Ruijie RG-S2600G-I Series Скачать руководство пользователя страница 911

Страница: 911 / 1192

CLI Reference Guide

ACL Configuration Commands



xns-idp

Configuration

Examples

1. Example of the standard IP ACL

The following basic IP ACL allows the packets whose source IP addresses are 192.168.1.64 -

192.168.1.127 to pass:

Ruijie (config)#access-list 1 permit 192.168.1.64 0.0.0.63

2. Example of the extended IP ACL

The following extended IP ACL allows the DNS messages and ICMP messages to pass:

Ruijie(config)#access-list 102 permit tcp any any eq domain log

Ruijie(config)#access-list 102 permit udp any any eq domain log

Ruijie(config)#access-list 102 permit icmp any any echo log

Ruijie(config)#access-list 102 permit icmp any any echo-reply

3. Example of the extended MAC ACL

This example shows how to deny the host with the MAC address 00d0f8000c0c to provide service

with the protocol type 100 on gigabit Ethernet port 1/1. The configuration procedure is as below:

Ruijie(config)#access-list 702 deny host 00d0f8000c0c any aarp

Ruijie(config)# interface gigabitethernet 1/1

Ruijie(config-if)# mac access-group 702 in

4. Example of the extended expert ACL

The following example shows how to create and display an extended expert ACL. This expert ACL

denies all the TCP packets with the source IP address 192.168.12.3 and the source MAC address

00d0.f800.0044.

Ruijie(config)#access-list 2702 deny tcp host 192.168.12.3 mac 00d0.f800.0044

any any

Ruijie(config)# access-list 2702 permit any any any any

Ruijie(config)# show access-lists

expert access-list extended 2702

10 deny tcp host 192.168.12.3 mac 00d0.f800.0044 any any

10 permit any any any any

Related

Commands

Command

Description

show access-lists

Show all the ACLs.

mac access-group

Apply the extended MAC ACL on the interface.

Platform

Description

clear expert access-list counters

Use this command to clear the packet matching counter of the expert ACL.

clear expert access-list counters

[

name

]

Parameter

Description

Содержание RG-S2600G-I Series

Страница 1: ...1 CLI Reference Guide RG S2600G I Series Switches RGOS 10 4 3b16...

Страница 2: ...ted or otherwise in all or in part by any party in any means Exemption statement This document is provided as is The contents of this document are subject to change without any notice Please obtain th...

Страница 3: ...with bolded characters 2 Command Line Format Convention Arial is used as the font for the command line The meanings of specific formats are described below Bold Key words in the command line which sha...

Страница 4: ...ioned in the examples of this manual may not be consistent with the actual ones In real network environments you need configure port types according to the support on various products The display info...

Страница 5: ...5...

Страница 6: ...LINE Configuration Commands 6 File System Configuration Commands 7 Configuration Commands of Configuration File Management 8 CPU LOG Configuration Commands 9 Memory Configuration Commands 10 Syslog C...

Страница 7: ...nd original command Syntax of the command represented by the alias Default Settings Some commands in the privileged EXEC mode have default alias names Command mode Global configuration mode Usage guid...

Страница 8: ...ne word the command will be displayed in brackets For example if you set sv stand for show version in the privileged EXEC mode then Ruijie s s show sv show version show start chat start terminal servi...

Страница 9: ...s Show the aliases settings privilege To attribute the execution rights of a command to a command level use privilege in the global configuration mode The no form of this command recovers the executio...

Страница 10: ...e keychain key KeyChain key configuration mode time range Time Range configuration mode Examples Set the password of CLI level 1 as test and attribute the reload rights to reset the device Ruijie conf...

Страница 11: ...rivileged EXEC mode show aliases mode Parameter description Parameter Description mode Mode of the command represented by the alias Default Settings N A Command mode EXEC mode Usage guidelines Show al...

Страница 12: ...ommand sets the logging banner message which is displayed upon login All characters behind the terminating symbol will be discarded by the system Configuration Examples The following example shows the...

Страница 13: ...witch all switchid priority prefix directory filename no boot system priority switch all switchid Parameter Description Parameter Description priority Boot priority of a main program in the range of 1...

Страница 14: ...riority parameter is not set the configured filenames of all boot main programs will be deleted If the no boot system command is used to delete all the configured filenames of boot main programs and n...

Страница 15: ...Description boot ip Configure the local IP for TFTP transmission during device booting show boot Show the boot related configuration of the device Platform Description N A clock set To configure syst...

Страница 16: ...Privileged EXEC mode Usage Guide Some platforms use hardware clock to complement software clock Since battery enables hardware clock to run continuously even though the device is closed or restarts h...

Страница 17: ...following the disable command must be lower than the current level Configuration Examples The example below lowers the current privilege level of the device down to level 10 Ruijie disable 10 Related...

Страница 18: ...ode Usage Guide No encryption is required in general The encryption type is required generally when the password that has been encrypted with the command for the device are to be copies and pasted The...

Страница 19: ...o password and security passwords The password is simple encryption password which can be set only for level 15 The security means the security encryption password which can be set for level 0 15 If t...

Страница 20: ...on mode Usage Guide This command is used to enable the specified service Use the no enable service command to disable the specified service The enable service web server command is followed with three...

Страница 21: ...form Description execute To execute the commands in the batch files use the privileged EXEC mode command execute execute flash filename Parameter Description Parameter Description flash Parent directo...

Страница 22: ...The execution result is as below Ruijie execute flash line_rcms_script text executing script file line_rcms_script text executing done Ruijie configure terminal Enter configuration commands one per l...

Страница 23: ...http authentication enable local Parameter Description Keyword Description enable Use the password set by the enable password or enable secret the password must be of the level15 local Use the usernam...

Страница 24: ...n enable service Enable or disable the specified service ip http source port This command is used to configure the port for HTTPS services in the global configuration mode ip http source port number P...

Страница 25: ...global Telnet connetction When using the telnet command to log in a Telnet server if no source interface or source address is specified for this connnetcion the global setting is used Use the no ip te...

Страница 26: ...ck in corresponding line Configuration Examples The example below locks a terminal interface Ruijie config line lockable Ruijie config line end Ruijie lock Password password Again password Locked Pass...

Страница 27: ...d is used to delete the line logon password authentication login no login Parameter Description Parameter Description Defaults Command Mode Line configuration mode Usage Guide If the AAA security serv...

Страница 28: ...guration mode Usage Guide If the AAA security server is enabled this command is used for the logon authentication with the specified method list Configuration Examples The example below shows how to a...

Страница 29: ...al Related Commands Command Description username Configure the local user information Platform Description password To configure the password for line logon execute the line configuration command pass...

Страница 30: ...password strong It sets strong password check no repeat times It restricts using the passwords configured in recent times repeatedly times It specifies the passwords configured lately life cycle It co...

Страница 31: ...authorization commands Usage Guide Please refer to the chapter of configure CLI authorization commands Configuration Examples Please refer to the chapter of configure CLI authorization commands Relat...

Страница 32: ...th day year text cancel Parameter Description Parameter Description text Cause to restart 1 255 bytes in mmm hh mm The system is restarted after specified time interval at hh mm The system is restarte...

Страница 33: ...the service password encryption and show running or write command to save the configuration the password transforms into cipher text If you disable the command the password in cipher text cannot be r...

Страница 34: ...minutes Ruijie config line exec timeout 5 output Related Commands Command Description Platform Description show boot Use this command to show the boot related configuration of the device show boot co...

Страница 35: ...config_main text Service config Disabled 2 The example below shows the configuration of network startup config filename Ruijie show boot network Network config file tftp 192 168 7 24 config text Serv...

Страница 36: ...3205120 2008 08 26 05 25 09 flash rgos_bak bin 9 N A N A tftp 192 168 7 24 rgos bin 10 Related Commands Command Description Platform Description N A show clock To view the system time execute the priv...

Страница 37: ...ration of a vty line line num Number of the line Command Mode Privileged EXEC mode Usage Guide This command shows the configuration information of a line Configuration Examples The following example s...

Страница 38: ...mples Ruijie show mainfile MainFile name rgos bin Related Commands Command Description boot system Set the filename of the boot main program Platform description N A show reload To show the restart se...

Страница 39: ...running execute the privileged user command show running config show running config Parameter Description Parameter Description Defaults Command Mode Privileged EXEC mode Usage Guide Configuration Ex...

Страница 40: ...gured by the boot config command and the file exists startup config indicates the configuration stored in the configuration file that specified by the boot config command If the configuration file spe...

Страница 41: ...information of the system execute the command show version in the privileged EXEC mode show version devices module slots Parameter Description Parameter Description devices Current device information...

Страница 42: ...scription Platform Description N A show web server status This command is used to show the configuration and status of a web server show web server status Parameter Description Parameter Description D...

Страница 43: ...terminal transmits packets Configuration Examples The following example shows how to configure the rate of the serial port to 57600 bps Ruijie config line console 0 Ruijie config line speed 57600 Rel...

Страница 44: ...ernet 0 1 vrf vpn1 Example 2 commands telnet to 2AAA BBBB CCCC Ruijie telnet 2AAA BBBB CCCC Related Commands Command Description ip telnet source interface Specify the IP address of the interface as t...

Страница 45: ...lege 15 password 0 pw15 Related Commands Command Description login local Enable local authentication Platform Description username permission Use the username permission command in the global configur...

Страница 46: ...onfig username test permission null Example 3 configures the user test to have permissions to read write and execute all files and catalogs except for the file config text Ruijie config username test...

Страница 47: ...y no key work or is followed by all the HTTP and HTTPS services are both enabled if the command is followed by http only HTTP service is enabled if the command is followed by https only HTTPS service...

Страница 48: ...82379 web1 2 1 145680 upd 3 1 2 1 82378 web1 2 1 145680 upd Related Commands Command Description http update Upgrades specific files manually Platform Description N A http update Use this command to...

Страница 49: ...is disabled by default Command Mode Global configuration mode Usage Guide You can use this command to configure the HTTP upgrade mode If this command is configured in the auto detect mode the device w...

Страница 50: ...ver address configured by this command If it fails to connect to the address it will seek to connect to addresses in the local record If no address can be connected the upgrade fails The system will r...

Страница 51: ...er rgos ruijie com cn on the configured time everyday to detect files that can be upgraded Information of files acquired can be viewed on the Web interface If the no form of the command is used the de...

Страница 52: ...ip http authentication Parameter Description Parameter Description enable Adopts the password set with the enable password or enable secret command for verification the password must be 15 level local...

Страница 53: ...ide You can use this command to set HTTP service s port Configuration Examples The following example sets HTTP service s port number as 8080 Ruijie configure terminal Enter configuration commands one...

Страница 54: ...ds Command Description enable service web server Enables the HTTP service show web server status Shows the web server status Platform Description show web server status Use this command to show Web se...

Страница 55: ...ption type 0 means no encryption while 7 means simple encryption encrypted password Password text Defaults Command Mode Global configuration mode Usage Guide To use the HTTP service you need to pass t...

Страница 56: ...ide HTTP Service Configuration Commands Ruijie config webmaster level 0 username ruijie password admin Related Commands Command Description enable service web server Enables the HTTP service Platform...

Страница 57: ...ed version to the device In addition reset the device after usage so that the device can run on the new version You cannot run the upgrade system command to degrade the system to a version earlier tha...

Страница 58: ...ilename Parameter Description Parameter Description filename Name of the file to be synchronized The file is located on the master device and supports only a flash prefix Defaults Command Mode Privile...

Страница 59: ...CLI Reference Guide UPGRADE Configuration Commands file OK 10 414 752 bytes Synchornize file to slave devices successfully Related Commands Command Description Platform Description N A...

Страница 60: ...ctions out Perform access control over the outgoing connections Default configuration By default no ACL is configured under Line All connections are accepted and all outgoing connections are allowed C...

Страница 61: ...first line Number of first line to enter last line Number of last line to enter Default configuration N A Command mode Global configuration mode Usage guidelines Access to the specified LINE mode Exam...

Страница 62: ...t input to restore the protocols under Line that can be used for communication to the default value transport input all ssh telnet none default transport input Parameter description Parameter Descript...

Страница 63: ...configuration information under Line Note You can restore the default configuration by using the default transport input command The no transport input command is used to disable all the communication...

Страница 64: ...arameter to the directory you want to enter Use the pwd command to view the present directory Configuration Examples Example 1 The following example sets usb0 root directory as the present directory R...

Страница 65: ...ard on the M2 slot of the chassis with switch id 1 in the VSU mode sw2 m1 disk0 Management board on the M1 slot of the chassis with switch id 2 in the VSU mode sw2 m2 disk0 Management board on the M1...

Страница 66: ...card to the U disk Ruijie copy sd0 config text usb0 config text Example 9 Obtain the command line help to judge which file system prefix combinations are supported by the current products and versions...

Страница 67: ...in the URL This command supports deleting the files stores in the local storage media i e the URL must be one of the flash usb0 or usb1 slave If the prefix is not specified in the URL it indicates to...

Страница 68: ...directory If no parameter is specified the information of the files in the present directory is shown by default This command does not support the wildcard Configuration Examples Example 1 Show the f...

Страница 69: ...y you want to create including the path If the created file has been existed the creation will fail If the upper level for the directory to be created is inexistent it fails to create the specified di...

Страница 70: ...b0 1 flash and slave Configuration Examples Example 1 Move the log txt to the upper level directory and rename it config txt Ruijie rename tmp log txt config txt Example 2 Move the log txt in the slav...

Страница 71: ...be empty Since this command supports abbreviations you can also use the rm command to delete empty directories Configuration Examples If there is tmp directory in the present directory and the directo...

Страница 72: ...system information show file systems Parameter Description Parameter Description N A N A Defaults N A Command Mode Privileged EXEC mode Usage Guide Use this command to show the file systems supported...

Страница 73: ...de Usage guidelines Use the archive command to switch to the archive configuration mode Use the end command or enter CTRL C to return to the privileged EXEC mode Use the exit command to return to the...

Страница 74: ...mands one per line End with CNTL Z Ruijie config archive Ruijie config archive log config Ruijie config archive log config hidekeys Related commands Command Description archive Enter the archive confi...

Страница 75: ...switches to the archive log management configuration mode Ruijie configure terminal Enter configuration commands one per line End with CNTL Z Ruijie config archive Ruijie config archive log config Rel...

Страница 76: ...nagement configuration mode logging size Use this commad to specify the maximum number of the entries saved in the configuration log The no form of this command is used to restore it to the default va...

Страница 77: ...ending the configuration change notification to the remote log server notify syslog no notify syslog Parameter description Parameter Description Default Prohibit sending the configuration notification...

Страница 78: ...all configuration logs starting with this record If the end num is specified at the same time it will show the configuration logs with the record number between the start num and end num if the start...

Страница 79: ...ing is specified show the configuraitons in the format that is in the configuration files Examples The following example shows the configuration logs numbered 1 to 2 Ruijie show archive log config 1 2...

Страница 80: ...1270 bytes Total memory allocated for session tracking 1270 bytes Total memory freed from session tracking 0 bytes Config Log log queue Info Number of entries in the log queue 3 Memory being held in t...

Страница 81: ...les Ruijie show cpu CPU Using Rate Information CPU utilization in five seconds 25 CPU utilization in one minute 20 CPU utilization in five minutes 10 NO 5Sec 1Min 5Min Process 0 0 0 0 LISR INT 1 7 2 1...

Страница 82: ...tcptimer 37 8 1 0 ef_res 38 0 0 0 ef_rcv_msg 39 0 0 0 ef_inconsistent_daemon 40 0 0 0 ip6_tunnel_rcv_pkt 41 0 0 0 res6t 42 0 0 0 tunrt6 43 0 0 0 ef6_rcv_msg 44 0 0 0 ef6_inconsistent_daemon 45 0 0 0 i...

Страница 83: ...86 0 0 0 bcmTX 87 0 0 0 bcmXGS3AsyncTX 88 0 2 1 bcmLINK 0 89 0 0 0 bcmRX 90 0 0 0 mngpkt_rcv_thread 91 0 0 0 mngpkt_recycle_thread 92 0 0 0 stack_task 93 0 0 0 stack_disc_task 94 0 0 0 redun_sync_task...

Страница 84: ...U utilization of the tasks The last line refers to the CPU utilization of the idle task which is the same as the System Idle Porcess in the Windows In the example above CPU utilization of idle task wi...

Страница 85: ...has been down only when the CPU high and low threshold switches over Examples This example shows how to set the low and high threshold of the cpu log utilization limit to 70 and 80 respectively Ruiji...

Страница 86: ...lower threshold The upper routing protocol includes BGP OSPF RIP PIM SM memory lack exit policy bgp ospf pim sm rip no memory lack exit policy Parameter description Parameter Description bgp ospf pim...

Страница 87: ...ure the BGP exit policy when the memory lacks Specifying the disabled routing protocol to take precedence to exit the policy can not help the system obtain enough memory resources Note The exit policy...

Страница 88: ...llowing table Parameter Description min The memory resources are extremely insufficient It can only keep the kernel running All application modules fails to run if the minimum watermark has been reach...

Страница 89: ...ay the usage of the memory for the routing protocols Note Different switches and versions support different routing protocols The main routing protocols are BGP OSPF RIP LDP PIM ISIS and ect Examples...

Страница 90: ...e log packets from the memory buffer Ruijie clear logging Related Commands Command Function logging on Record logs on different devices show logging Show the logs in the buffer logging buffered Record...

Страница 91: ...level The logs in the memory buffer are temporary and will be cleared in case of device restart or the execution of the clear logging command by privileged user To trace a problem it is required to r...

Страница 92: ...everity of logs that are allowed to be displayed on the console The no form of the command disables displaying the logs on the console logging console level no logging console Parameter Description Pa...

Страница 93: ...Usage Guide This command enables the log statistics function The statistics begins when the function is enabled If you run no logging count the statistics function is disabled and the statistics data...

Страница 94: ...user User level messages 2 mail Mail system 3 daemon System daemons 4 auth1 security authorization message 5 syslog Messages generated internally by syslogd 6 lpr Line printer system 7 news USENET new...

Страница 95: ...uration Examples Following is to set the device value of Syslog as kernel Ruijie config logging facility kern Related Commands Command Description logging console Set the severity of logs that are all...

Страница 96: ...sage Guide If no Syslog Server is specified or it is not desired to transfer logs in the network due to the consideration of security purpose it is possible to save the logs directly in flash The exte...

Страница 97: ...e To print log messages on the VTY window execute first the privileged user command terminal monitor The level of logs to be displayed is defined with logging monitor The log level defined with Loggin...

Страница 98: ...sh Record logs on the FLASH logging console Set the log level to be displayed on the console logging monitor Set the log level to be displayed on the VTY window such as telnet window logging trap Set...

Страница 99: ...logs and related log configuration parameters in the buffer Platform Description logging rd on Configure this command on the host in global configuration mode to enable log redirection in VSU environm...

Страница 100: ...iption Parameter Description number Log information allowed to be redirected per second which ranges from 1 to 10000 Except No rate limit is imposed on log information on and below this error level Th...

Страница 101: ...the log server ipv6 address Specify IPV6 address of the log server Defaults By default it does not send the logs to any syslog server Command Mode Global configuration mode Usage Guide This command sp...

Страница 102: ...address so that the administrator can identify which device is sending the message through the unique address If no source interface of the device or no IP address of the source interface is configure...

Страница 103: ...to fix the source address of all log messages as an address so that the administrator can identify which device is sending the message through the unique address If no IP address is configured for th...

Страница 104: ...of user input and log output preventing the user from interrupting when keying in the characters Configuration Examples Ruijie config line console 0 Ruijie config line logging synchronous Print UP DO...

Страница 105: ...onfiguration command logging to configure the Syslog Server Then execute logging trap to specify the severity of logs to be sent The show logging command displays the related setting parameters and st...

Страница 106: ...to the FLASH Platform Description service private syslog Use this command in global configuration mode to adjust the log format to the private log display format Use the no form of this command to rem...

Страница 107: ...on the log switch service timestamps Enable the timestamp in log information Platform Description service sequence numbers Use this command to attach sequential numbers into the logs The no form of t...

Страница 108: ...nformation about mnemonic detailed log information For example May 31 23 25 21 SYS 5 CONFIG_I Configured from console by console If the standard log format is enabled the log information on the device...

Страница 109: ...nfigured from console by console Ruijie config terminal Enter configuration commands one per line End with CNTL Z Ruijie config service sysname Ruijie config end Ruijie Mar 22 15 35 57 S3250 SYS 5 CON...

Страница 110: ...has no RTC the time stamp is automatically set to the device start time Command Mode Global configuration mode Usage Guide When the uptime option is used the time format is the running period from th...

Страница 111: ...2 168 200 112 Log Buffer Total 131072 Bytes have written 1336 015487 Sep 19 02 46 13 Ruijie LINK 3 UPDOWN Interface FastEthernet 0 24 changed state to up 015488 Sep 19 02 46 13 Ruijie LINEPROTO 5 UPDO...

Страница 112: ...nds Command Function logging on Record logs on different devices clear logging Clear the logs in the buffer Platform Description show logging count Use this command to show the log statistics show log...

Страница 113: ...terminal no monitor Parameter Description Parameter Description Defaults By default it is not allowed to display log information on the VTY window Command Mode Privileged user mode Usage Guide This co...

Страница 114: ...cluster Command mode Global configuration mode Usage guidelines The no form of this command is used to clear the cluster related information on the device If the device has added to one cluster the m...

Страница 115: ...f this command to restore it to the default value cluster discovery hop count number no cluster discovery hop count Parameter description Parameter Description number Scope hop count of the cluster di...

Страница 116: ...cters number Optional set the serial number for the commander device within the range of 0 to 255 The default value is 0 Default No cluster is created by default Command mode Global configuration mode...

Страница 117: ...member devices and candidate devices This value can be used to check whether the device is invalid and it shall be greater than cluster timer otherwise the cluster topology information generates and...

Страница 118: ...command to add a member device to the cluster Use the no form of this command to delete one member device cluster member number mac address H H H password enable password no cluster member number Para...

Страница 119: ...d show cluster members in the Privileged EXEC mode to show the related configurations Examples The following example adds the device with MAC address 00d0 f8fe 1007 to the cluster and specify the seri...

Страница 120: ...ds Command Description show cluster Show the basic information of the cluster to which the device belongs show cluster candidates Show the candidate devices show cluster member Show the member devices...

Страница 121: ...basic information of the cluster to which the device belongs show cluster candidates Show the candidate devices show cluster member Show the member devices cluster timer Use this command to set the cl...

Страница 122: ...itches copy cluster tftp Use the command copy cluster tftp to upload or download files through the cluster commander device proxy TFTP for the cluster member device in the Privileged EXEC mode Use the...

Страница 123: ...nfig cluster tftp server 172 10 1 1 Ruijie config exit Ruijie rcommand 1 Ruijie 1 Enter the command line interface of the member device Ruijie 1 copy cluster tftp config text flash Use the cluster TFT...

Страница 124: ...mber device for the management To return from the logged device execute the exit command in the Privileged EXEC mode Examples The following example logs on the member device 1 from the commander devic...

Страница 125: ...the member device Examples The following example shows the basic information of the cluster on the commander device Ruijie show cluster Cluster clus0 Command switch Member number 0 Command switch mac...

Страница 126: ...e Related commands Command Description cluster enable Create a cluster cluster member Add a member device into the cluster cluster run Enable the cluster function on the device show cluster candidates...

Страница 127: ...nd clusters LcPort Port connecting with the uplink device on the candidate devices UpSN Cluster member number of the uplink device if it is the cluster member UpMAC MAC address of the uplink device Up...

Страница 128: ...vices without other members Examples The following example shows the member devices on the commander Ruijie show cluster member SN MAC Name Hops State LcPort UpSN UpMAC UpPort 0 00d0 f8fe 1007 switch...

Страница 129: ...mmand device 2 The following example shows the member devices on the member device2 Ruijie show cluster member SN MAC Name Hops State LcPort UpSN UpMAC UpPort 0 00d0 f8fe 1007 switch 1 0 up Cmdr 2 00d...

Страница 130: ...uplink device UpMAC MAC address of the uplink device UpPort Port connecting with the member device on the uplink device Related commands Command Description cluster enable Create a cluster cluster me...

Страница 131: ...ult All the files are synchronized by default Command mode Redundancy configuration mode Usage guidelines Generally the standard synchronization should be used if there is no special requirement Examp...

Страница 132: ...g red auto sync time period 60 Redundancy auto sync time period enabled 60 seconds Ruijie config red exit The following example disables auto sync Ruijie config redundancy Ruijie config red no auto sy...

Страница 133: ...helf Reset the master and slave devices Default N A Command mode Privileged EXEC mode Usage guidelines The redundancy reload peer does not affect the data transfer During the resetting of the Slave th...

Страница 134: ...Reset the master supervisor engine switchover timeout In the redundancy configuration mode use the switchover timeout command to configure the switchover timeout value for the supervisor engine Use t...

Страница 135: ...or the detailed information please refer to auto sync description in previous text show redundancy auto sync Default N A Command mode User mode or Privileged EXEC mode Examples Ruijie enable Ruijie sh...

Страница 136: ...s Redundancy states My state 19 ACTIVE peer state 37 STANDBY HOT show redundancy switchtimeout Use show redundancy switchtimeout command to show current redundanct switchover timeout time in user EXEC...

Страница 137: ...e 1 In the srm policy configuration mode execute cpu command to enter the owner cpu configuration mode Ruijie config srm policy cpu Ruijie config owner cpu Related commands Command Description resourc...

