manualshive.com logo in svg

Phoenix Contact FL SWITCH GHS 12G/8, Руководство пользователя, Страница: 122 / 242

Поделиться
Скачать
Phoenix Contact FL SWITCH GHS 12G/8 Скачать руководство пользователя страница 122

FL SWITCH GHS CLI

2-94

PHOENIX CONTACT

8039_en_01

D

ENIAL

 

OF

 S

ERVICE

 C

OMMANDS

This section describes the commands you use to configure Denial of Service (DoS) Control. 

FL SWITCH GHS Firmware software provides support for classifying and blocking specific 

types of Denial of Service attacks. You can configure your system to monitor and block six 

types of attacks:

SIP=DIP: 

Source IP address = Destination IP address.

First Fragment:

TCP Header size smaller then configured value.

TCP Fragment:

 IP Fragment Offset = 1.

TCP Flag: 

TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP

Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP Sequence

Number = 0 or TCP Flags SYN and FIN set.

L4 Port: 

Source TCP/UDP Port = Destination TCP/UDP Port.

ICMP:

 Limiting the size of ICMP Ping packets.

dos-control sipdip

This command enables Source IP address = Destination IP address (SIP=DIP) Denial of 

Service protection. If the mode is enabled, Denial of Service prevention is active for this type 

of attack. If packets ingress with SIP=DIP, the packets will be dropped if the mode is enabled.

no dos-control sipdip

This command disables Source IP address = Destination IP address (SIP=DIP) Denial of 

Service prevention.

dos-control firstfrag

This command enables Minimum TCP Header Size Denial of Service protection. If the mode 

is enabled, Denial of Service prevention is active for this type of attack. If packets ingress 

having a TCP Header Size smaller then the configured value, the packets will be dropped if 

Note: 

Denial of Service (DataPlane) is not supported on the XGSII Tucana Platform. DoS is supported on XGSIII

platforms only.

Default

disabled

Format

dos-control sipdip

Mode

Global Config

Format

no dos-control sipdip

Mode

Global Config

RSPSupply  -  1-888-532-2706 -  www.RSPSupply.com

http://www.RSPSupply.com/p-14161-Phoenix-Contact-2700271-FL-SWITCH-GHS-4G/12-Modular-Ethernet-Switch.aspx

Содержание FL SWITCH GHS 12G/8

Страница 1: ...for FL SWITCH GHS 12G 8 FL SWITCH GHS 4G 12 User Manual Order No Gigabit Modular Switch RSPSupply 1 888 532 2706 www RSPSupply com http www RSPSupply com p 14161 Phoenix Contact 2700271 FL SWITCH GHS...

Страница 2: ...RSPSupply 1 888 532 2706 www RSPSupply com http www RSPSupply com p 14161 Phoenix Contact 2700271 FL SWITCH GHS 4G 12 Modular Ethernet Switch aspx...

Страница 3: ...LI interface of the Gigabit Modular Switches UM EN FL SWITCH GHS CLI 01 Designation Revision Order No FL SWITCH GHS 2989200 FL SWITCH GHS 4G 12 2700271 FL FXT 2989307 User Manual RSPSupply 1 888 532 2...

Страница 4: ...ion concerning proper operation and ease of use This is the safety alert symbol It is used to alert you to potential personal injury hazards Obey all safety messages that follow this symbol to avoid p...

Страница 5: ...arantees as to the reliability accuracy or completeness of the information All information made available in the technical data is supplied without any accompanying guarantee whether expressly mention...

Страница 6: ...ation on Phoenix Contact products and our Terms and Conditions can be found on the Internet at www phoenixcontact com Make sure you always use the latest documentation It can be downloaded at www phoe...

Страница 7: ...ng tree forward time 2 9 spanning tree hello time 2 9 spanning tree max age 2 10 spanning tree max hops 2 10 spanning tree mst 2 11 spanning tree mst instance 2 12 spanning tree mst priority 2 12 span...

Страница 8: ...ow vlan brief 2 29 show vlan port 2 29 show vlan association subnet 2 30 show vlan association mac 2 30 vlan port priority all 2 31 vlan priority 2 31 set garp timer join 2 31 set garp timer leave 2 3...

Страница 9: ...ector max delay 2 52 Note lacp actor admin 2 52 Note lacp actor admin key 2 52 Note lacp actor admin state 2 53 Note lacp actor admin state individual 2 53 Note lacp actor admin state longtimeout 2 54...

Страница 10: ...r interface 2 72 show igmpsnooping mrouter vlan 2 72 show mac address table igmpsnooping 2 73 set igmp querier 2 73 set igmp querier query interval 2 74 set igmp querier timer expiry 2 74 set igmp que...

Страница 11: ...detail 2 92 dos control sipdip 2 94 dos control firstfrag 2 94 dos control tcpfrag 2 95 dos control tcpflag 2 95 dos control l4port 2 96 Note dos control icmp 2 96 Note show dos control 2 97 Note brid...

Страница 12: ...dence mapping 4 4 show classofservice ip dscp mapping 4 5 show classofservice trust 4 5 show interfaces cos queue 4 5 mac access list extended 4 6 Note mac access list extended rename 4 7 Note deny pe...

Страница 13: ...lan 5 22 Example enable passwd 5 22 Example enable passwd encrypted password 5 22 Example logout 5 22 ping 5 23 Example quit 5 24 reload 5 24 copy 5 24 Table 11 sntp broadcast client poll interval 5 2...

Страница 14: ...xsessions 6 12 Note sshcon timeout 6 13 Note show ip ssh 6 13 Note crypto certificate generate 6 14 Note crypto key generate rsa 6 14 Note crypto key generate dsa 6 15 Note ip http server 6 15 Note ip...

Страница 15: ...CP Relay Agent in Interface Config Mode 6 28 MRP Commands 6 29 Spanning Tree enhanced Commands 6 29 Profinet Commands 6 30 Digital Input CLI commands 6 30 Link Monitoring CLI commands 6 30 Alarm conta...

