Edge-Core AS5700-54X Скачать руководство пользователя страница 304 | Manualshive

Страница: 304 / 1116

Edge-Core AS5700-54X Скачать руководство пользователя страница 304

Chapter 8

| General Security Measures

IPv4 Source Guard

– 304 –

◆

When source guard is enabled, traffic is filtered based upon dynamic entries
learned via DHCP snooping, or static addresses configured in the source guard
binding table with this command.

◆

An entry with same MAC address and a different VLAN ID cannot be added to
the binding table.

◆

Static bindings are processed as follows:

■

A valid static IP source guard entry will be added to the binding table in
ACL mode if one of the following conditions is true:

■

If there is no binding entry with the same VLAN ID and MAC address, a
new entry will be added to the binding table using the type of static IP
source guard binding.

■

If there is an entry with the same VLAN ID and MAC address, and the
type of entry is static IP source guard binding, then the new entry will
replace the old one.

■

If there is an entry with the same VLAN ID and MAC address, and the
type of the entry is dynamic DHCP snooping binding, then the new
entry will replace the old one and the entry type will be changed to
static IP source guard binding.

■

Note that a static IP source guard entry cannot be added for an non-
existent VLAN.

■

A valid static IP source guard entry will be added to the binding table in
MAC mode if one of the following conditions are true:

■

If there is no binding entry with the same IP address and MAC address,
a new entry will be added to the binding table using the type of static
IP source guard binding entry.

■

If there is a binding entry with same IP address and MAC address, then
the new entry shall replace the old one.

◆

Only unicast addresses are accepted for static bindings.

Example

This example configures a static source-guard binding on port 5. Since the binding
mode is not specified, the entry is bound to the ACL table by default.

Console(config)#ip source-guard binding 00-ab-cd-11-22-33 vlan 1 192.168.0.99

interface ethernet 1/5

Console(config-if)#

Related Commands

ip source-guard (305)
ip dhcp snooping (281)
ip dhcp snooping vlan (288)

«
...
302
303
304
305
306
...
»

Содержание AS5700-54X

Страница 1: ...CLI Reference Guide www edge core com 10G 40G Top of Rack Switches AS5700 54X AS6700 32X Software Release v1 1 166 154...

Страница 2: ...SFP Ports 6 40GBASE QSFP Ports 2 Power Supply Units and 4 Fan Trays 4 Fans F2B and B2F Airflow AS6700 32X 32 Port 40G Data Center Switch with 20 40G QSFP Ports 2 40G Expansion Slots 2 Power Supply Un...

Страница 3: ...ibes the switch s command line interface CLI For more detailed information on the switch s key features refer to the Administrator s Guide The guide includes these sections Section I Getting Started I...

Страница 4: ...tential hazard that could cause loss of data or damage the system or equipment Warning Alerts you to a potential hazard that could cause personal injury Revision History This section summarizes the ch...

Страница 5: ...Craft Port 58 Obtaining and Installing a License for the Network Ports 59 Configuring the Switch for Remote Management 61 Using the Service Port or Network Interface 61 Setting an IP Address 62 Enabli...

Страница 6: ...words and Arguments 85 Minimum Abbreviation 85 Command Completion 85 Getting Help on Commands 86 Partial Keyword Lookup 87 Negating the Effect of Commands 88 Using Command History 88 Understanding Com...

Страница 7: ...tion 109 banner configure ip lan 110 banner configure lp number 110 banner configure manager info 111 banner configure mux 112 banner configure note 112 show banner 113 System Status 113 location led...

Страница 8: ...c Code Upgrade Commands 137 upgrade opcode auto 137 upgrade opcode path 138 upgrade opcode reload 139 show upgrade 140 TFTP Configuration Commands 140 ip tftp retry 140 ip tftp timeout 141 show ip tft...

Страница 9: ...ogging sendmail destination email 162 logging sendmail source email 162 show logging sendmail 163 Time 163 SNTP Commands 164 sntp client 164 sntp poll 165 sntp server 166 show sntp 166 NTP Commands 16...

Страница 10: ...Target Host Commands 186 snmp server enable traps 186 snmp server host 187 snmp server enable port traps mac notification 189 show snmp server enable port traps 190 SNMPv3 Commands 190 snmp server en...

Страница 11: ...ds 211 User Accounts 212 enable password 212 username 213 Authentication Sequence 214 authentication enable 214 authentication login 215 RADIUS Client 216 radius server acct port 217 radius server aut...

Страница 12: ...4 ip ssh timeout 235 delete public key 235 ip ssh crypto host key generate 236 ip ssh crypto zeroize 237 ip ssh save host key 237 show ip ssh 238 show public key 238 show ssh 239 802 1X Port Authentic...

Страница 13: ...ess mac filter 263 mac authentication reauth time 263 network access dynamic qos 264 network access dynamic vlan 265 network access guest vlan 266 network access link detection 267 network access link...

Страница 14: ...option remote id 285 ip dhcp snooping information policy 286 ip dhcp snooping limit rate 286 ip dhcp snooping verify mac address 287 ip dhcp snooping vlan 288 ip dhcp snooping information option circ...

Страница 15: ...ing 310 ipv6 source guard 312 ipv6 source guard max binding 313 show ipv6 source guard 314 show ipv6 source guard binding 315 IPv6 Source Guard 315 ipv6 source guard binding 316 ipv6 source guard 317...

Страница 16: ...permit deny Standard IP ACL 337 permit deny Extended IPv4 ACL 338 ip access group 340 show ip access group 341 show ip access list 341 IPv6 ACLs 342 access list ipv6 342 permit deny Standard IPv6 ACL...

Страница 17: ...ofile portmode 368 show interfaces brief 369 show interfaces counters 369 show interfaces history 373 show interfaces status 376 show interfaces switchport 377 Transceiver Threshold Configuration 378...

Страница 18: ...annel 397 lacp timeout 398 Trunk Status Display Commands 399 show lacp 399 show port channel load balance 403 MLAG Commands 403 mlag 404 mlag peer link 405 mlag group member 405 show mlag 407 show mla...

Страница 19: ...nds 429 udld detection interval 429 udld message interval 430 udld recovery 431 udld recovery interval 431 udld aggressive 432 udld port 433 show udld 434 16 Address Table Commands 437 mac address tab...

Страница 20: ...ype 458 spanning tree mst cost 459 spanning tree mst port priority 460 spanning tree port priority 461 spanning tree root guard 461 spanning tree spanning disabled 462 spanning tree tc prop stop 463 s...

Страница 21: ...nnel mode 486 switchport dot1q tunnel priority map 486 switchport dot1q tunnel service default match all 487 switchport dot1q tunnel service match cvid 488 show dot1q tunnel 490 Configuring L2CP Tunne...

Страница 22: ...tation 517 qos map ip port dscp 518 qos map ip prec dscp 519 qos map trust mode 520 show qos map cos dscp 521 show map default drop precedence 521 show map dscp cos 522 show qos map dscp mutation 523...

Страница 23: ...how pfc statistics 553 Enhanced Transmission Selection Commands 554 ets mode 555 traffic class algo 555 traffic class map 556 traffic class weight 557 show ets mapping 558 show ets weight 559 Congesti...

Страница 24: ...query solicit 588 ip igmp snooping unregistered data flood 589 ip igmp snooping unsolicited report interval 590 ip igmp snooping version 590 ip igmp snooping version exclusive 591 ip igmp snooping vla...

Страница 25: ...ilter 614 show ip igmp profile 615 show ip igmp query drop 615 show ip igmp throttle interface 616 MLD Snooping 617 ipv6 mld snooping 618 ipv6 mld snooping querier 618 ipv6 mld snooping query interval...

Страница 26: ...637 IGMP Proxy Routing 638 ip igmp proxy 638 ip igmp proxy unsolicited report interval 640 MLD Layer 3 640 ipv6 mld 641 ipv6 mld last member query response interval 641 ipv6 mld max resp interval 642...

Страница 27: ...v pfc config 664 lldp dot1 tlv proto ident 664 lldp dot1 tlv proto vid 665 lldp dot1 tlv pvid 665 lldp dot1 tlv vlan name 666 lldp dot3 tlv link agg 666 lldp dot3 tlv mac phy 667 lldp dot3 tlv max fra...

Страница 28: ...nts remote detail 699 Continuity Check Operations 701 ethernet cfm cc ma interval 701 ethernet cfm cc enable 702 snmp server enable traps ethernet cfm cc 703 mep archive hold time 704 clear ethernet c...

Страница 29: ...tions 720 ethernet cfm delay measure two way 720 25 Domain Name Service Commands 723 ip domain list 724 ip domain lookup 725 ip domain name 725 ip host 726 ip name server 727 ipv6 host 728 clear dns c...

Страница 30: ...p timeout 752 clear arp cache 753 show arp 753 IPv6 Interface 754 Interface Address Configuration and Utilities 755 ipv6 default gateway 755 ipv6 address 756 ipv6 address eui 64 757 ipv6 address link...

Страница 31: ...ax binding 786 ipv6 nd snooping trust 787 clear ipv6 nd snooping binding 787 clear ipv6 nd snooping prefix 788 show ipv6 nd snooping 788 show ipv6 nd snooping binding 788 show ipv6 nd snooping prefix...

Страница 32: ...Hash 812 protocol id IPv4 Hash 812 src ip IPv4 Hash 812 src l4 port IPv4 Hash 813 vlan IPv4 Hash 813 collapsed dst ip IPv6 Hash 813 collapsed src ip IPv6 Hash 814 dst l4 port IPv6 Hash 814 next header...

Страница 33: ...35 clear ip rip route 835 show ip protocols rip 836 show ip rip 837 Open Shortest Path First OSPFv2 838 General Configuration 839 router ospf 839 compatible rfc1583 840 default information originate 8...

Страница 34: ...ay 865 passive interface 866 Display Information 866 show ip ospf 866 show ip ospf border routers 868 show ip ospf database 869 show ip ospf interface 875 show ip ospf neighbor 877 show ip ospf route...

Страница 35: ...nformation 900 show ipv6 ospf 900 show ipv6 ospf database 902 show ipv6 ospf interface 903 show ipv6 ospf neighbor 904 show ipv6 ospf route 905 show ipv6 ospf virtual links 906 Border Gateway Protocol...

Страница 36: ...and Selection 944 bgp always compare med 944 bgp bestpath as path ignore 944 bgp bestpath compare confed aspath 945 bgp bestpath compare routerid 945 bgp bestpath med 946 bgp default local preference...

Страница 37: ...list 965 neighbor remote as 966 neighbor remove private as 966 neighbor route map 967 neighbor route reflector client 968 neighbor route server client 969 neighbor send community 970 neighbor shutdown...

Страница 38: ...p prefix list 988 show ip prefix list detail 989 show ip prefix list summary 989 show ip protocols bgp 990 Policy based Routing for BGP 991 route map 993 call 994 continue 995 description 995 match as...

Страница 39: ...ip mroute 1014 IPv6 Commands 1016 ipv6 multicast routing 1016 show ipv6 mroute 1017 Static Multicast Routing 1019 ip igmp snooping vlan mrouter 1019 Static Multicast Routing 1020 ip igmp snooping vlan...

Страница 40: ...threshold 1039 ip pim ssm range 1040 ip pim dr priority 1042 ip pim join prune interval 1043 clear ip pim bsr rp set 1044 show ip pim bsr router 1045 show ip pim rp mapping 1046 show ip pim rp hash 1...

Страница 41: ...1062 ipv6 pim spt threshold 1064 ipv6 pim dr priority 1065 ipv6 pim join prune interval 1066 clear ipv6 pim bsr rp set 1067 show ipv6 pim bsr router 1068 show ipv6 pim rp mapping 1069 show ipv6 pim rp...

Страница 42: ...Contents 42...

Страница 43: ...apping QinQ Service VLAN to Customer VLAN 489 Figure 5 Openflow Process 571 Figure 6 Connections for Internal and External BGP 908 Figure 7 Connections for Single Route Reflector 914 Figure 8 Connecti...

Страница 44: ...Figures 44...

Страница 45: ...s list tcam utilization display description 115 Table 14 show system display description 121 Table 15 show version display description 124 Table 16 Fan Control Commands 125 Table 17 Frame Size Command...

Страница 46: ...le 45 show ssh display description 239 Table 46 802 1X Port Authentication Commands 240 Table 47 Management IP Filter Commands 252 Table 48 General Security Commands 255 Table 49 Port Security Command...

Страница 47: ...mands 411 Table 80 Congestion Control Commands 419 Table 81 Rate Limit Commands 419 Table 82 Rate Limit Commands 421 Table 83 Loopback Detection Commands 423 Table 84 UniDirectional Link Detection Com...

Страница 48: ...115 Multicast Filtering Commands 581 Table 116 IGMP Snooping Commands 582 Table 117 show ip igmp snooping statistics input display description 603 Table 118 show ip igmp snooping statistics output di...

Страница 49: ...Commands 737 Table 150 IP Interface Commands 741 Table 151 IPv4 Interface Commands 741 Table 152 Basic IP Configuration Commands 742 Table 153 Address Resolution Protocol Commands 751 Table 154 IPv6 C...

Страница 50: ...ay description 906 Table 185 Border Gateway Protocol Commands Version 4 918 Table 186 show ip bgp display description 977 Table 187 show ip bgp community info display description 980 Table 188 show ip...

Страница 51: ...isplay description 1056 Table 207 show ip pim bsr router display description 1068 Table 208 show ip pim rp mapping display description 1069 Table 209 show ip pim rp hash display description 1070 Table...

Страница 52: ...Tables 52...

Страница 53: ...ides an overview of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these ch...

Страница 54: ...Section I Getting Started 54...

Страница 55: ...standard web browser such as Internet Explorer 8 or above Mozilla Firefox 32 or above and Google Chrome 39 or above The switch s web management interface can be accessed from any computer attached to...

Страница 56: ...that enables a connection to a PC or terminal for monitoring and configuring the switch A null modem console cable is provided with the switch Attach a VT100 compatible terminal or a PC running a term...

Страница 57: ...y mode 2 Hybrid mode Select 1 2 Operation Mode Legacy Logging Onto the Command Line Interface The CLI program provides two different command levels normal access level Normal Exec and privileged acces...

Страница 58: ...X 10G and AS6700 32X 40G Layer 3 Ethernet switches AS5700 54X and AS6700 32X are the bare metal switch names without any operating system installed AOS5700 54X and AOS6700 32X are the same switches wi...

Страница 59: ...at is network ports but not the craft port are disabled by default These ports will only function when a port usage license is obtained from your distributor and installed on the switch To verify whet...

Страница 60: ...1B 71 Web Server Enabled Web Server Port 80 Web Secure Server Enabled Web Secure Server Port 443 Telnet Server Enabled Telnet Server Port 23 Jumbo Frame Disabled To install a license first verify that...

Страница 61: ...aqYSy270I97Syoaztq3DfsAtd0NPoVOabb8iWqIGFqy43ieDkIaYB E pTZkUY8vFt6JOiIDsPQLrzu8W HU6xcX9YS0UmBisZoSHSu eJeHzpGupwdYhccOQ5gL2O5YK9f1 LGjsQz8sjHVwaa7u7NsOu26zt1XGrwq1Pj5jIzJc6uJ7QZBicjqbpqhNyUM9vmx2qnw...

Страница 62: ...e than one subnet can only be manually configured as described in Assigning an IPv6 Address on page 63 Manual Configuration You can manually assign an IP address to the switch You may also need to spe...

Страница 63: ...ace on page 754 Link Local Address All link local addresses must be configured with a prefix in the range of FE80 FEBF Remember that this address type makes the switch accessible over IPv6 for all dev...

Страница 64: ...prefix that form the network address and is expressed as a decimal number For example all IPv6 addresses that start with the first byte of 73 hexadecimal could be expressed as 73 0 0 0 0 0 0 0 8 or 7...

Страница 65: ...ast every few minutes using exponential backoff until IP configuration information is obtained from a DHCP server DHCP values can include the IP address subnet mask and default gateway If the DHCP ser...

Страница 66: ...ss Obtaining an IPv6 Address Link Local Address There are several ways to configure IPv6 addresses The simplest method is to automatically generate a link local address identified by an address prefix...

Страница 67: ...rovide management access for version 1 or 2c clients you must specify a community string The switch provides a default MIB View i e an SNMPv3 construct for the default public community string that pro...

Страница 68: ...r host command From the Privileged Exec level global configuration mode prompt type snmp server host host address community string version 1 2c 3 auth noauth priv where host address is the IP address...

Страница 69: ...file The types of files are Configuration This file type stores system configuration information and is created when configuration settings are saved Saved configuration files can be selected as a sy...

Страница 70: ...mware to the switch and activate it The TFTP server could be any standards compliant server running on Windows or Linux When downloading from an FTP server the logon interface will prompt for a user n...

Страница 71: ...g startup config command always sets the new file as the startup file To select a previously saved configuration file use the boot system config filename command The maximum number of saved configurat...

Страница 72: ...he host portion of the upgrade file location URL must be a valid IPv4 IP address DNS host names are not recognized Valid IP addresses consist of four numbers 0 to 255 separated by periods The path to...

Страница 73: ...peding normal operations data switching etc of the switch During the automatic search and transfer process the administrator cannot transfer or update another operation code image configuration file p...

Страница 74: ...this command the switch will follow these steps when it boots up a It will search for a new version of the image at the location specified by upgrade opcode path command The name for the new image sto...

Страница 75: ...n index entry for a switch requesting service it should reply with the TFTP server name and boot file name Note that the vendor class identifier can be formatted in either text or hexadecimal but the...

Страница 76: ...on the DHCP client request sent by this switch includes a parameter request list asking for this information Besides these items the client request also includes a vendor class identifier that allows...

Страница 77: ...Network Time Protocol SNTP or Network Time Protocol NTP can be used to set the switch s internal clock based on periodic updates from a time server Maintaining an accurate time on the switch enables...

Страница 78: ...command Console show calendar Current Time Apr 2 15 56 12 2013 Time Zone UTC 08 00 Summer Time SUMMER offset 60 minutes Apr 2 2013 00 00 to Jun 30 2013 00 00 Summer Time in Effect Yes Console Configu...

Страница 79: ...tion key 45 md5 thisiskey45 Console config ntp authenticate Console config ntp server 192 168 3 20 Console config ntp server 192 168 3 21 Console config ntp server 192 168 5 23 key 19 Console config e...

Страница 80: ...Chapter 1 Initial Switch Configuration Setting the System Clock 80...

Страница 81: ...SNMP Commands on page 181 Remote Monitoring Commands on page 203 Authentication Commands on page 211 General Security Measures on page 255 Access Control Lists on page 335 Interface Commands on page...

Страница 82: ...of Service Commands on page 527 Multicast Filtering Commands on page 581 LLDP Commands on page 653 CFM Commands on page 681 DHCP Commands on page 733 IP Interface Commands on page 741 VRRP Commands o...

Страница 83: ...er name and password is entered the CLI displays the Console prompt and enters privileged access mode i e Privileged Exec But when the guest user name and password is entered the CLI displays the Cons...

Страница 84: ...olated network then you can use any IP address that matches the network segment to which you are attached After you configure the switch with an IP address you can open a Telnet session by performing...

Страница 85: ...For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that require parameters enter the required p...

Страница 86: ...hernet Shows Metro Ethernet information ets 802 1Qaz configuration hardware Hardware ralated functions hash selection Hash selection lists history Shows history information hosts Host information inte...

Страница 87: ...atchdog status web auth Shows web authentication configuration Console show The command show interfaces will display the following information Console show interfaces brief Brief interface description...

Страница 88: ...rally display information on system status or clear statistical counters Configuration commands on the other hand modify interface parameters or enable certain switching functions These classes are fu...

Страница 89: ...word privileged level password Console Configuration Commands Configuration commands are privileged level commands used to modify switch settings These commands modify the running configuration only a...

Страница 90: ...ons such as Access Control Lists VLAN Configuration Includes the command to create VLAN groups To enter the Global Configuration mode enter the command configure in Privileged Exec mode The system pro...

Страница 91: ...cy map Console config pmap 531 Route Map route map Console config route map 993 Router router bgp ipv6 ospf ospf pim pim6 rip Console config router 908 882 839 1022 1047 820 Time Range time range Cons...

Страница 92: ...for command line processing Table 6 Keystroke Commands Keystroke Function Ctrl A Shifts cursor to start of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current tas...

Страница 93: ...g DHCP requests and replies and discarding invalid ARP responses 255 Access Control List Provides filtering for IPv4 frames based on address protocol TCP UDP port number or TCP control code IPv6 frame...

Страница 94: ...igures LLDP settings to enable information discovery about neighbor devices 653 Domain Name Service Configures DNS services 723 Dynamic Host Configuration Protocol Configures DHCP client relay and ser...

Страница 95: ...at a specified time after a specified delay or at a periodic interval GC enable Activates privileged mode NE quit Exits a CLI session NE PE show history Shows the command history buffer NE PE configu...

Страница 96: ...oad the switch hour The hour at which to reload Range 0 23 minute The minute at which to reload Range 0 59 month The month at which to reload january december day The day of the month at which to relo...

Страница 97: ...02 10 43 2013 Are you sure to reboot the system at the specified time y n enable This command activates Privileged Exec mode In privileged mode additional commands are available and certain commands d...

Страница 98: ...xec Command Usage The quit and exit commands can both exit the configuration program Example This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verifica...

Страница 99: ...ory buffer when you are in any of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console 2 Console config Console config config...

Страница 100: ...ed to the end of the prompt to indicate that the system is in normal access mode Example Console disable Console Related Commands enable 97 reload Privileged Exec This command restarts the system Note...

Страница 101: ...ys 0 hours 29 minutes 52 seconds Console end This command returns to Privileged Exec mode Default Setting None Command Mode Global Configuration Interface Configuration Line Configuration VLAN Databas...

Страница 102: ...Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode and then quit the CLI session Console config exit Console exit Press ENTER to start session Use...

Страница 103: ...figuration active managers and version information Fan Control Forces fans to full speed Frame Size Enables support for jumbo frames File Management Manages code image or switch configuration files Li...

Страница 104: ...line prompt Example Console config hostname RD 1 Console config Banner Information These commands are used to configure and manage administrative information about the switch its exact data center lo...

Страница 105: ...is not supported If for example a mistake is made in the company name it can be corrected with the banner configure company command banner configure department Configures the Department information th...

Страница 106: ...or 2 Row 7 Rack 25 Electrical circuit ec 177743209 xb Number of LP 12 Position of the equipment in the MUX 1 23 IP LAN 192 168 1 1 Note This is a random note about this managed switch and can contain...

Страница 107: ...rack electrical circuit floor id The floor number row id The row number rack id The rack number ec id The electrical circuit ID Maximum length of each parameter 32 characters Default Setting None Comm...

Страница 108: ...on letter characters is suggested for situations where white space is necessary for clarity Example Console config banner configure department R D Console config banner configure equipment info This c...

Страница 109: ...e equipment location This command is used to configure the equipment location information displayed in the banner Use the no form to restore the default setting Syntax banner configure equipment locat...

Страница 110: ...her unobtrusive non letter characters is suggested for situations where white space is necessary for clarity Example Console config banner configure ip lan 192 168 1 1 255 255 255 0 Console config ban...

Страница 111: ...ber The phone number of the first manager mgr2 name The name of the second manager mgr2 number The phone number of the second manager mgr3 name The name of the third manager mgr3 number The phone numb...

Страница 112: ...usive non letter characters is suggested for situations where white space is necessary for clarity Example Console config banner configure mux telco 8734212kx_PVC 1 23 Console config banner configure...

Страница 113: ...123 555 1212 Lamar 123 555 1219 Station s information 710_Network_Path _Indianapolis Edge Core ECS4660 28F Floor Row Rack Sub Rack 3 10 15 12 DC power supply Power Source A Floor Row Rack Electrical c...

Страница 114: ...PE show running config Displays the configuration data currently in use PE show startup config Displays the contents of the configuration file stored in flash memory that is used to start up the syst...

Страница 115: ...A6E IPv6 extended ACL DM MAC diffServ D4 IPv4 diffServ D6S IPv6 standard diffServ D6E IPv6 extended diffServ AEM Egress MAC ACL AE4 Egress IPv4 ACL AE6S Egress IPv6 standard ACL AE6E Egress IPv6 exte...

Страница 116: ...IDylJNWPn65Lpv AtxzmEAAhPrXgHJk4P9 VcNnYGmJ6CB0X9jnWYox86W5RCB6p HbC7MFDY0gtUFmfNz16th DaWOi m2gAvc5Y mXS9l LZt 9Kcm4EfBi7Qxv2r0qayPu QN9LMqOAi0RFs48Rz752fCwnCWgUYtgzI9YnK Eq3lsWDC w7y2CDS vF 5IWGvr2x...

Страница 117: ...his command shows the amount of memory currently free for use the amount of memory allocated to active processes the total amount of system memory and the alarm thresholds Example Console show memory...

Страница 118: ...w startup config command to compare the information in running memory to the information stored in non volatile memory This command displays settings for key command modes Each mode group is separated...

Страница 119: ...97a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca vlan database VLAN 1 name...

Страница 120: ...encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP address configured for management VLAN I...

