manualshive.com logo in svg

D-Link DES-3828 - xStack Switch - Stackable, Руководство CLI

Многофункциональный коммутатор D-Link DES-3828 - управляемый и стекируемый. Он обеспечивает высокую производительность и надежность сети. Чтобы узнать больше о спецификациях продукта, а также скачать бесплатное руководство по эксплуатации, посетите manualshive.com для загрузки документации.

Поделиться
Скачать
background image

xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual

 

 

234

35 

P

ORT 

S

ECURITY 

C

OMMANDS

 

The Switch’s port security commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the 
following table. 

Command Parameters 

config port_security ports 

 [<portlist> | all] {admin_state [enable| disable] | 
max_learning_addr <max_lock_no 0-16> | lock_address_mode 
[Permanent | DeleteOnTimeout | DeleteOnReset]} 

delete port_security entry vlan_name  <vlan_name 32> mac_address <macaddr> port <port> 

clear port_security_entry  

port <portlist> 

show port_security 

{ports <portlist>} 

enable port_security trap_log 

 

disable port_security trap_log 

 

Each command is listed, in detail, in the following sections. 

config port_security ports 

Purpose

 

Used to configure port security settings. 

Syntax

 

config port_security ports [<portlist> | all] {admin_state [enable| 
disable] | max_learning_addr <max_lock_no 0-16> | 
lock_address_mode [Permanent | DeleteOnTimeout | 
DeleteOnReset]} 

Description

  This command allows for the configuration of the port security feature.  

Only the ports listed in the 

<portlist> 

are affected. 

Parameters

 

portlist 

 

  Specifies a port or range of ports to be configured.   

all

 

 Configure port security for all ports on the Switch. 

admin_state [enable | disable] 

– Enable or disable port security for the 

listed ports. 

max_learning_addr <max_lock_no 0-16>

 - Use this to limit the number of 

MAC addresses dynamically listed in the FDB for the ports. 

lock_address_mode [Permanent | DeleteOnTimout | DeleteOnReset]

 – 

Indicates the method of locking addresses. The user has three choices: 

ƒ

 

Permanent

 – The locked addresses will not age out after the 

aging timer expires. 

ƒ

 

DeleteOnTimeout

 – The locked addresses will age out after the 

aging timer expires. 

ƒ

 

DeleteOnReset 

– The locked addresses will not age out until the 

Switch has been reset.  

Restrictions

  Only Administrator or Operator-level users can issue this command. 

Example usage: 

To configure the port security: 

Содержание DES-3828 - xStack Switch - Stackable

Страница 1: ...CLI Manual ProductModel DES 3800 Series Layer3StackableFastEthernet Managed Switch Release 4 5 Copyright 2008 All rights reserved ...

Страница 2: ...July 2008 651ES3800055G RECYCLABLE ...

Страница 3: ...ION COMMANDS 119 IGMP SNOOPING COMMANDS 123 802 1X COMMANDS INCLUDING GUEST VLANS 131 ACCESS CONTROL LIST ACL COMMANDS 144 TRAFFIC SEGMENTATION COMMANDS 164 COMMAND LIST HISTORY 166 BASIC IP COMMANDS FOR LAYER 3 169 ARP COMMANDS 174 ROUTING TABLE COMMANDS 178 ROUTE REDISTRIBUTION COMMANDS 181 RIP COMMANDS 187 IGMP COMMANDS 191 AUTO CONFIG COMMANDS V3 195 DNS RELAY COMMANDS 197 DVMRP COMMANDS 201 I...

Страница 4: ...NNER COMMANDS 344 SAFEGUARD ENGINE 347 WRED COMMAND LIST 349 WEB BASED ACCESS CONTROL WAC COMMANDS 353 DOUBLE VLAN COMMAND LIST 359 LIMITED MULTICAST IP ADDRESS COMMANDS 364 ROUTE PREFERENCE COMMANDS 369 MAC BASED ACCESS CONTROL COMMANDS 372 PIM COMMANDS 381 LOOPBACK INTERFACE COMMANDS 398 DHCP SERVER COMMAND LIST 401 MLD SNOOPING COMMANDS 417 LOOPBACK DETECTION COMMANDS 424 PASSWORD RECOVERY COMM...

Страница 5: ...he Switch s serial port s default settings are as follows 9600 baud no parity 8 data bits 1 stop bit A computer running a terminal emulation program capable of emulating a VT 100 terminal and a serial port configured as above is then connected to the Switch s serial port via an RS 232 DB 9 cable With the serial port properly connected to a management computer the following screen should be visible...

Страница 6: ...P address to be assigned to the IP interface named System and the y s represent the corresponding subnet mask 2 Alternatively you can enter config ipif System ipaddress xxx xxx xxx xxx z Where the x s represent the IP address to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation The IP interface named System on the Switch can be a...

Страница 7: ...rent configuration will then be retained in the Switch s NV RAM and reloaded when the Switch is rebooted If the Switch is rebooted without using the save command the last configuration saved to NV RAM will be loaded Connecting to the Switch The console interface is used by connecting the Switch to a VT100 compatible terminal or a computer running an ordinary terminal emulator program e g the Hyper...

Страница 8: ...ial Console Screen after logging in Commands are entered at the command prompt DES 3800 admin There are a number of helpful features included in the CLI Entering the command will display a list of all of the top level commands Figure 2 2 The Command When you enter a command without its required parameters the CLI will prompt you with a Next possible completions message 4 ...

Страница 9: ...l appear at the command prompt Figure 2 4 Using the Up Arrow to Re enter a Command In the above example the command config account was entered without the required parameter username the CLI returned the Next possible completions username prompt The up arrow cursor control key was pressed to re enter the previous command config account at the command prompt Now the appropriate username can be ente...

Страница 10: ... or more parameters to narrow the top level command This is equivalent to show what or config what Where the what is the next parameter For example if you enter the show command with no additional parameters the CLI will then display all of the possible next parameters Figure 2 6 Next possible completions Show Command In the above example all of the possible next parameters for the show command ar...

Страница 11: ...the ipif_name space a VLAN name in the vlan_name 32 space and the network address including the netmask in the network_address ip_addr netmask space Do not type the angle brackets Example Command create ipif Engineering 10 24 22 5 255 0 0 0 Design square brackets Purpose Encloses a required value or set of required arguments One value or argument can be specified Syntax create account admin operat...

Страница 12: ...o the right Left Arrow Moves the cursor to the left Right Arrow Moves the cursor to the right Up Arrow Repeats the previously entered command Each time the up arrow is pressed the command previous to that displayed appears This way it is possible to review the command history for the current session Use the down arrow to progress sequentially forward through the command history list Down Arrow The...

Страница 13: ...port config serial_port baud_rate 9600 19200 38400 115200 auto_logout never 2_minutes 5_minutes 10_minutes 15_minutes enable clipaging disable clipaging enable telnet tcp_port_number 1 65535 disable telnet enable web tcp_port_number 1 65535 disable web enable snmp disable snmp save config config_id1 2 reboot reset config system login logout show config current_config config_in_nvram config_ id 1 2...

Страница 14: ...eter to create a operator level user account for the Switch Operator level users will have rights to switch configurations network monitoring commands community strings and trap stations and system utilities All security commands user account commands and the factory reset command will be denied from this privilege level user Select this parameter to create a user level account on the Switch User ...

Страница 15: ...per Command create account operator oper Enter a case sensitive new password Enter the new password again for confirmation Success DES 3800 admin To create an user level user account with the username system DES 3800 admin create account user system Command create account user system Enter a case sensitive new password Enter the new password again for confirmation Success DES 3800 admin ...

Страница 16: ...ommand prompt will display the level of privilege assigned DES 3800 admin DES 3800 oper DES 3800 user For more information regarding user accounts see the DES 3800 Series Layer 3 Stackable Fast Ethernet Managed Switch User Manual config account Purpose Used to configure user accounts Syntax config account username Description The config account command configures a user account that has been creat...

Страница 17: ... Username Access Level dlink Admin Total Entries 1 DES 3800 admin delete account Purpose Used to delete an existing account Syntax delete account username force_agree Description The delete account command deletes an existing account Parameters username Name of the user who will be deleted force_agree When force_agree is specified the delete account command will be executed immediatedly without fu...

Страница 18: ...isplays a list of all the users that are logged in at the time the command is issued Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To display the way that the users are logged in DES 3800 admin show session Command show session ID Login Time Live Time From Level Name 0 2008 06 19 09 15 00 0 4 45 300 10 11 22 33 5 Anonymous 8 DES 3800 a...

Страница 19: ...Name default Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 Boot PROM Version Build 0 00 010 Firmware Version Build 4 50 B10 Hardware Version A2 Serial Number N A Power Status Main Abnormal Redundant Not Present System Name System Location System Contact Spanning Tree Enabled GVRP Disabled IGMP Snooping Disabled TELNET Enabled TCP 23 SSH Enabled TCP 22 WEB Enabled TCP 80 RMON Disabled RIP Disabled ...

Страница 20: ...auto_logout never 2_minutes 5_minutes 10_minutes 15_minutes Restrictions Only Administrator level users can issue this command Example usage To configure baud rate DES 3800 admin config serial_port baud_rate 9600 Command config serial_port baud_rate 9600 Success DES 3800 admin enable clipaging Purpose Used to enable the feature that pauses the scrolling of the console screen when the show command ...

Страница 21: ...in disable clipaging Command disable clipaging Success DES 3800 admin enable telnet Purpose This feature enables the Switch to be managed via TELNET based management software and also allows you to specify the port number that will be used to manage the Switch via TELNET Syntax enable telnet tcp_port_number 1 65535 Description This command is used to enable the Telnet protocol on the Switch The us...

Страница 22: ...his command is used to enable the Web based management software on the Switch The user can specify the TCP port number the Switch will use to listen for Telnet requests Parameters tcp_port_number 1 65535 The TCP port number TCP ports are numbered between 1 and 65535 The well known port for the Web based management software is 80 Restrictions Only Administrator or Operator level users can issue thi...

Страница 23: ...snmp command enables SNMP Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable SNMP DES 3800 admin enable snmp Command enable snmp Success DES 3800 admin disable snmp Purpose Used to disable SNMP on the switch Syntax disable snmp Description The disable snmp command disables SNMP Parameters None Restrictions Only Administrator or Op...

Страница 24: ...ration file Restrictions Only Administrator or Operator level users can issue this command Example usage To save the Switch s current configuration to non volatile RAM DES 3800 admin save Command save Saving all configurations to NV RAM Done DES 3800 admin Example usage To save the Switch s current configuration to config_id 1 in the non volatile RAM DES 3800 admin save config 1 Command save Savin...

Страница 25: ... will be reset to default settings except the IP address user account and history log But device will not save or reboot force_agree When force_agree is specified the reset command will be executed immediatedly without further confirmation Restrictions Only Administrator level users can issue this command Example usage To restore all of the Switch s parameters to its default values DES 3800 admin ...

Страница 26: ...initiate the login procedure The user will be prompted for a Username and Password Parameters None Restrictions None Example usage To initiate the login procedure DES 3800 admin login Command login UserName logout Purpose Used to log out a user from the Switch s console Syntax logout Description This command terminates the current user s session on the Switch s console Parameters None Restrictions...

Страница 27: ...as CLI configuration command Parameters current_config config_in_nvram config_id 1 2 information Restrictions None Example usage To show all system configurations from DRAM database DES 3800 admin show config config_in_nvram Command show config config_in_nvram BASIC config serial_port baud_rate 9600 auto_logout never enable telnet 23 enable web 80 disable jumbo_frame STP config stp maxage 20 hello...

Страница 28: ...nfig_id 1 2 active delete boot_up Restrictions Only Administrator level users can issue this command Example usage To activate configuration 1 DES 3800 admin config configuration 1 active Command config configuration 1 active Success DES 3800 admin Example usage To delete configuration 2 DES 3800 admin config configuration 2 delete Command config configuration 2 delete Success DES 3800 admin Examp...

Страница 29: ... 10 53 13 99 tcp_port 23 Command telnet 10 53 13 99 tcp_port 23 config terminal line Purpose Used to configure the number of rows which can be displayed at a screen Syntax config terminal_line default value 20 80 Description Used to configure the number of rows which can be displayed on the screen Default value is 24 Parameters None Restrictions Only Administrator or Operator level users can issue...

Страница 30: ...atus Purpose Used to display the current status of the hardware of the Switch Syntax show device_status Description This command displays the current status of the Switch s physical elements Parameters None Restrictions None Example usage To show the current hardware status of the Switch DES 3800 admin show device_status Command show device_status Internal Power External power Side Fan Back Fan Ac...

Страница 31: ...s are combo ports This is an optional parameter for configuring the medium type of the combo port For non combo ports the user does not need to specify the medium_type in the command speed Allows the user to adjust the speed for a port or range of ports The user has a choice of the following auto Enables auto negotiation for the specified range of ports 10_half Configures the specified range of po...

Страница 32: ...tion err_disabled Description This command is used to display the current configuration of a range of ports Parameters portlist Specifies a port or range of ports to be displayed description Adding this parameter to the show ports command indicates that a previously entered port description will be included in the display err_disabled Choosing this parameter will display ports that have been disco...

Страница 33: ... Link Down Enabled 17 Enabled Auto Enabled Link Down Enabled 18 Enabled Auto Disabled Link Down Enabled 19 Enabled Auto Disabled Link Down Enabled 20 Enabled Auto Disabled Link Down Enabled CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh Example usage To display the configuration of all ports on the switch with their descriptions DES 3800 admin show ports description Command show por...

Страница 34: ...l 30 DES 3800 admin show ports err_disabled Command show ports err_disabled Port Port Connection status Reason State 2 Enabled Err disabled Storm control Desc Port 2 8 Enabled Err disabled Storm control Desc Port 8 20 Enabled Err disabled Storm control Desc Port 20 DES 3800 admin ...

Страница 35: ... 32 show snmp user show snmp groups create snmp view view_name 32 oid view_type included excluded delete snmp view view_name 32 all oid show snmp view view_name 32 create snmp community community_string 32 view view_name 32 read_only read_write delete snmp community community_string 32 show snmp community community_string 32 config snmp engineID snmp_engineID show snmp engineID create snmp group g...

Страница 36: ...me of the group to which the user is associated The range is 1 to 32 encrypted Specifies that the password appears in encrypted form by_password Indicates the input password for authentication and privacy auth md5 sha Indicates an authentication level setting session The options are md5 The HMAC MD5 96 authentication level sha The HMAC SHA 96 authentication level auth_password An authentication st...

Страница 37: ...sue this command Example usage To delete a user from an SNMP group DES 3800 admin delete snmp user dlink Command delete snmp user dlink Success DES 3800 admin show snmp user Purpose Used to display information on every SNMP username in the group username table Syntax show snmp user Description The show snmp user command displays information on every SNMP username in the group username table Parame...

Страница 38: ...o show all snmp groups setup on the switch DES 3800 admin show snmp groups Command show snmp groups Vacm Access Table Settings Group Name public ReadView Name CommunityView WriteView Name Notify View Name CommunityView Securiy Model SNMPv1 Securiy Level NoAuthNoPriv Group Name public ReadView Name CommunityView WriteView Name Notify View Name CommunityView Securiy Model SNMPv2 Securiy Level NoAuth...

Страница 39: ...1 Securiy Level NoAuthNoPriv Group Name ReadGroup ReadView Name CommunityView WriteView Name Notify View Name CommunityView Securiy Model SNMPv1 Securiy Level NoAuthNoPriv Group Name ReadGroup ReadView Name CommunityView WriteView Name Notify View Name CommunityView Securiy Model SNMPv2 Securiy Level NoAuthNoPriv Group Name WriteGroup ReadView Name CommunityView WriteView Name CommunityView Notify...

Страница 40: ...strings to limit which MIB objects the SNMP manager can access Parameters view_name View name to be created oid Object Identified tree MIB tree view_type Specifies the access type of the MIB tree in this view The view_type options are as follows included Include this object in the view excluded Exclude this object in the view Restrictions Only Administrator or Operator level users can issue this c...

Страница 41: ...rameters view_name 32 SNMP View name to be deleted There are two options for deleting a view record all Specifies that all view records should be deleted oid Specifies that the specified Object Identified tree MIB tree should be deleted Restrictions Only Administrator or Operator level users can issue this command Example usage To delete an SNMP view DES 3800 admin delete snmp view dlinkview all C...

Страница 42: ... user who likes to show Restrictions None Example usage To show the SNMP view DES 3800 admin show snmp view Command show snmp view Vacm View Table Settings View Name restricted Subtree 1 3 6 1 2 1 1 View Type Included View Mask View Name restricted Subtree 1 3 6 1 2 1 11 View Type Included View Mask View Name restricted Subtree 1 3 6 1 6 3 10 2 1 View Type Included View Mask View Name restricted S...

Страница 43: ...ion The create snmp community command creates an SNMP community string Parameters community_string Communtiy string Max string length is 32 view_name View name A MIB view Max length is 32 read_only read_write Read and write or read only permission Restrictions Only Administrator or Operator level users can issue this command Example usage To create an SNMP community string DES 3800 admin create sn...

Страница 44: ...Administrator or Operator level users can issue this command Example usage To display the snmp community string configurations DES 3800 admin show snmp community Command show snmp community SNMP Community Table Community Name View Name Access Right private CommunityView read_write Index public Community Name View Name Access Right public CommunityView read_only Total Entries 2 DES 3800 admin confi...

Страница 45: ...irst four octets are set to the binary equivalent of the agent s SNMP management private enterprise number as assigned by IANA D_Link is 171 The fifth octet is 03 to indicates the rest is the MAC address of this device The 6th 11th octets is MAC address Parameters None Restrictions None Example usage To show the snmp engine id DES 3800 admin show snmp engineID Command show snmp engineID SNMP Engin...

Страница 46: ...mmunityView write_view CommunityView notify_view CommunityView Command create snmp group D Link_group v3 auth_priv read_view CommunityView write_view CommunityView notify_view CommunityView Success DES 3800 admin delete snmp group Purpose Used to remove a SNMP group Syntax delete snmp group groupname Description The delete snmp group command removes a SNMP group Parameters groupname The name of th...

Страница 47: ...n and encrypting auth_string Authentication string Restrictions Only Administrator or Operator level users can issue this command Example usage To create a new SNMP host DES 3800 admin create snmp host 10 48 74 100 v3 noauth_nopriv initial Command create snmp host 10 48 74 100 v3 noauth_nopriv initial Success DES 3800 admin delete snmp host Purpose Used to delete a recipient of an SNMP trap operat...

Страница 48: ...e Example usage To display the SNMP hosts DES 3800 admin show snmp host Command show snmp host SNMP Host Table Host IP Address SNMP Version Community Name SNMPv3 User Name 10 48 76 100 V3 noauthnopriv initial 10 51 17 1 V2c public Total Entries 2 DES 3800 admin show snmp traps Purpose Used to display the status of snmp trap and authentication traps Syntax show snmp traps Description The show snmp ...

Страница 49: ... power consumption exceeds the per port power limit The active circuit protection feature automatically disables the port if there is a short Other ports will remain active PDs receive power according to the following classification Class Max power used by PD 0 0 44 to 12 95W 1 0 44 to 3 84W 2 3 84 to 6 49W 3 6 49 to 12 95W PSE provides power according to the following classification Class Max pow...

Страница 50: ...been exceeded the next port attempting to power up is denied regardless of its priority deny_low_priority_port After the power budget has been exceeded the next port attempting to power up causes the port with the lowest priority to shut down to allow high priority ports to power up The default setting is deny_next_port Restrictions Only Administrator or Operator level users can issue this command...

Страница 51: ...hod chosen in the config poe system command is deny_low_priority_port power_limit Allows the user to configure the per port power limit If a port exceeds its power limit the PoE system will shut down that port The minimum user defined setting is 1000mW and maximum is 16800mW The default setting is 15400mW The user may also choose to define a power class by which to set the power limit based on the...

Страница 52: ...s set to deny next port then no additional port will be connected DES 3800 admin show poe ports Purpose Used to display the settings and the actual values of the PoE ports Syntax show poe ports portlist Description Display the settings actual values and port configuration of the whole PoE system Parameters portlist Enter a port or range of ports to be display their PoE settings Restrictions None E...