Страница 138: ...source user group named rgos_group and add the snmpd into the group and finally apply the monitoring policy to the group Ruijie configure terminal Ruijie config resource manager Ruijie config srm user...

Страница 139: ...nd enter the SRM policy configuration mode policy In the srm configuration mode execute policy command to create the monitoring policy and enter the srm policy configuration mode policy policy name gl...

Страница 140: ...licy name In the config res group configuration mode execute policy policy name command to associate the group with monitoring policy policy policy name no policy policy name Parameter description Par...

Страница 141: ...slot slot id Specify the board card to be configured subsystem subsystem id Subsystem id range 0 1 equivalent to the cpu id displayed after executing show version command Default N A Command mode Glob...

Страница 142: ...the rising value no Remove the waterline Default N A Command mode owner memory or owner cpu configuration mode Usage guidelines Caution The rising waterline of major must be greater than that of mino...

Страница 143: ...olicy name Name of monitor policy no Remove the association between resource user and monitoring policy Default N A Command mode srm configuration mode Usage guidelines N A Examples Example 1 Configur...

Страница 144: ...rce user and monitoring policy Default N A Command mode srm configuration mode Usage guidelines N A Examples Example 1 Configure a global monitoring policy named rgos_policy and apply to the global re...

Страница 145: ...RM configuration mode Usage guidelines N A Examples Example 1 Configure a resource user group named rgos_group Ruijie configure terminal Ruijie config resource manager Ruijie config srm user group rgo...

Страница 146: ...SRM Configuration Commands subsystem subsystem i d Subsystem id range 0 1 equivalent to the cpu id displayed after executing show version command Default N A Command mode Global configuration mode Us...

Страница 147: ...2 APP_TASK printk_task 0x3 APP_TASK_TS waitqueue_process 0x4 PROT_TASK tasklet_task 0x5 PROT_TASK cmic_pause_detect 0x6 PROT_TASK idle 0x7 IDLE kevents 0x8 PROT_TASK snmpd 0x9 PROT_TASK snmp_trapd 0xa...

Страница 148: ...ons show resource notification owner all cpu memory slot slot id subsystem subsystem id Parameter description Parameter Description all Statistics of all ROs cpu Statistics of CPU memory Statistics of...

Страница 149: ...if cr U D ma U D mi U D rgnos_group cr 0 0 ma 0 0 mi 0 0 Single User Group User Notif cr U D ma U D mi U D ktimer cr 0 0 ma 0 0 mi 0 0 Owner memory RU Global Global Notif cr U D ma U D mi U D global N...

Страница 150: ...minor waterlines U refers to UP event notification D refers to DOWN event notification Related commands Command Description show resource owner Display information about SRM resource owner show resou...

Страница 151: ...ntime ms 5Sec 1Min 5Min rgnos_group 1590380 0 0 0 RU Runtime ms 5Sec 1Min 5Min rl_con 171420 0 0 0 stat_get_and_send 1585180 1 1 1 cmic_pause_detect 1585180 0 0 0 mem_info_task 1602670 0 0 0 idle_vlan...

Страница 152: ...er memory Total Size B 536870912 Used Size B 143081472 Used Ratio 27 RU Group Allocated Size B Alloc Cnt Free Cnt local 1 0 0 0 RU Allocated Size B Alloc Cnt Free Cnt Ktimer 0 7065 14 atimer 92 2343 3...

Страница 153: ...e byte Alloc Cnt Memory allocation count Free Cnt Memory releasing count Runtime ms Runtime millisecond 5Sec Percentage of cpu resources occupied by the resource user in 5 seconds 1Min Percentage of c...

Страница 154: ...policy Name rgnos_global_policy Type Global In Use No RO memory critical rising 98 interval 2600 falling 40 interval 2600 major rising 80 interval 4000 falling 30 interval 4000 minor rising 45 interv...

Страница 155: ...rval 2900 major rising 86 interval 3800 falling 40 interval 3800 minor rising 61 interval 5900 falling 10 interval 5900 Field Description Policy Name Name of monitoring policy Type Type of monitoring...

Страница 156: ...imer Single User Group Field Description Policy Monitoring policy Resource User Resource user group User Type Group type including Global Group Multi User Group and Single User Group with the meaning...

Страница 157: ...the cpu id displayed after executing show version command Default N A Command mode Global configuration mode Usage guidelines N A Examples Example 1 Display all RU group information Ruijie show resour...

Страница 158: ...policy User Resource user Resource Owner Resource owner Allocated Size B Allocated memory size byte Alloc Cnt Memory allocation count Free Cnt Memory releasing count Runtime ms Runtime millisecond 5S...

Страница 159: ...ion Examples The following example configures the maximum number of policy based routes to 100 Ruijie config initialization route pbr 1 256 Max number of policy based route entry Ruijie config initial...

Страница 160: ...he maximum number of the shared pools initialization route shared pool max_num no initialization route shared pool Parameter Description Parameter Description max_num The maximum number of the shared...

Страница 161: ...ng value and the default value of all types of hardware entry capacities Configuration Examples The following example displays the hardware entry capacity Ruijie show initialization route config runni...

Страница 162: ...figuration Commands 6 Protocol VLAN Configuration Commands 7 Private VLAN Configuration Commands 8 Share VLAN Configuration Commands 9 Voice VLAN Configuration Commands 10 MAC VLAN Configuration Comma...

Страница 163: ...rier detection signals DCD of the interface link turns from the Down status to the Up status If the DCD changes within the delay the system will ignore such changes without disconnecting the upper dat...

Страница 164: ...y counters or the clear counters command to clear counters If no interface is specified the counters on all interfaces will be cleared Configuration Examples Ruijie clear counters gigabitethernet 1 1...

Страница 165: ...ion Use this command to set an interface alias Add no in the command to restore the default description string no description Parameter Description Parameter Description string Interface alias Default...

Страница 166: ...uplex Parameter Description Parameter Description auto Self adaptive full duplex and half duplex full Full duplex half Half duplex Defaults Auto Command Mode Interface configuration mode Usage Guide T...

Страница 167: ...rol on Enable the flow control receive Receiving direction of the non symmetric flow control send Sending direction of the non symmetric flow control Defaults By default flow control is disabled Comma...

Страница 168: ...he equipment and extended modules Defaults Command Mode Global configuration mode Usage Guide Based on certain rules you can add other ports to an aggregate port All the members of an aggregate port a...

Страница 169: ...er so this interface type cannot be deleted Use show interfaces or show interfaces fastEthernet to display the interface configuration Configuration Examples Ruijie config interface fastEthernet 1 2 R...

Страница 170: ...interface configuration mode interface tenGigabitEthernet mod num port num Parameter Description Parameter Description mod num port num The range varies with the device and the extended module Comman...

Страница 171: ...Parameter Description Parameter Description vlan id VLAN ID Its range depends by products Defaults Command Mode Global configuration mode Usage Guide Use show interfaces or show interfaces vlan to dis...

Страница 172: ...is used to show the line status and locate the cause of a line failure for example the line is broken Configuration Examples Ruijie config interface gigabitEthernet 0 1 Ruijie config if GigabitEthern...

Страница 173: ...point Related Commands Command Description Platform Description medium type Use this command to select the medium type for an interface Add no in the command to restore it to the default setting mediu...

Страница 174: ...ombo interface cannot automatically determine whether the current port is an SFP or 10 100 1000M BASE T interface mtu Use this command to set the MTU on the interface mtu num Parameter Description Par...

Страница 175: ...o shutdown command If you shut down the interface the configuration of the interface does not take effect You can view the interface status by using the show interfaces command If you use the script t...

Страница 176: ...e For an interface such as Ethernet interface AP interface and SVI interface this command determines whether to send LinkTrap on the interface If the function is enabled the SNMP sends the LinkTrap wh...

Страница 177: ...uto The transmission rate of the interface is adaptive Defaults Auto Command Mode Interface configuration mode Usage Guide If an interface is an aggregate port member its rate may vary with that of th...

Страница 178: ...Defaults All the interfaces work in Layer 2 mode by default Command Mode Interface configuration mode Usage Guide This command applies only to physical interfaces The switchport command is used to di...

Страница 179: ...VLAN 1 Command Mode Interface configuration mode Usage Guide Enter one VLAN ID The system will create a new one and add the interface to the VLAN if you enter a new VLAN ID If the VLAN ID already exis...

Страница 180: ...tion mode Usage Guide If a switch port is an access port it can be a member port of only one VLAN Use switchport access vlan to specify the member of the VLAN A trunk port can be a member port of vari...

Страница 181: ...ist remove removes a specified VLAN list from the allowed VLAN list except adds all the VLANs other than those in the specified VLAN list to the allowed VLAN list native vlan vlan id Specify the nativ...

Страница 182: ...ion mtu status module module id vlan vlan id switchport trunk transceiver alarm diagnosis usage Parameter Description Parameter Description interface id Interface including Ethernet interface aggregat...

Страница 183: ...parameter is specified The functions of showing the optical module information raising fault alarms and diagnosing parameters must be used together with the optical modules of the RG network To show t...

Страница 184: ...isions 0 interface resets Example 2 shows the interface information when the Gi0 1 is an Access port SwitchA show interfaces gigabitEthernet 0 1 Index dec 1 hex 1 GigabitEthernet 0 1 is DOWN line prot...

Страница 185: ...protocol is Bridge loopback not set Keepalive interval is 10 sec set Carrier delay is 2 sec RXload is 1 Txload is 1 Queueing strategy FIFO Output queue 0 0 0 drops Input queue 0 75 0 drops Switchport...

Страница 186: ...ng YES Vendor Serial Number 101680093602489 Example 6 shows the current measured value of the optical module diagnosis parameter on the Gi0 1 port Ruijie show interfaces gigabitEthernet 0 1 transceive...

Страница 187: ...es 0 packets received of length in octets 64 0 65 127 4 128 255 0 256 511 0 512 1023 0 1024 1518 0 Interface GigabitEthernet 1 0 2 5 minutes input rate 0 bits sec 0 packets sec 5 minutes output rate 0...

Страница 188: ...0 bits sec 0 packets sec InOctets 408 InUcastPkts 4 InMulticastPkts 0 InBroadcastPkts 0 OutOctets 408 OutUcastPkts 4 OutMulticastPkts 0 OutBroadcastPkts 0 Undersize packets 0 Oversize packets 0 colli...

Страница 189: ...ics of all member ports on VLAN 1 only shows the information of parts of the ports not the information of all ports Ruijie show interfaces counters vlan 1 Interface GigabitEthernet 1 0 1 5 minutes inp...

Страница 190: ...bers 0 CRC alignment errors 0 AlignmentErrors 0 FCSErrors 0 dropped packet events due to lack of resources 0 packets received of length in octets 64 0 65 127 4 128 255 0 256 511 0 512 1023 0 1024 1518...

Страница 191: ...rnet 1 0 23 down 1 Unknown Unknown copper GigabitEthernet 1 0 24 down 1 Unknown Unknown copper GigabitEthernet 1 0 25 down 1 Unknown Unknown copper Example 14 shows the bandwidth usage value of the sp...

Страница 192: ...CLI ReferenceInterface Configuration Commands Interface Configuration Commands Platform Description...

Страница 193: ...mode Usage guidelines If you have bound an IP address and a MAC address the switch will discard the packets that have the same source IP address but different source MAC address Examples This is an ex...

Страница 194: ...he version must be RGOS10 1 and later address bind ip address Use this command to configure IP address MAC address binding address bind ip address mac address no address bind ip address Parameter desc...

Страница 195: ...bal configuration mode Default value Strict mode Usage guidelines There are three IP address binding modes compatible loose and strict The following table shows the forwarding rules corresponding to b...

Страница 196: ...ink intf id no address bind uplink intf id Parameter description Parameter Description intf id Exceptional port Command mode Global configuration mode Usage guidelines If you have bound an IP address...

Страница 197: ...sses of the specified interface vlan vlan id Clear all the dynamic MAC addresses of the specified VLAN Command mode Privileged EXEC mode Usage guidelines Use show mac address table dynamic to display...

Страница 198: ...estore it to the default setting mac address table aging time seconds no mac address table aging time Parameter description Parameter Description seconds Aging time of the dynamic MAC address in secon...

Страница 199: ...the frame according to the destination MAC address only Default configuration No filtering address is configured by default When configuring this command without the source or destination specified t...

Страница 200: ...aximum number of the entries in the MAC address notification table is 50 Command mode Global configuration mode Usage guidelines The MAC address notification function is specific for only dynamic MAC...

Страница 201: ...e forwarded to Default configuration No static MAC address is configured by default Command mode Global configuration mode Usage guidelines A static MAC address has the same function as the dynamic MA...

Страница 202: ...ive mode Parameter description N A Command mode Global configuration mode Usage guidelines After the management and learning mode of the dynamic MAC address is set to the dispersive mode the device ca...

Страница 203: ...rm description mac manage learning uniform learning synchronization Use this command to synchronize the dynamic MAC address in the whole device in the uniform mode no mac manage learning uniform learn...

Страница 204: ...ss Binding MAC Addr 3 3 3 3 00d0 f811 1112 3 3 3 4 00d0 f811 1117 Related commands Command Description address bind Enable IP address MAC address binding show address bind uplink Use this command to s...

Страница 205: ...address and filtering address show mac address table address mac addr interface interface id vlan vlan id Parameter description Parameter Description address mac addr Specified MAC address interface...

Страница 206: ...address show mac address table aging time Use this command to display the aging time of the dynamic MAC address show mac address table aging time Command mode Privileged EXEC mode Examples Ruijie show...

Страница 207: ...ified vlan show mac address table dynamic Use this command to show the dynamic MAC address show mac address table dynamic address mac addr interface interface id vlan vlan id Parameter description Par...

Страница 208: ...nd mode Privileged EXEC mode Examples Ruijie show mac address table filtering Vlan MAC Address Type Interface 1 0000 2222 2222 FILTER Not available Related commands Command Description clear mac addre...

Страница 209: ...Command Description show mac address table static Show the static MAC address show mac address table filtering Show the filtering MAC address show mac address table dynamic Show the dynamic MAC addre...

Страница 210: ...the dispersive mode show mac address table notification Use this command to show the MAC address notification configuration and the MAC address notification table show mac address table notification i...

Страница 211: ...c Use this command to show the static MAC address show mac address table static addr mac addr interface interface id vlan vlan id Parameter description Parameter Description mac addr Destination MAC a...

Страница 212: ...1003 STATIC gigabitethernet 1 1 Related commands Command Description show mac address table static Show the static MAC address show mac address table filtering Show the filtering MAC address show mac...

Страница 213: ...ion Disabled Command mode Interface configuration mode Usage guidelines Use show mac address table notification interface to display configuration Examples Ruijie config interface gigabitethernet 1 1...

Страница 214: ...forwarded through different ports The packets with the same source and destination IP address pairs are forwarded through the same links At layer 3 this load balancing style is recommended dst ip Traf...

Страница 215: ...ncing algorithm configuration Configuration Examples Configure the MAC address based load balancing Ruijie config aggregateport load balance dst mac Related Commands Command Description show aggregate...

Страница 216: ...escription Parameter Description aggregate port number Interface number of the aggregate port load balance Show the load balance algorithm on the aggregate port summary Show the summary of the aggrega...

Страница 217: ...regation group numbers supported for different products active Places a port into an active negotiating state in which the port initiates negotiations with remote ports by sending LACP packets passive...

Страница 218: ...the ports with the function of forbidding the member ports to add to or leave the AP enabled and the function of forbidding the member ports to add to or leave the AP cannot be enabled on the LACP mem...

Страница 219: ...system priority is 32768 Command mode Global configuration mode Usage guidelines LACP system priority consists of the Layer2 management MAC address and its priority value where the MAC address is fixe...

Страница 220: ...e show LACP summary Flags S Device is sending Slow LACPDUs F Device is sending fast LACPDUs A Device is in active mode P Device is in passive mode Aggregate port 3 Local information LACP port Oper Por...

Страница 221: ...ggregated Down represents the disconnection port state susp indicates that the port is not aggregated LACP Port Priority Show the LACP port priority Oper Key Show the port operation key Port Number Sh...

Страница 222: ...figuration mode that is the switchport access vlan vlan id command For the two commands of adding the interface to the VLAN the command configured later will overwrite the one configured before and ta...

Страница 223: ...Access Native Protected VLAN lists AggregatePort 10 enabled ACCESS 20 1 Disabled ALL Related Commands Command Description show interface interface id switchport Show the layer 2 interfaces Platform D...

Страница 224: ...mode Usage Guide To return to the privileged EXEC mode input end or pressing Ctrl C To return to the global configuration mode input exit Configuration Examples Ruijie show vlan id 1 VLAN Name Status...

Страница 225: ...mands Command Description switchport mode Specify the interface as Layer 2 mode switch port mode switchport trunk Use this command to specify a native VLAN and the allowed VLAN list for the trunkport...

Страница 226: ...native VLAN and the allowed VLAN list for the trunkport Platform Description N A switchport trunk Use this command to specify a native VLAN and the allowed VLAN list for the trunk port Use the no form...

Страница 227: ...er you can prevent the traffic from passing over the trunk port by configuring allowed VLAN lists on a trunk port Use the show interfaces switchport command to display configuration Configuration Exam...

Страница 228: ...A Command mode Global configuration mode Usage Guide To return to the privileged EXEC mode input end or pressing Ctrl C To return to the global configuration mode input exit Configuration Examples Rui...

Страница 229: ...escription Parameter Description num Profile indexes type Type of message and Ethernet Defaults N A Command mode Global configuration mode Usage Guide N A Configuration Examples Ruijie config protocol...

Страница 230: ...de N A Configuration Examples Ruijie config if protocol vlan profile 1 vlan 101 Related Commands Command Description show protocol vlan profile N A show protocol vlan profile num N A no protocol vlan...

Страница 231: ...CLI ReferenceInterface Configuration Commands Protocol VLAN Configuration Commands Examples Related Commands Command Description N A N A Platform Description N A...

Страница 232: ...rimary Configure it as the primary VLAN no Delete the corresponding private VLAN configuration Default configuration No private VLAN is configured Command mode VLAN configuration Mode Examples Ruijie...

Страница 233: ...scription The software version must be RGOS10 1 and later private vlan mapping Use this command to map the secondary VLAN to the L3 SVI interface private vlan mapping svlist add svlist remove svlist n...

Страница 234: ...vate vlan host Related commands Command Description show vlan private vlan Platform description The software version must be RGOS10 1 and later switchport private vlan host association Use this comman...

Страница 235: ...n p_vid Primary VID s_vid Secondary VID no Delete the host port from the private VLAN Command mode Interface configuration mode Examples Ruijie config interface gigabitEthernet 0 2 Ruijie config if sw...

Страница 236: ...ption show vlan private vlan Platform description The software version must be RGOS10 1 and later switchport private vlan promiscuous trunk Use this command to configure the ports as a promiscuous tru...

Страница 237: ...uration of private VLAN show vlan private vlan community primary isolated Parameter description Parameter Description primary Show the primary VLAN information community Show the community VLAN inform...

Страница 238: ...rsion must be RGOS10 1 and later switchport hybrid native vlan Use this command to configure the default VLAN of a hybrid port switchport hybrid native vlan vid no switchport hybrid native vlan Parame...

Страница 239: ...escription Parameter Description no Restore the output rules of the hybrid port to the default settings Default configuration No output rules are configured Command mode Interface mode Examples Ruijie...

Страница 240: ...the no share command to cancel the share vlan Enter the end command or Ctrl C to return to the privileged EXEC mode Enter the exit command to return to the global configuration mode Examples Ruijie co...

Страница 241: ...s Enter the end command or Ctrl C to return to the privileged EXEC mode Enter the exit command to return to the global configuration mode Examples Ruijie show mac address table share Vlan MAC Address...

Страница 242: ...sage guidelines Use this command to enable the Voice VLAN and specify the Voice Vlan ID Caution 1 The corresponding VLAN shall be created before configuring the Voice VLAN 2 The default VLAN is VLAN1...

Страница 243: ...inutes The Voice VLAN aging time Default Settings 1440 minutes Command mode Global configuration mode Usage guidelines If the device has not received any voice packets from the port within the aging t...

Страница 244: ...lowing example shows how to set the Voice VLAN CoS value as 5 Ruijie config voice vlan cos 5 Related commands Command Description show voice vlan Show Voice VLAN configurations and the current state v...

Страница 245: ...e no form of this command to disable this function voice vlan enable no voice vlan enable Parameter description Parameter Description Default Settings Disabled Command mode Interface configuration mod...

Страница 246: ...r the OUI address text The description for the OUI address Default Settings By default no OUI has been configured Command mode Global configuration mode Usage guidelines Use this command to identify t...

Страница 247: ...he Voice VLAN on each port are independent and different ports can work in different working modes In different working modes the methods of enabling the Voice VLAN function on the port are different...

Страница 248: ...ands Command Description show voice vlan Show Voice VLAN configurations and the current state voice vlan security enable Use this command to enable the Voice VLAN security mode in the global configura...

Страница 249: ...n voice vlan tag that free from the Voice VLAN security normal mode the devices forward or discard those packets according to the VLAN rule Examples The following example shows how to enable the Voice...

Страница 250: ...PORT MODE Fa0 1 Auto Related commands Command Description voice vlan vlan id Set a voice vlan voice vlan aging minutes Set the Voice VLAN aging time voice vlan cos cos value Set the CoS value for the...

Страница 251: ...ne 0060 b900 0000 ffff ff00 0000 Philips NEC phone 00d0 1e00 0000 ffff ff00 0000 Pingtel phone 00e0 7500 0000 ffff ff00 0000 Polycom phone 00e0 bb00 0000 ffff ff00 0000 3com phone The following lists...

Страница 252: ...source MAC address of the voice flow which needs to jump from the other VLAN to the voice VLAN Examples The following example shows the MAC address of the voice device learnt on the current device Ru...

Страница 253: ...ceInterface Configuration Commands Voice VLAN Configuration Commands commands voice vlan mac address mac addr mask oui mask description text Set the OUI address for the voice packet recognized by the...

Страница 254: ...Ruijie configure terminal Enter configuration commands one per line End with CNTL Z Ruijie config interface fastethernet 0 10 Ruijie config if mac vlan enable Ruijie config if no mac vlan enable Ruiji...

Страница 255: ...is used to delete the relationship between the MAC address and VLAN Examples Ruijie configure terminal Enter configuration commands one per line End with CNTL Z Ruijie config mac vlan mac address 0001...

Страница 256: ...parameter mac address is specified without the parameter mask the MAC VLAN entry of the single MAC address is shown If the parameters mac address and mask are both specified the MAC VLAN entries in t...

Страница 257: ...w the MAC VLAN enabled port list show mac vlan interface Parameter description Parameter Description Command mode Privileged EXEC mode Usage guidelines With the MAC VLAN function enabled on the port u...

Страница 258: ...his MAC address are received no Indicates that the BPDU frames from any MAC address are received Defaults Disabled Command Mode Interface configuration mode Usage Guide Configuration Examples Ruijie c...

Страница 259: ...o force the interface to send the RSTP BPDU frames and check the BPDU frames clear spanning tree detected protocols interface interface id Parameter Description Parameter Description interface id ID o...

Страница 260: ...unters Show statistics of STP receiving transmitting packets Defaults N A Command Mode Privileged EXEC mode Usage Guide Configuration Examples Ruijie show spanning tree hello time Related Commands Com...

Страница 261: ...the portfast on an interface spanning tree bpduguard Enable the BPDU guard on an interface spanning tree link type Set the link type of an interface to point to point Platform Description show spanni...

Страница 262: ...s max age seconds no spanning tree forward time hello time max age Parameter Description Parameter Description forward time seconds Interval at which the port status changes hello time seconds Interva...

Страница 263: ...ation mode Usage Guide Configuration Examples Ruijie config interface gigabitethernet 1 1 Ruijie config if spanning tree autoedge disabled Related Commands Command Function show spanning tree interfac...

Страница 264: ...isable the BPDU guard function on the interface spanning tree bpduguard enabled disabled Parameter Description Parameter Description enabled Enable BPDU guard on an interface disabled Disable BPDU gua...

Страница 265: ...cription Platform Description spanning tree guard loop This command is used to enable loop guard on an interface to prevent the root port or backup port from generating loop as the result that they ca...

Страница 266: ...e configuration mode Usage Guide Configuration Examples Ruijie config spanning tree guard none Related Commands Command Description Platform Description spanning tree guard root This command is used t...

Страница 267: ...on the interface will not be processed spanning tree ignore tc no spanning tree ignore tc Parameter Description Parameter Description Defaults By default the TC filtering function is disabled Command...

Страница 268: ...spanning tree link type point to point Related Commands Command Description show spanning tree interface Show the STP configuration of an interface Platform Description spanning tree loopguard default...

Страница 269: ...he device before being dropped which ranges from 1 to 40 Defaults The default is 20 hops Command Mode Global configuration mode Usage Guide In the region the BPDU frame sent by the root bridge include...

Страница 270: ...mand Mode Global configuration mode Usage Guide Configuration Examples Ruijie config spanning tree mode stp Related Commands Command Description show spanning tree Show the spanning tree configuration...

Страница 271: ...32 characters You can use the no name command to restore the default setting revision version Set the MST version which ranges from 0 to 65535 You can use the no name command to restore the default s...

Страница 272: ...he default value is calculated by the link rate of the interface automatically 1000 Mbps 20000 100 Mbps 200000 10 Mbps 2000000 Command Mode Interface configuration mode Usage Guide A higher cost value...

Страница 273: ...iguration mode Usage Guide When a loop occurs in the region the interface of a higher priority will be in charge of forwarding If all interfaces have the same priority the interface with a smaller num...

