Edge-Core ECS4120-28F Скачать руководство пользователя страница 352 | Manualshive

Страница: 352 / 938

Edge-Core ECS4120-28F Скачать руководство пользователя страница 352

Chapter 9

| General Security Measures

Denial of Service Protection

– 352 –

Example

Console#show ip arp inspection vlan 1

VLAN ID DAI Status ACL Name ACL Status

-------- --------------- -------------------- --------------------

1 disabled sales static

Console#

Denial of Service Protection

A denial-of-service attack (DoS attack) is an attempt to block the services provided
by a computer or network resource. This kind of attack tries to prevent an Internet
site or service from functioning efficiently or at all. In general, DoS attacks are
implemented by either forcing the target to reset, to consume most of its resources
so that it can no longer provide its intended service, or to obstruct the
communication media between the intended users and the target so that they can
no longer communicate adequately.

This section describes commands used to protect against DoS attacks.

dos-protection land

This command protects against DoS LAND (Local Area Network Denial) attacks in
which hackers send spoofed-IP packets where the source and destination address
are the same, thereby causing the target to reply to itself continuously. Use the

no

form to disable this feature.

Syntax

[

no

]

dos-protection land

Default Setting

Disabled

Command Mode

Global Configuration

Table 65: DoS Protection Commands

Command

Function

Mode

dos-protection land

Protects against DoS LAND attacks

GC

dos-protection tcp-null-scan

Protects against DoS TCP-null-scan attacks

GC

dos-protection tcp-syn-fin-scan

Protects against DoS TCP-SYN/FIN-scan attacks

GC

dos-protection tcp-xmas-scan

Protects against DoS TCP-XMAS-scan attacks

GC

show dos-protection

Shows the configuration settings for DoS protection PE

«
...
350
351
352
353
354
...
»

Содержание ECS4120-28F

Страница 1: ...CLI Reference Guide www edge core com ECS4120 28F 28F I ECS4120 28T 28P ECS4120 52T 28 52 Port Layer 2 Gigabit Ethernet Switch Software Release v1 0 2 25...

Страница 2: ...perature 0 C 50 C ECS4120 28F I Gigabit Ethernet Switch L2 Gigabit Ethernet Switch with 20 100 1000 SFP Ports 4 10 100 1000 BASE T RJ 45 100 1000 SFP Combo Ports 4 10 Gigabit SFP Ports and DC Power Su...

Страница 3: ...ribes the switch s command line interface CLI For more detailed information on the switch s key features refer to the Administrator s Guide The guide includes these sections Section I Getting Started...

Страница 4: ...age the system or equipment Revision History This section summarizes the changes in each revision of this guide Revision Date Change Description v1 0 2 25 09 2017 Added ECS4120 28F I ip dhcp l2 relay...

Страница 5: ...iguring the Switch for Remote Management 51 Setting an IP Address 51 Enabling SNMP Management Access 57 Managing System Files 59 Upgrading the Operation Code 60 Saving or Restoring Configuration Setti...

Страница 6: ...on Commands 76 Partial Keyword Lookup 78 Negating the Effect of Commands 78 Using Command History 78 Understanding Command Modes 78 Exec Commands 79 Configuration Commands 80 Command Line Processing...

Страница 7: ...manager info 103 banner configure mux 104 banner configure note 104 show banner 105 System Status 105 show access list tcam utilization 106 show location led status 107 show memory 107 show process c...

Страница 8: ...ode reload 130 show upgrade 131 TFTP Configuration Commands 131 ip tftp retry 131 ip tftp timeout 132 show ip tftp 132 Line 133 line 134 databits 134 exec timeout 135 login 136 parity 137 password 137...

Страница 9: ...w logging sendmail 154 Time 154 SNTP Commands 155 sntp client 155 sntp poll 156 sntp server 157 show sntp 157 NTP Commands 158 ntp authenticate 158 ntp authentication key 159 ntp client 160 ntp server...

Страница 10: ...80 snmp server contact 180 snmp server location 181 show snmp 181 SNMP Target Host Commands 182 snmp server enable traps 182 snmp server host 184 snmp server enable port traps mac notification 186 sho...

Страница 11: ...mon events 208 show rmon history 209 show rmon statistics 209 7 Flow Sampling Commands 211 sflow owner 212 sflow polling instance 213 sflow sampling instance 214 show sflow 215 8 Authentication Comman...

Страница 12: ...accounting dot1x 232 aaa accounting exec 233 aaa accounting update 234 aaa authorization exec 235 aaa group server 236 server 236 accounting dot1x 237 accounting exec 237 authorization exec 238 show a...

Страница 13: ...auth control 257 Authenticator Commands 258 dot1x intrusion action 258 dot1x max reauth req 259 dot1x max req 259 dot1x operation mode 260 dot1x port control 261 dot1x re authentication 261 dot1x tim...

Страница 14: ...283 Network Access MAC Address Authentication 285 network access aging 286 network access mac filter 287 mac authentication reauth time 288 network access dynamic qos 288 network access dynamic vlan 2...

Страница 15: ...ption remote id 311 ip dhcp snooping information option tr101 board id 312 information policy 312 ip dhcp snooping limit rate 313 ip dhcp snooping verify mac address 314 ip dhcp snooping vlan 314 ip d...

Страница 16: ...nding 337 IPv6 Source Guard 338 ipv6 source guard binding 338 ipv6 source guard 340 ipv6 source guard max binding 341 show ipv6 source guard 342 show ipv6 source guard binding 343 ARP Inspection 343 i...

Страница 17: ...ss Control Lists 361 IPv4 ACLs 361 access list ip 362 permit deny Standard IP ACL 363 permit deny Extended IPv4 ACL 364 ip access group 366 show ip access group 367 show ip access list 367 IPv6 ACLs 3...

Страница 18: ...l 391 history 392 media type 392 negotiation 393 shutdown 394 speed duplex 395 switchport block 396 switchport mtu 397 clear counters 398 show discard 399 show interfaces brief 399 show interfaces cou...

Страница 19: ...guration Commands 427 port channel load balance 427 channel group 428 Dynamic Configuration Commands 429 lacp 429 lacp admin key Ethernet Interface 430 lacp port priority 431 lacp system priority 432...

Страница 20: ...ntrol release timer 464 auto traffic control 465 auto traffic control action 465 auto traffic control alarm clear threshold 466 auto traffic control alarm fire threshold 467 auto traffic control auto...

Страница 21: ...loopback detection 479 17 UniDirectional Link Detection Commands 481 udld detection interval 481 udld message interval 482 udld recovery 483 udld recovery interval 483 udld aggressive 484 udld port 4...

Страница 22: ...ee loopback detection 511 spanning tree loopback detection action 512 spanning tree loopback detection release mode 513 spanning tree loopback detection trap 514 spanning tree mst cost 514 spanning tr...

Страница 23: ...41 rpl neighbor 542 rpl owner 542 version 543 wtr timer 544 clear erps statistics 545 erps clear 545 erps forced switch 546 erps manual switch 548 show erps 549 21 VLAN Commands 555 GVRP and Bridge Ex...

Страница 24: ...ce match cvid 575 switchport dot1q tunnel tpid 578 show dot1q tunnel 579 Configuring L2PT Tunneling 580 l2protocol tunnel tunnel dmac 580 switchport l2protocol tunnel 582 show l2protocol tunnel 583 Co...

Страница 25: ...rity default 604 show queue mode 605 show queue weight 605 Priority Commands Layer 3 and 4 606 qos map phb queue 607 qos map cos dscp 608 qos map default drop precedence 609 qos map dscp cos 610 qos m...

Страница 26: ...2 ip igmp snooping proxy reporting 642 ip igmp snooping querier 643 ip igmp snooping router alert option check 644 ip igmp snooping router port expire time 644 ip igmp snooping tcn flood 645 ip igmp s...

Страница 27: ...nooping vlan mrouter 663 IGMP Filtering and Throttling 664 ip igmp filter Global Configuration 665 ip igmp profile 666 permit deny 666 range 667 ip igmp authentication 667 ip igmp filter Interface Con...

Страница 28: ...ow ipv6 mld snooping 686 show ipv6 mld snooping group 686 show ipv6 mld snooping group source list 687 show ipv6 mld snooping mrouter 688 show ipv6 mld snooping statistics 688 MLD Filtering and Thrott...

Страница 29: ...1 show mvr 712 show mvr associated profile 713 show mvr interface 713 show mvr members 714 show mvr profile 716 show mvr statistics 716 MVR for IPv6 722 mvr6 associated profile 723 mvr6 domain 723 mvr...

Страница 30: ...lldp basic tlv management ip address 751 lldp basic tlv port description 752 lldp basic tlv system capabilities 753 lldp basic tlv system description 753 lldp basic tlv system name 754 lldp dot1 tlv...

Страница 31: ...name 782 ma index name format 783 ethernet cfm mep 784 ethernet cfm port enable 785 clear ethernet cfm ais mpid 785 show ethernet cfm configuration 786 show ethernet cfm md 788 show ethernet cfm ma 78...

Страница 32: ...rnet cfm linktrace cache 806 Loopback Operations 807 ethernet cfm loopback 807 Fault Generator Operations 808 mep fault notify alarm time 808 mep fault notify lowest priority 809 mep fault notify rese...

Страница 33: ...r dns cache 833 clear host 833 show dns 833 show dns cache 834 show hosts 834 29 DHCP Commands 837 DHCP Client 837 DHCP for IPv4 837 ip dhcp client class id 837 ip dhcp restart client 839 DHCP for IPv...

Страница 34: ...ties 862 ipv6 default gateway 862 ipv6 address 863 ipv6 address autoconfig 864 ipv6 address eui 64 865 ipv6 address link local 867 ipv6 enable 869 ipv6 mtu 870 show ipv6 default gateway 871 show ipv6...

Страница 35: ...ing binding 894 clear ipv6 nd snooping prefix 894 show ipv6 nd snooping 895 show ipv6 nd snooping binding 895 show ipv6 nd snooping prefix 896 30 IP Routing Commands 897 Global Routing Configuration 8...

Страница 36: ...Contents 36...

Страница 37: ...y Shutting Down a Port 463 Figure 3 Non ERPS Device Protection 533 Figure 4 Sub ring with Virtual Channel 540 Figure 5 Sub ring without Virtual Channel 540 Figure 6 Configuring VLAN Trunking 570 Figur...

Страница 38: ...Figures 38...

Страница 39: ...tion 109 Table 13 show system display description 114 Table 14 show version display description 116 Table 15 Fan Control Commands 117 Table 16 Frame Size Commands 118 Table 17 Flash File Commands 120...

Страница 40: ...erver Commands 243 Table 46 Secure Shell Commands 246 Table 47 show ssh display description 255 Table 48 802 1X Port Authentication Commands 255 Table 49 Management IP Filter Commands 267 Table 50 PPP...

Страница 41: ...ption 436 Table 80 show lacp neighbors display description 437 Table 81 show lacp sysid display description 438 Table 82 PoE Commands 439 Table 83 Maximum Number of Ports Providing Simultaneous Power...

Страница 42: ...AN Commands 594 Table 118 Priority Commands 601 Table 119 Priority Commands Layer 2 601 Table 120 Priority Commands Layer 3 and 4 606 Table 121 Mapping Internal Per hop Behavior to Hardware Queues 607...

Страница 43: ...150 show mvr6 members display description 739 Table 151 show mvr6 statistics input display description 740 Table 152 show mvr6 statistics output display description 741 Table 153 show mvr6 statistics...

Страница 44: ...asic IP Configuration Commands 850 Table 178 Address Resolution Protocol Commands 857 Table 179 IPv6 Configuration Commands 861 Table 180 show ipv6 interface display description 872 Table 181 show ipv...

Страница 45: ...ides an overview of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these ch...

Страница 46: ...Section I Getting Started 46...

Страница 47: ...standard web browser such as Internet Explorer 11 Mozilla Firefox 52 or Google Chrome 57 or more recent versions The switch s web management interface can be accessed from any computer attached to th...

Страница 48: ...RS 232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch A null modem console cable is provided with the switch Attach a VT100 compatible terminal or...

Страница 49: ...e connection press Enter The User Access Verification procedure starts 2 At the User Name prompt enter admin 3 At the Password prompt also enter admin The password characters are not displayed on the...

Страница 50: ...rface is VLAN 1 which includes ports 1 28 52 When configuring the network interface the IP address subnet mask and default gateway may all be set using a console connection or DHCP protocol as describ...

Страница 51: ...or can automatically generate a unique IPv6 host address based on the local subnet address prefix received in router advertisement messages An IPv6 link local address for use in a local network can al...

Страница 52: ...host portion of the address An IPv6 prefix or address must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be use...

Страница 53: ...Prefix for this network IP address for the switch Default gateway for the network For networks that encompass several different subnets you must define the full address including a network prefix and...

Страница 54: ...is 0 milliseconds ND advertised router lifetime is 1800 seconds Console show ipv6 default gateway ipv6 default gateway 2001 DB8 2222 7272 254 Console Dynamic Configuration Obtaining an IPv4 Address If...

Страница 55: ...ter the startup file name and press Enter Console config interface vlan 1 Console config if ip address dhcp Console config if end Console show ip interface VLAN 1 is Administrative Up Link Up Address...

Страница 56: ...gured to automatically generate a unique host address based on the local subnet address prefix received in router advertisement messages and subsequently from a DHCPv6 server For more information see...

Страница 57: ...h includes an SNMP agent that supports SNMP version 1 2c and 3 clients To provide management access for version 1 or 2c clients you must specify a community string The switch provides a default MIB Vi...

Страница 58: ...r host command From the Privileged Exec level global configuration mode prompt type snmp server host host address community string version 1 2c 3 auth noauth priv where host address is the IP address...

Страница 59: ...by the CLI program the web interface or SNMP The switch s file system allows files to be uploaded and downloaded copied deleted and set as a start up file The types of files are Configuration This fil...

Страница 60: ...e Upgrading the Operation Code The following example shows how to download new firmware to the switch and activate it The TFTP server could be any standards compliant server running on Windows or Linu...

Страница 61: ...g startup config command always sets the new file as the startup file To select a previously saved configuration file use the boot system config filename command The maximum number of saved configurat...

Страница 62: ...upgrade file location URL must be a valid IPv4 IP address DNS host names are not recognized Valid IP addresses consist of four numbers 0 to 255 separated by periods The path to the directory must als...

Страница 63: ...ing normal operations data switching etc of the switch During the automatic search and transfer process the administrator cannot transfer or update another operation code image configuration file publ...

Страница 64: ...and the switch will follow these steps when it boots up a It will search for a new version of the image at the location specified by upgrade opcode path command The name for the new image stored on th...

Страница 65: ...x entry for a switch requesting service it should reply with the TFTP server name and boot file name Note that the vendor class identifier can be formatted in either text or hexadecimal but the format...

Страница 66: ...DHCP client request sent by this switch includes a parameter request list asking for this information Besides these items the client request also includes a vendor class identifier that allows the DH...

Страница 67: ...ple Network Time Protocol SNTP or Network Time Protocol NTP can be used to set the switch s internal clock based on periodic updates from a time server Maintaining an accurate time on the switch enabl...

Страница 68: ...command Console show calendar Current Time Apr 2 15 56 12 2013 Time Zone UTC 08 00 Summer Time SUMMER offset 60 minutes Apr 2 2013 00 00 to Jun 30 2013 00 00 Summer Time in Effect Yes Console Configu...

Страница 69: ...tion key 45 md5 thisiskey45 Console config ntp authenticate Console config ntp server 192 168 3 20 Console config ntp server 192 168 3 21 Console config ntp server 192 168 5 23 key 19 Console config e...

Страница 70: ...Chapter 1 Initial Switch Configuration Setting the System Clock 70...

Страница 71: ...mmands on page 177 Remote Monitoring Commands on page 203 Flow Sampling Commands on page 211 Authentication Commands on page 217 General Security Measures on page 279 Access Control Lists on page 361...

Страница 72: ...s on page 523 Class of Service Commands on page 601 Quality of Service Commands on page 621 Multicast Filtering Commands on page 639 LLDP Commands on page 745 CFM Commands on page 773 OAM Commands on...

Страница 73: ...er name and password is entered the CLI displays the Console prompt and enters privileged access mode i e Privileged Exec But when the guest user name and password is entered the CLI displays the Cons...

Страница 74: ...olated network then you can use any IP address that matches the network segment to which you are attached After you configure the switch with an IP address you can open a Telnet session by performing...

Страница 75: ...For example to enable Privileged Exec command mode and display the startup configuration enter Console enable Console show startup config To enter commands that require parameters enter the required p...

Страница 76: ...each debugging option discard Discard packet dns DNS information dos protection Shows the system dos protection summary information dot1q tunnel dot1q tunnel dot1x 802 1X content efm Ethernet First M...

Страница 77: ...time range Time range traffic segmentation Traffic segmentation information udld Displays UDLD information upgrade Shows upgrade information users Information about users logged in version System hard...

Страница 78: ...effect for all applicable commands Using Command History The CLI maintains a history of commands that have been entered You can scroll back through the history of commands by pressing the up arrow ke...

Страница 79: ...e by entering the enable command followed by the privileged level password super To enter Privileged Exec mode enter the following user names and passwords Username admin Password admin login password...

Страница 80: ...examining end to end connections between Provider Edge devices or between Customer Edge devices Class Map Configuration Creates a DiffServ class map for a specified traffic type ERPS Configuration The...

Страница 81: ...p access list ip standard access list ip extended access list ipv6 standard access list ipv6 extended access list mac Console config arp acl Console config std acl Console config ext acl Console confi...

Страница 82: ...for command line processing Table 5 Keystroke Commands Keystroke Function Ctrl A Shifts cursor to start of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current tas...

Страница 83: ...clients attached to common data ports and prevents unauthorized access by configuring valid static or dynamic addresses web authentication MAC address authentication filtering DHCP requests and replie...

Страница 84: ...Services 621 Multicast Filtering Configures IGMP multicast filtering query profile and proxy parameters specifies ports attachedtoamulticastrouter also configures multicast VLAN registration and IPv6...

Страница 85: ...Command Line Interface CLI Command Groups 85 IPC IGMP Profile Configuration LC Line Configuration MST Multiple Spanning Tree NE Normal Exec PE Privileged Exec PM Policy Map Configuration VC VLAN Data...

Страница 86: ...Chapter 2 Using the Command Line Interface CLI Command Groups 86...

Страница 87: ...at a specified time after a specified delay or at a periodic interval GC enable Activates privileged mode NE quit Exits a CLI session NE PE show history Shows the command history buffer NE PE configur...

Страница 88: ...d daily weekly day of week monthly day of month cancel at in regularly reload at A specified time at which to reload the switch hour The hour at which to reload Range 0 23 minute The minute at which t...

Страница 89: ...inutes Console config reload in minute 30 Rebooting at January 1 02 10 43 2015 Are you sure to reboot the system at the specified time y n enable This command activates Privileged Exec mode In privile...

Страница 90: ...command exits the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both exit the configuration program Example This exam...

Страница 91: ...command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode and commands from the Configuration command history buffer when you are in any of...

Страница 92: ...nderstanding Command Modes on page 78 Default Setting None Command Mode Privileged Exec Command Usage The character is appended to the end of the prompt to indicate that the system is in normal access...

Страница 93: ...s 29 minutes The switch will be rebooted at January 1 02 11 50 2015 Remaining Time 0 days 0 hours 29 minutes 52 seconds Console end This command returns to Privileged Exec mode Default Setting None Co...

Страница 94: ...ed Exec mode from the Global Configuration mode and then quit the CLI session Console config exit CLI exit session WARNING MONITORED ACTIONS AND ACCESSES Station s information Floor Row Rack Sub Rack...

Страница 95: ...ormation Fan Control Forces fans to full speed Frame Size Enables support for jumbo frames File Management Manages code image or switch configuration files Line Sets communication parameters for the s...

Страница 96: ...line prompt Example Console config hostname RD 1 Console config Banner Information These commands are used to configure and manage administrative information about the switch its exact data center loc...

Страница 97: ...is not supported If for example a mistake is made in the company name it can be corrected with the banner configure company command banner configure department Configures the Department information th...

Страница 98: ...or 2 Row 7 Rack 25 Electrical circuit ec 177743209 xb Number of LP 12 Position of the equipment in the MUX 1 23 IP LAN 192 168 1 1 Note This is a random note about this managed switch and can contain...

Страница 99: ...rack electrical circuit floor id The floor number row id The row number rack id The rack number ec id The electrical circuit ID Maximum length of each parameter 32 characters Default Setting None Comm...

Страница 100: ...on letter characters is suggested for situations where white space is necessary for clarity Example Console config banner configure department R D Console config banner configure equipment info This c...

Страница 101: ...e equipment location This command is used to configure the equipment location information displayed in the banner Use the no form to restore the default setting Syntax banner configure equipment locat...

