuration Example To restore the log monitor to its default settings use the following commands awplus configure terminal awplus config default log monitor Related Commands log monitor filter log monitor exclud...

Страница 301: ...anent log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log permanent Default The permanent log is enabled by default Mode Global Configuration Example To restore the permanent log to its default settings use the following commands awplus configure terminal awplus config default log permanent Related Commands clear log permanent log permanent log per...

Страница 302: ...be deleted to make way for new ones Syntax log buffered no log buffered Default The buffered log is configured by default Mode Global Configuration Examples To configured the device to store log messages in RAM use the following commands awplus configure terminal awplus config log buffered To configure the device to not store log messages in a RAM buffer use the following commands awplus configure...

Страница 303: ... minimum severity of message to send to the buffered log The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning conditions 5 notices Normal but significant conditions 6 ...

Страница 304: ...otection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages to the buffered log by syslog facility facility Specify one of the following syslog facilities to include messages from in the buffered log kern Kernel messages user Random user level messages mail Mail system daemon System daemons a...

Страница 305: ...ter that sends all messages generated by EPSR that have a severity of notices or higher to the buffered log use the following commands awplus configure terminal awplus config no log buffered level notices program epsr To remove a filter that sends all messages containing the text Bridging initialization to the buffered log use the following commands awplus configure terminal awplus config no log b...

Страница 306: ...xclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning conditions 5 notices Normal bu...

Страница 307: ...d Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the following syslog facilities to exclude messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authorization messages syslog Messages...

Страница 308: ...2 01 Rev C Command Reference for IX5 28GPX 308 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG BUFFERED EXCLUDE log buffered log buffered filter log buffered size show log show log config ...

Страница 309: ...on has been filled old messages will be deleted to make room for new messages Syntax log buffered size 50 250 Mode Global Configuration Example To allow the buffered log to use up to 100 kB of RAM use the following commands awplus configure terminal awplus config log buffered size 100 Related Commands clear log buffered default log buffered log buffered log buffered filter log buffered exclude sho...

Страница 310: ...the no variant of this command to configure the device not to send log messages to consoles Syntax log console no log console Mode Global Configuration Examples To configure the device to send log messages use the following commands awplus configure terminal awplus config log console To configure the device not to send log messages in all consoles use the following commands awplus configure termin...

Страница 311: ...s or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning conditions 5 notices Normal but significant conditions 6 informational Informational messages 7 debugging Debug level messages program Filter messages by program Include m...

Страница 312: ...generated by EPSR that have a severity of notices or higher to consoles use the following commands awplus configure terminal awplus config no log console level notices program epsr loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages by syslog facility facility Specify one of the following syslog facilities to include messages from kern...

Страница 313: ...COMMANDS LOG CONSOLE FILTER To remove a default filter that includes sending critical alert and emergency level messages to the console use the following commands awplus configure terminal awplus config no log console level critical Related Commands default log console log console log console exclude show log config ...

Страница 314: ...text string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnin...

Страница 315: ...on Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the following syslog facilities to exclude messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authorization messages syslo...

Страница 316: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 316 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG CONSOLE EXCLUDE log console log console filter show log config ...

Страница 317: ...s Default By default no filters are defined for email log targets Filters must be defined before messages will be sent Mode Global Configuration Example To have log messages emailed to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config log email admin alliedtelesis com Related Commands default log email log email filter log email exclude lo...

Страница 318: ...The email address to send logging messages to level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4...

Страница 319: ...mon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages by syslog facility facility Specify one of the following syslog facilities to include messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authorization messages syslog Messages generated internal...

Страница 320: ...el informational To stop the device emailing log messages emailed to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config no log email admin homebase com To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to the email address admin homebase com use the following commands awplus configure ter...

Страница 321: ...msgtext text string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions ...

Страница 322: ...R rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the following syslog facilities to exclude messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authorization messages syslog Messages generated ...

Страница 323: ...v C Command Reference for IX5 28GPX 323 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG EMAIL EXCLUDE Related Commands default log email log email log email filter log email time show log config ...

Страница 324: ... Use the offset option if the email recipient is in a different time zone to this device Specify the time offset of the email recipient in hours Messages will display the time they were generated on this device but converted to the time zone of the email recipient Parameter Description email address The email address to send log messages to time Specify the time difference between the email recipi...

Страница 325: ...information converted to the time zone of the email recipient which is 3 hours ahead of the device s local time zone use the following commands awplus configure terminal awplus config log email admin base com time local offset plus 3 To send messages to the email address user remote com with the time information converted to the time zone of the email recipient which is 3 hours behind the device s...

Страница 326: ... Configuration Usage Specifying different facilities for log messages generated on different devices can allow messages from multiple devices sent to a common server to be distinguished from each other Ordinarily the facility values generated in log messages have meanings as shown in the following table Using this command will override these meanings and the new meanings will depend on the use you...

Страница 327: ...ity local6 Related Commands show log config ftp FTP daemon local 0 7 The facility labels above have specific meanings while the local facility labels are intended to be put to local use In AlliedWare Plus some of these local facility labels are used in log messages In particular local5 is assigned to log messages generated by UTM Firewall security features Table 8 1 Ordinary meanings of the facili...

Страница 328: ...chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application The remote server may also request that a certificate is transmitted from the local device In this situation the first trustpoint added to the syslog application will be transmitted to the remote server Examples To configurethedeviceto send log messages to a remotesecuresyslog ser...

Страница 329: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 329 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG HOST log host time log trustpoint show log config ...

Страница 330: ... IP address of a remote syslog server level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warning...

Страница 331: ... initialization imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages by syslog facility facility Specify one of the following syslog facilities to include messages from kern Kernel messages user Random user level message...

Страница 332: ...se the following commands awplus configure terminal awplus config no log host 10 32 16 21 level notices program epsr To remove a filter that sends all messages containing the text Bridging initialization to a remote syslog server with IP address 10 32 16 21 use the following commands awplus configure terminal awplus config no log host 10 32 16 21 msgtext Bridging initialization To remove a filter ...

Страница 333: ... string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings W...

Страница 334: ...itched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the following syslog facilities to exclude messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authorization messages syslog Mes...

Страница 335: ...50152 01 Rev C Command Reference for IX5 28GPX 335 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG HOST EXCLUDE log host log host filter log host source log host time show log config ...

Страница 336: ...o variant of this command to stop specifying a source interface or address Syntax log host source interface name ipv4 addr ipv6 addr no log host source Default None no source is configured Mode Global Configuration Example To send syslog messages from 192 168 1 1 use the commands awplus configure terminal awplus config log host source 192 168 1 1 Related Commands default log host log host log host...

Страница 337: ...remote syslog server in hours Messages will display the time they were generated on this device but converted to the time zone of the remote syslog server Examples To send messages to the remote syslog server with the IP address 10 32 16 21 in the same time zone as the device s local time zone use the following commands awplus configure terminal awplus config log host 10 32 16 21 time local 0 Para...

Страница 338: ...me zone use the following commands awplus configure terminal awplus config log host 10 32 16 12 time local offset plus 3 To send messages to the remote syslog server with the IP address 10 32 16 02 with the time information converted to the time zone of the email recipient which is 3 hours behind the device s UTC time zone use the following commands awplus configure terminal awplus config log host...

Страница 339: ...llowing numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning conditions 5 notices Normal but significant conditions 6 informational Informational messages 7 debugging Debug level messages program Filter messages by pro...

Страница 340: ...er to the terminal use the following commands awplus configure terminal awplus config no log monitor level notices program epsr rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages by syslog facility facility Specify one of the following syslog facilities to include messages from kern Kernel messages user Random u...

Страница 341: ... 0 x LOGGING COMMANDS LOG MONITOR FILTER To remove a default filter that includes sending everything to the terminal use the following commands awplus configure terminal awplus config no log monitor level debugging Related Commands default log monitor log monitor exclude show log config terminal monitor ...

Страница 342: ... text string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warni...

Страница 343: ...on Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the following syslog facilities to exclude messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authorization messages syslo...

Страница 344: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 344 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG MONITOR EXCLUDE log monitor filter show log config terminal monitor ...

Страница 345: ...to make way for new messages The no variant of this command configures the device not to send any messages to the permanent log Log messages will not be retained over a restart Syntax log permanent no log permanent Mode Global Configuration Examples To enable permanent logging use the following commands awplus configure terminal awplus config log permanent To disable permanent logging use the foll...

Страница 346: ...evel The minimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning conditions 5 notices Normal but significant conditions 6 informationa...

Страница 347: ...ands awplus configure terminal awplus config log permanent msgtext Bridging initialization epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages by syslog facility facility Specify one of the following syslog facilities to include messages from kern Kernel messages user ...

Страница 348: ...28GPX 348 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG PERMANENT FILTER Related Commands clear log permanent default log permanent log permanent log permanent exclude log permanent size show log config show log permanent ...

Страница 349: ...on level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning conditions 5 notices...

Страница 350: ...hed Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the following syslog facilities to exclude messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authorization messages syslog Messag...

Страница 351: ...v C Command Reference for IX5 28GPX 351 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG PERMANENT EXCLUDE log permanent log permanent filter log permanent size show log config show log permanent ...

Страница 352: ... filled old messages will be deleted to make room for new messages Syntax log permanent size 50 250 Mode Global Configuration Example To allow the permanent log to use up to 100 kB of NVS use the following commands awplus configure terminal awplus config log permanent size 100 Related Commands clear log permanent default log permanent log permanent log permanent filter log permanent exclude show l...

Страница 353: ...is log rate limiting feature constrains the rate that log messages are generated by the device Notethatif withinthe giventimeinterval thenumberoflogmessages exceeds the limit then any excess log messages are discarded At the end of the time interval a single log message is generated indicating that log messages were discarded due to the log rate limit being exceeded Thus if the expectation is that...

Страница 354: ...liedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG RATE LIMIT NSM To return the device the default setting to generate up to 200 log messages per second use the following commands awplus configure terminal awplus config no log rate limit nsm ...

Страница 355: ...e certificate received from the remote server must have an issuer chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the trustpoint list will be unchanged If no log trustpoint is issued without specifying any trustpoints then all trustpoints will be disassociated from the application ...

Страница 356: ...eived P4 32 Total Received P5 312 Total Received P6 1602 Total Received P7 372 Table 9 Parameters in output of the show counter log command Parameter Description Total Received Total number of messages received by the log Total Received P0 Total number of Priority 0 Emergency messages received Total Received P1 Total number of Priority 1 Alert messages received Total Received P2 Total number of Pr...

Страница 357: ...e facility severity program pid message 2014 Jan 27 09 57 47 local7 debug awplus corehandler Process imish PID 3746 signal 11 core dumped to flash imish x610 5 4 3 3 7 1 1390816667 3746 tgz 2014 Jan 27 09 57 47 local7 debug awplus corehandler Process imish PID 2504 signal 11 core dumped to flash imish x610 5 4 3 3 7 1 1390816667 2504 tgz 2014 Jan 27 09 58 02 local7 debug awplus corehandler Process...

Страница 358: ...ion Usage If the optional tail parameter is specified only the latest 10 messages in the buffered log are displayed A numerical value can be specified after the tail parameter to select how many of the latest messages should be displayed The show log command is only available to users at privilege level 7 and above To set a user s privilege level use the command awplus config username name privile...

Страница 359: ... notice awplus kernel Linux version 2 6 32 12 at1 mak er awpmaker03 dl gcc version 4 3 3 Gentoo 4 3 3 r3 p1 2 pie 10 1 5 1 Wed Dec 8 11 53 40 NZDT 2010 2011 Aug 29 07 55 22 kern warning awplus kernel No pci config register base in dev tree using default 2011 Aug 29 07 55 23 kern notice awplus kernel Kernel command line console tty S0 9600 releasefile IX5 5 4 7 0 1 rel ramdisk 14688 bootversion 1 1...

Страница 360: ...le To display the logging configuration use the command awplus show log config Output Figure 8 4 Example output from the show log config command Facility default PKI trustpoints example_trustpoint Buffered log Status enabled Maximum size 100kb Filters 1 Level notices Program any Facility any Message text any 2 Level informational Program auth Facility daemon Message text any Statistics 1327 messag...

Страница 361: ...nnot be set at the same time If console logging is enabled then the terminal logging is turned off Related Commands show counter log show log show log permanent Host 10 32 16 21 Time offset 2 00 Offset type UTC Source Secured enabled Filters 1 Level critical Program any Facility any Message text any Statistics 1327 messages received 1 accepted by filter 2016 Oct 11 10 36 16 Email admin alliedteles...

Страница 362: ...permanent log permanent Parameter Description stack ID Stack member number from 1 to 8 tail Display only the latest log entries 10 250 Specify the number of log entries to display awplus show log permanent 2 Stack member 2 date time facility severity program pid message 2014 Feb 25 09 10 48 daemon crit awplus 2 HPI HOTSWAP Pluggable 2 0 51 hotswapped in AT StackXS 1 0 2014 Feb 25 09 10 48 daemon c...

Страница 363: ...2 01 Rev C Command Reference for IX5 28GPX 363 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS SHOW LOG PERMANENT log permanent filter log permanent exclude log permanent size show log config ...

Страница 364: ...G LOG show running config log Overview This command displays the current running configuration of the Log utility Syntax show running config log Mode Privileged Exec and Global Configuration Example To display the current configuration of the log utility use the command awplus show running config log Related Commands show log show log config ...

Страница 365: ...nce for IX5 28GPX 365 AlliedWare Plus Operating System Version 5 4 7 0 x Scripting Commands Introduction Overview This chapter provides commands used for command scripts Command List activate on page 366 echo on page 367 wait on page 368 ...

Страница 366: ...filename extension of either sh or scp only for the AlliedWare Plus CLI to activate the script file The sh filename extension indicates the file is an ASH script and the scp filename extension indicates the file is an AlliedWare Plus script Examples To activate a command script to run as a background process use the command awplus activate background test scp Related Commands configure terminal ec...

Страница 367: ...o the terminal followed by a blank line Syntax echo line Mode User Exec and Privileged Exec Usage This command may be useful in CLI scripts to make the script print user visible comments Example To echo the string Hello World to the console use the command awplus echo Hello World Output Related Commands activate wait Parameter Description line The string to echo Hello World ...

Страница 368: ... the command line Usage Use this command to pause script execution in an scp AlliedWare Plus script or an sh ASH script file executed by the activate command The script must contain an enable command because the wait command is only executed in the Privileged Exec mode Example See an scp script file extract below that will show port counters for interface port1 0 1 over a 10 second interval Relate...

Страница 369: ...chapter provides an alphabetical reference of commands used to configure and display interfaces Command List description interface on page 370 interface to configure on page 371 mru on page 373 mtu on page 375 show interface on page 377 show interface brief on page 380 show interface memory on page 381 show interface status on page 383 shutdown on page 385 ...

Страница 370: ...d to add a description to a specific port or interface Syntax description description Mode Interface Configuration Example The following example uses this command to describe the device that a switch port is connected to awplus configure terminal awplus config interface port1 0 2 awplus config if description Boardroom PC Parameter Description description Text describing the specific interface ...

Страница 371: ...ility and simplify management information gathering and filtering One example of this increased reliability is for OSPF to advertise a local loopback interface as an interface route into the network irrespective of the physical links that may be up or down at the time This provides a higher probability that the routing traffic will be received and subsequently forwarded Mode Global Configuration E...

Страница 372: ...0 x INTERFACE COMMANDS INTERFACE TO CONFIGURE The following example shows how to enter Interface mode to configure the local loopback interface awplus configure terminal awplus config interface lo awplus config if Related Commands ip address IP Addressing and Protocol show interface show interface brief ...

Страница 373: ... additional components Source and Destination addresses EtherType field Priority and VLAN tag fields FCS These additional components increase the frame size internally to 1522 bytes Syntax mru mru size no mru Default The default MRU size is 1500 bytes for switch ports Mode Interface Configuration for switch ports Usage Note that show interface output will only show MRU size for switch ports Exampl...

Страница 374: ...AlliedWare Plus Operating System Version 5 4 7 0 x INTERFACE COMMANDS MRU To restore the MRU size of 1500 bytes on port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no mru Related Commands show interface ...

Страница 375: ...device will send an ICMP destination unreachable 3 packet type and a fragmentation needed and DF set 4 code back to the source For IPv6 packets bigger than the MTU size of the transmitting VLAN interface an ICMP packet too big ICMP type 2 code 0 message is sent to the source Note that show interface output will only show MTU size for VLAN interfaces Examples To configure an MTU size of 1500 bytes ...

Страница 376: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 376 AlliedWare Plus Operating System Version 5 4 7 0 x INTERFACE COMMANDS MTU Related Commands show interface ...

Страница 377: ...ze for VLAN interfaces and MRU Maximum Received Unit size for switch ports Example To display configuration and status information for all interfaces use the command awplus show interface Parameter Description interface list The interfaces or ports to configure An interface list can be an interface such as a VLAN e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LAC...

Страница 378: ...dware is Ethernet address is 0000 cd24 daeb index 5001 metric 1 mru 1500 UP BROADCAST RUNNING MULTICAST current duplex full current speed 1000 configured duplex auto configured speed auto configured polarity auto current ecofriendly lpi configured ecofriendly lpi SNMP link status traps Sending Suppressed after 20 traps in 60 sec input packets 2396 bytes 324820 dropped 0 multicast packets 2370 outp...

Страница 379: ...ST RUNNING MULTICAST SNMP link status traps Disabled Bandwidth 1g input packets 295606 bytes 56993106 dropped 5 multicast packets 156 output packets 299172 bytes 67379392 multicast packets 0 broadcast packets 0 Time since last state change 0 days 14 22 39 Interface vlan2 Scope both Link is DOWN administrative state is UP Hardware is VLAN address is 0015 77e9 5c50 IPv4 address 192 168 2 1 24 broadc...

Страница 380: ... and Privileged Exec Output Figure 10 4 Example output from the show interface brief command Related Commands show interface show interface memory awplus show int brief Interface Status Protocol port1 0 1 admin up down port1 0 2 admin up down port1 0 3 admin up down port1 0 4 admin up down port1 0 5 admin up down port1 0 6 admin up running lo admin up running vlan1 admin up down vlan2 admin up dow...

Страница 381: ...rt list memory Mode User Exec and Privileged Exec Example To display the shared memory used by all interfaces use the command awplus show interface memory To display the shared memory used by port1 0 1 and port1 0 5 to port1 0 6 use the command awplus show interface port1 0 1 port1 0 5 1 0 6 memory Parameter Description port list Display information about only the specified port or ports The port ...

Страница 382: ...face status show interface switchport awplus show interface memory Vlan blocking state shared memory usage Interface shmid Bytes Used nattch Status port1 0 1 393228 512 1 port1 0 2 458766 512 1 port1 0 3 360459 512 1 port1 0 4 524304 512 1 port1 0 5 491535 512 1 port1 0 6 557073 512 1 lo 425997 512 1 po1 1179684 512 1 po2 1212453 512 1 sa3 1245222 512 1 awplus show interface port1 0 1 port1 0 5 1 ...

Страница 383: ...separated by a hyphen e g port1 0 1 1 0 6 or sa1 2 or po1 2 a comma separated list of ports and port ranges e g port1 0 1 port1 0 4 1 0 6 Do not mix switch ports static channel groups and dynamic LACP channel groups in the same list Table 2 Example output from the show interface port list status command awplus show interface port1 0 1 1 0 4 status Port Name Status Vlan Duplex Speed Type port1 0 1 ...

Страница 384: ...te promiscuous it displays the primary VLAN ID if it has one and promiscuous if it does not have a VLAN ID When the VLAN mode is private host it displays the primary and secondary VLAN IDs When the port is an Eth port it displays none there is no VLAN associated with it When the VLAN is dynamically assigned it displays the current dynamically assigned VLAN ID not the access VLAN ID or dynamic if i...

Страница 385: ...egator and its component ports as admin down While the aggregator is down the device accepts shutdown and no shutdown commands on component ports but these have no effect on port status Ports will not come up again while the aggregator is down Example To shut down port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if shutdown To bring up port1 0 2 ...

Страница 386: ...ence of commands used to configure Port Mirroring and Remote Mirroring also known as RSPAN For more information see the Mirroring Feature Overview and Configuration Guide Command List mirror interface on page 387 remote mirror interface on page 389 show mirror on page 391 show mirror interface on page 392 show remote mirror on page 393 switchport remote mirror egress on page 395 vlan mode remote m...

Страница 387: ... source switch ports to mirror A port list can be a port e g port1 0 2 a continuous range of ports separated by a hyphen e g port1 0 1 1 0 2 a comma separated list of ports and port ranges e g port1 0 1 port1 0 4 1 0 6 The source port list cannot include dynamic or static channel groups link aggregators direction Specifies whether to mirror traffic that the source port receives transmits or both b...

Страница 388: ... to mirror a subset of traffic from the mirrored port by using the copy to mirror parameter in hardware ACL commands Example To mirror traffic received and transmitted on port1 0 4 and port1 0 5 to destination port1 0 3 use the commands awplus configure terminal awplus config interface port1 0 3 awplus config if mirror interface port1 0 4 port1 0 5 direction both To enableusewiththeaccess list num...

Страница 389: ... remote mirror interface port list direction receive transmit no remote mirror interface none Default No ports are set to be remote mirrored by default Mode Interface Configuration Usage To prevent unwanted processing of mirrored traffic we recommend configuring remote monitoring on the receiving device before configuring it on the source device Parameter Description port list The ports from which...

Страница 390: ...e source device for remote mirroring remote mirror interface command All mirrored ports on a single device must use the same remote mirror VLAN and priority Access control lists can be used to mirror a subset of traffic from the mirrored port by using the copy to mirror parameter in hardware ACL commands Example To configure the source device to send all the traffic that it receives on remote mirr...

Страница 391: ...put Figure 11 1 Example output from the show mirror command Mirror Test Port Name port1 0 1 Mirror option Enabled Mirror direction both Monitored Port Name port1 0 2 Mirror Test Port Name port1 0 3 Mirror option Enabled Mirror direction receive Monitored Port Name port1 0 4 Mirror Test Port Name port1 0 3 Mirror option Enabled Mirror direction receive Monitored Port Name port1 0 1 Mirror Test Port...

Страница 392: ...e port Mode User Exec Privileged Exec and Interface Configuration Example To display port mirroring configuration for the port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if show mirror interface port1 0 4 Output Figure 11 2 Example output from the show mirror interface command Parameter Description port The monitored switch port to dis...

Страница 393: ...User priority 0 Monitored ports port1 0 1 direction both Remote mirror egress ports Remote mirror VLANs VLAN 259 Table 11 1 Parameters in the output from show remote mirror Parameter Description Remote mirror destination On the source device this displays information about the egress port for the mirrored traffic on the source device the remote mirroring VLAN ID this traffic is tagged with on egre...

Страница 394: ...or vlan Remote mirror egress ports On the destination device this displays the remote mirror egress ports the remote mirror VLANs they are associated with Remote mirror VLANs On source destination and intermediate devices this displays a list of any VLANs configured in remote mirror VLAN mode To see a list of the ports associated with these VLANs use the command show vlan brief Table 11 1 Paramete...

Страница 395: ...ored traffic we recommend configuring remote monitoring on the receiving device before configuring it on the source device This command would typically be used for the port that transmits the remote mirrored traffic to a device that will analyze it The port effectively functions as an access port in the remote mirror VLAN with the added feature of not allowing ingress traffic on the port Example T...

Страница 396: ...nfiguring the source device The remote mirror VLAN operates in a special mode all traffic on the remote mirror VLAN is flooded and no learning or CPU processing is done for packets in the VLAN BPDU packets link local packets used to control features like spanning tree or AMF are dropped on remote mirror VLANs Disabling the remote mirroring VLAN on the source switch does not prevent the mirrored pa...

Страница 397: ...50152 01 Rev C Command Reference for IX5 28GPX 397 AlliedWare Plus Operating System Version 5 4 7 0 x PORT MIRRORING AND REMOTE MIRRORING COMMANDS VLAN MODE REMOTE MIRROR VLAN switchport remote mirror egress ...

Страница 398: ...lus Operating System Version 5 4 7 0 x Interface Testing Commands Introduction Overview This chapter provides an alphabetical reference of commands used for testing interfaces Command List clear test interface on page 399 service test on page 400 test interface on page 401 ...

Страница 399: ...x clear test interface port list all Mode Privileged Exec Examples To clear the counters for port1 0 1 use the command awplus clear test interface port1 0 1 To clear the counters for all interfaces use the command awplus clear test interface all Related Commands test interface Parameter Description port list The ports to test A port list can be a switch port e g port1 0 6 a continuous range of por...

Страница 400: ...er entering this command enter Interface Configuration mode for the desired interfaces and enter the command test interface Do not test interfaces on a device that is part of a live network disconnect the device first Use the no variant of this command to stop the test service Syntax service test no service test Mode Global Configuration Example To put the device into a test state use the command ...

Страница 401: ...ed 100 NOTE Do not run test interface on live networks because this will degrade network performance Syntax test interface port list all time 1 60 cont no test interface port list all Mode Privileged Exec Parameter Description port list The ports to test A port list can be a switch port e g port1 0 6 a continuous range of ports separated by a hyphen e g port1 0 1 port1 0 6 a comma separated list o...

Страница 402: ... enter the following commands awplus config service test awplus config no spanning tree rstp enable bridge forward awplus config interface vlan1 awplus config if shutdown awplus config if end awplus test interface all To see the output use the commands awplus show test awplus show test count To start the test on all interfaces for 1 minute use the command awplus test interface all time 1 Related C...

Страница 403: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 403 AlliedWare Plus Operating System Version 5 4 7 0 x Part 2 Interfaces and Layer 2 ...

Страница 404: ...on page 408 clear mac address table dynamic on page 409 clear mac address table static on page 411 clear port counter on page 412 clear port security intrusion on page 413 debug loopprot on page 416 debug platform packet on page 417 duplex on page 419 flowcontrol switch port on page 420 linkflap action on page 422 loop protection loop detect on page 423 loop protection action on page 424 loop prot...

Страница 405: ...sabled on page 442 show interface switchport on page 443 show loop protection on page 444 show mac address table on page 446 show mac address table thrash limit on page 448 show platform on page 449 show platform classifier statistics utilization brief on page 451 show platform port on page 452 show port security interface on page 456 show port security intrusion on page 457 show storm control on ...

Страница 406: ...lex mode The flow control applied by the flowcontrol switch port command operates only on full duplex links whereas back pressure operates only on half duplex links If a port has insufficient capacity to receive further frames the device will simulate a collision by transmitting a CSMACD jamming signal from this port until the buffer empties The jamming signal causes the sending device to stop tra...

Страница 407: ...on 5 4 7 0 x SWITCHING COMMANDS BACKPRESSURE Todisablebackpressureflowcontroloninterfaceport1 0 2enterthefollowing commands awplus configure terminal awplus config interface port1 0 2 awplus config if backpressure off Validation Commands show running config show interface Related Commands duplex ...

Страница 408: ... Loop Protection counters Syntax clear loop protection interface port list counters Mode Privileged Exec Examples To clear the counter information for all interfaces awplus clear loop protection counters To clear the counter information for a single port awplus clear loop protection interface port1 0 1 counters Parameters Description interface The interface whose counters are to be cleared port li...

Страница 409: ...ac address table static command Note that an MSTP instance cannot be specified with the command clear mac address table static Examples This example shows how to clear all dynamically learned filtering database entries for all interfaces addresses VLANs awplus clear mac address table dynamic This example shows how to clear all dynamically learned filtering database entries when learned through dev...

Страница 410: ... ADDRESS TABLE DYNAMIC This example shows how to clear all dynamically learned filtering database entries whenlearnedthroughdeviceoperationforagivenMSTP instance1 on switchport interface port1 0 2 awplus clear mac address table dynamic interface port1 0 2 instance 1 Related Commands clear mac address table static show mac address table ...

Страница 411: ... all filtering database entries for a specific interface configured through the CLI awplus clear mac address table static interface port1 0 3 This example shows how to clear filtering database entries configured through the CLI for the mac address 0000 5E00 5302 awplus clear mac address table static address 0000 5E00 5302 Related Commands clear mac address table dynamic mac address table static sh...

Страница 412: ...T COUNTER clear port counter Overview Use this command to clear the packet counters of the port Syntax clear port counter port Mode Privileged Exec Example To clear the packet counter for port1 0 1 use the command awplus clear port counter port1 0 1 Related Commands show platform port Parameter Description port The port number or range ...

Страница 413: ...rusion interface port Mode Privileged Exec Examples To see the port security status on port1 0 1 use the following command awplus show port security interface port1 0 1 To see the intrusion list on port1 0 1 use the following command awplus show port security intrusion interface port1 0 1 Parameter Description port Specify the switch port from which the history of violated address entries will be ...

Страница 414: ...plus show port security intrusion interface port1 0 1 Table 2 Example output from the show port security intrusion command awplus show port security intrusion interface port1 0 1 Port Security Intrusion List Interface port1 0 1 1 intrusion s detected 801f 0200 19da Table 3 Example output from the show port security interface command awplus show port security interface port1 0 1 Port Security confi...

Страница 415: ...ating System Version 5 4 7 0 x SWITCHING COMMANDS CLEAR PORT SECURITY INTRUSION Related Commands show port security interface show port security intrusion switchport port security switchport port security aging switchport port security maximum switchport port security violation ...

Страница 416: ...pprot info msg pkt state nsm all Mode Privileged Exec and Global Configuration Example To enable debug for all state transitions use the command awplus debug loopprot state Related Commands show debugging loopprot undebug loopprot Parameter Description info General Loop Protection information msg Received and transmitted Loop Detection Frames LDFs pkt Echo raw ASCII display of received and transmi...

Страница 417: ...ce packets sent and received by the CPU If a timeout is not specified then a default 5 minute timeout will be applied If a timeout of 0 is specified packet debug will be generated until the no variant of this command is used or another timeout value is specified The timeout value applies to both send and receive debug and is updated whenever the debug platform packet command is used Examples To en...

Страница 418: ... 5 minutes enter awplus debug platform packet sflow To enable send packet debug with no timeout enter awplus debug platform packet send timeout 0 To enable VLAN packet debug for VLAN 2 with a timeout duration of 3 minutes enter awplus debug platform packet vlan 2 timeout 150 To disable receive packet debug enter awplus no debug platform packet recv Related Commands show debugging platform packet u...

Страница 419: ...ce switch ports have been aggregated into a channel group you can set the duplex mode of all the switch ports in the channel group by applying this command to the channel group Examples To specify full duplex for port1 0 4 enter the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if duplex full To specify half duplex for port1 0 4 enter the following co...

Страница 420: ...nd cannot receive any more traffic it notifies the other port to stop sending until the condition clears When the local device detects congestion at its end it notifies the remote device by sending a pause frame On receiving a pause frame the remote device stops sending data packets which prevents loss of data packets during the congestion period Flow control is not recommended when running QoS or...

Страница 421: ...terface port1 0 2 awplus config if flowcontrol receive on awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol send on awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol receive off awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol send off Related Commands backpressure show running con...

Страница 422: ...l shut down Use the no variant of this command to disable flapping detection at this rate Syntax linkflap action shutdown no linkflap action Default Linkflap action is disabled by default Mode Global Configuration Example To enable the linkflap action command on the device use the following commands awplus configure terminal awplus config linkflap action shutdown Parameter Description linkflap Glo...

Страница 423: ...erview and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To enable the loop detect mechanism on the switch and generate loop detect frames once every 5 seconds use the following commands awplus configure terminal awplus config loop protection loop detect ldf interval 5 Related Commands loop protection action loop protectio...

Страница 424: ...d overview information prior to applying this command Example To disable the interface port1 0 4 and bring the link down when a network loop is detected use the commands awplus configure terminal awplus config interface port1 0 4 awplus config if loop protection action link down Related Commands loop protection loop detect loop protection timeout show loop protection thrash limiting Parameter Desc...

Страница 425: ... variant of this command to reset the loop protection action delay time for an interface to default Syntax loop protection action delay time 0 86400 no loop protection action Default Action delay timer is disabled by default Mode Interface Configuration Example To configure a loop protection action delay time of 10 seconds on port 1 0 4 use the commands awplus configure terminal awplus config inte...

Страница 426: ...otection section in the Switching Feature Overview and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To configure a loop protection action timeout of 10 seconds for port1 0 4 use the command awplus configure terminal awplus config interface port1 0 4 awplus config if loop protection timeout 10 Related Commands loop protect...

Страница 427: ...ess table acquire Overview Use this command to enable MAC address learning on the device Use the no variant of this command to disable learning Syntax mac address table acquire no mac address table acquire Default Learning is enabled by default for all instances Mode Global Configuration Example awplus configure terminal awplus config mac address table acquire ...

Страница 428: ...ault of 300 seconds 5 minutes Syntax mac address table ageing time ageing timer none no mac address table ageing time Default The default ageing time is 300 seconds Mode Global Configuration Examples The following commands specify various ageing timeouts on the device awplus configure terminal awplus config mac address table ageing time 1000 awplus configure terminal awplus config mac address tabl...

Страница 429: ... address table logging no mac address table logging Default MAC address table logging is disabled by default Mode User Exec Privileged Exec Usage When MAC address table logging is enabled the switch produces the following messages Note that rapid changes may not be logged For example if an entry is added and then removed within a few seconds those actions may not be logged To see whether MAC addre...

Страница 430: ...ed traffic within a single VLAN Do not apply the mac address table static command to Layer 3 switched traffic passing from one VLAN to another VLAN Frames will not be discarded across VLANs because packets are routed across VLANs This command only works on Layer 2 traffic Example awplus configure terminal awplus config mac address table static 2222 2222 2222 forward interface port1 0 4 vlan 3 Rela...

Страница 431: ...disable thrash limiting Syntax mac address table thrash limit rate no mac address table thrash limit Default No thrash limiting Mode Global Configuration Usage Use this command to limit thrashing on the selected port range Example To apply a thrash limit of 100 MAC address flips per second awplus configure terminal awplus config mac address table thrash limit 100 Related Commands show mac address ...

Страница 432: ...tax platform hwfilter size ipv4 limited ipv6 ipv4 full ipv6 Default The default mode is ipv4 limited ipv6 Mode Global Configuration Example To configure hardware ACLs to filter IPv4 and IPv6 traffic use the following commands awplus configure terminal awplus config platform hwfilter size ipv4 full ipv6 Related Commands show platform ipv6 access list named IPv6 hardware ACL Parameter Description hw...

Страница 433: ...of inputs you must turn off the inputs you do not want Useful combinations of inputs include all four inputs MAC address IP address and Layer 4 port number MAC address and Ethertype MAC address only IP address and Layer 4 port number IP address only The following examples show how to configure some of these combinations Use the show platform command to verify this command s setting Parameter Descr...

Страница 434: ...ove Ethertype by entering awplus configure terminal awplus config no platform load balancing ethertype To use MAC addresses and Ethertype remove the IP inputs by entering awplus configure terminal awplus config no platform load balancing src dst ip src dest port To use MAC addresses only remove the other inputs by entering awplus configure terminal awplus config no platform load balancing src dst ...

Страница 435: ... mc flooding no platform stop unreg mc flooding Default This feature is disabled by default Mode Global Configuration Usage This command stops the periodic flooding of unknown or unregistered multicast packets when the Group Membership interval timer expires and there are no subscribers to a multicast group If there is multicast traffic in a VLAN without subscribers multicast traffic temporarily f...

Страница 436: ...To enable this feature and stop multicast packet flooding use the following commands awplus configure terminal awplus config platform stop unreg mc flooding To disable this feature and allow multicast packet flooding use the following commands awplus configure terminal awplus config no platform stop unreg mc flooding Related Commands show platform show running config ...

Страница 437: ...d 1522 bytes you must increase the MRU size to activate VLAN stacking Go into interface mode for the appropriate ports and use the mru command Syntax platform vlan stacking tpid tpid no platform vlan stacking tpid Default The default TPID value is 0x8100 Mode Global Configuration Examples To set the VLAN stacking TPID value to 0x9100 use the following commands awplus configure terminal awplus conf...

Страница 438: ...y applies to copper 10BASE T 100BASE T and 1000BASE T switch ports it does not apply to fiber ports See the MDI MDIX Connection Modes section in the Switching Feature Overview and Configuration Guide for more information Example To set the polarity for port1 0 6 to fixed MDI mode use the following commands awplus configure terminal awplus config interface port1 0 6 awplus config if polarity mdi Pa...

Страница 439: ...DS SHOW DEBUGGING LOOPPROT show debugging loopprot Overview This command shows Loop Protection debugging information Syntax show debugging loopprot Mode User Exec and Privileged Exec Example To display the enabled Loop Protection debugging modes use the command awplus show debugging loopprot Related Commands debug loopprot ...

Страница 440: ...how debugging platform packet Overview This command shows platform to CPU level packet debugging information Syntax show debugging platform packet Mode User Exec and Privileged Exec Example To display the platform packet debugging information use the command awplus show debugging platform packet Related Commands debug platform packet undebug platform packet ...

Страница 441: ...lowcontrol interface port Mode User Exec and Privileged Exec Example To display the flow control for the port1 0 5 use the command awplus show flowcontrol interface port1 0 5 Output Figure 13 1 Example output from the show flowcontrol interface command for a specific interface Parameter Description port Specifies the name of the port to be displayed Port Send FlowControl Receive FlowControl RxPaus...

Страница 442: ...cols responsible for the shutdown Syntax show interface interface range err disabled Mode User Exec and Privileged Exec Example To show which protocols have shut down ports use the commands awplus show interface err disabled Output Figure 13 2 Example output from show interface err disabled Parameter Description interface range Interface range err disabled Brief summary of interfaces shut down by ...

Страница 443: ...vileged Exec Example To display VLAN information about each switch port enter the command awplus show interface switchport Output Figure 13 3 Example output from the show interface switchport command Related Commands show interface memory Interface name port1 0 1 Switchport mode access Ingress filter enable Acceptable frame types all Default Vlan 2 Configured Vlans 2 Interface name port1 0 2 Switc...

Страница 444: ...uration status use the command awplus show loop protection Figure 13 4 Example output from the show loop protection command To display the counter information use the command awplus show loop protection counters Figure 13 5 Example output from the show loop protection counters command Parameter Description interface The interface selected for display port list A port a port range or an aggregated ...

Страница 445: ...iedWare Plus Operating System Version 5 4 7 0 x SWITCHING COMMANDS SHOW LOOP PROTECTION awplus show loop protection counters Switch Loop Detection Counter Interface Tx Rx Rx Invalid Last LDF Rx port1 0 1 vlan1 60 0 0 port1 0 2 vlan1 0 0 0 port1 0 3 vlan1 0 0 0 ...

Страница 446: ...mple output captured when packets were switched and mac addresses were learned Note the new mac addresses learned for port1 0 4 and port1 0 6 added as dynamic entries Note the first column of the output below shows VLAN IDs if multiple VLANs are configured Also note manually configured static mac addresses are shown to the right of the type column awplus show mac address table VLAN Port MAC State ...

Страница 447: ...table static mac address table static mac address table vcs sync mode awplus config mac address table static 0000 1111 2222 for int port1 0 3 vlan 2 awplus config end awplus awplus show mac address table VLAN Port MAC State 1 unknown 0000 cd28 0752 static 1 port1 0 2 0030 846e bac7 dynamic 2 port1 0 3 0000 1111 2222 static 2 unknown 0000 cd28 0752 static 2 port1 0 5 0030 846e 9bf4 dynamic ARP 0000...

Страница 448: ...d to display the current thrash limit set for all interfaces on the device Syntax show mac address table thrash limit Mode User Exec and Privileged Exec Example To display the current use the following command awplus show mac address table thrash limit Output Figure 13 6 Example output from the show mac address table thrash limit command Related Commands mac address table thrash limit Thrash limit...

Страница 449: ...c32l stop unreg mc flooding off Vlan stacking TPID 0x8100 Hardware Filter Size ipv4 limited ipv6 Table 5 Parameters in the output of the show platform command Parameter Description MAC vlan hashing algorithm The MAC VLAN hash key generating algorithm set with the platform mac vlan hashing algorithm command The default algorithm is crc32l The algorithm may need to be changed in rare circumstances i...

Страница 450: ...he TPID set in the Ethernet type field when a frame has a double VLAN tag set with the platform vlan stacking tpid command Hardware Filter Size Whether hardware ACLs can filter on IPv6 addresses ipv4 full ipv6 or not ipv4 limited ipv6 This is set with the platform hwfilter size command Table 5 Parameters in the output of the show platform command cont Parameter Description ...

Страница 451: ...represents of the total available Syntax show platform classifier statistics utilization brief Mode Privileged Exec Example To display the platform classifier utilization statistics use the following command awplus show platform classifier statistics utilization brief Output Figure 13 8 Output from the show platform classifier statistics utilization brief command Related Commands show platform awp...

Страница 452: ...les To display port registers for port1 0 1 and port1 0 2 use the following command awplus show platform port port1 0 1 port1 0 2 To display platform counters for port1 0 1 and port1 0 2 use the following command awplus show platform port port1 0 1 port1 0 2 counters Parameter Description port list The ports to display information about A port list can be a continuous range of ports separated by a...

Страница 453: ...n for lport 0x08002003 Phy Driver 54680 Gigabit PHY Driver enabled 1 loopback 0 link 1 speed 1000 max speed 1000 duplex 1 linkscan 2 autonegotiate 1 master 2 tx pause 0 rx pause 0 untagged vlan 4000 vlan filter 3 stp state 4 learn 5 discard 0 jam 0 max frame size 1500 MC Disable SA no MC Disable TTL no MC egress untag 0 MC egress vid 1 MC TTL threshold 1 Table 6 Parameters in the output from the s...

Страница 454: ...et packets received and transmitted General Counters Receive Counters for traffic received Octets Number of octets received Pkts Number of packets received FCSErrors Number of FCS Frame Check Sequence error events received UnicastPkts Number of unicast packets received MulticastPkts Number of multicast packets received BroadcastPkts Number of broadcast packets received PauseMACCtlFrms Number of Pa...

Страница 455: ...ral Frame counter FrmWExcesDefer Transmit Multiple Deferral Frame counter SingleCollsnFrm Transmit Single Collision Frame counter MultCollsnFrm Transmit Multiple Collision Frame counter LateCollisions Transmit Late Collision Frame counter ExcessivCollsns Transmit Excessive Collision Frame counter Collisions Transmit Total Collision counter Layer 3 Counters ifInUcastPkts Inbound interface Unicast c...

Страница 456: ...Figure 13 10 Example output from the show port security interface command Related Commands clear port security intrusion show port security intrusion switchport port security switchport port security aging switchport port security maximum switchport port security violation Parameter Description port The port to display information about The port may be a switch port e g port1 0 4 a static channel ...

Страница 457: ...security intrusion interface port1 0 1 Output Figure 13 11 Example output from the show port security intrusion command for port 1 0 1 Related Commands clear port security intrusion show port security interface switchport port security switchport port security aging switchport port security maximum switchport port security violation Parameter Description interface Specify a port port The port to d...

Страница 458: ...r Exec and Privileged Exec Example To display storm control information for port1 0 2 use the following command awplus show storm control port1 0 2 Output Figure 13 12 Example output from the show storm control command for port1 0 2 Related Commands storm control level Parameter Description port The port to display information about The port may be a switch port e g port1 0 4 a static channel grou...

Страница 459: ...ate speed Usage Switch ports in a static or dynamic LACP channel group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group you can set the speed of all the switch ports in the channel group by applying this command to the channel group NOTE If multiple speeds are specified after the auto option to autonegotiate speeds then the device...

Страница 460: ...1000Mbps enter the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if speed auto 100 1000 To set the port to auto negotiate its speed at 1000Mbps only enter the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if speed auto 1000 Related Commands duplex ecofriendly lpi polarity show interface speed asyn ...

Страница 461: ...de Interface Configuration Usage Flooding techniques are used to block the forwarding of unnecessary flooded traffic A packet storm occurs when a large number of broadcast packets are received on a port Forwarding these packets can cause the network to slow down or time out Example To limit broadcast traffic on port1 0 2 to 30 of the maximum port speed use the following commands awplus configure t...

Страница 462: ...tax switchport port security no switchport port security Mode Interface Configuration Examples To enable the port security feature on port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if switchport port security To disable the port security feature on port1 0 4 use the following commands awplus configure terminal awplus config interface ...

Страница 463: ...Examples To set port1 0 4 so that the MAC addresses that have been learned by port security age out use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if switchport port security aging To stop the MAC addresses that have been learned by port security from aging out on port1 0 4 use the following commands awplus configure terminal awplus config inte...

Страница 464: ...t will be ignored and the specified intrusion action for the port will be carried out Syntax switchport port security maximum 0 256 no switchport port security maximum Mode Interface Configuration Examples To learn 3 MAC addresses on port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if switchport port security maximum 3 To remove the MAC...

Страница 465: ...olation action to default The default violation action is protect Syntax switchport port security violation shutdown restrict protect no switchport port security violation Mode Interface Configuration Examples To set the action to be shutdown on port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if switchport port security violation shutd...

Страница 466: ...ng this command Examples To set the action to learn disable for port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if thrash limiting action learn disable To block all traffic on a vlan use the following command awplus configure terminal awplus config thrash limiting action vlan disable To set the thrash limiting timeout to 5 seconds use ...

Страница 467: ...set the thrash limiting action to its default use the following command awplus config if no thrash limiting action To set the thrash limiting timeout to its default use the following command awplus config if no thrash limiting timeout Related Commands loop protection loop detect loop protection action loop protection timeout show loop protection ...

Страница 468: ... Command Reference for IX5 28GPX 468 AlliedWare Plus Operating System Version 5 4 7 0 x SWITCHING COMMANDS UNDEBUG LOOPPROT undebug loopprot Overview This command applies the functionality of the no debug loopprot command ...

Страница 469: ...ference for IX5 28GPX 469 AlliedWare Plus Operating System Version 5 4 7 0 x SWITCHING COMMANDS UNDEBUG PLATFORM PACKET undebug platform packet Overview This command applies the functionality of the no debug platform packet command ...

Страница 470: ... 476 private vlan association on page 477 show port vlan forwarding priority on page 478 show interface switchport vlan translation on page 479 show vlan on page 480 show vlan access map on page 481 show vlan classifier group on page 482 show vlan classifier group interface on page 483 show vlan classifier interface group on page 484 show vlan classifier rule on page 485 show vlan filter on page 4...

Страница 471: ...00 switchport trunk native vlan on page 503 switchport vlan translation on page 504 switchport vlan translation default drop on page 505 switchport vlan stacking double tagging on page 506 switchport voice dscp on page 507 switchport voice vlan on page 508 switchport voice vlan priority on page 511 vlan on page 512 vlan access map on page 513 vlan classifier activate on page 514 vlan classifier gr...

Страница 472: ...d interchangeably Syntax clear vlan statistics name instance_name Mode Privileged Exec Examples To reset all packet counters for the packet counter instance vlan2 data awplus clear vlan statistics name vlan2 data To reset all packet counters for all packet counter instances awplus clear vlan statistics Related Commands show vlan statistics vlan statistics Parameter Description vlan statistics The ...

Страница 473: ...onfiguration_Guide Syntax port vlan forwarding priority epsr loop protection none no port vlan forwarding priority Default By default the highest priority protocol is EPSR Mode Global Configuration Usage Only one of EPSR Loop Protection and MAC Thrashing protection usually needs to be configured on a switch because they perform similar functions each prevents network loops by blocking a selected p...

Страница 474: ...data VLAN configured to VLAN interface vlan30 Initially the EPSR ring is complete with port1 0 2 blocking data VLANs vlan20 and vlan30 and some broadcast traffic flowing through If the user removes vlan30 from EPSR a storm is created on vlan30 MAC thrashing protection detects it and blocks vlan30 Then after the storm has stopped MAC thrashing protection sets it to forwarding again and it keeps osc...

Страница 475: ...re terminal awplus config port vlan forwarding priority loop protection To set EPSR Loop Protection and MAC Thrashing protection protocols to have equal priority for port forwarding and blocking which allows the protocols to override each other to set a port to the forwarding or blocking states use the commands awplus configure terminal awplus config port vlan forwarding priority none To restore t...

Страница 476: ...ed primary Mode VLAN Configuration Examples awplus configure terminal awplus config vlan database awplus config vlan vlan 2 name vlan2 state enable awplus config vlan vlan 3 name vlan3 state enable awplus config vlan vlan 4 name vlan4 state enable awplus config vlan private vlan 2 primary awplus config vlan private vlan 3 isolated awplus config vlan private vlan 4 community awplus configure termin...

Страница 477: ...vlan id remove secondary vlan id no private vlan primary vlan id association Mode VLAN Configuration Examples The following commands associate primary VLAN 2 with secondary VLAN 3 awplus configure terminal awplus config vlan database awplus config vlan private vlan 2 association add 3 The following commands remove the association of primary VLAN 2 with secondary VLAN 3 awplus configure terminal aw...

Страница 478: ...tection is set as the highest priority for determining whether a port forwards a VLAN as set by the port vlan forwarding priority command For more information about EPSR see the EPSR Feature Overview and Configuration_Guide Syntax show port vlan forwarding priority Mode Privileged Exec Example To display the highest priority protocol use the command awplus show port vlan forwarding priority Output...

Страница 479: ... 1 Related Commands switchport vlan translation switchport vlan translation default drop Parameter Description interface int The interface to display information about An interface can be a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 awplus show interface switchport vlan translation port1 0 1 Interface port1 0 1 VLAN on Wire VLAN 1649 100 defaul...

Страница 480: ...d awplus show vlan 2 Output Figure 14 3 Example output from the show vlan command Related Commands vlan Parameter Description 1 4094 Display information about the VLAN specified by the VLAN ID all Display information about all VLANs on the device brief Display information about all VLANs on the device dynamic Display information about all VLANs learned dynamically static Display information about ...

Страница 481: ...LANs Syntax show vlan access map name Mode User Exec Privileged Exec Example To display the ACLs in all access maps use the command awplus show vlan access map Output Figure 14 4 Example output from show vlan access map Related Commands vlan access map Command changes Version 5 4 6 2 1 command added Parameter Description name The name of the access map to display awplus show vlan access map Vlan a...

Страница 482: ...r a specific group Syntax show vlan classifier group 1 16 Mode User Exec and Privileged Exec Usage If a group ID is not specified all configured VLAN classifier groups are shown If a group ID is specified a specific configured VLAN classifier group is shown Example To display information about VLAN classifier group 1 enter the command awplus show vlan classifier group 1 Related Commands vlan class...

Страница 483: ...t Mode User Exec and Privileged Exec Usage All configured VLAN classifier groups are shown for a single interface Example TodisplayVLANclassifiergroupinformationforswitchportinterface port1 0 2 enter the command awplus show vlan classifier group interface port1 0 2 Output Figure 14 5 Example output from the show vlan classifier group interface port1 0 1 command Related Commands vlan classifier gro...

Страница 484: ...all interfaces configured for all VLAN groups enter the command awplus show vlan classifier interface group To display information about all interfaces configured for VLAN group 1 enter the command awplus show vlan classifier interface group 1 Output Figure 14 6 Example output from the show vlan classifier interface group command Output Figure 14 7 Example output from the show vlan classifier inte...

Страница 485: ...ged Exec Usage If a rule ID is not specified all configured VLAN classifier rules are shown If a rule ID is specified a specific configured VLAN classifier rule is shown Example To display information about VLAN classifier rule 1 enter the command awplus show vlan classifier rule 1 Output Figure 14 8 Example output from the show vlan classifier rule1 command Related Commands vlan classifier activa...

Страница 486: ...de User Exec Privileged Exec Example To display information about the filter that uses the access map named deny_all use the command awplus show vlan filter deny_all Output Figure 14 9 Example output from show vlan filter Related Commands vlan access map vlan filter Command changes Version 5 4 6 2 1 command added Parameter Description access map name The name of an access map The command output di...

Страница 487: ...ion and associations Syntax show vlan private vlan Mode User Exec and Privileged Exec Example To display the private VLAN configuration and associations enter the command awplus show vlan private vlan Output Figure 14 10 Example output from the show vlan private vlan command Related Commands private vlan private vlan association awplus show vlan private vlan PRIMARY SECONDARY TYPE INTERFACES 2 3 i...

Страница 488: ...nces Syntax show vlan statistics name instance_name Mode User Exec and Privileged Exec Examples To display all packet counters for the packet counter instance vlan2 data awplus show vlan statistics name vlan2 data To display all packet counters for all packet counter instances awplus show vlan statistics Related Commands clear vlan statistics vlan statistics Table 14 2 Example output from the show...

Страница 489: ...itchports using the negated form of this command Mode Interface Configuration Usage Any untagged frame received on this port will be associated with the specified VLAN Examples To change the port based VLAN to VLAN 3 for port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if switchport access vlan 3 To reset the port based VLAN to the default VLAN 1...

Страница 490: ...orm Protection or EPSR Ethernet Protection Switching Ring Note that if the VID is not given all disabled VLANs are re enabled Syntax switchport enable vlan 1 4094 Mode Interface Configuration Example To re enable the port1 0 1 from VLAN 1 awplus configure terminal awplus config interface port1 0 1 awplus config if switchport enable vlan 1 Related Commands show mls qos interface storm status storm ...

Страница 491: ...ccess ingress filter enable disable Default By default ports are in access mode with ingress filtering on Usage Use access mode to send untagged frames only Mode Interface Configuration Example awplus configure terminal awplus config interface port1 0 2 awplus config if switchport mode access ingress filter enable Validation Command show interface switchport Parameter Description ingress filter Se...

Страница 492: ...ce port1 0 2 awplus config if switchport mode private vlan host awplus config interface port1 0 3 awplus config if switchport mode private vlan promiscuous awplus config interface port1 0 4 awplus config if no switchport mode private vlan promiscuous Related Commands switchport private vlan mapping Parameter Description host This port type can communicate with all other host ports assigned to the ...

Страница 493: ...private vlan trunk promiscuous Default By default a port in trunk mode is disabled as a promiscuous port Mode Interface Configuration Usage A port must be put in trunk mode with switchport mode trunk command before it can be enabled as a promiscuous port To add VLANs to be trunked over the promiscuous port use the switchport trunk allowed vlan command These VLANs can be isolated VLANs or non priva...

Страница 494: ... config vlan exit awplus config interface port1 0 2 awplus config if switchport mode trunk awplus config if switchport trunk allowed vlan add 2 4 awplus config if switchport mode private vlan trunk promiscuous group 3 To remove port1 0 2 in trunk mode as a promiscuous port for a private VLAN use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no switchport...

Страница 495: ...fault a port in trunk mode is disabled as a secondary port When a port in trunk mode is enabled to be a secondary port for isolated VLANs by default it will have a native VLAN of none no native VLAN specified Mode Interface Configuration Usage A port must be put in trunk mode with switchport mode trunk command before the port is enabled as a secondary port in trunk mode To add VLANs to be trunked ...

Страница 496: ...us config vlan private vlan 2 isolated awplus config vlan exit awplus config interface port1 0 3 awplus config if switchport mode trunk awplus config if switchport trunk allowed vlan add 2 awplus config if switchport mode private vlan trunk secondary group 3 To remove port1 0 3 in trunk mode as a secondary port use the commands awplus configure terminal awplus config interface port1 0 3 awplus con...

Страница 497: ...the default VLAN vlan1 and have ingress filtering on Mode Interface Configuration Usage Aportin trunkmodecan be a tagged member ofmultipleVLANs and anuntagged member of one native VLAN To configure which VLANs this port will trunk for use the switchport trunk allowed vlan command Example awplus configure terminal awplus config interface port1 0 3 awplus config if switchport mode trunk ingress filt...

Страница 498: ...ommand to remove the association Syntax switchport private vlan host association primary vlan id add secondary vlan id no switchport private vlan host association Mode Interface Configuration Examples awplus configure terminal awplus config interface port1 0 2 awplus config if switchport private vlan host association 2 add 3 awplus configure terminal awplus config interface port1 0 2 awplus config...

Страница 499: ...switchport private vlan mapping Mode Interface Configuration Usage This command can be applied to a switch port or a static channel group but not a dynamic LACP channel group LACP channel groups dynamic LACP aggregators cannot be promiscuous ports in private VLANs Examples awplus configure terminal awplus config interface port1 0 2 awplus config if switchport private vlan mapping 2 add 3 4 awplus ...

Страница 500: ...nd remove parameters will add and remove VLANs to and from the port s member set See the note below about restrictions when using the add remove except and all parameters Parameter Description all Allow all VLANs to transmit and receive through the port none Allow no VLANs to transmit and receive through the port add Add a VLAN to transmit and receive through the port Only use this parameter if a ...

Страница 501: ...he list of VLANs to remove instead of using the remove parameter as shown in the command example below awplus configure terminal awplus config interface port1 0 6 awplus config if switchport trunk allowed vlan except 3 4 Then the configuration is changed after entering the above commands to remove VLAN 3 To add a VLAN where the configuration for port1 0 6 shows the below output awplus show running...

Страница 502: ...mands to add VLAN 4 Examples The following shows adding a single VLAN to the port s member set awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk allowed vlan add 2 The following shows adding a range of VLANs to the port s member set awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk allowed vlan add 2 4 The foll...

Страница 503: ...ollowing commands show configuration of VLAN 2 as the native VLAN for port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk native vlan 2 The following commands show the removal of the native VLAN for interface port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk native vlan none Thefollowingcomman...

Страница 504: ... translation vlan wire vid vlan vid no switchport vlan translation all vlan wire vid Default None by default no translation entries exist Mode Interface Configuration for a switch port or a static channel group or a dynamic LACP channel group The interface must be in a mode that supports tagged packets Example To translate VLAN100 to VLAN200 on port 1 0 1 use the commands awplus configure terminal...

Страница 505: ...lation default drop Default Do not drop packets Mode Interface Configuration for a switch port or a static channel group or a dynamic LACP channel group The interface must be in a mode that supports tagged packets Example To drop inbound tagged packets arriving at port1 0 1 unless they match a VLAN translation entry use the commands awplus configure terminal awplus config interface port1 0 1 awplu...

Страница 506: ... Interface Configuration Usage Use VLAN stacking to separate traffic from different customers to that they can be managed over a provider network Note that you must also set an MRU of 1504 or higher on the customer edge port using the mru command Traffic with an extra VLAN header added by VLAN stacking cannot be routed Example To apply vlan stacking to the selected port configure it to be a custom...

Страница 507: ... advertised Mode Interface Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the port switchport voice vlan command The portis configured to transmitLLDP advertisements enabled by default lldp transmit receive command The port is configured to transmit Network Policy TLVs enabled by ...

Страница 508: ...network policy is advertised for voice devices Mode Interface Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the port using this command switchport voice vlan The portis configured to transmitLLDP advertisements enabled by default lldp transmit receive command The port is configur...

Страница 509: ...ged for VLAN 10 use the commands awplus configure terminal awplus config interface port1 0 5 awplus config if switchport voice vlan 10 To tell IP phones connected to ports 1 0 2 1 0 6 to send priority tagged packets 802 1p priority tagged with VID 0 so that they will be assigned to the port VLAN use the following commands The priority value is 5 by default but can be configured with the switchport...

Страница 510: ... AlliedWare Plus Operating System Version 5 4 7 0 x VLAN COMMANDS SWITCHPORT VOICE VLAN Related Commands egress vlan id egress vlan name lldp med tlv select spanning tree edgeport RSTP and MSTP switchport voice dscp switchport voice vlan priority show lldp ...

Страница 511: ...Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the port switchport voice vlan command The portis configured to transmitLLDP advertisements enabled by default lldp transmit receive command The port is configured to transmit Network Policy TLVs enabled by default lldp med tlv select command There...

Страница 512: ... mtu Default By default VLANs are enabled when they are created Mode VLAN Configuration Examples To enable vlan 45 use the commands awplus configure terminal awplus config vlan database awplus config vlan vlan 45 name accounts state enable To destroy vlan 45 use the commands awplus configure terminal awplus config vlan database awplus config vlan no vlan 45 Related Commands mtu vlan database show ...

Страница 513: ...AN ACLs and ACL processing order Use the no variant of this command to delete a VLAN access map Syntax vlan access map name no vlan access map name Default By default no VLAN access maps exist Mode Global Configuration Example To apply ACL 3001 to VLAN 48 where the ACL drops IP traffic from any source to any destination use the commands awplus configure terminal awplus config access list 3001 deny...

Страница 514: ...r Usage See the protocol based VLAN configuration example in the VLAN Feature Overview and Configuration Guide for configuration details Example To associate VLAN classifier group 3 with switch port1 0 3 enter the following commands awplus configure terminal awplus config interface port1 0 3 awplus config if vlan classifier activate 3 To remove VLAN classifier group 3 from switch port1 0 3 enter t...

Страница 515: ...VLAN classifier rules Syntax vlan classifier group 1 16 add delete rule vlan class rule id no vlan classifier group 1 16 Mode Global Configuration Example awplus configure terminal awplus config vlan classifier group 3 add rule 5 Related Commands show vlan classifier rule vlan classifier activate vlan classifier rule ipv4 vlan classifier rule proto Parameter Description 1 16 VLAN classifier group ...

Страница 516: ...classifier only matches IPv4 packets It does not match ARP packets To ensure ARP traffic is classified into the correct subnet VLAN you can use a hardwarebasedpolicymapthatsendsARPpacketstotheCPU whichwillthenprocess them appropriately This means that if you use subnet based VLANs you should also configure the following NOTE The policy map should be applied to each port that uses a subnet based VL...

Страница 517: ...decimal values The no variant of this command removes a previously set rule Syntax vlan classifier rule 1 256 proto protocol encap ethv2 nosnapllc snapllc vlan 1 4094 no vlan classifier rule 1 256 Parameter Description 1 256 VLAN Classifier identifier proto Protocol type protocol Specify a protocol either by its decimal number 0 65535 or by one of the following protocol names arp 2054 Address Reso...

Страница 518: ...rotocol g8bpqx25 2303 G8BPQ AX 25 protocol ieeeaddrtrans 2561 Xerox IEEE802 3 PUP Address ieeepup 2560 Xerox IEEE802 3 PUP protocol ip 2048 IP protocol ipv6 34525 IPv6 protocol ipx 33079 IPX protocol netbeui 61680 IBM NETBIOS NETBEUI protocol netbeui 61681 IBM NETBIOS NETBEUI protocol pppdiscovery 34915 PPPoE discovery protocol pppsession 34916 PPPoE session protocol rarp 32821 Reverse Address Res...

Страница 519: ...proto 2056 encap ethv2 vlan 2 awplus config vlan classifier rule 4 proto 2054 encap ethv2 vlan 2 Validation Output awplus show vlan classifier rule Related Commands show vlan classifier rule vlan classifier activate vlan classifier group vlan classifier rule 16 proto rarp encap ethv2 vlan 2 vlan classifier rule 8 proto encap ethv2 vlan 2 vlan classifier rule 4 proto arp encap ethv2 vlan 2 vlan cla...

Страница 520: ...er the VLAN Configuration mode Syntax vlan database Mode Global Configuration Usage Use this command to enter the VLAN configuration mode You can then add or delete a VLAN or modify its values Example In the following example note the change to VLAN configuration mode from Configure mode awplus configure terminal awplus config vlan database awplus config vlan Related Commands vlan ...

Страница 521: ...fault no VLAN filters exist Mode Global Configuration Example To apply ACL 3001 to VLAN 48 where the ACL drops IP traffic from any source to any destination use the commands awplus configure terminal awplus config access list 3001 deny ip any any awplus config vlan access map deny_all awplus config vlan access map match access group 3001 awplus config vlan access map exit awplus config vlan filter...

Страница 522: ...nected to a Microsoft Windows PC To avoid this we recommend disabling IGMP snooping on stack local VLANs by using the command no ip igmp snooping Examples To add a stack local VLAN with the VID of 4002 and assign it to stack member 2 use the following commands awplus configure terminal awplus config vlan database awplus config vlan vlan 4002 mode stack local vlan 2 awplus config vlan exit awplus c...

Страница 523: ...e Plus Operating System Version 5 4 7 0 x VLAN COMMANDS VLAN MODE STACK LOCAL VLAN To remove VLAN 4002 use the following commands awplus configure terminal awplus config vlan database awplus config vlan no vlan 4002 Related Commands ip igmp snooping mtu vlan database ...

Страница 524: ...support 128 packet counter instances These resources are also shared with other features such as QoS and ACLs Where the remaining resources are insufficient to support the VLAN Statistics feature the feature will not be enabled and an error message will display Examples Create a VLAN packet counter instance named vlan2 data and apply this to count incoming vlan2 tagged frames on ports 1 0 4 and 1 ...

Страница 525: ...move the remaining ports 1 0 2 to 1 0 4 from the packet counter instance named vlan2 data Note that because there are no ports associated with the vlan2 data this instance will be removed awplus config interface port1 0 2 port1 0 4 awplus config if no vlan statistics name vlan2 data Related Commands clear vlan statistics show vlan statistics ...

Страница 526: ...nd MSTP on page 529 debug mstp RSTP and STP on page 530 instance priority MSTP on page 534 instance vlan MSTP on page 536 region MSTP on page 538 revision MSTP on page 539 show debugging mstp on page 540 show spanning tree on page 541 show spanning tree brief on page 544 show spanning tree mst on page 545 show spanning tree mst config on page 546 show spanning tree mst detail on page 547 show span...

Страница 527: ... page 574 spanning tree guard root on page 575 spanning tree hello time on page 576 spanning tree link type on page 577 spanning tree max age on page 578 spanning tree max hops MSTP on page 579 spanning tree mode on page 580 spanning tree mst configuration on page 581 spanning tree mst instance on page 582 spanning tree mst instance path cost on page 583 spanning tree mst instance priority on page...

Страница 528: ...ge Use this command with the instance parameter in MSTP mode Specifying this command with the interface parameter only not the instance parameter will work in STP and RSTP mode Examples awplus clear spanning tree statistics awplus clear spanning tree statistics instance 1 awplus clear spanning tree statistics interface port1 0 2 awplus clear spanning tree statistics interface port1 0 2 instance 1 ...

Страница 529: ...w Use this command to clear the detected protocols for a specific port or all ports Use this command in RSTP or MSTP mode only Syntax clear spanning tree detected protocols interface port Mode Privileged Exec Example awplus clear spanning tree detected protocols Parameter Description port The port to clear detected protocols for The port may be a switch port e g port1 0 4 a static channel group e ...

Страница 530: ...1 Use the debug mstp topology change interface command to generate debugging messageswhen the device receives an indicationof a topology change in a BPDU from another device The debugging can be activated on a per port basis Although this command uses the keyword mstp it displays debugging output for RSTP and STP protocols as well as the MSTP protocol Due to the likely volume of output these debug...

Страница 531: ...is command uses the keyword mstp it displays debugging output for RSTP and STP protocols as well as the MSTP protocol Due to the likely volume of output these debug messages are best viewed using the terminal monitor command before issuing the relevant debug mstp command The default terminal monitor filter will select and display these messages Alternatively the messages can be directed to any of ...

Страница 532: ...ST int pathcost 0 17 23 42 awplus MSTP 1417 CIST bridge id 0000 0000cd1000fe 17 23 42 awplus MSTP 1417 CIST hops remaining 20 17 23 42 awplus MSTP 1417 MSTI flags Agree Forward Learn role Desig 17 23 42 awplus MSTP 1417 MSTI reg root id 8001 0000cd1000fe 17 23 42 awplus MSTP 1417 MSTI pathcost 0 17 23 42 awplus MSTP 1417 MSTI bridge priority 32768 port priority 128 17 23 42 awplus MSTP 1417 MSTI h...

Страница 533: ...bugging mstp terminal monitor undebug mstp awplus terminal monitor awplus debug mstp packet rx decode interface port1 0 4 awplus 17 30 17 awplus MSTP 1417 port1 0 4 xSTP BPDU rx start 17 30 17 awplus MSTP 1417 Protocol version RSTP BPDU type RST 17 30 17 awplus MSTP 1417 CIST Flags Forward Learn role Desig 17 30 17 awplus MSTP 1417 CIST root id 8000 0000cd1000fe 17 30 17 awplus MSTP 1417 CIST ext ...

Страница 534: ...instance MSTP selects the device with the lowest MAC address to be the root bridge Give the device a higher priority for becoming the root bridge for a particular instance by assigning it a lower priority number or vice versa Examples To set the root bridge priority for MSTP instance 2 to be the highest 0 so that it will be the root bridge for this instance when available use the commands awplus c...

Страница 535: ...X5 28GPX 535 AlliedWare Plus Operating System Version 5 4 7 0 x SPANNING TREE COMMANDS INSTANCE PRIORITY MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spanning tree mst instance spanning tree mst instance priority ...

Страница 536: ...MST Configuration Usage The VLANs must be created before being associated with an MST instance MSTI If the VLAN range is not specified the MSTI will not be created This command removes the specified VLANs from the CIST and adds them to the specified MSTI If you use the no variant of this command to remove the VLAN from the MSTI it returns it to the CIST To move a VLAN from one MSTI to another you ...

Страница 537: ...d Reference for IX5 28GPX 537 AlliedWare Plus Operating System Version 5 4 7 0 x SPANNING TREE COMMANDS INSTANCE VLAN MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spanning tree mst instance vlan ...

Страница 538: ... to the default Syntax region region name no region Default By default the region name is My Name Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example awplus configure terminal awplus config spanning tree mst configuration awplus config mst regio...

Страница 539: ... revision number Default The default of revision number is 0 Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example awplus configure terminal awplus config spanning tree mst configuration awplus config mst revision 25 Related Commands region MSTP s...

Страница 540: ...on on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mstp Mode User Exec and Privileged Exec mode Example To display the MSTP debugging options set enter the command awplus show debugging mstp Output Figure 15 1 Example output from show debugging mstp Related Commands debug mstp RSTP and STP MSTP debug...

Страница 541: ...ter has been included for RSTP and MSTP You can see the topology change counter for RSTP by using the show spanning tree command You can see the topology change counter for MSTP by using the show spanning tree mst instance command Example To display spanning tree information about port1 0 3 use the command awplus show spanning tree interface port1 0 3 Parameter Description interface Display inform...

Страница 542: ...imer 0 topo change timer 0 port1 0 1 forward transitions 0 port1 0 1 Version Rapid Spanning Tree Protocol Received None Send STP port1 0 1 No portfast configured Current portfast off port1 0 1 portfast bpdu guard default Current portfast bpdu guard off port1 0 1 portfast bpdu filter default Current portfast bpdu filter off port1 0 1 no root guard configured Current root guard off port1 0 1 Configu...

Страница 543: ...1 0 3 Designated Path Cost 0 port1 0 3 Configured Path Cost 200000 Add type Explicit ref count 1 port1 0 3 Designated Port Id 839f Priority 128 port1 0 3 Root 80000000cd20f093 port1 0 3 Designated Bridge 80000000cd20f093 port1 0 3 Message Age 0 Max Age 20 port1 0 3 Hello Time 2 Forward Delay 15 port1 0 3 Forward Timer 0 Msg Age Timer 0 Hello Timer 1 topo change timer 0 port1 0 3 forward transition...

Страница 544: ...he topology change counter for MSTP by using the show spanning tree mst instance command Example To display a summary of spanning tree status information use the command awplus show spanning tree brief Output Figure 15 4 Example output from show spanning tree brief Related Commands show spanning tree Parameter Description brief A brief summary of spanning tree information Default Bridge up Spannin...

Страница 545: ...e Configuration Example To display bridge level information about the CIST and VLAN to MSTI mappings enter the command awplus show spanning tree mst Output Figure 15 5 Example output from show spanning tree mst Related Commands show spanning tree mst interface 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward Delay 15 Hello Time 2 Max A...

Страница 546: ...age The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example To display MSTP configuration identifier information enter the command awplus show spanning tree mst config Output Figure 15 6 Example output from show spanning tree mst config Related Commands instance vlan MSTP regio...

Страница 547: ...f2d 1 CIST Reg Root Id 80000000cd24ff2d 1 CIST Bridge Id 80000000cd24ff2d 1 portfast bpdu filter disabled 1 portfast bpdu guard disabled 1 portfast errdisable timeout disabled 1 portfast errdisable timeout interval 300 sec port1 0 1 Port 5001 Id 8389 Role Disabled State Discarding port1 0 1 Designated External Path Cost 0 Internal Path Cost 0 port1 0 1 Configured Path Cost 20000000 Add type Explic...

Страница 548: ...gional Root 80000000cd24ff2d port1 0 3 Designated Bridge 80000000cd24ff2d port1 0 3 Message Age 0 Max Age 20 port1 0 3 CIST Hello Time 2 Forward Delay 15 port1 0 3 CIST Forward Timer 0 Msg Age Timer 0 Hello Timer 0 topo change timer 0 port1 0 3 forward transitions 0 port1 0 3 Version Multiple Spanning Tree Protocol Received None Send STP port1 0 3 No portfast configured Current portfast off port1 ...

Страница 549: ...rt e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward Delay 15 Hello Time 2 Max Age 20 Max hops 20 1 CIST Root Id 80000000cd24ff2d 1 CIST Reg Root Id 80000000cd24ff2d 1 CIST Bridge Id 80000000cd24ff2d 1 portfast bpdu filter disabled 1 portfast bpdu guard...

Страница 550: ... point Current shared Instance 2 Vlans 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 Id 838a Role Disabled State Discarding port1 0 2 Designated Internal Path Cost 0 Designated Port Id 838a port1 0 2 Configured Internal Path Cost 20000000 port1 0 2 Configured CST External Path cost 2000000...

Страница 551: ...xec Privileged Exec and Interface Configuration Example To display detailed information for instance 2 and all switch ports associated with that instance use the command awplus show spanning tree mst instance 2 Output Figure 15 9 Example output from show spanning tree mst instance Parameter Description instance id Specify an MSTP instance in the range 1 15 1 MSTI Root Path Cost 0 MSTI Root Port 0 ...

Страница 552: ...e mst instance 2 interface port1 0 2 Output Figure 15 10 Example output from show spanning tree mst instance Parameter Description instance id Specify an MSTP instance in the range 1 15 port The port to display information about The port may be a switch port e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Pri...

Страница 553: ...instance and all interfaces associated with them for port1 0 4 use the command awplus show spanning tree mst interface port1 0 4 Output Figure 15 11 Example output from show spanning tree mst interface Parameter Description port The port to display information about The port may be a switch port e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spanni...

Страница 554: ...rt e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward Delay 15 Hello Time 2 Max Age 20 Max hops 20 1 CIST Root Id 80000000cd24ff2d 1 CIST Reg Root Id 80000000cd24ff2d 1 CIST Bridge Id 80000000cd24ff2d 1 portfast bpdu filter disabled 1 portfast bpdu guard...

Страница 555: ... point Current shared Instance 2 Vlans 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 Id 838a Role Disabled State Discarding port1 0 2 Designated Internal Path Cost 0 Designated Port Id 838a port1 0 2 Configured Internal Path Cost 20000000 port1 0 2 Configured CST External Path cost 2000000...

Страница 556: ...isplay BPDU statistics for all spanning tree instances and all switch ports associated with all spanning tree instances use the command awplus show spanning tree statistics Output Figure 15 13 Example output from show spanning tree statistics Port number 915 Interface port1 0 6 BPDU Related Parameters Port Spanning Tree Disable Spanning Tree Type Rapid Spanning Tree Protocol Current Port State Dis...

Страница 557: ...lo timer INACTIVE Hello Time Value 0 Forward Delay Timer INACTIVE Forward Delay Timer Value 0 Message Age Timer INACTIVE Message Age Timer Value 0 Topology Change Timer INACTIVE Topology Change Timer Value 0 Hold Timer INACTIVE Hold Timer Value 0 Other Port Specific Info Max Age Transitions 1 Msg Age Expiry 0 Similar BPDUS Rcvd 0 Src Mac Count 0 Total Src Mac Rcvd 0 Next State Learning Topology Ch...

Страница 558: ...panning tree statistics instance instance id Mode Privileged Exec Example To display BPDU statistics information for MST instance 2 and all switch ports associated with that MST instance use the command awplus show spanning tree statistics instance 2 Output Figure 15 14 Example output from show spanning tree statistics instance Related Commands show spanning tree statistics Parameter Description i...

Страница 559: ...rmation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree statistics instance instance id interface port Mode Privileged Exec Example To display BPDU statistics for MST instance 2 interface port1 0 2 use the command awplus show spanning tree statistics instance 2 interface port1 0 2 Parameter Descr...