Страница 53: ...Switch CLI Manual 49 OFF Interim state during line detection 5 Enabled Low 15400 User defined OFF Interim state during line detection 6 Enabled Low 15400 User defined OFF Interim state during line detection CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All ...

Страница 54: ... Community String Community String is used for authentication NoAuthNoPriv v3 Username Username is used for authentication NoAuthNoPriv v3 MD5 or SHA Authentication is based on the HMAC MD5 or HMAC SHA algorithms AuthNoPriv v3 MD5 DES or SHA DES Authentication is based on the HMAC MD5 or HMAC SHA algorithms AuthPriv DES 56 bit encryption is added based on the CBC DES DES 56 standard The SNMP comma...

Страница 55: ...s is xxx xxx xxx xxx y Restrictions Only Administrator or Operator level users can issue this command Example usage To create the trusted host DES 3800 admin create trusted_host 10 48 74 121 Command create trusted_host 10 48 74 121 Success DES 3800 admin delete trusted_host Purpose Used to delete a trusted host entry made using the create trusted_host command above Syntax ipaddr network ip_addr ne...

Страница 56: ...rusted_host Management Stations IP Address 10 53 13 94 Total Entries 1 DES 3800 admin enable snmp traps Purpose Used to enable SNMP trap support Syntax enable snmp traps Description The enable snmp traps command is used to enable SNMP trap support on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable SNMP trap support o...

Страница 57: ...ed to view the SNMP trap support status currently configured on the Switch Parameters None Restrictions None Example usage To view the current SNMP trap support DES 3800 admin show snmp traps Command show snmp traps SNMP Traps Enabled Authenticate Traps Enabled DES 3800 admin disable snmp traps Purpose Used to disable SNMP trap support on the Switch Syntax disable snmp traps Description This comma...

Страница 58: ...command is used to enter the name and or other information to identify a contact person who is responsible for the Switch A maximum of 255 character can be used Parameters sw_contact A maximum of 255 characters is allowed A NULL string is accepted if there is no contact Restrictions Only Administrator or Operator level users can issue this command Example usage To configure the Switch contact to M...

Страница 59: ...w_name A maximum of 255 characters is allowed A NULL string is accepted if no name is desired Restrictions Only Administrator or Operator level users can issue this command Example usage To configure the Switch name for DES 3828 Switch DES 3800 admin config snmp system_name DES 3828 Switch Command config snmp system_name DES 3828 Switch Success DES 3800 admin enable rmon Purpose Used to enable RMO...

Страница 60: ...nmp Purpose Used to enable SNMP on the Switch Syntax enable snmp Description This command is used in conjunction with the disable snmp command below to enable and disable SNMP on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable SNMP DES 3800 admin enable snmp Command enable snmp Success DES 3800 admin disable snmp Pur...

Страница 61: ...xStack DES 3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual 57 DES 3800 admin disable snmp Command disable snmp Success DES 3800 admin ...

Страница 62: ...new firmware or a Switch configuration file from a TFTP server Syntax download firmware_fromTFTP ipaddr path_filename 64 image_id 1 n configuration ipaddr path_filename 64 config_id 1 2 increment Description This command is used to download a new firmware or a Switch configuration file from a TFTP server Parameters firmware_fromTFTP download and install new firmware on the switch from a TFTP serve...

Страница 63: ... Used to configure the firmware section as a boot up section or to delete the firmware section Syntax config firmware image_id int 1 2 delete boot_up Description This command is used to configure the firmware section The user may choose to remove the firmware section or use it as a boot up section Parameters image_id Specifies the working section The Switch can hold two firmware versions for the u...

Страница 64: ... this command Example usage To display the current firmware information on the Switch DES 3800 admin show firmware information Command show firmware information ID Version Size B Update Time From User 1 2 00 B20 1360471 00000 days 00 00 00 Serial Port Anonymous 2 1 00 B21 2052372 00000 days 00 00 56 10 53 13 94 admin Anonymous means boot up section T means firmware update thru TELNET S means firmw...

Страница 65: ...tatus 2 storm control 3 IP group management 4 syslog 5 QoS 6 port mirroring 7 traffic segmentation 8 port 9 port lock 10 8021x 11 SNMPv3 12 management SNMP traps RMON 13 vlan 14 FDB forwarding data base 15 MAC address table notification 16 STP 17 SSH 18 SSL 19 ACL 20 SNTP 21 IP route 22 LACP 23 ARP 24 IP 25 IGMP snooping 26 access authentication control TACACS etc Parameters current_config Enterin...

Страница 66: ...ormation ID Version Size B Update Time From User 1 4 05 B08 12961 2006 08 30 09 36 10 Local Saved 2 empty Note indicates the next boot up configuration T means configuration update through TELNET S means configuration update through SNMP W means configuration update through WEB DES 3800 admin config configuration Purpose Used to configure the configuration section as a boot up section or to delete...

Страница 67: ...Description This command is used to upload either the Switch s current settings or the Switch s history log to a TFTP server Parameters log_toTFTP Specifies that the switch history log will be uploaded to the TFTP server ipaddr The IP address of the TFTP server The TFTP server must be on the same IP subnet as the Switch path_filename 64 Specifies the location of the Switch configuration file on th...

Страница 68: ...d local configuration file present in Switch memory will be loaded Only Administrator or Operator level users can issue this command NOTE Dual purpose DHCP TFTP server utility software may require entry of the configuration file name and path within the user interface Alternatively the DHCP software may require creating a separate ext file with the configuration file name and path in a specific di...

Страница 69: ...ownload configuration 10 41 44 44 c cfg setting txt Connecting to server Done Download configuration Done The very end of the autoconfig process including the logout appears like this 65 DES 3800 admin disable authen_policy Command disable authen_policy Success DES 3800 admin DES 3800 admin DES 3800 admin End of configuration file for DES 3828 DES 3800 admin Logout NOTE With autoconfig enabled the...

Страница 70: ...00 admin show autoconfig Purpose Used to display the current autoconfig status of the Switch Syntax show autoconfig Description This will list the current status of the autoconfiguration function Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To upload an autoconfiguration DES 3800 admin show autoconfig Command show autoconfig Autoconfi...

Страница 71: ...een the Switch and a destination endstation Syntax traceroute ipaddr ttl value 1 60 port value 30000 64900 timeout sec 1 65535 probe value 1 9 Description The traceroute command will trace a route between the Switch and a give host on the network Parameters ipaddr Specifies the IP address of the host ttl value 1 60 The time to live value of the trace route request This is the maximum number of rou...

Страница 72: ... disable this feature the device will not respond to traceroute packets Parameters state enable disable Enables or disables forwarding the packet to CPU Restrictions Only Administrator level users can issue this command Example usage To enable the forwarding packet to the CPU DES 3800 admin config pkt_to_cpu zero_ttl_ip state enable Command config pkt_to_cpu zero_ttl_ip state enable Success DES 38...

Страница 73: ...cal6 local7 udp_port udp_port_number state enable disable config syslog host all index 1 4 severity informational warning all facility local0 local1 local2 local3 local4 local5 local6 local7 udp_port udp_port_number ipaddress ipaddr state enable disable delete syslog host index 1 4 all show syslog host index 1 4 config system_severity trap log all critical warning information show system_severity ...

Страница 74: ...tlist Description This command will display all of the packet error statistics collected and logged by the Switch for a given port list Parameters portlist Specifies a port or range of ports to be displayed Restrictions None Example usage To display the errors of the port 3 of module 1 DES 3800 admin show error ports 3 Command show error ports 3 Port number 1 RX Frames TX Frames CRC Error 19 Exces...

Страница 75: ...range of ports to be displayed Restrictions None Example usage To display the port utilization statistics DES 3800 admin show utilization ports Command show utilization ports Port TX sec RX sec Util Port TX sec RX sec Util 1 0 0 0 22 0 0 0 2 0 0 0 23 0 0 0 3 0 0 0 24 0 0 0 4 0 0 0 25 0 26 1 5 0 0 0 26 0 0 0 6 0 0 0 27 0 0 0 7 0 0 0 28 0 0 0 8 0 0 0 9 0 0 0 10 0 0 0 11 0 0 0 12 0 0 0 13 0 0 0 14 0 ...

Страница 76: ...Switch to compile statistics Parameters portlist Specifies a port or range of ports to be displayed Restrictions Only Administrator or Operator level users can issue this command Example usage To clear the counters DES 3800 admin clear counters ports 2 9 Command clear counters ports 2 9 Success DES 3800 admin clear log Purpose Used to clear the Switch s history log Syntax clear log Description Thi...

Страница 77: ...in show log index 5 Command show log index 5 Index Time Log Text 5 2008 06 19 09 36 37 Port 23 link up 100Mbps FULL duplex 4 2008 06 19 09 36 37 Redundant Power failed 3 2008 06 19 09 36 37 Spanning Tree Protocol is disabled 2 2008 06 19 09 36 37 System cold start 1 2008 06 19 09 36 10 Configuration saved to flash Username Anonymous DES 3800 admin enable syslog Purpose Used to enable the system lo...

Страница 78: ...users can issue this command Example usage To disable the syslog function on the Switch DES 3800 admin disable syslog Command disable syslog Success DES 3800 admin show syslog Purpose Used to display the syslog protocol status as enabled or disabled Syntax show syslog Description The show syslog command displays the syslog status as enabled or disabled Parameters None Restrictions None Example usa...

Страница 79: ... Informational informational messages 7 Debug debug level messages informational Specifies that informational messages will be sent to the remote host This corresponds to number 6 from the list above warning Specifies that warning messages will be sent to the remote host This corresponds to number 4 from the list above all Specifies that all of the currently supported syslog messages that are gene...

Страница 80: ...This corresponds to number 20 from the list above local5 Specifies that local use 5 messages will be sent to the remote host This corresponds to number 21 from the list above local6 Specifies that local use 6 messages will be sent to the remote host This corresponds to number 22 from the list above local7 Specifies that local use 7 messages will be sent to the remote host This corresponds to numbe...

Страница 81: ...ical Severity Code 0 Emergency system is unusable 1 Alert action must be taken immediately 2 Critical critical conditions 3 Error error conditions 4 Warning warning conditions 5 Notice normal but significant condition 6 Informational informational messages 7 Debug debug level messages Parameters informational Specifies that informational messages will be sent to the remote host This corresponds to...

Страница 82: ...ges will be sent to the remote host This corresponds to number 18 from the list above local3 Specifies that local use 3 messages will be sent to the remote host This corresponds to number 19 from the list above local4 Specifies that local use 4 messages will be sent to the remote host This corresponds to number 20 from the list above local5 Specifies that local use 5 messages will be sent to the r...

Страница 83: ...log host Purpose Used to remove a syslog host that has been previously configured from the Switch Syntax delete syslog host index 1 4 all Description The delete syslog host command is used to remove a syslog host that has been previously configured from the Switch Parameters index 1 4 Specifies that the command will be applied to an index of hosts There are four available indexes numbered 1 throug...

Страница 84: ...escription This command is used to configure the system severity levels on the Switch When an event occurs on the Switch a message will be sent to the SNMP agent trap the Switch s log or both Events occurring on the Switch are separated into three main categories these categories are NOT precisely the same as the parameters of the same name see below Information Events classified as information ar...

Страница 85: ...ated above will instruct the switch to send informational warning and critical events to the Switch s log or SNMP agent Restrictions Only Administrator or Operator level users can issue this command Example usage To configure the system severity settings for critical traps only DES 3800 admin config system_severity trap critical Command config system_severity trap critical Success DES 3800 admin s...

Страница 86: ...mac_address macaddr static aging_time show multicast port_filtering_mode portlist Each command is listed in detail in the following sections create fdb Purpose Used to create a static entry to the unicast MAC address forwarding table database Syntax create fdb vlan_name 32 macaddr port port Description This command will make an entry into the Switch s unicast MAC address forwarding database Parame...

Страница 87: ...dmin create multicast_fdb default 01 00 00 00 00 01 Command create multicast_fdb default 01 00 00 00 00 01 Success DES 3800 admin config multicast_fdb Purpose Used to configure the Switch s multicast MAC address forwarding database Syntax config multicast_fdb vlan_name 32 macaddr add delete portlist Description This command configures the multicast MAC address forwarding table Parameters vlan_name...

Страница 88: ... time can be from 10 to 1000000 seconds with a default value of 300 seconds A very long aging time can result in dynamic forwarding table entries that are out of date or no longer exist This may cause incorrect packet forwarding decisions by the Switch If the aging time is too short however many entries may be aged out too soon This will result in a high percentage of received packets whose source...

Страница 89: ... the Multicast Table the frames are forwarded according to the VLAN rule filter_unregistered_groups In this mode frames destined for group MAC addresses are forwarded only if this type of forwarding is explicitly permitted by a Group Address entry in the Multicast Table In other words if the Group MAC address does not exist in the Multicast table the packets are dropped Restrictions Only Administr...

Страница 90: ...l Description This command is used to clear dynamically learned entries to the Switch s forwarding database Parameters vlan_name 32 The name of the VLAN on which the MAC address resides port port The port number corresponding to the MAC destination address The Switch will always forward traffic to the specified device through this port all Clears all dynamic entries to the Switch s forwarding data...

Страница 91: ...s 01 00 5E 00 00 00 Egress Ports 1 5 Mode Static Total Entries 1 DES 3800 admin show fdb Purpose Used to display the current unicast MAC address forwarding database Syntax show fdb port port vlan vlan_name 32 mac_address macaddr static aging_time Description This command will display the current contents of the Switch s forwarding database Parameters port port The port number corresponding to the ...

Страница 92: ...10 Dynamic 1 default 00 00 F8 7C 1C 29 10 Dynamic 1 default 00 01 02 03 04 05 10 Dynamic 1 default 00 01 30 10 2C C7 10 Dynamic 1 default 00 01 30 FA 5F 00 10 Dynamic 1 default 00 02 3F 63 DD 68 10 Dynamic CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All show multicast port_filtering_mode Purpose Used to show the multicast packet filtering mode for ports Syntax show multicast port_filter...

Страница 93: ..._mode Port Multicase Filter Mode 1 forward_all_groups 2 forward_all_groups 3 forward_all_groups 4 forward_all_groups 5 forward_unregistered_groups 6 forward_unregistered_groups 7 forward_unregistered_groups 8 forward_unregistered_groups 9 forward_unregistered_groups 10 forward_unregistered_groups 11 filter_unregistered_groups 12 filter_unregistered_groups DES 3800 admin ...

Страница 94: ...coup it using the Port Configuration window in the Administration folder and selecting the disabled port and returning it to an Enabled status To utilize this method of Storm Control choose the Shutdown option of the Action field in the window below The broadcast storm control commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command...

Страница 95: ...at which the specified traffic control is switched on The value is the number of broadcast multicast Unicast packets in packets per second pps received by the Switch that will trigger the storm traffic control measures The default setting is 128000 time_interval The Interval will set the time between Multicast and Broadcast packet counts sent from the Switch s chip to the Traffic Control function ...

Страница 96: ...guration on the Switch Parameters all Used to specify all ports for which to display traffic control settings portlist Used to specify port or list of ports for which to display traffic control settings The beginning and end of the port list range are separated by a dash Restrictions None Example usage To display traffic control setting for ports 1 4 DES 3800 admin show traffic control 1 4 Command...

Страница 97: ... shutdown Parameters none No notification will be generated or sent when a packet storm control is detected by the Switch storm _occurred A notification will be generated and sent when a packet storm has been detected by the Switch storm_cleared A notification will be generated and sent when a packet storm has been cleared by the Switch both A notification will be generated and sent when a packet ...

Страница 98: ...es stated above The Switch will empty the eight hardware priority queues in order beginning with the highest priority queue 7 to the lowest priority queue 0 Each hardware queue will transmit all of the packets in its buffer before permitting the next lower priority to transmit its packets When the lowest hardware priority queue has finished transmitting all of its packets the highest hardware prio...

Страница 99: ... indicates the limitation in kbits sec The switch will choose the closest value but it must NOT be greater than the value in order to work Restrictions Only Administrator or Operator level users can issue this command Example usage To configure the port bandwidth DES 3800 admin config bandwidth_control 1 10 tx_rate 640 Command config bandwidth_control 1 10 tx_rate 640 Success DES 3800 admin show b...

Страница 100: ...ity queue can transmit before allowing the next lowest hardware priority queue to begin transmitting its packets A value between 0 and 15 can be specified For example if a value of 3 is specified then the highest hardware priority queue number n will be allowed to transmit 3 packets then the next lowest hardware priority queue number n 1 will be allowed to transmit 3 packets and so on until all of...

Страница 101: ...perator level users can issue this command Example usage To configure the traffic scheduling mechanism for each COS queue DES 3800 admin config scheduling_mechanism strict Command config scheduling_mechanism strict Success DES 3800 admin show scheduling Purpose Used to display the current traffic scheduling parameters in use on the switch Syntax show scheduling Description The show scheduling comm...

Страница 102: ...l map an incoming packet based on its 802 1p user priority to one of the eight available hardware priority queues on the switch The switch s default setting is to map the incoming 802 1p user priority values to the eight hardware priority queues This product supports 8 CoS queues You can change this mapping by specifying the 802 1p user priority you want by specifying the number of the hardware qu...

Страница 103: ...ority command allows you to specify default priority handling of untagged packets received by the switch The priority value entered with this command will be used to determine which of the four hardware priority queues the packet will be forwarded to Parameters portlist This specifies a range of ports for which the default priority is to be configured That is a range of ports for which all untagge...

Страница 104: ...ault_priority portlist Description The show 802 1p default_priority command displays the current default priority settings on the switch Parameters portlist Specified a range of ports to be displayed If no parameter specified the system will display all ports configured with 802 1p default_priority Restrictions None Example usage To display 802 1p default priority DES 3800 admin show 802 1p defaul...

Страница 105: ...xStack DES 3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual 101 21 0 0 22 0 0 23 0 0 24 0 0 25 0 0 26 0 0 27 0 0 28 0 0 DES 3800 admin ...

Страница 106: ...ion you can specify that only traffic received by or sent by one or both is mirrored to the Target port Parameters port This specifies the Target port the port where mirrored packets will be received The target port must be configured in the same VLAN and must be operating at the same speed a s the source port If the target port is operating at a lower speed the source port will be forced to drop ...

Страница 107: ... source 2 4 Success DES 3800 admin enable mirror Purpose Used to enable a previously entered port mirroring configuration Syntax enable mirror Description This command combined with the disable mirror command below allows you to enter a port mirroring configuration into the Switch and then turn the port mirroring on and off without having to modify the port mirroring configuration Parameters None ...

Страница 108: ...Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To disable mirroring configurations DES 3800 admin disable mirror Command disable mirror Success DES 3800 admin show mirror Purpose Used to show the current port mirroring configuration on the Switch Syntax show mirror Description This command displays the current port mirroring configurati...

Страница 109: ... so the packet is then routed through this provider VLAN which contains smaller VLANs with similar configurations to ensure speedy and guaranteed routing destination of the packet The VLAN commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters create vlan vlan_name 32 tag vlanid 1 4094 advertisement show vlan vlan_name ...

Страница 110: ...an issue this command Each VLAN name can be up to 32 characters If the VLAN is not given a tag it will be a port based VLAN Up to 4k static VLANs may be created per configuration Example usage To create a VLAN v1 tag 2 DES 3800 admin create vlan v1 tag 2 Command create vlan v1 tag 2 Success DES 3800 admin show vlan Purpose Used to display the current VLAN configuration on the Switch Syntax show vl...

Страница 111: ...ing or forbidden The default is to assign the ports as untagging Parameters vlan_name 32 The name of the VLAN to which to add ports add Entering the add parameter will add ports to the VLAN There are three types of ports to add tagged Specifies the additional ports as tagged untagged Specifies the additional ports as untagged forbidden Specifies the additional ports as forbidden delete Deletes por...

Страница 112: ...800 admin delete vlan v1 Command delete vlan v1 Success DES 3800 admin create vlan vlanid Purpose Used to create VLANs by VLAN ID list on the switch Syntax create vlan vlanid vidlist advertisement Description The create VLAN by vlanid command allows the creation of multiple VLANs on the switch Parameters vidlist Specifies a range of VLAN IDs to be created advertisement Specifies to join GVRP or no...