Страница 16: ...xample radius server msgauth 6 42 Example radius server primary 6 43 Example radius server retransmit 6 43 Example radius server timeout 6 43 Example show radius 6 44 Example show radius accounting 6...

Страница 17: ...s that might be followed by one or more parameters Parameters can be required or optional values Some commands such as show network or clear vlan do not require parameters Other commands such as netwo...

Страница 18: ...s might be names strings or numbers To use spaces as part of a name parameter enclose the name value in double quotes For example the expression System Name with Spaces forces the system to accept the...

Страница 19: ...imal format 0n CLI assumes octal format with leading zeros n CLI assumes decimal format ipv6 address FE80 0000 0000 0000 020F 24FF FEBF DBCB or FE80 0 0 0 20F 24FF FEBF DBCB or FE80 20F24FF FEBF DBCB...

Страница 20: ...tware suite includes the following modules Switching Layer 2 Routing Layer 3 IPv6 IPv6 routing Multicast BGP 4 Quality of Service Management CLI Web UI and SNMP IPv6 Management Allows management of th...

Страница 21: ...EC Switch Contains a limited set of commands to view basic system information Privileged EXEC Switch Allows you to issue any EXEC command enter the VLAN mode or enter the Global Configuration mode Glo...

Страница 22: ...fig ap Contains commands to configure entries in the local AP database which is used for AP validation AP Profile Config Mode Switch Config ap profile Contains commands to configure the default AP pro...

Страница 23: ...t To return to the Privileged EXEC mode enter Ctrl Z Router BGP Config From the Global Config mode enter router bgp asnumber To exit to the Global Config mode enter exit To return to the Privileged EX...

Страница 24: ...d keywords and parameters before you enter the command AP Profile VAP Config Mode From the AP Profile Radio Config mode enter vap 0 7 where 0 7 is the VAP ID To exit to AP Profile Radio Configmode ent...

Страница 25: ...ndicates that you did not enter the required keywords or values Ambiguous command Indicates that you did not enter enough letters to uniquely identify the command Table 8 CLI Editing Conventions Key S...

Страница 26: ...rotocol Select DHCP BootP or None as the network config protocol If the help output shows a parameter in angle brackets you must replace the parameter with a value switch network parms ipaddr Enter th...

Страница 27: ...t You cannot access the system remotely until the system has an IP address subnet mask and default gateway You can set the network configuration information manually or you can configure the system to...

Страница 28: ...FL SWITCH GHS CLI 1 12 PHOENIX CONTACT 8039_en_01 RSPSupply 1 888 532 2706 www RSPSupply com http www RSPSupply com p 14161 Phoenix Contact 2700271 FL SWITCH GHS 4G 12 Modular Ethernet Switch aspx...

Страница 29: ...rt Caution The commands in this chapter are in one of three functional groups Show commands display switch settings statistics and other information Configuration commands configure features and optio...

Страница 30: ...for tagged packets and a valid integer between 1518 9216 for untagged packets no mtu This command sets the default MTU size in bytes for the interface Format no auto negotiate Mode Interface Config D...

Страница 31: ...rt channel LAG interfaces but not on VLAN routing interfaces Default enabled Format shutdown Mode Interface Config Format no shutdown Mode Interface Config Note You can use the shutdown all command on...

Страница 32: ...possible values are Mirror this port is a monitoring port For more information see Port Mirroring on page 65 PC Mbr this port is a member of a port channel LAG Probe this port is a probe port Admin Mo...

Страница 33: ...not to send a trap when link status changes The factory default is enabled LACP Mode LACP is enabled or disabled on this port Term Definition Format show port protocol groupid all Mode Privileged EXEC...

Страница 34: ...anning tree bpduflood Use this command to enable BPDU Flood on the interface Format no spanning tree Mode Global Config Default disabled Format spanning tree bpdufilter Mode Interface Config Default d...

Страница 35: ...ecute it so the command does not change the system configuration or have a no version spanning tree configuration name This command sets the Configuration Identifier Name for use in identifying the co...

Страница 36: ...ge Port within the common and internal spanning tree This allows this port to transition to Forwarding State without delay no spanning tree edgeport This command specifies that this port is not an Edg...

Страница 37: ...to 30 with the value being greater than or equal to Bridge Max Age 2 1 no spanning tree forward time This command sets the Bridge Forward Delay parameter for the common and internal spanning tree to t...

Страница 38: ...the default value spanning tree max hops This command sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree The max hops value is a range from 1 to 127 no spanning...

Страница 39: ...a specific multiple spanning tree instance or the common and internal spanning tree instance depending on the mstid parameter The port priority value is a number in the range of 0 to 240 in increments...

Страница 40: ...mmand sets the bridge priority for a specific multiple spanning tree instance The parameter mstid is a number that corresponds to the desired existing multiple spanning tree instance The priority valu...

Страница 41: ...no spanning tree mst vlan This command removes an association between a multiple spanning tree instance and a VLAN so that the VLAN is again be associated with the common and internal spanning tree Th...

Страница 42: ...splayed Default disabled Format spanning tree port mode all Mode Global Config Format no spanning tree port mode all Mode Global Config Default disabled Format spanning tree rootguard Mode Interface C...

Страница 43: ...sion of Configuration Bridge Protocol Data Units BPDUs Bridge Max Hops Bridge max hops count for the device CST Regional Root Bridge Identifier of the CST Regional Root It is made up using the bridge...

Страница 44: ...disabled BPDU Flood Enabled or disabled BPDU Guard Enabled or disabled Root Guard Enabled or disabled Port Up Time Since Counters Last Cleared Time since port was reset displayed in days hours minutes...

Страница 45: ...ifier of the designated root for this port Designated Port Cost Path Cost offered to the LAN by the Designated Port Designated Bridge Bridge Identifier of the bridge with the Designated Port Designate...

Страница 46: ...st for this port Term Definition Format show spanning tree mst port summary mstid slot port all Mode Privileged EXEC User EXEC Term Definition MST Instance ID The MST instance associated with this por...