Страница 560: ... for Instance 1 INST_PORT port1 0 2 Information Statistics Config Bpdu s xmitted port inst 0 0 Config Bpdu s received port inst 0 0 TCN Bpdu s xmitted port inst 0 0 TCN Bpdu s received port inst 0 0 Message Age port Inst 0 0 port1 0 2 Forward Transitions 0 Next State Learning Topology Change Time 0 Other Inst Vlan Information Statistics Bridge Priority 0 Bridge Mac Address ec cd 6d 20 c0 ed Topolo...

Страница 561: ...bout each MST instance for port1 0 2 use the command awplus show spanning tree statistics interface port1 0 2 Output Figure 15 16 Example output from show spanning tree statistics interface Parameter Description port The port to display information about The port may be a switch port e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 awplus show spanning tree stat...

Страница 562: ...0 Message Age Timer INACTIVE Message Age Timer Value 0 Topology Change Timer INACTIVE Topology Change Timer Value 0 Hold Timer INACTIVE Hold Timer Value 0 Other Port Specific Info Max Age Transitions 1 Msg Age Expiry 0 Similar BPDUS Rcvd 0 Src Mac Count 0 Total Src Mac Rcvd 0 Next State Learning Topology Change Time 0 Other Bridge information Statistics STP Multicast Address 01 80 c2 00 00 00 Brid...

Страница 563: ...them including the VLAN range index value for the device Syntax show spanning tree vlan range index Mode Privileged Exec Example To display information about MST instances and the VLANs associated with them for the device including the VLAN range index value use the following command awplus show spanning tree vlan range index Output Figure 15 17 Example output from show spanning tree vlan range in...

Страница 564: ...an edge port If it does not receive any BPDUs in the first three seconds after linkup enabling or entering RSTP or MSTP mode it sets itself to be an edgeport and enters the forwarding state Use this command for RSTP or MSTP Use the no variant of this command to disable this feature Syntax spanning tree autoedge no spanning tree autoedge Default Disabled Mode Interface Configuration Example awplus ...

Страница 565: ...oprietary STP protocols with unsupported BPDUs by forwarding BDPU Bridge Protocol Data Unit frames unchanged through the switch You must disable RSTP with the no spanning tree rstp enable command before you can use this command When you want to revert to default behavior on the switch issue a spanning tree bdpu discard command and re enable Spanning Tree with a spanning tree rstp enable command Pa...

Страница 566: ...untagged frames in Global Configuration mode with STP disabled which forwards any ingress STP BPDU frames to all ports that are untagged members of the ingress port s native VLAN enter the commands awplus configure terminal awplus config no spanning tree rstp enable awplus config spanning tree bpdu forward untagged vlan To enable STP BPDU forwarding for tagged frames in Global Configuration mode w...

Страница 567: ...the switched LAN running the AlliedWare Plus Operating System must have Cisco interoperability enabled When the AlliedWare Plus Operating System is interoperating with Cisco the only criteria used to classify a region are the region name and revision level VLAN to instance mapping is not used to classify regions when interoperating with Cisco Examples To enable Cisco interoperability on a Layer 2 ...

Страница 568: ...tput of some show commands Use the no variant of this command to set a port to its default state not an edge port Syntax spanning tree edgeport no spanning tree edgeport Default Not an edge port Mode Interface Configuration Usage Use this command on a switch port connected to a LAN that has no other bridges attached If a BPDU is received on the port that indicates that another bridge is connected ...

Страница 569: ...the spanning tree mode is set to RSTP To change the mode see spanning tree mode command Examples To enable STP in Global Configuration mode enter the below commands awplus configure terminal awplus config spanning tree stp enable To disable STP in Global Configuration mode enter the below commands awplus configure terminal awplus config no spanning tree stp enable To enable MSTP in Global Configur...

Страница 570: ... Operating System Version 5 4 7 0 x SPANNING TREE COMMANDS SPANNING TREE ENABLE To disable RSTP in Global Configuration mode enter the below commands awplus configure terminal awplus config no spanning tree rstp enable Related Commands spanning tree bpdu spanning tree mode ...

Страница 571: ...tree errdisable timeout enable no spanning tree errdisable timeout enable Default By default the errdisable timeout is disabled Mode Global Configuration Usage The BPDU guard feature shuts down the port on receiving a BPDU on a BPDU guard enabled port This command associates a timer with the feature such that the port is re enabled without manual intervention after a set interval This interval can...

Страница 572: ...y the BPDU guard feature Use this command for RSTP or MSTP Syntax spanning tree errdisable timeout interval 10 1000000 no spanning tree errdisable timeout interval Default By default the port is re enabled after 300 seconds Mode Global Configuration Example awplus configure terminal awplus config spanning tree errdisable timeout interval 34 Related Commands show spanning tree spanning tree errdisa...

Страница 573: ...ode Interface Configuration mode for a switch port interface only Examples Set the value to enforce the spanning tree protocol STP awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree force version 0 Set the default protocol version awplus configure terminal awplus config interface port1 0 2 awplus config if no spanning tree force version Related Commands show...

Страница 574: ...ng to learning and from learning to forwarding This value is used only when the device is acting as the root bridge Devices not acting asthe RootBridgeuse adynamic valuefor the forwarddelayset by theroot bridge The forward delay max age and hello time parameters are interrelated Syntax spanning tree forward time forward delay no spanning tree forward time Default The default is 15 seconds Mode Glo...

Страница 575: ...se this command for RSTP STP or MSTP Use the no variant of this command to disable the root guard feature for the port Syntax spanning tree guard root no spanning tree guard root Mode Interface Configuration mode for a switch port interface only Usage The Root Guard feature makes sure that the port on which it is enabled is a designated port If the Root Guard enabled port receives a superior BPDU ...

Страница 576: ... restore the default of the hello time Syntax spanning tree hello time hello time no spanning tree hello time Default Default is 2 seconds Mode Global Configuration and Interface Configuration for switch ports Usage The allowable range of values is 1 10 seconds The forward delay max age and hello time parameters should be set according to the following formula as specified in IEEE Standard 802 1d ...

Страница 577: ...ariant of this command to return the port to the default link type Syntax spanning tree link type point to point shared no spanning tree link type Default The default link type is point to point Mode Interface Configuration mode for a switch port interface only Usage You may want to set link type to shared if the port is connected to a hub with multiple devices connected to it Examples awplus conf...

Страница 578: ...fault of spanning tree max age is 20 seconds Mode Global Configuration Usage Max age is the maximum time in seconds for which a message is considered valid Configure this value sufficiently high so that a frame generated by the root bridge can be propagated to the leaf nodes without exceeding the max age The forward delay max age and hello time parameters should be set according to the following f...

Страница 579: ...ax spanning tree max hops hop count no spanning tree max hops hop count Default The default max hops in a MST region is 20 Mode Global Configuration Usage Specifying the max hops for a BPDU prevents the messages from looping indefinitely in the network The hop count is decremented by each receiving port When a device receives an MST BPDU that has a hop count of zero it discards the BPDU Examples a...

Страница 580: ...anning tree protocol mode on the device is RSTP Mode Global Configuration Usage With no configuration the device will have spanning tree enabled and the spanning tree mode will be set to RSTP Use this command to change the spanning tree protocol mode on the device MSTP is VLAN aware but RSTP and STP are not VLAN aware To enable or disable spanning tree operation see the spanning tree enable comman...

Страница 581: ...figuration Overview Use this command to enter the MST Configuration mode to configure the Multiple Spanning Tree Protocol Syntax spanning tree mst configuration Mode Global Configuration Examples ThefollowingexampleusesthiscommandtoenterMSTConfigurationmode Note the change in the command prompt awplus configure terminal awplus config spanning tree mst configuration awplus config mst ...

Страница 582: ...tion mode for a switch port or channel group Usage You can disable automatic configuration of member ports of a VLAN to an associated MSTI by using a no spanning tree mst instance command to remove the member port from the MSTI Use the spanning tree mst instance command to add a VLAN member port back to the MSTI Examples To assign instance 3 to a switch port use the commands awplus configure termi...

Страница 583: ...om the IEEE 802 1q 2003 standard Mode Interface Configuration mode for a switch port interface only Usage Before you can use this command to set a path cost in a VLAN configuration you must explicitly add an MST instance to a port using the spanning tree mst instance command Examples To set a path cost of 1000 on instance 3 use the commands awplus configure terminal awplus config interface port1 0...

Страница 584: ...turn the path cost to its default value on instance 3 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no spanning tree mst instance 3 path cost Related Commands instance vlan MSTP spanning tree mst instance spanning tree mst instance priority spanning tree mst instance restricted role spanning tree mst instance restricted tcn ...

Страница 585: ...STI The port with the lowest value has the highest priority so it will be chosen as root port over a port that is equivalent in all other aspects but with a higher priority value Examples To set the priority to 112 on instance 3 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree mst instance 3 priority 112 To return the priority to its defau...

Страница 586: ...ce instance id restricted role Default The restricted role for an MSTI instance on a switch port is disabled by default Mode Interface Configuration mode for a switch port interface only Usage The root port is the port providing the best path from the bridge to the root bridge Use this command to disable a port from becoming a root port Use the no variant of this command to enable a port to become...

Страница 587: ...rating System Version 5 4 7 0 x SPANNING TREE COMMANDS SPANNING TREE MST INSTANCE RESTRICTED ROLE Related Commands instance vlan MSTP spanning tree priority port priority spanning tree mst instance spanning tree mst instance path cost spanning tree mst instance restricted tcn ...

Страница 588: ... instance id restricted tcn no spanning tree mst instance instance id restricted tcn Default Disabled By default switch ports propagate TCNs Mode Interface Configuration mode for a switch port interface only Examples To prevent a switch port from propagating received topology change notifications and topology changes to other switch ports use the commands awplus configure terminal awplus config in...

Страница 589: ...o the port s path cost for the CIST Syntax spanning tree path cost pathcost no spanning tree path cost Default The default path cost values and the range of recommended path cost values depend on the port speed as shown in the following table from the IEEE 802 1q 2003 and IEEE 802 1d 2004 standards Mode Interface Configuration mode for switch port interface only Example awplus configure terminal a...

Страница 590: ...x spanning tree portfast no spanning tree portfast Default Not an edge port Mode Interface Configuration mode for a switch port interface only Usage Portfast makes a port move from a blocking state to a forwarding state bypassing both listening and learning states The portfast feature is meant to be used for ports connected to end user devices Enabling portfast on ports that are connected to a wor...

Страница 591: ... 0 x SPANNING TREE COMMANDS SPANNING TREE PORTFAST STP Example awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast Related Commands spanning tree edgeport RSTP and MSTP show spanning tree spanning tree portfast bpdu filter spanning tree portfast bpdu guard ...

Страница 592: ...er Default BPDU Filter is not enabled on any ports by default Mode Global Configuration and Interface Configuration Usage This command filters the BPDUs and passes only data to continue to act as an edge port Using this command in Global Configuration mode applies the portfast bpdu filter feature to all ports on the device Using it in Interface mode applies the feature to a specific port or range ...

Страница 593: ...FAST BPDU FILTER To enable STP BPDU filtering in Interface Configuration mode enter the commands awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast bpdu filter enable Related Commands spanning tree edgeport RSTP and MSTP show spanning tree spanning tree portfast STP spanning tree portfast bpdu guard ...

Страница 594: ... by default Mode Global Configuration or Interface Configuration Usage This command blocks the port s to all devices and data when enabled BPDU Guard is a port security feature that changes how a portfast enabled port behaves if it receives a BPDU When bpdu guard is set then the port shuts down if it receives a BPDU It does not process the BPDU as it is considered suspicious When bpdu guard is not...

Страница 595: ...ntly running values of bpdu guard Example To enable STP BPDU guard in Global Configuration mode enter the below commands awplus configure terminal awplus config spanning tree portfast bpdu guard To enable STP BPDU guard in Interface Configuration mode enter the below commands awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast bpdu guard enable Relat...

Страница 596: ... MSTP mode is configured this will apply to the CIST Use the no variant of this command to reset it to the default Syntax spanning tree priority priority no spanning tree priority Default The default priority is 32678 Mode Global Configuration Usage To force a particular device to become the root bridge use a lower value than other devices in the spanning tree Example awplus configure terminal awp...

Страница 597: ...to the default Syntax spanning tree priority priority no spanning tree priority Default The default priority is 128 Mode Interface Configuration mode for a switch port interface only Usage To force a port to be part of the active topology for instance become the root port or a designated port use a lower value than other ports on the device This behavior is subject to network topology and more sig...

Страница 598: ...or a switch port interface only to restrict the port from becoming a root port Use the no variant of this command to disable the restricted role functionality Syntax spanning tree restricted role no spanning tree restricted role Default The restricted role is disabled Mode Interface Configuration mode for a switch port interface only Example awplus configure terminal awplus config interface port1 ...

Страница 599: ...dge Protocol Data Units from being sent on a port If this command is enabled after a topology change a bridge is prevented from sending a TCN to its designated bridge Use the no variant of this command to disable the restricted TCN functionality Syntax spanning tree restricted tcn no spanning tree restricted tcn Default The restricted TCN is disabled Mode Interface Configuration mode for a switch ...

Страница 600: ...verview Use this command to set the maximum number of BPDU transmissions that are held back Use the no variant of this command to restore the default transmit hold count value Syntax spanning tree transmit holdcount no spanning tree transmit holdcount Default Transmit hold count default is 3 Mode Global Configuration Example awplus configure terminal awplus config spanning tree transmit holdcount ...

Страница 601: ...mmand Reference for IX5 28GPX 601 AlliedWare Plus Operating System Version 5 4 7 0 x SPANNING TREE COMMANDS UNDEBUG MSTP undebug mstp Overview This command applies the functionality of the no debug mstp RSTP and STP command ...

Страница 602: ...ws across the links as evenly as possible Link aggregation hashes one or more of the source and destination MAC address IP address and UDP TCP ports to select a link on which to send a packet So packet flow between a pair of hosts always takes the same link inside the Link Aggregation Group LAG The net effect is that the bandwidth for a given packet stream is restricted to the speed of one link in...

Страница 603: ...on page 611 show debugging lacp on page 613 show diagnostic channel group on page 614 show etherchannel on page 616 show etherchannel detail on page 617 show etherchannel summary on page 618 show lacp sys id on page 619 show lacp counter on page 620 show port etherchannel on page 621 show static channel group on page 622 static channel group on page 623 undebug lacp on page 625 ...

Страница 604: ...same port speed and be in full duplex mode Once the LACP channel group has been created it is treated as a device port and can be referred to in most other commands that apply to device ports To refer to an LACP channel group in other LACP commands use the channel group number To specify an LACP channel group LACP aggregator in other commands prefix the channel group number with po For example po2...

Страница 605: ...ace port1 0 6 awplus config if channel group 2 mode active To remove device port1 0 6 from any created LACP channel groups use the command below awplus configure terminal awplus config interface port1 0 6 awplus config if no channel group To reference channel group 2 as an interface use the following commands awplus configure terminal awplus config interface po2 awplus config if Related Commands s...

Страница 606: ...REGATION COMMANDS CLEAR LACP COUNTERS clear lacp counters Overview Use this command to clear all counters of all present LACP aggregators channel groups or a given LACP aggregator Syntax clear lacp 1 32 counters Mode Privileged Exec Example awplus clear lacp 2 counters Parameter Description 1 32 Channel group number ...

Страница 607: ... lacp all Related Commands show debugging lacp undebug lacp Parameter Description all Turn on all debugging for LACP cli Specifies debugging for CLI messages Echoes commands to the console event Specifies debugging for LACP events Echoes events to the console ha Specifies debugging for HA High Availability events Echoes High Availability events to the console packet Specifies debugging for LACP pa...

Страница 608: ... Global Configuration Usage Do not mix LACP configurations manual and dynamic When LACP global passive mode is turned on by using the lacp global passive mode enable command we do not recommend using a mixed configuration in a LACP channel group i e some links are manually configured by the channel group command and others are dynamically learned in the same channel group Example To enable global ...

Страница 609: ...ggregation based on their priority with the higher priority numerically lower ports selected first Use the no variant of this command to reset the priority of port to the default Syntax lacp port priority 1 65535 no lacp port priority Default The default is 32768 Mode Interface Configuration Example awplus configure terminal awplus config interface port1 0 5 awplus config if lacp port priority 34 ...

Страница 610: ...ing the system responsible for resolving conflicts in the choice of aggregation groups Use the no variant of this command to reset the system priority of the local system to the default Syntax lacp system priority 1 65535 no lacp system priority Default The default is 32768 Mode Global Configuration Example awplus configure terminal awplus config lacp system priority 6700 Parameter Description 1 6...

Страница 611: ...tion if no updates are seen for 3 seconds i e 3 consecutive updates are lost The device indicates its preference by means of the Timeout field in the Actor section of its LACPDUs If the Timeout field is set to 1 then the device has set the short timeout If the Timeout field is set to 0 then the device has set the long timeout Setting the short timeout enables the device to be more responsive to co...

Страница 612: ...liedWare Plus Operating System Version 5 4 7 0 x LINK AGGREGATION COMMANDS LACP TIMEOUT The following commands set the LACP short timeout for 1 second on port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if lacp timeout short ...

Страница 613: ...mmand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging lacp Mode User Exec and Privileged Exec Example awplus show debugging lacp Output Figure 16 1 Example output from the show debugging lacp command Related Commands debug lacp LACP debugging status LACP timer debugging is on LACP timer detail debugging is on LACP cli debugging is ...

Страница 614: ...nnel group Mode User Exec and Privileged Exec Example awplus show diagnostic channel group Output Figure 16 2 Example output from the show diagnostic channel group command awplus show diagnostic channel group Channel Group Info based on NSM Note Pos position in hardware table Dev Interface IfIndex Member port IfIndex Active Pos sa3 4503 port1 0 15 5015 No sa3 4503 port1 0 18 5018 No po1 4601 port1...

Страница 615: ...7 0 x LINK AGGREGATION COMMANDS SHOW DIAGNOSTIC CHANNEL GROUP Related Commands show tech support Channel Group Info based on HW Note Pos position in hardware table Only entries from first device are displayed Dev Interface IfIndex Member port IfIndex Active Pos sa3 4503 N a po1 4601 N a No error found ...

Страница 616: ...ation Guide which is available on our website at alliedtelesis com Syntax show etherchannel 1 32 Mode User Exec and Privileged Exec Example awplus show etherchannel Output Figure 16 3 Example output from show etherchannel Example awplus show etherchannel 1 Output Figure 16 4 Example output from show etherchannel for a particular channel Parameter Description 1 32 Channel group number awplus show e...

Страница 617: ...Exec and Privileged Exec Example awplus show etherchannel detail Output Example output from show etherchannel detail awplus show etherchannel detail Aggregator po1 IfIndex 4601 Mac address 00 00 cd 37 05 17 Admin Key 0001 Oper Key 0001 Receive link count 2 Transmit link count 2 Individual 0 Ready 1 Partner LAG 0x8000 00 00 cd 37 02 9a 0x0001 Link port1 0 1 IfIndex 8002 synchronized Link port1 0 2 ...

Страница 618: ...the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show etherchannel summary Mode User Exec and Privileged Exec Example awplus show etherchannel summary Output Example output from show etherchannel summary awplus show etherchannel summary Aggregator po10 IfIndex 4610 Admin Key 0010 Oper Key 0010 Link port1...

Страница 619: ...CP system ID and priority For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show lacp sys id Mode User Exec and Privileged Exec Example awplus show lacp sys id Output Example output from show lacp sys id System Priority 0x8000 32768 MAC Address 02...

Страница 620: ...mation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show lacp counter 1 32 Mode User Exec and Privileged Exec Example awplus show lacp counter 2 Output Example output from show lacp counter Parameter Description 1 32 Channel group number Traffic statistics P...

Страница 621: ...etherchannel Parameter Description port Name of the device port to display LACP information about awplus show port etherchannel port1 0 2 LACP link info port1 0 2 7007 Link port1 0 2 IfIndex 7007 Aggregator po10 IfIndex 4610 Receive machine state Current Periodic Transmission machine state Slow periodic Mux machine state Collecting Distributing Actor Information Partner Information Selected Select...

Страница 622: ...iting command is set to vlan disable the output will also show the VLANs on which thrashing is detected For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show static channel group Mode User Exec and Privileged Exec Example awplus show static chann...

Страница 623: ...to be removed the static channel group is deleted All the ports in a channel group must have the same VLAN configuration they must belong to the same VLANs and have the same tagging status and can only be operated on as a group Once the static channel group has been created it is treated as a device port and can be referred to in other commands that apply to device ports To refer to a static chann...

Страница 624: ...the commands awplus configure terminal awplus config interface sa2 awplus config if To make it possible to use QoS Storm Protection on static channel group 2 on port1 0 6 with an ACL named test acl use the commands awplus configure terminal awplus config interface port1 0 6 awplus config if static channel group 2 member filters awplus config if access group test acl Related Commands show static ch...

Страница 625: ... C Command Reference for IX5 28GPX 625 AlliedWare Plus Operating System Version 5 4 7 0 x LINK AGGREGATION COMMANDS UNDEBUG LACP undebug lacp Overview This command applies the functionality of the no debug lacp command ...

Страница 626: ...esis Enterprise_MIBs_in AlliedWare Plus for information about which PoE MIB objects are supported theSNMPFeatureOverviewand Configuration_Guide forinformationabout SNMP traps Power over Ethernet PoE is a technology allowing devices such as security cameras to receive power over LAN cabling The Powered Device PD referred to throughout this chapter is a PoE or PoE powered device such as an IP phone ...

Страница 627: ... 0 x POWER OVER ETHERNET COMMANDS power inline usage threshold on page 638 service power inline on page 639 show debugging power inline on page 640 show power inline on page 641 show power inline counters on page 644 show power inline interface on page 646 show power inline interface detail on page 648 ...

Страница 628: ...21 Syntax clear power inline counters interface port list Mode Privileged Exec Usage The PoE counters are displayed with the show power inline counters command Examples To clear the PoE counters for port1 0 2 only use the following command awplus clear power inline counters interface port1 0 2 To clear the PoE counters for port1 0 5 through port1 0 8 use the following command awplus clear power in...

Страница 629: ... PoE event and info debug messages on the console use the following commands awplus terminal monitor awplus debug power inline event info To enable PoE debugging and start the display of all PoE debugging messages on the console use the following commands awplus terminal monitor awplus debug power inline all To stop the display of PoE info debug messages on the console use the following command aw...

Страница 630: ...152 01 Rev C Command Reference for IX5 28GPX 630 AlliedWare Plus Operating System Version 5 4 7 0 x POWER OVER ETHERNET COMMANDS DEBUG POWER INLINE Related Commands show debugging power inline terminal monitor ...

Страница 631: ...f pre IEEE 802 3af Power Ethernet standard legacy Powered Devices PDs Syntax power inline allow legacy no power inline allow legacy Default Detection of legacy PDs is enabled on all ports Mode Global Configuration Examples To disable detection of legacy PDs use the following commands awplus configure terminal awplus config no power inline allow legacy To enable detection of legacy PDs use the foll...

Страница 632: ... list of PoE ports or a range of PoE ports with the preceding interface to configure command If you specify a range or list of ports they must all be PoE capable ports Examples To add the description Desk Phone for a connected PD on port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if power inline description Desk Phone To clear the desc...

Страница 633: ...abled Syntax power inline enable no power inline enable Default PoE is enabled by default on all ports Mode Interface Configuration for one or more ports Usage No PoE log messages are generated for ports on which PoE is disabled Examples To disable PoE on port1 0 1 to port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 1 port1 0 4 awplus config if no powe...

Страница 634: ... variant of this command sets the maximum power supplied to a PoE port to the default which is set to the maximum power limit for the class of the connected Powered Device PD Syntax power inline max 4000 30000 no power inline max Default The switch supplies the maximum power limit for the class of the PD connected to the port by default NOTE See the PoE Feature Overview and Configuration Guide for...

Страница 635: ... at the PD Examples To set the maximum power supplied to ports in the range port1 0 1 to port1 0 4 to 6450mW per port use the following commands awplus configure terminal awplus config interface port1 0 2 port1 0 4 awplus config if power inline max 6450 To clear the user configured maximum power supplied to port1 0 1 and revert to using the default maximum power use the following commands awplus c...

Страница 636: ...cify a range or list of ports they must all be PoE capable ports PoE ports with higher priorities are given power before PoE ports with lower priorities If the priorities for two PoE ports are the same then the lower numbered PoE port is given power before the higher numbered PoE port See the PoE Feature Overview and Configuration Guide for further information about PoE priority Parameter Descript...

Страница 637: ... awplus configure terminal awplus config interface port1 0 1 port1 0 4 awplus config if power inline priority high To reset the priority level to the default of low on port1 0 1 to port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 1 port1 0 4 awplus config if no power inline priority Related Commands power inline usage threshold show power inline show p...

Страница 638: ...r usage threshold is 80 of the nominal power rating Mode Global Configuration Usage Use the snmp server enable trap command to configure SNMP notification An SNMP notification is sent when the usage threshold as configured in the example is exceeded Examples To generate SNMP notifications when power supplied exceeds 70 of the nominal power rating use the following commands awplus configure termina...

Страница 639: ... is enabled by default Mode Global Configuration Usage In a stack issuing this command enables PoE globally for all PoE ports In a stack configuration only stack members containing PoE hardware will have PoE enabled by default in software Examples To disable PoE use the following commands awplus configure terminal awplus config no service power inline To re enable PoE if PoE has been disabled use ...

Страница 640: ...ing power inline Mode User Exec and Privileged Exec Example To display PoE debug settings use the following command awplus show debugging power inline Output Figure 17 1 Example output from the show debugging power inline command Related Commands debug power inline terminal monitor awplus show debugging power inline PoE Debugging status PoE Informational debugging is disabled PoE Event debugging i...

Страница 641: ...70W Power Allocated 246W Actual Power Consumption 151W Operational Status On Power Usage Threshold 80 296W PoE Interface Interface Admin Pri Oper Power Device Class Max mW port1 0 1 Enabled Low Powered 3840 n a 1 4000 C port1 0 2 Enabled High Powered 6720 n a 2 7000 C port1 0 3 Enabled Low Powered 14784 n a 3 15400 C port1 0 4 Enabled Crit Powered 14784 n a 3 15400 C port1 0 5 Enabled Crit Powered...

Страница 642: ...r inline priority command Low is the lowest priority this is the default High is the second highest priority Crit critical is the highest priority If the switch cannot supply all ports it will supply critical ports then high priority ports then low priority ports Oper The current PoE port state when this command was issued Powered displays if there is a PD connected and power is being supplied Den...

Страница 643: ...ription is shown for PDs not configured with the power inline description command Class The class of the connected PD if power is being supplied to the PD Max mW The power in milliwatts mW allocated for the PoE port Additionally note the following as displayed per PoE port U if the power limit for a port was user configured with the power inline max command L if the power limit for a port was supp...

Страница 644: ... Configuration Guide Syntax show power inline counters port list Mode User Exec and Privileged Exec Examples To display all PoE event counters for all PoE ports use the command awplus show power inline counters To display the PoE event counters for the port range 1 0 1 to 1 0 3 use the command awplus show power inline counters interface port1 0 1 1 0 3 Output Figure 17 3 Example output from the sh...

Страница 645: ...ignal has been lost The PoE MPS signal is lost when a PD is disconnected from the PSE Also increments pethPsePortMPSAbsentCounter in the PoE MIB Overload The number of instances when a PD exceeds its configured power limit as configured by the power inline max command Also increments pethPsePortOverLoadCounter in the PoE MIB Short The number of short circuits that have happened with a PD Also incr...

Страница 646: ...fic information for the port range1 0 1 to 1 0 4 use the following command awplus show power inline interface port1 0 1 port1 0 4 Output Figure 17 4 Example output from the show power inline interface command Parameter Description port list Enter the PoE port s to display PoE specific information in the show output awplus show power inline interface port1 0 1 port1 0 4 Interface Admin Pri Oper Pow...

Страница 647: ... not connected to a PD Disabled displays if the PoE port is administratively disabled Syncing displays if PoE is still initializing the port when you issue the command Fault displays if there is a problem with PoE on the port Unknown displays if PoE cannot determine the state of the port Power The power consumption in milliwatts mW for the PoE port when this command was entered Device The descript...

Страница 648: ... port specific information for the port range 1 0 1 to 1 0 3 use the command awplus show power inline interface port1 0 1 1 0 3 detail Output Figure 17 5 Example output from the show power inline interface detail command Parameter Description port list Enter the PoE port s to display information about only the specified port or ports awplus show power inline interface port1 0 1 1 0 2 detail Interf...

Страница 649: ...from the PSE Denied displays when supplying power would make the PSE go over the power budget Disabled displays when the PoE port is administratively disabled Off displays when PoE has been disabled for the port Fault displays when a PSE goes over its power allocation Current power consumption The power consumption for the PoE port when this command was entered Note that the power consumption may ...

Страница 650: ...v C Command Reference for IX5 28GPX 650 AlliedWare Plus Operating System Version 5 4 7 0 x POWER OVER ETHERNET COMMANDS SHOW POWER INLINE INTERFACE DETAIL Related Commands show power inline show power inline interface ...

Страница 651: ...re Plus GVRP implementation GVRP and MSTP are mutually exclusive STP and RSTP are supported by GVRP VCStack is not supported by the current AlliedWare Plus GVRP implementation This chapter provides an alphabetical reference for commands used to configure GVRP For information about GVRP including configuration see the GVRP Feature Overview and Configuration Guide Command List clear gvrp statistics ...

Страница 652: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 652 AlliedWare Plus Operating System Version 5 4 7 0 x GVRP COMMANDS show gvrp timer on page 666 ...

Страница 653: ... Privileged Exec Usage Use this command together with the show gvrp statistics command to troubleshoot GVRP Examples To clear all GVRP statistics for all switchport on the switch enter the command awplus clear gvrp statistics all To clear GVRP statistics for switchport interface port1 0 3 enter the command awplus clear gvrp statistics port1 0 3 Related Commands show gvrp statistics Parameter Descr...

Страница 654: ...interface port1 0 1 port1 0 2 awplus config if gvrp To disable GVRP on interfaces port1 0 1 port1 0 2 enter the commands awplus configure terminal awplus config interface port1 0 1 port1 0 2 awplus config if no gvrp Examples To send debug output to the console for GVRP packets and GVRP commands and to enable the display of debug output on the console first enter the commands awplus terminal monito...

Страница 655: ...er the commands awplus terminal monitor awplus configure terminal awplus config debug gvrp cli To stop sending debug output for GVRP packets and GVRP commands to the console and to stop the display of any debug output on the console enter the commands awplus terminal no monitor awplus configure terminal awplus config no debug gvrp all Related Commands show debugging gvrp terminal monitor ...

Страница 656: ...rface command You must enable GVRP on both ends of a link for GVRP to propagate VLANs between links NOTE MSTP is not supported by the current AlliedWare Plus GVRP implementation GVRP and MSTP are mutually exclusive STP and RSTP are supported by GVRP Private VLAN trunk ports are not supported by the current AlliedWare Plus GVRP implementation GVRP and private VLAN trunk ports are mutually exclusive...

Страница 657: ... interface in Interface Configuration mode Both of these tasks must occur to create VLANs NOTE There is limit of 400 VLANs supported by the AlliedWare Plus GVRP implementation VLANsmaybenumbered1 4094 butalimitof400oftheseVLANsare supported Examples Enter the following commands for switches with hostnames switch1 and switch2 respectively so switch1 propagates VLANs to switch2 and switch2 propagate...

Страница 658: ...nd before issuing a gvrp interface command You must enable GVRP on both ends of a link for GVRP to propagate VLANs between links NOTE MSTP is not supported by the current AlliedWare Plus GVRP implementation GVRP and MSTP are mutually exclusive STP and RSTP are supported by GVRP Private VLAN trunk ports are not supported by the current AlliedWare Plus GVRP implementation GVRP and private VLAN trunk...

Страница 659: ...show gvrp configuration command Configuring a trunk port in fixed registration mode allows manual creation of VLANs Configuring a trunk port in forbidden registration mode prevents VLAN creation on the port Examples To configure GVRP registration to fixed on port1 0 1 enter the commands awplus configure terminal awplus config interface port1 0 1 awplus config if gvrp registration fixed To disable ...

Страница 660: ...abled switches See also the section Setting the GVRP Timers in the GVRP Feature Overview and Configuration Guide Use the show gvrp timer command to confirm GVRP timers set with this command Examples To set the GVRP join timer to 30 hundredths of a second 300 milliseconds for interface port1 0 1 enter the commands awplus configure terminal awplus config interface port1 0 1 awplus config if gvrp tim...

Страница 661: ...m Version 5 4 7 0 x GVRP COMMANDS GVRP TIMER To reset the GVRP join timer to its default of 20 hundredths of a second for interface port1 0 1 enter the commands awplus configure terminal awplus config interface port1 0 1 awplus config if no gvrp timer join Related Commands show gvrp timer ...

Страница 662: ...ure Overview and Configuration Guide Syntax show debugging gvrp Mode User Exec and Privileged Exec Example Enter the following commands to display GVRP debugging output on the console awplus configure terminal awplus config debug gvrp all awplus config exit awplus show debugging gvrp Output See sample output from the show debugging gvrp command after entering debug gvrp all Related Commands debug ...

Страница 663: ...n Guide Syntax show gvrp configuration Mode User Exec and Privileged Exec Example To show GVRP configuration for the switch enter the command awplus show gvrp configuration Output The following is an output of this command displaying the GVRP configuration for a switch awplus show gvrp configuration Global GVRP Configuration GVRP Feature Enabled Dynamic Vlan Creation Disabled Port based GVRP Confi...

Страница 664: ...ommand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show gvrp machine Mode User Exec and Privileged Exec Example To show the GVRP state machine for the switch enter the command awplus show gvrp machine Output See the following output of this command displaying the GVRP state machine awplus show gvrp machine port 1 0 1 applicant state QA regist...

Страница 665: ...gether with the clear gvrp statistics command to troubleshoot GVRP Examples To show the GVRP statistics for all switchport interfaces enter the command awplus show gvrp statistics To show the GVRP statistics for switchport interfaces port1 0 1 and port1 0 2 enter the command awplus show gvrp statistics port1 0 1 port1 0 2 Output The following is an output of this command displaying a statistical s...

Страница 666: ...ion Guide Syntax show gvrp timer interface Mode User Exec and Privileged Exec Examples To show the GVRP timers for all switchport interfaces enter the command awplus show gvrp timer To show the GVRP timers for switchport interface port1 0 1 enter the command awplus show gvrp timer port1 0 1 Output The following show output displays data for timers on the switchport interface port1 0 1 Related Comm...

Страница 667: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 667 AlliedWare Plus Operating System Version 5 4 7 0 x Part 3 Layer 3 Switching ...

Страница 668: ...tion Guide Command List arp aging timeout on page 670 arp mac disparity on page 671 arp IP address MAC on page 674 arp log on page 675 arp opportunistic nd on page 678 arp reply bc dmac on page 679 clear arp cache on page 680 debug ip packet interface on page 681 ip address IP Addressing and Protocol on page 683 ip directed broadcast on page 685 ip forward protocol udp on page 687 ip gratuitous ar...

Страница 669: ...G AND PROTOCOL COMMANDS ip unreachables on page 698 optimistic nd on page 700 ping on page 701 show arp on page 702 show debugging ip packet on page 704 show ip interface on page 706 show ip sockets on page 707 show ip traffic on page 710 tcpdump on page 712 traceroute on page 713 undebug ip packet interface on page 714 ...

Страница 670: ...es not fill with entries for hosts that are no longer active Static ARP entries are not aged or automatically deleted By default the time limit for dynamic ARP entries is 300 seconds on all interfaces The no variant of this command sets the time limit to the default of 300 seconds Syntax arp aging timeout 0 432000 no arp aging timeout Default 300 seconds 5 minutes Mode Interface Configuration for ...

Страница 671: ...he disparate ARP has a multicast MAC address in the ARP reply the switch drops the ARP reply and does not learn any associated addresses If the disparate ARP has a unicast MAC address in the ARP reply the switch learns the address in the ARP reply The learned ARP entry points to the single port that the ARP reply arrived on Matching traffic will go out this port Mode Interface Configuration for a ...

Страница 672: ...a disparate ARP response an ARP entry is created for the IP MAC in the content of the ARP packet The difference with the arp mac disparity multicast igmp command is that the egress port is set to the subset of ports in the VLAN that have received IGMP reports for the NLB cluster MAC address Note that the ARP entry is updated as ports join leave the IGMP group If no ports have received IGMP reports...

Страница 673: ...IP ADDRESSING AND PROTOCOL COMMANDS ARP MAC DISPARITY To disable support for MS NLB in unicast mode on interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no arp mac disparity unicast Related Commands arp IP address MAC clear arp cache show arp ...

Страница 674: ...dress port number alias no arp ip addr Mode Global Configuration Examples To add the IP address 10 10 10 9 with the MAC address 0010 2533 4655 into the ARP cache and have your device respond to ARP requests for this address use the commands awplus configure terminal awplus config arp 10 10 10 9 0010 2355 4566 alias Related Commands arp mac disparity clear arp cache ip proxy arp show arp Parameter ...

Страница 675: ...e the option to change how the MAC address is displayed in the ARP log message The output can either use the notation HHHH HHHH HHHH or HH HH HH HH HH HH Enter arp log to use HHHH HHHH HHHH notation Enter arp log mac address format ieee to use HH HH HH HH HH HH notation Enter no arp log mac address format ieee to revert from HH HH HH HH HH HH to HHHH HHHH HHHH Enter no arp log to disable ARP loggi...

Страница 676: ...plus configure terminal awplus config arp log awplus config exit awplus show log include ARP_LOG 2016 Oct 6 06 21 01 user notice awplus HSL 1007 ARP_LOG port1 0 1 vlan1 add 0013 4078 3b98 192 168 2 4 2016 Oct 6 06 22 30 user notice awplus HSL 1007 ARP_LOG port1 0 1 vlan1 del 0013 4078 3b98 192 168 2 4 2016 Oct 6 06 23 26 user notice awplus HSL 1007 ARP_LOG port1 0 1 vlan1 add 0030 940e 136b 192 16...

Страница 677: ... log include ARP_LOG Parameter Description ARP_LOG Indicates that ARP log entry information follows port number Indicates device port number for the ARP log entry vid Indicates the VLAN ID for the ARP log entry operation Indicates add if the ARP log entry displays an ARP addition Indicates del if the ARP log entry displays an ARP deletion MAC Indicates the MAC address for the ARP log entry either ...

Страница 678: ...uration Usage When opportunistic neighbor discovery is enabled the device will reply to any received unsolicited ARP packets but not gratuitous ARP packets The source MAC address for the unsolicited ARP packet is added to the ARP cache so the device forwards the ARP packet When opportunistic neighbor discovery is disabled the source MAC address for the ARP packet is not added to the ARP cache so t...

Страница 679: ...nses that contain a broadcast destination MAC Use the no variant of this command to turn off processing of ARP replies that arrive with a broadcast destination MAC Syntax arp reply bc dmac no arp reply bc dmac Default By default this functionality is disabled Mode Interface Configuration for VLAN interfaces Example To allow processing of ARP replies that arrive on VLAN2 with a broadcast destinatio...

Страница 680: ...p address Mode Privileged Exec Usage To display the entries in the ARP cache use the show arp command To remove static ARP entries use the no variant of the arp IP address MAC command Example To clear all dynamic ARP entries use the command awplus clear arp cache To clear all dynamic ARP entries associated with the IPv4 address 192 168 1 1 use the command awplus clear arp cache 192 168 1 1 Related...

Страница 681: ...face to show debugging for either all interfaces or a single interface all Specify all Layer 3 interfaces on the device ip address Specify an IPv4 address If this keyword is specified then only packets with the specified IP address as specified in the ip address placeholder are shown in the output verbose Specify verbose to output more of the IP packet If this keyword is specified then more of the...

Страница 682: ...se the command awplus debug ip packet interface all To turn on TCP packet debugging on vlan1 and IP address 192 168 2 4 use the command awplus debug ip packet interface vlan1 address 192 168 2 4 tcp To turn off IP packet interface debugging on all interfaces use the command awplus no debug ip packet interface To turn off IP packet interface debugging on interface vlan2 use the command awplus no de...

Страница 683: ...onfigure a primary address on the interface before configuring a secondary address NOTE Use show running config interface not show ip interface brief when you need to view a secondary address configured on an interface show ip interface brief will only show the primary address not a secondary address for an interface Examples To add the primary IP address 10 10 10 50 24 to the interface vlan3 use ...

Страница 684: ...OL COMMANDS IP ADDRESS IP ADDRESSING AND PROTOCOL To add the IP address 10 10 11 50 24 to the local loopback interface lo use the following commands awplus configure terminal awplus config interface lo awplus config if ip address 10 10 11 50 24 Related Commands interface to configure show ip interface show running config interface ...

Страница 685: ...on address is a broadcast address for some IP subnet but originates from a node that is not itself part of that destination subnet When a directed broadcast packet reaches a device that is directly connected to its destination subnet that packet is flooded as a broadcast on the destination subnet The ip directed broadcast c ommand controls the flooding of directed broadcasts when they reach target...

Страница 686: ...ommand Reference for IX5 28GPX 686 AlliedWare Plus Operating System Version 5 4 7 0 x IP ADDRESSING AND PROTOCOL COMMANDS IP DIRECTED BROADCAST Related Commands ip forward protocol udp ip helper address show running config ...

Страница 687: ...not enabled by default Mode Global Configuration Usage Combined with the ip helper address command in interface mode the ip forward protocol udp command in Global Configuration mode allows control of which protocols destination port numbers are forwarded The ip forward protocol udp command configures protocols for forwarding and the ip helper address command configures the destination address es N...

Страница 688: ...0 x IP ADDRESSING AND PROTOCOL COMMANDS IP FORWARD PROTOCOL UDP To delete a UDP port from the UDP ports that the device forwards use the following commands awplus configure terminal awplus config no ip forward protocol udp port Related Commands ip helper address ip directed broadcast show running config ...

Страница 689: ...efault The default Gratuitous ARP time limit for all switchports is 8 seconds Mode Global Configuration Usage Every switchport will send a sequence of 3 Gratuitous ARP packets to each VLAN that the switchport is a member of whenever the switchport moves to the forwarding state The first Gratuitous ARP packet is sent 1 second after the switchport becomes a forwarding switchport The second and third...

Страница 690: ...g System Version 5 4 7 0 x IP ADDRESSING AND PROTOCOL COMMANDS IP GRATUITOUS ARP LINK To restrict the sending of Gratuitous ARP packets to one every 20 seconds use the commands awplus configure terminal awplus config ip gratuitous arp link 20 Validation Commands show running config ...

Страница 691: ... destination address es The destination address can be a unicast address or a subnet broadcast address The UDP destination port is configured separately with the ip forward protocol udp command If multiple destination addresses are registered then UDP packets are forwarded to each IP address added to an IP Helper Up to 32 destination addresses may be added using IP Helper The device will only forw...

Страница 692: ...LPER ADDRESS The following example removes IPv4 address 192 168 1 100 as an IP Helper destination address to which to forward UDP broadcasts received on vlan2 awplus configure terminal awplus config interface vlan2 awplus config if no ip helper address 192 168 1 100 Related Commands ip forward protocol udp ip directed broadcast show running config ...

Страница 693: ...y arp Default Limited local proxy ARP is disabled by default Mode Interface Configuration Usage This command allows you to stop MAC address resolution for specified hosts Limited local proxy ARP works by intercepting ARP requests for the specified hosts and responding with your device s own MAC address details instead of the destination host s details This stops hosts from learning the MAC address...

Страница 694: ... does not generate or forward any ICMP Redirect messages on that interface This command does not enable proxy ARP on the interface see the ip proxy arp command for more information on enabling proxy ARP The no variant of this command disables Local Proxy ARP to stop your device from intercepting and responding to ARP requests between hosts within a subnet This allows the hosts to use MAC address r...

Страница 695: ...ute that the ARP request arrived from It ignores all other ARP requests See the ip local proxy arp command about enabling your device to respond to other ARP messages The no variant of this command disables Proxy ARP responses on an interface Proxy ARP is disabled by default Syntax ip proxy arp no ip proxy arp Default Proxy ARP is disabled by default Mode Interface Configuration for a VLAN interfa...

Страница 696: ...e Usage ICMP redirect messages are used to notify hosts that a better route is available to a destination ICMP redirects are used when a packet is routed into the device on the same interface that the packet is routed out of the device ICMP redirects are only sent to packet sources that are directly connected to the device Examples To enable the device to send ICMP redirects on interface vlan2 use...

Страница 697: ...ariant of this command to stop specifying a subnet for use with limited local proxy ARP Syntax local proxy arp ip add mask no local proxy arp ip add mask Default No subnets are specified for use with limited local proxy ARP Mode Global Configuration Example To specify limited local proxy ARP for the address 172 22 0 3 use the following commands awplus configure terminal awplus config local proxy a...

Страница 698: ...e these messages to obtain information regarding the topology of a network Disabling destination unreachable messages using the no ip unreachables command secures your network against this type of probing NOTE Disabling ICMP destination unreachable messages breaks applications such as traceroute and Path MTU Discovery PMTUD which depend on these messages to operate correctly Table 19 2 ICMP type 3...

Страница 699: ... destination unreachable messages use the commands awplus configure terminal awplus config no ip unreachables To enable destination unreachable messages use the commands awplus configure terminal awplus config ip unreachables 14 Host Precedence Violation RFC1812 15 Precedence cutoff in effect RFC1812 Table 19 2 ICMP type 3 reason codes and description cont Code Description RFC ...

Страница 700: ...stale neighbors are deleted from the hardware L3 switching table The optimistic neighbor discovery feature enables the device to sustain L3 traffic switching to a neighbor without interruption Without the optimistic neighbor discovery feature enabled L3 traffic is interrupted when a neighbor is stale and is then deleted from the L3 switching table If a neighbor receiving optimistic neighbor solici...

Страница 701: ...t in the IP header interval 0 128 Specify the time interval in seconds between sending ping packets The default is 1 You can use decimal places to specify fractions of a second For example to ping every millisecond set the interval to 0 001 pattern hex data pattern Specify the hex data pattern repeat Specify the number of ping packets to send 1 2147483647 Specify repeat count The default is 5 cont...

Страница 702: ...er Exec and Privileged Exec Usage Running this command with no additional parameters will display all entries in the ARP routing and forwarding table Example To display all ARP entries in the ARP cache use the following command awplus show arp Output Figure 19 3 Example output from the show arp command Parameter Description security Specify the DHCP Snooping ARP security output option interface Sp...

Страница 703: ...ow arp command Parameter Meaning IP Address IP address of the network device this entry maps to MAC Address Hardware address of the network device Interface Interface over which the network device is accessed Port Physical port that the network device is attached to Type Whether the entry is a static or dynamic entry Static entries are added using the arp IP address MAC command Dynamic entries are...

Страница 704: ...ay theIP interface debugging statuswhen theterminal monitoroff use the command awplus terminal no monitor awplus show debug ip packet Output Figure 19 4 Example output from the show debugging ip packet command with terminal monitor off Example To display the IP interface debugging status when the terminal monitor is on use the command awplus terminal monitor awplus show debug ip packet Output Figu...

Страница 705: ... Rev C Command Reference for IX5 28GPX 705 AlliedWare Plus Operating System Version 5 4 7 0 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW DEBUGGING IP PACKET Related Commands debug ip packet interface terminal monitor ...

Страница 706: ...mation for the assigned IP address for interface port1 0 2 use the command awplus show ip interface port1 0 2 brief To show the IP addresses assigned to vlan2 and vlan3 use the command awplus show ip interface vlan2 3 brief Output Figure 19 6 Example output from the show ip interface brief command Parameter Description interface list The interfaces to display information about An interface list ca...

Страница 707: ...d to verify that the socket being used is opening correctly If there is a local and remote endpoint a connection is established with the ports indicated Note that this command does not display sockets that are used internally for exchanging data between the various processes that exist on the device and are involved in itsoperationand management Itonly displays socketsthatarepresent for the purpos...

Страница 708: ...are tcp IP Protocol 6 udp IP Protocol 17 raw Indicates that socket is for a non port orientated protocol i e a protocol other than TCP or UDP where all packets of a specified IP protocol type are accepted For raw socket entries the protocol type is indicated in subsequent columns Local Address For TCP and UDP listening sockets this shows the destination IP address either IPv4 or IPv6 and destinati...

Страница 709: ...ny source port will be accepted This is indicated by For active TCP sessions the IP address will display the remote address and port the session was established with For raw sockets the entry in this column will be 0 0 0 0 or for IPv4 and IPv6 respectively State This column shows the state of the socket For TCP sockets this shows the state of the TCP state machine For UDP sockets this column is bl...

Страница 710: ...de Privileged Exec Example To display IP traffic statistics use the command awplus show ip traffic Output Figure 19 8 Example output from the show ip traffic command IP 261998 packets received 261998 delivered 261998 sent 69721 multicast packets received 69721 multicast packets sent 23202841 bytes received 23202841 bytes sent 7669296 multicast bytes received 7669296 multicast bytes sent IPv6 28 pa...

Страница 711: ... 711 AlliedWare Plus Operating System Version 5 4 7 0 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW IP TRAFFIC 155 delayed acks sent 21187 headers predicted 736 pure ACKs 80497 pure ACKs predicted UDP 139468 datagrams received 139468 datagrams sent UDPLite ...

Страница 712: ...mp Syntax tcpdump line Mode Privileged Exec Example To start a tcpdump running to capture IP packets enter the command awplus tcpdump ip Output Figure 19 9 Example output from the tcpdump command Related Commands debug ip packet interface Parameter Description line Specify the dump options For more information on the options for this placeholder see http www tcpdump org tcpdump_man html 03 40 33 2...

Страница 713: ...MANDS TRACEROUTE traceroute Overview Use this command to trace the route to the specified IPv4 host Syntax traceroute ip addr hostname Mode User Exec and Privileged Exec Example awplus traceroute 10 10 0 5 Parameter Description ip addr The destination IPv4 address The IPv4 address uses the format A B C D hostname The destination hostname ...

Страница 714: ...5 28GPX 714 AlliedWare Plus Operating System Version 5 4 7 0 x IP ADDRESSING AND PROTOCOL COMMANDS UNDEBUG IP PACKET INTERFACE undebug ip packet interface Overview This command applies the functionality of the no debug ip packet interface command ...

Страница 715: ... Plus Switches Feature Overview and Configuration Guide Command List clear ip dns forwarding cache on page 717 debug ip dns forwarding on page 718 ip dns forwarding on page 719 ip dns forwarding cache on page 720 ip dns forwarding dead time on page 721 ip dns forwarding retry on page 722 ip dns forwarding source interface on page 723 ip dns forwarding timeout on page 724 ip domain list on page 725...

Страница 716: ...for IX5 28GPX 716 AlliedWare Plus Operating System Version 5 4 7 0 x DOMAIN NAME SERVICE DNS COMMANDS show ip dns forwarding server on page 733 show ip domain list on page 734 show ip domain name on page 735 show ip name server on page 736 ...

Страница 717: ... DNS COMMANDS CLEAR IP DNS FORWARDING CACHE clear ip dns forwarding cache Overview Use this command to clear the DNS Relay name resolver cache Syntax clear ip dns forwarding cache Mode Privileged Exec Examples To clear all cached data use the command awplus clear ip dns forwarding cache Related Commands ip dns forwarding cache ...

Страница 718: ...g Use the no variant of this command to disable DNS Relay debugging Syntax debug ip dns forwarding no debug ip dns forwarding Default DNS Relay debugging is disabled by default Mode Privileged Exec Examples To enable DNS forwarding debugging use the commands awplus debug ip dns forwarding To disable DNS forwarding debugging use the commands awplus no debug ip dns forwarding Related Commands ip dns...

Страница 719: ...at IP domain lookup is enabled IP domain lookup is enabled by default but if it has been disabled you can re enable it by using the command ip domain lookup See the ip dns forwarding dead time command used with this command Examples To enable the forwarding of incoming DNS query packets use the commands awplus configure terminal awplus config ip dns forwarding To disable the forwarding of incoming...

Страница 720: ...time out period of the cache entry will only be used when the time out period of the DNS reply from the DNS server is bigger than the time out period configured on the device Syntax ip dns forwarding cache size 0 1000 timeout 60 3600 no ip dns forwarding cache size timeout Default The default cache size is 0 no entries and the default lifetime is 1800 seconds Mode Global Configuration Examples To ...

Страница 721: ...fault time to stop sending DNS requests to an unresponsive server is 3600 seconds Mode Global Configuration Usage See the ip dns forwarding retry command used with this command Examples To set the DNS forwarding retry count to 50 and to set the DNS forwarding dead time to 1800 seconds use the commands awplus configure terminal awplus config ip dns forwarding dead time 1800 awplus config ip dns for...

Страница 722: ...es is 2 DNS requests to an unresponsive server Mode Global Configuration Usage See the ip dns forwarding dead time command used with this command Examples To set the DNS forwarding retry count to 50 and to set the DNS forwarding dead time to 1800 seconds use the commands awplus configure terminal awplus config ip dns forwarding retry 50 awplus config ip dns forwarding dead time 1800 To reset the D...

Страница 723: ...no ip dns forwarding source interface Default The default is that no interface is set and the device selects the appropriate source IP address automatically Mode Global Configuration Examples To set vlan1 as the source interface for relayed DNS queries use the commands awplus configure terminal awplus config ip dns forwarding source interface vlan1 To clear the source interface for relayed DNS que...

Страница 724: ...the default of 3 seconds Syntax ip dns forwarding timeout 0 3600 no ip dns forwarding timeout Default The default timeout value is 3 seconds Mode Global Configuration Examples To set the timeout value to 12 seconds use the commands awplus configure terminal awplus config ip dns forwarding timeout 12 To set the timeout value to the default of 3 seconds use the commands awplus configure terminal awp...

Страница 725: ... deletes a domain from the list Syntax ip domain list domain name no ip domain list domain name Mode Global Configuration Usage If there are no domains in the DNS list then your device uses the domain specified with the ip domain name command If any domain exists in the DNS list then the device does not use the domain set using the ip domain name command Example To add the domain example net to th...

Страница 726: ...empt to resolve domain names You must use IP addresses to specify hosts in commands Syntax ip domain lookup no ip domain lookup Mode Global Configuration Usage The client is enabled by default However it does not attempt DNS inquiries unless there is a DNS server configured If you are using DNS Relay see the command ip dns forwarding you must have IP domain lookup enabled Examples To enable the DN...

Страница 727: ...f there are no domains in the DNS list created using the ip domain list command then your device uses the domain specified with this command If any domain exists in the DNS list then the device does not use the domain configured with this command When your device is using its DHCP client for an interface it can receive Option 15 from the DHCP server This option replaces the domain name set with th...

Страница 728: ...r to forward requests to Name servers can be learned through the following means Manual configuration using the ip name server command Learned from DHCP server with Option 6 This command is used to statically configure a DNS name server for the device to use Examples To allow a device to send DNS queries to a DNS server with the IPv4 address 10 10 10 5 use the commands awplus configure terminal aw...

Страница 729: ...command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging ip dns forwarding Mode User Exec and Privileged Exec Example To display the DNS Relay debugging status use the command awplus show debugging ip dns forwarding Output Figure 20 1 Example output from the show debugging ip dns forwa...

Страница 730: ...d output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show hosts Mode User Exec and Privileged Exec Example To display the default domain use the command awplus show hosts Output Figure 20 2 Example output from the show hosts command Related Commands ip domain list ip domain lookup ip domain name ip name server awplus show hosts Default domain is myc...

Страница 731: ...lay the DNS Relay status Syntax show ip dns forwarding Mode User Exec and Privileged Exec Examples To display the DNS Relay status use the command awplus show ip dns forwarding Output Figure 20 3 Example output from the show ip dns forwarding command Related Commands ip dns forwarding awplus show ip dns forwarding Max Retry 2 Timeout 3 second s Dead Time 3600 second s Source Interface not specifie...

Страница 732: ...rding cache Mode User Exec and Privileged Exec Example To display the DNS Relay name resolver cache use the command awplus show ip dns forwarding cache Output Figure 20 4 Example output from the show ip dns forwarding cache command Related Commands ip dns forwarding cache ip name server awplus show ip dns forwarding cache Host Address Expires Flags www example com 172 16 1 1 180 mail example com w...

Страница 733: ...g server Mode User Exec and Privileged Exec Examples To display the status of DNS Relay name servers use the command awplus show ip dns forwarding server Output Figure 20 5 Example output from the show ip dns forwarding server command Related Commands ip dns forwarding ip dns forwarding dead time Parameter Description forwarding server Display information about the DNS forwarding name servers awpl...

Страница 734: ... when sending a DNS inquiry to a DNS server For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip domain list Mode User Exec and Privileged Exec Example To display the list of domains in the domain list use the command awplus show ip domain list Output Figure 20 6 Example output from the show ip d...

Страница 735: ...complete hostnames when sending a DNS inquiry to a DNS server For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip domain name Mode User Exec and Privileged Exec Example To display the default domain configured on your device use the command awplus show ip domain name Output Figure 20 7 Example o...

Страница 736: ...he ip name server command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip name server Mode User Exec and Privileged Exec Example To display the list of DNS servers that your device sends DNS requests to use the command awplus show ip name server Output Figure 20 8 Example output from the sho...

Страница 737: ...pv6 address autoconfig on page 742 ipv6 enable on page 744 ipv6 eui64 linklocal on page 746 ipv6 forwarding on page 747 ipv6 multicast forward slow path packet on page 748 ipv6 nd accept ra pinfo on page 749 ipv6 nd managed config flag on page 750 ipv6 nd minimum ra interval on page 751 ipv6 nd other config flag on page 752 ipv6 nd prefix on page 753 ipv6 nd ra interval on page 755 ipv6 nd ra life...

Страница 738: ... COMMANDS ipv6 opportunistic nd on page 763 ipv6 route on page 764 ipv6 unreachables on page 765 ping ipv6 on page 766 show ipv6 forwarding on page 767 show ipv6 interface brief on page 768 show ipv6 neighbors on page 769 show ipv6 route on page 770 show ipv6 route summary on page 772 traceroute ipv6 on page 773 ...

Страница 739: ...lliedWare Plus Operating System Version 5 4 7 0 x IPV6 COMMANDS CLEAR IPV6 NEIGHBORS clear ipv6 neighbors Overview Use this command to clear all dynamic IPv6 neighbor entries Syntax clear ipv6 neighbors Mode Privileged Exec Example awplus clear ipv6 neighbors ...

Страница 740: ...prefix length Mode Interface Configuration for a VLAN interface Usage Note that link local addresses are retained in the system until they are negated by using the no variant of the command that established them See the ipv6 enable command for more information Also note that the link local address is retained in the system if the global address is removed using another command which was not used t...

Страница 741: ...ddress 2001 0db8 a2 64 from the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 address 2001 0db8 a2 64 Related Commands ipv6 address autoconfig ipv6 address dhcp ipv6 dhcp server ipv6 enable ipv6 eui64 linklocal show running config show ipv6 interface brief show ipv6 route ...

Страница 742: ...ration parameters for IPv6 hosts The SLAAC process derives the interface identifier of the IPv6 address from the MAC address of the interface When applying SLAAC to an interface note that the MAC addressof thedefaultVLAN isappliedtotheinterfaceif theinterface doesnot have its own MAC address If SLAAC is not suitable then a network can use stateful configuration with DHCPv6 Dynamic Host Configurati...

Страница 743: ...V6 COMMANDS IPV6 ADDRESS AUTOCONFIG To disable SLAAC on the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 address autoconfig Related Commands ipv6 address ipv6 enable show ipv6 interface brief show ipv6 route show running config ...

Страница 744: ...on Routing does not forward packets with link local addresses IPv6 requires that a link local address is assigned to each interface that has the IPv6 protocol enabled and when addresses are assigned to interfaces for routing IPv6 packets Note that link local addresses are retained in the system until they are negated by using the no variant of the command that established them Also note that the l...

Страница 745: ...dWare Plus Operating System Version 5 4 7 0 x IPV6 COMMANDS IPV6 ENABLE Related Commands ipv6 address ipv6 address autoconfig ipv6 address dhcp ipv6 address DHCPv6 PD ipv6 dhcp client pd ipv6 nd prefix show ipv6 interface brief show ipv6 route show running config ...

Страница 746: ...cal address on an IPv6 enabled interface Syntax ipv6 eui64 linklocal no ipv6 eui64 linklocal Default The command ipv6 eui64 linklocal is enabled by default on any IPv6 enabled interface Mode Interface Example To enable IPv6 on the interface vlan1 and use the link local address of fe80 1 10 instead of the EUI 64 link local that is automatically generated use the following commands awplus configure ...

Страница 747: ... globally for all interface on your device with this command Use the no variant of this command to disable IPv6 unicast forwarding globally for all interfaces on your device IPv6 unicast forwarding allows devices to communicate with devices that are more than one hop away providing that there is a route to the destination address If IPv6 forwarding is not enabled then pings to addresses on devices...

Страница 748: ...e smallest MTU among the outgoing interfaces for the multicast group It will also ensure that a received packet that is larger than the MTU value will result in the generation of an ICMP Too Big message Use the no variant of this command to disable the above functionality Syntax ipv6 multicast forward slow path packet no ipv6 multicast forward slow path packet Default Disabled Mode Privileged Exec...

Страница 749: ...ed on an interface SLAAC is also enabled SLAAC addressing along with the EUI 64 process uses the prefix information included in a received RA to generate an automatic link local address on the IPv6 interface Note an AlliedWare Plus device will by default add a prefix for the connected interface IPv6 address es to the RA it transmits However this behavior can be changed by using the command no ipv6...

Страница 750: ...s to use a stateless autoconfiguration mechanism to establish their IPv6 addresses The default is flag unset Use the no variant of this command to reset this command to its default of flag unset Syntax ipv6 nd managed config flag no ipv6 nd managed config flag Default Unset Mode Interface Configuration for a VLAN interface Usage Advertisement flags will not be transmitted unless you have applied t...

Страница 751: ... a VLAN interface is unset by default Mode Interface Configuration for a VLAN interface Examples To set the minimum RA interval for the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 nd minimum ra interval 60 To remove the minimum RA interval for the VLAN interface vlan2 use the following commands awplus configure termi...

Страница 752: ... the ipv6 nd other config flag will also be set Use no variant of this command to reset the value to the default Syntax ipv6 nd other config flag no ipv6 nd other config flag Default Unset Mode Interface Configuration for a VLAN interface Usage Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command This step is included in the example below Example To s...

Страница 753: ...advertised by the router advertisement message The IPv6 address prefix uses the format X X prefix length The prefix length is usually set between 0 and 64 The default is X X 64 valid lifetime The the period during which the specified IPv6 address prefix is valid This can be set to a value between 0 and 4294967295 seconds The default is 2592000 30 days Note that this period should be set to a value...

Страница 754: ...awplus config interface vlan4 awplus config if ipv6 nd prefix 2001 0db8 64 864000 432000 Thefollowing exampleconfiguresthedevice toissuerouteradvertisementsonthe VLAN interface vlan4 and advertises the address prefix of 2001 0db8 64 with a valid lifetime of 10 days a preferred lifetime of 5 days and no prefix used for autoconfiguration awplus configure terminal awplus config interface vlan4 awplus...

Страница 755: ... Configuration for a VLAN interface Usage Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command as shown in the example below Example To set the advertisements interval on the VLAN interface vlan4 to be 60 seconds use the following commands awplus configure terminal awplus config interface vlan4 awplus config if ipv6 nd ra interval 60 awplus config if ...

Страница 756: ...ies the lifetime of the current router to be announced in IPv6 Router Advertisements Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command This instruction is included in the example shown below Examples To set the advertisement lifetime of 8000 seconds on the VLAN interface vlan4 use the following commands awplus configure terminal awplus config inter...

Страница 757: ...d blocks RAs from untrusted hosts Blocking RAs stops untrusted hosts from flooding malicious RAs and stops any misconfigured hosts from disrupting traffic on the local network Enabling RA Guard on a port blocks RAs from a connected host and indicates the port and host are untrusted Disabling RA Guard on a port allows RAs from a connected host and indicates the port and host are trusted Ports and h...

Страница 758: ...Ware Plus Operating System Version 5 4 7 0 x IPV6 COMMANDS IPV6 ND RAGUARD Output Exampleoutputfromusing showrunning configinterfaceport1 0 2toverify RA Guard Related Commands show running config interface interface port1 0 2 switchport mode access ipv6 nd raguard ...

Страница 759: ...nsmitted unless you have applied the ipv6 nd suppress ra command This instruction is included in the example shown below Example To set the reachable time in router advertisements on the VLAN interface vlan4 to be 1800000 milliseconds enter the following commands awplus configure terminal awplus config interface vlan4 awplus config if ipv6 nd reachable time 1800000 awplus config if no ipv6 nd supp...

Страница 760: ...1 second Mode Interface Configuration for a VLAN interface Examples To set the retransmission time of Neighbor Solicitation on the VLAN interface vlan2 to be 800000 milliseconds enter the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 nd retransmission time 800000 To reset the retransmission time of Neighbor Solicitation on the VLAN interface vlan2...

Страница 761: ...iguration Use no parameter with this command to enable Router Advertisement transmission Syntax ipv6 nd suppress ra no ipv6 nd suppress ra Default Router Advertisement RA transmission is suppressed by default Mode Interface Configuration for a VLAN interface Example To enable the transmission of router advertisements from the VLAN interface vlan4 on the device use the following commands awplus con...

Страница 762: ... a specific IPv6 neighbor entry To clear all dynamic address entries use the clear ipv6 neighbors command Example To create a static neighbor entry for IPv6 address 2001 0db8 a2 on vlan 4 MAC address 0000 cd28 0880 on port1 0 6 use the command awplus configure terminal awplus config ipv6 neighbor 2001 0db8 a2 vlan4 0000 cd28 0880 port1 0 6 Related Commands clear ipv6 neighbors Parameter Descriptio...

Страница 763: ...figuration Usage When opportunistic neighbor discovery is enabled the device will reply to any received unsolicited ICMPv6 ND packets The source MAC address for the unsolicited ICMPv6 ND packet is added to the IPv6 ND cache so the device forwards the ICMPv6 ND packet When opportunistic neighbor discovery is disabled the source MAC address for the ICMPv6 packet is not added to the IPv6 ND cache so ...

Страница 764: ...teway ip gateway name distvalue Mode Global Configuration Usage Administrative distance can be modified so static routes do not take priority over other routes Example awplus configure terminal awplus config ipv6 route 2001 0db8 1 128 vlan2 32 Validation Commands show running config show ipv6 route Parameter Description dest prefix length Specifies the IP destination prefix The IPv6 address prefix...

Страница 765: ...es to obtain information regarding the topology of a network Disabling destination unreachable messages using the no ipv6 unreachables command secures your network against this type of probing NOTE Disabling ICMPv6 destination unreachable messages breaks applications such as traceroute which depend on these messages to operate correctly Example To disable destination unreachable messages use the c...

Страница 766: ...The number of data bytes to send excluding the 8 byte ICMP header The default is 56 64 ICMP data bytes interface interface list The interface or range of configured IP interfaces to use as the source in the IP header of the ping packet You can only specify the interface when pinging a link local address timeout 1 65535 The time in seconds to wait for echo replies if the ARP entry is present before...

Страница 767: ...IPV6 COMMANDS SHOW IPV6 FORWARDING show ipv6 forwarding Overview Use this command to display IPv6 forwarding status Syntax show ipv6 forwarding Mode User Exec and Privileged Exec Example awplus show ipv6 forwarding Output Figure 21 1 Example output from the show ipv6 forwarding command ipv6 forwarding is on ...

Страница 768: ...rted with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 interface brief Mode User Exec and Privileged Exec Examples awplus show ipv6 interface brief Output Figure 21 2 Example output from the show ipv6 interface brief command Related Commands show interface brief Parameter Description brief Specify this optional parameter to display brief IPv6 interface information awpl...

Страница 769: ...V6 COMMANDS SHOW IPV6 NEIGHBORS show ipv6 neighbors Overview Use this command to display all IPv6 neighbors For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 neighbors Mode User Exec and Privileged Exec ...

Страница 770: ...ion connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing information extracted from the database static Displays only the IPv6 static routes you have configured summary Displays summary information from the IPv6 routing table ipv6 address Displays the routes for the specified address in the IP routing table The IPv6 address uses the format X ...

Страница 771: ... entries for an IP route use the following command awplus show ipv6 route database Output Figure 21 4 Example output of the show ipv6 route database command IPv6 Routing Table Codes C connected S static R RIP O OSPF B BGP selected route FIB route p stale info Timers Uptime S 0 1 0 via 2001 a 0 0 c0a8 a01 inactive 6d22h12m 1 0 via 2001 fa 0 0 c0a8 fa01 inactive 6d22h12m ...

Страница 772: ...ut see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the following command awplus show ipv6 route summary Output Figure 21 5 Example output from the show ipv6 route summary command Related Commands show ip route database IPv6 routing table name is Default IP...

Страница 773: ...oute to the specified IPv6 host Syntax traceroute ipv6 ipv6 addr hostname Mode User Exec and Privileged Exec Example To run a traceroute for the IPv6 address 2001 0db8 a2 use the following command awplus traceroute ipv6 2001 0db8 a2 Related Commands ping ipv6 Parameter Description ipv6 addr The destination IPv6 address The IPv6 address uses the format X X X X hostname The destination hostname ...

Страница 774: ...e common across the routing IP protocols For more information see the Route Selection Feature Overview and Configuration Guide Command List ip route on page 775 ipv6 route on page 777 max fib routes on page 778 max static routes on page 779 maximum paths on page 780 show ip route on page 781 show ip route database on page 783 show ip route summary on page 784 show ipv6 route on page 785 show ipv6 ...

Страница 775: ...tes Specify a Null interface to add a null or blackhole route to the switch A null or blackhole route is a routing table entry that does not forward packets so any packets sent to it are dropped Parameter Description subnet mask The IPv4 address of the destination subnet defined using either a prefix length or a separate mask specified in one of the following formats The IPv4 subnet address in dot...

Страница 776: ...available through the device at 10 10 0 2 with the default administrative distance use the commands awplus configure terminal awplus config no ip route 192 168 3 0 255 255 255 0 10 10 0 2 To specify a null or blackhole route 192 168 4 0 24 so packets forwarded to this route are dropped use the commands awplus configure terminal awplus config ip route 192 168 4 0 24 null To add the destination 192 ...

Страница 777: ...gateway ip gateway name distvalue Mode Global Configuration Usage Administrative distance can be modified so static routes do not take priority over other routes Example awplus configure terminal awplus config ipv6 route 2001 0db8 1 128 vlan2 32 Validation Commands show running config show ipv6 route Parameter Description dest prefix length Specifies the IP destination prefix The IPv6 address pref...

Страница 778: ...mands awplus config terminal awplus config max fib routes 2000 75 Parameter Description max fib routes This is the maximum number of routes that can be stored in the device s Forwarding Information dataBase In practice other practical system limits would prevent this maximum being reached 1 4294967294 The allowable configurable range for setting the maximum number of FIB routes 1 100 This paramete...

Страница 779: ...aximum number of static routes to the default of 1000 static routes Syntax max static routes 1 1000 no max static routes Default The default number of static routes is the maximum number of static routes 1000 Mode Global Configuration Example To reset the maximum number of static routes to the default maximum use the command awplus configure terminal awplus config no max static routes NOTE Static ...

Страница 780: ...of this command sets the maximum paths to the default of 4 Syntax maximum paths 1 8 no maximum paths Default By default the maximum number of paths is 4 Mode Global Configuration Examples To set the maximum number of paths for each route in the FIB to 5 use the command awplus configure terminal awplus config maximum paths 5 To set the maximum paths for a route to the default of 4 use the command a...

Страница 781: ...ay the static routes in the FIB use the command awplus show ip route static Output Eachentry inthe outputfromthiscommandhasa codepreceding it indicating the source of the routing entry The first few lines of the output list the possible codes that may be seen with the route entries Typically route entries are composed of the following elements code a second label indicating the sub type of the rou...

Страница 782: ...re marked as Connected routes C and always preferred over routes for the same network learned from other routing protocols Related Commands ip route maximum paths show ip route database Codes C connected S static R RIP B BGP O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 candidate default C 3 3 3 0 24 is directly ...

Страница 783: ... Exec and Privileged Exec Example To display the static routes in the RIB use the command awplus show ip route database static Output Figure 22 2 Example output from the show ip route database command Related Commands maximum paths show ip route Parameter Description connected Displays only the routes learned from connected interfaces static Displays only the static routes you have configured Code...

Страница 784: ...tput modifiertoken to save the output to a file use the output redirection token Syntax show ip route summary Mode User Exec and Privileged Exec Example To display a summary of the current RIB entries use the command awplus show ip route summary Output Figure 22 3 Example output from the show ip route summary command Related Commands show ip route show ip route database IP routing table name is De...

Страница 785: ...tion connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing information extracted from the database static Displays only the IPv6 static routes you have configured summary Displays summary information from the IPv6 routing table ipv6 address Displays the routes for the specified address in the IP routing table The IPv6 address uses the format X...

Страница 786: ...se entries for an IP route use the following command awplus show ipv6 route database Output Figure 22 5 Example output of the show ipv6 route database command IPv6 Routing Table Codes C connected S static R RIP O OSPF B BGP selected route FIB route p stale info Timers Uptime S 0 1 0 via 2001 a 0 0 c0a8 a01 inactive 6d22h12m 1 0 via 2001 fa 0 0 c0a8 fa01 inactive 6d22h12m ...

Страница 787: ...put see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the following command awplus show ipv6 route summary Output Figure 22 6 Example output from the show ipv6 route summary command Related Commands show ip route database IPv6 routing table name is Default I...

Страница 788: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 788 AlliedWare Plus Operating System Version 5 4 7 0 x Part 4 Multicast Applications ...

Страница 789: ...ticasting This chapter describes the commands to configure IGMP Querier behaviour and selection IGMP Snooping and IGMP Proxy Command List clear ip igmp on page 791 clear ip igmp group on page 792 clear ip igmp interface on page 793 debug igmp on page 794 ip igmp on page 795 ip igmp access group on page 796 ip igmp flood specific query on page 797 ip igmp immediate leave on page 798 ip igmp last me...

Страница 790: ...ip igmp snooping routermode on page 820 ip igmp snooping tcn query solicit on page 822 ip igmp source address check on page 824 ip igmp ssm on page 825 ip igmp ssm map enable on page 826 ip igmp ssm map static on page 827 ip igmp static group on page 829 ip igmp startup query count on page 831 ip igmp startup query interval on page 832 ip igmp trusted on page 833 ip igmp version on page 834 show d...

Страница 791: ...ND IGMP SNOOPING COMMANDS CLEAR IP IGMP clear ip igmp Overview Use this command to clear all IGMP group membership records on all interfaces Syntax clear ip igmp Mode Privileged Exec Example awplus clear ip igmp Related Commands clear ip igmp group clear ip igmp interface show ip igmp interface show running config ...

Страница 792: ...an interface can be specified Specifying this will mean that only entries with the group learned on the interface will be deleted Examples To delete all group records use the command awplus clear ip igmp group To delete records for 224 1 1 1 on vlan1 use the command awplus clear ip igmp group 224 1 1 1 vlan1 Related Commands clear ip igmp clear ip igmp interface show ip igmp interface show running...

Страница 793: ...ular interface Syntax clear ip igmp interface interface Mode Privileged Exec Usage This command applies to interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example To delete records for vlan1 use the command awplus clear ip igmp interface vlan1 Related Commands clear ip igmp clear ip igmp group show ip igmp interface show running config Parameter Description interface Specifies the name ...

Страница 794: ...omponent of IGMP Syntax debug igmp all decode encode events fsm tib no debug igmp all decode encode events fsm tib Modes Privileged Exec and Global Configuration Example awplus configure terminal awplus config debug igmp all Related Commands show debugging igmp undebug igmp Parameter Description all Enable or disable all debug options for IGMP decode Debug of IGMP packets that have been received e...