Страница 113: ...s to a previously configured VLAN Syntax config vlan vlanid vidlist add tagged untagged forbidden delete portlist advertisement enable disable name name Description The config vlan vlanid command allows you to add or delete ports of the port list of previously configured VLAN s You can specify the additional ports as being tagged untagged or forbidden The same port is allowed to be an untagged mem...

Страница 114: ...id 2 3 add tagged 4 8 Success DES 3800 admin Example usage To enable the VLAN ID 2 and VLAN ID 3 advertisment DES 3800 admin config vlan vlanid 2 3 advertisement enable Command config vlan vlanid 2 3 advertisement enable Success DES 3800 admin Example usage To modify the name of VLAN ID 2 DES 3800 admin config vlan vlanid 2 name vlan_2 Command config vlan vlanid 2 name vlan_2 Success DES 3800 admi...

Страница 115: ...or disables GVRP for the ports specified in the port list ingress_checking enable disable Enables or disables ingress checking for the specified port list acceptable_frame tagged_only admit_all This parameter states the frame type that will be accepted by the Switch for this function tagged_only implies that only VLAN tagged frames will be accepted while admit_all implies tagged and untagged frame...

Страница 116: ...rpose Used to disable GVRP on the Switch Syntax disable gvrp Description This command along with enable gvrp is used to enable and disable GVRP on the Switch without changing the GVRP configuration on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To disable the Generic VLAN Registration Protocol GVRP DES 3800 admin disable g...

Страница 117: ...abled All Frames 16 1 Disabled Enabled All Frames 17 1 Disabled Enabled All Frames 18 1 Disabled Enabled All Frames 19 1 Disabled Enabled All Frames 20 1 Disabled Enabled All Frames 21 1 Disabled Enabled All Frames 22 1 Disabled Enabled All Frames 23 1 Disabled Enabled All Frames 24 1 Disabled Enabled All Frames 25 1 Disabled Enabled All Frames 26 1 Disabled Enabled All Frames 27 1 Disabled Enable...

Страница 118: ...t is 0x0 to 0xffff For ethernet II this is a 16 bit 2 octet hex value Example Ipv4 is 800 ipv6 is 86dd ARP is 806 and so on For IEEE802 3 SNAP this is this is a 16 bit 2 octet hex value Example Ipv4 is 800 ipv6 is 86dd ARP is 806 and so on For IEEE802 3 LLC this is the 2 octet IEEE 802 2 Link Service Access Point LSAP pair first octet for Destination Service Access Point DSAP and second octet for ...

Страница 119: ...pe Protocol Value 100 EthernetII 0x86DD DES 3800 admin config port dot1v ports Purpose Assign the VLAN for untagged packets ingress from the portlist based on the protocol group configured Syntax config port dot1v ports portlist all add protocol_group group_id id vlan vlan_name 32 delete protocol_group group_id id all Description Assigns the VLAN for untagged packets ingress from the portlist base...

Страница 120: ...p Syntax show port dot1v ports portlist Description Display the VLAN to be associated with untagged packet ingressed from a port based on the protocol group Parameters portlist Specifies a range of ports to be displayed If not specified information for all ports will be displayed Restrictions None Example usage The example display the protocol VLAN information for ports 1 2 DES 3800 admin show por...

Страница 121: ...with default VLAN Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable the enable the auto assignment of pvid DES 3800 admin enable pvid auto_assign Command enable pvid auto_assign Success DES 3800 admin disable pvid auto_assign Purpose Used to disable auto assignment of pvid Syntax disable pvid auto_assign Description This command ...

Страница 122: ...sign Purpose Used to display the PVID auto assignment state Syntax show pvid auto_assign Description This command is used to display the PVID auto assignment state Parameters None Restrictions None DES 3800 admin show pvid auto_assign Command show pvid auto_assign Auto assign pvid enabled DES 3800 admin ...

Страница 123: ...rs value Specifies the group ID The Switch allows up to 32 link aggregation groups to be configured The group number identifies each of the groups type Specify the type of link aggregation used for the group If the type is not specified the default type is static lacp This designates the port group as LACP compliant LACP allows dynamic adjustment to the aggregated port group LACP compliant ports m...

Страница 124: ...ation group that was created with the create link_aggregation command above The DES 3800 supports link aggregation cross box which specifies that link aggregation groups may be spread over multiple switches in the switching stack Parameters group _id value 32 Specifies the group ID The Switch allows up to 32 link aggregation groups to be configured The group number identifies each of the groups ma...

Страница 125: ...itch should examine the MAC source address mac_destination Indicates that the Switch should examine the MAC destination address mac_source_dest Indicates that the Switch should examine the MAC source and destination addresses ip_source Indicates that the Switch should examine the IP source address ip_destination Indicates that the Switch should examine the IP destination address ip_source_dest Ind...

Страница 126: ...arameters value 1 32 Specifies the group ID The Switch allows up to 32 link aggregation groups to be configured The group number identifies each of the groups algorithm Allows you to specify the display of link aggregation by the algorithm in use by that group Restrictions None Example usage To display Link Aggregation configuration DES 3800 admin show link_aggregation Command show link_aggregatio...

Страница 127: ...6711450 leave_timer sec 0 16711450 state enable disable fast_leave enable disable Description This command allows users to configure IGMP snooping on the Switch Parameters vlan_name 32 The name of the VLAN for which IGMP snooping is to be configured host_timeout sec 1 16711450 Specifies the maximum amount of time a host can be a member of a multicast group without the Switch receiving a host membe...

Страница 128: ...hich IGMP snooping querier is to be configured query_interval sec 1 65535 Specifies the amount of time in seconds between general query transmissions The default setting is 125 seconds max_response_time sec 1 25 Specifies the maximum time in seconds to wait for reports from members The default setting is 10 seconds robustness_variable value 1 255 Provides fine tuning to allow for expected packet l...

Страница 129: ...terval 125 state enable Command config igmp_snooping querier default query_interval 125 state enable Success DES 3800 admin config router_ports Purpose Used to configure ports as router ports Syntax config router_ports vlan_name 32 add delete portlist Description This command allows designation of a range of ports as being connected to multicast enabled routers This will ensure that all packets wi...

Страница 130: ...n the Switch DES 3800 admin enable igmp_snooping Command enable igmp_snooping Success DES 3800 admin disable igmp_snooping Purpose Used to disable IGMP snooping on the Switch Syntax disable igmp_snooping forward_mcrouter_only Description This command disables IGMP snooping on the Switch IGMP snooping can be disabled only if IP multicast routing is not being used Disabling IGMP snooping allows all ...

Страница 131: ...of the VLAN for which to view the IGMP snooping configuration Restrictions None Example usage To show IGMP snooping DES 3800 admin show igmp_snooping Command show igmp_snooping IGMP Snooping Global State Disabled Multicast router Only Disabled VLAN Name default Query Interval 125 Max Response Time 10 Robustness Value 2 Last Member Query Interval 1 Host Timeout 260 Route Timeout 260 Leave Timer 2 Q...

Страница 132: ...tion information Restrictions None Example usage To show IGMP snooping group DES 3800 admin show igmp_snooping group Command show igmp_snooping group VLAN Name default Multicast group 224 0 0 2 MAC address 01 00 5E 00 00 02 Reports 1 Port Member 2 5 VLAN Name default Multicast group 224 0 0 9 MAC address 01 00 5E 00 00 09 Reports 1 Port Member 6 8 VLAN Name default Multicast group 234 5 6 7 MAC ad...

Страница 133: ...outer_ports vlan vlan_name 32 static dynamic Description This command will display the router ports currently configured on the Switch Parameters vlan_name 32 The name of the VLAN on which the router port resides static Displays router ports that have been statically configured dynamic Displays router ports that have been dynamically configured Restrictions None Example Usage To display the router...

Страница 134: ... IGMP snooping forwarding table entries currently configured on the Switch Parameters vlan_name 32 The name of the VLAN for which to view IGMP snooping forwarding table information Restrictions None Example usage To view the IGMP snooping forwarding table for VLAN Trinity DES 3800 admin show igmp_snooping forwarding vlan Trinity Command show igmp_snooping forwarding vlan Trinity VLAN Name Trinity ...

Страница 135: ..._unauth auto force_auth quiet_period sec 0 65535 tx_period sec 1 65535 supp_timeout sec 1 65535 server_timeout sec 1 65535 max_req value 1 10 reauth_period sec 1 65535 enable_reauth enable disable config 802 1x init port_based ports portlist all mac_based ports portlist all mac_address macaddr config 802 1x auth_mode port_based mac_based config 802 1x reauth port_based ports portlist all mac_based...

Страница 136: ...sue this command Example usage To enable 802 1x switch wide DES 3800 admin enable 802 1x Command enable 802 1x Success DES 3800 admin disable 802 1x Purpose Used to disable the 802 1x server on the Switch Syntax disable 802 1x Description The disable 802 1x command is used to disable the 802 1x Network Access control server application on the Switch To select between port based or MAC based use th...

Страница 137: ...d None AdminCtlDir Both In Shows whether a controlled Port that is unauthorized will exert control over communication in both receiving and transmitting directions or just the receiving direction OpenCtlDir Both In Shows whether a controlled Port that is unauthorized will exert control over communication in both receiving and transmitting directions or just the receiving direction Port Control For...

Страница 138: ...2 1x Port based or MAC based Network Access Control server application on the Switch Parameters ports portlist Specifies a port or range of ports to be viewed The following details what is displayed Port number Shows the physical port number on the Switch Auth PAE State Initialize Disconnected Connecting Authenticating Authenticated Held ForceAuth ForceUnauth Shows the current state of the Authent...

Страница 139: ...Entry a All Example usage To display the 802 1x auth state for MAC based 802 1x DES 3800 admin show 802 1x auth_state Command show 802 1x auth_state Port number 1 Index MAC Address Auth PAE State Backend State Port Status 1 00 08 02 4E DA FA Authenticated Idle Authorized 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 CTRL C ESC q Quit SPACE n Next Page Enter Next Entry a All config 802 1x auth_mode Purpose ...

Страница 140: ...mmand has four capabilities that can be set for each port Authenticator Supplicant Authenticator and Supplicant and None Parameters portlist Specifies a port or range of ports to be configured all Specifies all of the ports on the Switch authenticator A user must pass the authentication process to gain access to the network none The port is not controlled by the 802 1x functions Restrictions Only ...

Страница 141: ... the following authentication options force_auth Forces the Authenticator for the port to become authorized Network access is allowed auto Allows the port s status to reflect the outcome of the authentication process force_unauth Forces the Authenticator for the port to become unauthorized Network access will be blocked quiet_period sec 0 65535 Configures the time interval between authentication f...

Страница 142: ...addr Enter the MAC address to be initialized Restrictions Only Administrator or Operator level users can issue this command Example usage To initialize the authentication state machine of all ports DES 3800 admin config 802 1x init port_based ports all Command config 802 1x init port_based ports all Success DES 3800 admin config 802 1x reauth Purpose Used to configure the 802 1x re authentication ...

Страница 143: ...Parameters server_index 1 3 Assigns a number to the current set of RADIUS server settings Up to 3 groups of RADIUS server settings can be entered on the Switch server_ip The IP address of the RADIUS server key Specifies that a password and encryption key will be used between the Switch and the RADIUS server passwd 32 The shared secret key used by the RADIUS server and the Switch Up to 32 character...

Страница 144: ...ddress server_ip key passwd 32 auth_port udp_port_number 1 65535 acct_port udp_port_number 1 65535 Description The config radius command is used to configure the Switch s RADIUS settings Parameters server_index 1 3 Assigns a number to the current set of RADIUS server settings Up to 3 groups of RADIUS server settings can be entered on the Switch ipaddress server_ip The IP address of the RADIUS serv...

Страница 145: ...uest_vlan vlan_name 32 Description The create 802 1x guest_vlan command is used to configure a pre defined VLAN as a 802 1x Guest VLAN Guest 802 1X VLAN clients are those who have not been authorized for 802 1x or they haven t yet installed the necessary 802 1x software yet would still like limited access rights on the Switch Parameters vlan_name 32 Enter an alphanumeric string of no more than 32 ...

Страница 146: ...te changes from an enabled state to a disabled state these ports will return to the default VLAN Example usage To configure the ports for a previously created 802 1x Guest VLAN as enabled DES 3800 admin config 802 1x guest_vlan ports 1 5 state enable Command config 802 1x guest_vlan ports 1 5 state enable Success DES 3800 admin show 802 1x guest_vlan Purpose Used to view the configurations for a 8...

Страница 147: ...those who have not been authorized for 802 1x or they haven t yet installed the necessary 802 1x software yet would still like limited access rights on the Switch Parameters vlan_name 32 Enter the VLAN name of the Guest 802 1x VLAN to be deleted Restrictions Only Administrator or Operator level users can issue this command This VLAN is only supported for port based 802 1x and must have already bee...

Страница 148: ...dscp value 0 63 icmp type value 0 255 code value 0 255 igmp type value 0 255 tcp src_port value 0 65535 dst_port value 0 65535 flag_mask all urg ack psh rst syn fin udp src_port value 0 65535 dst_port value 0 65535 protocol_id value 0 255 user_define hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff packet_content_mask offset_0 15 hex 0x0 0xffffffff hex...

Страница 149: ...ffset_64 79 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff permit deny delete access_id value 1 65535 enable cpu interface_filtering disable cpu_interface_filtering show cpu_interface_filtering show cpu access_profile profile_id value 1 5 access_id value 1 65535 Access profiles allow you to establish criteria to determine whether or not the Switch will forward packets ...

Страница 150: ...o be better understood by the user and therefore simpler for the user to configure The beginning of this section displays the create access_profile and config access_profile commands in their entirety The following table divides these commands up into the defining features necessary to properly configure the access profile Remember these are not the total commands but the easiest way to implement ...

Страница 151: ... 200 rules for ports 17 to 24 Up to 100 rules may be configured for each Gigabit Ethernet port The tabled below provide a summary of the maximum ACL profile rule limits DES 3828 DES 3828DC DES 3828P DES 3852 Port Numbers Maximum ACL Profile Rules per Port Group 1 8 200 9 16 200 17 24 200 25 32 200 33 40 200 41 48 200 49 Gigabit 100 50 Gigabit 100 51 Gigabit 100 52 Gigabit 100 Total Rules 800 Port ...

Страница 152: ...macmask Specifies a MAC address mask for the destination MAC address in the following format 000000000000 FFFFFFFFFFFF 802 1p Specifies that the Switch will examine the 802 1p priority value in the frame s header ethernet_type Specifies that the Switch will examine the Ethernet type value in each frame s header profile_id value 1 255 Specifies an index number between 1 and 255 that will identify t...

Страница 153: ... packets with this 802 1p priority value ethernet_type hex 0x0 0xffff Specifies that the access profile will apply only to packets with this hexadecimal 802 1Q Ethernet type value in the packet header port portlist The access profile for Ethernet may be defined for each port on the Switch by entering a port or range of ports here Up to 65535 rules may be configured for each port permit Specifies t...

Страница 154: ...ort_mask hex 0x0 0xffff flag_mask all urg ack psh rst syn fin udp src_port_mask hex 0x0 0xffff dst_port_mask hex 0x0 xffff protocol_id_mask user_define_mask hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff profile_id value 1 255 Description This command will allow the user to create a profile for packets that may be accepted denied or mirrored by the S...

Страница 155: ...ach frame s Protocol ID field user_define_mask hex 0x0 0xfffffff Enter a hexidecimal value that will identify the protocol to be discovered in the packet header profile_id value 1 255 Specifies an index number between 1 and 255 that will identify the access profile being created with this command Restrictions Only Administrator or Operator level users can issue this command Example usage To config...

Страница 156: ...ies that the access profile will apply to only packets with this destination IP address dscp value 0 63 Specifies that the access profile will apply only to packets that have this value in their Type of Service DiffServ code point DSCP field in their IP packet header icmp Specifies that the Switch will examine the Internet Control Message Protocol ICMP field within each packet type value 0 255 Spe...

Страница 157: ...llows you to specify a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command This value will over write the value in the DSCP field of the packet deny Specifies that packets that match the access profile are not permitted to be forwarded by the Switch and will be filtered mirror Selecting mirror specifies that packets that ma...

Страница 158: ... from byte 48 to byte 63 offset_64 79 Enter a value in hex form to mask the packet from byte 64 to byte 79 With this advanced unique Packet Content Mask also known as Packet Content Access Control List ACL D Link xStack switch family can effectively mitigate some network attacks like the common ARP Spoofing attack widely spreading today This is for the reason that Packet Content ACL is able to ins...

Страница 159: ...sk the packet header beginning with the offset value specified as follows offset_0 15 Enter a value in hex form to mask the packet from the beginning of the packet to the 15th byte offset_16 31 Enter a value in hex form to mask the packet from byte 16 to byte 31 offset_32 47 Enter a value in hex form to mask the packet from byte 32 to byte 47 offset_48 63 Enter a value in hex form to mask the pack...

Страница 160: ...ontent access profile Restrictions Only Administrator or Operator level users can issue this command Example usage To create an access profile by packet content mask DES 3800 admin config access_profile profile_id 3 add access_id 1 packet_content offset_0 15 0x11111111 0x11111111 0x11111111 0x11111111 offset_16 31 0x11111111 0x11111111 0x11111111 0x11111111 port 1 deny Command config access_profil...

Страница 161: ... profile being created with this command ipv6 Denotes that IPv6 packets will be examined by the Switch for forwarding or filtering based on the rules configured in the config access_profile command for IPv6 IPv6 packets may be identified by the following class Entering this parameter will instruct the Switch to examine the class field of the IPv6 header This class field is a part of the packet hea...

Страница 162: ... access profile when it is created with the create access_profile command The lower the profile ID the higher the priority the rule will be given add access_id value 1 65535 Adds an additional rule to the above specified access profile The value specifies the relative priority of the additional rule Up to 65535 different rules may be configured for the IPv6 access profile ipv6 Specifies that the S...

Страница 163: ...er this parameter to re write the 802 1p default priority of a packet to the value entered in the Priority field which meets the criteria specified previously in this command before forwarding it on to the specified CoS queue Otherwise a packet will have its incoming 802 1p user priority re written to its original value before being forwarded by the Switch deny Specifies that packets that match th...

Страница 164: ...file ID of 1 DES 3800 admin delete access_profile profile_id 1 Command delete access_profile profile_id 1 Success DES 3800 admin show access_profile Purpose Used to display the currently configured access profiles on the Switch Syntax show access_profile profile_id value 1 255 Description The show access_profile command is used to display the currently configured access profiles Parameters profile...

Страница 165: ... 0 15 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF Offset 16 31 0x0000FFFF 0xFFFF0000 0x0000000F 0x0F000000 Access ID 1 Mode Deny Owner ACL Port 10 Access Profile ID 10 TYPE IPV6 Owner ACL Masks Class Flow Label Source IPv6 FFFF FFFF Dst Ipv6 Mask FFFF FFFF Access ID 1 Mode Permit Owner ACL Port 10 100 0x1234 1122 3344 5566 7788 ACL Free System 796 Port 1 8 200 Port 9 16 196 Port 17 24 200 Port 25 ...

Страница 166: ...5 access_id value 1 65535 rate value 0 999936 rate_exceed drop set_drop_precedence Description This command is used to configure the flow based metering function users may set the preferred bandwidth for this rule in Kbps and once the bandwidth has been exceeded overflow packets will be either dropped or be set for a drop precedence depending on user configuration The set_drop_precedence function ...

Страница 167: ... rate_exceed drop Success DES 3800 admin show flow_meter Purpose Used to display the flow based metering configuration Syntax show flow_meter profile_id value 1 255 access_id access_id Description This command displays the flow meter configuration Parameters Profile_id Specifies the profile_ID access_id Specifies the access_ID Restrictions None Example usage To display the flow meter DES 3800 admi...

Страница 168: ...config traffic_segmentation command is used to configure traffic segmentation on the Switch Parameters portlist Specifies a port or range of ports that will be configured for traffic segmentation forward_list Specifies a range of ports that will receive forwarded frames from the ports specified in the portlist above null No ports are specified portlist Specifies a range of ports for the forwarding...