Страница 274: ...ance id Instance ID in the range of 0 to 64 priority Device priority for which sixteen integers are available 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 and 61...

Страница 275: ...t method This command is used to configure the path cost of a port You can use the no option of the command to restore the default setting spanning tree pathcost method long standard short no spanning...

Страница 276: ...tfast Related Commands Command Description show spanning tree interface Show the STP configuration of the interface Platform Description spanning tree portfast bpdufilter default This command is used...

Страница 277: ...iguration mode Usage Guide Once the BPDU guard is enabled on the interface you will enter the error disabled status if the BPDU message is received at the interface You can use the show spanning tree...

Страница 278: ...onfiguration to default This command does not have the no option spanning tree reset Parameter Description Parameter Description Command Mode Global configuration mode Usage Guide Configuration Exampl...

Страница 279: ...guard Related Commands Command Description Platform Description spanning tree tc protection This command is used to enable tc protection globally You can use the no option of this command to disable...

Страница 280: ...ation mode Usage Guide Configuration Examples Ruijie config spanning tree tc protection tc guard Related Commands Command Description Platform Description spanning tree tx hold count This command is u...

Страница 281: ...tion Commands MSTP Configuration Commands Usage Guide Configuration Examples Ruijie config spanning tree tx hold count 5 Related Commands Command Description show spanning tree Show the global MSTP co...

Страница 282: ...t transmission of BPDU frames is disabled on a device by default Command Modes Global configuration mode Usage Guidelines Examples Example 1 Enable transparent transmission of BPDU frames on a device...

Страница 283: ...Ruijie config no bridge frame forwarding protocol gvrp Related Commands Command Description Platform Description bridge frame forwarding protocol 802 1x Use the bridge frame forwarding protocol 802 1x...

Страница 284: ...f this command to disable transparent transmission of reserved multicast frames bridge frame forwarding protocol reserved multicast no bridge frame forwarding protocol reserved multicast Parameter Des...

Страница 285: ...tocol cisco pvst no bridge frame forwarding protocol cisco pvst Parameter Description Parameter Description Defaults Transparent transmission of PVST frames is enabled on a device by default Command M...

Страница 286: ...ault Allow sending the GVRP advertisement on the port Command mode Interface configuration mode Usage guidelines Use the show gvrp configuration to show the related configurations Examples Ruijie conf...

Страница 287: ...nfiguration Show the GVRP configurations gvrp enable Use this command to enable the GVRP function Use the no form of this command to restore it to the default setting gvrp enable no gvrp enable Parame...

Страница 288: ...configurations Examples Ruijie config if gvrp registration mode normal Related commands Command Description show gvrp configuration Show the GVRP configurations gvrp timer Use this command to set the...

Страница 289: ...t so that the Leave timer begins counting The actual sending interval is ranging from leaveall to leaveall join Default Join timer 200ms Leave timer 600ms Leaveall timer 10000ms Command mode Global co...

Страница 290: ...to show the GVRP configurations show gvrp configuration Parameter description Parameter Description Default NA Command mode Privileged EXEC mode Usage guidelines Use the show gvrp configuration to sho...

Страница 291: ...mode normal reg mode normal Port GigabitEthernet 3 11 app mode normal reg mode normal Port GigabitEthernet 3 12 app mode normal reg mode normal Related commands Command Description show gvrp statisti...

Страница 292: ...nPropagated 0 LeavePropagated 0 Related commands Command Description clear gvrp statistics Clear the statistics of one interface or all interfaces show gvrp status Use this command to show the GVRP st...

Страница 293: ...suffix number street number suffix landmark additional location information name postal code building unit floor room type of place postal community name post office box additional code ca word Param...

Страница 294: ...cription show lldp location civic location identifier id interface interface name static Show the LLDP Civic Address information Platform description Only supported by switch products clear lldp stati...

Страница 295: ...ault Command mode Privilege mode Usage guidelines If the interface parameter is specified clear the LLDP neighbor information of the specified interface If the interface parameter is not specified cle...

Страница 296: ...ce type is Switch 2 indicates the device type is LLDP MED terminal Default 1 Command mode LLDP Civic Address configuration mode Usage guidelines Enter the LLDP Civic Address configuration mode and con...

Страница 297: ...ally Examples Disable LLDP globally and on the interface Ruijie configure terminal Ruijie config no lldp enable Ruijie config interface gigabitethernet 0 1 Ruijie config if GigabitEthernet 0 1 no lldp...

Страница 298: ...n Only supported by switch products lldp error detect Configure the LLDP error detection including the detection of VLAN configurations on both sides of the link port state detection port aggregation...

Страница 299: ...vice learn the local device information as soon as possible The fast sending mechanism shortens the sending cycle of LLDP packets to 1s The device will continuously send a certain number of LLDP packe...

Страница 300: ...ice information on the neighbor device can be controlled by adjusting TTL multiplier Examples Configure TTL multiplier to 5 Ruijie configure terminal Ruijie config lldp hold multiplier 5 Related comma...

Страница 301: ...LDP Civic Address information Platform description Only supported by switch products lldp location elin identifier Configure the encapsulated urgent phone number of Location Identification TLV Use no...

Страница 302: ...rtised is the IPv4 address of the lowest ID VLAN carried on the port Command mode Interface configuration mode Usage guidelines By default the management address is advertised in LLDP packets and is t...

Страница 303: ...and receive LLDP packets The precondition for enabling LLDP on the interface is that LLDP has been enabled globally and LLDP operates in tx rx or txrx mode Examples Configure LLDP operating mode as t...

Страница 304: ...config Ruijie config lldp network policy profile 1 Ruijie config lldp network policy Related commands Command Description show lldp network policy profile profile num Show the LLDP network policy Plat...

Страница 305: ...of this command to restore to the default interval lldp timer notification interval seconds no lldp timer notification interval Parameter description Parameter Description seconds Configure the interv...

Страница 306: ...configuration mode Usage guidelines To prevent LLDP from being initialized too frequently due to the frequent operating mode change you can configure port initialization delay Examples Configure LLDP...

Страница 307: ...DPDU transmission delay to 3 seconds Ruijie configure terminal Ruijie config lldp timer tx delay 3 Related commands Command Description show lldp status Display LLDP status information Platform descri...

Страница 308: ...ile num power over ethernet no lldp tlv enable basic tlv all port description system capability system description system name dot1 tlv all port vlan id protocol vlan id vlan name dot3 tlv all link ag...

Страница 309: ...zationally specific TLVs if the all parameter is specified all corresponding optional TLVs will be advertised When configuring LLDP MED TLVs if the all parameter is specified all LLDP MED TLVs other t...

Страница 310: ...y the voice application type voice signaling Specify the voice signaling application type vlan id Optional Specify the VLAN ID of voice flows Range 1 4094 cos Optional Class of service cvalue Optional...

Страница 311: ...the LLDP information of local device The information will be encapsulated in the TLVs and sent to the neighbor device show lldp local information global interface interface name Parameter description...

Страница 312: ...ame Port id GigabitEthernet 0 1 Port description Management address subtype 802 mac address Management address 00d0 f822 33aa Interface numbering subtype Interface number 0 Object identifier 802 1 org...

Страница 313: ...e system System capabilities enabled Capabilities currently enabled by the system LLDP MED capabilities LLDP MED capabilities supported by the system Device class MED device class which is divided int...

Страница 314: ...Auto negotiation advertising capability of the port Operational MAU type Speed and duplex state of the port PoE support Indicates whether POE is supported Link aggregation supported Indicates whether...

Страница 315: ...tatic Show the address information or urgent phone number information configured by all users Default Command mode Privilege mode Usage guidelines If a policy ID is specified show the specific address...

Страница 316: ...terface name detail Parameter description Parameter Description interface name Interface name detail Show all information of neighbor devices Default Command mode Privilege mode Usage guidelines If th...

Страница 317: ...er 0 Object identifier LLDP MED capabilities Device class HardwareRev FirmwareRev SoftwareRev SerialNum Manufacturer name Asset tracking identifier Port ID type Interface name Port id GigabitEthernet...

Страница 318: ...System name System name System description The description of the system including hardware software versions and operational system information System capabilities supported Functions supported by th...

Страница 319: ...uto negotiation speed and duplex status PoE support Whether to support PoE Link aggregation supported Whether to support link aggregation Link aggregation enabled Whether to enable link aggregation Ag...

Страница 320: ...mand Description Platform description Only supported by switch products show lldp statistics Display LLDP statistics show lldp statistics global interface interface name Parameter description Paramete...

Страница 321: ...of neighbor information deleted Number of times of removing neighbor information The number of neighbor information dropped Number of times of dropping neighbor information The number of neighbor inf...

Страница 322: ...status of LLDP Enable Neighbor information last changed time 1hour 52minute 22second Transmit interval 30s Hold multiplier 4 Reinit delay 2s Transmit delay 2s Notification interval 5s Fast start count...

Страница 323: ...ort Error detect enable Whether error detection is enabled on the port Number of neighbors Number of neighbors Number of MED neighbors Number of MED neighbors Related commands Command Description Plat...

Страница 324: ...d TLV Port VLAN ID TLV YES YES Port And Protocol VLAN ID TLV YES YES VLAN Name TLV YES YES IEEE 802 3 extend TLV MAC Physic TLV YES YES Power via MDI TLV YES YES Link Aggregation TLV YES YES Maximum F...

Страница 325: ...nfiguration N A Command mode Interface configuration mode Examples Here is an example of configuring vid in the tag of input message as 4 22 adding the vid in the tag as 3 Ruijie configure Ruijie conf...

Страница 326: ...ijie config interface gigabitEthernet 0 1 Ruijie config if switchport mode access Ruijie config if dot1q relay vid 100 translate local vid 10 20 Ruijie config if end Related commands Command Descripti...

Страница 327: ...ow translation table interface intf id Platform description The software version must be RGOS10 4 and later dot1q new outer vlan vid translate old outer vlan vid inner vlan v list Use this command to...

Страница 328: ...4 and later dot1q tunnel cos inner cos value remark cos outer cos value Use this command to map the priority from the outer tag to the inner tag for the packets on the interface dot1q tunnel cos inner...

Страница 329: ...anufacturer ID Command mode Interface configuration mode Examples Ruijie config interface g0 3 Ruijie config if frame tag tpid 0x9100 Ruijie config if end Ruijie show frame tag tpid Port tpid Gi0 3 0x...

Страница 330: ...e destination VLAN mac address mapping index id source vlan src vlan id destination vlan dst vlan list no mac address mapping index id source vlan src vlan id destination vlan dst vlan list Parameter...

Страница 331: ...orresponding dot1q tunnel interface configuration Default configuration No dot1q tunnel interface is configured Command mode Interface configuration mode Examples Here is an example of configuring the...

Страница 332: ...lated commands Command Description show vlan Platform description The software version must be RGOS10 1 and later switchport dot1q tunnel allowed vlan Use this command to configure the allowed VLAN of...

Страница 333: ...RGOS10 3 and later switchport dot1q tunnel native vlan Use this command to configure the default vlan id of dot1q tunnel switchport dot1q tunnel native vlan vid no switchport dot1q tunnel native vlan...

Страница 334: ...d mode Interface configuration mode Examples Here is an example of configuring outer vid of input message whose source address is 1 1 1 1 as 3 Ruijie configure Ruijie config ip access list standard 2...

Страница 335: ...d to_6 Ruijie config std nacl permit host 1 1 1 2 Ruijie config std nacl exit Ruijie config interface gigabitEthernet 0 1 Ruijie config if switchport mode trunk Ruijie config if traffic redirect acces...

Страница 336: ...fic redirect access group 20 nested vlan 10 in Ruijie config if end Related commands Command Description show traffic redirect Platform description The software version must be RGOS10 1 and later vlan...

Страница 337: ...e software version must be RGOS10 4 and later vlan mapping out vlan src vlan remark dest vlan Use this command to configure the policy list of the one to one VLAN mapping in the outgoing direction on...

Страница 338: ...set the dot1q tunnel port to receive L2 protocol message l2protocol tunnel stp gvrp no l2protocol tunnel stp gvrp Parameter description Parameter Description stp Receive stp message gvrp Receive gvrp...

Страница 339: ...e Ruijie configure Ruijie config interface fa 0 1 Ruijie config if l2protocol tunnel gvrp enable Ruijie config if end Related commands Command Description show l2protocol tunnel gvrp stp Platform desc...

Страница 340: ...l transparent transmission function Ruijie config if l2protocol tunnel gvrp tunnel dmac 011AA9 000005 Ruijie config if end Related commands Command Description show l2protocol tunnel gvrp stp Platform...

Страница 341: ...erface Default configuration The tpid is not modified Command mode Privileged EXEC mode Examples Ruijie show frame tag tpid Ports tpid Gi0 1 0x9100 Platform description The software version must be RG...

Страница 342: ...tion N A Command mode Privileged EXEC mode Examples Ruijie show interface dot1q tunnel Interface Gi0 3 Native vlan 10 Allowed vlan list 4 6 10 30 60 Tagged vlan list 4 6 30 60 Platform description The...

Страница 343: ...escription Parameter Description index id MAC address copy policy ID Default configuration N A Command mode Privileged EXEC mode Examples ruijie show interface mac address mapping 1 Ports Destination...

Страница 344: ...stration table interface intf id Parameter description Parameter Description intf id Specific Interface Default configuration Null policy list Command mode Privileged EXEC mode Examples Ruijie show re...

Страница 345: ...be RGOS10 3 and later show translation table Use this command to show vid modify policy list of protocol based access trunk hybrid port show translation table interface intf id Parameter description P...

Страница 346: ...ion Parameter Description gvrp Show configuration of transparently transmitting gvrp protocol stp Show configuration of transparently transmitting stp protocol Default configuration N A Command mode P...

Страница 347: ...ion Commands 3 DHCP Configuration Commands 4 DHCPv6 Configuration Commands 5 DNS Module Configuration Commands 6 FTP Server Configuration Commands 7 FTP CLIENT Configuration Commands 8 Network Connect...

Страница 348: ...is arpa for the Ethernet interface alias Optional RGOS will respond to the ARP request from this IP address after this parameter is defined Defaults There is no static mapping record in the ARP cache...

Страница 349: ...icast message from attacking the CPU User could set the num parameter of this command to decide whether it attacks the CPU in specific network environment or disable this function Use the arp anti ip...

Страница 350: ...faults This function is not enabled on the interface to send the free ARP request regularly Command Mode Interface configuration mode Usage Guide If an interface of the switch is used as the gateway o...

Страница 351: ...s 1s Command Mode Global configuration mode Usage Guide The switch sends the ARP request message frequently and thus causing problems like network busy In this case you can set the retry interval of t...

Страница 352: ...sy In this case you can set the retry times of the ARP request smaller In general the retry times should not be set too large Configuration Examples The following configuration will set the local ARP...

Страница 353: ...dynamically from FastEthernet port 0 1 to 120 seconds interface fastEthernet 0 1 arp timeout 120 Related Commands Command Description clear arp cache Clear the ARP cache list show interface Show the i...

Страница 354: ...r Description Parameter Description N A N A Defaults GSN trusted ARP is not aging by default Command Mode Global configuration mode Usage Guide Use this command to set trusted ARP aging Aging time is...

Страница 355: ...mit the quantity of the unresolved entries Configuration Examples The following configuration sets the maximum number of the unresolved items as 500 arp unresolve 500Ruijie config interface vfc bind m...

Страница 356: ...ar arp cache interface Vlan 1 Related Commands Command Description arp Add a static mapping record to the ARP cache table Platform Description The parameter trusted is not supported by routers clear i...

Страница 357: ...0 stands for the host bit with 8 bits in one group in decimal format Groups are separated by dots secondary Indicates the secondary IP address that has been configured gateway ip address Configure th...

Страница 358: ...bridge networks that have not been divided into different subnets Use of secondary IP addresses will make it very easy to upgrade this network to an IP layer based routing network The equipment config...

Страница 359: ...p address no ip broadcast addresss Parameter Description Parameter Description ip address Broadcast address of IP network Defaults The default IP broadcast address is 255 255 255 255 Command Mode Inte...

Страница 360: ...et After the directed broadcast packet reaches a device that is directly connected to this subnet the device converts the directed broadcast packet into a flooding broadcast packet typically the broad...

Страница 361: ...arameter Description Parameter Description N A N A Defaults By default no ICMP mask response message is sent Command mode Interface configuration mode Usage Guide Sometimes a network device needs the...

Страница 362: ...same physical network segment must have the same IP MTU for the interconnected interface If the interface configuration command mtu is used to set the maximum transmission unit value of the interface...

Страница 363: ...h is Ethernet MAC address of the device itself Configuration Examples The following is an example of enabling ARP on FastEthernet port 0 1 interface fastEthernet 0 1 ip proxy arp Related Commands Comm...

Страница 364: ...mand is supported on the Layer 2 switch only ip source route Use this command to allow the RGOS software to process an IP packet with source route information in global configuration mode The no form...

Страница 365: ...d interface should be associated to an interface with an IP address The source IP address of the IP packet generated by an unnumbered interface is the IP address of the associated interface In additio...

Страница 366: ...ination unreachable messages The no form of this command disables this function ip unreachables no ip unreachables Parameter Description Parameter Description N A N A Defaults Enabled Command Mode Int...

Страница 367: ...the GSN scheme it should be used together with the GSN scheme In the following three cases the STP protocol clears not only the dynamic MAC address of a port but also the trusted entries including tr...

Страница 368: ...s incomplete Show all the unresolved dynamic ARP entries mac address Show the ARP entry with the specified mac address Defaults N A Command Mode Any Usage Guide N A Configuration Examples The followin...

Страница 369: ...pa VLAN 1 The following is the output result of show arp 192 168 195 0 255 255 255 0 Ruijie show arp 192 168 195 0 255 255 255 0 Protocol Address Age min Hardware Type Interface Internet 192 168 195 6...

Страница 370: ...N A Platform Description N A show arp detail Use this command to show the details of the Address Resolution Protocol ARP cache table show arp detail interface type interface number ip mask mac addres...

Страница 371: ...20 1 1 1 000f e200 0001 Static 20 1 1 1 000f e200 0001 Static Vl3 20 1 1 1 000f e200 0001 Static Vl3 Gi2 0 1 193 1 1 70 00e0 fe50 6503 Dynamic 1 Vl3 Gi2 0 1 192 168 0 1 0012 a990 2241 Dynamic 10 Gi2...

Страница 372: ...sociated with the IP addresses Related Commands Command Description Platform Description This command is supported on the Layer 3 switch but not supported on the router show arp packet statistics Use...

Страница 373: ...se this command to show the aging time of a dynamic ARP entry on the interface show arp timeout Parameter Description Parameter Description N A N A Defaults N A Command Mode Any Usage Guide N A Config...

Страница 374: ...e output of show ip arp Ruijie show ip arp Protocol Address Age min Hardware Type Interface Internet 192 168 7 233 23 0007 e9d9 0488 ARPA FastEthernet 0 0 Internet 192 168 7 112 10 0050 eb08 6617 ARPA...

Страница 375: ...Related Commands Command Description N A N A Platform Description This command is not supported on the Layer 2 switch show ip interface Use this command to show the IP status information of an interfa...

Страница 376: ...ip interface brirf command Ruijie show ip interface brief Interface IP Address Pri IP Address Sec Status Protocol GigabitEthernet 0 10 2 2 2 2 24 3 3 3 3 24 down down GigabitEthernet 0 11 no address n...

Страница 377: ...roadcast is forwarded ICMP mask reply is Show whether an ICMP mask response message is sent Send ICMP redirect is Show whether an ICMP redirection message is sent Send ICMP unreachabled is Show whethe...

Страница 378: ...redirection packet Outgoing access list is Show whether an outgoing access list has been configured for an interface Inbound access list is Show whether an incoming access list has been configured for...

Страница 379: ...tion ip default gateway Configure the default gateway which is only supported on the Layer 2 switch Platform Description N A show ip redirects Use this command to show the default gateway show arp tim...

Страница 380: ...command to remove the default gateway ip default gateway no ip default gateway Parameter Description Parameter Description N A N A Defaults By default no default gateway is configured Command Mode Glo...

Страница 381: ...tion is executed Command Mode Global configuration mode Usage Guide In order to validate this command enable the trusted ARP function first This command is needed only when the VLAN sent by the server...

Страница 382: ...d Configuration Examples Ruijie clear ipv6 neighbors Related Commands Command Description ipv6 neighbor Configure the neighbor show ipv6 neighbors Show the neighbor information Platform Description N...

Страница 383: ...it interface ID Defaults N A Command Mode Interface configuration mode Usage Guide When an IPv6 interface is created and the link status is UP the system will automatically generate a local IP address...

Страница 384: ...ving the RA Route Advertisement message the device could use the prefix information of the RA message to automatically generate the EUI 64 interface address If the RA message contains the flag of the...

Страница 385: ...ot be disabled with no ipv6 enable Configuration Examples Ruijie config if ipv6 enable Related Commands Command Description show ipv6 interface Show the related information of an interface Platform De...

Страница 386: ...ng example configures manually a general prefix as my prefix Ruijie config ipv6 general prefix my prefix 2001 1111 2222 48 Related Commands Command Description ipv6 address prefix name sub bits prefix...

Страница 387: ...tion Examples Related Commands Command Description Platform Description ipv6 neighbor Use this command to configure a static neighbor Use the no form of this command to remove the setting ipv6 neighbo...

Страница 388: ...atic one The configured static neighbor is always in the Reachable status Use clear ipv6 neighbors to clear all the neighbors dynamically learned through NDP Use show ipv6 neighbors to view the neighb...

Страница 389: ...collision check for the down up interface Whenever the state of an interface changes from down to up the address collision check function of the interface will be enabled Configuration Examples Ruiji...

Страница 390: ...nd other config flag no ipv6 nd other config flag Parameter Description Parameter Description N A N A Defaults The flag bit is not set by default Command mode Interface configuration mode Usage Guide...

Страница 391: ...o short interval Configuration Examples Ruijie conifig if ipv6 nd ns interval 2000 Related Commands Command Description show ipv6 interface Show the interface information Platform Description N A ipv6...

Страница 392: ...nd can be used to configure the parameters of each prefix including whether to advertise the prefix By default the prefix advertised in RA is the one set with ipv6 address on the interface To add othe...

Страница 393: ...nd ra hoplimit Parameter Description Parameter Description value Hopcount Defaults The default value is 64 Command Mode Interface configuration mode Usage Guide It is used to set the hopcount of the...

Страница 394: ...ong the link occupies network bandwidth while sending the RA message the actual interval for sending the RA message will be fluctuated 20 based on the set value If the key word min max is specified th...

Страница 395: ...interval Configuration Examples Ruijie conifig if ipv6 nd ra lifetime 2000 Related Commands Command Description show ipv6 interface Show the interface information ipv6 nd ra interval Set the interval...

Страница 396: ...or in the range 0 to 3600000 milliseconds Defaults The default value in RA is 0 unspecified the reachable time for the neighbor is 30000ms 30s when the device discovers the neighbor Command Mode Inter...

Страница 397: ...mmand Mode Interface configuration mode Usage Guide This command suppresses the sending of the RA message on an interface Configuration Examples Ruijie config if ipv6 nd suppress ra Related Commands C...

Страница 398: ...MPv6 redirect message when the switch receives and forwards an IPv6 packet through an interface Use the no form of this command to disable the function ipv6 redirects no ipv6 redirects Parameter Descr...

Страница 399: ...91 The next hop IP address and the next hop outgoing interface can be specified at the same time Note that if the next hop IP address is a link local address the outgoing interface must be specified v...

Страница 400: ...Description show ipv6 route Show the IPv6 route information Platform Description N A ipv6 source route Use this command to forward the IPv6 packet with route header The no form of this command disable...

Страница 401: ...The following table shows the meanings of symbols returned by the ping command Signs Meaning The response to each request sent is received The response to the request sent is not received within a re...

Страница 402: ...ter Description Parameter Description interface name Interface name Defaults N A Command Mode Privileged EXEC mode Usage Guide N A Configuration Examples The following example shows all IPv6 address c...

Страница 403: ...m the DHCPv6 agent Configuration Examples The following example shows the information of the general prefix Ruijie show ipv6 general prefix There is 1 general prefix IPv6 general prefix my prefix acqu...

Страница 404: ...TU is 1500 bytes ICMP error messages limited to one every 10 milliseconds ICMP redirects are enabled ND DAD is enabled number of DAD attempts 1 ND reachable time is 30000 milliseconds ND advertised re...

Страница 405: ...able time is 0 milliseconds ND advertised retransmit time is 0 milliseconds ND advertised CurHopLimit is 64 Prefixes total 1 fec0 1 1 1 64 Def Auto vltime 2592000 pltime 604800 flags LA Description of...

Страница 406: ...configured with the corresponding IPv6 address CFG Indicate that the prefix is manually configured Adv Indicate that the prefix will not be advertised vltime Valid lifetime of the prefix measured in...

Страница 407: ...w ipv6 neighbors verbose IPv6 Address Linklayer Addr Interface 2001 1 00d0 f800 0001 vlan 1 State Reach H Age asked 0 fe80 200 ff fe00 1 00d0 f800 0001 vlan 1 State Reach H Age asked 0 Field Meaning I...

Страница 408: ...mer milliseconds until the response from the neighbor is received or the number of the sent NSs hits MAX_UNICAST_SOLICIT 3 Unknown state R indicate the neighbor is considered as a device H The neighbo...