Страница 795: ... of this command to return all IGMP related configuration to the default on this interface Syntax ip igmp no ip igmp Default Disabled Mode Interface Configuration for a VLAN interface Usage An IP address must be assigned to the interface first before this command will work Example To specify an interface as an IGMP querier use the commands awplus configure terminal awplus config interface vlan2 aw...

Страница 796: ...ntax ip igmp access group access list number access list name no ip igmp access group Default By default there are no access lists configured on any interface Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example In the following example hosts serviced by VLAN interface vlan2 can only join the group 2...

Страница 797: ...L2 switched network running IGMP it is considered more robust to flood all specific queries In most cases the benefit of flooding specific queries to all VLAN member ports outweighs the disadvantages However sometimes this is not the case For example if hosts with very low CPU capability receive specific queries for multicast groups they are not members of their performance may degrade unacceptabl...

Страница 798: ...o ip igmp immediate leave Default Disabled by default Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example The following example shows how to enable the immediate leave feature on the VLAN interface vlan2 for a specific range of multicast groups awplus configure terminal awplus config interface vlan2...

Страница 799: ...nt 2 7 no ip igmp last member query count Default The default last member query count value is 2 Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example To set the last member query count to 3 on vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ip igmp last...

Страница 800: ...y interval Default 1000 milliseconds Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example To change the IGMP group specific host query message interval to 2 seconds 2000 milliseconds on vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ip igmp last member...

Страница 801: ...lt limit which is reset by the no variant of this command is 512 Mode Global Configuration and Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example To configure an IGMP limit of 100 group membership entries on vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ...

Страница 802: ...IGMP snooping fast leave on the relevant VLANs To enable fast leave use the command awplus config if ip igmp snooping fast leave Thedevicekeepscountofthe numberofgroups learned byeachport This counter is incremented when group joins are received via IGMP reports It is decremented when Group memberships time out Group leaves are received via leave messages or reports Also the port s group counter i...

Страница 803: ...ts to 10 groups on port 1 0 1 which is in vlan1 use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if ip igmp maximum groups 10 awplus config if exit awplus config interface vlan1 awplus config if ip igmp snooping fast leave Related Commands clear ip igmp group ip igmp snooping fast leave show ip igmp interface show ip igmp snooping statistics ...

Страница 804: ...for IGMP Proxy You must also enable the IGMP proxy service on the upstream interface using the ip igmp proxy service command You can associate one or more downstream mroute proxy interfaces on the device with a single upstream proxy service interface This downstream mroute proxy interface listens for IGMP reports and forwards them to the upstream IGMP proxy service interface IGMP Proxy does not wo...

Страница 805: ...m proxy service interface Syntax ip igmp proxy service no ip igmp proxy service Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP Proxy This command is used with the ip igmp mroute proxy command to enable forwardingof IGMP reports to aproxy serviceinterface forall forwarding entries for thisinterface YoumustalsoenablethedownstreamIG...

Страница 806: ... The default timeout interval is 255 seconds Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP The timeout value should not be less than the current active querier s general query interval Example To configure thedevice towait130 seconds from thetime it received thelast query before it takes over as the querier for vlan2 use the com...

Страница 807: ...oS Denial of Service attack if a stream of Query Solicitation QS packets are sent to the IGMP Querier eliciting a rapid stream of IGMP Queries This command applies to interfaces on which the device is acting as an IGMP Querier Use the ip igmp query interval command when a delay for IGMP general query messages is required and IGMP general query messages are required The ip igmp query holdtime comma...

Страница 808: ...NDS IP IGMP QUERY HOLDTIME To reset the IGMP query holdtime to the default 500 ms for vlan10 use the following commands awplus configure terminal awplus config interface vlan10 awplus config if no ip igmp query holdtime Related Commands ip igmp query interval ip igmp snooping tcn query solicit show ip igmp interface show running config ...

Страница 809: ... for IGMP Note that the IGMP query interval is automatically set to a greater value than the IGMP query max response time For example if you set the IGMP query max response time to 2 seconds using the ip igmp query max response time command and the IGMP query interval is currently less than 3 seconds then the IGMP query interval period will be automatically reconfigured to be 3 seconds so it is gr...

Страница 810: ...eset the period between sending IGMP host query messages to the default 125 seconds for vlan10 use the following commands awplus configure terminal awplus config interface vlan10 awplus config if no ip igmp query interval Related Commands ip igmp query holdtime ip igmp query max response time ip igmp startup query interval show ip igmp interface show running config ...

Страница 811: ...le if you set the IGMP query interval to 3 seconds using the ip igmp query interval command and the current IGMP query interval is less than 3 seconds then the IGMP query maximum response time will be automatically reconfigured to be 2 seconds so it is less than the IGMP query interval time To get the network to converge faster use the ip igmp query max response time command and set a low response...

Страница 812: ...d Reference for IX5 28GPX 812 AlliedWare Plus Operating System Version 5 4 7 0 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP QUERY MAX RESPONSE TIME Related Commands ip igmp query interval show ip igmp interface show running config ...

Страница 813: ...ptions are ignored Use the no variant of this command to disable strict RA option validation Syntax ip igmp ra option no ip igmp ra option Default The default state of RA validation is unset Mode Interface Configuration for a VLAN interface Usage This command applies to interfaces configured for IGMP and IGMP Snooping Examples To enable strict Router Alert RA option validation on vlan20 use the fo...

Страница 814: ...e Syntax ip igmp robustness variable 1 7 no ip igmp robustness variable Default The default robustness variable value is 2 Mode Interface Configuration for a VLAN interface Usage This command applies to interfaces configured for IGMP and IGMP Snooping Examples To set the robustness variable to 3 on vlan20 use the following commands awplus configure terminal awplus config interface vlan20 awplus co...

Страница 815: ...isabled globally Syntax ip igmp snooping no ip igmp snooping Default By default IGMP Snooping is enabled both globally and on all VLANs Mode Global Configuration and Interface Configuration for a VLAN interface Usage For IGMP snooping to operate on particular VLAN interfaces it must be enabled both globally by using this command in Global Configuration mode and on individual VLAN interfaces by usi...

Страница 816: ...p message is received without sending out a group specific query Use the no variant of this command to disable fast leave processing Syntax ip igmp snooping fast leave no ip igmp snooping fast leave Default IGMP Snooping fast leave processing is disabled Mode Interface Configuration for a VLAN interface Usage This IGMP Snooping command can only be configured on VLAN interfaces Example To enable fa...

Страница 817: ...to remove the static configuration of the port as a multicast router port Syntax ip igmp snooping mrouter interface port no ip igmp snooping mrouter interface port Mode Interface Configuration for a VLAN interface Example To configure port1 0 2 statically as a multicast router interface for vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ip igmp snoo...

Страница 818: ...P address because it only masquerades as a proxy IGMP querier for faster network convergence It does not start or automatically cease the IGMP Querier operation if it detects query message s from a multicast router If an IP address is assigned to a VLAN which has IGMP querier enabled on it then the IGMP Snooping querier uses the VLAN s IP address as the Source IP Address in IGMP queries The IGMP S...

Страница 819: ... already downstream ports for this group on this interface Use the no variant of this command to disable report suppression Syntax ip igmp snooping report suppression no ip igmp snooping report suppression Default Report suppression does not apply to IGMPv3 and is turned on by default for IGMPv1 and IGMPv2 reports Mode Interface Configuration for a VLAN interface Example To enable report suppressi...

Страница 820: ...guration Parameter Description all All reserved multicast addresses 224 0 0 x Packets from all possible addresses in range 224 0 0 x are treated as coming from routers default Default set of reserved multicast addresses Packets from 224 0 0 1 224 0 0 2 224 0 0 4 224 0 0 5 224 0 0 6 224 0 0 9 224 0 0 13 224 0 0 15 and 224 0 0 24 are treated as coming from routers ip Custom reserved multicast addres...

Страница 821: ...ERMODE Examples To set ip igmp snooping routermode for all default reserved addresses enter awplus config ip igmp snooping routermode default To remove the multicast address 224 0 0 5 from the custom list of multicast addresses enter awplus config no ip igmp snooping routermode address 224 0 0 5 Related commands ip igmp trusted show ip igmp snooping routermode ...

Страница 822: ...enabled by default and cannot be disabled using the Global Configuration mode command However Query Solicitation can be disabled for specified interfaces using the no variant of this command from the Interface Configuration mode Mode Global Configuration and Interface Configuration for a VLAN interface Usage Once enabled if the device is not an IGMP Querier on detecting a topology change the devic...

Страница 823: ... To disable Query Solicitation on a device use the commands awplus configure terminal awplus config no ip igmp snooping tcn query solicit To enable Query Solicitation for vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ip igmp snooping tcn query solicit To disable Query Solicitation for vlan2 use the commands awplus configure terminal awplus config i...

Страница 824: ...uration for a VLAN interface Usage This is a security feature and should be enabled unless IGMP Reports from outside the local subnet are expected for example if Multicast VLAN Registration is active in the network The no variant of this command is required to disable the IGMP Report source address checkingfeatureinnetworks that use MulticastVLANRegistration to allow IGMP Reports from devices outs...

Страница 825: ...ault use one of the access list parameter options Use the no variant of this command to change the SSM range in IGMP back to the default Syntax ip igmp ssm range access list number access list name no ip igmp ssm Default By default the SSM range is 232 8 Mode Global Configuration Examples To configure a non default SSM range to be used in IGMP enter the commands awplus configure terminal awplus co...

Страница 826: ...ble Source Specific Multicast SSM mapping on the device Use the no variant of this command to disable SSM mapping Syntax ip igmp ssm map enable no ip igmp ssm map enable Mode Global Configuration Usage This command applies to VLAN interfaces configured for IGMP Example To enable SSM on the device enter the commands awplus configure terminal awplus config ip igmp ssm map enable Related Commands ip ...

Страница 827: ...lies to VLAN interfaces configured for IGMP You can use Standard numbered and Standard named ACLs plus Expanded Numbered ACLs Examples This example shows how to configure an SSM static mapping for group address 224 1 1 1 using a standard numbered ACL shown as 10 awplus configure terminal awplus config access list 10 permit 224 1 1 1 0 0 0 0 awplus config ip igmp ssm map static 10 1 2 3 4 This exam...

Страница 828: ...OMMANDS IP IGMP SSM MAP STATIC This example shows how to configure an SSM static mapping for group address 224 1 1 1 using a standard named ACL shown as sales awplus configure terminal awplus config access list sales permit 224 1 1 1 0 0 0 0 awplus config ip igmp ssm map static sales 1 2 3 4 Related Commands ip igmp ssm map enable ...

Страница 829: ... group ip address source ip source addr ssm map interface port no ip igmp static group ip address source ip source addr ssm map interface port Mode Interface Configuration for a VLAN interface Usage This command applies to IGMP operation or to IGMP Snooping on a VLAN interface Parameter Description ip address Standard IP Multicast group address entered in the form A B C D to be configured as a sta...

Страница 830: ...7 0 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP STATIC GROUP Example The following example show how to statically add group and source records for IGMP on vlan3 awplus configure terminal awplus config interface vlan3 awplus config if ip igmp awplus config if ip igmp static group 226 1 2 4 source 10 2 3 4 ...

Страница 831: ...ariant of this command to return an interface s configured IGMP startup query count to the default Syntax ip igmp startup query count startup query count no ip igmp startup query count Default The default IGMP startup query count is 2 Mode Interface Configuration for a VLAN interface Example To set the IGMP startup query count to 4 on vlan2 use the commands awplus configure terminal awplus config ...

Страница 832: ...val startup query interval no ip igmp startup query interval Default The default IGMP startup query interval is one quarter of the IGMP query interval value NOTE The IGMP startup query interval must be one quarter of the IGMP query interval Mode Interface Configuration for a VLAN interface Example To set the IGMP startup query interval to 15 seconds for vlan2 which is one quarter of the IGMP query...

Страница 833: ... switch ports or aggregators Usage Because all ports are trusted by default use this command in its no variant to stop IGMP processing packets on ports you do not trust For example you can use this command to make sure that only ports attached to approved IGMP routers are treated as router ports Example To stop ports port1 0 3 port1 0 6 from being treated as router ports by IGMP use the commands a...

Страница 834: ...face Use the no variant of this command to return to the default version Syntax ip igmp version 1 3 no ip igmp version Default The default IGMP version is 3 Mode Interface Configuration for a VLAN interface Example To set the IGMP version to 2 for vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ip igmp version 2 Related Commands show ip igmp interfac...

Страница 835: ...he Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging igmp Mode User Exec and Privileged Exec Example To display the IGMP debugging options set enter the command awplus show debugging igmp Output Figure 23 1 Example output from the show debugging igmp command Related Commands debug igmp IGMP Debugging status IGMP Decoder debugging is on IGMP Encoder...

Страница 836: ...A B C D interface Interface name for which to display local information IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 224 0 1 1 port1 0 1 00 00 09 00 04 17 10 10 0 82 224 0 1 24 port1 0 2 00 00 06 00 04 14 10 10 0 84 224 0 1 40 port1 0 3 00 00 09 00 04 15 10 10 0 91 224 0 1 60 port1 0 3 00 00 05 00 04 15 10 10 0 7 224 100 100 100 port1 0 1 00 00 11 00 04 13 1...

Страница 837: ...n 5 4 7 0 x IGMP AND IGMP SNOOPING COMMANDS SHOW IP IGMP GROUPS Expires Time in hours minutes and seconds until the entry expires Last Reporter Last host to report being a member of the multicast group Table 1 Parameters in the output of the show ip igmp groups command cont Parameter Description ...

Страница 838: ...erface If you specify a switch port number the output displays the number of groups the port belongs to and the port s group membership limit if a limit has been set with the command ip igmp maximum groups awplus show ip igmp interface vlan2 Interface vlan2 Index 202 IGMP Disabled Inactive Version 3 default IGMP interface has 0 group record states IGMP activity 0 joins 0 leaves IGMP robustness var...

Страница 839: ...e is 500 milliseconds IGMP querier timeout is 255 seconds IGMP max query response time is 10 seconds Last member query response interval is 1000 milliseconds Group Membership interval is 260 seconds Strict IGMPv3 ToS checking is disabled on this interface Source Address checking is enabled IGMP Snooping is globally enabled IGMP Snooping query solicitation is globally disabled Num query solicit pac...

Страница 840: ...ip igmp proxy groups vlan multicast group detail Mode User Exec and Privileged Exec Example To display the state of IGMP Proxy services for all interfaces enter the command awplus show ip igmp proxy To display the state of IGMP Proxy services for VLAN interface vlan1 enter the command awplus show ip igmp proxy groups vlan1 To display the detailed state of IGMP Proxy services for VLAN interface vla...

Страница 841: ... and Privileged Exec Example To show all multicast router interfaces use the command awplus show ip igmp snooping mrouter To show the multicast router interfaces in vlan1 use the command awplus show ip igmp snooping mrouter interface vlan1 Output Figure 23 3 Example output from the show ip igmp snooping mrouter command Figure 23 4 Example output from the show ip igmp snooping mrouter interface vla...

Страница 842: ...g command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip igmp snooping routermode Mode User Exec and Privileged Exec Example To show the routermode and the list of router multicast addresses use the command awplus show ip igmp snooping routermode Output Figure 23 5 Example output from the show ip igmp snooping router mode command Related...

Страница 843: ...terface vlan1 vlan2 Output Figure 23 6 Example output from the show ip igmp snooping statistics command for VLANs Parameter Description ip address Optionally specify the address of the multicast group entered in the form A B C D interface Specify the name of the interface or interface range If you specify a port number the output displays the number of groups the port belongs to and the port s gro...

Страница 844: ...4 7 0 x IGMP AND IGMP SNOOPING COMMANDS SHOW IP IGMP SNOOPING STATISTICS Figure 23 7 Example output from the show ip igmp snooping statistics command for a switch port awplus show ip igmp interface port1 0 1 IGMP information for port1 0 1 Maximum groups limit set 10 Number of groups port belongs to 0 ...

Страница 845: ...Command Reference for IX5 28GPX 845 AlliedWare Plus Operating System Version 5 4 7 0 x IGMP AND IGMP SNOOPING COMMANDS UNDEBUG IGMP undebug igmp Overview This command applies the functionality of the no debug igmp command ...

Страница 846: ...ticast routing The IPv6 Multicast addresses shown can be derived from IPv6 unicast prefixes as per RFC 3306 The IPv6 unicast prefix reserved for documentation is 2001 0db8 32 as per RFC 3849 Using the base 32 prefix the IPv6 multicast prefix for 2001 0db8 32 is ff3x 20 2001 0db8 64 Where an RP address is 2001 0db8 1 the embedded RP multicast prefix is ff7x 120 2001 0db8 96 For ASM Any Source Multi...

Страница 847: ...limit on page 859 ipv6 mld querier timeout on page 861 ipv6 mld query interval on page 862 ipv6 mld query max response time on page 863 ipv6 mld robustness variable on page 864 ipv6 mld snooping on page 865 ipv6 mld snooping fast leave on page 867 ipv6 mld snooping mrouter on page 868 ipv6 mld snooping querier on page 870 ipv6 mld snooping report suppression on page 871 ipv6 mld static group on pa...

Страница 848: ...MLD clear ipv6 mld Overview Use this command to clear all MLD local memberships on all interfaces Syntax clear ipv6 mld Mode Privileged Exec Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Example awplus clear ipv6 mld Related Commands clear ipv6 mld group clear ipv6 mld interface ...

Страница 849: ...ress Mode Privileged Exec Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Example awplus clear ipv6 mld group Related Commands clear ipv6 mld clear ipv6 mld interface Parameter Description Clears all groups on all interfaces This is an alias to the clear ipv6 mld command ipv6 address Specify the group address for which MLD local m...

Страница 850: ...lear MLD interface entries Syntax clear ipv6 mld interface interface Mode Privileged Exec Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Example awplus clear ipv6 mld interface vlan2 Related Commands clear ipv6 mld clear ipv6 mld group Parameter Description interface Specifies name of the interface all groups learned from this in...

Страница 851: ... decode encode events fsm tib Mode Privileged Exec and Global Configuration Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Examples awplus configure terminal awplus config debug mld all awplus configure terminal awplus config debug mld decode awplus configure terminal awplus config debug mld encode awplus configure terminal awplu...

Страница 852: ...plus NSM 1406 MLD ENCODE Send Group Source Query Sent G S Query on port2 0 1 05 15 01 awplus NSM 1406 MLD FSM State Change Include 1 Exclude 2 05 15 01 awplus NSM 1406 MLD TIB Source Rec Del S 2002 3 Intf vlan1 05 15 01 awplus NSM 1406 MLD ENCODE Send Group Report HST IF vlan1 No Router Ports found 05 15 01 awplus NSM 1406 MLD DECODE Socket Read Ignoring MLD Message on L3 socketsince Snooping is e...

Страница 853: ...mory usage max 51200000 kB 05 15 06 awplus appmond 1244 monitoring lldpd memory usage max 51200000 kB 05 15 06 awplus NSM 1406 MLD EVENTS Querier Timer Exipry on port2 0 1 Send ing General Query 05 15 06 awplus NSM 1406 MLD ENCODE MLD Enc Hdr MLD Listener Query Checksum 14706 MsgLen 28 05 15 06 awplus NSM 1406 MLD ENCODE Send Gen Query Sent General Query on port2 0 1 ret 90 05 15 06 awplus NSM 140...

Страница 854: ...dded to the interfaces that allow multicast routing The device has a 512 MLD group limit for G and S G entries Syntax ipv6 mld no ipv6 mld Default MLD is disabled by default Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage MLD requires memory for storing data structures as well as the hardware tables to implement hardware routing As the number of port...

Страница 855: ...f1e 0db8 0001 64 awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 access list standard group1 permit ff1e 0db8 0001 64 awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 mld access group group1 In the following example the VLAN interfaces vlan2 vlan4 will only accept MLD joins for groups in the range ff1e ...

Страница 856: ...nable the immediate leave feature on an interface for a specific range of multicast groups In this example the router assumes that the group access list consists of groups that have only one node membership at a time per interface awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enable awplus config if ...

Страница 857: ...ult on an interface Syntax ipv6 mld last member query count value no ipv6 mld last member query count Default The default last member query count value is 2 Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Example awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 ...

Страница 858: ...o ipv6 mld last member query interval Default 1000 milliseconds Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Example The following example changes the MLD group specific host query message interval to 2 seconds awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6...

Страница 859: ... be learned with the ipv6 mld limit command The default limit of group membership entries that can be learned is 512 entries Mode Global Configuration and Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Examples The following example configures an...

Страница 860: ...arding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 mld limit 100 The following example configures an MLD limit of 100 group membership states on the VLAN interfaces vlan2 vlan4 awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 vlan4 awplus config if ipv...

Страница 861: ...cified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example The following example configures the router to wait 120 seconds from the time it received the last query before it takes over as the querier for the interface awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing ...

Страница 862: ...face Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example The following example changes the frequency of sending MLD host query messages to 2 minutes awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus co...

Страница 863: ...max response time Default 10 seconds Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example The following example configures a maximum response time of 8 seconds awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ...

Страница 864: ... ipv6 mld robustness variable value no ipv6 mld robustness variable Default The default robustness variable value is 2 Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing aw...

Страница 865: ...r G and S G entries Syntax ipv6 mld snooping no ipv6 mld snooping Default By default MLD Snooping is enabled both globally and on all VLANs Mode Global Configuration and Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage For MLD Snooping to operate on particular VLAN interfaces it must be enabled both globally by using this command in Global Configuration mo...

Страница 866: ...e vlan2 enter the following commands awplus configure terminal awplus config interface vlan2 awplus config no ipv6 mld snooping To disable MLD Snooping for the VLAN interfaces vlan2 vlan4 enter the following commands awplus configure terminal awplus config interface vlan2 vlan4 awplus config no ipv6 mld snooping To configure MLD Snooping globally for the device enter the following commands awplus ...

Страница 867: ...ble fast leave processing Syntax ipv6 mld snooping fast leave no ipv6 mld snooping fast leave Default MLD Snooping fast leave processing is disabled Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This MLD Snooping command can only be configured on VLAN interfaces Examples This example shows how to enable fast leave processing on the VLAN interface v...

Страница 868: ...er interface Note that if static IPv6 multicast routing is being used with EPSR and the destination VLAN is an EPSR data VLAN then multicast router mrouter ports must be statically configured This minimizes disruption for multicast traffic in the event of ring failure or restoration When configuring the EPSR data VLAN statically configure mrouter ports so that the multicast router can be reached i...

Страница 869: ...op interface to the multicast router for VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld snooping mrouter interface port1 0 5 This example shows how to specify the next hop interface to the multicast router for VLAN interfaces vlan2 vlan4 awplus configure terminal awplus config interface vlan2 vlan4 awplus config if ipv6 mld snooping mrouter i...

Страница 870: ... Configuration for a specified VLAN interface Usage This command can only be configured on a single VLAN interface not on multiple VLANs The MLD Snooping querier uses the 0 0 0 0 Source IP address because it only masquerades as an MLD querier for faster network convergence The MLD Snooping querier does not start or automatically cease the MLD Querier operation if it detects query message s from a ...

Страница 871: ...g maybe configured to suppress reports from hosts When a querier sends a query only the first report for particular set of group s from a host will be forwarded to the querier by the MLD Snooping device Similar reports to the same set of groups from other hosts which would not change group memberships in the querier will be suppressed by the MLD Snooping device to prevent flooding of query respons...

Страница 872: ...n 5 4 7 0 x MLD AND MLD SNOOPING COMMANDS IPV6 MLD SNOOPING REPORT SUPPRESSION This example shows how to disable report suppression for MLD reports on VLAN interfaces vlan2 vlan4 awplus configure terminal awplus config interface vlan2 vlan4 awplus config if no ipv6 mld snooping report suppression ...

Страница 873: ...o add a static group record use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 To add a static group and source record use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 source fe80 2fd 6cff fe1c b Parameter Description ipv6 group address Spe...

Страница 874: ...System Version 5 4 7 0 x MLD AND MLD SNOOPING COMMANDS IPV6 MLD STATIC GROUP To add a static group record on a specific port on vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 interface port1 0 4 ...

Страница 875: ...iguration for a VLAN interface Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and MLD Snooping Note this command is intended for use where there is another querier when there is another device with MLD enabled on the same link that can only operate with MLD version 1 Otherwise the default MLD version 2 is recommended for performance Example awplus configure...

Страница 876: ...bug mld command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mld Mode Privileged Exec Example awplus show debugging mld Output Related Commands debug mld show debugging mld MLD Debugging status MLD Decoder debugging is on MLD Encoder debugging is on MLD Events debugging is on MLD F...

Страница 877: ...erface detail Mode User Exec and Privileged Exec Examples The following command displays local membership information for all interfaces awplus show ipv6 mld groups Output Figure 24 2 Example output for show ipv6 mld groups The following command displays local membership information for all interfaces awplus show ipv6 mld groups detail Parameter Description ipv6 address Optional Specify Address of...

Страница 878: ...nterfaces enabled for MLD awplus show ipv6 mld interface Output Parameter Description interface Interface name awplus show ipv6 mld interface Interface vlan1 Index 301 MLD Enabled Active Querier Version 2 default Internet address is fe80 215 77ff fec9 7468 MLD interface has 0 group record states MLD activity 0 joins 0 leaves MLD robustness variable is 2 MLD last member query count is 2 MLD query i...

Страница 879: ...Exec and Privileged Exec Examples The following command displays the multicast router interfaces in vlan2 awplus show ipv6 mld snooping mrouter vlan2 Output The following command displays the multicast router interfaces for all VLAN interfaces awplus show ipv6 mld snooping mrouter Output Parameter Description interface Optional Specify the name of the VLAN interface Note If you do not specify a si...

Страница 880: ...nooping statistics interface interface Mode User Exec and Privileged Exec Example The following command displays MLDv2 statistical information for vlan1 awplus show ipv6 mld snooping statistics interface vlan1 Output Parameter Description interface The name of the VLAN interface awplus show ipv6 mld snooping statistics interface vlan1 MLD Snooping statistics for vlan1 Interface port1 0 1 Group ff0...

Страница 881: ...2001 0db8 32 is ff3x 20 2001 0db8 64 Where an RP address is 2001 0db8 1 the embedded RP multicast prefix is ff7x 120 2001 0db8 96 For ASM Any Source Multicast the IPV6 multicastaddressesallocatedfor documentationpurposes areff0x 0db8 0 0 96asper RFC6676 Thisisa 96prefixsothatitcanbeusedwithgroupIDsasperRFC3307 These addresses should not be used for practical networks other than for testing purpose...

Страница 882: ...ip multicast forward first packet on page 893 ip multicast route limit on page 894 ip multicast wrong vif suppression on page 895 ip multicast routing on page 896 ipv6 mroute on page 897 ipv6 multicast route limit on page 899 ipv6 multicast routing on page 900 multicast on page 901 show ip mroute on page 902 show ip mvif on page 904 show ip rpf on page 905 show ipv6 mroute on page 906 show ipv6 mu...

Страница 883: ...entries in its IPv4 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast protocol has its own clear multicast route command The protocol specific clear command clears multicast routes from PIM Sparse Mode and also clears the routes from the MRIB Examples awplus clear ip mroute 225 1 1 1 192 168 3 3 awplu...

Страница 884: ...tries from the IP multicast routing table Syntax clear ip mroute statistics ipv4 group addr ipv4 source addr Mode Privileged Exec Example awplus clear ip mroute statistics 225 1 1 2 192 168 4 4 awplus clear ip mroute statistics Parameter Description All multicast route entries ipv4 group addr Group IPv4 address in dotted decimal notation in the format A B C D ipv4 source addr Source IPv4 address i...

Страница 885: ...uting Information Base MRIB clears the relevant IPv6 multicast route entries in its IPv6 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast protocol has its own clear multicast route command Example awplus clear ipv6 mroute 2001 2 ff08 1 Related Commands show ipv6 mroute Parameter Description Deletes a...

Страница 886: ... the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Syntax clear ipv6 mroute statistics ipv6 group address ipv6 source address Mode Privileged Exec Examples awplus clear ipv6 mroute statistics 2001 2 ff08 1 awplus clear ipv6 mroute statistics Parameter Description All multicast route e...

Страница 887: ... the smallest MTU among the outgoing interfaces for the multicast group It will also ensure that a received packet that is larger than the MTU value will result in the generation of an ICMP Too Big message Use the no variant of this command to disable the above functionality Syntax ipv6 multicast forward slow path packet no ipv6 multicast forward slow path packet Default Disabled Mode Privileged E...

Страница 888: ...sm mcast fib msg awplus configure terminal awplus config debug nsm mcast mrt awplus configure terminal awplus config debug nsm mcast mtrace awplus configure terminal awplus config debug nsm mcast mtrace detail awplus configure terminal awplus config debug nsm mcast register awplus configure terminal awplus config debug nsm mcast stat awplus configure terminal awplus config debug nsm mcast vif Para...

Страница 889: ...plus configure terminal awplus config debug nsm mcast6 all awplus configure terminal awplus config debug nsm mcast6 fib msg awplus configure terminal awplus config debug nsm mcast6 mif awplus configure terminal awplus config debug nsm mcast6 mrt awplus configure terminal awplus config debug nsm mcast6 register awplus configure terminal awplus config debug nsm mcast6 stats Parameter Description all...

Страница 890: ...hat source This command enables the user to statically configure the device with multicast routes back to given sources When performing the RPF check on a stream from a given IPv4 source the multicast routing protocol will look at these static entries as well as looking into the unicast routing table The route with the lowest Parameter Description ipv4 source address mask length A multicast source...

Страница 891: ...aversed in order to arrive at the current router Examples The following example creates a static multicast IPv4 route back to the sources in the 10 10 3 0 24 subnet The multicast route is via the host 192 168 2 3 and has an administrative distance of 2 awplus configure terminal awplus config ip mroute 10 10 3 0 24 static 2 192 168 2 3 2 The following example creates a static multicast IPv4 route b...

Страница 892: ...ecessary By default when IP multicast packets are fragmented the switch attempts to reassemble them before registering the packets This is necessary for tasks such as network address translation or a firewall However reassembly may be difficult for switches where the CPU cannot handle a large amount of traffic In that situation with the CPU failing to reassemble the fragmented packets there can be...

Страница 893: ...hat create the multicast route possibly causing degradation in the quality of the multicast stream such as the pixelation of video and audio data NOTE If you use this command ensure that the ip igmp snooping command is enabled the default setting otherwise the device will not process the first packets of the multicast stream correctly The device will forward the first multicast packets to all inte...

Страница 894: ...onfiguration Usage This command limits the number of multicast IPv4 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter is set a threshold warning message is generated when this threshold is exceeded and the message continues to occur until the number of mroutes reaches the limit set by the limit argument Examples awplus...

Страница 895: ...ng vif suppression no ip multicast wrong vif suppression Default By default this feature is disabled Mode Global Configuration Usage Use this command if there is excessive CPU load and multicast traffic is enabled To confirm that VIF messages are being sent to the CPU use the debug nsm mcast6 command Examples To enable the suppression of wrong VIF packets use the following commands awplus configur...

Страница 896: ...t routing no ip multicast routing Default By default IPv4 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MRIB cleans up Multicast Routing Tables MRT stops IGMP operation and stops relaying multicast forwarder events to multicast protocols When multicast routing is enabled the MRIB starts processing any MRT...

Страница 897: ...a different paths to those used for unicast In this case the interface via which a multicast stream from a given source enters a router may not be the same as the interface that connects to the best unicast route to that source This command enables the user to statically configure the switch with multicast routes back to given sources When performing the RPF check on a stream from a Parameter Desc...

Страница 898: ... current router will forward multicast instead it refers to the route the multicast will have traversed in order to arrive at the current router Examples The following example creates a static multicast route back to the sources in the 2001 1 64 subnet The multicast route is via the host 2002 2 and has an administrative distance of 2 awplus configure terminal awplus config ipv6 mroute 2001 1 64 st...

Страница 899: ... Configuration Usage This command limits the number of multicast IPv6 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter is set a threshold warning message is generated when this threshold is exceeded and the message continues to occur until the number of mroutes reaches the limit set by the limit argument Examples awpl...

Страница 900: ...icast routing Default By default IPv6 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MRIB cleans up Multicast Routing Tables MRT and stops relaying multicast forwarder events to multicast protocols When multicast routing is enabled the MRIB starts processing any MRT addition deletion requests and any multi...

Страница 901: ...t ports in the same VLANs as the receiving port will still receive the multicast packets CAUTION We do not recommend disabling multicast routing in a live network Some non multicast protocols use multicast packets and will not function correctly if you disable it Syntax multicast no multicast Default By default all device ports route multicast packets Mode Interface Configuration Examples To disab...

Страница 902: ...up and source IPv4 address Figure 25 1 Example output from the show ip mroute command Parameter Description ipv4 group addr Group IPv4 address in dotted decimal notation in the format A B C D ipv4 source addr Source IPv4 address in dotted decimal notation in the format A B C D dense Display dense IPv4 multicast routes sparse Display sparse IPv4 multicast routes count Display the route and packet c...

Страница 903: ... uptime 00 03 24 stat expires 00 01 28 Owner PIM SM Flags TF Incoming interface vlan2 Outgoing interface list vlan3 1 awplus show ip mroute count IP Multicast Statistics Total 1 routes using 132 bytes memory Route limit Route threshold 2147483647 2147483647 Total NOCACHE WRONGVIF WHOLEPKT recv from fwd 1 0 0 Total NOCACHE WRONGVIF WHOLEPKT sent to clients 1 0 0 Immediate Timed stat updates sent to...

Страница 904: ...utput Figure 25 5 Example output from the show ip mvif command Figure 25 6 Example output from the show ip mvif command with the interface parameter vlan2 specified Parameter Description interface The interface to display information about Interface Vif Owner TTL Local Remote Uptime Idx Module Address Address vlan2 0 PIM SM 1 192 168 1 53 0 0 0 0 00 04 26 Register 1 1 192 168 1 53 0 0 0 0 00 04 26...

Страница 905: ...show ip rpf Overview Use this command to display Reverse Path Forwarding RPF information for the specified IPv4 source address Syntax show ip rpf source addr Mode User Exec and Privileged Exec Example awplus show ip rpf 10 10 10 50 Parameter Description ipv4 source addr Source IPv4 address in dotted decimal notation in the format A B C D ...

Страница 906: ...ple output of this command displaying the IPv6 multicast routing table for a single static IPv6 Multicast route Figure 25 7 Example output from the show ipv6 mroute command Parameter Description ipv6 group addr Group IPv6 address in hexadecimal notation in the format X X X X ipv6 source addr Source IPv6 address in hexadecimal notation in the format X X X X count Display the route and packet count ...

Страница 907: ...istics Total 1 routes using 152 bytes memory Route limit Route threshold 1024 1024 Total NOCACHE WRONGmif WHOLEPKT recv from fwd 6 0 0 Total NOCACHE WRONGmif WHOLEPKT sent to clients 6 0 0 Immediate Timed stat updates sent to clients 0 0 Reg ACK recv Reg NACK recv Reg pkt sent 0 0 0 Next stats poll 00 01 14 Forwarding Counts Pkt count Byte count Other Counts Wrong If pkts Fwd msg counts WRONGmif W...

Страница 908: ...tatus of multicast forwarding slow path packet setting Syntax show ipv6 multicast forwarding Mode User Exec Example To show the status of the multicast forwarding slow path packet setting use the following command awplus show ipv6 multicast forwarding Output Figure 25 10 Example output from the show ipv6 multicast forwarding command Related Commands ipv6 multicast forward slow path packet ipv6 mul...

Страница 909: ...w ipv6 mif awplus show ipv6 mif vlan2 Output Figure 25 11 Example output from the show ipv6 mif command Figure 25 12 Example output from the show ipv6 mif command with the interface parameter vlan2 specified Parameter Description interface The interface to display information about awplus show ipv6 mif Interface Mif Owner Uptime Idx Module vlan3 0 MLD MLD Proxy Service 03 28 48 vlan2 1 MLD MLD Pro...

Страница 910: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 910 AlliedWare Plus Operating System Version 5 4 7 0 x Part 5 Access and Security ...

Страница 911: ...he command title ends with words in parentheses these words indicate usage instead of keywords to enter into the CLI For example the title access list numbered hardware ACL for ICMP indicates that the command is used to create an ACL with the syntax access list 3000 3699 action icmp source ip dest ip icmp type number vlan 1 4094 When the command title is completely surrounded by parentheses the ti...

Страница 912: ... access list numbered hardware ACL for IP packets Global Configuration awplus config access list numbered hardware ACL for ICMP Global Configuration awplus config access list numbered hardware ACL for IP protocols Global Configuration awplus config access list numbered hardware ACL for TCP or UDP Global Configuration awplus config access list numbered hardware ACL for MAC addresses Global Configur...

Страница 913: ...ses on page 927 access list numbered hardware ACL for TCP or UDP on page 930 access list hardware named hardware ACL on page 934 named hardware ACL ICMP entry on page 936 named hardware ACL IP packet entry on page 940 named hardware ACL IP protocol entry on page 944 named hardware ACL MAC entry on page 950 named hardware ACL TCP or UDP entry on page 953 commit IPv4 on page 957 show access list IPv...

Страница 914: ... a filter is permitted Usage FirstcreateanIPaccess listthatappliestheappropriatepermit denyrequirements with the access list numbered hardware ACL for IP packets command the access list numbered hardware ACL for MAC addresses command or the access list hardware named hardware ACL command Then use this command to apply this hardware access list to a specific port or port range Note that this comman...

Страница 915: ...w acl to switch port interface port1 0 2 enter the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if access group hw acl To apply an ACL to static channel group 2 containing switch port1 0 5 and port1 0 6 use the commands awplus configure terminal awplus config interface port1 0 5 1 0 6 awplus config if static channel group 2 awplus config interface sa...

Страница 916: ...specified access list Syntax access list 3000 3699 action icmp source ip dest ip icmp type number vlan 1 4094 no access list 3000 3699 Parameter Description 3000 3699 An ID number for this hardware IP access list action The action that the switch will take on matching packets deny Reject packets that match the source and destination filtering specified with this command permit Permit packets that ...

Страница 917: ... 255 is the same as entering 192 168 1 1 24 dest ip The destination addresses to match against You can specify a single host a subnet or all destination addresses The following are the valid formats for specifying the destination any Match any destination IP address host ip addr Match a single destination host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any...

Страница 918: ...hem to the CPU the mirror port or a specific VLAN on a specific port Use such ACLs with caution They could prevent control packets from reaching the correct destination such as EPSR healthcheck messages and VCStack messages Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To create an access list that will permit ICMP packets with a source address of 192 168 1 0 ...

Страница 919: ...Operating System Version 5 4 7 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS ACCESS LIST NUMBERED HARDWARE ACL FOR ICMP match access group show running config show access list IPv4 Hardware ACLs Command changes Version 5 4 6 2 1 send to vlan port action parameter added ...

Страница 920: ...ess list Syntax access list 3000 3699 action ip source ip dest ip vlan 1 4094 no access list 3000 3699 Table 26 2 IP and ICMP parameters in access list hardware IP numbered Parameter Description 3000 3699 An ID number for this hardware IP access list action The action that the switch will take on matching packets deny Reject packets that match the source and destination filtering specified with th...

Страница 921: ...he specified subnet Specify the subnet by entering a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 dest ip The destination addresses to match against You can specify a single host a subnet or all destination addresses The following are the valid formats for specifying the destination any Match any destination IP address host...

Страница 922: ...c VLAN on a specific port Use such ACLs with caution They could prevent control packets from reaching the correct destination such as EPSR healthcheck messages and VCStack messages Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To create an access list that will permit IP packets with a source address of 192 168 1 1 and any destination address enter the command...

Страница 923: ...IP hardware access list Syntax access list 3000 3699 action proto 1 255 source ip dest ip vlan 1 4094 no access list 3000 3699 Table 26 3 Parameters in access list hardware IP numbered Parameter Description 3000 3699 An ID number for this hardware IP access list action The action that the switch will take on matching packets deny Reject packets that match the source and destination filtering speci...

Страница 924: ...source IP address within the specified subnet Specify the subnet by entering a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 dest ip The destination addresses to match against You can specify a single host a subnet or all destination addresses The following are the valid formats for specifying the destination any Match any d...

Страница 925: ...monitoring RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC938 29 ISO TP4 ISO Transport Protocol Class 4 RFC905 30 Bulk Data Transfer Protocol RFC969 33 DCCP Datagram Congestion Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolutio...

Страница 926: ...t control packets from reaching the correct destination such as EPSR healthcheck messages and VCStack messages Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To create an access list that will deny all IGMP packets IP protocol 2 from the 192 168 0 0 network enter the commands awplus configure terminal awplus config access list 3000 deny proto 2 192 168 0 0 16 a...

Страница 927: ...ess list Syntax access list 4000 4699 action source mac any dest mac any vlan 1 4094 inner vlan 1 4094 no access list 4000 4699 Parameter Description 4000 4699 Hardware MAC access list action The action that the switch will take on matching packets deny Reject packets that match the source and destination filtering specified with this command permit Permit packets that match the source and destina...

Страница 928: ...access list that will permit packets with a source MAC address of 0000 00ab 1234 and any destination address use the commands awplus configure terminal awplus config access list 4000 permit 0000 00ab 1234 0000 0000 0000 any source mac The source MAC address to match against followed by the mask Enter the address in the format HHHH HHHH HHHH where each H is a hexadecimal number Enter the mask in th...

Страница 929: ...access list that will send a copy of packets to the mirror port if their source MAC address starts with 0000 00ab use the commands awplus configure terminal awplus config access list 4001 copy to mirror 0000 00ab 1234 0000 0000 FFFF any You also need to configure the mirror port with the mirror interface command To destroy the access list with an access list identity of 4000 enter the commands awp...

Страница 930: ...re access list Syntax access list 3000 3699 action tcp udp source ip source ports dest ip dest ports vlan 1 4094 no access list 3000 3699 Parameter Description 3000 3699 An ID number for this hardware IP access list action The action that the switch will take on matching packets deny Reject packets that match the source and destination filtering specified with this command permit Permit packets th...

Страница 931: ...1 0 0 0 255 is the same as entering 192 168 1 1 24 source ports Match source TCP or UDP port numbers Port numbers are specified as integers between 0 and 65535 You can specify one or more port numbers as follows eq 0 65535 Match a single port number lt 0 65535 Match all port numbers that are less than the specified port number gt 0 65535 Match all port numbers that are greater than the specified p...

Страница 932: ...ss unless explicitly denied by an ACL action Examples To create an access list that will permit TCP packets with a destination address of 192 168 1 1 a destination port of 80 and any source address and source port enter the commands awplus configure terminal awplus config access list 3000 permit tcp any 192 168 1 1 32 eq 80 ip addr reverse mask Match any destination IP address within the specified...

Страница 933: ...hey have a destination addressof 192 168 1 1 adestinationport of80 and anysourceaddress and source port enter the commands awplus configure terminal awplus config access list 3000 copy to mirror tcp any 192 168 1 1 32 eq 80 You also need to configure the mirror port with the mirror interface command Related Commands access group match access group show running config show access list IPv4 Hardware...

Страница 934: ...Pv4 Hardware ACL Configuration mode If the named hardware ACL does not exist it will be created after entry If the named hardware ACL already exists then this command puts you into IPv4 Hardware ACL Configuration mode for that existing ACL Entering this command moves you to the IPv4 Hardware ACL Configuration mode config ip hw acl prompt so you can enter ACL filters with sequence numbers From this...

Страница 935: ...5 4 7 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS ACCESS LIST HARDWARE NAMED HARDWARE ACL Related Commands access group named hardware ACL ICMP entry named hardware ACL IP protocol entry named hardware ACL TCP or UDP entry access list standard named filter show access list IPv4 Hardware ACLs ...

Страница 936: ...itssequencenumber e g nopermiticmp192 168 1 0 24any icmp type 11 You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax sequence number action icmp source ip dest ip icmp type number vlan 1 4094 no sequence number no action icmp source ip dest ip icmp type number vlan 1 4094 Param...

Страница 937: ...urce host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any source IP address within the specified subnet Specify the subnet by entering the IPv4 address then a forward slash then the prefix length ip addr reverse mask Match any source IP address within the specified subnet Specify the subnet by entering a reverse mask in dotted decimal format For example ent...

Страница 938: ...t by specifying the appropriate sequence number If you do not specify a sequence number the switch puts the entry at the end of the ACL and assigns it the next available multiple of 10 as its sequence number ip addr reverse mask Match any destination IP address within the specified subnet Specify the subnet by entering a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 ...

Страница 939: ...ges Examples To add an access list filter entry with a sequence number of 100 to the access list named my list that will permit ICMP packets with a source address of 192 168 1 0 24 any destination address and an ICMP type of 5 use the commands awplus configure terminal awplus config access list hardware my list awplus config ip hw acl 100 permit icmp 192 168 1 0 24 any icmp type 5 To remove an acc...

Страница 940: ... sequence number e g no deny ip 192 168 0 0 16 any You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax sequence number action ip source ip dest ip source mac dest mac vlan 1 4094 no sequence number no action ip source ip dest ip source mac dest mac vlan 1 4094 Parameter Descrip...

Страница 941: ...ing database host ip addr Match a single source host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any source IP address within the specified subnet Specify the subnet by entering the IPv4 address then a forward slash then the prefix length ip addr reverse mask Match any source IP address within the specified subnet Specify the subnet by entering a reverse ma...

Страница 942: ...inst any source MAC address source mac The source MAC address to match against followed by the mask Enter the address in the format HHHH HHHH HHHH where each H is a hexadecimal number Enter the mask in the format HHHH HHHH HHHH where each H is a hexadecimal number For a mask each value is either 0 or F where FF Ignore and 00 Match dhcpsnooping Match the source address learned from the DHCP Snoopin...

Страница 943: ... a specific port Use such ACLs with caution They could prevent control packets from reaching the correct destination such as EPSR healthcheck messages and VCStack messages Examples To add a filter entry to the access list named my list that will permit any IP packet with a source address of 192 168 1 1 use the commands awplus configure terminal awplus config access list hardware my list awplus con...

Страница 944: ...mber e g no deny proto 2 192 168 0 0 16 any You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax sequence number action proto 1 255 source ip dest ip source mac dest mac vlan 1 4094 no sequence number no action proto 1 255 source ip dest ip source mac dest mac vlan 1 4094 Table ...

Страница 945: ...re the valid formats for specifying the source any Match any source IP address dhcpsnooping Match the source address learned from the DHCP Snooping binding database host ip addr Match a single source host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any source IP address within the specified subnet Specify the subnet by entering the IPv4 address then a forwa...

Страница 946: ...ddress to match against followed by the mask Enter the address in the format HHHH HHHH HHHH where each H is a hexadecimal number Enter the mask in the format HHHH HHHH HHHH where each H is a hexadecimal number For a mask each value is either 0 or F where FF Ignore and 00 Match dhcpsnooping Match the source address learned from the DHCP Snooping binding database dest mac The destination MAC address...

Страница 947: ...ing RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC938 29 ISO TP4 ISO Transport Protocol Class 4 RFC905 30 Bulk Data Transfer Protocol RFC969 33 DCCP Datagram Congestion Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Proto...

Страница 948: ... multiple of 10 as its sequence number Then use the access group or the match access group command to apply this ACL to a port VLAN or QoS class map Note that the ACL will only apply to incoming data packets You can use ACLs to redirect packets by sending them to the CPU the mirror port or a specific VLAN on a specific port Use such ACLs with caution They could prevent control packets from reachin...

Страница 949: ...us Operating System Version 5 4 7 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS NAMED HARDWARE ACL IP PROTOCOL ENTRY match access group show running config show access list IPv4 Hardware ACLs Command changes Version 5 4 6 2 1 send to vlan port action parameter added ...

Страница 950: ...its filter profile without specifying its sequence number e g no permit mac aaaa bbbb cccc 0000 0000 0000 any You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax sequence number action mac source mac any dest mac any vlan 1 4094 inner vlan 1 4094 no sequence number no action ma...

Страница 951: ...hat the ACL will only apply to incoming data packets send to vlan port vlan vid port port number Send matching packets to the specified port tagged with the specified VLAN The specified port must belong to the specified VLAN send to cpu Send matching packets to the CPU mac Match against MAC address source mac The source MAC address to match against followed by the mask Enter the address in the for...

Страница 952: ... packets with a source MAC address of 0000 00ab 1234 and any destination MAC address use the commands awplus configure terminal awplus config access list hardware my list awplus config ip hw acl permit mac 0000 00ab 1234 0000 0000 0000 any To remove a filter entry that permit packets with a source MAC address of 0000 00ab 1234 and any destination MAC address use the commands awplus configure termi...

Страница 953: ...pecifying its sequence number e g no permit udp 192 168 0 0 16 any You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax sequence number action tcp udp source ip source ports dest ip dest ports vlan 1 4094 no sequence number no action tcp udp source ip source ports dest ip dest p...

Страница 954: ...ip addr Match a single source host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any source IP address within the specified subnet Specify the subnet by entering the IPv4 address then a forward slash then the prefix length ip addr reverse mask Match any source IP address within the specified subnet Specify the subnet by entering a reverse mask in dotted decim...

Страница 955: ... destination IP address host ip addr Match a single destination host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any destination IP address within the specified subnet Specify the subnet by entering the IPv4 address then a forward slash then the prefix length ip addr reverse mask Match any destination IP address within the specified subnet Specify the subne...

Страница 956: ...kets You can use ACLs to redirect packets by sending them to the CPU the mirror port or a specific VLAN on a specific port Use such ACLs with caution They could prevent control packets from reaching the correct destination such as EPSR healthcheck messages and VCStack messages Example To add a filter entry to access list named my list that will permit TCP packets with a destination address of 192 ...

Страница 957: ...CL is not written to hardware until you exit IPv4 Hardware ACL Configuration mode By entering this command you can ensure that the current state of a hardware access list that is being edited is written to hardware immediately Scripts typically do not include the exit command to exit configuration modes potentially leading to IPv4 ACL filters in hardware not being correctly updated Using this comm...

Страница 958: ... show access list To show the access list with an ID of 20 awplus show access list 20 Parameter Description 1 99 IP standard access list 100 199 IP extended access list 1300 1999 IP standard access list standard expanded range 2000 2699 IP extended access list extended expanded range 3000 3699 Hardware IP access list 4000 4499 Hardware MAC access list access list name IP named access list Standard...

Страница 959: ...NTROL LIST ACL COMMANDS SHOW ACCESS LIST IPV4 HARDWARE ACLS The following error message is displayed if you try to show an undefined access list awplus show access list 2 Related Commands access list extended named access list numbered hardware ACL for MAC addresses access list hardware named hardware ACL Can t find access list 2 ...

Страница 960: ... access group 3000 3699 4000 4699 Mode User Exec and Privileged Exec Example To show all access lists attached to port1 0 1 use the command awplus show interface port1 0 1 access group Output Figure 26 1 Example output from the show interface access group command Related Commands access group Parameter Description port list Specify the ports to display information A port list can be either a switc...

Страница 961: ...lf For more information on link aggregation see the following references the Link Aggregation Feature Overview_and Configuration Guide Link Aggregation Commands NOTE Text in parenthesis in command names indicates usage not keyword entry For example access list hardware named indicates named IPv4 hardware ACLs enteredasaccess list hardware name where name isaplaceholdernot a keyword Parenthesis sur...

Страница 962: ...ip access list Privileged Exec awplus access group Global Configuration awplus config access list extended named Global Configuration awplus config access list extended numbered Global Configuration awplus config access list standard named Global Configuration awplus config access list standard numbered Global Configuration awplus config maximum access list Global Configuration awplus config dos I...

Страница 963: ...963 AlliedWare Plus Operating System Version 5 4 7 0 x IPV4 SOFTWARE ACCESS CONTROL LIST ACL COMMANDS show access list IPv4 Software ACLs on page 999 show dos interface on page 1001 show ip access list on page 1004 vty access class numbered on page 1005 ...

Страница 964: ...list extended list name no access list extended list name Syntax icmp access list extended list name deny permit icmp source destination icmp type type number log no access list extended list name deny permit icmp source destination icmp type type number log Parameter Description list name A user defined name for the access list Table 27 2 Parameters in the access list extended named command icmp ...

Страница 965: ... enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with the...

Страница 966: ...Echo replies 3 Destination unreachable messages 4 Source quench messages 5 Redirect change route messages 8 Echo requests 11 Time exceeded messages 12 Parameter problem messages 13 Timestamp requests 14 Timestamp replies 15 Information requests 16 Information replies 17 Address mask requests 18 Address mask replies log Logs the results Table 27 2 Parameters in the access list extended named comman...

Страница 967: ...all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with the IP address given by ip addr in dotted decimal notation ip addr prefix An IPv4 address followed by a forward slash then the prefix length This matches any destination IP address within the specified subnet ip addr reverse ...

Страница 968: ...ects packets that match the type source and destination filtering specified with this command permit The access list permits packets that match the type source and destination filtering specified with this command proto Matches only a specified type of IP Protocol any The access list matches any type of IP packet ip The access list matches only IP packets source The source address of the packets Y...

Страница 969: ...mat For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 log Logs the results ip protocol The IP protocol number as defined by IANA Internet Assigned Numbers Authority www iana org assignments protocol numbers See below for a list of IP protocol numbers and their descriptions Table 27 5 IP protocol number and description Protocol Number Protocol Description RFC 1 Inter...

Страница 970: ...gram Congestion Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protocol RFC1735 58 ICMP for IPv6 RFC1883 59 No Next Header for IPv6 RFC1883 60 Destination Options for IPv6 RFC1883 88 EIGRP Enhanced Interior Gateway Routing Protocol 89 OSPFIGP RFC1583 97 Ethernet within...

Страница 971: ...ware ACLs will deny access unless explicitly permitted by an ACL action Examples You can enter the extended named ACL in the Global Configuration mode together with the ACL filter entry on the same line as shown below awplus configure terminal awplus config access list extended TK deny tcp 2 2 2 3 24 eq 14 3 3 3 4 24 eq 12 log Alternatively you can enter the extended named ACL in Global Configurat...

Страница 972: ...ation no access list 100 199 2000 2699 deny permit ip source destination Parameter Description 100 199 IP extended access list 2000 2699 IP extended access list expanded range Parameter Description 100 199 IP extended access list 2000 2699 IP extended access list expanded range deny Access list rejects packets that match the source and destination filtering specified with this command permit Acces...

Страница 973: ...mitted by an ACL action Examples You can enter the extended ACL in the Global Configuration mode together with the ACL filter entry on the same line as shown below awplus configure terminal awplus config access list 101 deny ip 172 16 10 0 0 0 0 255 any Alternatively you can enter the extended ACL in Global Configuration mode before specifying the ACL filter entry in the IPv4 Extended ACL Configur...

Страница 974: ...rmit icmp source destination icmp type icmp value log no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list deny Access list rejects packets that match the source and destination filtering specified with this command permit Access list permits packets that match the source and destination filtering specified wi...

Страница 975: ...red command or the access list extended named command with the required access control list number or name but with no further parameters selected Software ACLs will deny access unless explicitly permitted by an ACL action Examples To add a new entry in access list called my listthatwill reject ICMP packets from 10 0 0 1 to 192 168 1 1 use the commands awplus configure terminal awplus config acces...

Страница 976: ...ound by running theshowaccess list IPv4 Software ACLs command Syntax ip sequence number deny permit ip source destination no deny permit ip source destination no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list deny Access list rejects packets that match the source and destination filtering specified with thi...

Страница 977: ... following commands to enter the IPv4 Extended ACL Configuration mode and define a numbered extended access list 101 awplus configure terminal awplus config access list 101 awplus config ip ext acl Then use the following commands to add a new entry to the numbered extended access list 101 that will reject packets from 10 0 0 1 to 192 168 1 1 awplus config ip ext acl deny ip host 10 0 0 1 host 192 ...

Страница 978: ...t 10 0 0 1 host 192 168 1 1 awplus config ip ext acl 20 permit ip any any Example 3 list number Use the following commands to remove the access list filter entry with sequence number 20 from extended numbered access list 101 awplus configure terminal awplus config access list 101 awplus config ip ext acl no 20 Example 4 list name Use the following commands to remove the access list filter entry wi...

Страница 979: ...s command Syntax proto sequence number deny permit proto ip protocol source destination log no deny permit proto ip protocol source destination log no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list deny Access list rejects packets that match the source and destination filtering specified with this command p...

Страница 980: ...escription RFC 1 Internet Control Message RFC792 2 Internet Group Management RFC1112 3 Gateway to Gateway RFC823 4 IP in IP RFC2003 5 Stream RFC1190 RFC1819 6 TCP Transmission Control Protocol RFC793 8 EGP Exterior Gateway Protocol RFC888 9 IGP Interior Gateway Protocol IANA 11 Network Voice Protocol RFC741 17 UDP User Datagram Protocol RFC768 20 Host monitoring RFC869 27 RDP Reliable Data Protoco...

Страница 981: ...lected Software ACLs will deny access unless explicitly permitted by an ACL action Example 1 creating a list Use the following commands to add a new access list filter entry to the access list named my list that will reject IP packets from source address 10 10 1 1 32 to destination address 192 68 1 1 32 awplus configure terminal awplus config access list extended my list awplus config ip ext acl d...

Страница 982: ...OL FILTER Example 2 adding to a list Use the following commands to add a new access list filter entry at sequence position 5 in the access list named my list that will accept packets from source address 10 10 1 1 24 to destination address 192 68 1 1 24 awplus configure terminal awplus config access list extended my list awplus config ip ext acl 5 permit ip 10 10 1 1 24 192 168 1 1 24 ...

Страница 983: ...t lt sourceport gt sourceport ne sourceport destination eq destport lt destport gt destport ne destport log no sequence number deny permit tcp udp source eq sourceport lt sourceport gt sourceport ne sourceport destination eq destport lt destport gt destport ne destport log no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected acce...

Страница 984: ...reating a list To add a new entry to the access list named my list that will reject TCP packets from 10 0 0 1on TCP port 10 to 192 168 1 1 on TCP port 20 use the commands awplus configure terminal awplus config access list extended my list awplus config ip ext acl deny tcp 10 0 0 1 32 eq 10 192 168 1 1 32 eq 20 destination The destination address of the packets You can specify a single host a subn...

Страница 985: ...ED TCP UDP FILTER Example 2 adding to a list To insert a new entry with sequence number 5 of the access list named my list that will accept UDP packets from 10 1 1 0 24 network to 192 168 1 0 24 network on UDP port 80 use the commands awplus configure terminal awplus config access list extended my list awplus config ip ext acl 5 permit udp 10 1 1 0 24 192 168 1 0 24 eq 80 ...

Страница 986: ...rmit access list standard standard access list name deny permit source no access list standard standard access list name deny permit source Mode Global Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Parameter Description standard access list name Specify a name for the standard access list Parameter Description standard access list ...

Страница 987: ...you can configure your access lists by using the command access list standard named filter NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples To define a standard access list named my list and deny any packets from any source use the commands awplus configure terminal awplus config access list standard my list deny any Alternatively to define a standard acces...

Страница 988: ...99 deny permit source no access list 1 99 1300 1999 deny permit source Mode Global Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Usage Use this command when configuring a standard numbered access list for filtering IP software packets Parameter Description 1 99 IP standard access list 1300 1999 IP standard access list expanded rang...

Страница 989: ...ccess list standard numbered filter NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples To create ACL number 67 that will deny packets from subnet 172 16 10 use the commands awplus configure terminal awplus config access list 67 deny 172 16 10 0 0 0 0 255 Alternatively to enter the IPv4 Standard ACL Configuration mode to create the ACL filter and deny packets ...

Страница 990: ...equence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax sequence number deny permit source exact match any no deny permit source exact match any no sequence number Mode IPv4 Standard ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Parameter Description sequence number 1 65535 The sequence number f...

Страница 991: ...he access list standard named command with the required access control list name but with no further parameters selected Software ACLs will deny access unless explicitly permitted by an ACL action Examples Use the following commands to add a new filter entry to access list my list that will reject IP address 10 1 1 1 awplus configure terminal awplus config access list standard my list awplus confi...

Страница 992: ...nce numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax sequence number deny permit source host host address any no deny permit source host host address any no sequence number Mode IPv4 Standard ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Parameter Description sequence number 1 65535 The sequence ...

Страница 993: ... an existing list by specifying the appropriate sequence number NOTE The access control list being configured is selected by running the access list standard numbered command with the required access control list number but with no further parameters selected Software ACLs will deny access unless explicitly permitted by an ACL action Example To add a new entry accepting the IP network 10 1 1 0 24 ...

Страница 994: ...EFIX LIST clear ip prefix list Overview Use this command to reset the hit count to zero in the prefix list entries Syntax clear ip prefix list list name ip address mask Mode Privileged Exec Example To clear a prefix list named List1 awplus clear ip prefix list List1 Parameter Description list name The name of the prefix list ip address mask The IP prefix and length ...

Страница 995: ...s ipoptions land ping of death smurf broadcast ip address synflood teardrop action shutdown trap mirror Mode Interface Configuration for a switch port interface Default DoS attack detection is not configured by default on any switch port interface Usage See the below table for more information about the DoS attacks recognized by this command Parameter Description dos Denial Of Service ipoptions IP...

Страница 996: ...t normal traffic switching between ports but other protocols such as IGMP and STP may be affected This defense is not recommended where a large number of fragmented packets are expected smurf This type of attack is an ICMP ping packet to a broadcast address Although routers should not forward packets to local broadcast addresses anymore see RFC2644 the Smurf attack can still be explicitly discarde...

Страница 997: ...e interface if an attack is detected use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if dos ipoptions action shutdown To configure ping of death DoS detection on port1 0 1 and shutdown the interface if an attack is detected use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if dos ping of death action shutdown To co...

Страница 998: ...e access lists within the ranges 1 199 1300 1999 and 2000 2699 and named standard and extended access lists The no variant of this command removes the limit on the number of filters that can be added to a software access list Syntax maximum access list 1 4294967294 no maximum access list Mode Global Configuration Example To set the maximum number of software filters to 200 use the commands awplus ...

Страница 999: ...o show all access lists configured on the switch awplus show access list To show the access list with an ID of 20 awplus show access list 20 Parameter Description 1 99 IP standard access list 100 199 IP extended access list 1300 1999 IP standard access list standard expanded range 2000 2699 IP extended access list extended expanded range 3000 3699 Hardware IP access list 4000 4499 Hardware MAC acc...

Страница 1000: ...V4 SOFTWARE ACLS Note the following error message is displayed if you attempt to show an undefined access list awplus show access list 2 Related Commands access list standard named access list standard numbered access list extended numbered Standard IP access list 20 deny 192 168 10 0 wildcard bits 0 0 0 255 deny 192 168 12 0 wildcard bits 0 0 0 255 Can t find access list 2 ...

Страница 1001: ...1 Example output from the show dos interface command prior to a DoS attack Parameter Description port list Specify the switch port or port list to display DoS configuration options set with the dos command awplus configure terminal Enter configuration commands one per line End with CTNTL Z awplus config interface port1 0 1 awplus config if dos synflood action shutdown awplus config if exit awplus ...

Страница 1002: ... down with the shutdown command ipoptions Displays Enabled when the ipoptions parameter is configured with thedos command plus the action Shutdown port Mirror port or Trap port and the number of instances of any ipoptions DoS attacks that have occurred on the interface Displays Disabled when the ipoptions parameter is not configured with the dos command land Displays Enabled when the land paramete...

Страница 1003: ...s Enabled when the synflood parameter is configured with the dos command plus the action Shutdown port Mirror port or Trap port and the number of instances of any synflood DoS attacks that have occurred on the interface Displays Disabled when the synflood parameter is not configured with the dos command teardrop Displays Enabled when the teardrop parameter is configured with the dos command plus t...

Страница 1004: ... 2000 2699 access list name Mode User Exec and Privileged Exec Example awplus show ip access list Output Figure 27 3 Example output from the show ip access list command Parameter Description 1 99 IP standard access list 100 199 IP extended access list 1300 1999 IP standard access list expanded range 2000 2699 IP extended access list expanded range access list name IP named access list Standard IP ...

Страница 1005: ...ld be to permit a specific address or range of addresses and rely on the deny all filter to block all other access Use the no variant of this command to remove the access list Syntax vty access class 1 99 1300 1999 no vty access class 1 99 1300 1999 Mode Global Configuration Examples To set access list 4 to be the management ACL use the following commands awplus configure terminal awplus config vt...

Страница 1006: ...a static channel group apply it to the static channel group itself For more information on link aggregation see the following references Link Aggregation Feature Overview_and Configuration Guide Link Aggregation Commands Most ACL command titles include usage information in parentheses When the command title is completely surrounded by parentheses the title indicates the type of ACL filter instead ...

Страница 1007: ...le 28 1 IPv6 Hardware Access List Commands and Prompts Command Name Command Mode Prompt show ipv6 access list IPv6 Hardware ACLs Privileged Exec awplus ipv6 access list named IPv6 hardware ACL Global Configuration awplus config ipv6 traffic filter Interface Configuration awplus config if commit IPv6 IPv6 Hardware ACL Configuration awplus config ipv6 hw acl named IPv6 hardware ACL IPv6 packet entry...

Страница 1008: ... IPv6 ACL is not written to hardware until you exit IPv6 Hardware ACL Configuration mode By entering this command you can ensure that the current state of a hardware access list that is being edited is written to hardware immediately Scripts typically do not include the exit command to exit configuration modes potentially leading to IPv6 ACL filters in hardware not being correctly updated Using th...

Страница 1009: ...sion of IPv6 packets on an interface and restrict the content of routing updates The switch stops checking the IPv6 hardware named access list when a match is encountered This command moves you to the config ipv6 hw acl prompt for the selected IPv6 hardware named access list number From there you can configure the filters for this selected IPv6 hardware named access list Once you have configured t...

Страница 1010: ... 4 7 0 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS IPV6 ACCESS LIST NAMED IPV6 HARDWARE ACL named IPv6 hardware ACL IPv6 packet entry named IPv6 hardware ACL IP protocol entry named IPv6 hardware ACL TCP or UDP entry ipv6 traffic filter match access group show ipv6 access list IPv6 Hardware ACLs ...

Страница 1011: ...ou can find the sequence number by running the show ipv6 access list IPv6 Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax sequence number action icmp source addr dest addr icmp type number vlan 1 4094 no sequence number no action icmp source addr dest addr icmp type number vlan 1 4094 Parameter Description sequence number The sequence number ...

Страница 1012: ...lly set between 0 and 64 ipv6 src address ipv6 src wildcard Match the specified IPv6 source address masked using wildcard bits The IPv6 address uses the format X X X X In the wildcard bits 1 represents bits to ignore and 0 represents bits to match host ipv6 source host Match a single source host address The IPv6 address uses the format X X X X dest addr The destination addresses to match against Y...

Страница 1013: ...tion If you do not specify a sequence number the switch puts the entry at the end of the ACL and assigns it the next available multiple of 10 as its sequence number Once you have configured the ACL use the ipv6 traffic filter or the match access group command to apply this ACL to a port VLAN or QoS class map Note that the ACL will only apply to incoming data packets host ipv6 dest host Match a sin...

Страница 1014: ...inal awplus config ipv6 access list my acl awplus config ipv6 hw acl no deny icmp 2001 0db8 0 64 any To specify anACL named my acl1 and add a filter entry that blocks all ICMP6echo requests enter the commands awplus configure terminal awplus config ipv6 access list my acl1 awplus config ipv6 hw acl deny icmp any any icmp type 128 To specify anACL named my acl2 and add a filter entry that blocks al...

Страница 1015: ...y ipv6 2001 0db8 0 64 any You can find the sequence number by running the show ipv6 access list IPv6 Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax sequence number action ipv6 source addr dest addr vlan 1 4094 no sequence number no action ipv6 source addr dest addr vlan 1 4094 Parameter Description sequence number The sequence number for the...

Страница 1016: ...sually set between 0 and 64 ipv6 src address ipv6 src wildcard Match the specified IPv6 source address masked using wildcard bits The IPv6 address uses the format X X X X In the wildcard bits 1 represents bits to ignore and 0 represents bits to match host ipv6 source host Match a single source host address The IPv6 address uses the format X X X X dest addr The destination addresses to match agains...

Страница 1017: ... you have configured the ACL use the ipv6 traffic filter or the match access group command to apply this ACL to a port VLAN or QoS class map Note that the ACL will only apply to incoming data packets You can use ACLs to redirect packets by sending them to the CPU the mirror port or a specific VLAN on a specific port Use such ACLs with caution They could prevent control packets from reaching the co...

Страница 1018: ...0 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS NAMED IPV6 HARDWARE ACL IPV6 PACKET ENTRY Related Commands ipv6 access list named IPv6 hardware ACL ipv6 traffic filter match access group show ipv6 access list IPv6 Hardware ACLs Command changes Version 5 4 6 2 1 send to vlan port action parameter added ...

Страница 1019: ...u can find the sequence number by running the show ipv6 access list IPv6 Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax sequence number action proto 1 255 source addr dest addr vlan 1 4094 no sequence number no action proto 1 255 source addr dest addr vlan 1 4094 Table 28 2 Parameters in IP protocol ACL entries Parameter Description sequence...

Страница 1020: ...y source host ipv6 src address prefix length Match the specified source address and prefix length The IPv6 address prefix uses the format X X prefix length The prefix length is usually set between 0 and 64 ipv6 src address ipv6 src wildcard Match the specified IPv6 source address masked using wildcard bits The IPv6 address uses the format X X X X In the wildcard bits 1 represents bits to ignore an...

Страница 1021: ...ol number and description Protocol Number Protocol Description RFC 1 Internet Control Message RFC792 2 Internet Group Management RFC1112 3 Gateway to Gateway RFC823 4 IP in IP RFC2003 5 Stream RFC1190 RFC1819 6 TCP Transmission Control Protocol RFC793 8 EGP Exterior Gateway Protocol RFC888 9 IGP Interior Gateway Protocol IANA 11 Network Voice Protocol RFC741 17 UDP User Datagram Protocol RFC768 20...

Страница 1022: ...witch puts the entry at the end of the ACL and assigns it the next available multiple of 10 as its sequence number Once you have configured the ACL use the ipv6 traffic filter or the match access group command to apply this ACL to a port VLAN or QoS class map Note that the ACL will only apply to incoming data packets 54 NARP NBMA Address Resolution Protocol RFC1735 58 ICMP for IPv6 RFC1883 59 No N...

Страница 1023: ... add a filter entry to the ACL named my acl to deny IGMP packets from 2001 0db8 0 64 use the commands awplus configure terminal awplus config ipv6 access list my acl awplus config ipv6 hw acl deny proto 2 2001 0db8 0 64 any To remove a filter entry that blocks IGMP packets from network 2001 0db8 0 64 from the ACL named my acl use the commands awplus configure terminal awplus config ipv6 access lis...

Страница 1024: ... Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax sequence number action tcp udp source addr source ports dest addr dest ports vlan 1 4094 no sequence number no action tcp udp source addr source ports dest addr dest ports vlan 1 4094 Parameter Description sequence number The sequence number for the filter entry of the selected access control l...

Страница 1025: ...et Specify the subnet by entering the IPv4 address then a forward slash then the prefix length ip addr reverse mask Match any source IP address within the specified subnet Specify the subnet by entering a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 source ports Match source TCP or UDP port numbers Port numbers are specifie...

Страница 1026: ...iple of 10 as its sequence number host ip addr Match a single destination host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any destination IP address within the specified subnet Specify the subnet by entering the IPv4 address then a forward slash then the prefix length ip addr reverse mask Match any destination IP address within the specified subnet Specify...

Страница 1027: ...hardware IPv6 access list named my acl use the commands awplus configure terminal awplus config ipv6 access list my acl awplus config ipv6 hw acl deny tcp 2001 0db8 0 64 any eq 22 To add a filter entry that blocks all SSH traffic from network 2001 0db8 0 64 on the default VLAN vlan1 to the hardware IPv6 access list named my acl use the commands awplus configure terminal awplus config ipv6 access l...

Страница 1028: ...e number of access lists that can be added is determined by the amount of available space in the hardware based packet classification tables To apply the access list to all ports on the switch execute the command in the Global Configuration mode To apply the access list to a Layer 2 interface or Layer 2 interface range apply the command in the Interface Configuration mode See the examples for each...

Страница 1029: ...ing System Version 5 4 7 0 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS IPV6 TRAFFIC FILTER named IPv6 hardware ACL IPv6 packet entry named IPv6 hardware ACL IP protocol entry named IPv6 hardware ACL TCP or UDP entry ipv6 traffic filter show ipv6 access list IPv6 Hardware ACLs ...

Страница 1030: ...show ipv6 access list name Mode User Exec and Privileged Exec Example To show all configured IPv6 access lists use the command awplus show ipv6 access list Output Figure 28 1 Example output from the show ipv6 access list command Related Commands ipv6 access list named IPv6 hardware ACL named IPv6 hardware ACL ICMP entry named IPv6 hardware ACL IPv6 packet entry named IPv6 hardware ACL IP protocol ...

Страница 1031: ...more information on link aggregation see the following references the Link Aggregation Feature Overview_and_Configuration Guide Link Aggregation Commands Note that text in parenthesis in command names indicates usage not keyword entry For example ipv6 access list named indicates named IPv6 ACLs entered as ipv6 access list name where name is a placeholder not a keyword Note also that parenthesis su...

Страница 1032: ...6 access list IPv6 Software ACLs on page 1049 vty ipv6 access class named on page 1051 Table 29 1 IPv6 Software Access List Commands and Prompts Command Name Command Mode Prompt show ipv6 access list IPv6 Software ACLs Privileged Exec awplus ipv6 access list extended named Global Configuration awplus config ipv6 access list standard named Global Configuration awplus config ipv6 access list extende...

Страница 1033: ...s prefix length any ipv6 destination address prefix length any icmp type icmp type log Syntax tcp udp ipv6 access list extended list name deny permit tcp udp ipv6 source address prefix length any eq sourceport lt sourceport gt sourceport ne sourceport ipv6 destination address prefix length any eq destport lt destport gt destport ne destport log no ipv6 access list extended list name deny permit tc...

Страница 1034: ...stination address prefix length Specifies a destination address and prefix length The IPv6 address uses the format X X X X Prefix Length The prefix length is usually set between 0 and 64 any Matches any IPv6 address sourceport For TCP UDP The source port number specified as an integer between 0 and 65535 destport For TCP UDP The destination port number specified as an integer between 0 and 65535 i...

Страница 1035: ...ss list extended followed by only the IPv6 extended access list name This latter and preferred method moves you to the config ipv6 ext acl prompt for the selected IPv6 extended access list number and from here you can configure the filters for this selected access list NOTE Software ACLs will deny access unless explicitly permitted by an ACL action icmp type For ICMP IP The ICMP type as defined in...

Страница 1036: ... insert a new filter at sequence number 5 of the access list named my listthat will accept ICMP type 8 packets from the 2001 0db8 0 64 network to the 2001 0db8 f 64 network use the commands awplus configure terminal awplus config ipv6 access list extended my list awplus config ipv6 ext acl 5 icmp 2001 0db8 0 64 2001 0db8 f 64 Example 3 list with filter To create the access list named TK to deny TC...

Страница 1037: ...user defined name for the IPv6 software extended access list deny Specifies the packets to reject permit Specifies the packets to accept proto The IP Protocol type specified by its protocol number in the range 1 to 255 ip protocol The IP protocol number as defined by IANA Internet Assigned Numbers Authority www iana org assignments protocol numbers See below for a list of IP protocol numbers and t...

Страница 1038: ...ta Transfer Protocol RFC969 33 DCCP Datagram Congestion Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protocol RFC1735 58 ICMP for IPv6 RFC1883 59 No Next Header for IPv6 RFC1883 60 Destination Options for IPv6 RFC1883 88 EIGRP Enhanced Interior Gateway Routing Protoc...

Страница 1039: ...CLs will deny access unless explicitly permitted by an ACL action Examples To create the IPv6 access list named ACL 1 to deny IP protocol 9 packets from 2001 0db8 1 1 128 to 2001 0db8 f 1 128 use the commands awplus configure terminal awplus config ipv6 access list extended ACL 1 deny proto 9 2001 0db8 1 1 128 2001 0db8 f 1 128 To remove the IPv6 access list named ACL 1 to deny IP protocol 9 packe...

Страница 1040: ...p any proto ip protocol ipv6 source address prefix any ipv6 destination address prefix any log no deny permit ip any proto ip protocol ipv6 source address prefix any ipv6 destination address prefix any log no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list deny Specifies the packets to reject permit Specifie...