Страница 121: ...rees Temperature 3 38 degrees Temperature 4 31 degrees Temperature 5 31 degrees Temperature 6 29 degrees Temperature 7 29 degrees Temperature 8 36 degrees Temperature 9 36 degrees Main Power Status Up...

Страница 122: ...ring 1 3 6 1 4 1 259 12 1 2 System Information System Up Time 0 days 2 hours 17 minutes and 6 23 seconds System Name NONE System Location NONE System Contact NONE MAC Address Unit1 00 12 CF 61 24 2F W...

Страница 123: ...None steve 15 RSA Online Users Line User Name Idle time h m s Remote IP addr console admin 0 14 14 VTY 0 admin 0 00 00 192 168 1 19 SSH 1 steve 0 00 06 192 168 1 19 Web Online Users Line User Name Id...

Страница 124: ...Mode Privileged Exec Table 15 show version display description Parameter Description Serial Number The serial number of the switch Hardware Version Hardware version of the main board EPLD Version Vers...

Страница 125: ...speed force full Default Setting Normal speed Command Mode Global Configuration Example Console config fan speed force full Console config Frame Size This section describes commands used to configure...

Страница 126: ...ture Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept the extended frame size And for half duplex connections all devic...

Страница 127: ...age or a switch configuration to or from flash memory or an FTP TFTP server PE delete Deletes a file or code image PE dir Displays a list of files in flash memory PE umount usbdisk Prepares the USB me...

Страница 128: ...OM config Configuration file opcode Run time operation code filename Name of configuration file or code image The colon is required Default Setting None Command Mode Global Configuration Command Usage...

Страница 129: ...at adds the settings listed in the specified file to the running configuration file Keyword that allows you to copy to from a file ftp Keyword that allows you to copy to from an FTP server https certi...

Страница 130: ...b Management Guide For information on configuring the switch to use HTTPS for a secure connection see the ip http secure server command When logging into an FTP server the interface prompts for a user...

Страница 131: ...s Console This example shows how to copy a secure site certificate from an TFTP server It then reboots the switch to activate the certificate Console copy tftp https certificate TFTP server ip address...

Страница 132: ...s command deletes a file or image Syntax delete file name filename file name System file in switch memory filename Name of configuration file or code image Default Setting None Command Mode Privileged...

Страница 133: ...ut any parameters the system displays all files File information is shown below Example The following example shows how to display all file information Console dir File Name Type Startup Modified Time...

Страница 134: ...grade procedures can be run during system bootup or from the CLI using the command options listed above The following procedure shows how to upgrade the switch runtime code from the ONIE loader backdo...

Страница 135: ...bear ssh daemon done Starting telnetd done discover Rescue mode detected Installer disabled Please press Enter to activate this console To check the install status inspect var log onie log Try this ta...

Страница 136: ...prepares the USB memory device to be safely removed from the switch Syntax umount usbdisk Default Setting None Command Mode Privileged Exec Command Usage Before disconnecting a USB memory device you...

Страница 137: ...t Setting Disabled Command Mode Global Configuration Command Usage This command is used to enable or disable automatic upgrade of the operational code When the switch starts up and automatic image upg...

Страница 138: ...cceeds Downloading new image Flash programming started Flash programming completed The switch will now restart upgrade opcode path This command specifies an TFTP server and directory in which the new...

Страница 139: ...be used for the connection Example This shows how to specify a TFTP server where new code is stored Console config upgrade opcode path tftp 192 168 0 1 sm24 Console config This shows how to specify a...

Страница 140: ...Commands ip tftp retry This command specifies the number of times the switch can retry transmitting a request to a TFTP server after waiting for the configured timeout period and receiving no response...

Страница 141: ...o ip tftp timeout seconds The the time the switch can wait for a response from a TFTP server before retransmitting a request or timing out Range 1 65535 seconds Default Setting 5 seconds Command Mode...

Страница 142: ...y hardware LC exec timeout Sets the interval that the command interpreter waits until user input is detected LC login Enables password checking at login LC parity Defines the generation of a parity bi...

Страница 143: ...ommand sets the number of data bits per character that are interpreted and generated by the console port Use the no form to restore the default value Syntax databits 7 8 no databits 7 Seven data bits...

Страница 144: ...interval the session is kept open otherwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command...

Страница 145: ...ent interface starts in Normal Exec NE or Privileged Exec PE mode depending on the user s privilege level 0 or 15 respectively no login selects no authentication When using this method the management...

Страница 146: ...h 32 characters plain text or encrypted case sensitive Default Setting No password is specified Command Mode Line Configuration Command Usage When a connection is started on a line with password prote...

Страница 147: ...allowed password attempts Range 1 120 0 no threshold Default Setting The default value is three attempts Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the...

Страница 148: ...nge 1 65535 where 0 means disabled Default Setting Disabled Command Mode Line Configuration Example To set the silent time to 60 seconds enter this command Console config line silent time 60 Console c...

Страница 149: ...s the number of the stop bits transmitted per byte Use the no form to restore the default setting Syntax stopbits 1 2 no stopbits 1 One stop bit 2 Two stop bits Default Setting 1 stop bit Command Mode...

Страница 150: ...ting Example To set the timeout to two minutes enter this command Console config line timeout login response 120 Console config line disconnect This command terminates an SSH Telnet or console connect...

Страница 151: ...t Range 0 255 character Any valid keyboard character history The number of lines stored in the command buffer and recalled using the arrow keys Range 0 256 length The number of lines displayed on the...

Страница 152: ...d Exec Example To show all lines enter this command Console show line Terminal Configuration for this session Length 24 Width 80 History Size 10 Escape Character ASCII number 27 Terminal Type VT100 Co...

Страница 153: ...64 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to sort messages or to store messages in the corresponding database Example Consol...

Страница 154: ...ash errors level 3 0 RAM debugging level 7 0 Command Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower than that spec...

Страница 155: ...to build up a list of host IP addresses The maximum number of host IP addresses allowed is five Example Console config logging host 10 1 0 3 Console config logging on This command controls logging of...

Страница 156: ...se the no form to disable remote logging Syntax logging trap level level no logging trap level level One of the syslog severity levels listed in the table on page 154 Messages sent include the selecte...

Страница 157: ...Commands show log 157 show log This command displays the log messages stored in local memory Syntax show log flash ram flash Event history stored in flash memory i e permanent memory ram Event histor...

Страница 158: ...splays settings for storing event messages in flash memory i e permanent memory ram Displays settings for storing event messages in temporary RAM i e memory flushed on power reset trap Displays settin...

Страница 159: ...ry command History logging in RAM The message level s reported based on the logging history command Table 24 show logging trap display description Field Description Syslog logging Shows if system logg...

Страница 160: ...ess ip address IPv4 or IPv6 address of an SMTP server that will be sent alert messages for event handling Default Setting None Command Mode Global Configuration Command Usage You can specify up to thr...

Страница 161: ...ging sendmail level This command sets the severity threshold used to trigger alert messages Use the no form to restore the default setting Syntax logging sendmail level level no logging sendmail level...

Страница 162: ...must enter a separate command to specify each recipient Example Console config logging sendmail destination email ted this company com Console config logging sendmail source email This command sets t...

Страница 163: ...namically set by polling a set of specified time servers NTP or SNTP Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries If the clo...

Страница 164: ...based on the interval set via the sntp poll command ntp client Enables the NTP client for time updates from specified servers GC ntp server Specifies NTP servers to poll for time updates GC show ntp...

Страница 165: ...1 0 19 Current Server 137 92 140 80 Console Related Commands sntp server 166 sntp poll 165 show sntp 166 sntp poll This command sets the interval between sending time requests when the switch is set t...

Страница 166: ...e servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchro...

Страница 167: ...form to disable authentication Syntax no ntp authenticate Default Setting Disabled Command Mode Global Configuration Command Usage You can enable NTP authentication to ensure that reliable updates are...

Страница 168: ...to 32 case sensitive printable ASCII characters no spaces Default Setting None Command Mode Global Configuration Command Usage The key number specifies a key value in the NTP authentication key list U...

Страница 169: ...starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the ntp servers command It issues time synchro...

Страница 170: ...ntp authenticate command you must also configure at least one key number using the ntp authentication key command Use the no form of this command without an argument to clear all configured servers in...

Страница 171: ...me Name of the time zone while summer time is in effect usually an acronym Range 1 30 characters b date Day of the month when summer time will begin Range 1 31 b month The month when summer time will...

Страница 172: ...sets the 2014 Summer Time ahead by 60 minutes on March 9th and returns to normal time on November 2nd Console config clock summer time DEST date march 9 2014 01 59 november 2 2014 01 59 60 Console co...

Страница 173: ...the user to manually configure the start end and offset times of summer time daylight savings time for the switch on a recurring basis Use the no form to disable summer time Syntax clock summer time...

Страница 174: ...ge 0 99 minutes Default Setting Disabled Command Mode Global Configuration Command Usage In some countries or regions clocks are adjusted through the summer months so that afternoons have more dayligh...

Страница 175: ...s command sets the local time zone relative to the Coordinated Universal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corre...

Страница 176: ...time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Example Console config clock timezone predefined GMT 0930 Taiohae Console config Related Comma...

Страница 177: ...alendar Current Time Mar 12 02 53 58 2013 Time Zone UTC 00 00 Summer Time DEST offset 60 minutes Apr 1 2007 23 23 to Apr 23 2007 23 23 Summer Time in Effect No Console Time Range This section describe...

Страница 178: ...A maximum of eight rules can be configured for a time range Example Console config time range r d Console config time range Related Commands Access Control Lists 335 absolute This command sets the tim...

Страница 179: ...for the single occurrence of an event Console config time range r d Console config time range absolute start 1 1 1 april 2009 end 2 1 1 april 2009 Console config time range periodic This command sets...

Страница 180: ...ent time is within the absolute time range and one of the periodic time ranges Example This example configures a time range for the periodic occurrence of an event Console config time range sales Cons...

Страница 181: ...p server community Sets up the community access string to permit access to SNMP commands GC snmp server contact Sets the system contact string GC snmp server location Sets the system location string G...

Страница 182: ...rrent Sends a trap when the transceiver current falls outside the specified thresholds IC Port transceiver threshold rx power Sends a trap when the power level of the received signal falls outside the...

Страница 183: ...access to the SNMP protocol Maximum length 32 characters case sensitive Maximum number of strings 5 ro Specifies read only access Authorized management stations are only able to retrieve MIB objects...

Страница 184: ...mand Mode Global Configuration Example Console config snmp server contact Paul Console config Related Commands snmp server location 184 snmp server location This command sets the system location strin...

Страница 185: ...show snmp SNMP Agent Enabled SNMP Traps Authentication Enabled MAC notification Disabled MAC notification interval 1 second s SNMP Communities 1 public and the access level is read only 2 private and...

Страница 186: ...ation Command Usage If you do not enter an snmp server enable traps command no notifications controlled by this command are sent In order to configure this device to send SNMP notifications you must e...

Страница 187: ...3 seconds The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like community str...

Страница 188: ...ver note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider these effects when deciding...

Страница 189: ...ble port traps mac notification This command enables the device to send SNMP traps i e SNMP notifications when a dynamic MAC address is added or removed Use the no form to restore the default setting...

Страница 190: ...Trap Eth 1 1 No Eth 1 2 No Eth 1 3 No SNMPv3 Commands snmp server engine id This command configures an identification string for the SNMPv3 engine Use the no form to restore the default Syntax snmp s...

Страница 191: ...proxy requests or informs to it Trailing zeroes need not be entered to uniquely specify a engine ID In other words the value 0123456789 is equivalent to 0123456789 followed by 16 zeroes for a local e...

Страница 192: ...the Internet OID space 1 writeview Nothing is defined notifyview Nothing is defined Command Mode Global Configuration Command Usage A group sets the access policy for the assigned users When authenti...

Страница 193: ...ip address The Internet address of the remote device v1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input auth Uses SNMPv3 with authentication md5 sha Uses MD5 or SH...

Страница 194: ...remote agent s SNMP engine ID is used to compute authentication privacy digests from the user s password If the remote engine ID is not first configured the snmp server user command specifying a remo...

Страница 195: ...ver view mib 2 1 3 6 1 2 1 included Console config This view includes the MIB 2 interfaces table ifDescr The wild card is used to select all the index values in this table Console config snmp server v...

Страница 196: ...none Notify View none Storage Type volatile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group...

Страница 197: ...uthentication Protocol MD5 Privacy Protocol 3DES Storage Type Nonvolatile Row Status Active SNMP remote user Engine ID 1234567890 User Name bill Group Name rd Security Model v3 Security Level Authenti...

Страница 198: ...gine ID String identifying the engine ID User Name Name of user connecting to the SNMP agent Group Name Name of an SNMP group Security Model Shows the SNMP version 1 2c or 3 Security Level Shows if au...

Страница 199: ...ommand does not delete the entries stored in the notification log Example This example enables the notification log A1 Console config nlm A1 Console config snmp server notify filter This command creat...

Страница 200: ...r command and nlm command and these commands stored in the startup configuration file Then when the switch reboots SNMP traps such as warm start can now be logged When this command is executed a notif...

Страница 201: ...ed target hosts Console show snmp notify filter Filter profile name IP address A1 10 1 19 23 Console Additional Trap Commands memory This command sets an SNMP trap based on configured thresholds for m...

Страница 202: ...ntax process cpu rising rising threshold falling falling threshold no process cpu rising falling rising threshold Rising threshold for CPU utilization alarm expressed in percentage Range 1 100 falling...

Страница 203: ...vent and Alarm groups When RMON is enabled the system gradually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent then...

Страница 204: ...e sampling period delta The last sample is subtracted from the current value and the difference is then compared to the thresholds threshold An alarm threshold for the sampled variable Range 0 2147483...

Страница 205: ...vent for an alarm Use the no form to remove an event Syntax rmon event index log trap community description string owner name no rmon event index index Index to this entry Range 1 65535 log Generates...

Страница 206: ...s number interval seconds interval seconds owner name buckets number interval seconds no rmon collection history controlEntry index index Index to this entry Range 1 65535 number The number of buckets...

Страница 207: ...for port 8 Console config interface ethernet 1 5 Console config if rmon collection history controlEntry 15 Console config if end Console show running config interface ethernet 1 5 rmon collection his...

Страница 208: ...Example Console config interface ethernet 1 1 Console config if rmon collection rmon1 controlEntry 1 owner mike Console config if show rmon alarms This command shows the settings for all configured a...

Страница 209: ...agments and 0 jabbers packets 0 CRC alignment errors and 0 collisions of dropped packet events is 0 Network utilization is estimated at 0 show rmon statistics This command shows the information collec...

Страница 210: ...Chapter 6 Remote Monitoring Commands 210...

Страница 211: ...uence Defines logon authentication method and precedence RADIUS Client Configures settings for authentication via a RADIUS server TACACS Client Configures settings for authentication via a TACACS serv...

Страница 212: ...7 0 means plain password 7 means encrypted password password Password for this privilege level Maximum length 32 characters plain text or encrypted case sensitive Default Setting The default is level...

Страница 213: ...which is assigned privilege level 0 Normal Exec and has access to a limited number of commands and admin which is assigned privilege level 15 and has full access to all commands access level level Sp...

Страница 214: ...ate users logging into the system for management access The commands in this section can be used to define the authentication method and sequence authentication enable This command defines the authent...

Страница 215: ...verified first If the RADIUS server is not available then authentication is attempted on the TACACS server If the TACACS server is not available the local user name and password is checked Example Con...

Страница 216: ...ated Commands username for setting the local user names and passwords 213 RADIUS Client Remote Authentication Dial in User Service RADIUS is a logon authentication protocol that uses software running...

Страница 217: ...Range 1 65535 Default Setting 1813 Command Mode Global Configuration Example Console config radius server acct port 181 Console config radius server auth port This command sets the RADIUS server netw...

Страница 218: ...dress IP address of server acct port RADIUS server UDP port used for accounting messages Range 1 65535 auth port RADIUS server UDP port used for authentication messages Range 1 65535 key Encryption ke...

Страница 219: ...ngth 48 characters Default Setting None Command Mode Global Configuration Example Console config radius server key green Console config radius server retransmit This command sets the number of retries...

Страница 220: ...e 1 65535 Default Setting 5 Command Mode Global Configuration Example Console config radius server timeout 10 Console config show radius server This command displays the current settings for the RADIU...

Страница 221: ...cs server index index The index for this server Range 1 host ip address IP address of a TACACS server key Encryption key used to authenticate logon access for the client Enclose any string containing...

Страница 222: ...acs server key key string no tacacs server key key string Encryption key used to authenticate logon access for the client Enclose any string containing blank spaces in double quotes Maximum length 48...

Страница 223: ...he switch will try to authenticate logon access via the TACACS server Range 1 30 Default Setting 2 Command Mode Global Configuration Example Console config tacacs server retransmit 5 Console config ta...

Страница 224: ...erver IP Address 10 11 12 13 Server Port Number 49 Retransmit Times 2 Timeout 4 TACACS Server Group Group Name Member Index tacacs 1 Console Web Server This section describes commands used to configur...

Страница 225: ...er no ip http port port number The TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Example Console config ip http port 769 Console confi...

Страница 226: ...Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must speci...

Страница 227: ...lient and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 11 Mozilla Firefox 40 or Google Chrome 45 or more recent versions The foll...

Страница 228: ...ip telnet max sessions session count The maximum number of allowed Telnet session Range 0 8 Default Setting 8 sessions Command Mode Global Configuration Command Usage A maximum of eight sessions can b...

Страница 229: ...Default Setting 23 Command Mode Global Configuration Example Console config ip telnet port 123 Console config ip telnet server This command allows this device to be monitored or configured from Telne...

Страница 230: ...GC ip ssh server key size Sets the SSH server key size GC ip ssh timeout Specifies the authentication timeout for the SSH server GC copy tftp public key Copies the user s public key from a TFTP server...

Страница 231: ...0 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 108259132128902337654680172627257141342876294130119619556678259566410486...

Страница 232: ...andom 256 bit string as a challenge encrypts this string with the user s public key and sends it to the client d The client uses its private key to decrypt the challenge string computes the MD5 checks...

Страница 233: ...he number of authentication attempts permitted after which the interface is reset Range 1 5 Default Setting 3 Command Mode Global Configuration Example Console config ip ssh authentication retires 2 C...

Страница 234: ...config ip ssh server Console config Related Commands ip ssh crypto host key generate 236 show ssh 239 ip ssh server key size This command sets the SSH server key size Use the no form to restore the d...

Страница 235: ...switch will wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec timeout command for vty...

Страница 236: ...1 5 clients and DSA Version 2 for SSHv2 clients This command stores the host key pair in memory i e RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client p...

Страница 237: ...mory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Console ip ssh crypto zeroize dsa C...

Страница 238: ...eged Exec Command Usage If no parameters are entered all keys are displayed If the user keyword is entered but no user name is specified then the public keys for all users are displayed When an RSA ke...

Страница 239: ...7s6TLdtny1wRq ow2eTCD5nekAAACBAJ8rMccXTxHLFAczWS7EjOy DbsloBfPuSAb4oAsyjKXKVYNLQkTLZfcFRu41bS2KV5LAwecsigF DjKGWtPNIQqabKgYCw2 o dVzX4Gg yqdTlYmGA7fHGm8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3kk475S7...

Страница 240: ...h sends an EAP request identity frame to the client before restarting the authentication process IC dot1x max req Sets the maximum number of times that the switch retransmits an EAP request identity p...

Страница 241: ...en dot1x is globally disabled Use the no form to restore the default Syntax no dot1x eapol pass through Default Setting Discards all EAPOL frames when dot1x is globally disabled Command Mode Global Co...

Страница 242: ...ce is functioning as an edge switch but does not require any attached clients to be authenticated the no dot1x eapol pass through command can be used to discard unnecessary EAPOL traffic Example This...

Страница 243: ...N assignment to be successful the VLAN must be configured and set as active see the vlan database command and assigned as the guest VLAN for the port see the network access guest vlan command A port c...

Страница 244: ...ce Configuration Example Console config interface eth 1 2 Console config if dot1x max req 2 Console config if dot1x operation mode This command allows hosts clients to connect to an 802 1X authorized...

Страница 245: ...port needs to pass authentication The number of hosts allowed access to a port operating in this mode is limited only by the available space in the secure address table i e up to 1024 addresses Examp...

Страница 246: ...connected the network and the process is handled transparently by the dot1x client software Only if re authentication fails is the port blocked The connected client is re authenticated after the inte...

Страница 247: ...re authperiod seconds no dot1x timeout re authperiod seconds The number of seconds Range 1 65535 Default 3600 seconds Command Mode Interface Configuration Example Console config interface eth 1 2 Cons...

Страница 248: ...nd other EAP request frames to the client during an active connection as required for reauthentication Example Console config interface eth 1 2 Console config if dot1x timeout supp timeout 300 Console...

Страница 249: ...rd on the RADIUS server During re authentication the client remains connected the network and the process is handled transparently by the dot1x client software Only if re authentication fails is the p...

Страница 250: ...efore attempting to acquire a new client page 246 TX Period Time a port waits during authentication session before re transmitting EAP packet page 248 Supplicant Timeout Supplicant timeout Server Time...

Страница 251: ...hrough Disabled 802 1X Port Summary Port Type Operation Mode Control Mode Authorized Eth 1 1 Disabled Single Host Force Authorized Yes Eth 1 2 Disabled Single Host Force Authorized Yes Eth 1 51 Disabl...

Страница 252: ...o restore the default setting Syntax no management all client http client snmp client telnet client start address end address all client Adds IP address es to all groups http client Adds IP address es...

Страница 253: ...ng addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and re enter the add...

Страница 254: ...Filter HTTP Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 168 1 30 SNMP Client Start IP address End IP address 1 192 168 1 19 192 168 1 19 2 192 168 1 25 192 16...

Страница 255: ...rames based on MAC address or Ethernet type DHCPv4 Snooping Filters untrusted DHCPv4 messages on unsecure ports by building and maintaining a DHCPv4 snooping binding table DHCPv6 Snooping Filters untr...

Страница 256: ...take action by disabling the port and sending a trap message mac learning This command enables MAC address learning on the selected interface Use the no form to disable MAC address learning Syntax no...

Страница 257: ...config if no mac learning Console config if Related Commands show interfaces status 376 port security This command enables or configures port security Use the no form without any keywords to disable p...

Страница 258: ...ed on the port The specified maximum address count is effective when port security is enabled or disabled Note that you can manually add additional secure addresses to a port using the mac address tab...

Страница 259: ...ow port security interface interface interface Specifies a port interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 Command Mode Privileged Exec Example This examp...

Страница 260: ...2 Port Security Enabled Port Status Secure Up Intrusion Action None Max MAC Count 0 Current MAC Count 0 MAC Filter ID Disabled Last Intrusion MAC NA Last Time Detected Intrusion MAC NA Console This e...

Страница 261: ...y of service feature IC network access dynamic vlan Enables dynamic VLAN assignment from a RADIUS server IC network access guest vlan Specifies the guest VLAN IC network access link detection Enables...

Страница 262: ...able aging time command This parameter applies to authenticated MAC addresses configured by the MAC Address Authentication process described in this section as well as to any secure MAC addresses auth...

Страница 263: ...is different from configuring static addresses with the mac address table static command in that it allows you configure a range of addresses when using a mask and then to assign these addresses to on...

Страница 264: ...work access dynamic qos Default Setting Disabled Command Mode Interface Configuration Command Usage The RADIUS server may optionally return dynamic QoS assignments to be applied to a switch port for a...

Страница 265: ...access dynamic qos Console config if network access dynamic vlan Use this command to enable dynamic VLAN assignment for an authenticated port Use the no form to disable dynamic VLAN assignment Syntax...

Страница 266: ...ation is rejected Use the no form of this command to disable guest VLAN assignment Syntax network access guest vlan vlan id no network access guest vlan vlan id VLAN ID Range 1 4094 Default Setting Di...

Страница 267: ...ink down Use this command to detect link down events When detected the switch can shut down the port send an SNMP trap or both Use the no form of this command to disable this feature Syntax network ac...

Страница 268: ...Setting Disabled Command Mode Interface Configuration Example Console config interface ethernet 1 1 Console config if network access link detection link up action trap Console config if network acces...

Страница 269: ...uthenticated IEEE 802 1X and MAC addresses allowed Range 0 1024 0 for unlimited Default Setting 1024 Command Mode Interface Configuration Command Usage The maximum number of MAC addresses per port is...

Страница 270: ...port security cannot be configured together on the same port Only one security mechanism can be applied MAC authentication cannot be configured on trunks i e static nor dynamic When port status chang...

Страница 271: ...Use the no form of this command to restore the default Syntax mac authentication intrusion action block traffic pass traffic no mac authentication intrusion action Default Setting Block Traffic Comman...

Страница 272: ...ies dynamic Specifies dynamic address entries mac address Specifies a MAC address entry Format xx xx xx xx xx xx interface Specifies a port interface ethernet unit port unit Unit identifier Range 1 po...

Страница 273: ...VLAN Disabled Link Detection Disabled Detection Mode Link down Detection Action Trap Console show network access mac address table Use this command to display secure MAC address table entries Syntax s...