Страница 47: ...rotocol Version parameter BPDU Guard Mode Enabled or disabled BPDU Filter Mode Enabled or disabled Configuration Name Identifier used to identify the configuration currently being used Configuration R...

Страница 48: ...d VLAN identification number ID 1 is reserved for the default VLAN The VLAN range is 2 4094 vlan acceptframe This command sets the frame acceptance mode per interface For VLAN Only mode untagged frame...

Страница 49: ...ering is disabled frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN vlan makestatic This...

Страница 50: ...string Format vlan name 2 4094 name Mode VLAN Config Format no vlan name 2 4094 Mode VLAN Config Format vlan participation exclude include auto 1 4094 Mode Interface Config Participation Options Defin...

Страница 51: ...iving interface are admitted and forwarded to ports that are members of that VLAN exclude The interface is never a member of this VLAN This is equivalent to registration forbidden auto The interface i...

Страница 52: ...dentification number no vlan port tagging all This command configures the tagging behavior for all interfaces in a VLAN to disabled If tagging is disabled traffic is transmitted as untagged frames The...

Страница 53: ...ip arp and ipx vlan protocol group remove This command removes the protocol based VLAN group that is identified by this groupid protocol group This command attaches a vlanid to the protocol based VLA...

Страница 54: ...hysical interfaces to the protocol based VLAN identified by groupid You can associate multiple interfaces with a group but you can only associate each interface and protocol combination with one group...

Страница 55: ...LAN to disabled If tagging is disabled traffic is transmitted as untagged frames The ID is a valid VLAN identification number vlan association subnet This command associates a VLAN to a specific IP su...

Страница 56: ...N Config Format vlan association mac macaddr vlanid Mode VLAN database Format no vlan association mac macaddr Mode VLAN database Default transparent Format vlan database mode tagging Mode Privileged E...

Страница 57: ...configured degree of participation of this port in this VLAN The permissible values are Include This port is always a member of this VLAN This is equivalent to registration fixed in the IEEE 802 1Q st...

Страница 58: ...ort are discarded When set to Admit All untagged frames or priority tagged frames received on this port are accepted and assigned the value of the Port VLAN ID for this port With either option VLAN ta...

Страница 59: ...to register with the switch for membership in VLANS by using GVMP or multicast groups by using GVMP set garp timer join This command sets the GVRP join time for one port Interface Config mode or all G...

Страница 60: ...rt to the default and only has an effect when GVRP is enabled set garp timer leaveall This command sets how frequently Leave All PDUs are generated A Leave All PDU indicates that all registrations wil...

Страница 61: ...ode This command enables GVRP on the system Default 1000 Format set garp timer leaveall 200 6000 Mode Interface Config Global Config Format no set garp timer leaveall Mode Interface Config Global Conf...

Страница 62: ...rd slash Join Timer The interval between the transmission of GARP PDUs registering or re registering membership for an attribute Current attributes are a VLAN or multicast group There is an instance o...

Страница 63: ...lity is disabled on that interface GARP functionality is subsequently re enabled if routing is disabled and port channel LAG membership is removed from an interface that has GARP enabled LeaveAll Time...

Страница 64: ...20 centiseconds 0 2 seconds The finest granularity of specification is 1 centisecond 0 01 seconds Leave Timer The period of time to wait after receiving an unregister request for an attribute before...

Страница 65: ...AN The range is 1 to the maximumVLAN ID supported by the platform Format show mac address table gmrp Mode Privileged EXEC Term Definition Mac Address A unicast MAC address for which the switch has for...

Страница 66: ...will be returned dot1x max req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request Identity frame before timing out the suppli...

Страница 67: ...the specified port to the default value dot1x port control all This command sets the authentication mode to use on all ports Select force unauthorized to specify that the authenticator PAE uncondition...

Страница 68: ...system auth control Use this command to enable the dot1x authentication support on the switch While disabled the dot1x configuration is retained and can be changed but is not activated no dot1x system...

Страница 69: ...er used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant The quiet period must be a value in the range 0 65535 tx period T...

Страница 70: ...e values are authorized unauthorized Reauthentication Enabled Indicates whether re authentication is enabled on this port Key Transmission Enabled Indicates if the key is transmitted to the supplicant...

Страница 71: ...he range of 1 and 65535 Reauthentication Enabled Indicates if reauthentication is enabled on this port Possible values are True or False Key Transmission Enabled Indicates if the key is transmitted to...

Страница 72: ...of percentage of the interface speed for an interface When you use this command broadcast storm recovery mode is enabled on the interface and broadcast storm recovery is active If the rate of L2 broad...

Страница 73: ...face speed for all interfaces If the mode is enabled broadcast storm recovery is active and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold the...

Страница 74: ...traffic will be dropped Therefore the rate of multicast traffic will be limited to the configured threshold no storm control multicast level This command sets the multicast storm recovery threshold t...

Страница 75: ...multicast storm recovery storm control unicast This command enables unicast storm recovery mode for an interface If the mode is enabled unicast storm recovery is active and if the rate of unknown L2...

Страница 76: ...recovery storm control unicast all This command enables unicast storm recovery mode for all interfaces If the mode is enabled unicast storm recovery is active and if the rate of unknown L2 unicast des...

Страница 77: ...y for all interfaces storm control flowcontrol This command enables 802 3x flow control for the switch and only applies to full duplex mode ports no storm control flowcontrol This command disables 802...

Страница 78: ...cipate in the same protocols A static port channel interface does not require a partner system to be able to aggregate its member ports port channel This command configures a new port channel LAG and...

Страница 79: ...clear the port channels see clear port channel on page 22 lacp admin key Use this command to configure the administrative value of the key for the port channel The value range of key is 0 to 65535 Fo...

Страница 80: ...his command to configure the administrative value of the LACP actor admin key The valid range for key is 0 65535 Mode Interface Config Note This command is only applicable to port channel interfaces F...