Страница 409: ...statistics Use the following command to show the statistics of all IPv6 neighbors show ipv6 neighbors statistics all Parameter Description Parameter Description vrf name VRF name Defaults N A Command...

Страница 410: ...total interface name Parameter Description Parameter Description total Show total statistics of all interfaces interface name Interface name Defaults N A Command Mode Privileged EXEC mode Usage Guide...

Страница 411: ...Parameter Description Parameter Description static Show the static routes vrf name VRF name local Show the local routes connected Show the directly connected routes Defaults N A Command Mode Privileg...

Страница 412: ...e Platform Description N A show ipv6 route summary Use the following command to show the statistics of one IPv6 route table show ipv6 route vrf vrf name summary Use the following command to show the s...

Страница 413: ...Description N A show ipv6 routers In the IPv6 network some neighbor routers send out the advertisement messages Use this command to show the neighbor routers and the advertisement show ipv6 routers i...

Страница 414: ...id lifetime 2592000 sec preferred lifetime 604800 sec Related Commands Command Description N A N A Platform Description N A tunnel destination Use this command to specify the destination address for t...

Страница 415: ...unnel Platform Description N A tunnel mode gre Use this command to configure GRE tunnel mode Use the no form of this command to restore it to the default IPv6 tunnel mode tunnel mode gre ip tunnel mod...

Страница 416: ...Use the no form of this command to restore it to the default IPv6 tunnel mode tunnel mode ipv6 no tunnel mode Parameter Description Parameter Description N A N A Defaults The default mode is ipv6ip Co...

Страница 417: ...tunnel by default You can also use tunnel mode ipv6ip without any parameter to set a tunnel to manual tunnel For an auto tunnel no destination address is specified Configuration Examples The following...

Страница 418: ...of an interface When you configure an auto tunnel for example 6to4 and isatap it is recommended to specify the source address A device shall not be configured multiple tunnels with the same encapsula...

Страница 419: ...tunnel destination Configure the destination IP address of a tunnel Platform Description N A tunnel vrf Use this command to configure the VRF to which the outer layer addresses of a tunnel belong The...

Страница 420: ...t Ruijie config interface tunnel 1 Ruijie config tunnel1 tunnel mode ipv6ip Ruijie config tunnel1 tunnel vrf red Related Commands Command Description tunnel mode Configure the mode of a tunnel ip vrf...

Страница 421: ...SS corresponds to one network range which must be from low address to high address so as to allow the duplication of network segment range between multiple CLASSs If the CLASS associated with the addr...

Страница 422: ...so that DHCP clients can download the file from the corresponding server such as TFTP Other servers are defined by the next server command Examples The example below defines the device conf as the st...

Страница 423: ...CLASS s assigned addresses have been to the upper limit then continue to assign addresses for the next CLASS and so on Each CLASS corresponds to one network segment range that must be from low addres...

Страница 424: ...ernet0 1 For the definition of the media code refer to the Address Resolution Protocol Parameters section in RFC1700 This command is used only when the DHCP is defined by manual binding Examples The e...

Страница 425: ...lient name river Related commands Command Description host Define the IP address and network mask which is used to configure the DHCP manual binding ip dhcp pool Define the name of the DHCP address po...

Страница 426: ...of this command can be used to delete the definition of the DNS server dns server ip address ip address2 ip address8 no dns server Parameter description Parameter Description ip address Define the IP...

Страница 427: ...string of the DHCP client Default No suffix domain name by default Command mode DHCP address pool configuration mode Usage guidelines After the DHCP client obtains specified suffix domain name it can...

Страница 428: ...hen the DHCP is defined by manual binding Examples The example below defines the MAC address 00d0 f838 bf3d with the type ethernet hardware address 00d0 f838 bf3d Related commands Command Description...

Страница 429: ...g Examples The example below sets the client IP address as 192 168 12 91 and the network mask as 255 255 255 240 host 192 168 12 91 255 255 255 240 Related commands Command Description client identifi...

Страница 430: ...tEthernet 0 port obtain the IP address automatically interface fastEthernet 0 ip address dhcp Related commands Command Description dns server Define the DNS server of DHCP client ip dhcp pool Define t...

Страница 431: ...ption time The interval at which the system writes the DHCP lease binding database information into the flash The range is from 600 to 86400 seconds Default Disabled Command mode Global configuration...

Страница 432: ...dress no ip dhcp excluded address low ip address high ip address Parameter description Parameter Description low ip address Exclude the IP address or exclude the start IP address within the range of t...

Страница 433: ...icates disabling the ping operation The Ping operation sends two packets by default Default The Ping operation sends two packets by default Command mode Global configuration mode Usage guidelines When...

Страница 434: ...ime that the DHCP server waits for a ping response packet Examples In the configuration example below the waiting time of the ping response packet is 600ms ip dhcp ping timeout 600 Related commands Co...

Страница 435: ...ool0 Related commands Command Description host Define the IP address and network mask which is used to configure the DHCP manual binding ip dhcp excluded address Define the IP addresses that the DHCP...

Страница 436: ...in hours It is necessary to define the days before defining the hours minutes Optional Lease time in minutes It is necessary to define the days and hours before defining the minutes infinite Infinite...

Страница 437: ...t No WINS server is defined by default Command mode DHCP address pool configuration mode Usage guidelines When more than one WINS server is defined the former has higher priory The DHCP client will se...

Страница 438: ...broadcast method 2 Peer to peer which directly requests the WINS server to carry out the NetBIOS name resolution 3 Mixed which requests the name resolution by the broadcast method firstly and then ca...

Страница 439: ...ion mode Usage guidelines This command defines the subnet and subnet mask of a DHCP address pool and provides the DHCP server with an address space which can be assigned to the clients Unless excluded...

Страница 440: ...ervers can be configured Default N A Command mode DHCP address pool configuration mode Usage guidelines When more than one startup server is defined the former will possess higher priory The DHCP clie...

Страница 441: ...of current DHCP option refer to RFC 2131 Examples The configuration example below defines the option code 19 which determines whether the DHCP client can enable the IP packet forwarding 0 indicates to...

Страница 442: ...configures a global CLASS and enter the Option82 matching information configuration mode Ruijie config ip dhcp class myclass Ruijie config dhcp class relay agent information Ruijie config dhcp class r...

Страница 443: ...225654565 Ruijie config dhcp class relayinfo relay information hex 060223 Related commands Command Description ip dhcp class Define a CLASS and enter the global CLASS configuraiton mode relay agent in...

Страница 444: ...ameter description N A Default Disabled Command mode Global configuration mode Usage guidelines The DHCP server can assign the IP addresses to the clients automatically and provide them with the netwo...

Страница 445: ...show ip dhcp binding Show the address binding of the DHCP server clear ip dhcp conflict Use this command to clear the DHCP address conflict record in privileged user mode clear ip dhcp conflict ip add...

Страница 446: ...tatistics counter records the DHCP address pool automatic binding manual binding and expired binding Furthermore it also carries out the statistics to the number of sent and received DHCP messages The...

Страница 447: ...off the debugging switch debug ip dhcp server events packet no debug ip dhcp server events packet Parameter description Parameter Description events Show the DHCP message packet Show the DHCP packet...

Страница 448: ...default gateway addr 192 168 5 1 Next timer fires after 00 04 29 Retry count 0 Client ID redgaint 00d0 f8fb 5740 Fa0 0 Related commands Command Description ip address dhcp The device uses DHCP to oba...

Страница 449: ...dress of the DHCP client Lease expiration The expiration date of the lease The Infinite indicates it is not limited by the time The IDLE indicates the address is in the free status currently for it is...

Страница 450: ...IP address The IP addresses which cannot be assigned to the DHCP client Detection Method The conflict detection method Related commands Command Description clear ip dhcp confict Clear the DHCP confli...

Страница 451: ...ng of various fields in the show result is described as follows Field Description Address pools Number of address pools Lease count Number of allocated lease Automatic bindings Number of automatic add...

Страница 452: ...CLI Reference DHCP Configuration Commands commands clear ip dhcp server statistics Delete the DHCP server statistics...

Страница 453: ...hich may lead the client to request for the configurations from the server again Configuration Examples Ruijie clear ipv6 dhcp client vlan 1 Related Commands Command Description N A N A Platform Descr...

Страница 454: ...lear ipv6 dhcp conflict 2008 50 2 Related Commands Command Description show ipv6 dhcp conflict Show address conflict information Platform Description N A clear ipv6 dhcp relay statistics Use this comm...

Страница 455: ...Configuration Examples The following example shows how to clear the DHCPv6 server statistics Ruijie config clear ipv6 dhcp server statistics Related Commands Command Description N A N A Platform Desc...

Страница 456: ...ain name Use this command to set the domain name for the DHCPv6 server Use the no form of this command to remove the domain name domain name domain no domain name domain Parameter Description Paramete...

Страница 457: ...the preferred lifetime of the address allocated to the client Defaults By default no IA_NA address prefix is configured The default valid lifetime is 3600s 1 hour The default preferred lifetime is 360...

Страница 458: ...mand enabled the DHCPv6 client sends the prefix request to the DHCPv6 server The keyword rapid commit allows the client and the server two message interaction process With this keyword configured the...

Страница 459: ...nd Description ipv6 dhcp server Enable the DHCPv6 server function on the interface show ipv6 dhcp pool Show the DHCPv6 pool information Platform Description N A ipv6 dhcp relay destination Use this co...

Страница 460: ...e relay reply message can be forwarded without the relay function enabled on the interface Configuration Examples The following example shows how to set the relay destination address on the interface...

Страница 461: ...fastethernet 0 1 Ruijie config if ipv6 dhcp server pool1 Related Commands Command Description ipv6 dhcp pool Set the DHCPv6 pool show ipv6 dhcp pool Show the DHCPv6 pool information Platform Descripti...

Страница 462: ...orm of this command to remove the local prefix pool prefix delegation pool poolname lifetime valid lifetime preferred lifetime no prefix delegation pool poolname Parameter Description Parameter Descri...

Страница 463: ...DHCPv6 pool ipv6 local pool Set a local prefix pool prefix delegation Statically bind the client with the address prefix show ipv6 dhcp pool Show the DHCPv6 pool information Platform Description N A...

Страница 464: ...NA address binding information are shown If the ipv6 address is specified the binding information for the specified address is shown Configuration Examples Ruijie show ipv6 dhcp binding Client DUID 00...

Страница 465: ...Use this command to show the DHCPv6 interface information show ipv6 dhcp interface interface name Parameter Description Parameter Description interface name Set the interface name Defaults N A Comman...

Страница 466: ...the specified interface information is shown Configuration Examples Ruijie show ipv6 dhcp pool DHCPv6 pool dhcp pool DNS server 2011 1 1 DNS server 2011 1 2 Domain name example com Related Commands Co...

Страница 467: ...information of all relay client Ruijie show ipv6 dhcp relay destination all Interface Vlan1 enable relay port Destination address es Output Interface 3001 2 FF02 1 2 the specified address Vlan2 the s...

Страница 468: ...RECONFIGURE 0 REPLY 8 RELAY FORWARD 8 RELAY REPLY 0 Related Commands Command Description clear ipv6 dhcp relay statistics Clear the statistical information Platform Description N A show ipv6 dhcp ser...

Страница 469: ...received 0 Relay forward received 0 Information request received 0 Unknown message type received 0 Error message received 0 DHCPv6 packet sent 0 Advertise sent 0 Reply sent 0 Relay reply sent 0 Send...

Страница 470: ...wing example enables the DNS domain name resolution function Ruijie config ip domain lookup Related commands Command Description show hosts Show the DNS related configuration information ip host Use t...

Страница 471: ...ipv6 address The IPv6 address of the domain name server Default configuration N A Command mode Global configuration mode Usage guidelines Add the IP address of the DNS server Once this command is exe...

Страница 472: ...00 20 1 12 Related commands Command Description show hosts Show the DNS related configuration information clear host Use this command to clear the dynamically learned host name in the privileged user...

Страница 473: ...e Usage guidelines Show the DNS related configuration information Examples Ruijie show hosts Name servers are 192 168 5 134 static Host type Address TTL sec switch static 192 168 5 243 www ruijie com...

Страница 474: ...tion during FTP server operation Examples The following example shows how to enable outputting the debugging messages in the FTP Server Ruijie debug ftpserver FTPSRV_DEBUG RECV SYST FTPSRV_DEBUG REPLY...

Страница 475: ...ent only Ruijie config ftp server topdir syslog Ruijie config ftp server enable The following example shows how to disable the FTP Server Ruijie config no ftp server enable ftp server password Use thi...

Страница 476: ...encrypted password is generated by plain text password encryption and its format must comply with the encryption specification If the encrypted password is used for the setting the client must use th...

Страница 477: ...to the files on the FTP server with the top directory correctly specified Without this command configured FTP client fails to access to any file or directory on the FTP server Examples The following e...

Страница 478: ...he following example shows how to set the session idle timeout as 5m Ruijie config ftp server timeout 5 The following example shows how to restore the session idle timeout to the default value 30m Rui...

Страница 479: ...pass the identity verification if the username is removed Examples The following example shows how to set the username as user Ruijie config ftp server username user The following example shows how to...

Страница 480: ...the related status information of the FTP server Ruijie show ftp server ftp server information enable Y topdir timeout 20min username config Y password config Y type BINARY control connect Y ftp serv...

Страница 481: ...e than 32 bytes The password does not contain dot at sign slash and space This parameter is mandatory dest address IP address of the FTP server remote directory Name of the optional directory on the F...

Страница 482: ...ass 192 168 23 69 root remote file Related Commands Command Description copy tftp Uses TFTP to transfer files Platform Description default ftp client Use the default ftp client command to restore the...

Страница 483: ...mode for the specified VRF Defaults The default FTP transfer mode is binary Command Modes Global configuration mode Usage Guidelines This command sets the file transfer mode to the text ASCII mode Ex...

Страница 484: ...Description ftp client source address Use the ftp client source address command to configure the source address of the FTP client for transmitted FTP packets Use the no form of this command to remove...

Страница 485: ...ge Guidelines This command configures a source IP address for a client to connect to the server Examples Set the active mode for FTP connection Ruijie config ftp client source address 192 168 23 236 R...

Страница 486: ...dress length Specifies the length of the packet to be sent times Specifies the number of packets to be sent seconds Specifies the timeout time data Specifies the data to fill in seconds Specifies the...

Страница 487: ...server firstly For the concrete configuration refer to the DNS Configuration section Examples The example below shows the ordinary ping Ruijie ping 192 168 5 1 Sending 5 100 byte ICMP Echoes to 192 1...

Страница 488: ...ping ipv6 are also available For the ordinary functions of ping ipv6 five packets of 100Byte in length are sent to the specified IP address within the specified period 2s by default If response is rec...

Страница 489: ...to be sent source Specifies the source IPv4 address or the source interface The loopback interface address for example 127 0 0 1 is not allowed to be the source address seconds Specifies the timeout t...

Страница 490: ...msec 12 msec 16 msec 4 5 61 154 8 129 12 msec 28 msec 12 msec 6 61 154 8 17 8 msec 12 msec 16 msec 7 61 154 8 250 12 msec 12 msec 12 msec 8 218 85 157 222 12 msec 12 msec 12 msec 9 218 85 157 130 16 m...

Страница 491: ...route ipv6 ip address probe number timeout seconds ttl minimum maximum Parameter description Parameter Description Ipv6 address Specifies an IPv6 address number Specifies the number of probe packets t...

Страница 492: ...ays 1 4 and the spent time are displayed Such information is helpful for network analysis 2 When some gateways in the network fail Ruijie traceroute ipv6 3004 1 press Ctrl C to break Tracing the route...

Страница 493: ...ts sent and received on the interface Use the no form of this command to remove the configuration ip tcp adjust mss max segment size no ip tcp adjust mss Parameter description Parameter Description ma...

Страница 494: ...o the MSS value configured on the interface It is suggested to configure the same value on the ingress interface and egress interface or else the MSS option of SYN packets going through the device wil...

Страница 495: ...sending the reset packet when the port unreachable packet is received Use the no form of this command to remove the configuration ip tcp not send rst no ip tcp not send rst Parameter description Param...

Страница 496: ...Global configuration mode Usage guidelines Based on the RFC1191 the TCP path mtu function improves the network bandwidth utilization and data transmission when the user uses TCP to transmit the data...

Страница 497: ...ault Settings 20 seconds Command mode Global configuration mode Usage guidelines If there is SYN attack in the network reducing the SYN timeout value can prevent resource consumption but it takes no e...

Страница 498: ...of receiving buffer will provide notable TCP transmission performance The sending buffer is utilized to buffer the data of application program Each byte in the buffer has its sequence number and byte...

Страница 499: ...connect tcp connect status TCB Local Address Foreign Address State cf25000 0 0 0 0 2650 0 0 0 0 0 LISTEN c441000 0 0 0 0 23 0 0 0 0 0 LISTEN c441800 1 1 1 1 23 1 1 1 2 64201 ESTABLISHED c444cc0 23 0...

Страница 500: ...session CLOSED The session has been closed LISTEN Listening state SYNSENT In the three way handshake phase when the SYN packets have been sent out SYNRCVD In the three way handshake phase when the SY...

Страница 501: ...packet is received TIMEWAIT The FIN packet sent by the local end has been acknowledged and the local end has also acknowledged the FIN packet Related commands Command Description show tcp pmtu Use th...

Страница 502: ...212 23 23 is the port number Foreign Address The remote address and the port number The number after the last is the port number For example 2002 2 23 and 192 168 195 212 23 23 is the port number PMTU...

Страница 503: ...v4 listen on 23 have total 1 connections Tcpv6 listen on 23 have connections TCB Foreign Address Port State c429980 3000 2 64572 ESTABLISHED Tcpv6 listen on 23 have total 1 connections The following t...

Страница 504: ...ocal end has been acknowledged CLOSEWAIT The local end has received the FIN packet from the peer end LASTACK The local end has received the FIN packet from the peer end and then sent out its FIN packe...

Страница 505: ...CLI Reference TCP Configuration Commands Related commands Command Description...

Страница 506: ...ets matching to this route Broadcast the packets in the virtual LAN also called as flooding or drop the packets Broadcom chips do not support the flooding while the Marvell chips do By default the chi...

Страница 507: ...ware forwarding table with the software forwarding table Currently there is no solution to the hardware hash bucket collision ip ref synchronize all Parameter Description Parameter Description Default...

Страница 508: ...ion Default configuratio n None Command mode Privilege mode Usage guide This command can be used to display current packet statistics of REF Configuratio n examples Ruijie show ip ref statistic inform...

Страница 509: ...face_number Parameter Description Parameter Description glean Gleans the adjacent nodes local Local adjacent nodes ip IP of the next hop interface_type Specifies the type of interface interface_number...

Страница 510: ...next_hop mac interface forward_adj 192 168 17 1 0000 2004 094f FastEthernet 1 1 Example 3 Display the adjacent node information associated with the specified IP Ruijie show ip ref adjacency 192 168 1...

Страница 511: ...lt Specifies default route ip Specifies the destination IP address of route mask Specifies the route mask Default configuratio n None Command mode Privileged EXEC mode Usage guide Display the related...

Страница 512: ...ard_adj 192 168 17 1 0000 2004 094f FastEthernet 1 1 Example 3 Display all the routing information matching the IP MASK in the REF table Ruijie show ip ref route 192 168 17 0 255 255 255 0 IP MASK s r...

Страница 513: ...CLI Reference IPv4 REF Configuration Commands Platform description N A Command history Version Description...

Страница 514: ...IP Routing Configuration Commands 1 IP Routing Configuration Commands...

Страница 515: ...static route distance Optional The management distance of the static route tag Optional The tag of the static route permanent Optional Permanent route ID disable enable Optional Disablement or enablem...

Страница 516: ...an Ethernet interface do not set the next hop as an interface for example ip route 0 0 0 0 0 0 0 0 Fastethernet 0 0 In this case the switch may consider that all unknown destination networks are dire...

Страница 517: ...r VoIP gateway The S2600 I series products support only the IPv4 or IPv6 static routes and IPv4 or IPv6 directly connected route Configure the static route to obtain the IPv4 or IPv6 static route Conf...

Страница 518: ...32 IPv4 static routes Examples The following example sets the upper threshold of the static routes to 10 and then restores the setting to the default value ip static route limit 10 no ip static route...

Страница 519: ...ent distance of the static route can enable route backup which is called floating route in this case The S2600 I series products support up to 16 IPv6 static routes The IPv6 static route supports only...

Страница 520: ...routes in the range of 1 to 16 Default configuration N A Command mode Global configuration mode Usage guidelines The goal is to control the number of static routes The S2600 I series products support...

Страница 521: ...static route takes no effect if the IPv6 routing function is disabled The S2600 I series products support only the IPv4 or IPv6 static routes and IPv4 or IPv6 directly connected route Configure the st...

Страница 522: ...tatistics of the routing table Default configuration All routes are displayed by default Command mode Privileged EXEC mode global configuration mode interface configuration mode routing protocol confi...

Страница 523: ...be C directly connected route S static route R RIP route B BGP route O OSPF route I IS IS route E2 Route type which may be E1 OSPF external route type 1 E2 OSPF external route type 2 N1 OSPF NSSA ext...

Страница 524: ...te weight distance metric weight S 23 0 0 0 8 1 0 2 via 192 1 1 20 S 172 0 0 0 16 1 0 4 via 192 0 0 1 show ipv6 route Use the command to display the configuration of the IPv6 routing table show ipv6 r...

Страница 525: ...OI OSPF inter area OE1 OSPF external type 1 OE2 OSPF external type 2 ON1 OSPF NSSA external type 1 ON2 OSPF NSSA external type 2 NOT in hardware forwarding table L 1 128 via Loopback local host C 10 6...

Страница 526: ...nternal route SU IS IS summary route L1 IS IS level 1 route L2 IS IS level 2 route ia IS IS area internal route 20 64 Network address and mask of the destination network 1 0 Manage metric Via 10 4 Nex...

Страница 527: ...Multicast Configuration Commands 1 IGMP Snooping Configuration Commands 2 MLD Snooping Configuration Commands...

Страница 528: ...mode In addition the profile must be applied to the interface in order to make the profile configuration take effect Examples The following is an example of deny the forwarding of the multicast strea...

Страница 529: ...he switch learns dynamically execute the ip igmp snooping dyn mr aging time command ip igmp snooping dyn mr aging time time no ip igmp snooping dyn mr aging time Parameter description Parameter Descri...

Страница 530: ...n the system will remove the corresponding multicast group on the corresponding interface upon the receipt of the IGMP leave message Examples The following example shows how to enable the fast leave f...

Страница 531: ...gabit port 0 1 Ruijie config interface fastEthernet 0 1 Ruijie config if ip igmp snooping filter 1 Related commands Command Description ip igmp profile Create a profile ip igmp snooping host aging tim...

Страница 532: ...lticast address yet in different VLANs the IGMP snooping function handles only the same group as that in the multicast address table GDA other multicast frames are forwarded Examples The following exa...

Страница 533: ...p snooping ivgl Enable igmp snooping and enter the IVGL mode ip igmp snooping limit ipmc To add a multicast source IP address check entry execute the ip igmp snooping limit ipmc command in the global...

Страница 534: ...groups To configure the maximum number of groups that can be added dynamically to this interface execute the ip igmp snooping max groups command in the interface configuration mode The no form of thi...

Страница 535: ...icast neighbor device with multicast routing protocol enabled By default the dynamic routing interface learning function is enabled You can use the no form of this command to disable this function and...

Страница 536: ...Command mode Global configuration mode Usage guidelines Apply the IGMP Profile to a multicast preview function When the user doesn t have access to the multicast streams namely the user might be filt...

Страница 537: ...alue is 60 seconds Command mode Global configuration mode Usage guidelines NA Examples The following example sets the multicast preview interval as 100 seconds on the 100M port of 0 1 Ruijie config ip...

Страница 538: ...escription Supported after release 10 4 3 ip igmp snooping querier address To enable the IGMP querier you also need to specify a source IP address for query packets Execute the global configuration co...

Страница 539: ...vlan querier address Enable the source IP check in VLAN Platform description Supported after release 10 4 3 ip igmp snooping querier max response time To configure the maximum response time advertise...

Страница 540: ...ify the interval for IGMP querier to send query packets execute the global configuration command of ip igmp snooping querier query interval Use no form of this command to restore the query interval to...

Страница 541: ...expiry Use no form of this command to restore to the default value ip igmp snooping querier timer expiry num no ip igmp snooping querier timer expiry Parameter description Parameter Description num No...

Страница 542: ...n Use no form of this command to restore to the default setting ip igmp snooping querier version num no ip igmp snooping querier Parameter description Parameter Description num IGMP version number 1 2...

Страница 543: ...f the switch does not receive the member join message in the specified time it considers that the member has left and then deletes the member This command lets you adjust the waiting time after receiv...

Страница 544: ...example shows how to enable the multicast source IP address check function and configure a default source IP address Ruijie config ip igmp snooping source check default server 192 168 4 243 Related c...

Страница 545: ...ooping suppression enable To enable IGMP snooping suppression execute the ip igmp snooping suppression enable command in the global configuration mode The no form of this command is used to disable IG...

Страница 546: ...snooping and enter the SVGL mode Ruijie config ip igmp snooping svgl Related commands Command Description ip igmp snooping ivgl Enable igmp snooping and enter the IVGL mode ip igmp snooping ivgl svgl...

Страница 547: ...ip igmp snooping svgl Enable igmp snooping and enter the SVGL mode ip igmp snooping ivgl svgl Enable igmp snooping and enter the hybrid mode ip igmp snooping svgl subvlan To specify the subvlan of mu...