Страница 274: ...20s Dynamic Console show network access mac filter Use this command to display information for entries in the MAC filter tables Syntax show network access mac filter filter id filter id Specifies a MA...

Страница 275: ...ge 1 3 Default Setting 3 login attempts Table 53 Web Authentication Command Function Mode web auth login attempts Defines the limit for failed web authentication login attempts GC web auth quiet perio...

Страница 276: ...t wait before attempting authentication again Range 1 180 seconds Default Setting 60 seconds Command Mode Global Configuration Example Console config web auth quiet period 120 Console config web auth...

Страница 277: ...Configuration Command Usage Both web auth system auth control for the switch and web auth for an interface must be enabled for the web authentication feature to be active Example Console config web a...

Страница 278: ...tifier Range 1 port Port number Range 1 32 54 Default Setting None Command Mode Privileged Exec Example Console web auth re authenticate interface ethernet 1 2 Console web auth re authenticate IP This...

Страница 279: ...eout 3600 Quiet Period 60 Max Login Attempts 3 Console show web auth interface This command displays interface specific web authentication parameters and statistics Syntax show web auth interface inte...

Страница 280: ...on option Enables or disables the use of DHCP Option 82 information and specifies frame format for the remote id GC ipdhcpsnoopinginformation option encode no subtype Disables use of sub type and sub...

Страница 281: ...d When enabled DHCP messages entering an untrusted interface are filtered based upon dynamic entries learned via DHCP snooping Table entries are only learned for trusted interfaces Each entry includes...

Страница 282: ...d by the ip dhcp snooping verify mac address command However if MAC address verification is enabled then the packet will only be forwarded if the client s hardware address stored in the DHCP packet is...

Страница 283: ...id ip address encode ascii hex mac address encode ascii hex string string no ip dhcp snooping information option encode no subtype remote id ip address encode mac address encode encode no subtype Dis...

Страница 284: ...tion in incoming DHCP packets but not relay them Packets are processed as follows If an incoming packet is a DHCP request packet with option 82 information it will modify the option 82 information acc...

Страница 285: ...x ip dhcp snooping information option remote id ip address encode ascii hex mac address encode ascii hex string no ip dhcp snooping information option remote id ip address encode mac address encode ma...

Страница 286: ...ess when DHCP snooping is enabled and forwards the packets to trusted ports Default Setting replace Command Mode Global Configuration Command Usage When the switch receives DHCP packets from clients t...

Страница 287: ...ss in the Ethernet header Use the no form to disable this function Syntax no ip dhcp verify mac address Default Setting Enabled Command Mode Global Configuration Command Usage If MAC address verificat...

Страница 288: ...d DHCP snooping can still be configured for specific VLANs but the changes will not take effect until DHCP snooping is globally re enabled When DHCP snooping is globally enabled and then disabled on a...

Страница 289: ...ng The R 124 string includes the following information sub type Distinguishes different types of circuit IDs sub length Length of the circuit ID type access node identifier ASCII string Default is the...

Страница 290: ...twork or fire wall Set all ports connected to DHCP servers within the local network or fire wall to trusted and all other ports outside the local network or fire wall to untrusted When DHCP snooping i...

Страница 291: ...e clear ip dhcp snooping binding 11 22 33 44 55 66 vlan 1 Console clear ip dhcp snooping database flash This command removes all dynamically learned snooping entries from flash memory Command Mode Pri...

Страница 292: ...emote ID MAC Address hex encoded DHCP Snooping Information Policy replace DHCP Snooping is configured on the following VLANs 1 Verify Source Mac Address enabled DHCP Snooping rate limit unlimited Inte...

Страница 293: ...ode ipv6 dhcp snooping Enables DHCPv6 snooping globally GC ipv6 dhcp snooping option remote id Enables insertion of DHCPv6 Option 37 relay agent remote id GC ipv6 dhcp snooping option remote id policy...

Страница 294: ...If DHCPv6 snooping is enabled globally and also enabled on the VLAN where the DHCPv6 packet is received DHCPv6 packets are forwarded for a trusted port as described below If DHCPv6 snooping is enable...

Страница 295: ...to binding table update lease time and forward to original destination Otherwise remove binding entry and check failed If a DHCPv6 Relay packet is received check the relay message option in Relay Forw...

Страница 296: ...ts DHCPv6 clients to the DHCPv6 server Known as DHCPv6 Option 37 it allows compatible DHCPv6 servers to use the information when assigning IP addresses or to set other services or policies for clients...

Страница 297: ...option remote id Console config ipv6 dhcp snooping option remote id policy This command sets the remote id option policy for DHCPv6 client packets that include Option 37 information Use the no form to...

Страница 298: ...fault Setting Disabled Command Mode Global Configuration Command Usage When DHCPv6 snooping enabled globally using the ipv6 dhcp snooping command and enabled on a VLAN with this command DHCPv6 packet...

Страница 299: ...ommand configures the specified interface as trusted Use the no form to restore the default setting Syntax no ipv6 dhcp snooping trust Default Setting All interfaces are untrusted Command Mode Interfa...

Страница 300: ...e config if Related Commands ipv6 dhcp snooping 293 ipv6 dhcp snooping vlan 298 clear ipv6 dhcp snooping binding This command clears DHCPv6 snooping binding table entries from RAM Use this command wit...

Страница 301: ...l DHCPv6 Snooping status disabled DHCPv6 Snooping remote id option status disabled DHCPv6 Snooping remote id policy drop DHCPv6 Snooping is configured on the following VLANs 1 Interface Trusted Max bi...

Страница 302: ...d on manually configured entries in the IPv4 Source Guard table or dynamic entries in the DHCPv4 Snooping table when enabled see DHCPv4 Snooping on page 280 IPv4 source guard can be used to prevent tr...

Страница 303: ...p address A valid unicast IP address including classful types A B or C unit Unit identifier Range 1 port list Physical port number or list of port numbers Separate nonconsecutive port numbers with a c...

Страница 304: ...s and the type of the entry is dynamic DHCP snooping binding then the new entry will replace the old one and the entry type will be changed to static IP source guard binding Note that a static IP sour...

Страница 305: ...nst all entries in the binding table Use the sip mac option to check these same parameters plus the source MAC address Use the no ip source guard command to disable this function on the selected port...

Страница 306: ...raffic on that port except for DHCP packets Only unicast addresses are accepted for static bindings Example This example enables IP source guard on port 5 Console config interface ethernet 1 5 Console...

Страница 307: ...the number of MAC addresses learned per port Authenticated IP traffic with different source MAC addresses cannot be learned if it would exceed this maximum number Example This example sets the maximu...

Страница 308: ...d This command clears source guard binding table entries from RAM Syntax clear ip source guard binding blocked Command Mode Privileged Exec Command Usage When IP Source Guard detects an invalid packet...

Страница 309: ...p snooping Shows dynamic entries configured with DHCP Snooping commands see page 280 static Shows static entries configured with the ip source guard binding command see page 303 acl Shows static entri...

Страница 310: ...terface no ipv6 source guard binding mac address vlan vlan id mac address A valid unicast MAC address vlan id ID of a configured VLAN Range 1 4094 ipv6 address Corresponding IPv6 address This address...

Страница 311: ...with same MAC address and a different VLAN ID cannot be added to the binding table Static bindings are processed as follows If there is no entry with same and MAC address and IPv6 address a new entry...

Страница 312: ...erface the switch initially blocks all IPv6 traffic received on that interface except for ND packets allowed by ND snooping and DHCPv6 packets allowed by DHCPv6 snooping A port access control list ACL...

Страница 313: ...which IPv6 source bindings dynamically learned via ND snooping or DHCPv6 snooping or manually configured are not yet configured the switch will drop all IPv6 traffic on that port except for ND packet...

Страница 314: ...l be added to the IPv6 source guard binding table If IPv6 source guard is enabled on a port and the maximum number of allowed bindings is changed to a lower value precedence is given to deleting entri...

Страница 315: ...in the IPv6 Source Guard table or dynamic entries in the Neighbor Discovery Snooping table or DHCPv6 Snooping table when either snooping protocol is enabled see DHCPv6 Snooping on page 293 IPv6 source...

Страница 316: ...ndefined fields interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 Default Setting No configured entries Command Mode Global Configuration Command Usage Table ent...

Страница 317: ...nly unicast addresses are accepted for static bindings Example This example configures a static source guard binding on port 5 Console config ipv6 source guard binding 00 ab 11 cd 23 45 vlan 1 2001 1...

Страница 318: ...are automatically configured with an infinite lease time Dynamic entries learned via DHCPv6 snooping are configured by the DHCPv6 server itself If IPv6 source guard is enabled an inbound packet s sou...

Страница 319: ...ress entries that can be mapped to an interface in the binding table including both dynamic entries discovered by ND snooping DHCPv6 snooping and static entries set by the ipv6 source guard command IP...

Страница 320: ...led or disabled on each interface and the maximum allowed bindings Command Mode Privileged Exec Example Console show ipv6 source guard Interface Filter type Max binding Eth 1 1 DISABLED 5 Eth 1 2 DISA...

Страница 321: ...h statically configured IP addresses This section describes commands used to configure ARP Inspection Table 60 ARP Inspection Commands Command Function Mode ip arp inspection Enables ARP Inspection gl...

Страница 322: ...luding those where ARP Inspection is enabled When ARP Inspection is disabled all ARP request and reply packets bypass the ARP Inspection engine and their manner of switching matches that of all other...

Страница 323: ...d ACL address bindings in the DHCP snooping database is not checked Default Setting ARP ACLs are not bound to any VLAN Static mode is not enabled Command Mode Global Configuration Command Usage ARP AC...

Страница 324: ...By default logging is active for ARP Inspection and cannot be disabled When the switch drops a packet it places an entry in the log buffer Each entry contains flow information such as the receiving VL...

Страница 325: ...es are checked in all ARP requests and responses while target IP addresses are checked only in ARP responses allow zeros Allows sender IP address to be 0 0 0 0 src mac Checks the source MAC address in...

Страница 326: ...enabled When ARP Inspection is disabled all ARP request and reply packets bypass the ARP Inspection engine and their manner of switching matches that of all other packets Disabling and then re enabli...

Страница 327: ...ig if ip arp inspection limit rate 150 Console config if ip arp inspection trust This command sets a port as trusted and thus exempted from ARP Inspection Use the no form to restore the default settin...

Страница 328: ...Interval 10 s Log Message Number 1 Need Additional Validation s Yes Additional Validation Type Destination MAC address Console show ip arp inspection interface This command shows the trust status and...

Страница 329: ...statistics ARP packets received 150 ARP packets dropped due to rate limt 5 Total ARP packets processed by ARP Inspection 150 ARP packets dropped by additional validation source MAC address 0 ARP pack...

Страница 330: ...er clients or to forward traffic through the uplink ports used by other clients allowing different clients to share access to their uplink ports where security is less likely to be compromised traffic...

Страница 331: ...l Enter the traffic segmentation command without any parameters to enable traffic segmentation Then set the interface members for segmented groups using the traffic segmentation uplink downlink comman...

Страница 332: ...e interfaces to normal operating mode Example Console config traffic segmentation session 1 Console config traffic segmentation uplink downlink This command configures the uplink and down link ports f...

Страница 333: ...s If a downlink port is not configured for the session the assigned uplink ports will operate as normal ports Example This example enables traffic segmentation and then sets port 10 as the uplink and...

Страница 334: ...sole config traffic segmentation uplink to uplink forwarding Console config show traffic segmentation This command displays the configured traffic segments Command Mode Privileged Exec Example Console...

Страница 335: ...Command Group Function IPv4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code IPv6 ACLs Configures ACLs based on IPv6 addresses MAC ACLs Configures A...

Страница 336: ...IP address and other more specific criteria acl name Name of the ACL Maximum length 32 characters Default Setting None Command Mode Global Configuration Command Usage When you create a new ACL or ent...

Страница 337: ...t Setting None Command Mode Standard IPv4 ACL Command Usage New rules are appended to the end of the list Address bit masks are similar to a subnet mask containing four integers from 0 to 255 each sep...

Страница 338: ...ort dport port bitmask permit deny tcp any source address bitmask host source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port sport bitmask destina...

Страница 339: ...to indicate ignore The bit mask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned You...

Страница 340: ...onfig ext acl This permits all TCP packets from class C addresses 192 168 1 0 with the TCP control code set to SYN Console config ext acl permit tcp 192 168 1 0 255 255 255 0 any control flag 2 2 Cons...

Страница 341: ...ccess list 341 Time Range 177 show ip access group This command shows the ports assigned to IP ACLs Command Mode Privileged Exec Example Console show ip access group Interface ethernet 1 2 IP access l...

Страница 342: ...pecified ACL Syntax no access list ipv6 standard extended acl name standard Specifies an ACL that filters packets based on the source IP address extended Specifies an ACL that filters packets based on...

Страница 343: ...rd IPv6 ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule Syntax permit deny any host source ipv6 address source ipv6 address prefix...

Страница 344: ...form to remove a rule Syntax permit deny any host destination ipv6 address destination ipv6 address prefix length time range time range name no permit deny any host destination ipv6 address destinati...

Страница 345: ...m to remove the port Syntax ipv6 access group acl name in out time range time range name counter no ipv6 access group acl name in out acl name Name of the ACL Maximum length 16 characters in Indicates...

Страница 346: ...p Interface ethernet 1 2 IPv6 standard access list david in Console Related Commands ipv6 access group 345 show ipv6 access list This command displays the rules for configured IPv6 ACLs Syntax show ip...

Страница 347: ...rm to remove the specified ACL Syntax no access list mac acl name acl name Name of the ACL Maximum length 16 characters Default Setting None Command Mode Global Configuration Command Usage When you cr...

Страница 348: ...ol protocol bitmask time range time range name no permit deny any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask ethertype protocol protocol bi...

Страница 349: ...ntagged 802 3 any host source source address bitmask any host destination destination address bitmask tagged eth2 Tagged Ethernet II packets untagged eth2 Untagged Ethernet II packets tagged 802 3 Tag...

Страница 350: ...host 00 e0 29 94 34 de ethertype 0800 Console config mac acl Related Commands access list mac 347 Time Range 177 mac access group This command binds a MAC ACL to a port Use the no form to remove the...

Страница 351: ...command shows the ports assigned to MAC ACLs Command Mode Privileged Exec Example Console show mac access group Interface ethernet 1 5 MAC access list M5 in Console Related Commands mac access group 3...

Страница 352: ...de Global Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an A...

Страница 353: ...ss bitmask log no permit deny response ip any host source ip source ip ip address bitmask any host destination ip destination ip ip address bitmask mac any host source mac source mac mac address bitma...

Страница 354: ...cess list arp acl name acl name Name of the ACL Maximum length 32 characters Command Mode Privileged Exec Example Console show access list arp ARP access list factory permit response ip any 192 168 0...

Страница 355: ...face name acl name in Clears counter for ingress rules out Clears counter for egress rules interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 acl name Name of the...

Страница 356: ...s rules for Extended IPv4 ACLs ip standard Shows ingress rules for Standard IPv4 ACLs ipv6 extended Shows ingress rules for Extended IPv6 ACLs ipv6 standard Shows ingress rules for Standard IPv6 ACLs...

Страница 357: ...ter 9 Access Control Lists ACL Information 357 MAC access list jerry permit any host 00 30 29 94 34 de ethertype 800 800 IP extended access list A6 deny tcp any any control flag 2 2 permit any any Con...

Страница 358: ...Chapter 9 Access Control Lists ACL Information 358...

Страница 359: ...s port settings for 40G operation PE show hardware profile portmode Displays the configuration settings for 40G operation PE show interfaces brief Displays a summary of key information including opera...

Страница 360: ...lds for the transceiver power level of the received signal which can be used to trigger an alarm or warning message IC transceiver threshold temperature Sets thresholds for the transceiver temperature...

Страница 361: ...figures an alias name for the interface Use the no form to remove the alias name Syntax alias string no alias string A mnemonic name to help you remember what is attached to this interface Range 1 64...

Страница 362: ...e in this object is the name of the manufacturer and the product name Example The following example adds a description to port 4 Console config interface ethernet 1 4 Console config if description RD...

Страница 363: ...the no form to remove a named entry from the sampling table Syntax history name interval buckets no history name name A symbolic name for this entry in the sampling table Range 1 32 characters interva...

Страница 364: ...rface Configuration Ethernet Example This forces the switch to use the built in SFP slot for port 25 Console config interface ethernet 1 51 Console config if media type sfp forced 1000sfp Console conf...

Страница 365: ...is command to specify the required size of the MTU The comparison of packet size against the configured port MTU considers only the incoming packet size and is not affected by the fact that an ingress...

Страница 366: ...6 Console config if Related Commands jumbo frame 126 show interfaces status 376 clear counters This command clears statistics on an interface Syntax clear counters interface interface ethernet unit po...

Страница 367: ...ault Setting AS6700 32X 1x40g AS6700 54X The example under the show hardware profile portmode command shows the default settings for this switch Command Mode Privileged Exec Command Usage 40G ports ca...

Страница 368: ...1 69 72 1x40g 1 11 1 73 76 1x40g 1 12 1 77 80 1x40g 1 13 1 81 84 1x40g 1 14 1 85 88 1x40g 1 15 1 89 92 1x40g 1 16 1 93 96 1x40g 1 17 1 97 100 1x40g 1 18 1 101 104 1x40g 1 19 1 105 108 1x40g 1 20 1 109...

Страница 369: ...ne Eth 1 2 Up 1 0 1000full 1000BASE SFP None Eth 1 3 Down 1 0 10Gfull 10GBASE SFP None show interfaces counters This command displays interface statistics Syntax show interfaces counters interface int...

Страница 370: ...rrors 0 Pause Frames Input 0 Pause Frames Output RMON Stats 0 Drop Events 16900558 Octets 40243 Packets 170 Broadcast PKTS 23 Multi cast PKTS 0 Undersize PKTS 0 Oversize PKTS 0 Fragments 0 Jabbers 0 C...

Страница 371: ...b layer to a higher sub layer which were addressed to a multicast address at this sub layer Multicast Output The total number of packets that higher level protocols requested be transmitted and which...

Страница 372: ...ull duplex mode at 1000 Mb s the number of times the receiving media is non idle a carrier event for a period of time equal to or greater than minFrameSize and during which there was at least one occu...

Страница 373: ...ceived and transmitted that were less than 64 octets in length excluding framing bits but including FCS octets 65 127 Octets 128 255 Octets 256 511 Octets 512 1023 Octets 1024 1518 Octets 1519 1536 Oc...

Страница 374: ...e Eth 1 1 Name 15min Interval 900 second s Buckets Requested 96 Buckets Granted 7 Status Active Current Entries Start Time Octets Input Unicast Multicast Broadcast 00d 01 45 01 0 00 105421 688 30 8 Di...

Страница 375: ...ts Output Unicast Multicast Broadcast 0 00 48334 54 19 0 Discards Errors 0 0 Previous Entries Start Time Octets Input Unicast Multicast Broadcast 00d 00 05 37 1400912 9381 1895 50 00d 00 06 37 1566090...

Страница 376: ...d information on all interfaces is displayed Example Console show interfaces status ethernet 1 1 Information of Eth 1 1 Basic Information Port Type 1000Base SFP MAC Address 00 00 0C 00 00 FE Configura...

Страница 377: ...nge 1 32 54 port channel channel id Range 1 16 27 Default Setting Shows all interfaces Command Mode Normal Exec Privileged Exec Command Usage If no interface is specified information on all interfaces...

Страница 378: ...old level page 421 Multicast Threshold Shows if multicast storm suppression is enabled or disabled if enabled it also shows the threshold level page 421 Unknown Unicast Threshold Shows if unknown unic...

Страница 379: ...w alarm low warning threshold value high alarm Sets the high current threshold for an alarm message high warning Sets the high current threshold for a warning message low alarm Sets the low current th...

Страница 380: ...mmand are sent to any management station configured by the snmp server host command Example The following example sets alarm thresholds for the transceiver current at port 1 Console config interface e...

Страница 381: ...threshold rx power low alarm 21 Console config if transceiver threshold rx power high alarm 3 Console transceiver threshold temperature This command sets thresholds for the transceiver temperature whi...

Страница 382: ...ransmitted signal which can be used to trigger an alarm or warning message Syntax transceiver threshold tx power high alarm high warning low alarm low warning threshold value high alarm Sets the high...

Страница 383: ...alarm high warning low alarm low warning threshold value high alarm Sets the high voltage threshold for an alarm message high warning Sets the high voltage threshold for a warning message low alarm S...

Страница 384: ...ch can display diagnostic information for SFP modules which support the SFF 8472 Specification for Diagnostic Monitoring Interface for Optical Transceivers This information allows administrators to re...

Страница 385: ...dBm 21 50 21 00 3 50 3 00 Console The following example shows information for a 40G transceiver Console show interfaces transceiver ethernet 1 54 Information of Eth 1 54 Connector Type No Separable Co...

Страница 386: ...iagnose problems with optical devices This feature referred to as Digital Diagnostic Monitoring DDM in the command display provides information on transceiver parameters including temperature supply v...

Страница 387: ...es it possible to check that an interface is working properly without having to make any network connections When performing an internal loopback test packets from the specified interface are looped b...

Страница 388: ...Chapter 10 Interface Commands Cable Diagnostics 388 Example Console show loop internal interface ethernet 1 1 Port Test Result Last Update Eth 1 1 Succeeded 2013 04 15 15 26 56 Console...

Страница 389: ...ion mode for the trunk GC port channel load balance Sets the load distribution method among ports in aggregated links GC channel group Adds a port to a trunk IC Ethernet Dynamic Configuration Commands...

Страница 390: ...deleted from a VLAN via the specified port channel STP VLAN and IGMP settings can only be made for the entire trunk via the specified port channel Dynamically Creating a Port Channel Ports assigned to...

Страница 391: ...nd dynamic trunks on the switch To ensure that the switch traffic load is distributed evenly across all links in a trunk select the source and destination addresses used in the load balance calculatio...

Страница 392: ...ived from many different hosts src mac All traffic with the same source MAC address is output on the same link in a trunk This mode works best for switch to switch trunk links where traffic through th...

Страница 393: ...orm to disable it Syntax no lacp Default Setting Disabled Command Mode Interface Configuration Ethernet Command Usage The ports on both ends of an LACP trunk must be configured for full duplex either...

Страница 394: ...t 262143 Kbits second Unknown Unicast Storm Disabled Unknown Unicast Storm Limit 262143 Kbits second Flow Control Disabled VLAN Trunking Disabled MAC Learning Enabled MTU 1518 Current status Created B...

Страница 395: ...in use on that side Configuring LACP settings for the partner only applies to its administrative state not its operational state Note Configuring the partner admin key does not affect remote or local...

Страница 396: ...P operational settings are already in use on that side Configuring LACP settings for the partner only applies to its administrative state not its operational state and will only take effect the next t...

Страница 397: ...x lacp admin key key no lacp admin key key The port channel admin key is used to identify a specific link aggregation group LAG during local LACP setup on this switch Range 0 65535 Default Setting 0 C...

Страница 398: ...nsmitted LACPDUs When the partner switch receives an LACPDU set with a short timeout from the actor switch the partner adjusts the transmit LACPDU interval to 1 second When it receives an LACPDU set w...

Страница 399: ...Mode Privileged Exec Example Console show lacp 1 counters Port Channel 1 Member Port Eth 1 1 LACPDU Sent 63 LACPDU Received 62 MarkerPDU Sent 0 MarkerPDU Received 0 MarkerResponsePDU Sent 0 MarkerResp...

Страница 400: ...the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly form...

Страница 401: ...xpired state Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames...

Страница 402: ...system ID assigned by the LACP protocol Partner Admin Port ID Current administrative value of the port priority and the port number for the protocol partner Partner Oper Port ID Operational port prio...

Страница 403: ...pear as an ordinary link aggregation group LAG The cooperating switches are MLAG peer switches and communicate through an interface called a peer link While the peer link s primary purpose is exchangi...

Страница 404: ...ic segmentation up link down link port cannot be configured on an MLAG member or peer link All actions which cause a port to become nonexistent such as deleting a trunk port adding a port to a trunk o...

Страница 405: ...a pair of MLAG devices in the same MLAG domain See Figure 1 The peer link can be a normal port or a static trunk The peer link may be a normal port or a static trunk MAC learning is automatically dis...

Страница 406: ...al port or a static trunk An MLAG member is active if the MLAG ID is set and the associated MLAG domain is active An MLAG member is active if the MLAG ID is set and the associated MLAG domain is activ...

Страница 407: ...are synced through the peer link for the MLAG will be removed automatically Example Console config mlag group 1 domain 1 member ethernet 1 1 Console config show mlag This command shows MLAG configura...

Страница 408: ...Chapter 11 Link Aggregation Commands MLAG Commands 408 Example Console show mlag domain 1 Peer Link Eth 1 1 MLAG List 10 20 33 35 Console...

Страница 409: ...x tx both no port monitor interface interface ethernet unit port source port unit Unit identifier Range 1 port Port number Range 1 32 54 rx Mirror received packets tx Mirror transmitted packets both M...