Страница 1041: ...nitoring RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC938 29 ISO TP4 ISO Transport Protocol Class 4 RFC905 30 Bulk Data Transfer Protocol RFC969 33 DCCP Datagram Congestion Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution ...

Страница 1042: ...access list named my list with sequence number 5 rejecting the IPv6 packet from 2001 db8 1 1 to 2001 db8 f 1 use the commands awplus configure terminal awplus config ipv6 access list extended my list awplus config ipv6 ext acl 5 deny ip 2001 db8 1 1 128 2001 db8 f 1 128 To remove the ACL filter entry to the extended IPv6 access list named my list with sequence number 5 use the commands awplus conf...

Страница 1043: ...moval by entering either its sequence number or its filter entry profile Syntax tcp udp sequence number deny permit tcp udp ipv6 source address prefix any eq sourceport lt sourceport gt sourceport ne sourceport IPv6 destination address prefix any eq destport lt destport gt destport ne destport log no deny permit tcp udp ipv6 source address prefix any eq sourceport lt sourceport gt sourceport ne so...

Страница 1044: ...ss list extended my list awplus config ipv6 ext acl 5 deny tcp 2001 0db8 0 64 eq 10 2001 0db8 f 64 eq 20 To add a new filter entry with sequence number 5 to the extended IPv6 access list named my list to reject UDP packets from 2001 0db8 0 64 port 10 to 2001 0db8 f 64 port 20 use the following commands awplus configure terminal awplus config ipv6 access list extended my list awplus config ipv6 ext...

Страница 1045: ...ed by a software ACL that does not explicitly match a filter is denied Usage Use IPv6 standard access lists to control the transmission of IPv6 packets on an interface and restrict the content of routing updates The switch stops checking the IPv6 standard access list when a match is encountered Parameter Description ipv6 acl list name A user defined name for the IPv6 software standard access list ...

Страница 1046: ...and preferred method moves you to the config ipv6 std acl prompt for the selected IPv6 standard access list and from here you can configure the filters for this selected IPv6 standard access list NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Example To enter the IPv6 Standard ACL Configuration mode for the access list named my list use the commands awplus configu...

Страница 1047: ... ipv6 source address prefix length any no sequence number Mode IPv6 Standard ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Usage The filter entry will match on any IPv6 packet that has the specified IPv6 source address and prefix length The parameter any may be specified if an address does not matter NOTE Software ACLs will den...

Страница 1048: ...ed my list enter the commands awplus configure terminal awplus config ipv6 access list standard my list awplus config ipv6 std acl no deny any Alternately to remove the ACL filter entry with sequence number 5 to the standard IPv6 access list named my list enter the commands awplus configure terminal awplus config ipv6 access list standard my list awplus config ipv6 std acl no 5 Related Commands ip...

Страница 1049: ...w all configured IPv6 access lists use the following command awplus show ipv6 access list Output Figure 29 1 Example output from show ipv6 access list Example To show the IPv6 access list named deny_icmp use the following command awplus show ipv6 access list deny_icmp Output Figure 29 2 Example output from show ipv6 access list for a named ACL Parameter Description access list name Only display in...

Страница 1050: ... 5 4 7 0 x IPV6 SOFTWARE ACCESS CONTROL LIST ACL COMMANDS SHOW IPV6 ACCESS LIST IPV6 SOFTWARE ACLS Related Commands ipv6 access list extended named ipv6 access list extended IP protocol filter ipv6 access list standard named ipv6 access list extended TCP UDP filter ipv6 access list standard filter ...

Страница 1051: ...ddress or range of addresses and rely on the deny all filter to block all other access Use the no variant of this command to remove the access list Syntax vty ipv6 access class access name no vty ipv6 access class access name Mode Global Configuration Examples To set the named standard access list named access ctrl to be the IPv6 management ACL use the following commands awplus configure terminal ...

Страница 1052: ... class map on page 1055 clear mls qos interface policer counters on page 1056 default action on page 1057 description QoS policy map on page 1058 egress rate limit on page 1059 match access group on page 1060 match cos on page 1062 match dscp on page 1063 match eth format protocol on page 1064 match inner cos on page 1067 match inner vlan on page 1068 match ip precedence on page 1069 match mac typ...

Страница 1053: ...s qos on page 1093 show mls qos interface on page 1094 show mls qos interface policer counters on page 1097 show mls qos interface queue counters on page 1099 show mls qos interface storm status on page 1101 show mls qos maps cos queue on page 1102 show mls qos maps premark dscp on page 1103 show platform classifier statistics utilization brief on page 1104 show policy map on page 1105 storm actio...

Страница 1054: ...ss map If your class map does not exist you can create it by using the class map command Syntax class name default no class name Mode Policy Map Configuration Example The following example creates the policy map pmap1 using the policy map command then associates this to an already existing class map named cmap1 use the commands awplus configure terminal awplus config policy map pmap1 awplus config...

Страница 1055: ...and to create a class map Use the no variant of this command to delete the named class map Syntax class map name no class map name Mode Global Configuration Example This example creates a class map called cmap1 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap Parameter Description name Name of the class map to be created ...

Страница 1056: ...ps by not specifying a class map Syntax clear mls qos interface port policer counters class map class map Mode Privileged Exec Example To reset the policy counters to zero for all class maps for port1 0 1 use the command awplus clear mls qos interface port1 0 1 policer counters Related Commands show mls qos interface policer counters Parameter Description port The port may be a switch port e g por...

Страница 1057: ...lt action of permit Syntax default action permit deny send to cpu copy to cpu copy to mirror send to mirror no default action Default The default is permit Mode Policy Map Configuration Examples To set the action for the default class map to deny use the command awplus config pmap default action deny To set the action for the default class map to copy to mirror for use with the mirror interface co...

Страница 1058: ...l description of the policy map This can be up to 80 characters long Use the no variant of this command to remove the current description from the policy map Syntax description line no description Mode Policy Map Configuration Example To add the description VOIP traffic use the command awplus config pmap description VOIP traffic Parameter Description line Up to 80 character long line description ...

Страница 1059: ...l awplus config interface port1 0 1 awplus config if egress rate limit 64k Egress rate limit has been set to 64 Kb To disable egress rate limiting on a port use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if no egress rate limit Parameter Description rate limit Bandwidth 1 10000000 units per second usable units k m g The egress rate limit can be configure...

Страница 1060: ...ming data packets Examples To configure a class map named cmap1 which matches traffic against access list 3001 which allows IP traffic from any source to any destination use the commands awplus configure terminal awplus config access list 3001 permit ip any any awplus config class map cmap1 awplus config cmap match access group 3001 To configure a class map named cmap2 which matches traffic agains...

Страница 1061: ...g ip hw acl permit ip any any awplus config class map cmap3 awplus config cmap match access group hw_acl To apply ACL 3001 to VLAN 48 where the ACL drops IP traffic from any source to any destination use the commands awplus configure terminal awplus config access list 3001 deny ip any any awplus config vlan access map deny_all awplus config vlan access map match access group 3001 awplus config vla...

Страница 1062: ...variant of this command to remove CoS Syntax match cos 0 7 no match cos Mode Class Map Configuration Examples To set the class map s CoS to 4 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match cos 4 To remove CoS from a class map use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap no match cos Parameter Descript...

Страница 1063: ...ion Usage Use the match dscp command to define the match criterion after creating a class map Examples To configure a class map named cmap1 with criterion that matches DSCP 56 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match dscp 56 To remove a previously defined DSCP from a class map named cmap1 use the commands awplus configure terminal awplus con...

Страница 1064: ... enter the parameter name ethii untagged EthII Untagged Packets enter the parameter name ethii any EthII Tagged or Untagged Packets enter the parameter name netwareraw tagged Netware Raw Tagged Packets enter the parameter name netwareraw untagged Netware Raw Untagged Packets enter the parameter name snap tagged SNAP Tagged Packets enter the parameter name snap untagged SNAP Untagged Packets enter ...

Страница 1065: ...ber 0807 enter the parameter name or its number banyan systems Protocol Number 0BAD enter the parameter name or its number bbn simnet Protocol Number 5208 enter the parameter name or its number dec mop dump ld Protocol Number 6001 enter the parameter name or its number dec mop rem cdons Protocol Number 6002 enter the parameter name or its number dec decnet Protocol Number 6003 enter the parameter ...

Страница 1066: ...ss map cmap1 awplus config cmap no match eth format protocol appletalk Protocol Number 809B enter the parameter name or its number ibm sna Protocol Number 80D5 enter the parameter name or its number appletalk aarp Protocol Number 80F3 enter the parameter name or its number snmp Protocol Number 814CV ethertalk 2 Protocol Number 809B enter the parameter name or its number ethertalk 2 aarp Protocol N...

Страница 1067: ... to remove CoS Syntax match inner cos 0 7 no match inner cos Mode Class Map Configuration Examples To set the class map s inner cos to 4 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match inner cos 4 To remove CoS from the class map use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap no match inner cos Parameter...

Страница 1068: ...d in double tagged networks to match on a VLAN ID belonging to the client network For more information on VLAN double tagged networks see the VLAN Feature Overview and Configuration Guide Examples To configure a class mapnamedcmap1to matchtraffic frominner VLAN3 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match inner vlan 3 To disable the configured ...

Страница 1069: ...Use the no variant of this command to remove IP precedence values from a class map Syntax match ip precedence 0 7 no match ip precedence Mode Class Map Configuration Example To configure a class map named cmap1 to match all IPv4 packets with a precedence value of 5 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match ip precedence 5 Parameter Descriptio...

Страница 1070: ...cast l2mcast l2ucast no match mac type Mode Class Map Configuration Examples To set the class map s MAC type to Layer 2 multicast use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match mac type l2mcast To remove the class map s MAC type entry use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap no match mac type Para...

Страница 1071: ...yntax match tcp flags ack fin psh rst syn urg no match tcp flags ack fin psh rst syn urg Mode Class Map Configuration Examples To set the class map s TCP flags to ack and syn use the commands awplus configure terminal awplus config class map awplus config cmap match tcp flags ack syn To remove the TCP flags ack and rst use the commands awplus configure terminal awplus config class map awplus confi...

Страница 1072: ...ria Syntax match vlan 1 4094 no match vlan Mode Class Map Configuration Examples To configure a class map named cmap1 to include traffic from VLAN 3 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match vlan 3 To disable the configured VLAN ID as a match criteria for the class map named cmap1 use the commands awplus configure terminal awplus config class...

Страница 1073: ...nterface to the default CoS setting for untagged frames entering the interface Syntax mls qos cos 0 7 no mls qos cos Default By default all untagged frames are assigned a CoS value of 0 Note that for tagged frames the default behavior is not to alter the CoS value Mode Interface Configuration Example To assign a CoS user priority value of 2 to all untagged packets entering ports 1 0 1 to 1 0 6 use...

Страница 1074: ...of this command to globally disable QoS and remove all QoS configuration The no variant of this command removes all class maps policy maps and policers that have been created Running the no mls qos command will therefore remove all pre existing QoS configurations on the switch Mode Global Configuration Syntax mls qos enable no mls qos Example To enable QoS on the switch use the commands awplus con...

Страница 1075: ... setting The default mappings for this command are Syntax mls qos map cos queue cos priority to queue number no mls qos map cos queue Mode Global Configuration Examples To map CoS 2 to queue 0 use the command awplus configure terminal awplus config mls qos map cos queue 2 to 0 To set the cos queue map back to its defaults use the command awplus configure terminal awplus config no mls qos map cos q...

Страница 1076: ...p command set this command mls qos map premark dscp enables you to make the following changes remap the DSCP leaving the other settings unchanged remap any or all of CoS outputqueue or bandwidth class values leaving the DSCP unchanged NOTE If you attempt to remap both the DSCP and another setting only the DSCP remap will take effect Parameter Description premark dscp 0 63 The DSCP value on ingress...

Страница 1077: ... use a new DSCP of 2 a new CoS of 3 and a new bandwidth class of yellow use the command awplus configure terminal awplus config mls qos map premark dscp 1 to new dscp 2 new cos 3 new bandwidth class yellow Example To reset the entry for DSCP 1 use the command awplus configure terminal awplus config no mls qos map premark dscp 1 Related Commands show mls qos maps premark dscp trust dscp ...

Страница 1078: ...nfigured on the class map Syntax no police Mode Policy Map Class Configuration Usage This command disables any policer previously configured on the class map Example To disable policing on a class map use the command awplus configure terminal awplus config policy map name awplus config pmap class classname awplus config pmap c no police Related Commands police single rate action police twin rate a...

Страница 1079: ... does not only apply to red traffic If a remark map is configured on the same class map as the policer then the remark map will apply to green colored and yellow colored traffic irrespectiveof the value configured on the action parameter of the policer So even if action is configured to drop red the remark map will be applied to green and yellow traffic So the action parameter only applies to red ...

Страница 1080: ...ction of the remark map applied to it and is then transmitted Example To configure a single rate meter measuring traffic of 10 Mbps that drops a sustained burst of traffic over this rate use the commands awplus configure terminal awplus config policy map name awplus config pmap class classname awplus config pmap c police single rate 10000 1875000 1875000 action drop red Related Commands no police ...

Страница 1081: ...ckets classed as red will be discarded Parameter Description cir Specify the Committed Information Rate CIR 1 40000000 kbps pir Specify the Peak Information Rate PIR 1 40000000 kbps cbs Specify the Committed Burst Size CBS 0 16777216 bytes pbs Specify the Peak Burst Size PBS 0 16777216 bytes action Specify the action if rate is exceeded drop red Drop the red packets remark transmit Modify the pack...

Страница 1082: ...arameter of the policer So even if action is configured to drop red the remark map will be applied to green and yellow traffic So the action parameter only applies to red colored traffic If action is set to drop red then red traffic is dropped if action is set to remark transmit then the red traffic has the action of the remark map applied to it and is then transmitted Example To configure a twin ...

Страница 1083: ...y Map Configuration mode to configure the specified policy map Use the no variant of this command to delete an existing policy map Syntax policy map name no policy map name Mode Global Configuration Example To create a policy map called pmap1 use the commands awplus configure terminal awplus config policy map pmap1 awplus config pmap Related Commands class map Parameter Description name Name of th...

Страница 1084: ...You can then use the priority queue command to reset the selected queues to priority queuing Note that the emptying sequence for priority queuing is always highest queue number to lowest queue number Example To apply priority based scheduling to egress queues 1 and 2 use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if priority queue 1 2 Related Commands sh...

Страница 1085: ...s Syntax remark map bandwidth class green yellow red to new dscp 0 63 new bandwidth class green yellow red no remark map bandwidth class green yellow red to new dscp 0 63 new bandwidth class green yellow red Mode Policy Map Class Configuration Examples To remark the policed green traffic to a new DSCP of 2 and a new bandwidth class of yellow use the commands awplus configure terminal awplus config...

Страница 1086: ... configure terminal awplus config policy map pmap1 awplus config pmap class cmap1 awplus config pmap c remark map bandwidth class green to new dscp 2 To reset the DSCP for all bandwidth classes use the commands awplus configure terminal awplus config policy map pmap1 awplus config pmap class cmap1 awplus config pmap c no remark map to new dscp Related Commands police single rate action police twin...

Страница 1087: ...ew cos internal external both Mode Policy Map Class Configuration Usage The default CoS to Queue mappings are shown in the following table The relationship between this command and the CoS to queue map is shown in the following figure Parameter Description 0 7 The new value for the CoS flag and or the input into the CoS to queue map external Remarks the CoS flag in the packet internal Remarks the ...

Страница 1088: ...INPUT FROM THE XISTING O3 VALUE 7ITH THE REMARK NEW COS COMMAND SET TO INTERNAL OR BOTH THE QUEUE MAPPING TAKES ITS INPUT FROM THE VALUE SET BY THE COMMAND REMARK NEW COS OTE THAT ALTHOUGH THE O3 TO 1UEUE MAP APPLIES TO THE WHOLE SWITCH THE REMARK NEW COS COMMAND APPLIES PER INDIVIDUAL CLASS MAP XISTING O3 VALUE EW O3 INTERNAL GRESS QUEUE VALUE O36ALUE GRESS 1UEUE 1O3 1 AP OS TO 1UEUE APPING 2EMAR...

Страница 1089: ...terface association Syntax service policy input policy map no service policy input policy map Mode Interface Configuration Usage This command can be applied to switch ports or static channel groups but not to dynamic LACP channel groups Example To apply a policy map named pmap1 to interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if serv...

Страница 1090: ...is make a policy map that contains one or more class maps that match the traffic to be policy routed Then configure their next hop with this command set ip next hop The remaining traffic will be conventionally routed according to the rules set for the default class map providing that this is not subject to the set ip next hop The situation becomes more complex if the traffic requiring conventional...

Страница 1091: ... 7 0 x QOS COMMANDS SET IP NEXT HOP PBR Example To forward packets to 192 168 1 1 if they match the class map called cmap1 use the commands awplus configure terminal awplus config policy map pmap1 awplus config pmap class cmap1 awplus config pmap c set ip next hop 192 168 1 1 Related commands class map ...

Страница 1092: ...or classifying traffic Syntax show class map class map name Mode User Exec and Privileged Exec Example To display a QoS class map s match criteria for classifying traffic use the command awplus show class map cmap1 Output Figure 30 2 Example output from the show class map command Related Commands class map Parameter Description class map name Name of the class map CLASS MAP NAME cmap1 Set IP DSCP ...

Страница 1093: ...erview Use this command to display whether QoS is enabled or disabled on the switch Syntax show mls qos Mode User Exec and Privileged Exec Example To display whether QoS is enabled or disabled use the command awplus show mls qos Output Figure 30 3 Example output from the show mls qos command Related Commands mls qos enable awplus show mls qos Enable ...

Страница 1094: ...qos interface port Mode User Exec and Privileged Exec Example To display current CoS and queue settings for interface port1 0 1 use the command awplus show mls qos interface port1 0 1 Output Figure 30 4 Example output from the show mls qos interface command Parameter Description port Switch port Default CoS 7 Default Queue 7 Number of egress queues 8 Queue Set 1 Egress Queue 0 Status Enabled Sched...

Страница 1095: ...Queue 6 Status Enabled Scheduler Strict Priority Queue Limit 12 Egress Rate Limit 0 Kb Egress Queue 7 Status Enabled Scheduler Strict Priority Queue Limit 12 Egress Rate Limit 0 Kb Table 31 Parameters in the output of the show mls qos interface command Parameter Description Default CoS The default CoS priority that will be applied to all packets arriving on this interface Default Queue The default...

Страница 1096: ...INTERFACE Queue Limit The percentage of the port s buffers that have been allocated to this queue Egress Rate Limit The amount of traffic that can be transmitted via this queue per second 0 Kb means there is currently no rate limiting enabled Table 31 Parameters in the output of the show mls qos interface command Parameter Description ...

Страница 1097: ...e counters are based on metering performed on the specified class map Therefore the Dropped Bytes counter is the number of bytes dropped due to metering This is different from packets dropped via a deny action in the ACL If a policer is configured to perform re marking bytes can be marked Red but are not dropped and is shown with a value of 0 for the Dropped field and a non 0 value for the Red Byt...

Страница 1098: ...ersion 5 4 7 0 x QOS COMMANDS SHOW MLS QOS INTERFACE POLICER COUNTERS This output shows a policer configured with remarking through action remark transmit so although bytes are marked as Red none are dropped Therefore the Non dropped Bytes field shows a summation of Green Yellow and Red bytes ...

Страница 1099: ...port s queue which will be a sum of all egress queues Syntax show mls qos interface port queue counters queue number Mode User Exec and Privileged Exec Example To show the counters for all queues on port1 0 1 use the command awplus show mls qos interface port1 0 1 queue counters Output Figure 30 6 Example output from the show mls qos interface queue counters command Parameter Description port Swit...

Страница 1100: ...HOW MLS QOS INTERFACE QUEUE COUNTERS Port queue length Number of frames in the port s queue This will be the sum of all egress queues on the port Egress Queue length Number of frames in a specific egress queue Table 32 Parameters in the output of the show mls qos interface queue counters command cont Parameter Description ...

Страница 1101: ...er Exec and Privileged Exec Example To see the QSP status on port1 0 1 use the command awplus show mls qos interface port1 0 1 storm status Output Figure 30 7 Example output from the show mls qos interface storm status command Related Commands storm action storm downtime storm protection storm rate storm window Parameter Description port Switch port Interface port1 0 1 Storm Protection Enabled Por...

Страница 1102: ...current configuration of the cos queue map Syntax show mls qos maps cos queue Mode User Exec and Privileged Exec Example To display the current configuration of the cos queue map use the command awplus show mls qos maps cos queue Output Figure 30 8 Example output from show mls qos maps cos queue Related Commands mls qos map cos queue to COS TO QUEUE MAP COS 0 1 2 3 4 5 6 7 QUEUE 2 0 1 3 4 5 6 7 ...

Страница 1103: ...CP CoS and or bandwidth class of a packet matching the class map based on a lookup DSCP value Syntax show mls qos maps premark dscp 0 63 Mode User Exec and Privileged Exec Example To display the premark dscp map for DSCP 1 use the command awplus show mls qos maps premark dscp 1 Output Figure 30 9 Example output from the show mls qos maps premark dscp command Related Commands mls qos map premark ds...

Страница 1104: ...resents of the total available Syntax show platform classifier statistics utilization brief Mode Privileged Exec Example To display the platform classifier utilization statistics use the following command awplus show platform classifier statistics utilization brief Output Figure 30 10 Output from the show platform classifier statistics utilization brief command Related Commands show platform awplu...

Страница 1105: ...s their associated class maps Syntax show policy map name Mode User Exec and Privileged Exec Example To display a listing of the policy maps configured on the switch use the command awplus show policy map Output Figure 30 11 Example output from the show policy map command Related Commands service policy input Parameter Description name The name of a specific policy map POLICY MAP NAME general traf...

Страница 1106: ...action portdisable vlandisable linkdown no storm action Mode Policy Map Class Configuration Examples To apply the storm protection of vlandisable to the policy map named pmap2 and the class map named cmap1 use the following commands awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap1 awplus config pmap c storm action vlandisable To negate the storm protection se...

Страница 1107: ...0 seconds Syntax storm downtime 1 86400 no storm downtime Default 10 seconds Mode Policy Map Class Configuration Examples To re enable the port in 1 minute use the following commands awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap1 awplus config pmap c storm downtime 60 To re set the port to the default 10 seconds use the following commands awplus configure t...

Страница 1108: ...riant of this command disables Policy Based Storm Protection Syntax storm protection no storm protection Default By default storm protection is disabled Mode Policy Map Class Configuration Examples To enable QSP on cmap2 in pmap2 use the following commands awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap2 awplus config pmap c storm protection To disable QSP on...

Страница 1109: ...e Default No default Mode Policy Map Class Configuration Usage This setting is made in conjunction with the storm window command Examples To limit the data rate to 100Mbps use the following commands awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap2 awplus config pmap c storm rate 100000 To negate the limit set previously use the following commands awplus confi...

Страница 1110: ...efault Mode Policy Map Class Configuration Usage This command should be set in conjunction with the storm rate command Examples To set the QSP window size to 5000 ms use the following commands awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap2 awplus config pmap c storm window 5000 To negate the QSP window size set previously use the following commands awplus c...

Страница 1111: ...nts of the packet existing either at ingress or applied by the class map will pass unchanged Syntax trust dscp no trust Mode Policy Map Configuration Because policy maps are applied to ports you can think of trust dscp as a per port setting Examples To enable the premark dscp map lookup for policy map pmap1 use the commands awplus configure terminal awplus config policy map pmap1 awplus config pma...

Страница 1112: ...ble queues 0 1 2 3 4 5 6 7 no wrr queue disable queues 0 1 2 3 4 5 6 7 Mode Interface Configuration Examples To disable queue 1 from transmitting traffic use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if wrr queue disable queues 1 To enable queue 1 to transmit traffic use the commands awplus configure terminal awplus config interface port1 0 1 awplus con...

Страница 1113: ...ified The minimum is 651Kb Syntax wrr queue egress rate limit bandwidth queues 0 1 2 3 4 5 6 7 no wrr queue egress rate limit bandwidth queues 0 1 2 3 4 5 6 7 Mode Interface Configuration Example To limit the egress rate of queues 0 1 and 2 use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if wrr queue egress rate limit 500M queues 0 1 2 Related Commands sh...

Страница 1114: ...ted round robin based scheduling to static aggregated interfaces for example awplus config interface sa2 Attempting to apply weighted round robin based scheduling on aggregated interfaces will display the console error shown below awplus configure terminal awplus config interface sa2 awplus config if wrr queue weight Invalid input detected at marker Example To apply a WRR weight of 6 to queues 0 a...

Страница 1115: ...hentication on page 1118 debug dot1x on page 1119 dot1x control direction on page 1120 dot1x eap on page 1122 dot1x eapol version on page 1123 dot1x initialize interface on page 1125 dot1x initialize supplicant on page 1126 dot1x keytransmit on page 1127 dot1x max auth fail on page 1128 dot1x max reauth req on page 1130 dot1x port control on page 1132 dot1x timeout tx period on page 1134 show debu...

Страница 1116: ...Rev C Command Reference for IX5 28GPX 1116 AlliedWare Plus Operating System Version 5 4 7 0 x 802 1X COMMANDS show dot1x supplicant on page 1149 show dot1x supplicant interface on page 1151 undebug dot1x on page 1154 ...

Страница 1117: ...fault list name no dot1x accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_acct on the vlan10 interface use the commands awplus configure terminal awplus config interface vlan10 awplus config if dot1x accounting vlan10_acct To remove the named list from the vlan10 interface and set the authentication method b...

Страница 1118: ...x authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_auth on the vlan10 interface use the commands awplus configure terminal awplus config interface vlan10 awplus config if dot1x authentication vlan10_auth To remove the named list from the vlan10 interface and set the authentication method back to default ...

Страница 1119: ...aware that this is a very verbose output It is mostly useful to capture this as part of escalating an issue to ATI support Examples Use this command without any parameters to turn on normal 802 1X debug information awplus debug dot1x awplus show debugging dot1x Related Commands show debugging dot1x undebug dot1x Parameter Description all Used with the no variant of this command exclusively turns o...

Страница 1120: ...ntax dot1x control direction in both no dot1x control direction Default The authentication port direction is set to both by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port or Authentication Profile mode Examples To set the port direction to the default both for port1 0 2 use the commands awplus configure terminal awplus config interface port1...

Страница 1121: ...ONTROL DIRECTION To set the port direction to the default both for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no dot1x control direction Related Commands auth profile Global Configuration show dot1x show dot1x interface show auth interface ...

Страница 1122: ...e commands awplus configure terminal awplus config dot1x eap forward To set the transmit mode of EAP packet to discard to discard EAP packets use the commands awplus configure terminal awplus config dot1x eap discard To set the transmit mode of EAP packet to forward untagged vlan to forward EAP packets to ports with the same untagged vlan use the commands awplus configure terminal awplus config do...

Страница 1123: ...Examples To set the EAPOL protocol version to 2 for port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x eapol version 2 To set the EAPOL protocol version to the default version 1 for interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no dot1x eapol version To set the EAPOL proto...

Страница 1124: ...Rev C Command Reference for IX5 28GPX 1124 AlliedWare Plus Operating System Version 5 4 7 0 x 802 1X COMMANDS DOT1X EAPOL VERSION Validation Commands auth profile Global Configuration show dot1x show dot1x interface ...

Страница 1125: ...ommand awplus dot1x initialize interface port1 0 2 To unauthorize switch port1 0 1 and attempt reauthentication on switch port1 0 1 use the command awplus dot1x initialize interface port1 0 1 To unauthorize all switch ports for a 24 port device and attempt reauthentication use the command awplus dot1x initialize interface port1 0 1 port1 0 24 Validation Commands show dot1x show dot1x interface Rel...

Страница 1126: ...iscommand Theattemptistriggered by the first packet from the supplicant trying to access the network resources Syntax dot1x initialize supplicant macadd username Mode Privileged Exec Example To initialize the supplicant authentication use the commands awplus configure terminal awplus config dot1x initialize supplicant 0090 99ab a020 awplus config dot1x initialize supplicant guest Validation Comman...

Страница 1127: ...LACP channel group or a switch port Usage Use this command to enable key transmission over an Extensible Authentication Protocol EAP packet between the authenticator and supplicant Use the no variant of this command to disable key transmission Examples To enable the key transmit feature on interface port1 0 2 after it has been disabled by negation use the commands awplus configure terminal awplus ...

Страница 1128: ...aximum number of login attempts for supplicants on an interface The supplicant is moved to the auth fail VLAN from the Guest VLAN after the number of failed login attempts using 802 1X authentication is equal to the number set with this command See the AAA and Port Authentication Feature Overview and Configuration Guide for information about the auth fail VLAN feature and restrictions regarding co...

Страница 1129: ...l awplus config auth profile student awplus config auth profile dot1x max auth fail 1 To configure the maximum number of login attempts for a supplicant on authentication profile student to the default number of three 3 login attempts use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no dot1x max auth fail Validation Commands show running conf...

Страница 1130: ...ication attempts after failure Examples To configure the maximum number of reauthentication attempts for interface port1 0 2 to a single 1 reauthentication request use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x max reauth req 1 To configure the maximum number of reauthentication attempts for interface port1 0 2 to the default maximum number of t...

Страница 1131: ...authentication attempts for authentication profile student to the default maximum number of two 2 reauthentication attempts use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no dot1x max reauth req Validation Commands show running config Related Commands auth profile Global Configuration dot1x max auth fail show dot1x interface ...

Страница 1132: ...t controlis set to auto the 802 1X authentication feature is executed on the interface but only if the aaa authentication dot1x command has been issued Examples To enable port authentication on the interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x port control auto To enable port authentication force authorized on the interface ...

Страница 1133: ...inal awplus config auth profile student awplus config auth profile dot1x port control auto To enable port authentication force authorized on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile dot1x port control force authorized To disable port authentication on authentication profile student use the commands awplu...

Страница 1134: ...tempts to request an ID Examples To set the transmit timeout period to 5 seconds on interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x timeout tx period 5 To reset transmit timeout period to the default 30 seconds on interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if ...

Страница 1135: ...v C Command Reference for IX5 28GPX 1135 AlliedWare Plus Operating System Version 5 4 7 0 x 802 1X COMMANDS DOT1X TIMEOUT TX PERIOD Validation Commands auth profile Global Configuration show dot1x show dot1x interface ...

Страница 1136: ...ng and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging dot1x Mode User Exec and Privileged Exec Usage This is a sample output from the show debugging dot1x command awplus debug dot1x awplus show debugging dot1x Related Commands debug dot1x 802 1X debugging status 802 1X events debugging is on 802 1X timer debugging i...

Страница 1137: ...ow dot1x all Parameter Description all Displays all authentication information for each port available on the switch Table 1 Example output from the show dot1x all command awplus show dot1x all 802 1X Port Based Authentication Enabled RADIUS server address 150 87 18 89 1812 Next radius message id 5 RADIUS client address not configured Authentication info for interface port1 0 6 portEnabled true po...

Страница 1138: ... false KR rxKey false KT keyAvailable false keyTxEnabled false criticalState off dynamicVlanId 2 802 1X statistics for interface port1 0 6 EAPOL Frames Rx 5 EAPOL Frames Tx 16 EAPOL Start Frames Rx 0 EAPOL Logoff Frames Rx 0 EAP Rsp Id Frames Rx 3 EAP Response Frames Rx 2 EAP Req Id Frames Tx 8 EAP Request Frames Tx 2 Invalid EAPOL Frames Rx 0 EAP Length Error Frames Rx 0 EAPOL Last Frame Version ...

Страница 1139: ... SHOW DOT1X authEaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 BackendResponses 2 BackendAccessChallenges 1 BackendOtherrequestToSupplicant 3 BackendAuthSuccess 1 BackendAuthFails 0 Table 1 Example output from the show dot1x all command cont ...

Страница 1140: ...iguration Guide Syntax show dot1x diagnostics interface interface list Mode Privileged Exec Example See the sample output below showing 802 1X authentication diagnostics for port1 0 5 awplus show dot1x diagnostics interface port1 0 5 Parameter Description interface Specify a port to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch po...

Страница 1141: ...upplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthenticating 1 authFailWhileAuthenticating 0 authEapstartWhileAuthenticating 0 authEaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 BackendResponses 2 Backe...

Страница 1142: ...saving command output see the Getting Started with AlliedWare_Plus Feature Overview and Configuration Guide Syntax show dot1x interface interface list diagnostics sessionstatistics statistics supplicant brief Mode Privileged Exec Examples See the sample output below showing 802 1X authentication status for port1 0 6 awplus show dot1x interface port1 0 6 Parameter Description interface list The int...

Страница 1143: ...ized reAuthenticate disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 PAE connectTimeout 30 BE suppTimeout 30 serverTimeout 30 CD adminControlledDirections in KT keyTxEnabled false critical disabled guestVlan disabled dynamicVlanCreation single dynamic vlan assignFailActionRule deny hostMode multi supplicant maxSupplicant 1024 dot1x enabled protocolVersion 1 authMac enabled ...

Страница 1144: ...aplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 BackendResponses 2 BackendAccessChallenges 1 BackendOtherrequestToSupplicant 3 BackendAuthSuccess 1 awplus show dot1x interface port1 0 6 supplicant authenticationMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthe...

Страница 1145: ...status of the port for 802 1X control portStatus 802 1X status of the port authorized unauthorized reAuthenticate Reauthentication enabled disabled status on port reAuthPeriod Value holds meaning only if reauthentication is enabled abort Indicates that authentication should be aborted when set to true fail Indicates failed authentication attempt when set to false start Indicates authentication sho...

Страница 1146: ...t CD Controlled Directions State machine adminControlledDi r ections Administrative value Both In operControlledDir e ctions Operational Value Both In KR Key receive state machine rxKey True when EAPOL Key message is received by supplicant or authenticator false when key is transmitted KT Ket Transmit State machine keyAvailable False when key has been transmitted by authenticator true when new key...

Страница 1147: ...authentication session statistics for port1 0 6 awplus show dot1x sessionstatistics interface port1 0 6 Parameter Description interface Specify a port to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of interfaces ports sta...

Страница 1148: ... statistics interface port1 0 6 Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of interfaces ports static channel groups or dynamic LACP channel groups separated by a hyphen e g vlan2 8 or port1 0 1 1 0 4 or...

Страница 1149: ...eter awplus show dot1x supplicant 00d0 59ab 7037 brief Parameter Description macadd MAC hardware address of the Supplicant brief Brief summary of the Supplicant state authenticationMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 Supplicant name manager Supplicant address 00d0 ...

Страница 1150: ...cationMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 Interface VID Mode MAC Address Status IP Address Username port1 0 6 2 D 00d0 59ab 7037 Authenticated 192 168 2 201 manager Interface port1 0 6 authenticationMethod dot1x web Two Step Authentication firstMethod dot1x secondM...

Страница 1151: ...onfiguration Guide Syntax show dot1x supplicant interface interface list brief Mode Privileged Exec Examples See sample output below showing the supplicant on the interface port1 0 6 awplus show dot1x interface port1 0 6 Parameter Description interface list The interfaces or ports to configure An interface list can be aninterface e g vlan2 aswitchport e g port1 0 6 a static channel group e g sa2 o...

Страница 1152: ...ant address 0000 cd07 7b60 authenticationMethod 802 1X Two Step Authentication firstAuthentication Pass Method mac secondAuthentication Pass Method dot1x portStatus Authorized currentId 3 abort F fail F start F timeout F success T PAE state Authenticated portMode Auto PAE reAuthCount 0 rxRespId 0 PAE quietPeriod 60 maxReauthReq 2 BE state Idle reqCount 0 idFromServer 2 CD adminControlledDirections...

Страница 1153: ...face sa1 supplicant brief Interface sa1 authenticationMethod dot1x Two Step Authentication firstMethod mac secondMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 otherAuthenticationSupplicantNum 0 Interface VID Mode MAC Address Status IP Address Username sa1 1 D 00d0 59ab 7037 ...

Страница 1154: ...ommand Reference for IX5 28GPX 1154 AlliedWare Plus Operating System Version 5 4 7 0 x 802 1X COMMANDS UNDEBUG DOT1X undebug dot1x Overview This command applies the functionality of the no variant of the debug dot1x command ...

Страница 1155: ...namic vlan creation on page 1161 auth guest vlan on page 1164 auth guest vlan forward on page 1167 auth host mode on page 1169 auth log on page 1171 auth max supplicant on page 1173 auth profile Global Configuration on page 1175 auth profile Interface Configuration on page 1176 auth reauthentication on page 1177 auth roaming disconnected on page 1178 auth roaming enable on page 1180 auth supplican...

Страница 1156: ...ode on page 1218 auth web server dhcp ipaddress on page 1219 auth web server dhcp lease on page 1220 auth web server dhcp wpad option on page 1221 auth web server host name on page 1222 auth web server intercept port on page 1223 auth web server ipaddress on page 1224 auth web server page language on page 1225 auth web server login url on page 1226 auth web server page logo on page 1227 auth web s...

Страница 1157: ...tion Authentication Profile on page 1245 erase proxy autoconfig file on page 1246 erase web auth https file on page 1247 platform l3 vlan hashing algorithm on page 1248 platform mac vlan hashing algorithm on page 1249 show auth on page 1250 show auth diagnostics on page 1252 show auth interface on page 1254 show auth sessionstatistics on page 1257 show auth statistics interface on page 1258 show a...

Страница 1158: ... feature enables assignment to a different VLAN if a supplicant fails authentication To enable the auth fail vlan feature with Web Authentication you need to set the Web Authentication Server virtual IP address by using the auth web server ipaddress command or the auth web server dhcp ipaddress command When using 802 1X port authentication use a dot1x max auth fail command to set the maximum numbe...

Страница 1159: ...following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth auth fail vlan 100 To disable the auth fail vlan feature for port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth auth fail vlan To enable the auth fail vlan feature on authentication profile student use the commands awplus config...

Страница 1160: ...de Examples To enable the critical port feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth critical To disable the critical port feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth critical To enable the critical port fe...

Страница 1161: ...signed to ports Dynamic VLANs may be associated with authenticated MAC addresses if the type parameter is applied with the rule parameter The rule parameter deals with the case where there are multiple supplicants attached to a port and the type parameter has been set to single vlan The parameter specifies how the switch should act if different VLAN IDs end up being assigned to different supplican...

Страница 1162: ...LAN ID assigned for the MAC Base VLAN is displayed using the show platform table vlan command To configure Dynamic Vlan with Web Authentication you need to set Web Authentication Server virtual IP address by using the auth web server ipaddress command or the auth web server dhcp ipaddress command You also need to create a hardware access list that can be applied to the switch port interface You ne...

Страница 1163: ...able the Dynamic VLAN assignment feature on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile auth dynamic vlan creation To disable the Dynamic VLAN assignment feature on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth...

Страница 1164: ... a port is in multi supplicant mode with per port dynamic VLAN configuration after the first successful authentication subsequent hosts cannot use the guest VLAN due to the change in VLAN ID This may be avoided by using per user dynamic VLAN assignment When using the Guest VLAN feature with the multi host mode a number of supplicants can communicate via a guest VLAN before authentication A supplic...

Страница 1165: ...nds awplus configure terminal awplus config vlan database awplus config vlan vlan 100 awplus config vlan exit awplus config interface port1 0 2 awplus config if dot1x port control auto awplus config if auth guest vlan 100 routing To disable the guest VLAN feature on port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth guest vlan ...

Страница 1166: ...Command Reference for IX5 28GPX 1166 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH GUEST VLAN auth guest vlan forward dot1x port control show dot1x show dot1x interface show running config ...

Страница 1167: ...g is disabled by default Mode Interface Configuration mode for a specified switch port or Authentication Profile mode Usage Before using this command you must configure the guest VLAN with the auth guest vlan command Example To enable packet forwarding from the guest VLAN to the destination IP address on interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0...

Страница 1168: ...h guest vlan forward 10 0 0 1 dns To enable the tcp forwarding port 137 on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile auth guest vlan forward 10 0 0 1 tcp 137 To disable the tcp forwarding port 137 authentication profile student use the commands awplus configure terminal awplus config auth profile student ...

Страница 1169: ...se the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth host mode multi supplicant Parameter Description single host Single host mode In this mode only one host may be authorized with the port If other hosts out the interface attempt to authenticate the authenticator blocks the attempt multi host Multi host mode In this mode multiple hosts may be...

Страница 1170: ... host mode To set the host mode to multi supplicant on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile auth host mode multi supplicant To set the host mode to default single host on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth pr...

Страница 1171: ...ing of MAC authentication failures to the log file for supplicants client devices connected to interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth log auth mac failure Parameter Description dot1x Specify only 802 1X Authentication log messages are output to the log file auth mac Specify only MAC Authentication log message...

Страница 1172: ...ure the logging of web authentication failures to the log file for supplicants client devices connected to authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile auth log auth web failure To disable the logging of all types of authentication log messages to the log file for supplicants client devices connected to auth...

Страница 1173: ...ofile mode Examples To set the maximum number of supplicants to 10 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth max supplicant 10 To reset the maximum number of supplicant to default on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no ...

Страница 1174: ...d Reference for IX5 28GPX 1174 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH MAX SUPPLICANT Related Commands auth profile Global Configuration show dot1x show dot1x interface show running config ...

Страница 1175: ...o port authentication profiles are created by default Mode Global Configuration Usage A port authentication profile is a configuration object that aggregates multiple port authentication commands These profiles are attached or detached from an interface using the auth profile Interface Configuration command Example To create a new authentication profile student use the following commands awplus co...

Страница 1176: ... a authentication profile created using the auth profile Global Configuration command to a static channel a dynamic LACP channel group or a switch port You can only attach one profile to an interface at a time use the no variant of the command to detach a profile before attempting to attach another one Example To attach the authentication profile student to port1 0 1 use the following commands awp...

Страница 1177: ... or Authentication Profile mode Examples To enable reauthentication on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth reauthentication To disable reauthentication on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth reauthentication To ...

Страница 1178: ...ce goes down so supplicants must reauthenticate Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port or Authentication Profile mode Usage Note that 802 1X port authentication MAC authentication or Web authentication must be configured before using this feature The port that the supplicant is moving to must have the same authentication configuration as the...

Страница 1179: ...al awplus config auth profile student awplus config auth profile auth roaming disconnected To require supplicants using authentication profile student to reauthenticate when moving between ports if the link is down use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth roaming disconnected Related Commands auth profile Global Configuration ...

Страница 1180: ...ion MAC authentication or Web authentication must be configured before using this feature The port that the supplicant is moving to must have the same authentication configuration as the port the supplicant is moving from This command only enables roaming authentication for links that are up If you want roaming authentication on links that are down you must also use the command auth roaming discon...

Страница 1181: ...ng authentication for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth roaming enable Related Commands auth profile Global Configuration auth mac enable auth roaming disconnected auth web enable dot1x port control show auth interface show dot1x interface show running config ...

Страница 1182: ... entry in A B C D P format max reauth req The number of reauthentication attempts before becoming unauthorized 1 10 Count of reauthentication attempts default 2 port control Port control commands auto A port control parameter that allows port clients to negotiate authentication force authorized A port control parameter that forces the port state to authorized force unauthorized A port control para...

Страница 1183: ...terface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth supplicant ip 192 168 10 0 24 To disable reauthentication for the supplicant s IP address 192 168 10 0 24 for interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth supplicant ip 192 168 10 0 24 reauthentication T...

Страница 1184: ...ntaining a specific string mac addr mask The mask comprises a string of three period separated bytes where each byte comprises four hexadecimal characters that will generally be either 1or 0 When the mask is applied to a specific MAC address a match is only required for characters that correspond to a 1 in the mask Characters that correspond to a 0 in the mask are effectively ignored In the exampl...

Страница 1185: ...for port 1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth supplicant mac 0000 5E00 0000 mask ffff ff00 0000 port control force authorized To delete the supplicant MAC address 0000 5E00 5343 for port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth supplicant mac 0000 5E00 5343 To reset...

Страница 1186: ...3 port control force authorized To delete the supplicant MAC address 0000 5E00 5343 for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth supplicant mac 0000 5E00 5343 To disable reauthentication for the supplicant MAC address 0000 5E00 5343 for authentication profile student use the commands awplus confi...

Страница 1187: ...nt has the state connecting then the supplicant is deleted When auth web server session keep or auth two step enableis enabled we recommend you configure a longer connect timeout period Examples To set the connect timeout period to 3600 seconds for port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout connect timeout 3600 To ...

Страница 1188: ...IMEOUT CONNECT TIMEOUT To reset the connect timeout period to the default 30 seconds for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth timeout connect timeout Related Commands auth profile Global Configuration show dot1x show dot1x interface ...

Страница 1189: ... seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout quiet period 10 To reset the quiet period to the default 60 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth timeout quiet period To set the quiet period t...

Страница 1190: ... switch port or Authentication Profile mode Examples To set the reauthentication period to 1 day for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout reauth period 86400 To reset the reauthentication period to the default 3600 seconds for interface port1 0 2 use the following commands awplus configure terminal ...

Страница 1191: ... IX5 28GPX 1191 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH TIMEOUT REAUTH PERIOD Related Commands auth profile Global Configuration auth reauthentication show dot1x show dot1x interface show running config ...

Страница 1192: ...o 120 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout server timeout 120 To set the server timeout to the default 30 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth timeout server timeout To set the serv...

Страница 1193: ...ference for IX5 28GPX 1193 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH TIMEOUT SERVER TIMEOUT Related Commands auth profile Global Configuration show dot1x show dot1x interface show running config ...

Страница 1194: ... timeout to 2 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout supp timeout 2 To reset the server timeout to the default 30 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth timeout supp timeout To set the ...

Страница 1195: ...eference for IX5 28GPX 1195 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH TIMEOUT SUPP TIMEOUT Related Commands auth profile Global Configuration show dot1x show dot1x interface show running config ...

Страница 1196: ...ecurity risk an unauthorized user can access the network with an authorized device or an authorized user can access the network with an unauthorized device Two step authentication solves this problem by authenticating both the user and the device The supplicant will only become authenticated if both these steps are successful If the first authentication step fails then the second step is not start...

Страница 1197: ...ng commands awplus configure terminal awplus config interface port1 0 2 awplus config if switchport mode access awplus config if auth web enable awplus config if dot1x port control auto awplus config if auth dynamic vlan creation awplus config if auth two step enable To enable the two step authentication feature for authentication profile student use the commands awplus configure terminal awplus c...

Страница 1198: ... Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH TWO STEP ENABLE Relat ed Commands auth profile Global Configuration show auth two step supplicant brief show auth show auth interface show auth supplicant show dot1x show dot1x interface show dot1x supplicant ...

Страница 1199: ... list name no auth mac accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_acct on the vlan10 interface use the commands awplus configure terminal awplus config interface vlan10 awplus config if auth mac accounting vlan10_acct To remove the named list from the vlan10 interface and set the accounting method back...

Страница 1200: ...th mac authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_auth on the vlan10 interface use the commands awplus configure terminal awplus config interface vlan10 awplus config if auth mac authentication vlan10_auth To remove the named list from the vlan10 interface and set the authentication method back to ...

Страница 1201: ...s enabled Note that re authentication is correct behavior without spanning tree edgeport enabled Applying switchport mode access on ports is also good practice to set the ports to access mode with ingress filtering turned on whenever ports for MAC Authentication are in a VLAN Examples To enable MAC Authentication on interface port1 0 2 and enable spanning tree edgeport to avoid unnecessary re auth...

Страница 1202: ...ATION COMMANDS AUTH MAC ENABLE To disable MAC authentication on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth mac enable Related Commands auth profile Global Configuration show auth show auth interface show running config ...

Страница 1203: ...e Configuration for a static channel a dynamic LACP channel group or a switch port or Authentication Profile mode Examples To set the MAC Authentication method to pap on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth mac method pap To set the MAC Authentication method to the default on interface port1 0 2 use the fol...

Страница 1204: ...ATION COMMANDS AUTH MAC METHOD To disable MAC authentication on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth mac enable Related Commands auth profile Global Configuration show auth show auth interface show running config ...

Страница 1205: ... particularly important if some MAC based supplicants on the network are intelligent devices such as computers and or you are using two step authentication see the Ensuring Authentication Methods Require Different Usernames and Passwords section of the AAA and Port Authentication Feature_Overview and Configuration Guide Examples To change the password to verySecurePassword use the commands awplus ...

Страница 1206: ...tication re learning feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth mac reauth relearning To disable the re authentication re learning feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awpl us config if no auth mac reauth relearning To ena...

Страница 1207: ... provided to allow other vendors AlliedWare and AlliedWare Plus switches to share the same format on the RADIUS server Example To configure the format of the MAC address in the username and password field to be changed to IETF and upper case use the following commands awplus configure terminal awplus config auth mac username ietf upper case Related Commands auth mac username show running config Pa...

Страница 1208: ...ist name no auth web accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_acct on the vlan10 interface use the commands awplus configure terminal awplus config interface vlan10 awplus config if auth web accounting vlan10_acct To remove the named list from the vlan10 interface and set the accounting method back t...

Страница 1209: ...h web authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_auth on the vlan10 interface use the commands awplus configure terminal awplus config interface vlan10 awplus config if auth web authentication vlan10_auth To remove the named list from the vlan10 interface and set the authentication method back to d...

Страница 1210: ...g command and vice versa You need to configure an IPv4 address for the VLAN interface on which Web Authentication is running Examples To enable Web Authentication on static channel group 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if static channel group 2 awplus config if exit awplus config interface sa2 awplus config if auth web enable T...

Страница 1211: ...ATION COMMANDS AUTH WEB ENABLE To disable Web authentication on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth web enable Related Commands auth profile Global Configuration show auth show auth interface show running config ...

Страница 1212: ... address ip address prefix length dns tcp 1 65535 udp 1 65535 Or no auth web forward arp dhcp dns tcp 1 65535 udp 1 65535 Default Packet forwarding for port authentication is enabled by default for arp dhcp and dns Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port or Authentication Profile mode Usage For more information about the ip address parameter ...

Страница 1213: ...port mode access awplus config if auth web enable awplus config if auth dynamic vlan creation awplus config if auth web forward 192 168 1 10 dns To disable the ARP forwarding feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth web forward arp To delete the TCP forwarding port 137 on interface port1 0 2 use t...

Страница 1214: ...student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth web forward arp To delete the tcp forwarding port 137 on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth web forward tcp 137 To delete all tcp forwarding on authentication profile stu...

Страница 1215: ...channel group or a switch port or Authentication Profile mode Examples To set the lock count to 5 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth web max auth fail 5 To set the lock count to the default on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awp...

Страница 1216: ...r IX5 28GPX 1216 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH WEB MAX AUTH FAIL Related Commands auth profile Global Configuration auth timeout quiet period show auth show auth interface show running config ...

Страница 1217: ...tication Profile mode Example To set the Web Authentication method to eap md5 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth web method eap md5 To set the web authentication method to eap md5 for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus con...

Страница 1218: ...isable blocking mode for the Web Authentication server Syntax auth web server blocking mode no auth web server blocking mode Default By default blocking mode is disabled for the Web Authentication server Mode Global Configuration Example To enable blocking mode for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server blocking mode To disa...

Страница 1219: ...cation Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancements working together You cannot use the IPv4 address assigned to the device s interface as the Web Authentication server address Examples To assign the IP address 10 0 0 1 to the Web Authentication server use the following comma...

Страница 1220: ...See the AAA and Port Authentication Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancements working together Examples To set the DHCP lease time to 1 minute for supplicants using the DHCP service on the Web Authentication server use the following commands awplus configure terminal awplu...

Страница 1221: ...d to use WPAD the supplicant s web browser will use TCP port 80 as usual Therefore the packet can be intercepted by Web Authentication as normal and the Web Authentication Login page can be sent However after authentication the browser does not know where to get the WPAD file and so cannot access external web pages The WPAD file is usually named proxy pac file and tells the browser what web proxy ...

Страница 1222: ...TPS protocol the web browser will validate the certificate If the certificate is invalid the web page gives a warning message before displaying server content However the web page will not give warning message if the server has a hostname same as the one stored in the installed certificate Examples To set the auth example com as the hostname of the web authentication server use the commands awplus...

Страница 1223: ...port number In this case Web Authentication cannot intercept the connection To overcome this limitation you can use this command to tell the switch which additional port it should intercept and then send the Web Authentication Login page to the supplicant When the web authentication switch is in a guest network the switch does not know the proxy server s port number in the supplicant s proxy setti...

Страница 1224: ... web server ipaddress ip address no auth web server ipaddress Default The Web Authentication server address on the system is not set by default Mode Global Configuration Examples To set the IP address 10 0 0 1 to the Web Authentication server use the following commands awplus configure terminal awplus config auth web server ipaddress 10 0 0 1 To delete the IP address from the Web Authentication se...

Страница 1225: ...English by default Mode Global Configuration Examples To set Japanese as the presentation language of Web authentication pages use the following commands awplus configure terminal awplus config auth web server page language japanese To set English as the presentation language of Web authentication pages use the following commands awplus configure terminal awplus config auth web server page languag...

Страница 1226: ...onfiguration Guide for details Use the no variant of this command to delete the URL Syntax auth web server login url URL no auth web server login url Default The built in login page is set by default Mode Global Configuration Examples To set http example com login html as the login page use the commands awplus configure terminal awplus config auth web server login url http example com login html T...

Страница 1227: ...nd Port Authentication Feature Overview and Configuration Guide Syntax auth web server page logo auto default hidden no auth web server page logo Default Logo type is auto by default Mode Global Configuration Examples To display the default logo with ignoring installed custom logo use the commands awplus configure terminal awplus config auth web server page logo default To set back to the default ...

Страница 1228: ...e Overview and Configuration Guide Syntax auth web server page sub title hidden text sub title no auth web server page sub title Default Allied Telesis is displayed by default Mode Global Configuration Examples To set the custom sub title use the commands awplus configure terminal awplus config auth web server page sub title text Web Authentication To hide the sub title use the commands awplus con...

Страница 1229: ...nd Port Authentication Feature Overview and Configuration Guide Syntax auth web server page success message text success message no auth web server page success message Default No success message is set by default Mode Global Configuration Examples To set the success message on the web authentication page use the commands awplus configure terminal awplus config auth web server page success message...

Страница 1230: ... Syntax auth web server page title hidden text title no auth web server page title Default Web Access Authentication Gateway is displayed by default Mode Global Configuration Examples To set the custom title on the web authentication page use the commands awplus configure terminal awplus config auth web server page title text Login To hide the title on the web authentication page use the commands ...

Страница 1231: ... and Port Authentication Feature Overview and Configuration Guide Syntax auth web server page welcome message text welcome message no auth web server page welcome message Default No welcome message is set by default Mode Global Configuration Examples To set the welcome message on the web authentication page use the commands awplus configure terminal awplus config auth web server page welcome messa...

Страница 1232: ...nticated by Web Authentication Syntax auth web server ping poll enable no auth web server ping poll enable Default The ping polling feature for Web Authentication is disabled by default Mode Global Configuration Examples To enable the ping polling feature for Web Authentication use the following commands awplus configure terminal awplus config auth web server ping poll enable To disable the ping p...

Страница 1233: ...se the no variant of this command to resets the fail count for the ping polling feature to the default 5 pings Syntax auth web server ping poll failcount 1 100 no auth web server ping poll failcount Default The default failcount for ping polling is 5 pings Mode Global Configuration Examples To set the failcount of ping polling to 10 pings use the following commands awplus configure terminal awplus...

Страница 1234: ...ng polling 30 seconds Syntax auth web server ping poll interval 1 65535 no auth web server ping poll interval Default The interval for ping polling is 30 seconds by default Mode Global Configuration Examples To set the interval of ping polling to 60 seconds use the following commands awplus configure terminal awplus config auth web server ping poll interval 60 To set the interval of ping polling t...

Страница 1235: ...no variant of this command to reset the reauth timer refresh parameter to the default setting disabled Syntax auth web server ping poll reauth timer refresh no auth web server ping poll reauth timer refresh Default The reauth timer refresh parameter is disabled by default Mode Global Configuration Examples To enable the reauth timer refresh timer use the following commands awplus configure termina...

Страница 1236: ...reset the timeout of ping polling to the default 1 second Syntax auth web server ping poll timeout 1 30 no auth web server ping poll timeout Default The default timeout for ping polling is 1 second Mode Global Configuration Examples To set the timeout of ping polling to 2 seconds use the command awplus configure terminal awplus config auth web server ping poll timeout 2 To set the timeout of ping ...

Страница 1237: ...Authentication server HTTP port number is set to 80 by default Mode Global Configuration Examples To set the HTTP port number 8080 for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server port 8080 To reset to the default HTTP port number 80 for the Web Authentication server use the following commands awplus configure terminal awplus conf...

Страница 1238: ...rect delay time Default The default redirect delay time is 5 seconds Mode Global Configuration Examples To set the delay time to 60 seconds for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server redirect delay time 60 To reset the delay time use the following commands awplus configure terminal awplus config no auth web server redirect d...

Страница 1239: ...tax auth web server redirect url url no auth web server redirect url Default The redirect URL for the Web Authentication server feature is not set by default null Mode Global Configuration Examples To enable and set redirect a URL string www alliedtelesis com for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server redirect url http www a...

Страница 1240: ...is disabled by default Mode Global Configuration Usage This function doesn t ensure to keep session information in all cases Authenticated supplicant may be redirected to unexpected page when session keep is enabled This issue occurred by supplicant sending HTTP packets automatically after authentication page is displayed and the URL is written Examples To enable the session keep feature use the f...

Страница 1241: ...ntax auth web server ssl no auth web server ssl Default HTTPS functionality for the Web Authentication server feature is disabled by default Mode Global Configuration Examples To enable HTTPS functionality for the Web Authentication server feature use the following commands awplus configure terminal awplus config auth web server ssl To disable HTTPS functionality for the Web Authentication server ...

Страница 1242: ...ariant of this command to delete registered port number Syntax auth web server ssl intercept port 1 65535 no auth web server ssl intercept port 1 65535 Default 443 TCP is registered by default Mode Global Configuration Examples To register HTTPS port number 3128 use the commands awplus configure terminal awplus config auth web server ssl intercept port 3128 To delete HTTPS port number 3128 use the...

Страница 1243: ...o configuration PAC file to your switch The Web Authentication supplicant can get the downloaded file from the system web server Syntax copy filename proxy autoconfig file Mode Privileged Exec Example To download the PAC file to this device use the command awplus copy tftp server proxy pac proxy autoconfig file Related Commands show proxy autoconfig file erase proxy autoconfig file Parameter Descr...

Страница 1244: ...be in PEM Privacy Enhanced Mail format and contain the private key and the server certificate Syntax copy filename web auth https file Mode Privileged Exec Example To download the server certificate file veriSign_cert pem from the TFTP server directory server use the command awplus copy tftp server veriSign_cert pem web auth https file Related Commands auth web server ssl erase web auth https file...

Страница 1245: ...ult No description configured by default Mode Authentication Profile Example To add a description to the authentication profile student use the following commands awplus configure terminal awplus config auth profile student awplus config auth profile description student room setting To remove a description from the authentication profile student use the following commands awplus configure terminal...

Страница 1246: ... AUTOCONFIG FILE erase proxy autoconfig file Overview Use this command to remove the proxy auto configuration file Syntax erase proxy autoconfig file Mode Privileged Exec Example To remove the proxy auto configuration file use the command awplus erase proxy autoconfig file Related Commands show proxy autoconfig file copy proxy autoconfig file ...

Страница 1247: ...uth https file Overview Use this command to remove the SSL server certificate for web based authentication Syntax erase web auth https file Mode Privileged Exec Example To remove the SSL server certificate file for web based authentication use the command awplus erase web auth https file Related Commands auth web server ssl copy web auth https file show auth web server ...

Страница 1248: ...re than four different IP addresses produce the same hash key When this situation occurs collisions can sometimes be avoided by changing the hashing algorithm from its default of crc32l Several different algorithms may need to be tried to rectify the problem You must restart the switch for this command to take effect Note that this command is intended for technical support staff or advanced end us...

Страница 1249: ...more than four different MAC addresses produce the same hash key When this situation occurs collisions can sometimes be avoided by changing the hashing algorithm from its default of crc32l Several different algorithms may need to be tried to rectify the problem You must restart the switch for this command to take effect Note that this command is intended for technical support staff or advanced end...

Страница 1250: ...amic or LACP channel group or a switch port awplus show auth all 802 1X Port Based Authentication Enabled MAC based Port Authentication Disabled WEB based Port Authentication Enabled RADIUS server address auth 150 87 17 192 1812 Last radius message id 4 Authentication Info for interface port1 0 1 portEnabled true portControl Auto portStatus Authorized reAuthenticate disabled reAuthPeriod 3600 PAE ...

Страница 1251: ...uthenticationMethod WEB based Authentication Two Step Authentication firstAuthentication Pass Method dot1x secondAuthentication Pass Method web portStatus Authorized currentId 3 abort F fail F start F timeout F success T PAE state Authenticated portMode Auto PAE reAuthCount 0 rxRespId 0 PAE quietPeriod 60 maxReauthReq 2 BE state Idle reqCount 0 idFromServer 2 CD adminControlledDirections in operCo...

Страница 1252: ...ace list Mode Privileged Exec Example To display authentication diagnostics for port1 0 6 enter the command awplus show auth diagnostics interface port1 0 6 Parameter Description interface Specify ports to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel grou...

Страница 1253: ... interface port1 0 6 Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthenticating 1 authFailWhileAuthenticating 0 authEapstartWhileAuthenticating 0 authEaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 Ba...

Страница 1254: ...terface interface list diagnostics sessionstatistics statistics supplicant brief Mode Privileged Exec Example To display the Web based authentication status for port1 0 6 enter the command awplus show auth interface port1 0 6 If web based authentication is not configured the output will be Parameter Description interface list The interfaces or ports to configure An interface list can be aninterfac...

Страница 1255: ...1 0 1 Authentication Info for interface port1 0 1 portEnabled true portControl Auto portStatus Authorized reAuthenticate disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 BE suppTimeout 30 serverTimeout 30 CD adminControlledDirections in KT keyTxEnabled false critical disabled guestVlan disabled guestVlanForwarding none authFailVlan disabled dynamicVlanCreation disabled host...

Страница 1256: ...onstatistics show dot1x statistics interface show dot1x supplicant interface Authentication Diagnostics for interface port1 0 6 Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthenticating 1 authFailWhileAuthenticating 0 authEapstartWhileAuthenticating 0 authEaplogoggWhileAuthenticat...

Страница 1257: ... 3 Example output from the show auth sessionstatistics command Parameter Description interface Specify ports to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of interfaces ports static channel groups or dynamic LACP channel...

Страница 1258: ...lay Web Authentication statistics for port1 0 4 enter the command awplus show auth statistics interface port1 0 4 Related Commands show dot1x interface Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of inter...

Страница 1259: ...t To display authenticated supplicant information for device with MAC address 0000 5E00 5301 enter the command awplus show auth supplicant 0000 5E00 5301 Output Figure 32 4 Example output from show auth supplicant brief Parameter Description macadd Mac hardware address of the supplicant Entry format is HHHH HHHH HHHH hexadecimal brief Brief summary of the supplicant state awplus show auth supplica...

Страница 1260: ... F start F timeout F success T PAE state Authenticated portMode Auto PAE reAuthCount 0 rxRespId 0 PAE quietPeriod 60 maxReauthReq 2 BE state Idle reqCount 0 idFromServer 0 CD adminControlledDirections in operControlledDirections in CD bridgeDetected false KR rxKey false KT keyAvailable false keyTxEnabled false RADIUS server group auth radius RADIUS server auth 192 168 1 40 awplus show auth supplic...

Страница 1261: ...liedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS SHOW AUTH SUPPLICANT Related Commands aaa accounting auth mac aaa accounting auth web aaa accounting dot1x aaa authentication auth mac aaa authentication auth web aaa authentication dot1x ...

Страница 1262: ...thenticated supplicant on the interface port1 0 3 enter the command awplus show auth supplicant interface port1 0 3 To display brief summary output for the authenticated supplicant enter the command awplus show auth supplicant brief Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel ...

Страница 1263: ...tep supplicant interface port1 0 6 brief Output Figure 32 7 Example output from show auth two step supplicant brief Related Commands auth two step enable Parameter Description interface The interface selected for display ifrange The interface types which can be specified as ifrange Switch port e g port1 0 6 Static channel group e g sa3 Dynamic LACP channel group e g po4 interface port1 0 6 authent...

Страница 1264: ... 8 Example output from the show auth web server command Related Commands auth web server ipaddress auth web server port auth web server redirect delay time auth web server redirect url auth web server session keep auth web server ssl Web authentication server Server status enabled Server mode none Server address 192 168 1 1 24 DHCP server enabled DHCP lease time 20 DHCP WPAD Option URL http 192 16...

Страница 1265: ...ow the web authentication page information use the command awplus show auth web server page Figure 32 9 Example output from the show auth web server page command Related Commands auth web forward auth web server page logo auth web server page sub title auth web server page success message auth web server page title auth web server page welcome message awplus show auth web server page Web authentic...

Страница 1266: ... Syntax show proxy autoconfig file Mode Privileged Exec Example To display the contents of the proxy auto configuration PAC file enter the command awplus show auth proxy autoconfig file Output Figure 32 10 Example output from show proxy autoconfig file Related Commands copy proxy autoconfig file erase proxy autoconfig file function FindProxyForURL url host if isPlainHostName host isInNet host 192 ...

Страница 1267: ... 1273 aaa accounting dot1x on page 1275 aaa accounting login on page 1277 aaa accounting update on page 1280 aaa authentication auth mac on page 1282 aaa authentication auth web on page 1284 aaa authentication dot1x on page 1286 aaa authentication enable default group tacacs on page 1288 aaa authentication enable default local on page 1290 aaa authentication login on page 1291 aaa authorization co...

Страница 1268: ...page 1305 login authentication on page 1306 proxy port on page 1307 radius secure proxy aaa on page 1308 server radsecproxy aaa on page 1309 server mutual authentication on page 1311 server name check on page 1312 server trustpoint on page 1313 show aaa local user locked on page 1315 show aaa server group on page 1316 show debugging aaa on page 1317 show radius server group on page 1318 undebug aa...

Страница 1269: ...y none group group name radius no aaa accounting auth mac default list name Default RADIUS accounting for MAC based Authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default accounting method list or a named accounting method list default the default accounting method list which is automatically applied to all interfaces with MAC...

Страница 1270: ...IUS servers use the commands awplus configure terminal awplus config aaa accounting auth mac default start stop group radius To disable RADIUS accounting for MAC based Authentication use the commands awplus configure terminal awplus config no aaa accounting auth mac default To enable a named RADIUS accounting method list vlan10_acct for MAC based authentication with the RADIUS server group rad_gro...

Страница 1271: ...y none group group name radius no aaa accounting auth web default list name Default RADIUS accounting for Web based authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default accounting method list or a named accounting method list default the default accounting method list which is automatically applied to all interfaces with Web...

Страница 1272: ...rvers use the commands awplus configure terminal awplus config aaa accounting auth web default start stop group radius To disable the default RADIUS accounting method for Web based authentication use the commands awplus configure terminal awplus config no aaa accounting auth web default To enable a named RADIUS accounting method list vlan10_acct for Web based authentication with the RADIUS server ...

Страница 1273: ...ed by default Mode Global Configuration Usage This command only supports a default method list this means that it is applied to every console and VTY line The stop only parameter indicates that the command accounting messages are sent to the TACACS server when the commands have stopped executing The group tacacs parameters signifies that the command accounting messages are sent to the TACACS serve...

Страница 1274: ...rivilege levels 1 7 and 15 use the following commands awplus configure terminal awplus config aaa accounting commands 1 default stop only group tacacs awplus config aaa accounting commands 7 default stop only group tacacs awplus config aaa accounting commands 15 default stop only group tacacs To disable command accounting for privilege levels 1 7 and 15 use the following commands awplus configure ...

Страница 1275: ...e start stop stop only none group group name radius no aaa accounting dot1x default list name Default RADIUS accounting for 802 1X based authentication is disabled by default there is no default server set by default Mode Global Configuration Usage This command can be used to configure either the default accounting method list or a named accounting method list default the default accounting method...

Страница 1276: ...nd use all available RADIUS Servers use the commands awplus configure terminal awplus config aaa accounting dot1x default start stop group radius To disable RADIUS accounting for 802 1X based authentication use the commands awplus configure terminal awplus config no aaa accounting dot1x default To enable a named RADIUS accounting method list vlan10_acct for 802 1X based authentication with the RAD...

Страница 1277: ...ccounting method list for login shell sessions configured by an aaa accounting login command If the method list being deleted is already applied to a console or VTY line accounting on that line will bedisabled Ifthedefaultmethodlistnameisremoved by thiscommand itwill disable accounting on every line that has the default accounting configuration Syntax aaa accounting login default list name start s...

Страница 1278: ... name use the specified RADIUS server group configured with the aaa group server command There is one way to define servers where TACACS accounting messages are sent group tacacs use all TACACS servers configured by tacacs server host command The accounting event to send to the RADIUS or TACACS server is configured with the following options start stop sends a start accounting message at the begin...

Страница 1279: ...1279 AlliedWare Plus Operating System Version 5 4 7 0 x AAA COMMANDS AAA ACCOUNTING LOGIN Related Commands aaa accounting commands aaa authentication login aaa accounting login aaa accounting update accounting login radius server host tacacs server host ...

Страница 1280: ...de Global Configuration Usage Use this command to enable the device to send periodic AAA login accounting reports to the accounting server When periodic accounting report is enabled interim accounting records are sent according to the interval specified by the periodic parameter The accounting updates are start messages If the no variant of this command is used to disable periodic accounting repor...

Страница 1281: ...AA COMMANDS AAA ACCOUNTING UPDATE To disable periodic accounting update wherever accounting has been configured use the following commands awplus configure terminal awplus config no aaa accounting update Related Commands aaa accounting auth mac aaa accounting auth web aaa accounting dot1x aaa accounting login ...

Страница 1282: ...ed Port Authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a named authentication method list default the default authentication method list which is automatically applied to all interfaces with Web based authentication enabled list name a user named list which can be applied to an interface u...

Страница 1283: ...commands awplus configure terminal awplus config no aaa authentication auth mac default To enable MAC based authentication for named list vlan10_auth with RADIUS server group rad_group_vlan10 use the commands awplus configure terminal awplus config aaa authentication auth mac vlan10_auth group rad_group_vlan10 To disable MAC based authentication for named list vlan10_auth use the commands awplus c...

Страница 1284: ...eb default list name Default Web based authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a named authentication method list default the default authentication method list which is automatically applied to all interfaces with Web based authentication enabled list name a user named list which c...

Страница 1285: ...ication use the commands awplus configure terminal awplus config no aaa authentication auth web default To enable Web based authentication for named list vlan10_auth with RADIUS server group rad_group_vlan10 use the commands awplus configure terminal awplus config aaa authentication auth web vlan10_auth group rad_group_vlan10 To disable Web based authentication for named list vlan10_auth use the c...

Страница 1286: ...tion is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a named authentication method list default the default authentication method list which is automatically applied to all interfaces with 802 1X based authentication enabled list name a user named list which can be applied to an interface using the aaa au...

Страница 1287: ... authentication for named list vlan10_auth with RADIUS server group rad_group_vlan10 use the commands awplus configure terminal awplus config aaa authentication dot1x vlan10_auth group rad_group_vlan10 To disable 802 1X based authentication for named list vlan10_auth use the commands awplus configure terminal awplus config no aaa authentication dot1x vlan10_acct Related Commands aaa accounting dot...

Страница 1288: ...fied privilege level is equal to or less than the users maximum privilege level then they are granted access to that level If the user attempts to access a privilege level that is higher than their maximum configured privilege level then the authentication session will fail and they will remain at their current privilege level NOTE If both local and none are specified you must always specify local...

Страница 1289: ...I Examples To enable a privilege level authentication method that will not allow the user to access Privileged Exec mode if the TACACS server goes offline or is not reachable during enable password authentication use the following commands awplus configure terminal awplus config aaa authentication enable default group tacacs To enable a privilege level authentication method that will allow the use...

Страница 1290: ...ion Usage The privilege level configured for a particular user in the local user database is the privilege threshold above which the user is prompted for an enable Privileged Exec mode command Examples To enable local privilege level authentication command use the following commands awplus configure terminal awplus config aaa authentication enable default local To disable privilege level authentic...

Страница 1291: ... default method list This will return the default method list to its default state local is the default Syntax aaa authentication login default list name local group radius tacacs group name no aaa authentication login default list name Default If the default server is not configured using this command user login authentication uses the local user database only If the default method list name is s...

Страница 1292: ...for user login to first use all available RADIUS servers for user login authentication and then use the local user database use the following commands awplus configure terminal awplus config aaa authentication login default group radius local To configure a user login authentication method list called USERS to first use the RADIUS servergroup RAD_GROUP1 foruserloginauthentication andthenusethe loc...

Страница 1293: ...ent to the first available configured TACACS server the first server configured for authorization Parameter Description privilege level The privilege level of the set of commands the method list will be applied to AlliedWare Plus defines three sets of commands that are indexed by a level value Level 1 All commands that can be accessed by a user with privilege level between 1 and 6 inclusive Level ...

Страница 1294: ...fallback is not configured and all servers become unreachable then all commands except logout exit and quit will be denied The default method list is defined with a local fallback unless configured differently using this command Example To configure a commands authorization method list named TAC15 using all TACACS servers to authorize commands for privilege level 15 with a local fallback use the f...

Страница 1295: ...on Usage If authorization of configuration mode commands is not enabled then all configuration commands are accepted by default including command authorization commands NOTE Authorization of configuration commands is required for a secure TACACS command authorization configuration as it prevents the feature from being disabled to gain access to unauthorized exec mode commands Example To enable com...

Страница 1296: ...al Configuration Usage Use this command to create an AAA group of RADIUS servers and to enter Server Group Configurationmode inwhich you canadd servers to thegroup Use a server groupto specify a subset of RADIUS servers in AAA commands Each RADIUS server must be configured by the radius server host command To add RADIUS servers to a server group use the server command Examples To create a RADIUS s...

Страница 1297: ...x AAA COMMANDS AAA GROUP SERVER Related Commands aaa accounting auth mac aaa accounting auth web aaa accounting dot1x aaa accounting login aaa authentication auth mac aaa authentication auth web aaa authentication dot1x aaa authentication login radius server host server Server Group show radius server group ...

Страница 1298: ...guration Default The default for the lockout time is 300 seconds 5 minutes Usage While locked out all attempts to login with the locked account will fail The lockout can be manually cleared by another privileged account using the clear aaa local user lockout command Examples To configure the lockout period to 10 minutes 600 seconds use the commands awplus configure terminal awplus config aaa local...

Страница 1299: ...d login counter reaches the limit configured by this command that user account is locked out for a specified duration configured by the aaa local authentication attempts lockout time command When a successful login occurs the failed login counter is reset to 0 When a user account is locked out all attempts to login using that user account will fail Examples To configure the number of login failure...

Страница 1300: ...he console SSH and Telnet Use the novariantof this commandtoresetthe minimumtimeperiod to itsdefault value Syntax aaa login fail delay 1 10 no aaa login fail delay 1 10 Default 1 second Mode Global configuration Example To apply a delay of at least 5 seconds between login attempts use the following commands awplus configure terminal awplus config aaa login fail delay 5 Related Commands aaa authent...

Страница 1301: ...f this command resets AAA Accounting applied to console or VTY lines for local or remote login default login accounting is applied after issuing the no accounting login command Accounting is disabled with default Syntax accounting login default list name no accounting login Default By default login accounting is disabled in the default accounting server No accounting will be performed until accoun...

Страница 1302: ...d list with privilege level 15 to VTY lines 0 to 5 use the following commands awplus configure terminal awplus config line vty 0 5 awplus config line authorization commands 15 TAC15 To reset the command authorization configuration with privilege level 15 on VTY lines 0 to 5 use the following commands awplus configure terminal awplus config line vty 0 5 awplus config line no authorization commands ...

Страница 1303: ...ommand Reference for IX5 28GPX 1303 AlliedWare Plus Operating System Version 5 4 7 0 x AAA COMMANDS AUTHORIZATION COMMANDS aaa authorization config commands tacacs server host Command changes Version 5 4 6 2 1 command added ...