Страница 81: ...individual Use this command to set LACP actor admin state to individual Note This command is only applicable to physical interfaces Format no lacp actor admin key Mode Interface Config Default 0x07 F...

Страница 82: ...mand to set the LACP actor admin state to active Format no lacp actor admin state individual Mode Interface Config Format lacp actor admin state longtimeout Mode Interface Config Note This command is...

Страница 83: ...CP Actor s SystemID The range for priority is 0 to 255 no lacp actor system priority Use this command to configure the priority value associated with the Actor s SystemID Default 0x80 Format lacp acto...

Страница 84: ...ive value of actor state for the protocol partner lacp partner admin state individual Use this command to set LACP partner admin state to individual Default 0x0 Format lacp partner admin key key Mode...

Страница 85: ...ive Mode Interface Config Note This command is only applicable to physical interfaces Format no lacp partner admin state individual Mode Interface Config Format lacp partner admin state longtimeout Mo...

Страница 86: ...lacp partner port priority Use this command to configure the default LACP partner port priority Format no lacp partner admin state passive Mode Interface Config Default 0x80 Format lacp partner port...

Страница 87: ...e the default administrative value of priority associated with the Partner s System ID port channel static This command enables the static mode on a port channel LAG interface By default the static mo...

Страница 88: ...mand disables Link Aggregation Control Protocol LACP on a port port lacpmode all This command enables Link Aggregation Control Protocol LACP on all ports no port lacpmode all This command disables Lin...

Страница 89: ...al Config no port lacptimeout This command sets the timeout for all physical interfaces of a particular device type actor or partner back to their default values port channel adminmode This command en...

Страница 90: ...l with the same administrative mode setting port channel name This command defines a name for the port channel LAG The interface is a logical slot port for a configured port channel and name is an alp...

Страница 91: ...Admin Key The administrative value of the Key Port Priority The priority value assigned to the Aggregation Port Admin State The administrative values of the actor state as transmitted by the Actor in...

Страница 92: ...Valid slot and port number separated by a forward slash Port Channel Name The name of this port channel LAG You may enter any string of up to 15 alphanumeric characters Link State Indicates whether th...

Страница 93: ...the destination monitored port and all VLANs Once the port is removed from the VLAN you must manually add the port to any desired VLANs Use the source interface slot port parameter or destination int...

Страница 94: ...has IGMP Snooping enabled The IGMP application supports the following activities Validation of the IP header checksum as well as the IGMP header checksum and Mode Global Config Note The session id pa...

Страница 95: ...LAG IGMP Snooping functionality is disabled on that interface IGMP Snooping functionality is re enabled if you disable routing or remove port channel LAG membership from an interface that has IGMP Sno...

Страница 96: ...his prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN port but were still interested in receiving multicast traffic directed to that group Also fast leav...

Страница 97: ...terface or VLAN The Maximum Response time is the amount of time in seconds that a switch will wait after sending a query on an interface because it did not receive a report for a particular group in t...

Страница 98: ...ime This command sets the Multicast Router Present Expiration time to 0 The time is set for the system on a particular interface or a VLAN set igmp mrouter This command configures the VLAN ID vlanId t...

Страница 99: ...rguments slot port or vlan_id are not used the command displays the following information Mode Interface Config Format no set igmp mrouter vlan_id Mode Interface Config Default disabled Format set igm...

Страница 100: ...nfigured Term Definition VLAN ID The VLAN ID IGMP Snooping Admin Mode Indicates whether IGMP Snooping is active on the VLAN Fast Leave Mode Indicates whether IGMP Snooping Fast leave is active on the...

Страница 101: ...s If a VLAN has IGMP Snooping Querier enabled and IGMP Snooping is operationally disabled on it IGMP Snooping Querier functionality is disabled on that VLAN IGMP Snooping functionality is re enabled i...

Страница 102: ...timer expiry Use this command to set the IGMP Querier timer expiration period It is the time period that the switch remains in Non Querier mode once it has discovered that there is a Multicast Querie...

Страница 103: ...s source address is better less than the Snooping Querier s address it stops sending periodic queries If the Snooping Querier wins the election then it will continue sending periodic queries no set i...

Страница 104: ...hether iGMP Snooping Querier is active on the VLAN VLAN Operational State Indicates whether IGMP Snooping Querier is in Querier or Non Querier state When the switch is in Querier state it will send ou...

Страница 105: ...g no port security This command disables port locking for one Interface Config or all Global Config ports port security max dynamic This command sets the maximum number of dynamically locked MAC addre...

Страница 106: ...ort security mac address This command removes a MAC address from the list of statically locked MAC addresses port security mac address move This command converts dynamically locked MAC addresses to st...

Страница 107: ...urity slot port all Mode Privileged EXEC Term Definition Admin Mode Port Locking mode for the entire system This field displays if you do not supply any parameters Term Definition Admin Mode Port Lock...

Страница 108: ...his information lldp transmit Use this command to enable the LLDP advertise capability no lldp transmit Use this command to return the local data transmission capability to the default lldp receive Us...

Страница 109: ...mmand to specify which optional type length values TLVs in the 802 1AB basic management set are transmitted in the LLDPDUs Use sys name to transmit the system name TLV To configure the system name see...

Страница 110: ...command to cancel inclusion of the management information in LLDPDUs lldp notification Use this command to enable remote data change notifications no lldp notification Use this command to disable not...

Страница 111: ...le including MED related information show lldp Use this command to display a summary of the current LLDP configuration Default 5 Format lldp notification interval interval Mode Global Config Format no...

Страница 112: ...the interface sends optional TLVs in the LLDPDUs The TLV codes can be 0 Port Description 1 System Name 2 System Description or 3 System Capability Mgmt Shows whether the interface transmits system ma...

Страница 113: ...on Format show lldp remote device slot port all Mode Privileged EXEC Term Definition Local Interface The interface that received the LLDPDU from the remote device Chassis ID The ID of the remote devic...