Страница 410: ...nitor command to specify the source of the traffic to mirror Note that the destination port cannot be a trunk or trunk member port When mirroring traffic from a port the mirror port and monitor port s...

Страница 411: ...rt Eth1 5 Source Port monitored port Eth1 6 Mode RX TX Console RSPAN Mirroring Commands Remote Switched Port Analyzer RSPAN allows you to mirror traffic from remote switches for analysis on a local de...

Страница 412: ...source destination or uplink Also note that the source port and destination port cannot be configured on the same switch Local Remote Mirror The destination of a local mirror session created with the...

Страница 413: ...Range 1 2 Only two mirror sessions are allowed including both local and remote mirroring If local mirroring is enabled with the port monitor command then there is only one session available for RSPAN...

Страница 414: ...mote mirroring If local mirroring is enabled with the port monitor command then there is only one session available for RSPAN interface ethernet unit port unit Unit identifier Range 1 port Port number...

Страница 415: ...vailable for RSPAN vlan id ID of configured RSPAN VLAN Range 2 4092 Use the vlan rspan command to reserve a VLAN for RSPAN mirroring before enabling RSPAN with this command source Specifies this devic...

Страница 416: ...figured RSPAN session Syntax no rspan session session id session id A number identifying this RSPAN session Range 1 2 Only two mirror sessions are allowed including both local and remote mirroring If...

Страница 417: ...xec Example Console show rspan session RSPAN Session ID 1 Source Ports mirrored ports None RX Only None TX Only None BOTH None Destination Port monitor port Eth 1 2 Destination Tagged Mode Untagged Sw...

Страница 418: ...Chapter 12 Port Mirroring Commands RSPAN Mirroring Commands 418...

Страница 419: ...terface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network Packets that exceed the acceptable amount of traffic are dropped Rate limiting ca...

Страница 420: ...ts per second for 10G Ethernet ports 64 40 000 000 Kbits per second for 40G Ethernet ports Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage If the rate...

Страница 421: ...switchport broadcast multicast unknown unicast packet rate rate no switchport broadcast multicast unicast broadcast Specifies storm control for broadcast traffic multicast Specifies storm control for...

Страница 422: ...rface may lead to unexpected results It is therefore not advisable to use both of these commands on the same interface Example The following shows how to configure broadcast storm control at 600 kilob...

Страница 423: ...interface or when a interface is released from a shutdown state caused by a loopback event a trap message is sent and the event recorded in the system log Loopback detection must be enabled both globa...

Страница 424: ...ded for the spanning tree protocol on port 1 and then enables general loopback detection for that port Console config loopback detection Console config interface ethernet 1 1 Console config if no span...

Страница 425: ...erefore shut down Use the loopback detection recover time command to set the time to wait before re enabling an interface shut down by the loopback detection process When the loopback detection respon...

Страница 426: ...to transmit loopback detection control frames Use the no form to restore the default setting Syntax loopback detection transmit interval seconds no loopback detection transmit interval seconds The tra...

Страница 427: ...ing None Command Mode Global Configuration Command Usage Refer to the loopback detection recover time command for information on conditions which constitute loopback recovery Example Console config lo...

Страница 428: ...y be set to None this command will still display the configured Detection Port Admin State and Information Oper State Example Console show loopback detection Loopback Detection Global Information Glob...

Страница 429: ...interval detection interval The amount of time the switch remains in detection state after discovering a neighbor through UDLD Range 5 255 seconds Default Setting 5 seconds Command Mode Global Config...

Страница 430: ...messages after linkup or detection phases Range 7 90 seconds Default Setting 15 seconds Command Mode Global Configuration Command Usage During the detection phase messages are exchanged at the maximum...

Страница 431: ...le config udld recovery Console config udld recovery interval This command specifies the period after which to automatically recover from UDLD disabled port state Use the no form to restore the defaul...

Страница 432: ...connectivity UDLD follows a conservative approach to minimize false positives during the detection process and deems a port to be in undetermined state In other words normal mode will shut down a port...

Страница 433: ...ompt corrective action to be taken Whenever a UDLD device learns about a new neighbor or receives a resynchronization request from an out of synch neighbor it re starts the detection process on its si...

Страница 434: ...1 1 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 2 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 3 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 4 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 5...

Страница 435: ...rt state Unknown Bidirectional Unidirectional Transmit to receive loop Mismatch with neighbor state reported Neighbor s echo is empty The state is Unknown if the link is down or not connected to a UDL...

Страница 436: ...Chapter 15 UniDirectional Link Detection Commands 436...

Страница 437: ...guration Command Usage The aging time is used to age out dynamically learned forwarding information Example Console config mac address table aging time 100 Console config Table 86 Address Table Comman...

Страница 438: ...witch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default lifetime is permanent Command Mode Global Configuration Command Usage The static address fo...

Страница 439: ...address table dynamic Console show mac address table This command shows classes of entries in the bridge forwarding database Syntax show mac address table address mac address mask interface interface...

Страница 440: ...of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 16K Example Console show mac address table Flag VXLAN VNID Interface MAC A...

Страница 441: ...Syntax show mac address table count interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 port channel channel id Range 1 16 27 Default Setting...

Страница 442: ...Chapter 16 Address Table Commands 442...

Страница 443: ...to all other ports or just to all other ports in the same VLAN when global spanning tree is disabled GC spanning tree transmission limit Configures the transmission limit for RSTP MSTP GC max hops Co...

Страница 444: ...n a primary link goes down Example This example shows how to enable the Spanning Tree Algorithm for the switch Console config spanning tree Console config spanning tree port priority Configures the sp...

Страница 445: ...earning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conf...

Страница 446: ...her of 6 or 2 x hello time 1 The maximum value is the lower of 40 or 2 x forward time 1 Default Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in...

Страница 447: ...perating multiple VLANs we recommend selecting the MSTP option Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynam...

Страница 448: ...sed values that range from 1 200 000 000 This method is based on the IEEE 802 1w Rapid Spanning Tree Protocol short Specifies 16 bit based values that range from 1 65535 This method is based on the IE...

Страница 449: ...used in selecting the root device root port and designated port The device with the highest priority i e lower numeric value becomes the STA root device However if all devices have the same priority t...

Страница 450: ...oding to all Floods BPDUs to all other ports on the switch to vlan Floods BPDUs to all other ports within the receiving port s native VLAN i e as determined by port s PVID Default Setting Floods to al...

Страница 451: ...TP and RSTP protocols Therefore the message age for BPDUs inside an MSTI region is never changed However each spanning tree instance within a region and the internal spanning tree IST that connects th...

Страница 452: ...his switch to act as the MSTI root device by specifying a priority of 0 or as the MSTI alternate device by specifying a priority of 16384 Example Console config mstp mst 1 priority 4096 Console config...

Страница 453: ...VLANs Also note that RSTP treats each MSTI region as a single node connecting all regions to the Common Spanning Tree Example Console config mstp mst 1 vlan 2 5 Console config mstp name This command c...

Страница 454: ...th the same MST instances Example Console config mstp revision 1 Console config mstp Related Commands name 453 spanning tree bpdu filter This command allows you to avoid transmitting BPDUs on configur...

Страница 455: ...ywords to disable this feature or with a keyword to restore the default settings Syntax spanning tree bpdu guard auto recovery interval interval no spanning tree bpdu guard auto recovery interval auto...

Страница 456: ...path cost method Default Setting By default the system automatically detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 i...

Страница 457: ...rnet 1 5 Console config if spanning tree cost 50 Console config if spanning tree edge port This command specifies an interface as an edge port Use the no form to restore the default Syntax spanning tr...

Страница 458: ...ed to an end node device When edge port is set as auto the operational state is determined automatically by the Bridge Detection State Machine described in 802 1D 2004 where the edge port state may ch...

Страница 459: ...ation 1 65535 for short path cost method8 1 200 000 000 for long path cost method The recommended path cost range is listed in Table 88 on page 456 Default Setting By default the system automatically...

Страница 460: ...ntifier of the spanning tree Range 0 4094 priority Priority for an interface Range 0 240 in steps of 16 Default Setting 128 Command Mode Interface Configuration Ethernet Port Channel Command Usage Thi...

Страница 461: ...lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled The criteria us...

Страница 462: ...h could potentially overload a slower link by taking over as the root port and forming a new spanning tree topology It could also be used to form a border around part of the network where the root bri...

Страница 463: ...thernet Port Channel Command Usage When this command is enabled on an interface topology change information originating from the interface will still be propagated This command should not be used on a...

Страница 464: ...spanning tree CST for all instances within the multiple spanning tree MST or for a specific instance within the multiple spanning tree MST Syntax show spanning tree interface mst instance id interfac...

Страница 465: ...Age sec 20 Bridge Forward Delay sec 15 Root Hello Time sec 2 Root Max Age sec 20 Root Forward Delay sec 15 Max Hops 20 Remaining Hops 20 Designated Root 32768 0 0001ECF8D8C6 Current Root Port 21 Curre...

Страница 466: ...nfiguration This command shows the configuration of the multiple spanning tree Command Mode Privileged Exec Example Console show spanning tree mst configuration Mstp Configuration Information Configur...

Страница 467: ...ng shows the configuration for bridge extension MIB Editing VLAN Groups Sets up VLAN groups including name VID and state Configuring VLAN Interfaces Configures VLAN interface parameters including ingr...

Страница 468: ...d Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration...

Страница 469: ...age Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are indepen...

Страница 470: ...Console config if show garp timer This command shows the GARP timers for the selected interface Syntax show garp timer interface interface ethernet unit port unit Unit identifier Range 1 port Port nu...

Страница 471: ...ation interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 port channel channel id Range 1 16 27 Default Setting Shows both global and interface specific...

Страница 472: ...tings by entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the runn...

Страница 473: ...used for mirroring traffic from remote switches The VLAN used for RSPAN cannot include VLAN 1 the switch s default VLAN Nor should it include VLAN 4093 which is used for switch clustering Configuring...

Страница 474: ...ayer 3 configuration commands and save the configuration settings To change a Layer 3 normal VLAN back to a Layer 2 VLAN use the no interface command Table 93 Commands for Configuring VLAN Interfaces...

Страница 475: ...store the default Syntax switchport acceptable frame types all tagged no switchport acceptable frame types all The port accepts all frames tagged or untagged tagged The port only receives tagged frame...

Страница 476: ...previous VLANs is retained remove vlan list List of VLAN identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs R...

Страница 477: ...witchport forbidden vlan add vlan list remove vlan list no switchport forbidden vlan add vlan list List of VLAN identifiers to add remove vlan list List of VLAN identifiers to remove vlan list Separat...

Страница 478: ...only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member these frames will be flooded to all other ports except for those VL...

Страница 479: ...d frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames Default Setting All ports are in hybrid...

Страница 480: ...t to any VLAN for which it is an untagged member If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames entering the ingress por...

Страница 481: ...nt loops from forming in the spanning tree all unknown VLANs will be bound to a single instance either STP RSTP or an MSTP instance depending on the selected STA mode VLAN trunking is mutually exclusi...

Страница 482: ...Port Channels Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Eth1 9 S Eth1 10 S Eth1 11 S Eth1 12 S Eth1 13 S Eth1 14 S Eth1 15 S Eth1 16 S Eth1 17 S Eth1 18 S Eth1 19 S Eth1...

Страница 483: ...TPID value of the tunnel access port This step is required if the attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is 0x8100 See d...

Страница 484: ...tunnel access port If the spanning tree protocol is enabled be aware that a tunnel access or tunnel uplink port may be disabled if the spanning tree structure is automatically reconfigured to overcom...

Страница 485: ...tagged frames For example 0x1234 is set as the custom 802 1Q ethertype on a trunk port incoming frames containing that ethertype are assigned to the VLAN contained in the tag following the ethertype...

Страница 486: ...unnel uplink port receives a packet from a customer the customer tag regardless of whether there are one or more tag layers is retained in the inner tag and the service provider s tag added to the out...

Страница 487: ...priority map Console config if switchport dot1q tunnel service default match all This command specifies how to handle traffic that does not match any other dot1q tunnel service settings Use the no fo...

Страница 488: ...he 802 1Q tunnel This process is performed in a transparent manner When priority bits are found in the inner tag these are also copied to the outer tag This allows the service provider to differentiat...

Страница 489: ...member of VLANs 100 200 and 300 using uplink mode Console config interface ethernet 1 2 Console config if switchport allowed vlan add 100 200 300 tagged Console config if switchport dot1q tunnel mode...

Страница 490: ...Remove C Tag Eth 1 1 Enabled Disabled Step 2 Configure Switch C 1 Create VLAN 100 200 and 300 Console config vlan database Console config vlan vlan 100 200 300 media ethernet state active 2 Configure...

Страница 491: ...nel Status Enabled Port Mode TPID Hex Priority Mapping Eth 1 1 Access 8100 Disabled Eth 1 2 Uplink 8100 Disabled Eth 1 3 Normal 8100 Disabled Console show dot1q tunnel interface ethernet 1 5 802 1Q Tu...

Страница 492: ...two octet field in an Ethernet frame It is used to indicate which protocol is encapsulated in the payload of an Ethernet Frame Range 600 ffff hexadecimal snap The Subnetwork Access Protocol is an exte...

Страница 493: ...stination address for Layer 2 Protocol Tunneling L2PT Use the no form to restore the default setting Syntax l2protocol tunnel tunnel dmac mac address mac address The switch rewrites the destination MA...

Страница 494: ...l packet is received on an uplink port i e an 802 1Q tunnel ingress port connecting the edge switch to the service provider network with the destination address 01 80 C2 00 00 00 0B 0F C VLAN tag it i...

Страница 495: ...dress to make it a GBPT protocol packet i e setting the destination address to 01 00 0C CD CD D0 L2PT is disabled on this port it is forwarded to the following ports in the same S VLAN a other access...

Страница 496: ...anning Tree STP RSTP MSTP vtp Cisco VLAN Trunking Protocol Default Setting Disabled for all protocols Command Mode Interface Configuration Ethernet Port Channel Command Usage Refer to the Command Usag...

Страница 497: ...o VXLAN mapping is found it then searches the bridge table for the destination port If the egress port is found the packet is encapsulated with a VXLAN header and sent on to the corresponding VTEP If...

Страница 498: ...multicast group that it will use This information must be configured using the vxlan flood command Using this mapping the VTEP can provide IGMP membership reports to the upstream switch router to join...

Страница 499: ...the VXLAN UDP port This value should be used by default as the destination UDP port Some early implementations of VXLAN have used other values for the destination port This command is therefore provi...

Страница 500: ...EPs on this VNI multicast Multicast is used for carrying unknown destination broadcast and multicast frames ipv4 address Each VTEP VNI joins this multicast group as an IP host through the IGMP IGMP jo...

Страница 501: ...vni id vid The VLAN associated with this VNI vni id A 24 bit segment ID used to identify each VXLAN segment termed the VXLAN Network Identifier The VNI is used in an outer header that encapsulates the...

Страница 502: ...eged Exec Example This example shows the type of debug information that would be displayed for tracing a callback event Console debug vxlan event Console con Console config vlan database Console confi...

Страница 503: ...2 13 l_vtep_ip 192 168 2 1 dst_vid_ifindex 1003 dst_inet_addr 192 168 2 13 vfi 28672 e_vlan 3 l3_if 6 lport 0 udp_port 4789 mac 00 00 00 00 00 00 23 24 34 VXLAN 2398 vfi_id 0x7000 bcast_group 0xc00000...

Страница 504: ...o identify each VXLAN segment termed the VXLAN Network Identifier The VNI is used in an outer header that encapsulates the inner MAC frame originated by a virtual machine VM Command Mode Privileged Ex...

Страница 505: ...lan vlan vni 3 VLAN VNI 3 123 Console show debug vxlan This command shows the VXLAN debug settings Syntax show debug vxlan Command Mode Privileged Exec Example Console show debug vxlan VXLAN VXLAN eve...

Страница 506: ...Chapter 18 VLAN Commands Configuring VXLAN Tunneling 506...

Страница 507: ...ayer 2 Configures the queue mode queue weights and default priority for untagged frames Priority Commands Layer 3 and 4 Sets the default priority processing method CoS or DSCP maps priority tags for i...

Страница 508: ...ct queue Default Setting WRR Command Mode Interface Configuration Ethernet Port Channel Command Usage The switch can be set to service the port queues based on strict priority WRR or a combination of...

Страница 509: ...weights to the eight class of service CoS priority queues when using weighted queuing or one of the queuing modes that use a combination of strict and weighted queuing Use the no form to restore the...

Страница 510: ...rity mapping is IP DSCP and then default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged f...

Страница 511: ...config if Related Commands show interfaces switchport 377 show queue mode This command shows the current queue mode Command Mode Privileged Exec Example Console show queue mode Unit Port queue mode 1...

Страница 512: ...and drop precedence values for internal priority processing IC qos map ip prec dscp Maps IP Precedence values in incoming packets to per hop behavior and drop precedence values for internal priority...

Страница 513: ...spaces Egress packets are placed into the hardware queues according to the mapping defined by this command Example Console config interface ethernet 1 5 Console config if qos map phb queue 0 from 1 2...

Страница 514: ...ed by spaces If a packet arrives with a 802 1Q header but it is not an IP packet then the CoS CFI to PHB Drop Precedence mapping table is used to generate priority and drop precedence values for inter...

Страница 515: ...AULT SETTING Command Mode Interface Configuration Port Static Aggregation Command Usage Enter a drop precedence followed by the keyword from and then up to four per hop behavior values separated by sp...

Страница 516: ...at Range 0 1 phb Per hop behavior or the priority used for this router hop Range 0 7 drop precedence Drop precedence used for controlling traffic congestion Range 0 Green 3 Yellow 1 Red DEFAULT SETTIN...

Страница 517: ...ETTING Command Mode Interface Configuration Port Static Aggregation Table 105 Default Mapping of DSCP Values to Internal PHB Drop Values ingress dscp1 ingress dscp10 0 1 2 3 4 5 6 7 8 9 0 0 0 0 1 0 0...

Страница 518: ...P value of 1 to a per hop behavior of 3 and a drop precedence of 1 Referring to Table 105 note that the DSCP value for these packets is now set to 25 3x23 1 and passed on to the egress interface Conso...

Страница 519: ...precedence used for controlling traffic congestion Range 0 Green 3 Yellow 1 Red DEFAULT SETTING Command Mode Interface Configuration Port Static Aggregation Command Usage Enter up to eight paired valu...

Страница 520: ...d and the ingress packet type is IPv4 then priority processing will be based on the DSCP value in the ingress packet If the QoS mapping mode is set to either IP Precedence or DSCP and a non IP packet...

Страница 521: ...Console show qos map cos dscp interface ethernet 1 5 CoS Information of Eth 1 5 CoS DSCP map x y x phb y drop precedence CoS CFI 0 1 0 0 0 0 1 1 1 0 1 1 2 2 0 2 1 3 3 0 3 1 4 4 0 4 1 5 5 0 5 1 6 6 0 6...

Страница 522: ...dence to CoS values Syntax show qos map dscp cos interface interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 32 54 port channel channel id Range 1 16 27 Command M...

Страница 523: ...in the top row in other words ingress DSCP d1 10 d2 and the corresponding Internal DSCP and drop precedence is shown at the intersecting cell in the table Console show qos map dscp mutation interface...

Страница 524: ...s IP precedence to internal DSCP map Syntax show qos map ip prec dscp interface interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 32 54 port channel channel id Ra...

Страница 525: ...nsole show qos map phb queue interface ethernet 1 5 Information of Eth 1 5 PHB queue map PHB 0 1 2 3 4 5 6 7 queue 2 0 1 3 4 5 6 7 Console show qos map trust mode This command shows the QoS mapping mo...

Страница 526: ...Chapter 19 Class of Service Commands Priority Commands Layer 3 and 4 526...

Страница 527: ...of a policy map PM police flow Defines an enforcer for classified traffic based on a metered flow rate PM C police srtcm color Defines an enforcer for classified traffic based on a single rate three c...

Страница 528: ...e in the VLAN tag for the matching traffic class and use one of the police commands to monitor parameters such as the average flow and burst rate and drop any traffic that exceeds the specified rate o...

Страница 529: ...fig cmap match ip dscp 3 Console config cmap Related Commands show class map 541 description This command specifies the description of a class map or policy map Syntax description string string Descri...

Страница 530: ...uded in the ACL will be ignored If match criteria includes an IP ACL or IP priority rule then a VLAN rule cannot be included in the same class map If match criteria includes a MAC ACL or VLAN rule the...

Страница 531: ...1 Console config cmap rename rd class 9 Console config cmap policy map This command creates a policy map that can be attached to multiple interfaces and enters Policy Map configuration mode Use the no...

Страница 532: ...pon which a policy can act and enters Policy Map Class configuration mode Use the no form to delete a class map Syntax no class class map name class map name Name of the class map Range 1 32 character...

Страница 533: ...ew dscp violate action drop new dscp committed rate Committed information rate CIR in kilobits per second Range 0 40000000 kbps or maximum port speed whichever is lower committed burst Committed burst...

Страница 534: ...efined rd class uses the set phb command to classify the service that incoming packets will receive and then uses the police flow command to limit the average bandwidth to 100 000 Kbps the burst rate...

Страница 535: ...class maps for ingress ports The srTCM as defined in RFC 2697 meters a traffic stream and processes its packets according to three traffic parameters Committed Information Rate CIR Committed Burst Siz...

Страница 536: ...n precolored as yellow or green and if Te t B 0 the packets is yellow and Te is decremented by B down to the minimum value of 0 else the packet is red and neither Tc nor Te is decremented The metering...

Страница 537: ...1000 128000000 bytes conform action Action to take when rate is within the CIR and BP Packet size does not exceed BP and there are enough tokens in bucket BC to service the packet the packet is set gr...

Страница 538: ...s incremented by one PIR times per second up to BP and the token count Tc is incremented by one CIR times per second up to BC When a packet of size B bytes arrives at time t the following happens if t...

Страница 539: ...Mode Policy Map Class Configuration Command Usage The set cos command is used to set the CoS value in the VLAN tag for matching packets The set cos and set phb command function at the same level of pr...

Страница 540: ...to control queue congestion by the police srtcm color command and police trtcm color command The set cos and set phb command function at the same level of priority Therefore setting either of these co...

Страница 541: ...face Command Mode Interface Configuration Ethernet Port Channel Command Usage First define a class map then define a policy map and finally use the service policy command to bind the policy map to the...

Страница 542: ...classification criteria for incoming traffic and may include policers for bandwidth limitations Syntax show policy map policy map name class class map name policy map name Name of the policy map Range...

Страница 543: ...x show policy map interface interface input output interface unit port unit Unit identifier Range 1 port Port number Range 1 32 54 port channel channel id Range 1 16 27 input Apply to the input traffi...

Страница 544: ...Chapter 20 Quality of Service Commands 544...

Страница 545: ...ovides the mechanism which allows peers to exchange configuration information via LLDP TLVs about ETS and PFC settings and their willingness to accept ETS configuration recommendations Priority based...

Страница 546: ...onfigured to use DCBX DCBX uses LLDP to exchange attributes between two link peers DCBX does this by exchanging LLDP TLVs with peer devices to discover DCB capabilities supported by a peer port detect...

Страница 547: ...downstream ports as well as receive a configuration propagated internally by other auto upstream ports configuration source In configuration source mode the port is manually selected as the configurat...

Страница 548: ...port is maintained until it is cleared by setting the port to the manual mode Only the configuration source is allowed to propagate its configuration to other ports internally If no port is set to con...

Страница 549: ...ng through an interface Traffic classes are specified in the priority field of the 802 1Q VLAN header which identifies an 802 1p priority value However a VLAN unaware end station can also use PFC by s...

Страница 550: ...mode auto Negotiates PFC capability using DCBX The operational capability of PFC depends on the result of DCBX negotiations on Forces PFC to enabled state Default Setting Disabled Command Mode Interfa...

Страница 551: ...disable PFC for specified priorities Syntax no pfc priority enable priority list priority list Priority identifier specified as a single number a range of consecutive numbers separated by a hyphen or...

Страница 552: ...ar pfc statistics interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 port channel channel id Range 1 16 27 Default Setting None Command Mode P...

Страница 553: ...atistics Use this command to how PFC statistics for the number of PFC frames received and transmitted for each priority Syntax show pfc statistics interface interface interface ethernet unit port unit...

Страница 554: ...andwidth of the group Configuration Guidelines Take the following steps to configure ETS 1 Map CoS queues to TCGs for the egress ports using the traffic class map command 2 Configure the bandwidth all...

Страница 555: ...d with identical ETS TCG queuing algorithm priority queue mapping and minimum bandwidth requirements Ports configured in auto upstream or auto downstream DCBX roles receive their ETS configuration fro...

Страница 556: ...rface ethernet 1 5 Console config if traffic class algo ets Console config if traffic class map Use this command to map a given priority to a traffic class group TCG Use the no form to restore the def...

Страница 557: ...hannel Command Usage The cumulative weight for all three TCGs must be 100 The weight assigned by the traffic class weight command must be 0 for any TCG set to strict mode with the traffic class algo c...