Страница 102: ...her unobtrusive non letter characters is suggested for situations where white space is necessary for clarity Example Console config banner configure ip lan 192 168 1 1 255 255 255 0 Console config ban...

Страница 103: ...ber The phone number of the first manager mgr2 name The name of the second manager mgr2 number The phone number of the second manager mgr3 name The name of the third manager mgr3 number The phone numb...

Страница 104: ...usive non letter characters is suggested for situations where white space is necessary for clarity Example Console config banner configure mux telco 8734212kx_PVC 1 23 Console config banner configure...

Страница 105: ...3 555 1219 Station s information 710_Network_Path _Indianapolis Edge Core ECS4120 28T Floor Row Rack Sub Rack 3 10 15 12 DC power supply Power Source A Floor Row Rack Electrical circuit 3 15 24 48v id...

Страница 106: ...s MAC differServ DE4 Egress IPv4 differServ DE6S Egress IPv6 standard differServ DE6E Egress IPv6 extended differServ W Web authentication I IP source guard I6 IPv6 source guard C CPU interface show p...

Страница 107: ...n led status This command shows if location LED function is enabled or not Command Mode Privileged Exec Example Console show location led status Location Led Status On Console show memory This command...

Страница 108: ...atus Off Last Alarm Start Time Jun 9 15 10 09 2011 Last Alarm Duration Time 10 seconds Alarm Configuration Rising Threshold 90 Falling Threshold 70 Console Related Commands process cpu 199 show proces...

Страница 109: ...ermark If the percentage of CPU usage time is higher than the high watermark the switch stops packet flow to the CPU allowing it to catch up with packets already in the buffer until usage time falls b...

Страница 110: ...00 0 00 0 00 SFLOW_TD 0 00 0 00 0 00 SNMP_GROUP 0 00 0 00 0 00 SNMP_TD 0 00 0 00 0 00 SNTP_TD 0 00 0 00 0 00 SSH_TD 0 00 0 00 0 00 STA_GROUP 0 00 0 00 0 00 STKCTRL_GROUP 0 00 0 00 0 00 STKTPLG_GROUP...

Страница 111: ...strings Users names access levels and encrypted passwords VLAN database VLAN ID name and state VLAN configuration settings for each interface Multiple spanning tree instances name and interfaces IP ad...

Страница 112: ...command to compare the information in running memory to the information stored in non volatile memory This command displays settings for key command modes Each mode group is separated by symbols and i...

Страница 113: ...detectors in the switch The first detector is near the air flow intake vents The second detector is near the switch ASIC and CPU Example Console show system System Description ECS4120 28T System OID S...

Страница 114: ...ice type System OID String MIB II object ID for switch s network management subsystem System Up Time Length of time the management agent has been up System Name Name assigned to the switch system Syst...

Страница 115: ...one Eth 1 4 Down 1 0 Auto 1000BASE T None Eth 1 5 Down 1 0 Auto 1000BASE T None show users Shows all active console and Telnet sessions including user name idle time and IP address of Telnet client De...

Страница 116: ...isplay description Parameter Description Serial Number The serial number of the switch Hardware Version Hardware version of the main board EPLD Version Version number of Erasable Programmable Logic De...

Страница 117: ...itors key processes and automatically reboots the system if any of these processes are not responding correctly Syntax watchdog software disable enable Default Setting Disabled Command Mode Privileged...

Страница 118: ...ort for Layer 2 jumbo frames for Gigabit and 10 Gigabit Ethernet ports Use the no form to disable it Syntax no jumbo frame Default Setting Disabled Command Mode Global Configuration Command Usage This...

Страница 119: ...6 mtu 873 File Management Managing Firmware Firmware can be uploaded and downloaded to or from an FTP TFTP server or through the USB port By saving runtime code to a file on an FTP TFTP server that fi...

Страница 120: ...les booted PE Automatic Code Upgrade Commands upgrade opcode auto Automatically upgrades the current image when a new version is detected on the indicated server GC upgrade opcode path Specifies an FT...

Страница 121: ...OM config Configuration file opcode Run time operation code filename Name of configuration file or code image The colon is required Default Setting None Command Mode Global Configuration Command Usage...

Страница 122: ...tps certificate public key running config startup config copy usbdisk file add to running config Keyword that adds the settings listed in the specified file to the running configuration file Keyword t...

Страница 123: ...information on specifying an https certificate see Replacing the Default Secure site Certificate in the Web Management Guide For information on configuring the switch to use HTTPS for a secure connect...

Страница 124: ...up Write to FLASH Programming Write to FLASH finish Success Console This example shows how to copy a secure site certificate from an TFTP server It then reboots the switch to activate the certificate...

Страница 125: ...disk name filename public key username dsa rsa file Keyword that allows you to delete a file usbdisk System file on a USB memory stick or disk name Keyword indicating a file filename Name of configura...

Страница 126: ...ic image file config Switch configuration file opcode Run time operation code image file usbdisk System file on a USB memory stick or disk filename Name of configuration file or code image If this fil...

Страница 127: ...command prepares the USB memory device to be safely removed from the switch Syntax umount usbdisk Default Setting None Command Mode Privileged Exec Command Usage Before disconnecting a USB memory dev...

Страница 128: ...ode Upgrade Commands upgrade opcode auto This command automatically upgrades the current operational code when a new version is detected on the server indicated by the upgrade opcode path command Use...

Страница 129: ...sole config upgrade opcode auto Console config upgrade opcode path tftp 192 168 0 1 sm24 Console config If a new image is found at the specified location the following type of messages will be display...

Страница 130: ...tax must be used where filedir indicates the path to the directory containing the new image ftp username password 192 168 0 1 filedir If the user name is omitted anonymous will be used for the connect...

Страница 131: ...oad Status Disabled Path File Name ECS4120 Series bix Console TFTP Configuration Commands ip tftp retry This command specifies the number of times the switch can retry transmitting a request to a TFTP...

Страница 132: ...o ip tftp timeout seconds The the time the switch can wait for a response from a TFTP server before retransmitting a request or timing out Range 1 65535 seconds Default Setting 5 seconds Command Mode...

Страница 133: ...val that the command interpreter waits until user input is detected LC login Enables password checking at login LC parity Defines the generation of a parity bit LC password Specifies a password on a l...

Страница 134: ...wn as VTY in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet connections Example To enter console line mode enter the following command...

Страница 135: ...ntil user input is detected Use the no form to restore the default Syntax exec timeout seconds no exec timeout seconds Integer that specifies the timeout interval Range 60 65535 seconds 0 no timeout D...

Страница 136: ...n using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the username command i e default setting When...

Страница 137: ...nals and modems often require a specific parity bit setting Example To specify no parity enter this command Console config line console parity none Console config line console password This command sp...

Страница 138: ...no need for you to manually configure encrypted passwords Example Console config line console password 0 secret Console config line console Related Commands login 136 password thresh 138 password thr...

Страница 139: ...ter the number of unsuccessful logon attempts exceeds the threshold set by the password thresh command Use the no form to remove the silent time value Syntax silent time seconds no silent time seconds...

Страница 140: ...d Usage Set the speed to match the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the sp...

Страница 141: ...onds Integer that specifies the timeout interval Range 10 300 seconds Default Setting 300 seconds Command Mode Line Configuration Command Usage If a login attempt is not detected within the timeout in...

Страница 142: ...settings including escape character lines displayed terminal type width and command history Use the no form with the appropriate keyword to restore the default setting Syntax terminal escape characte...

Страница 143: ...onsole terminal length 48 Console show line This command displays the terminal line s parameters Syntax show line console vty console Console terminal line vty Virtual terminal for remote console acce...

Страница 144: ...ber that indicates the facility used by the syslog server to dispatch log messages to an appropriate service Range 16 23 Default Setting 23 Command Mode Global Configuration Table 20 Event Logging Com...

Страница 145: ...am flash Event history stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset level One of the levels listed below Messages sent includ...

Страница 146: ...port udp port no logging host host ip address host ip address The IPv4 or IPv6 address of a syslog server udp port UDP port number used by the remote server Range 1 65535 Default Setting UPD Port 514...

Страница 147: ...is command enables the logging of system messages to a remote server or limits the syslog messages saved to a remote server based on severity Use this command without a specified level to enable remot...

Страница 148: ...Default Setting Flash and RAM Command Mode Privileged Exec Example Console clear log Console Related Commands show log 148 show log This command displays the log messages stored in local memory Syntax...

Страница 149: ...o a remote syslog server Syntax show logging flash ram sendmail trap flash Displays settings for storing event messages in flash memory i e permanent memory ram Displays settings for storing event mes...

Страница 150: ...yslog logging Shows if system logging has been enabled via the logging on command History Logging in Flash The message level s reported based on the logging history command Table 23 show logging trap...

Страница 151: ...servers that will be sent alert messages Use the no form to remove an SMTP server Syntax no logging sendmail host ip address ip address IPv4 address of an SMTP server that will be sent alert messages...

Страница 152: ...mail again If it still fails the system will repeat the process at a periodic interval A trap will be triggered if the switch cannot successfully open a connection Example Console config logging send...

Страница 153: ...ers Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages However you must enter a separate command to specify each recipient Ex...

Страница 154: ...ted this company com SMTP Source Email Address bill this company com SMTP Status Enabled Console Time The system clock can be dynamically set by polling a set of specified time servers NTP or SNTP Ma...

Страница 155: ...sed on the interval set via the sntp poll command NTP Commands ntp authenticate Enables authentication for NTP traffic GC ntp authentication key Configures authentication keys GC ntp client Enables th...

Страница 156: ...1 0 19 Current Server 137 92 140 80 Console Related Commands sntp server 157 sntp poll 156 show sntp 157 sntp poll This command sets the interval between sending time requests when the switch is set t...

Страница 157: ...time servers from which the switch will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time sync...

Страница 158: ...form to disable authentication Syntax no ntp authenticate Default Setting Disabled Command Mode Global Configuration Command Usage You can enable NTP authentication to ensure that reliable updates are...

Страница 159: ...to 32 case sensitive printable ASCII characters no spaces Default Setting None Command Mode Global Configuration Command Usage The key number specifies a key value in the NTP authentication key list U...

Страница 160: ...starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2015 This command enables client time requests to time servers specified via the ntp servers command It issues time synchro...

Страница 161: ...ntp authenticate command you must also configure at least one key number using the ntp authentication key command Use the no form of this command without an argument to clear all configured servers in...

Страница 162: ...me Name of the time zone while summer time is in effect usually an acronym Range 1 30 characters b date Day of the month when summer time will begin Range 1 31 b month The month when summer time will...

Страница 163: ...g example sets the 2015 Summer Time ahead by 60 minutes on March 9th and returns to normal time on November 2nd Console config clock summer time DEST date march 9 2015 01 59 november 2 2014 01 59 60 C...

Страница 164: ...llows the user to manually configure the start end and offset times of summer time daylight savings time for the switch on a recurring basis Use the no form to disable summer time Syntax clock summer...

Страница 165: ...utes Default Setting Disabled Command Mode Global Configuration Command Usage In some countries or regions clocks are adjusted through the summer months so that afternoons have more daylight and morni...

Страница 166: ...and sets the local time zone relative to the Coordinated Universal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time correspondi...

Страница 167: ...lock cannot be manually configured Example This example shows how to set the system clock to 15 12 34 February 1st 2015 Console calendar set 15 12 34 1 February 2015 Console show calendar This command...

Страница 168: ...e Command Mode Global Configuration Command Usage This command sets a time range for use by other functions such as Access Control Lists A maximum of eight rules can be configured for a time range Exa...

Страница 169: ...er year Year 4 digit Range 2013 2037 Default Setting None Command Mode Time Range Configuration Command Usage If a time range is already configured you must use the no form of this command to remove t...

Страница 170: ...eekdays weekend Weekends hour Hour in 24 hour format Range 0 23 minute Minute Range 0 59 Default Setting None Command Mode Time Range Configuration Command Usage If a time range is already configured...

Страница 171: ...e as long as they are connected to the same local network Using Switch Clustering A switch cluster has a primary unit called the Commander which is used to manage all other Member switches in the clus...

Страница 172: ...2 2 Add the participating ports to this VLAN see Configuring VLAN Interfaces on page 564 and set them to hybrid mode tagged members PVID 1 and acceptable frame type all Note Cluster Member switches ca...

Страница 173: ...as cluster Commander Syntax no cluster commander Default Setting Disabled Command Mode Global Configuration Command Usage Once a switch has been configured to be a cluster Commander it automatically...

Страница 174: ...ember IDs can only be between 1 and 36 Set a Cluster IP Pool that does not conflict with addresses in the network IP subnet Cluster IP addresses are assigned to switches when they become Members and a...

Страница 175: ...and id member id member id The ID number of the Member switch Range 1 16 Command Mode Privileged Exec Command Usage This command only operates through a Telnet connection to the Commander switch Manag...

Страница 176: ...Mode Privileged Exec Example Console show cluster members Cluster Members ID 1 Role Active member IP Address 10 254 254 2 MAC Address 00 E0 0C 00 00 FE Description ECS4120 Series Console show cluster...

Страница 177: ...p server community Sets up the community access string to permit access to SNMP commands GC snmp server contact Sets the system contact string GC snmp server location Sets the system location string G...

Страница 178: ...rm clear Sends a trap when multicast traffic falls beneath the lower threshold after a storm control response has been triggered IC Port snmp server enable port traps atc multicast alarm fire Sends a...

Страница 179: ...ditional Trap Commands memory Sets the rising and falling threshold for the memory utilization alarm GC process cpu Sets the rising and falling threshold for the CPU utilization alarm GC process cpu g...

Страница 180: ...MIB objects rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are o...

Страница 181: ...cation Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Console config snmp server location WC 19 Console config Related Commands snmp server contact 180 sh...

Страница 182: ...such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap PDUs SNMP Logging Disabled Console SNMP Target Host Commands snmp server enable traps This command enables this device to s...

Страница 183: ...mmand with a keyword only the notification type related to that keyword is enabled The snmp server enable traps command is used in conjunction with the snmp server host command Use the snmp server hos...

Страница 184: ...tring Password like community string sent with the notification operation to SNMP V1 and V2c hosts Although you can set this string using the snmp server host command by itself we recommend defining i...

Страница 185: ...t page 179 2 Create a view with the required notification messages page 191 3 Create a group that includes the required notify view page 188 4 Allow the switch to send SNMP traps i e notifications pag...

Страница 186: ...ved Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This command can enable MAC authentication traps on the current interface only if they are also en...

Страница 187: ...Range 1 64 hexadecimal characters Default Setting A unique engine ID is automatically generated by the switch based on its MAC address Command Mode Global Configuration Command Usage An SNMP engine is...

Страница 188: ...mand adds an SNMP group mapping SNMP users to SNMP views Use the no form to remove an SNMP group Syntax snmp server group groupname v1 v2c v3 auth noauth priv read readview write writeview notify noti...

Страница 189: ...server user This command adds a user to an SNMP group restricting the user to a specific SNMP Read Write or Notify View Use the no form to remove a user from an SNMP group Syntax snmp server user user...

Страница 190: ...dentifier must be configured to authorize management access for SNMPv3 clients or to identify the source of SNMPv3 trap messages sent from the local switch Remote users i e the command specifies a rem...

Страница 191: ...mp server view view name view name Name of an SNMP view Range 1 32 characters oid tree Object identifier of a branch within the MIB tree Wild cards can be used to mask a specific portion of the OID st...

Страница 192: ...e Boots 29 Remote SNMP EngineID IP address 80000000030004e2b316c54321 192 168 1 19 Console show snmp group Four default groups are provided SNMPv1 read only access and read write access and SNMPv2c re...

Страница 193: ...up Name private Security Model v1 Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Group Name private Security Model v2c Read View defaultview Writ...

Страница 194: ...ion and privacy Authentication Protocol MD5 Privacy Protocol DES56 Storage Type Nonvolatile Row Status Active Console show snmp view This command shows information on the SNMP views Command Mode Privi...

Страница 195: ...fault Setting None Command Mode Global Configuration Command Usage Notification logging is enabled by default but will not start recording information until a logging profile specified by the snmp ser...

Страница 196: ...NMP often need a mechanism for recording Notification information as a hedge against lost notifications whether there are Traps or Informs that may exceed retransmission limits The Notification Log MI...

Страница 197: ...aging time can only be configured using SNMP from a network management station When a trap host is created with the snmp server host command a default notify filter will be created as shown in the ex...

Страница 198: ...lt setting Syntax memory rising rising threshold falling falling threshold no memory rising falling rising threshold Rising threshold for memory utilization alarm expressed in percentage Range 1 100 f...

Страница 199: ...alarm expressed in percentage Range 1 100 falling threshold Falling threshold for CPU utilization alarm expressed in percentage Range 1 100 Default Setting Rising Threshold 90 Falling Threshold 70 Co...

Страница 200: ...alls beneath the low watermark max threshold If the number of packets being processed per second by the CPU is higher than the maximum threshold the switch stops packet flow to the CPU allowing it to...

Страница 201: ...rop beneath the minimum threshold before the alarm is terminated and then exceed the maximum threshold again before another alarm is triggered Example Console config process cpu guard high watermark 8...

Страница 202: ...Chapter 5 SNMP Commands Additional Trap Commands 202...

Страница 203: ...vent and Alarm groups When RMON is enabled the system gradually builds up information about its physical interfaces storing this information in the relevant RMON database group A management agent then...

Страница 204: ...e sampling period delta The last sample is subtracted from the current value and the difference is then compared to the thresholds threshold An alarm threshold for the sampled variable Range 0 2147483...

Страница 205: ...a response event for an alarm Use the no form to remove an event Syntax rmon event index log trap community description string owner name no rmon event index index Index to this entry Range 1 65535 lo...

Страница 206: ...ts number interval seconds interval seconds owner name buckets number interval seconds no rmon collection history controlEntry index index Index to this entry Range 1 65535 number The number of bucket...

Страница 207: ...e for port 8 Console config interface ethernet 1 5 Console config if rmon collection history controlEntry 15 Console config if end Console show running config interface ethernet 1 5 rmon collection hi...

Страница 208: ...Example Console config interface ethernet 1 1 Console config if rmon collection rmon1 controlentry 1 owner mike Console config if show rmon alarms This command shows the settings for all configured a...

Страница 209: ...agments and 0 jabbers packets 0 CRC alignment errors and 0 collisions of dropped packet events is 0 Network utilization is estimated at 0 show rmon statistics This command shows the information collec...

Страница 210: ...Chapter 6 Remote Monitoring Commands 210...

Страница 211: ...nterface Moreover the processor and memory load imposed by the sFlow agent is minimal since local analysis does not take place Note The terms collector receiver and owner in the context of this chapte...

Страница 212: ...low collector A full IPv6 address including the network prefix and host address bits An IPv6 address consists of 8 colon separated 16 bit hexadecimal values One double colon may be used to indicate th...

Страница 213: ...enables an sFlow polling data source for a specified interface that polls periodically based on a specified time interval Use the no form to remove the polling data source instance from the switch s...

Страница 214: ...flow sampling interfaceinterface instanceinstance id receiver owner name sampling rate sample rate max header size max header size no sflow sample interface interface instance instance id interface Th...

Страница 215: ...nsole show sflow This command shows the global and interface settings for the sFlow process Syntax show sflow interface interface owner owner name interface interface interface ethernet unit port unit...

Страница 216: ...Chapter 7 Flow Sampling Commands 216...

Страница 217: ...ation method and precedence RADIUS Client Configures settings for authentication via a RADIUS server TACACS Client Configures settings for authentication via a TACACS server AAA Configures authenticat...

Страница 218: ...nd administrators top level access The other levels can be used to configured specialized access profiles Level 0 7 provide the same default access privileges all within Normal Exec mode under the Con...

Страница 219: ...ommand adds named users requires authentication at login specifies or changes a user s password or specify that no password is required or specifies or changes a user s access level Use the no form to...

Страница 220: ...o log in 0 7 0 means plain password 7 means encrypted password password password The authentication password for the user Maximum length 32 characters plain text or encrypted case sensitive Default Se...

Страница 221: ...ecifies any command contained within the specified mode Default Setting Privilege level 0 provides access to a limited number of the commands which display the current status of the switch as well as...

Страница 222: ...c command mode with the enable command Use the no form to restore the default Syntax authentication enable local radius tacacs no authentication enable local Use local password only radius Use RADIUS...

Страница 223: ...onfig Related Commands enable password sets the password for changing command modes 218 authentication login This command defines the login authentication method and precedence Use the no form to rest...

Страница 224: ...DIUS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user or group that require management acce...

Страница 225: ...tion Example Console config radius server auth port 181 Console config radius server host This command specifies primary and backup RADIUS servers and authentication and accounting parameters that app...

Страница 226: ...Range 1 65535 Default Setting auth port 1812 acct port 1813 timeout 5 seconds retransmit 2 Command Mode Global Configuration Example Console config radius server 1 host 192 168 1 20 port 181 timeout...