Страница 1304: ...ar aaa local user lockout username username all Mode Privileged Exec Examples To unlock the user account bob use the following command awplus clear aaa local user lockout username bob To unlock all user accounts use the following command awplus clear aaa local user lockout all Related Commands aaa local authentication attempts lockout time Parameter Description username Clear lockout for the speci...

Страница 1305: ...ccounting all authentication authorization Default AAA debugging is disabled by default Mode Privileged Exec Examples To enable authentication debugging for AAA use the command awplus debug aaa authentication To disable authentication debugging for AAA use the command awplus no debug aaa authentication Related Commands show debugging aaa undebug aaa Parameter Description accounting Accounting debu...

Страница 1306: ...ication on these console or VTY lines Command Syntax login authentication default list name no login authentication Default The default login authentication method list as specified by the aaa authentication login command is used to authenticate user login If this has not been specified the default is to use the local user database Mode Line Configuration Examples To reset user authentication conf...

Страница 1307: ... proxy port Default The default port is 1645 Mode RadSecProxy AAA Configuration Mode Usage It is not necessary to change the value from the default unless UDP port 1645 is required for another purpose RADIUS requests received on this port from external devices will be ignored The port is only used for local intra device communication Example To configure change the UDP port to 7001 use the followi...

Страница 1308: ...iguration mode This application allows local RADIUS based clients on system to communicate with remote RadSec servers via a secure TLS proxy Syntax radius secure proxy aaa Mode Global Configuration Mode Example To change mode from User Exec mode to the RadSecProxy AAA configuration mode use the commands awplus configure terminal awplus config radius secure proxy aaa awplus config radsecproxy aaa R...

Страница 1309: ...t value for RADIUS servers will be used The global timeout may be changed using the radius server timeout command The default global timeout is 5 seconds Each server may be configured to use certificate name checking if not specified the global behavior defined by server name check or no server name check will be used If name checking is enabled the Common Name portion of the subject field of the ...

Страница 1310: ...RVER RADSECPROXY AAA Example To add a server which waits 3 seconds before receiving replies use the commands awplus configure terminal awplus config radius secure proxy aaa awplus config radsecproxy aaa client mynas local name check off Related Commands proxy port radius secure proxy aaa server name check server trustpoint ...

Страница 1311: ...ing the RadSecProxy AAA application to not transmit a certificate to the server NOTE Ifmutualauthenticationisdisabledontheclient AAA applicationbutenabled on the server a connection will not be established Syntax server mutual authentication no server mutual authentication Default Mutual authentication is enabled by default Mode RadSecProxy AAA Configuration Mode Example Disable mutual certificate...

Страница 1312: ...ubject field of the client s X 509 certificate must match the domain name or IP address specified in the server radsecproxy aaa command Use the no variant of this command to set the global behavior for certificate name checking to off Syntax server name check no server name check Default Certificate name checking is on by default Mode RadSecProxy AAA Configuration Mode Example Disable certificate ...

Страница 1313: ...erver must have an issuer chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the trustpoint list will be unchanged If no server trustpoint is issued without specifying any trustpoints then all trustpoints will be disassociated from the application Example You can add multiple trustpoi...

Страница 1314: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 1314 AlliedWare Plus Operating System Version 5 4 7 0 x AAA COMMANDS SERVER TRUSTPOINT server radsecproxy aaa server name check ...

Страница 1315: ...cked account successfully logs into the system after waiting for the lockout time this command will display nothing for that particular account Syntax show aaa local user locked Mode User Exec and Privileged Exec Example To display the current failed attempts for local users use the command awplus show aaa local user locked Output Figure 33 1 Example output from the show aaa local user locked comm...

Страница 1316: ...aa accounting auth mac aaa authentication auth web aaa authentication dot1x awplus show aaa server group User List Name Method Acct Event login auth default local login acct dot1x auth default radius group dot1x auth vlan30_auth rad_group_1 group dot1x auth vlan40_auth rad_group_2 group dot1x acct vlan30_acct rad_group_4 group start stop dot1x acct vlan40_acct rad_group_5 group start stop auth mac...

Страница 1317: ...isplays the current debugging status for AAA Authentication Authorization Accounting Syntax show debugging aaa Mode User Exec and Privileged Exec Example To display the current debugging status of AAA use the command awplus show debug aaa Output Figure 33 3 Example output from the show debug aaa command AAA debugging status Authentication debugging is on Accounting debugging is off ...

Страница 1318: ...r groups use the command awplus show radius server group To display a information for a RADIUS server group named rad_group_list1 use the command awplus show radius server group rad_group_list1 Output Figure 33 4 Example output from show radius server group Parameter Description group name RADIUS server group name awplus show radius server group RADIUS Group Configuration Group Name radius Server ...

Страница 1319: ...IUS SERVER GROUP Figure 33 5 Example output from show radius server group rad_group_list1 Related Commands aaa group server awplus show radius server group rad_group_list1 RADIUS Group Configuration Group Name rad_group_list1 Server Host Auth Acct Auth Acct IP Address Port Port Status Status 192 168 1 101 1812 1813 Active Active ...

Страница 1320: ...2 01 Rev C Command Reference for IX5 28GPX 1320 AlliedWare Plus Operating System Version 5 4 7 0 x AAA COMMANDS UNDEBUG AAA undebug aaa Overview This command applies the functionality of the no debug aaa command ...

Страница 1321: ...ntifier on page 1322 auth radius send service type on page 1323 deadtime RADIUS server group on page 1324 debug radius on page 1325 ip radius source interface on page 1326 radius server deadtime on page 1327 radius server host on page 1328 radius server key on page 1331 radius server retransmit on page 1332 radius server timeout on page 1334 server Server Group on page 1336 show debugging radius o...

Страница 1322: ...ntifierof NASID100 as the NAS Identifier attribute use the commands awplus configure terminal awplus config auth radius send nas identifier NASID100 To use the VLAN ID as the NAS Identifier attribute use the commands awplus configure terminal awplus config auth radius send nas identifier vlan id To stop sending the NAS Identifier attribute use the commands awplus configure terminal awplus config n...

Страница 1323: ... requests The Service Type attribute has a value of Framed 2 for 802 1x Call Check 10 for MAC authentication Unbound 5 for Web authentication Use the no variant of this command to stop including the Service Type attribute Syntax auth radius send service type no auth radius send service type Mode Global Configuration Example To send the Service Type attribute use the commands awplus configure termi...

Страница 1324: ...ADIUS server is set to 0 minutes by default Syntax deadtime 0 1440 no deadtime Default The deadtime is set to 0 minutes by default Mode Server Group Configuration Usage If the RADIUS server does not respond to a request packet the packet is retransmitted the number of times configured for the retransmit parameter after waiting for a timeout period to expire The server is then marked dead and the t...

Страница 1325: ...all Default RADIUS debugging is disabled by default Mode Privileged Exec Examples To enable debugging for RADIUS packets use the command awplus debug radius packet To enable debugging for RADIUS events use the command awplus debug radius event To disable debugging for RADIUS packets use the command awplus no debug radius packet To disable debugging for RADIUS events use the command awplus no debug...

Страница 1326: ...e interface interface ip address no ip radius source interface Default Source IP address of outgoing RADIUS packets depends on the interface the packets leave Mode Global Configuration Examples To configure all outgoing RADIUS packets to use the IP address of the interface vlan1 for the source IP address use the following commands awplus configure terminal awplus config ip radius source interface ...

Страница 1327: ... deadtime configured on the system is 0 seconds Mode Global Configuration Usage The RADIUS client considers a RADIUS server to be dead if it fails to respond to a request after it has been retransmitted as often as specified globally by the radius server retransmit command or for the server by the radius server host command To improve RADIUS response times when some servers may be unavailable set ...

Страница 1328: ... 65535 auth port 0 65535 key key string retransmit 0 100 timeout 1 1000 no radius server host host name ip address acct port 0 65535 auth port 0 65535 Parameter Description host name Server host name The DNS name of the RADIUS server host ip address The IP address of the RADIUS server host acct port Accounting port Specifies the UDP destination port for RADIUS accounting requests If 0 is specified...

Страница 1329: ...he time interval in seconds to wait for the RADIUS server to reply before retransmitting a request or considering the server dead This setting overrides the global value set by the radius server timeout command If no timeout value is specified for this server the global value is used retransmit Specifies the number of retries before skip to the next server If this parameter is not specified the gl...

Страница 1330: ...r 10 0 0 20 use the following commands awplus configure terminal awplus config no radius server host 10 0 0 20 To configure rad1 company com for authentication only use the following commands awplus configure terminal awplus config radius server host rad1 company com acct port 0 To remove the RADIUS server rad1 company com configured for authentication only use the following commands awplus config...

Страница 1331: ... key shared between this client and its RADIUS servers If no secret key is specified for a particular RADIUS server using the radius server host c ommand this global key is used After enabling AAA authentication with the aaa authentication login command set the authentication and encryption key using the radius server key command so the key entered matches the key used on the RADIUS server Example...

Страница 1332: ...ult RADIUS retransmit count on the device is 3 Mode Global Configuration Examples To set the RADIUS retransmit count to 1 use the following commands awplus configure terminal awplus config radius server retransmit 1 To set the RADIUS retransmit count to the default 3 use the following commands awplus configure terminal awplus config no radius server retransmit To configure the RADIUS retransmit co...

Страница 1333: ...Rev C Command Reference for IX5 28GPX 1333 AlliedWare Plus Operating System Version 5 4 7 0 x RADIUS COMMANDS RADIUS SERVER RETRANSMIT Related Commands radius server deadtime radius server host show radius statistics ...

Страница 1334: ...s 5 seconds Mode Global Configuration Examples To globally set the device to wait 20 seconds before retransmitting a RADIUS request to unresponsive RADIUS servers use the following commands awplus configure terminal awplus config radius server timeout 20 To set the RADIUS timeout parameter to 1 second use the following commands awplus configure terminal awplus config radius server timeout 1 To set...

Страница 1335: ... x RADIUS COMMANDS RADIUS SERVER TIMEOUT To reset the global timeout period for RADIUS servers to the default use the following command awplus configure terminal awplus config no radius server timeout Related Commands radius server deadtime radius server host radius server retransmit show radius statistics ...

Страница 1336: ...n port for accounting requests to the server To disable accounting for the server set acct port to 0 If the accounting port is missing the default port number is 1812 Use the no variant of this command to remove a RADIUS server from the server group Syntax server hostname ip address auth port 0 65535 acct port 0 65535 no server hostname ip address auth port 0 65535 acct port 0 65535 Parameter Desc...

Страница 1337: ...inal awplus config aaa group server radius RAD_AUTH1 awplus config sg server 192 168 1 1 acct port 0 awplus config sg server 192 168 2 1 auth port 1000 acct port 0 To create a RADIUS server group RAD_ACCT1 for accounting use the following commands awplus configure terminal awplus config aaa group server radius RAD_ACCT1 awplus config sg server 192 168 2 1 auth port 0 acct port 1001 awplus config s...

Страница 1338: ...isplays the current debugging status for the RADIUS servers Syntax show debugging radius Mode User Exec and Privileged Exec Example To display the current debugging status of RADIUS servers use the command awplus show debugging radius Output Figure 34 1 Example output from the show debugging radius command RADIUS debugging status RADIUS event debugging is off RADIUS packet debugging is off ...

Страница 1339: ...e show radius command showing RADIUS servers Example See the sample output below showing RADIUS client status and RADIUS configuration awplus show radius RADIUS Global Configuration Source Interface not configured Secret Key secret Timeout 5 sec Retransmit Count 3 Deadtime 20 min Server Host 192 168 1 10 Authentication Port 1812 Accounting Port 1813 Secret Key secret Timeout 3 sec Retransmit Count...

Страница 1340: ... Interface The interface name or IP address to be used for the source address of all outgoing RADIUS packets Secret Key A shared secret key to a radius server Timeout A time interval in seconds Retransmit Count The number of retry count if a RADIUS server does not response Deadtime A time interval in minutes to mark a RADIUS server as dead Interim Update A time interval in minutes to send Interim ...

Страница 1341: ...s been dead for Alive The server is alive Error The server is not responding Dead The server is detected as dead and it will not be used for deadtime period The time displayed in the output shows the server is in dead status for that amount of time Unknown The server is never used or the status is unknown Acct Status The status of the accounting port The status dead error or alive of the RADIUS ac...

Страница 1342: ...ileged Exec Example See the sample output below showing RADIUS client statistics and RADIUS configuration awplus show radius statistics Output Figure 34 4 Example output from the show radius statistics command RADIUS statistics for Server 150 87 18 89 Access Request Tx 5 Retransmit 0 Access Accept Rx 1 Access Reject Rx 2 Access Challenge Rx 2 Unknown Type 0 Bad Authenticator 0 Malformed Access Res...

Страница 1343: ...ev C Command Reference for IX5 28GPX 1343 AlliedWare Plus Operating System Version 5 4 7 0 x RADIUS COMMANDS UNDEBUG RADIUS undebug radius Overview This command applies the functionality of the no debug radius command ...

Страница 1344: ... authentication on page 1352 client name check on page 1353 client trustpoint on page 1354 clear radius local server statistics on page 1355 copy fdb radius users to file on page 1356 copy local radius user db from file on page 1358 copy local radius user db to file on page 1359 crypto pki enroll local deleted on page 1360 crypto pki enroll local local radius all users deleted on page 1361 crypto ...

Страница 1345: ...age 1376 server enable on page 1377 show crypto pki certificates deleted on page 1378 show crypto pki certificates local radius all users deleted on page 1379 show crypto pki certificates user deleted on page 1380 show crypto pki trustpoints deleted on page 1381 show radius local server group on page 1382 show radius local server nas on page 1383 show radius local server statistics on page 1384 sh...

Страница 1346: ... group If the specified attribute is already defined then it is replaced with the new value Use the no variant of this command to delete an attribute from the local RADIUS server user group Syntax attribute attribute name attribute id help attribute attribute name attribute id value no attribute attribute name attribute id Default By default no attributes are configured Mode RADIUS Server Group Co...

Страница 1347: ...es use the following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute help A list of Vendor specific Attributes displays after the list of defined Standard Attributes To get help for valid RADIUS attribute values for the attribute Service Type use the following commands awplus configure terminal awplus config...

Страница 1348: ... following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute Service Type 6 To delete the attribute Service Type from the RADIUS User Group Admin use the following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group no attribute Servi...

Страница 1349: ...enabled by default Mode RADIUS Server Configuration Examples The following commands enable EAP MD5 authentication methods on the local RADIUS server awplus configure terminal awplus config radius server local awplus config radsrv authentication eapmd5 The following commands disable EAP MD5 authentication methods on Local RADIUS server awplus configure terminal awplus config radius server local awp...

Страница 1350: ...e global behavior defined by client name check or no client name check will be used If name checking is enabled the Common Name portion of the subject field of the client s X 509 certificate must match the domain name or IP address specified in this command NOTE If mutual authentication is disabled then this parameter has no effect see the client mutual authentication command Example To add a clie...

Страница 1351: ... 50152 01 Rev C Command Reference for IX5 28GPX 1351 AlliedWare Plus Operating System Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS CLIENT RADSECPROXY SRV client trustpoint radius secure proxy local server ...

Страница 1352: ...ual certificate validation The local server application will still transmit the local server certificate to the client but will not expect or validate a certificate from the client Syntax client mutual authentication no client mutual authentication Default Mutual authentication is enabled by default Mode RadSecProxy Local Server Configuration Example Disable mutual certificate validation with the ...

Страница 1353: ...on of the subject field of the client s X 509 certificate must match the domain name or IP address specified in the client radsecproxy aaa command Use the no variant of this command to set the global behavior for certificate name checking to off Syntax client name check no client name check Default Certificate name checking is on by default Mode RadSecProxy Local Server Configuration Example Disab...

Страница 1354: ...with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the trustpoint list will be unchanged If no client trustpoint is issued without specifying any trustpoints then all trustpoints will be disassociated from the application Example You can add multiple trustpoints to the RadSecProxy local server by executing...

Страница 1355: ...ears the number of successful and failed logins for each local RADIUS server user Examples To clear the NAS Network Access Server statistics stored on the device use the command awplus clear radius local server statistics nas To clear the local RADIUS server statistics stored on the device use the command awplus clear radius local server statistics server To clear the local RADIUS server user stat...

Страница 1356: ...ocal RADIUS server users created to Flash memory nvs Copy the local RADIUS server users created to NVS memory usb Copy the local RADIUS server users created to USB storage device debug Copy the local RADIUS server users created to debug tftp Copy the local RADIUS server users created to the TFTP destination scp Copy the local RADIUS server users created to the SCP destination fserver Copy the loca...

Страница 1357: ... the specified VLAN Examples To register the local RADIUS server users from the local FDB directly to the local RADIUS server use the command awplus copy fdb radius users local radius user db To register the local RADIUS server users from the interface port1 0 1 to the local RADIUS server use the command awplus copy fdb radius users local radius user db interface port1 0 1 To copy output generated...

Страница 1358: ...al RADIUS server user database before copying the contents of specified file Syntax copy source url local radius user db add replace Default When no copy method is specified with this command the replace option is applied Mode Privileged Exec Examples To replace the current local RADIUS server user data to the contents of http datahost user csv use the following command awplus copy http datahost u...

Страница 1359: ... Values format Syntax copy local radius user db flash nvs usb tftp scp destination url Mode Privileged Exec Example Copy the current local RADIUS server user data to http datahost user csv awplus copy local radius user db http datahost user csv Related Commands copy fdb radius users to file copy local radius user db from file Parameter Description flash Copy to flash memory nvs Copy to NVS memory ...

Страница 1360: ... RADIUS SERVER COMMANDS CRYPTO PKI ENROLL LOCAL DELETED crypto pki enroll local deleted Overview This command is no longer available Please use the following command instead crypto pki enroll trustpoint Note that local is a valid name for a trustpoint so you do not need to modify existing configurations or scripts ...

Страница 1361: ...ENROLL LOCAL LOCAL RADIUS ALL USERS DELETED crypto pki enroll local local radius all users deleted Overview This command is no longer available Please use the following command instead crypto pki enroll trustpoint local radius all users Note that local is a valid name for a trustpoint so you do not need to modify existing configurations or scripts ...

Страница 1362: ...ER COMMANDS CRYPTO PKI ENROLL LOCAL USER DELETED crypto pki enroll local user deleted Overview This command is no longer available Please use the following command instead crypto pki enroll trustpoint user username Note that local is a valid name for a trustpoint so you do not need to modify existing configurations or scripts ...

Страница 1363: ...ANDS CRYPTO PKI EXPORT LOCAL PEM DELETED crypto pki export local pem deleted Overview This command is no longer available Please use the crypto pki export pem command instead crypto pki export trustpoint pem terminal url Note that local is a valid name for a trustpoint so you do not need to modify existing configurations or scripts ...

Страница 1364: ... PKI EXPORT LOCAL PKCS12 DELETED crypto pki export local pkcs12 deleted Overview This command is no longer available Please use the crypto pki export pkcs12 command instead crypto pki export trustpoint pkcs12 ca server username url Note that local is a valid name for a trustpoint so you do not need to modify existing configurations or scripts ...

Страница 1365: ...S SERVER COMMANDS CRYPTO PKI TRUSTPOINT LOCAL DELETED crypto pki trustpoint local deleted Overview This command is no longer available Please use the following command instead crypto pki trustpoint trustpoint Note that local is a valid name for a trustpoint so you do not need to modify existing configurations or scripts ...

Страница 1366: ...ev C Command Reference for IX5 28GPX 1366 AlliedWare Plus Operating System Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS DEBUG CRYPTO PKI DELETED debug crypto pki deleted Overview This command is no longer available ...

Страница 1367: ...ration Usage When both domain styles are enabled the first domain style configured has the highest priority A username login string is matched against the first domain style enabled Then if the username login string is not decoded it is matched against the second domain style enabled Examples To enable NT domain style on the local RADIUS server use the commands awplus configure terminal awplus con...

Страница 1368: ... command or the egress vlan name command and specify the tagged parameter Examples To set the Egress VLANID attribute for the NormalUsers local RADIUS server user group to VLAN identifier 200 with tagged frames use the commands awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers awplus config radsrv group egress vlan id 200 tagged To remove the Egress...

Страница 1369: ...52 01 Rev C Command Reference for IX5 28GPX 1369 AlliedWare Plus Operating System Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS EGRESS VLAN ID Related Commands attribute egress vlan name switchport voice vlan ...

Страница 1370: ...he egress vlan id command or the egress vlan name command and specify the tagged parameter Examples To configure the Egress VLAN Name attribute for the RADIUS server user group NormalUsers with the VLAN name vlan2 and all frames on this VLAN tagged use the commands awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers awplus config radsrv group egress v...

Страница 1371: ...52 01 Rev C Command Reference for IX5 28GPX 1371 AlliedWare Plus Operating System Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS EGRESS VLAN NAME Related Commands attribute egress vlan id switchport voice vlan ...

Страница 1372: ...oup Syntax group user group name no group user group name Mode RADIUS Server Configuration Examples The following command creates the user group NormalUsers awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers The following command deletes user group NormalUsers awplus configure terminal awplus config radius server local awplus config radsrv no group N...

Страница 1373: ... address key nas keystring no nas ip address Mode RADIUS Server Configuration Examples The following commands add the NAS with an IP address of 192 168 1 2 to the list of clients that may send authentication requests to the local RADIUS server Note the shared key that this NAS will use to establish its identify is NAS_PASSWORD awplus configure terminal awplus config radius server local awplus conf...

Страница 1374: ...on mode This application allows remote RadSec clients to communicate with the local RADIUS server process via a secure TLS proxy Syntax radius secure proxy local server Mode Global Configuration Mode Example To change mode from User Exec mode to the RadSecProxy local server configuration mode use the commands awplus configure terminal awplus config radius secure proxy local server awplus config ra...

Страница 1375: ...ion Example Local RADIUS Server commands are available from config radsrv configuration mode To change mode from User Exec mode to the Local RADIUS Server mode config radsrv use the commands awplus configure terminal awplus config radius server local awplus config radsrv Output Related Commands server enable show radius local server group show radius local server nas show radius local server stati...

Страница 1376: ...rt Default The default local RADIUS server UDP authentication port number is 1812 Mode RADIUS Server Configuration Examples The following commands set the RADIUS server authentication port to 10000 awplus configure terminal awplus config radius server local awplus config radsrv server auth port 10000 The following commands reset the RADIUS server authentication port back to the default UDP port of...

Страница 1377: ...e local RADIUS server stops operating Syntax server enable no server enable Default The local RADIUS server is disabled by default and must be enabled for use with this command Mode RADIUS Server Configuration Examples To enable the local RADIUS server use the following commands awplus configure terminal awplus config radius server local awplus config radsrv server enable To disable the local RADI...

Страница 1378: ...rsion 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES DELETED show crypto pki certificates deleted Overview This command is no longer available Please use the following command instead show crypto pki certificates trustpoint Note that local is a valid name for a trustpoint ...

Страница 1379: ... 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES LOCAL RADIUS ALL USERS DELETED show crypto pki certificates local radius all users deleted Overview This command is no longeravailablebecause usercertificatesarenotstoredon the system they are generated for export and then removed ...

Страница 1380: ...ing System Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES USER DELETED show crypto pki certificates user deleted Overview This command is no longeravailablebecause usercertificatesarenotstoredon the system they are generated for export and then removed ...

Страница 1381: ...Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI TRUSTPOINTS DELETED show crypto pki trustpoints deleted Overview This command is no longer available Please use the following command instead show crypto pki trustpoint trustpoint Note that local is a valid name for a trustpoint ...

Страница 1382: ...iguration Guide Syntax show radius local server group user group name Mode User Exec and Privileged Exec Example The following command displays Local RADIUS server user group information awplus show radius local server group Output Related Commands group Parameter Description user group name User group name string Table 1 Example output from the show radius local server group command Group Name Vl...

Страница 1383: ...ature Overview and Configuration Guide Syntax show radius local server nas ip address Mode User Exec and Privileged Exec Example The following command displays NAS information awplus show radius local server nas Output Related Commands nas Parameter Description ip address Specify NAS IP address for show output Table 3 Example output from the show radius local server nas command NAS Address Shared ...

Страница 1384: ...command displays Local RADIUS server statistics awplus show radius local server statistics Output Related Commands clear radius local server statistics radius server local server enable server auth port Table 5 Example output from the show radius local server statistics command Server status Run administrative status is enable Enabled methods MAC EAP MD5 EAP TLS EAP PEAP Successes 1 Unknown NAS 0 ...

Страница 1385: ...S server user information for user Tom awplus show radius local server user Tom The following command displays all Local RADIUS server information for all users awplus show radius local server user The following command displays Local RADIUS server user information for Tom in CSV format awplus show radius local server user Tom format csv Parameter Description user name RADIUS user name If no user ...

Страница 1386: ... RADIUS SERVER COMMANDS SHOW RADIUS LOCAL SERVER USER Related Commands group user RADIUS server Table 8 Parameters in the output from the show radius local server user command Parameter Description User Name User name Password User password Group Group name assigned to the user Vlan VLAN name assigned to the user ...

Страница 1387: ...plicant MAC address to configure the user name and user password parameters to use local RADIUS server for MAC Authentication See the AAA and Port_Authentication Feature Overview and Configuration_Guide for a sample MAC configuration See also the command user Parameter Description radius user name RADIUS user name This can also be a MAC address in the IEEE standard format of HH HH HH HH HH HH if y...

Страница 1388: ...nfigure terminal awplus config radius server local awplus config radsrv user Tom password QwerSD group NormalUsers The following commands remove user Tom from the local RADIUS server awplus configure terminal awplus config radius server local awplus config radsrv no user Tom The following commands add the supplicant MAC address 00 d0 59 ab 70 37 to the local RADIUS server awplus configure terminal...

Страница 1389: ... Syntax vlan vid vlan name no vlan Default VLAN information is not set by default Mode RADIUS Server Group Configuration Examples The following commands set VLAN ID 200 to the group named NormalUsers awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers awplus config radsrv group vlan 200 The following commands remove VLAN ID 200 from the group named No...

Страница 1390: ...1392 crypto pki authenticate on page 1393 crypto pki enroll on page 1394 crypto pki enroll user on page 1395 crypto pki export pem on page 1397 crypto pki export pkcs12 on page 1398 crypto pki import pem on page 1400 crypto pki import pkcs12 on page 1402 crypto pki trustpoint on page 1403 enrollment trustpoint configuration mode on page 1404 fingerprint trustpoint configuration mode on page 1405 n...

Страница 1391: ...bit lengths are more secure but require more computation time The specified key must not already exist Example To create a key with the label example server key and a bit length of 2048 use the commands awplus enable awplus crypto key generate rsa label example server key 2048 Related Commands crypto key zeroize rsakeypair trustpoint configuration mode show crypto key mypubkey rsa Parameter Descri...

Страница 1392: ...ith zeros The specified key must exist but must not be in use for any existing server certificates A key may not be deleted if it is associated with the server certificate or server certificate signing request for an existing trustpoint To remove a server certificate so that the key may be deleted use the no crypto pki enroll command to de enroll the server Example To delete an RSA key named examp...

Страница 1393: ...llment setting is terminal then this command prompts the user to paste a certificate Privacy Enhanced Mail PEM file at the CLI terminal If the certificate is a valid selfsigned CA certificate then it will be stored as the trustpoint s root CA certificate The specified trustpoint must already exist and its enrollment mode must have been defined Example To show the enrollment setting of a trustpoint...

Страница 1394: ...s command results in the direct generation of the server certificate signed by the root CA for the trustpoint If the trustpoint represents an external certificate authority then this command results in the generation of a Certificate Signing Request CSR file which is displayed at the terminal in Privacy Enhanced Mail PEM format suitable for copying and pasting into a file or message The CSR must b...

Страница 1395: ...IUS server The specified trustpoint must represent a locally self signed certificate authority The private key and certificate are packaged into a PKCS 12 formatted file suitable for export using the crypto pki export pkcs12 command The private key is encrypted for security with a passphrase that is entered at the command line The passphrase is required when the PKCS 12 file is imported on the cli...

Страница 1396: ...sion 5 4 7 0 x PUBLIC KEY INFRASTRUCTURE COMMANDS CRYPTO PKI ENROLL USER To enroll all local RADIUS users with the trustpoint example use the following commands awplus enable awplus crypto pki enroll example local radius all users Related Commands crypto pki export pkcs12 crypto pki trustpoint ...

Страница 1397: ...ed Exec Usage The specified trustpoint must already exist and it must already be authenticated Example To display the PEM file for the trustpoint example to the terminal use the following commands awplus enable awplus crypto pki export example pem terminal To export the PEM file example pem for the trustpoint example to the URL tftp server_a use the following commands awplus enable awplus crypto p...

Страница 1398: ... server certificate and thecorrespondingprivatekey iftheserverhasbeen enrolledtothetrustpoint The command prompts for a passphrase to encrypt the private key If a RADIUS username is specified this command exports the PKCS 12 file that was generated using the crypto pki enroll user command The key within the file was already encrypted as part of the user enrollment process In the event that there i...

Страница 1399: ...URE COMMANDS CRYPTO PKI EXPORT PKCS12 Example To export the PKCS 12 file example pk12 for the trustpoint example to the URL tftp backup use the following commands awplus enable awplus crypto pki export example pkcs12 ca tftp backup example pk12 Related Commands crypto pki enroll user crypto pki export pem crypto pki import pkcs12 ...

Страница 1400: ...ure they are proper CA certificates and that the issuer chain ends in a root CA certificate already installed for the trustpoint If there is no root CA certificate for the trustpoint i e if the trustpoint is unauthenticated then intermediate CA certificates may not be imported Server certificates are validated to ensure that the issuer chain ends in a root CA certificate already installed for the ...

Страница 1401: ... KEY INFRASTRUCTURE COMMANDS CRYPTO PKI IMPORT PEM To import the PEM file for the trustpoint example from the URL tftp server_a use the following commands awplus enable awplus crypto pki import example pem tftp server_a example pem Related Commands crypto pki authenticate crypto pki export pem crypto pki trustpoint ...

Страница 1402: ...here N is a non negative integer This operation is only valid if the server certificate does not already exist for the trustpoint i e if the server is not enrolled to the trustpoint PKCS 12 files for RADIUS users may not be imported with this command There is no value in doing so as the files are not needed on the local system The specified trustpoint must already exist The key and certificate mus...

Страница 1403: ...cate the trustpoint as a local self signed certificate authority The no variant of this command destroys the trustpoint by removing all CA and server certificates associated with the trustpoint as well as the private key associated with the root certificate if the root certificate was locally self signed This is a destructive and irreversible operation so this command should be used with caution E...

Страница 1404: ...the root CA certificate Privacy Enhanced Mail PEM file at the terminal when the crypto pki authenticate command is issued It will create a Certificate Signing Request CSR file for the local server when the crypto pki enroll command is issued The server certificate received from the external CA should be imported using the crypto pki import pem command The trustpoint named local may only use the se...

Страница 1405: ...ch any pre accepted value then the user will be prompted to verify the certificate contents and fingerprint visually This command is useful when certificates from an external certificate authority are being transmitted over an insecure channel If the certificate fingerprint is delivered via a separate messaging channel then pre entering the fingerprint value via cut and paste may be less errorpron...

Страница 1406: ...13 50152 01 Rev C Command Reference for IX5 28GPX 1406 AlliedWare Plus Operating System Version 5 4 7 0 x PUBLIC KEY INFRASTRUCTURE COMMANDS FINGERPRINT TRUSTPOINT CONFIGURATION MODE crypto pki import pem ...

Страница 1407: ...ed by the specified certificate the command will be rejected If the specified certificate is the root CA certificate and the trustpoint represents a locally selfsigned CA then the corresponding private key is also deleted from the system Deleting the root CA certificate effectively resets the trustpoint to an unauthenticated state Example To delete a certificate with the fingerprint 594EDEF9 C7C43...

Страница 1408: ...equest The optional numeric parameter defines the bit length for the key and is only applicable for keys that are implicitly created during enrollment This command does not affect server certificates or server certificate signing requests that have already been generated The trustpoint s server certificate is set to use whatever key pair was specified for the trustpoint at the time the crypto pki ...

Страница 1409: ...erprint a hash of the key contents to help uniquely identify a key and a list of trustpoints in which the server certificate is using the key The specified keys must exist Example To show all keys use the following commands awplus enable awplus show crypto key mypubkey rsa Output Figure 36 1 Example output from show crypto key mypubkey rsa Related Commands crypto key generate rsa Parameter Descrip...

Страница 1410: ... with the server certificate and then displays its issuer and continues up the issuer chain until the root CA certificate is reached For each certificate the command displays the certificate type the subject s distinguished name the entity identified by the certificate the issuer s distinguished name theentity thatsigned the certificate thevaliditydatesfor the certificate and the fingerprint of th...

Страница 1411: ...CN local loc lc Issuer C NZ CN local_Signing_CA Valid From Nov 11 15 35 21 2015 GMT Valid To Aug 31 15 35 21 2018 GMT Fingerprint 5A81D34C 759CC4DA CFCA9F65 0303AD83 410B03AF Intermediate CA certificate Subject C NZ CN example_Signing_CA Issuer C NZ CN example_Root_CA Valid From Sep 3 18 45 01 2015 GMT Valid To Oct 10 18 45 01 2020 GMT Fingerprint AE2D5850 9867D258 ABBEE95E 2E0E3D81 60714920 Impor...

Страница 1412: ...rustpoints using the crypto pki export pkcs12 command Syntax crypto pki enrollment user username Mode Privileged Exec Example To show the list of trustpoints to which user exampleuser1 is enrolled use the following commands awplus enable awplus config show crypto pki enrollment user exampleuser1 Output Figure 36 3 Example output from show crypto pki enrollment user Related Commands crypto pki enro...

Страница 1413: ...nfigured to use the trustpoint and the trustpoint parameters that were configured from trustpoint configuration mode The specified trustpoints must already exist Example To show the details of the trustpoint example use the following commands awplus enable awplus show crypto pki trustpoint example Output Figure 36 4 Example output from show crypto pki trustpoint Related Commands crypto pki trustpo...

Страница 1414: ...ion Usage The subject name is specified as a variable number of fields where each field begins with a forward slash character Each field is of the form XX value where XX is the abbreviation of the node type in the tree Common values include C country ST state L locality O organization OU organizational unit and CN common name Of these fields CN is usually the most important NOTE For a server certi...

Страница 1415: ...152 01 Rev C Command Reference for IX5 28GPX 1415 AlliedWare Plus Operating System Version 5 4 7 0 x PUBLIC KEY INFRASTRUCTURE COMMANDS SUBJECT NAME TRUSTPOINT CONFIGURATION Related Commands crypto pki enroll ...

Страница 1416: ...ure the device to use TACACS servers For more information about TACACS see the TACACS Feature Overview and Configuration Guide Command List authorization commands on page 1417 aaa authorization commands on page 1419 aaa authorization config commands on page 1421 ip tacacs source interface on page 1422 show tacacs on page 1423 tacacs server host on page 1425 tacacs server key on page 1427 tacacs se...

Страница 1417: ...hod list with privilege level 15 to VTY lines 0 to 5 use the following commands awplus configure terminal awplus config line vty 0 5 awplus config line authorization commands 15 TAC15 To reset the command authorization configuration with privilege level 15 on VTY lines 0 to 5 use the following commands awplus configure terminal awplus config line vty 0 5 awplus config line no authorization command...

Страница 1418: ...mand Reference for IX5 28GPX 1418 AlliedWare Plus Operating System Version 5 4 7 0 x TACACS COMMANDS AUTHORIZATION COMMANDS aaa authorization config commands tacacs server host Command changes Version 5 4 6 2 1 command added ...

Страница 1419: ...sent to the first available configured TACACS server the first server configured for authorization Parameter Description privilege level The privilege level of the set of commands the method list will be applied to AlliedWare Plus defines three sets of commands that are indexed by a level value Level 1 All commands that can be accessed by a user with privilege level between 1 and 6 inclusive Level...

Страница 1420: ...l fallback is not configured and all servers become unreachable then all commands except logout exit and quit will be denied The default method list is defined with a local fallback unless configured differently using this command Example To configure a commands authorization method list named TAC15 using all TACACS servers to authorize commands for privilege level 15 with a local fallback use the...

Страница 1421: ...tion Usage If authorization of configuration mode commands is not enabled then all configuration commands are accepted by default including command authorization commands NOTE Authorization of configuration commands is required for a secure TACACS command authorization configuration as it prevents the feature from being disabled to gain access to unauthorized exec mode commands Example To enable c...

Страница 1422: ...ures that all TACACS packets sent from the device will have the same source IP address Once configured this affects all TACACS packets namely accounting authentication and authorization If the specified interface is down or there is no IP address on the interface then the sourceIP address of outgoing TACACS packets will default to theIP address of the egress interface Example To configure all outg...

Страница 1423: ...ured Timeout 5 sec Server Host Server IP Address Status 192 168 1 10 Alive 192 168 1 11 Unknown Table 1 Parameters in the output of the show tacacs command Output Parameter Meaning Source Interface IP address of source interface if set with ip tacacs source interface Timeout A time interval in seconds Server Host IP Address TACACS server hostname or IP address Server Status The status of the authe...

Страница 1424: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 1424 AlliedWare Plus Operating System Version 5 4 7 0 x TACACS COMMANDS SHOW TACACS Command changes Version 5 4 6 2 1 Source Interface parameter added ...

Страница 1425: ...onfigured is regarded as the primary server and if the primary server fails then the backup servers are consulted in turn A backup server is consulted if the primary server fails not if a login authentication attempt is rejected The reasons a server would fail are it is not network reachable it is not currently TACACS capable Parameter Description host name Server host name The DNS name of the TAC...

Страница 1426: ...lowing commands awplus configure terminal awplus config tacacs server host tac1 company com To set the secret key to secret on the TACACS server 192 168 1 1 use the following commands awplus configure terminal awplus config tacacs server host 192 168 1 1 key secret To remove the TACACS server tac1 company com use the following commands awplus configure terminal awplus config no tacacs server host ...

Страница 1427: ...s client and its TACACS servers If no secret key is specified for a particular TACACS server using the tacacs server host command this global key is used Examples To set the global secret key to secret for TACACS server use the following commands awplus configure terminal awplus config tacacs server key secret To delete the global secret key for TACACS server use the following commands awplus conf...

Страница 1428: ...he no variant of this command resets the transmit timeout to the default 5 seconds Syntax tacacs server timeout seconds no tacacs server timeout Default The default timeout value is 5 seconds Mode Global Configuration Examples To set the timeout value to 3 seconds use the following commands awplus configure terminal awplus config tacacs server timeout 3 To reset the timeout period for TACACS serve...

Страница 1429: ...itch ports e g port1 0 2 Command List arp security on page 1431 arp security violation on page 1432 clear arp security statistics on page 1434 clear ip dhcp snooping binding on page 1435 clear ip dhcp snooping statistics on page 1436 debug arp security on page 1437 debug ip dhcp snooping on page 1438 ip dhcp snooping on page 1439 ip dhcp snooping agent option on page 1440 ip dhcp snooping agent op...

Страница 1430: ...53 service dhcp snooping on page 1455 show arp security on page 1457 show arp security interface on page 1458 show arp security statistics on page 1460 show debugging arp security on page 1462 show debugging ip dhcp snooping on page 1463 show ip dhcp snooping on page 1464 show ip dhcp snooping acl on page 1465 show ip dhcp snooping agent option on page 1468 show ip dhcp snooping binding on page 14...

Страница 1431: ...to disable ARP security on the VLANs Syntax arp security no arp security Default Disabled Mode Interface Configuration VLANs Usage Enable ARP security to provide protection against ARP spoofing DHCP snooping mustalso be enabled on the switch service dhcp snoopingcommand and on the VLANs ip dhcp snooping command Example To enable ARP security on VLANs 2 to 4 use the commands awplus configure termin...

Страница 1432: ...has ARP security enabled it drops the packet This command sets the switch to perform additional actions in response to ARP violations If a port has been shut down in response to a violation to bring it back up again after any issues have been resolved use the shutdown command Example To send SNMP notifications for ARP security violations on ports 1 0 1 to 1 0 6 use the commands awplus configure te...

Страница 1433: ...e for IX5 28GPX 1433 AlliedWare Plus Operating System Version 5 4 7 0 x DHCP SNOOPING COMMANDS ARP SECURITY VIOLATION Related Commands arp security show arp security interface show arp security statistics show log snmp server enable trap ...

Страница 1434: ...x clear arp security statistics interface port list Mode Privileged Exec Example To clear statistics for ARP security on interface port1 0 1 use the command awplus clear arp security statistics interface port1 0 1 Related Commands arp security violation show arp security show arp security statistics Parameter Description port list The ports to clear statistics for If no ports are specified statist...

Страница 1435: ...t Mode Privileged Exec Usage This command removes dynamic entries from the database Note that dynamic entries can also be deleted by using the novariant of theip dhcp snooping binding command Dynamic entries can individually restored by using the ip dhcp snooping binding command To remove static entries use the no variant of the ip source binding command Example To remove a dynamic lease entry fro...

Страница 1436: ...p snooping statistics interface port list Mode Privileged Exec Example To clear statistics for the DHCP snooping on interface port1 0 1 use the command awplus clear ip dhcp snooping statistics interface port1 0 1 Related Commands clear arp security statistics show ip dhcp snooping show ip dhcp snooping statistics Parameter Description port list The ports to clear statistics for If no ports are spe...

Страница 1437: ...verview Use this command to enable ARP security debugging Use the no variant of this command to disable debugging for ARP security Syntax debug arp security no debug arp security Default Disabled Mode Privileged Exec Example To enable ARP security debugging use the commands awplus debug arp security Related Commands show debugging arp security show log terminal monitor ...

Страница 1438: ...t detail no debug ip dhcp snooping all acl db packet detail Default Disabled Mode Privileged Exec Example To enable access list debugging for DHCP snooping use the commands awplus debug ip dhcp snooping acl Related Commands debug arp security show debugging ip dhcp snooping show log terminal monitor Parameter Description all All DHCP snooping debug acl DHCP snooping access list debug db DHCP snoop...

Страница 1439: ... one port connected to a DHCP server configured as a trusted port by using the ip dhcp snooping trust command Any ACLs on a port that permit traffic matching DHCP snooping entries and block other traffic will block all traffic if DHCP snooping is disabled on the port If you disable DHCP snooping on particular VLANs using this command you must also remove any DHCP snooping ACLs from the ports to ma...

Страница 1440: ...oping agent option no ip dhcp snooping agent option Default DHCP Relay Agent Option 82 insertion is enabled by default when DHCP snooping is enabled Mode Global Configuration Usage DHCP snooping must also be enabled on the switch service dhcp snooping command and on the VLANs ip dhcp snooping command If a subscriber ID is configured for the port ip dhcp snooping subscriber id command the switch in...

Страница 1441: ... If the switch is connected via untrusted ports to edge switches that insert DHCP Relay Agent Option 82 information into DHCP packets you may need to allow these DHCP packets through the untrusted ports by using this command When this is disabled default the switch treats incoming DHCP packets on untrusted ports that contain DHCP Relay Agent Option 82 information as DHCP snoopingviolations itdrops...

Страница 1442: ...number Mode Interface Configuration for a VLAN interface Usage The Circuit ID sub option is included in the DHCP Relay Agent Option 82 field of forwarded client DHCP packets DHCP snooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingisenabled onthe switch servicedhcp snooping and onthe VLAN to which the port belongs ip dhcp sno...

Страница 1443: ... DHCP Relay Agent Option 82 field of forwarded client DHCP packets DHCP snooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingisenabled onthe switch servicedhcp snooping and onthe VLAN to which the port belongs ip dhcp snooping Examples To set the Remote ID to myid for client DHCP packets received on vlan1 use the commands awpl...

Страница 1444: ...g binding ipaddr macaddr vlan vid interface port expiry expiry time no ip dhcp snooping binding ipaddr Mode Privileged Exec Usage Note that dynamic entries can also be deleted from the DHCP snooping database by using the clear ip dhcp snooping binding command To add or remove static entries from the database use the ip source binding command Example To restore an entry in the DHCP snooping databas...

Страница 1445: ...is only synchronized across stack members that also have USB storage devices installed If the location of the backup file is changed by using this command a new file is created in the new location and the old version of the file remains in the old location This can be removed if necessary hidden file dhcp dsn gz Example To set the location of the DHCP snooping database to non volatile storage on t...

Страница 1446: ...ed from the DHCP snooping database when matching DHCP release messages are received Mode Global Configuration Usage DHCP clients send a release message when they no longer wish to use the IP address they have been allocated by a DHCP server Use this command to enable DHCP snooping to use the information in these messages to remove entries from its database immediately Use the no variant of this co...

Страница 1447: ...lete by linkdown Default Disabled by default DHCP Snooping bindings are not deleted when an interface goes down Mode Global Configuration Usage If this command is enabled in a stack and the master goes down and is replaced by a new master entries in the DHCP snooping database for ports on the master are removed unless they are part of link aggregators that are still up Examples To set the switch t...

Страница 1448: ...hcp snooping acl command In general the default 1 will work well on an edge port with a single directly connected DHCP client If the port is on an aggregation switch that is connected to an edge switch with multiple DHCP clients connected through it then use this command to increase the number of lease entries for the port If there are multiple VLANs configured on the port the limit is shared betw...

Страница 1449: ...nooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingisenabled onthe switch servicedhcp snooping and onthe VLAN to which the port belongs ip dhcp snooping Examples To set the Subscriber ID for port 1 0 3 to room_534 use the commands awplus configure terminal awplus config interface port1 0 3 awplus config if ip dhcp snooping su...

Страница 1450: ...p snooping trust Default All ports are untrusted by default Mode Interface Configuration port Usage Typically ports connecting the switch to trusted elements in the network towards the core are set as trusted ports while ports connecting untrusted network elements are set as untrusted Configure ports connected to DHCP servers as trusted ports Example To set switch ports 1 0 1 and 1 0 2 to be trust...

Страница 1451: ... Enabled source MAC addresses are verified by default Mode Global Configuration Usage When MAC address verification is enabled the switch treats DHCP packets with source MAC address and client hardware address that do not match as DHCP snooping violations it drops them and applies any other violation action specified by the ip dhcp snooping violation command To bring the port back up again after a...

Страница 1452: ...command IP packets dropped by DHCP snooping filters do not resultin other DHCP snooping violation actions Example To set the switch to send an SNMP notification and set the link status to link down if it detects a DHCP snooping violation on switch ports 1 0 1 to 1 0 4 use the commands awplus configure terminal awplus config snmp server enable trap dhcpsnooping awplus config interface port1 0 1 por...

Страница 1453: ...amples To add a static entry to the DHCP snooping database for a client with the IP address 192 168 1 2 MAC address 0001 0002 0003 on port1 0 6 of vlan6 use the command awplus configure terminal awplus config ip source binding 192 168 1 2 0001 0002 0003 vlan 6 interface port1 0 6 To remove the static entry for IP address 192 168 1 2 from the database use the commands awplus configure terminal awpl...

Страница 1454: ...e for IX5 28GPX 1454 AlliedWare Plus Operating System Version 5 4 7 0 x DHCP SNOOPING COMMANDS IP SOURCE BINDING Related Commands clear ip dhcp snooping binding ip dhcp snooping binding show ip dhcp snooping binding show ip source binding ...

Страница 1455: ...command be enabled on the particular VLAN by using the ip dhcp snooping command have at least one port connected to a DHCP server configured as a trusted port by using the ip dhcp snooping trust command If you disable the DHCP snooping service by using the no variant of this command all DHCP snooping configuration including ARP security but excluding maximum bindings and ACLs is removed from the r...

Страница 1456: ...ntain connectivity no access group command Examples To enable DHCP snooping on the switch use the command awplus configure terminal awplus config service dhcp snooping To disable DHCP snooping on the switch use the command awplus configure terminal awplus config no service dhcp snooping Related Commands ip dhcp snooping ip dhcp snooping database ip dhcp snooping max bindings show ip dhcp snooping ...

Страница 1457: ...y interface show arp security statistics Table 1 Example output from the show arp security command awplus show arp security ARP Security Information Total VLANs enabled 2 Total VLANs disabled 11 vlan1 Disabled vlan2 Disabled vlan3 Disabled vlan4 Disabled vlan5 Disabled vlan100 Disabled vlan101 Disabled vlan102 Disabled vlan103 Disabled vlan104 Disabled vlan105 Enabled vlan1000 Disabled vlan1001 En...

Страница 1458: ... security configuration for ports use the command awplus show arp security interface Parameter Description port list The ports to display ARP security information about The port list can include switch ports and static or dynamic aggregated links Table 3 Example output from the show arp security interface command awplus show arp security interface Arp Security Port Status and Configuration Port Pr...

Страница 1459: ...p security statistics show log snmp server enable trap Table 4 Parameters in the output from the show arp security interface command Parameter Description Action The action the switch takes when it detects an ARP security violation on the port Port The port Parentheses indicate that ports are configured for provisioning LG Log Generate a log message TR Trap Generate an SNMP notification trap LD Li...

Страница 1460: ...scription detail Display detailed statistics interface port list Display statistics for the specified ports Table 5 Example output from the show arp security statistics command awplus show arp security statistics DHCP Snooping ARP Security Statistics In In Interface Packets Discards port1 0 3 20 20 port1 0 4 30 30 port1 0 12 120 0 Table 6 Parameters in the output from the show arp security statist...

Страница 1461: ...how log Table 7 Example output from the show arp security statistics detail command awplus show arp security statistics detail DHCP Snooping ARP Security Statistics Interface port1 0 3 In Packets 20 In Discards 20 No Lease 20 Bad Vlan 0 Bad Port 0 Source Ip Not Allocated 0 Interface port1 0 4 In Packets 30 In Discards 30 No Lease 30 Bad Vlan 0 Bad Port 0 Source Ip Not Allocated 0 Interface port1 0...

Страница 1462: ...ity debugging configuration Syntax show debugging arp security Mode User and Privileged Exec Example To display the debugging settings for ARP security on the switch use the command awplus show debugging arp security Related Commands arp security violation debug arp security Table 8 Example output from the show debugging arp security command awplus show debugging arp security ARP Security debuggin...

Страница 1463: ...ed Exec Example To display the DHCP snooping debugging configuration use the command awplus show debugging ip dhcp snooping Related Commands debug ip dhcp snooping show log Table 9 Example output from the show debugging ip dhcp snooping command awplus show debugging ip dhcp snooping DHCP snooping debugging status DHCP snooping debugging is off DHCP snooping all debugging is off DHCP snooping acl d...

Страница 1464: ...l show ip dhcp snooping agent option show ip dhcp snooping binding show ip dhcp snooping interface Table 10 Example output from the show ip dhcp snooping command DHCP Snooping Information DHCP Snooping service Enabled Option 82 insertion Enabled Option 82 on untrusted ports Not allowed Binding delete by client Disabled Binding delete by link down Disabled Verify MAC address Disabled SNMP DHCP Snoo...

Страница 1465: ...hardware ACL information use the command awplus show ip dhcp snooping acl hardware Parameter Description detail Detailed DHCP Snooping ACL information hardware DHCP Snooping hardware ACL information interface ACL Interface information interface list The interfaces to display information about Table 11 Example output from the show ip dhcp snooping acl command awplus show ip dhcp snooping acl DHCP S...

Страница 1466: ...0 20 0000 aaaa bbbb port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 3 dhcpsn2 cmap1 30 30 30 30 aaaa bbbb dddd port1 0 3 dhcpsn2 cmap1 40 40 40 40 0000 aaaa cccc port1 0 3 dhcpsn2 cmap1 50 50 50 50 0000 aaaa dddd port1 0 3 dhcpsn2 cmap1 60 60 60 60 0000 aaaa eeee port1 0 3 dh...

Страница 1467: ...imum Bindings 2 port1 0 4 Template filters 7 port1 0 4 Attached hardware filters 14 port1 0 4 Current bindings 1 1 free port1 0 4 Client 1 120 120 120 120 port1 0 4 Templates cheese via class map cmap2 port1 0 4 10 permit ip dhcpsnooping 100 0 0 0 8 port1 0 4 Template dhcpsn2 via class map cmap1 port1 0 4 10 permit ip dhcpsnooping any port1 0 4 20 permit ip dhcpsnooping 10 0 0 0 8 port1 0 4 30 per...

Страница 1468: ...ption interface interface list Mode User Exec and Privileged Exec Examples To display DHCP snooping Option 82 information for all interfaces use the command awplus show ip dhcp snooping agent option To display DHCP snooping Option 82 information for vlan1 use the command awplus show ip dhcp snooping agent option interface vlan1 To display DHCP snooping Option 82 information for port1 0 1 use the c...

Страница 1469: ...ip dhcp snooping interface awplus show ip dhcp snooping agent option DHCP Snooping Option 82 Configuration Key C Id Circuit Id Format R Id Remote Id S Id Subscriber Id Option 82 insertion Enabled Option 82 on untrusted ports Not allowed vlan1 C Id vlanifindex R Id Access Island 01 M1 vlan2 C Id vlantriplet R Id Access Island 01 M1 vlan3 C Id vlantriplet R Id Access Island 01 M3 vlan4 C Id vlantrip...

Страница 1470: ... 1 2 3 4 aaaa bbbb cccc 7 1 0 6 Infinite Stat 1 2 3 6 any 4077 1 0 6 Infinite Stat 1 3 4 5 any 1 sa1 Infinite Stat 111 111 100 101 0000 0000 0001 111 112 1 1 1 1 0 6 4076 Dyna 111 111 101 108 0000 0000 0108 111 112 1 1 1 1 0 6 4084 Dyna 111 111 101 109 0000 0000 0109 111 112 1 1 1 1 0 6 4085 Dyna 111 211 100 101 1 1 0 2 2147483325 Dyna 111 211 100 109 00b0 0000 0009 111 112 111 111 1 1 0 2 21 Dyna...

Страница 1471: ...ng Type The source of the entry Dyna dynamically entered by snooping DHCP traffic configured by the ip dhcp snooping binding command or loaded from the database backup file Stat added statically by the ip source binding command Total number of bindings in database The total number of dynamic and static lease entries in the DHCP snooping database Table 15 Parameters in the output from the show ip d...

Страница 1472: ...configuration information for If no ports are specified information for all ports is displayed Table 16 Example output from the show ip dhcp snooping interface command awplus show ip dhcp snooping interface DHCP Snooping Port Status and Configuration Port Provisioned ports marked with brackets e g portx y z Action LG Log TR Trap LD Link down Full Max Port Status Leases Leases Action Subscriber ID ...

Страница 1473: ...nd Parameter Description Port The port interface name Status The port status untrusted default or trusted Full Leases The number of entries in the DHCP snooping database for the port Max Leases The maximum number of entries that can be stored in the database for the port Action The DHCP snooping violation actions for the port Subscriber ID The subscriber ID for the port If the subscriber ID is lon...

Страница 1474: ...ces use the command awplus show ip dhcp snooping statistics Parameter Description detail Display detailed statistics interface interface list Display statistics for the specified interfaces The interface list can contain switch ports static or dynamic link aggregators channel groups or VLANs Table 18 Example output from the show ip dhcp snooping statistics command awplus show ip dhcp snooping stat...

Страница 1475: ...ived Invalid 0 Option 82 Received On Untrusted Port 0 Option 82 Transmit On Untrusted Port 0 Reply Received On Untrusted Port 0 Source MAC CHADDR Mismatch 0 Static Entry Already Exists 0 Interface port1 0 5 All counters 0 Interface port1 0 6 All counters 0 Table 20 Parameters in the output from the show ip dhcp snooping statistics command Parameter Description Interface The interface name In Packe...

Страница 1476: ...ile trying to insert DHCP Relay Agent Option 82 information Option 82 Received Invalid The DHCP Relay Agent Option 82 information received did not match the information inserted by DHCP Snooping Option 82 Received On Untrusted Port A packet containing DHCP Relay Agent Option 82 information was received on an untrusted port Option 82 Transmit On Untrusted Port A packet containing DHCP Relay Agent O...

Страница 1477: ...Related Commands ip source binding show ip dhcp snooping binding Table 21 Example output from the show ip source binding command awplus show ip source binding IP Source Bindings Client MAC Expires IP Address Address VLAN Port sec Type 1 1 1 1 0000 1111 2222 1 port1 0 1 Infinite Static Table 22 Parameters in the output from the show ip source binding command Parameter Description Client IP Address ...

Страница 1478: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 1478 AlliedWare Plus Operating System Version 5 4 7 0 x Part 6 Network Availability ...

Страница 1479: ...cking see VCStack Feature Overview and Configuration Guide Also note the following stacking trigger commands that are documented in the Triggers chapter type stack disabled master type stack master fail type stack member type stack link In addition to the stacking commands shown in this chapter stacking content also exists in the following commands hostname reboot reload show cpu show cpu history ...

Страница 1480: ...nter stack on page 1489 show debugging stack on page 1493 show running config stack on page 1494 show provisioning stack on page 1495 show stack on page 1496 show stack detail on page 1498 show stack resiliencylink on page 1502 stack disabled master monitoring on page 1504 stack enable on page 1505 stack management subnet on page 1507 stack management vlan on page 1508 stack priority on page 1509 ...

Страница 1481: ...7 0 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS CLEAR COUNTER STACK clear counter stack Overview This command clears all stack counters for all stack members Syntax clear counter stack Mode Privileged Exec Example To clear all stack counters awplus clear counter stack Related Commands show counter stack ...

Страница 1482: ...g link events topology discovery messages and all notable stacking events If link parameter is specified only the link events debugging information will be displayed Examples To enable debugging enter the following command on the stack master awplus debug stack To enable link debugging enter the following command on the stack master awplus debug stack link To enable topology discovery debugging en...

Страница 1483: ...r You can use this command within an AMF working set Examples To delete a file test scp that is located in Flash memory on all stack members use the following command awplus delete stack wide force test scp To remove directories output1 and output2 from an external card on all stack members use the following command awplus delete stack wide force recursive card output Command changes Version 5 4 7...

Страница 1484: ...ible for the path taken by packets travelling from host A to B to traverse different stack members than packets travelling from host B to A In this case the MAC addresses may not be learnt and traffic could be flooded Even in this case a broadcast packet from each unit such as an ARP packet would be enough to cause all stack members to learn these MAC addresses However in very unusual cases the au...

Страница 1485: ... Exec Usage If you are upgrading to a new software version the new version must also support rolling reboot NOTE When stacking is used with EPSR the EPSR failovertime must be set to at least 5 seconds to avoid any broadcast storms during failover Broadcast storms may occur if the switch cannot failover quickly enough before the EPSR failovertime expires For further information about EPSR failovert...

Страница 1486: ...Reference for IX5 28GPX 1486 AlliedWare Plus Operating System Version 5 4 7 0 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS RELOAD ROLLING reload rolling Overview This command performs the same function as the reboot rolling command ...

Страница 1487: ...System Version 5 4 7 0 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS REMOTE COMMAND DELETED remote command deleted Overview This command has been deleted in Software Version 5 4 4 1 1 and later Instead please use the remote login command and then run the command you need to run remotely ...

Страница 1488: ... commands are still applied to all stack members but show commands and commands that access the file system are executed locally The specific output obtained will vary greatly depending on the show command chosen Syntax remote login stack ID Mode Privileged Exec Usage Note that some commands such as ping or telnet are not available when the remote login is used Example To log onto stack member 2 u...

Страница 1489: ...ples To display the stacking counter information about the whole stack use the following command awplus show counter stack Figure 39 1 Example output from the show counter stack command Virtual Chassis Stacking counters Stack member 1 Topology Event counters Units joined 1 Units left 0 Links up 1 Links down 0 ID conflict 0 Master conflict 0 Master failover 0 Master elected 1 Master discovered 0 SW...

Страница 1490: ...1 Rx Layer 2 transport 0 Topology Error counters Version unsupported 0 Product unsupported 0 XEM unsupported 0 Too many units 0 Invalid messages 0 Resiliency Link counters Health status good 1 Health status bad 0 Tx 0 Tx Error 0 Rx 3600 Rx Error 0 Stack member 2 Output repeated for other stack members details not shown Table 1 Parameters in the output of the show counter stack command Parameters D...

Страница 1491: ...that this unit s physical stack link has come down Nbr re init Number of times that the neighbor is detected as having reinitialized Nbr incompatible Number of times that the neighbor is detected as incompatible Nbr 2way comms Number of times that the neighbor is in two way communication status Nbr full comms Number of times that the neighbor is in full communication status Topology message counte...

Страница 1492: ...M unsupported Number of XEM unsupported errors Too many units Number of too many units errors Invalid messages Number of invalid messages Health status good The number of times that the resiliency link has successfully carried healthchecks following a failure at startup Health status bad The number of times that the resiliency link healthcheck has timed out A timeout occurs when a backup stack mem...

Страница 1493: ...h debugging modes are currently enabled for stacking Syntax show debugging stack Mode User Exec and Privileged Exec Example To display the stack debugging mode status use the command awplus show debugging stack Figure 39 2 Example output from the show debugging stack command Related Commands debug stack Virtual Chassis Stacking debugging status VCS link debugging is on VCS topology debugging is on...

Страница 1494: ... stack show running config stack Mode Privileged Exec and Global Configuration Example To display the stacking running configuration information use the command awplus show running config stack Output Figure 39 3 Example output from the show running config stack command Related Commands show running config awplus show running config stack stack virtual mac stack virtual chassis id 1982 stack manag...

Страница 1495: ...To show provisioning use the following command awplus show provisioning Output Figure 39 4 Example output from show provisioning Related Commands show stack switch provision stack Switch provisioning summary information ID Board class Status 1 0 IX5 28 Hardware present Table 2 Parameters in the output of the show provisioning command Parameter Description ID The unit bay location of the hardware p...

Страница 1496: ...y Backup Member 3 0015 77c9 7464 128 Syncing Backup Member 4 Provisioned Operational Status Normal operation Stack MAC address 0000 cd28 07e1 Table 3 Parameters in the output from the show stack command Parameter Description ID Stack ID MAC address Stack member MAC address Priority Stack member master election priority between 0 and 255 Note that the lowest number has the highest priority Role Sta...

Страница 1497: ...dWare Plus Operating System Version 5 4 7 0 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS SHOW STACK Related Commands show stack detail show counter stack show stack resiliencylink stack disabled master monitoring stack resiliencylink stack software auto synchronize ...

Страница 1498: ...n about the stack s overall status awplus show stack detail Figure 39 6 Example output from show stack detail Virtual Chassis Stacking detailed information Stack Status Operational Status Normal operation Management VLAN ID 4094 Management VLAN subnet address 192 168 255 0 Virtual Chassis ID 388 0x184 Virtual MAC address 0000 cd37 0184 Mixed mode Disabled Disabled Master Monitoring Enabled Stack m...

Страница 1499: ...ember Priority 3 Host name awplus 3 S W version auto synchronizaion On Resiliency link status Successful Stack port 3 0 27 status learned neighbor 1 Stack port 3 0 28 status learned neighbor 2 Table 4 Parameters in the output from the show stack detail command Parameter Description S W version auto synchronization Whether the software auto synchronization feature is turned on or off Host name The ...

Страница 1500: ...other stack members are present Not all stack ports are up One or more stacking ports may be down or stacking discovery may not have detected the neighbor successfully Stack Status The stack s overall status Note that a warning is issued if the stack is not connected in a standard ring topology Pending ID The pending stack member ID This can be changed by the If there is no pending ID the symbol w...

Страница 1501: ...Master Monitoring feature is not used Role Stack member s role in the stack this can be one of Active Master DisabledMaster The temporary master when there is a communication break within the stack but communication still exists across the resiliency link In this state all switch ports within the stack are disabled by default but a different configuration can be run by a trigger command Backup Mem...

Страница 1502: ...show stack resiliencylink Mode User Exec and Privileged Exec Example To display information about the current status of the resiliency link across the stack members use the command awplus show stack resiliencylink Output Figure 39 7 Example output from the show stack resiliencylink command awplus config show stack resiliencylink Stack member 1 Status Configured Interface vlan4093 Interface state U...

Страница 1503: ...iency link Can be one of Not configured Master or Member Configured Master only Successful Successfully receiving healthchecks from the Active Master Failed Member only Not receiving any healthchecks from the Active Master Stopped The resiliency link is configured but is inactive This may occur in a Disabled Master stack for example if the Disabled Master Monitoring feature is not used Interface T...

Страница 1504: ...oming a disabled master which has the configuration as a normal stack master except that all its switchports are shutdown For more information about the disabled master state see the VCStack Feature Overview and Configuration Guide When the DMM feature is enabled the disabled master will continue to monitor the health of the original stack master over the stack resiliency link connection If the or...

Страница 1505: ...mand will remove the selected stack member from the stack At this point the removed member will act as a stand alone master and will disable all of its ports The switch can then only be accessed via its console port Ifthe command is run on themaster then all current members of thestackwill be disabled To returnthe switch to stack membership first connect to theswitch viaits console port then run t...

Страница 1506: ...edWare Plus Operating System Version 5 4 7 0 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS STACK ENABLE Example To turn on stacking on a stackable stand alone unit use the command awplus configure terminal awplus config stack enable Related Commands reboot license ...

Страница 1507: ... command enables you to change the IP address command the subnet mask must always remain as shown The stack management IP subnet is solely used internally to the stacked devices and cannot be reached external to the stack You should only change the stack management VLAN subnet address if it causes a conflict within your network Note that several separate stacks can use the same default management ...

Страница 1508: ...gement VLAN is created and configured automatically so that the stack VLAN cannot be used in the stack s VLAN configuration commands This means you cannot enter commands such as awplus config vlan vlan stack management VLAN ID You should only change the management VLAN if the VLAN ID 4094 needs to be used in the stack s VLAN configuration If necessary you can use the no variant of this command to ...

Страница 1509: ... master Where two stack members both have the same lowest priority value then the stack member with the lowest MAC address will be elected as master NOTE Assigning a new priority value will not immediately change the current stack master In order to force a master re election after the new priority value is assigned use reboot stack member master s ID to reboot the current stack master a new stack...

Страница 1510: ...k member 2 The existing stack ID must already be assigned to an existing stack member To avoid duplicating IDs a warning message will appear if you assign a new stack ID that is currently assigned to another stack member However you can continue to renumber the stack IDs and remove ID duplications If you do not remove the duplications then one of the devices will be forced to automatically renumbe...

Страница 1511: ...sequentially This would normally be done either when the stack is initially configured or following a major reconfiguration The renumber will start on the specified stack member If that stack ID is not used by any of the existing stack members the command will be rejected The starting stack member will be renumbered with the new stack ID specified or the default of member ID of 1 The stack ID of t...

Страница 1512: ...C Command Reference for IX5 28GPX 1512 AlliedWare Plus Operating System Version 5 4 7 0 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS STACK RENUMBER CASCADE Related Commands show stack switch provision stack stack renumber ...

Страница 1513: ...master is still online but the stack will now split into two different stubs The stub containing the existing master will continue operating as normal The members in the masterless stub will now use a type stack disabled master trigger to run a configuration to form a second temporary stack This utilizes the remaining stack members resources without conflicting directly with the master s configura...

Страница 1514: ...ency link to be VLAN 4093 first create VLAN 4093 awplus configure terminal awplus config stack resiliencylink vlan4093 Then assign VLAN 4093 to the interface port in this case port1 0 1 awplus config interface port1 0 1 awplus config if switchport resiliencylink Related Commands show stack switch provision stack show stack resiliencylink stack disabled master monitoring switchport resiliencylink ...

Страница 1515: ...vice attempts to join a stack but is running a software release that is different to the other stack members the software version auto synchronization feature will copy the master s software release onto the new member If the software version auto synchronization feature is not enabled then the device will be unable to join the stack Note that the software version auto synchronization feature may ...

Страница 1516: ...virtual chassis id entered will form the last 12 bits of a pre selected MAC prefix component that is 0000 cd37 0xxx If you enable the stack virtual MAC address feature by using the stack virtual mac command without using the stack virtual chassis id command to select the virtual chassis id then the stack will select a virtual chassis id from a number within the assigned range Example To set the st...

Страница 1517: ...me the VCStack master Before enabling the virtual MAC address feature you should check that the stack s virtual chassis id is not already used by another stack in the network Otherwise the duplicate MAC addresses will cause problems for the network traffic Syntax stack virtual mac no stack virtual mac Default The stack virtual MAC address feature is disabled by default However if you manually turn...

Страница 1518: ...1 to 4 and so the command could be run to provision any stack member within this range and we advise this procedure In effect the syntax then becomes switch 1 4 provision IX5 28 However you could number the stack units with any numbers between 1 and 8 For example you could number your four stack members 1 2 7 and 8 In this case you could provision any of the stack members within this range We advi...

Страница 1519: ...rom the resiliency link VLAN Syntax switchport resiliencylink no switchport resiliencylink Mode Interface Configuration Usage Note that a resiliency link cannot be part of a static or dynamic aggregator group Examples To set the resiliency link to be VLAN 4093 First use the stack resiliencylink command to create the resiliency link vlan vlan4093 awplus configure terminal awplus config stack resili...

Страница 1520: ...N if it is connected to a Microsoft Windows PC To avoid this we recommend disabling IGMP snooping on stack local VLANs by using the command no ip igmp snooping Examples To add a stack local VLAN with the VID of 4002 and assign it to stack member 2 use the following commands awplus configure terminal awplus config vlan database awplus config vlan vlan 4002 mode stack local vlan 2 awplus config vlan...

Страница 1521: ...ng System Version 5 4 7 0 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS VLAN MODE STACK LOCAL VLAN To remove VLAN 4002 use the following commands awplus configure terminal awplus config vlan database awplus config vlan no vlan 4002 Related Commands ip igmp snooping mtu vlan database ...

Страница 1522: ... Reference for IX5 28GPX 1522 AlliedWare Plus Operating System Version 5 4 7 0 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS UNDEBUG STACK undebug stack Overview This command applies the functionality of the no debug stack command ...

Страница 1523: ...iedWare Plus Feature Overview and Configuration Guide Command List advertisement interval on page 1525 circuit failover on page 1527 debug vrrp on page 1529 debug vrrp events on page 1530 debug vrrp packet on page 1531 disable VRRP on page 1532 enable VRRP on page 1533 preempt mode on page 1534 priority on page 1536 router ipv6 vrrp interface on page 1538 router vrrp interface on page 1540 show de...

Страница 1524: ...AlliedWare Plus Operating System Version 5 4 7 0 x VRRP COMMANDS transition mode on page 1553 undebug vrrp on page 1555 undebug vrrp events on page 1556 undebug vrrp packet on page 1557 virtual ip on page 1558 virtual ipv6 on page 1560 vrrp vmac on page 1562 ...

Страница 1525: ...t interval is 1 second Mode Router Configuration Usage Note when using VRRP with VCStacking ensure the VRRP advertisement interval is larger than the VCStacking failover time to avoid VCStacking failovers causing VRRP failovers See the VRRP Feature Overview and Configuration Guide for more information about setting the advertisement interval when configuring VRRP using seconds for VRRPv2 host comp...

Страница 1526: ... interval 6 The example below shows you how to reset the advertisement interval to the default of 1 second for the VRRP IPv4 session with VR ID 5 on interface vlan2 awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router no advertisement interval The example below shows you how to configure the advertisement interval to 6 seconds for the VRRPv3 IPv6 session with VR ID 5 on...

Страница 1527: ...f VRRP is configured to monitor VLAN2 and VLAN3 with the commands awplus configure terminal awplus config interface vlan1 awplus config if ip address 192 168 1 1 24 awplus config if exit awplus config router vrrp 1 vlan1 awplus config router virtual ip 192 168 1 10 backup awplus config router priority 100 awplus config router circuit failover vlan2 10 awplus config router circuit failover vlan3 20...

Страница 1528: ...above zero if all the interfaces go down Examples To configure circuit failover on an IPv4 VRRP instance so that if interface VLAN3 goes down then the priority of VRRP instance 1 is reduced by 30 use the commands awplus configure terminal awplus config router vrrp 1 vlan2 awplus config router circuit failover vlan3 30 To remove all configured circuit failovers for the VRRP IPv4 session with VR ID ...

Страница 1529: ...s function Syntax debug vrrp all no debug vrrp all Mode Privileged Exec and Global Configuration Usage See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 debugging details Examples The example below shows you how to enable all debugging for VRRP awplus configure terminal awplus config debug vrrp all The example below shows you how to disable all debugging for V...

Страница 1530: ... Exec and Global Configuration Usage The debug vrrp events command enables the display of debug information related to VRRP internal events See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 debugging details Examples The example below shows you how to enable events debugging for VRRP awplus configure terminal awplus config debug vrrp events The example below s...

Страница 1531: ...formation about VRRPv3 debugging details Examples The example belowshows youhow to enablereceived and sentpacket debugging for VRRP awplus configure terminal awplus config debug vrrp packet The example below shows you how to enable only received packet debugging for VRRP awplus configure terminal awplus config debug vrrp packet recv The example below shows you how to enable only sent packet debugg...

Страница 1532: ...on or a VRRPv3 IPv6 session on the router Syntax disable Mode Router Configuration Usage See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 and IPv6 configuration details Examples The example below shows you how to disable the VRRP session for VRRP VR ID 5 on vlan2 awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router disable The...

Страница 1533: ...RRP session using the virtual ip or virtual ipv6 and the router vrrp interface or router ipv6 vrrp interface commands before using this command See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 and IPv6 configuration details Examples To enable the VRRP session for VRRP VR ID 5 on vlan2 use the commands awplus configure terminal awplus config router vrrp 5...

Страница 1534: ...up router to relieve a lower priority backup router By default a preemptive scheme is enabled whereby a higher priority backup virtual router that becomes available take over for the backup virtual router that was elected to become the master virtual router This preemptive scheme can be disabled using the preempt mode false command If preemption is disabled the backup virtual router that is curren...

Страница 1535: ... preempt mode false The example below shows you how to configure preempt mode as true for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router preempt mode true The example below shows you how to configure preempt mode as false for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router p...

Страница 1536: ...ce then this VRRP router functions as the master virtual router Priority also determines whether a VRRP router functions as a backup virtual router and the order of ascendancy to becoming a master virtual router if the master virtual router fails Configure the priority of each backup virtual router with a a value of 1 through 254 See the VRRP Feature Overview and Configuration Guide for more infor...

Страница 1537: ...as the priority for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router priority 101 The example below shows you how to remove the configured priority for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router no priority Related Commands circuit failover preempt mode ...

Страница 1538: ...r state You can configure up to 255 IPv4 and 255 IPv6 VRRP instances However configuring a high number of instances may adversely affect the device s performance depending on the device CPU the other protocols it is running and whether you set the advertisement interval to less than 1 second See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv6 configuration ...

Страница 1539: ...13 50152 01 Rev C Command Reference for IX5 28GPX 1539 AlliedWare Plus Operating System Version 5 4 7 0 x VRRP COMMANDS ROUTER IPV6 VRRP INTERFACE Related Commands advertisement interval circuit failover ...

Страница 1540: ...tual router when in master state You can configure up to 255 IPv4 and 255 IPv6 VRRP instances However configuring a high number of instances may adversely affect the device s performance depending on the device CPU the other protocols it is running and whether you set the advertisement interval to less than 1 second See the VRRP Feature Overview and Configuration Guide for more information about V...

Страница 1541: ...1 Rev C Command Reference for IX5 28GPX 1541 AlliedWare Plus Operating System Version 5 4 7 0 x VRRP COMMANDS ROUTER VRRP INTERFACE Related Commands advertisement interval circuit failover disable VRRP enable VRRP ...

Страница 1542: ...wise debug output is in the log file For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 debugging details Syntax show debugging vrrp Mode User Exec and Privileged Exec Example The example below shows you how to display VRR...

Страница 1543: ...Guide See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv6 configuration details Syntax show running config router vrrp Mode Privileged Exec Global Configuration Line Configuration and Interface Configuration Example The example below shows you how to display the running configuration for VRRPv3 IPv6 awplus show running config router ipv6 vrrp Output Figure ...

Страница 1544: ...rview and Configuration Guide See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 configuration details Syntax show running config router vrrp Mode Privileged Exec Global Configuration Line Configuration and Interface Configuration Example The example below shows you how to display the running configuration for VRRP IPv4 awplus show running config router vr...