Страница 548: ...ute the ip igmp snooping svgl vlan command in the global configuration mode The no form of this command restores the Shared VLAN to vlan 1 ip igmp snooping svgl vlan vid no ip igmp snooping svgl vlan...

Страница 549: ...nnel port the default VLAN of port A is VLAN 1 and packets from VLAN 1 and VLAN 10 can pass through port A When multicast requests of VLAN 10 are sent to port A IGMP Snooping will create the multicast...

Страница 550: ...his command is used to disable the igmp snooping ip igmp snooping vlan vid no ip igmp snooping vlan vid Parameter description Parameter Description vid VLAN ID Default Disabled Command mode Global con...

Страница 551: ...nterface ID Default N A Command mode Global configuration mode Usage guidelines When the source port check function is enabled only the multicast flows from the routing interface are forwarded and oth...

Страница 552: ...p Related commands Command Description ip igmp snooping mrouter learn pim dvmrp Enable the dynamic routing interface learning function on the multicast routing port globally ip igmp snooping vlan quer...

Страница 553: ...n querier address Use no form of this command to remove the source IP address configured ip igmp snooping vlan vid querier address a b c d no ip igmp snooping vlan vid querier address Parameter descri...

Страница 554: ...LAN execute the global configuration command of ip igmp snooping vlan querier max response time Use no form of this command to restore to the default value ip igmp snooping vlan vid querier max respon...

Страница 555: ...rval Use no form of this command to restore the query interval to the default value ip igmp snooping vlan vid querier query interval num no ip igmp snooping vid querier query interval Parameter descri...

Страница 556: ...igmp snooping vlan vid querier timer expiry num no ip igmp snooping vlan vid querier timer expiry Parameter description Parameter Description vid VLAN ID num Non querier expiration timer 60 300 unit s...

Страница 557: ...form of this command to restore to the default setting ip igmp snooping vlan vid querier version num no ip igmp snooping vlan vid querier Parameter description Parameter Description vid VLAN ID num IG...

Страница 558: ...ast IP address interface type interface name Interface name Default By default no static member ports are configured Command mode Global configuration mode Usage guidelines Multiple multicast IP addre...

Страница 559: ...the range of multicast streams execute the range command in the profile configuration mode You can specify either a single multicast address or a range of multicast addresses Use the no form of the c...

Страница 560: ...debug switch The no form of this command closes debug switch debug igmp snp debug igmp snp event debug igmp snp packet debug igmp snp msf debug igmp snp warning undebug igmp snp undebug igmp snp even...

Страница 561: ...les Ruijie config if show ip igmp profile Profile 1 Permit range 224 0 1 0 239 255 255 255 show ip igmp snooping Use this command to show related information of igmp snooping show ip igmp snooping gda...

Страница 562: ...s The following example demonstrates how to process 100 multicast group on the interface fa0 1 Ruijie config if ip igmp snooping gda table Abbr M mrouter D dynamic S static VLAN Address Member ports 1...

Страница 563: ...n profile number Set the profile number The valid range is 1 1024 Default Settings N A Command mode Global configuration mode Usage guidelines MLD Profile is the group filter for the usage of the mult...

Страница 564: ...ed range Default Settings N A Command mode Profile configuration mode Usage guidelines The value of low ipv6 address shall be smaller than the one of high ipv6 address With the address range configure...

Страница 565: ...elated commands Command Description ipv6 mld profile Create one profile range Set the multicast address range permit Set the profile action permit permit Use this command to allow the multicast flow p...

Страница 566: ...scription Parameter Description Default Settings Disabled Command mode Global configuration mode Usage guidelines In this mode the multicast flow between the VLANs are independent The host can only re...

Страница 567: ...rt of this multicast address even if some member ports don t belong to the Shared VLAN In the SVGL mode use the MLD profile to allocate a batch of multicast address range within which the member port...

Страница 568: ...That is to say the member port of the multicast forwarding entry can be forwarded across the VLANs while the member ports of the corresponding multicast forwarding entries within other multicast addr...

Страница 569: ...same VLAN Examples The following example shows how to enable the mld snooping and set the ivgl svgl mode the specified profile1 group address belongs to the SVGL application range Ruijie config ipv6...

Страница 570: ...LD general query packet Use the no form of this command to restore it to the default value ipv6 mld snooping query max response time time no ipv6 mld snooping query max response time Parameter descrip...

Страница 571: ...mld snooping function for the specified vlan Use the no form of this command to disable this function ipv6 mld snooping vlan vid no ipv6 mld snooping vlan vid Parameter description Parameter Descript...

Страница 572: ...interface on the layer 2 multicast device Those multicast flow through the non mroute interface are invalid and will be discarded With the source port check function enabled use the dynamically learne...

Страница 573: ...fastEthernet 0 1 Related commands Command Description ipv6 mld snooping source check port Set the multicast source port check ipv6 mld snooping vlan static interface Use this command to set a static...

Страница 574: ...tion mode Use the no form of this command to disable this function ipv6 mld snooping fast leave enable no ipv6 mld snooping fast leave enable Parameter description Parameter Description Default Settin...

Страница 575: ...ast group to the layer 3 device but not the other MLD Report packets in the same IPv6 multicast group reducing the packet number in the network This command is used to enable the IPv6 MLD snooping sup...

Страница 576: ...te interface are illegal and discarded This command is used to enabled the source port check globally Once this function is enabld all multicast flow must come from the mroute interface or they ll be...

Страница 577: ...group allowed to join the interface dynamically in the interface configuration mode Use the no form of this command to cancel the limit ipv6 mld snooping max groups number no ipv6 mld snooping max gro...

Страница 578: ...information learned dynamically Examples The following example shows how to clear the forwarding table information learned dynamically Ruijie clear ipv6 mld snooping gda table debug mld snp Use this c...

Страница 579: ...terface statistics Show the snooping statistics vlan vlan id Show the snooping information of the specified vlan Default Settings N A Command mode Privileged EXEC mode Usage guidelines Use this comman...

Страница 580: ...le and all member ports information of one multicast group Ruijie show ipv6 mld snooping gda table Abbr M mrouter D dynamic S static VLAN Address Member ports 1 FF88 1 GigabitEthernet 0 7 S The follow...

Страница 581: ...Command mode Privileged EXEC mode Usage guidelines Use this command to show the related MLD profile configurations Examples The following example shows the MLD profile configurations Ruijie show ipv6...

Страница 582: ...s 7 GSN Configuration Commands 8 Port based Flow Control Configuration Commands 9 CPU Protection Configuration Commands 10 DoS Protection Configuration Commands 11 DHCP Snooping Configuration Commands...

Страница 583: ...character string method It must be one of the keywords listed in the following table One method list can contain up to four methods Keyword Description local Use the local user name database for authe...

Страница 584: ...cation enable default list name method1 method2 no aaa authentication enable default Parameter description Parameter Description default When this parameter is used the following defined authenticatio...

Страница 585: ...Define a local user database aaa authentication login Use this command to enable AAA Login authentication and configure the Login authentication method list The no form of this command is used to del...

Страница 586: ...s used for authentication If the RADIUS security server does not respond the local user database is used for authentication Ruijie config aaa authentication login list 1 group radius local Related com...

Страница 587: ...d can be used for authentication only when the current method does not work Examples The following example defines an AAA PPP authentication method list named rds_ppp In the authentication method list...

Страница 588: ...ine is ineffective till it is defined Examples The following example defines an AAA Login authentication method list named list 1 In the authentication method list first the local user database is use...

Страница 589: ...Usage guidelines RGOS supports authorization of the commands executed by the users When the users input and attempt to execute a command AAA sends this command to the security server This command is t...

Страница 590: ...mmands in the non configuration mode for example privileged EXEC mode you can use the no form of this command to disable the authorization function in the configuration mode and execute the commands i...

Страница 591: ...rization console Related commands Command Description aaa new model Enable the AAA security service aaa authorization commands Define the AAA command authorization authorization commands Apply the com...

Страница 592: ...entication function has been enabled It can not enter the CLI if it fails to enable the aaa authorization exec You must apply the exec authorization method to the terminal line otherwise the configure...

Страница 593: ...and SLIP If authorization is configured all the authenticated users or interfaces will be authorized automatically Three different authorization methods can be specified Like authorization the next m...

Страница 594: ...lines Once the default command authorization method list has been configured it is applied to all terminals automatically Once the non default command authorization method list has been configured it...

Страница 595: ...e Line configuration mode Usage guidelines Once the default execauthorization method list has been configured it is applied to all terminals automatically Once the non default command authorization me...

Страница 596: ...h command level is executed default When this parameter is used the following defined method list is used as the default method for command accouting list name Name of the command accouting method lis...

Страница 597: ...nt the network access fees or manage user activities The no form of this command is used to disable the accounting function aaa accounting exec default list name start stop method1 method2 no aaa acco...

Страница 598: ...network service requests from users using RADIUS and sends the accounting messages at the start and end time of access Ruijie config aaa accounting network start stop group radius Related commands Com...

Страница 599: ...s The following example performs accounting of the network service requests from users using RADIUS and sends the accounting messages at the start and end time of access Ruijie config aaa accounting n...

Страница 600: ...s command to set the interval of sednign the accounting update message The no form of this command is used to restore it to the default value aaa accounting update periodic interval no aaa accounting...

Страница 601: ...nds list name Use a defined command accouting method list Default Disabled Command mode Line configuration mode Usage guidelines Once the default command accouting method list has been configured it i...

Страница 602: ...list name Use a defined Exec accouting method list Default Disabled Command mode Line configuration mode Usage guidelines Once the default exec accouting method list has been configured it is applied...

Страница 603: ...ied domain Default No domain is configured Command mode Global configuration mode Usage guidelines Use this command to configure the domain name based AAA service The default is to configure the defau...

Страница 604: ...A service configuration enable this service Examples The following example enables the domain name based AAA service Ruijie config aaa domain enable Related commands Command Description aaa new model...

Страница 605: ...level username Define a local user database accounting network Use this command to configure the Network accounting list The no form of this command is used to remove the setting accounting network d...

Страница 606: ...tting authentication dot1x default list name no authentication dot1x Parameter description Parameter Description default Use this parameter to specify the default method list list name The name of the...

Страница 607: ...list name The name of the specified method list Default With no method list specified if users send the request the device will attempt to specify the default method list for users Command mode Domain...

Страница 608: ...ormation will be displayed Examples The following example shows the domain named domain com Ruijie config show aaa domain domain com Domain domain com State Active Username format Without domain Acces...

Страница 609: ...Related commands Command Description aaa new model Enable the AAA security service aaa domain enable Enable the domain name based AAA service show aaa domain enable Show the domain configuration usern...

Страница 610: ...rvice show aaa domain Show the domain configuration aaa group server Use this command to configure the AAA server group The no form of this command is used to delete the server group aaa group server...

Страница 611: ...f_name VRF name Default Configuration N A Command mode Server group configuration mode Usage guidelines This command selects VRF for the specified server groups Examples The following example selects...

Страница 612: ...ode Server group configuration mode Usage guidelines Add a server to the specified server group The default value is used if no port is specified Examples The following example adds a server to the se...

Страница 613: ...oups configured for AAA Ruijie show aaa group Group Name ss Group Type radius Referred 2 Server List IP Address 192 168 217 64 Authentication Port 1812 Accounting Port 1813 Referred 1 Related commands...

Страница 614: ...ommand to configure the length of lockout time when the login user has attempted for more than the limited times aaa local authentication lockout time lockout time Parameter description In the range o...

Страница 615: ...If AAA is not enabled none of the AAA commands can be configured Examples The following example shows how to enable the AAA security service Ruijie config aaa new model Related commands Command Descri...

Страница 616: ...nfiguration of the switch show aaa lockout Show the lockout configuration parameter of current login debug aaa Use this command to turn on the AAA service debugging switch The no form of this command...

Страница 617: ...ccounting network default start stop group radius Authorization method list aaa authorizating network default group radius Related commands Command Description aaa authentication Define a user authent...

Страница 618: ...ence AAA Configuration Commands Related commands Command Description show running config Show the current configuration of the switch show aaa lockout Show the lockout configuration parameter of curre...

Страница 619: ...ined on the RADIUS server use this command to set the source IP address of the RADIUS packet This command uses the first IP address of the specified interface as the source IP address of the RADIUS pa...

Страница 620: ...Some RADIUS security servers mainly used to 802 1x authentication may identify the IETF format only In this case the RADIUS Calling Station ID attribute shall be set as the IETF format type Examples T...

Страница 621: ...test username name Optional Enable the active detection to the RADIUS security server and specify the username used by the active detection idle time time Optional Set the interval of sending the test...

Страница 622: ...er host in the IPv6 environment Ruijie config radius server host 3000 100 Related commands Command Description aaa authentication Define the AAA authentication method list radius server key Define a s...

Страница 623: ...cket retransmissions radius server timeout Define the timeout for the RADIUS packet radius server retransmit Use this command to configure the number of packet retransmissions before the device consid...

Страница 624: ...e to wait for a response from the security server after retransmitting the RADIUS packet The no format of this command is used to restore it to the default setting radius server timeout seconds no rad...

Страница 625: ...t from the Radius server within the specified time the Radius server is considered to be unreachable The value is in the range of 1s to 120s tries number Configure the successive timeout times When se...

Страница 626: ...in minutes when the device stops sending any requests to the unreachable Radius server The value is in the range of 1 min to 1440 min 24h Default The default value of minutes is 0 min that is the devi...

Страница 627: ...1 to 255 type Private attribute type Default Only the default configuration of private attributes in Ruijie is recognized id Function Type 1 max down rate 1 2 qos 2 3 user ip 3 4 vlan id 4 5 version t...

Страница 628: ...me 2 13 14 file name 3 14 15 file name 4 15 16 max up rate 75 17 version to server 17 18 flux max high32 18 19 flux max low32 19 20 proxy avoid 20 21 dailup avoid 21 22 ip privilege 22 23 login privil...

Страница 629: ...l configuration mode Usage guidelines Set the qos value sent by the RADIUS server as the cos value and the dscp value by default Examples The following example sets the qos value sent by the RADIUS se...

Страница 630: ...nfigure vendor type radius set qos cos Set the qos value sent by the RADIUS server as the cos value of the interface debug radius Use this command to turn on the RADIUS debugging switch The no form of...

Страница 631: ...P 192 168 4 13 Accounting Port 45 Authen Port 74 Test Username Not Configured Test Idle Time 60 Minutes Test Ports Authen and Accounting Server State Active Current duration 765s previous duration 0s...

Страница 632: ...eadtime 0 Minute Server Retries 3 Server Dead Critera Time 10 Seconds Tries 10 Related commands Command Description radius server host Define the RADIUS security server radius server retransmit Define...

Страница 633: ...vlan id 4 5 last supplicant vers 5 ion 6 net ip 6 7 user name 7 8 password 8 9 file directory 9 10 file count 10 11 file name 0 11 12 file name 1 12 13 file name 2 13 14 file name 3 14 15 file name 4...

Страница 634: ...Description radius server host Define the RADIUS security server radius server retransmit Define the number of RADIUS packet retransmissions radius server key Define a shared password for the RADIUS...

Страница 635: ...age guidelines By dividing TACACS servers into several groups the tasks of anthentication authorization and accounting can be implemented by different server groups Examples The following example conf...

Страница 636: ...oup servers when one server does not reply it will send the request to the next server Examples The following example configures a TACACS server group named tac1 and a TACACS server address 1 1 1 1 in...

Страница 637: ...vpn1 Related commands Command Description aaa group server tacacs Configure TACACS server group server Configure server list of TACACS server group ip tacacs source interface Use this command to conf...

Страница 638: ...interface tacacs server host Use this command to configure IP address of TACACS server host tacacs server host ip address ipv6 address port integer timout integer key string no tacacs server host ip...

Страница 639: ...description Parameter Description string Text of shared password 0 7 Encryption type of password 0 indicates no encryption 7 indicates being simply encrypted Default Configuration No specified shared...

Страница 640: ...er Description seconds Timeout time s in the range 1 to 1000s Default Configuration 5s Command mode Global configuration mode Usage guidelines Use this command to adjust the timeout time of reply pack...

Страница 641: ...mand to show the interoperation condition with each TACACS server show tacacs Parameter description N A Default configuration N A Command mode Privileged EXEC mode Usage guidelines Use this command to...

Страница 642: ...CLI Reference TACACS Configuration Commands host...

Страница 643: ...Only addresses in this table can be authenticated by 802 1X Use the show dot1x auth address table command to show the authentication address table Configuration Examples The following example shows h...

Страница 644: ...st on an interface and use the group radius for authentication Ruijie configure terminal Ruijie config aaa new model Ruijie config aaa authentication dot1x default group radius Ruijie config interface...

Страница 645: ...ng Platform Description dot1x auth fail vlan Use this command to set the 802 1X authentication failure VLAN dot1x auth fail vlan vid no dot1x auth fail vlan vid Parameter Description Parameter Descrip...

Страница 646: ...lts EAP MD5 mode Command Mode Global configuration mode Usage Guide Use the show dot1x command to show the 802 1X setting Configuration Examples This example shows how to set the 802 1X authentication...

Страница 647: ...uto Req Enabled User Detect Enabled Packet Num 0 Req Interval 30 Second Related Commands Command Description show dot1x auto req The command is used to show the setting of the active authentication fu...

Страница 648: ...to show the setting of the active authentication function Platform Description dot1x auto req req interval Use this command to set the interval of sending authentication request messages Use the no f...

Страница 649: ...req user detect no dot1x auto req user detect Parameter Description Defaults Enabled Command Mode Global configuration mode Usage Guide This command is used to cease sending authentication request mes...

Страница 650: ...ion for the client Configuration Examples The following example shows to how to enable the online probe function for the client Ruijie configure terminal Ruijie config dot1x client probe enable Ruijie...

Страница 651: ...e are other authentication methods in the 802 1x authentication method list in addition to the RADIUS authentication method the IAB function will not be enabled Such as the aaa authentication dot1x de...

Страница 652: ...CLI Reference 802 1X Configuration Commands Ruijie config if end...

Страница 653: ...naccessible authentication bypass function is enabled on the interface due to the server failure when the RADIUS server recovers the identities of all the users who have been authorized through the in...

Страница 654: ...ction is disabled the port will not switch to the VLAN after IAB is enabled Configuration Examples Ruijie configure terminal Enter configuration commands one per line End with CNTL Z Ruijie config int...

Страница 655: ...tion Defaults Disabled Command Mode Global configuration mode Usage Guide Use the show dot1x dynamic vlan command to view the setting of 802 1X Configuration Examples The following example shows how t...

Страница 656: ...and is used to view the 802 1x setting Platform Description dot1x guest vlan Use this command to set whether to allow guest vlan jump Use the no form of the command to disable the function dot1x guest...

Страница 657: ...on Commands Configuration Examples The following example shows how to set 802 1x guest vlan jumping Ruijie configure terminal Ruijie config interface gigabitEthernet 4 5 Ruijie config if dot1x guest v...

Страница 658: ...Examples The following example shows how to set the 802 1x MAC bypass authentication Ruijie configure terminal Ruijie config interface fa 0 1 Ruijie config dot1x mac auth bypass Ruijie config end Ruij...

Страница 659: ...s Command Description show dot1x port control interface The command is used to show the interface s 802 1x information Platform Description dot1x mac auth bypass violation Use this command to set the...

Страница 660: ...f the command to restore the default setting dot1x mac move permit no dot1x mac move permit Parameter Description Defaults Disabled Command Mode Global configuration mode Usage Guide With this functio...

Страница 661: ...mmand to set the maximum number of authentication requests sent to the server Use the no form of the command to restore the default setting dot1x max req count no dot1x max req Parameter Description P...

Страница 662: ...to allow users to change usernames Use the no form of this command to restore the default setting dot1x multi account enable no dot1x multi account enable Parameter Description Defaults Switching to o...

Страница 663: ...Command Description show dot1x The command is used to view the 802 1x setting Platform Description dot1x port control mode By default 802 1x controls users by controlling their MACs and only authenti...

Страница 664: ...default user limit is configured for a port when single host is adopted only one user can to use the network regardless of the parameter Configuration Examples Example 1 shows how to set the port to p...

Страница 665: ...ijie config dot1x private supplicant only Ruijie config end Ruijie Related Commands Command Function show dot1x private supplicant only The command is used to view the setting Platform Description dot...

Страница 666: ...nd Ruijie show dot1x probe timer Hello Interval 30 Seconds Hello Alive 120 Seconds Related Commands Command Description Show dot1x probe timer It shows the client probe timer s configuration Platform...

Страница 667: ...imum Request 3 times Filter Non RG Supp Disabled Client Oline Probe Disabled Eapol Tag Enable Disabled Authorization Mode Group Server Related Commands Command Description show dot1x It is used to sho...

Страница 668: ...et Timer Period 1000 sec Tx Timer Period 10 sec Supplicant Timeout 10 sec Server Timeout 10 sec Re authen Max 5 times Maximum Request 3 times Filter Non RG Supp Disabled Client Oline Probe Disabled Ea...

Страница 669: ...out quiet period Use this command to set the time in seconds for a device to wait for re authentication after the authentication failure for example wrong authentication password Use the no form of th...

Страница 670: ...es Filter Non RG Supp Disabled Client Oline Probe Disabled Eapol Tag Enable Disabled Authorization Mode Group Server Related Commands Command Description show dot1x It is used to view the 802 1x setti...

Страница 671: ...Filter Non RG Supp Disabled Client Oline Probe Disabled Eapol Tag Enable Disabled Authorization Mode Group Server Related Commands Command Description show dot1x It is used to view the 802 1x setting...

Страница 672: ...Period 1000 sec Quiet Timer Period 1000 sec Tx Timer Period 3 sec Supplicant Timeout 3 sec Server Timeout 10 sec Re authen Max 3 times Maximum Request 3 times Filter Non RG Supp Disabled Client Oline...

Страница 673: ...ween a device and applicants to 10s Ruijie configure terminal Ruijie config dot1x timeout supp timeout 10 Ruijie config end Ruijie show dot1x 802 1X Status Enabled Authentication Mode EAP MD5 Authed U...

Страница 674: ...command to view the 802 1X setting Configuration Examples The following example shows how to set the interval of re transmission to 10s Ruijie configure terminal Ruijie config dot1x timeout tx period...

Страница 675: ...authen Max 3 times Maximum Request 3 times Filter Non RG Supp Disabled Client Oline Probe Disabled Eapol Tag Enable Disabled Authorization Mode Group Server Ruijie Related Commands Command Description...

Страница 676: ...nsmission interval Platform Description show dot1x auth address table Use this command to display the table of 802 1Xaddresses that can be authenticated show dot1x auth address table address mac addr...

Страница 677: ...dot1x timeout quiet period It is used to set the waiting time for re authentication dot1x timeout re authperiod It is used to set the re authentication interval for an applicant dot1x timeout server t...

Страница 678: ...authentication times dot1x re authentication It is used to set whether periodic re authentication is required dot1x timeout quiet period It is used to set the waiting time for re authentication dot1x...

Страница 679: ...ication It is used to set whether periodic re authentication is required dot1x timeout quiet period It is used to set the waiting time for re authentication dot1x timeout re authperiod It is used to s...

Страница 680: ...ed to set a port to participate in authentication dot1x reauth max It is used to set the maximum number of applicant re authentication times dot1x re authentication It is used to set whether periodic...

Страница 681: ...equest re transmission times dot1x port control auto It is used to set a port to participate in authentication dot1x reauth max It is used to set the maximum number of applicant re authentication time...

Страница 682: ...cation request re transmission times dot1x port control auto It is used to set a port to participate in authentication dot1x reauth max It is used to set the maximum number of applicant re authenticat...

Страница 683: ...mission times dot1x port control auto It is used to set a port to participate in authentication dot1x reauth max It is used to set the maximum number of applicant re authentication times dot1x re auth...

Страница 684: ...ransmission times dot1x port control auto It is used to set a port to participate in authentication dot1x reauth max It is used to set the maximum number of applicant re authentication times dot1x re...

Страница 685: ...hentication mode dot1x max req It is used to set the maximum number of authentication request re transmission times dot1x port control auto It is used to set a port to participate in authentication do...

Страница 686: ...ut quiet period quiet period 60 sec Ruijie Related Commands Command Description dot1x auth mode It is used to set the 802 1x authentication mode dot1x max req It is used to set the maximum number of a...

Страница 687: ...summary Defaults Command Mode Privileged mode Usage Guide The command is used to view the information of a specific user Configuration Examples The following example shows how to view the information...

Страница 688: ...ntication times dot1x re authentication It is used to set whether periodic re authentication is required dot1x timeout quiet period It is used to set the waiting time for re authentication dot1x timeo...

Страница 689: ...shows how to enable the global client download function Ruijie configure terminal Ruijie config dot1x redirect Related Commands Command Description N A N A Platform Description N A http redirect This...

Страница 690: ...HTTP the access device redirects the user s access request in the client download page to guide the user to download install and authenticate the client Configuration Examples Example 1 Set the IP ad...

Страница 691: ...16 0 1 free of authentication Ruijie config http redirect direct site 172 16 0 1 Related Commands Command Description show http redirect View the HTTP redirection configuration Platform Description N...

Страница 692: ...n destination port http redirect port port num no http redirect port port num Parameter Description Parameter Description port num Destination port of the HTTP request Defaults The HTTP packets of use...

Страница 693: ...uthenticated user It is in the range of 1 to 255 port session num The maximum number of HTTP sessions that can be originated by an unauthenticated user connected to each port It is in the range of 1 t...