Страница 227: ...etting 2 Command Mode Global Configuration Example Console config radius server retransmit 5 Console config radius server timeout This command sets the interval between transmitting authentication req...

Страница 228: ...Controller Access Control System TACACS is a logon authentication protocol that uses software running on a central server to control access to TACACS aware devices on the network An authentication ser...

Страница 229: ...server TCP port used for authentication messages Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the TACACS server Range 1 30 timeout Number of seconds t...

Страница 230: ...rt number TACACS server TCP port used for authentication messages Range 1 65535 Default Setting 49 Command Mode Global Configuration Example Console config tacacs server port 181 Console config tacacs...

Страница 231: ...s Number of seconds the switch waits for a reply before resending a request Range 1 540 Default Setting 5 Command Mode Global Configuration Example Console config tacacs server timeout 10 Console conf...

Страница 232: ...accounting method for service requests Range 1 64 characters start stop Records accounting from starting point and stopping point Table 42 AAA Commands Command Function Mode aaa accounting dot1x Enabl...

Страница 233: ...Console config aaa accounting dot1x default start stop group radius Console config aaa accounting exec This command enables the accounting of requested Exec services for network access Use the no for...

Страница 234: ...nfig aaa accounting exec default start stop group tacacs Console config aaa accounting update This command enables the sending of periodic updates to the accounting server Use the no form to disable a...

Страница 235: ...osts configured with the tacacs server host command server group Specifies the name of a server group configured with the aaa group server command Range 1 256 characters Default Setting Authorization...

Страница 236: ...xample Console config aaa group server radius tps Console config sg radius server This command adds a security server to an AAA server group Use the no form to remove the associated server from the gr...

Страница 237: ...g dot1x command list name Specifies a method list created with the aaa accounting dot1x command Default Setting None Command Mode Interface Configuration Example Console config interface ethernet 1 2...

Страница 238: ...Specifies the default method list created with the aaa authorization exec command list name Specifies a method list created with the aaa authorization exec command Default Setting None Command Mode L...

Страница 239: ...2 Accounting Type EXEC Method List default Group List tacacs Interface vty Console Web Server This section describes commands used to configure web browser management access to the switch Note Users...

Страница 240: ...nge 1 65535 Default Setting 80 Command Mode Global Configuration Example Console config ip http port 769 Console config Related Commands ip http server 240 show system 113 ip http server This command...

Страница 241: ...not configure the HTTP and HTTPS servers to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port number in the URL in this form...

Страница 242: ...establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 11 Mozilla Firefox 52 or Google Chrome 57 or more recent versions The following web browser...

Страница 243: ...telnet max sessions session count The maximum number of allowed Telnet session Range 0 8 Default Setting 8 sessions Command Mode Global Configuration Command Usage A maximum of eight sessions can be...

Страница 244: ...o telnet port port number The TCP port number to be used by the browser interface Range 1 65535 Default Setting 23 Command Mode Global Configuration Example Console config ip telnet port 123 Console c...

Страница 245: ...ed Exec Example Console telnet 192 168 2 254 Connect To 192 168 2 254 WARNING MONITORED ACTIONS AND ACCESSES User Access Verification Username Console config show ip telnet This command displays the c...

Страница 246: ...have to generate authentication keys on the switch and enable the SSH server Table 46 Secure Shell Commands Command Function Mode ip ssh authentication retries Specifies the number of retries allowed...

Страница 247: ...d locally on the switch with the username command The clients are subsequently authenticated using these keys The current firmware only accepts public key files based on standard UNIX format as shown...

Страница 248: ...um sent from the client against that computed for the original string it sent If the two checksums match this means that the client s private key corresponds to an authorized public key and the client...

Страница 249: ...ires 2 Console config Related Commands show ip ssh 253 ip ssh server This command enables the Secure Shell SSH server on this switch Use the no form to disable this service Syntax no ip ssh server Def...

Страница 250: ...sh server key size key size The size of server key Range 512 896 bits Default Setting 768 bits Command Mode Global Configuration Command Usage The server key is a private key that is never shared outs...

Страница 251: ...nput is controlled by the exec timeout command for vty sessions Example Console config ip ssh timeout 60 Console config Related Commands exec timeout 135 show ip ssh 253 delete public key This command...

Страница 252: ...host key command to save the host key pair to flash memory Some SSH client programs automatically add the public key to the known hosts file as part of the configuration process Otherwise you must ma...

Страница 253: ...e dsa Console Related Commands ip ssh crypto host key generate 252 ip ssh save host key 253 no ip ssh server 249 ip ssh save host key This command saves the host key from RAM to flash memory Syntax ip...

Страница 254: ...hod used by SSH is based on the Digital Signature Standard DSS and the last string is the encoded modulus Example Console show public key host Host RSA 1024 65537 1323694065825476403138279552653637592...

Страница 255: ...ell version number State The authentication negotiation state Values Negotiation Started Authentication Started Session Started Username The user name of the client Table 48 802 1X Port Authentication...

Страница 256: ...e hosts on an dot1x port IC dot1x port control Sets dot1x mode for a port interface IC dot1x re authentication Enables re authentication for all ports IC dot1x timeout quiet period Sets the time that...

Страница 257: ...hrough command can be used to forward EAPOL frames from other switches on to the authentication servers thereby allowing the authentication process to still be carried out by switches located on the e...

Страница 258: ...fic guest vlan no dot1x intrusion action block traffic Blocks traffic on this port guest vlan Assigns the user to the Guest VLAN Default block traffic Command Mode Interface Configuration Command Usag...

Страница 259: ...2 Command Mode Interface Configuration Example Console config interface eth 1 2 Console config if dot1x max reauth req 2 Console config if dot1x max req This command sets the maximum number of times...

Страница 260: ...s multiple hosts to connect to this port with each host needing to be authenticated Default Single host Command Mode Interface Configuration Command Usage The max count parameter specified by this com...

Страница 261: ...force authorized Command Mode Interface Configuration Example Console config interface eth 1 2 Console config if dot1x port control auto Console config if dot1x re authentication This command enables...

Страница 262: ...ault Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period seconds The number of seconds Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example Console config...

Страница 263: ...r than EAP request identity frames If dot1x authentication is enabled on a port the switch will initiate authentication when the port link state comes up It will send an EAP request identity frame to...

Страница 264: ...erface Syntax dot1x re authenticate interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 Command Mode Privileged Exec Command Usage The re authentication...

Страница 265: ...X including the following items Type Administrative state for port access control Enabled Authenticator or Supplicant Operation Mode Allows single or multiple hosts page 260 Control Mode Dot1x port co...

Страница 266: ...The integer 0 255 used by the Authenticator to identify the current authentication session Backend State Machine State Current state including request response success fail timeout idle initialize Req...

Страница 267: ...Supplicant 00 e0 29 94 34 65 Authenticator PAE State Machine State Authenticated Reauth Count 0 Current Identifier 3 Backend State Machine State Idle Request Count 0 Identifier Server 2 Reauthenticat...

Страница 268: ...are open to all IP addresses by default Once you add an entry to a filter list access to that interface is restricted to the specified addresses If anyone tries to access a management interface on th...

Страница 269: ...snmp client telnet client all client Displays IP addresses for all groups http client Displays IP addresses for the web group snmp client Displays IP addresses for the SNMP group telnet client Display...

Страница 270: ...ent s PPPoE Active Discovery Request and Table 50 PPPoE Intermediate Agent Commands Command Function Mode pppoe intermediate agent Enables the PPPoE IA globally on the switch GC pppoe intermediate age...

Страница 271: ...e the default settings Syntax pppoe intermediate agent format type access node identifier id string generic error message error message no pppoe intermediate agent format type access node identifier g...

Страница 272: ...rface ethernet 1 5 Console config if pppoe intermediate agent port enable Console config if pppoe intermediate agent port format type This command sets the circuit id or remote id for an interface Use...

Страница 273: ...the switch and should be stripped out of PADO and PADS packets which are to be passed directly to end node clients using the pppoe intermediate agent vendor tag strip command If the remote id is unspe...

Страница 274: ...no pppoe intermediate agent trust Default Setting Untrusted Command Mode Interface Configuration Ethernet Port Channel Command Usage Set any interfaces connecting the switch to a PPPoE Server as trust...

Страница 275: ...lear pppoe intermediate agent statistics This command clears statistical counters for the PPPoE Intermediate Agent Syntax clear pppoe intermediate agent statistics interface interface interface ethern...

Страница 276: ...ermediate agent info interface ethernet 1 1 Interface PPPoE IA Trusted Vendor Tag Strip Admin Circuit ID Admin Remote ID Eth 1 1 No No No Oper Circuit ID Oper Remote ID 1 1 vid FC 0A 81 B7 C7 E1 Conso...

Страница 277: ...nitiation PADO PPPoE Active Discovery Offer PADR PPPoE Active Discovery Request PADS PPPoE Active Discovery Session Confirmation PADT PPPoE Active Discovery Terminate Dropped Response from untrusted R...

Страница 278: ...Chapter 8 Authentication Commands PPPoE Intermediate Agent 278...

Страница 279: ...uthentication and dynamic VLAN assignment Web Authentication Configures Web authentication Access Control Lists Provides filtering for IP frames based on address protocol TCP UDP port number or TCP co...

Страница 280: ...ch can automatically take action by disabling the port and sending a trap message mac learning This command enables MAC address learning on the selected interface Use the no form to disable MAC addres...

Страница 281: ...ng example disables MAC address learning for port 2 Console config interface ethernet 1 2 Console config if no mac learning Console config if Related Commands show interfaces status 407 port security...

Страница 282: ...VLAN for frames received on the port The specified maximum address count is effective when port security is enabled or disabled Note that you can manually add additional secure addresses to a port us...

Страница 283: ...as static entries Syntax port security mac address as permanent interface interface interface Specifies a port interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52...

Страница 284: ...MAC address These fields are not applicable if no intrusion has been detected or port security is disabled The MAC Filter ID field is configured by the network access port mac filter command If this f...

Страница 285: ...on MAC 00 10 22 00 00 01 Last Time Detected Intrusion MAC 2010 7 29 15 13 03 Console Network Access MAC Address Authentication Network Access authentication controls access to the network by authentic...

Страница 286: ...k detection link up down Configures the link detection feature to detect and act upon both link up and link down events IC network access max mac count Setsthemaximum numberof MAC addresses thatcanbe...

Страница 287: ...le config network access aging Console config network access mac filter Use this command to add a MAC address into a filter table Use the no form of this command to remove the specified MAC address Sy...

Страница 288: ...reauth time seconds The reauthentication time period Range 120 1000000 seconds Default Setting 1800 Command Mode Global Configuration Command Usage The reauthentication time is a global setting and ap...

Страница 289: ...ote Any configuration changes for dynamic QoS are not saved to the switch configuration file Example The following example enables the dynamic QoS feature on port 1 Console config interface ethernet 1...

Страница 290: ...on a port and the RADIUS server returns no VLAN configuration the authentication is still treated as a success and the host assigned to the default untagged VLAN When the dynamic VLAN assignment statu...

Страница 291: ...ed to the guest VLAN in case of failed authentication if switchport mode is set to Hybrid Example Console config interface ethernet 1 1 Console config if network access guest vlan 25 Console config if...

Страница 292: ...sable the port Default Setting Disabled Command Mode Interface Configuration Example Console config interface ethernet 1 1 Console config if network access link detection link down action trap Console...

Страница 293: ...onse to take when port security is violated shutdown Disable port only trap Issue SNMP trap message only trap and shutdown Issue SNMP trap message and disable the port Default Setting Disabled Command...

Страница 294: ...on a port the authentication process sends a Password Authentication Protocol PAP request to a configured RADIUS server The user name and password are both equal to the MAC address being authenticate...

Страница 295: ...ype attribute set to 802 Example Console config if network access mode mac authentication Console config if network access port mac filter Use this command to enable the specified MAC address filter U...

Страница 296: ...e Configuration Example Console config if mac authentication intrusion action block traffic Console config if mac authentication max mac count Use this command to set the maximum number of MAC address...

Страница 297: ...x xx xx xx interface Specifies a port interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 Default Setting None Command Mode Privileged Exec Example Console clear n...

Страница 298: ...ommand to display secure MAC address table entries Syntax show network access mac address table static dynamic address mac address mask interface interface sort address interface static Specifies stat...

Страница 299: ...ss filter table Range 1 64 Default Setting Displays all filters Command Mode Privileged Exec Example Console show network access mac filter Filter ID MAC Address MAC Mask 1 00 00 01 02 03 08 FF FF FF...

Страница 300: ...b auth login attempts Defines the limit for failed web authentication login attempts GC web auth quiet period Defines the amount of time to wait after the limit for failed login attempts is exceeded G...

Страница 301: ...ation again Range 1 180 seconds Default Setting 60 seconds Command Mode Global Configuration Example Console config web auth quiet period 120 Console config web auth session timeout This command defin...

Страница 302: ...mmand Usage Both web auth system auth control for the switch and web auth for an interface must be enabled for the web authentication feature to be active Example Console config web auth system auth c...

Страница 303: ...tifier Range 1 port Port number Range 1 28 52 Default Setting None Command Mode Privileged Exec Example Console web auth re authenticate interface ethernet 1 2 Console web auth re authenticate IP This...

Страница 304: ...3600 Quiet Period 60 Max Login Attempts 3 Console show web auth interface This command displays interface specific web authentication parameters and statistics Syntax show web auth interface interfac...

Страница 305: ...s or disables the use of DHCP Option 82 information and specifies frame format for the remote id GC ipdhcpsnoopinginformation option encode no subtype Disables use of sub type and sub length for the C...

Страница 306: ...are filtered based upon dynamic entries learned via DHCP snooping Table entries are only learned for trusted interfaces Each entry includes a MAC address IP address lease time VLAN identifier and por...

Страница 307: ...rom client such as a DISCOVER REQUEST INFORM DECLINE or RELEASE message the packet is forwarded if MAC address verification is disabled as specified by the ip dhcp snooping verify mac address command...

Страница 308: ...d keyword to set the remote ID to the switch s MAC address encoded in hexadecimal Syntax ip dhcp snooping information option encode no subtype remote id ip address encode ascii hex mac address encode...

Страница 309: ...e DHCP Option 82 information to be inserted into packets When enabled the switch will only add remove option 82 information in incoming DHCP packets but not relay them Packets are processed as follows...

Страница 310: ...which received the DHCP request If the packet arrives over a trunk the value is the ifIndex of the trunk vlan Tag of the VLAN which received the DHCP request Note that the sub type and sub length fiel...

Страница 311: ...management interface encode Indicates encoding in ASCII or hexadecimal string An arbitrary string inserted into the remote identifier field Range 1 32 characters tr101 node identifier The remote ID ge...

Страница 312: ...ts the board ID to 0 Console config ip dhcp snooping information option tr101 board id 0 Console config information policy This command sets the DHCP snooping information option policy for DHCP client...

Страница 313: ...e Console config ip dhcp snooping information policy drop Console config ip dhcp snooping limit rate This command sets the maximum number of DHCP packets that can be trapped by the switch for DHCP sno...

Страница 314: ...the client s hardware address in the DHCP packet the packet is dropped Example This example enables MAC address verification Console config ip dhcp snooping verify mac address Console config Related C...

Страница 315: ...Related Commands ip dhcp snooping 306 ip dhcp snooping trust 317 ip dhcp snooping information option circuit id This command specifies DHCP Option 82 circuit id suboption information Use the no form...

Страница 316: ...ring Default is the MAC address of the switch s CPU This field is set by the ip dhcp snooping information option command eth The second field is the fixed string eth slot The slot represents the stack...

Страница 317: ...ce Use the no form to restore the default setting Syntax ip dhcp snooping max number max number no dhcp snooping max number max number Maximum number of DHCP clients Range 1 32 Default Setting 16 Comm...

Страница 318: ...with the no ip dhcp snooping trust command When an untrusted port is changed to a trusted port all the dynamic DHCP snooping bindings associated with this port are removed Additional considerations wh...

Страница 319: ...sh Console ip dhcp snooping database flash This command writes all dynamically learned snooping entries to flash memory Command Mode Privileged Exec Command Usage This command can be used to store the...

Страница 320: ...ing Information Policy replace DHCP Snooping is configured on the following VLANs Verify Source MAC Address enabled DHCP Snooping Rate Limit unlimited Interface Trusted Max Number Circuit ID mode Circ...

Страница 321: ...ode ipv6 dhcp snooping Enables DHCPv6 snooping globally GC ipv6 dhcp snooping option remote id Enables insertion of DHCPv6 Option 37 relay agent remote id GC ipv6 dhcp snooping option remote id policy...

Страница 322: ...If DHCPv6 snooping is enabled globally and also enabled on the VLAN where the DHCPv6 packet is received DHCPv6 packets are forwarded for a trusted port as described below If DHCPv6 snooping is enable...

Страница 323: ...to binding table update lease time and forward to original destination Otherwise remove binding entry and check failed If a DHCPv6 Relay packet is received check the relay message option in Relay Forw...

Страница 324: ...ts DHCPv6 clients to the DHCPv6 server Known as DHCPv6 Option 37 it allows compatible DHCPv6 servers to use the information when assigning IP addresses or to set other services or policies for clients...

Страница 325: ...option remote id Console config ipv6 dhcp snooping option remote id policy This command sets the remote id option policy for DHCPv6 client packets that include Option 37 information Use the no form to...

Страница 326: ...fault Setting Disabled Command Mode Global Configuration Command Usage When DHCPv6 snooping enabled globally using the ipv6 dhcp snooping command and enabled on a VLAN with this command DHCPv6 packet...

Страница 327: ...ommand configures the specified interface as trusted Use the no form to restore the default setting Syntax no ipv6 dhcp snooping trust Default Setting All interfaces are untrusted Command Mode Interfa...

Страница 328: ...e config if Related Commands ipv6 dhcp snooping 321 ipv6 dhcp snooping vlan 326 clear ipv6 dhcp snooping binding This command clears DHCPv6 snooping binding table entries from RAM Use this command wit...

Страница 329: ...status disabled DHCPv6 Snooping remote id option status enabled DHCPv6 Snooping remote id policy drop DHCPv6 Snooping is configured on the following VLANs 1 Interface Trusted Max binding Current bindi...

Страница 330: ...igured entries in the IPv4 Source Guard table or dynamic entries in the DHCPv4 Snooping table when enabled see DHCPv4 Snooping on page 305 IPv4 source guard can be used to prevent traffic attacks caus...

Страница 331: ...p address A valid unicast IP address including classful types A B or C unit Unit identifier Range 1 port list Physical port number or list of port numbers Separate nonconsecutive port numbers with a c...

Страница 332: ...s and the type of the entry is dynamic DHCP snooping binding then the new entry will replace the old one and the entry type will be changed to static IP source guard binding Note that a static IP sour...

Страница 333: ...nst all entries in the binding table Use the sip mac option to check these same parameters plus the source MAC address Use the no ip source guard command to disable this function on the selected port...

Страница 334: ...t port except for DHCP packets allowed by DHCP snooping Only unicast addresses are accepted for static bindings Example This example enables IP source guard on port 5 Console config interface ethernet...

Страница 335: ...the number of MAC addresses learned per port Authenticated IP traffic with different source MAC addresses cannot be learned if it would exceed this maximum number Example This example sets the maximu...

Страница 336: ...d This command clears source guard binding table entries from RAM Syntax clear ip source guard binding blocked Command Mode Privileged Exec Command Usage When IP Source Guard detects an invalid packet...

Страница 337: ...ce dhcp snooping Shows dynamic entries configured with DHCP Snooping commands see page 305 static Shows static entries configured with the ip source guard binding command acl Shows static entries in t...

Страница 338: ...terface no ipv6 source guard binding mac address vlan vlan id mac address A valid unicast MAC address vlan id ID of a configured VLAN Range 1 4094 ipv6 address Corresponding IPv6 address This address...

Страница 339: ...same MAC address and a different VLAN ID cannot be added to the binding table Static bindings are processed as follows If there is no entry with same and MAC address and IPv6 address a new entry is a...

Страница 340: ...an interface the switch initially blocks all IPv6 traffic received on that interface except for ND packets allowed by ND snooping and DHCPv6 packets allowed by DHCPv6 snooping A port access control li...

Страница 341: ...which IPv6 source bindings dynamically learned via ND snooping or DHCPv6 snooping or manually configured are not yet configured the switch will drop all IPv6 traffic on that port except for ND packet...

Страница 342: ...l be added to the IPv6 source guard binding table If IPv6 source guard is enabled on a port and the maximum number of allowed bindings is changed to a lower value precedence is given to deleting entri...

Страница 343: ...middle attacks This is accomplished by intercepting all ARP requests and responses and verifying each of these packets before the local ARP cache is updated or the packet is forwarded to the appropri...

Страница 344: ...of address components in an ARP packet GC ip arp inspection vlan Enables ARP Inspection for a specified VLAN or range of VLANs GC ip arp inspection limit Sets a rate limit for the ARP packets received...