Страница 114: ...lid information Term Definition Format show lldp local device slot port all Mode Privileged EXEC Term Definition Interface The interface in a slot port format Port ID The port ID associated with this...

Страница 115: ...the ports to send the topology change notification no ldp med confignotification Use this command to disable notifications System Capabilities Supported Indicates the primary function s of the device...

Страница 116: ...are included Format lldp med transmit tlv capabilities ex pd ex pse inventory location network policy Mode Interface Config Term Definition capabilities Transmit the LLDP capabilities TLV ex pd Transm...

Страница 117: ...rtrepeatcount count Mode Global Config Format no lldp med faststartrepeatcount Mode Global Config Default By default the capabilities and network policy TLVs are included Format lldp med transmit tlv...

Страница 118: ...Disabled Disabled 0 1 1 0 2 Up Disabled Disabled Disabled 0 1 1 0 3 Down Disabled Disabled Disabled 0 1 1 0 4 Down Disabled Disabled Disabled 0 1 1 0 5 Down Disabled Disabled Disabled 0 1 1 0 6 Down D...

Страница 119: ...command FL SWITCH GHS Firmware Routing show lldp med local device detail 1 0 8 LLDP MED Local Device Detail Interface 1 0 8 Network Policies Media Policy Application Type voice Vlan ID 10 Priority 5 D...

Страница 120: ...mple The following shows example CLI display output for the command FL SWITCH GHS Firmware Routing show lldp med remote device all LLDP MED Remote Device Summary Local Interface Device Class 1 0 8 Cla...

Страница 121: ...DSCP 1 Unknown False Tagged True Media Policy Application Type streamingvideo Vlan ID 20 Priority 1 DSCP 2 Unknown False Tagged True Inventory Hardware Rev xxx xxx xxx Firmware Rev xxx xxx xxx Softwa...

Страница 122: ...IP address Destination IP address SIP DIP Denial of Service protection If the mode is enabled Denial of Service prevention is active for this type of attack If packets ingress with SIP DIP the packets...

Страница 123: ...ntrol tcpflag This command enables TCP Flag Denial of Service protections If the mode is enabled Denial of Service prevention is active for this type of attacks If packets ingress having TCP Flag SYN...

Страница 124: ...of attack If ICMP Echo Request PING packets ingress having a size greater than the configured value the packets will be dropped if the mode is enabled no dos control icmp This command disables Maximu...

Страница 125: ...PDIP Mode May be enabled or disabled The factory default is disabled First Fragment Mode May be enabled or disabled The factory default is disabled Min TCP Hdr Size 0 255 The factory default is 20 TCP...

Страница 126: ...mac address table multicast macaddr Mode Privileged EXEC Term Definition MAC Address A multicast MAC address for which the switch has forwarding and or filtering information The format is two digit h...

Страница 127: ...stMFDBEntries Ever Used The largest number of entries that have been present in the Multicast Forwarding Database table This value is also known as the MFDB high water mark Current Entries The current...

Страница 128: ...FL SWITCH GHS CLI 2 100 PHOENIX CONTACT 8039_en_01 RSPSupply 1 888 532 2706 www RSPSupply com http www RSPSupply com p 14161 Phoenix Contact 2700271 FL SWITCH GHS 4G 12 Modular Ethernet Switch aspx...

Страница 129: ...his command resets the version of IGMP to the default value ip igmp last member query count This command sets the number of Group Specific Queries sent before the router assumes that there are no loca...

Страница 130: ...no ip igmp query interval This command resets the query interval for the specified interface to the default value This is the frequency at which IGMP Host Query packets are transmitted on this interf...

Страница 131: ...is expected to have a lot of loss the Robustness variable may be increased for the interface The range for robustness is 1 to 255 no ip igmp robustness This command sets the robustness value to defau...

Страница 132: ...is specified this command displays the registered multicast groups on the interface in detail Format no ip igmp startup query count Mode Interface Config Default 31 Format ip igmp startup query interv...

Страница 133: ...ied multicast group address on this interface Expiry Time The amount of time remaining to remove this entry before it is aged out Version1 Host Timer The time remaining until the local router assumes...

Страница 134: ...ileged EXEC Term Definition Interface Valid unit slot and port number separated by forward slashes Interface IP The IP address of the interface participating in the multicast group State The interface...

Страница 135: ...interface stats slot port Modes Privileged EXEC User EXEC Term Definition Querier Status The status of the IGMP router whether it is running in Querier mode or Non Querier mode Querier IP Address The...

Страница 136: ...at no ip igmp proxy unsolicit rprt interval Mode Interface Config Format ip igmp proxy reset status Mode Interface Config Format show ip igmp proxy Modes Privileged EXEC User EXEC Term Definition Inte...

Страница 137: ...he number of times the IGMP Proxy has been stopped and started Term Definition Format show ip igmp proxy interface Modes Privileged EXEC User EXEC Term Definition Interface Index The slot port of the...

Страница 138: ...The interface number of the IGMP Proxy Group Address The IP address of the multicast group Last Reporter The IP address of host that last sent a membership report for the current group on the network...

Страница 139: ...Mode Privileged EXEC Default disable Format interface Set Static_mcast add_port mac_addr Mode Privileged EXEC Default disable Format interface Set Static_mcast rem_port mac_addr Mode Privileged EXEC D...

Страница 140: ...FL SWITCH GHS CLI 3 12 PHOENIX CONTACT 8039_en_01 RSPSupply 1 888 532 2706 www RSPSupply com http www RSPSupply com p 14161 Phoenix Contact 2700271 FL SWITCH GHS 4G 12 Modular Ethernet Switch aspx...

Страница 141: ...ing This command maps an IP DSCP value to an internal traffic class The ipdscp value is specified as either an integer from 0 to 63 or symbolically through one of the following keywords af11 af12 af13...

Страница 142: ...nning config command because Dot1p is the default no classofservice trust This command sets the interface mode to the default value Format classofservice ip dscp mapping ipdscp trafficclass Mode Globa...