Страница 694: ...timeout for the redirection connection maintenance After the three way handshake succeeds the redirection connection is maintained until the user sends an HTTP GET HEAD packet and the system returns...

Страница 695: ...255 255 Off 192 168 5 140 255 255 255 255 Off 218 30 66 101 255 255 0 0 Off 218 30 66 101 255 255 255 255 Off Direct hosts Address Mask Port ARP Binding 192 168 1 1 255 255 255 255 Fa0 1 On Field Des...

Страница 696: ...the IP address of the authentication server http redirect direct site Set the network resources free of authentication http redirect homepage Set the address of the authentication homepage http redire...

Страница 697: ...host This command is used to display the users free of Web authentication show web auth direct host Parameter Description Parameter Description N A N A Defaults N A Command Mode Privileged EXEC mode U...

Страница 698: ...b auth port control Parameter Description Parameter Description N A N A Defaults N A Command Mode Privileged EXEC mode Usage Guide N A Configuration Examples Example 1 Display the authentication confi...

Страница 699: ...XEC mode Usage Guide N A Configuration Examples Example 1 Display the global Web authentication configuration and statistics Ruijie show web auth user Current user num 4 Address Online Time Limit Time...

Страница 700: ...e authenticated VLAN list The no form of this command is used to cancel the setting web auth allow vlan list no web auth allow vlan list Parameter Description Parameter Description list Set the VLAN l...

Страница 701: ...of authentication ip mask Mask of the IPv4 address free of authentication optional port interface name Bind user s IP address with a port of the access device optional arp If ARP CHECK is enabled on...

Страница 702: ...ser port is LinkDown and does not detect LinkUp in 60s it considers that the user is offline User traffic based check The user s traffic does not increase in 15 min the user is considered offline Meth...

Страница 703: ...mands Command Description http redirect Set the IP address of the authentication server http redirect homepage Set the address of the authentication homepage web auth port control Enable the Web authe...

Страница 704: ...n server http redirect homepage Set the address of the authentication homepage web auth portal key Set the communication key between the access device and the authentication server Platform Descriptio...

Страница 705: ...ange the interval at which the online user information is updated Configuration Examples Example 1 Set the interval at which the online user information is updated to 30s Ruijie config web auth update...

Страница 706: ...SSH2 can use it If only a DSA key is generated only SSH2 can use it A client only adopts either a DSA or an RSA public key algorithm to authenticate the server in one connection But different clients...

Страница 707: ...ter Description rsa Delete the RSA key dsa Delete the DSA key Defaults N A Command Mode Global configuration mode Usage Guide This command deletes the public key of the SSH Server After the key is del...

Страница 708: ...1 Or Ruijie disconnect ssh vty 1 Related Commands Command Description show ssh Show the information about the established SSH connection clear line vty line_number Disconnect the current VTY connecti...

Страница 709: ...tion Parameter Description retry times Authentication retry times in range of 0 to 5 Defaults The default authentication retry times are 3 Use the no ip ssh authentication retries command to restore t...

Страница 710: ...tion mode Usage Guide N A Configuration Examples The following example sets the associated RSA and DSA public key files of User Test Ruijie configure terminal Ruijie config ipssh peer test public key...

Страница 711: ...n of the SSH server Use the no form of this command to restore the default setting ip ssh version 1 2 no ipssh version Parameter Description Parameter Description 1 Support the SSH1 client connection...

Страница 712: ...how crypto key mypubkey rsa dsa Parameter Description Parameter Description rsa Show the RSA key dsa Show the DSA key Defaults N A Command Mode Privileged EXEC mode Usage Guide This command is used to...

Страница 713: ...ip ssh Related Commands Command Description ip ssh version 1 2 Configure the version for the SSH Server ip ssh time out time Set the authentication timeout for the SSH Server ip ssh authentication ret...

Страница 714: ...CLI Reference SSH Configuration Commands connection status and user name Configuration Examples Ruijie show ssh Related Commands Command Description N A N A Platform Description N A...

Страница 715: ...this command takes effect only after the GSN function is enabled Examples Ruijie config if security address bind enable Related commands Command Description security gsn enable Enable the global GSN...

Страница 716: ...unity public The following example shows how to set the v3 username to start Ruijie config security v3 user start security event interval Use this command to set the minimum interval of security event...

Страница 717: ...GSN Examples The following example shows how to enable GSN Ruijie config security gsn enable smp server host Use this command to configure the IP address for the corresponding smp server smp server ho...

Страница 718: ...jie show security event interval Event sending interval seconds 5 Related commands Command Description security event interval interval Configure the minimum interval of security event show smp server...

Страница 719: ...Examples Use the language chinese english command in the global configuration mode to switchover the Chinese English interface Related commands Command Description view gsn Show the main status and c...

Страница 720: ...ts Use show running config to display configuration Examples Ruijie config protected ports route deny Related commands Command Description show running config Show whether the route deny between prote...

Страница 721: ...storms A device can implement the storm suppression to a broadcast a multicast or a unicast storm respectively When excessive broadcast multicast or unknown unicast packets are received the switch tem...

Страница 722: ...Description show interfaces Show the interface information Platform description For S32 and S37 series the cross device protected ports are not supported ACL shall not be installed under the protected...

Страница 723: ...his example shows how to enable port security on interface gigabitethernet 1 1 and the way to deal with violation is shutdown Ruijie config interface gigabitethernet 1 1 Ruijie config if switchport po...

Страница 724: ...Ruijie config if switchport port security aging static Related commands Command Description show port security Show port security settings switchport port security binding Use this command to configu...

Страница 725: ...ity settings switchport port security Enable the port security switchport port security binding interface Configure the secure address binding in the privileged EXEC mode Switchport port security mac...

Страница 726: ...2 168 1 100 on the interface g 0 10 Ruijie config switchport port security binding interface g 0 10 192 168 1 100 2 This example shows how to bind the IP address 192 168 1 100 and MAC address 00d0 f80...

Страница 727: ...port Default configuration N A Command mode Interface configuration mode Usage guidelines N A Examples The example below describes how to configure a static secure address 00d0 f800 5555 with VID 2 f...

Страница 728: ...n id is only supported on the TRUNK port Default configuration N A Command mode Privileged EXEC mode Usage guidelines N A Examples The example below describes how to configure a static secure address...

Страница 729: ...address vlan id Vlan ID of the MAC address Note the configuration of vlan id is only supported on the TRUNK port Default configuration The Sticky MAC address learning is disabled by default Command m...

Страница 730: ...witchport port security maximum value no switchport port security maximum Parameter description Parameter Description value Maximum number of the secure address in the range of 1 to 128 Default config...

Страница 731: ...able the port IP address number limit nac author user maximum value no nac author user maximum Parameter description Parameter Description value The limited IP address number in the range of 1 to 1024...

Страница 732: ...w nac author user Related commands Command Description nac auth user maximum value Set the limited number of port IP address show port security Use this command to show port security settings show por...

Страница 733: ...lation switchport port security aging Specify the aging time for the secure address on the interface switchport port security mac address Configure the secure address table show storm control Use this...

Страница 734: ...ttl error hop limit local telnet local snmp local http local tftp local other ipv4 uc ipv6 uc mld ns other traffic class traffic class num Parameter description Parameter Description traffic class nu...

Страница 735: ...4 Known_ mc 1 Unknown_ mc 1 Broadcast 0 Error_ttl 0 Route 5 RIPv1 5 IPv4 ctrl 5 MLD 3 Error_Hop_Limit 0 IPv6 ctrl 5 Route6 5 Other 0 For the S5760 series Packet Type Queue ID BPDU 6 ARP 5 TPP 6 802 1...

Страница 736: ...MLD 3 NS 5 Other 0 Command mode Global configuration mode Examples The following example sets the traffic class for the BPDU packet Ruijie config cpu protect type bpdu traffic class 5 Ruijie config en...

Страница 737: ...te for the queue in the range of 32 131072kbps Default For S2900 series and S5760 series the default bandwidth of the queue 7 is 100000kbps and other queues is 1000kbps For S3760 series the default ba...

Страница 738: ...series the default bandwidth of the queue 7 is 100000kbps and other queues is 1000kbps For S3760 series the default bandwidth of all queues is 1000kbps Command mode Global configuration mode Examples...

Страница 739: ...ation mode Examples The following example sets the maximum rate for the CPU port as 2000kbps Ruijie configure terminal Ruijie config cpu protect cpu bandwidth 2000 Ruijie config end Ruijie show cpu pr...

Страница 740: ...nable 3000 Ruijie config end Ruijie show cpu protect mac address storm control MAC address storm control state enable MAC address storm control rate 3000 address second Caution This command is not sup...

Страница 741: ...rate for all queues show cpu protect cpu Show the maximum rate for CPU port show cpu protect traffic class id id_num Use this command to show the maximum rate for each queue show cpu protect traffic...

Страница 742: ...otect traffic class all Command mode Privileged EXEC mode Usage guidelines This command shows the maximum rate for all queues Examples The following example shows the maximum rate for all queues Ruiji...

Страница 743: ...ue for each packet type show cpu protect traffic class id id_num Show the maximum rate for each queue id_num valid range is 0 7 show cpu protect traffic class all Show the maximum rate for all queues...

Страница 744: ...CLI Reference CPU Protection Configuration Commands Caution This command is not supported on S3760 series...

Страница 745: ...configuration mode Usage guidelines N A Examples The following example shows how to enable the anti attack of the self consumption Ruijie config ip deny invalid l4port The following example shows how...

Страница 746: ...ts Ruijie config ip deny invalid tcp The following example shows how to disable the anti attack of the invalid TCP packets Ruijie config no ip deny invalid tcp Related commands Command Description sho...

Страница 747: ...command to enable the ingress filtering to defend against DoS attack Use the no form of this command to disable this function ip deny spoofing source no ip deny spoofing source Parameter description P...

Страница 748: ...how to disable the ingress filtering on the routed port Fa 0 5 Ruijie config int fa 0 5 Ruijie config if FastEthernet no ip deny spoofing source Related commands Command Description show ip deny inval...

Страница 749: ...ings N A Command mode Privileged EXEC mode Usage guidelines N A Examples Ruijie show ip deny invalid tcp DoS Protection Mode State protect against invalid tcp attack On Related commands Command Descri...

Страница 750: ...nds Command mode Privileged EXEC mode Usage guidelines N A Examples Ruijie show ip deny land DoS Protection Mode State protect against land attack On Related commands Command Description no ip deny la...

Страница 751: ...g function is enabled Note that DHCP Snooping cannot coexist with private VLAN Examples The following is an example of enabling the DHCP snooping function Ruijie configure terminal Ruijie config ip dh...

Страница 752: ...default once the DHCP Snooping is enabled globally it takes effect for all VLANs Command mode Global configuration mode Usage guidelines Use this command to configure effective DHCP snooping VLAN by...

Страница 753: ...ip dhcp snooping Switch DHCP snooping status ENABLE Verification of hwaddr field status DISABLE DHCP snooping database write delay time 0 seconds DHCP snooping option 82 status ENABLE DHCP snooping Su...

Страница 754: ...ooping database write delay time 0 seconds DHCP snooping option 82 status ENABLE DHCP Snooping Support Bootp bind status ENABLE Interface Trusted Rate limit pps Related commands Command Description sh...

Страница 755: ...option remote id as the customized character string The no form of this command will disable this function no ip dhcp snooping information option format remote id string ascii string hostname Paramete...

Страница 756: ...e DHCP snooping database into the flash Default Disabled Command mode Global configuration mode Usage guidelines This function can avoid loss of user information after restart In that case users need...

Страница 757: ...Usage guidelines Use this command to write the dynamic user information of the DHCP binding database into flash in real time Examples The following is an example of writing the dynamic user informati...

Страница 758: ...formation of the DHCP snooping ip dhcp snooping trust Use this command to set the ports of the switch as trusted ports The no form of this command sets the ports as untrust ports no ip dhcp snooping t...

Страница 759: ...s command will disable this function no ip dhcp snooping vlan vlan id information option change vlan to vlan vlan id Parameter description Parameter Description vlan The specified vlan to change Defau...

Страница 760: ...N where the DHCP request packets are ascii string The user defined content to fill to the Circuit ID Default Disabled Command mode Interface configuration mode Usage guidelines This command is used to...

Страница 761: ...DHCP packets by hardware CCP based rate limit takes precedence over DHCP Snooping based rate limit For CPP please refer to specific chapters You can view the rate limit setting on the corresponding in...

Страница 762: ...ng Ruijie show ip dhcp snooping Switch DHCP snooping status ENABLE Verification of hwaddr field status DISABLE DHCP snooping database write delay time 0 seconds DHCP snooping option 82 status ENABLE D...

Страница 763: ...gs 1 MacAddress IpAddress Lease Type VLAN Interface 00d0 f801 0101 192 168 1 1 static 1 fastethernet 0 1 Related commands Command Description ip dhcp snooping binding Add the static user information t...

Страница 764: ...ding database debug ip dhcp snooping Use this command to trun on the debugging switch of the DHCP snooping debug ip dhcp snooping Default Turned off Command mode Privileged EXEC mode Examples The foll...

Страница 765: ...rted on all switches Related commands Command Description ip dhcp snooping help Use this command to show the configuration help of dhcp command ip dhcp snooping help Parameter description N A Default...

Страница 766: ...tion of all VLANs is disabled Command mode Global configuration mode Usage guidelines To execute this command enable the DAI function firstly Examples The following configuration is to check the ARP m...

Страница 767: ...ce including the trust state and rate limit of the interface Platform description On the NFPP supported switches interface rate is limited by NFPP rather than DAI Therefore if you execute this command...

Страница 768: ...port Ruijie config ip arp inspection Ruijie config interface gigabitEthernet 0 2 Ruijie config if ip arp inspection limit rate 10 DHCP Snooping Database Related Configuration When the corresponding D...

Страница 769: ...atically interface id Add user interface id statically ip mac The global binding type is IP MAC ip only The global binding type is IP only Default configuration No static binding user Command mode Glo...

Страница 770: ...lines This command enables IP Source Guard function on the interface to do IP based or IP MAC based detection IP Source Guard takes effect only on DHCP Snooping untrusted port In other words IP Source...

Страница 771: ...ping Show binding information of dynamic user static Show binding information of static user vlan id Show user binding information of corresponding vlan Interface id Show user binding information of c...

Страница 772: ...Source Guard supports the following filtering modes inactive no snooping vlan the interface isn t within the range of DHCP Snooping VLAN and IP Source Guard is inactive inactive trust port the interf...

Страница 773: ...CLI Reference IPSource Guard Configuration Commands Platform description This command is supported on all switches...

Страница 774: ...tion mode Usage Guide N A Configuration Examples The following example shows how to enable the IPv6 ND Snooping function Ruijie configure terminal Enter configuration commands one per line End with CN...

Страница 775: ...ing trust Related Commands Command Description show ipv6 nd snooping Show the ipv6 nd snooping configurations Platform Description N A show ipv6 nd snooping Use this command to show the IPv6 nd snoopi...

Страница 776: ...CLI Reference ND Snooping Configuration Commands...

Страница 777: ...he show ip dhcpv6 snooping command to view whether the DHCPv6 snooping function is enabled Examples The following is an example of enabling the DHCPv6 snooping function Ruijie config ipv6 dhcp snoopin...

Страница 778: ...orted on all switches ipv6 dhcp snooping database write delay Use this command to configure the switch to write the dynamic user information of the DHCPv6 snooping binding database into the flash peri...

Страница 779: ...p snooping database write to flash Parameter description N A Default N A Command mode Global configuration mode Usage guidelines Use this command to write the dynamic user information of the DHCPv6 bi...

Страница 780: ...HCPv6 request packets on the interface fastethernet 0 1 Ruijie config interface fastethernet 0 1 Ruijie config if ipv6 dhcp snooping filter dhcp pkt Platform description This command is supported on a...

Страница 781: ...nooping View the configuration information of the DHCPv6 snooping Platform description This command is supported on all switches ipv6 dhcp snooping information option Use this command to enable the fu...

Страница 782: ...ation information of the DHCPv6 snooping Platform description This command is supported on all switches ipv6 dhcp snooping information option format remote id Use this command to enable the function o...

Страница 783: ...es ipv6 dhcp snooping link detection Use this command to clear the dynamic binding entry on an interface when the interface links down Use the no form of this command to disable this function ipv6 dhc...

Страница 784: ...Default All ports are untrust ports Command mode Interface configuration mode Usage guidelines Use this command to set the port as trust port The DHCPv6 Server response messages received under the tru...

Страница 785: ...mode Usage guidelines With the global DHCPv6 sooping enabled this function is enabled in all VLANs by default Examples The following example disables the DHCPv6 snooping function in VLAN1 Ruijie confi...

Страница 786: ...option change vlan to vlan 4093 Ruijie config if end Platform description This command is supported on all switches 35 2 ipv6 dhcp snooping vlan vlan id information option format type interface id str...

Страница 787: ...nformation option format type interface id string port name Ruijie config if end Platform description This command is supported on all switches ipv6 source binding Use this command to add the static b...

Страница 788: ...g dynamic binding entries Platform description This command is supported on all switches ipv6 verify source Use this command to set the address binding on the interface Use the no form of this command...

Страница 789: ...ding database manually as needed renew ipv6 dhcp snooping database Parameter description Parameter Description Default Disabled Command mode Privileged EXEC mode Usage guidelines This command is used...

Страница 790: ...atabase write delay time 0 seconds DHCPv6 snooping option 18 37 status ENABLE DHCPv6 ignore dest not found DISABLE DHCPv6 snooping link detection DISABLE Interface Trusted Filter DHCP FastEthernet0 10...

Страница 791: ...of bindings 1 Mac Address Ipv6 Address Lease s VLAN Interface 00d0 f801 0101 2001 10 42368 2 fa 0 1 Platform description This command is supported on all switches show ipv6 dhcp snooping prefix Use th...

Страница 792: ...64 42368 2 fa 0 1 Platform description This command is supported on all switches show ipv6 dhcp snooping statistics Use this command to show the statistical information of the dhcpv6 packets show ipv6...

Страница 793: ...are inexistent or error and the packets are discarded Binding fail The entry binding fails and the packets are discarded due to a lack of the hardware resources Unknown packet The unknown DHCP packets...

Страница 794: ...the MAC address prefix entry vlan vlan_id Show the VLAN prefix entry interface interface_name Show the interface prefix entry dhcp snooping Show the DHCPv6 snooping dynamic binding entry static Show...

Страница 795: ...ac address Clear the MAC address binding entry vlan vlan_id Clear the VLAN binding entry interface interface_name Clear the interface binding entry Default N A Command mode Privileged EXEC mode Usage...

Страница 796: ...lines This command is used to clear the generated user information in the dhcpv6 snooping prefix list Examples Ruijie clear ipv6 dhcp snooping prefix Platform description This command is supported on...

Страница 797: ...ion Parameter Description event The event debugging message Trace the DHCPv6 SNP event processing in real time such as the VLAN AP change process generating and deleting the binding entry the switchov...

Страница 798: ...t Disabled Command mode Interface configuration mode Usage guidelines Use the show anti arp spoofing command to view the configuration Examples Ruijie config interface fastEthernet 0 1 Ruijie config i...

Страница 799: ...CLI Reference Anti arp spoofing Configuration Commands Related commands Command Description anti arp spoofing ip Configure the anti arp spoofing...

Страница 800: ...ps Route packets 3000pps Protocol packets 3000pps Command mode Global configuration mode Examples Ruijie config cpu protect sub interface manage pps 200 Related commands Command Description cpu protec...

Страница 801: ...guard attack threshold Use this command to set the global attack threshold When the packet rate exceeds the attack threshold the attack occurs arp guard attack threshold per src ip per src mac per por...

Страница 802: ...ig nfpp arp guard attack threshold per port 50 Related commands Command Description nfpp arp guard policy Show the rate limit threshold and attack threshold show nfpp arp guard summary Show the config...

Страница 803: ...guard isolate period seconds permanent Parameter description Parameter Description seconds Set the isolate time in seconds The valid range is 0 or 30 86400 permanent Permanent isolation Default Setti...

Страница 804: ...tware monitoring if the isolate period is not 0 the software monitored attacker will be auto isolated by the hardware and the timeout time will be the isolate period The monitor period is valid with t...

Страница 805: ...e clear a part of monitored hosts to remind the administrator of the invalid configuration and removing the monitored hosts When the maximum monitored host number has been exceeded it prompts the mess...

Страница 806: ...ie config nfpp Ruijie config nfpp arp guard rate limit per src ip 2 Ruijie config nfpp arp guard rate limit per src mac 3 Ruijie config nfpp arp guard rate limit per port 50 Related commands Command D...

Страница 807: ...uard scan threshold 20 Related commands Command Description nfpp arp guard scan threshold Set the scan threshold on the port show nfpp arp guard summary Show the configurations show nfpp arp guard sca...

Страница 808: ...Description arp guard attack threshold Set the global attack threshold nfpp arp g uard polic y Set the limit threshold and attack threshold sho w nfpp arp g uard host s Show the monitored host clear n...

Страница 809: ...anti ARP attack function on the interface nfpp arp guard enable Parameter description Parameter Description Default Settings The anti ARP attack function is not enabled on the interface Command mode...

Страница 810: ...ion seconds Set the isolate period in second The valid range is 0 or 30 86400 0 indicates no isolation permanent Permanent isolation Default Settings By default the isolate period is not configured Co...

Страница 811: ...imit threshold and the attack threshold for each port rate limit pps Set the rate limit threshold with the valid range of 1 9999 attack threshold pps Set the attack threshold with the valid range of 1...

Страница 812: ...s Clear the isolated host nfpp arp guard scan threshold Use this command to set the scan threshold nfpp arp guard scan threshold pkt cnt Parameter description Parameter Description pkt cnt Set the sca...

Страница 813: ...ack threshold per src mac per port pps Parameter description Parameter Description per src mac Set the attack threshold for each source MAC address per port Set the attack threshold for each port pps...

Страница 814: ...nd to enable the DHCP anti attack function dhcp guard enable Parameter description Parameter Description Default Settings Disabled Command mode NFPP configuration mode Usage guidelines N A Examples Ru...

Страница 815: ...180 Related commands Command Description nfpp dhcp guard isolate period Set the isolate time on the interface show nfpp dhcp guard summary Show the configurations dhcp guard monitor period Use this co...

Страница 816: ...rd hosts Show the monitored host list clear nfpp dhcp guard hosts Clear the isolated host dhcp guard monitored host limit Use this command to set the maxmum monitored host number dhcp guard monitored...

Страница 817: ...urations dhcp guard rate limit Use this command to set the rate limit threshold globally dhcp guard rate limit per src mac per port pps Parameter description Parameter Description per src mac Set the...

Страница 818: ...ace id mac address Parameter description Parameter Description vid Set the VLAN ID interface id Set the interface name and number mac address Set the MAC address Default Settings N A Command mode Priv...

Страница 819: ...ription Default Settings The DHCP anti attack function is not enabled on the interface Command mode Interface configuration mode Usage guidelines The interface DHCP anti attack configuration is prior...

Страница 820: ...is not configured Command mode Interface configuration mode Usage guidelines N A Examples Ruijie config interface G0 1 Ruijie config if nfpp dhcp guard isolate period 180 Related commands Command Des...

Страница 821: ...rface configuration mode Usage guidelines The attack threshold value shall be equal to or greater than the rate limit threshold Examples Ruijie config interface G 0 1 Ruijie config if nfpp dhcp guard...

Страница 822: ...id range is 1 9999 Default Settings By default the attack threshold for each source MAC address is 10pps and the attack threshold for each port is 300pps Command mode NFPP configuration mode Usage gui...

Страница 823: ...late period Use this command to set the isolate time globally dhcpv6 guard isolate period seconds permanent Parameter description Parameter Description seconds Set the isolate time in seconds The vali...

Страница 824: ...tion seconds Set the monitor time in seconds The valid range is 180 86400 Default Settings 600s Command mode NFPP configuration mode Usage guidelines When the attacker is detected if the isolate perio...

Страница 825: ...1 4294967295 Default Settings 1000 Command mode NFPP configuration mode Usage guidelines If the monitored host number has reached the default 1000 the administrator shall set the max number smaller t...

Страница 826: ...er port Set the rate limit for each port pps Set the rate limit in the range of 1 9999 Default Settings The default rate limit for each source MAC address is 5pps the default rate limit for each port...

Страница 827: ...ss Default Settings N A Command mode Privileged EXEC mode Usage guidelines Use this command without the parameter to clear all monitored hosts Examples Ruijie clear nfpp dhcpv6 guard hosts vlan 1 inte...

Страница 828: ...config interface G0 1 Ruijie config if nfpp dhcpv6 guard enable Related commands Command Description dhcpv6 guard enable Enable the anti ARP attack function sho w nfpp dhcp v6 g uard sum mary Show the...

Страница 829: ...d policy Use this command to set the rate limit threshold and the attack threshold nfpp dhcpv6 guard policy per src mac per port rate limit pps attack threshold pps Parameter description Parameter Des...

Страница 830: ...uard attac k thr esho ld Set the global attack threshold dhcp v6 g uard rate l imit Set the global rate limit threshold show nfpp dhcpv6 guard summary Show the configurations show nfpp dhcpv6 guard h...

Страница 831: ...ge guidelines N A Examples Ruijie config nfpp Ruijie config nfpp icmp guard attack threshold per src ip 600 Ruijie config nfpp icmp guard attack threshold per port 1200 Related commands Command Descri...