Страница 169: ...ge of ports for which the current traffic segmentation configuration on the Switch will be displayed Restrictions None The port lists for segmentation and the forward list must be on the same Switch Example usage To display the current traffic segmentation configuration on the Switch DES 3800 admin show traffic_segmentation Command show traffic_segmentation Traffic Segmentation Table Port Forward ...

Страница 170: ...n appropriate command will list all the corresponding parameters for the specified command along with a brief description of the commands function and similar commands having the same words in the command Restrictions None Example usage To display all of the commands in the CLI DES 3800 admin clear clear arptable clear counters clear fdb clear log clear port_security_entry port config 802 1p defau...

Страница 171: ...isplay all commands in the Command Line Interface CLI Syntax dir Description This command will display all of the commands available through the Command Line Interface CLI Parameters None Restrictions None Example usage To display all commands DES 3800 admin dir clear clear arptable clear counters clear fdb clear log clear port_security_entry port config 802 1p default_priority config 802 1p user_...

Страница 172: ...mmands may be viewed Restrictions Only Administrator level users can issue this command Example usage To configure the command history DES 3800 admin config command_history 20 Command config command_history 20 Success DES 3800 admin show command_history Purpose Used to display the command history Syntax show command_history Description This command will display the command history Parameters None ...

Страница 173: ...roblems may include The Switch may use extra resources to process packets for multiple IP interfaces The amount of broadcast data such as RIP update packets and PIM hello packets will be increased The IP interface commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Each command is listed in detail in the following sections Command Para...

Страница 174: ...Trinity DES 3800 admin create ipif p1 1 ipaddress 12 1 1 1 Trinity secondary state enable Command create ipif p1 1 ipaddress 12 1 1 1 Trinity secondary state enable Success DES 3800 admin config ipif Purpose Used to configure an IP interface set on the Switch Syntax config ipif ipif_name 12 ipaddress network_address vlan vlan_name 32 state enable disable proxy_arp enable disable bootp dhcp Descrip...

Страница 175: ...s 10 48 74 122 8 Command config ipif System ipaddress 10 48 74 122 8 Success DES 3800 admin enable ipif Purpose Used to enable an IP interface on the Switch Syntax enable ipif ipif_name 12 all Description This command will enable the IP interface function on the Switch Parameters ipif_name 12 The name of a previously configured IP interface to enable Enter an alphanumeric entry of up to twelve cha...

Страница 176: ...e on the Switch Parameters ipif_name 12 The name of the IP interface to delete all Entering this parameter will delete all the IP interfaces currently configured on the Switch Restrictions Only Administrator or Operator level users can issue this command Example usage To delete the IP interface named s2 interface named s2 DES 3800 admin delete ipif s2 Command delete ipif s2 Success DES 3800 admin ...

Страница 177: ...122 MANUAL Subnet Mask 255 0 0 0 VLAN Name default Admin State Enabled Proxy ARP Disabled Link Status Link UP Member Ports 1 28 Total Entries 1 DES 3800 admin NOTE In the IP Interface Settings table shown above the Secondary field will have two displays FALSE denotes that the IP interface is a primary IP interface while TRUE denotes a secondary IP interface 173 ...

Страница 178: ...ry Purpose Used to make a static entry into the ARP table Syntax create arpentry ipaddr macaddr Description This command is used to enter an IP address and the corresponding MAC address into the Switch s ARP table Parameters ipaddr The IP address of the end node or station macaddr The MAC address corresponding to the IP address above Restrictions Only Administrator or Operator level users can issu...

Страница 179: ... 10 48 74 12 and MAC address 00 50 BA 00 07 36 DES 3800 admin config arpentry 10 48 74 12 00 50 BA 00 07 36 Command config arpentry 10 48 74 12 00 50 BA 00 07 36 Success DES 3800 admin delete arpentry Purpose Used to delete a static entry into the ARP table Syntax delete arpentry ipaddr all Description This command is used to delete a static ARP entry made using the create arpentry command above b...

Страница 180: ...me 30 Command config arp_aging time 30 Success DES 3800 admin show arpentry Purpose Used to display the ARP table Syntax show arpentry ipif ipif_name 12 ipaddress ipaddr static Description This command is used to display the current contents of the Switch s ARP table Parameters ipif ipif_name 12 The name of the IP interface the end node or station for which the ARP table entry was made resides on ...

Страница 181: ...able Description This command is used to remove dynamic ARP table entries from the Switch s ARP table Static ARP table entries are not affected Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To remove dynamic entries in the ARP table DES 3800 admin clear arptable Command clear arptable Success DES 3800 admin ...

Страница 182: ...itch s IP routing table Parameters network_address IP address and netmask of the IP interface that is the destination of the route The address and mask information can be specified using the traditional format for example 10 1 2 3 255 0 0 0 or in CIDR format 10 1 2 3 8 ipaddr The gateway IP address for the next hop router metric 1 65535 Allows the entry of a routing protocol metric entry represent...

Страница 183: ...ntries cannot have the same Gateway Restrictions Only Administrator or Operator level users can issue this command Example usage To delete a backup static address 10 48 75 121 mask 255 0 0 0 and gateway ipaddr entry of 10 1 1 254 from the routing table DES 3800 admin delete iproute 10 48 74 121 8 10 1 1 254 Command delete iproute 10 48 74 121 8 10 1 1 254 Success DES 3800 admin show iproute Purpos...

Страница 184: ...fig iproute ospf ecmp Purpose Used to control the OSPF ECMP function Syntax config iproute ospf ecmp Description This command is used to enable or disable the ECMP function Parameters enable Enables ECMP disable Disables ECMP Restrictions Only Administrator or Operator level users can issue this command Example usage To config the iproute ospf ecmp command DES 3800 admin config iproute ospf ecmp e...

Страница 185: ...ribute dst ospf src static rip local mettype 1 2 metric value 0 16777214 Description This command will redistribute routing information between the OSPF and RIP routing protocols to all routers on the network that are running OSPF or RIP Routing information entered into the Static Routing Table on the local xStack switch is also redistributed Parameters src static rip local Allows for the selectio...

Страница 186: ...the Static Routing Table on the local xStack switch is also redistributed Parameters src Allows the selection of the protocol of the source device as being either local static or OSPF After selecting the source device the user may set the following parameters for that source device from the following options all Specifies both internal an external internal Specifies the internal protocol of the so...

Страница 187: ...te dst ospf src static rip local mettype 1 2 metric value 0 16777214 Description Route redistribution allows routers on the network that are running different routing protocols to exchange routing information This is accomplished by comparing the routes stored in the various router s routing tables and assigning appropriate metrics This information is then exchanged among the various routers accor...

Страница 188: ...1 inter e2 metric value 0 16 Description Route redistribution allows routers on the network that are running different routing protocols to exchange routing information This is accomplished by comparing the routes stored in the various router s routing tables and assigning appropriate metrics This information is then exchanged among the various routers according to the individual routers current r...

Страница 189: ...f src rip mettype type_1 metric 2 Success DES 3800 admin delete route redistribute Purpose Used to delete an existing route redistribute configuration on the Switch Syntax delete route redistribute dst rip ospf src rip static local ospf Description This command will delete the route redistribution settings on this switch Parameters dst rip ospf Allows the selection of the protocol on the destinati...

Страница 190: ...ers src rip static local ospf Allows the selection of the routing protocol on the source device The user may choose between RIP static local or OSPF dst rip ospf Allows the selection of the routing protocol on the destination device The user may choose between RIP and OSPF Restrictions None Example usage To display route redistributions DES 3800 admin show route redistribute Command show route red...

Страница 191: ...nterface all To configure all RIP receiving mode for all IP interfaces authentication enable disable Enables or disables authentication for RIP on the Switch password 16 Allows the specification of a case sensitive password tx_mode Determines how received RIP packets will be interpreted as RIP version V1 only V2 Only or V1 Compatible V1 and V2 This entry specifies which version of the RIP protocol...

Страница 192: ... System rx_mode v1_only Success DES 3800 admin enable rip Purpose Used to enable RIP Syntax enable rip Description This command is used to enable RIP on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable RIP DES 3800 admin enable rip Command enable rip Success DES 3800 admin disable rip Purpose Used to disable RIP Synta...

Страница 193: ...pires the route is marked invalid but is retained until the garbage collection timer expires The default value is 180 garbage_collect_interval The garbage collection interval in seconds for the garbage collection timer When the timeout timer for a route entry expires this route entry has a garbage collection timer associated with it When the garbage collection timer expires this route is deleted T...

Страница 194: ...ctions None Example usage To display RIP configuration DES 3800 admin show rip Command show rip RIP Global State Disabled Update Interval 30 seconds Timeout Interval 180 seconds Garbage collection Interval 120 seconds RIP Interface Settings Interface IP Address Netmask TX Mode RX Mode Authen State State tication System 10 41 44 33 8 V2 Only V1 or V2 Disabled Disabled Total Entries 1 DES 3800 admin...

Страница 195: ...nts of IGMPv3 over version 2 include The introduction of the SSM or Source Specific Multicast In previous versions of IGMP the host would receive all packets sent to the multicast group Now a host will receive packets only from a specific source or sources This is done through the implementation of include and exclude filters used to accept or deny traffic from these specific sources In IGMPv2 Mem...

Страница 196: ...neral query transmissions in seconds max_response_time sec 1 25 Enter the maximum time in seconds that the Switch will wait for reports from members robustness_variable value 1 255 This value states the permitted packet loss that guarantees IGMP last_member_query_interval value 1 25 The Max Response Time inserted into Group Specific Queries and Group and Source specific queries sent in response to...

Страница 197: ...d the command will display the IGMP configuration for that IP interface Parameters ipif_name 12 The name of the IP interface for which the IGMP configuration will be displayed Restrictions None Example usage To display IGMP configurations DES 3800 admin show igmp Command show igmp IGMP Interface Configurations QI Query Interval MRT Maximum Response Time RV Robustness Value LMQI Last Member Query I...

Страница 198: ...o be displayed ipif_name 12 The name of the IP interface of which the IGMP group is a member Restrictions None Example usage To display IGMP group table DES 3800 admin show igmp group Command show igmp group Interface Multicast Group Last Reporter IP Querier IP Expire System 224 0 0 2 10 42 73 111 10 48 74 122 260 System 224 0 0 9 10 20 53 1 10 48 74 122 260 System 224 0 1 24 10 18 1 3 10 48 74 12...

Страница 199: ...ax enable autoconfig Description When this function is enabled the system ip interface will be changed to DHCP mode immediately After rebooting the system it will try to get the configuration file from the TFTP server whose information is configured in the DHCP server When the system gets the configuration file from the TFTP server it will apply the configuration to the system If the system fails ...

Страница 200: ...Administrator or Operator level users can issue this command Example usage To disable autoconfig DES 3800 admin disable autoconfig Command disable autoconfig Success DES 3800 admin show autoconfig Purpose Shows the auto configuration settings Syntax show autoconfig Description Shows the current auto config setting Parameters None Restrictions Only Administrator or Operator level users can issue th...

Страница 201: ...NS relay function on the Switch Parameters primary Indicates that the IP address below is the address of the primary DNS server secondary Indicates that the IP address below is the address of the secondary DNS server nameserver ipaddr The IP address of the DNS nameserver add delete Indicates whether to add or delete the DNS relay function domain_name 32 The domain name of the entry ipaddr The IP a...

Страница 202: ...lay on the Switch Parameters cache This parameter will allow the user to enable the cache lookup for the DNS rely on the Switch static This parameter will allow the user to enable the static table lookup for the DNS rely on the Switch Restrictions Only Administrator or Operator level users can issue this command Example usage To enable status of DNS relay DES 3800 admin enable dnsr Command enable ...

Страница 203: ...lay on the Switch static This parameter will allow the user to disable the static table lookup for the DNS relay on the Switch Restrictions Only Administrator or Operator level users can issue this command Example usage To disable status of DNS relay DES 3800 admin disable dnsr Command disable dnsr Success DES 3800 admin Example usage To disable cache lookup for DNS relay DES 3800 admin disable dn...

Страница 204: ...static entries into the DNS relay table If this parameter is omitted the entire DNS relay table will be displayed Restrictions None Example usage To display DNS relay status DES 3800 admin show dnsr Command show dnsr DNSR Status Disabled Primary Name Server 0 0 0 0 Secondary Name Server 0 0 0 0 DNSR Cache Status Disabled DNSR Static Cache Table Status Disabled DNS Relay Static Table Domain Name IP...

Страница 205: ...for which DVMRP is to be configured all Specifies that DVMRP is to be configured for all IP interfaces on the Switch metric value 1 31 Allows the assignment of a DVMRP route cost to the above IP interface A DVMRP route cost is a relative number that represents the real cost of using this route in the construction of a multicast delivery tree It is similar to but not defined as the hop count in RIP...

Страница 206: ...mand below is used to enable and disable DVMRP on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable DVMRP DES 3800 admin enable dvmrp Command enable dvmrp Success DES 3800 admin disable dvmrp Purpose Used to disable DVMRP Syntax disable dvmrp Description This command is used in combination with the enable dvmrp command...

Страница 207: ...vmrp routing_table DVMRP Routing Table Source Address Netmask Upstream Neighbor Metric Learned Interface Expire 10 0 0 0 8 10 90 90 90 2 Local System 20 0 0 0 8 20 1 1 1 2 Local ip2 117 30 0 0 0 8 30 1 1 1 2 Dynamic ip3 106 Total Entries 3 DES 3800 admin show dvmrp neighbor Purpose Used to display the DVMRP neighbor table Syntax show dvmrp neighbor ipif ipif_name 12 ipaddress network_address Descr...

Страница 208: ...P routing next hop table Parameters ipif_name 12 The name of the IP interface for which to display the current DVMRP routing next hop table ipaddress network_address The IP address and netmask of the destination The address and mask information can be specified using the traditional format for example 10 1 2 3 255 0 0 0 or in CIDR format 10 1 2 3 8 Restrictions None Example usage To display DVMRP ...

Страница 209: ...current DVMRP routing table Parameters ipif_name 12 This parameter will allow the user to display DVMRP settings for a specific IP interface Restrictions None Example usage To show DVMRP configurations DES 3800 admin show dvmrp Command show dvmrp DVMRP Global State Disabled Interface IP Address Neighbor Timeout Probe Metric State System 10 90 90 90 8 35 10 1 Disabled Trinity 12 1 1 1 8 35 10 1 Ena...

Страница 210: ...w ipmc cache group group ipaddress network_address Description This command will display the current IP multicast forwarding cache Parameters group group The multicast group IP address ipaddress network_address The IP address and netmask of the source The address and mask information can be specified using the traditional format for example 10 1 2 3 255 0 0 0 or in CIDR format 10 1 2 3 8 Restricti...

Страница 211: ...play only those entries that are related to the DVMRP protocol pim Specifying this parameter will display only those entries that are related to the PIM protocol Restrictions None Usage example To display the current IP multicast interface table by DVMRP entry DES 3800 admin show ipmc protocol dvmrp Command show ipmc protocol dvmrp Interface Name IP Address Multicast Routing System 10 90 90 90 DVM...

Страница 212: ...5 Dynamic v101 100 0 1 100 21 Dynamic v101 100 0 1 101 21 Dynamic v102 100 0 2 101 21 Dynamic v103 100 0 3 100 21 Dynamic v103 100 0 3 101 21 Dynamic v104 100 0 4 100 21 Dynamic v104 100 0 4 101 21 Dynamic v105 100 0 5 100 21 Dynamic v105 100 0 5 101 21 Dynamic v106 100 0 6 100 21 Dynamic v106 100 0 6 101 21 Dynamic v107 100 0 7 100 21 Dynamic v107 100 0 7 101 21 Dynamic v108 100 0 8 100 21 Dynami...

Страница 213: ...ID The user may enter a key ranging from 1 to 255 password An MD5 password of up to 16 bytes Restrictions Only Administrator or Operator level users can issue this command Usage example To create an entry in the MD5 key table DES 3800 admin create md5 key 1 dlink Command create md5 key 1 dlink Success DES 3800 admin config md5 key Purpose Used to enter configure the password for an MD5 key Syntax ...

Страница 214: ...and Usage example To delete an entry in the MD5 key table DES 3800 admin delete md5 key 1 Command delete md5 key 1 Success DES 3800 admin show md5 Purpose Used to display an MD5 key table Syntax show md5 key key_id 1 255 Description This command will display the current MD5 key table Parameters key_id 1 255 The MD5 key ID to be displayed Restrictions Only Administrator or Operator level users can ...

Страница 215: ..._address lsdb_type summary config ospf aggregation area_id network_address lsdb_type summary advertise enable disable show ospf aggregation area_id show ospf lsdb area area_id advertise_router ipaddr type rtrlink netlink summary assummary asextlink show ospf neighbor ipaddr show ospf virtual_neighbor area_id neighbor_id config ospf ipif ipif ipif_name 12 all area area_id priority value hello_inter...

Страница 216: ... 74 122 Success DES 3800 admin enable ospf Purpose Used to enable OSPF on the Switch Syntax enable ospf Description This command in combination with the disable ospf command below is used to enable and disable OSPF on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Usage example To enable OSPF on the Switch DES 3800 admin enable ospf Comman...

Страница 217: ...Area Aggregation settings OSPF Host Route settings Parameters None Restrictions None Usage example To show OSPF state DES 3800 admin show ospf Command show ospf OSPF Router ID 10 1 1 2 State Enabled Default Information Originate Enabled Not Always Metric Type 1 Metric Value 20 OSPF Interface Settings Interface IP Address Netmask Area ID State Link Metric Status System 10 90 90 90 8 0 0 0 0 Disable...

Страница 218: ...metric value 0 65535 Description This command is used to create an OSPF area and configure its settings Parameters area_id The OSPF area ID The user may enter a 32 bit number in the form of an IP address xxx xxx xxx xxx that uniquely identifies the OSPF area in the OSPF domain type normal stub The OSPF area mode of operation stub or normal stub_summary enable disable Enables or disables the OSPF a...

Страница 219: ...metric value 0 65535 Description This command is used to configure an OSPF area s settings Parameters area_id The OSPF area ID The user may enter a 32 bit number in the form of an IP address xxx xxx xxx xxx that uniquely identifies the OSPF area in the OSPF domain type normal stub Allows the specification of the OSPF mode of operation stub or normal stub_summary enable disable Allows the OSPF area...

Страница 220: ... Syntax create ospf host_route ipaddr area area_id metric value 1 65535 Description This command is used to configure the OSPF host route settings Parameters ipaddr The host s IP address area_id A 32 bit number in the form of an IP address xxx xxx xxx xxx that uniquely identifies the OSPF area in the OSPF domain metric value 1 65535 A metric between 1 and 65535 which will be advertised Restriction...

Страница 221: ...a_id A 32 bit number in the form of an IP address xxx xxx xxx xxx that uniquely identifies the OSPF area in the OSPF domain value A metric between 1 and 65535 that will be advertised for the route Restrictions Only Administrator or Operator level users can issue this command Usage example To configure an OSPF host route DES 3800 admin config ospf host_route 10 48 74 122 area 10 1 1 1 metric 2 Comm...

Страница 222: ...strator or Operator level users can issue this command Usage example To create an OSPF area aggregation DES 3800 admin create ospf aggregation 10 1 1 1 10 48 76 122 16 lsdb_type summary advertise enable Command create ospf aggregation 10 1 1 1 10 48 76 122 16 lsdb_type summary advertise enable Success DES 3800 admin delete ospf aggregation Purpose Used to delete an OSPF area aggregation configurat...

Страница 223: ... to the OSPF Area lsdb_type summary Specifies the type of address aggregation advertise enable disable Allows for the advertisement trigger to be enabled or disabled Restrictions Only Administrator or Operator level users can issue this command Usage example To configure the OSPF area aggregation settings DES 3800 admin config ospf aggregation 10 1 1 1 10 48 76 122 16 lsdb_type summary advertise e...

Страница 224: ... The type of link Restrictions None NOTE When this command displays a a star symbol in the OSPF LSDB table for the area_id or the Cost this is interpreted as no area ID for external LSAs and as no cost given for the advertised link Usage example To display the link state database of OSPF DES 3800 admin show ospf lsdb Command show ospf lsdb Area LSDB Advertising Link State Cost Sequence ID Type Rou...