Страница 1545: ...p To display brief summary output about VRRP IPv4 sessions enter the command awplus show vrrp brief Output Figure 40 3 Example output from the show vrrp command Figure 40 4 Example output from the show vrrp brief command Parameter Description brief Brief summary of VRRP sessions awplus show vrrp VMAC enabled Address family IPv4 VRRP Id 1 on interface vlan2 State AdminUp Master Virtual IP address 1...

Страница 1546: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 1546 AlliedWare Plus Operating System Version 5 4 7 0 x VRRP COMMANDS SHOW VRRP Related Commands enable VRRP disable VRRP ...

Страница 1547: ...the counters below the sample output as per RFC2787 NOTE Note that the counters displayed with this commands are the same counters as described in RFC 2787 Copyright C The Internet Society 2000 All Rights Reserved except for the Monitored Circuit Up and Monitored Circuit Down counters which are additions beyond the MIB Example To display information about VRRP SNMP counters on the console enter th...

Страница 1548: ...ith descriptions for the show vrrp counters command Counter Description Master Transitions The total number of times that this virtual router s state has transitioned to MASTER Received Advertisements The total number of VRRP advertisements received by this virtual router Internal Errors The total number of VRRP advertisement packets received for which the advertisement interval is different than ...

Страница 1549: ... of packets received with a packet length less than the length of the VRRP header Monitored Circuit Up The total number of times the monitored circuit has generated the UP event Monitored Circuit Down The total number of times the monitored circuit has generated the down event Table 2 Per VR counters with descriptions for the show vrrp counters command cont Counter Description ...

Страница 1550: ...information about VRRPv3 IPv6 configuration details Syntax show vrrp ipv6 interface Mode User Exec and Privileged Exec Example To display information about all VRRPv3 IPv6 sessions enter the command awplus show vrrp ipv6 Output Figure 40 6 Example output from the show vrrp ipv6 vlan2 command Related Commands enable VRRP disable VRRP Parameter Description interface Specify the name of the interface...

Страница 1551: ...e See the below sample output from the show vrrp command displaying information about VRRP session 1 configured on vlan2 Output shows that a Virtual IP address has been set awplus show vrrp 1 vlan2 See the below sample output from the show vrrp command displaying information about VRRP session 1 configured on vlan3 Output shows a Virtual IP address has not been set awplus show vrrp 1 vlan3 Paramet...

Страница 1552: ...S SHOW VRRP SESSION Example The following command shows information about VRRP session 5 for interface vlan2 awplus show vrrp 5 vlan2 awplus show vrrp 1 vlan3 Address family IPv4 VrId 1 Interface is vlan3 State is Initialize Virtual IP address is unset Priority is 100 Advertisement interval is 1 sec Preempt mode is TRUE ...

Страница 1553: ...hen using transition mode VRRPv2 can only use advertisements in whole second intervals Syntax transition mode true false Default The default is false Mode Router Configuration Usage See the VRRP Feature Overview and Configuration Guide for more information VRRPv3 IPv4 configuration details VRRPv3 IPv6 configuration details further information about configuring transition mode to upgrade from VRRPv...

Страница 1554: ... Version 5 4 7 0 x VRRP COMMANDS TRANSITION MODE The example below shows you how to configure IPv4 transition mode as false for VRRP VR ID 5 on vlan2 awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router transition mode false Related Commands router vrrp interface ...

Страница 1555: ...ystem Version 5 4 7 0 x VRRP COMMANDS UNDEBUG VRRP undebug vrrp Overview Use this command to disable all VRRP debugging Syntax undebug vrrp all Mode Privileged Exec Example The example below shows you how to disable all VRRP debugging awplus undebug vrrp all Related Commands debug vrrp ...

Страница 1556: ...OMMANDS UNDEBUG VRRP EVENTS undebug vrrp events Overview Use this command to disable debugging options for VRRP event troubleshooting Syntax undebug vrrp events Mode Privileged Exec Example The example below shows you how to disable VRRP event debugging awplus undebug vrrp events Related Commands debug vrrp events ...

Страница 1557: ...ged Exec Examples The example below shows you how to disable VRRP sent packet debugging awplus undebug vrrp packet send The example below shows you how to disable VRRP received packet debugging awplus undebug vrrp packet recv The example below shows you how to disable all VRRP packet debugging awplus undebug vrrp packet Related Commands debug vrrp packet Parameter Description send Disable the debu...

Страница 1558: ...VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 configuration details Examples The example below shows you how to set the virtual IP address for VRRP VR ID 5 and the router as the VRRP master awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router virtual ip 192 0 2 30 master The example below shows you how to set the virtual IPv4 addre...

Страница 1559: ...R ID 5 and the router as owner of the virtual IPv4 address awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router virtual ip 192 0 2 30 owner The example below shows you how to disable the virtual IPv4 address for VRRP VR ID 5 awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router no virtual ip Related Commands router vrrp interface enable VRRP v...

Страница 1560: ...link local addresses are used by IPv6 ND Neighbor Discovery A host s default route to a router points to the IPv6 link local address not a specific global IPv6 address for the router For the host s traffic to switch over to a backup router the IPv6 link local address of the router is used by VRRPv3 See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv6 configu...

Страница 1561: ... awplus config router virtual ipv6 fe80 1 master The example below shows you how to set the virtual IPv6 address for VRRPv3 VR ID 3 and the router as the VRRPv3 backup awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router virtual ipv6 fe80 1 backup The example below shows you disable the virtual IPv6 address for VRRPv3 VR ID 3 awplus configure terminal awplus config...

Страница 1562: ...s for any ARP responses associated with the virtual IP address or any gratuitous ARPs sent on behalf of the virtual IP address All VRRP advertisements are sent using this virtual MAC address as the source MAC address The virtual MAC address has the form 00 00 5e 00 01 VRID where VRID is the ID of the Virtual Router Syntax vrrp vmac enable disable Mode Global Configuration Examples To enable Virtua...

Страница 1563: ...h AlliedWare Plus Feature Overview and Configuration Guide Command List debug epsr on page 1565 epsr on page 1566 epsr configuration on page 1568 epsr datavlan on page 1569 epsr enhancedrecovery enable on page 1570 epsr mode master controlvlan primary port on page 1571 epsr mode transit controlvlan on page 1572 epsr priority on page 1573 epsr state on page 1574 epsr trap on page 1575 show debuggin...

Страница 1564: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 1564 AlliedWare Plus Operating System Version 5 4 7 0 x ETHERNET PROTECTION SWITCHED RING EPSRING COMMANDS undebug epsr on page 1588 ...

Страница 1565: ...n from being sent to the console msg Send the decoded received and transmitted EPSR packets to the console Using this parameter with the no debug epsr command will explicitly exclude the above packets from being sent to the console pkt Send the received and transmitted EPSR packets as raw ASCII text to the console Using this parameter with the no debug epsr command will explicitly exclude the abov...

Страница 1566: ...nstance called blue use the command awplus config epsr epsr blue hellotime 5 NOTE When stacking is used with EPSR the EPSR failovertime should be at least 5 seconds To delete the EPSR instance called blue use the command awplus config epsr Parameter Description epsr instance Name of the EPSR instance hellotime 1 32767 The number of seconds between the transmission of health check messages failover...

Страница 1567: ...re Plus Operating System Version 5 4 7 0 x ETHERNET PROTECTION SWITCHED RING EPSRING COMMANDS EPSR Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan epsr configuration epsr datavlan epsr state epsr trap reboot rolling show epsr ...

Страница 1568: ...RING COMMANDS EPSR CONFIGURATION epsr configuration Overview Use this command to enter EPSR Configuration mode so that EPSR can be configured Syntax epsr configuration Mode Global Configuration Example To change to EPSR mode use the command awplus config epsr configuration Related Commands epsr mode master controlvlan primary port epsr show epsr ...

Страница 1569: ...94 using the epsr datavlan command Examples To add vlan3 to the EPSR instance called blue use the command awplus config epsr epsr blue datavlan vlan3 To add vlan2 and vlan3 to the EPSR instance called blue use the command awplus config epsr epsr blue datavlan vlan2 vlan3 To remove vlan3 from the EPSR instance called blue use the command awplus config epsr no epsr blue datavlan vlan3 To remove vlan...

Страница 1570: ...e than one break partially mends For more information see the EPSR Feature Overview and Configuration Guide The no variant of this command disables the enhanced recovery mode Syntax epsr epsr instance enhancedrecovery enable no epsr epsr instance enhancedrecovery enable Default Default is that enhanced recovery mode disabled Mode EPSR Configuration Example To apply enhanced recovery on the EPSR in...

Страница 1571: ...gainst this because in certain situations it can produce unpredictable results Mode EPSR Configuration Example To create a master EPSR instance called blue with vlan2 as the control VLAN and port1 0 1 as the primary port use the command awplus config epsr epsr blue mode master controlvlan vlan2 primaryport port1 0 1 Related Commands epsr mode transit controlvlan show epsr Parameter Description eps...

Страница 1572: ...r static channels an algorithm selects the two ports or channels with the lowest number to be the ring ports However if the switch has only one channel group is defined to the control vlan EPSR will not operate on the secondary port EPSR does not support Dynamic link aggregation LACP Mode EPSR Configuration Example To create a transit EPSR instance called blue with vlan2 as the control VLAN use th...

Страница 1573: ...on Syntax epsr epsr instance priority 0 127 no epsr instance priority Default The default priority of an EPSR instance on an EPSR node is 0 The negated form of this command resets the priority of an EPSR instance on an EPSR node to the default value Mode EPSR Configuration Example To set the priority of the EPSR instance called blue to the highest priority 127 use the command awplus config epsr ep...

Страница 1574: ...Syntax epsr epsr instance state enabled disabled Mode EPSR Configuration Example To enable the EPSR instance called blue use the command awplus config epsr epsr blue state enabled Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan Parameter Description epsr instance The name of the EPSR instance state The operational state of the ring enabled EPSR instance is ...

Страница 1575: ...stance The traps will no longer be sent when the EPSR instance changes state Syntax epsr epsr instance trap no epsr epsr instance trap Mode EPSR Configuration Example To enable traps for the EPSR instance called blue use the command awplus config epsr epsr blue trap To disable traps for the EPSR instance called blue use the command awplus config epsr no epsr blue trap Related Commands epsr mode ma...

Страница 1576: ...OTECTION SWITCHED RING EPSRING COMMANDS SHOW DEBUGGING EPSR show debugging epsr Overview This command shows the debugging modes enabled for EPSR Syntax show debugging epsr Mode User Exec and Privileged Exec Example To show the enabled debugging modes use the command awplus show debugging epsr Related Commands debug epsr ...

Страница 1577: ...es use the command awplus show epsr Output non superloop topology The following examples show the output display for a non superloop topology network Table 1 Example output from the show epsr command run on a transit node EPSR Information Name test2 Mode Transit Status Enabled State Links Up Control Vlan 2 Data VLAN s 10 Interface Mode Ports Only First Port port1 0 1 First Port Status Down First P...

Страница 1578: ... Control Vlan 4 Data VLAN s 20 Interface Mode Ports Only Primary Port port1 0 3 Primary Port Status Forwarding Secondary Port port1 0 4 Secondary Port Status Forwarding Hello Time 1 s Failover Time 2 s Ring Flap Time 0 s Trap Enabled Enhanced Recovery Disabled Table 3 Example output from the show epsr command run on a Master Node EPSR Information Name test4 Mode Master Status Enabled State Complet...

Страница 1579: ...Priority 12 Table 5 Parameters displayed in the output of the show epsr command Parameter on Master Node Parameter on Transit Node Description Name Name The name of the EPSR instance Mode Mode The mode in which the EPSR instance is configured either Master or Transit Status Status Indicates whether the EPSR instance is enabled or disabled State State Indicates state of the EPSR instance s state ma...

Страница 1580: ...physical control of it Note that on a master configured for SuperLoop Prevention non zero priority its secondary ring port can be physically forwarding but logically blocking This situation arises when it is not the highest priority node in the topology and so does not receive LINKS DOWN messages upon common segment breaks and a break on a common segment in its ring is preventing reception of its ...

Страница 1581: ...e master controlvlan primary port epsr mode transit controlvlan show epsr counters Enhanced Recovery Enhanced Recovery Whether the EPSR instance has enhanced recovery mode enabled SLP Priority SLP Priority The EPSR instance s priority for SuperLoop Prevention Table 5 Parameters displayed in the output of the show epsr command cont Parameter on Master Node Parameter on Transit Node Description ...

Страница 1582: ...orts on the switch use the command awplus show epsr common segments Related Commands show epsr show epsr summary show epsr counters Table 6 Example output from the show epsr common segments command EPSR Common Segments Common Seg EPSR Port Phys Ctrl Ring Ring Port Instance Mode Prio Type of Port Port Status port1 0 24 test_inst_Red Transit 127 Second Yes Fwding test_inst_Blue Transit 126 Second No...

Страница 1583: ... less than 5 seconds for a stacked device The instance is a master with its secondary port on a common segment Syntax show epsr instance config check Mode User Exec and Privileged Exec Example To check the configuration of all EPSR instances and display the results use the command awplus show epsr config check Related Commands show epsr Parameter Description instance Name of the EPSR instance to c...

Страница 1584: ...ew This command displays information about the specified EPSR instance Syntax show epsr epsr instance Mode User Exec and Privileged Exec Example To show the current settings of the EPSR instance called blue use the command awplus show epsr blue Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan show epsr counters Parameter Description epsr instance Name of the...

Страница 1585: ...verview This command displays counter information about the specified EPSR instance Syntax show epsr epsr instance counters Mode User Exec and Privileged Exec Example To show the counters of the EPSR instance called blue use the command awplus show epsr blue counters Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan show epsr Parameter Description epsr instan...

Страница 1586: ...W EPSR COUNTERS show epsr counters Overview This command displays counter information about all EPSR instances Syntax show epsr counters Mode User Exec and Privileged Exec Example To show the counters of all EPSR instances use the command awplus show epsr counters Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan show epsr ...

Страница 1587: ...ut from the show epsr summary command EPSR Summary Information Abbreviations M Master node T Transit node C is on a common segment with other instances P instance on a common segment has physical control of the shared port s data VLAN blocking LB ring port is Logically Blocking applicable to master only EPSR Ctrl Primary 1st Secondary 2nd Instance Mode Status State VLAN Prio Port Status Port Statu...

Страница 1588: ... for IX5 28GPX 1588 AlliedWare Plus Operating System Version 5 4 7 0 x ETHERNET PROTECTION SWITCHED RING EPSRING COMMANDS UNDEBUG EPSR undebug epsr Overview This command applies the functionality of the no variant of the debug epsr command ...

Страница 1589: ...iguration Guide Command List clear g8032 erp instance on page 1591 clear g8032 erp instance statistics on page 1592 data traffic on page 1593 debug g8032 on page 1594 enable G 8032 on page 1595 erp instance on page 1596 g8032 erp instance on page 1597 g8032 forced switch erp instance on page 1599 g8032 manual switch erp instance on page 1600 g8032 physical ring on page 1601 g8032 profile on page 1...

Страница 1590: ...7 0 x G 8032 ETHERNET RING PROTECTION SWITCHING COMMANDS show g8032 erp instance statistics on page 1616 show g8032 physical ring on page 1618 show g8032 profile on page 1619 sub ring on page 1621 timer G 8032 on page 1622 topology change on page 1624 trap G 8032 on page 1626 undebug g8032 on page 1627 ...

Страница 1591: ...used on an ERP instance where a forced switch or manual switch command has been successfully entered to clear that action The command will be ignored if a force switch or manual switch command had not been previously entered successfully even if such node is in the FORCED_SWITCH or MANUAL_SWITCH state Examples To trigger a reversion immediately without waiting for a timer to expire on an ERP insta...

Страница 1592: ...Exec Usage A G 8032 ERP instance keeps statistical data as counts on a variety of data such as the number of certain types of Ring Automatic Protection Switching R APS messages sent and received over its ring port s and error conditions detected Use this command to clear the statistics data Example To clear the statistics for an ERP instance named blue use the following command awplus clear g8032 ...

Страница 1593: ...ce The data VLAN s must already exist The data VLAN s port members should be members of the ring interface s but it is not enforced When a data traffic VLAN s is removed any blocks that were in place on the ring ports for this VLAN s are removed The user should make sure when removing the VLAN s from the ERP instance that a loop is not formed Data traffic VLAN s can be added or removed while the E...

Страница 1594: ...sable G 8032 debugging Syntax debug g8032 all event rx tx no debug g8032 all event rx tx Mode Privileged Exec Example To enable all G 8032 debugging use the following command awplus debug g8032 all Related Commands show debugging show debugging g8032 undebug g8032 Command changes Version 5 4 7 0 1 command added Parameter Description all Turn on all G 8032 debugging event Turn on G 8032 Event debug...

Страница 1595: ...e modes of operation Once a ring failure has abated a G 8032 ring instance will check its mode of operation and if the mode is revertive it will attempt to revert back to where the RPL Owner controls the blocking of the ring Otherwise it operates in non revertive mode Example To enable revertive mode for a profile named prof_1 use the following commands awplus config g8032 profile prof_1 awplus g8...

Страница 1596: ...ked Otherwise the node will block one of its ring ports All the nodes will send Ring Automatic Protection Switching R APS messages initially The G 8032 protocol and state machines will transition the ring into another more appropriate state When disabled the ERP instance will no longer process incoming R APS messages for that instance nor send any R APS messages The raps channel VLAN and any data ...

Страница 1597: ... ERP instance is made up of two ERP ring ports a Control VLAN that carries Ring Automatic Protection Switching R APS messages and zero one or more Protected traffic data VLANs that the instance protects when the ring fails An ERP instance must be associated with a G 8032 physical ring and a G 8032 profile Example To enter the context of an instance named blue use the following commands awplus conf...

Страница 1598: ...lliedWare Plus Operating System Version 5 4 7 0 x G 8032 ETHERNET RING PROTECTION SWITCHING COMMANDS G8032 ERP INSTANCE rpl role show g8032 erp instance show g8032 erp instance statistics sub ring topology change Command changes Version 5 4 7 0 1 command added ...

Страница 1599: ...r the clearing of a failure If a node that was issued a Force Switch command later fails then it becomes difficult to remove the Force Switch condition from the ring In this situation the operator has to go to the nodes that are adjacent to the failed node and for each one issue a Forced Switch command on the ring link facing the failed node followed by a Clear command If the G 8032 Physical Ring ...

Страница 1600: ...difference between a Manual switch and a Forced switch is that the Manual Switch will be ignored under various conditions In particular only one Manual Switch is allowed on a G 8032 ring at a time If the G 8032 Physical Ring instance associated with the specified ERP instance is set to terminating interface then only one ring port is available and terminating interface must be used in this command...

Страница 1601: ...s When only a single port is used it is referred to as a Terminating port Example To create a physical ring profile named red where the East interface port is port1 0 5 and the West interface port is port1 0 6 use the following commands awplus configure terminal awplus config g8032 physical ring red east interface port1 0 5 west interface port1 0 6 Related Commands physical ring rpl role show g803...

Страница 1602: ... C Command Reference for IX5 28GPX 1602 AlliedWare Plus Operating System Version 5 4 7 0 x G 8032 ETHERNET RING PROTECTION SWITCHING COMMANDS G8032 PHYSICAL RING sub ring Command changes Version 5 4 7 0 1 command added ...

Страница 1603: ... the name default profile will exist in the system and is used by default by an ERP instance All the parameters in the default profile take on the default values Mode Global Configuration Example To enter the context of a profile named prof_1 use the following commands awplus config g8032 profile prof_1 awplus g8032 profile config Related Commands enable G 8032 profile name show g8032 profile time...

Страница 1604: ...tance will use the configured level for sending R APS messages and is the level that the instance expects to receive If the node receives an R APS message with the improper level then the message will not be processed The ERP instance must be disabled to change the level otherwise the setting is denied Example To set the R APS message level field for an ERP instance named blue to 3 use the followi...

Страница 1605: ...has two ring ports unless it is at the end of a sub ring in which case it has only one ring port Ring port s are specified using a G 8032 physical ring instance This command can only be accepted when the ERP instance is disabled Example To configure an ERP instance named blue to use a physical ring instance named red use the following commands awplus config g8032 erp instance blue awplus g8032 con...

Страница 1606: ...ses a profile which contains timer configurations and configurations for revertive modes of operation This configuration can be accepted regardless of the ERP instance being disabled or enabled Any parameters from a changed profile will take effect the next time the G 8032 state machine uses the parameters in the updated profile Example To associate a G 8032 profile named prof_1 with a G 8032 ERP ...

Страница 1607: ...or carrying an R APS message This VLAN is also used to identify the proper ring instance to all the other nodes in the ring The VLAN must be tagged members of the G 8032 physical ring instance associated with this ERP instance A G 8032 physical ring instance must be associated with this ERP instance The ERP instance can not be enabled until this raps channel VLAN has been configured properly The E...

Страница 1608: ... for the other ring port When using this command to set the RPL role to none an interface need not be specified as this command will set all the ring ports RPL role to none The command can onlybe accepted when the G 8032 ERPInstance is disabled and the ERP instance must also have an association to a ERP Physical Ring instance As in the case of a sub ring with only one physical ring port use termin...

Страница 1609: ...eference for IX5 28GPX 1609 AlliedWare Plus Operating System Version 5 4 7 0 x G 8032 ETHERNET RING PROTECTION SWITCHING COMMANDS RPL ROLE g8032 physical ring show g8032 erp instance Command changes Version 5 4 7 0 1 command added ...

Страница 1610: ...r G 8032 Syntax show debugging g8032 Mode User Exec and Privileged Exec Example To show the debugging modes enabled for G 8032 use the following command awplus show debugging g8032 Output Figure 42 1 Example output from the show debugging g8032 command Related Commands debug g8032 undebug g8032 Command changes Version 5 4 7 0 1 command added awplus show debugging g8032 G 8032 event debugging is of...

Страница 1611: ...ow g8032 erp instance blue Output Figure 42 2 Example output from the show g8032 erp instance command Parameter Description erp instance name The name of a specific G 8032 ERP instance all Use this to show all instances awplus show g8032 erp instance blue Instance Name blue Admin State enabled G 8032 State IDLE Failure of Proto TO false Phy Ring R1 East port2 0 25 West sa1 East Link Link_Unblocked...

Страница 1612: ...tance name for this instance Admin State The configured administrative state of this instance either enabled or disabled When the ERP instance is disabled all dynamic data for other parameters in this table will be shown as except for the East Link or West Link which will show the last known block or unblocked state RPL Role East Link or West Link Shows the configuration of the link s role CFM MEP...

Страница 1613: ...d in which case will be displayed if no target instances have been identified Otherwise a is displayed anyway Identifies the protocol to notify Only G8032 will be supported initially instance name Identifies the instance to notify for the given protocol TCN Flush Event Specifies if this instance as a target instance is to send out Flush FDB messages upon TCN notifications by a detecting instance I...

Страница 1614: ... the protection switch request being sent or received in the R APS message Consists of one of NR No Request for protection switching SF Signal Fail MS Manual Switch request FS Force Switch request Event Request a Flush to be performed Note this is a transient condition RPL Block Indicates whether the RPL is being blocked or not consists of one of the following RB RPL Block is being applied by the ...

Страница 1615: ...m Version 5 4 7 0 x G 8032 ETHERNET RING PROTECTION SWITCHING COMMANDS SHOW G8032 ERP INSTANCE Related Commands data traffic erp instance g8032 erp instance level G 8032 physical ring profile name rpl role sub ring topology change trap G 8032 Command changes Version 5 4 7 0 1 command added ...

Страница 1616: ... g8032 erp instance blue statistics Output Figure 42 3 Example output from the show g8032 erp instance statistics command Parameter Description erp instance name The name of a specific G 8032 ERP instance awplus show g8032 erp instance blue statistics Instance Name blue Local Clear 0 FOP TO 0 East Receiving West Receiving RAPS NR 15 RAPS NR 11 RAPS NR RB 2 RAPS NR RB 0 RAPS SF 0 RAPS SF 0 RAPS FS ...

Страница 1617: ...ved or sent RAPS NR RB The number of R APS messages with a No Request RPL Blocked NR RB being received or sent RAPS SF The number of R APS messages with Signal Fail SF being received or sent RAPS FS The number of R APS messages with Forced Switch FS being received or sent RAPS MS The number of R APS messages with Manual Switch MS being received or sent RAPS Event The number of R APS messages with ...

Страница 1618: ...Example output from the show g8032 physical ring command Related Commands g8032 physical ring Command changes Version 5 4 7 0 1 command added Parameter Description physical ring name The name of the physical ring all This shows all physical ring instances that have been configured awplus show g8032 physical ring red Ring red East port1 0 5 West port1 0 6 ERP Inst blue Table 3 Parameters in the out...

Страница 1619: ...ription erp profile name The name of the G 8032 profile that was created by the user default profile The default name of the G 8032 profile that was created automatically by the system all Using this will show all G 8032 profiles awplus show g8032 profile prof1 Profile prof1 Wait To Restore 5 mins Hold Off Timer 0 ms Guard Timer 500 ms Wait To Block 5500 ms Protection Type Revertive ERP Inst blue ...

Страница 1620: ... IX5 28GPX 1620 AlliedWare Plus Operating System Version 5 4 7 0 x G 8032 ETHERNET RING PROTECTION SWITCHING COMMANDS SHOW G8032 PROFILE Related Commands enable G 8032 g8032 profile timer G 8032 Command changes Version 5 4 7 0 1 command added ...

Страница 1621: ...gs must be attached to either a major ring one that is fully closed or to other sub rings where one of the other sub rings itself is attached to a major ring Setting the mode to sub ring should also be set for all nodes in the sub ring as the G 8032 state machine is different from that of a major ring This configuration can only be accepted when the ERP instance is disabled When the physical ring ...

Страница 1622: ...me for the G 8032 defect to clear A classic example is when the ERP Physical ring port is carried over a SONET SDH transmission system that itself has 50ms recovery times If G 8032 detects a failure then increasing this timer to some value greater than 50ms would allows the SONET SDH system to recover and have the defect that G 8032 detected disappear thus preventing the need for G 8032 to try and...

Страница 1623: ...nce for IX5 28GPX 1623 AlliedWare Plus Operating System Version 5 4 7 0 x G 8032 ETHERNET RING PROTECTION SWITCHING COMMANDS TIMER G 8032 Related Commands g8032 profile show g8032 profile Command changes Version 5 4 7 0 1 command added ...

Страница 1624: ... as a sub ring with a Terminating interface it is protecting the same data VLANs as the target instance and the target ERP instance must have two ring ports When the detecting ERP instance detects a topology change on its sub ring AlliedWare Plus will automatically determine which target ERP instance s needs to be notified It does this by comparing the same data VLANs in the detecting ERP instance...

Страница 1625: ...SWITCHING COMMANDS TOPOLOGY CHANGE Example To enable sending of R APS flush event messages on an ERP instance named blue use the following commands awplus config g8032 erp instance blue awplus g8032 config switch topology change g8032 Related Commands g8032 erp instance show g8032 erp instance Command changes Version 5 4 7 0 1 command added ...

Страница 1626: ...ed Mode G8032 Configure Switch Usage Globally ERP traps are disabled by default but can be enabled globally using the snmp server enable trap command Example To disable the SNMP traps for an ERP instance named blue use the following commands awplus config g8032 erp instance blue awplus g8032 config switch trap disabled Related Commands erp instance show g8032 erp instance snmp server enable trap C...

Страница 1627: ...or various G 8032 debug attributes Syntax undebug g8032 all event rx tx Mode Privileged Exec Example To turn off all G 8032 debugging use the following command awplus undebug g8032 all Related Commands debug g8032 show debugging g8032 Command changes Version 5 4 7 0 1 command added Parameter Description all All G 8032 debugging event G 8032 debugging events rx G 8032 debugging Receive activities t...

Страница 1628: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 1628 AlliedWare Plus Operating System Version 5 4 7 0 x Part 7 Network Management ...

Страница 1629: ...only link to one other AMF node They cannot form cross links or virtual links AMF naming convention When AMF is enabled on a device it will automatically be assigned a host name If a host name has already been assigned by using the command hostname on page 218 this will remain If however no host name has been assigned then the name applied will be the prefix host_ followed without a space by the M...

Страница 1630: ...backup guests synchronize on page 1655 atmf backup now on page 1656 atmf backup redundancy enable on page 1658 atmf backup server on page 1659 atmf backup stop on page 1661 atmf backup synchronize on page 1662 atmf cleanup on page 1663 atmf container on page 1664 atmf container login on page 1665 atmf controller on page 1666 atmf distribute firmware on page 1667 atmf domain vlan on page 1669 atmf ...

Страница 1631: ...mf secure mode certificate expire on page 1712 atmf secure mode certificate expiry on page 1713 atmf secure mode certificate renew on page 1714 atmf secure mode enable all on page 1715 atmf select area on page 1717 atmf virtual crosslink on page 1718 atmf virtual link on page 1720 atmf working set on page 1722 bridge group on page 1724 clear atmf links statistics on page 1725 clear atmf secure mod...

Страница 1632: ... links on page 1781 show atmf links detail on page 1783 show atmf links guest on page 1792 show atmf links guest detail on page 1794 show atmf links statistics on page 1798 show atmf nodes on page 1801 show atmf provision nodes on page 1803 show atmf secure mode on page 1804 show atmf secure mode audit on page 1806 show atmf secure mode audit link on page 1807 show atmf secure mode certificates on...

Страница 1633: ...s Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS switchport atmf crosslink on page 1830 switchport atmf guestlink on page 1832 switchport atmf link on page 1834 type atmf node on page 1835 undebug atmf on page 1838 username on page 1839 ...

Страница 1634: ...de AMF Container Configuration Usage The AMF area link connects the AMF controller on a VAA host to the AMF container Once a container has been created with the atmf container command and an area link configured with the area link command it can be enabled using the state command You can only configure a single area link on a container You will see the following message if you try and configure a ...

Страница 1635: ...ESIS MANAGEMENT FRAMEWORK AMF COMMANDS AREA LINK To remove an area link from container vac wlg 1 use the commands awplus configure terminal awplus config atmf container vac wlg 1 awplus config atmf container no area link Related Commands atmf container show atmf container Command changes Version 5 4 7 0 1 command added ...

Страница 1636: ...ber of areas supported on a controller depends on the license installed on that controller You must give each area in an AMF network a unique name and ID number Only one local area can be configured on a device You must specify a local area on each controller remote AMF master and gateway node Example To create the AMF area named New Zealand with an ID of 1 and specify that it is the local area us...

Страница 1637: ...GPX 1637 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AREA Related Commands atmf area password show atmf area show atmf area summary show atmf area nodes switchport atmf arealink remote area ...

Страница 1638: ...ally on both of the area that locally contains the controller and the remote AMF area masters The command show running config atmf will display the encrypted version of this password The encryption keys will match between the controller and the remote AMF master If multiple controller and masters exist in an area they must all have the same area configuration Example To give the AMF area named Auc...

Страница 1639: ...GPX 1639 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AREA PASSWORD Related Commands atmf area show atmf area show atmf area summary show atmf area nodes switchport atmf arealink remote area ...

Страница 1640: ...sters must be authorized by the controller and the AMF remote area masters will also need to authorized access from the AMF controller Example To authorize all AMF nodes in the pending authorization queue on an AMF master use the command awplus atmf authorize all pending To authorize a node called node2 in remote AMF area area3 use the command awplus atmf authorize node2 area area3 To authorize a ...

Страница 1641: ...X5 28GPX 1641 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AUTHORIZE show atmf secure mode certificates show atmf secure mode statistics Command changes Version 5 4 7 0 3 command added ...

Страница 1642: ...f authorize provision mac mac address no atmf authorize provision all Default The default timeout is 60 minutes Mode Privileged Exec Example To provisionally authorize all non secure AMF nodes use the command awplus atmf authorize provision all Parameter Description timeout Timeout for provisional authorization Authorization for provisioned nodes expires after the timeout period specified minutes ...

Страница 1643: ...ROVISION To authorize a node with a MAC address of 0000 cd28 0880 for 2 hours use the command awplus authorize provision timeout 120 mac 0000 cd28 0880 To remove all provisional authorization on an AMF master use the command awplus no atmf authorize provision all Related Commands show atmf authorization show atmf secure mode Command changes Version 5 4 7 0 3 command added ...

Страница 1644: ... schedule backup requests to begin at 11 am and execute twice per day 11 am and 11 pm use the following command node_1 configure terminal node_1 config atmf backup 11 00 frequency 2 CAUTION File names that comprise identical text but with differing case such as Test txt and test txt will not be recognized as being different on FAT32 based backup media such as a USB storage device However these fil...

Страница 1645: ... Note that this command can only be run on an AMF controller Syntax atmf backup area masters delete area area name node node name Mode Privileged Exec Example To delete the backup of the remote area master named well gate in the AMF area named Wellington use the command controller 1 atmf backup area masters delete area Wellington node well gate Related Commands show atmf backup area Parameter Desc...

Страница 1646: ...lt Remote area backups are disabled by default Usage Use the following commands to configure the remote area master backups atmf backup to configure when the backups begin and how often they run atmf backup server to configure the backup server We recommend using the ext3 or ext4 filesystem on external media that are used for AMF backups Example To enable scheduled backups of AMF remote area maste...

Страница 1647: ...eged Exec Example To back up all local master nodes in all areas controlled by controller 1 use the command controller 1 atmf backup area masters now To back up all local masters in the AMF area named Wellington use the command controller 1 atmf backup area masters now area Wellington To back up the local master well master in the Wellington area use the command controller 1 atmf backup area maste...

Страница 1648: ...en the active remote file server and the backup remote file server Files are copied from the active server to the remote server Note that this command is only valid on AMF controllers Syntax atmf backup area masters synchronize Mode Privileged Exec Example To synchronize backed up files between the remote file servers for all area masters use the command controller 1 atmf backup area masters synch...

Страница 1649: ...the maximum configurable speed of 1000 kBps In effect zero means unlimited Use the no variant of this command to reset to its default value of zero the maximum bandwidth in kilobytes per second kBps available when initiating an AMF backup A value of zero tells the backup process to transfer files using unlimited bandwidth Syntax atmf backup bandwidth 0 1000 no atmf backup bandwidth Default The def...

Страница 1650: ...ackup file from the external media of a specified AMF node Note that this command can only be run from an AMF master node Syntax atmf backup delete node name Mode Privileged Exec Example To delete the backup file from node2 use the following command Node_1 atmf backup delete node2 Related Commands show atmf backup atmf backup now atmf backup stop Parameter Description node name The AMF node name o...

Страница 1651: ...up enable Default Automatic AMF backup functionality is enabled on the AMF master when it is configured and external media i e an SD card or a USB storage device or remote server is detected Mode Global Configuration Usage A warning message will appear if you run the atmf backup enable command with either insufficient or marginal memory availability on your external storage device You can use the ...

Страница 1652: ...Syntax atmf backup guests delete node name guest port Mode User Exec Privileged Exec Example On a parent node named node1 which in this case the user has a direct console connection to usethefollowing command to remove thebackup files of the guest node that is directly connected to port1 0 3 node1 atmf backup guests delete node1 port1 0 3 Related Command atmf backup delete atmf backup area masters...

Страница 1653: ...isable the ability of the guest nodes to be backed up Syntax atmf backup guests enable no atmf backup guests enable Default Guest node backups are enabled by default Mode Global Config Usage We recommend using the ext3 or ext4 filesystem on external media that are used for AMF backups Example On the AMF master node enable all scheduled guest node backups atmf master configure terminal atmf master ...

Страница 1654: ... now node name guest port Default N A Mode Privileged Exec Example Use the following command to manually trigger the backup of all guests in the AMF network awplus atmf backup guests now Example To manually trigger the backup of a guest node connected to port 1 0 23 of node1 use the following command awplus atmf backup guests now node1 port1 0 23 Related Commands show atmf backup guest Parameter D...

Страница 1655: ...ndancy backup media such as USB storage devices This facility ensures that each device contains the same backup image files Note that this backup synchronization process will occur as part of the regular backups scheduled by the atmf backup command Syntax atmf backup guests synchronize Default N A Mode User Exec Privileged Exec Example To synchronize backups across remote file servers and storage ...

Страница 1656: ...nt backups on both masters you can apply the backup now command to the master working set This is shown in Example 4 below Example 1 In this example an AMF member has not been assigned a host name The following command is run on the AMF_Master_2 node to immediately backup the device that is identified by its MAC address of 0016 76b1 7a5e AMF_Master_2 atmf backup now host_0016_76b1_7a5e NOTE When a...

Страница 1657: ...nex and store the configuration on both masters use the following process From the AMF_master_1 set the working set to comprise only of the automatic group master nodes AMF_Master_1 atmf working set group master This command returns the following display Backup the AMF member with the host name office_annex on both the master nodes as defined by the working set AMF_Master 2 atmf backup now office_...

Страница 1658: ...r supports any removable media SD card USB it uses the removable media as the redundant backup for the AMF data backup This feature is valid only if remote file servers are configured on the AMF Master or Controller We recommend using the ext3 or ext4 filesystem on external media that are used for AMF backups Example To enable AMF backup redundancy use the commands awplus configure terminal awplus...

Страница 1659: ...mmands AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 1 192 168 1 1 username backup1 Parameter Description id Remote server backup server identifier 1 2 The backup server identifier number 1 or 2 Note that there can be up to two backup servers numbered 1 and 2 respectively and you would need to run this command separately for each server hostlocation Either the name or t...

Страница 1660: ...2 with a hostname and username use the command AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 2 www example com username backup2 To configure server 2 with a hostname and username in addition to the optional path and port parameters use the command AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 2 www example com username backup2 path tokyo port...

Страница 1661: ...is command separately on each master node or add both masters to a working set and issue this command to the working set Note that this command can only be run on a master node Syntax atmf backup stop Mode Privileged Exec Usage This command is used to halt an AMF backup that is in progress In this situation the backup process will finish on its current node and then stop Example To stop a backup t...

Страница 1662: ...o its backup remote file server Note that this process happens automatically each time the network is backed up Note that this command can only be run from a master node Syntax atmf backup synchronize Mode Privileged Exec Example When connected to the master node AMF_Master_1 the following command will initiate a backup of all system related files from its active remote file server to its backup r...

Страница 1663: ...t then reboots to put the device in a clean state ready to be used as a replacement node on a provisioned port Syntax atmf cleanup Mode Privileged Exec Usage This command is an alias to the erase factory default command Note that this command can only be used on standalone switches not stacked switches Example To erase data use the command Node_1 atmf cleanup This command will erase all NVS all fl...

Страница 1664: ...nfiguration Guide for more information on running multiple tenants on a single VAA host Use the no variant of this command to remove an AMF container Syntax atmf container container name no atmf container container name Mode AMF Container Configuration Usage You cannot delete a container while it is still running First use the state disable command to stop the container Examples To create or updat...

Страница 1665: ...ation Guide for more information on running multiple tenants on a single VAA host Syntax atmf container login container name Mode Privileged Exec Usage If you try to login to a AMF container that has not been created or is not running you will see the following message Container does not exist or is not running To exit from a container and return to the host VAA press Ctrl a q Example To login to ...

Страница 1666: ... valid AMF controller license is not available on the device the device will accept this command but will not act as a controller until you install a valid license The following message will warn you of this An AMF Controller license must be installed before this feature will become active NOTE If the AMF controller functionality is removed from a device using the no atmf controller command then t...

Страница 1667: ...nameisupdatedusingthe bootsystemcommand Theoldrelease will become the backup release file If a release file exists in a remote device such as TFTP or HTTP for example then the URL should specify the exact release filename without using a wild card character The command will continue to upgrade software until all nodes are upgraded At the end of the upgrade cycle the command should be used on the w...

Страница 1668: ...e File Status Team1 x510 5 4 6 1 4 rel Release ready Team2 x610 5 4 6 1 4 rel Release ready Team3 x610 5 4 6 1 4 rel Release ready Continue the rolling reboot y n y Copying Release x510 5 4 6 1 4 rel to Team1 Updating Release x510 5 4 6 1 4 rel information on Team1 Copying Release x610 5 4 6 1 4 rel to Team2 Updating Release x610 5 4 6 1 4 rel information on Team2 Copying Release x610 5 4 6 1 4 re...

Страница 1669: ...in VLANs each having the same VID and each being applied to a horizontal slice domain of the AMF It follows therefore thatthedomain VLANsare only applied to ports that form cross links and not to ports that form uplinks downlinks CAUTION Every member of your AMF network must have the same domain VLAN management VLAN and management subnet CAUTION If you change the domain VLAN management VLAN or man...

Страница 1670: ... execute the command in parallel leave the AMF network and attempt to rejoin through the new VLAN 4 Create the working set again using the commands master config exit master atmf working set group all 5 Save the configuration using the command test 10 write 6 The prompt will display thenumberofnodes intheAMF network Check that this is the same as the number in step 1 If it is not you will need to ...

Страница 1671: ...MMANDS ATMF DOMAIN VLAN To reset the AMF domain VLAN to its default of 4091in an existing AMF network use the following commands master atmf working set group all test 10 configure terminal test config 10 no atmf domain vlan master config exit master atmf working set group all test 10 write Related commands atmf management subnet atmf management vlan ...

Страница 1672: ... configured the AMF feature starts automatically when the device starts up Mode Global Configuration Usage The device does not auto negotiate AMF domain specific settings such as the Network Name You should therefore configure your device with any domain specific non default settings before enabling AMF Examples To turn off AMF use the command MyNode config terminal MyNode config no atmf enable To...

Страница 1673: ...es that are configured as masters are automatically assigned to the master group Use the no variant of this command to remove the membership Syntax atmf group group list no atmf group group list Mode Global Configuration Usage You can use this command to define your own arbitrary groups of AMF members based on your own network s configuration requirements Applying a node to a non existing group wi...

Страница 1674: ...d sales first add the nodes to the working set master_node atmf working set member_node_1 member_node_2 This command returns the following output confirming that the nodes member_node_1 and member_node_2 are now part of the working set Then add the members of the working set to the groups atmf net 2 configure terminal atmf net 2 config atmf group building1 sales atmf net 2 config exit atmf net 2 s...

Страница 1675: ...mode discovery method model type http enable setting guest port user name and password The no variant of this command removes the guest class Note that you cannot remove a guest class that is assigned to a port Syntax atmf guest class guest class name no atmf guest class Mode Interface Example 1 To create a guest class named camera use the following commands node1 configure terminal node1 config a...

Страница 1676: ...50152 01 Rev C Command Reference for IX5 28GPX 1676 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF GUEST CLASS show atmf links guest show atmf guests ...

Страница 1677: ...mand to reset to the default Syntax atmf log verbose 1 3 no atmf log verbose Default The default log display is 3 Usage This command is intended for use in large networks where verbose output can make the console unusable for periods of time while nodes are joining and leaving Mode Global Configuration Example To set the log verbose to noise level 2 use the command node 1 configure terminal node 1...

Страница 1678: ...ll devices the same setting so they can all rejoin the AMF network Use the no variant of this command to remove the assigned subnet Syntax atmf management subnet a b 0 0 no atmf management subnet Default 172 31 0 0 A subnet mask of 255 255 0 0 will automatically be applied Mode Global Configuration Usage Running this command will result in the creation of a further two subnets within the class B a...

Страница 1679: ... 10 nodes test 10 3 Enter the new subnet address using the commands test 10 configure terminal test config 10 atmf management subnet a b 0 0 The nodes will execute the command in parallel leave the AMF network and attempt to rejoin through the new subnet 4 Create the working set again using the commands master config exit master atmf working set group all 5 Save the configuration using the command...

Страница 1680: ...NAGEMENT SUBNET To reset the AMF management subnet address to its default of 172 31 0 0 in an existing AMF network use the following commands master atmf working set group all test 10 configure terminal test config 10 no atmf management subnet master config exit master atmf working set group all test 10 write Related commands atmf domain vlan atmf management vlan ...

Страница 1681: ...d try to rejoin it The AMF network will not be complete until you have given all devices the same setting so they can all rejoin the AMF network Use the no variant of this command to restore the VID to the default of 4092 Syntax atmf management vlan 2 4090 no atmf management vlan Default VLAN 4092 Mode Global Configuration Usage We recommend you only change the management VLAN when first creating ...

Страница 1682: ...ogging into their consoles directly NOTE The management VLAN will automatically be assigned an IP subnet address based on the value configured by the command atmf management subnet The default VLAN ID lies outside the user configurable range If you need to reset the VLAN to the default VLAN ID use the no variant of this command to do so Examples To change the AMF management VLAN to 4090 in an exis...

Страница 1683: ...r nodes may exist in a network and they must be connected by an AMF crosslink NOTE Master nodes are an essential component of an AMF network In order to run AMF an AMF License is required for each master node If the crosslink between two AMF masters fails then one of the masters will become isolated from the rest of the AMF network Use the no variant of this command to remove the device as an AMF ...

Страница 1684: ...de Global Configuration Usage The default value of 1300 will work for all AMF networks including those that involve virtual links over IPsec tunnels If there are virtual links over IPsec tunnels anywhere in the AMF network we recommend not changing this default If there are no virtual links over IPsec tunnels then this AMF MTU value may be increased for network efficiency Example To change the ATM...

Страница 1685: ...ring an AMF master node see the command atmf master Use the no variant of this command to remove the AMF network name Syntax atmf network name name no atmf network name Mode Global Configuration Usage This is one of the essential commands when configuring AMF and must be entered on each node that is to be part of the AMF A switching node master or member may be a member of only one AMF network CAU...

Страница 1686: ...ision nodename no atmf provision Default No AMF provisioning Mode Interface Configuration for a switchport a static aggregator or a dynamic channel group Usage The port should be configured as an AMF link or cross link and should be down to add or remove a provisioned node Example To provision an AMF node named node1 for port1 0 1 use the command host1 config interface port1 0 1 host1 config if at...

Страница 1687: ...st delete it before using the atmf provision node clone command When using this command it is important to be aware of the following A copy of media atmf atmf_name nodes source_node flash will be made for the provisioned node and stored in the backup media The directory node_backup_dir flash config ssh is excluded from the copy All contents of root_backup_dir nodes nodename will be deleted or over...

Страница 1688: ...he new provisioned node device3 Figure 43 2 Sample output from the show atmf backup command device1 atmf provision node device3 clone device2 Copying Successful operation device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct 2016 03 00 Backup Bandwidth Unlimited Backup Media USB Total 7446 0MB Free 7297 0MB Server Config Synchronization Unsy...

Страница 1689: ...ng this command to set a backup configuration file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the AMF remote backup media Examples To set the configuration file branch cfg on the AMF provisioned node node1 use the command MasterNodeName atmf provision node node1 configure boot config branch cfg To set the c...

Страница 1690: ... Usage When using this command to set a backup release file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the AMF remote backup media Examples To set the release file x610 5 4 6 1 4 rel on the AMF provisioned node node1 use the command MasterNodeName atmf provision node node1 configure boot system x610 5 4 6 1...

Страница 1691: ...rovision node clone must be executed before you can use other atmf provision node commands with the specified node name If a backup or provisioned node already exists for the specified node name then you must delete it before using this command A date and time is assigned to the new provisioning directory reflecting when this command was executed If there is a backup or provisioned node with the s...

Страница 1692: ...AMF Feature Overview and Configuration Guide Related commands atmf provision node clone device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct 2016 03 00 Backup Bandwidth Unlimited Backup Media USB Total 7446 0MB Free 7315 2MB Server Config Synchronization Unsynchronized Last Run 1 Unconfigured 2 Unconfigured Current Action Idle Started Curre...

Страница 1693: ... want to use the atmf provision node delete command to delete a provisioned node that was created in error or that is no longer needed This command cannot be used to delete backups created by the AMF backup procedure In this case use the command atmf backup delete to delete the files NOTE This command allows provisioned entries to be deleted even if they have been referenced by the atmf provision ...

Страница 1694: ... provision node create device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct 2016 03 00 Backup Bandwidth Unlimited Backup Media USB Total 7446 0MB Free 7297 0MB Server Config Synchronization Unsynchronized Last Run 1 Unconfigured 2 Unconfigured Current Action Idle Started Current Node Node Name Date Time In ATMF On Media Status device1 30 Se...

Страница 1695: ...copy of the certificate file is deleted from AMF backup media Use the no variant of this command to set it back to the default This command can only be run on AMF master nodes Syntax atmf provision node nodename license cert file path URL no atmf provision node nodename license cert Default No license certificate file is specified for the provisioned node Mode Privileged Exec Usage This command is...

Страница 1696: ...mf provision nodes command Related commands show atmf provision nodes device1 show atmf provision nodes ATMF Provisioned Node Information Backup Media SD Total 3827 0MB Free 3481 1MB Node Name device2 Date Time 06 Oct 2016 23 25 44 Provision Path card atmf nodes Boot configuration Current boot image x510 5 4 6 1 4 rel file exists Backup boot image x510 5 4 6 1 3 rel file exists Default boot config...

Страница 1697: ...n the command has already been set up Otherwise an error message is shown when the command is run NOTE We advise that after running this command you return to a known working directory typically flash Example To change the working directory that happens to be on device1 to the directory of provisioned node device2 use the following command device1 atmf provision node device2 locate The directory o...

Страница 1698: ...reboot the next node in the sequence This command can take a significant amount of time to complete Syntax atmf reboot rolling force url Mode Privileged Exec Usage You can load the software from a variety of locations The latest compatible release for a node will be selected from your selected location based on the parameters and URL you have entered For example card 5 4 6 x 5 4 6 rel will select ...

Страница 1699: ...ecify the exact release filename without using wild card characters On bootup the software release is verified Should an upgrade fail the upgrading unit will revert back to its previous software version At the completion of this command a report is run showing the release upgrade status of each node NOTE Take care when removing external media or rebooting your devices Removing an external media wh...

Страница 1700: ...m3 Working set join ATMF_NETWORK 3 atmf reboot rolling ATMF Rolling Reboot Nodes Timeout Node Name Minutes SW_Team1 14 SW_Team2 8 SW_Team3 8 Continue the rolling reboot y n y ATMF Rolling Reboot Rebooting SW_Team1 SW_Team1 has left the working set Reboot of SW_Team1 has completed ATMF Rolling Reboot Rebooting SW_Team2 SW_Team2 has left the working set Reboot of SW_Team2 has completed ATMF Rolling ...

Страница 1701: ...lling Reboot Nodes Timeout Node Name Minutes New Release File Status SW_Team1 8 x510 5 4 6 0 1 rel Release Ready SW_Team2 10 x510 5 4 6 0 1 rel Release Ready SW_Team3 8 Not Supported HW_Team1 6 Incompatible Bld1_Floor_2 2 x610 5 4 6 0 1 rel Release Ready Bld1_Floor_1 4 Incompatible Building_1 2 Incompatible Building_2 2 x908 5 4 6 0 1 rel Release Ready Continue upgrading releases y n ...

Страница 1702: ...ice will poll all known AMF masters and controllers and execute an election process based on the last successful backup and its timestamp to determine which to use If no valid backup master or controller is found then this command will fail No error checking occurs when this command is run Regardless of the last backup status the recovering node will attempt to load its configuration from the spec...

Страница 1703: ...sion 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF RECOVER Example To recover the AMF node named Node_10 from the AMF master node named Master_2 use the following command Master_2 atmf recover Node_10 master Master_2 Related Commands atmf backup stop show atmf backup show atmf ...

Страница 1704: ...ent by reloading its backup file set that is located within the AMF backup system Note that this command must be run on the edge node device that connects to the guest node Syntax atmf recover guest guest port Mode User Exec Privileged Exec Example To recover a guest on node1 port1 0 1 use the following command node1 atmf recover guest port1 0 1 Related Commands show atmf backup guest Parameter De...

Страница 1705: ...nction to their normal operational mode and in doing so assists with resolving the recovery problem You can repeat this process until the recovery failure has been resolved For more information see the AMF Feature Overview and Configuration Guide Syntax atmf recover led off Default Normal operational mode Mode Privileged Exec Example To revert the LEDs on Node1 from recovery mode display to their ...

Страница 1706: ...er account that does not exist on the second node provided that atmf restricted login is disabled and the user account on the first node has privilege level 15 Moreover it is possible to use a RADIUS or TACACS server to manage user authentication so users can log into AMF nodes using user accounts that are present on the RADIUS or TACACS server and not present in the local user databases of the AM...

Страница 1707: ...ssion on Node20 and return to Node10 s command line use the following command Node20 exit Node10 In this example user User1 is a valid user of node5 They can remotely login from node5 to node3 by using the following commands node5 atmf remote login user User1 node3 node3 enable Related Commands atmf restricted login Command changes Version 5 4 6 2 1 changes to AMF user account requirements ...

Страница 1708: ...rk This allows access to the atmf working set command from any node in the AMF network Syntax atmf restricted login no atmf restricted login Mode Privileged Exec Default Master nodes operate with atmf restricted login disabled Member nodes operate with atmf restricted login enabled NOTE The default conditions of this command vary from those applied by its no variant Thisisbecausetherestricted logi...

Страница 1709: ...d Reference for IX5 28GPX 1709 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF RESTRICTED LOGIN Command changes Version 5 4 6 2 1 changes to AMF user account requirements ...

Страница 1710: ... network Use the no variant of this command to disable AMF secure mode on an AMF node Syntax atmf secure mode no atmf secure mode Default Secure mode is disabled by default Mode Global Configuration Usage When an AMF network is running in AMF secure mode the atmf restricted login feature is automatically enabled This restricts the atmf working set command to users that are logged on to an AMF mast...

Страница 1711: ...SIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF SECURE MODE clear atmf secure mode certificates clear atmf secure mode statistics show atmf show atmf authorization show atmf secure mode show atmf secure mode certificates show atmf secure mode sa show atmf secure mode statistics Command changes Version 5 4 7 0 3 command added ...

Страница 1712: ...ileged Exec Example To remove an AMF node named node3 from an AMF network use the following command on the AMF master awplus atmf secure mode certificate expire node3 To remove an AMF node named node2 in an area named area2 use the following command on the AMF master awplus atmf secure mode certificate expire node2 area area2 Related Commands atmf secure mode show atmf secure mode show atmf secure...

Страница 1713: ...bal Configuration Example To set AMF secure mode certificate expiry to 7 days use the commands awplus configure terminal awplus config atmf secure mode certificate expiry 7 To set AMF secure mode certificates to never expire use the commands awplus configure terminal awplus config atmf secure mode certificate expiry infinite To reset the certificate expiry to 180 days use the commands awplus confi...

Страница 1714: ...network Secure mode certificates renew automatically but this command could be used to renew a certificate in a situation where the automatic renewal may happen while the device is not attached to the AMF network Syntax atmf secure mode certificate renew Mode Privileged Exec Example To renew a local certificate on a AMF member or AMF master use the command awplus atmf secure mode certificate renew...

Страница 1715: ...t of this command to disable AMF secure mode on an entire network Syntax atmf secure mode enable all no atmf secure mode enable all Default Secure mode is disabled by default Mode Privileged Exec Usage When an AMF network is running in AMF secure mode the atmf restricted login feature is automatically enabled This restricts the atmf working set command to users that are logged on to an AMF master ...

Страница 1716: ...hat ticks every 10 seconds for a maximum of 10 times and checks if all the secure mode capable nodes rejoin the AMF network NOTE Enabling or disabling secure mode on the network saves the running config on every device Example To enable AMF secure mode on the entire network use the command awplus atmf secure mode enable all You will be prompted to confirm the action To disable AMF secure mode on t...

Страница 1717: ... Privileged Exec Usage After running this command use the atmf working set command to select the set of nodes you want to access in the remote area Example To access nodes in the area Canterbury use the command controller 1 atmf select area Canterbury This displays the following output To return to the local area for controller 1 use the command controller 1 atmf select area local Alternatively to...

Страница 1718: ... command allows a virtual tunnel to be created between two remote sites over a layer 3 link The tunnel encapsulates AMF packets and allows them to be sent transparently across a Wide Area Network WAN such as the Internet Configuration involves creating a local tunnel ID a local IP address a remote tunnel ID and a remote IP address Each side of the tunnel must be configured with the same but mirror...

Страница 1719: ... virtual crosslink id 10 ip 192 168 200 1 remote id 5 remote ip 192 168 100 1 To remove this virtual crosslink run the following commands on the local site siteA configure terminal siteA config no atmf virtual crosslink id 5 On the remote site run the commands siteB configure terminal siteB config no atmf virtual crosslink id 10 Related Commands atmf virtual crosslink show atmf links switchport at...

Страница 1720: ... If the tunnel is configured to connect a head office and branch office over the Internet typically this would involve using some type of managed WAN service such as a site to site VPN Tunnels are only supported using IPv4 Configuration involves creating a local tunnel ID a local IP address a remote tunnel ID and a remote IP address A reciprocal configuration is also required on thecorrespondingre...

Страница 1721: ...2 168 1 1 remote id 2 remote ip 192 168 2 1 Node_20 config atmf virtual link id 2 ip 192 168 2 1 remote id 1 remote ip 192 168 1 1 Example 2 To set up an area virtual link to a remote site assuming IP connectivity between the sites already one site must run the following commands SiteA configure terminal SiteA config atmf virtual link id 5 ip 192 168 100 1 remote id 10 remote ip 192 168 200 1 remo...

Страница 1722: ...ything other than the local device the prompt will change to the AMF network name followed by the size of the working set shown in square brackets This command has to be run at privilege level 15 In addition to the user defined groups the following system assigned groups are automatically created Implicit Groups local The originating node current All nodes that comprise the current working set all...

Страница 1723: ...ng set use the command node1 atmf working set group all NOTE This command adds the implicit group all to the working set where all comprises all nodes in the AMF This command displays an output screen similar to the one shown below Example 2 To return to the local prompt and connect to only the local node use the command ATMF_Network_Name 6 atmf working set group local node1 The following table de...

Страница 1724: ...he no variant of this command to remove a bridge group from an AMF container Syntax bridge group bridge id no bridge group Mode AMF Container Configuration Usage Each container has two virtual interfaces 1 Interface eth0 used to connect to the AMF controller on the VAA host via an AMF area link and configured using this area link command 2 Interface eth1 used to connect to the outside world using ...

Страница 1725: ...MMANDS CLEAR ATMF LINKS STATISTICS clear atmf links statistics Overview This command resets the values of all AMF link port and global statistics to zero Syntax clear atmf links statistics Mode Privilege Exec Example To reset the AMF link statistics values use the command node_1 clear atmf links statistics Related Commands show atmf links statistics ...

Страница 1726: ...atmf secure mode certificates If this is the only master on the network you will see the following warning On an AMF member you will see the following message Related Commands atmf authorize atmf secure mode show atmf authorization show atmf secure mode certificates Command changes Version 5 4 7 0 3 command added Warning This node is the only master in the network All the nodes will become isolate...

Страница 1727: ...ar atmf secure mode statistics Overview Use this command to reset all secure mode statistics to 0 Syntax clear atmf secure mode statistics Mode Privileged Exec Example To reset the AMF secure mode statistics information use the command awplus clear atmf secure mode statistic Related Commands show atmf secure mode show atmf secure mode statistics Command changes Version 5 4 7 0 3 command added ...

Страница 1728: ...osslink arealink database neighbor error all Default All debugging facilities are disabled Mode User Exec and Global Configuration Usage If no additional parameters are specified then the command output will display all AMF debugging information including link events topology discovery messages and all notable AMF events NOTE An alias to the no variant of this command is undebug atmf on page 1838 ...

Страница 1729: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 1729 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS DEBUG ATMF Related Commands no debug all ...

Страница 1730: ... 1 both Tx and Rx a timeout of 60 seconds with no filters applied NOTE An alias to the no variant of this command undebug atmf can be found elsewhere in this chapter Mode User Exec and Global Configuration Usage If no additional parameters are specified then the command output will apply a default selection of parameters shown below debug atmf packet direction rx tx both level 1 2 3 timeout second...

Страница 1731: ...ifname Interface port or virtual link pkt type Sets the filter on packets with a particular AMF packet type 1 Crosslink Hello BPDU packet with crosslink links information Enter 1 to select this packet type 2 Crosslink Hello BPDU packet with downlink domain information Enter 2 to select this packet type 3 Crosslink Hello BPDU packet with uplink information Enter 3 to select this packet type 4 Downl...

Страница 1732: ...ET To enable send and receive 500 packets only on vlink1 for packet types 1 7 and 11 use the command node_1 debug atmf packet num pkts 500 filter interface vlink1 pkt type 1 7 11 This example applies the debug atmf packet command and combines many of its options node_1 debug atmf packet direction rx level 1 num pkts 60 filter node x610 interface port1 0 1 pkt type 4 7 10 ...

Страница 1733: ...tchport atmf guestlink command to separately assign an individual switch port to each of the guest nodes The MAC addresses of each of the guests of that class can then be learned from ARP or Neighbor discovery tables If you are using the static discovery method you must ensure that you have configured the appropriate class type for each of your statically discovered guest nodes The no variant of t...

Страница 1734: ...F COMMANDS DISCOVERY Example 2 To return the discovery method for the guest class TQ4600 1 to its default of dynamic use the following commands Node1 conf t Node1 config atmf guest class TQ4600 1 Node1 config guest no discovery Node1 config guest end Related Commands atmf guest class switchport atmf guestlink show atmf links guest show atmf nodes ...

Страница 1735: ...AA host See the AMF Feature Overview and Configuration Guide for more information on running multiple tenants on a single VAA host Use the no variant of this command to remove the description from an AMF container Syntax description description no description Mode AMF Container Configuration Example To set the description for AMF container vac wlg 1 to Wellington area use the commands awplus confi...

Страница 1736: ... device is then rebooted and returned to its factory default condition The device can then be used for AMF automatic node recovery Syntax erase factory default Mode Privileged Exec Usage This command is an alias to the atmf cleanup command Note that this command can only be used on standalone switches not stacked switches Example To erase data use the command Node_1 erase factory default This comm...

Страница 1737: ...port number no http enable Default http enable is off If http enable is selected without a port parameter the port number will default to 80 Mode ATMF Guest Configuration Mode Example 1 To enable HTTP access to a guest node on port 80 the default use the following commands node1 conf t node1 config atmf guest class Camera node1 config atmf guest http enable node1 config atmf guest Example 2 To ena...

Страница 1738: ...rence for IX5 28GPX 1738 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS HTTP ENABLE Related Commands atmf guest class switchport atmf guestlink show atmf links guest show atmf nodes ...

Страница 1739: ...pe tq to the guest class called tq_device use the following commands node1 conf t node1 config atmf guest class tq_device node1 config atmf guest modeltype tq node1 config atmf guest end Example 2 To remove the model type tq from the guest class called tq_device and reset it to the default of other use the following commands node1 conf t node1 config atmf guest class tq_device node1 config atmf gu...

Страница 1740: ...tarted with AlliedWare Plus Feature Overview and Configuration Guide Example 1 To show summary information on AMF node_1 use the following command node_1 show atmf summary Example 2 To show information specific to AMF nodes use the following command node_1 show atmf nodes Example 3 The show amf session command displays all CLI Command Line Interface sessions for users that are currently logged in ...

Страница 1741: ...node_1 show atmf tech Table 2 Output from the show atmf session command node_1 show atmf session CLI Session Neighbors Session ID 73518 Node Name node_1 PID 7982 Link type Broadcast cli MAC Address 0000 0000 0000 Options 0 Our bits 0 Link State Full Domain Controller 0 Backup Domain Controller 0 Database Description Sequence Number 00000000 First Adjacency 1 Number Events 0 DBE Retransmit Queue Le...

Страница 1742: ...MAC 0014 2299 137d Parent Domain Parent Domain Controller Parent Domain Controller MAC 0000 0000 0000 Number of Domain Events 0 Crosslink Ports Blocking 0 Uplink Ports Waiting on Sync 0 Crosslink Sequence Number 7 Domains Sequence Number 28 Uplink Sequence Number 2 Number of Crosslink Ports 1 Number of Domain Nodes 2 Number of Neighbors 5 Number of Non Broadcast Neighbors 3 Number of Link State En...

Страница 1743: ... The VLAN created for traffic between Nodes of different domain up down links VLAN ID In this example VLAN 4092 is configured as the Management VLAN Management Subnet Network prefix for the subnet Management IP Address The IP address allocated for this traffic Management Mask The subnet mask used to create a subnet for this traffic 255 255 128 0 Domain VLAN The VLAN assigned for traffic between No...

Страница 1744: ...roller 1 show atmf area The following figure shows example output from running this command on a controller The following figure shows example output from running this command on a remote master Parameter Description detail Displays detailed information area name Displays information about master and gateway nodes in the specified area only Table 5 Example output from the show atmf area command on...

Страница 1745: ...a has not been established This could meanthat a port or vlan is down or that inconsistent VLANs have been configured using the switchport atmf arealink remote area command N A for the area of the controller or remote master on which the command is being run because the gateway node on that device is local Auth Start which may indicate that the area names match on the controller and remote master ...

Страница 1746: ... atmf area summary show atmf area nodes show atmf area nodes detail Table 8 Output from the show atmf area detail command controller 1 show atmf area detail ATMF Area Detail Information Controller distance 0 Controller Id 21 Backup Available FALSE Area Id 2 Gateway Node Name controller 1 Gateway Node Id 342 Gateway Ifindex 6013 Masters Count 1 Master Node Name well master 329 Node Count 2 Area Id ...

Страница 1747: ...The area name for guest information node name The name of the node that connects to the guests main building Area Guest Node Information Device MAC IP IPv6 Type Address Parent Port Address 0008 5d10 7635 x230 1 0 3 192 168 5 4 AT TQ4600 eccd 6df2 da60 wireless node1 1 0 4 192 168 5 3 0800 239e f1fe x230 1 0 4 192 168 4 8 AT TQ4600 001a eb3b dc80 wireless node2 1 0 7 192 168 4 12 main building gues...

Страница 1748: ... IX5 28GPX 1748 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF AREA GUESTS Related Commands show atmf area show atmf area nodes show atmf backup guest show atmf area guests detail ...

Страница 1749: ...tail northern node1 Output Figure 43 9 Example output from the show atmf guest detail command Parameter Description area name The name assigned to the AMF area An area is an AMF network that is under the control of an AMF Controller node name The name assigned to the network node show atmf guest detail Node Name Node1 Port Name port1 0 5 Ifindex 5005 Guest Description tq4600 Device Type AT TQ4600 ...

Страница 1750: ...t number on the parent node Guest Description A brief description of the guest node as manually entered into the description interface command for the guest node port on the parent node Device Type The device type as supplied by the guest node itself Backup Supported Indicates whether AMF supports backup of this guest node MAC Address The MAC address of the guest node IP Address The IP address of ...

Страница 1751: ...xample To show summarized information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes The following figure shows partial example output from running this command Parameter Description area name Displays information about nodes in the specified area node name Displays information about the specified node Table 11 Output from the show atmf area nodes ...

Страница 1752: ...es detail ATMF Master Whether the node is an AMF master node for its area Y if it is and N if it is not SC The device configuration one of C Chassis SBx8100 series S Stackable VCS or N Standalone Parent The node to which the current node has an active uplink Node Depth The number of nodes in the path from this node to the master node Table 12 Parameter definitions from the show atmf area nodes com...

Страница 1753: ...Example To show information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes detail The following figure shows partial example output from running this command Parameter Description area name Displays detailed information about nodes in the specified area node name Displays detailed information about the specified node Table 13 Output from the show a...

Страница 1754: ...rom the show atmf area nodes detail command Parameter Definition Node name The name assigned to a particular node Parent node name The node to which the current node has an active uplink Domain id Board type The Allied Telesis code number for the device Distance to core The number of nodes in the path from the current node to the master node in its area Flags Internal AMF information Extra flags I...

Страница 1755: ... area summary The following figure shows example output from running this command Related Commands show atmf area show atmf area nodes show atmf area nodes detail Parameter Description area name Displays information for the specified area only Table 15 Output from the show atmf area summary command controller 1 show atmf area summary ATMF Area Summary Information Management Information Local IPv6 ...

Страница 1756: ... AMF nodes which are requesting authorization on an AMF controller or AMF master use the command awplus show atmf authorization pending To display AMF nodes which have provisional authorization use the command awplus show atmf authorization provisional Output Figure 43 10 Example output from show atmf authorization current Parameter Description current Show the status of all authorized nodes pendi...

Страница 1757: ...authorization Authorization expiry time is set using atmf secure mode certificate expiry Pending Authorizations NZ Requests Node Name Product Parent Node Interface area_1_node_3 x210 9GT master_1 port1 2 9 area_1_node_4 x510 52GTX master_1 sa1 Table 43 2 Parameters in the output from show atmf authorization pending Parameter Description Node Name Name of the node that is requesting authorization P...

Страница 1758: ...f show atmf secure mode show atmf secure mode certificates Command changes Version 5 4 7 0 3 command added Table 43 3 Parameters in the output from show atmf authorization provisional Parameter Description Area Node Name or MAC Address MAC address or node name of the node that has been provisionally authorized Interface Interface that the node has been provisioned on Start Time Time the node was p...

Страница 1759: ... logs Displays detailed log information server status Displays connectivity diagnostics information for each configured remote file server synchronize Display the file server synchronization status logs For each remote file server display the logs for the last synchronization Table 43 4 Output from show atmf backup Node_1 show atmf backup ScheduledBackup Enabled Schedule 1 per day starting at 03 0...

Страница 1760: ...p logs Backup Redundancy Enabled Local media SD Total 3788 0MB Free 1792 8MB State Inactive Remote file server is not available Log File Location card atmf ATMF logs rsync_ node name log Node Name Log Details atmf_testbox 2016 09 30 18 16 51 9045 receiving file list 2016 09 30 18 16 51 9047 d t flash 2016 09 30 18 16 52 9047 f flash a rel Table 43 6 Output from show atmf backup synchronize Node_1 ...

Страница 1761: ...e a combination of either Idle Starting Doing Stopping or manual scheduled Started The date and time that the currently executing task was initiated in the format DD MMM YYYY HH MM Current Node The name of the node that is currently being backed up Backup Redundancy Whether backup redundancy is enabled or disabled Local media The local media to be used for backup redundancy SD or USB or NONE and t...

Страница 1762: ...sues note that the backup may still be deemed successful depending on the errors Stopped meaning that the backup attempt was manually aborted Good meaning that the backup was completed successfully In Progress meaning that the backup is currently running on that node Log File Location All backup attempts will generate a result log file in the identified directory based on the node name In the abov...

Страница 1763: ... master nodes in one or more areas Note that this command is only available on AMF controllers Syntax show atmf backup area area name node name logs Mode Privileged Exec Example To show information about backups for an area use the command controller 1 show atmf backup area Parameter Description logs Displays the logs for the last backup of each node area name Displays information about nodes in t...

Страница 1764: ...ime 15 Oct 2016 04 30 Backup Bandwidth Unlimited Backup Media FILE SERVER 1 Total 128886 5MB Free 26234 2MB Server Config 1 Configured Mounted Active Host 10 37 74 1 Username root Path tftpboot backups_from_controller 1 Port 2 Configured Unmounted Host 10 37 142 1 Username root Path Port Current Action Idle Started Current Node Backup Redundancy Enabled Local media USB Total 7604 0MB Free 7544 0MB...

Страница 1765: ...t status use the command x930 master show atmf backup guest Output Figure 43 13 Example output from show atmf backup guest Parameter Description node name The name of parent guest node guest port The port number on the parent node x930 master sh atmf backup guest Guest Backup Enabled Scheduled Backup Disabled Schedule 1 per day starting at 03 00 Next Backup Time 20 Jan 2016 03 00 Backup Bandwidth ...

Страница 1766: ... 21 46 Good USB 19 Jan 2016 22 21 46 Good Table 43 1 Parameters in the output from show atmf backup guest Parameter Description Guest Backup The status of the guest node backup process Scheduled Backup The timing configured for guest backups Schedule Displays the configured backup schedule Next Backup Time The time the next backup process will be initiated Backup Bandwidth The bandwidth limit appl...

Страница 1767: ...a single VAA host See the AMF Feature Overview and_Configuration Guide for more information on running multiple tenants on a single VAA host Syntax show atmf container detail container name Mode Privileged Exec Output Figure 43 14 Example output from show atmf container Figure 43 15 Example output from show atmf container vac wlg 1 Parameter Description detail Show detailed information container n...

Страница 1768: ...e command Memory The amount of memory the container is using on the VAA host CPU The percentage of CPU time the container is using on the VAA at the time the show command is run awplus show atmf container detail vac wlg 1 ATMF Container Information Name vac wlg 1 State RUNNING PID 980 IP 172 31 0 1 IP 192 168 0 2 IP fd00 4154 4d46 3c 1 CPU use 3 95 seconds Memory use 67 07 MiB Memory use 0 bytes L...

Страница 1769: ...AMF management IP address CPU use The CPU usage of the container since it was enabled Memory use Container memory usage Link Each container has two links 1 An AMF area link this connects the container to the AMF controller and uses virtual interface eth0 on the AMF container 2 A bridged L2 network link this connects the container to the outside world and uses the virtual interface eth1 on the AMF ...

Страница 1770: ...t screen from this command is shown below Parameter Description detail Displays output in greater depth atmf 1 show atmf detail ATMF Detail Information Network Name Test_network Network Mtu 1300 Node Name controller 1 Node Address controller 1 atmf Node ID 342 Node Depth 0 Domain State BackupDomainController Recovery State None Log Verbose Setting Verbose Management VLAN VLAN ID 4000 Management Su...

Страница 1771: ...AMF root node Domain State The state of Node in a Domain in AMF network as Controller Backup Recovery State The AMF node recovery status Indicates whether a node recovery is in progress on this device Auto Manual or None Management VLAN The VLAN created for traffic between Nodes of different domain up down links VLAN ID In this example VLAN 4092 is configured as the Management VLAN Management Subn...

Страница 1772: ...of these groups Syntax show atmf group user defined automatic Default All groups are displayed Mode Privileged Exec Example 1 To display group membership of node2 use the following command node2 show atmf group A typical output screen from this command is shown below This screen shows that node2 contains the groups master and x510 Note that although the node also contains the implicit groups these...

Страница 1773: ...on master poe x8100 node1 node2 node3 node4 node5 node6 ATMF group information sysadmin x8100 AMF_NETWORK 6 Table 45 Sample output from the show atmf group command for a working set AMF_NETWORK 6 show atmf group node3 node4 node5 node6 ATMF group information edge_switches x510 Table 46 Parameter definitions from the show atmf group command for a working set Parameter Definition ATMF group informat...

Страница 1774: ...rs based on their own criteria which can be used to select groups of nodes Syntax show atmf group members user defined automatic Mode Privileged Exec Example To display group membership of all nodes in a working set use the command ATMF_NETWORK 9 show atmf group members Parameter Description user defined User defined group membership display automatic Automatic group membership display Table 47 Sa...

Страница 1775: ...e 48 Parameter definitions from the show atmf group members command Parameter Definition Automatic Groups Lists the Automatic Groups and their nodal composition The sample output shows AMF nodes based on the same Hardware type or belonging to the same Master group User defined Groups Shows the grouping of AMF nodes in user defined groups Total Members Shows the total number of members in each grou...

Страница 1776: ... command awplus show atmf guests Output Figure 43 17 Example output from the show atmf guests command master show atmf guests Guest Information Device Device Parent Guest IP IPv6 Name Type Node Port Address node1 2 0 1 x600 24Ts node1 2 0 1 192 168 2 10 wireless zone1 AT TQ4600 node2 1 0 1 192 168 1 10 wireless zone2 AT TQ4600 node2 1 0 2 192 168 1 12 Current ATMF guest node count 3 Table 49 Param...

Страница 1777: ...mf guestlink show atmf backup guest show atmf links guest Parent Node The name of the AMF node that directly connects to the guest node Guest Port The port on the parent node that directly connects to the guest node IP IPv6 Address The address discovered from the node or statically configured on the parent node s attached port Table 49 Parameters shown in the output of the show atmf guests command...

Страница 1778: ...and specify the node name or show atmf links guest detail which shows information about the guest nodes and also about their link to their parent node Note that the parameters that are displayed depend on the guest node s model Example To display the AMF guest output use the command awplus show atmf guests detail Output Figure 43 18 Example output from show atmf guests detail Parameter Description...

Страница 1779: ... is discovered from the device or failing that auto assigned by AMF The auto assigned name consists of parent node name attached port number You can change this by configuring a description on the port Device Type The product name of the guest node which is discovered from the device If no device type can be discovered this shows the name of the AMF guest class that has been assigned to the guest ...