Страница 143: ...es the default weighted scheduler mode for each specified queue traffic shape This command specifies the maximum transmission bandwidth limit for the interface as a whole Also known as rate shaping tr...

Страница 144: ...face The slot port parameter is optional and is only valid on platforms that support independent per port class of service mappings If specified the IP Precedence mapping table of the interface is dis...

Страница 145: ...ass of service mappings If specified the class of service queue configuration of the interface is displayed If omitted the most recent global configuration settings are displayed Format show classofse...

Страница 146: ...AC access list If a MAC ACL by this name already exists this command enters Mac Access List config mode to allow updating the existing MAC ACL Minimum Bandwidth The minimum transmission bandwidth guar...

Страница 147: ...o indicate a match on any value in that field The remaining command parameters are all optional but the most frequently used parameters appear in the same relative order as shown in the command format...

Страница 148: ...t parameter allows the traffic matching this rule to be forwarded to the specified slot port The assign queue and redirect parameters are only valid for a permit rule Table 9 Ethertype Keyword and 4 d...

Страница 149: ...ereas the Global Config mode setting is applied to all interfaces The VLAN keyword is only valid in the Global Config mode The Interface Config mode command is only available on platforms that support...

Страница 150: ...rd mask has 0 s in a bit position that must be checked A 1 in a bit position of the ACL mask indicates the corresponding bit can be ignored access list This command creates an IP Access Control List A...

Страница 151: ...P address and source netmask for match condition of the IP ACL rule eq portkey 0 65535 Specifies the source layer 4 port match condition for the IP ACL rule You can use the port number which ranges fr...

Страница 152: ...fied for this command a sequence number that is one greater than the highest sequence number currently in use for this interface and direction is used no ip access group This command removes a specifi...

Страница 153: ...ddress for this rule Source IP Mask The source IP Mask for this rule Source L4 Port Keyword The source port for this rule Destination IP Address The destination IP address for this rule Destination IP...

Страница 154: ...er precedence order If a sequence number is already in use for this interface and direction the specified access list replaces the currently attached access list using that sequence number If the sequ...

Страница 155: ...age is marked as the backup image for subsequent reboots show bootvar This command displays the version information and the activation status for the current active and backup images The command also...

Страница 156: ...rk or service ports ARP entries associated with routing interfaces are not listed show eventlog This command displays the event log which contains error messages from the system The event log is not c...

Страница 157: ...ivileged EXEC Note The show version command will replace the show hardware command in future releases of the software Format show version Mode Privileged EXEC Term Definition Switch Description Text u...

Страница 158: ...te that this does not include multicast packets Packets Transmitted Without Error The total number of packets transmitted out of the interface Transmit Packets Errors The number of outbound packets th...

Страница 159: ...rwarding Database Address Table entries now active on the switch including learned and static entries VLAN Entries Currently In Use The number of VLAN entries presently occupying the VLAN table Time S...

Страница 160: ...9_en_01 When you specify a value for slot port the command displays the following information RSPSupply 1 888 532 2706 www RSPSupply com http www RSPSupply com p 14161 Phoenix Contact 2700271 FL SWITC...

Страница 161: ...of packets including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets Packets RX and TX 65 127 Octets The total number of packets incl...

Страница 162: ...ts inclusive but had a bad Frame Check Sequence FCS with a non integral number of octets Rx FCS Errors The total number of packets received that had a length excluding framing bits but including FCS o...

Страница 163: ...rt to its segment Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or no...

Страница 164: ...received by this authenticator EAPOL Frames Transmitted The number of EAPOL frames of any type that have been transmitted by this authenticator Time Since Counters Last Cleared The elapsed time in da...

Страница 165: ...mber of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol A possible reason for discarding a pack...

Страница 166: ...rned The value of the corresponding instance was learned by observing the source MAC addresses of incoming traffic and is currently in use Management The value of the corresponding instance system MAC...

Страница 167: ...splay the User Password even if you set one different from the default Note If you issue the show running config command from a serial connection access to the switch through remote connections such a...

Страница 168: ...5 48 lines The command terminal length 0 disables pagination and as a result the output of the show running config command is displayed immediately no terminal length Use this command to set the term...

Страница 169: ...ng when the log file reaches full capacity Otherwise when the log file reaches full capacity logging stops no logging buffered wrap This command disables wrapping of in memory logging and configures l...

Страница 170: ...dr hostname is the IP address of the logging host The addresstype indicates the type of address ipv4 or ipv6 or dns being passed The port value is a port number from 1 to 65535 You can specify the sev...

Страница 171: ...portid parameter is an integer with a range of 1 65535 no logging syslog This command disables syslog logging show logging This command displays logging configuration information Format logging host r...

Страница 172: ...sages Received Number of messages received by the log process This includes messages that are dropped or ignored Log Messages Dropped Number of messages that could not be processed due to error or lac...

Страница 173: ...n the local host from which syslog messages are sent Host Status The state of logging to configured syslog hosts If the status is disable no logging occurs Term Definition Format show logging traplogs...

Страница 174: ...initTtl maxTtl maxTtl maxFail maxFail interval interval count count port port size size Mode Privileged EXEC Parameter Description ipaddr hostname The ipaddr value should be a valid IP address The ho...

Страница 175: ...t should proceed When you enter y you automatically reset the current configuration on the switch to the default values It does not reset the switch clear counters This command clears the statistics f...

Страница 176: ...er the enable password between devices without having to know the password The password parameter must be exactly 128 hexidecimal characters logout This command closes the current telnet connection or...

Страница 177: ...msec min avg max 274 279 276 Example ping failure In Case of Unreachable Destination FL SWITCH GHS Firmware Routing ping 192 168 254 222 count 3 Format logout Modes Privileged EXEC User EXEC Default T...

Страница 178: ...g it off Reset means that all network connections are terminated and the boot code executes The switch uses the stored configuration to initialize the switch You are prompted to confirm that the reset...

Страница 179: ...me url Copies a specified configuration script file to a server nvram startup config nvram backup config Copies the startup configuration to the backup configuration nvram startup config url Copies th...