Страница 225: ...ber in the form of an IP address xxx xxx xxx xxx that uniquely identifies the OSPF area in the OSPF domain neighbor_id The OSPF router ID for the neighbor This is a 32 bit number in the form of an IP address xxx xxx xxx xxx that uniquely identifies the remote area s Area Border Router Restrictions None Usage example To display the current OSPF virtual neighbor table DES 3800 admin show ospf virtua...

Страница 226: ...terface metric 1 to 65535 Entering a 0 will allow automatic calculation of the metric authentication Enter the type of authentication preferred The user may choose between none Choosing this parameter will require no authentication simple password 8 Choosing this parameter will set a simple authentication which includes a case sensitive password of no more than 8 characters md5 key_id 1 255 Choosi...

Страница 227: ...rval 40 Transmit Delay 1 Retransmit Time 5 Authentication None Total Entries 1 DES 3800 admin show ospf all Purpose Used to display the current OSPF settings of all the OSPF interfaces on the Switch Syntax show ospf all Description This command will display the current OSPF settings for all OSPF interfaces on the Switch Parameters None Restrictions Only Administrator or Operator level users can is...

Страница 228: ...etween the transmission of OSPF Hello packets in seconds Between 1 and 65535 seconds can be specified The Hello Interval Dead Interval Authorization Type and Authorization Key should be the same for all routers on the same network dead_interval sec 1 65535 Allows the specification of the length of time between the receipt of Hello packets from a neighbor router before the selected area declares th...

Страница 229: ... Interval Authorization Type and Authorization Key should be the same for all routers on the same network dead_interval sec 1 65535 Allows the specification of the length of time between the receipt of Hello packets from a neighbor router before the selected area declares that router down An interval between 1 and 65535 seconds can be specified The Dead Interval must be evenly divisible by the Hel...

Страница 230: ...delete ospf virtual_link 10 1 12 20 1 1 1 Success DES 3800 admin show ospf virtual_link Purpose Used to display the current OSPF virtual interface configuration Syntax show ospf virtual_link area_id neighbor_id Description This command will display the current OSPF virtual interface configuration Parameters area_id A 32 bit number in the form of an IP address xxx xxx xxx xxx that uniquely identifi...

Страница 231: ... enable If the advertising router already has a default route advertise it into OSPF Otherwise generate a default route and advertise it into OSPF disable The default route will only be advertised when the default route exists in the redistributed routes mettype Specifies the type of AS external route metric Specifies the cost of the default route to be advertised into OSPF The range is from 0 to ...

Страница 232: ...e end_date 1 31 e_mth end_mth 1 12 e_time end_time hh mm offset 30 60 90 120 show time Each command is listed in detail in the following sections config sntp Purpose Used to setup SNTP service Syntax config sntp primary ipaddr secondary ipaddr poll interval int 30 99999 Description Use this command to configure SNTP service from an SNTP server SNTP must be enabled for this command to function See ...

Страница 233: ...To display SNTP configuration information DES 3800 admin show sntp Command show sntp Current Time Source System Clock SNTP Disabled SNTP Primary Server 10 1 1 1 SNTP Secondary Server 10 1 1 2 SNTP Poll Interval 30 sec DES 3800 admin enable sntp Purpose To enable SNTP server support Syntax enable sntp Description This will enable SNTP support SNTP service must be separately configured see config sn...

Страница 234: ...e settings Syntax config time date ddmmmyyyy time hh mm ss Description This will configure the system time and date settings These will be overridden if SNTP is configured and enabled Parameters date Express the date using two numerical characters for the day of the month three alphabetical characters for the name of the month and four numerical characters for the year For example 03aug2003 time E...

Страница 235: ...or level users can issue this command Example usage To configure time zone settings DES 3800 admin config time_zone operator hour 2 min 30 Command config time_zone operator hour 2 min 30 Success DES 3800 admin config dst Purpose Used to enable and configure time adjustments to allow for the use of Daylight Savings Time DST Syntax config dst disable repeating s_week start_week 1 4 last s_day start_...

Страница 236: ...figure the day of the week in which DST begins start_day sun sat The day of the week in which DST begins expressed using a three character abbreviation sun mon tue wed thu fri sat e_day Configure the day of the week in which DST ends end_day sun sat The day of the week in which DST ends expressed using a three character abbreviation sun mon tue wed thu fri sat s_mth Configure the month in which DS...

Страница 237: ...splay the current time settings and status Syntax show time Description This will display system time and date configuration as well as display current system time Parameters None Restrictions None Example usage To show the time currently set on the Switch s System clock DES 3800 admin show time Command show time Current Time Source System Clock Boot Time 0 Days 00 00 00 Current Time 1 Days 01 39 ...

Страница 238: ...le max_learning_addr max_lock_no 0 16 lock_address_mode Permanent DeleteOnTimeout DeleteOnReset Description This command allows for the configuration of the port security feature Only the ports listed in the portlist are affected Parameters portlist Specifies a port or range of ports to be configured all Configure port security for all ports on the Switch admin_state enable disable Enable or disab...

Страница 239: ...ss previously learned by the port which the user wishes to delete port port Enter the port number which has learned the previously entered MAC address Restrictions Only Administrator or Operator level users can issue this command Example usage To delete a port security entry DES 3800 admin delete port_security_entry vlan_name default mac_address 00 01 30 10 2C C7 port 6 Command delete port_securit...

Страница 240: ... ports 1 5 Command show port_security ports 1 5 Port Admin State Max Learning Addr Lock Address Mode 1 Disabled 1 DeleteOnReset 2 Disabled 1 DeleteOnReset 3 Disabled 1 DeleteOnReset 4 Disabled 1 DeleteOnReset 5 Disabled 1 DeleteOnReset CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh enable port_security trap_log Purpose Used to enable the trap log for port security Syntax enable port...

Страница 241: ...with the enable port_security trap_log will enable and disable the sending of log messages to the Switch s log and SNMP agent when the port security of the Switch has been triggered Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable the port security trap log setting DES 3800 admin enable port_security trap_log Command enable port...

Страница 242: ...table notification on the Switch Syntax enable mac_notification Description This command is used to enable MAC address notification without changing configuration Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable MAC notification without changing basic configuration DES 3800 admin enable mac_notification Command enable mac_notifi...

Страница 243: ...sage To configure the Switch s MAC address table notification global settings DES 3800 admin config mac_notification interval 1 historysize 500 Command config mac_notification interval 1 historysize 500 Success DES 3800 admin config mac_notification ports Purpose Used to configure MAC address notification status settings Syntax config mac_notification ports portlist all enable disable Description ...

Страница 244: ...terval 1 History Size 1 DES 3800 admin show mac_notification ports Purpose Used to display the Switch s MAC address table notification status settings Syntax show mac_notification ports portlist Description This command is used to display the Switch s MAC address table notification status settings Parameters portlist Specify a port or group of ports to be viewed Entering this command without the p...

Страница 245: ...t Ethernet Managed Switch CLI Manual 241 9 Disabled 10 Disabled 11 Disabled 12 Disabled 13 Disabled 14 Disabled 15 Disabled 16 Disabled 17 Disabled 18 Disabled 19 Disabled 20 Disabled CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh ...

Страница 246: ... the SSH Server 4 Finally enable SSH on the Switch using the enable ssh command After following the above steps you can configure an SSH Client on the remote PC and manage the Switch using secure in band communication The Secure Shell SSH commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters enable ssh disable ssh conf...

Страница 247: ...e the SSH authentication mode for users attempting to access the Switch Parameters password This parameter may be chosen if the administrator wishes to use a locally configured password for authentication on the Switch publickey This parameter may be chosen if the administrator wishes to use a publickey configuration set on a SSH server for authentication hostbased This parameter may be chosen if ...

Страница 248: ...ion int 1 8 timeout sec 120 600 authfail int 2 20 rekey 10min 30min 60min never Description This command allows you to configure the SSH server Parameters maxsession int 1 8 Allows the user to set the number of users that may simultaneously access the Switch The default setting is 8 contimeout sec 120 600 Allows the user to set the connection timeout The user may set a time between 120 and 600 sec...

Страница 249: ... DES 3800 admin config ssh user Purpose Used to configure the SSH user Syntax config ssh user username authmode hostbased hostname domain_name hostname_IP domain_name ipaddr password publickey Description This command allows configuration of the SSH user authentication method Parameters username Enter a username of no more than 15 characters to identify the SSH user authmode Specifies the authenti...

Страница 250: ...h user Trinity authmode Password Success DES 3800 admin show ssh user Purpose Used to display the SSH user setting Syntax show ssh user Description This command allows you to display the current SSH user setting Parameters None Restrictions Only Administrator level users can issue this command Example usage To display the SSH user DES 3800 admin show ssh user Command show ssh user Current Accounts...

Страница 251: ...rameter will enable or disable the Arcfour encryption algorithm blowfish This parameter will enable or disable the Blowfish encryption algorithm cast128 This parameter will enable or disable the Cast128 encryption algorithm twofish128 This parameter will enable or disable the twofish128 encryption algorithm twofish192 This parameter will enable or disable the twofish192 encryption algorithm MD5 Th...

Страница 252: ... ssh algorithm Encryption Algorithm 3DES Enabled AES128 Enabled AES192 Enabled AES256 Enabled arcfour Enabled blowfish Enabled cast128 Enabled twofish128 Enabled twofish192 Enabled twofish256 Enabled Data Integrity Algorithm MD5 Enabled SHA1 Enabled Public Key Algorithm RSA Enabled DSA Enabled DES 3800 admin config ssh regenerate hostkey Purpose Used to regenerate the host key for the SSH algorith...

Страница 253: ...xStack DES 3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual 249 DES 3800 admin config ssh regenerate hostkey Command config ssh regenerate hostkey Success DES 3800 admin ...

Страница 254: ...nable jumbo_frame Purpose Used to enable the jumbo frame function on the Switch Syntax enable jumbo_frame Description This command will allow ethernet frames larger than 1536 bytes to be processed by the Switch The maximum size of the jumbo frame may not exceed 9220 bytes Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable the jumb...

Страница 255: ..._frame Purpose Used to show the status of the jumbo frame function on the Switch Syntax show jumbo_frame Description This command will show the status of the jumbo frame function on the Switch Parameters None Restrictions None Usage Example To show the jumbo frame status currently configured on the Switch DES 3800 admin show jumbo_frame Command show jumbo_frame Off DES 3800 admin ...

Страница 256: ...ord and the user is granted normal user privileges on the Switch B The server will not accept the username and password and the user is denied access to the Switch C The server doesn t respond to the verification query At this point the Switch receives the timeout from the server and then moves to the next method of verification configured in the method list The Switch has four built in server gro...

Страница 257: ...ault method_list_name string 15 method tacacs xtacacs tacacs radius server_group string 15 local_enable none delete authen_enable method_list_name string 15 show authen_enable default method_list_name string 15 all config authen application console telnet ssh http all login enable default method_list_name string 15 show authen application create authen server_group string 15 config authen server_g...

Страница 258: ... Example usage To enable the system access authentication policy DES 3800 admin enable authen_policy Command enable authen_policy Success DES 3800 admin disable authen_policy Purpose Used to disable system access authentication policy Syntax disable authen_policy Description This command will disable the administrator defined authentication policy for users trying to access the Switch When disable...

Страница 259: ...uthentication techniques for user login The Switch can support up to eight method lists but one is reserved as a default and cannot be deleted Multiple method lists must be created and configured separately Parameters string 15 Enter an alphanumeric string of up to 15 characters to define the given method list Restrictions Only Administrator level users can issue this command Example usage To crea...

Страница 260: ...ticated using the XTACACS protocol from the remote XTACACS server hosts of the XTACACS server group list tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from the remote TACACS server hosts of the TACACS server group list radius Adding this parameter will require the user to be authenticated using the RADIUS protocol from the remote RADIUS server hos...

Страница 261: ...uthentication methods XTACACS TACACS and local in that order DES 3800 admin config authen_login default method xtacacs tacacs local Command config authen_login default method xtacacs tacacs local Success DES 3800 admin delete authen_login method_list_name Purpose Used to delete a previously configured user defined method list of authentication methods for users logging on to the Switch Syntax dele...

Страница 262: ... Defines which order the method list protocols will be queried for authentication when a user attempts to log on to the Switch Priority ranges from 1 highest to 4 lowest Method Name Defines which security protocols are implemented per method list name Comment Defines the type of Method User defined Group refers to server group defined by the user Built in Group refers to the TACACS XTACACS TACACS ...

Страница 263: ...defined method list of authentication methods for promoting normal user level privileges to Administrator level privileges on the Switch Syntax config authen_enable default method_list_name string 15 method tacacs xtacacs tacacs radius server_group string 15 local_enable none Description This command is used to promote users with normal level privileges to Administrator level privileges using auth...

Страница 264: ... local user account database on the Switch none Adding this parameter will require no authentication to access the Switch method_list_name Enter a previously implemented method list name defined by the user create authen_enable The user may add one or a combination of up to four 4 of the following authentication methods to this method list tacacs Adding this parameter will require the user to be a...

Страница 265: ...cs tacacs local Success DES 3800 admin delete authen_enable method_list_name Purpose Used to delete a user defined method list of authentication methods for promoting normal user level privileges to Administrator level privileges on the Switch Syntax delete authen_enable method_list_name string 15 Description This command is used to delete a user defined method list of authentication methods for p...

Страница 266: ...sly configured method list name Priority Defines which order the method list protocols will be queried for authentication when a user attempts to log on to the Switch Priority ranges from 1 highest to 4 lowest Method Name Defines which security protocols are implemented per method list name Comment Defines the type of Method User defined Group refers to server groups defined by the user Built in G...

Страница 267: ... Shell login method http Choose this parameter to configure the web interface login method all Choose this parameter to configure all applications console telnet ssh web login method login Use this parameter to configure an application for normal login on the user level using a previously configured method list enable Use this parameter to configure an application for upgrading a normal user level...

Страница 268: ...65535 key key_string 254 none timeout int 1 255 retransmit 1 255 Description This command will create an authentication server host for the TACACS XTACACS TACACS RADIUS security protocols on the Switch When a user attempts to access the Switch with authentication protocol enabled the Switch will send authentication packets to a remote TACACS XTACACS TACACS RADIUS server host on a remote host The T...

Страница 269: ...10 1 1 121 protocol tacacs port 1234 timeout 10 retransmit 5 Command create authen server_host 10 1 1 121 protocol tacacs port 1234 timeout 10 retransmit 5 Success DES 3800 admin config authen server_host Purpose Used to configure a user defined authentication server host Syntax create authen server_host ipaddr protocol tacacs xtacacs tacacs radius port int 1 65535 key key_string 254 none timeout ...

Страница 270: ...ion request when the server does not respond This field is inoperable for the TACACS protocol Restrictions Only Administrator level users can issue this command Example usage To configure a TACACS authentication server host with port number 4321 a timeout value of 12 seconds and a retransmit count of 4 DES 3800 admin config authen server_host 10 1 1 121 protocol tacacs port 4321 timeout 12 retrans...

Страница 271: ... address of the authentication server host Protocol The protocol used by the server host Possible results will include TACACS XTACACS TACACS or RADIUS Port The virtual port number on the server host The default value is 49 Timeout The time in seconds the Switch will wait for the server host to reply to an authentication request Retransmit The value in the retransmit field denotes how many times th...

Страница 272: ... will configure an authentication server group A server group is a technique used to group TACACS XTACACS TACACS RADIUS server hosts into user defined categories for authentication using method lists The user may define the type of server group by protocol or by previously defined server group Up to eight 8 authentication server hosts may be added to any particular group Parameters server_group Th...

Страница 273: ...s parameter to define the protocol if the server host is using the RADIUS authentication protocol Restrictions Only Administrator level users can issue this command Example usage To add an authentication host to server group group_1 DES 3800 admin config authen server_group group_1 add server_host 10 1 1 121 protocol tacacs Command config authen server_group group_1 add server_host 10 1 1 121 prot...

Страница 274: ...tly set on the Switch DES 3800 admin show authen server_group Command show authen server_group Group Name IP Address Protocol Darren 10 53 13 2 TACACS tacacs 10 53 13 94 TACACS tacacs This group has no entry xtacacs This group has no entry Total Entries 4 DES 3800 admin config authen parameter response_timeout Purpose Used to configure the amount of time the Switch will wait for a user to enter au...

Страница 275: ... Administrator level users can issue this command Example usage To set the maximum number of authentication attempts at 5 DES 3800 admin config authen parameter attempt 5 Command config authen parameter attempt 5 Success DES 3800 admin show authen parameter Purpose Used to display the authentication parameters currently configured on the Switch Syntax show authen parameter Description This command...

Страница 276: ...ers None Restrictions Only when user logins the device successfully though TACACS XTACACS TACACS server or none method can use this command to promote privileges Example usage To enable administrator privileges on the Switch DES 3800 admin enable admin Password DES 3800 admin config admin local_enable Purpose Used to configure the local enable password for administrator level privileges Syntax con...

Страница 277: ...lling Station ID NAS Identifier This command is dependant on the configuration of a RADIUS server both on the Switch and remotely so that the RADIUS server has the proper configurations to both collect and process the information that is being relayed to it by the Switch Parameters type Choose the type of accounting that the Switch will use The user may choose one of the following two choices exec...

Страница 278: ...ccount Session ID Account Session Time Account Status Type Username Account Terminate Cause Service Type Account Authentic NAS IP Address Account Delay Time Calling Station ID NAS Identifier This feature is dependant on the configuration of a RADIUS server both on the Switch and remotely so that the RADIUS server has the proper configurations to both collect and process the information that is bei...

Страница 279: ...han one hop away from the CS The SIM group is a group of switches that are managed as a single entity The DES 3800 Series may take on three different roles Commander Switch CS This is a switch that has been manually configured as the controlling device for a group and takes on the following characteristics It has an IP Address It is not a Commander Switch or Member Switch of another Single IP grou...

Страница 280: ...ad its MAC address and password saved to the CS s database if a reboot occurs in the MS the CS will keep this MS information in its database and when a MS has been rediscovered it will add the MS back into the SIM tree automatically No configuration will be necessary to rediscover these switches There are some instances where pre saved MS switches cannot be rediscovered For example if the Switch i...

Страница 281: ...se Used to disable Single IP Management SIM on the Switch Syntax disable sim Description This command will disable SIM globally on the Switch Parameters None Restrictions Only Administrator level users can issue this command Example usage To disable SIM on the Switch DES 3800 admin disable sim Command disable sim Success DES 3800 admin show sim Purpose Used to view the current information regardin...

Страница 282: ...umber listed from 1 to 100 members member_id 1 32 Entering this parameter will display information concerning members of the SIM group To view a specific member include that member s id number listed from 1 to 32 group commander_mac macaddr Entering this parameter will display information concerning the SIM group To view a specific group include the commander s MAC address of the group neighbor En...

Страница 283: ...ber 1 ID MAC Address Platform Hold Firmware Device Name Capability Time Version 1 00 01 02 03 04 00 DES 3828 L3 Switch 40 3 00 B15 The Man Total Entries 2 DES 3800 admin To show other groups information in summary DES 3800 admin show sim group Command show sim group SIM Group Name default ID MAC Address Platform Hold Firmware Device Name Capability Time Version 1 00 01 02 03 04 00 DES 3828 L3 Swit...

Страница 284: ... managing the commander switch Restrictions Only Administrator level users can issue this command Example usage To connect to the MS with member ID 2 through the CS using the command line interface DES 3800 admin reconfig member_id 2 Command reconfig member_id 2 DES 3800 admin Login config sim_group Purpose Used to add candidates and delete members from the SIM group Syntax config sim_group add ca...

Страница 285: ...e name of the group Enter an alphanumeric string of up to 64 characters to rename the SIM group dp_interval 30 90 The user may set the discovery protocol interval in seconds that the Switch will send out discovery packets Returning information to the CS will include information about other switches connected to it Ex MS CaS The user may set the dp_interval from 30 to 90 seconds hold time sec 100 2...