Страница 1780: ...erence for IX5 28GPX 1780 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF GUESTS DETAIL Related Commands atmf guest class switchport atmf guestlink show atmf backup guest ...

Страница 1781: ...f links brief Figure 43 19 Example output from show atmf links brief Parameter Description brief A brief summary of AMF links their configuration and status Example core show atmf links ATMF Link Brief Information Local Link Link ATMF Adjacent Adjacent Link Port Type Status State Node Ifindex State 1 0 10 Crosslink Down Init crosslink1 Blocking 1 0 14 Crosslink Down Init crosslink2 Blocking 1 0 1 ...

Страница 1782: ...d to ensure link is stable Incompatible Neighbor rejected the link because of inconsistency in AMF configurations OneWay Link is up and has waited the hold down period and now attempting to link to another unit in another domain OneWaySim Device is running in secure mode and link is up but waiting for authorization from an AMF master Full Link hello packets are sent and received from its neighbor ...

Страница 1783: ...etail The output from this command will display all the internal data held for AMF links The following example gives details of the links that are summarized in the example in show atmf links Parameter Description detail Detailed AMF links information Table 44 Sample output from the show atmf links detail command device1 show atmf links detail Crosslink Ports Information Port sa1 Ifindex 4501 Port...

Страница 1784: ...610 Example core 4610 Transaction ID 2 2 MAC Address eccd 6dd1 64d0 0000 cd37 054b Link State Full Full Domain Nodes Tree Node Building A Links on Node 1 Link 0 Building A 4630 Example core 4630 Forwarding State Forwarding Node Building B Links on Node 1 Link 0 Building B 4610 Example core 4610 Forwarding State Forwarding Node Example core Links on Node 2 Link 0 Building A 4630 Example core 4630 F...

Страница 1785: ...e Depth 0 Transaction ID 6 Flags 32 Domain Controller Domain Controller MAC 0000 0000 0000 Downlink Domain Information Domain Dept A s domain Domain Controller Dept A Domain Controller MAC eccd 6d20 c1d9 Number of Links 2 Number of Links Up 2 Number of Links on This Node 2 Links are Blocked 0 Node Transaction List Node Building B Transaction ID 8 Node Building A Transaction ID 8 Domain List Domain...

Страница 1786: ...t Domain Dorm D s domain Node Building A Ifindex 0 Transaction ID 20 Flags 32 Domain Dorm D s domain Node Building B Ifindex 0 Transaction ID 20 Flags 32 Domain Dorm D s domain Node Example core Ifindex 4510 Transaction ID 20 Flags 1 Domain Dorm D s domain Node Example core Ifindex 4520 Transaction ID 20 Flags 1 Domain Example edge s domain Domain Controller Example edge Domain Controller MAC 001a...

Страница 1787: ...ent MAC eccd 6ddf 6cdf Adjacent Domain Controller Dorm D Adjacent Domain Controller MAC 0000 cd37 082c Port Forwarding State Forwarding Port BPDU Receive Count 95 Port Sequence Number 11 Port Adjacent Sequence Number 7 Port Last Message Response 0 Port po21 Ifindex 4621 Port Status Up Port State Full Last event LinkComplete Adjacent Node Dept A Adjacent Internal ID 29 Adjacent Ifindex 4621 Adjacen...

Страница 1788: ...n Link has been shut down by user configuration Port BPDU Receive Count The number of AMF protocol PDU s received Adjacent Node Name The name of the adjacent node connected to this node Adjacent Ifindex Adjacent AMF Node connected to this Node Adjacent VR ID Virtual router id of the adjacent node in the domain Adjacent MAC MAC address of the adjacent node in the domain Port Last Message Response R...

Страница 1789: ...er for the neighbor in crosslink Flags Used in domain messages to exchange the state ATMF_DOMAIN_FLAG_DOWN 0 ATMF_DOMAIN_FLAG_UP 1 ATMF_DOMAIN_FLAG_BLOCK 2 ATMF_DOMAIN_FLAG_NOT_PRESENT 4 ATMF_DOMAIN_FLAG_NO_NODE 8 ATMF_DOMAIN_FLAG_NOT_ACTIVE_PARENT 16 ATMF_DOMAIN_FLAG_NOT_LINKS 32 ATMF_DOMAIN_FLAG_NO_CONFIG 64 Domain Controller Domain Controller in the uplink domain Domain Controller MAC MAC addre...

Страница 1790: ...irtual router id for the local port Port Status Shows status of the local port on the Node as UP DOWN Port State AMF state of the local port Adjacent Node nodename of the adjacent node Adjacent Internal ID Unique node identifier of the remote node Adjacent Ifindex Interface index for the port of adjacent AMF node Adjacent Board ID Product identifier for the adjacent node Adjacent VR ID Virtual rou...

Страница 1791: ...mand Reference for IX5 28GPX 1791 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF LINKS DETAIL Related Commands no debug all clear atmf links statistics show atmf ...

Страница 1792: ...tion about AMF guests that are connectible from node1 use the command node1 show atmf links guest Output Figure 43 20 Example output from show atmf links guest Parameter Description interface interface range Select a specific range of ports to display information about guest nodes node1 sh atmf links guest Guest Link Information DC Discovery configuration S static D dynamic Local Guest Model MAC I...

Страница 1793: ...hport atmf guestlink show atmf backup guest Model Type The model type of the guest node as entered by the modeltype command Can be one of the following alliedware aw tq other DC The discovery method as applied by the discovery command This can be either dynamic D or static S MAC Address The MAC address of the guest node IP IPv6 Address The IP address of the guest node Table 43 1 Parameters in the ...

Страница 1794: ... Display details for all ports with guest nodes connected Mode User Exec Privileged Exec Usage Use this command to display the guest nodes connected to a single parent node If you want to see a list of all the guests in the AMF network use show atmf guests detail Note that the parameters that are displayed depend on the guest node s model and state Example To display detailed information about AMF...

Страница 1795: ...n node1 1 0 17 Firmware Version 3 2 1 A02 Table 43 2 Parameters in the output from show atmf links guest detail Parameter Description Interface The port on the parent node that connects to the guest Link State The state of the link to the guest node one of Down The physical link is down Up The physical link has come up but it is still during a timeout period that is enforced to allow other links t...

Страница 1796: ... is in the process of retrieving any other available information from the guest firmware version etc The information available depends on what device the guest node is Full The AMF device has retrieved all necessary information and the guest node has joined the AMF network Once this state is reached the Link State also changes to Full Failure The physical link is up but the AMF member has failed t...

Страница 1797: ... guest Serial Number The serial number of the guest node Firmware Name The name of the firmware operating on the guest node Firmware Version The version of the firmware operating on the guest node HTTP port The HTTP port as specified with the http enable command when defining a guest class You can set this if the guest node provides an HTTP user interface on a non standard port any port other than...

Страница 1798: ...vice1 show atmf links statistics Parameter Description interface Specifies that the command applies to a specific interface port or range of ports Where both the interface and port number are unspecified full statistics not just those relating to ports will be displayed port_number Enter the port number for which statistics are required A port range a static channel or LACP link can also be specif...

Страница 1799: ...hecksum or type Type7 0 Incarnation is not possible with the data received Type8 0 Discard crosslink hello received not correct state Type9 0 Discard crosslink domain hello received on non crosslink Type10 0 Discard crosslink domain hello not in correct state Type11 0 Crosslink uplink hello received on non crosslink port Type12 0 Discard crosslink uplink hello not in correct state Type13 0 Wrong n...

Страница 1800: ...o debug all clear atmf links statistics show atmf device1 show atmf links statistics interface port1 0 5 ATMF Port Statistics Transmit Receive port1 0 5 Crosslink Hello 231 232 port1 0 5 Crosslink Hello Domain 116 116 port1 0 5 Crosslink Hello Uplink 116 115 port1 0 5 Hello Link 0 0 port1 0 5 Arealink Hello 0 0 Parameter Definition Receive Shows a count of AMF protocol packets received per message...

Страница 1801: ...ther improvements Syntax show atmf nodes guest all Mode Privileged Exec Usage You can use this command to display one of three sets of nodes all nodes except guest nodes by specifying show atmf nodes all nodes including guest nodes by specifying show atmf nodes all only guest nodes by specifying show atmf nodes guest Examples To display AMF information for all nodes except guest nodes use the comm...

Страница 1802: ... at the end node1 show atmf nodes all Node and Guest Information Local device SC Switch Configuration C Chassis S Stackable N Standalone G Guest Node Guest Device ATMF Parent Node Name Type Master SC Domain Depth M1 x510 28GTX Y S none 0 N3 x610 48Ts X POE N N M1 1 N1 AR4050S N N M1 1 N3 1 0 24 AT TQ4600 N G N3 Node map exchange is inactive Firmware on some nodes does not support node map exchange...

Страница 1803: ...d is run Example To show the details of all the provisioned nodes in the backup use the command NodeName show atmf provision nodes Figure 43 24 Sample output from the show atmf provision nodes command Related commands atmf provision node create atmf provision node clone atmf provision node configure boot config atmf provision node configure boot system show atmf backup device1 show atmf provision ...

Страница 1804: ...secure mode Output Figure 43 25 Example output from show atmf secure mode on an AMF master Figure 43 26 Example output from show atmf secure mode on an AMF node ATMF Secure Mode Secure Mode Status Enabled Certificate Expiry 180 Days Certificates Total 8 Certificates Revoked 0 Certificates Rejected 0 Certificates Active 8 Provisional Authorization 0 Pending Requests 0 Trusted Master master_1 Truste...

Страница 1805: ...cate Expiry Certificate expiry time Set with atmf secure mode certificate expiry Certificates Total Total number of certificates Certificates Revoked Certificates that have been revoked by the AMF master Certificates Rejected Certificates that have been rejected by the AMF master Certificates Active Certificates that are currently active Provisional Authorization Number of nodes with provisional a...

Страница 1806: ...rning The default username and password is enabled Good SNMP V1 or V2 is disabled Warning Telnet server is enabled Good ATMF is enabled Secure Mode is on Good ATMF Topology GUI is disabled No trustpoints configured ATMF Secure Mode Log Events 2017 Feb 2 00 59 25 user notice node1 ATMF 848 Sec_Audit ATMF Secure Mode is enabled 2017 Feb 2 01 30 00 user notice node1 ATMF 848 Sec_Audit Established sec...

Страница 1807: ...F secure mode link audits for a node use the command awplus show atmf secure mode audit link Output Figure 43 28 Example output from show atmf secure mode audit link Related Commands show atmf show atmf secure mode Command changes Version 5 4 7 0 3 command added ATMF Secure Mode Audit Link ATMF links connected to devices which are not authorized or are not in secure mode Port Link Type Discovered ...

Страница 1808: ...MF secure mode certificates for a node named area_2_node_1 in an area named area 2 use the command awplus show atmf secure mode certificates detail area area 2 node area_2_node_1 Output Figure 43 29 Example output from show atmf secure mode certificates Parameter Description detail Display detailed certificate information area Specify an AMF area area name The AMF area you want to see the certific...

Страница 1809: ...AMF commands Valid statuses are Active Revoked and Rejected Certificates Detail area_2_node_1 area area 2 MAC Address 0000 cd37 0003 Status Active Serial Number A24SC8001 Product x510 28GTX Key Fingerprint cd b4 c9 cd 7b 87 6a 30 98 25 d7 3c 89 8e cb 74 e8 91 56 9d Flags 00000011 Signer master_1 Expiry Date 18 Mar 2017 21 17 42 Table 43 6 Parameters in the output from show atmf secure mode certifi...

Страница 1810: ...LLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF SECURE MODE CERTIFICATES Related Commands atmf authorize atmf secure mode atmf secure mode certificate expire atmf secure mode certificate renew clear atmf secure mode certificates show atmf secure mode sa Command changes Version 5 4 7 0 3 command added ...

Страница 1811: ...ster or member node use the command awplus show atmf secure mode sa detail neighbor Output Figure 43 31 Example output from show atmf secure mode sa Parameter Description detail Display detailed security association information link Display security associations for type links neighbor Display security associations for type neighbors broadcast Display security associations for type broadcast ATMF ...

Страница 1812: ...eccd 6d82 6c16 Flags 000003c0 Id 83 40000053 Type Neighbor Gateway State Complete Remote MAC Address 001a eb54 e53b Flags 000003c0 Id 175 400000af Type Neighbor Gateway State Complete Remote MAC Address eccd 6d82 6c16 Flags 000003c0 Id 83 80000053 Type Neighbor Cntl Master State Complete Remote MAC Address 001a eb54 e53b Flags 000003c0 Id 175 800000af Type Neighbor Cntl Master State Complete Remot...

Страница 1813: ...ler master neighbor relationship Broadcast SA for working set broadcast requests State Current state of the Security Association The state must be Complete before a member node is trusted and can be accessed using AMF commands CA Exchg Init SA is ready to begin the SA exchange process CA Exchg SA is currently exchanging CAs Cert Exchg SA is currently exchanging certificates Key Exchg SA is current...

Страница 1814: ...le To display AMF secure mode statistics on a master or member node use the command awplus show atmf secure mode statistics Output Figure 43 33 Example output from show atmf secure mode statistics on an AMF master ATMF Secure Mode Statistics Certificates New 7 Expired 0 Updated 7 Deleted 0 Revoked 1 Renewed 2 Rejected 1 Re authorized 1 Authorized 0 Local Certificates Valid 4 Invalid 0 Certificates...

Страница 1815: ...e mode atmf secure mode certificate renew clear atmf secure mode statistics show atmf secure mode Command changes Version 5 4 7 0 3 command added ATMF Secure Mode Statistics Local Certificates Valid 3 Invalid 0 Certificates Validation Request Valid 0 Request Invalid 0 Common Valid 0 Common Invalid 0 Issuer Valid 12 Issuer Invalid 0 Signature Verified 12 Signature Invalid 3 Signature Purpose Invali...

Страница 1816: ...ow atmf tech Table 44 Sample output from the show atmf tech command node1 show atmf tech ATMF Summary Information ATMF Status Enabled Network Name ATMF_NET Node Name node1 Role Master Current ATMF Nodes 8 ATMF Technical information Network Name ATMF_NET Domain node1 s domain Node Depth 0 Domain Flags 0 Authentication Type 0 MAC Address 0014 2299 137d Board ID 287 Domain State DomainController Doma...

Страница 1817: ...gned to the node within the AMF network Role The role configured on the device within the AMF either master or member Current ATMF Nodes A count of the AMF nodes in the AMF network Node Address The identity of a node in the format name atmf that enables its access it from a remote location Node ID A unique identifier assigned to an AMF node Node Depth The number of nodes in the path from this node...

Страница 1818: ...t address used for this traffic Domain IP Address the IP address allocated for this traffic Domain Mask the Netmask used to create a subnet for this traffic 255 255 128 0 prefix 17 Device Type Shows the Product Series Name ATMF Master Indicates the node s membership of the core domain membership is indicated by Y SC Shows switch configuration C Chassis such as SBx8100 series S Stackable VCS N Stan...

Страница 1819: ...nects to a virtual link The first link has the IP address 192 168 1 1 and has a Local ID of 1 The second has the IP address 192 168 2 1 and has the Local ID of 2 Example 2 To display AMF virtual links MAC address information use the command node_1 show atmf virtual links macaddr Parameter Description macaddr Display the virtual AMF links MAC addresses Table 43 1 Example output from show atmf virtu...

Страница 1820: ...amed vlink1 equivalent to an L2TP tunnel Local ID The local ID of the virtual link This matches the vlink number State The operational state of the vlink either Up or Down This state is always displayed once a vlink has been created mac addr AMF virtual links terminate on an internal soft bridge The show atmf virtual links macaddress command displays MAC Address information is local Indicates whet...

Страница 1821: ...d displays the nodes that form the current AMF working set Syntax show atmf working set Mode Privileged Exec Example To show current members of the working set use the command ATMF_NETWORK 6 show atmf working set Related Commands atmf working set show atmf show atmf group Table 44 Sample output from the show atmf working set command ATMF Working Set Nodes node1 node2 node3 node4 node5 node6 Workin...

Страница 1822: ... Mode User Exec and Global Configuration Example To display the AMF debugging status use the command node_1 show debugging atmf Figure 43 35 Sample output from the show debugging atmf command Related Commands debug atmf packet Table 43 1 node1 show debugging atmf ATMF debugging status ATMF arealink debugging is on ATMF link debugging is on ATMF crosslink debugging is on ATMF database debugging is ...

Страница 1823: ... the AMF packet debugging status use the command node_1 show debug atmf packet Figure 43 36 Sample output from the show debugging atmf packet command Related Commands debug atmf debug atmf packet Table 43 2 ATMF packet debugging is on ATMF Packet Debugging Parameters Node Name x908 Port name port1 1 1 Limit 500 packets Direction TX Info Level Level 2 Packet Type Bitmap 2 Crosslink Hello BPDU pkt w...

Страница 1824: ...plays the running system information that is specific to AMF Syntax show running config atmf Mode User Exec and Global Configuration Example To display the current configuration of AMF use the following commands node_1 show running config atmf For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Related Command...

Страница 1825: ...is disabled Mode AMF Container Configuration Usage The first time the state enable command is executed on a container it assigns the container to an area and configures it as an AMF master This is achieved by automatically adding the following configuration to the AMF container For this reason the state enable command should be run after the container has been created with the atmf container comma...

Страница 1826: ...er vac wlg 1 use the commands awplus configure terminal awplus config atmf container vac wlg 1 awplus config atmf container state enable To stop the AMF container vac wlg 1 use the commands awplus configure terminal awplus config atmf container vac wlg 1 awplus config atmf container state disable Related Commands atmf container show atmf container Command changes Version 5 4 7 0 1 command added ...

Страница 1827: ... are not visible to AMF networks Mode Interface mode for a switch port Note that the link between the x600 and the AMF network must be a single link not an aggregated link Usage The x600 Series switch provides the following information to the AMF node that it is connected to The MAC address The IPv4 address The IPv6 address The name type of the device Allied Telesis x600 The name of the current fi...

Страница 1828: ...he same area password must exist on both ends of the link Running this command will automatically place the port or static aggregator into trunk mode i e switchport mode trunk and will synchronize the area information stored on the two nodes You can configure multiple arealinks between two area nodes but only one arealink at any time will be in use All other arealinks will block information to pre...

Страница 1829: ...e for IX5 28GPX 1829 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SWITCHPORT ATMF AREALINK REMOTE AREA Related Commands atmf area atmf area password atmf virtual link show atmf links ...

Страница 1830: ...tion for a switchport a static aggregator or a dynamic channel group Usage Crosslinks can be used anywhere within an AMF network They have the effect of separating the AMF network into separate domains Where this command is used it is also good practice to use the switchport trunk native vlan command with the parameter none selected This is to prevent a network storm on a topology of ring connecte...

Страница 1831: ...ure terminal Node_1 config interface sa1 Node_1 config if switchport atmf crosslink Node_1 config if switchport trunk allowed vlan add 2 Node_1 config if switchport trunk native vlan none In this example VLAN 2 is assigned to the static aggregator and the native VLAN VLAN 1 is explicitly excluded from the aggregated ports and the crosslink assigned to it NOTE The AMF management and domain VLANs ar...

Страница 1832: ...configure switch port 1 0 44 to be a guest link that will connect to a guest node having a guest class of camera and an IPv4 address of 192 168 3 3 use the following commands node1 configure terminal node1 config int port1 0 44 node1 config if switchport atmf guestlink class camera ip 192 168 3 3 node1 config if end Example 2 To configure switchport 1 0 41 to be a guest link that will connect to a...

Страница 1833: ...link node1 config if end Example 4 To configure switch ports 1 0 52 to 1 0 54 to be guest links for the guest class camera use the following commands node1 configure terminal node1 config int port1 0 41 port1 0 44 node1 config if switchport atmf guestlink class camera node1 config if end Example 5 To remove the guest link functionality from switchport 1 0 41 use the following commands node1 config...

Страница 1834: ... domain In effect they form a tree of interconnected AMF domains This tree must be loop free Therefore you must configure your links so that no rings are formed only from up down links and or virtual links Within each domain cross links between AMF nodes define those nodes as siblings within the same domain You can form rings by combining cross links with up down links and or virtual links as long...

Страница 1835: ... leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node1 atmf working set group all This command returns the following display Note that the running the above command changes the prompt from the name of the local node to the name of the AMF Network followed in square brackets by the number of member nodes...

Страница 1836: ... returns the following display node1 TR Type Details Description Ac Te Tr Repeat Scr Days Date 001 Periodic 2 min Periodic Status Chk Y N Y Continuous 1 smtwtfs 005 ATMF node leave E mail on ATMF Exit Y N Y Continuous 1 smtwtfs Node2 Node3 TR Type Details Description Ac Te Tr Repeat Scr Days Date 005 ATMF node leave E mail on ATMF Exit Y N Y Continuous 1 smtwtfs Node1 trigger 1 type periodic 2 scr...

Страница 1837: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 1837 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS TYPE ATMF NODE Related Commands show trigger ...

Страница 1838: ...ference for IX5 28GPX 1838 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS UNDEBUG ATMF undebug atmf Overview This command is an alias for the no variant of the debug atmf command ...

Страница 1839: ...as the guest class of phone1 use the following commands node1 conf t node1 config amf guest class phone1 node1 config atmf guest username reception password secret node1 config atmf guest end Example 2 To remove a guest node username and password for the user guest class phone1 use the following commands node1 conf t node1 config atmf guest class phone1 node1 config atmf guest no username node1 co...

Страница 1840: ...613 50152 01 Rev C Command Reference for IX5 28GPX 1840 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS USERNAME show atmf links guest show atmf nodes ...

Страница 1841: ...h AlliedWare Plus Feature Overview and Configuration Guide This guide is available at the above link on alliedtelesis com Command List bootfile on page 1843 clear ip dhcp binding on page 1844 default router on page 1845 dns server on page 1846 domain name on page 1847 host DHCP on page 1848 ip address dhcp on page 1849 ip dhcp bootp ignore on page 1851 ip dhcp leasequery enable on page 1852 ip dhc...

Страница 1842: ...age 1873 probe enable on page 1875 probe packets on page 1876 probe timeout on page 1877 probe type on page 1878 range on page 1879 route on page 1880 service dhcp relay on page 1881 service dhcp server on page 1882 show counter dhcp client on page 1883 show counter dhcp relay on page 1884 show counter dhcp server on page 1887 show dhcp lease on page 1889 show ip dhcp binding on page 1891 show ip ...

Страница 1843: ... of the boot file that the client should use in its bootstrap process It may need to include a path The no variant of this command removes the boot filename from a DHCP server pool Syntax bootfile filename no bootfile Mode DHCP Configuration Example To configure the boot filename for a pool P2 use the command awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config bootfile boot ...

Страница 1844: ... or range are specified and one or more static DHCP bindings exist within those addresses any dynamic entries within those addresses are cleared but any static entries are not cleared Examples To clear the specific IP address binding 192 168 1 1 use the command awplus clear ip dhcp binding ip 192 168 1 1 To clear all dynamic DHCP entries use the command awplus clear ip dhcp binding all Related Com...

Страница 1845: ...fault router or all default routers from the DHCP pool Syntax default router ip address no default router ip address Mode DHCP Configuration Examples To add a router with an IP address 192 168 1 2 to the DHCP pool named P2 use the following commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config default router 192 168 1 2 To remove a router with an IP address 192 168 1 ...

Страница 1846: ...CP pool Syntax dns server ip address no dns server ip address Mode DHCP Configuration Examples To add the DNS server with the assigned IP address 192 168 1 1 to the DHCP pool named P1 use the following commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config dns server 192 168 1 1 To remove the DNS server with the assigned IP address 192 168 1 1 from the DHCP pool named ...

Страница 1847: ...e no variant of this command removes the domain name from the address pool Syntax domain name domain name no domain name Mode DHCP Configuration Examples To add the domain name Nerv_Office to DHCP pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config domain name Nerv_Office To remove the domain name Nerv_Office from DHCP pool P2 use the commands awplus...

Страница 1848: ...ust be configured using a network command before issuing a host command Also note that a host address must match a network to add a static host address Examples To add the host at 192 168 1 5 with the MAC address 000a 451d 6e34 to DHCP pool 1 use the commands awplus configure terminal awplus config ip dhcp pool 1 awplus dhcp config network 192 168 1 0 24 awplus dhcp config host 192 168 1 5 000a 45...

Страница 1849: ...e with the ip name server command Option 15 a domain name used to resolve host names This option replaces the domain name set with the ip domain name command Your device ignores this domain name if it has a domain list set using the ip domain list command Option 51 lease expiration time The no variant of this command stops the interface from obtaining IP configuration details from a DHCP server Sy...

Страница 1850: ...ONFIGURATION PROTOCOL DHCP COMMANDS IP ADDRESS DHCP To stop the interface vlan10 from using DHCP to obtain its IP address use the commands awplus configure terminal awplus config interface vlan10 awplus config if no ip address dhcp Related Commands ip address IP Addressing and Protocol show ip interface show running config ...

Страница 1851: ...ts by default The no variant of this command configures the DHCP server to accept BOOTP requests This is the default setting Syntax ip dhcp bootp ignore no ip dhcp bootp ignore Mode Global Configuration Examples To configure the DHCP server to ignore BOOTP requests use the commands awplus configure terminal awplus config ip dhcp bootp ignore To configure the DHCP server to respond to BOOTP request...

Страница 1852: ...ges Use the no variant of this command to disable the support of DHCPLEASEQUERY packets For more information see the DHCP Feature Overview and Configuration Guide Syntax ip dhcp leasequery enable no ip dhcp leasequery enable Default DHCP leasequery support is disabled by default Mode Global Configuration Examples To enable DHCP leasequery support use the commands awplus configure terminal awplus c...

Страница 1853: ...on 1 254 The option number of the option Options with the same number as one of the standard options overrides the standard option definition option name Option name used to identify the option You cannot use a number as the option name Valid characters are any printable character If the name contains spaces then you must enclose it in quotation marks Default no default option type The option valu...

Страница 1854: ...defined IP address option as option 175 with the name special address use the commands awplus configure terminal awplus config ip dhcp option 175 name special address ip To remove the specific user defined option with the option number 12 use the commands awplus configure terminal awplus config no ip dhcp option 12 To remove the specific user defined option with the option name perform router disc...

Страница 1855: ...ltiple interfaces This allows the device to act as a DHCP server on multiple interfaces to distribute different information to clients on the different networks The no variant of this command deletes the specific DHCP pool Syntax ip dhcp pool pool name no ip dhcp pool pool name Mode Global Configuration Example To create the DHCP pool named P2 and enter DHCP Configuration mode use the commands awp...

Страница 1856: ...e is added to the IP routing table This can be problematic if the DHCP client is operating via an interface that is only intended to be used for back up interface redundancy purposes such as a VLAN containing a single switchport or a 4G cellular interface on an AR Series Firewall Use this command to set the AD of the default route via a specific DHCP client interface to a non default higher cost v...

Страница 1857: ...P COMMANDS IP DHCP CLIENT DEFAULT ROUTE DISTANCE To set the AD for the default route back to the default value of 1 use the commands awplus configure terminal awplus config interface vlan10 awplus config if no ip dhcp client default route distance Related Commands show ip route show ip route database Command changes Version 5 4 7 0 2 Command added ...

Страница 1858: ...gent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide NOTE The DHCP relay service mightalter the content of the DHCP Relay AgentOption 82 field if the commands ip dhcp relay agent option and ip dhcp relay information policy have been configured Syntax ip dhcp relay agent option no ip dhcp relay agent option Default DHCP Relay Agent Information Option Option ...

Страница 1859: ...edWare Plus Operating System Version 5 4 7 0 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS IP DHCP RELAY AGENT OPTION Related Commands ip dhcp relay agent option remote id ip dhcp relay information policy ip dhcp relay max message length service dhcp relay ...

Страница 1860: ...nabled on the device service dhcp relay For DHCP Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide Syntax ip dhcp relay agent option checking no ip dhcp relay agent option checking Mode Interface Configuration for a VLAN interface Examples To make the DHCP Relay Agent listening on vlan10 check the DHCP Relay Agent Information ...

Страница 1861: ...relay agent option remote id Default The Remote ID is set to the device s MAC address by default Mode Interface Configuration for a VLAN interface Usage The Remote ID sub option is included in the DHCP Relay Agent Option 82 field of relayed client DHCP packets if DHCP Relay Agent Option 82 is enabled ip dhcp relay agent option and DHCP Relay Agent is enabled on the device service dhcp relay Exampl...

Страница 1862: ...g DHCP Relay Agent Option 82 field with its own DHCP Relay Agent field This is equivalent to the functionality of the replace parameter The no variant of this command returns the policy to the default behavior i e replacing the existing DHCP Relay Agent Option 82 field For DHCP Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide...

Страница 1863: ...contain DHCP Relay Agent Option 82 information use the commands awplus configure terminal awplus config interface vlan15 awplus config if ip dhcp relay information policy drop To reset the DHCP relay information policy to the default policy for interface vlan15 use the commands awplus configure terminal awplus config interface vlan15 awplus config if no ip dhcp relay information policy Related Com...

Страница 1864: ...e no variant of this command to reset the hop count to the default For DHCP Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide Syntax ip dhcp relay maxhops 1 255 no ip dhcp relay maxhops Default The default hop count threshold is 10 hops Mode Interface Configuration for a VLAN interface Example To set the maximum number of hops...

Страница 1865: ...sage When a DHCP Relay Agent that has DHCP Relay Agent Option 82 insertion enabled receives a request packet from a DHCP client it will append the DHCP Relay Agent Option 82 component data and forward the packet to the DHCP server The DHCP client will sometimes issue packets containing pad option fields that can be overwritten with Option 82 data Where there are insufficient pad option fields to c...

Страница 1866: ...TION PROTOCOL DHCP COMMANDS IP DHCP RELAY MAX MESSAGE LENGTH To reset the maximum DHCP message length to the default of 1400 bytes for packets arriving in interface vlan7 use the commands awplus configure terminal awplus config interface vlan7 awplus config if no ip dhcp relay max message length Related Commands service dhcp relay ...

Страница 1867: ...e no ip dhcp relay server address ipv4 address ipv6 address server interface no ip dhcp relay Mode Interface Configuration for a VLAN interface Usage For a DHCP server with an IPv6 address you must specify the interface for the DHCP server See examples below for configuration differences between IPv4 and IPv6 DHCP relay servers See also the service dhcp relay command to enable the DHCP Relay Agent...

Страница 1868: ...an2 awplus config if no ip dhcp relay server address 192 0 2 200 To enable the DHCP Relay Agent on your device to relay DHCP packets on interface vlan10 to the DHCP server with the IPv6 address 2001 0db8 010d 1 on interface vlan20 use the commands awplus configure terminal awplus config service dhcp relay awplus config interface vlan10 awplus config if ip dhcp relay server address 2001 0db8 010d 1...

Страница 1869: ...set the lease expiry time to infinite leases never expire Use the no variant of this command to return the lease expiration time back to the default of one day Syntax lease days hours minutes seconds lease infinite no lease Default The default lease time is 1 day Mode DHCP Configuration Examples To set the lease expiration time for address pool P2 to 35 minutes use the commands awplus configure te...

Страница 1870: ...plus config ip dhcp pool Nerv_Office awplus dhcp config lease 1 5 30 To set the lease expiration time for the address pool P3 to 20 seconds use the commands awplus configure terminal awplus config ip dhcp pool P3 awplus dhcp config lease 0 0 0 20 To set the lease expiration time for the pool to never expire use the command awplus dhcp config lease infinite To return the lease expiration time to th...

Страница 1871: ...the pool You must remove all ranges in the pool before issuing a no network command to remove a network from the pool Examples To configure a network for the address pool P2 where the subnet is 192 0 2 5 and the mask is 255 255 255 0 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config network 192 0 2 5 24 or you can use dotted decimal notation instead of sla...

Страница 1872: ...t server that the client should use in its bootstrap process The no variant of this command removes the next server address from the DHCP address pool Syntax next server ip address no next server Mode DHCP Configuration Example To set the next server address for the address pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config next server 192 0 2 2 Par...

Страница 1873: ...oves the specified user defined option from the DHCP pool or all user defined options from the DHCP pool Syntax option 1 254 option name option value no option 1 254 option value Mode DHCP Configuration Parameter Description 1 254 The option number of the option Options with the same number as one of the standard options overrides the standard option definition option name Option name associated w...

Страница 1874: ... option tcpip node type 08af To add multiple IP addresses for the ip type option 175 use the command awplus dhcp config option 175 192 0 2 6 awplus dhcp config option 175 192 0 2 12 awplus dhcp config option 175 192 0 2 33 To add the option 179 to a pool and give the option the value 123456 use the command awplus dhcp config option 179 123456 To add a user defined flag option with the name perform...

Страница 1875: ... used by another host The no variant of this command disables probing for a DHCP pool Syntax probe enable no probe enable Default Probing is enabled by default Mode DHCP Pool Configuration Examples To enable probing for pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config probe enable To disable probing for pool P2 use the commands awplus configure te...

Страница 1876: ...er of probe packets sent to the default of 5 Syntax probe packets 0 10 no probe packets Default The default is 5 Mode DHCP Pool Configuration Examples To set the number of probe packets to 2 for pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config probe packets 2 To set the number of probe packets to the default 5 for pool P2 use the commands awplus c...

Страница 1877: ...ting 200 milliseconds Syntax probe timeout 50 5000 no probe timeout Default The default timeout interval is 200 milliseconds Mode DHCP Pool Configuration Examples To set the probe timeout value to 500 milliseconds for pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config probe timeout 500 To set the probe timeout value for pool P2 to the default 200 mi...

Страница 1878: ...ill send an ICMP Echo Request ping The no variant of this command sets the probe type to the default setting ping Syntax probe type arp ping no probe type Default The default probe type is ping Mode DHCP Pool Configuration Examples To set the probe type to arp for the pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config probe type arp To set the probe...

Страница 1879: ...l address ranges from the DHCP pool Syntax range ip address ip address no range ip address ip address no range all Mode DHCP Configuration Examples To add an address range of 192 0 2 5 to 192 0 2 16 to the pool Nerv_Office use the command awplus configure terminal awplus config ip dhcp pool Nerv_Office awplus dhcp config range 192 0 2 5 192 0 2 16 To add the individual IP address 192 0 2 2 to a po...

Страница 1880: ...de DHCP Configuration Examples To distribute static routes for route 0 0 0 0 0 whose next hop is 192 16 1 1 to clients using both opt249 and rfc3442 use the command awplus configure terminal awplus config ip dhcp pool pubic awplus dhcp config route 0 0 0 0 0 192 16 1 1 both Related Commands ip dhcp pool Parameter Description A B C D M Subnet for the route A B C D Next hop for the route both opt249...

Страница 1881: ...cp relay no service dhcp relay Mode Global Configuration Usage A maximum number of 400 DHCP Relay Agents one per interface can be configured on the device Once this limit has been reached any further attempts to configure DHCP Relay Agents will not be successful Default The DHCP relay service is enabled by default Examples To enable the DHCP relay global function use the commands awplus configure ...

Страница 1882: ...n your device The server then listens for DHCP requests on all IP interfaces It will not run if there are no IP interfaces configured The no variant of this command disables the DHCP server Syntax service dhcp server no service dhcp server Mode Global Configuration Example To enable the DHCP server use the commands awplus configure terminal awplus config service dhcp server Related Commands ip dhc...

Страница 1883: ...output from the show counter dhcp client command Related Commands ip address dhcp show counter dhcp client DHCPDISCOVER out 10 DHCPREQUEST out 34 DHCPDECLINE out 4 DHCPRELEASE out 0 DHCPOFFER in 22 DHCPACK in 18 DHCPNAK in 0 Table 1 Parameters in the output of the show counter dhcp client command Parameter Description DHCPDISCOVER out The number of DHCP Discover messages sent by the client DHCPREQ...

Страница 1884: ...lay Output Figure 44 2 Example output from the show counter dhcp relay command awplus show counter dhcp relay DHCP relay counters Requests In 4 Replies In 4 Relayed To Server 4 Relayed To Client 4 Out To Server Failed 0 Out To Client Failed 0 Invalid hlen 0 Bogus giaddr 0 Corrupt Agent Option 0 Missing Agent Option 0 Bad Circuit ID 0 Missing Circuit ID 0 Bad Remote ID 0 Missing Remote ID 0 Option ...

Страница 1885: ...t Option The number of incoming DHCP Reply messages dropped due to a missing relay agent information option field Note that Agent Option counters only increment on errors occurring if the ip dhcp relay agent option command is configured for an interface Messages generating the errors are only dropped if the ip dhcp relay agent option checking command is configured on the interface as well as the i...

Страница 1886: ... interface Messages generating the errors are only dropped if the ip dhcp relay agent option checking command is configured on the interface as well as the ip dhcp relay agent option command Option Insert Failed The number of incoming DHCP Request messages dropped due to an error adding the DHCP Relay Agent information option 82 This counter increments when the DHCP Relay Agent is set to drop pack...

Страница 1887: ... from the show counter dhcp server command DHCP server counters DHCPDISCOVER in 20 DHCPREQUEST in 12 DHCPDECLINE in 1 DHCPRELEASE in 0 DHCPINFORM in 0 DHCPOFFER out 8 DHCPACK out 4 DHCPNAK out 0 BOOTREQUEST in 0 BOOTREPLY out 0 Table 2 Parameters in the output of the show counter dhcp server command Parameter Description DHCPDISCOVER in The number of Discover messages received by the DHCP server D...

Страница 1888: ...ssages sent by the DHCP server The server sends these after receiving a request that it cannot fulfil because either there are no available IP addresses in the related address pool or the request has come from a client that doesn t fit the network setting for an address pool BOOTREQUEST in The number of bootp messages received by the DHCP server from bootp clients BOOTREPLY out The number of bootp...

Страница 1889: ... device For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare_Plus Feature Overview and Configuration Guide Syntax show dhcp lease interface Mode User Exec and Privileged Exec Example To show the current lease expiry times for all interfaces use the command awplus show dhcp lease To show the current lease for vlan1 use the...

Страница 1890: ... 19 Renew 13 Mar 2017 18 37 06 Rebind 13 Mar 2017 19 49 29 Server Options subnet mask 255 255 255 0 routers 19 18 2 100 12 16 2 17 dhcp lease time 3600 dhcp message type 5 domain name servers 192 168 100 50 19 88 200 33 dhcp server identifier 192 168 22 1 domain name alliedtelesis com Interface vlan2 IP Address 100 8 16 4 Expires 13 Mar 2017 20 15 39 Renew 13 Mar 2017 18 42 25 Rebind 13 Mar 2017 1...

Страница 1891: ...plus show ip dhcp binding 172 16 2 16 To display the leases from the address pool MyPool use the command awplus show ip dhcp binding MyPool Output Figure 44 5 Example output from the show ip dhcp binding command Parameter Description ip address IPv4 address of a leased IP address in dotted decimal notation This displays the lease information for the specified IP address address pool Name of an add...

Страница 1892: ...or IX5 28GPX 1892 AlliedWare Plus Operating System Version 5 4 7 0 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS SHOW IP DHCP BINDING Related Commands clear ip dhcp binding ip dhcp pool lease range service dhcp server show ip dhcp pool ...

Страница 1893: ...ss pool Mode User Exec and Privileged Exec Example awplus show ip dhcp pool Output Figure 44 6 Example output from the show ip dhcp pool command Parameter Description address pool Name of a specific address pool This displays the configuration of the specified address pool only Pool p1 network 192 168 1 0 24 address ranges addr 192 168 1 10 to 192 168 1 18 static host addresses addr 192 168 1 12 M...

Страница 1894: ...dresses Total 8 Leased 2 Utilization 25 0 Static host addresses Total 1 Leased 1 Table 3 Parameters in the output of the show ip dhcp pool command Parameter Description Pool Name of the pool network Subnet and mask length of the pool address ranges Individual IP addresses and address ranges configured for the pool The DHCP server can offer clients an IP address from within the specified ranges onl...

Страница 1895: ...is sent In the range 50 to 5000 dns servers The DNS server addresses sent to by the pool to clients default router s The default router addresses sent by the pool to clients user defined options The list of user defined options sent by the pool to clients Dynamic addresses Total The total number of IP addresses that have been configured in the pool for dynamic allocation to DHCP clients Dynamic ad...

Страница 1896: ...8GPX 1896 AlliedWare Plus Operating System Version 5 4 7 0 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS SHOW IP DHCP POOL Related Commands ip dhcp pool probe enable probe packets probe timeout probe type range service dhcp server subnet mask ...

Страница 1897: ...terface vlan100 use the command awplus show ip dhcp relay interface vlan100 Output Figure 44 8 Example output from the show ip dhcp relay command Related Commands ip dhcp relay agent option ip dhcp relay agent option checking ip dhcp relay information policy ip dhcp relay maxhops ip dhcp relay server address Parameter Description interface name Name of a specific interface This displays the DHCP c...

Страница 1898: ...vileged Exec Example To display the server statistics use the command awplus show ip dhcp server statistics Output Figure 44 9 Example output from the show ip dhcp server statistics command DHCP server counters DHCPDISCOVER in 20 DHCPREQUEST in 12 DHCPDECLINE in 1 DHCPRELEASE in 0 DHCPINFORM in 0 DHCPOFFER out 8 DHCPACK out 4 DHCPNAK out 0 BOOTREQUEST in 0 BOOTREPLY out 0 DHCPLEASEQUERY in 0 DHCPL...

Страница 1899: ...a request that it cannot fulfil because either there are no available IP addresses in the related address pool or the request has come from a client that doesn t fit the network setting for an address pool BOOTREQUEST in The number of bootp messages received by the DHCP server from bootp clients BOOTREPLY out The number of bootp messages sent by the DHCP server to bootp clients DHCPLEASEQUERY in T...

Страница 1900: ...ls currently configured This show command does not include any configuration details of the address pools You can display these using the show ip dhcp pool command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip dhcp server summary Mode User Exec and Privileged Exec Example To display the cu...

Страница 1901: ...en the pool s network mask specified using the next server command is applied The no variant of this command removes a subnet mask option from a DHCP pool The pool reverts to using the pool s network mask Syntax subnet mask mask no subnet mask Mode DHCP Configuration Examples To set the subnet mask option to 255 255 255 0 for DHCP pool P2 use the commands awplus configure terminal awplus config ip...

Страница 1902: ...prefixes DHCPv6 Prefix Delegation provides automatic configuration of IPv6 addresses and IPv6 prefixes For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide NOTE The IPv6 addresses shown use the address space 2001 0db8 32 defined in RFC 3849 for documentation purposes These addresses should not be used for pract...

Страница 1903: ... 1924 ipv6 dhcp pool on page 1926 ipv6 dhcp server on page 1928 ipv6 local pool on page 1929 ipv6 nd prefix DHCPv6 on page 1931 link address on page 1933 option DHCPv6 on page 1935 prefix delegation pool on page 1937 show counter ipv6 dhcp client on page 1939 show counter ipv6 dhcp server on page 1941 show ipv6 dhcp on page 1943 show ipv6 dhcp binding on page 1944 show ipv6 dhcp interface on page ...

Страница 1904: ...nge available allocated by the IPv6 prefix randomly generating the suffix of the IPv6 address with the specified preferred and valid lifetime leases Leased IPv6 address are found in the Parameter Description ipv6 prefix prefix length Specify an IPv6 prefix and prefix length The prefix length indicates the length of the IPv6 prefix assigned to the pool The IPv6 address uses the format X X X X Prefi...

Страница 1905: ...sent from deprecated addresses or prefixes are delivered as expected An IPv6 address or prefix becomes invalid and is not available to an interface when the valid lifetime timer expires Invalid addresses or prefixes should not appear as the source or destination for a packet Examples To add IPv6 address prefix 2001 0db8 1 48 for DHCPv6 server pool configuration use the following commands awplus co...

Страница 1906: ...n A deprecated address or prefix should not be used as a source address or prefix but packets sent from deprecated addresses or prefixes are delivered as expected Parameter Description first ipv6 address Specify the first IPv6 address of the IPv6 address range in hexadecimal notation in the format X X X X last ipv6 address Specify the last IPv6 address of the IPv6 address range in hexadecimal nota...

Страница 1907: ... To add the IPv6 address range 2001 0db8 1 1 to 2001 0db8 1fff 1 for DHCPv6 server pool configuration use the following commands awplus configure terminal awplus config ipv6 dhcp pool pool1 awplus config dhcp6 address range 2001 0db8 1 1 2001 0db8 1fff 1 To remove a configured IPv6 address range for DHCPv6 server pool configuration use the following commands awplus configure terminal awplus config...

Страница 1908: ...OUNTER IPV6 DHCP CLIENT clear counter ipv6 dhcp client Overview Use this command in Privileged Exec mode to clear DHCPv6 client counters Syntax clear counter ipv6 dhcp client Mode Privileged Exec Example To clear DHCPv6 client counters use the following command awplus clear counter ipv6 dhcp client Related Commands show counter ipv6 dhcp client ...

Страница 1909: ...OUNTER IPV6 DHCP SERVER clear counter ipv6 dhcp server Overview Use this command in Privileged Exec mode to clear DHCPv6 server counters Syntax clear counter ipv6 dhcp server Mode Privileged Exec Example To clear DHCPv6 server counters use the following command awplus clear counter ipv6 dhcp server Related Commands show counter ipv6 dhcp server ...

Страница 1910: ...es are cleared but any static entries are not cleared The clear ipv6 dhcp binding command is used as a server function A binding table entry on the DHCPv6 server is automatically Created whenever a prefix is delegated to a client from the configuration pool Updated when the client renews rebinds or confirms the prefix delegation Deleted when the client releases all the prefixes in the binding all ...

Страница 1911: ... DHCPV6 COMMANDS CLEAR IPV6 DHCP BINDING Example To clear all dynamic DHCPv6 server binding entries use the command awplus clear ipv6 dhcp binding all Output Figure 45 1 Example output from the clear ipv6 dhcp binding all command Related Commands show ipv6 dhcp binding awplus clear ipv6 dhcp binding all Deleted 1 entries ...

Страница 1912: ...ew Use this command in Privileged Exec mode to restart a DHCPv6 client on an interface Syntax clear ipv6 dhcp client interface Mode Privileged Exec Example To restart a DHCPv6 client on interface vlan1 use the following command awplus clear ipv6 dhcp client vlan1 Related Commands show ipv6 dhcp binding Parameter Description interface Specify the interface name to restart a DHCPv6 client on ...

Страница 1913: ... add the DNS server with the assigned IPv6 address 2001 0db8 3000 3000 32 to the DHCPv6 server pool named P2 use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus dhcpv6 config dns server 2001 0db8 3000 3000 32 To remove the DNS server with the assigned IPv6 address 2001 0db8 3000 3000 32 from the DHCPv6 server pool named P2 use the following commands awplus c...

Страница 1914: ... 01 Rev C Command Reference for IX5 28GPX 1914 AlliedWare Plus Operating System Version 5 4 7 0 x DHCP FOR IPV6 DHCPV6 COMMANDS DNS SERVER DHCPV6 Related Commands ipv6 dhcp pool option DHCPv6 show ipv6 dhcp pool ...

Страница 1915: ... the pre defined option 15 Note that if you add a user defined option 15 using the option DHCPv6 command then you will override any settings created with this command Examples To add the domain name Engineering to DHCPv6 server pool P2 use the commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus dhcpv6 config domain name Engineering ToremovethedomainnameEngineering fromDHCPv6s...

Страница 1916: ...is generated by the operating system when DHCP first starts If the OS is reinstalled the DUID LLT can change and any multiple operating systems on the machine will all have different DUIDs Configuring the subscriber id auto mac option causes the relay agent to insert the requesting client s MAC address into a subscriber ID field in the relay header A suitably configured server can then use this su...

Страница 1917: ...n specifying the eui64 parameter the interface identifier of the IPv6 address is derived from the MAC address of the device For more information about EUI64 see the IPv6 Feature Overview and Configuration Guide Examples To configure a PD prefix named prefix1 on interface vlan1 and then add an IPv6 address use the following commands awplus configure terminal awplus config interface vlan1 awplus con...

Страница 1918: ...gn the IPv6 address 2001 0db8 a2 48 to the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 address 2001 0db8 a2 48 To remove the IPv6 address 2001 0db8 a2 48 from the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 address 2001 0db8 a2 48 To...

Страница 1919: ... db8 32 from VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config interface vlan2 awplus config if no ipv6 address 2001 0db8 64 eui64 Validation Commands show running config show ipv6 dhcp binding show ipv6 interface brief show ipv6 route Related Commands ipv6 dhcp client pd ipv6 dhcp pool ipv6 local pool ipv6 nd prefix DHCPv6 prefix...

Страница 1920: ...ers This list appends the DNS servers set on your device with the dns server DHCPv6 command Option 15 a domain name used to resolve host names This option replaces any domain name that you have set with the domain name DHCPv6 command Option 51 lease expiration time Syntax ipv6 address dhcp default route to server no ipv6 address dhcp Mode Interface Configuration for a VLAN interface or a local loo...

Страница 1921: ... for IX5 28GPX 1921 AlliedWare Plus Operating System Version 5 4 7 0 x DHCP FOR IPV6 DHCPV6 COMMANDS IPV6 ADDRESS DHCP Related Commands clear ipv6 dhcp client ipv6 address ipv6 address DHCPv6 PD show ipv6 dhcp interface show running config ...

Страница 1922: ... an interface Usage Entering the ipv6 dhcp client pd command starts the DHCPv6 client process if not already running and enables requests for prefix delegation through the interface on which the command is configured When prefix delegation is enabled and a prefix is acquired the prefix is stored in the IPv6 prefix pool with an internal name defined by the required prefix name placeholder parameter...

Страница 1923: ...V6 DHCP CLIENT PD To disable prefix delegation on the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 dhcp client pd Related Commands ipv6 enable clear ipv6 dhcp client ipv6 address DHCPv6 PD ipv6 nd prefix DHCPv6 show ipv6 dhcp binding show ipv6 dhcp interface ...

Страница 1924: ...54 The option number of the option Options with the same number as one of the standard options overrides the standard option definition option name Option name used to identify the option You cannot use a number as the option name Valid characters are any printable character If the name contains spaces then you must enclose it in quotation marks Default no default option type The option value You ...

Страница 1925: ...ig ipv6 dhcp option 46 name tcpip node type hex To define a user defined IP address option as option 175 with the name special address use the following commands awplus configure terminal awplus config ipv6 dhcp option 175 name special address ip To remove the specific user defined option with the option number 12 use the following commands awplus configure terminal awplus config no ipv6 dhcp opti...

Страница 1926: ...nd to delete the specific DHCPv6 pool Syntax ipv6 dhcp pool DHCPv6 poolname no ipv6 dhcp pool DHCPv6 poolname Mode Global Configuration Usage All DHCPv6 prefix pool names must be unique IPv6 prefix pools have a similar function to IPv4 address pools Contrary to IPv4 a block of IPv6 addresses an IPv6 address prefix are assigned and not single IPv6 addresses IPv6 prefix pools are not allowed to over...

Страница 1927: ...rence for IX5 28GPX 1927 AlliedWare Plus Operating System Version 5 4 7 0 x DHCP FOR IPV6 DHCPV6 COMMANDS IPV6 DHCP POOL Related Commands ipv6 local pool option DHCPv6 prefix delegation pool show ipv6 dhcp binding show ipv6 dhcp pool ...

Страница 1928: ...egation and configuration through the specified interface Note that DHCPv6 client DHCPv6 server and DHCPv6 relay are mutually exclusive on an interface When one of the DHCPv6 functions is enabled on an interface then another DHCPv6 function cannot be enabled on the same interface Examples To enable the DHCPv6 server service and use the DHCPv6 pool named P2 on VLAN interface vlan2 use the following...

Страница 1929: ...dresses an IPv6 address prefix areassignedandnotsingleIPv6addresses IPv6prefixpoolsarenotallowed to overlap Parameter Description DHCPv6 poolname Description used to identify this DHCPv6 server pool Valid characters are any printable character If the name contains spaces then you must enclose it in quotation marks delegated prefix name Description used to identify the delegated prefix name from th...

Страница 1930: ...fixpool All IPv6prefixesalready allocated are also freed Examples To create alocalDHCPv6 local pool named P2 withtheIPv6 prefixand prefixlength 2001 0db8 32 with an assigned length of 64 use the following commands awplus configure terminal awplus config ipv6 local pool P2 2001 0db8 32 64 To remove a configured DHCPv6 local pool use the following commands awplus configure terminal awplus config no ...

Страница 1931: ...s usually set between 0 and 64 valid lifetime The the period during which the specified IPv6 address prefix is valid This can be set to a value between 5 and 315360000 seconds Note that this period should be set to a value greater than that set for the prefix preferred lifetime See the Usage notes after this parameter table for a description of valid lifetime and how it determines invalid IPv6 add...

Страница 1932: ...ddresses or prefixes should not appear as the source or destination for a packet Examples The following example configures the device to issue RAs Router Advertisements on the VLAN interface vlan4 and advertises the DHCPv6 prefix name prefix1 and the IPv6 address prefix of 2001 0db8 32 awplus configure terminal awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 dhcp c...

Страница 1933: ...eceived via an intermediate relay to a configured delegation pool When an address on the incoming interface of the DHCPv6 server or a link address set in the incoming delegation request packet from the prefix delegation client matches the link address prefix configured in the delegation pool the DHCPv6 server is able to match and use the appropriate delegation pool for relayed delegation request m...

Страница 1934: ...0db8 1 48 as the link address for pool P2 use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 address prefix 2001 0db8 2 48 awplus config dhcp6 link address 2001 0db8 1 48 To remove the link address use the commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 no link address Related Commands ipv6 dhcp pool show ...

Страница 1935: ...ddress format so if the option already exists in the pool then the new IP address is added to the list of existing IPv6 prefixes Also note options with the same number as one of the pre defined options override the standard option definition The pre defined options use the option numbers 1 3 6 15 and 51 Parameter Description 1 254 The option number of the option Options with the same number as one...

Страница 1936: ...ue 08af use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 option tcpip node type 08af To add multiple IP addresses for the ip type option 175 use the following commands awplus config dhcp6 option 175 2001 0db8 3001 64 awplus config dhcp6 option 175 2001 0db8 3002 64 awplus config dhcp6 option 175 2001 0db8 3003 64 To add the option 179 to a po...

Страница 1937: ...ain unassignedprefixes fromthe pool After the client releases the previously assigned prefixes the server returns the prefixes to the pool for reassignment Preferred IPv6 addresses or prefixes are available to interfaces for unrestricted use and are deprecated when the preferred timer expires Deprecated IPv6 addresses and prefixes are available for use and are discouraged but not forbidden A depre...

Страница 1938: ... invalid and is not available to an interface when the valid lifetime timer expires Invalid addresses or prefixes should not appear as the source or destination for a packet Example This example adds DHCPv6 Prefix Delegation pool pd_pool1 to DHCPv6 pool pool1 awplus configure terminal awplus config ipv6 local pool pd_pool1 2001 0db8 48 56 awplus config ipv6 dhcp pool pool1 awplus config dhcp6 pref...

Страница 1939: ...er information use the command awplus show counter ipv6 dhcp client Output Figure 45 2 Example output from the show counter ipv6 dhcp client command awplus show counter ipv6 dhcp client SOLICIT out 20 ADVERTISE in 12 REQUEST out 1 CONFIRM out 0 RENEW out 0 REBIND out 0 REPLY in 0 RELEASE out 0 DECLINE out 0 INFORMATION REQUEST out 0 Table 1 Parameters in the output of the show counter ipv6 dhcp cl...

Страница 1940: ...s sent by the DHCPv6 client REPLY in Displays the count of REPLY messages received by the DHCPv6 client RELEASE out Displays the count of RELEASE messages sent by the DHCPv6 client DECLINE out Displays the count of DECLINE messages sent by the DHCPv6 client INFORMATION REQUEST out Displays the count of INFORMATION REQUEST messages sent by the DHCPv6 client Table 1 Parameters in the output of the s...

Страница 1941: ...r information use the command awplus show counter ipv6 dhcp server Output Figure 45 3 Example output from the show counter ipv6 dhcp server command awplus show counter ipv6 dhcp server SOLICIT in 20 ADVERTISE out 12 REQUEST in 1 CONFIRM in 0 RENEW in 0 REBIND in 0 REPLY out 0 RELEASE in 0 DECLINE in 0 INFORMATION REQUEST in 0 Table 2 Parameters in the output of the show counter ipv6 dhcp server co...

Страница 1942: ...eived by the DHCPv6 server REPLY out Displays the count of REPLY messages sent by the DHCPv6 server RELEASE in Displays the count of RELEASE messages received by the DHCPv6 server DECLINE in Displays the count of DECLINE messages received by the DHCPv6 server INFORMATION REQUEST in Displays the count of INFORMATION REQUEST messages received by the DHCPv6 server Table 2 Parameters in the output of ...

Страница 1943: ...age The DUID is based on the link layer address for both DHCPv6 client and DHCPv6 server identifiers The device uses the MAC address from the lowest interface number for the DUID The DUID is used by a DHCPv6 client to obtain an IPv6 address from a DHCPv6 server A DHCPv6 server compares the DUID with its database of DUIDs and sends configuration data for an IPv6 address plus the preferred and valid...

Страница 1944: ... and Privileged Exec Example 1 To display the total DHCPv6 leasing address entries for all pools use the command awplus show ipv6 dhcp binding summary Output Figure 45 5 Example output from the show ipv6 dhcp binding summary command Parameter Description summary Optional Specify the summary keyword to display summarized information for DHCPv6 server leases to client nodes displaying the number of ...

Страница 1945: ...ID DHCPv6 unique identifier DUID see RFC 3315 Each DHCPv6 client has as DUID DHCPv6 servers use DUIDs to identify clients for the association of IAs Identity Associations with DHCPv6 clients DHCPv6 clients use DUIDs to identify a DHCPv6 server IAID Identify Association Identifier IAID see RFC 3315 IAIDs are identifiers for IAs Identity Associations where an IA is a collection of IPv6 addresses ass...

Страница 1946: ... COMMANDS SHOW IPV6 DHCP BINDING Related Commands clear ipv6 dhcp binding ipv6 dhcp pool show ipv6 dhcp pool starts at The date and time at which the valid lifetime expires expires at The date and time at which the valid lifetime expires Table 4 Parameters in the output of the showipv6 dhcp binding command Parameter Description ...

Страница 1947: ...information for all interfaces DHCPv6 is configured on use the command awplus show ipv6 dhcp interface Output Figure 45 7 Example output from the show ipv6 dhcp interface command Parameter Description interface name Optional Specify the name of the interface to show DHCPv6 information about Omit this optional parameter to display DHCPv6 information for all interfaces DHCPv6 is configured on awplus...

Страница 1948: ...efix 2002 0 3c0 42 preferred lifetime 604800 valid lifetime 2592000 starts at 20 Aug 2012 09 21 33 expires at 19 Sep 2012 09 21 33 Table 5 Parameters in the output of the show counter dhcp client command Parameter Description interface is in server client Prefix Delegation mode Displays whether the specified interface is in server or client mode and whether prefix delegation is applied to an inter...

Страница 1949: ...us show ipv6 dhcp pool Output Figure 45 9 Example output from the show ipv6 dhcp pool command Parameter Description DHCPv6 address pool name Name of a specific DHCPv6 address pool This displays the configuration of the specified DHCPv6 address pool only awplus show ipv6 dhcp pool DHCPv6 Pool ia na Address Prefix 1001 64 Lifetime 2592000 valid 604800 preferred DNS Server 2001 1 DNS Server 2001 2 Do...

Страница 1950: ...precated address or prefix should not be used as a source address or prefix but packets sent from deprecated addresses or prefixes are delivered as expected An IPv6 address or prefix becomes invalid and is not available to an interface when the valid lifetime timer expires Invalid addresses or prefixes should not appear as the source or destination for a packet DNS Server IPv6 address of the DNS S...

Страница 1951: ...DHCPv6 Configuration Examples The following example adds an SNTP Server IPv6 address of 2001 0db8 32 to the DHCPv6 pool named P2 awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 sntp address 2001 0db8 32 The following example removes an SNTP Server IPv6 address of 2001 0db8 32 to the DHCPv6 pool named P2 awplus configure terminal awplus config ipv6 dhcp pool P2 awplus ...

Страница 1952: ...ion on filtering and saving command output see the Getting Started with AlliedWare_Plus Feature Overview and Configuration Guide Command List ntp access group deprecated on page 1953 ntp authenticate on page 1954 ntp authentication key on page 1955 ntp broadcastdelay on page 1956 ntp discard on page 1957 ntp master on page 1958 ntp peer on page 1959 ntp restrict on page 1961 ntp server on page 196...

Страница 1953: ... 28GPX 1953 AlliedWare Plus Operating System Version 5 4 7 0 x NTP COMMANDS NTP ACCESS GROUP DEPRECATED ntp access group deprecated Overview This command has been deprecated in Software Version 5 4 6 1 1 Please use the command ntp restrict instead ...

Страница 1954: ...to authenticate the associations with other systems for security purposes The no variant of this command disables NTP authentication Syntax ntp authenticate no ntp authenticate Mode Global Configuration Examples To enable NTP authentication use the commands awplus configure terminal awplus config ntp authenticate To disable NTP authentication use the commands awplus configure terminal awplus confi...

Страница 1955: ...an MD5 authentication key number 134343 and a key value mystring use the commands awplus configure terminal awplus config ntp authentication key 134343 md5 mystring To disable the authentication key number 134343 with the key value mystring use the commands awplus configure terminal awplus config no ntp authentication key 134343 md5 mystring Parameter Description keynumber 1 4294967295 An identifi...

Страница 1956: ...roadcastdelay delay no ntp broadcastdelay Default 0 microsecond offset which can only be applied with the no variant of this command Mode Global Configuration Examples To set the estimated round trip delay to 23464 microseconds for broadcast packets use these commands awplus configure terminal awplus config ntp broadcastdelay 23464 To reset the estimated round trip delay for broadcast packets to t...

Страница 1957: ... 192 168 1 0 16 subnet if they arrive more frequently than every 5 seconds and also send kiss of death messages use the commands awplus configure terminal awplus config ntp discard minimum 5 awplus config ntp restrict 192 168 1 0 16 limited kod To silently drop all NTP packets if they arrive more frequently than once every 4 seconds on average 2 to the power of 2 use the commands awplus configure ...

Страница 1958: ...istance from the reference clock and exist to prevent cycles in the hierarchy Stratum 1 is used to indicate time servers which are more accurate than Stratum 2 servers For more information on the Network Time Protocol go to www ntp org Examples To stop the device from being the designated NTP server use the commands awplus configure terminal awplus config no ntp master To make the device the desig...

Страница 1959: ...92 0 2 23 awplus configure terminal awplus config ntp peer 192 0 2 23 awplus config ntp peer 192 0 2 23 prefer awplus config ntp peer 192 0 2 23 prefer version 4 awplus config ntp peer 192 0 2 23 prefer version 4 key 1234 awplus config ntp peer 192 0 2 23 version 4 key 1234 awplus config ntp peer 192 0 2 23 version 4 awplus config ntp peer 192 0 2 23 key 1234 To remove an NTP peer association for ...

Страница 1960: ...lus config ntp peer 2001 0db8 010d 1 prefer awplus config ntp peer 2001 0db8 010d 1 prefer version 4 awplus config ntp peer 2001 0db8 010d 1 prefer version 4 key 1234 awplus config ntp peer 2001 0db8 010d 1 version 4 key 1234 awplus config ntp peer 2001 0db8 010d 1 version 4 awplus config ntp peer 2001 0db8 010d 1 key 1234 To remove an NTP peer association for this peer with an IPv6 address of 200...

Страница 1961: ...address Apply this restriction to the specified IPv4 or IPv6 host Enter an IPv4 address in the format A B C D Enter an IPv6 address in the format X X X X host subnet Apply this restriction to the specified IPv4 subnet or IPv6 prefix Enter an IPv4 subnet in the format A B C D M Enter an IPv6 prefix in the format X X X X X ignore Block all NTP connections including time polls from matching hosts lim...

Страница 1962: ... 0 2 1 and the subnet 192 168 1 0 16 to authenticate NTP sessions with this device use the commands awplus configure terminal awplus config ntp restrict 192 0 2 1 notrust awplus config ntp restrict 192 168 1 0 16 notrust To drop NTP packets from the 192 168 1 0 16 subnet if they arrive more frequently than every 5 seconds and also send kiss of death messages use the commands awplus configure termi...

Страница 1963: ...s config ntp server 192 0 1 23 awplus config ntp server 192 0 1 23 prefer awplus config ntp server 192 0 1 23 prefer version 4 awplus config ntp server 192 0 1 23 prefer version 4 key 1234 awplus config ntp server 192 0 1 23 version 4 key 1234 awplus config ntp server 192 0 1 23 version 4 awplus config ntp server 192 0 1 23 key 1234 To remove an NTP peer association for this peer with an IPv4 addr...

Страница 1964: ... awplus config ntp server 2001 0db8 010e 2 prefer awplus config ntp server 2001 0db8 010e 2 prefer version 4 awplus config ntp server 2001 0db8 010e 2 prefer version 4 key 1234 awplus config ntp server 2001 0db8 010e 2 version 4 key 1234 awplus config ntp server 2001 0db8 010e 2 version 4 awplus config ntp server 2001 0db8 010e 2 key 1234 To remove an NTP peer association for this peer with an IPv...

Страница 1965: ... using this command is matched to the interface When selecting a source IP address to use for NTP messages to the peer if the configured NTP client source IP address is unavailable then default behavior will apply and an alternative source IP address is automatically selected This IP address is based on the most appropriate egress interface used to reach the NTP peer The configured NTP client sour...

Страница 1966: ...onfigure the NTP source interface with the IPv6 address 2001 0db8 010e 2 enter the commands awplus configure terminal awplus config ntp source 2001 0db8 010e 2 To remove a configured address for the NTP source interface use the following commands awplus configure terminal awplus config no ntp source Related Commands ntp peer ntp server ...

Страница 1967: ...dWare Plus Operating System Version 5 4 7 0 x NTP COMMANDS NTP TRUSTED KEY DEPRECATED ntp trusted key deprecated Overview This command has been deprecated in Software Version 5 4 6 1 1 Please use the trusted parameter of the command ntp authentication key instead ...

Страница 1968: ...or IX5 28GPX 1968 AlliedWare Plus Operating System Version 5 4 7 0 x NTP COMMANDS SHOW COUNTER NTP DEPRECATED show counter ntp deprecated Overview From version 5 4 6 1 x onwards this command has been replaced by the command show ntp counters ...

Страница 1969: ...5 256 377 27 144 0 775 0 193 system peer backup candidate outlier x false ticker Table 2 Parameters in the output from the show ntp associations command Parameter Description system peer The peer that NTP uses to calculate variables like the offset and root dispersion of this AlliedWare Plus device NTP passes these variables to the clients using this AlliedWare Plus device backup Peers that are us...

Страница 1970: ... when When last polled seconds ago h hours ago or d days ago poll Time between NTP requests from the device to the server reach An indication of whether or not the NTP server is responding to requests 0 indicates there has never been a successful poll 1 indicates that the last poll was successful 3 indicates that the last two polls were successful 377 indicates that the last 8 polls were successfu...

Страница 1971: ...tricted 0 rate limited 0 KoD responses 0 processed for time 306 Table 46 1 Parameters in the output from show ntp counters Parameter Description uptime How long NTP has been running since it was last restarted in seconds sysstats reset How long since show ntp status information was last reset in seconds packets received Total number of NTP client and server packets received by the device current v...

Страница 1972: ...tch any restrict statements in the NTP restrictions NTP drops these packets See the command ntp restrict for more information rate limited The number of packets dropped because the packet rate exceeded its limits See the command ntp discard for more information KoD responses The number of kiss of death packets NTP has sent See the command ntp restrict for more information processed for time The nu...

Страница 1973: ...plicate 0 bad header 0 kod received 0 Table 46 2 Parameters in the output from show ntp counters associations Parameter Description Peer An NTP peer or server that the device is associated with sent The number of NTP packets that this device sent to the peer received The number of NTP packets that this device received from the peer auth failed The number of NTP packets received that failed authent...

Страница 1974: ...r The number of packets where one or more header fields are invalid kod received The number of Kiss of Death packets received from the peer KoD packets indicate that this device is sending NTP packets more often than the peer will accept them If you receive KoD packets you should stop using this server or peer Table 46 2 Parameters in the output from show ntp counters associations Parameter Descri...

Страница 1975: ...how ntp status For information about the output displayed by this command see ntp org Figure 46 3 Example output from the show ntp status command awplus show ntp status associd 0 status 061b leap_none sync_ntp 1 event leap_event system peer 10 37 211 97 123 system peer mode client leap indicator 00 stratum 4 log2 precision 19 root delay 24 234 root dispersion 113 912 reference ID 10 37 211 97 refe...

Страница 1976: ...mmand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug snmp on page 1978 show counter snmp server on page 1979 show debugging snmp on page 1983 show running config snmp on page 1984 show snmp server on page 1985 show snmp server community on page 1986 show snmp server group on page 1987 show snmp server user on page 1988 show snmp serv...

Страница 1977: ...eID local reset on page 2003 snmp server group on page 2004 snmp server host on page 2006 snmp server legacy ifadminstatus on page 2008 snmp server location on page 2009 snmp server source interface on page 2010 snmp server startup trap delay on page 2011 snmp server user on page 2012 snmp server view on page 2015 undebug snmp on page 2016 ...

Страница 1978: ...mp detail To start SNMP debugging showing all SNMP debugging information use the command awplus debug snmp all Related Commands show debugging snmp terminal monitor undebug snmp Parameter Description all Enable or disable the display of all SNMP debugging information detail Enable or disable the display of detailed SNMP debugging information error string Enable or disable the display of debugging ...

Страница 1979: ...ple output from the show counter snmp server command SNMP SERVER counters inPkts 11 inBadVersions 0 inBadCommunityNames 0 inBadCommunityUses 0 inASNParseErrs 0 inTooBigs 0 inNoSuchNames 0 inBadValues 0 inReadOnlys 0 inGenErrs 0 inTotalReqVars 9 inTotalSetVars 0 inGetRequests 2 inGetNexts 9 inSetRequests 0 inGetResponses 0 inTraps 0 outPkts 11 outTooBigs 0 outNoSuchNames 2 outBadValues 0 outGenErrs...

Страница 1980: ...ed SNMP Messages inTooBigs The number of SNMP PDUs received by the SNMP agent where the value of the error status field is tooBig This is sent by an SNMP manager to indicate that an exception occurred when processing a request from the agent inNoSuchNames The number of SNMP PDUs received by the SNMP agent where the value of the error status field is noSuchName This is sent by an SNMP manager to in...

Страница 1981: ... SNMP agent has sent outTooBigs The number of SNMP PDUs that the SNMP agent has generated with the value tooBig in the error status field This is sent to the SNMP manager to indicate that an exception occurred when processing a request from the manager outNoSuchNames The number of SNMP PDUs that the SNMP agent has generated with the value noSuchName in the error status field This is sent to the SN...

Страница 1982: ...P agent s window UnknownUserNames The number of received packets that the SNMP agent has dropped because they referenced an unknown user UnknownEngineIDs The number of received packets that the SNMP agent has dropped because they referenced an unknown snmpEngineID WrongDigest The number of received packets that the SNMP agent has dropped because they didn t contain the expected digest value Decryp...

Страница 1983: ...ew This command displays whether SNMP debugging is enabled or disabled Syntax show debugging snmp Mode User Exec and Privileged Exec Example To display the status of SNMP debugging use the command awplus show debugging snmp Output Figure 47 2 Example output from the show debugging snmp command Related Commands debug snmp Snmp SMUX debugging status Snmp debugging is on ...

Страница 1984: ...eged Exec Example To display the current configuration of SNMP on your device use the command awplus show running config snmp Output Figure 47 3 Example output from the show running config snmp command Related Commands show snmp server snmp server contact AlliedTelesis snmp server location Philippines snmp server group grou1 auth read view1 write view1 notify view1 snmp server view view1 1 include...

Страница 1985: ... show snmp server Mode Privileged Exec Example To display the status of the SNMP server use the command awplus show snmp server Output Figure 47 4 Example output from the show snmp server command Related Commands debug snmp show counter snmp server snmp server snmp server engineID local snmp server engineID local reset SNMP Server Enabled IP Protocol IPv4 SNMPv3 Engine ID configured name Not set S...

Страница 1986: ...es configured on the device SNMP communities are specific to v1 and v2c Syntax show snmp server community Mode Privileged Exec Example To display the SNMP server communities use the command awplus show snmp server community Output Figure 47 5 Example output from the show snmp server community command Related Commands show snmp server snmp server community SNMP community information Community Name ...

Страница 1987: ... show snmp server group Mode Privileged Exec Example To display the SNMP groups configured on the device use the command awplus show snmp server group Output Figure 47 6 Example output from the show snmp server group command Related Commands show snmp server snmp server group SNMP group information Group name guireadgroup Security Level priv Read View guiview Write View none Notify View none Group...

Страница 1988: ...e SNMP server users and is used with SNMP version 3 only Syntax show snmp server user Mode Privileged Exec Example To display the SNMP server users configured on the device use the command awplus show snmp server user Output Figure 47 7 Example output from the show snmp server user command Related Commands show snmp server snmp server user Name Group name Auth Privacy freddy guireadgroup none none...

Страница 1989: ...he SNMP server views and is used with SNMP version 3 only Syntax show snmp server view Mode Privileged Exec Example To display the SNMP server views configured on the device use the command awplus show snmp server view Output Figure 47 8 Example output from the show snmp server view command Related Commands show snmp server snmp server view SNMP view information View Name view1 OID 1 Type included...

Страница 1990: ...regation e g sa2 po2 To specify where notifications are sent use the snmp server host command To configure the device globally to send other notifications use the snmp server enable trap command Examples To enable SNMP to send link status notifications for ports 1 0 2 to 1 0 6 use following commands awplus configure terminal awplus config interface port1 0 2 1 0 6 awplus config if snmp trap link s...

Страница 1991: ...mand Reference for IX5 28GPX 1991 AlliedWare Plus Operating System Version 5 4 7 0 x SNMP COMMANDS SNMP TRAP LINK STATUS Related Commands show interface snmp trap link status suppress snmp server enable trap snmp server host ...

Страница 1992: ...s started when the first link status notification of a particular type linkUp or linkDown is sent for an interface If the threshold number of notifications of this type is sent before the timerreachesthesuppresstime anyfurther notificationsofthistypegeneratedfor the interface during the interval are not sent At the end of the interval the sending of link status notifications resumes until the thre...

Страница 1993: ... 0 x SNMP COMMANDS SNMP TRAP LINK STATUS SUPPRESS To disable the suppression link status notifications for port 1 0 2 use following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no snmp trap link status suppress Related Commands show interface snmp trap link status ...

Страница 1994: ...ipv6 no snmp server ip ipv6 Default By default the SNMP agent is enabled for both IPv4 and IPv6 If neither the ip parameter nor the ipv6 parameter is specified for this command then SNMP is enabled or disabled for both IPv4 and IPv6 Mode Global Configuration Examples To enable SNMP on the device for both IPv4 and IPv6 use the commands awplus configure terminal awplus config snmp server To enable t...

Страница 1995: ...Version 5 4 7 0 x SNMP COMMANDS SNMP SERVER Related Commands show snmp server show snmp server community show snmp server user snmp server community snmp server contact snmp server enable trap snmp server engineID local snmp server group snmp server host snmp server location snmp server view ...

Страница 1996: ...no snmp server community community name view view name access list Mode Global Configuration Example The following command creates an SNMP community called public with read only access to all MIB variables from any management station awplus configure terminal awplus config snmp server community public ro The following command removes an SNMP community called public awplus configure terminal awplus...

Страница 1997: ...is command removes the contact information from the system Syntax snmp server contact contact info no snmp server contact Mode Global Configuration Example To set the system contact information to support alliedtelesis co nz use the command awplus configure terminal awplus config snmp server contact support alliedtelesis co nz Related Commands show system snmp server location snmp server group Par...

Страница 1998: ... Description atmf AMF traps atmflink AMF Link traps atmfnode AMF Node traps atmfrr AMF Reboot Rolling traps auth Authentication failure dhcpsnooping DHCP snooping and ARP security traps These notifications must also be set using the ip dhcp snooping violation command and or the arp security violation command epsr EPSR traps g8032 G 8032 ERP traps lldp Link Layer Discovery Protocol LLDP traps These...