Страница 345: ...p arp inspection filter arp acl name vlan vlan id vlan range static no ip arp inspection filter arp acl name vlan vlan id vlan range arp acl name Name of an ARP ACL Maximum length 16 characters vlan i...

Страница 346: ...conds The interval at which log messages are sent Range 0 86400 Default Setting Message Number 20 Interval 10 seconds Command Mode Global Configuration Command Usage ARP Inspection must be enabled wit...

Страница 347: ...en enabled packets with different MAC addresses are classified as invalid and are dropped ip Checks the ARP body for invalid and unexpected IP addresses Addresses include 0 0 0 0 255 255 255 255 and a...

Страница 348: ...tion is enabled globally and enabled on selected VLANs all ARP request and reply packets on those VLANs are redirected to the CPU and their switching is handled by the ARP Inspection engine When ARP I...

Страница 349: ...and Usage This command applies to both trusted and untrusted ports When the rate of incoming ARP packets exceeds the configured limit the switch drops all ARP packets in excess of the limit Example Co...

Страница 350: ...Global IP ARP Inspection Status disabled Log Message Interval 10 s Log Message Number 1 Need Additional Validation s Yes Additional Validation Type Destination MAC address Console show ip arp inspect...

Страница 351: ...statistics ARP packets received 150 ARP packets dropped due to rate limt 5 Total ARP packets processed by ARP Inspection 150 ARP packets dropped by additional validation source MAC address 0 ARP pack...

Страница 352: ...n no longer communicate adequately This section describes commands used to protect against DoS attacks dos protection land This command protects against DoS LAND Local Area Network Denial attacks in w...

Страница 353: ...tax no dos protection tcp null scan Default Setting Disabled Command Mode Global Configuration Command Usage In these packets all TCP flags are 0 Example Console config dos protection tcp null scan Co...

Страница 354: ...rget s TCP port is closed the target replies with a TCP RST packet If the target TCP port is open it simply discards the TCP XMAS scan Use the no form to disable this feature Syntax no dos protection...

Страница 355: ...x no traffic segmentation Default Setting Disabled Command Mode Global Configuration Command Usage Traffic segmentation provides port based security and isolation between ports within the VLAN Data tr...

Страница 356: ...lly on the switch Console config traffic segmentation Console config traffic segmentation session This command creates a traffic segmentation client session Use the no form to remove a client session...

Страница 357: ...raffic segmentation session session id uplink interface list downlink interface list downlink interface list session id Traffic segmentation session Range 1 4 uplink Specifies an uplink interface down...

Страница 358: ...nfig traffic segmentation uplink ethernet 1 10 downlink ethernet 1 5 8 Console config traffic segmentation uplink to uplink This command specifies whether or not traffic can be forwarded between uplin...

Страница 359: ...tation This command displays the configured traffic segments Command Mode Privileged Exec Example Console show traffic segmentation Private VLAN Status Enabled Uplink to Uplink Mode Forwarding Session...

Страница 360: ...Chapter 9 General Security Measures Port based Traffic Segmentation 360...

Страница 361: ...roup Function IPv4 ACLs Configures ACLs based on IPv4 addresses TCP UDP port number protocol type and TCP control code IPv6 ACLs Configures ACLs based on IPv6 addresses MAC ACLs Configures ACLs based...

Страница 362: ...n IP address and other more specific criteria acl name Name of the ACL Maximum length 32 characters Default Setting None Command Mode Global Configuration Command Usage When you create a new ACL or en...

Страница 363: ...ng None Command Mode Standard IPv4 ACL Command Usage New rules are appended to the end of the list Address bit masks are similar to a subnet mask containing four integers from 0 to 255 each separated...

Страница 364: ...ort dport port bitmask permit deny tcp any source address bitmask host source any destination address bitmask host destination precedence precedence tos tos dscp dscp source port sport bitmask destina...

Страница 365: ...s to indicate ignore The bit mask is bitwise ANDed with the specified source IP address and then compared with the address for each IP packet entering the port s to which this ACL has been assigned Yo...

Страница 366: ...xt acl This permits all TCP packets from class C addresses 192 168 1 0 with the TCP control code set to SYN Console config ext acl permit tcp 192 168 1 0 255 255 255 0 any control flag 2 2 Console con...

Страница 367: ...e Range 168 show ip access group This command shows the ports assigned to IP ACLs Command Mode Privileged Exec Example Console show ip access group Interface ethernet 1 2 IP access list david in Conso...

Страница 368: ...access list ipv6 standard extended acl name standard Specifies an ACL that filters packets based on the source IP address extended Specifies an ACL that filters packets based on the destination IP add...

Страница 369: ...ard IPv6 ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule Syntax permit deny any host source ipv6 address source ipv6 address prefi...

Страница 370: ...o form to remove a rule Syntax permit deny any host destination ipv6 address destination ipv6 address prefix length time range time range name no permit deny any host destination ipv6 address destinat...

Страница 371: ...ess group acl name in out time range time range name counter no ipv6 access group acl name in out acl name Name of the ACL Maximum length 32 characters in Indicates that this list applies to ingress p...

Страница 372: ...um length 32 characters Command Mode Privileged Exec Example Console show ipv6 access list standard IPv6 standard access list david permit host 2009 DB9 2229 79 permit 2009 DB9 2229 5 64 Console Relat...

Страница 373: ...s Default Setting None Command Mode Global Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the...

Страница 374: ...ote The default is for Ethernet II packets permit deny tagged eth2 any host source source address bitmask any host destination destination address bitmask vid vid vid bitmask ethertype protocol protoc...

Страница 375: ...Any MAC source or destination address host A specific MAC address source Source MAC address destination Destination MAC address range with bitmask address bitmask5 Bitmask for MAC address in hexadecim...

Страница 376: ...name counter no mac access group acl name in out acl name Name of the ACL Maximum length 32 characters in Indicates that this list applies to ingress packets out Indicates that this list applies to e...

Страница 377: ...list M5 in Console Related Commands mac access group 376 show mac access list This command displays the rules for configured MAC ACLs Syntax show mac access list acl name acl name Name of the ACL Maxi...

Страница 378: ...de Global Configuration Command Usage When you create a new ACL or enter configuration mode for an existing ACL use the permit or deny command to add new rules to the bottom of the list To create an A...

Страница 379: ...s bitmask log no permit deny response ip any host source ip source ip ip address bitmask any host destination ip destination ip ip address bitmask mac any host source mac source mac mac address bitmas...

Страница 380: ...ccess list arp acl name acl name Name of the ACL Maximum length 32 characters Command Mode Privileged Exec Example Console show access list arp ARP access list factory permit response ip any 192 168 0...

Страница 381: ...face name acl name in Clears counter for ingress rules out Clears counter for egress rules interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 acl name Name of the...

Страница 382: ...ACLs ip standard Shows ingress or egress rules for Standard IPv4 ACLs ipv6 extended Shows ingress or egress rules for Extended IPv6 ACLs ipv6 standard Shows ingress or egress rules for Standard IPv6...

Страница 383: ...er 10 Access Control Lists ACL Information 383 MAC access list jerry permit any host 00 30 29 94 34 de ethertype 800 800 IP extended access list A6 deny tcp any any control flag 2 2 permit any any Con...

Страница 384: ...Chapter 10 Access Control Lists ACL Information 384...

Страница 385: ...port type to use for combination RJ 45 SFP ports IC negotiation Enables autonegotiation of a given interface IC shutdown Disables an interface IC speed duplex Configures the speed and duplex operation...

Страница 386: ...or the transceiver power level of the transmitted signal which can be used to trigger an alarm or warning message IC transceiver threshold voltage Sets thresholds for the transceiver voltage which can...

Страница 387: ...unit port list unit Unit identifier Range 1 port list Physical port number or list of port numbers Separate nonconsecutive port numbers with a comma and no spaces or use a hyphen to designate a range...

Страница 388: ...eters to remove an advertised capability or the no form without parameters to restore the default values Syntax no capabilities 1000full 100full 100half 10full 10half flowcontrol symmetric 1000full Su...

Страница 389: ...nk based on the capabilities command When auto negotiation is disabled you must manually specify the link attributes with the speed duplex and flowcontrol commands Example The following example config...

Страница 390: ...n RD SW 3 Console config if discard This command discards CDP or PVST packets Use the no form to forward the specified packet type to other ports configured the same way SYNTAX no discard cdp pvst cdp...

Страница 391: ...connected directly to the switch when its buffers fill When enabled back pressure is used for half duplex operation and IEEE 802 3 2002 formally IEEE 802 3x for full duplex operation To force flow co...

Страница 392: ...ute interval 7 buckets Command Mode Interface Configuration Ethernet Port Channel Example This example sets a interval of 15 minutes for sampling standard statisical values on port 1 Console config in...

Страница 393: ...bles auto negotiation for a given interface Use the no form to disable auto negotiation Syntax no negotiation Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command...

Страница 394: ...iation Console config if Related Commands capabilities 388 speed duplex 395 flowcontrol 391 shutdown This command disables an interface To restart a disabled interface use the no form Syntax no shutdo...

Страница 395: ...guration Ethernet Port Channel Command Usage The 1000BASE T standard does not support forced mode Auto negotiation should always be used to establish a connection over any 1000BASE T port or trunk If...

Страница 396: ...roadcast packets multicast Specifies unknown multicast packets unicast Specifies unknown unicast packets Command Mode Interface Configuration Ethernet Port Channel Default Setting Disabled Command Usa...

Страница 397: ...hat an ingress port is a tagged port or a QinQ ingress port In other words any additional size for example a tagged field of 4 bytes added by the chip will not be considered when comparing the egress...

Страница 398: ...counters interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 port channel channel id Range 1 26 Default Setting None Command Mode Privileged Exec Comman...

Страница 399: ...Usage If an SFP transceiver is inserted in a port the Type field will show the SFP type as interpreted from Ethernet Compliance Codes Data Byte 6 in Address A0h The Ethernet Compliance Code is a bitma...

Страница 400: ...mple Console show interfaces counters ethernet 1 1 Ethernet 1 1 IF table Stats 2166458 Octets Input 14734059 Octets Output 14707 Unicast Input 19806 Unicast Output 0 Discard Input 0 Discard Output 0 E...

Страница 401: ...interface including framing characters Unicast Input The number of subnetwork unicast packets delivered to a higher layer protocol Unicast Output The total number of packets that higher level protoco...

Страница 402: ...y transmitted frames for which transmission is inhibited by exactly one collision Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than...

Страница 403: ...ddress Undersize Packets The total number of packets received that were less than 64 octets long excluding framing bits but including FCS octets and were otherwise well formed Oversize Packets The tot...

Страница 404: ...containing previous samples Range 1 96 count The number of historical samples to display Range 1 96 input Ingress traffic output Egress traffic Default Setting Shows historical statistics for all inte...

Страница 405: ...ets Input Unicast Multicast Broadcast 00d 01 45 01 0 00 105421 688 30 8 Discards Errors Unknown Proto 0 0 0 Octets Output Unicast Multicast Broadcast 0 00 859987 947 373 1 Discards Errors 0 0 Interfac...

Страница 406: ...Multicast Broadcast 0 00 48334 54 19 0 Discards Errors 0 0 Previous Entries Start Time Octets Input Unicast Multicast Broadcast 00d 00 05 37 1400912 9381 1895 50 00d 00 06 37 1566090 10660 2195 50 00d...

Страница 407: ...1 1 Information of Eth 1 1 Basic Information Port Type 1000BASE T MAC Address 00 00 0C 00 00 FE Configuration Name Port Admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full 1000full...

Страница 408: ...isplayed Example This example shows the configuration setting for port 1 Console show interfaces switchport ethernet 1 1 Information of Eth 1 1 Broadcast Threshold Enabled 500 packets second Multicast...

Страница 409: ...sabled page 567 Acceptable Frame Type Shows if acceptable VLAN frames include all types or tagged frames only page 565 Native VLAN Indicates the default Port VLAN ID page 569 Priority for Untagged Tra...

Страница 410: ...e ethernet 1 25 Console config if transceiver monitor Console transceiver threshold auto This command uses default threshold settings obtained from the transceiver to determine when an alarm or warnin...

Страница 411: ...alue is greater than or equal to the threshold and the last sample value was less than the threshold After a rising event has been generated another such event will not be generated until the sampled...

Страница 412: ...Sets the low power threshold for an alarm message low warning Sets the low power threshold for a warning message threshold value The power threshold of the received signal Range 4000 820 in units of...

Страница 413: ...re threshold for a warning message low alarm Sets the low temperature threshold for an alarm message low warning Sets the low temperature threshold for a warning message threshold value The threshold...

Страница 414: ...alarm Sets the low power threshold for an alarm message low warning Sets the low power threshold for a warning message threshold value The power threshold of the transmitted signal Range 4000 820 in u...

Страница 415: ...reshold for a warning message low alarm Sets the low voltage threshold for an alarm message low warning Sets the low voltage threshold for a warning message threshold value The threshold of the transc...

Страница 416: ...ing Shows all SFP interfaces Command Mode Privileged Exec Command Usage The switch can display diagnostic information for SFP modules which support the SFF 8472 Specification for Diagnostic Monitoring...

Страница 417: ...rt unit Unit identifier Range 1 port Port number ECS4120 28F SFP Ports 25 2819 Other models SFP SFP Ports Default Setting Shows all SFP interfaces Command Mode Privileged Exec Command Usage The switch...

Страница 418: ...ble diagnostics This command performs cable diagnostics on the specified port to diagnose any cable faults short open etc and report the cable length Syntax test cable diagnostics interface interface...

Страница 419: ...outine did not complete successfully Ports must have auto negotiation enabled Ports are linked down while running cable diagnostics This cable test is only accurate for Ethernet cables 7 100 meters lo...

Страница 420: ...ostics test Syntax show cable diagnostics interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number ECS4120 28F 28F I 21 24 Other models 1 24 48 Command Mode Privi...

Страница 421: ...op back test Syntax show loop internal interface interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 52 Command Mode Privileged Exec Example Console show loop in...

Страница 422: ...itter and most of the receive circuitry entering Sleep Mode In this mode the low power energy detection circuit continuously checks for energy on the cable If none is detected the MAC interface is als...

Страница 423: ...power savings Syntax show power save interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number ECS4120 28F 28F I 21 24 Other models 1 24 48 Command Mode Privilege...

Страница 424: ...Chapter 11 Interface Commands Power Savings 424...

Страница 425: ...rface port channel Configures a trunk and enters interface configuration mode for the trunk GC port channel load balance Sets the load distribution method among ports in aggregated links GC channel gr...

Страница 426: ...ports in a trunk have to be treated as a whole when moved from to added or deleted from a VLAN via the specified port channel STP VLAN and IGMP settings can only be made for the entire trunk via the s...

Страница 427: ...nd dynamic trunks on the switch To ensure that the switch traffic load is distributed evenly across all links in a trunk select the source and destination addresses used in the load balance calculatio...

Страница 428: ...eived from many different hosts src mac All traffic with the same source MAC address is output on the same link in a trunk This mode works best for switch to switch trunk links where traffic through t...

Страница 429: ...orm to disable it Syntax no lacp Default Setting Disabled Command Mode Interface Configuration Ethernet Command Usage The ports on both ends of an LACP trunk must be configured for full duplex either...

Страница 430: ...143 packets second Unknown Unicast Storm Disabled Unknown Unicast Storm Limit 262143 packets second Flow Control Disabled VLAN Trunking Disabled MAC Learning Enabled Link up down Trap Enabled MTU 1518...

Страница 431: ...in use on that side Configuring LACP settings for the partner only applies to its administrative state not its operational state Note Configuring the partner admin key does not affect remote or local...

Страница 432: ...P operational settings are already in use on that side Configuring LACP settings for the partner only applies to its administrative state not its operational state and will only take effect the next t...

Страница 433: ...x lacp admin key key no lacp admin key key The port channel admin key is used to identify a specific link aggregation group LAG during local LACP setup on this switch Range 0 65535 Default Setting 0 C...

Страница 434: ...nsmitted LACPDUs When the partner switch receives an LACPDU set with a short timeout from the actor switch the partner adjusts the transmit LACPDU interval to 1 second When it receives an LACPDU set w...

Страница 435: ...Us Sent 12 LACPDUs Received 6 Marker Sent 0 Marker Received 0 LACPDUs Unknown Pkts 0 LACPDUs Illegal Pkts 0 Table 78 show lacp counters display description Field Description LACPDUs Sent Number of val...

Страница 436: ...achine is in the expired state Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution o...

Страница 437: ...F1 D4 73 A0 10 32768 00 30 F1 D4 73 A0 11 32768 00 30 F1 D4 73 A0 12 32768 00 30 F1 D4 73 A0 Table 80 show lacp neighbors display description Field Description Partner Admin System ID LAG partner s s...

Страница 438: ...Console show port channel load balance Trunk Load Balance Mode Destination IP address Console Table 81 show lacp sysid display description Field Description Channel group A link aggregation group con...

Страница 439: ...e the power available to all switch ports Use the no form to restore the default setting Syntax power mainpower maximum allocation milliwatts milliwatts The power budget for the switch Range 37000 370...

Страница 440: ...cted to the specified port and turn power on or off accordingly Use the no form to turn off power for a port or the no form with the time range keyword to remove the time range settings Syntax power i...

Страница 441: ...Configuration ECS4120 28P Ethernet ports 1 24 Command Usage The total PoE power delivered by all ports cannot exceed the maximum power budget of 370W All the RJ 45 ports support both the IEEE 802 3af...

Страница 442: ...s budget is not supplied power If a device is connected to a critical or high priority port that would cause the switch to exceed its power budget as determined during bootup power is provided to the...

Страница 443: ...thernet 1 1 Console config if power inline time range rd Console config if Related Commands time range 168 show power inline status This command displays the current power status for all ports or for...

Страница 444: ...range name Name of the time range Range 1 30 characters interface ethernet unit Unit identifier Range 1 port Port number Range 1 24 48 Command Mode Privileged Exec Example Console show power inline ti...

Страница 445: ...0 Watts System Operation Status On PoE Power Consumption 7 3 Watts Software Version Version 1 6 0 7 Console Table 85 show power mainpower display description Field Description PoE Maximum Available Po...

Страница 446: ...Chapter 13 Power over Ethernet Commands 446...

Страница 447: ...t monitor interface rx tx both no port monitor interface interface ethernet unit port source port unit Unit identifier Range 1 port Port number Range 1 28 rx Mirror received packets tx Mirror transmit...

Страница 448: ...an Ethernet interface with the interface configuration command and then use the port monitor command to specify the source of the traffic to mirror Note that the destination port cannot be a trunk or...

Страница 449: ...igured from port 6 to port 5 Console config interface ethernet 1 5 Console config if port monitor ethernet 1 6 Console config if end Console show port monitor Port Mirroring Destination Port listen po...

Страница 450: ...c and dynamic trunks are not allowed A port can only be configured as one type of RSPAN interface source destination or uplink Also note that the source port and destination port cannot be configured...

Страница 451: ...y cannot be enabled on that port rspan source Use this command to specify the source port and traffic type to be mirrored remotely Use the no form to disable RSPAN on the specified port or with a traf...

Страница 452: ...ession session id destination interface interface tagged untagged no rspan session session id destination interface interface session id A number identifying this RSPAN session Range 1 interface ether...

Страница 453: ...LAN Syntax no rspan session session id remote vlan vlan id source intermediate destination uplink interface session id A number identifying this RSPAN session Range 1 vlan id ID of configured RSPAN VL...

Страница 454: ...members to an RSPAN VLAN Also note that the show vlan command will not display any members for an RSPAN VLAN but will only show configured RSPAN VLAN identifiers Example The following example enables...

Страница 455: ...sion id session id A number identifying this RSPAN session Range 1 Command Mode Privileged Exec Example Console show rspan session RSPAN Session ID 1 Source Ports mirrored ports None RX Only None TX O...

Страница 456: ...Chapter 14 Port Mirroring Commands RSPAN Mirroring Commands 456...

Страница 457: ...o limit traffic into or out of the network Packets that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured w...

Страница 458: ...fied interface rate Maximum value in Kbps Range 64 1000000 Kbits per second for 1G Ethernet ports 64 10000000 Kbits per second for 10G Ethernet ports Default Setting Disabled Command Mode Interface Co...

Страница 459: ...ting Syntax switchport broadcast multicast unknown unicast packet rate rate no switchport broadcast multicast unknown unicast broadcast Specifies storm control for broadcast traffic multicast Specifie...

Страница 460: ...e Example The following shows how to configure broadcast storm control at 600 kilobits per second Console config interface ethernet 1 5 Console config if switchport broadcast packet rate 600 Console c...

Страница 461: ...shold after a storm control response has been triggered and the release timer expires IC Port snmp server enable port traps atc multicast alarm clear Sends a trap when multicast traffic falls beneath...