Страница 558: ...rnet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 port channel channel id Range 1 16 27 Command Mode Privileged Exec Example This example shows both the locally configured set...

Страница 559: ...ode Auto Traffic Class Tx Selection Mode Weight 0 Strict 0 1 Strict 0 2 Strict 0 Operational ETS Mode On Traffic Class Tx Selection Mode Weight 0 Strict 0 1 Strict 0 2 Strict 0 Console Congestion Noti...

Страница 560: ...s can be carried across the network with minimal contention with Congestion Controlled Flows CCFs for those resources Operational Concept In order for CN to successfully control congestion in a Virtua...

Страница 561: ...otification Message CNM GC cn cnpv Sets a dot1p priority to be a Congestion Notification Priority Value CNPV GC cn cnpv alternate priority Configures the alternate priority used to remark a received f...

Страница 562: ...re transmitted if congestion is detected on a CP Example The following example enables CN for all ports Console config interface ethernet 1 5 Console config if traffic class map 2 1 Console config if...

Страница 563: ...ity CNPV assigned to Congestion Control Flows CFF on this port Range 0 7 Default Setting None Command Mode Global Configuration Command Usage Up to 7 CNPVs can be set for the system When a CNPV is cha...

Страница 564: ...s are not exhausted with traffic from CN unaware sources Frames coming from non CN sources do not have a CN TAG If these frames are mapped to the CN enabled queue then they may contribute to the conge...

Страница 565: ...ined by the LLDP CN TLV and may be set to edge interior or interior ready The alternate priority is also determined by the LLDP CN TLV If CN is enabled and the CND defense mode of the port is Edge the...

Страница 566: ...hen its dot1p priority is equal to the CNPV when the defense mode is other than auto Use the no form to use the global setting for the CNPV Syntax cn cnpv cnpv priority alternate priority priority no...

Страница 567: ...ngestion Notification TLV disabled CN capability is administratively disabled edge CNPV is remapped to non CNPV and CN TAG is removed interior Priority remapping is inhibited and CN TAG is removed int...

Страница 568: ...nformation including the defense mode and alternate priority Syntax show cn cnpv cnpv priority interface cnpv priority CN priority value Range 0 7 interface ethernet unit port unit Unit identifier Ran...

Страница 569: ...MAC Address 70 72 CF 8C 2F EF Set Point 26000 Feedback Weight 2 Minimum Sample Base 150000 bytes Discarded Frames 0 Transmitted Frames 0 Transmitted CNMs 0 Console Table 113 show cn cp display descrip...

Страница 570: ...the switch and controller It could even decide to forward the traffic itself provided that it has told the switch to forward entire packets The following table is from the Openflow standard It illust...

Страница 571: ...use of storm control but ACL flow in the FP stage will change these packets to forwarding state That means the final state for these packets will be forwarding The following commands are supported by...

Страница 572: ...a new IP address is selected The OpenFlow feature becomes operational only when a switch interface with the matching IP address becomes active The switch must have an operational IP interface with the...

Страница 573: ...ier for the flow forwarding behaviour implemented by the data path Range 1 100 characters Default Setting None Command Mode Global Configuration Example Console config through_boa Console config clear...

Страница 574: ...ermination mac VxLAN termination MAC flow table unicast routing Unicast routing flow table multicast routing Multicast routing flow table bridging Bridging flow table acl policy ACL Policy flow table...

Страница 575: ...tion MAC table Priority 201 cookie 14 Hard Timeout 0 Idle Timeout 0 Match EtherType 0x86DD VLAN 0x2 0xFFF Dest MAC 33 33 00 00 00 00 Dest MAC MASK FF FF 00 00 00 00 Instruction Goto table 40 Multicast...

Страница 576: ...L table No more flow from ofagent Console show of agent flow table id 40 Flow 1 Table ID 40 Multicast Routing table Priority 501 cookie 13 Hard Timeout 0 Idle Timeout 0 Match EtherType 0x0800 VLAN 0x2...

Страница 577: ...ace Flow 2 Table ID 60 ACL table Priority 601 cookie 11 Hard Timeout 0 Idle Timeout 0 Match EtherType 0x86DD In port 45 0xFFFFFFFF Instruction Set VLAN PCP 5 Group 0x10000001 L2 Rewrite No more flow f...

Страница 578: ...ewrite Specifies L2 rewrite group l3 unicast Specifies L3 unicast group l2 multicast Specifies L2 multicast group l2 flood Specifies L2 flood group l3 interface Specifies L3 interface group l3 ecmp Sp...

Страница 579: ...e Bucket Index 1 Reference Group 0x20003 L2 Interface Group 0x40020001 L2 Flood VID 2 Bucket Index 0 Reference Group 0x20001 L2 Interface Bucket Index 1 Reference Group 0x20003 L2 Interface Group 0x50...

Страница 580: ...ex 0 Output 3 No more group from ofagent Console show of agent group type l3 interface Group 0x50000003 L3 Interface Bucket Index 0 New Source MAC 00 00 05 22 33 99 New VID 3 Reference Group 0x30003 L...

Страница 581: ...y reporting displays current snooping settings and displays the multicast service and group members Static Multicast Routing Configures static multicast router ports which forward all inbound multicas...

Страница 582: ...cited IGMP reports when proxy reporting is enabled GC ip igmp snooping version Configures the IGMP version for snooping GC ip igmp snooping version exclusive Discards received IGMP messages which use...

Страница 583: ...Adds an interface as a member of a multicast group GC ip igmp snooping vlan version Configures the IGMP version for snooping GC ip igmp snooping vlan version exclusive Discards received IGMP messages...

Страница 584: ...ing priority priority no ip igmp snooping priority priority The CoS priority assigned to all multicast traffic Range 0 7 where 7 is the highest priority Default Setting 2 Command Mode Global Configura...

Страница 585: ...ing is enabled with this command the switch performs IGMP Snooping with Proxy Reporting as defined in DSL Forum TR 101 April 2006 including last leave and query suppression Last leave sends out a prox...

Страница 586: ...and Mode Global Configuration Command Usage As described in Section 9 1 of RFC 3376 for IGMP Version 3 the Router Alert Option can be used to protect against DOS attacks One common method of attack is...

Страница 587: ...flood This command enables flooding of multicast traffic if a spanning tree topology change notification TCN occurs Use the no form to disable flooding Syntax no ip igmp snooping tcn flood Default Se...

Страница 588: ...ends a proxy query to quickly re learn the host membership port relations for multicast channels The root bridge also sends an unsolicited Multicast Router Discover MRD request to quickly locate the m...

Страница 589: ...ping tcn query solicit Console config ip igmp snooping unregistered data flood This command floods unregistered multicast traffic into the attached VLAN Use the no form to drop unregistered multicast...

Страница 590: ...ation Command Usage When a new upstream interface that is uplink port starts up the switch sends unsolicited reports for all currently learned multicast channels out through the new upstream interface...

Страница 591: ...ve This command discards any received IGMP messages except for multicast protocol packets which use a version different to that currently configured by the ip igmp snooping version command Use the no...

Страница 592: ...sages are forwarded only to downstream ports which have joined a multicast service Example Console config ip igmp snooping vlan 1 general query suppression Console config ip igmp snooping vlan immedia...

Страница 593: ...n that port leave the group will the member port be deleted This command is only effective if IGMP snooping is enabled and IGMPv2 or IGMPv3 snooping is used Example The following shows how to enable i...

Страница 594: ...g 10 1 second Command Mode Global Configuration Command Usage When a multicast host leaves a group it sends an IGMP leave message When the leave message is received by the switch it checks to see if t...

Страница 595: ...erface with IP multicast forwarding and MRD enabled a router will respond with an advertisement Advertisements are sent by routers to advertise that IP multicast forwarding is enabled These messages a...

Страница 596: ...s of 0 0 0 0 These hosts will therefore not reply to the queries causing the multicast router to stop sending traffic to them To resolve this problem the source address in proxied IGMP query and repor...

Страница 597: ...vlan vlan id query interval vlan id VLAN ID Range 1 4094 interval The interval between sending IGMP general queries Range 2 31744 seconds Default Setting 125 seconds Command Mode Global Configuration...

Страница 598: ...ting 100 10 seconds Command Mode Global Configuration Command Usage This command applies when the switch is serving as the querier page 585 or as a proxy host when IGMP snooping proxy reporting is ena...

Страница 599: ...clear ip igmp snooping groups dynamic This command clears multicast group information dynamically learned through IGMP snooping Syntax clear ip igmp snooping groups dynamic Command Mode Privileged Exe...

Страница 600: ...Router Alert Check Disabled Router Port Mode Forward TCN Flood Disabled TCN Query Solicit Disabled Unregistered Data Flood Disabled 802 1p Forwarding Priority Disabled Unsolicited Report Interval 400...

Страница 601: ...igmpsnp Display only entries learned through IGMP snooping sort by port Display entries sorted by port user Display only the user configured multicast entries vlan id VLAN ID 1 4094 Default Setting N...

Страница 602: ...nd Mode Privileged Exec Command Usage Multicast router port types displayed include Static or Dynamic Example The following shows the ports in VLAN 1 which are attached to multicast routers Console sh...

Страница 603: ...nterface Report Leave G Query G S S Query Drop Group Eth 1 1 12 0 1 0 0 0 Console Table 117 show ip igmp snooping statistics input display description Field Description Interface Shows interface Repor...

Страница 604: ...fic or group and source specific query messages sent from this interface Drop The number of times a report leave or query was dropped Packets may be dropped due to invalid format rate limiting or pack...

Страница 605: ...e at which received query messages of the wrong version type cause the Vx warning count to increment Note that 0 sec means that the Vx warning count is incremented for each wrong message version recei...

Страница 606: ...n The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port and IGMP throttling limits the number of simultaneous multicast groups a p...

Страница 607: ...nabled IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast gr...

Страница 608: ...o many interfaces but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny Example Console config ip igmp profile 19 Console config igmp profil...

Страница 609: ...tting None Command Mode IGMP Profile Configuration Command Usage Enter this command multiple times to specify more than one multicast address or address range for a profile Example Console config ip i...

Страница 610: ...rejoins the same group the join report needs to again be authenticated When receiving an IGMP v3 report message the switch will send the access request to the RADIUS server only when the record type...

Страница 611: ...IGMP filter profile number Range 1 4294967295 Default Setting None Command Mode Interface Configuration Command Usage The IGMP filtering profile must first be created with the ip igmp profile command...

Страница 612: ...o actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it wi...

Страница 613: ...IGMP query packets Use the no form to restore the default setting Syntax no ip igmp query drop Default Setting Disabled Command Mode Interface Configuration Ethernet Command Usage This command can be...

Страница 614: ...led Other ports port channels are Disable Console show ip igmp filter This command displays the global and interface settings for IGMP filtering Syntax show ip igmp filter interface interface interfac...

Страница 615: ...ed Exec Example Console show ip igmp profile IGMP Profile 19 IGMP Profile 50 Console show ip igmp profile 19 IGMP Profile 19 Deny Range 239 1 1 1 239 1 1 1 Range 239 2 3 1 239 2 3 100 Console show ip...

Страница 616: ...ttings for IGMP throttling Syntax show ip igmp throttle interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 32 54 port channel channel id Range 1 16...

Страница 617: ...ch to act as the querier for MLD snooping GC ipv6 mld snooping query interval Configures the interval between sending MLD general query messages GC ipv6 mld snooping query max response time Configures...

Страница 618: ...Syntax no ipv6 mld snooping querier Default Setting Disabled Command Mode Global Configuration Command Usage If enabled the switch will serve as querier if elected The querier is responsible for aski...

Страница 619: ...125 seconds Command Mode Global Configuration Command Usage This command applies when the switch is serving as the querier An MLD general query message is sent by the switch at the interval specified...

Страница 620: ...command configures the MLD Snooping robustness variable Use the no form to restore the default value Syntax ipv6 mld snooping robustness value no ipv6 mld snooping robustness value The number of the...

Страница 621: ...rt i e the interface that had been receiving query packets to have expired Example Console config ipv6 mld snooping router port expire time 300 Console config ipv6 mld snooping unknown multicast mode...

Страница 622: ...default Syntax ipv6 mld snooping version 1 2 1 MLD version 1 2 MLD version 2 Default Setting Version 2 Command Mode Global Configuration Example Console config ipv6 mld snooping version 1 Console con...

Страница 623: ...ave Console config interface vlan 1 Console config if ipv6 mld snooping immediate leave Console config if ipv6 mld snooping vlan mrouter This command statically configures an IPv6 multicast router por...

Страница 624: ...6 address interface vlan VLAN ID Range 1 4094 ipv6 address An IPv6 address of a multicast group Format X X X X X interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 52 p...

Страница 625: ...r ipv6 mld snooping statistics interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 port channel channel id Range 1 16 vlan vlan id VLAN identif...

Страница 626: ...abled on all VLAN Unknown Flood Behavior To Router Port MLD Snooping Version Version 2 VLAN Group IPv6 Address Port 1 ff05 0 1 2 3 4 5 6 Eth 1 1 Console show ipv6 mld snooping group This command shows...

Страница 627: ...Eth 1 1 Type MLD Snooping Filter Mode Include if exclude filter mode Filter Timer elapse 10 sec Request List 01 02 03 04 01 02 03 05 01 02 03 06 01 02 03 07 Exclude List 02 02 03 04 02 02 03 05 02 02...

Страница 628: ...f ip igmp Console config if end Table 124 IGMP Commands Layer 3 Command Function Mode ip igmp Enables IGMP for the specified interface IC ip igmp last member query interval Configures thefrequencyat w...

Страница 629: ...ecific leave message Use the no form to restore the default setting Syntax ip igmp last member query interval seconds no ip igmp last member query interval seconds The frequency at which the switch se...

Страница 630: ...v1 does not support a configurable maximum response time for query messages It is fixed at 10 seconds for IGMPv1 By varying the Maximum Response Interval the burstiness of IGMP messages passed on the...

Страница 631: ...rmine the interfaces that are connected to downstream hosts requesting a specific multicast service Only the designated multicast router for a subnet sends host query messages which are addressed to t...

Страница 632: ...g that the QRV field does not contain a declared robustness value the switch will set the robustness variable to the value statically configured by this command If the QRV exceeds 7 the maximum value...

Страница 633: ...configured for an any source multicast G a source address cannot subsequently be defined for this group without first deleting the entry If a static group is configured for one or more source specific...

Страница 634: ...the switch will ignore any Leave Group messages that it receives for that group Example Console config if ip igmp version 1 Console config if clear ip igmp group This command deletes entries from the...

Страница 635: ...mation about multicast groups IGMP must first be enabled on the interface to which a group has been assigned using the ip igmp command and multicast routing must be enabled globally on the system usin...

Страница 636: ...ce this entry was created Expire The time remaining before this entry will be aged out The default is 260 seconds This field displays stopped if the Group Mode is INCLUDE V1 Timer The time remaining u...

Страница 637: ...In EXCLUDE mode reception of packets sent to the given multicast address is requested from all IP source addresses except for those listed in the source list parameter and where the source timer stat...

Страница 638: ...to forward IGMP membership reports 4 Optional Use the ip igmp proxy unsolicited report interval command to indicate how often the system will send unsolicited reports to the upstream router ip igmp pr...

Страница 639: ...proxy multicast service When changes occur in the downstream IGMP groups a IGMP state change report is created and sent to the upstream router If there is an IGMPv1 or IGMPv2 querier on the upstream n...

Страница 640: ...yer 3 This section describes commands used to configure Layer 3 Multicast Listener Discovery MLD on the switch Table 128 MLD Commands Layer 3 Command Function Mode ipv6 mld Enables MLD for the specifi...

Страница 641: ...olicited Report Interval 400 sec Robustness Variable 2 Query Interval 125 sec Query Max Response Time 10 sec Last Member Query Interval 1 sec Querier Joined Groups Static Groups Console ipv6 mld last...

Страница 642: ...sponse interval 20 Console config if ipv6 mld max resp interval This command configures the maximum response time advertised in MLD queries Use the no form of this command to restore the default setti...

Страница 643: ...essages Range 1 255 seconds Default Setting 125 seconds Command Mode Interface Configuration VLAN Command Usage Multicast routers send host query messages to determine the interfaces that are connecte...

Страница 644: ...s zero indicating that the QRV field does not contain a declared robustness value the switch will set the robustness variable to the value statically configured by this command If the QRV exceeds 7 th...

Страница 645: ...e and source specific multicast entries Use the no form of this command to delete a static group without specifying the source address to delete all any source and source specific multicast entries fo...

Страница 646: ...er Multicast hosts on the subnet may support either MLD versions 1 or 2 Example Console config if ipv6 mld version 1 Console config if clear ipv6 mld group This command deletes entries from the MLD ca...

Страница 647: ...using the ipv6 mld command and multicast routing must be enabled globally on the system using the ip multicast routing command Example The following shows options for displaying MLD group information...

Страница 648: ...ed if the Group Mode is INCLUDE Group Mode In Include mode reception of packets sent to the specified multicast address is requested only from those IP source addresses listed in the source list param...

Страница 649: ...membership reports 4 Optional Use the ipv6 mld proxy unsolicited report interval command to indicate how often the system will send unsolicited reports to the upstream router ipv6 mld proxy This comma...

Страница 650: ...e When changes occur in the downstream MLD groups an MLD state change report is created and sent to the upstream router If there is an MLDv1 querier on the upstream network then the proxy device will...

Страница 651: ...port interval seconds The interval at which to issue unsolicited reports Range 1 65535 seconds Default Setting 400 seconds Command Mode Interface Configuration VLAN Command Usage The unsolicited repor...

Страница 652: ...Chapter 22 Multicast Filtering Commands MLD Proxy Routing 652...

Страница 653: ...rate network topology Table 131 LLDP Commands Command Function Mode lldp Enables LLDP globally on the switch GC lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisemen...

Страница 654: ...pabilities IC lldp dot3 tlv mac phy Configures an LLDP enabled port to advertise its MAC and physical layer specifications IC lldp dot3 tlv max frame Configures an LLDP enabled port to advertise its m...

Страница 655: ...tiplier value no lldp holdtime multiplier value Calculates the TTL in seconds based on the following rule minimum of Transmission Interval Holdtime Multiplier or 65536 Range 2 10 Default Setting Holdt...

Страница 656: ...command specifies the amount of MED Fast Start LLDPDUs to transmit during the activation process of the LLDP MED Fast Start mechanism Syntax lldp med fast start count packets no lldp med fast start co...

Страница 657: ...n LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes that exist at the time of a notification are included in the transmission An SNMP agent should therefore pe...

Страница 658: ...s Default Setting 2 seconds Command Mode Global Configuration Command Usage When LLDP is re initialized on a port all information in the remote systems LLDP MIB associated with this port is deleted Ex...

Страница 659: ...d receive mode on the specified port Use the no form to disable this feature Syntax lldp admin status rx only tx only tx rx no lldp admin status rx only Only receive LLDP PDUs tx only Only transmit LL...

Страница 660: ...rent addresses associated with a Layer 3 device an individual LLDP PDU may contain more than one management address TLV Every management address TLV that reports an address that is accessible on a por...

Страница 661: ...r not these primary functions are enabled The information advertised by this TLV is described in IEEE 802 1AB Example Console config interface ethernet 1 1 Console config if lldp basic tlv system capa...

Страница 662: ...e The system name is taken from the sysName object in RFC 3418 which contains the system s administratively assigned name and is in turn based on the hostname command Example Console config interface...

Страница 663: ...rtise the ETS settings that the switch wants the connected peer interface to use Use the no form to disable this feature Syntax no lldp dcbx tlv ets recommend Default Setting Enabled Command Mode Inte...

Страница 664: ...earn its PFC configuration from the switch DCBX pushes the switch s PFC configuration to the peer Example Console config interface ethernet 1 1 Console config if lldp dcbx tlv pfc config Console confi...

Страница 665: ...onfig interface ethernet 1 1 Console config if no lldp dot1 tlv proto vid Console config if lldp dot1 tlv pvid This command configures an LLDP enabled port to advertise its default VLAN ID Use the no...

Страница 666: ...thernet 1 1 Console config if no lldp dot1 tlv vlan name Console config if lldp dot3 tlv link agg This command configures an LLDP enabled port to advertise link aggregation capabilities Use the no for...

Страница 667: ...and operational Multistation Access Unit MAU type Example Console config interface ethernet 1 1 Console config if no lldp dot3 tlv mac phy Console config if lldp dot3 tlv max frame This command config...

Страница 668: ...ss value Range 0 255 ca value Description of a location Range 1 32 characters Default Setting Not advertised No description Command Mode Interface Configuration Ethernet Port Channel Command Usage Use...

Страница 669: ...ion civic addr 4 West Irvine Console config if lldp med location civic addr 6 Exchange Console config if lldp med location civic addr 18 Avenue Console config if lldp med location civic addr 19 320 Co...

Страница 670: ...Only state changes that exist at the time of a trap notification are included in the transmission An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to dete...

Страница 671: ...This option advertises location identification details Example Console config interface ethernet 1 1 Console config if lldp med tlv location Console config if lldp med tlv med cap This command configu...

Страница 672: ...diagnosis of VLAN configuration mismatches on a port Improper network policy configurations frequently result in voice quality degradation or complete service disruption Example Console config interfa...

Страница 673: ...ed due to throttling or transmission loss Example Console config interface ethernet 1 1 Console config if lldp notification Console config if show lldp config This command shows LLDP configuration set...

Страница 674: ...tatus Enabled MED Enabled TLVs Advertised med cap network policy location inventory MED Location Identification Location Data Format Civic Address LCI Country Name US What 2 DHCP Client CA Type 1 Cali...

Страница 675: ...t on unit 1 port 3 Eth 1 4 MAC Address 00 E0 0C 02 01 01 Ethernet Port on unit 1 port 4 Console show lldp info local device detail ethernet 1 1 LLDP Port Information Details Port Eth 1 1 Port Type MAC...

Страница 676: ...iption Ethernet Port on unit 1 port 1 System Description ECS4120 28P System Capabilities Bridge Router Enabled Capabilities Bridge Router Management Address 70 72 CF 80 0E 50 MAC Address Port VLAN ID...

Страница 677: ...92 168 1 2 IPv4 Remote Port VID 1 Remote Port Protocol VLAN VLAN 3 supported enabled Remote VLAN Name VLAN 1 DefaultVlan Remote Protocol Identity Hex 88 CC Remote MAC PHY Configuration Status Remote p...

Страница 678: ...s command shows statistics based on traffic received through all attached LLDP enabled interfaces Syntax show lldp info statistics detail interface detail Shows configuration summary interface etherne...

Страница 679: ...h 1 4 0 0 0 Eth 1 5 0 0 0 Console show lldp info statistics detail ethernet 1 1 LLDP Port Statistics Detail Port Name Eth 1 1 Frames Discarded 0 Frames Invalid 0 Frames Received 327 Frames Sent 328 TL...

Страница 680: ...Chapter 23 LLDP Commands 680...

Страница 681: ...supported through loop back messages and fault isolation through link trace messages Fault notification is also provided by SNMP alarms which are automatically generated by maintenance points when con...

Страница 682: ...continuity check database PE Continuity Check Operations ethernet cfm cc ma interval Sets the transmission delay between continuity check messages GC ethernet cfm cc enable Enables transmission of con...

Страница 683: ...cfm linktrace cache size Sets the maximum size for the link trace cache GC ethernet cfm linktrace Sends CFM link trace messages to the MAC address for a MEP PE clear ethernet cfm linktrace cache Clea...

Страница 684: ...the interval at which continuity check messages are sent page 701 or setting the start up delay for the cross check operation page 707 You can also enable SNMP traps for events discovered by continui...

Страница 685: ...3 alphanumeric characters Default Setting Disabled Command Mode Global Configuration Command Usage Each MA name must be unique within the CFM domain Frames with AIS information can be issued at the cl...

Страница 686: ...le This example sets the interval for sending frames with AIS information at 60 seconds Console config ethernet cfm ais period 60 md voip ma rd Console config ethernet cfm ais suppress alarm This comm...

Страница 687: ...resses sending frames with AIS information Console config ethernet cfm ais suppress alarm md voip ma rd Console config ethernet cfm domain This command defines a CFM maintenance domain sets the author...

Страница 688: ...tion points that make up all possible paths between the DSAPs within an MA MIPs are automatically generated by the CFM protocol when the mip creation option in this command is set to default or explic...

Страница 689: ...e 690 ethernet cfm enable This command enables CFM processing globally on the switch Use the no form to disable CFM processing globally Syntax no ethernet cfm enable Default Setting Disabled Command M...

Страница 690: ...s MA on any bridge port through which the MA s VID can pass explicit MIPs can be created this MA only on bridge ports through which the MA s VID can pass and only if a maintenance end point MEP is cre...

Страница 691: ...e rd vlan 1 mip creation default Console config ether cfm ma index name format This command specifies the name format for the maintenance association as IEEE 802 1ag character based or ITU T SG13 SG15...

Страница 692: ...d then the MEP is facing away from the switch and transmits CFM messages towards and receives them from the direction of the physical medium Default Setting No MEPs are configured The MEP faces outwar...