Страница 180: ...nsfer Protocol HTTP Commands on page 15 url nvram sslpem server Downloads an HTTP secure server certificate url nvram startup config Downloads the startup configuration file to the system url nvram sy...

Страница 181: ...This command resets the poll interval for SNTP unicast clients to its default value sntp unicast client poll timeout This command will set the poll timeout for SNTP unicast clients in seconds to a val...

Страница 182: ...ommand resets the poll interval for SNTP multicast clients to its default value sntp server This command configures an SNTP server a maximum of three The optional priority can be a value of 1 3 the ve...

Страница 183: ...Status Status of the last SNTP request in unicast mode or unsolicited message in broadcast mode Broadcast Count Current number of unsolicited broadcast messages that have been received and processed b...

Страница 184: ...igured Term Definition IP Address Hostname IP address or hostname of configured SNTP Server Address Type Address Type of configured SNTP server Priority IP priority type of the configured server Versi...

Страница 185: ...bootp parameter the switch periodically sends requests to a BootP server until a response is received If you use the dhcp parameter the switch periodically sends requests to a DHCP server until a resp...

Страница 186: ...s apply Bit 6 of byte 0 called the U L bit indicates whether the address is universally administered b 0 or locally administered b 1 Bit 7 of byte 0 called the I G bit indicates whether the destinatio...

Страница 187: ...y with the switch via any of the switch s front panel ports The configuration parameters associated with the switch s network interface do not affect the configuration of the front panel ports through...

Страница 188: ...0 to a 0 i e byte 0 should have the following mask xxxx xx10 The MAC address used by this bridge when it must be referred to in a unique fashion It is recommended that this be the numerically smalles...

Страница 189: ...to the console port of the switch Mode Privileged EXEC Term Definition IP Address The IP address of the interface The factory default value is 0 0 0 0 Subnet Mask The IP subnet mask for this interfac...

Страница 190: ...baudrate This command sets the communication rate of the terminal interface serial timeout This command specifies the maximum connect time in minutes without console activity A value of 0 indicates th...

Страница 191: ...inactivity on a Serial port connection after which the Switch will close the connection Any numeric value between 0 and 160 is allowed the factory default is 5 A value of 0 disables the timeout Baud...

Страница 192: ...ession no transport input telnet Use this command to prevent new Telnet sessions from being established transport output telnet This command regulates new outbound Telnet connections If enabled new ou...

Страница 193: ...lt value session timeout This command sets the Telnet session timeout value The timeout value unit of time is minutes no session timeout This command sets the Telnet session timeout value to the defau...

Страница 194: ...This command sets the Telnet connection session timeout value to the default Default 5 Format telnetcon maxsessions 0 5 Mode Privileged EXEC Format no telnetcon maxsessions Mode Privileged EXEC Note W...

Страница 195: ...mum Number of Outbound Telnet Sessions The number of simultaneous outbound Telnet connections allowed Allow New Outbound Telnet Sessions Indicates whether outbound Telnet sessions will be allowed Form...

Страница 196: ...ure shell server sshcon maxsessions This command specifies the maximum number of SSH connection sessions that can be established A value of 0 indicates that no ssh connection can be established The ra...

Страница 197: ...ons does not become effective until the session is re accessed Also any keystroke activates the new timeout duration show ip ssh This command displays the ssh settings Format no sshcon maxsessions Mod...

Страница 198: ...ce crypto key generate rsa Use this command to generate an RSA key pair for SSH The new key files will overwrite any existing generated or downloaded RSA key files no crypto key generate rsa Use this...

Страница 199: ...ugh the Web interface When access is enabled the user can login to the switch from the Web interface When access is disabled the user cannot login to the switch s Web server Disabling the Web interfac...

Страница 200: ...timeout expires the user will be forced to re authenticate This timer begins on initiation of the web session and is unaffected by the activity level of the connection no ip http session hard timeout...

Страница 201: ...resets the soft timeout for un secure HTTP sessions to the default value ip http secure session hard timeout This command configures the hard timeout for secure HTTP sessions in hours When this timeo...

Страница 202: ...n of the Web session and is re started with each access to the switch The secure session soft timeout can not be set to zero infinite no ip http secure session soft timeout This command restores the s...

Страница 203: ...Unsecure The unsecure HTTP server administrative mode Java Mode The java applet administrative mode which applies to both secure and un secure web connections Maximum Allowable HTTP Sessions The numbe...

Страница 204: ...tp sessions in minutes Certificate Present Indicates whether the secure server certificate files are present on the device Certificate Generation in Progress Indicates whether certificate generation i...

Страница 205: ...is authorized for authentication or encryption is enabled the password length must be at least eight alphanumeric characters The password is case sensitive When you change a password a prompt asks fo...

Страница 206: ...values are readonly or readwrite The username is the login user name for which the specified access mode applies The default is readwrite for the admin user and readonly for all other users You must...

Страница 207: ...sers snmpv3 encryption This command specifies the encryption protocol used for the specified user The valid encryption protocols are des or none If you select des you can specify the required key on t...

Страница 208: ...fault the admin user has Read Write access and the guest has Read Only access There can only be one Read Write user and up to five Read Only users SNMPv3 Access Mode The SNMPv3 Access Mode If the valu...

Страница 209: ...be stored for each user account When a local user changes his or her password the user will not be able to reuse any password stored in password history This ensures that users don t reuse their passw...

Страница 210: ...ed out from further switch access Only a user with read write access can re activate a locked user account Password lockout does not apply to logins from the serial console The valid range is 1 5 The...

Страница 211: ...artup config Upload copy nvram startup config url The memory card can be cleared with the command clear memcard Some Card information is displayed by using show memcard which results in the following...

Страница 212: ...Relay Agent no service dhcp relay agent disable DHCP Relay Agent ip dhcp relay agent server ipaddr Configure DHCP server IP address ip dhcp relay agent remote id ip address Set the DHCP remote ID opti...