Страница 462: ...eshold after the release timer expires traffic control for rate limiting will be stopped and a Traffic Control Release Trap sent and logged Note that if the control action has shut down a port it can...

Страница 463: ...be applied to a port Enabling automatic storm control on a port will disable hardware level storm control on that port Threshold Commands auto traffic control apply timer This command sets the time a...

Страница 464: ...st multicast release timer seconds no auto traffic control broadcast multicast release timer broadcast Specifies automatic storm control for broadcast traffic multicast Specifies automatic storm contr...

Страница 465: ...packet rate command However only one of these control types can be applied to a port Enabling automatic storm control on a port will disable hardware level storm control on that port Example This exam...

Страница 466: ...e enabled by automatic traffic control It can only be manually re enabled using the auto traffic control control release command Example This example sets the control response for broadcast traffic on...

Страница 467: ...d Example This example sets the clear threshold for automatic storm control for broadcast traffic on port 1 Console config interface ethernet 1 1 Console config if auto traffic control broadcast alarm...

Страница 468: ...automatically releases a control response of rate limiting after the time specified in the auto traffic control release timer command has expired Syntax auto traffic control broadcast multicast auto...

Страница 469: ...ivileged Exec Command Usage This command can be used to manually stop a control response of rate limiting or port shutdown any time after the specified action has been triggered Example Console config...

Страница 470: ...ap Syntax no snmp server enable port traps atc broadcast alarm fire Default Setting Disabled Command Mode Interface Configuration Ethernet Example Console config interface ethernet 1 1 Console config...

Страница 471: ...to disable this trap Syntax no snmp server enable port traps atc broadcast control release Default Setting Disabled Command Mode Interface Configuration Ethernet Example Console config interface ethe...

Страница 472: ...form to disable this trap Syntax no snmp server enable port traps atc multicast alarm fire Default Setting Disabled Command Mode Interface Configuration Ethernet Example Console config interface ether...

Страница 473: ...e release timer expires Use the no form to disable this trap Syntax no snmp server enable port traps atc multicast control release Default Setting Disabled Command Mode Interface Configuration Etherne...

Страница 474: ...ace interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 Command Mode Privileged Exec Example Console show auto traffic control interface ethernet 1 1 Eth 1 1 Infor...

Страница 475: ...detected on an interface or when a interface is released from a shutdown state caused by a loopback event a trap message is sent and the event recorded in the system log Loopback detection must be ena...

Страница 476: ...the spanning tree protocol on port 1 and then enables general loopback detection for that port Console config loopback detection Console config interface ethernet 1 1 Console config if no spanning tr...

Страница 477: ...anged any ports placed in shutdown state by the loopback detection process will be immediately restored to operation regardless of the remaining recover time Example This example sets the loopback det...

Страница 478: ...se the no form to restore the default setting Syntax loopback detection transmit interval seconds no loopback detection transmit interval seconds The transmission interval for loopback detection contr...

Страница 479: ...Console config loopback detection trap both Console config loopback detection release This command releases all interfaces currently shut down by the loopback detection feature Syntax loopback detecti...

Страница 480: ...s Enabled Transmit Interval 10 Recover Time 60 Action Shutdown Trap None Loopback Detection Port Information Port Admin State Oper State Eth 1 1 Enabled Normal Eth 1 2 Disabled Disabled Eth 1 3 Disabl...

Страница 481: ...interval detection interval The amount of time the switch remains in detection state after discovering a neighbor through UDLD Range 5 255 seconds Default Setting 5 seconds Command Mode Global Config...

Страница 482: ...messages after linkup or detection phases Range 7 90 seconds Default Setting 15 seconds Command Mode Global Configuration Command Usage During the detection phase messages are exchanged at the maximum...

Страница 483: ...e config udld recovery Console config udld recovery interval This command specifies the period after which to automatically recover from UDLD disabled port state Use the no form to restore the default...

Страница 484: ...connectivity UDLD follows a conservative approach to minimize false positives during the detection process and deems a port to be in undetermined state In other words normal mode will shut down a port...

Страница 485: ...ompt corrective action to be taken Whenever a UDLD device learns about a new neighbor or receives a resynchronization request from an out of synch neighbor it re starts the detection process on its si...

Страница 486: ...1 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 2 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 3 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 4 Disabled Normal Disabled 7 s Unknown 5 s Eth 1 5 D...

Страница 487: ...Multiple neighbors Port State Shows the UDLD port state Unknown Bidirectional Unidirectional Transmit to receive loop Mismatch with neighbor state reported Neighbor s echo is empty The state is Unkno...

Страница 488: ...Chapter 17 UniDirectional Link Detection Commands 488...

Страница 489: ...guration Command Usage The aging time is used to age out dynamically learned forwarding information Example Console config mac address table aging time 100 Console config Table 96 Address Table Comman...

Страница 490: ...switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration Command Usage The static address for a...

Страница 491: ...address table dynamic Console show mac address table This command shows classes of entries in the bridge forwarding database Syntax show mac address table address mac address mask interface interface...

Страница 492: ...to match a bit and 1 means to ignore a bit For example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 16K Example C...

Страница 493: ...ce Syntax show mac address table count interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 port channel channel id Range 1 26 Default Setting N...

Страница 494: ...Chapter 18 Address Table Commands 494...

Страница 495: ...to all other ports in the same VLAN when global spanning tree is disabled GC spanning tree transmission limit Configures the transmission limit for RSTP MSTP GC max hops Configures the maximum number...

Страница 496: ...ing tree mst cost Configures the path cost of an instance in the MST IC spanning tree mst port priority Configures the priority of an instance in the MST IC spanning tree port bpdu flooding Floods BPD...

Страница 497: ...0 seconds The minimum value is the higher of 4 or max age 2 1 Default Setting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a port will wait...

Страница 498: ...nterval in seconds at which the root device transmits a configuration message Example Console config spanning tree hello time 5 Console config Related Commands spanning tree forward time 497 spanning...

Страница 499: ...ee hello time 498 spanning tree mode This command selects the spanning tree mode for this switch Use the no form to restore the default Syntax spanning tree mode stp rstp mstp no spanning tree mode st...

Страница 500: ...participate in a specific set of spanning tree instances A spanning tree instance can exist only on bridges that have compatible VLAN instance assignments Be careful when switching between spanning t...

Страница 501: ...ng Console config spanning tree priority This command configures the spanning tree priority globally for this switch Use the no form to restore the default Syntax spanning tree priority priority no sp...

Страница 502: ...506 max hops 503 spanning tree system bpdu flooding This command configures the system to flood BPDUs to all other ports on the switch or just to all other ports in the same VLAN when spanning tree is...

Страница 503: ...no form to restore the default Syntax spanning tree transmission limit count no spanning tree transmission limit count The transmission limit in seconds Range 1 10 Default Setting 3 Command Mode Globa...

Страница 504: ...instance Use the no form to restore the default Syntax mst instance id priority priority no mst instance id priority instance id Instance identifier of the spanning tree Range 0 4094 priority Priority...

Страница 505: ...e pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topology fo...

Страница 506: ...the same region must be configured with the same MST instances Example Console config mstp name R D Console config mstp Related Commands revision 506 revision This command configures the revision numb...

Страница 507: ...g time This function is designed to work in conjunction with edge ports which should only connect end stations to the switch and therefore do not need to process BPDUs However note that if a trunking...

Страница 508: ...nterface Configuration Ethernet Port Channel Command Usage An edge port should only be connected to end nodes which do not generate BPDUs If a BPDU is received on an edge port this indicates an invali...

Страница 509: ...Ethernet Port Channel Command Usage This command is used by the Spanning Tree Algorithm to determine the best path between devices Therefore lower values should be assigned to ports attached to faster...

Страница 510: ...t cause forwarding loops they can pass directly through to the spanning tree forwarding state Specifying Edge Ports provides quicker convergence for devices such as workstations or servers retains the...

Страница 511: ...two or more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interfac...

Страница 512: ...shutdown duration no spanning tree loopback detection action block Blocks user traffic shutdown Shuts down the interface duration The duration to shut down the interface Range 60 86400 seconds Defaul...

Страница 513: ...en the port will only be returned to the forwarding state if one of the following conditions is satisfied The port receives any other BPDU except for it s own or The port s link status changes to link...

Страница 514: ...terface Range 0 for auto configuration 1 65535 for short path cost method21 1 200 000 000 for long path cost method The recommended path cost range is listed in Table 98 on page 509 Default Setting By...

Страница 515: ...t instance id port priority priority no spanning tree mst instance id port priority instance id Instance identifier of the spanning tree Range 0 4094 priority Priority for an interface Range 0 240 in...

Страница 516: ...the receiving port s native VLAN as specified by the spanning tree system bpdu flooding command The spanning tree system bpdu flooding command has no effect if BPDU flooding is disabled on a port by...

Страница 517: ...nd prevents a designated port from taking superior BPDUs into account and allowing a new STP root port to be elected Use the no form to disable this feature Syntax no spanning tree root guard Default...

Страница 518: ...ee spanning disabled This command disables the spanning tree algorithm for the specified interface Use the no form to re enable the spanning tree algorithm for the specified interface Syntax no spanni...

Страница 519: ...detection release This command manually releases a port placed in discarding state by loopback detection Syntax spanning tree loopback detection release interface interface ethernet unit port unit Un...

Страница 520: ...wever you can also use the spanning tree protocol migration command at any time to manually re check the appropriate BPDU format to send on the selected interfaces i e RSTP or STP compatible Example C...

Страница 521: ...ing Tree MST including global settings and settings for all interfaces Example Console show spanning tree Spanning Tree Mode MSTP Spanning Tree Enabled Disabled Enabled Instance 0 VLANs Configured 1 4...

Страница 522: ...tion Block Root Guard Status Disabled BPDU Guard Status Disabled BPDU Guard Auto Recovery Disabled BPDU Guard Auto Recovery Interval 300 BPDU Filter Status Disabled TC Propagate Stop Disabled show spa...

Страница 523: ...the CCM MEPs used to monitor the link on a ring node ERPS node id Sets the MAC address for a ring node ERPS non erps dev protect Sends non standard health check packets when in protection state ERPS...

Страница 524: ...APS messages the holdoff timer command to filter out intermittent link faults and the wtr timer command to verify that the ring has stabilized before blocking the RPL after recovery from a signal fail...

Страница 525: ...ERPS status information Use the show erps command to display general ERPS status information or detailed ERPS status information for a specific ring erps This command enables ERPS on the switch Use th...

Страница 526: ...erps domain r d id 1 Console config erps control vlan This command specifies a dedicated VLAN used for sending and receiving ERPS protocol messages Use the no form to remove the Control VLAN Syntax no...

Страница 527: ...erface ethernet 1 11 Console config if switchport allowed vlan add 2 tagged Console config if exit Console config erps domain rd1 Console config erps control vlan 2 Console config erps enable This com...

Страница 528: ...Mode ERPS Configuration Command Usage The guard timer duration should be greater than the maximum expected forwarding delay for an R APS message to pass around the ring A side effect of the guard time...

Страница 529: ...ff timer 300 Console config erps major domain This command specifies the ERPS ring used for sending control packets Use the no form to remove the current setting Syntax major domain name no major doma...

Страница 530: ...s used to ensure that received R APS PDUs are directed for this ring A unique level should be configured for each local ring if there are many R APS PDUs passing through this switch If CFM continuity...

Страница 531: ...then the MEG level set by the meg level command must match the authorized maintenance level of the CFM domain to which the specified MEP belongs To ensure complete monitoring of a ring node use the m...

Страница 532: ...very operations For example a node that has one ring port in SF condition and detects that the condition has been cleared will continuously transmit R APS NR messages with its own Node ID as priority...

Страница 533: ...wn in the following figure and node E detected CCM loss it would send an R APS SF message to the RPL owner and block the link to node D isolating that non ERPS device Figure 3 Non ERPS Device Protecti...

Страница 534: ...the RPL is blocked as a result of ring protection reversion or until there is another higher priority request e g an SF condition in the ring A ring node that has one ring port in an SF condition and...

Страница 535: ...ed the RPL Owner Node blocks its RPL port and transmits an R APS NR RB message in both directions repeatedly d Upon receiving an R APS NR RB message any blocking node should unblock its non failed rin...

Страница 536: ...g node blocks the ring port attached to the RPL transmits an R APS NR RB message on both ring ports informing the ring that the RPL is blocked and flushes its FDB c The acceptance of the R APS NR RB m...

Страница 537: ...ce of the R APS NR RB message causes all ring nodes to unblock any blocked non RPL that does not have an SF condition If it is an R APS NR RB message without a DNF indication all Ethernet Ring Nodes f...

Страница 538: ...ion switching When the MAC addresses are cleared data traffic may flood onto the major ring The data traffic will become stable after the MAC addresses are learned again The major ring will not be bro...

Страница 539: ...nnel When using a virtual channel to tunnel R APS messages between interconnection points on a sub ring the R APS virtual channel may or may not follow the same path as the traffic channel over the ne...

Страница 540: ...tween some of the sub ring s ring nodes No R APS messages are inserted or extracted by other rings or sub rings at the interconnection nodes where a sub ring is attached Hence there is no need for eit...

Страница 541: ...ports Alternatively the closest neighbor to the east should be the next node in the ring in a clockwise direction and the closest neighbor to the west should be the next node in the ring in a counter...

Страница 542: ...is not responsible for activating the reversion behavior Only one RPL owner can be configured on a ring If the switch is set as the RPL owner for an ERPS domain the west ring port is set as one end o...

Страница 543: ...his command specifies compatibility with ERPS version 1 or 2 Syntax version 1 2 1 ERPS version 1 based on ITU T G 8032 Y 1344 2 ERPS version 2 based on ITU T G 8032 Y 1344 Version 2 Default Setting 2...

Страница 544: ...erify that the ring has stabilized before blocking the RPL after recovery from a signal failure Use the no form to restore the default setting Syntax wtr timer minutes minutes The wait to restore time...

Страница 545: ...when the node is operating in revertive mode Syntax erps clear domain ring name ring name Name of a specific ERPS ring Range 1 12 characters Command Mode Privileged Exec Command Usage Two steps are re...

Страница 546: ...issued transmits R APS messages indicating FS over both ring ports R APS FS messages are continuously transmitted by this ring node while the local FS command is the ring node s highest priority comm...

Страница 547: ...ve the priorities as specified in the following table Recovery for forced switching under revertive and non revertive mode is described under the Command Usage section for the non revertive command Wh...

Страница 548: ...anual switch command was issued blocks the traffic channel and R APS channel on the ring port to which the command was issued and unblocks the other ring port b If no other higher priority commands ex...

Страница 549: ...ommand which receives an R APS MS message with a different Node ID clears its manual switch request and starts transmitting R APS NR messages The ring node keeps the ring port blocked due to the previ...

Страница 550: ...ages Enabled Shows if the specified ring is enabled Ver Shows the ERPS version MEL The maintenance entity group MEG level providing a communication channel for ring automatic protection switching R AP...

Страница 551: ...ception of traffic is blocked and the forwarding of R APS messages is blocked but the transmission of locally generated R APS messages is allowed and the reception of all R APS messages is allowed For...

Страница 552: ...APS messages Propagate TC Shows if the ring is configured to propagate topology change notification messages Non ERPS Device Protect Shows if the RPL owner node is configured to send non standard heal...

Страница 553: ...al Clear SF The number of times a clear command was issued to terminate protection state entered through a forced switch or manual switch SF The number of signal fault messages NR The number of no req...

Страница 554: ...Chapter 20 ERPS Commands 554...

Страница 555: ...s port members and MAC addresses Configuring IEEE 802 1Q Tunneling Configures 802 1Q Tunneling QinQ Tunneling Configuring L2PT Tunneling1 1 These functions are not compatible Configures Layer 2 Protoc...

Страница 556: ...Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network This function should be enabled to permit automatic VLAN registration...

Страница 557: ...age Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are indepen...

Страница 558: ...e Configuration Ethernet Port Channel Command Usage This command prevents a VLAN from being automatically added to the specified interface via GVRP If a VLAN has been added to the set of allowed VLANs...

Страница 559: ...Yes VLAN Version Number 2 VLAN Learning IVL Configurable PVID Tagging Yes Local VLAN Capable No Traffic Classes Enabled Global GVRP Status Disabled Console Table 107 show bridge ext display descriptio...

Страница 560: ...ging This switch allows you to override the default Port VLAN ID PVID used in frame tags and egress status VLAN Tagged or Untagged on each port Refer to the switchport allowed vlan command Local VLAN...

Страница 561: ...ration interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 port channel channel id Range 1 26 Default Setting Shows both global and interface specific co...

Страница 562: ...tings by entering the show vlan command Use the interface vlan command mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the runn...

Страница 563: ...AN used for mirroring traffic from remote switches The VLAN used for RSPAN cannot include VLAN 1 the switch s default VLAN Nor should it include VLAN 4093 which is used for switch clustering Configuri...

Страница 564: ...254 255 255 255 0 Console config if Table 109 Commands for Configuring VLAN Interfaces Command Function Mode interface vlan Enters interface configuration mode for a specified VLAN IC switchport accep...

Страница 565: ...accepts all frames tagged or untagged tagged The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When set to...

Страница 566: ...ove vlan list List of VLAN identifiers to remove Default Setting All ports are assigned to VLAN 1 by default The default frame type is untagged Command Mode Interface Configuration Ethernet Port Chann...

Страница 567: ...Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage Ingress filtering only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VL...

Страница 568: ...its tagged frames that identify the source VLAN Note that frames belonging to the port s default VLAN i e associated with the PVID are also transmitted as tagged frames Default Setting Hybrid mode wit...

Страница 569: ...t to any VLAN for which it is an untagged member If acceptable frame types is set to all or switchport mode is set to hybrid the PVID will be inserted into all untagged frames entering the ingress por...

Страница 570: ...nking is mutually exclusive with the access switchport mode see the switchport mode command If VLAN trunking is enabled on an interface then that interface cannot be set to access mode and vice versa...

Страница 571: ...ple shows how to display information for VLAN 1 Console show vlan id 1 VLAN ID 1 Type Static Name DefaultVlan Status Active Ports Port Channels Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Et...

Страница 572: ...ol Identifier TPID value of the tunnel access port This step is required if the attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is...

Страница 573: ...is enabled be aware that a tunnel access or tunnel uplink port may be disabled if the spanning tree structure is automatically reconfigured to overcome a break in the tree It is therefore advisable t...

Страница 574: ...ontrol command before the switchport dot1q tunnel mode interface command can take effect When a tunnel uplink port receives a packet from a customer the customer tag regardless of whether there are on...

Страница 575: ...nsures consistent treatment of priority tagged packets across the S VLAN Example Console config interface ethernet 1 1 Console config if switchport dot1q tunnel priority map Console config if switchpo...

Страница 576: ...face and service provider interfaces as uplink interfaces that is a network to network interface Use the switchport dot1q tunnel mode uplink command to set an interface to access or uplink mode When t...

Страница 577: ...selective QinQ mapping entries Console config interface ethernet 1 1 Console config if switchport dot1q tunnel service 100 match cvid 10 Console config if switchport dot1q tunnel service 200 match cvi...

Страница 578: ...ws the switch to interoperate with third party switches that do not use the standard 0x8100 ethertype to identify 802 1Q tagged frames For example 0x1234 is set as the custom 802 1Q ethertype on a tru...

Страница 579: ...1 1 Console config if switchport dot1q tunnel mode access Console config if interface ethernet 1 2 Console config if switchport dot1q tunnel mode uplink Console config if end Console show dot1q tunnel...

Страница 580: ...reates disconnected protocol domains in the customer s network L2PT can be used to pass various types of protocol packets belonging to the same customer transparently across a service provider s netwo...

Страница 581: ...ess 01 80 C2 00 00 01 0A S VLAN tag it is filtered decapsulated and processed locally by the switch if the protocol is supported When a protocol packet is received on an access port i e an 802 1Q trun...

Страница 582: ...ion address 01 00 0C CD CD D0 and L2PT is enabled on this port it is forwarded to other access ports in the same S VLAN for which L2PT is enabled L2PT is disabled on this port it is forwarded to the f...

Страница 583: ...mmand and the interface configured to 802 1Q tunnel mode using the switchport dot1q tunnel mode command Example Console config dot1q tunnel system tunnel control Console config interface ethernet 1 1...

Страница 584: ...etting Disabled Command Mode Interface Configuration Ethernet Command Usage If the next switch upstream does not support QinQ tunneling then use this command to map the customer s VLAN ID to the servi...

Страница 585: ...s example configures VLAN translation for Port 1 as described in the Command Usage section above Console config vlan database Console config vlan vlan 10 media ethernet state active Console config vla...

Страница 586: ...eceived at a port its VLAN membership can then be determined based on the protocol type in use by the inbound packets To configure protocol based VLANs follow these steps 1 First configure VLAN groups...