Страница 832: ...time globally icmp guard isolate period seconds permanent Parameter description Parameter Description seconds Set the isolate time in seconds The valid range is 0 or 30 86400 permanent Permanent isola...

Страница 833: ...uration mode Usage guidelines When the attacker is detected if the isolate period is 0 the attacker will be monitored by the software and the timeout time will be the monitor period During the softwar...

Страница 834: ...has reached the default 1000 the administrator shall set the max number smaller than 1000 and it will prompt the message that ERROR The value that you configured is smaller than current monitored host...

Страница 835: ...for each port And the default rate limit threshold value for each port varies with the products For the S2600G I series the default value is 400 Command mode NFPP configuration mode Usage guidelines N...

Страница 836: ...ed host CPU without any rate limit and warning configuration Configure the mask to set all hosts in one network segment free from monitoring UP to 500 trusted hosts are supported Examples Ruijie confi...

Страница 837: ...rd hosts vlan 1 interface g0 1 Related commands Command Description icmp guard attack threshold Set the global attack threshold nfpp icmp guar d polic y Set the limit threshold and attack threshold sh...

Страница 838: ...nti ARP attack function sho w nfpp icmp guar d sum mary Show the configurations nfpp icmp guard isolate period Use this command to set the isolate period in the interface configuration mode nfpp icmp...

Страница 839: ...mit pps attack threshold pps Parameter description Parameter Description per src ip Set the rate limit threshold and the attack threshold for each source IP address per port Set the rate limit thresho...

Страница 840: ...ost clear nfpp icmp guard hosts Clear the isolated host IP guardConfiguration Commands The IP guard configuration commands include Caution It is worth mentioning that ip guard is for the attack of the...

Страница 841: ...guidelines The attack threshold shall be equal to or larger than the rate limit threshold Examples Ruijie config nfpp Ruijie config nfpp ip guard attack threshold per src ip 2 Ruijie config nfpp ip g...

Страница 842: ...the interface ip guard isolate period Use this command to set the isolate time globally ip guard isolate period seconds permanent Parameter description Parameter Description seconds Set the isolate ti...

Страница 843: ...tected if the isolate period is 0 the attacker will be monitored by the software and the timeout time will be the monitor period During the software monitoring if the isolate period is not 0 the softw...

Страница 844: ...the administrator shall set the max number smaller than 1000 and it will prompt the message that ERROR The value that you configured is smaller than current monitored hosts 1000 please clear a part of...

Страница 845: ...ld for each source IP address and each port is 20pps and 100pps respectively Command mode NFPP configuration mode Usage guidelines N A Examples Ruijie config nfpp Ruijie config nfpp ip guard rate limi...

Страница 846: ...nd Description nfpp ip guard scan threshold Set the scan threshold on the port show nfpp ip guard summary Show the configurations ip guard trusted host Use this command to set the trusted hosts free f...

Страница 847: ...trusted host 1 1 1 0 255 255 255 0 Related commands Command Description sho w nfpp ip gu ard trust ed h ost Show the configurations clear nfpp ip guard hosts Use this command to clear the monitored ho...

Страница 848: ...enable the ICMP anti attack function on the interface nfpp ip guard enable Parameter description Parameter Description Default Settings The IP anti scan function is not enabled on the interface Comma...

Страница 849: ...ion seconds Set the isolate period in second The valid range is 0 or 30 86400 0 indicates no isolation permanent Permanent isolation Default Settings By default the isolate period is not configured Co...

Страница 850: ...hreshold with the valid range of 1 9999 attack threshold pps Set the attack threshold with the valid range of 1 9999 Default Settings By default the rate limit threshold and the attack threshold are n...

Страница 851: ...pkt cnt Parameter description Parameter Description pkt cnt Set the scan threshold with the valid range of 1 9999 Default Settings By default the sport based scan threshold is not configured Command...

Страница 852: ...he redirect packets pps Set the attack threshold in pps The valid range is 1 9999 Default Settings By default the default attack threshold for the ns na rs and ra redirect on each port is 30 Command m...

Страница 853: ...ie config nfpp Ruijie config nfpp nd guard enable Related commands Command Description nffp nd guard enable Enable the ND anti attack function on the interface show nfpp nd guard summary Show the conf...

Страница 854: ...pp nd guard rate limit per port rs 5 Ruijie config nfpp nd guard rate limit per port ra redirect 5 Related commands Command Description nfpp nd guard policy Set the rate limit and the attack threshold...

Страница 855: ...r port ns na rs ra redirect rate limit pps attack threshold pps Parameter description Parameter Description ns na Set the neighbor request and neighbor advertisement rs Set the router request ra redir...

Страница 856: ...ort For the trusted port with ND snooping enabled ND snooping advertises ND guard to set the rate limit threshold and attack threshold for the three categories of packets as 800pps and 900pps respecti...

Страница 857: ...ameter Description name Defined guard name vid VLAN ID interface id Interface name ip address IP address ipv6 address IPv6 address Default Settings N A Command mode Privileged EXEC mode Usage guidelin...

Страница 858: ...able Related commands Command Description show nfpp define summary Show the user defined anti attack configurations isolate period Use this command to set the isolate time isolate period seconds perma...

Страница 859: ...efined anti attack match etype type src mac smac src mac mask smac_mask dst mac dmac dst mac mask dst_mask protocol protocol src ip sip src ip mask sip mask src ipv6 sipv6 src ipv6 masklen sipv6 maskl...

Страница 860: ...attack type and specify the message fileds to be matched Examples Ruijie config nfpp Ruijie config nfpp nfpp define tcp Ruijie config nfpp define match etype 0x0800 protocol 0x06 Related commands Com...

Страница 861: ...r has been exceeded it prompts the message that NFPP_DEFINE 4 SESSION_LIMIT Attempt to exceed limit of name s 1000 monitored hosts to remind the administrator Examples Ruijie config nfpp Ruijie config...

Страница 862: ...rather than being monitored by the software Examples Ruijie config nfpp Ruijie config nfpp nfpp define tcp Ruijie config nfpp define monitor period 1000 Related commands Command Description show nfpp...

Страница 863: ...elete the configurations of all trusted hosts with the no form of this command Default Settings N A Command mode NFPP define configuration mode Usage guidelines The administrator can use this command...

Страница 864: ...c mac per src ip per port rate limit pps attack threshold pps Parameter description Parameter Description per src ip Perform the rate statistics based on the source IP VID and port per src mac Perform...

Страница 865: ...will be printed and the trap will be sent For the classification based on the user the user will be isolated according to the isolate period Examples Ruijie config nfpp Ruijie config nfpp nfpp define...

Страница 866: ...mary Show the user defined anti attack configurations nfpp define name isolate period Use this command to set the local isolate period in the interface configuration mode nfpp define name isolate per...

Страница 867: ...threshold pps Parameter description Parameter Description per src ip Set the attack threshold for each source IP address per port Set the attack threshold for each port rate limit pps Set the rate lim...

Страница 868: ...Ruijie config if nfpp define tcp policy per port 50 100 Related commands Command Description defin e pol icy Set the global rate limit threshold and attack threshold show nfpp define summary Show the...

Страница 869: ...mand mode Privileged EXEC mode Usage guidelines N A Examples Ruijie clear nfpp log 32 log buffer entries were cleared Related commands Command Description show nfpp log Show the NFPP log configuration...

Страница 870: ...ence NFPP Configuration Commands Default Settings 256 Command mode NFPP configuration mode Usage guidelines N A Examples Ruijie config nfpp Ruijie config nfpp log buffer entries 50 Related Command Des...

Страница 871: ...NFPP Configuration Commands commands l o g b u f f e r l o g s n u m b e r _ o f _ m e s s a g e i n t e r v a l l e n g t h S h o w t h e r a t e o f t h e s y s l o g g e n e r a t e d fr o m t h e...

Страница 872: ...CLI Reference NFPP Configuration Commands s h o w n f p p l o g S h o w t h e N F P P l o g c o n fi g u r a ti o n o r t h e l o g b u ff e r a r e a...

Страница 873: ...ite the log to the buffer area but generate the syslog immediately With both the number_of_message and length_in_seconds values are 0 it indicates not to write the log to the buffer area but generate...

Страница 874: ...Command mode NFPP configuration mode Usage guidelines Use this command to filter the logs and records the logs within the specified VLAN range or the specified port Examples The following example sho...

Страница 875: ...h all attributes is displayed in the log buffer area The administrator shall increase the capacity of the log buffer area or improve the rate of generating the syslog The generated syslog in the log b...

Страница 876: ...P 1 Gi0 1 1 1 1 2 ISOLATE_FAILED 2009 05 30 16 23 15 ARP 1 Gi0 1 0000 0000 0001 SCAN 2009 05 30 16 30 10 ARP Gi0 2 PORT_ATTACKED 2009 05 30 16 30 10 Field Description Protocol ARP IP ICMP DHCP DHCPv6...

Страница 877: ...s The following example shows the statistical information of the monitored host Ruijie show nfpp arp guard hosts statistics success fail total 100 20 120 The following example shows the monitored host...

Страница 878: ...ress The IP address mac address The MAC address Default Settings N A Command mode Privileged EXEC mode Usage guidelines N A Examples Ruijie show nfpp arp guard scan statistics ARP scan table has 4 rec...

Страница 879: ...ARP scan list show nfpp arp guard summary Use this command to show the configurations show nfpp arp guard summary Parameter description Parameter Description Default Settings N A Command mode Privileg...

Страница 880: ...on Related commands Command Description arp guard attack threshold Set the global attack threshold arp guard enable Enable the anti ARP attack function arp guard isolate period Set the global isolate...

Страница 881: ...he VLAN ID interface id The interface name ip address The IP address mac address The MAC address Default Settings N A Command mode Privileged EXEC mode Usage guidelines N A Examples The following exam...

Страница 882: ...Settings N A Command mode Privileged EXEC mode Usage guidelines N A Examples Ruijie show nfpp dhcp guard summary Format of column Rate limit and Attack threshold is per src ip per src mac per port Int...

Страница 883: ...me dhcp guard monitor period Set the monitor period dhcp guard monitored host li mit Set the maximum number of the monitored hosts dhcp guard rate limit Set the global rate limit threshold nfpp dhcp g...

Страница 884: ...pv6 guard hosts statistics success fail total 100 20 120 The following example shows the monitored host Ruijie show nfpp dhcpv6 guard hosts If column 1 shows it means hardware failed to isolate host V...

Страница 885: ...mit Attack threshold Global Enable 300 5 150 10 300 Gi 0 1 Enable 180 6 8 Gi 0 2 Disable 200 5 30 10 50 Maximum count of monitored hosts 1000 Monitor period 300s Field Description Interface Global Glo...

Страница 886: ...eshold nfpp dhcpv6 guard enable Enable the DHCPv6 anti attack function on the interface nfpp dhcpv6 guard isolate period Set the isolate time nfpp dhcpv6 guard policy Set the rate limit threshold and...

Страница 887: ...onitored host Ruijie show nfpp icmp guard hosts If column 1 shows it means hardware failed to isolate host VLAN interface IP address remain time s 1 Gi0 1 1 1 1 1 110 2 Gi0 2 1 1 2 1 61 Total 2 host s...

Страница 888: ...ld Description Interface Global Global configuration Status Enable Disable the anti attack function Rate limit In the format of the rate limit threshold for the source IP address the rate limit thresh...

Страница 889: ...ard policy Set the rate limit threshold and attack threshold show nfpp icmp guard trusted host Use this command to show the trusted host free from being monitored show nfpp icmp guard summary Paramete...

Страница 890: ...d The interface name ip address The IP address mac address The MAC address Default Settings N A Command mode Privileged EXEC mode Usage guidelines N A Examples The following example shows the statisti...

Страница 891: ...ples Ruijie show nfpp ip guard summary Format of column Rate limit and Attack threshold is per src ip per src mac per port Interface Status Isolate period Rate limit Attack threshold Scan threshold Gl...

Страница 892: ...ip guard monitor period Set the monitor period ip guard monitored host li mit Set the maximum number of the monitored hosts ip guard rate limit Set the global rate limit threshold nfpp ip guard enabl...

Страница 893: ...ow nfpp nd guard trusted host Use this command to show the configurations show nfpp nd guard summary Parameter description Parameter Description Default Settings N A Command mode Privileged EXEC mode...

Страница 894: ...Enable the ND anti attack function nd guard rate limit Set the global rate limit threshold nfpp nd guard enable Enable the ND anti attack function on the interface nfpp nd guard policy Set the rate li...

Страница 895: ...e isolated successfully and 20 hosts fails Ruijie show nfpp define hosts tcp Define tcp If column 1 shows it means hardware do not isolate host VLAN interface IP address MAC address remain time s 1 Gi...

Страница 896: ...tack threshold is per src ip per src mac per port Interface Status Isolate period Rate limit Attack threshold Global Enable 300 5 150 10 300 G 0 1 Enable 180 6 8 G 0 2 Disable 200 5 30 10 50 Field Des...

Страница 897: ...Usage guidelines N A Examples The following example shows the trusted host configurations Ruijie show nfpp define trusted host tcp Define tcp IP address mask 1 1 1 0 255 255 255 0 1 1 2 0 255 255 255...

Страница 898: ...mmand in the privileged EXEC mode to switchover the Chinese English interface Related commands Command Description nfpp arp guard policy help Use this command to show the example information of the co...

Страница 899: ...in the privileged EXEC mode to switchover the Chinese English interface Related commands Command Description nfpp help Use this command to show the example information of the command beginning with th...

Страница 900: ...mands Usage guidelines N A Examples Note Use the language Chinese English command in the privileged EXEC mode to switchover the Chinese English interface Related commands Command Description nfpp help...

Страница 901: ...CLI Reference NFPP Configuration Commands...

Страница 902: ...ACL QOS Configuration Commands 1 ACL Configuration Commands 2 QoS Configuration Commands...

Страница 903: ...ip or it can be numbers 0 to 255 that represent the IP protocol It is described when some important protocols such as icmp tcp udp are listed individually interface idx Interface index src Packet sou...

Страница 904: ...on host VID vid VLAN ID VID inner vid VID of the tag ethernet type Ethernet protocol type 0x value can be entered match all tcpf Match all bits of the TCP flag text Remark text in Filter the incoming...

Страница 905: ...t source any interface idx destination destination wildcard host destination any precedence precedence tos tos fragment range lower upper time range time range name log Extended MAC access list 700 to...

Страница 906: ...mac address any operator port port precedence precedence tos tos fragment range lower upper time range time range name List remark access list id list remark text Parameter Description Parameter Desc...

Страница 907: ...ide To filter the data by using the access control list you must first define a series of rule statements by using the access list You can use ACLs of the appropriate types according to the security n...

Страница 908: ...dod host prohibited dod net prohibited echo echo reply fragment time exceeded general parameter problem host isolated host precedence unreachable host redirect host tos redirect host tos unreachable h...

Страница 909: ...route failed time exceeded timestamp reply timestamp request ttl exceeded unreachable The TCP ports are as follows A port can be specified by port name and port number bgp chargen cmd daytime discard...

Страница 910: ...ber biff bootpc bootps discard dnsix domain echo isakmp mobile ip nameserver netbios dgm netbios ns netbios ss ntp pim auto rp rip snmp snmptrap sunrpc syslog tacacs talk tftp time who xdmcp The Ether...

Страница 911: ...tion procedure is as below Ruijie config access list 702 deny host 00d0f8000c0c any aarp Ruijie config interface gigabitethernet 1 1 Ruijie config if mac access group 702 in 4 Example of the extended...

Страница 912: ...ure terminal Enter configuration commands one per line End with CNTL Z Ruijie config clear expert access list counters 2700 Ruijie config end Ruijie show access lists 2700 expert access list extended...

Страница 913: ...t 192 168 21 59 any log Ruijie configure terminal Enter configuration commands one per line End with CNTL Z Ruijie config clear ip access list counters 101 Ruijie config end Ruijie show access lists 1...

Страница 914: ...e configure terminal Enter configuration commands one per line End with CNTL Z Ruijie config clear ipv6 access list counters v6 list Ruijie config end Ruijie show access lists v6 list ipv6 access list...

Страница 915: ...mac access list counters 700 Ruijie config end Ruijie show access lists 700 mac access list extended mac acl 10 permit host 0023 56ac 8965 any arp 20 deny any any etype any cos 6 Related Commands Comm...

Страница 916: ...ation mac address any precedence precedence tos tos fragment range lower upper time range time range name When you select the ethernet type field or cos field sn deny ethernet type cos out inner in VI...

Страница 917: ...t time range time range name Transmission Control Protocol TCP sn deny tcp source ipv6 prefix prefix length hostsource ipv6 address any operator port port destination ipv6 prefix prefix length host de...

Страница 918: ...t 1 1 The configuration procedure is as below Ruijie config ip access list extended ip ext acl Ruijie config ext nacl deny tcp host 192 168 4 12 eq 100 any Ruijie config ext nacl show access lists ip...

Страница 919: ...access list extended v6 acl 11 deny ipv6 host 192 168 4 12 any Ruijie config ipv6 nacl exit Ruijie config interface gigabitethernet 1 1 Ruijie config if ipv6 traffic filter v6 acl in Related Commands...

Страница 920: ...following example shows how to apply the access list accept_00d0f8xxxxxx only to Gigabit interface 0 1 Ruijie config interface GigaEthernet 0 1 Ruijie config if expert access group accept_00d0f8xxxxxx...

Страница 921: ...of this command to restore the default matching mode of fragmentation packets expert access list new fragment mode id name no expert access list new fragment mode id name Parameter Description Parame...

Страница 922: ...tes the name of the ACL Defaults The packet matching counter of the expert ACL is disabled Command mode Global configuration mode Usage Guide Use the show expert access lists command to view the confi...

Страница 923: ...layer 4 information of original traffic of the intranet The temporary access list is created based on the following rules Protocol unchanged source IP and destination IP are strictly exchanged with e...

Страница 924: ...99 for extended ACL name Name of the ACL Defaults None Command mode Global configuration mode Usage Guide There are differences between a standard ACL and an extended ACL The extended ACL is more prec...

Страница 925: ...indicates that no ACL logging is output Defaults The default interval at which the packet matching log of IPv4 ACL is updated is five minutes Command mode Global configuration mode Usage Guide This c...

Страница 926: ...on mode Usage Guide Use the show access lists command to view the setting of ACL Configuration Examples Example 1 enables the packet counter for the standard ACL Ruijie config ip access list counter s...

Страница 927: ...agged with fragment all packets including the first and all subsequent fragmentation packets will be matched Command mode Global configuration mode Usage Guide This command is used to switch and contr...

Страница 928: ...the ACL entries Ruijie show access lists ip access list standard 1 10 permit host 192 168 4 12 20 deny any any Ruijie config Ruijie config ip access list resequence 1 21 43 Ruijie config exit Ruijie s...

Страница 929: ...cket matching log of the IPv6 ACL is updated Use the no form of this command to restore the default value ipv6 access list log update interval time no ipv6 access list log update interval Parameter De...

Страница 930: ...to enable the packet matching counter for all ACEs under the extended IPv6 ACL Use the no form of this command to disable the function ipv6 access list counter name no ipv6 access list countername Pa...

Страница 931: ...scription Parameter Description name Name of Ipv6 ACL in Filter the incoming packets of the interface out Filter the outgoing packets of the interface Defaults No ACL is applied on the interface Comma...

Страница 932: ...e preceding one are deleted Configuration Examples Ruijie ip access list extended 102 Ruijie config ext nacl list remark this acl is to filter the host 192 168 4 12 Ruijie config ext nacl show access...

Страница 933: ...to apply the access list accept_00d0f8xxxxxx only to Gigabit interface 1 Ruijie config interface GigaEthernet 1 1 Ruijie config if mac access group accept__00d0f8xxxxxx_only in Related Commands Comma...

Страница 934: ...Es under the extended MAC ACL Use the no form of this command to disable the function mac access list counter id name no mac access list counter id name Parameter Description Parameter Description id...

Страница 935: ...Description Parameter Description sn Sequence number of the ACL entry Defaults Command mode ACL configuration mode Usage Guide Use this command to delete an ACL entry in ACL configuration mode Config...

Страница 936: ...cedence tos tos fragment time range time range name Transmission Control Protocol TCP sn permit tcp source source wildcard host source any operator port port destination destination wildcard host dest...

Страница 937: ...rt destination destination wildcard host destination any host destination mac address any operator port port precedence precedence tos tos fragment range lower upper time range time range name Address...

Страница 938: ...deny any any any any Ruijie config exp nacl This example shows how to use the extended IP ACL The purpose is to permit the host with the IP address 192 168 4 12 to provide services through the TCP por...

Страница 939: ...6 ACL The purpose is to permit the host with the IP address 192 168 4 12 and apply the ACL to interface gigabitethernet 1 1 The configuration procedure is as below Ruijie config ipv6 access list exten...

Страница 940: ...02 Ruijie config ext nacl remark first_remark Ruijie config ext nacl permit tcp 1 1 1 1 0 0 0 0 2 2 2 2 0 0 0 0 Ruijie config ext nacl remark second_remark Ruijie config ext nacl permit tcp 3 3 3 3 0...

Страница 941: ...formation Platform Description This command is not supported by routers security global access group Use this command to configure the global security channel security global access group id name no s...

Страница 942: ...uration mode Usage Guide Use this command to configure the uplink port of the security channel on the interface Configuration Examples Ruijie config if security uplink enable Related Commands Command...

Страница 943: ...Commands Command Description ip access group Apply the IP ACL to the interface mac access group Apply the mac ACL to the interface expert access group Apply the expert ACL to the interface ipv6 traff...

Страница 944: ...mac access list Define the extended MAC ACL expert access list Define the extended expert ACL ipv6 access list Define the extended IPv6 ACL Platform Description show expert access group Use this comm...

Страница 945: ...mode Usage Guide Show the IP ACL configured of the interface If no interface is specified the associated IP ACLs of all the interfaces will be shown Configuration Examples Ruijie show ip access group...

Страница 946: ...pe of IPv6 ACL Platform Description show mac access group Use this command to show the configured MAC ACL of the interface show mac access group interface interface Parameter Description Parameter Des...

Страница 947: ...rded by Layer 3 devices Use the no form of this command to disable this function svi router acls enable no svi router acls enable Parameter Description Parameter Description no Disable the svi router...

Страница 948: ...es all the packets in the same way But if you associate a policy map with an interface and the trust mode on one interface the QoS of this interface is enabled automatically To disable the QoS functio...

Страница 949: ...r Description cos The QoS trust mode of the port is CoS dscp The QoS trust mode of the port is DSCP ip precedence The QoS trust mode of the port is IP PRE no Restore it to the default value Default co...

Страница 950: ...igabitethernet 1 1 Ruijie config if mls qos cos 7 Related commands show mls qos interface interface id interface rate limit Use this command to set the rate limit on the port rate limit input output b...

Страница 951: ...cp no set ip dscp Use the following command to set the cos value of the packets With the none tos configured the DSCP value of the packets will not be modified set cos new cos none tos no set cos Use...

Страница 952: ...scp 10 Set the bandwidth as 1M the burst traffic as 4096k and the method for handing the excessive part to assign the new DSCP value of 16 Ruijie config pmap c police 1000000 4096 exceed action dscp 1...

Страница 953: ...ue no priority queue Parameter description Parameter Description priority queue Set the output queue scheduling algorithm to SP no priority queue Set the output queue scheduling algorithm to WRR Defau...

Страница 954: ...uing wrr queue bandwidth Use this command to set the weight ratio for the WRR algorithm Use the no form of the command to restore it to the default wrr queue bandwidth weight1 weightn no war queue ban...

Страница 955: ...uration See the default configuration Command mode Global configuration mode Examples Ruijie config mls qo map cos dscp 8 10 16 18 24 26 32 34 Related commands Command Description show mls qos maps Sh...

Страница 956: ...on the interface Use the no form of the command to restore it to the default rate limit input output bps burst size no rate limit Parameter description Parameter Description input Specify the input s...

Страница 957: ...d round robin scheduling no Restore to the default value Default configuration The queue scheduling algorithm is wrr by default Command mode Global configuration mode Examples Ruijie config mls qos sc...

Страница 958: ...mapping mls qos map ip prec dscp dscp1 dscp8 no mls qos map ip prec dscp Parameter description Parameter Description dscp Specify the DSCP value no Restore to the default value Default configuration...

Страница 959: ...q schedule algorithm Examples The following example sets the queue to use wfq schedule algorithm Ruijie config mls qos scheduler wfq Ruijie config show mls qos scheduler The following example configur...

Страница 960: ...show mls qos scheduler The following example configures queue 1 and queue 3 to use SP Ruijie config wfq queue 1 sp Ruijie config wfq queue 3 sp Ruijie config show running Related commands Command Desc...

Страница 961: ...hall be distributed on the former 24 ports or the latter 24 ports Examples The following example sets the interface gigabitEthernet 1 3 as the member of virtual group 3 Ruijie config interface gigabit...

Страница 962: ...uration All policy maps are shown by default Command mode Privileged EXEC mode Examples Ruijie show policy map show mls qos interface Use this command to display the QoS configuration on the interface...

Страница 963: ...ation This command is used to show the police information associated with the virtual group Command mode Privileged EXEC mode Examples Ruijie show mls qos virtual group 1 Ruijie show mls qos virtual g...

Страница 964: ...de Privileged EXEC mode Examples Ruijie show mls qos maps show mls qos rate limit Use this command to show the information about rate limit on the interface show mls qos rate limit interface interface...

Страница 965: ...ommands summary Show the information on all virtual groups Command mode Privileged EXEC mode Examples Ruijie show virtual group 1 Ruijie show virtual group summary Related commands Command Description...