Страница 286: ..._interval 40 Command config sim commander dp_interval 40 Success DES 3800 admin To change the hold time of the discovery protocol DES 3800 admin config sim hold_time 120 Command config sim hold_time 120 Success DES 3800 admin To transfer the CS commander to be a CaS candidate DES 3800 admin config sim candidate Command config sim candidate Success DES 3800 admin To transfer the Switch to be a CS D...

Страница 287: ...he firmware or switch on the TFTP server members Enter this parameter to specify the members the user prefers to download firmware or switch configuration files to The user may specify a member or members by adding one of the following mslist 1 32 Enter a value or values to specify which members of the SIM group will receive the firmware or switch configuration all Add this parameter to specify al...

Страница 288: ... to upload a switch configuration to members of a SIM group log_to_tftp Specify this parameter to download a switch log to members of a SIM group ipaddr Enter the IP address of the TFTP server to upload a configuration file to path_filename Enter a user defined path and file name on the TFTP server to which to upload configuration files members Enter this parameter to specify the members the user ...

Страница 289: ...spective spanning trees Each switch utilizing the MSTP on a network will have a single MSTP configuration that will have the following three attributes a A configuration name defined by an alphanumeric string of up to 32 characters defined in the config stp mst_config_id command as name string b A configuration revision number named here as a revision_level and c A 4096 element table defined here ...

Страница 290: ...trictions Only Administrator or Operator level users can issue this command Example usage To enable STP globally on the Switch DES 3800 admin enable stp Command enable stp Success DES 3800 admin disable stp Purpose Used to globally disable STP on the Switch Syntax disable stp Description This command allows the Spanning Tree Protocol to be globally disabled on the Switch Parameters None Restrictio...

Страница 291: ...witch All commands here will be implemented for the STP version that is currently set on the Switch Parameters maxage value 6 40 This value may be set to ensure that old information does not endlessly circulate through redundant paths in the network preventing the effective propagation of the new information Set by the Root Bridge this value will aid in determining that the Switch has spanning tre...

Страница 292: ...e true false p2p true false auto state enable disable fbpdu enable disable Description This command is used to create and configure STP for a group of ports Parameters portlist Specifies a range of ports to be configured The beginning and end of the port list range are separated by a dash For example 1 4 specifies all of the ports between port 1 and port 4 externalCost This defines a metric that i...

Страница 293: ...cannot maintain this status for example if the port is forced to half duplex operation the p2p status changes to operate as if the p2p value were false The default setting for this parameter is auto state enable disable Allows STP to be enabled or disabled for the ports specified in the port list The default is enable fbpdu enable disable Allows the forwarding of STP BPDU packets from other networ...

Страница 294: ...nstance_id must be mapped identically and have the same configuration revision_level number and the same name Parameters value 1 4 Enter a number between 1 and 4 to define the instance_id The Switch supports 16 STP regions with one unchangeable default instance ID set as 0 add_vlan Along with the vid_range vidlist parameter this command will add VIDs to the previously configured STP instance_id re...

Страница 295: ...o update the STP instance configuration settings on the Switch The MSTP will utilize the priority in selecting the root bridge root port and designated port Assigning higher priorities to STP regions will instruct the Switch to give precedence to the selected instance_id for forwarding packets The lower the priority value set the higher the priority Parameters priority value 0 61440 Select a value...

Страница 296: ...e To configure the MSTP region of the Switch with revision_level 10 and the name Trinity DES 3800 admin config stp mst_config_id revision_level 10 name Trinity Command config stp mst_config_id revision_level 10 name Trinity Success DES 3800 admin config stp mst_ports Purpose Used to update the port configuration for a MSTP instance Syntax config stp mst_ports portlist instance_id value 0 4 interna...

Страница 297: ... A higher priority will designate the interface to forward packets first A lower number denotes a higher priority Restrictions Only Administrator or Operator level users can issue this command Example usage To designate ports 1 to 2 on with instance ID 1 to have an auto internalCost and a priority of 0 DES 3800 admin config stp mst_ports 1 2 instance_id 1 internalCost auto priority 0 Command confi...

Страница 298: ...ntax show stp ports portlist Description This command displays the STP Instance Settings and STP Instance Operational Status currently implemented on the Switch Parameters portlist Specifies a range of ports to be configured The beginning and end of the port list range are separated by a dash For example 1 4 specifies all of the ports between port 1 and port 4 Restrictions None Example usage To sh...

Страница 299: ...nce_id 0 Command show stp instance_id 0 STP Instance Settings Instance Type CIST Instance Status Enabled Instance Priority 32768 bridge priority 32768 sys ID ext 0 STP Instance Operational Status Designated Root Bridge 32766 00 90 27 39 78 E2 External Root Cost 200012 Regional Root Bridge 32768 00 53 13 1A 33 24 Internal Root Cost 0 Designated Bridge 32768 00 50 BA 71 20 D6 Root Port 1 Max Age 20 ...

Страница 300: ...3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual 296 Current MST Configuration Identification Configuration Name 00 10 20 33 45 00 Revision Level 0 MSTI ID Vid list CIST 1 4094 DES 3800 admin ...

Страница 301: ...ncryption Standard DES to create the encrypted text 3 Hash Algorithm This part of the ciphersuite allows the user to choose a message digest function which will determine a Message Authentication Code This Message Authentication Code will be encrypted with a sent message to provide integrity and prevent against replay attacks The Switch supports two hash algorithms MD5 Message Digest 5 and SHA Sec...

Страница 302: ...hange CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm DHE_DSS_with_3DES_EDE_CBC_SHA This ciphersuite combines the DSA Diffie Hellman key exchange CBC Block Cipher 3DES_EDE encryption and SHA Hash Algorithm RSA_EXPORT_with_RC4_40_MD5 This ciphersuite combines the RSA Export key exchange stream cipher RC4 encryption with 40 bit keys The ciphersuites are enabled by default on the Swit...

Страница 303: ..._RC4_128_MD5 This ciphersuite combines the RSA key exchange stream cipher RC4 encryption with 128 bit keys and the MD5 Hash Algorithm RSA_with_3DES_EDE_CBC_SHA This ciphersuite combines the RSA key exchange CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm DHE_DSS_with_3DES_EDE_CBC_SHA This ciphersuite combines the DSA Diffie Hellman key exchange CBC Block Cipher 3DES_EDE encryption ...

Страница 304: ...hange ID stays valid before the SSL module will require a new full SSL negotiation for connection The default cache timeout is 600 seconds Restrictions None Example usage To set the SSL cachetimeout for 7200 seconds DES 3800 admin config ssl cachetimeout timeout 7200 Command config ssl cachetimeout timeout 7200 Success DES 3800 admin show ssl cachetimeout Purpose Used to show the SSL cache timeout...

Страница 305: ...nformation on the Switch DES 3800 admin show ssl certificate Command show ssl certificate Loaded with RSA Certificate DES 3800 admin download certificate_fromTFTP Purpose Used to download a certificate file for the SSL function on the Switch Syntax download certificate_fromTFTP ipaddr certfilename path_filename 64 keyfilename path_filename 64 Description This command is used to download a certific...

Страница 306: ...e file you wish to download Restrictions Only Administrator or Operator level users can issue this command Example usage To download a certificate file and key file to the Switch DES 3800 admin DES 3800 admin download certificate_fromTFTP 10 53 13 94 certfilename c cert der keyfilename c pkey der Command download certificate_fromTFTP 10 53 13 94 certfilename c cert der keyfilename c pkey der Certi...

Страница 307: ...every VLAN and therefore IP interface on the Switch VRRP routers within the same VRRP group must be consistent in configuration settings for this protocol to function optimally The VRRP commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters enable vrrp ping disable vrrp ping create vrrp vrid vrid 1 255 ipif ipif_name 12...

Страница 308: ...e the VRRP function on the Switch Parameters ping Adding this parameter to the command will stop the virtual IP address from being pinged from other host end nodes to verify connectivity This will only disable the ping connectivity check function To disable the VRRP protocol on the Switch omit this parameter Restrictions Only Administrator or Operator level users can issue this command Example usa...

Страница 309: ...e highest physical IP address as the Master router The default value is 100 The value of 255 is reserved for the router that owns the IP address associated with the virtual router and is therefore set automatically advertisement_interval int 1 255 Enter a time interval value in seconds for sending VRRP message packets This value must be consistent with all routers participating within the same VRR...

Страница 310: ...p vrid 1 ipif Darren ipaddress 11 1 1 1 state enable priority 200 advertisement_interval 1 preempt true critical_ip 10 53 13 224 critical_ip_state enable Command create vrrp vrid 1 ipif Darren ipaddress 11 1 1 1 state enable priority 200 advertisement_interval 1 preempt true critical_ip 10 53 13 224 critical_ip_state enable Success DES 3800 admin ...

Страница 311: ...dress ipaddr Enter the virtual IP address that will be assigned to the VRRP entry This IP address is also the default gateway that will be statically assigned to end hosts and must be set for all routers that participate in this group advertisement_interval int 1 255 Enter a time interval value in seconds for sending VRRP message packets This value must be consistent with all routers participating...

Страница 312: ...terface Parameters ipif Specify the name of interface vrid Specify the ID of Virtual Router Ipaddress The virtual router s IP address state Enable disable the virtual router function priority Specify the priority to be used for the Virtual Router master election process advertisement_interval The time interval in seconds between sending advertisement messages preempt Controls whether a higher prio...

Страница 313: ...ring this parameter indicates that VRRP protocol exchanges will not be authenticated simple authdata string 8 This parameter along with an alphanumeric string of no more than eight characters to set a simple password for comparing VRRP message packets received by a router If the two passwords are not exactly the same the packet will be dropped ip authdata string 16 This parameter will require the ...

Страница 314: ...1 255 Enter the VRRP ID of a VRRP entry for which to view these settings Restrictions None Example usage To view the global VRRP settings currently implemented on the Switch VRRP Enabled DES 3800 admin show vrrp Command show vrrp Global VRRP Enabled Non owner response PING Disabled Interface Name System Authentication type No Authentication VRID 2 Virtual IP Address 10 53 13 3 Virtual MAC Address ...

Страница 315: ...l device Parameters vrid vrid 1 255 Enter the VRRP ID of the virtual router to be deleted Not entering this parameter will delete all VRRP entries on the Switch ipif ipif_name 12 Enter the name of the IP interface which holds the VRRP router to delete Restrictions Only Administrator or Operator level users can issue this command Example usage To delete a VRRP entry DES 3800 admin delete vrrp vrid ...

Страница 316: ... the Switch but do require attention such as unsuccessful downloads or uploads and failed logins Critical Events classified as critical are fatal exceptions occurring on the Switch such as hardware failures or spoofing attacks Parameters Choose one of the following to identify where severity messages are to be sent trap Entering this parameter will define which events occurring on the Switch will ...

Страница 317: ...nt severity settings set on the Switch Syntax show system_severity Description This command is used to view the severity settings that have been implemented on the Switch using the config system_severity command Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To view the system severity settings currently implemented on the Switch DES 38...

Страница 318: ...cp_relay ipif ipif_name 12 enable dhcp_relay disable dhcp_relay Each command is listed in detail in the following sections config dhcp_relay Purpose Used to configure the DHCP BOOTP relay feature of the switch Syntax config dhcp_relay hops value 1 16 time sec 0 65535 Description This command is used to configure the DHCP BOOTP relay feature Parameters hops value 1 16 Specifies the maximum number o...

Страница 319: ...00 admin config dhcp_relay add ipif System 10 58 44 6 Command config dhcp_relay add ipif System 10 58 44 6 Success DES 3800 admin config dhcp_relay delete ipif Purpose Used to delete one or all IP destination addresses from the Switch s DHCP BOOTP relay table Syntax config dhcp_relay delete ipif ipif_name 12 ipaddr Description This command is used to delete an IP destination addresses in the Switc...

Страница 320: ...y the relay agent removes the option 82 field and forwards the packet to the switch port that is connected to the DHCP client that sent the DHCP request Parameters enable Choose this parameter to enable the addition of option 82 information to a packet disable Choose disable the relay agent from inserting and removing DHCP relay information option 82 field in messages between DHCP servers and clie...

Страница 321: ...witch Syntax config dhcp_relay option_82 policy replace drop keep Description This command is used to configure the reforwarding policy of DHCP relay agent information option 82 of the Switch Parameters replace The option 82 field will be replaced if the option 82 field already exists in the packet received from the DHCP client drop The packet will be dropped if the option 82 field already exists ...

Страница 322: ...ay Time Threshold 23 DHCP Relay Agent Information Option 82 State Enabled DHCP Relay Agent Information Option 82 Check Enabled DHCP Relay Agent Information Option 82 Policy Replace Interface Server 1 Server 2 Server 3 Server 4 System 10 58 44 6 DES 3800 admin Example usage To show a single IP destination of the DHCP relay configuration DES 3800 admin show dhcp_relay ipif System Command show dhcp_r...

Страница 323: ...ose Used to disable the DHCP BOOTP relay function on the Switch Syntax disable dhcp_relay Description This command is used to disable the DHCP BOOTP relay function on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To disable DHCP relay DES 3800 admin disable dhcp_relay Command disable dhcp_relay Success DES 3800 admin ...

Страница 324: ...try in the IP MAC Binding Setting window All others will be discarded To configure the ACL mode the user must first create an IP MAC binding using the create address_binding ip_mac ipaddress command and select the mode as acl Then the user must enable the mode by entering the enable address_binding acl_mode command If an IP MAC binding entry is created and the user wishes to change it to an ACL mo...

Страница 325: ...mac_address macaddr blocked all vlan_name vlan_name mac_address macaddr ports delete address_binding ip mac ipaddress ipaddr mac_address macaddr all blocked all vlan_name vlan_name mac_address macaddr enable address_binding acl_mode disable address_binding acl_mode enable address_binding trap_log disable address_binding trap_log show address_binding dhcp_snoop max_entry ports portlist binding_entr...

Страница 326: ...s will be effective If the system is in the acl mode only the acl mode entries will be active acl Choosing this entry will allow only packets from the source IP MAC binding entry created here All other packets with a different IP address will be discarded by the Switch This mode can only be used if the ACL Mode has been enabled in the IP MAC Binding Ports window as seen previously Restrictions Onl...

Страница 327: ...set 48 63 0x00000000 00000000 00000000 00000000 Offset 64 79 0x00000000 00000000 00000000 00000000 Access ID 1 Mode Permit Owner Address_binding Port 1 Offset 0 15 0x00000000 0000ffff ffffffff 00000000 Offset 16 31 0x00000000 00000000 00000000 0000ffff Offset 32 47 0xffff0000 00000000 00000000 00000000 Offset 48 63 0x00000000 00000000 00000000 00000000 Offset 64 79 0x00000000 00000000 00000000 000...

Страница 328: ...f the system is in ARP mode the arp mode entries and acl mode entries will be effective If the system is in the acl mode only the acl mode entries will be active acl Choosing this entry will allow only packets from the source IP MAC binding entry created here All other packets with a different IP address will be discarded by the Switch This mode can only be used if the ACL Mode has been enabled in...

Страница 329: ...nable in strict mode when IP MAC binding DHCP_snoop is enabled it will create an ACL profile and the rules according to the ports If there are not enough profile or rule space for ACL profile or rule table it will return a warning message and will not create ACL profile and rules to capture unicast DHCP packets loose This mode provides a looser way of control If the user selects loose mode ARP pac...

Страница 330: ... device ports The number of enabled ports on a device Parameters all For IP_MAC binding all specifies all the IP MAC binding entries for Blocked Address Binding entries all specifies all the blocked VLANs and their bound physical addresses ipaddr The IP address of the device where the IP MAC binding is made macaddr The MAC address of the device where the IP MAC binding is made vlan_name The VLAN n...

Страница 331: ... will delete all the Address Binding entries Blocked Blocked address binding entries bindings between VLAN names and MAC addresses can be deleted by entering the VLAN name and the physical address of the device To delete all the Blocked Address Binding entries toggle all Parameters ipaddr The IP address of the device where the IP MAC binding is made macaddr The MAC address of the device where the ...

Страница 332: ...mands for creating the IP MAC ACL mode access profile entries Example usage To enable IP MAC Binding ACL mode on the Switch DES 3800 admin enable address_binding acl_mode Command enable address_binding acl_mode Success DES 3800 admin disable address_binding acl_mode Purpose Used to disable the ACL mode for an IP MAC binding entry Syntax disable address_binding acl_mode Description This command alo...

Страница 333: ... Example usage To enable sending of IP MAC Binding trap log messages on the Switch DES 3800 admin enable address_binding trap_log Command enable address_binding trap_log Success DES 3800 admin disable address_binding trap_log Purpose Used to disable the trap log for the IP MAC binding function Syntax disable address_binding trap_log Description This command along with the enable address_binding tr...

Страница 334: ...s_binding dhcp_snoop information Parameters None Restrictions None Example usage To show address_binding dhcp_snoop DES 3800 admin show address_binding dhcp_snoop Command show address_binding dhcp_snoop DHCP_Snoop Enabled DES 3800 admin To show address_binding dhcp_snoop binding_entry DES 3800 admin show address_binding dhcp_snoop binding_entry Command show address_binding dhcp_snoop binding_entry...

Страница 335: ...ss_binding dhcp_snoop max_entry DES 3800 admin show address_binding dhcp_snoop max_entry Command show address_binding dhcp_snoop max_entry Port Max entry 1 5 2 5 3 5 4 5 5 5 6 5 7 5 8 5 9 5 10 5 11 5 12 5 13 5 14 5 15 5 16 5 17 5 18 5 19 5 20 5 21 5 22 5 23 5 24 5 25 5 26 5 27 5 28 5 DES 3800 admin ...

Страница 336: ...le address_binding dhcp_snoop DES 3800 admin enable address_binding dhcp_snoop Command enable address_binding dhcp_snoop Success DES 3800 disable address_binding dhcp_snoop Purpose Used to disable address_binding dhcp_snoop Syntax disable address_binding dhcp_snoop Description User use this command to disable function which entries can be created by DHCP packet Parameters None Restrictions Only Ad...

Страница 337: ...nding dhcp_snoop binding_entry ports 1 3 Success DES 3800 admin config address_binding dhcp_snoop max_entry Purpose Specifies the max number of entries which can be learned by the specified ports Syntax config address_binding dhcp_snoop max_entry ports portlist all limit value 1 10 no_limit Description By default the per port max entry is 5 This command specifies the maximum number of entries whic...

Страница 338: ... if LACP ports will process LACP control frames active Active LACP ports are capable of processing and sending LACP control frames This allows LACP compliant devices to negotiate the aggregated link so the group may be changed dynamically as needs require In order to utilize the ability to change an aggregated port group that is to add or subtract ports from the group at least one of the participa...

Страница 339: ...s as they are currently configured Parameters portlist Specifies a port or range of ports to be configured If no parameter is specified the system will display the current LACP status for all ports Restrictions None Example usage To display LACP port mode settings DES 3800 admin show lacp_port 1 10 Command show lacp_port 1 10 Port Activity 1 Active 2 Active 3 Active 4 Active 5 Active 6 Active 7 Ac...

Страница 340: ...fset 64 79 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff profile_id value 1 5 delete cpu access_profile profile_id value 1 5 config cpu access_profile profile_id value 1 5 add access_id value 1 65535 ethernet vlan vlan_name 32 source_mac macaddr destination_mac macaddr ethernet_type hex 0x0 0xffff permit deny ip vlan vlan_name 32 source_ip ipaddr destination_ip ipaddr...

Страница 341: ...ies that the Switch will examine the VLAN part of each packet header source_mac macmask Specifies to examine the source MAC address mask destination_mac macmask Specifies to examine the destination MAC address mask ethernet_type Specifies that the switch will examine the Ethernet type value in each frame s header ip Specifies that the switch will examine the IP address in each frame s header vlan ...

Страница 342: ...reated with this command Restrictions Only Administrator or Operator level users can issue this command Example usage To create a CPU access profile DES 3800 admin create access_profile ip vlan source_ip_mask 20 0 0 0 destination_ip_mask 10 0 0 0 dscp icmp type code permit profile_id 1 Command create access_profile ip vlan source_ip_mask 20 0 0 0 destination_ip_mask 10 0 0 0 dscp icmp type code pe...