Страница 693: ...d on that interface When CFM is disabled hardware resources previously used for CFM processing on that interface are released and all CFM frames entering that interface are forwarded as normal data tr...

Страница 694: ...s interface interface global Displays global settings including CFM global status cross check start delay and link trace parameters traps Displays the status of all continuity check and cross check tr...

Страница 695: ...a remote MEP which as an expired entry in the archived database CC Mep Down Trap Sends a trap if this device loses connectivity with a remote MEP or connectivityhasbeenrestoredto aremoteMEPwhich has...

Страница 696: ...on Archive Hold Time m 1 rd 0 default 100 Console show ethernet cfm ma This command displays the configured maintenance associations Syntax show ethernet cfm ma level level level Maintenance level Ran...

Страница 697: ...number Range 1 28 52 port channel channel id Range 1 26 level id Maintenance level for this domain Range 0 7 Default Setting None Command Mode Privileged Exec Command Usage Use the mep keyword with th...

Страница 698: ...ange 1 8 port Port number Range 1 28 52 port channel channel id Range 1 26 level id Maintenance level for this domain Range 0 7 Default Setting None Command Mode Privileged Exec Example This example s...

Страница 699: ...racter string unsigned Integer 16 or RFC 2865 VPN ID Level Maintenance level of the local maintenance point Direction The direction in which the MEP faces on the Bridge port up or down Interface The p...

Страница 700: ...scheck Status Enabled Console Table 136 show ethernet cfm maintenance points remote detail display Field Description MAC Address MAC address of the remote maintenance point If a CCM for the specified...

Страница 701: ...n MA If any MEP fails to receive three consecutive CCMs from any other MEPs in its MA a connectivity failure is registered The interval at which Port State Port states include Up The port is functioni...

Страница 702: ...y check messages CCMs within a specified maintenance association Use the no form to disable the transmission of these messages Syntax no ethernet cfm cc enable md domain name ma ma name domain name Do...

Страница 703: ...CM with the same MPID as its own but with a different source MAC address indicating that a CFM configuration error exists loop Sends a trap if this device receives a CCM with the same source MAC addre...

Страница 704: ...MEP Range 1 65535 minutes Default Setting 100 minutes Command Mode CFM Domain Configuration Command Usage A change to the hold time only applies to entries stored in the database after this command is...

Страница 705: ...t cfm errors This command clears continuity check errors logged for the specified maintenance domain or maintenance level Syntax clear ethernet cfm errors domain domain name level level id domain name...

Страница 706: ...more of the VIDs in this MA can pass through the bridge port no MEP is configured facing outward down on any bridge port for this MA and some other MA y at a higher maintenance level and associated w...

Страница 707: ...The cross check start delay should be configured to a value greater than or equal to the continuity check message interval to avoid generating unnecessary traps Example This example sets the maximum d...

Страница 708: ...red in the static list A ma up trap is sent if cross checking is enabled and a CCM is received from all remote MEPs configured in the static list for this maintenance association Example This example...

Страница 709: ...x 1 name rd vlan 1 Console config ether cfm mep crosscheck mpid 2 ma rd Console config ether cfm ethernet cfm mep crosscheck This command enables cross checking between the static list of MEPs assigne...

Страница 710: ...rnet cfm maintenance points remote crosscheck domain domain name mpid mpid domain name Domain name Range 1 43 alphanumeric characters mpid Maintenance end point identifier Range 1 8191 Default Setting...

Страница 711: ...om each MIP along the path and from the target MEP Information stored in the cache includes the maintenance domain name MA name MEPID sequence number and TTL value Example This example enables link tr...

Страница 712: ...m linktrace cache command If the cache reaches the maximum number of specified entries or the size is set to a value less than the current number of stored entries no new entries are added To add addi...

Страница 713: ...mote crosscheck command to verify that a MAC address has been learned for the target MEP Link trace messages LTMs are sent as multicast CFM frames and forwarded from MIP to MIP with each MIP generatin...

Страница 714: ...ded Shows whether or not this link trace message was forwarded A message is not forwarded if received by the target MEP Ingress MAC MAC address of the ingress port on the target device Egress MAC MAC...

Страница 715: ...phanumeric characters transmit count The number of times the loopback message is sent Range 1 1024 packet size The size of the loopback message Range 64 1518 bytes Default Setting Loop back count One...

Страница 716: ...opback reply When using the command line or web interface the source MEP used by to send a loopback message is chosen by the CFM protocol However when using SNMP the source MEP can be specified by the...

Страница 717: ...e CFM Domain Configuration Command Usage A fault alarm can generate an SNMP notification It is issued when the MEP fault notification generator state machine detects that a configured time period see...

Страница 718: ...n be generated Range 3 10 seconds Table 139 Remote MEP Priority Levels Priority Level Level Name Description 1 allDef All defects 2 macRemErrXcon DefMACstatus DefRemoteCCM DefErrorCCM or DefXconCCM 3...

Страница 719: ...mpid Maintenance end point identifier Range 1 8191 Default Setting None Command Mode Privileged Exec Example This example shows the fault notification settings configured for one MEP Console show eth...

Страница 720: ...ats xx xx xx xx xx xx or xxxxxxxxxxxx domain name Domain name Range 1 43 alphanumeric characters ma name Maintenance association name Range 1 43 alphanumeric characters count The number of times to re...

Страница 721: ...reply information with TxTimeStampf copied from the DM request information RxTimeStampf Timestamp at the time of receiving a frame with DM request information and TxTimeStampb Timestamp at the time o...

Страница 722: ...Chapter 24 CFM Commands Delay Measure Operations 722...

Страница 723: ...erwise the switch acts as a DNS server proxy when an outside host namely a DNS client intends to get an IP address for a host name through the switch In this case it will not add the domain suffix to...

Страница 724: ...the switch performs as a DNS client and an incomplete host name is received it will work through the domain list appending each domain name in the list to the host name and checking with the specifie...

Страница 725: ...DNS and then displays the configuration Console config ip domain lookup Console config end Console show dns Domain Lookup Status DNS Enabled Default Domain Name sample com Domain Name List sample com...

Страница 726: ...host This command creates a static entry in the DNS table that maps a host name to an IPv4 address Use the no form to remove an entry Syntax no ip host name address name Name of an IPv4 host Range 1...

Страница 727: ...IPv4 or IPv6 address of additional domain name servers Default Setting None Command Mode Global Configuration Command Usage The listed name servers are queried in the specified sequence until a respon...

Страница 728: ...values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Default Setting No static entries Command Mode Global Configuratio...

Страница 729: ...e clear host command to clear dynamic entries or the no ip host command to clear static entries Example This example clears all dynamic entries from the DNS table Console clear host Console show dns T...

Страница 730: ...onsole show hosts No Flag Type IP Address TTL Host 0 2 Address 192 168 1 55 rd5 1 2 Address 2001 DB8 1 12 rd6 3 4 Address 209 131 36 158 65 www real wa1 b yahoo com 4 4 CNAME POINTER TO 3 65 www yahoo...

Страница 731: ...stored in the cache Type This field includes Address which specifies the primary name for the owner and CNAME which specifies multiple domain names or aliases which are mapped to the same IP address...

Страница 732: ...Chapter 25 Domain Name Service Commands 732...

Страница 733: ...rent interface Use the no form to remove the class identifier from the DHCP packet Syntax ip dhcp client class id text text hex hex no ip dhcp client class id text A text string Range 1 32 characters...

Страница 734: ...ers are not carried in a DHCP server reply To ask for a DHCP reply with option 66 67 information the DHCP client request sent by this switch includes a parameter request list asking for this informati...

Страница 735: ...to DHCP mode through the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or DHCP server has been moved to a different domain the network po...

Страница 736: ...sage DHCPv6 clients can obtain configuration parameters from a server through a normal four message exchange solicit advertise request reply or through a rapid two message exchange solicit reply The r...

Страница 737: ...pecify the IP address for at least one DHCP server Otherwise the switch s DHCP relay agent will not forward client requests to a DHCP server To start DHCP relay service enter the ip dhcp restart relay...

Страница 738: ...is located Then the switch forwards the packet to the DHCP server on another network When the server receives the DHCP request it allocates a free IP address for the DHCP client from its defined scop...

Страница 739: ...to which to multicast a relay message Otherwise the switch s DHCPv6 relay agent will not forward client requests This command enables DHCPv6 relay service for the VLAN from which the command is entere...

Страница 740: ...st vlan 2 Console config if Console show ipv6 dhcp relay destination This command displays a DHCPv6 server or the VLAN to which client requests are forwarded Syntax show ipv6 dhcp relay destination in...

Страница 741: ...address is not suitable you can manually configure a new address to manage the switch over your network or to connect the switch to existing IP subnets You may also need to a establish a default gatew...

Страница 742: ...ected to end node devices or connected to end nodes via shared media that will be assigned to a specific subnet then you must create a router interface for each VLAN that will support routing The rout...

Страница 743: ...nt Also if any router switch in a network segment uses a secondary address all other routers switches in that segment must also use a secondary address from the same network or subnet address space If...

Страница 744: ...gateway 192 168 5 250 Console config ip default gateway 192 168 5 245 Console config ip default gateway 192 168 10 240 Console config ip default gateway 192 168 1 246 Console config end Console show i...

Страница 745: ...0 240 inactive C 192 168 1 0 24 is directly connected VLAN1 Console This example shows how to use the no ip route 0 0 0 0 0 0 0 0 gateway address command to remove a specific default gateway Note that...

Страница 746: ...y set when a network interface that directly connects to the gateway has been configured on the router The same link local address may be used by different interfaces nodes in different zones RFC 4007...

Страница 747: ...s is 70 72 CF EA 1B 71 Index 1001 MTU 1500 Address Mode is DHCP IP Address 192 168 2 9 Mask 255 255 255 0 Proxy ARP is disabled DHCP Vendor Class ID AOS5700 54X DHCP relay server Craft interface is Ad...

Страница 748: ...p reply messages source quench messages address mask request messages address mask reply messages ICMP sent output errors destination unreachable messages time exceeded messages parameter problem mess...

Страница 749: ...for each message Not all devices respond correctly to probes by returning an ICMP port unreachable message If the timer goes off before a response is returned the trace function prints a series of ast...

Страница 750: ...ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds D...

Страница 751: ...ied hardware address hardware address Hardware address to map to a specified IP address The format for this address is xx xx xx xx xx xx Default Setting No default entries Command Mode Global Configur...

Страница 752: ...for dynamic entries in the Address Resolution Protocol ARP cache Use the no form to restore the default timeout Syntax arp timeout seconds no arp timeout seconds The time a dynamic entry remains in t...

Страница 753: ...on about the ARP cache The first line shows the cache timeout It also shows each cache entry including the IP address MAC address type static dynamic other and VLAN interface Note that entry type othe...

Страница 754: ...or IPv6 interfaces NE PE show ipv6 mtu Displaysmaximumtransmissionunit MTU informationfor IPv6 interfaces NE PE show ipv6 traffic Displays statistics about IPv6 traffic NE PE clear ipv6 traffic Resets...

Страница 755: ...undefined fields The same link local address may be used by different interfaces nodes in different zones RFC 4007 Therefore when specifying a link local address include zone id information indicatin...

Страница 756: ...l IPv6 addresses must be according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate nu...

Страница 757: ...onsole Related Commands ipv6 address eui 64 757 show ipv6 interface 763 ip address 742 ipv6 address eui 64 This command configures an IPv6 address for an interface using an EUI 64 interface ID in the...

Страница 758: ...use an extended 8 byte MAC address For devices that still use a 6 byte MAC address also known as EUI 48 format it must be converted into EUI 64 format by inverting the universal local bit in the addre...

Страница 759: ...ic address to remove it from the interface Syntax ipv6 address ipv6 address link local no ipv6 address ipv6 address link local ipv6 address The IPv6 address assigned to the interface Default Setting N...

Страница 760: ...ff19 6779 ff02 1 ff00 0 ff02 1 ff00 72 ff02 1 ff02 fd ff02 1 2 ff02 1 IPv6 link MTU is 1500 bytes ND DAD is enabled number of DAD attempts 1 ND retransmit interval is 1000 milliseconds ND advertised r...

Страница 761: ...ally generated by the switch Console config interface vlan 1 Console config if ipv6 enable Console config if end Console show ipv6 interface VLAN 1 is up IPv6 is enabled Link local address fe80 269 3e...

Страница 762: ...sent from this device The maximum value set by this command cannot exceed the MTU of the physical interface which is currently fixed at 1500 bytes IPv6 routers do not fragment IPv6 packets forwarded...

Страница 763: ...al value indicating how many of the contiguous bits from the left of the address comprise the prefix i e the network portion of the address Command Mode Privileged Exec Example This example displays a...

Страница 764: ...the same types as used by link local unicast addresses including all nodes FF02 1 all routers FF02 2 and solicited nodes FF02 1 FFXX XXXX as described below A node is also required to compute and joi...

Страница 765: ...s command displays statistics about IPv6 traffic passing through this switch Command Mode Privileged Exec Example The following example shows statistics for all IPv6 unicast and multicast traffic as w...

Страница 766: ...tisement messages neighbor solicit messages neighbor advertisement messages redirect messages group membership query messages group membership response messages group membership reduction messages mul...

Страница 767: ...ms truncated packets The number of input datagrams discarded because datagram frame didn t carry enough data discards The number of input IPv6 datagrams for which no problems were encountered to preve...

Страница 768: ...Pv6 datagrams that have been successfully fragmented at this output interface fragment failed The number of IPv6 datagrams that have been discarded because they needed to be fragmented at this output...

Страница 769: ...Time Exceeded messages sent by the interface parameter problem message The number of ICMP Parameter Problem messages sent by the interface echo request messages The number of ICMP Echo request message...

Страница 770: ...may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields host name A host name string which can be resolved into an IPv6 address through a domain n...

Страница 771: ...80 2E0 CFF FE00 FC 1 64 by 5 32 byte payload ICMP packets timeout is 3 seconds response time 20 ms FE80 2E0 CFF FE00 FC seq_no 1 response time 0 ms FE80 2E0 CFF FE00 FC seq_no 2 response time 0 ms FE8...

Страница 772: ...number of hops is exceeded The traceroute command first sends probe datagrams with the TTL value set at one This causes the first router to discard the datagram and return an error message The trace f...

Страница 773: ...wing sets the hop limit for router advertisements to 64 Console config ipv6 hop limit 64 Console config ipv6 nd dad attempts This command configures the number of consecutive neighbor solicitation mes...

Страница 774: ...lobal unicast address is detected it is not used All configuration commands associated with a duplicate address remain configured while the address is in duplicate state If the link local address for...

Страница 775: ...ements Command Mode Interface Configuration VLAN Command Usage When a non default value is configured the specified interval is used both for router advertisements and by the router itself This comman...

Страница 776: ...mmand blocks incoming Router Advertisement and Router Redirect packets Use the no form to disable this feature Syntax no ipv6 nd raguard Default Setting Disabled Command Mode Interface Configuration E...

Страница 777: ...on VLAN Command Usage The time limit configured by this command allows the router to detect unavailable neighbors During the neighbor discover process an IPv6 node will multicast neighbor solicitation...

Страница 778: ...ormatted as six hexadecimal pairs separated by hyphens Default Setting None Command Mode Global Configuration Command Usage Address Resolution Protocol ARP has been replaced in IPv6 with the Neighbor...

Страница 779: ...5 14 01 11 86 R 1 FE80 1034 11FF FE11 4321 961 12 34 11 11 43 21 R 1 Console Related Commands show ipv6 neighbors 780 mac address table static 438 clear ipv6 neighbors This command deletes all dynamic...

Страница 780: ...may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields Default Setting All IPv6 neighbor discovery cache entries are displayed Command Mode Privil...

Страница 781: ...dated mapping Setting the state to invalid dis associates the interface identified with this entry from the indicated mapping RFC 4293 R Reachable Positive confirmation was received within the last Re...

Страница 782: ...dically sending NS messages and awaiting NA replies GC ipv6ndsnoopingauto detect retransmit count Sets the number of times to send an NS message to determine if a binding is still valid GC ipv6ndsnoop...

Страница 783: ...iltering protocols e g IPv6 Source Guard as described below If an NS message is received on an trusted interface it is forwarded without further processing If an NS message is received on an untrusted...

Страница 784: ...not receive an RA message in response after the configured timeout the entry is dropped If the switch receives an RA message before the timeout expires it resets the lifetime for the dynamic binding a...

Страница 785: ...interval retransmit interval no ipv6 nd snooping auto detect retransmit interval retransmit interval The interval between which the switch sends an NS message to determine if a client still exists Ra...

Страница 786: ...le entry with the same prefix for the specified timeout period the entry is deleted Example Console config ipv6 nd snooping prefix timeout 200 Console config ipv6 nd snooping max binding This command...

Страница 787: ...ork Discovery protocol are configured as trusted interfaces RA messages received from a trusted interface are added to the prefix table and forwarded toward their destination NS messages received from...

Страница 788: ...v6 nd snooping This command shows the configuration settings for ND snooping Syntax show ipv6 nd snooping Command Mode Privileged Exec Example Console show ipv6 nd snooping Global ND Snooping status e...

Страница 789: ...cf01 0203 2001 1 3400 2 Eth 1 2 Console show ipv6 nd snooping prefix This command shows all entries in the address prefix table Syntax show ipv6 nd snooping prefix interface vlan vlan id vlan id VLAN...

Страница 790: ...Chapter 27 IP Interface Commands ND Snooping 790...

Страница 791: ...ster router when it comes on line if it has a higher priority than the currently active master router vrrp ping enable This command Allows the VRRP virtual IP address to respond to ping request Comman...

Страница 792: ...ts secondary addresses Members of the virtual router group who are in backup state discard ping packets destined to VRRP addresses When the VRRP master responds to a ping request the source IPv4 addre...

Страница 793: ...imum number or groups which can be defined is 64 ip address The IP address of the virtual router This is the IP address that end hosts set as their default gateway Default Setting No virtual router gr...

Страница 794: ...ng a claim to become the master Range 0 120 seconds Default Setting Preempt Enabled Delay 0 seconds Command Mode Interface VLAN Command Usage If preempt is enabled and this backup router has a priorit...

Страница 795: ...he current master fails When the original master router recovers it will take over as the active master router again If two or more routers are configured with the same VRRP priority the router with t...

Страница 796: ...er include information about its priority and current state as the master VRRP advertisements are sent to the multicast address 224 0 0 18 Using a multicast address reduces the amount of traffic that...

Страница 797: ...rity 255 Master Advertisement Interval 5 sec Master Down Interval 15 Console Table 161 show vrrp display description Field Description State VRRP role of this interface master or backup Virtual IP add...

Страница 798: ...ec Master Advertisement Interval The advertisement interval configured on the VRRP master Master Down interval The down interval configured on the VRRP master This interval is used by all the routers...

Страница 799: ...nterface vlan interface counters group Identifies a VRRP group Range 1 255 interface Identifier of configured VLAN interface Range 1 4094 Defaults None Command Mode Privileged Exec Example Console sho...

Страница 800: ...mmand Mode Privileged Exec Example Note that unknown errors indicate VRRP packets received with an unknown or unsupported version number Console show vrrp router counters Total Number of VRRP Packets...

Страница 801: ...arameters for static and dynamic routing displays the routing table and statistics for protocols used to exchange routing information Routing Information Protocol RIP Configures global and interface s...

Страница 802: ...s hash attribute to the hash selection list Pv4 HS2 dst l4 port IPv4 Hash Adds the destination Layer 4 protocol port hash attribute to the hash selection Pv4 HS2 protocol id IPv4 Hash Adds the protoco...

Страница 803: ...used by the dynamic unicast routing protocols is 110 for OSPF 120 for RIP 20 for eBGP and 200 for iBGP Range 1 255 Default 1 Removes all static routing table entries Default Setting No static routes...

Страница 804: ...forwards all traffic for subnet 192 168 1 0 to the gateway router 192 168 5 254 using the default metric of 1 Console config ip route 192 168 1 0 255 255 255 0 192 168 5 254 Console config show ip hos...

Страница 805: ...FIB contains information required to forward IP traffic It contains the interface identifier and next hop information for each reachable destination network prefix based on the IP routing table When r...

Страница 806: ...entries in the Routing Information Base RIB Command Mode Privileged Exec Command Usage The RIB contains all available routes learned through dynamic routing protocols directly attached networks and an...

Страница 807: ...is command displays statistics for IP ICMP UDP TCP and ARP protocols Command Mode Privileged Exec Example Console show ip traffic IP Statistics IP received 4877 total received header errors unknown pr...

Страница 808: ...mand configures the load balance method used when there are multiple equal cost paths to the same destination address in the routing table including destinanation IP address with Layer 4 port or hash...

Страница 809: ...figure Range 1 4 mac Enters list configuration mode for MAC packet types ipv4 Enters list configuration mode for IPv4 packet types ipv6 Enters list configuration mode for IPv6 packet types Command Mod...

Страница 810: ...Global Configuration Example Console config maximum paths 8 Console config dst mac MAC Hash This command adds the dst mac address hash attribute to the hash selection list Use the no form to remove th...

Страница 811: ...Console config hash selection list 1 mac Console config mac hash sel src mac Console vlan MAC Hash This command adds the VLAN hash attribute to the hash selection list Use the no form to remove the s...

Страница 812: ...ole config hash selection list 2 ipv4 Console config ipv4 hash sel dst l4 port Console protocol id IPv4 Hash This command adds the protocol ID hash attribute to the hash selection list Use the no form...

Страница 813: ...nfig hash selection list 2 ipv4 Console config ipv4 hash sel src l4 port Console vlan IPv4 Hash This command adds the VLAN hash attribute to the hash selection list Use the no form to remove the speci...

Страница 814: ...specified attribute Syntax no collapsed src ip Command Mode IPv6 hash selection mode Command Usage An example of an IPv6 address in full form and collapsed form is shown below Full IPv6 Address FE80...

Страница 815: ...ig hash selection list 3 ipv6 Console config ipv4 hash sel next header Console src l4 port IPv6 Hash This command adds the source Layer 4 protocol port hash attribute to the hash selection list Use th...

Страница 816: ...ing example Console show ecmp load balance ECMP Load Balance Mode Destination IP Address And L4 Port Console show hash selection list This command shows the packet type and hash list parameters Syntax...

Страница 817: ...d a link local address including a zone id indicating the VLAN identifier after the delimiter distance An administrative distance indicating that this route can be overridden by dynamic routing inform...

Страница 818: ...e Forwarding Information Base FIB Syntax show ipv6 route ipv6 address prefix length bgp database interface vlan vlan id local ospf rip static ipv6 address A full IPv6 address including the network pre...

Страница 819: ...sary to make a forwarding decision on a particular packet The typical components within a forwarding information base entry are a network prefix a router port identifier and next hop information This...

Страница 820: ...sending routing updates on the specified interface RC redistribute Redistribute routes from one routing domain to another RC timers basic Sets basic timers including update timeout garbage collection...

Страница 821: ...riginate This command generates a default external route into the local RIP autonomous system Use the no form to disable this feature Syntax no default information originate Default Setting Disabled C...

Страница 822: ...metrics It is advisable to use a low metric when redistributing routes from another protocol into RIP Using a high metric limits the usefulness of external routes redistributed into RIP For example i...

Страница 823: ...bits used for the associated routing entries Default Setting None Command Mode Router Configuration Command Usage Administrative distance is used by the routers to select the preferred path when ther...

Страница 824: ...o remove an entry Syntax no neighbor ip address ip address IP address of a neighboring router Default Setting No neighbors are defined Command Mode Router Configuration Command Usage This command can...

Страница 825: ...nds and receives updates on interfaces specified by this command If a network is not specified the interfaces in that network will not be advertised in any RIP updates Subnet addresses are interpreted...

Страница 826: ...ghbor command to control the routing updates sent to specific neighbors Example Console config router passive interface vlan1 Console config router Related Commands neighbor 824 redistribute This comm...

Страница 827: ...for redistributed routes these routes can only be advertised to routers up to 5 hops away at which point the metric exceeds the maximum hop count of 15 By defining a low metric of 1 traffic can follo...

Страница 828: ...asic RIP processes The timeout timer is the time after which there have been no update messages that a route is declared dead The route is marked inaccessible i e the metric set to infinite and advert...

Страница 829: ...RIP version any VLAN interface not previously set by the ip rip receive version or ip rip send version command will use the global RIP version setting When the no form of this command is used to rest...

Страница 830: ...res the interface to exchange routing information with other routers based on an authorized password Note that this command only applies to RIPv2 For authentication to function properly both the sendi...

Страница 831: ...at this command does not apply to RIPv1 For authentication to function properly both the sending and receiving interface must be configured with the same password and authentication enabled by the ip...

Страница 832: ...espectively Use the default of version 1 or 2 if some routers in the local network are using RIPv2 but there are still some older routers using RIPv1 Example This example sets the interface version fo...

Страница 833: ...ds only RIPv2 packets 1 compatible Route information is broadcast to other routers with RIPv2 Default Setting 1 compatible Route information is broadcast to other routers with RIPv2 Command Mode Inter...

Страница 834: ...the interface to send RIP packets Use the no form to disable this feature no ip rip send packet Default Setting Enabled Command Mode Interface Configuration VLAN Default Setting Enabled Command Usage...