Страница 213: ...enhanced Commands no spanning tree large tree support Format no spanning tree large tree support Mode Global Config no spanning tree fast ring detection Format no spanning tree fast ring detection Mod...

Страница 214: ...st parameter contact_1 or contact_2 for a special mode where special modes depend on the 1st parameter global Alarm contact is enabled globally i e all it is armed for any event that might be configur...

Страница 215: ...characters snmp server community This command adds and names a new SNMP community A community name is a name associated with the switch and with a set of SNMP managers that manage it with a specified...

Страница 216: ...from which SNMP clients may use that community to access the device A value of 255 255 255 255 will allow access from only one station and will use that machine s IP address for the client IP address...

Страница 217: ...This command restricts access to switch information The access mode is read write also called private snmp server enable traps violation This command enables the sending of new violation traps design...

Страница 218: ...is enabled See snmp trap link status on page 37 no snmp server enable traps linkmode This command disables Link Up Down traps for the entire switch Format no snmp server enable traps violation Mode In...

Страница 219: ...MP trap address can be set using both an IPv4 address format as well as an IPv6 global address format Example The following shows an example of the CLI command admin snmptrap mytrap ip6addr 3099 2 Def...

Страница 220: ...abled trap receivers are inactive not able to receive traps Default snmpv2 Format snmptrap name ipaddr snmpversion snmpversion Mode Global Config Format no snmptrap name ipaddr Mode Global Config Note...

Страница 221: ...is valid only when the Link Up Down Flag is enabled See snmp server enable traps linkmode on page 34 Format snmp trap link status Mode Interface Config Note This command is valid only when the Link U...

Страница 222: ...from which this device will accept SNMP packets with the associated community The requesting entity s IP address is ANDed with the Subnet Mask before being compared to the IP address Note If the Subne...

Страница 223: ...the same time either through Telnet or the serial port Spanning Tree Flag Can be enabled or disabled The factory default is enabled Indicates whether spanning tree traps are sent Broadcast Storm Flag...

Страница 224: ...radius accounting mode This command is used to set the RADIUS accounting function to the default value i e the RADIUS accounting function is disabled radius server attribute 4 Use this command to set...

Страница 225: ...nfiguration The IP address or hostname you specify must match that of a previously configured accounting server If you use the optional port parameter the command configures the UDP port to use when c...

Страница 226: ...to enter the key in encrypted format enter the key along with the encrypted keyword In the show running config command s display these secret keys are displayed in encrypted format You cannot show the...

Страница 227: ...et is re transmitted when no response is received from the RADIUS server The retries value is an integer in the range of 1 to 15 no radius server retransmit This command sets the maximum number of tim...

Страница 228: ...use for authentication Number of configured servers The number of configured authentication servers including DNS configured server Max number of retransmits The configured value of the maximum numbe...

Страница 229: ...ng Request that matched it from the RADIUS accounting server Requests The number of RADIUS Accounting Request packets sent to this accounting server This number does not include retransmissions Retran...

Страница 230: ...ets sent to this server This number does not include retransmissions Access Retransmission The number of RADIUS Access Request packets retransmitted to this RADIUS authentication server Access Accepts...

Страница 231: ...ript file for displaying management access show telnet Displays the information about remote connections Display information about direct connections show serial End of the script file script apply Th...

Страница 232: ...e option is intended to be used as a tool for script development Validation identifies potential problems It might not identify all problems with a given script on any given device Format script list...

Страница 233: ...tree forward time 2 9 spanning tree hello time 2 9 spanning tree max age 2 10 spanning tree max hops 2 10 spanning tree mst 2 11 spanning tree mst instance 2 12 spanning tree mst priority 2 12 spanni...

Страница 234: ...show vlan brief 2 29 show vlan port 2 29 show vlan association subnet 2 30 show vlan association mac 2 30 vlan port priority all 2 31 vlan priority 2 31 set garp timer join 2 31 set garp timer leave 2...

Страница 235: ...ctor max delay 2 52 Note lacp actor admin 2 52 Note lacp actor admin key 2 52 Note lacp actor admin state 2 53 Note lacp actor admin state individual 2 53 Note lacp actor admin state longtimeout 2 54...

Страница 236: ...ter interface 2 72 show igmpsnooping mrouter vlan 2 72 show mac address table igmpsnooping 2 73 set igmp querier 2 73 set igmp querier query interval 2 74 set igmp querier timer expiry 2 74 set igmp q...

Страница 237: ...etail 2 92 dos control sipdip 2 94 dos control firstfrag 2 94 dos control tcpfrag 2 95 dos control tcpflag 2 95 dos control l4port 2 96 Note dos control icmp 2 96 Note show dos control 2 97 Note bridg...

Страница 238: ...cedence mapping 4 4 show classofservice ip dscp mapping 4 5 show classofservice trust 4 5 show interfaces cos queue 4 5 mac access list extended 4 6 Note mac access list extended rename 4 7 Note deny...

Страница 239: ...an 5 22 Example enable passwd 5 22 Example enable passwd encrypted password 5 22 Example logout 5 22 ping 5 23 Example quit 5 24 reload 5 24 copy 5 24 Table 11 sntp broadcast client poll interval 5 26...

Страница 240: ...maxsessions 6 12 Note sshcon timeout 6 13 Note show ip ssh 6 13 Note crypto certificate generate 6 14 Note crypto key generate rsa 6 14 Note crypto key generate dsa 6 15 Note ip http server 6 15 Note...

Страница 241: ...P Relay Agent in Interface Config Mode 6 28 MRP Commands 6 29 Spanning Tree enhanced Commands 6 29 Profinet Commands 6 30 Digital Input CLI commands 6 30 Link Monitoring CLI commands 6 30 Alarm contac...

Страница 242: ...Example radius server msgauth 6 42 Example radius server primary 6 43 Example radius server retransmit 6 43 Example radius server timeout 6 43 Example show radius 6 44 Example show radius accounting...

Отзывы:

Нет отзывов