Страница 343: ...ecific values that will be combined using a logical AND operational method with masks entered with the create cpu access_profile command above Parameters profile_id value 1 5 Enter an integer used to identify the access profile that will be configured with this command This value is assigned to the access profile when it is created with the create cpu access_profile command The profile ID sets the...

Страница 344: ...ccess profile will apply only to packets that have this UDP source port in their header dst_port value 0 65535 Specifies that the access profile will apply only to packets that have this UDP destination port in their header protocol_id value 0 255 Specifies that the Switch will examine the protocol field in each packet and if this field contains the value entered here apply the following rules use...

Страница 345: ... cpu_interface_filtering command below to enable and disable CPU interface filtering on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example Usage To enable CPU interface filtering DES 3800 admin enable cpu_interface_filtering Command enable cpu_interface_filtering Success DES 3800 admin disable cpu_interface_filtering Purpose Used to di...

Страница 346: ... view the CPU access profile entry currently set in the Switch Syntax show cpu access_profile profile_id value 1 5 access_id value 1 65535 Description The show cpu_access_profile command is used view the current CPU interface filtering entries set on the Switch Parameters profile_id value 1 5 Enter an integer between 1 and 5 that is used to identify the CPU access profile to be viewed with this co...

Страница 347: ... Managed Switch CLI Manual 343 DES 3800 admin show cpu access_profile Command show cpu access_profile CPU Access Profile Table CPU Access Profile ID 1 Type Ethernet Masks VLAN 802 1p CPU Access ID 1 Mode Permit default Total Access Entries 1 DES 3800 admin ...

Страница 348: ...ay replace all parts of the command prompt except the by entering a string of 16 alphanumerical characters with no spaces or the user may enter the current login username configured on the Switch Parameters string 16 Enter an alphanumeric string of no more than 16 characters to define the command prompt for the CLI interface username Entering this parameter will replace the current CLI command pro...

Страница 349: ...ssage to its original factory default setting The maximum character capacity for the greeting banned is 6 lines and 80 characters per line Entering Ctrl W will save the current configured banner to the DRAM only To enter it into the FLASH memory the user must enter the save command Only Administrator or Operator level users can issue this command Example usage To configure the greeting message DES...

Страница 350: ...ssage Description This command is used to view the currently configured greeting message on the Switch Parameters None Restrictions None Example usage To view the currently configured greeting message DES 3800 admin show greeting_message Command show greeting_message DES 3828 Fast Ethernet Switch Command Line Interface Firmware Build 4 50 B10 Copyright C 2000 2005 D Link Corporation All rights res...

Страница 351: ... packet flow will decrease by half of the level that caused the Switch to enter Exhausted mode After the packet flow has stabilized the rate will initially increase by 25 and then return to a normal packet flow The Safeguard Engine commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters config safeguard_engine state enab...

Страница 352: ...ose To display the CPU Safeguard Engine parameters currently set in the Switch Syntax show safeguard_engine Description This command is used to show the CPU Safeguard Engine information currently set on the Switch Parameters None Restrictions None Example usage To display current CPU protection parameters DES 3800 admin show safeguard_engine Command show safeguard_engine Safe Guard Engine State En...

Страница 353: ...hen the ingress packets are somewhere between the maximum and minimum queue the Switch will use a slope probability function to determine a random method of dropping packets based on the fill percentage of the QoS queue If queues are closer to being full the Switch will increase the discarding of random packets to even out the flow to the queues and avoid overflows to higher priority queues Comman...

Страница 354: ...st of ports are configured by entering the first and last port of the list separated by a dash Multiple separate ports may be entered by separating them with a comma class_id class_id 0 7 Specifies the hardware priority queues to be configured for WRED If no class ID is chosen all class IDs will be configured for WRED drop start int 0 100 Select a percentage between 0 and 100 to initialize the dis...

Страница 355: ...ports 2 drop_start 50 drop_slope 45 average_time 100 Command config wred ports 2 drop_start 50 drop_slope 45 average_time 100 Success DES 3800 admin show wred Purpose Used to disable WRED on the Switch Syntax show wred ports portlist all Description This command will display the configured parameters for the WRED settings on the Switch Parameters ports portlist Specify a port or group of ports for...

Страница 356: ...rnet Managed Switch CLI Manual 352 DES 3800 admin show wred ports 1 Command show wred ports 1 Global WRED Disabled Port 1 Average time 100 us Class_ID Drop Start Drop Slope 0 50 45 1 50 45 2 50 45 3 50 45 4 50 45 5 50 45 6 50 45 7 50 45 DES 3800 admin ...

Страница 357: ... user and thus will be prompted for a username and password again The Web based Access Control WAC commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters enable wac disable wac config wac vlan vlan_name 32 ports portlist all state enable disable method local radius default_redirpath string 128 logout_timer min 1 1440 cr...

Страница 358: ...N name which users will be placed when authenticated by the Switch or a RADIUS server This VLAN should be pre configured to have limited access rights to web based authenticated users ports Specify this parameter to add ports to be enabled as Web based Access Control ports Only these ports will accept authentication parameters from the user wishing limited access rights through the Switch portlist...

Страница 359: ...mand config wac vlan Trinity method local ports 1 5 state enable default_redirpath http www dlink com Success DES 3800 admin Example usage To configure the WAC ports DES 3800 admin config wac ports 1 7 state enable Command config wac ports 1 7 state enable Success DES 3800 admin Example usage To configure the Web based Access Control method DES 3800 admin config wac method local Command config wac...

Страница 360: ...n create wac user Darren vlan Trinity Command create wac user Darren vlan Trinity Success DES 3800 admin config wac user Purpose Used to configure a previously created Web based Access Control user on the Switch Syntax config wac user username 15 vlan vlan_name 32 Description This command is used to configure a previously created Web based Access Control user on the Switch Parameters username 15 E...

Страница 361: ... Total Entries 1 DES 3800 admin show wac Purpose Used to display the parameters for the Web based Access Control settings currently configured on the Switch Syntax show wac ports portlist all Description This command is used to display the parameters for the Web based Access Control settings currently configured on the Switch Parameters ports portlist Use this parameter to define ports to be viewe...

Страница 362: ... 1 Disable 0 0 0 0 Unauth 2 Disable 0 0 0 0 Unauth 3 Disable 0 0 0 0 Unauth 4 Disable 0 0 0 0 Unauth 5 Disable 0 0 0 0 Unauth 6 Disable 0 0 0 0 Unauth 7 Disable 0 0 0 0 Unauth 8 Disable 0 0 0 0 Unauth 9 Disable 0 0 0 0 Unauth 10 Enable Darren 0 0 0 0 Unauth 1 DES 3800 admin NOTE A successful authentication should direct the client to the stated web page If the client does not reach this web page y...

Страница 363: ...provider VLAN tag has been added If so the packet is then routed through this provider VLAN which contains smaller VLANs with similar configurations to ensure speedy and guaranteed routing destination of the packet The VLAN commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters enable double_vlan disable double_vlan cre...

Страница 364: ...and enables and disables the Double Tag VLAN When Double VLANs are enabled the system configurations for VLANs will return to the default setting in order to enable the Double VLAN mode In the Double VLAN mode normal VLANs and GVRP functions are disabled The Double VLAN default setting is disabled Parameters None Restrictions Only Administrator or Operator level users can issue this command Exampl...

Страница 365: ...meric string of up to 32 characters to identify this VLAN spvid vlanid 1 4094 The VLAN ID of the service provider VLAN The user is to identify this VLAN with a number between 1 and 4094 tpid hex 0x0 0xffff The tag protocol ID This ID identified here in hex form will help identify packets to devices as Double VLAN tagged packets The default setting is 0x8100 Restrictions Only Administrator or Opera...

Страница 366: ...cting Switch VLANs to customer VLANs Gigabit ports can not be configured as access ports portlist Enter a list of ports to be added to this VLAN A list of ports are configured by entering the first and last port of the list separated by a dash Multiple separate ports may be entered by separating them with a comma delete Specify this parameter to delete ports configured in the portlist from this VL...

Страница 367: ...ow double_vlan vlan_name Description This command will display the current double VLAN parameters configured on the Switch Parameters vlan name Enter the name of a previously created VLAN for which to display the settings Restrictions None Users must have the Switch enabled for Double VLANs Example usage To display parameters for the Double VLAN Trinity DES 3800 admin show double_vlan Trinity Comm...

Страница 368: ..._addr ports portlist config max_mcast_group ports portlist max_group value 1 256 show max_mcast_group ports ports portlist Each command is listed in detail in the following sections create mcast_filter_profile Purpose This command creates a multicast address profile Syntax create mcast_filter_profile profile_id value 1 24 description desc 1 32 Description This command configures a multicast addres...

Страница 369: ...ile Restrictions Only Administrator or Operator level users can issue this command Usage Example To configure a multicast filter profile DES 3800 admin config mcast_filter_profile profile_id 2 add 225 1 1 1 225 1 1 1 Command config mcast_filter_profile profile_id 2 add 225 1 1 1 225 1 1 1 Success DES 3800 admin delete mcast_filter_profile Purpose This command deletes a multicast address profile Sy...

Страница 370: ...ES 3800 admin config limited_multicast_addr Purpose Used to configure the multicast address filtering function on a port Syntax config limited_multicast_addr ports portlist add delete profile_id value 1 24 access permit deny Description Used to configure the multicast address filtering function on a port When there are no profiles specified with a port the limited function is not effective Paramet...

Страница 371: ...mited multicast address configuration Restrictions None Usage Example To show limited multicast address range DES 3800 admin show limited_multicast_addr 1 3 Command show limited_multicast_addr 1 3 Port 1 Access Deny Profile Id 1 Port 3 Access Deny Profile ID 1 DES 3800 admin config max_mcast_group Purpose This command configures the maximum number of multicast group that a port can join Syntax con...

Страница 372: ...This command display the max number of multicast groups that a port can join Syntax show max_mcast_group ports portlist Description This command display the max number of multicast groups that a port can join Parameters portlist A range of ports to display the max number of multicast groups Restrictions None Usage Example To display the maximum number of multicast groups that a port can join DES 3...

Страница 373: ...cal will always be the first choice for routing purposes and the next most reliable path is Static due to the fact that its has the next lowest value To set a higher reliability for a route change its value to a number less than the value of a route preference that has a greater reliability value using the config route preference command For example if the user wishes to make RIP the most reliable...

Страница 374: ...PF AS External route type 1 route ospfExtT2 Choose this parameter to configure the preference value for the AS External route type 2 route value 1 999 Enter a value between 1 and 999 to set the route preference for a particular route The lower the value the higher the chance the specified protocol will be chosen as the best path for routing packets Restrictions Only Administrator or Operator level...

Страница 375: ...he route preference settings for the OSPF AS External route type 2 Entering this command with no parameters will display the route preference for all routes Restrictions None Example usage To view the route preference values for all routes DES 3800 admin show route preference Command show route preference Route Preference Settings Route Type Preference RIP 100 OSPF Intra 80 STATIC 60 LOCAL 0 OSPF ...

Страница 376: ...DHCP packets the Switch will then query the remote RADIUS server with this potential MAC address using a RADIUS Access Request packet If a match is made with this MAC address the RADIUS server will return a notification stating that the MAC address has been accepted and is to be placed in the target VLAN If the VID for the target VLAN is not found by the Switch the Switch will create its own MAC B...

Страница 377: ...able and disable MAC based Access Control globally on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable MAC based Access Control globally on the Switch DES 3800 admin enable mac_based_access_control Command enable mac_based_access_control Success DES 3800 admin disable mac_based_access_control Purpose Used to disable t...

Страница 378: ...d when authenticating MAC addresses on a given port The user may choose between the following methods local Use this method to utilize the locally set MAC address database as the authenticator for MAC Based Access Control This MAC address list can be configured in the MAC Based Access Control Local Database Settings window radius Use this method to utilize a remote RADIUS server as the authenticat...

Страница 379: ...ess control function state of ports on the switch portlist Enter a port or list of ports to be displayed all Choose to display all ports Entering this command without any parameters will display the global settings of the MAC_based access control feature Restrictions None Example usage To display the global settings for the MAC based Access Control on the Switch DES 3800 admin show mac_based_acces...

Страница 380: ...To configure a Guest VLAN as a MAC based Access Control Guest VLAN DES 3800 admin create mac_based_access_control guest_vlan Triton Command create mac_based_access_control guest_vlan Triton Success DES 3800 admin config mac_based access_control guest_vlan Purpose Used to set the ports for a previously created MAC based access control Guest VLAN Syntax config mac_based access_control guest_vlan por...

Страница 381: ...e 32 Description This command is used to set a list of MAC addresses along with their corresponding target VLAN which will be authenticated for the Switch Once a queried MAC address is matched in this table it will be placed in the VLAN associated with it here The switch administrator may enter up to 1024 MAC addresses to be authenticated using the local method configured here Parameters mac macad...

Страница 382: ...0 admin config mac_based access_control_local mac 00 01 0A 3B 00 06 vlan default Command config mac_based access_control_local mac 00 01 0A 3B 00 06 vlan default Success DES 3800 admin delete mac_based_access_control_local mac Purpose Used to delete a MAC addresses from the local MAC based access control authentication database Syntax delete mac_based access_control_local mac macaddr vlan vlan_nam...

Страница 383: ...nding MAC addresses Entering no parameters will display all entries located in the local MAC based access control authentication database along with their corresponding target VLANs Restrictions None Example usage To display a MAC address entry located within the local MAC based access control authentication database DES 3800 admin show mac_based_access_control_local mac 00 01 0A 3B 00 06 Command ...

Страница 384: ...authenticating process of MAC addresses located on that port Restrictions None Example usage To display the current authentication process of MAC addresses on port 1 DES 3800 admin show mac_based_access_control auth_mac Command show mac_based_access_control_local auth_mac Port number 1 Index MAC Address Auth State VLAN Name 1 00 00 01 02 03 A2 Authenticating default 2 00 03 09 18 10 01 Authenticat...

Страница 385: ...e routers can only join or be pruned from a multicast group through the use of Join Prune Messages exchanged between the DR and RP Join Prune Messages are packets relayed between routers that effectively state which interfaces are or are not to be receiving multicast data These messages can be configured for their frequency to be sent out on the network and are only valid to routers if a Hello pac...

Страница 386: ...it explicit prune messages indicating that there are no multicast members on their respective branches PIM DM then removes these branches prunes them from the multicast delivery tree Because a member of a pruned branch of a multicast delivery tree may want to join a multicast delivery group at some point in the future the protocol periodically removes the prune information from its database and fl...

Страница 387: ...PIM settings must first be configured for specific IP interfaces using the config pim command Parameters None Restrictions Only Administrator or Operator level users can issue this command Usage example To enable PIM as previously configured on the Switch DES 3800 admin enable pim Command enable pim Success DES 3800 admin disable pim Purpose Used to disable PIM function on the Switch Syntax disabl...

Страница 388: ...y state an interval time between 1 18724 seconds with a default interval time of 30 seconds jp_interval sec 1 18724 This field will set the interval time between the sending of Join Prune packets stating which multicast groups are to join the PIM enabled network and which are to be removed or pruned from that group The user may state an interval time between 1 18724 seconds with a default interval...

Страница 389: ...s can issue this command Example usage To configure the register probe time DES 3800 admin config pim register_probe_time 5 Command config pim register_probe_time 5 Success DES 3800 admin config pim register_suppression_time Purpose Used to configure the interval between the sending of register packets for the PIM protocol Syntax config pim register_suppression_time value 3 255 Description This co...

Страница 390: ...roup Restrictions Only Administrator or Operator level users can issue this command Usage example To create an IP interface to become a Candidate RP on the Switch DES 3800 admin create pim crp group 231 0 0 1 32 rp Trinity Command create pim crp group 231 0 0 1 32 rp Trinity Success DES 3800 admin delete pim crp Purpose To disable the Switch in becoming a possible candidate to be the Rendezvous Po...

Страница 391: ...f there is a tie for the highest priority the router having the higher IP address will become the RP The user may set a priority between 0 255 with a default setting of 0 wildcard_prefix_cnt 0 1 The user may set the Prefix Count value of the wildcard group address here by choosing a value between 0 and 1 with a default setting of 0 Restrictions Only Administrator or Operator level users can issue ...

Страница 392: ...multicast group IP address used in identifying the Rendezvous Point RP This address must be a class D address Restrictions Only Administrator or Operator level users can issue this command Usage example To remove the multicast group IP address used in identifying the Rendezvous Point RP DES 3800 admin delete pim static_rp group 231 0 0 1 32 Command delete pim static_rp group 231 0 0 1 32 Success D...

Страница 393: ...an SPT Restrictions Only Administrator or Operator level users can issue this command Usage example To set the SPT threshold DES 3800 admin config pim rp_spt_threshold 200 Command config pim rp_spt_threshold 200 Success DES 3800 admin config last_hop_spt_threshold Purpose Used to configure the packet threshold that the last hop router in the RP tree will use to change its path to a SPT Syntax conf...

Страница 394: ... 3800 admin show pim rpset Command show pim rpset Bootstrap Router 12 43 51 81 Group Address RP Address Holdtime Expired Time Type 224 0 0 1 4 31 43 51 81 150 107 Total Entries 1 DES 3800 admin show pim crp Purpose Used to display the Candidate RP settings on the Switch along with CRP parameters configured for the Switch Syntax show pim crp Description This command will display the settings for Ca...

Страница 395: ...asklen value 0 32 Enter a hash mask length which will be used with the IP address of the candidate RP and the multicast group address to calculate the hash algorithm used by the router to determine which CRP on the PIM SM enabled network will be the RP The user may select a length between 0 32 with a default setting of 30 This parameter must be configured separately from the ipif settings of this ...

Страница 396: ... show pim cbsr ipif ipif_name12 Description This command will display the settings for Candidate BSRs that are accessible to the switch This command is for PIM SM configurations only Parameters ipif_name 12 Enter the name of the IP interface for which to display settings Entering no name will display all CBSRs Restrictions None Usage example To view the CBSR settings DES 3800 admin show pim cbsr C...

Страница 397: ...eshold 0 packet per second switch to SPT tree immediately Register Probe Time 5 Register Suppression Time 60 PIM Interface Table Designated Hello J P Interface IP Address Router Interval Interval Mode State Trinity 11 1 1 1 8 10 53 13 30 30 60 DM Disabled System 10 53 13 30 8 11 1 1 1 60 60 SM Enabled Total Entries 2 DES 3800 admin show pim neighbor Purpose Used to display PIM neighbors of the Swi...

Страница 398: ...et Managed Switch CLI Manual 394 Usage example To view the PIM neighbors DES 3800 admin show pim neighbor Command show pim neighbor PIM Neighbor Address Table Interface Name Neighbor Address Expired Time n10 10 20 6 251 79 Total Entries 1 DES 3800 admin ...

Страница 399: ... 10 38 45 192 32 0 0 0 0 spt S G 229 55 150 208 10 50 93 100 32 0 0 0 0 spt S G 229 55 150 208 10 51 16 1 32 0 0 0 0 spt S G 229 55 150 208 10 59 23 10 32 0 0 0 0 spt S G 229 55 150 208 31 43 51 81 32 0 0 0 0 rpt G 239 192 0 1 31 43 51 81 32 0 0 0 0 rpt G Total Entries 12 DES 3800 admin create pim register_checksum_include_data Purpose Used to set the RPs that the Switch will send Register packets...

Страница 400: ...ed with the data in Registered packets Restrictions Only Administrator or Operator level users can issue this command Usage example To delete RPs that the Switch will send Register packets to and create checksums to be included with the data in Registered packets DES 3800 admin delete pim register_checksum_include_data rp_ address 11 1 1 1 Command delete pim register_checksum_include_data rp_ addr...

Страница 401: ...p multicast_ipaddr Description This command will display currently active RPs that have been chosen from the RP Set table which are relaying multicast data Parameters group multicast_ipaddr Enter the multicast group IP address used in identifying the Rendezvous Point RP This address must be a class D address Restrictions None Usage example To show the currently active RPs that have been chosen fro...