Страница 835: ...ics to infinity This provides faster convergence If split horizon is disabled with the no rip ip split horizon command and a loop occurs the hop count for a route may be gradually incremented to infin...

Страница 836: ...route rip Example This example clears one specific route Console clear ip rip route 192 168 1 0 255 255 255 0 Console show ip protocols rip This command displays RIP process parameters Command Mode Pr...

Страница 837: ...or for a specified interface vlan id VLAN ID Range 1 4094 Command Mode Privileged Exec Example Console show ip rip Codes R RIP Rc RIP connected Rs RIP static C Connected S Static O OSPF Network Next...

Страница 838: ...bandwidth RC default metric Sets the default metric for external routes imported from other protocols RC redistribute Redistribute routes from one routing domain to another RC summary address Summari...

Страница 839: ...e the designated router IC ip ospf retransmit interval Specifies the time between resending a link state advertisement IC ip ospf transmit delay Estimates time to send a link state update packet over...

Страница 840: ...destination When disabled preference is based on type of path where type 1 external paths are preferred over type 2 external paths using cost only to break ties RFC 2328 All routers in an OSPF routin...

Страница 841: ...ort external routes through other routing protocols or static routing and such a route is known See the redistribute command The metric for the default external route is used to calculate the path cos...

Страница 842: ...outer ID for this device within the autonomous system for the current OSPF process Use the no form to use the default router identification method i e the highest interface address Syntax router id ip...

Страница 843: ...utive SPF calculations Use the no form to restore the default values Syntax timers spf spf delay spf holdtime no timers spf spf delay The delay after receiving a topology change notification and start...

Страница 844: ...le Route Metrics and Summaries area default cost This command specifies a cost for the default summary route sent into a stub or NSSA from an Area Border Router ABR Use the no form to remove the assig...

Страница 845: ...twork mask for the summary route advertise Advertises the specified address range not advertise The summary is not sent and the routes remain hidden from the rest of the network Command Mode Router Co...

Страница 846: ...967 Mbps Command Mode Router Configuration Default Setting 1 Mbps Command Usage The system calculates the cost for an interface by dividing the reference bandwidth by the interface bandwidth By defaul...

Страница 847: ...etric value set by the redistribute command When a metric value has not been configured by the redistribute command the default metric command sets the metric value to be used for all imported externa...

Страница 848: ...ically becomes an autonomous system boundary router ASBR If the redistribute command is used in conjunction with the default information originate command to generate a default external route into the...

Страница 849: ...the summary route Command Mode Router Configuration Default Setting Disabled Command Usage Redistributing routes from other protocols into OSPF normally requires the router to advertise each route in...

Страница 850: ...g plain text password authentication for an area configure a password with the ip ospf authentication key interface command This password is inserted into the OSPF header when routing protocol packets...

Страница 851: ...Type 5 external LSAs candidate Router translates NSSA LSAs to Type 5 external LSAs if elected never Router never translates NSSA LSAs to Type 5 external LSAs always Router always translates NSSA LSAs...

Страница 852: ...SA can include network destinations outside the AS learned via OSPF the default route static routes routes imported from other routing protocols such as BGP or RIP and networks directly connected to t...

Страница 853: ...able space is saved in a stub by blocking Type 4 AS summary LSAs and Type 5 external LSAs The default setting for this command completely isolates the stub by blocking Type 3 summary LSAs that adverti...

Страница 854: ...eighbor This specifies the Area Border Router ABR at the other end of the virtual link To create a virtual link enter this command for an ABR at both ends of the link One of the ABRs must be next to t...

Страница 855: ...protocol message headers A separate password can be assigned to each network interface However this key must be the same for all neighboring routers on the same network i e autonomous system This key...

Страница 856: ...nk 10 4 3 254 Console config router This example creates a virtual link using MD5 authentication Console config router network 10 4 0 0 0 255 255 0 0 area 10 4 0 0 Console config router area 10 4 0 0...

Страница 857: ...ss B addresses 10 1 x x and a normal transit area 10 2 9 0 covering the class C addresses 10 2 9 x Console config router network 10 1 0 0 255 255 0 0 area 0 0 0 0 Console config router network 10 2 9...

Страница 858: ...g on routing protocol packets When using Message Digest 5 MD5 authentication the router uses the MD5 algorithm to verify data integrity by creating a 128 bit message digest from the authentication key...

Страница 859: ...No password Command Usage Before specifying plain text password authentication for an interface with the ip ospf authentication command configure a password with this command This command creates a pa...

Страница 860: ...tric for this interface Use higher values to indicate slower ports Range 1 65535 Command Mode Interface Configuration VLAN Default Setting 1 Command Usage The interface cost indicates the overhead req...

Страница 861: ...ng 40 or four times the interval specified by the ip ospf hello interval command Command Usage The dead interval is advertised in the router s hello packets It must be a multiple of the hello interval...

Страница 862: ...p address message digest key key id md5 key no ip ospf ip address message digest key key id ip address This parameter can be used to indicate a specific IP address connected to the current interface I...

Страница 863: ...y This command sets the router priority used when determining the designated router DR and backup designated router BDR for an area Use the no form to restore the default value Syntax ip ospf ip addre...

Страница 864: ...to restore the default value Syntax ip ospf ip address retransmit interval seconds no ip ospf ip address retransmit interval ip address This parameter can be used to indicate a specific IP address co...

Страница 865: ...ed time required to send a link state update Range 1 65535 Command Mode Interface Configuration VLAN Default Setting 1 second Command Usage LSAs have their age incremented by this delay before transmi...

Страница 866: ...ved is set to passive mode The specified interface will appear as a stub in the OSPF domain Also if you configure an OSPF interface as passive where an adjacency already exists the adjacency will drop...

Страница 867: ...ompatibility with the RFC 1583 an earlier version of OSPFv2 is enabled Supports only singleTOS TOS0 routes Optional Type of Service ToS specified in OSPF Version 2 Appendix F 1 2 is not supported so o...

Страница 868: ...ments that have been received Number of areas attached to this router The number of configured areas attached to this router Number of interfaces in this area is The number of interfaces attached to t...

Страница 869: ...An IP network number for Type 3 Summary and External LSAs A Router ID for Router Network and Type 4 AS Summary LSAs Also note that when an Type 5 ASBR External LSA is describing a default route its li...

Страница 870: ...8 2 1 LS Seq Number 80000001 Checksum 0x7b67 Length 28 Network Mask 0 TOS 0 Metric 10 Console Table 169 show ip ospf database display description Field Description OSPF Router Process with ID OSPF pro...

Страница 871: ...ate ID 0 0 0 0 External Network Number Advertising Router 192 168 0 2 LS Seq Number 80000005 Checksum 0xcc95 Length 36 Network Mask 0 Metric Type 2 Larger than any link state path TOS 0 Table 170 show...

Страница 872: ...LSA in seconds Options Optional capabilities associated with the LSA LS Type AS External Links LSA describes routes to destinations outside the AS including default external routes for the AS Link Sta...

Страница 873: ...of TOS metrics 0 TOS 0 Metric 1 Table 172 show ip ospf database network display description Field Description OSPF Router ID Router ID LS Age Age of LSA in seconds Options Optional capabilities associ...

Страница 874: ...outer is a virtual link endpoint an ASBR or an ABR LS Type Router Link LSA describes the router s interfaces Link State ID Router ID of the router that originated the LSA Advertising Router Advertisin...

Страница 875: ...red Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 10 Neighbor Count is 1 Adjacent neighbor count is 1 Hello received 920 sent 975 DD received 5 sent 4 LS Req received 1 sent 1 LS Upd receiv...

Страница 876: ...is a loopback interface Waiting Router is trying to find the DR and BDR DR Designated Router BDR Backup Designated Router DRother Interface is on a multiaccess network but is not the DR or BDR Priorit...

Страница 877: ...iption Neighbor ID Neighbor s router ID Pri Neighbor s router priority State OSPF state and identification flag States include Down Connection down Attempt Connection down but attempting contact for n...

Страница 878: ...10 11 0 24 10 is directly connected fe1 2 Area 0 0 0 0 O 10 10 11 100 32 10 is directly connected lo Area 0 0 0 0 E2 10 15 0 0 24 10 50 via 10 10 0 1 VLAN1 IA 172 16 10 0 24 30 via 10 10 11 50 VLAN2 A...

Страница 879: ...irtual link crosses to reach the target router Local address The IP address of ABR that serves as an endpoint connecting the isolated area to the common transit area Remote address The IP address this...

Страница 880: ...ange and the hold time between consecutive SPF calculations RC Route Metrics and Summaries area default cost Sets the cost for a default summary route sent into a stub RC area range Summarizes routes...

Страница 881: ...he ipv6 router ospf tag area command to assign an area to each interface that will participate in the specified OSPF process ipv6 ospf retransmit interval Specifies the time between resending a link s...

Страница 882: ...ifferent routing processes It should not be confused with the instance id configured with the ipv6 router ospf area command which is used to distinguish between different routing processes running on...

Страница 883: ...it has more than one actively attached area and the backbone area is configured Standard Interpretation A router is considered to be an ABR if it is attached to two or more areas It does not have to b...

Страница 884: ...onsole config router abr type ibm Console config router max current dd This command sets the maximum number of neighbors with which the switch can concurrently exchange database descriptor DD packets...

Страница 885: ...ter ID must be unique for every router in the autonomous system Note that the router ID can also be set to 255 255 255 255 If this router already has registered neighbors the new router ID will be use...

Страница 886: ...lt Setting SPF delay 5 seconds SPF holdtime 10 seconds Command Usage Setting the SPF holdtime to 0 means that there is no delay between consecutive calculations Using a low value for the holdtime allo...

Страница 887: ...ot advertise area id Identifies an area for which the routes are summarized The area ID can be in the form of an IPv4 address or as a four octet unsigned integer ranging from 0 4294967295 ipv6 prefix...

Страница 888: ...nge 73 8 advertise Console config router default metric This command sets the default metric for external routes imported from other protocols Use the no form to remove the default metric for the supp...

Страница 889: ...route default Routers do not add internal route metric to external route metric Command Mode Router Configuration Default Setting redistribution none metric value 20 type metric 2 Command Usage This c...

Страница 890: ...outer Configuration Default Setting No stub is configured Summary advertisement are sent into the stub Command Usage All routers in a stub must be configured with the same area ID Routing table space...

Страница 891: ...0 4294967295 router id Router ID of the virtual link neighbor This specifies the Area Border Router ABR at the other end of the virtual link To create a virtual link enter this command for an ABR at b...

Страница 892: ...conds Command Usage All areas must be connected to a backbone area 0 0 0 0 to maintain routing connectivity throughout the autonomous system If it not possible to physically connect an area to the bac...

Страница 893: ...fault Setting None Command Usage An area ID uniquely defines an OSPF broadcast area The area ID 0 0 0 0 indicates the OSPF backbone for an autonomous system Each router must be connected to the backbo...

Страница 894: ...instance id Identifies a specific OSPFv3 routing process on the link local network segment attached to this interface Range 0 255 Command Mode Interface Configuration VLAN Default Setting No areas are...

Страница 895: ...ance id instance id cost Link metric for this interface Use higher values to indicate slower ports Range 1 65535 instance id Identifies a specific OSPFv3 routing process on the link local network segm...

Страница 896: ...ore declaring the transmitting router down This interval must be set to the same value for all routers on the network Range 1 65535 instance id Identifies a specific OSPFv3 routing process on the link...

Страница 897: ...econds Command Usage Hello packets are used to inform other routers that the sending router is still active Setting the hello interval to a smaller value can reduce the delay in detecting topological...

Страница 898: ...If a DR already exists for a network segment when this interface comes up the new router will accept the current DR regardless of its own priority The DR will not change until the next time the elect...

Страница 899: ...state update packet over an interface Use the no form to restore the default value Syntax ipv6 ospf transmit delay seconds instance id instance id no ipv6 ospf transmit delay instance id instance id s...

Страница 900: ...ull IPv6 address including the network prefix and host address bits Command Mode Router Configuration Default Setting None Command Usage You can configure an OSPF interface as passive to prevent OSPF...

Страница 901: ...has been running Supports only singleTOS TOS0 routes Optional Type of Service ToS specified in OSPF Version 2 Appendix F 1 2 is not supported so only one cost per interface can be assigned SPF schedu...

Страница 902: ...r LSA Area 0 Link State ID ADV Router Age Seq CkSum 0 192 168 0 2 31 0x80000002 0x14b1 AS external LSA Link State ID ADV Router Age Seq CkSum Console Number of areas attached to this router The number...

Страница 903: ...0 sent 0 LS Req received 0 sent 0 LS Upd received 0 sent 0 LS Ack received 0 sent 0 Discarded 0 Console Table 181 show ip ospf database display description Field Description OSPF Router Process with...

Страница 904: ...DROther Interface is on a multiaccess network but is not the DR or BDR Loopback This is a loopback interface PointToPoint A direct link between two routers Waiting Router is trying to find the DR and...

Страница 905: ...non broadcast networks Init Have received Hello packet but communications not yet established Two way Bidirectional communications established ExStart Initializing adjacency between neighbors Exchang...

Страница 906: ...ged Exec Example Console show ipv6 ospf virtual links Virtual Link VLINK1 to router 192 168 0 2 is up Transit area 0 0 0 1 via interface VLAN1 Local address 192 168 0 3 Remote address 192 168 0 2 Tran...

Страница 907: ...between these neighbors Down Connection down Attempt Connection down but attempting contact for non broadcast networks Init Have received Hello packet but communications not yet established Two way Bi...

Страница 908: ...effectively delegates all error control functions to TCP The other major innovation for BGP is the use of path vectors which carry the full list of transit networks or ASs traversed between the source...

Страница 909: ...ll iBGP peers within the same AS should be connected to one another in a full mesh connection except when using route reflection When a prefix is announced from one iBGP peer to another the AS path is...

Страница 910: ...tes that it is an aggregate prefix which was derived from multiple ASes NEXT_HOP This attribute indicates the IP address of the router that should be used as the next hop to reach the router destinati...

Страница 911: ...stinations expressed as prefixes MP_UNREACH_NLRI This attribute withdraws non IPv4 routes It includes the route s AFI SAFI and network address prefixes EXTENDED COMMUNITIES This attribute provides a m...

Страница 912: ...ges is used to keep the BGP session up These message types are described below OPEN BGP routers normally wait for BGP connections on TCP port 179 A router that wants to establish an association will f...

Страница 913: ...done The aggregator node will now serve as a proxy using the more specific routes it still maintains in its own routing table After inbound routes have been aggregated the BGP speaker can propagates...

Страница 914: ...ure 8 Connections for Multiple Route Reflectors If there is only one route reflector in a cluster that router would still have to process the same number of routing messages that would be required if...

Страница 915: ...te with an Originator ID that matches its own router ID it should drop it Cluster List This is a list of the clusters through which a route announcement has passed When a route reflector passes on an...

Страница 916: ...her the AS Confed Sequence must be inserted into the AS Path along with the AS number of the member AS to help prevent looping Border routers that also peer with outside ASes have to modify routing in...

Страница 917: ...oute server client command to configure this router as a route server and the specified neighbor as its client Route Flap Dampening An update message is sent from a BGP speaker to a neighboring speake...

Страница 918: ...e route dampening However when invoked it may be necessary to fine tune the penalty attributes to ensure fair treatment to unstable routes Configuration Guidelines 1 Use the bgp dampening command to e...

Страница 919: ...oft re configuration PE clear ip bgp dampening Clears route dampening information and unsuppresses any suppressed routes PE Route Metrics and Selection bgp always compare med Allows comparisonoftheMul...

Страница 920: ...connections RC neighbor ebgp multihop Allows eBGP neighbors to exist in different segments and configures the maximum hop count TTL RC neighbor enforce multihop Enforces the requirement for all neighb...

Страница 921: ...when required RC neighbor strict capability match Forces strict capability matching when establishing connections RC neighbor timers Sets the Keep Alive time and Hold time used for specified neighbor...

Страница 922: ...und routing messages using the neighbor remove private as command Note that AS number 23456 is reserved for the AS Transitive attribute which is required when setting up a new BGP speaker show ip bgp...

Страница 923: ...t regular expression no ip as path access list access list name deny permit regular expression access list name Name of the access list Maximum length 16 characters no spaces or other special characte...

Страница 924: ...nities can be configured in a standard community list Maximum length 32 characters no spaces or other special characters deny Denies access to messages with matching community attribute permit Permits...

Страница 925: ...known communities or community numbers Expanded community lists are used to filter communities using a regular expression When multiple values are entered in the same community list they form a logica...

Страница 926: ...ssion 1 99 Standard community list number that identifies one or more groups of communities standard community list name Name of standard access list A maximum of 16 extended communities can be config...

Страница 927: ...e used to filter communities using a regular expression When multiple values are entered in the same community list they form a logical AND condition When multiple values are configured in separate co...

Страница 928: ...with the relevant parameters to remove an attribute from the prefix list Syntax no ip prefix list prefix list name seq sequence number deny permit any no ip prefix list prefix list name seq sequence n...

Страница 929: ...0 0 0 0 255 255 255 255 ge 0 le 32 can be included at the bottom of the list to grant passage for all other routing messages A prefix list can be applied to inbound or outbound updates for a specific...

Страница 930: ...Set information can be used to avoid routing loops because it records where the route has been If a router notes its own AS number in the AS Set of the aggregate update it will drop the aggregate to...

Страница 931: ...routes between specified clients within a cluster Clients within a reflector cluster therefore need not be fully meshed and the exchange of routing information is thereby reduced since the clients ne...

Страница 932: ...e point of failure This command is used to designate multiple route reflectors used within the same cluster so that they can recognize updates from other peer route reflectors and discard them to prev...

Страница 933: ...fully meshed connections between iBGP peers in the same AS It works by dividing up a large AS into several smaller ASes where only the peers in the same smaller AS are fully meshed thus reducing the n...

Страница 934: ...figured Command Usage This command is used to add multiple ASes to a confederation Each AS is fully meshed within itself and the AS members are visible internally within the confederation Use the bgp...

Страница 935: ...ime The maximum time a route can be suppressed Range 1 255 minutes Command Mode Router Configuration Default Setting half life 15 minutes reuse limit 750 suppress limit 2000 max suppress time 60 minut...

Страница 936: ...onomous system Example Console config router bgp enforce first as Console config router bgp fast external failover This command resets sessions for any directly connected external peers if the link go...

Страница 937: ...es in the system log file which can viewed using the show log ram command Example Console config router bgp log neighbor changes Console config router bgp network import check This command checks for...

Страница 938: ...d can be used manually set the router ID to a fixed value The router ID must be unique for every router in the autonomous system Using the default setting based on the highest interface address ensure...

Страница 939: ...ess bits used for the associated routing entries map name Name of the route map The route map can be used to filter the networks to advertise Range 1 80 characters backdoor Specifies a backdoor route...

Страница 940: ...ected Imports routes that are established automatically just by enabling IP on an interface ospf External routes will be imported from the Open Shortest Path First OSPF protocol into this routing doma...

Страница 941: ...rs Range 0 65535 seconds hold time The maximum interval after which a neighbor is declared dead if a keep alive or update message has not been received Range 0 65535 seconds Command Mode Router Config...

Страница 942: ...g peer If ignored a normal inbound soft reset is performed out Outbound sessions soft Uses soft re configuration for the reset which does not tear down the session Command Mode Privileged Exec Default...

Страница 943: ...xample This example assumes that soft re configuration has been set on the neighboring router Console config router clear ip bgp 192 168 0 254 soft in Console config router clear ip bgp dampening This...

Страница 944: ...mpared only among paths from the same autonomous system This command allows the comparison of MEDs among different paths regardless of the autonomous system from which the paths are received The bgp d...

Страница 945: ...tax no bgp bestpath compare confed aspath Command Mode Router Configuration Default Setting Disabled Example Console config router bgp bestpath compare confed aspath Console config router bgp bestpath...

Страница 946: ...ature Syntax no bgp bestpath med confed missing as worst confed Compare MED in confederation path missing as worst Consider as maximum MED value when missing Command Mode Router Configuration Default...

Страница 947: ...termine local policy Example Console config router bgp default local preference 100 Console config router bgp deterministic med This command enforces deterministic comparison of the MED attribute betw...

Страница 948: ...P routes Use the no form to restore the default setting Syntax distance distance ip address netmask access list name no distance ip address netmask distance Administrative distance for an eBGP route R...

Страница 949: ...distance Administrative distance for iBGP routes Range 1 255 local distance Administrative distance for local routes Range 1 255 Command Mode Router Configuration Default Setting eBGP 20 iBGP 200 loca...

Страница 950: ...peer group Use the no form to disable the exchange of routing information Syntax no neighbor ip address group name activate ip address IP address of a neighbor group name A BGP peer group containing a...

Страница 951: ...However the bgp dampening command can provide more precise control of route flapping Example Console config router neighbor 10 1 1 64 advertisement interval 20 Console config router neighbor allowas...

Страница 952: ...onfig router neighbor attribute unchanged This command configures certain route attributes to be kept unchanged for transparent transmission to the specified neighbor Use the no form to disable this f...

Страница 953: ...ted if a negotiated capability is unknown With dynamic negotiation of capabilities is enabled the capabilities by both sides are negotiated in OPEN messages with the partner responding if a capability...

Страница 954: ...efault originate ip address IP address of a neighbor group name A BGP peer group containing a list of neighboring routers configured with the neighbor peer group command map name Name of the route map...

Страница 955: ...ters Command Mode Router Configuration Default Setting No description specified Example Console config router neighbor 10 1 1 64 description bill s router Console config router neighbor distribute lis...

Страница 956: ...nections Use the no form to restore the default setting Syntax no neighbor ip address group name dont capability negotiate ip address IP address of a neighbor group name A BGP peer group containing a...

Страница 957: ...nd Usage This command can be used to allow routers in different network segments to create a BGP neighbor relationship If this command is entered without specifying a count the hop limit is set at 255...

Страница 958: ...t to or received from a neighbor based on an AS path access list Use the no form to disable route filtering Syntax neighbor ip address group name filter list access list in out no neighbor ip address...

Страница 959: ...vlan vlan id no neighbor ip address interface ip address IP address of a neighbor vlan id VLAN ID Range 1 4094 Command Mode Router Configuration Default Setting None Example Console config router nei...

Страница 960: ...s or to prevent malicious attacks If the threshold is specified but neither the restart nor warning keywords are used the connection will be closed until the records are cleared with the clear ip bgp...

Страница 961: ...directly connected with each other The neighbor next hop self command can be used to configure an iBGP router which is directly connected with an eBGP neighbor so that other iBGP routers in the same A...

Страница 962: ...n Active state waiting for an inbound connection request from a neighbor and not initiating any outbound connections with the neighbor via an Open message Example Console config router neighbor 10 1 1...

Страница 963: ...ime out Example Console config router neighbor 10 1 1 64 password frost Console config router neighbor peer group Creating This command configures a router peer group which can be easily configured wi...

Страница 964: ...roup use the neighbor group name peer group command Example Console config router neighbor 10 1 1 64 peer group RD Console config router neighbor port This command specifies the TCP port number of the...

Страница 965: ...ix list with the ip prefix list command and then use this command to specify the neighbors to which it applies and whether it applies to inbound or outbound messages Filtering routes based on a prefix...

Страница 966: ...Mode Router Configuration Default Setting No neighbors are configured Command Usage BGP neighbors must be manually configured A neighbor relationship can only be established if partners are configured...

Страница 967: ...portion of the AS path Example Console config router neighbor 10 1 1 64 remove private as Console config router neighbor route map This command specifies the route mapping policy for inbound outbound...

Страница 968: ...ress IP address of a neighbor group name A BGP peer group containing a list of neighboring routers configured with the neighbor peer group command Command Mode Router Configuration Default Setting Dis...

Страница 969: ...ed in iBGP Instead of maintaining direct eBGP peering sessions with every other service provider providers can acquire the same routing information through a single connection to a route server at the...

Страница 970: ...ommand Mode Router Configuration Default Setting No community attributes are sent If community type is not specified then only standard community attributes are sent Command Usage Community attributes...

Страница 971: ...peer group containing a list of neighboring routers configured with the neighbor peer group command Command Mode Router Configuration Default Setting Disabled Command Usage Use this command to employ...

Страница 972: ...oup name A BGP peer group containing a list of neighboring routers configured with the neighbor peer group command Command Mode Router Configuration Default Setting Disabled Command Usage This command...

Страница 973: ...he global timers bgp command Example Console config router neighbor 10 1 1 66 timers 50 200 Console config router neighbor timers connect This command sets the time to wait before attempting to reconn...

Страница 974: ...the no form to remove this configuration entry Syntax no neighbor ip address group name unsuppress map map name ip address IP address of a neighbor group name A BGP peer group containing a list of nei...

Страница 975: ...st interface to the neighbor is used for BGP connections This command can be used to specify any available interface for a TCP connection Example Console config router neighbor 10 1 1 66 update source...

Страница 976: ...bgp ip address netmask longer prefixes ip address IP address of a route entry netmask Network mask for the route This mask identifies the network address bits used for the associated routing entries l...