Страница 1999: ...erver enable trap atmfnode To enable the device to send PoE related traps use the following commands awplus configure terminal awplus config snmp server enable trap power inline To disable PoE traps being sent out by the device use the following commands awplus configure terminal awplus config no snmp server enable power inline To enable the device to send MAC address Thrash Limiting traps use the...

Страница 2000: ...nd Reference for IX5 28GPX 2000 AlliedWare Plus Operating System Version 5 4 7 0 x SNMP COMMANDS SNMP SERVER ENABLE TRAP Related Commands show snmp server show ip dhcp snooping snmp trap link status snmp server host trap G 8032 ...

Страница 2001: ...hich is permanently set unless it is configured by the user In a stacked environment if the same engine ID was automatically generated for all members of the stack conflicts would occur if the stack was dismantled Therefore each member of the stack will generate its own engine ID and the stack master s ID is used when transmitting SNMPv3 packets Should a master failover occur a different engine ID...

Страница 2002: ... values after configuration Related Commands show snmp server snmp server engineID local reset snmp server group awplus config snmp server engineid local asdgdfh231234d awplus config exit awplus show snmp server SNMP Server Enabled IP Protocol IPv4 SNMPv3 Engine ID configured name asdgdfh231234d SNMPv3 Engine ID actual 0x80001f888029af52e149198483 awplus config no snmp server engineid local awplus...

Страница 2003: ...v3 engine ID by resetting the SNMPv3 engine If the current engine ID is user defined usethe snmp server engineID local command to set SNMPv3 engineID to a system generated value Syntax snmp server engineID local reset Mode Global Configuration Example To force the SNMPv3 engine ID to be reset to a system generated value use the commands awplus configure terminal awplus config snmp server engineID ...

Страница 2004: ...p server group groupname auth noauth priv Mode Global Configuration Examples To add SNMP group for ordinary users user the following commands awplus configure terminal awplus config snmp server group usergroup noauth read useraccess write useraccess To delete SNMP group usergroup use the following commands awplus configure terminal awplus config no snmp server group usergroup noauth Parameter Desc...

Страница 2005: ...Rev C Command Reference for IX5 28GPX 2005 AlliedWare Plus Operating System Version 5 4 7 0 x SNMP COMMANDS SNMP SERVER GROUP Related Commands snmp server show snmp server show snmp server group show snmp server user ...

Страница 2006: ...NMP v2c or the authentication encryption parameters and user name SNMP v3 Syntax snmp server host ipv4 address ipv6 address traps version 1 community name snmp server host ipv4 address ipv6 address informs traps version 2c community name snmp server host ipv4 address ipv6 address informs traps version 3 auth noauth priv user name no snmp server host ipv4 address ipv6 address traps version 1 commun...

Страница 2007: ...traps to the IPv6 host destination 2001 db8 8a2e 7334 with the SNMPv2c community name private use the following command awplus configure terminal awplus config snmp server host version 2c private2001 db8 8a2e 7334 To remove a configured trap host of 192 0 2 5 with the SNMPv2c community name public use the following command awplus configure terminal awplus config no snmp server host version 2c publ...

Страница 2008: ...ct the administrative state of the interface Syntax snmp server legacy ifadminstatus no snmp server legacy ifadminstatus Default Legacy ifAdminStatus is turned off by default so by default the SNMP ifAdminStatus reflects the administrative state of the interface Mode Global Configuration Usage Note that if you enable Legacy ifAdminStatus the ifAdminStatus will report a link s status as Down when t...

Страница 2009: ... variant of this command removes the configured location from the system Syntax snmp server location location name no snmp server location Mode Global Configuration Example To set the location to server room 523 use the following commands awplus configure terminal awplus config snmp server location server room 523 Related Commands show snmp server show system snmp server contact Parameter Descript...

Страница 2010: ... of the traps and informs messages Mode Global Configuration Usage An SNMP trap or inform message that is sent from an SNMP server carries the notification IP address of its originating interface Use this command to assign this interface Example The following commands set VLAN20 to be the interface whose IP address is used as the originating address in SNMP informs packets awplus configure termina...

Страница 2011: ...delay time no snmp server startup trap delay Default The SNMP server trap delay time is 30 seconds The no variant restores the default Mode Global Configuration Example To delay the device sending SNMP traps until 60 seconds after device startup use the following commands awplus configure terminal awplus config snmp server startup trap delay 60 To restore the sending of SNMP traps to the default o...

Страница 2012: ...ords must be the same for both entities Use the encrypted parameter when you want to enter already encrypted passwords in encrypted form as displayed in the running and startup configs stored on the device For example you may need to move a user from one group to another group and keep the same passwords for the user instead of removing the user to apply new passwords Parameter Description usernam...

Страница 2013: ...command To enter existing SNMP user authuser with existing passwords as a member of group newusergroup with authentication protocol md5 plus the encrypted authentication password 0x1c74b9c22118291b0ce0cd883f8dab6b74 privacy protocol des plus the encrypted privacy password 0x0e0133db5453ebd03822b004eeacb6608f use the following commands awplus configure terminal awplus config snmp server user authus...

Страница 2014: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 2014 AlliedWare Plus Operating System Version 5 4 7 0 x SNMP COMMANDS SNMP SERVER USER Related Commands show snmp server user snmp server view ...

Страница 2015: ...removes the specified view on the device The view must already exist Syntax snmp server view view name mib name included excluded no snmp server view view name Mode Global Configuration Examples The following command creates a view called loc that includes the system location MIB sub tree awplus config snmp server view loc 1 3 6 1 2 1 1 6 0 included To remove the view loc use the following command...

Страница 2016: ...01 Rev C Command Reference for IX5 28GPX 2016 AlliedWare Plus Operating System Version 5 4 7 0 x SNMP COMMANDS UNDEBUG SNMP undebug snmp Overview This command applies the functionality of the no debug snmp command ...

Страница 2017: ...etwork information gathered using LLDP is transferred to a Network Management System by SNMP For security reasons we recommend using SNMPv3 for this purpose see the SNMP Feature Overview and Configuration Guide LLDPoperates overphysicalportsonly Forexample it canbeconfiguredonswitch ports that belong to static or dynamic channel groups but not on the channel groups themselves Command List clear ll...

Страница 2018: ...location identifier on page 2045 location civic location id on page 2046 location coord location configuration on page 2047 location coord location identifier on page 2049 location coord location id on page 2050 location elin location on page 2051 location elin location id on page 2052 show debugging lldp on page 2053 show lldp on page 2055 show lldp interface on page 2057 show lldp local info on ...

Страница 2019: ...plied LLDP statistics for all ports are cleared Syntax clear lldp statistics interface port list Mode Privileged Exec Examples To clear the LLDP statistics on ports 1 0 1 and 1 0 6 use the command awplus clear lldp statistics interface port1 0 1 port1 0 6 To clear all LLDP statistics for all ports use the command awplus clear lldp statistics Related Commands show lldp statistics show lldp statisti...

Страница 2020: ... information is cleared for all ports Syntax clear lldp table interface port list Mode Privileged Exec Examples To clear the table of neighbor information received on ports 1 0 1 and 1 0 6 use the command awplus clear lldp table interface port1 0 1 port1 0 6 Tocleartheentiretableofneighborinformationreceivedthroughallports usethe command awplus clear lldp table Related Commands show lldp neighbors...

Страница 2021: ...eration no debug lldp all Default By default no debug is enabled for any ports Mode Privileged Exec Examples To enable debugging of LLDP receive on ports 1 0 1 and 1 0 6 use the command awplus debug lldp rx interface port1 0 1 port1 0 6 To enable debugging of LLDP transmit with packet dump on all ports use the command awplus debug lldp tx txpkt To disable debugging of LLDP receive on ports 1 0 1 a...

Страница 2022: ...50152 01 Rev C Command Reference for IX5 28GPX 2022 AlliedWare Plus Operating System Version 5 4 7 0 x LLDP COMMANDS DEBUG LLDP Related Commands show debugging lldp show running config lldp terminal monitor ...

Страница 2023: ...etects a new LLDP MED capable device The no variant of this command resets the LLDPD MED fast start count to the default 3 Syntax lldp faststart count 1 10 no lldp faststart count Default The default fast start count is 3 Mode Global Configuration Examples To set the fast start count to 5 use the command awplus configure terminal awplus config lldp faststart count 5 To reset the fast start count t...

Страница 2024: ...multiplier Default The default holdtime multiplier value is 4 Mode Global Configuration Usage The Time To Live defines the period for which the information advertised to the neighbor is valid If the Time To Live expires before the neighbor receives another update of the information then the neighbor discards the information from its database Examples To set the holdtime multiplier to 2 use the com...

Страница 2025: ... MAC address of the device s baseboard if no VLAN IP addresses are configured for the port Mode Interface Configuration Usage To see the management address that will be advertised use the show lldp interface command or show lldp local info command Examples To set the management address advertised by ports 1 0 1 and 1 06 to be 192 168 1 6 use the commands awplus configure terminal awplus config int...

Страница 2026: ...cations relating to the specified ports Syntax lldp med notifications no lldp med notifications Default The sending of LLDP MED notifications is disabled by default Mode Interface Configuration Examples To enable the sending of LLDP MED Topology Change Detected notifications relating to ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awp...

Страница 2027: ...v select capabilities network policy location power management ext inventory management no lldp med tlv select all Parameter Description capabilities LLDP MED Capabilities TLV When this is enabled the MAC PHY Configuration Status TLV from IEEE 802 3 Organizationally Specific TLVs is also automatically included in LLDP MED advertisements whether or not it has been explicitly enabled by the lldp tlv...

Страница 2028: ...ry TLV Set in advertisements transmitted via ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp med tlv select inventory management To exclude the Inventory TLV Set in advertisements transmitted via ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus confi...

Страница 2029: ...TLV SELECT Related Commands lldp tlv select location elin location id location civic location identifier location civic location configuration location coord location identifier location coord location configuration location elin location show lldp interface switchport voice dscp switchport voice vlan switchport voice vlan priority ...

Страница 2030: ...ed to LLDP MED advertisements according to ANSI TIA 1057 and LLDP MED TLVs in non standard order are discarded Mode Global Configuration Usage The ANSI TIA 1057 specifies standard order for TLVs in LLDP MED advertisements and specifies that if LLDP receives LLDP advertisements with non standard LLDP MED TLV order the TLVs in non standard order should be discarded This implementation of LLDP MED fo...

Страница 2031: ...nt of this command sets the notification interval back to its default Syntax lldp notification interval 5 3600 no lldp notification interval Default The default notification interval is 5 seconds Mode Global Configuration Examples To set the notification interval to 20 seconds use the commands awplus configure terminal awplus config lldp notification interval 20 To set the notification interval ba...

Страница 2032: ...tifications Default The sending of LLDP SNMP notifications is disabled by default Mode Interface Configuration Examples To enable sending of LLDP SNMP notifications for ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp notifications To disable sending of LLDP SNMP notifications for ports 1 0 1 and 1 0 6 use the comman...

Страница 2033: ...lt port identifier type is number The no variant of this command sets the port identifier type to the default Mode Global Configuration Examples To set the type of port identifier used to enumerate LLDP MIB local port entries to port numbers use the commands awplus configure terminal awplus config lldp port number type number To set the type of port identifier used to enumerate LLDP MIB local port...

Страница 2034: ...s command sets the reinitialization delay back to its default setting Syntax lldp reinit 1 10 no lldp reinit Default The default reinitialization delay is 2 seconds Mode Global Configuration Examples To set the reinitialization delay to 3 seconds use the commands awplus configure terminal awplus config lldp reinit 3 To set the reinitialization delay back to its default use the commands awplus conf...

Страница 2035: ...iant of this command disables the operation of LLDP on the device The LLDP configuration remains unchanged Syntax lldp run no lldp run Default LLDP is disabled by default Mode Global Configuration Examples To enable LLDP operation use the commands awplus configure terminal awplus config lldp run To disable LLDP operation use the commands awplus configure terminal awplus config no lldp run Related ...

Страница 2036: ...tax lldp timer 5 32768 no lldp timer Default The default transmit interval is 30 seconds Mode Global Configuration Examples To set the transmit interval to 90 seconds use the commands awplus configure terminal awplus config lldp timer 90 To set the transmit interval back to its default use the commands awplus configure terminal awplus config no lldp timer Related Commands lldp tx delay show lldp P...

Страница 2037: ...is command disables the specified optional TLVs or all optional TLVs for transmission in LLDP advertisements via the specified ports Syntax lldp tlv select tlv lldp tlv select all no lldp tlv select tlv no lldp tlv select all Default By default no optional TLVs are included in LLDP advertisements The MAC PHY Configuration Status TLV mac phy config is included in LLDP MED advertisements whether or ...

Страница 2038: ...ommands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp tlv select all To exclude the management address and system name TLVs from advertisements transmitted via ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if no lldp tlv select management address system name To exclude all opt...

Страница 2039: ...ansmission of LLDP advertisements on ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp transmit To enable LLDP advertisement transmission and reception on ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp transmit receive TodisableLLDPadv...

Страница 2040: ...ts default setting Syntax lldp tx delay 1 8192 no lldp tx delay Default The default transmission delay timer is 2 seconds Mode Global Configuration Examples To set the transmission delay timer to 12 seconds use the commands awplus configure terminal awplus config lldp tx delay 12 To set the transmission delay timer back to its default use the commands awplus configure terminal awplus config no lld...

Страница 2041: ...to delete civic address parameters from the location Syntax country country state state no state county county no county city city no city division division no division neighborhood neighborhood no neighborhood street group street group no street group leading street direction leading street direction no leading street direction trailing street suffix trailing street suffix no trailing street suff...

Страница 2042: ... community name postal community name no postal community name post office box post office box no post office box additional code additional code no additional code seat seat no seat primary road name primary road name no primary road name road section road section no road section branch road name branch road name no branch road name sub branch road name sub branch road name no sub branch road nam...

Страница 2043: ...g street direction CA Type 16 trailing street suffix Trailing street suffix CA Type 17 street suffix Street suffix CA Type 18 street suffix or type house number House number CA Type 19 house number suffix House number suffix CA Type 20 landmark Landmark or vanity address CA Type 21 additional information Additional location information CA Type 22 name Name CA Type 23 residence and office occupant ...

Страница 2044: ...ss location For more information about civic address format see the LLDP Feature Overview and Configuration Guide To specify the civic address location use the location civic location identifier command To delete the civic address location use the no variant of the location civic location identifier command To assign the civic address location to particular ports so that it can be advertised in TL...

Страница 2045: ... civic address location identifier use the location civic location configuration command To associate this civic location identifier with particular ports use the location elin location id command Up to 400 locations can be configured on the switch for each type of location information up to a total of 1200 locations Examples To enter Civic Address Location Configuration mode for the civic address...

Страница 2046: ...port can be transmitted in Location Identification TLVs via the port Before using this command create the location using the following commands location civic location identifier command location civic location configuration command If a civic address location is deleted using the no variant of the location civic location identifier command it is automatically removed from all ports Examples To as...

Страница 2047: ...as 34 bit fixed point binary numbers with a 25 bit fractional part irrespective of the number of digits entered by the user Likewise Parameter Description lat resolution Latitude resolution as a number of valid bits in the range 0 to 34 latitude Latitude value in degrees in the range 90 0 to 90 0 long resolution Longitude resolution as a number of valid bits in the range 0 to 34 longitude Longitud...

Страница 2048: ...rch area To specify the coordinate identifier use the location coord location identifier command To remove coordinate information delete the coordinate location by using the no variant of that command To associate the coordinate location with particular ports so that it can be advertised in TLVs from those ports use the location elin location id command Example To configure the location for the Wh...

Страница 2049: ...r each type of location information up to a total of 1200 locations To configure this coordinate location use the location coord location configuration command To associate this coordinate location with particular ports so that it can be advertised in TLVs from those ports use the location coord location id command Examples To enter Coordinate Location Configuration mode to configure the coordinat...

Страница 2050: ...an be transmitted in Location Identification TLVs via the port Before using this command configure the location using the following commands location coord location identifier command location coord location configuration command If a coordinate location is deleted using the no variant of the location coord location identifier command it is automatically removed from all ports Examples To assign c...

Страница 2051: ...o a total of 1200 locations To assign this ELIN location to particular ports so that it can be advertised in TLVs from those ports use the location elin location id command Examples To create a new ELIN location with ID 1 and configure it with ELIN 1234567890 use the commands awplus configure terminal awplus config location elin location 1234567890 identifier 1 To delete existing ELIN location wit...

Страница 2052: ...Configuration Usage An ELIN location associated with a port can be transmitted in Location Identification TLVs via the port Before using this command configure the location using the location elin location command If an ELIN location is deleted using the no variant of one of the location elin location command it is automatically removed from all ports Examples To assign ELIN location 1 to port 1 0...

Страница 2053: ...gging lldp interface port1 0 1 1 0 6 Output Figure 48 1 Example output from the show debugging lldp command Parameter Description port list The ports for which the LLDP debug settings are shown LLDP Debug settings Debugging for LLDP internal operation is on Port Rx RxPkt Tx TxPkt 1 0 1 Yes Yes No No 1 0 2 Yes No No No 1 0 3 No No No No 1 0 4 Yes Yes Yes No 1 0 5 Yes No Yes No 1 0 6 Yes Yes Yes Yes...

Страница 2054: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 2054 AlliedWare Plus Operating System Version 5 4 7 0 x LLDP COMMANDS SHOW DEBUGGING LLDP Related Commands debug lldp ...

Страница 2055: ...secs Reinitialization Delay 2 secs 2 Tx Delay 2 secs 2 Port Number Type Ifindex Port Number Fast Start Count 5 3 LLDP Global Status Total Neighbor Count 47 Neighbors table last updated 0 hrs 0 mins 43 secs ago Table 3 Parameters in the output of the show lldp command Parameter Description LLDP Status Whether LLDP is enabled Default is disabled Notification Interval Minimum interval between LLDP no...

Страница 2056: ...e to a change in LLDP local information Port Number Type The type of port identifier used to enumerate LLDP MIB local port entries as set by the lldp port number type command Fast Start Count The number of times fast start advertisements are sent for LLDP MED Total Neighbor Count Number of LLDP neighbors discovered on all ports Neighbors table last updated The time since the LLDP neighbor table wa...

Страница 2057: ...s inactive on this port because it is a mirror analyser port Notification Abbreviations RC LLDP Remote Tables Change TC LLDP MED Topology Change TLV Abbreviations Base Pd Port Description Sn System Name Sd System Description Sc System Capabilities Ma Management Address 802 1 Pv Port VLAN ID Pp Port And Protocol VLAN ID Vn VLAN Name Pi Protocol Identity 802 3 Mp MAC PHY Config Status Po Power Via M...

Страница 2058: ...ge Notification Management Addr Management address advertised to neighbors Base TLVs Enabled for Tx List of optional Base TLVs enabled for transmission Pd Port Description Sn System Name Sd System Description Sc System Capabilities Ma Management Address 802 1 TLVs Enabled for Tx List of optional 802 1 TLVs enabled for transmission Pv Port VLAN ID Pp Port And Protocol VLAN ID Vn VLAN Name Pi Protoc...

Страница 2059: ...dp transmit receive command which TLVs it is configured to send lldp tlv select command lldp med tlv select command Examples To display local information transmitted via port 1 0 1 use the command awplus show lldp local info interface port1 0 1 To display local information transmitted via all ports use the command awplus show lldp local info Output Figure 48 3 Example output from show lldp local i...

Страница 2060: ...bility Disabled Power Class Unknown Link Aggregation Supported Disabled Maximum Frame Size 1522 LLDP MED Device Type Network Connectivity LLDP MED Capabilities LLDP MED Capabilities Network Policy Location Identification Extended Power PSE Inventory Network Policy not configured Location Identification Civic Address Country Code NZ City Christchurch Street Suffix Avenue House Number 27 Primary Roa...

Страница 2061: ...em description System Capabilities Supported Capabilities that the local port supports System Capabilities Enabled Enabled capabilities on the local port Management Addresses Management address associated with the local port To change this use the lldp management address command Port VLAN ID PVID VLAN identifier associated with untagged or priority tagged frames received via the local port Port Pr...

Страница 2062: ...e capability of the implemented MAC and PHY LLDP MED Device Type LLDP MED device type LLDP MED Capabilities Capabilities LLDP MED capabilities supported on the local port Network Policy List of network policies configured on the local port VLAN ID VLAN identifier for the port for the specified application type Tagged Flag Whether the VLAN ID is to be used as tagged or untagged Layer 2 Priority Lay...

Страница 2063: ... description interface hostname lldp transmit receive Power Value The total power the switch can source over a maximum length cable to a PD device on the port The value shows the power value in Watts from the PD side Inventory Management Inventory information for the device Table 48 1 Parameters in the output of show lldp local info cont Parameter Description ...

Страница 2064: ... neighbors interface port1 0 1 port1 0 6 Output Figure 48 4 Example output from the show lldp neighbors command Parameter Description port list The ports for which the neighbor information is to be shown LLDP Neighbor Information Total number of neighbors on these ports 4 System Capability Codes O Other P Repeater B Bridge W WLAN Access Point R Router T Telephone C DOCSIS Cable Device S Station On...

Страница 2065: ...l Port Local port on which the neighbor information was received Neighbor Chassis ID Chassis ID that uniquely identifies the neighbor Neighbor Port Name Port ID of the neighbor Neighbor Sys Name System name of the LLDP neighbor Neighbor Capability Capabilities that are supported and enabled on the neighbor System Capability System Capabilities of the LLDP neighbor MED Device Type LLDP MED Device c...

Страница 2066: ...lldp neighbors detail base dot1 dot3 med interface port list Mode User Exec and Privileged Exec Examples To display detailed neighbor information received via all ports use the command awplus show lldp neighbors detail To display detailed neighbor information received via ports 1 0 1 use the command awplus show lldp neighbors detail interface port1 0 1 Parameter Description base Information for ba...

Страница 2067: ...D 1 Port Protocol VLAN Supported Yes Enabled Yes VIDs 5 VLAN Names default vlan5 Protocol IDs 9000 0026424203000000 888e01 8100 88090101 00540000e302 0800 0806 86dd MAC PHY Auto negotiation Supported Enabled Advertised Capability 1000BaseTFD 100BaseTXFD 100BaseTX 10BaseTFD 10BaseT Operational MAU Type 1000BaseTFD 30 Power Via MDI PoE not advertised Link Aggregation Supported Disabled Maximum Frame...

Страница 2068: ...orted Capabilities that the neighbor supports System Capabilities Enabled Capabilities that are enabled on the neighbor Management Addresses List of neighbor s management addresses Port VLAN ID PVID VLAN identifier associated with untagged or priority tagged frames for the neighbor port Port Protocol VLAN Supported Whether Port Protocol VLAN is supported on the LLDP neighbor Port Protocol VLAN Ena...

Страница 2069: ...imum frame size capability LLDP MED Device Type LLDP MED Device type LLDP MED Capabilities LLDP MED capabilities supported Network Policy List of network policies Location Identification Location information Extended Power Via MDI PoE PoE capability and current status Inventory Management Inventory information Table 50 Parameters in the output of the show lldp neighbors detail command cont Paramet...

Страница 2070: ...3 In Errored 0 In Dropped 0 TLVs Unrecognized 0 Discarded 0 Neighbors New Entries 20 Deleted Entries 20 Dropped Entries 0 Entry Age outs 20 Table 52 Parameters in the output of the show lldp statistics command Parameter Description Frames Out Number of LLDPDU frames transmitted Frames In Number of LLDPDU frames received Frames In Errored Number of invalid LLDPDU frames received Frames In Dropped N...

Страница 2071: ...neighbors has been removed from the neighbor table Neighbors Dropped Entries Number of times the information advertised by neighbors could not be entered into the neighbor table because of insufficient resources Neighbors Entry Age outs Entries Number of times the information advertised by neighbors has been removed from the neighbor table because the information TTL interval has expired Table 52 ...

Страница 2072: ...istics interface To display LLDP statistics information for ports 1 0 1 and 1 0 6 use the command awplus show lldp statistics interface port1 0 1 port1 0 6 Output Parameter Description port list The ports for which the statistics are to be shown Table 53 Example output from the show lldp statistics interface command awplus show lldp statistics interface port1 0 1 port1 0 6 LLDP Packet and Event Co...

Страница 2073: ...gnized Number of LLDP TLVs received that are not recognized but the TLV type is in the range of reserved TLV types TLVs Discarded Number of LLDP TLVs discarded for any reason Neighbors New Entries Number of times the information advertised by neighbors has been inserted into the neighbor table Neighbors Deleted Entries Number of times the information advertised by neighbors has been removed from t...

Страница 2074: ...ivic location interface port1 0 1 To display coordinate location information configured on the identifier 1 use the command awplus show location coord location identifier 1 Parameter Description civic location Display civic location information coord location Display coordinate location information elin location Display ELIN location information civic loc id Civic address location identifier in th...

Страница 2075: ...lin location id location civic location identifier location civic location configuration location coord location identifier location coord location configuration location elin location Table 56 Example output from the show location command awplus show location coord location identifier 1 ID Element Type Element Value 1 Latitude Resolution 15 bits Latitude 38 8986481130123138427734375 degrees Longi...

Страница 2076: ...nce for commands used to configure SMTP For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug mail on page 2077 delete mail on page 2078 mail on page 2079 mail from on page 2080 mail smtpserver on page 2081 show counter mail on page 2082 show mail on page 2083 undebug mail on page 2084 ...

Страница 2077: ...ing emails The no variant of this command turns off debugging for sending emails Syntax debug mail no debug mail Mode Privileged Exec Examples To turn on debugging for sending emails use the command awplus debug mail To turn off debugging for sending emails use the command awplus no debug mail Related Commands delete mail mail mail from mail smtpserver show mail show counter mail undebug mail ...

Страница 2078: ... To delete a unique mail item 20060912142356 1234 from the queue use the command awplus delete mail 20060912142356 1234 To delete all mail from the queue use the command awplus delete mail all Related Commands debug mail mail mail from mail smtpserver show mail Parameter Description mail id Deletes a single mail from the mail queue mail id An unique mail ID number Use the show mail command to disp...

Страница 2079: ... a mail server using the mail smtpserver command Syntax mail to to subject subject file filename Mode Privileged Exec Example To send an email to rei nerv comwith the subject dummy plug configuration and with the message body inserted from the file plug conf use the command awplus mail rei nerv com subject dummy plug configuration filename plug conf Related Commands debug mail delete mail mail fro...

Страница 2080: ...mand You must specify a sending email address with this command before you can send any email Syntax mail from from Mode Global Configuration Example To set the email address from which you are sending mail to kaji nerv com use the command awplus config mail from kaji nerv com Related Commands delete mail mail mail smtpserver show mail Parameter Description from The email address that the mail is ...

Страница 2081: ...ce sends email to You must specify a mail server with this command before you can send any email Syntax mail smtpserver ip address Mode Global Configuration Example To specify a mail server at 192 168 0 1 use the command awplus mail smtpserver 192 168 0 1 Related Commands debug mail delete mail mail mail from show mail show counter mail Parameter Description ip address Internet Protocol IP Address...

Страница 2082: ... from the show counter mail command Example To show the emails in the queue use the command awplus show counter mail Related Commands debug mail delete mail mail mail from show mail Mail Client SMTP counters Mails Sent 0 Mails Sent Fails 1 Table 1 Parameters in the output of the show counter mail command Parameter Description Mails Sent The number of emails sent successfully since the last device ...

Страница 2083: ...ng System Version 5 4 7 0 x SMTP COMMANDS SHOW MAIL show mail Overview This command displays the emails in the queue Syntax show mail Mode Privileged Exec Example To display the emails in the queue use the command awplus show mail Related Commands delete mail mail show counter mail ...

Страница 2084: ...01 Rev C Command Reference for IX5 28GPX 2084 AlliedWare Plus Operating System Version 5 4 7 0 x SMTP COMMANDS UNDEBUG MAIL undebug mail Overview This command applies the functionality of the no debug mail command ...

Страница 2085: ... Feature Overview and Configuration Guide RMON is disabled by default in AlliedWare Plus No RMON alarms or events are configured For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List rmon alarm on page 2086 rmon collection history on page 2088 rmon collection stats on page 2089 rmon event on page 20...

Страница 2086: ...The variable SNMP MIB Object Identifier OID name to be monitored in the format etherStatsEntry field stats index For example etherStatsEntry 5 22 is the OID for the etherStatsPkts field in the etherStatsEntry table for the interface defined by the stats index 22 in the rmon collection stats command interval 1 2147483647 Polling interval in seconds delta The RMON MIB alarmSampleType the change in t...

Страница 2087: ...alue with the form etherStatsEntry field stats index for example etherStatsEntry 22 5 Example To configure an alarm to monitor the change per minute in the etherStatsPkt value for interface 22 defined by stats index 22 in the rmon collection stats command to trigger event 2 defined by the rmon event command when it reaches the rising threshold 400 and to trigger event 3 when it reaches the falling...

Страница 2088: ...istory index buckets 1 65535 interval 1 3600 owner owner no rmon collection history history index Default The default interval is 1800 seconds and the default buckets is 50 buckets Mode Interface Configuration Example To create a history statistics control group to store 200 snapshots with an interval of 500 seconds use the commands awplus configure terminal awplus config interface port1 0 2 awplu...

Страница 2089: ...ollection stats collection index Default RMON statistics are not enabled by default Mode Interface Configuration Example To enable the collection of RMON statistics with a statistics index of 200 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if rmon collection stats 200 owner myrtle To to stop collecting RMON statistics use the commands awplus configure...

Страница 2090: ... log description description owner owner trap trap rmon event event index log trap description description owner owner no rmon event event index Default No event is configured by default Mode Global Configuration Example To create an event definition for a log with an index of 299 use this command awplus configure terminal awplus config rmon event 299 log description cond3 owner alfred To to remov...

Страница 2091: ...larm Overview Use this command to display the alarms and threshold configured for the RMON probe NOTE Only the alarms for switch port interfaces not for VLAN interfaces can be shown Syntax show rmon alarm Mode User Exec and Privileged Exec Example To display the alarms and threshold use this command awplus show rmon alarm Related Commands rmon alarm ...

Страница 2092: ...owing etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts etherStatsOversizePkts etherStatsFragments etherStatsJabbers etherStatsCollisions etherStatsPkts64Octets etherStatsPkts65to127Octets etherStatsPkts128to255Octets etherStatsPkts256to511Octets etherStatsPkts512to1023Octets etherStatsPkts1024to1518Octet...

Страница 2093: ...rence for IX5 28GPX 2093 AlliedWare Plus Operating System Version 5 4 7 0 x RMON COMMANDS SHOW RMON EVENT Example To display the events configured for the RMON probe use this command awplus show rmon event Related Commands rmon event ...

Страница 2094: ...tput from the show rmon history command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts etherStatsOversizePkts etherStatsFragments etherStatsJabbers etherStatsCollisions etherStatsPkts64Octets etherStatsPkts65to127Octets etherStatsPkts128to255Octets etherStatsPkts256to511Octets etherS...

Страница 2095: ...perating System Version 5 4 7 0 x RMON COMMANDS SHOW RMON HISTORY etherStatsPkts1024to1518Octets Example To display the parameters specified on all the currently defined RMON history collections us the commands awplus show rmon history Related Commands rmon collection history ...

Страница 2096: ... the show rmon statistics command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts etherStatsOversizePkts etherStatsFragments etherStatsJabbers etherStatsCollisions etherStatsPkts64Octets etherStatsPkts65to127Octets etherStatsPkts128to255Octets etherStatsPkts256to511Octets etherStatsPk...

Страница 2097: ...50152 01 Rev C Command Reference for IX5 28GPX 2097 AlliedWare Plus Operating System Version 5 4 7 0 x RMON COMMANDS SHOW RMON STATISTICS etherStatsPkts1024to1518Octets Related Commands rmon collection stats ...

Страница 2098: ...hostkey on page 2102 crypto key destroy userkey on page 2103 crypto key generate hostkey on page 2104 crypto key generate userkey on page 2106 crypto key pubkey chain knownhosts on page 2107 crypto key pubkey chain userkey on page 2109 debug ssh client on page 2111 debug ssh server on page 2112 service ssh on page 2113 show banner login on page 2115 show crypto key hostkey on page 2116 show crypto...

Страница 2099: ...w ssh server deny users on page 2129 ssh on page 2130 ssh client on page 2132 ssh server on page 2134 ssh server allow users on page 2136 ssh server authentication on page 2138 ssh server deny users on page 2140 ssh server max auth tries on page 2142 ssh server resolve host on page 2143 ssh server scp on page 2144 ssh server sftp on page 2145 undebug ssh client on page 2146 undebug ssh server on p...

Страница 2100: ...d of your message to save the text and re enter the normal command line mode The banner message is preserved if the device restarts The no variant of this command deletes the login banner from the device Syntax banner login no banner login Default No banner is defined by default Mode Global Configuration Examples To set a login banner message use the commands awplus configure terminal awplus confi...

Страница 2101: ...y delete an SSH session if you are a system manager or the user who initiated the session If all is specified then all active SSH sessions are deleted Syntax clear ssh 1 65535 all Mode Privileged Exec Examples To stop the current SSH session 123 use the command awplus clear ssh 123 To stop all SSH sessions active on the device use the command awplus clear ssh all Related Commands service ssh ssh P...

Страница 2102: ...key generate hostkey command to generate that key before you enable the SSH server Syntax crypto key destroy hostkey dsa ecdsa rsa rsa1 Mode Global Configuration Example To destroy the RSA host key used for SSH version 2 connections use the commands awplus configure terminal awplus config crypto key destroy hostkey rsa Related Commands crypto key generate hostkey service ssh Parameters Description...

Страница 2103: ... user key for the SSH user remoteuser use the commands awplus configure terminal awplus config crypto key destroy userkey remoteuser rsa Related Commands crypto key generate hostkey show ssh show crypto key hostkey Parameters Description username Name of the user whose userkey you are destroying The username must begin with a letter Valid characters are all numbers letters and the underscore hyphe...

Страница 2104: ...y generate hostkey dsa 768 1024 crypto key generate hostkey rsa rsa1 768 32768 crypto key generate hostkey ecdsa 256 384 Default The default key length for RSA and DSA is 1024 bits The default key size for ECDSA is 256 bits Mode Global Configuration Examples To generate an RSA host key for SSH version 2 connections that is 2048 bits in length use the commands awplus configure terminal awplus confi...

Страница 2105: ...5 4 7 0 x SECURE SHELL SSH COMMANDS CRYPTO KEY GENERATE HOSTKEY To generate an ECDSA host key with an elliptic curve size of 384 bits use the commands awplus configure terminal awplus config crypto key generate ecdsa 384 Related Commands crypto key destroy hostkey service ssh show crypto key hostkey ...

Страница 2106: ...ions for the user bob use the commands awplus configure terminal awplus config crypto key generate userkey bob rsa 2048 To generate a DSA user key for the user lapo use the commands awplus configure terminal awplus config crypto key generate userkey lapo dsa Related Commands crypto key pubkey chain userkey show crypto key userkey Parameters Description username Name of the user that the user key i...

Страница 2107: ...pv6 hostname rsa dsa rsa1 no crypto key pubkey chain knownhosts 1 65535 Default If no cryptography algorithm is specified then rsa is used as the default cryptography algorithm Mode Privilege Exec Usage This command adds a public key of the specified SSH server to the known host database on the device The key is retrieved from the server The remote SSH server is verified by using this public key T...

Страница 2108: ...he remote server then SSH clients will inform the user that the public key of the server is altered or unknown Examples To add the RSA host key of the remote SSH host IPv4 address 192 0 2 11 to the known host database use the command awplus crypto key pubkey chain knownhosts 192 0 2 11 To delete the second entry in the known host database use the command awplus no crypto key pubkey chain knownhost...

Страница 2109: ...s text into the terminal To add a key as text into the terminal first enter the command crypto key pubkey chain userkey username and hit Enter Enter the key as text Note that the key you enter as text must be a valid SSH RSA key not random ASCII text Use Ctrl D after entering it to save the text and re enter the normal command line mode Note you can generate a valid SSH RSA key on the device first...

Страница 2110: ...ain userkey joeType CNTL D to finish AAAAB3NzaC1yc2EAAAABIwAAAIEAr1s7SokW5aW2fcOw1TStpb9J20b WluhnUC768EoWhyPW6FZ2t5360O5M29EpKBmGqlkQaz5V0mU9IQe66 5YyD4Ux OKSDtTI 7jtjDcoGWHb2u4sFwRpXwJZcgYrXW16 6NvNbk h c pqGDijj4Svf ZZfeITzvvyZW4 I4pbN8 control D awplus config To add a public key for the user graydon from the file key pub use the commands awplus configure terminal awplus config crypto key pubke...

Страница 2111: ... the SSH client from generating diagnostic debugging message Syntax debug ssh client brief full no debug ssh client Default SSH client debugging is disabled by default Mode Privileged Exec and Global Configuration Examples To start SSH client debugging use the command awplus debug ssh client To start SSH client debugging with extended output use the command awplus debug ssh client full To disable ...

Страница 2112: ...debugging facility This stops the SSH server from generating diagnostic debugging messages Syntax debug ssh server brief full no debug ssh server Default SSH server debugging is disabled by default Mode Privileged Exec and Global Configuration Examples To start SSH server debugging use the command awplus debug ssh server To start SSH server debugging with extended output use the command awplus deb...

Страница 2113: ...ssions use the clear ssh command Syntax service ssh ip ipv6 no service ssh ip ipv6 Default The Secure Shell server is disabled by default Both IPv4 and IPv6 Secure Shell server are enabled when you issue service ssh without specifying the optional ip or ipv6 parameters Mode Global Configuration Examples To enable both the IPv4 and the IPv6 Secure Shell server use the commands awplus configure term...

Страница 2114: ... for IX5 28GPX 2114 AlliedWare Plus Operating System Version 5 4 7 0 x SECURE SHELL SSH COMMANDS SERVICE SSH Related Commands crypto key generate hostkey show running config ssh show ssh server ssh server allow users ssh server deny users ...

Страница 2115: ...mand displays the banner message configured on the device The banner message is displayed to the remote user before user authentication starts Syntax show banner login Mode User Exec Privileged Exec Global Configuration Interface Configuration Line Configuration Example To display the current login banner message use the command awplus show banner login Related Commands banner login SSH ...

Страница 2116: ...y hostkey dsa ecdsa rsa rsa1 Mode User Exec Privileged Exec and Global Configuration Examples To show the public keys generated on the device for SSH server use the command awplus show crypto key hostkey To display the RSA public key of the SSH server use the command awplus show crypto key hostkey rsa Output Figure 51 1 Example output from the show crypto key hostkey command Parameter Description ...

Страница 2117: ...ELL SSH COMMANDS SHOW CRYPTO KEY HOSTKEY Related Commands crypto key destroy hostkey crypto key generate hostkey Table 1 Parameters in output of the show crypto key hostkey command Parameter Description Type Algorithm used to generate the key Bits Length in bits of the key Fingerprint Checksum value for the public key ...

Страница 2118: ...e the command awplus show crypto key pubkey chain knownhosts 1 Output Figure 51 2 Example output from the show crypto key public chain knownhosts command Related Commands crypto key pubkey chain knownhosts Parameter Description 1 65535 Key identifier for a specific key Displays the public key of the entry if specified No Hostname Type Fingerprint 1 172 16 23 1 rsa c8 33 b1 fe 6f d3 8c 81 4e f7 2a ...

Страница 2119: ...t are registered with the SSH server use the command awplus show crypto key pubkey chain userkey manager Output Figure 51 3 Example output from the show crypto key public chain userkey command Related Commands crypto key pubkey chain userkey Parameter Description username User name of the remote SSH user whose keys you wish to display The username must begin with a letter Valid characters are all ...

Страница 2120: ... pub Output Figure 51 4 Example output from the show crypto key userkey command Related Commands crypto key generate userkey Parameter Description username User name of the local SSH user whose keys you wish to display The username must begin with a letter Valid characters are all numbers letters and the underscore hyphen and full stop symbols dsa Displays the DSA public key rsa Displays the RSA p...

Страница 2121: ...92 168 1 ssh server allow users john ssh server deny user john a company com ssh server Table 5 Parameters in the output of the show running config ssh command Parameter Description ssh server SSH server is enabled ssh server v2 SSH server is enabled and only support SSHv2 ssh server port SSH server is enabled and listening on the specified TCP port no ssh server scp SCP service is disabled no ssh...

Страница 2122: ...E SHELL SSH COMMANDS SHOW RUNNING CONFIG SSH Related Commands service ssh show ssh server ssh server allow users Add the user and hostname to the allow list ssh server deny users Add the user and hostname to the deny list Table 5 Parameters in the output of the show running config ssh command Parameter Description ...

Страница 2123: ...h command Secure Shell Sessions ID Type Mode Peer Host Username State Filename 414 ssh server 172 16 23 1 root open 456 ssh client 172 16 23 10 manager user auth 459 scp client 172 16 23 12 root download 550dev_ awd 463 ssh client 5ffe 33fe 5632 ffbb bc35 ddee 0101 ac51 manager user auth Table 6 Parameters in the output of the show ssh command Parameter Description ID Unique identifier for each SS...

Страница 2124: ...e has accepted a new session host auth host to host authentication is in progress user auth User authentication is in progress authenticated User authentication is complete open The session is in progress download The user is downloading a file from the device upload The user is uploading a file from the device closing The user is terminating the session closed The session is closed Filename Local...

Страница 2125: ...ent Output Figure 51 7 Example output from the show ssh client command Related Commands show ssh server Secure Shell Client Configuration Port 22 Version 2 1 Connect Timeout 30 seconds Session Timeout 0 off Debug NONE Table 7 Parameters in the output of the show ssh client command Parameter Description Port SSH server TCP port where the SSH client connects to The default is port 22 Version SSH ser...

Страница 2126: ... Shell Server Configuration SSH Server Enabled Port 22 Version 2 Services scp sftp User Authentication publickey password Resolve Hosts Disabled Session Timeout 0 Off Login Timeout 60 seconds Maximum Authentication Tries 6 Maximum Startups 10 Debug NONE Table 8 Parameters in the output of the show ssh server command Parameter Description SSH Server Whether the Secure Shell server is enabled or dis...

Страница 2127: ...econds that the SSH server will wait to receive data from the SSH client The server disconnects if this timer limit is reached If set at 0 the idle timer remains off Maximum Startups The maximum number of concurrent connections that are waiting authentication The default is 10 Debug Whether debugging is active on the server Table 8 Parameters in the output of the show ssh server command cont Param...

Страница 2128: ...r use the command awplus show ssh server allow users Output Figure 51 9 Example output from the show ssh server allow users command Related Commands ssh server allow users ssh server deny users Username Remote Hostname pattern awplus 192 168 john manager alliedtelesis com Table 9 Parameters in the output of the show ssh server allow users command Parameter Description Username User name that is al...

Страница 2129: ...obal Configuration Example To display the user entries in the deny list of the SSH server use the command awplus show ssh server deny users Output Figure 51 10 Example output from the show ssh server deny users command Related Commands ssh server allow users ssh server deny users Username Remote Hostname pattern john b company com manager 192 168 2 Table 10 Parameters in the output of the show ssh...

Страница 2130: ...ername is used for login to the remote SSH server when user authentication is required Otherwise the current user name is used username User name to login on the remote server port SSH server port If port is specified the SSH client connects to the remote SSH server with the specified TCP port Other wise the client port configured by ssh client command or the default TCP port 22 is used 1 65535 TC...

Страница 2131: ...the command awplus ssh ip user manager 192 0 2 5 To login to the remote SSH server at 192 0 2 5 that is listening TCP port 2000 use the command awplus ssh port 2000 192 0 2 5 To login to the remote SSH server with example_host using IPv6 session use the command awplus ssh ipv6 example_host To run the cmd command on the remote SSH server at 192 0 2 5 use the command awplus ssh ip 192 0 2 5 cmd Rela...

Страница 2132: ...ession timeout 0 3600 connect timeout 1 600 no ssh client port version session timeout connect timeout Parameter Description port The default TCP port of the remote SSH server If an SSH client specifies an explicit port of the server it overrides the default TCP port Default 22 1 65535 TCP port number version The SSH version used by the client for SSH sessions The SSH client supports both version ...

Страница 2133: ...on timeout 600 To configure the connect timeout of SSH client to 10 seconds use the command awplus ssh client connect timeout 10 To restore the connect timeout to its default use the command awplus no ssh client connect timeout Related Commands show ssh client ssh connect timeout The maximum time period that an SSH session can take to become established The SSH client terminates the SSH session if...

Страница 2134: ...orts both SSHv2 and SSHv1client connections Default v1v2 v2only Supports SSHv2 client connections only 1 65535 The TCP port number that the server listens to for incoming SSH sessions Default 22 session timeout There is a maximum time period that the server waits before deciding that a session is inactive and should be terminated The server considers the session inactive when it has not received a...

Страница 2135: ...ctions waiting authentication from SSH server to 3 use the commands awplus configure terminal awplus config ssh server max startups To set max startups parameters of SSH server to the default configuration use the commands awplus configure terminal awplus config no ssh server max startups To support the Secure Shell server with TCP port 2200 use the commands awplus configure terminal awplus config...

Страница 2136: ...xisting entry Syntax ssh server allow users username pattern hostname pattern no ssh server allow users username pattern hostname pattern Mode Global Configuration Examples To allow the user john to create an SSH session from any host use the commands awplus configure terminal awplus config ssh server allow users john To allow the user john to create an SSH session from a range of IP address from ...

Страница 2137: ... x SECURE SHELL SSH COMMANDS SSH SERVER ALLOW USERS To delete the existing user entry john 192 168 1 in the allow list use the commands awplus configure terminal awplus config no ssh server allow users john 192 168 1 Related Commands show running config ssh show ssh server allow users ssh server deny users ...

Страница 2138: ...ver authentication password publickey no ssh server authentication password publickey Default Both RSA public key authentication and password authentication are enabled by default Mode Global Configuration Usage For password authentication to authenticate a user password authentication for a user must be registered in the local user database or on an external RADIUS server before using the ssh ser...

Страница 2139: ...uthentication for users connecting through SSH use the commands awplus configure terminal awplus config no ssh server authentication password To disable publickey authentication for users connecting through SSH use the commands awplus configure terminal awplus config no ssh server authentication publickey Related Commands crypto key pubkey chain userkey service ssh show ssh server ...

Страница 2140: ...ver deny users username pattern hostname pattern Mode Global Configuration Examples To deny the user john to access SSH login from any host use the commands awplus configure terminal awplus config ssh server deny users john To deny the user john to access SSH login from a range of IP address from 192 168 2 1 to 192 168 2 255 use the commands awplus configure terminal awplus config ssh server deny ...

Страница 2141: ...0 x SECURE SHELL SSH COMMANDS SSH SERVER DENY USERS To delete the existing user entry john 192 168 2 in the deny list use the commands awplus configure terminal awplus config no ssh server deny users john 192 168 2 Related Commands show running config ssh show ssh server deny users ssh server allow users ...

Страница 2142: ... its default value of 6 Syntax ssh server max auth tries 1 32 no ssh server max auth tries Default 6 attempts Mode Global Configuration Usage By default users must wait one second after a failed login attempt before trying again You can increase this gap by using the command aaa login fail delay Example To set the maximum number of SSH authentication attempts to 3 use the commands awplus configure...

Страница 2143: ...Syntax ssh server resolve hosts no ssh server resolve hosts Default This feature is disabled by default Mode Global Configuration Usage Your device has a DNS Client that is enabled automatically when you add a DNS server to your device Use the ip name server command to add a DNS server to the list of servers that the device queries Example To resolve a host name using a DNS server use the commands...

Страница 2144: ... device accepts SCP connections The SCP service is enabled by default as soon as the SSH server is enabled The no variant of this command disables the SCP service on the SSH server Once disabled SCP requests from remote clients are rejected Syntax ssh server scp no ssh server scp Mode Global Configuration Examples To enable the SCP service use the commands awplus configure terminal awplus config s...

Страница 2145: ...s The SFTP service is enabled by default as soon as the SSH server is enabled If the SSH server is disabled SFTP service is unavailable The no variant of this command disables SFTP service on the SSH server Once disabled SFTP requests from remote clients are rejected Syntax ssh server sftp no ssh server sftp Mode Global Configuration Examples To enable the SFTP service use the commands awplus conf...

Страница 2146: ...d Reference for IX5 28GPX 2146 AlliedWare Plus Operating System Version 5 4 7 0 x SECURE SHELL SSH COMMANDS UNDEBUG SSH CLIENT undebug ssh client Overview This command applies the functionality of the no debug ssh client command ...

Страница 2147: ...d Reference for IX5 28GPX 2147 AlliedWare Plus Operating System Version 5 4 7 0 x SECURE SHELL SSH COMMANDS UNDEBUG SSH SERVER undebug ssh server Overview This command applies the functionality of the no debug ssh server command ...

Страница 2148: ...utput see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active trigger on page 2150 day on page 2151 debug trigger on page 2153 description trigger on page 2154 repeat on page 2155 script on page 2156 show debugging trigger on page 2158 show running config trigger on page 2159 show trigger on page 2160 test on page 2165 time trigger on page 2166 tra...

Страница 2149: ...x TRIGGER COMMANDS type periodic on page 2177 type ping poll on page 2178 type reboot on page 2179 type stack disabled master on page 2180 type stack link on page 2181 type stack master fail on page 2182 type stack member on page 2183 type time on page 2184 type usb on page 2185 undebug trigger on page 2186 ...

Страница 2150: ... active Mode Trigger Configuration Usage Configure a trigger first before you use this command to activate it Forinformationaboutconfiguringatrigger seethe TriggersFeatureOverviewand Configuration Guide Examples To enable trigger 172 so that it can activate when its trigger conditions are met use the commands awplus configure terminal awplus config trigger 172 awplus config trigger active To disab...

Страница 2151: ...Port LEDs in the Triggers Feature Overview and Configuration Guide Examples To permit trigger 55 to activate on the 1 October 2016 use the commands awplus configure terminal awplus config trigger 55 awplus config trigger day 1 oct 2016 Parameter Description every day Sets the trigger so that it can activate on any day 1 31 Day of the month the trigger is permitted to activate on month Sets the mon...

Страница 2152: ...rating System Version 5 4 7 0 x TRIGGER COMMANDS DAY To permit trigger 12 to activate on a Mondays Wednesdays and Fridays use the commands awplus configure terminal awplus config trigger 12 awplus config trigger day monday wednesday friday Related Commands show trigger trigger ...

Страница 2153: ... messages about how your device is processing the trigger commands and activating the triggers The no variant of this command disables trigger debugging Syntax debug trigger no debug trigger Mode Privilege Exec Examples To start trigger debugging use the command awplus debug trigger To stop trigger debugging use the command awplus no trigger Related Commands show debugging trigger show trigger tes...

Страница 2154: ...r this trigger Syntax description description no description Mode Trigger Configuration Examples To give trigger 240 the description daily status report use the commands awplus configure terminal awplus config trigger 240 awplus config trigger description daily status report To remove the description from trigger 36 use the commands awplus configure terminal awplus config trigger 36 awplus config ...

Страница 2155: ...imited number of times To reset a trigger to this default specify either yes or forever Syntax repeat forever no once yes 1 4294967294 Mode Trigger Configuration Examples To allow trigger 21 to activate only once use the commands awplus configure terminal awplus config trigger 21 awplus config trigger repeat no To allow trigger 22 to activate an unlimited number of times whenever its trigger condi...

Страница 2156: ...r position in the script list The all parameter removes all scripts from the trigger Syntax script 1 5 filename no script 1 5 filename all Mode Trigger Configuration Examples To configure trigger 71 to run the script flash cpu_trig sh in position 3 when the trigger activates use the commands awplus configure terminal awplus config trigger 71 awplus config trigger script 3 flash cpu_trig sh To conf...

Страница 2157: ...h cpu_trig sh from trigger 71 s script list use the commands awplus configure terminal awplus config trigger 71 awplus config trigger no script flash cpu_trig sh To remove all the scripts from trigger 71 s script list use the commands awplus configure terminal awplus config trigger 71 awplus config trigger no script all Related Commands show trigger trigger ...

Страница 2158: ... off from the debug trigger command Syntax show debugging trigger Mode User Exec and Privileged Exec Example To display the current configuration of trigger debugging use the command awplus show debugging trigger Output Figure 52 1 Example output from the show debugging trigger command Related Commands debug trigger awplus debug trigger awplus show debugging trigger Trigger debugging status Trigge...

Страница 2159: ...isplays the current running configuration of the trigger utility Syntax show running config trigger Mode Privileged Exec Example To display the current configuration of the trigger utility use the command awplus show running config trigger Output Figure 52 2 Example output from the show running config trigger command Related Commands show trigger trigger 1 type card in type usb in trigger 2 type u...

Страница 2160: ...on about all triggers full Displays detailed information about all triggers Table 1 Example output from the show trigger command awplus show trigger TR Type Details Name Ac Te Tr Repeat Scr Days Date 003 CPU 80 any Busy CPU Y N Y 5 1 smtwtfs 005 Periodic 30 min Regular status check Y N N Continuous 1 mtwtf 007 Memory 85 up High mem usage Y N Y 8 1 smtwtfs 011 Time 00 01 Weekend access Y N Y Contin...

Страница 2161: ... number of times a trigger has activated use the show trigger 1 250 command Scr Number of scripts associated with the trigger Days Date Days or date when the trigger may be activated For the days options the days are shown as a seven character string representing Sunday to Saturday A hyphen indicates days when the trigger cannot be activated awplus show trigger 3 Trigger Configuration Details Trig...

Страница 2162: ...ation not activated Number of scripts 0 1 not configured 2 not configured 3 not configured 4 not configured 5 not configured Trigger 2 Description no description Type and details USB out Days smtwtfs After 00 00 00 Before 23 59 59 Active Yes Test No Trap Yes Repeat Continuous Modified Tue Oct 25 14 45 56 2016 Number of activations 0 Last activation not activated Number of scripts 0 1 not configure...

Страница 2163: ...ntinuous or for a set number of times When the trigger can repeat only a set number of times then the number of times the trigger has been activated is displayed in brackets Modified The date and time of the last time that the trigger was modified Number of activations Number of times the trigger has been activated since the last restart of the device Last activation The date and time of the last ...

Страница 2164: ... has been activated Time triggers activated today Number of times a time trigger has been activated today Periodic triggers activated today Number of times a periodic trigger has been activated today Interface triggers activated today Number of times an interface trigger has been activated today Resource triggers activated today Number of times a CPU or memory resource trigger has been activated t...

Страница 2165: ...activates the scripts associated with the trigger will be run as normal Syntax test no test Mode Trigger Configuration Usage Configure a trigger first before you use this command to diagnose it For information about configuring a trigger see the Triggers Feature Overview and Configuration Guide Examples To put trigger 5into diagnosticmode where no scripts will berun when thetrigger activates use t...

Страница 2166: ...his parameter is 23 59 59 that is the trigger may activate at any time If the value specified for before is later than the value specified for after a time period from after to before is defined duringwhich the trigger may activate This command is not applicable to time triggers type time The following figure illustrates how the before and after parameters operate Syntax time after hh mm ss before...

Страница 2167: ...igger 63 to activate between midnight and 10 30am use the commands awplus configure terminal awplus config trigger 63 awplus config trigger time before 10 30 00 To allow trigger 64 to activate between 3 45pm and midnight use the commands awplus configure terminal awplus config trigger 64 awplus config trigger time after 15 45 00 To allow trigger 65 to activate between 10 30am and 8 15pm use the co...

Страница 2168: ...ch MIB objects are supported the SNMP Feature Overview and Configuration_Guide the SNMP Commands chapter Since SNMP traps are enabled by default for all defined triggers a common usage will be for the no variant of this command to disable SNMP traps from a specified trap if the trap is only periodic Refer in particular to AT TRIGGER MIB in the Support for Allied Telesis Enterprise_MIBs_in AlliedWa...

Страница 2169: ...nal parameters can be specified At a minimum the trigger type information must be specified before the trigger can become active The no variant of this command removes a specified trigger and all configuration associated with it Syntax trigger 1 250 no trigger 1 250 Mode Global Configuration Examples To enter trigger configuration mode for trigger 12 use the command awplus trigger 12 To completely...

Страница 2170: ... This command manually activates a trigger without the normal trigger conditions being met The trigger is activated even if it is configured as inactive The scripts associated with the trigger will be executed even if the trigger is in the diagnostic test mode Triggers activated manually do not have their repeat counts decremented or their last triggered time updated and do not result in updates t...

Страница 2171: ...onfig trigger 5 node1 config trigger type atmf node leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node1 atmf working set group all This command returns the following display Note that the running the above command changes the prompt from the name of the local node to the name of the AMF Network follow...

Страница 2172: ...r This command returns the following display Display the triggers configured on each of the nodes in the AMF Network AMF Net 3 show running config trigger This command returns the following display node1 TR Type Details Description Ac Te Tr Repeat Scr Days Date 001 Periodic 2 min Periodic Status Chk Y N Y Continuous 1 smtwtfs 005 ATMF node leave E mail on ATMF Exit Y N Y Continuous 1 smtwtfs Node2...

Страница 2173: ...4 7 0 x TRIGGER COMMANDS TYPE ATMF NODE Related Commands show trigger Node1 trigger 1 type periodic 2 script 1 atmf scp trigger 5 type atmf node leave description E mail on ATMF Exit script 1 email_me scp Node2 Node3 trigger 5 type atmf node leave description E mail on ATMF Exit script 1 email_me scp ...

Страница 2174: ... Activity in the Triggers Feature Overview and Configuration Guide Examples To configure trigger 28 to be a CPU trigger that activates when CPU usage exceeds 80 use the following commands awplus configure terminal awplus config trigger 28 awplus config trigger type cpu 80 up To configure trigger 5 to be a CPU trigger that activates when CPU usage either rises above or drops below 65 use the follow...

Страница 2175: ...ne of these events occurs by using the any option Syntax type interface interface up down any Mode Trigger Configuration Example To configure trigger 19 to be an interface trigger that activates when port1 0 2 becomes operational use the following commands awplus configure terminal awplus config trigger 19 awplus config trigger type interface port1 0 2 up Related Commands show trigger trigger Para...

Страница 2176: ...emory trigger that activates when memory usage exceeds 50 use the following commands awplus configure terminal awplus config trigger 12 awplus config trigger type memory 50 up To configure trigger 40 to be a memory trigger that activates when memory usage either rises above or drops below 65 use the following commands awplus configure terminal awplus config trigger 40 awplus config trigger type me...

Страница 2177: ...onfigured If you attempt to add more than 10 triggers the following error message is displayed For an example trigger configuration that uses the type periodic command see See Daily Statistics in the Triggers Feature Overview and Configuration Guide Example To configure trigger 44 to activate periodically at 10 minute intervals use the following commands awplus configure terminal awplus config tri...

Страница 2178: ... or unreachable Syntax type ping poll 1 100 up down Mode Trigger Configuration Example To configure trigger 106 to activate when ping poll 12 detects that its target device is now unreachable use the following commands awplus configure terminal awplus config trigger 106 awplus config trigger type ping poll 12 down Related Commands show trigger trigger Parameter Description 1 100 The ping poll ID u...

Страница 2179: ...Overview This command configures a trigger that activates when your device is rebooted Syntax type reboot Mode Trigger Configuration Example To configure trigger 32 to activate when your device reboots use the following commands awplus configure terminal awplus config trigger 32 awplus config trigger type reboot Related Commands show trigger trigger ...

Страница 2180: ...rrectly on the device that is connected downstream If the stack virtual mac command command is enabled the stack uses a virtual MAC address The stack will always use this MAC address and the new elected master will still retain the originally configured virtual MAC address If the stack virtual mac command is disabled the stack will use the MAC address of the current master If the stack master fail...

Страница 2181: ...er to occur when a stacking link is either activated or deactivated Syntax type stack link up down Mode Trigger Configuration Example To configure trigger 86 to activate when the stack link down event occurs use the commands awplus configure terminal awplus config trigger 86 awplus config trigger type stack link down Related Commands show trigger trigger type stack master fail Parameter Descriptio...

Страница 2182: ...re configured trigger to occur when the stack enters the fail over state Syntax type stack master fail Mode Trigger Configuration Example To configure trigger 86 to activate when stack master fail over event occurs use the commands awplus configure terminal awplus config trigger 86 awplus config trigger type stack master fail Related Commands stack disabled master monitoring trigger type stack dis...

Страница 2183: ...ck Syntax type stack member join leave Mode Trigger Configuration Example To configure a pre configured trigger number 86 to activate when a new device joins the stack Note that the number 86 has no particular significance you can assign any previously created numbered trigger awplus configure terminal awplus config trigger 86 awplus config trigger type stack member join Related Commands trigger t...

Страница 2184: ... limit of 10 triggers of the type time and type periodic can be configured If you attempt to add more than 10 triggers the following error message is displayed Example To configure trigger 86 to activate at 15 53 use the following commands awplus configure terminal awplus config trigger 86 awplus config trigger type time 15 53 Related Commands show trigger trigger Parameter Description hh mm The t...

Страница 2185: ...ut Mode Trigger Configuration Usage USB triggers cannot execute script files from a USB storage device Examples To configure trigger 1 to activate on the insertion of a USB storage device use the commands awplus configure terminal awplus config trigger 1 awplus config trigger type usb in Related Commands trigger show running config trigger show trigger Parameter Description in Trigger activates on...

Страница 2186: ... C Command Reference for IX5 28GPX 2186 AlliedWare Plus Operating System Version 5 4 7 0 x TRIGGER COMMANDS UNDEBUG TRIGGER undebug trigger Overview This command applies the functionality of the no debug trigger command ...

Страница 2187: ...ommand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active ping polling on page 2189 clear ping poll on page 2190 critical interval on page 2191 debug ping poll on page 2192 Table 53 1 The following table lists the default values when configuring a ping poll Default Value Critical interval 1 second Description No description Fail count 5...

Страница 2188: ...ng on page 2193 fail count on page 2194 ip ping polling on page 2195 length ping poll data on page 2196 normal interval on page 2197 ping poll on page 2198 sample size on page 2199 show counter ping poll on page 2201 show ping poll on page 2203 source ip on page 2207 timeout ping polling on page 2209 up count on page 2210 undebug ping poll on page 2211 ...

Страница 2189: ...lling is unreachable The no variant of this command disables a ping poll instance The polling instance no longer sends ICMP echo requests to the polled device This also resets all counters for this polling instance Syntax active no active Mode Ping Polling Configuration Examples To activate the ping poll instance 43 use the commands awplus configure terminal awplus config ping poll 43 awplus confi...

Страница 2190: ...mand The device status changes to reachable once the device responses have reached the up count Syntax clear ping poll 1 100 all Mode Privileged Exec Examples To reset the ping poll instance 12 use the command awplus clear ping poll 12 To reset all ping poll instances use the command awplus clear ping poll all Related Commands active ping polling ping poll show ping poll Parameter Description 1 10...

Страница 2191: ...f one second Syntax critical interval 1 65536 no critical interval Default The default is 1 second Mode Ping Polling Configuration Examples To set the critical interval to 2 seconds for the ping polling instance 99 use the commands awplus configure terminal awplus config ping poll 99 awplus config ping poll critical interval 2 To reset the critical interval to the default of one second for the pin...

Страница 2192: ...or the specified ping poll Syntax debug ping poll 1 100 no debug ping poll 1 100 all Mode Privileged Exec Examples To enable debugging for ping poll instance 88 use the command awplus debug ping poll 88 To disable all ping poll debugging use the command awplus no debug ping poll all To disable debugging for ping poll instance 88 use the command awplus no debug ping poll 88 Related Commands active ...

Страница 2193: ...ete the description set Syntax description description no description Mode Ping Polling Configuration Examples To add the text Primary Gateway to describe the ping poll instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping poll description Primary Gateway To delete the description set for the ping poll instance 45 use the commands awplus configure ter...

Страница 2194: ... The no variant of this command resets the fail count to the default Syntax fail count 1 100 no fail count Default The default is 5 Mode Ping Polling Configuration Examples To specify the number of pings that must fail within the sample size to determine that a device is unreachable for ping polling instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config pin...

Страница 2195: ... 5 to poll the device with the IP address 192 168 0 1 use the commands awplus configure terminal awplus config ping poll 5 awplus config ping poll ip 192 168 0 1 To set ping poll instance 10 to poll the device with the IPv6 address 2001 db8 use the commands awplus configure terminal awplus config ping poll 10 awplus config ping poll ip 2001 db8 Related Commands ping poll source ip show ping poll P...

Страница 2196: ...dropping packets of the size you are interested in The no variant of this command resets the data bytes to the default of 32 bytes Syntax length 4 1500 no length Default The default is 32 Mode Ping Polling Configuration Examples To specify that ping poll instance 12 sends ping packet with a data portion of 56 bytes use the commands awplus configure terminal awplus config ping poll 12 awplus config...

Страница 2197: ...g Configuration Examples To specify a time period of 60 seconds between pings when the device is reachable for ping poll instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping poll normal interval 60 To reset the interval to the default of 30 seconds for ping poll instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus ...

Страница 2198: ...t the polling instance to poll It is not necessary to specify any further commands unless you want to change a command s default The no variant of this command deletes the specified ping poll Syntax ping poll 1 100 no ping poll 1 100 Mode Global Configuration Examples To create ping poll instance 3 and enter ping poll configuration mode use the commands awplus configure terminal awplus config ping...

Страница 2199: ...at does not always reply to pings may be declared unreachable You cannot set this command s value lower than the fail count value The polling instance uses the number of pings specified by the up count command to determine when a device is reachable The no variant of this command resets this command to the default Syntax sample size 1 100 no sample size Default The default is 5 Mode Ping Polling C...

Страница 2200: ...Reference for IX5 28GPX 2200 AlliedWare Plus Operating System Version 5 4 7 0 x PING POLLING COMMANDS SAMPLE SIZE Related Commands critical interval fail count normal interval ping poll show ping poll timeout ping polling up count ...

Страница 2201: ...isplays the counters for the specified ping poll only If you do not specify a ping poll then this command displays counters for all ping polls Ping polling counters Ping poll 1 PingsSent 15 PingsFailedUpState 0 PingsFailedDownState 0 ErrorSendingPing 2 CurrentUpCount 13 CurrentFailCount 0 UpStateEntered 0 DownStateEntered 0 Ping poll 2 PingsSent 15 PingsFailedUpState 0 PingsFailedDownState 0 Error...

Страница 2202: ...ile the target device is in the Up state This is a cumulative counter for multiple occurrences of the Up state PingsFailedDownState Number of unanswered pings while the target device is in the Down state This is a cumulative counter for multiple occurrences of the Down state ErrorSendingPing The number of pings that were not successfully sent to the target device This error can occur when your dev...

Страница 2203: ...e Displays polling instances based on whether the device they are polling is currently reachable or unreachable up Displays polling instance where the device state is reachable down Displays polling instances where the device state is unreachable brief Displays a summary of the state of ping polls and the devices they are polling Ping Poll Configuration Id Enabled State Destination 1 Yes Down 192 ...

Страница 2204: ...he polled device may be going down Critical Down The device is unreachable but the polling instance received a reply to the last ping packet so the polled device may be coming back up Destinatio n The IP address of the polled device set with the ip ping polling command Ping Poll Configuration Poll 1 Description Primary Gateway Destination IP address 192 168 0 1 Status Down Enabled Yes Source IP ad...

Страница 2205: ...e is reachable Down The device is unreachable Critic a l Up The device is reachable but recently the polling instance has not received some ping replies so the polled device may be going down Critic a l Down The device is unreachable but the polling instance received a reply to the last ping packet so the polled device may be coming back up Enabled Whether the polling instance is enabled or disabl...

Страница 2206: ...f pings that must be unanswered within the total number of pings specified by the sample size command for the polling instance to consider the device unreachable This is set using the fail count command Up count The number of consecutive pings that the polling instance must receive a reply to before classifying the device reachable again This is set using the up count command Sample size The total...

Страница 2207: ...address no source ip Mode Ping Polling Configuration Examples To configure the ping polling instance 43 to use the source IP address 192 168 0 1 in ping packets use the commands awplus configure terminal awplus config ping poll 43 awplus config ping poll source ip 192 168 0 1 To configure the ping polling instance 43 to use the source IPv6 address 2001 db8 in ping packets use the commands awplus c...

Страница 2208: ...ommand Reference for IX5 28GPX 2208 AlliedWare Plus Operating System Version 5 4 7 0 x PING POLLING COMMANDS SOURCE IP Related Commands description ping polling ip ping polling length ping poll data ping poll show ping poll ...

Страница 2209: ...imeout 1 30 no timeout Default The default is 1 second Mode Ping Polling Configuration Examples To specify the timeout as 5 seconds for ping poll instance 43 use the commands awplus configure terminal awplus config ping poll 43 awplus config ping poll timeout 5 To reset the timeout to its default of 1 second for ping poll instance 43 use the commands awplus configure terminal awplus config ping po...

Страница 2210: ... Ping Polling Configuration Examples To set the upcount to 5 consecutive pings for ping polling instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping poll up count 5 To reset the upcount to the default value of 30 consecutive pings for ping polling instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping pol...

Страница 2211: ...mand Reference for IX5 28GPX 2211 AlliedWare Plus Operating System Version 5 4 7 0 x PING POLLING COMMANDS UNDEBUG PING POLL undebug ping poll Overview This command applies the functionality of the no debug ping poll command ...

Страница 2212: ...page 2213 debug sflow agent on page 2214 sflow agent address on page 2215 sflow collector address on page 2217 sflow collector max datagram size on page 2219 sflow enable on page 2220 sflow max header size on page 2221 sflow polling interval on page 2223 sflow sampling rate on page 2224 show debugging sflow on page 2225 show running config sflow on page 2227 show sflow on page 2228 show sflow inte...

Страница 2213: ...pling and or polling debug is disabled Mode Privileged Exec Examples To enable sFlow debug messagelogging for polling and sampling on port1 0 1 and port1 0 7 use the commands awplus debug sflow interface port1 0 1 port1 0 7 sampling polling To enable logging and polling of sFlow debug messages for polling and sampling on all ports use the command awplus debug sflow sampling polling Related Command...

Страница 2214: ...o particular ports For example sending an sFlow datagram to the collector The no variant of this command applies the command default Syntax debug sflow agent no debug sflow agent Default The sFlow agent debug message logging that is not port specific is disabled Mode Privileged Exec Example To enable logging of sFlow agent debug messages use the following command awplus debug sflow agent Related C...

Страница 2215: ...on or deletion of VLAN interfaces each of which will have its own specific IP address Note that sFlow is rendered inactive whenever the agent address is not set The no variant of this command applies its default setting to remove a configured address Syntax sflow agent ip ip address ipv6 ipv6 address no sflow agent ip ipv6 Default The sFlow agent address is unset Mode Global Configuration Examples...

Страница 2216: ...C613 50152 01 Rev C Command Reference for IX5 28GPX 2216 AlliedWare Plus Operating System Version 5 4 7 0 x SFLOW COMMANDS SFLOW AGENT ADDRESS Related Commands show running config sflow show sflow ...

Страница 2217: ...35 no sflow collector ip ipv6 port Default The collector address is 0 0 0 0 which renders sFlow inactive and the UDP port is 6343 Mode Global Configuration Examples To set the sFlow collector address to 1920 2 25 and UDP port to 9000 use the command awplus configure terminal awplus config sflow collector ip 192 0 2 25 port 9000 To remove the sFlow collector IPv4 address and leave the UDP port unch...

Страница 2218: ...mand awplus configure terminal awplus config sflow collector ipv6 2001 0db8 1 To remove the sFlow collector IPv6 address and leave the UDP port unchanged use the command awplus configure terminal awplus config no sflow collector ipv6 To remove the sFlow collector IPv6 address and to remove the UDP port use the command awplus configure terminal awplus config no sflow collector ipv6 port Related Com...

Страница 2219: ... resets the maximum datagram size to the default Syntax sflow collector max datagram size 200 1500 no sflow collector max datagram size Default 1400 bytes Mode Global Configuration Example To set the maximum datagram size to 1200 use the command awplus configure terminal awplus config sflow collector max datagram size 1200 Related Commands show running config sflow show sflow Parameter Description...

Страница 2220: ...ional status to active To activate sFlow the following conditions need to be met sFlow is enabled The sFlow agent address is set The sFlow collector address is set to a valid non zero IPv4 or IPv6 address Polling or sampling is enabled on the ports to be sampled or polled Syntax sflow enable no sflow enable Default sFlow is disabled globally on the switch Mode Global Configuration Example To enabl...

Страница 2221: ...ult Syntax sflow max header size 14 200 no sflow max header size Default The max header size is 128 bytes Mode Interface Configuration Usage The header size is measured from the first byte of the Ethernet frame MAC Destination Address For an environment using standard TCP IPv4 over Ethernet frames consider the following basic protocol structure Ethernet header including the 4 byte 802 1Q header co...

Страница 2222: ... this command will be included in the sFlow packet samples For example with the default of 128 applied up to 128 82 46 bytes of user data could be included in the sFlow datagram samples sent between the Agent and the Collector Note that the agent to collector datagrams contain their own UDP headers which are outside this calculation Example To set the maximum header size to 160 bytes for ports 1 0...

Страница 2223: ...nd The no variant of this command applies the default Syntax sflow polling interval 0 1 16777215 no sflow polling interval Default The polling interval is 0 polling disabled Mode Interface Configuration Example To set the polling interval to 60 seconds for ports 1 0 1 and 1 0 7 use the following commands awplus configure terminal awplus config interface port1 0 1 port1 0 7 awplus config if sflow p...

Страница 2224: ...eceived i e one in every 1000 frames sent from the specified port A value of 0 disables sampling on the specified port s The no variant of this command applies the default Syntax sflow sampling rate 0 256 16777215 no sflow sampling rate Default The sampling rate is 0 sampling disabled Mode Interface Configuration Example To set the sampling rate to 500 for ports 1 0 1 and 1 0 7 use the commands aw...

Страница 2225: ...nd awplus show debugging sflow interface port1 0 1 1 0 9 Output Figure 54 1 Sample obtained for an sFlow agent To display sFlow debug settings for all ports use the command awplus show debugging sflow Parameter Description interface The interface information port list The ports for which the sFlow debug settings are to be shown The ports to display information about The port list can be a switch p...

Страница 2226: ...3 50152 01 Rev C Command Reference for IX5 28GPX 2226 AlliedWare Plus Operating System Version 5 4 7 0 x SFLOW COMMANDS SHOW DEBUGGING SFLOW Related Commands show running config sflow show sflow interface ...

Страница 2227: ...w running config sflow Mode Privileged Exec and Global Configuration Example To display the sFlow running configuration information use the command awplus show running config sflow Output Figure 54 2 Example output from the show running config sflow command Related Commands show running config awplus sh run sflow sflow agent ip 192 0 2 33 sflow collector ip 192 0 2 65 sflow collector max datagram ...

Страница 2228: ... 0 Collector UDP Port 6343 6343 Tx Max Datagram Size 1200 1400 sFlow Agent Status Polling sampling Tx Inactive because sFlow is disabled Agent Addr is not set Collector Addr is 0 0 0 0 Polling sampling disabled on all ports Table 2 Parameters in the output of the show sflow command Output Parameter Description sFlow Admin Status Whether sFlow agent operation is administratively enabled sFlow Agent...

Страница 2229: ...unning config sflow show sflow interface Tx Max Datagram Size The maximum size of the sFlow datagrams sent to the collector Polling sampling Tx Whether sFlow sampling and or polling and hence sFlow datagram transmission are active If inactive the reasons are listed Table 2 Parameters in the output of the show sflow command cont Output Parameter Description ...

Страница 2230: ...ystem Version 5 4 7 0 x SFLOW COMMANDS SHOW SFLOW INTERFACE show sflow interface Overview This command displays sFlow agent sampling and polling configuration for specified ports Syntax show sflow interface ifrange Mode Privileged Exec Parameter Description ifrange The interface range ...

Страница 2231: ...ommand Reference for IX5 28GPX 2231 AlliedWare Plus Operating System Version 5 4 7 0 x SFLOW COMMANDS UNDEBUG SFLOW undebug sflow Overview This command applies the functionality of the no variant of the debug sflow command ...

Отзывы:

Нет отзывов