Страница 402: ... create loopback ipif ipif_name 12 ipaddr state enable disable Description The create ipif command creates an IP interface on the switch Loopback interface is a network termination and can t be direct connected to the host That is the host talks with loopback interface by routing Parameters ipif The name for the IP interface to be created Maximum length is 12 ipaddr The IP address of this loopback...

Страница 403: ...00 admin delete loopback ipif loopback0 Command delete loopback ipif loopback0 Success DES 3800 admin config loopback ipif Purpose Used to configure an loopback IP interface on the switch Syntax config loopback ipif ipif_name 12 ipaddress ipaddr state enable disable Description The config loopback ipif command is used to configure an loopback IP interface on the switch Parameters ipif_name The nam...

Страница 404: ...e name of the loopback IP interface you want to display If no parameter is specified the switch will display all loopback IP interfaces Restrictions None Usage Example To display loopback IP interface settings DES 3800 admin show loopback ipif Command show loopback ipif Loopback IP Interface Settings Interface Name loopback0 IP Address 172 19 10 20 Subnet Mask 255 255 255 255 Admin State Enabled L...

Страница 405: ...name 12 ipaddr ipaddr ipaddr config dhcp pool netbios_node_type pool_name 12 broadcast peer_to_peer mixed hybid config dhcp pool default_router pool_name 12 ipaddr ipaddr ipaddr config dhcp pool lease pool_name 12 day 0 365 hour 0 23 minute 0 59 infinite config dhcp pool boot_file pool_name 12 file_name 64 config dhcp pool next_server pool_name 12 ipaddr config dhcp ping_packets number 0 10 config...

Страница 406: ...n be used multiple times in order to define multiple groups of excluded addresses Parameters ipaddr Start end addrress of ipaddress range Restrictions Only Administrator or Operator level users can issue this command Usage Example To specify the IP address that DHCP server should not assign to clients DES 3800 admin create dhcp excluded_address begin_address 10 10 10 1 end_address 10 10 10 10 Comm...

Страница 407: ...p pool Purpose Creates delete a DHCP pool Syntax create dhcp pool pool_name 12 delete dhcp pool pool_name 12 all Description You must create a DHCP pool by specifying a name After you create a DHCP pool use other DHCP pool configuration command to configure parameters for the pool Parameters pool_name 12 Pool s name Restrictions Only Administrator or Operator level users can issue this command Usa...

Страница 408: ...omatically find a pool to allocate the address If the request is relayed to the server by the intermediate device the server will match the gateway IP address carried in the packet against the network of each DHCP pool The pool which has the longest match will be selected If the request packet is not through relay then the server will match the IP address of the IPIF that received the request pack...

Страница 409: ... users can issue this command Usage Example To config domain name option of dhcp pool DES 3800 admin config dhcp pool domain_name engineering d_link com Command config dhcp pool domain_name engineering d_link com Success DES 3800 admin config dhcp pool dns_server Purpose Specifies the IP address of a DNS server that is available to a DHCP client Up to three IP addresses can be specified in one com...

Страница 410: ...ion Windows Internet Naming Service WINS is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a general grouping of networks If netbios name server is not specified the netbios name server information will not be provided to the client If this command are input twice for the same pool the second command will overwrite the first command Paramet...

Страница 411: ... pool netbios_node_type engineering hybid Command config dhcp pool netbios_node_type engineering hybid Success DES 3800 admin config dhcp pool default_router Purpose Specifies the IP address of the default router for a DHCP client Up to three IP addresses can be specified in one command line Syntax config dhcp pool default_router pool_name 12 ipaddr ipaddr ipaddr Description After a DHCP client ha...

Страница 412: ...e day 0 365 Days of lease hour 0 23 Hours of lease minute 0 59 Minutes of lease Infinite Means infinite lease Restrictions Only Administrator or Operator level users can issue this command Usage Example To config lease of a pool DES 3800 admin config dhcp pool lease engineering infinite Command config dhcp pool lease engineering infinite Success DES 3800 admin config dhcp pool boot_file Purpose Sp...

Страница 413: ... can issue this command Usage Example To configure next server DES 3800 admin config dhcp pool next_server engineering 192 168 0 1 Command config dhcp pool next_server engineering 192 168 0 1 Success DES 3800 admin config dhcp ping_packets Purpose Specifies the number of ping packets the DHCP server sends to a the IP address before assigning this address to a requesting client Syntax config dhcp p...

Страница 414: ... a ping packet Syntax config dhcp ping_timeout milliseconds 10 2000 Description By default the DHCP server waits 100 milliseconds before timing out a ping packet Parameters millisecond 500 2000 Amount of time the DHCP server must wait before timing out a ping packet The default value is 100 Restrictions Only Administrator or Operator level users can issue this command Usage Example To config the t...

Страница 415: ...will be ethernet For the match operation the hardward type and the hardware address field in the protocol fields will be used to match against the entry The IP address specified in the manual binding entry must be ranged within the network used by the DHCP pool If the user specifies a conflict IP address error message will be returned If a number of manual binding entries are created and the netwo...

Страница 416: ...users can issue this command Usage Example To clear a dynamic binding entries in pool Engineering DES 3800 admin clear dhcp binding Engineering 10 20 3 4 Command clear dhcp binding Engineering 10 20 3 4 Success DES 3800 admin show dhcp binding Purpose Display the current binding entry information Syntax show dhcp binding pool_name 12 Description This command displays the current binding entry info...

Страница 417: ... s name Restrictions None Usage Example To show the configured manual binding entries DES 3800 admin show dhcp pool manual_binding Command show dhcp pool manual_binding Pool Name IP Address Hardware address Type p1 192 168 0 1 00 80 C8 08 13 88 Ethernet p1 192 168 0 2 00 80 C8 08 13 99 Ethernet Total Entries 2 DES 3800 admin show dhcp pool Purpose Display the information for dhcp pool Syntax show ...

Страница 418: ...HCP server function Syntax enable dhcp_server disable dhcp_server Description This command is used to enable or disable the DHCP server function on the Switch If DHCP relay is enabled DHCP server can not be enabled The opposite is also true Parameters None Restrictions Only Administrator or Operator level users can issue this command Usage Example To enable dhcp server DES 3800 admin enable dhcp_s...

Страница 419: ...ear an IP address 10 20 3 4 from the conflict database DES 3800 admin clear dhcp conflict_ip 10 20 3 4 Command clear dhcp conflict_ip 10 20 3 4 Success DES 3800 admin show dhcp conflict_ip Purpose This command displays the IP address that has been identified as being conflict Syntax show dhcp conflict_ip ipaddr Description The DHCP server will use PING packet to determine whether an IP address is ...

Страница 420: ... Managed Switch CLI Manual 416 DES 3800 admin show dhcp conflict_ip Command show dhcp conflict_ip IP address Detection Method Detection time 172 16 1 32 Ping 2007 08 30 17 06 59 172 16 1 64 Gratuitous ARP 2007 09 10 19 38 01 Total Entries 2 DES 3800 admin ...

Страница 421: ...11450 done_timer sec 1 16711450 state enable disable fast_done enable disable Description The config mld_snooping command configures MLD snooping on the switch Parameters vlan_name The name of the VLAN for which MLD snooping is to be configured all Specifies that all VLANs configured on the switch will be configured node_timeout Specifies the amount of time that must pass before a link node is con...

Страница 422: ...add or delete the router ports Portlist Specifies a range of ports to be configured Restrictions Only Administrator or Operator level users can issue this command Usage Example To set up port range 1 10 to be static router ports DES 3800 admin config mld_snooping mrouter_ports default add 1 10 Command config mld_snooping mrouter_ports default add 1 10 Success DES 3800 admin enable mld_snooping Pur...

Страница 423: ...st traffic to flood within a given IPv6 interface Parameters None Restrictions Only Administrator or Operator level users can issue this command Usage Example To disable MLD snooping on the switch DES 3800 admin disable mld_snooping Command disable mld_snooping Success DES 3800 admin show mld_snooping Purpose Used to show the current status of MLD snooping on the switch Syntax show mld_snooping vl...

Страница 424: ...r 2 Querier State Disabled Querier Router Behavior Non Querier State Disabled VLAN Name vlan2 show mld_snooping group Purpose Used to display the current MLD snooping group configuration on the switch Syntax show mld_snooping group vlan vlan_name 32 Description The show mld_snooping group displays the current MLD snooping group configuration on the switch Parameters vlan_name The name of the VLAN ...

Страница 425: ...fault Multicast group FF02 14 MAC address 33 33 00 00 00 14 Reports 1 Port Listener 2 7 VLAN Name default Multicast group FF02 15 MAC address 33 33 00 00 00 15 Reports 1 Port Listener 2 9 VLAN Name default Multicast group FF02 16 MAC address 33 33 00 00 00 16 Reports 1 Port Listener 2 7 VLAN Name default Multicast group FF02 17 MAC address 33 33 00 00 00 17 Reports 2 Port Listener 2 7 VLAN Name de...

Страница 426: ... The name of the VLAN for which you want to view the MLD snooping configuration If no parameter specified the system will display all current MLD snooping configuration Restrictions None Usage Example To show all MLD snooping entries on the switch DES 3800 admin show mld_snooping forwarding Command show mld_snooping forwarding VLAN Name default Source IP FE08 C Multicast Group FF02 17 Listening Po...

Страница 427: ...static Displays router ports that have been statically configured dynamic Displays router ports that have been dynamically configured forbidden Displays forbidden router ports that have been statically configured If no parameter specified the system will display all currently configured router ports on the switch Restrictions None Usage Example To display the router ports DES 3800 admin show mld_s...

Страница 428: ... based 1 Description The config loopdetect command is used to setup the loop back detection function LBD for the entire switch Parameters recover_timer The time interval in seconds used by the Auto Recovery mechanism to decide how long to check if the loop status is gone The valid range is 60 to 1000000 Zero is a special value which means to disable the auto recovery mechanism hence user need to r...

Страница 429: ... portlist Specifies a range of ports to be configured all For set all ports in the system you may use all parameter state Allows loop detect to be enabled or disabled for the ports specified in the port list The default is disabled Restrictions Only Administrator or Operator level users can issue this command Example usage To set state enable DES 3800 admin config loopdetect ports 1 5 state enable...

Страница 430: ...d allows the Loop Detection Function to be globally disabled on the switch The default value is disabled Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable the loopdetect DES 3800 admin disable loopdetect Command disable loopdetect Success DES 3800 admin show loopdetect Purpose Used to display the switch s current loopdetect confi...

Страница 431: ...iguration Syntax show loopdetect ports all portlist Description The show loopdetect ports command displays the switch s current per port loopdetect configuration and status Parameters portlist Specifies a range of ports to be displayed all System will display all ports loopdetect information Restrictions None Example usage To display loopdetect state of port 1 9 under port based mode Command show ...

Страница 432: ...opdetect state of port 1 9 under vlan based mode DES 3800 admin show loopdetect ports 1 9 Command show loopdetect ports 1 9 Port Loopdetect State Loop VLAN 1 Enabled None 2 Enabled None 3 Enabled None 4 Enabled None 5 Enabled 2 6 Enabled None 7 Enabled 2 8 Enabled None 9 Enabled None DES 3800 admin ...

Страница 433: ... created account s password Syntax reset password username Description The reset password command reset set to empty already created account s password Parameters username To specify the user name for the account to be reset Restrictions This command is only available in password recovery mode Example usage To reset the password reset password user1 Command reset password user1 Success reset facto...

Страница 434: ...le in password recovery mode Example usage To restart the Switch restart Command restart Are you sure to proceed with the system reboot y n Are you want to save configuration y n Saving all configurations to NV RAM Done Please wait the switch is rebooting reset account Purpose Used to delete the created account Syntax reset account username Description The reset account command deletes the created...

Страница 435: ...ount Syntax show account_list Description The show account_list command display all already created accounts Parameters None Restrictions This command is only available in password recovery mode Example usage To display the account list Command show account_list Current Accounts Username Access Level admin1 Admin user1 User Total Entries 2 ...

Страница 436: ...ate a multicast VLAN Syntax create igmp_snooping multicast_vlan vlan_name 32 vlanid 2 4094 Description The create igmp_snooping multicast_vlan command will create a multicast_vlan Multiple multicast VLAN can be configured Parameters vlan_name The name of the multicast VLAN to be created Each multicast VLAN is given a name that can be up to 32 characters vlanid The VLAN ID of the multicast VLAN to ...

Страница 437: ...t VLAN to be configured Each multicast VLAN is given a name that can be up to 32 characters member_port A range of member ports to add to the multicast VLAN They will become the untagged member port of the ISM VLAN source_port A range of member ports to add to the multicast VLAN state enable or disable multicast VLAN for the chosen VLAN force_agree When force_agree is specified the config command ...

Страница 438: ...multicast_vlan DES 3800 admin delete igmp_snooping multicat_vlan v1 Command delete igmp_snooping multicat_vlan v1 Success DES 3800 admin show igmp_snooping multicast_vlan Purpose Used to show the information of multicast VLAN Syntax show igmp_snooping multicast_vlan vlan_name 32 Description The show igmp_snooping multicast_vlan command allows you to show the information of multicat_vlan Parameters...

Страница 439: ...f rip vrrp all state enable disable Description This command is used to discard the l3 control packets sent to CPU from specific ports Parameters portlist Specify the port list to filter control packet dvmrp Specify to filter the DVMRP protocol pim Specify to filter the PIM protocol igmp_query Specify to filter the IGMP Query protocol ospf Specify to filter the OSPF protocol rip Specify to filter ...

Страница 440: ...he l3 control packet CPU filtering status Parameters portlist Specify the list of ports that need to filter control packets Restrictions None Example usage To display the filtering status for ports 1 and 2 DES 3800 admin show cpu_filter l3 control_pkt 1 2 Command show cpu_filter l3 control_pkt 1 2 Port RIP OSPF VRRP PIM DVMRP IGMP Query 1 Disabled Enabled Disabled Disabled Enabled Disabled 2 Enabl...

Страница 441: ... traffic Syntax config broadcast_filter portlist all null arp_forward_list portlist all null Description The command isolates broadcast or l2 unknown multicast traffic but allows the user to set forward ARP requests by port Parameters broadcast_filter When a port is listed in the portlist the broadcast unknown multicast from other ports to this port will be dropped the broadcast unknown multicast ...

Страница 442: ...rictions None Example usage To display the broadcast filter DES 3800 admin show broadcast_filter Command show broadcast_filter Port Filter State ARP Forward State 1 Filter Forward 2 Filter Forward 3 Filter Forward 4 Filter Forward 5 Filter Forward 6 Forward Not Forward 7 Forward Not Forward 8 Forward Not Forward 9 Forward Not Forward 10 Forward Not Forward 11 Forward Not Forward 12 Forward Not For...

Страница 443: ...Full duplex Flow Control IEEE 802 3 Nway auto negotiation IEEE 802 3af Power over Ethernet Protocols CSMA CD Data Transfer Rates Ethernet Fast Ethernet Gigabit Ethernet Fiber Optic Half duplex Full duplex 10 Mbps 20Mbps 100Mbps 200Mbps n a 2000Mbps SFP Mini GBIC Support IEEE 802 3z 1000BASE LX DEM 310GT transceiver IEEE 802 3z 1000BASE SX DEM 311GT transceiver IEEE 802 3z 1000BASE LH DEM 314GT tra...

Страница 444: ... DES 3828P one additional 270mm blower Operating Temperature 0 40 C Storage Temperature 40 70 C Humidity 5 95 non condensing Dimensions DES 3828 DES3828DC DES 3852 441 mm x 310 mm x 44 mm DES 3828P 441mm x 369mm x 44mm Weight DES 3828 DES 3828DC 4 24kg 9 35lbs DES 3852 4 25kg 9 38lbs DES 3828P 6 02kg 13 27lbs EMI CE class A FCC Class A VCCI Class A C Tick Safety CSA International CB Report Perform...

Страница 445: ...tten into the Sender Protocol Address in ARP payload As PC B s MAC address is unknown the Target H W Address will be 00 00 00 00 00 00 while PC B s IP address will be written into the Target Protocol Address shown in Table 1 H W type Protocol type H W address length Protocol address length Operation ARP request Sender H W address 00 20 5C 01 11 11 Sender protocol address 10 10 10 1 Target H W addr...

Страница 446: ... all PCs will receive and examine the frame but only PC B will reply the query as the destination IP matched see Figure 3 Figure 3 When PC B replies the ARP request its MAC address will be written into Target H W Address in the ARP payload shown in Table 3 The ARP reply will be then encapsulated into Ethernet frame again and sent back to the sender The ARP reply is in a form of Unicast communicati...

Страница 447: ...ding Table The switch will learn PC B s MAC and update its Forwarding Table Forwarding Table Port2 00 20 5C 01 22 22 Port1 00 20 5C 01 11 11 How ARP spoofing attacks a network ARP spoofing also known as ARP poisoning is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN modify the traffic or stop the traffic altogether known as a Denial of Service DoS ...

Страница 448: ...s is the Ethernet broadcast address FF FF FF FF FF FF All nodes within the network will immediately update their own ARP table in accordance with the sender s MAC and IP address The format of Gratuitous ARP is shown in Table 5 Port 1 Port 23 Port 2 Port 24 A IP 10 10 10 1 MAC 00 20 5C 01 11 11 IP 10 10 10 3 Router B DNS server IP 10 10 10 253 MAC 00 20 5C 01 53 53 IP 10 10 10 2 MAC 00 20 5C 01 22 ...

Страница 449: ...e done by associating a nonexistent or any specified MAC address to the IP address of the network s default gateway The malicious attacker only needs to broadcast ONE Gratuitous ARP to the network claiming it is the gateway so that the whole network operation will be turned down as all packets sent through the Internet will be directed to the wrong node Likewise the attacker can either choose to f...

Страница 450: ... any specified content in the first 48 bytes of an ARP packet up to 80 bytes in total at one time It utilizes offsets to match individual fields in the Ethernet Frame An offset contains 16 bytes and each offset is divided into four 4 byte values in a HEX format refer to the configuration example below for details In addition the configuration logics are 1 Only if the ARP matches the Source MAC add...

Страница 451: ...xStack DES 3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual 447 ...

Страница 452: ...xStack DES 3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual 448 ...

Отзывы:

Нет отзывов

Похожие инструкции для DES-3828 - xStack Switch - Stackable

D-Link AirPlus DWL-810 Owner'S Manual preview
AirPlus DWL-810
Бренд: D-Link Страницы: 25
Garmin GND 10 Installation Instructions preview
GND 10
Бренд: Garmin Страницы: 2
H3C SR8800 IM-FW-II Command Reference Manual preview
SR8800 IM-FW-II
Бренд: H3C Страницы: 107
3Com MSR 50 Series Safety Information Manual preview
MSR 50 Series
Бренд: 3Com Страницы: 12
H3C S9500 Series Operating Manual preview
S9500 Series
Бренд: H3C Страницы: 16
H3C H3C S3600 Series Datasheet preview
H3C S3600 Series
Бренд: H3C Страницы: 10
H3C MSR 930 Installation Manual preview
MSR 930
Бренд: H3C Страницы: 42
H3C MSR 800 Installation, Quick Start preview
MSR 800
Бренд: H3C Страницы: 2
H3C H3C S7500E Series Instruction Manual preview
H3C S7500E Series
Бренд: H3C Страницы: 34
H3C MSR Series Manual preview
MSR Series
Бренд: H3C Страницы: 33
H3C CR16000-F Configuration Manual preview
CR16000-F
Бренд: H3C Страницы: 14
H3C MSR 3600 Hardware Information And Specifications preview
MSR 3600
Бренд: H3C Страницы: 56
H3C H3C S7500E Series Configuration Manual preview
H3C S7500E Series
Бренд: H3C Страницы: 112
H3C S3100-52P Command Manual preview
S3100-52P
Бренд: H3C Страницы: 15
H3C SR8800 IM-FW-II Manual preview
SR8800 IM-FW-II
Бренд: H3C Страницы: 5
H3C H3C S7500E Series Installation Manual preview
H3C S7500E Series
Бренд: H3C Страницы: 50
H3C MSR810 Manual preview
MSR810
Бренд: H3C Страницы: 37
H3C CR16000-F Installation, Quick Start preview
CR16000-F
Бренд: H3C Страницы: 4

Бренды по названию

Популярные бренды

Загрузить еще бренды