Страница 587: ...ifier of this protocol group Range 1 2147483647 frame23 Frame type used by this protocol Options ethernet rfc_1042 llc_other protocol Protocol type The only option for the llc_other frame type is ipx_...

Страница 588: ...other VLAN commands such as the vlan command these interfaces will admit traffic of any protocol type into the associated VLAN When MAC based IP subnet based and protocol based VLANs are supported co...

Страница 589: ...This shows protocol group 1 configured for IP over Ethernet Console show protocol vlan protocol group Protocol Group ID Frame Type Protocol Type 1 ethernet 08 00 Console show interfaces protocol vlan...

Страница 590: ...to the VLAN indicated in the entry If no IP subnet is matched the untagged frames are classified as belonging to the receiving port s VLAN ID PVID subnet vlan This command configures IP Subnet VLAN a...

Страница 591: ...dress When MAC based IP subnet based or protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VLANs last Example The following example assigns traffi...

Страница 592: ...he VLAN indicated in the entry If no MAC address is matched the untagged frames are classified as belonging to the receiving port s VLAN ID PVID mac vlan This command configures MAC address to VLAN ma...

Страница 593: ...riority is applied in this sequence and then port based VLANs last Example The following example assigns traffic from source MAC address 00 00 00 11 22 33 to VLAN 10 Console config mac vlan mac addres...

Страница 594: ...sabled Command Mode Global Configuration Command Usage When IP telephony is deployed in an enterprise network it is recommended to isolate the Voice over IP VoIP network traffic from other data traffi...

Страница 595: ...sets the Voice VLAN ID time out Use the no form to restore the default Syntax voice vlan aging minutes no voice vlan minutes Specifies the port Voice VLAN membership time out Range 5 43200 minutes De...

Страница 596: ...identifies VoIP devices in the network Format xx xx xx xx xx xx or xxxxxxxxxxxx for example 01 23 45 00 00 00 mask address Identifies a range of MAC addresses Format xx xx xx xx xx xx or xxxxxxxxxxxx...

Страница 597: ...VLAN when VoIP traffic is detected on the port Default Setting Disabled Command Mode Interface Configuration Command Usage When auto is selected you must select the method to use for detecting VoIP t...

Страница 598: ...packet is overwritten with the new priority when the Voice VLAN feature is active for the port Example The following example sets the CoS priority to 5 on port 1 Console config interface ethernet 1 1...

Страница 599: ...tchport voice vlan security This command enables security filtering for VoIP traffic on a port Use the no form to disable filtering on a port Syntax no switchport voice vlan security Default Setting D...

Страница 600: ...emaining aging time will display NA Example Console show voice vlan status Global Voice VLAN Status Voice VLAN Status Enabled Voice VLAN ID 1234 Voice VLAN aging time 1440 minutes Voice VLAN Port Summ...

Страница 601: ...ayer 2 Configures the queue mode queue weights and default priority for untagged frames Priority Commands Layer 3 and 4 Sets the default priority processing method CoS or DSCP maps priority tags for i...

Страница 602: ...ct queue Default Setting WRR Command Mode Interface Configuration Ethernet Port Channel Command Usage The switch can be set to service the port queues based on strict priority WRR or a combination of...

Страница 603: ...eight class of service CoS priority queues when using weighted queuing or one of the queuing modes that use a combination of strict and weighted queuing Use the no form to restore the default weights...

Страница 604: ...rity mapping is IP DSCP and then default switchport priority The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged f...

Страница 605: ...config if Related Commands show interfaces switchport 408 show queue mode This command shows the current queue mode Command Mode Privileged Exec Example Console show queue mode Unit Port queue mode 1...

Страница 606: ...and drop precedence values for internal priority processing IC qos map ip prec dscp Maps IP Precedence values in incoming packets to per hop behavior and drop precedence values for internal priority...

Страница 607: ...D of the priority queue Range 0 7 where 7 is the highest priority queue DEFAULT SETTING Command Mode Global Configuration Command Usage Enter a queue identifier followed by the keyword from and then u...

Страница 608: ...meter to 0 to indicate that the MAC address information carried in the frame is in canonical format Range 0 1 DEFAULT SETTING Command Mode Interface Configuration Port Static Aggregation Command Usage...

Страница 609: ...to restore the default settings Syntax qos map default drop precedence drop precedence from phb0 phb7 no map default drop precedence phb0 phb7 drop precedence Drop precedence used for controlling traf...

Страница 610: ...Range 0 7 cfi value Canonical Format Indicator Set to this parameter to 0 to indicate that the MAC address information carried in the frame is in canonical format Range 0 1 phb Per hop behavior or the...

Страница 611: ...tion Range 0 Green 3 Yellow 1 Red dscp DSCP value in ingress packets Range 0 63 DEFAULT SETTING Command Mode Interface Configuration Port Static Aggregation Table 125 Default Mapping of DSCP Values to...

Страница 612: ...P value of 1 to a per hop behavior of 3 and a drop precedence of 1 Referring to Table 125 note that the DSCP value for these packets is now set to 25 3x23 1 and passed on to the egress interface Conso...

Страница 613: ...precedence used for controlling traffic congestion Range 0 Green 3 Yellow 1 Red DEFAULT SETTING Command Mode Interface Configuration Port Static Aggregation Command Usage Enter up to eight paired valu...

Страница 614: ...ingress packet type is IPv4 then priority processing will be based on the DSCP value in the ingress packet If the QoS mapping mode is set to either IP Precedence or DSCP and a non IP packet is receive...

Страница 615: ...Console show qos map cos dscp interface ethernet 1 5 CoS Information of Eth 1 5 CoS DSCP map x y x phb y drop precedence CoS CFI 0 1 0 0 0 0 0 1 1 0 1 0 2 2 0 2 0 3 3 0 3 0 4 4 0 4 0 5 5 0 5 0 6 6 0 6...

Страница 616: ...cedence to CoS values Syntax show qos map dscp cos interface interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 52 port channel channel id Range 1 26 Command Mo...

Страница 617: ...in the top row in other words ingress DSCP d1 10 d2 and the corresponding Internal DSCP and drop precedence is shown at the intersecting cell in the table Console show qos map dscp mutation interface...

Страница 618: ...ss IP precedence to internal DSCP map Syntax show qos map ip prec dscp interface interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 52 port channel channel id R...

Страница 619: ...d Exec Example Console show qos map phb queue interface ethernet 1 5 Information of Eth 1 5 PHB queue map PHB 0 1 2 3 4 5 6 7 queue 2 0 1 3 4 5 6 7 Console show qos map trust mode This command shows t...

Страница 620: ...Chapter 22 Class of Service Commands Priority Commands Layer 3 and 4 620...

Страница 621: ...classified traffic based on a metered flow rate PM C police srtcm color Defines an enforcer for classified traffic based on a single rate three color meter PM C police trtcm color Defines an enforcer...

Страница 622: ...or the priority bits in the IP header IP DSCP value for the matching traffic class and use one of the police commands to monitor parameters such as the average flow and burst rate and drop any traffic...

Страница 623: ...fig cmap match ip dscp 3 Console config cmap Related Commands show class map 636 description This command specifies the description of a class map or policy map Syntax description string string Descri...

Страница 624: ...uded in the ACL will be ignored If match criteria includes an IP ACL or IP priority rule then a VLAN rule cannot be included in the same class map If match criteria includes a MAC ACL or VLAN rule the...

Страница 625: ...1 Console config cmap rename rd class 9 Console config cmap policy map This command creates a policy map that can be attached to multiple interfaces and enters Policy Map configuration mode Use the no...

Страница 626: ...pon which a policy can act and enters Policy Map Class configuration mode Use the no form to delete a class map Syntax no class class map name class map name Name of the class map Range 1 32 character...

Страница 627: ...new dscp violate action drop new dscp committed rate Committed information rate CIR in kilobits per second Range 0 10000000 kbps or maximum port speed whichever is lower committed burst Committed burs...

Страница 628: ...efined rd class uses the set phb command to classify the service that incoming packets will receive and then uses the police flow command to limit the average bandwidth to 100 000 Kbps the burst rate...

Страница 629: ...e class maps for ingress ports The srTCM as defined in RFC 2697 meters a traffic stream and processes its packets according to three traffic parameters Committed Information Rate CIR Committed Burst S...

Страница 630: ...n precolored as yellow or green and if Te t B 0 the packets is yellow and Te is decremented by B down to the minimum value of 0 else the packet is red and neither Tc nor Te is decremented The metering...

Страница 631: ...0 10000000 bytes conform action Action to take when rate is within the CIR and BP Packet size does not exceed BP and there are enough tokens in bucket BC to service the packet the packet is set green...

Страница 632: ...s incremented by one PIR times per second up to BP and the token count Tc is incremented by one CIR times per second up to BC When a packet of size B bytes arrives at time t the following happens if t...

Страница 633: ...ode Policy Map Class Configuration Command Usage The set cos command is used to set the CoS value in the VLAN tag for matching packets The set cos and set phb command function at the same level of pri...

Страница 634: ...uses the set ip dscp command to classify the service that incoming packets will receive and then uses the police flow command to limit the average bandwidth to 100 000 Kbps the burst rate to 4000 byt...

Страница 635: ...uses the police flow command to limit the average bandwidth to 100 000 Kbps the burst rate to 4000 bytes and configure the response to drop any violating packets Console config policy map rd policy C...

Страница 636: ...ass map Range 1 32 characters Default Setting Displays all class maps Command Mode Privileged Exec Example Console show class map Class Map match any rd class 1 Description Match IP DSCP 10 Match acce...

Страница 637: ...licy map rd policy class rd class Policy Map rd policy class rd class set phb 3 Console show policy map interface This command displays the service policy assigned to the specified interface Syntax sh...

Страница 638: ...Chapter 23 Quality of Service Commands 638...

Страница 639: ...ing Configures static multicast router ports which forward all inbound multicast traffic to the attached VLANs IGMP Filtering and Throttling Configures IGMP filtering and throttling MLD Snooping Confi...

Страница 640: ...leave packet is received at that port and immediate leave is enabled for the parent VLAN GC ip igmp snooping vlan last memb query count Configures thenumberofIGMPproxyquerymessagesthat are sent out b...

Страница 641: ...disabled globally snooping can still be configured per VLAN interface but the interface settings will not take effect until snooping is re enabled globally Example The following example enables IGMP...

Страница 642: ...icast traffic such as a video conference or to set a low priority for normal multicast traffic not sensitive to latency Example Console config ip igmp snooping priority 6 Console config Related Comman...

Страница 643: ...m this device If the IGMP proxy reporting is configured on a VLAN this setting takes precedence over the global configuration Example Console config ip igmp snooping proxy reporting Console config ip...

Страница 644: ...th a large source list and the Maximum Response Time set to a large value To protect against this kind of attack 1 routers should not forward queries This is easier to accomplish if the query carries...

Страница 645: ...time until the topology has stabilized and the new locations of all multicast receivers are learned If a topology change notification TCN is received and all the uplink ports are subsequently deleted...

Страница 646: ...Command Usage When the root bridge in a spanning tree receives a topology change notification for a VLAN where IGMP snooping is enabled it issues a global IGMP leave message query solicitation When a...

Страница 647: ...is flooded throughout the VLAN Example Console config ip igmp snooping unregistered data flood Console config ip igmp snooping unsolicited report interval This command specifies how often the upstrea...

Страница 648: ...ult Setting Global IGMP Version 2 VLAN Not configured based on global setting Command Mode Global Configuration Command Usage This command configures the IGMP report query version used by IGMP snoopin...

Страница 649: ...usive is disabled on a VLAN then this setting is based on the global setting If it is enabled on a VLAN then this setting takes precedence over the global setting When this function is disabled the cu...

Страница 650: ...group Default Setting Disabled Command Mode Global Configuration Command Usage If immediate leave is not used a multicast router or querier will send a group specific query message when an IGMPv2 v3...

Страница 651: ...re the system assumes there are no more local members Use the no form to restore the default Syntax ip igmp snooping vlan vlan id last memb query count count no ip igmp snooping vlan vlan id last memb...

Страница 652: ...ed by the switch it checks to see if this host is the last to leave the group by sending out an IGMP group specific or group and source specific query message and starts a timer If no reports are rece...

Страница 653: ...timer as a part of a router s start up procedure during the restart of a multicast forwarding interface and on receipt of a solicitation message When the multicast services provided to a VLAN is relat...

Страница 654: ...s Used for Proxy Reporting When IGMP Proxy Reporting is disabled the switch will use a null IP address for the source of IGMP query and report messages unless a proxy query address has been set When I...

Страница 655: ...downstream hosts all receivers build an IGMP report for the multicast groups they have joined This command applies when the switch is serving as the querier page 643 or as a proxy host when IGMP snoo...

Страница 656: ...static ip address interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 port channe...

Страница 657: ...le clear ip igmp snooping groups dynamic Console clear ip igmp snooping statistics This command clears IGMP snooping statistics Syntax clear ip igmp snooping statistics interface interface interface e...

Страница 658: ...lood Disabled 802 1p Forwarding Priority Disabled Unsolicited Report Interval 400 s Version Exclusive Disabled Version 2 Proxy Reporting Disabled Querier Disabled VLAN 1 IGMP Snooping Enabled IGMP Sno...

Страница 659: ...ugh IGMP snooping sort by port Display entries sorted by port user Display only the user configured multicast entries vlan id VLAN ID 1 4094 Default Setting None Command Mode Privileged Exec Command U...

Страница 660: ...e following shows the ports in VLAN 1 which are attached to multicast routers Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Port Type Expire 1 Eth 1 4 Dynamic 0 4 28 1 Eth 1 10 Stati...

Страница 661: ...P membership reports received on this interface Leave The number of leave messages received on this interface G Query The number of general query messages received on this interface G S S Query The nu...

Страница 662: ...n Other Querier IP address of remote querier on this interface Other Querier Expire Time after which remote querier is assumed to have expired Other Querier Uptime Time remote querier has been up Self...

Страница 663: ...ed Command Mode Global Configuration Command Usage Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multic...

Страница 664: ...oups a port can join Table 134 IGMP Filtering and Throttling Commands Command Function Mode ip igmp filter Enables IGMP filtering and throttling on the switch GC ip igmp profile Sets a profile number...

Страница 665: ...ed IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group...

Страница 666: ...many interfaces but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny Example Console config ip igmp profile 19 Console config igmp profile...

Страница 667: ...tting None Command Mode IGMP Profile Configuration Command Usage Enter this command multiple times to specify more than one multicast address or address range for a profile Example Console config ip i...

Страница 668: ...rejoins the same group the join report needs to again be authenticated When receiving an IGMP v3 report message the switch will send the access request to the RADIUS server only when the record type...

Страница 669: ...IGMP filter profile number Range 1 4294967295 Default Setting None Command Mode Interface Configuration Command Usage The IGMP filtering profile must first be created with the ip igmp profile command...

Страница 670: ...ne of two actions either deny or replace see the ip igmp max groups action command If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch ran...

Страница 671: ...on replace Console config if ip igmp query drop This command drops any received IGMP query packets Use the no form to restore the default setting Syntax no ip igmp query drop Default Setting Disabled...

Страница 672: ...igmp authentication This command displays the interface settings for IGMP authentication Syntax show ip igmp authentication interface interface interface ethernet unit port unit Unit identifier Range...

Страница 673: ...mand Mode Privileged Exec Example Console show ip igmp filter IGMP filter enabled Console show ip igmp filter interface ethernet 1 1 Ethernet 1 1 information IGMP Profile 19 Deny Range 239 1 1 1 239 1...

Страница 674: ...identifier Range 1 port Port number Range 1 28 52 port channel channel id Range 1 26 Default Setting None Command Mode Privileged Exec Command Usage Using this command without specifying an interface...

Страница 675: ...urrent Multicast Groups 0 Console show ip multicast data drop This command shows if the specified interface is configured to drop multicast data packets Syntax show ip igmp throttle interface interfac...

Страница 676: ...or MLD snooping GC ipv6 mld snooping query interval Configures the interval between sending MLD general query messages GC ipv6 mld snooping query max response time Configures the maximum response time...

Страница 677: ...rm to disable this feature Syntax no ipv6 mld snooping querier Default Setting Disabled Command Mode Global Configuration clear ipv6 mld snooping statistics Clears MLD snooping statistics PE show ipv6...

Страница 678: ...ng querier Console config ipv6 mld snooping query interval This command configures the interval between sending MLD general queries Use the no form to restore the default Syntax ipv6 mld snooping quer...

Страница 679: ...tes the group if it is the last member Example Console config ipv6 mld snooping query max response time seconds 15 Console config ipv6 mld snooping proxy reporting This command enables IGMP Snooping w...

Страница 680: ...will be removed from the receiver list for a multicast service when no MLD reports are detected in response to a number of MLD queries The robustness variable sets the number of queries on ports for w...

Страница 681: ...x ipv6 mld snooping unknown multicast mode flood to router port no ipv6 mld snooping unknown multicast mode flood Floods the unknown multicast data packets to all ports to router port Forwards the unk...

Страница 682: ...conds Default Setting 400 seconds Command Mode Global Configuration Command Usage When a new upstream interface that is uplink port starts up the switch sends unsolicited reports for all currently lea...

Страница 683: ...message when an MLD group leave message is received The router querier stops forwarding traffic for that group only if no host replies to the query within the specified timeout period If MLD immediat...

Страница 684: ...t or trunk on the switch you can manually configure that interface to join all the current multicast groups Example The following shows how to configure port 1 as a multicast router port within VLAN 1...

Страница 685: ...mic Command Mode Privileged Exec Command Usage This command only clears entries learned though MLD snooping Statically configured multicast address are not cleared Example Console clear ipv6 mld snoop...

Страница 686: ...guration settings Example The following shows MLD Snooping configuration information Console show ipv6 mld snooping Service Status Disabled Querier Status Disabled Robustness 2 Query Interval 125 sec...

Страница 687: ...x show ipv6 mld snooping group source list ipv6 address vlan vlan id ipv6 address An IPv6 address of a multicast group Format X X X X X vlan id VLAN ID 1 4094 Command Mode Privileged Exec Example The...

Страница 688: ...Port Type Expire 1 Eth 1 2 Static Console show ipv6 mld snooping statistics This command shows MLD snooping protocol statistics for the specified interface Syntax show ipv6 mld snooping statistics in...

Страница 689: ...ng Commands Command Function Mode ipv6 mld filter Enables MLD filtering and throttling on the switch GC ipv6 mld profile Sets a profile number and enters MLD filter profile configuration mode GC permi...

Страница 690: ...ed on the port are checked against the filter profile If a requested multicast group is permitted the MLD join report is forwarded as normal If a requested multicast group is denied the MLD join repor...

Страница 691: ...ommands show ipv6 mld profile permit deny This command sets the access mode for an MLD filter profile Use the no form to delete a profile number Syntax permit deny Default Setting deny Command Mode ML...

Страница 692: ...s command multiple times to specify more than one multicast address or address range for a profile Example Console config mld profile range ff01 0101 ff01 0202 Console config mld profile ipv6 mld filt...

Страница 693: ...e MLD throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take one of two actions either de...

Страница 694: ...action is set to deny any new MLD join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group Example Consol...

Страница 695: ...op Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Example Console config interface ethernet 1 3 Console config if ipv6 multicast data drop Console config if show i...

Страница 696: ...rofile number Range 1 4294967295 Default Setting None Command Mode Privileged Exec Example Console show ipv6 mld profile MLD Profile 19 MLD Profile 50 Console show ipv6 mld profile 19 MLD Profile 19 D...

Страница 697: ...d displays the interface settings for MLD throttling Syntax show ipv6 mld throttle interface interface interface ethernet unit port unit Unit identifier Range 1 port Port number Range 1 28 52 port cha...

Страница 698: ...up addresses to a profile GC mvr proxy query interval Configures theintervalatwhichthereceiverportsendsout general queries GC mvr proxy switching Enables MVR proxy switching where the source port acts...

Страница 699: ...fied in a profile to an MVR domain Use the no form of this command to remove the binding Syntax no mvr domain domain id associated profile profile name domain id An independent multicast domain Range...

Страница 700: ...r a specific domain Use the no form of this command to disable MVR for a domain Syntax no mvr domain domain id domain id An independent multicast domain Range 1 5 Default Setting Disabled Command Mode...

Страница 701: ...icast traffic such as a video conference or to set a low priority for normal multicast traffic not sensitive to latency Example Console config mvr priority 6 Console config Related Commands show mvr m...

Страница 702: ...excess of this limitation will be flooded to all ports in the associated domain Example The following example maps a range of MVR group addresses to a profile Console config mvr profile rd 228 1 23 1...

Страница 703: ...the MVR VLAN Range 0 6 where 6 is the highest priority Default Setting Disabled Command Mode Global Configuration Command Usage This command can be used to set a high priority for low latency multicas...

Страница 704: ...hen the source port receives report and leave messages it only forwards them to other source ports When receiver ports receive any query messages they are dropped When changes occurring in the downstr...