Страница 977: ...ntry is stale R Entry removed Origin codes Origin of table entry includes these values i Entry originated from an Interior Gateway Protocol IGP and was advertised using a network router configuration...

Страница 978: ...nly BGP table version is 0 local router ID is 192 168 0 2 Status codes s suppressed d damped h history valid best i internal r RIB failure S Stale R Removed Origin codes i IGP e EGP incomplete Network...

Страница 979: ...ed only to peers in the same autonomous system or to other sub autonomous systems within a confederation These routes are not advertised to external peers exact match Displays only routes that match t...

Страница 980: ...st rd BGP table version is 0 local router ID is 192 168 0 2 Status codes s suppressed d damped h history valid best i internal r RIB failure S Stale R Removed Origin codes i IGP e EGP incomplete Netwo...

Страница 981: ...ap statistics BGP table version is 0 local router ID is 192 168 0 2 Status codes s suppressed d damped h history valid best i internal r RIB failure S Stale R Removed Origin codes i IGP e EGP incomple...

Страница 982: ...mber of prefixes 1 Console show ip bgp neighbors This command chows connection information for neighbor sessions Syntax show ip bgp neighbors ip address advertised routes received prefix filter receiv...

Страница 983: ...sement runs is 30 seconds For address family IPv4 Unicast Community attribute sent to this neighbor both Inbound path policy configured 1 accepted prefixes Connections established 1 dropped 0 Last res...

Страница 984: ...tween transmission of advertisements For address family Address family to which the following information refers Local host port IP address and TCP port of the local BGP speaker Foreign host port IP a...

Страница 985: ...ale R Removed Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 100 1 1 0 24 10 1 1 66 0 200 300 10 1 1 100 0 32768 Console show ip bgp regexp This command shows routes ma...

Страница 986: ...168 0 2 Status codes s suppressed d damped h history valid best i internal r RIB failure S Stale R Removed Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 100 1 1 0 24 1...

Страница 987: ...es permitted by a community list Syntax show ip community list 1 99 100 500 community list name 1 99 Standard community list number that identifies one or more groups of communities 100 500 Expanded c...

Страница 988: ...Syntax show ip prefix list prefix list name ip address netmask first match longer seq sequence number prefix list name Name of prefix list Maximum length 128 characters no spaces or other special cha...

Страница 989: ...Console show ip prefix list detail rd ip prefix list rd count 1 range entries 0 sequences 5 5 seq 5 deny 10 0 0 0 8 ge 14 le 22 hit count 0 refcount 0 Console show ip prefix list summary This command...

Страница 990: ...he neighbor filter list in command FiltOut Indicates whether a filter for outgoing routing updates has been specified with the neighbor filter list out command DistIn Indicates whether routes are dist...

Страница 991: ...icy based routing If no matching criteria are found in the route map normal unicast routing is used to determine the packet s next hop Although route redistribution is protocol independent some of the...

Страница 992: ...RM set as path Modifies the AS path by prepending or excluding an AS number RM set atomic aggregate Indicates the loss of some information in the route aggregation process RM set comm list delete Rem...

Страница 993: ...rform if the criteria enforced by the match commands are met If the match criteria are met for a route map and the permit keyword specified the packet is policy routed based on defined set commands If...

Страница 994: ...sole config route map set weight 30 Console config route map call This command jumps to another route map after match and set commands are executed Use the no form to remove an entry from a route map...

Страница 995: ...entry the next entry is executed Example Console config route map RD permit 1 Console config route map match as path 60 Console config route map set weight 30 Console config route map continue 3 Cons...

Страница 996: ...g route map match as path 60 Console config route map set weight 30 Console config route map Related Commands ip as path access list 923 match community This command sets a BGP community access list t...

Страница 997: ...unities 100 500 Expanded community list number that identifies one or more groups of communities Command Mode Route Map Command Usage This command matches the extended community attributes of the BGP...

Страница 998: ...this entry from a route map Syntax match ip next hop access list name prefix list prefix list name no match ip next hop access list name Name of standard or extended access list Maximum length 32 cha...

Страница 999: ...t name Name of a specific prefix list Command Mode Route Map Command Usage Note that there may be situations in which the next hop and source router address of the route are not the same Example Conso...

Страница 1000: ...to match in routing messages Use the no form to remove this entry from a route map Syntax match pathlimit as as limit no match pathlimit as as limit Maximum AS path length Range 1 4294967295 Command...

Страница 1001: ...the parent AS the AS number contained in the AS_PATHLIMIT attribute should be replaced by the AS number of the parent AS Similarly if the AS_PATHLIMIT attribute is attached to a prefix by a member of...

Страница 1002: ...and IP address to the aggregator attribute of a route Use the no form to remove this entry from a route map Syntax set aggregator as as number ip address no set aggregator as as number ip address as n...

Страница 1003: ...o the AS path of the route that is matched as number Autonomous system number Range 1 4294967295 Command Mode Route Map Command Usage Note that best path selection may be influenced with this command...

Страница 1004: ...ities 100 500 Expanded community list number that identifies one or more groups of communities community list name Name of standard or expanded community list Maximum length 32 characters no spaces or...

Страница 1005: ...this community attribute are advertised to all internal and external peers local as Specifies the local autonomous system Routes with this community attribute are advertised only to peers that are par...

Страница 1006: ...number and a 4 byte network number separated by one colon Each 2 byte number can range from 0 to 65535 and 4 byte numbers from 0 to 4294967295 IP NN Community to deny or permit The community number is...

Страница 1007: ...BGP peering address Command Mode Route Map Command Usage The IP address specified as the next hop need not be an adjacent router When this command is used with the peer address keyword in an inbound r...

Страница 1008: ...ic for inter autonomous systems use the set metric command A route with a higher local priority level when compared with other routes to the same destination will be preferred over other routes Exampl...

Страница 1009: ...er 192 168 0 99 Console config route map set metric 1 Console config route map set origin This command sets the BGP origin code for the routing protocol which generated this message Use the no form to...

Страница 1010: ...0 99 Console config route map set originator id 192 168 0 254 Console config route map set pathlimit ttl This command sets the maximum AS path length for propagation of more specific prefixes in routi...

Страница 1011: ...e Route Map Command Usage Weights are used to determine the best path available to the local switch The route with the highest weight gets preference over other routes to the same network Weights assi...

Страница 1012: ...ing Commands Policy based Routing for BGP 1012 Example Console show route map RD route map RD permit sequence 1 Match clauses peer 102 168 0 99 Set clauses comm list 100 delete Call clause Action Exit...

Страница 1013: ...cast routing Syntax no ip multicast routing Table 193 Multicast Routing Commands Command Group Function General Multicast Routing Enables IP multicast routing globally also displays the IP multicast r...

Страница 1014: ...mroute This command displays the IPv4 multicast routing table Syntax show ip mroute group address source summary group address An IPv4 multicast group address with subscribers directly attached or dow...

Страница 1015: ...M SSM C Connected A member of the multicast group is present on this interface P Pruned This route has been terminated F Register flag This device is registering for a multicast source R RP bit set Th...

Страница 1016: ...terfaces that Incoming Interface Interface leading to the upstream neighbor PIM creates a multicast routing tree based on the unicast routing table If the related unicast routing table does not exist...

Страница 1017: ...ource summary Displays summary information for each entry in the IP multicast routing table Command Mode Privileged Exec Command Usage This command displays information for multicast routing If no opt...

Страница 1018: ...f the SPT flag is set for S G the router immediately joins the shortest path tree Interface state The multicast state for the displayed interface group address IP multicast group address for a request...

Страница 1019: ...cast routes on the switch ip igmp snooping vlan mrouter This command statically configures a multicast router port Use the no form to remove the configuration Syntax ip igmp snooping vlan vlan id mrou...

Страница 1020: ...ast Routing This section describes commands used to configure static multicast routes on the switch ip igmp snooping vlan mrouter This command statically configures a multicast router port Use the no...

Страница 1021: ...t router port within VLAN 1 Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config show ip igmp snooping mrouter This command displays information on statically configured and dyn...

Страница 1022: ...m a neighboring PIM router before declaring it dead IC ip pim hello interval Sets the interval between sending PIM hello messages IC ip pim join prune holdtime Configures the hold time for the prune s...

Страница 1023: ...ce address of a register message to an address other than the outgoing interface address of the designated router DR leading toward the rendezvous point RP GC ip pim rp address Sets a static address f...

Страница 1024: ...isable PIM DM or PIM SM on this interface Syntax no ip pim dense mode sparse mode dense mode Enables PIM Dense Mode sparse mode Enables PIM Sparse Mode Default Setting Disabled Command Mode Interface...

Страница 1025: ...e Shortest Path Source Tree SPT they periodically send join messages toward the source They also send prune messages toward the RP to prune the shared path if they have already connected to the source...

Страница 1026: ...at which PIM hello messages are transmitted Use the no form to restore the default value Syntax ip pim hello interval seconds no pim hello interval seconds Interval between sending PIM hello messages...

Страница 1027: ...icast stream The prune state is maintained until the join prune holdtime timer expires or a graft message is received for the forwarding entry Example Console config if ip pim join prune holdtime 60 C...

Страница 1028: ...respond to a lan prune delay message Use the no form to restore the default setting Syntax ip pim override interval milliseconds no ip pim override interval milliseconds The time required for a downst...

Страница 1029: ...ame VLAN interface Range 100 5000 milliseconds Default Setting 500 milliseconds Command Mode Interface Configuration VLAN Command Usage The override interval configured by the ip pim override interval...

Страница 1030: ...m value between 0 and the trigger hello delay This prevents synchronization of Hello messages on multi access links if multiple routers are powered on simultaneously Also if a Hello message is receive...

Страница 1031: ...show ip pim neighbor This command displays information about PIM neighbors Syntax show ip pim neighbor interface vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays information for all...

Страница 1032: ...the graft message will resend it a number of times as defined by the ip pim max graft retries command Example Console config if ip pim graft retry interval 9 Console config if ip pim max graft retrie...

Страница 1033: ...erface Configuration VLAN Command Usage The pruned state times out approximately every three minutes and the entire PIM DM network is reflooded with multicast packets and prune messages The state refr...

Страница 1034: ...candidate with the larger IP address is elected to be the BSR Setting the priority to zero means that this router is not eligible to server as the BSR At least one router in the PIM SM domain must be...

Страница 1035: ...t which register messages are sent by the Designated Router DR for each source group entry Use the no form to restore the default value Syntax ip pim register rate limit rate no ip pim register rate l...

Страница 1036: ...ent from the RP to the source address will fail to reach the DR resulting in PIM SM protocol failures This command can be used to overcome this type of problem by manually configuring the source addre...

Страница 1037: ...g this command are both available for a group range the RP address learned by the BSR is chosen over the one statically configured with this command All routers within the same PIM SM domain must be c...

Страница 1038: ...P candidate with the largest priority is preferred If the priority values are the same the candidate with the larger IP address is elected to be the RP Setting the priority to zero means that this rou...

Страница 1039: ...ations each to serve as both a candidate BSR and candidate RP It is also preferable to set up one of these routers as both the primary BSR and RP Example The following example configures the router to...

Страница 1040: ...r will join the shortest path tree immediately after receiving the first packet from a new source This command forces the router to use the shared tree for all multicast groups or just for the specifi...

Страница 1041: ...or core routers is that they are capable of forwarding IGMPv3 messages However when PIM SM is used by either edge or core routers the Rendezvous Point RP must not be configured to accept any registrat...

Страница 1042: ...Command Usage More than one PIM SM router may be connected to an Ethernet or other shared media LAN If multicast hosts are directly connected to the LAN then only one of these routers is elected as t...

Страница 1043: ...tting Syntax ip pim join prune interval seconds no ip pim join prune interval seconds The interval at which join prune messages are sent Range 1 65535 seconds Default Setting 60 seconds Command Mode I...

Страница 1044: ...oldTime 105 sec Triggered Hello Delay 5 sec Join Prune Holdtime 210 sec Lan Prune Delay Disabled Propagation Delay 500 ms Override Interval 2500 ms DR Priority 20 Join Prune Interval 80 sec Console cl...

Страница 1045: ...ocess Hash Mask Length The number of significant bits used in the multicast group comparison mask This mask determines the multicast group for which this router can be a BSR Expire The time before thi...

Страница 1046: ...ed the mapping Syntax show ip pim rp hash group address group address An IP multicast group address Command Mode Privileged Exec Example This example displays the RP used for the specified group Conso...

Страница 1047: ...the router GC ipv6 pim Enables PIM DM or PIM SM on the specified interface IC ipv6 pim hello holdtime Sets the time to wait for hello messages from a neighboring PIM router before declaring it dead I...

Страница 1048: ...at which register messages are sent by the Designated Router DR GC ipv6 pim register source Configure the IP source address of a register message to an address other than the outgoing interface addres...

Страница 1049: ...ode Enables PIM Sparse Mode Default Setting Disabled Command Mode Interface Configuration VLAN Command Usage To fully enable PIM you need to enable multicast routing globally for the router with the i...

Страница 1050: ...ave already connected to the source through the SPT or if there are no longer any group members connected to the interface Example Console config interface vlan 1 Console config if ipv6 pim dense mode...

Страница 1051: ...ding PIM hello messages Range 1 65535 Default Setting 30 seconds Command Mode Interface Configuration VLAN Command Usage Hello messages are sent to neighboring PIM routers from which this device has r...

Страница 1052: ...le this feature Syntax no ipv6 pim lan prune delay Default Setting Disabled Command Mode Interface Configuration VLAN Command Usage When other downstream routers on the same VLAN are notified that thi...

Страница 1053: ...ed in the message Range 500 6000 milliseconds Default Setting 2500 milliseconds Command Mode Interface Configuration VLAN Command Usage The override interval configured by this command and the propaga...

Страница 1054: ...late the LAN prune delay If a downstream router has group members which want to continue receiving the flow referenced in a LAN prune delay message then the propagation delay represents the time requi...

Страница 1055: ...f show ipv6 pim interface This command displays information about interfaces configured for PIM Syntax show ipv6 pim interface vlan vlan id vlan id VLAN ID Range 1 4094 Command Mode Normal Exec Privil...

Страница 1056: ...acknowledgement before resending a Graft Use the no form to restore the default value Syntax ipv6 pim graft retry interval seconds no ipv6 pim graft retry interval seconds The time before resending a...

Страница 1057: ...etries command Example Console config if ipv6 pim graft retry interval 9 Console config if Related Commands ipv6 pim override interval 1053 ipv6 pim propagation delay 1054 ipv6 pim max graft retries T...

Страница 1058: ...tree refreshing the prune state on the outgoing interfaces of each router in the tree This also enables PIM routers to recognize topology changes sources joining or leaving a multicast group before th...

Страница 1059: ...The IP address of the designated VLAN is sent as the candidate s BSR address Each neighbor receiving the bootstrap message compares the BSR address with the address from previous messages If the curr...

Страница 1060: ...and RP However because register messages exceeding the limit are dropped some receivers may experience data packet loss within the first few seconds in which register messages are sent from bursty so...

Страница 1061: ...the no form to remove an RP address or an RP address for a specific group Syntax no ipv6 pim rp address rp address group prefix group prefix rp address Static IPv6 address of the router that will be a...

Страница 1062: ...multicast groups are removed Example In the following example the first PIM SM command just specifies the RP address 192 168 1 1 to indicate that it will be used to service all multicast groups The s...

Страница 1063: ...an active RP for each group range The el6ection process is performed by the BSR only for its own use Each PIM SM router that receives the list of RP candidates from the BSR also elects an active RP f...

Страница 1064: ...roup If a group address is not specified the command applies to all multicast groups Range FFXX X X X X 8 128 Default Setting The last hop PIM6 router joins the shortest path tree immediately after th...

Страница 1065: ...ult Setting 1 Command Mode Interface Configuration VLAN Command Usage More than one PIM SM router may be connected to an Ethernet or other shared media LAN If multicast hosts are directly connected to...

Страница 1066: ...fault setting Syntax ipv6 pim join prune interval seconds no ipv6 pim join prune interval seconds The interval at which join prune messages are sent Range 1 65535 seconds Default Setting 60 seconds Co...

Страница 1067: ...llo HoldTime 105 sec Triggered Hello Delay 5 sec Join Prune Holdtime 210 sec Lan Prune Delay Disabled Propagation Delay 500 ms Override Interval 2500 ms DR Priority 1 Join Prune Interval 220 sec Conso...

Страница 1068: ...ction process Hash Mask Length The number of significant bits used in the multicast group comparison mask This mask determines the multicast group for which this router can be a BSR Expire The time be...

Страница 1069: ...tax show ipv6 pim rp hash group address group address An IP multicast group address Command Mode Privileged Exec Example This example displays the RP used for the specified group Console show ipv6 pim...

Страница 1070: ...PIM Multicast Routing 1070 Table 209 show ip pim rp hash display description Field Description RP address IP address of the RP used for the specified multicast group Info source RP that advertised th...

Страница 1071: ...1071 Section III Appendices This section provides additional information and includes these items Troubleshooting on page 1077 License Information on page 1079...

Страница 1072: ...Section III Appendices 1072...

Страница 1073: ...EtherChannel Like trunks 2 2 8 port trunk 10GE 3 2 4 port trunk 40GE NO Unicast Multicast load balance over trunking port YES load balance mechanism SA DS SIP DIP NO VLAN Traffic Segmentation Port Is...

Страница 1074: ...YES NO Remote Authentication via TACACS YES NO HTTPS and SSL Secured Web YES NO Management Interface Access Filtering SNMP WEB TELNET YES NO Management Features Software Download Upgrade TFTP YES NO F...

Страница 1075: ...v4 Multi netting YES NO CIDR Classless Inter Domain Routing YES NO Unicast Routing Static Unicast Routes YES NO Equal Cost multipath routing ECMP YES NO OSPF YES NO ARP YES Global share with routing e...

Страница 1076: ...76 Termination MAC Flow Table NO YES Bridging Flow Table NO YES Unicast Routing Flow Table NO YES Multicast Routing Flow Table NO YES ACL Policy Flow Table NO YES Table 210 Legacy and Hybrid Operating...

Страница 1077: ...ting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again a...

Страница 1078: ...Repeat the sequence of commands or other actions that lead up to the error 7 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 8 Set...

Страница 1079: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Страница 1080: ...you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this Lice...

Страница 1081: ...s These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License...

Страница 1082: ...k for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two go...

Страница 1083: ...CP is based on the Bootstrap Protocol BOOTP adding the capability of automatic allocation of reusable network addresses and additional configuration options DHCP Option 82 A relay option for sending i...

Страница 1084: ...rived from a 48 bit link layer address by inserting the hexadecimal number FFFE between the upper three bytes OUI field and the lower 3 bytes serial number of the link layer address To ensure that the...

Страница 1085: ...ls access to the switch ports by requiring users to first enter a user ID and password for authentication IEEE 802 3ac Defines frame extensions for VLAN tagging IEEE 802 3x Defines Ethernet frame star...

Страница 1086: ...other device Layer 2 Data Link layer in the ISO 7 Layer Data Communications Protocol This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses...

Страница 1087: ...by using a common VLAN for distribution while still preserving security and data isolation for subscribers residing in both the MVR VLAN and other standard or private VLAN groups NTP Network Time Pro...

Страница 1088: ...n the network RIP Routing Information Protocol seeks to find the shortest route to another device by minimizing the distance vector or hop count which serves as a rough estimate of transmission cost R...

Страница 1089: ...m Protocol UDP provides a datagram mode for packet switched communications It uses IP as the underlying transport mechanism to provide access to IP like services UDP packets are delivered just like IP...

Страница 1090: ...Glossary 1090 XModem A protocol used to transfer files between devices Data is grouped in 128 byte blocks and error corrected...

Страница 1091: ...federation identifier 933 bgp confederation peer 934 bgp dampening 935 bgp default local preference 947 bgp deterministic med 947 bgp enforce first as 936 bgp fast external failover 936 bgp log neighb...

Страница 1092: ...948 distance bgp 949 dot1q tunnel system tunnel control 484 dot1q tunnel tpid 485 dot1x default 241 dot1x eapol pass through 241 dot1x intrusion action 243 dot1x max reauth req 243 dot1x max req 244...

Страница 1093: ...8 ip igmp proxy unsolicited report interval 640 ip igmp query drop 613 ip igmp query interval 631 ip igmp robustval 632 ip igmp snooping 583 ip igmp snooping priority 584 ip igmp snooping proxy report...

Страница 1094: ...esp interval 642 ipv6 mld proxy 649 ipv6 mld proxy unsolicited report interval 651 ipv6 mld query interval 643 ipv6 mld robustval 644 ipv6 mld snooping 618 ipv6 mld snooping querier 618 ipv6 mld snoop...

Страница 1095: ...p med tlv inventory 670 lldp med tlv location 671 lldp med tlv med cap 671 lldp med tlv network policy 672 lldp notification 672 lldp notification interval 657 lldp refresh interval 657 lldp reinit de...

Страница 1096: ...eighbor unsuppress map 974 neighbor update source 975 neighbor weight 975 network 825 network 939 network area 856 network access aging 262 network access dynamic qos 264 network access dynamic vlan 2...

Страница 1097: ...39 set extcommunity 1006 set ip next hop 1007 set local preference 1008 set metric 1008 set origin 1009 set originator id 1010 set pathlimit ttl 1010 set phb 540 set weight 1011 show access group 356...

Страница 1098: ...nterface 875 show ip ospf neighbor 877 show ip ospf route 878 show ip ospf virtual links 878 show ip pim bsr router 1045 show ip pim interface 1030 show ip pim neighbor 1031 show ip pim rp mapping 104...

Страница 1099: ...tion 523 show qos map ip port dscp 523 show qos map ip prec dscp 524 show qos map phb queue 525 show qos map trust mode 525 show queue mode 511 show queue weight 511 show radius server 220 show reload...

Страница 1100: ...87 switchport dot1q tunnel service match cvid 488 switchport forbidden vlan 477 switchport gvrp 470 switchport ingress filtering 478 switchport l2protocol tunnel 496 switchport mode 479 switchport mtu...

Страница 1101: ...vrrp timers advertise 796 vxlan flood 500 vxlan udp dst port 499 vxlan vlan vni 501 W watchdog software 124 web auth 277 web auth login attempts 275 web auth quiet period 276 web auth re authenticate...

Страница 1102: ...List of CLI Commands 1102...

Страница 1103: ...ARP ACL 352 enabling globally 322 enabling per VLAN 325 trusted ports 327 ATC 781 authentication MAC address authentication 261 269 MAC configuring ports 261 network access 261 269 public key 232 web...

Страница 1104: ...map to CNPV 563 dot1p priroty alternate CNPv priority global 564 dot1p priroty alternate CNPv priority interface 566 enabling priority congestion notification message 562 command line interface See C...

Страница 1105: ...on rate 533 534 537 configuring 527 conforming traffic configuring response 533 534 537 description 529 excess burst size 535 metering configuring 533 peak burst size 537 peak information rate 537 pol...

Страница 1106: ...447 IEEE 802 1w 447 IEEE 802 1X 240 242 IGMP clearing groups 634 enabling per interface 628 filter profiles binding to interface 611 filter profiles configuration 608 filter interface configuration 6...

Страница 1107: ...ynamic configuration 65 manual configuration 62 setting 62 742 IPv4 source guard configuring static entries 303 setting filter criteria 305 setting maximum bindings 306 IPv6 configuring static neighbo...

Страница 1108: ...216 sequence 214 215 settings 215 TACACS client 221 TACACS server 221 logon authentication settings 216 221 logon banner configuring 104 loop back messages CFM 681 715 loopback detection non STA 423...

Страница 1109: ...validation 784 785 enabling 782 max bindings 786 trusted interface 787 Neighbor Discovery Snooping See ND snooping network access authentication 261 dynamic QoS assignment 264 dynamic VLAN assignment...

Страница 1110: ...displaying 1031 sparse mode attributes 1023 1034 PIM DM 1022 configuring 1022 global configuration 1023 interface settings 1024 1032 neighbor routers 1031 PIM SM 1022 bootstrap router 1034 BSR candida...

Страница 1111: ...g 527 CoS CFI to PHB drop precedence 513 DSCP to PHB drop precedence 517 dynamic assignment 264 IP Port to PHB drop precedence 518 IP precedence to PHB drop precedence 519 matching class settings 529...

Страница 1112: ...0 PIMv6 SM 1064 shortest path tree PIM SM 1015 1018 1040 PIMv6 SM 1064 SMTP event handling 159 sending log events 159 SNMP 181 community string 183 enabling traps 186 enabling traps mac address change...

Страница 1113: ...ntation 330 assigning ports 330 332 enabling 330 332 sessions assigning ports 330 332 sessions creating 330 332 trap manager 68 187 troubleshooting 1077 trTCM police meter 537 QoS policy 537 trunk con...

Страница 1114: ...protocol message statistics 800 timers 796 virtual address 793 W web authentication 277 address re authenticating 278 configuring 277 configuring ports 277 port information displaying 279 ports confi...

Страница 1115: ......

Страница 1116: ...AS5700 54X AS6700 32X E032016 ST R02 149100000198A...

Отзывы:

Нет отзывов