Страница 705: ...of times group specific queries are sent to downstream receiver ports This command only takes effect when MVR proxy switching is enabled Example Console config mvr robustness value 5 Console config Re...

Страница 706: ...ified in a profile and bound to a domain Example Console config mvr source port mode dynamic Console config mvr upstream source ip This command configures the source IP address assigned to all MVR con...

Страница 707: ...d Range 1 4094 Default Setting VLAN 1 Command Mode Global Configuration Command Usage This command specifies the VLAN through which MVR multicast data is received This is the VLAN to which all source...

Страница 708: ...er port and waiting for a response to determine if there are any remaining subscribers for that multicast group before removing the port from the group list If the by host ip option is used the router...

Страница 709: ...red as a member of the MVR VLAN IGMP snooping can also be used to allow a receiver port to dynamically join or leave multicast groups not sourced through the MVR VLAN Also note that VLAN membership fo...

Страница 710: ...255 255 255 Default Setting No receiver port is a member of any configured multicast group Command Mode Interface Configuration Ethernet Port Channel Command Usage Multicast groups can be statically...

Страница 711: ...learned though MVR Statically configured multicast address are not cleared Example Console clear mvr groups dynamic Console clear mvr statistics This command clears MVR statistics Syntax clear mvr st...

Страница 712: ...ast VLAN 1 MVR Current Learned Groups 10 MVR Upstream Source IP 192 168 0 3 Table 139 show mvr display description Field Description MVR 802 1p Forwarding Priority Priority assigned to multicast traff...

Страница 713: ...r End IP Addr rd 228 1 23 1 228 1 23 10 testing 228 2 23 1 228 2 23 10 Console show mvr interface This command shows MVR configuration settings for interfaces attached to the MVR VLAN Syntax show mvr...

Страница 714: ...ch port Syntax show mvr domain domain id members ip address host ip address interface igmp sort by port interface unknown user domain id An independent multicast domain Range 1 5 ip address IPv4 addre...

Страница 715: ...ulticast forwarding entries currently active in domain 1 Console show mvr domain 1 members MVR Domain 1 MVR Forwarding Entry Count 1 Flag S Source port R Receiver port H Host counts number of hosts jo...

Страница 716: ...statistics This command shows MVR protocol related statistics for the specified interface Syntax show mvr domain domain id statistics input interface interface output interface interface query summary...

Страница 717: ...ucc Group Eth 1 1 23 11 4 10 5 20 9 Eth 1 2 12 15 8 3 5 19 4 VLAN 1 2 0 0 2 2 20 9 Console Table 142 show mvr statistics input display description Field Description Interface Shows interfaces attached...

Страница 718: ...General Query Received 0 General Query Sent 8 Specific Query Received 0 Specific Query Sent 3 Warn Rate Limit 0 sec V1 Warning Count 0 V2 Warning Count 0 V3 Warning Count 0 Console Table 143 show mvr...

Страница 719: ...Self Querier This querier s IP address Self Querier Expire This querier s expire time Self Querier Uptime This querier s time up General Query Received The number of general queries received on this...

Страница 720: ...op 0 V3 Warning Count 0 Source Port Drop 0 Others Drop 0 Console Received General Number of general queries received Group Specific Number of group specific queries received V Warning Count Number of...

Страница 721: ...General Number of general queries received Group Specific Number of group specific queries received V Warning Count Number of queries received on MVR that were configured by IGMP version 1 2 or 3 Rep...

Страница 722: ...iver port sends out general queries GC mvr6 proxy switching Enables MVR proxy switching where the source port acts as a host and the receiver port acts as an MVR router with querier service enabled GC...

Страница 723: ...p range an MRV6 profile can only be associated with one MVR6 domain Example The following an MVR6 group address profile to domain 1 Console config mvr6 domain 1 associated profile rd Console config mv...

Страница 724: ...command assigns a priority to all multicast traffic in the MVR6 VLAN Use the no form of this command to restore the default setting Syntax mvr6 priority priority no mvr6 priority priority The CoS pri...

Страница 725: ...onfigure all multicast group addresses that will join the MVR6 VLAN Any multicast data associated with an MVR6 group is sent from all source ports and to all receiver ports that have registered to rec...

Страница 726: ...hen proxy switching is enabled with the mvr6 proxy switching command Example This example sets the proxy query interval for MVR6 Console config mvr6 proxy query interval 100 Console config mvr6 proxy...

Страница 727: ...is created and sent to the upstream source port which in turn forwards this information upstream When MVR6 proxy switching is disabled Any membership reports received from receiver source ports are f...

Страница 728: ...mvr6 source port mode dynamic Default Setting Forwards all multicast streams which have been specified in a profile and bound to a domain Command Mode Global Configuration Command Usage By default th...

Страница 729: ...ddress The source IPv6 address assigned to all MVR6 control packets sent upstream This parameter must be a full IPv6 address including the network prefix and host address bits Default Setting All MVR6...

Страница 730: ...mmand Usage MVR6 source ports can be configured as members of the MVR6 VLAN using the switchport allowed vlan command and switchport native vlan command but MVR6 receiver ports should not be staticall...

Страница 731: ...nables immediate leave on a receiver port Console config interface ethernet 1 5 Console config if mvr6 domain 1 immediate leave Console config if mvr6 type This command configures an interface as an M...

Страница 732: ...port in another domain Example The following configures one source port and several receiver ports on the switch Console config interface ethernet 1 5 Console config if mvr6 domain 1 type source Cons...

Страница 733: ...thernet 1 1 LLDP Remote Devices Information Detail Index 1 Chassis Type MAC Address Chassis ID 00 E0 0C 10 90 00 Port ID Type MAC Address Port ID 00 E0 0C 10 90 04 Time To Live 120 seconds Console sho...

Страница 734: ...hosts join the group on this port P Port counts number of forwarding ports Up time Group elapsed time d h m s Expire Group remaining time m s Group Address VLAN Port Up time Expire Count ff01 8 0 0 P...

Страница 735: ...he interface option will only clear MVR6 statistics for the specified interface Example Console clear mvr6 statistics Console show mvr6 This command shows information about MVR6 domain settings includ...

Страница 736: ...ch the receiver port sends out general queries MVR6 Source Port Mode Shows if the switch only forwards multicast streams which the source port has dynamically joined or always forwards multicast strea...

Страница 737: ...Example The following displays information about the interfaces attached to the MVR6 VLAN in domain 1 Console show mvr6 domain 1 interface MVR6 Domain 1 Port Type Status Immediate Leave Static Group...

Страница 738: ...hows information about the number of multicast forwarding entries currently active in domain 1 Console show mvr6 domain 1 members MVR6 Domain 1 MVR6 Forwarding Entry Count 1 Flag S Source port R Recei...

Страница 739: ...f00 1 2 00 00 03 18 2 P 2 Eth1 2 S 1 Eth1 4 R 0 H Console show mvr6 profile This command shows all configured MVR6 profiles Command Mode Privileged Exec Example The following shows all configured MVR...

Страница 740: ...id VLAN ID Range 1 4094 query Displays MVR query related statistics summary Displays MVR summary information mvr vlan Displays summary statistics for the MVR VLAN Default Setting Displays statistics f...

Страница 741: ...umber of general query messages received on this interface G S S Query The number of group specific or group and source specific query messages received on this interface Drop The number of times a re...

Страница 742: ...independent multicast domain Number of Groups Number of groups learned on this port Querier Transmit General Number of general queries transmitted Group Specific Number of group specific queries trans...

Страница 743: ...cs summary interface mvr vlan description Field Description Domain An independent multicast domain Number of Groups Number of groups learned on this port Querier Other Addr Other IGMP querier s IP add...

Страница 744: ...ports received Leave Number of leaves received Join Success Number of join reports processed successfully Filter Drop Number of report leave messages dropped by IGMP filter Source Port Drop Number of...

Страница 745: ...Function Mode lldp Enables LLDP globally on the switch GC lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisements GC lldp med fast start count Configures how many m...

Страница 746: ...es the transmission of SNMP trap notifications about LLDP MED changes IC lldp med tlv ext poe Configures an LLDP MED enabled port to advertise its extended Power over Ethernet configuration and usage...

Страница 747: ...plier value no lldp holdtime multiplier value Calculates the TTL in seconds based on the following rule minimum of Transmission Interval Holdtime Multiplier or 65536 Range 2 10 Default Setting Holdtim...

Страница 748: ...Command Usage This parameter is part of the timer which ensures that the LLDP MED Fast Start mechanism is active for the port LLDP MED Fast Start is critical to the timely startup of LLDP and therefo...

Страница 749: ...the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification events missed due to throttling or transmission loss Example Console config lldp notification interval 30 C...

Страница 750: ...ciated with this port is deleted Example Console config lldp reinit delay 10 Console config lldp tx delay This command configures a delay between the successive transmission of advertisements initiate...

Страница 751: ...ive LLDP PDUs tx only Only transmit LLDP PDUs tx rx Both transmit and receive LLDP Protocol Data Units PDUs Default Setting tx rx Command Mode Interface Configuration Ethernet Port Channel Example Con...

Страница 752: ...a Layer 3 device an individual LLDP PDU may contain more than one management address TLV Every management address TLV that reports an address that is accessible on a port and protocol VLAN through th...

Страница 753: ...r not these primary functions are enabled The information advertised by this TLV is described in IEEE 802 1AB Example Console config interface ethernet 1 1 Console config if lldp basic tlv system capa...

Страница 754: ...tem name is taken from the sysName object in RFC 3418 which contains the system s administratively assigned name and is in turn based on the hostname command Example Console config interface ethernet...

Страница 755: ...rtises the port based protocol VLANs configured on this interface see Configuring Protocol based VLANs on page 586 Example Console config interface ethernet 1 1 Console config if no lldp dot1 tlv prot...

Страница 756: ...s been assigned See switchport allowed vlan and protocol vlan protocol group Configuring Interfaces Example Console config interface ethernet 1 1 Console config if no lldp dot1 tlv vlan name Console c...

Страница 757: ...rtises MAC PHY configuration status which includes information about auto negotiation support capabilities and operational Multistation Access Unit MAU type Example Console config interface ethernet 1...

Страница 758: ...ower is delivered can be controlled the port pins selected to deliver power and the power class Example Console config interface ethernet 1 1 Console config if lldp dot3 tlv poe Console config if lldp...

Страница 759: ...some of the CA type numbers and provides examples Any number of CA type and value pairs can be specified for the civic address location as long as the total does not exceed 250 characters For the loca...

Страница 760: ...civic addr what 2 Console config if lldp med notification This command enables the transmission of SNMP trap notifications about LLDP MED changes Use the no form to disable LLDP MED notifications Syn...

Страница 761: ...ity from the switch and power state of the switch including whether the switch is operating from primary or backup power the Endpoint Device could use this information to decide to enter power conserv...

Страница 762: ...This option advertises location identification details Example Console config interface ethernet 1 1 Console config if lldp med tlv location Console config if lldp med tlv med cap This command configu...

Страница 763: ...diagnosis of VLAN configuration mismatches on a port Improper network policy configurations frequently result in voice quality degradation or complete service disruption Example Console config interfa...

Страница 764: ...on events missed due to throttling or transmission loss Example Console config interface ethernet 1 1 Console config if lldp notification Console config if show lldp config This command shows LLDP con...

Страница 765: ...stem name system description system capabilities management ip address 802 1 specific TLVs Advertised port vid vlan name proto vlan proto ident 802 3 specific TLVs Advertised mac phy poe link agg max...

Страница 766: ...lities Support Bridge Router System Capabilities Enabled Bridge Router Management Address 192 168 0 3 IPv4 LLDP Local Port Information Port Port ID Type Port ID Port Description Eth 1 1 MAC Address 00...

Страница 767: ...ther related fields Console show lldp info remote device LLDP Remote Devices Information Local Port Chassis ID Port ID System Name Eth 1 1 00 E0 0C 10 90 00 00 E0 0C 10 90 07 Console show lldp info re...

Страница 768: ...emote link aggregation capable Yes Remote link aggregation enable No Remote link aggregation port ID 0 Remote Max Frame Size 1518 LLDP MED Capability Device Class Network Connectivity Supported Capabi...

Страница 769: ...le Console show lldp info statistics LLDP Device Statistics Neighbor Entries List Last Updated 2450279 seconds New Neighbor Entries Count 1 Neighbor Entries Deleted Count 0 Neighbor Entries Dropped Co...

Страница 770: ...ddress LCI Country Name TW What 2 Extended Power via MDI Power Type PSE Power Source Unknown Power Priority Unknown Power Value 0 Watts Inventory Hardware Revision R0A Firmware Revision 1 2 6 0 Softwa...

Страница 771: ...Count 0 Neighbor Entries Ageout Count 0 LLDP Port Statistics Port NumFramesRecvd NumFramesSent NumFramesDiscarded Eth 1 1 822 821 0 Eth 1 2 0 0 0 Eth 1 3 0 0 0 Eth 1 4 0 0 0 Eth 1 5 849 862 0 Console...

Страница 772: ...Chapter 25 LLDP Commands 772...

Страница 773: ...supported through loop back messages and fault isolation through link trace messages Fault notification is also provided by SNMP alarms which are automatically generated by maintenance points when con...

Страница 774: ...continuity check database PE Continuity Check Operations ethernet cfm cc ma interval Sets the transmission delay between continuity check messages GC ethernet cfm cc enable Enables transmission of con...

Страница 775: ...cfm linktrace cache size Sets the maximum size for the link trace cache GC ethernet cfm linktrace Sends CFM link trace messages to the MAC address for a MEP PE clear ethernet cfm linktrace cache Clea...

Страница 776: ...the interval at which continuity check messages are sent page 793 or setting the start up delay for the cross check operation page 799 You can also enable SNMP traps for events discovered by continui...

Страница 777: ...3 alphanumeric characters Default Setting Disabled Command Mode Global Configuration Command Usage Each MA name must be unique within the CFM domain Frames with AIS information can be issued at the cl...

Страница 778: ...le This example sets the interval for sending frames with AIS information at 60 seconds Console config ethernet cfm ais period 60 md voip ma rd Console config ethernet cfm ais suppress alarm This comm...

Страница 779: ...resses sending frames with AIS information Console config ethernet cfm ais suppress alarm md voip ma rd Console config ethernet cfm domain This command defines a CFM maintenance domain sets the author...

Страница 780: ...tion points that make up all possible paths between the DSAPs within an MA MIPs are automatically generated by the CFM protocol when the mip creation option in this command is set to default or explic...

Страница 781: ...e 782 ethernet cfm enable This command enables CFM processing globally on the switch Use the no form to disable CFM processing globally Syntax no ethernet cfm enable Default Setting Disabled Command M...

Страница 782: ...s MA on any bridge port through which the MA s VID can pass explicit MIPs can be created this MA only on bridge ports through which the MA s VID can pass and only if a maintenance end point MEP is cre...

Страница 783: ...e rd vlan 1 mip creation default Console config ether cfm ma index name format This command specifies the name format for the maintenance association as IEEE 802 1ag character based or ITU T SG13 SG15...

Страница 784: ...d then the MEP is facing away from the switch and transmits CFM messages towards and receives them from the direction of the physical medium Default Setting No MEPs are configured The MEP faces outwar...

Страница 785: ...d on that interface When CFM is disabled hardware resources previously used for CFM processing on that interface are released and all CFM frames entering that interface are forwarded as normal data tr...

Страница 786: ...s interface interface global Displays global settings including CFM global status cross check start delay and link trace parameters traps Displays the status of all continuity check and cross check tr...

Страница 787: ...a remote MEP which as an expired entry in the archived database CC Mep Down Trap Sends a trap if this device loses connectivity with a remote MEP or connectivityhasbeenrestoredto aremoteMEPwhich has...

Страница 788: ...on Archive Hold Time m 1 rd 0 default 100 Console show ethernet cfm ma This command displays the configured maintenance associations Syntax show ethernet cfm ma level level level Maintenance level Ran...

Страница 789: ...number Range 1 28 52 port channel channel id Range 1 26 level id Maintenance level for this domain Range 0 7 Default Setting None Command Mode Privileged Exec Command Usage Use the mep keyword with th...

Страница 790: ...ange 1 8 port Port number Range 1 28 52 port channel channel id Range 1 26 level id Maintenance level for this domain Range 0 7 Default Setting None Command Mode Privileged Exec Example This example s...

Страница 791: ...racter string unsigned Integer 16 or RFC 2865 VPN ID Level Maintenance level of the local maintenance point Direction The direction in which the MEP faces on the Bridge port up or down Interface The p...

Страница 792: ...scheck Status Enabled Console Table 160 show ethernet cfm maintenance points remote detail display Field Description MAC Address MAC address of the remote maintenance point If a CCM for the specified...

Страница 793: ...n MA If any MEP fails to receive three consecutive CCMs from any other MEPs in its MA a connectivity failure is registered The interval at which Port State Port states include Up The port is functioni...

Страница 794: ...y check messages CCMs within a specified maintenance association Use the no form to disable the transmission of these messages Syntax no ethernet cfm cc enable md domain name ma ma name domain name Do...

Страница 795: ...CM with the same MPID as its own but with a different source MAC address indicating that a CFM configuration error exists loop Sends a trap if this device receives a CCM with the same source MAC addre...

Страница 796: ...MEP Range 1 65535 minutes Default Setting 100 minutes Command Mode CFM Domain Configuration Command Usage A change to the hold time only applies to entries stored in the database after this command is...

Страница 797: ...t cfm errors This command clears continuity check errors logged for the specified maintenance domain or maintenance level Syntax clear ethernet cfm errors domain domain name level level id domain name...

Страница 798: ...more of the VIDs in this MA can pass through the bridge port no MEP is configured facing outward down on any bridge port for this MA and some other MA y at a higher maintenance level and associated w...

Страница 799: ...The cross check start delay should be configured to a value greater than or equal to the continuity check message interval to avoid generating unnecessary traps Example This example sets the maximum d...

Страница 800: ...red in the static list A ma up trap is sent if cross checking is enabled and a CCM is received from all remote MEPs configured in the static list for this maintenance association Example This example...

Страница 801: ...x 1 name rd vlan 1 Console config ether cfm mep crosscheck mpid 2 ma rd Console config ether cfm ethernet cfm mep crosscheck This command enables cross checking between the static list of MEPs assigne...

Страница 802: ...rnet cfm maintenance points remote crosscheck domain domain name mpid mpid domain name Domain name Range 1 43 alphanumeric characters mpid Maintenance end point identifier Range 1 8191 Default Setting...

Страница 803: ...om each MIP along the path and from the target MEP Information stored in the cache includes the maintenance domain name MA name MEPID sequence number and TTL value Example This example enables link tr...

Страница 804: ...m linktrace cache command If the cache reaches the maximum number of specified entries or the size is set to a value less than the current number of stored entries no new entries are added To add addi...

Страница 805: ...mote crosscheck command to verify that a MAC address has been learned for the target MEP Link trace messages LTMs are sent as multicast CFM frames and forwarded from MIP to MIP with each MIP generatin...

Страница 806: ...ded Shows whether or not this link trace message was forwarded A message is not forwarded if received by the target MEP Ingress MAC MAC address of the ingress port on the target device Egress MAC MAC...

Страница 807: ...phanumeric characters transmit count The number of times the loopback message is sent Range 1 1024 packet size The size of the loopback message Range 64 1518 bytes Default Setting Loop back count One...

Страница 808: ...opback reply When using the command line or web interface the source MEP used by to send a loopback message is chosen by the CFM protocol However when using SNMP the source MEP can be specified by the...

Страница 809: ...e CFM Domain Configuration Command Usage A fault alarm can generate an SNMP notification It is issued when the MEP fault notification generator state machine detects that a configured time period see...

Страница 810: ...n be generated Range 3 10 seconds Table 163 Remote MEP Priority Levels Priority Level Level Name Description 1 allDef All defects 2 macRemErrXcon DefMACstatus DefRemoteCCM DefErrorCCM or DefXconCCM 3...

Страница 811: ...mpid Maintenance end point identifier Range 1 8191 Default Setting None Command Mode Privileged Exec Example This example shows the fault notification settings configured for one MEP Console show eth...

Страница 812: ...ats xx xx xx xx xx xx or xxxxxxxxxxxx domain name Domain name Range 1 43 alphanumeric characters ma name Maintenance association name Range 1 43 alphanumeric characters count The number of times to re...

Страница 813: ...reply information with TxTimeStampf copied from the DM request information RxTimeStampf Timestamp at the time of receiving a frame with DM request information and TxTimeStampb Timestamp at the time o...

Страница 814: ...Chapter 26 CFM Commands Delay Measure Operations 814...

Страница 815: ...nitor period for errored frame link events IC efm oam mode Sets the OAM operational mode to active or passive IC clear efm oam counters Clears statistical counters for various OAMPDU message types PE...

Страница 816: ...onsole config interface ethernet 1 1 Console config if efm oam Console config if efm oam critical link event This command enables reporting of critical event or dying gasp Use the no form to disable t...

Страница 817: ...function Syntax no efm oam link monitor frame Default Setting Enabled Command Mode Interface Configuration Command Usage An errored frame is a frame in which one or more bits are errored If this feat...

Страница 818: ...is command sets the monitor period for errored frame link events Use the no form to restore the default setting Syntax efm oam link monitor frame window size no efm oam link monitor frame window size...

Страница 819: ...ce Configuration Command Usage When set to active mode the selected interface will initiate the OAM discovery process When in passive mode it can only respond to discovery messages Example Console con...

Страница 820: ...separate nonconsecutive port identifiers with a comma and no spaces use a hyphen to designate a range of ports Range 1 28 52 Command Mode Privileged Exec Example Console clear efm oam event log Consol...

Страница 821: ...e loopback mode During a remote loopback test the remote OAM entity loops back every frame except for OAMPDUs and pause frames During loopback testing both the switch and remote device are permitted t...

Страница 822: ...er it is finished Example Console efm oam remote loopback test 1 1 Loopback test is processing press ESC to suspend Port OAM loopback Tx OAM loopback Rx Loss Rate 1 2 1990 1016 48 94 Console show efm...

Страница 823: ...w entries Example Console show efm oam event log interface 1 1 OAM event log of Eth 1 1 00 24 07 2001 01 01 Unit 1 Port 1 Dying Gasp at Remote Console This command can show OAM link status changes for...

Страница 824: ...dying gasp bit and display dying gasp event clear Console show efm oam remote loopback interface This command displays the results of an OAM remote loopback test Syntax show efm oam remote loopback in...

Страница 825: ...Errored Frame Threshold 1 Console show efm oam status interface 1 1 brief local OAM in loopback remote OAM in loopback Port Admin Mode Remote Dying Critical Errored State Loopback Gasp Event Frame 1 1...

Страница 826: ...Chapter 27 OAM Commands 826 1 1 00 12 CF 6A 07 F6 000084 Enabled Disabled Enabled Disabled Console...

Страница 827: ...when an outside host namely a DNS client intends to get an IP address for a host name through the switch In this case it will not add the domain suffix to query name server s That means that the DNS...

Страница 828: ...hen an incomplete host name is received by the DNS service on this switch it will work through the domain list appending each domain name in the list to the host name and checking with the specified n...

Страница 829: ...ed and the switch receives a DHCP packet containing a DNS field with a list of DNS servers then the switch will automatically enable DNS host name to address translation If all name servers are delete...

Страница 830: ...fault Setting None Command Mode Global Configuration Example Console config ip domain name sample com Console config end Console show dns Domain Lookup Status DNS Disabled Default Domain Name sample c...

Страница 831: ...erver from this list Syntax no ip name server server address1 server address2 server address6 server address1 IPv4 or IPv6 address of domain name server server address2 server address6 IPv4 or IPv6 ad...

Страница 832: ...ress Corresponding IPv6 address This address must be entered according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used in the ad...

Страница 833: ...entries from the DNS table Syntax clear host name name Name of the host Range 1 127 characters Removes all entries Default Setting None Command Mode Privileged Exec Command Usage Use the clear host c...

Страница 834: ...POINTER TO 3 115 www wa1 b yahoo com Console show hosts This command displays the static host name to address mapping table Command Mode Privileged Exec Table 168 show dns cache display description F...

Страница 835: ...b yahoo com Console Table 169 show hosts display description Field Description No The entry number for each resource record Flag The field displays 2 for a static entry or 4 for a dynamic entry store...

Страница 836: ...Chapter 28 Domain Name Service Commands 836...

Страница 837: ...or class identifier for the current interface Use the no form to remove the class identifier from the DHCP packet Syntax ip dhcp client class id text text hex hex no ip dhcp client class id text A tex...

Страница 838: ...HCP option 66 67 parameters are not carried in a DHCP server reply To ask for a DHCP reply with option 66 67 information the DHCP client request sent by this switch includes a parameter request list a...

Страница 839: ...est for any IP interface that has been set to BOOTP or DHCP mode through the ip address command DHCP requires the server to reassign the client s last address if available If the BOOTP or DHCP server...

Страница 840: ...v6 clients can obtain configuration parameters from a server through a normal four message exchange solicit advertise request reply or through a rapid two message exchange solicit reply The rapid comm...

Страница 841: ...ay Default Setting Enabled Example Console config ip dhcp l3 relay Console config Table 174 DHCP Relay Option 82 Commands Command Function Mode ip dhcp l2 relay Enables DHCP L2 relay service and DHCP...

Страница 842: ...DHCP server will know the subnet where the client is located Then the switch forwards the packet to a DHCP server on another network When the server receives the DHCP request it allocates a free IP a...

Страница 843: ...ID sub type Enabled Command Mode Global Configuration Usage Guidelines Using this command with or without any keywords will enable DHCP Option 82 information relay You must also specify the IP address...

Страница 844: ...drop the original DHCP request packet is flooded onto the VLAN which received the packet but is not relayed DHCP reply packets received by the relay agent are handled as follows When the relay agent...

Страница 845: ...or receives a reply packet with a zero relay agent address through the management VLAN A DHCP relay server has been set on the switch and the switch receives a reply packet on a non management VLAN Us...

Страница 846: ...acket to the DHCP server Default Setting drop Command Mode Global Configuration Usage Guidelines Refer to the Usage Guidelines under the ip dhcp relay information option command for information on whe...

Страница 847: ...disabled DHCP option policy drop DHCP relay server address 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 DHCP sub option format extra subtype included DHCP relay is configured on the following VLANs 1 4094...

Страница 848: ...Chapter 29 DHCP Commands DHCP Relay Option 82 848...

Страница 849: ...is not suitable you can manually configure a new address to manage the switch over your network or to connect the switch to existing IP subnets You may also need to a establish a default gateway betw...

Страница 850: ...example the subnet 255 255 224 0 would be 19 secondary Specifies a secondary IP address default gateway The default gateway Refer to the ip default gateway command which provides the same function bo...

Страница 851: ...numbers 0 to 255 separated by periods Anything other than this format will not be accepted by the configuration program An interface can have only one primary IP address but can have many secondary IP...

Страница 852: ...ntax ip default gateway gateway no ip default gateway gateway IP address of the default gateway Default Setting No default gateway is established Command Mode Global Configuration Command Usage The de...

Страница 853: ...level 1 L2 IS IS level 2 ia IS IS inter area candidate default C 192 168 2 0 24 is directly connected VLAN1 Console config Related Commands ip address 850 ip route 780 ipv6 default gateway 862 show ip...

Страница 854: ...CMP Statistics ICMP received input errors destination unreachable messages time exceeded messages parameter problem message echo request messages echo reply messages redirect messages timestamp reques...

Страница 855: ...to discard the datagram and return an error message The trace function then sends several probe messages at each subsequent TTL level and displays the round trip time for each message Not all devices...

Страница 856: ...count 5 size 32 bytes Command Mode Normal Exec Privileged Exec Command Usage Use the ping command to see if another site on the network can be reached The following are some results of the ping comma...

Страница 857: ...switch arp This command adds a static entry in the Address Resolution Protocol ARP cache Use the no form to remove an entry from the cache Syntax arp ip address hardware address no arp ip address ip a...

Страница 858: ...n only be removed through the configuration interface Example Console config arp 10 1 0 19 01 02 03 04 05 06 Console config Related Commands clear arp cache 860 show arp 860 ip proxy arp This command...

Страница 859: ...ARP cache Range 300 86400 86400 seconds is one day Default Setting 1200 seconds 20 minutes Command Mode Global Configuration Command Usage When a ARP entry expires it is deleted from the cache and an...

Страница 860: ...on about the ARP cache The first line shows the cache timeout It also shows each cache entry including the IP address MAC address type static dynamic other and VLAN interface Note that entry type othe...

Страница 861: ...ion unit MTU for IPv6 packets sent on an interface IC clear ipv6 traffic Resets IPv6 traffic counters PE ping6 Sends IPv6 ICMP echo request packets to another node on the network PE traceroute6 Shows...

Страница 862: ...zeros required to fill the undefined fields The same link local address may be used by different interfaces nodes in different zones RFC 4007 Therefore when specifying a link local address include zon...

Страница 863: ...and Mode Interface Configuration VLAN Command Usage All IPv6 addresses must be according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may...

Страница 864: ...router lifetime is 1800 seconds Console Related Commands ipv6 address eui 64 865 ipv6 address autoconfig 864 show ipv6 interface 871 ip address 850 ipv6 address autoconfig This command enables statele...

Страница 865: ...enabled Link Local Address FE80 2E0 CFF FE00 FD 64 Global Unicast Address es 2002 1000 AA22 BB66 1000 64 subnet is 2002 1000 AA22 BB66 64 AUTOCONFIG valid lifetime 1 preferred lifetime 1 Joined Group...

Страница 866: ...its If the specified prefix length exceeds 64 bits then the network portion of the address will take precedence over the interface identifier If a duplicate address is detected a warning message is se...

Страница 867: ...of DAD attempts 1 ND retransmit interval is 1000 milliseconds ND advertised retransmit interval is 0 milliseconds ND reachable time is 30000 milliseconds ND advertised reachable time is 0 millisecond...

Страница 868: ...a prefix in the range of FE80 FEBF is required for link local addresses and the first 16 bit group in the host address is padded with a zero in the form 0269 Console config interface vlan 1 Console co...

Страница 869: ...al segment this interface will be disabled and a warning message displayed on the console The no ipv6 enable command does not disable IPv6 for an interface that has been explicitly configured with an...

Страница 870: ...VLAN Command Usage If a non default value is configured an MTU option is included in the router advertisements sent from this device The maximum value set by this command cannot exceed the MTU of the...

Страница 871: ...rational status and the addresses configured for each interface vlan id VLAN ID Range 1 4094 ipv6 prefix The IPv6 network portion of the address assigned to the interface The prefix must be formatted...

Страница 872: ...d to join the all nodes multicast addresses FF01 1 and FF02 1 for all IPv6 nodes within scope 1 interface local and scope 2 link local respectively FF01 1 16 is the transient interface local multicast...

Страница 873: ...1280 00 04 50 FE80 203 A0FF FED6 141D Console ND advertised retransmit interval The retransmit interval is included in all router advertisements sent out of an interface so that nodes on the same lin...

Страница 874: ...rwards datagrams 15 requests discards no routes generated fragments fragment succeeded fragment failed ICMPv6 Statistics ICMPv6 received input errors destination unreachable messages packet too big me...

Страница 875: ...nk MTU of outgoing interface no routes The number of input datagrams discarded because no route could be found to transmit them to their destination address errors The number of input datagrams discar...

Страница 876: ...ted via this entity and the Source Route processing was successful Note that for a successfully forwarded datagram the counter of the outgoing interface is incremented requests The total number of IPv...

Страница 877: ...ce group membership response messages The number of ICMPv6 Group Membership Response messages received by the interface group membership reduction messages The number of ICMPv6 Group Membership Reduct...

Страница 878: ...to fill the undefined fields redirect messages The number of Redirect messages sent For a host this object will always be zero since hosts do not send redirects group membership query messages The num...

Страница 879: ...xample FE80 7272 1 identifies VLAN 1 as the interface from which the ping is sent When pinging a host name be sure the DNS server has been enabled see page 829 If necessary local devices can also be s...

Страница 880: ...may be used by different interfaces nodes in different zones RFC 4007 Therefore when specifying a link local address include zone id information indicating the VLAN identifier after the delimiter For...

Страница 881: ...ate address detection Duplicate address detection determines if a new unicast IPv6 address already exists on the network before it is assigned to an interface Duplicate address detection is stopped on...

Страница 882: ...ss detection process is still on going Console config interface vlan 1 Console config if ipv6 nd dad attempts 5 Console config if end Console show ipv6 interface VLAN 1 is up IPv6 is enabled Link loca...

Страница 883: ...d specifies the interval between transmitting neighbor solicitation messages when resolving an address or when probing the reachability of a neighbor Therefore avoid using very short intervals for nor...

Страница 884: ...iguration Ethernet Port Channel Command Usage IPv6 Router Advertisements RA convey information that enables nodes to auto configure on the network This information may include the default router addre...

Страница 885: ...is parameter allows the router to detect unavailable neighbors During the neighbor discover process an IPv6 node will multicast neighbor solicitation messages to search for neighbor nodes For a neighb...

Страница 886: ...1 28 52 port channel channel id Range 1 26 Command Mode Privileged Exec Example Console show ipv6 nd raguard interface ethernet 1 1 Interface RA Guard Eth 1 1 Yes Console show ipv6 neighbors This com...

Страница 887: ...ositive confirmation was received within the last ReachableTime interval that the forward path to the neighbor was functioning While in REACHABLE state the device takes no special action when sending...

Страница 888: ...packet in response it knows that the target still exists and updates the lifetime of the binding otherwise it deletes the binding This section describes commands used to configure ND Snooping Table 1...

Страница 889: ...e it is dropped If received on a trusted interface the switch adds an entry in the prefix table according to the Prefix Information option in the RA message The prefix table records prefix prefix leng...

Страница 890: ...s not receive an RA message in response after the configured timeout the entry is dropped If the switch receives an RA message before the timeout expires it resets the lifetime for the dynamic binding...

Страница 891: ...ch the switch will delete a dynamic user binding if no RA message is received is set to the retransmit count x the retransmit interval see the ipv6 nd snooping auto detect retransmit interval command...

Страница 892: ...n the prefix table Use the no form to restore the default setting Syntax ipv6 nd snooping prefix timeout timeout no ipv6 nd snooping prefix timeout timeout The time to wait for an RA message to confir...

Страница 893: ...ig ipv6 nd snooping trust This command configures a port as a trusted interface from which prefix information in RA messages can be added to the prefix table or NS messages can be forwarded without va...

Страница 894: ...Exec Example Console clear ipv6 nd snooping binding Console show ipv6 nd snooping binding MAC Address IPv6 Address Lifetime VLAN Interface Console clear ipv6 nd snooping prefix This command clears al...

Страница 895: ...auto detection retransmit interval 1 second ND Snooping is configured on the following VLANs VLAN 1 Interface Trusted Max binding Eth 1 1 Yes 1 Eth 1 2 No 5 Eth 1 3 No 5 Eth 1 4 No 5 Eth 1 5 No 5 sho...

Страница 896: ...ss prefix table Syntax show ipv6 nd snooping prefix interface vlan vlan_id vlan id VLAN ID Range 1 4094 Command Mode Privileged Exec Example Console show ipv6 nd snooping prefix Prefix entry timeout 1...

Страница 897: ...ction includes commands for static routing These commands are used to connect between different local subnetworks or to connect the router to the enterprise network Global Routing Configuration Table...

Страница 898: ...administrative distance for the route Range 1 255 Default 1 Removes all static routing table entries Default Setting No static routes are configured Command Mode Global Configuration Command Usage Up...

Страница 899: ...flected in the FIB The FIB is distinct from the routing table or Routing Information Base which holds all routing information received from routing peers The forwarding information base contains uniqu...

Страница 900: ...ute database Codes C connected S static R RIP B BGP O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS...

Страница 901: ...901 Section III Appendices This section provides additional information and includes these items Troubleshooting on page 903 License Information on page 905...

Страница 902: ...Section III Appendices 902...

Страница 903: ...ing again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at...

Страница 904: ...Repeat the sequence of commands or other actions that lead up to the error 7 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 8 Set...

Страница 905: ...of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that yo...

Страница 906: ...you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this Lice...

Страница 907: ...These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License...

Страница 908: ...k for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two go...

Страница 909: ...ority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit DHCP Dynamic Host Control Protocol Provides a framew...

Страница 910: ...rived from a 48 bit link layer address by inserting the hexadecimal number FFFE between the upper three bytes OUI field and the lower 3 bytes serial number of the link layer address To ensure that the...

Страница 911: ...ls access to the switch ports by requiring users to first enter a user ID and password for authentication IEEE 802 3ac Defines frame extensions for VLAN tagging IEEE 802 3x Defines Ethernet frame star...

Страница 912: ...a Communications Protocol This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses Link Aggregation See Port Trunk LLDP Link Layer Discovery...

Страница 913: ...work The time servers operate in a hierarchical master slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio OAM Operation Adminis...

Страница 914: ...fer Protocol is a standard host to host mail transport protocol that operates over TCP port 25 SNMP Simple Network Management Protocol The application protocol in the Internet suite of protocols which...

Страница 915: ...onnection less datagrams that may be discarded before reaching their targets UDP is useful when TCP would be too complex too slow or just unnecessary UTC Universal Time Coordinate UTC is a time scale...

Страница 916: ...Glossary 916...

Страница 917: ...et 166 capabilities 388 channel group 428 class 626 class map 622 clear access list hardware counters 381 clear arp cache 860 clear counters 398 clear dns cache 833 clear efm oam counters 819 clear ef...

Страница 918: ...le password 218 end 93 erps 525 erps clear 545 erps domain 525 erps forced switch 546 erps manual switch 548 ethernet cfm ais level 776 ethernet cfm ais ma 777 ethernet cfm ais period 778 ethernet cfm...

Страница 919: ...y intvl 652 ip igmp snooping vlan mrd 652 ip igmp snooping vlan mrouter 663 ip igmp snooping vlan proxy address 653 ip igmp snooping vlan query interval 655 ip igmp snooping vlan query resp intvl 655...

Страница 920: ...d location civic addr 758 lldp med notification 760 lldp med tlv ext poe 761 lldp med tlv inventory 761 lldp med tlv location 762 lldp med tlv med cap 762 lldp med tlv network policy 763 lldp notifica...

Страница 921: ...137 password 137 password thresh 138 periodic 170 permit deny 666 permit deny 691 permit deny ARP ACL 379 permit deny Extended IPv4 ACL 364 permit deny Extended IPv6 ACL 370 permit deny MAC ACL 374 p...

Страница 922: ...fm oam event log interface 823 show efm oam remote loopback interface 824 show efm oam status remote interface 825 show efm oam status interface 824 show erps 549 show ethernet cfm configuration 786 s...

Страница 923: ...show logging 149 show logging sendmail 154 show loop internal 421 show loopback detection 479 show mac access group 377 show mac access list 377 show mac address table 491 show mac address table agin...

Страница 924: ...ly 472 snmp server enable port traps atc multicast control release 473 snmp server enable port traps mac notification 186 snmp server enable traps 182 snmp server engine id 187 snmp server group 188 s...

Страница 925: ...raffic segmentation session 356 traffic segmentation uplink downlink 357 traffic segmentation uplink to uplink 358 transceiver monitor 410 transceiver threshold current 411 transceiver threshold rx po...

Страница 926: ...CLI Commands 926...

Страница 927: ...Standard 361 363 IPv6 Extended 368 370 IPv6 Standard 368 369 MAC 373 time range 168 address table 489 aging time 489 aging time displaying 492 aging time setting 489 administrative users displaying 11...

Страница 928: ...65 configuration files restoring defaults 119 configuration settings restoring 61 119 122 saving 61 119 122 console port required connections 48 continuity check errors CFM 797 798 continuity check m...

Страница 929: ...ing 631 two rate three color meter 631 violating traffic configuring response 627 628 631 DNS default domain name 830 displaying the cache 834 domain name list 830 domain names appended 828 enabling l...

Страница 930: ...filter parameters 665 670 filtering throttling 664 filtering throttling enabling 665 filtering throttling interface configuration 667 671 filtering throttling status 665 filtering configuring profile...

Страница 931: ...2 L LACP admin key 430 configuration 425 group attributes configuring 433 group members configuring 429 432 local parameters 435 partner parameters 435 protocol message statistics 435 protocol paramet...

Страница 932: ...throttling enabling 690 filtering throttling interface configuration 692 694 filtering throttling status 690 MLD snooping 676 configuring 676 enabling 677 immediate leave 683 immediate leave status 6...

Страница 933: ...mic QoS assignment 288 dynamic VLAN assignment 289 guest VLAN 290 MAC address aging 286 MAC address filter 287 port configuration 294 reauthentication 288 secure MAC information 298 299 NTP authentica...

Страница 934: ...Port to PHB drop precedence 612 IP precedence to PHB drop precedence 613 matching class settings 623 PHB to drop precedence for untagged packets 609 PHB to queue 607 PHB drop precedence to CoS CFI 610...

Страница 935: ...SSH 246 authentication retries 249 configuring 246 downloading public keys for clients 122 125 generating host key pair 252 server configuring 249 timeout 250 STA 495 BPDU filter 507 BPDU flooding 516...

Страница 936: ...old 459 unregistered data flooding IGMP snooping 647 upgrading software 122 128 user account 218 219 user password 218 219 V VLAN trunking 569 VLANs 555 600 802 1Q tunnel mode 574 acceptable frame typ...

Страница 937: ......

Страница 938: ...E092017 CS R02...

Отзывы:

Нет отзывов