Страница 966: ...EUP Configuration Commands 3 RLDP Configuration Command 4 DLDP Configuration Commands 5 TPP Configuration Commands 6 BFD Configuration Commands 7 RNS Track Configuration Commands 8 GRTD Configuration...

Страница 967: ...ld not exceed 44 md name Set the name of the maintenance domain where the maintenance association is Default Disabled Command mode Configuration mode Usage guidelines The summary length of the mainten...

Страница 968: ...jie config no ethernet cfm md MD_A Related commands Command Description show cfm md Show the maintenance domain information cfm service instance vlan md ma Use this command to create the service insta...

Страница 969: ...nstance Use this command to set the MEP maintenance association end point list The no form of this command can be used to delete the MEP maintenance association end point cfm mep list mep list service...

Страница 970: ...st service instance Show the MEP maintenance association end point list information cfm mep service instance Use this command to set the MEP maintenance association end point The no form of this comma...

Страница 971: ...n intermediate point The no form of this command can be used to delete the rule of generating the maintenance domain intermediate point cfm mip rule explicit default service instance instance id no cf...

Страница 972: ...o the default value cfm cc interval interval type service instance instance id no cfm cc interval service instance instance id Parameter description Parameter Description interval type Configure CCM t...

Страница 973: ...cfm cc service instance enable Use this command to enable the function of transmitting CCM on MEP The no form of this command can be used to disable this function cfm cc service instance instance id...

Страница 974: ...to restore the lowest bug level to the default value cfm alarm priority priority value service instance instance id mep mep id no cfm alarm priority Parameter description Parameter Description instanc...

Страница 975: ...aintenance association end point id in the range of 1 8191 remote mep remote mep id Remote MEP id remote mac mac address MAC address of the remote MP including the maintenance association end point an...

Страница 976: ...cription size entries count The system is able to save the response information corresponding to the auto executed linktrace for entries count times in total The valid range is 1 100 no Disable the li...

Страница 977: ...Remote MEP id remote mac mac address MAC address of the remote MP including the maintenance association end point and maintenance domain intermediate point count count value The number of the LBM to...

Страница 978: ...scription ma name Maintain association name md name Maintain domain name Default By default all maintenance associations are shown Command mode Privileged EXEC mode Usage guidelines N A Examples The e...

Страница 979: ...A Command mode Privileged EXEC mode Usage guidelines N A Examples Ruijie show cfm mep 100 service instance 1 Related commands Command Description cfm mep service instance Show the MEP maintenance ass...

Страница 980: ...show cfm mp interface interface id Parameter description Parameter Description interface id Interface id Default By default information of maintenance points on all interfaces including the MEP mainte...

Страница 981: ...ssociation end point id in the range of 1 8191 Default N A Command mode Privileged EXEC mode Usage guidelines N A Examples Ruijie show cfm remote mep service instance 1 mep 100 show cfm service instan...

Страница 982: ...the range of 1 8191 Default By default all instances are shown Command mode Privileged EXEC mode Usage guidelines N A Examples The example below shows the linktrace information of one MEP maintenance...

Страница 983: ...100 Default By default all auto detected linktrace information is shown Command mode Privileged EXEC mode Usage guidelines N A Examples The example below shows all the auto detected linktrace informa...

Страница 984: ...and then add a port into the specified link state track group Examples The following example shows how to create a link state track group Ruijie config link state track 1 Related commands Command Des...

Страница 985: ...1 Ruijie config interface fa 0 2 Ruijie config if link state group 1 upstream Related commands Command Description link state track Enable a link state track group mac address table move update max u...

Страница 986: ...erface switchport backup interface interface id no switchport backup Parameter description Parameter Description Interface id Interface ID of the backup link Default N A Command mode Interface configu...

Страница 987: ...the bandwidth preemption mode the interface with high bandwidth has priority over other interfaces to transmit the data In the forced preemption mode the primary has priority over backup interfaces to...

Страница 988: ...e loss of L2 data flow You need to enable the switch of receiving the MAC address update messages on the uplink switch Examples Ruijie config mac address table move update receive Related commands Com...

Страница 989: ...escription mac address table move update receive Enable REUP to receive MAC address update packets mac address table move update transit Use this command to enable REUP to transmit the mac address tab...

Страница 990: ...e guidelines When a link is switched the VLAN enabled to transmit MAC address update packets will send MAC address update packets to its uplink device Examples The following example configures VLANs t...

Страница 991: ...Related commands Command Description show mac address table update group detail Show the mac address table update group information switchport backup interface interface id prefer instance Use this c...

Страница 992: ...this command to show the information of a link state track group show link state group num Parameter description Parameter Description num ID of a link state track group Default None Command mode Pri...

Страница 993: ...by Interface Pair Gi0 23 Gi0 24 Preemption Mode Off Preemption Delay 35 seconds Bandwidth Gi0 23 1000 Mbits Gi0 24 1000 Mbits show mac address table update group detail Use this command to show the ma...

Страница 994: ...c address table update group detail Mac address table Update Group 1 Received mac address table update message count 7 Group member Receive Count Last Receive Switch ID Receive Time GigabitEthernet 0...

Страница 995: ...bled Examples The following example shows how to enable RLDP Ruijie config rldp enable Related commands Command Description rldp port Enable the RLDP function on the port rldp detect interval Use this...

Страница 996: ...detection packets on the port If the neighboring port does not respond when this detection number is exceeded the link is considered faulty Use the no form of this command to restore it to the default...

Страница 997: ...ing Warn the user shutdown svi Shutdown the SVI the port belongs to shutdown port Shutdown the port block Disable the learning forwarding function of the port Default N A Command mode Interface config...

Страница 998: ...show rldp interface interface id Parameter description Parameter Description interface id Interface ID Command mode Privileged EXEC mode debug rldp Use this command to turn on the RLDP service debuggi...

Страница 999: ...CLI Reference RLDP Configuration Command Command mode Privileged EXEC mode...

Страница 1000: ...3600 in ticket 1 ticket 10ms retry value The retransmission times The valid range is 1 3600 resume value The resume times of the link of the peer device detected Before changing the link state from DO...

Страница 1001: ...et the DLDP detection in the passive mode Use the no form of this command to return to the default active DLDP detection mode dldp passive no dldp passive Parameter description Parameter Description D...

Страница 1002: ...e dldp link configured Down times times of the dldp link chaning from UP to DOWN since last reset Up times times of the dldp link changing from DOWN to UP since last reset Start times means the last r...

Страница 1003: ...opip Clear the UP and DOWN times recorded if the nexthop exists Command mode Privileged EXEC mode Usage guidelines The dldp records the number of UP and DOWN With this command executed the UP and DOWN...

Страница 1004: ...CLI Reference DLDP Configuration Commands Ruijie config if FastEthernet 0 0 clear dldp 20 1 1 1 10 1 1 1...

Страница 1005: ...CLI Reference DLDP Configuration Commands...

Страница 1006: ...nst topology oscillation due to attacks It should be used with the cpu topology limit command Examples The following example shows how to enable and disable the global topology protection function Rui...

Страница 1007: ...do not support this command Examples The following example shows how to configure the topology protection function for the port Ruijie config if tp guard port enable Ruijie config if no tp guard port...

Страница 1008: ...CLI Reference TPP Configuration Commands Related commands Command Description topology guard Enable the topology protection function globally...

Страница 1009: ...value Count of BFD control message not received from the peer in the configured interval multiplier value valid range from 3 to 50 Defaults No BFD session parameters by default Those parameters must b...

Страница 1010: ...sable the BFD configuration for the OSPF or the RIP protocol on the interface 1 Use the bfd all interfaces or the no bfd all interfaces command in the OSPF or RIP router configuration mode 2 Use the i...

Страница 1011: ...packets which avoids the packets dropped by the URPF in case that this function is used with other functions such as the URPF at the same time process pst Associate this session with the bdf status of...

Страница 1012: ...ets attack the device which lead to the BFD session turbulence the device can be protected by enabling the BFD protection policy However if the BFD function and the BFD protection policy are enabled a...

Страница 1013: ...he no ip deny land command to disable the DDOS Land based attack prevention function With both ends of the BFD session enabled the Echo mode takes effect Configuration Examples The example below shows...

Страница 1014: ...dampening Use this command to set the bfd up dampening time Use the no form of this command to restore the default value bfd up dampening milliseconds no up dampening Parameter Description Parameter D...

Страница 1015: ...uration of BFD for OSPF 1 Use the bfd all interfaces or no bfd all interfaces command to enable or disable the configuration of BFD for the routing protocols on all interfaces in the OSPF router confi...

Страница 1016: ...Use the ip rip bfd disable command to enable or disable the configuration of BFD for RIP on the specified interface in interface configuration mode Configuration Examples The example below shows how...

Страница 1017: ...the configuration Configuration Examples The example below shows how to configure the BFD for the static routes and detects the forwarding path between the neighbor 172 16 0 2 through BFD Ruijie confi...

Страница 1018: ...een configured before the configuration Configuration Examples The example below shows how to configure the BFD for the static routes and detects the forwarding path between the neighbor 2001 1 2 thro...

Страница 1019: ...s command to configure the BFD for PBR and detects whether the next hop of the configured PBR is valid or not by the Track method Use the no form of this command to disable this function set ip next h...

Страница 1020: ...t 0 1 172 16 0 2 Ruijie config route map end Related Commands Command Description bfd Set the BFD session parameters Platform Description N A show bfd neighbors Use this command to show the BFD sessio...

Страница 1021: ...ccurs in the BFD session for the LSP backward IP co operation Configuration Examples The following shows the result of the command show bfd neighbors Ruijie show bfd neighbors OurAddr NeighAddr LD RD...

Страница 1022: ...ied or not MinTxInt The minimum sending interval for the local session MinRxInt The minimum receiving interval for the local session Multiplier The timeout detection times for the local session Receiv...

Страница 1023: ...hether the master or backup router is active or not through BFD Command Mode Interface configuration mode Usage Guide Note that the BFD session parameters must have been configured before the configur...

Страница 1024: ...CLI Reference BFD Configuration Commands Related Commands Command Description bfd Set the BFD session parameters Platform Description N A...

Страница 1025: ...change of the track object status For example the status of a track object changes from up to down if the delay down 180 command is configured the down status will be advertised after 180 seconds If...

Страница 1026: ...on N A frequency milliseconds Use this command to set the interval of sending the packets which must be more than or equal to the timeout time frequency milliseconds Parameter Description Parameter De...

Страница 1027: ...he ICMP echo packets Defaults N A Command Mode IP RNS configuration mode Usage Guide This command enables ip rns object to send icmp echo packets and the destination ip address is the ip address confi...

Страница 1028: ...ription N A set ip nexthop nexthop track Use this command to bind the nexthop in the route map to a track object If this track object status is down the nexthop configured will not take effect set ip...

Страница 1029: ...specific RNS object configuration The configuration information varies with the packet type Configuration Examples N A Related Commands Command Description N A N A Platform Description N A show ip rns...

Страница 1030: ...umber Parameter Description Parameter Description track number Set the track object number in the range of 1 700 Defaults N A Command Mode Privileged EXEC mode Usage Guide Use this command to show the...

Страница 1031: ...ets Platform Description N A track interface line protocol Use this command to configure a track object to track the interface status and enter the track mode The no form of this command is used to de...

Страница 1032: ...ption Parameter Description object number Set the track object number in the range of 1 to 700 entry number Set the RNS object number in the range of 1 to 700 Defaults N A Command Mode Global configur...

Страница 1033: ...he default routing entry is used by the icmp echo packets Command Mode ICMP echo configuration mode Usage Guide N A Configuration Examples Use this command to specify a vrf routing table to select the...

Страница 1034: ...e Global configuration mode Usage guidelines Use the diagnostic bootup level command to set the bootup test level Three levels of bootup test can be configured bypass bootup test minimal bootup test a...

Страница 1035: ...ent records Default The default number of diagnostic event records is 500 Command mode Global configuration mode Usage guidelines Use the diagnostic event log size command to set the number of diagnos...

Страница 1036: ...erval slot slot_id sub_system subsys_id test all test id range test range Parameter description Parameter Description slot slot_id Optional Slot ID sub_system subsys_id Optional Subsystem ID value ran...

Страница 1037: ...erval of the second test item of slot 2 back to the default value ruijie config no diagnostic monitor interval slot 2 test 2 ruijie config Field Description slot 2 test 2 The second test item of slot...

Страница 1038: ...active Caution The health monitoring test status for a destructive test cannot be set to active You can view the attributes of test items of modules by using the show diagnostic content command Exampl...

Страница 1039: ...on Parameter Description slot slot_id Slot ID sub_system subsys_id Optional Subsystem ID value range 0 1 whose meaning is equivalent to cpu id in the show version command test all test id range test r...

Страница 1040: ...f consecutive failed health monitoring tests for all test items of a BOX device back to the default value ruijie config no diagnostic monitor threshold test all ruijie config Related commands Command...

Страница 1041: ...global configuration mode For example you can set a test item of a slot to be conducted at 12 12 on January 20 2010 or at a fixed time each day or each week diagnostic schedule slot slot_id sub_system...

Страница 1042: ...ame time Caution If you set a test plan at a certain time you cannot other test plans at this time Examples Example 1 The following example sets items 1 and 2 of module 2 to be conducted at 10 10 a m...

Страница 1043: ...test slot slot_id sub_system subsys_id port all range port_range port_id loopback mac phy none Parameter description Parameter Description range_value Port No The format is 1 1 24 The number 1 before...

Страница 1044: ...tick as timeout time unit diagnostic packet slot slot_id sub_system subsys_id length lengtn_size num num_count time_out tick_count Parameter description Parameter Description slot slot_id Slot ID sub...

Страница 1045: ...bsys_id Optional Subsystem ID value range 0 1 whose meaning is equivalent to cpu id in the show version command test all test id range test range Test items all means all items range means a range for...

Страница 1046: ...no yes ruijie Related commands Command Description show diagnostic result Show the results of command line tests Platform description N A diagnostic stop Use this command to stop diagnostic tests of a...

Страница 1047: ...privileged EXEC mode show diagnostic bootup level Parameter description Parameter Description level Bootup test level Default This command has no default setting Command mode Privileged EXEC mode Usa...

Страница 1048: ...default setting Command mode Privileged EXEC mode Usage guidelines Note You can use the show module command to display module information Examples Example 1 The following example displays diagnostic...

Страница 1049: ...N A 5 TestNorFlash DX not config N A 6 TestI2C C DX not config N A 7 TestPCI C DX not config N A 8 TestDdr DX B not config N A Ruijie Field Description ID Test item ID Test Name Test item name Attribu...

Страница 1050: ..._system subsys_id Optional Subsystem ID value range 0 1 whose meaning is equivalent to cpu id in the show version command test all test id range test range Test items all means all items range means a...

Страница 1051: ...tCpld This test verifies the cpld work exactly or not TestNandFlash This test verifies the NandFlash work exactly or not TestNorFlash This test verifies the NorFlash work exactly or not TestI2C This t...

Страница 1052: ...de Privileged EXEC mode Usage guidelines Use the show diagnostic events command to display all event information generated by GRTD Examples Example 1 Use the show diagnostic events command to display...

Страница 1053: ...test all test id range test range Optional Test item Default This command has no default setting Command mode Privileged EXEC mode Usage guidelines N A Examples Example 1 Use the show diagnostic resul...

Страница 1054: ...diagnostic schedule Use this command to display the planned test timetables for modules in privileged EXEC mode show diagnostic schedule slot slot_id sub_system subsys_id Parameter description Parame...

Страница 1055: ...and Description diagnostic schedule Set the planned test timetables for modules Platform description N A show diagnostic status Use this command to display all current diagnostic test status in privil...

Страница 1056: ...Diagnostics Dev Slot Description Current Running Test Run by 1 0 S5750 48GT 4SFP E N A N A 3 0 RG S5750 48GT 4SFP E N A N A Ruijie Field Description Slot Slot ID and the 0 indicates the host Dev Devic...

Страница 1057: ...mode so the first command executed is enable to enter the privilege mode No password is required from the user in action cli you will pass authentication directly Pattern string contains multiple res...

Страница 1058: ...record Clear CLI records generated during the execution of SEM policy Platform description N A action counter In SEM configuration mode use this command to configure the policy action that operates th...

Страница 1059: ...onfig applet commit Ruijie config applet exit Related commands Command Description smart manager applet Define the command line based SEM policy action exit In SEM configuration mode use this command...

Страница 1060: ...e config applet action 10 exit 0 Ruijie config applet commit Ruijie config applet exit The following example monitors the command line using synchronization mode when user inputs the line yes the aaa...

Страница 1061: ...anager applet Test_1 Ruijie config applet event tag monitor_log syslog pattern memory fail Ruijie config applet action 00 switchover Ruijie config applet commit Ruijie config applet exit Related comma...

Страница 1062: ...generated the message the event application with the same sub system and type will be triggered Examples The following example monitors the event published by the action publish event with the sub sy...

Страница 1063: ...ig applet event tag monitor_memory sysmon memory scope system free entry op lt entry val 20000 Ruijie config applet action 00 reload Ruijie config applet commit Ruijie config applet exit Related comma...

Страница 1064: ...rt manager applet Test_1 Ruijie config applet event tag none_event none Ruijie config applet action 00 set var_for_test Test_1 running Ruijie config applet action 10 syslog msg var_for_test Ruijie con...

Страница 1065: ..._cpu sysmon cpu scope system entry op gt entry val 95 Ruijie config applet action 00 syslog msg system busy Ruijie config applet commit Ruijie config applet exit Related commands Command Description s...

Страница 1066: ...rp sync yes Ruijie config applet action 00 cli command enable Ruijie config applet action 10 wait 5 Ruijie config applet action 20 exit 1 Ruijie config applet commit Ruijie config applet exit Related...

Страница 1067: ...Roll back the policy configurations Platform description N A description In SEM configuration mode use this command to confiure the description of SEM policy The no form of this command clears the des...

Страница 1068: ...o skip yes no mode variable occurs num occurrences period period value no ip msdp mesh group mesh name peer address Parameter description Parameter Description event name Event name correlate andnot a...

Страница 1069: ...ompletes If the returned value is not 0 the command will be executed normally If the returned value is 0 the command will not be executed When option sync is set to no option skip is available If you...

Страница 1070: ...e command Ruijie config smart manager applet Test_1 Ruijie config applet event tag monitor_input cli pattern show ip route sync no skip no Ruijie config applet action 00 syslog msg show ip route runni...

Страница 1071: ...f the minotored event Default configuration By default no event is configured Command mode SEM configuration mode Usage Guideline The event application command is used to monitor the events published...

Страница 1072: ...applet Define the command lined based SEM policy action publish event Publish the action of application event event counter In SEM configuration mode this command monitors the SEM counter The no form...

Страница 1073: ...the combinations between the command counter and entry op entry val are patterned successfully an event is triggered Then the current patterning stops meaning the event detection fails When triggered...

Страница 1074: ...and or interface name interface type interface number parameter counter name entry op operator entry val entry value entry type value increment rate poll interval poll int value exit op operator exit...

Страница 1075: ...lue type to recover comparison optional exit time exit time value The minimum time between triggering and monitoring recovery optional average factor average factor value It is used by rate and is the...

Страница 1076: ...ransmit_rate_bps Interface transmit rate in bits sec transmit_rate_pps Interface transmit rate in pkts sec txload Transmit rate as a fraction of 255 Available events Variable Name Function _interface_...

Страница 1077: ...poll int value exit op operator exit val exit value slot slot num slave subsystem subsystem id no event tag event name Parameter description Parameter Description event name The event name correlate a...

Страница 1078: ...nfiguration mode Usage Guideline The event system command is used to monitor the following items CPU utilization by the system type cpu scope system CPU utilization by a certain task type cpu scope ta...

Страница 1079: ...plet commit Ruijie config applet exit Related commands Command Description smart manager applet Define the command line based SEM policy Platform description N A event none In SEM configuration mode t...

Страница 1080: ...me Function _policy_name Policy name _none_argc Number of parameters _none_arg1 Parameter 1 _none_arg2 Parameter 2 _none_arg3 Parameter 3 _none_arg4 Parameter 4 _none_arg5 Parameter 5 Examples The fol...

Страница 1081: ...tion of the previous events in the case of multiple events optional The values are and or and andnot type plugin remove The monitored plug in and removal events optional slot slot num slave The monito...

Страница 1082: ...The no form of this command is used to delete an event with the specified name event tag event name correlate andnot and or snmp oid oid value get type exact next entry op operator entry val entry va...

Страница 1083: ...lue The value to recover comparison optional exit type value increment rate The value type to recover comparison optional exit time exit time value The minimum time between triggering the policy and m...

Страница 1084: ...tform description N A event snmp notification This command is used to configure a monitor of SNMP Traps in SEM configuration mode The no form of this command is used to delete an event with the specif...

Страница 1085: ...est_1 Ruijie config applet event tag monitor_trap snmp notification oid 1 3 6 1 2 1 52 2 1 op gt oid val 1000 Ruijie config applet action 00 syslog msg have trap _snmp_notif_oid value _snmp_notif_oid_...

Страница 1086: ...icate whether to skip the SNMP operation the default setting is no Default configuration No event is configured Command mode SEM configuration mode Usage Guideline Available events Variable Name Funct...

Страница 1087: ...event name The event name correlate andnot and or The relation between the current event and the combination of the previous events in the case of multiple events optional The values are and or and a...

Страница 1088: ...pplet exit Related commands Command Description smart manager applet Define the command line based SEM policy Platform description N A event timer This command is used to configure a time based event...

Страница 1089: ...onal Default configuration No event is configured Command mode SEM configuration mode Usage Guideline Time based events can be divided into the following four classes A specific data and time A time p...

Страница 1090: ...cache Ruijie config applet commit Ruijie config applet exit Example 4 Clear route at 0 o clock everyday Ruijie config intelligence manager applet Test_4 Ruijie config applet event tag monitor_timer t...

Страница 1091: ...rop The packet statistics type op operator The comparing method eq equal to ge greater than or equal to gt greater than le less than or equal to lt less than ne unequal to value value The comparison v...

Страница 1092: ...grtd This command is used to configure a GRTD based event in SEM configuration mode The no form of this command is used to delete an event with the specified name event tag event name correlate andnot...

Страница 1093: ...gured Command mode SEM configuration mode Usage Guideline Available events Variable Name Function _grtd_test_slot Board that trigger an event _grtd_test_type Event type _grtd_test_name Test name _grtd...

Страница 1094: ...e Usage Guideline N A Examples The following example rolls back the policy configurations Ruijie config smart manager applet Test_1 Ruijie config applet event tag none event none Ruijie config applet...

Страница 1095: ...d configure the size of CLI action outputs policy record per instance record size per policy per policy record size per policy no policy record Parameter description Parameter Description per instance...

Страница 1096: ...f per instance record size per policy the earliest records will be overwritten When the gross size of the log file of CLI action outputs generated during the running of a specific policy exceeds the v...

Страница 1097: ...er Description applet name Define the name of the SEM policy which should consist of numbers letters and underline class class options optional Specify the class of the policy The default class is def...

Страница 1098: ...m variables that are generated by each kind of event refer to use guide Note The policy configuration does not take effect until the commit command is used in SEM configuration mode to submit it A pol...

Страница 1099: ...n current event and the combination of all the previous events Therefore the first event is blocked out for the parallel relationship and the default relation is and Event variables available to all p...

Страница 1100: ...ion Parameter Description variable name Define the variable name string Define the variable value Default configuration By default the SEM global variable is not defined Command mode Global configurat...

Страница 1101: ...ription Parameter Description events Set the maximum number of SEM history information to be saved sizes Set the specified number its the maximum value is 50 and default value is 50 also Default confi...

Страница 1102: ...A Examples The following example sets the bootup delay to 120 seconds Ruijie config smart manager policy bootup delay 120 Related commands Command Description smart manager applet Define the command...

Страница 1103: ...d The following example clears all CLI ouput records generated by running the SEM policy Ruijie smart manager policy record clean all Related commands Command Description action cli Execute the CLI po...

Страница 1104: ...gered with _none_argc argc Ruijie config applet commit Ruijie config applet exit Related commands Command Description smart manager applet Define the command line based SEM policy smart manager schedu...

Страница 1105: ...escription smart manager applet Define the command line based SEM policy Platform description N A smart manager scheduler hold In the privileged EXEC mode this command holds the SEM scheduler smart ma...

Страница 1106: ...ger scheduler modify class class options queue priority high last low normal Parameter description Parameter Description class class options Specify the class of the running policy queue priority high...

Страница 1107: ...e releases all monitors and all queue transmissions Ruijie smart manager scheduler release all Related commands Command Description smart manager applet Define the command line based SEM policy smart...

Страница 1108: ...he thread pool specified the policy will not be executed Examples The following example configures up to 5 available threads for th e thread pool of Class B and Class D Ruijie config smart manager sch...

Страница 1109: ...ger scheduler Show the SEM scheduler information trigger Use this command to configure the trigger attributes of the policy in SEM configuration mode trigger occurs occurs value occurs period occurs p...

Страница 1110: ...olicy named Test_1 to run with 10 seconds delay after being triggered Ruijie config smart manager applet Test_1 Ruijie config applet event tag none event none Ruijie config applet trigger delay 10 Rui...

Страница 1111: ...1 00 4 counter 01 00 5 interface 01 00 6 sysmon 01 00 7 none 01 00 8 oir 01 00 9 snmp 01 00 10 snmp notification 01 00 11 timer 01 00 12 snmp object 01 00 The following example executes the show smart...

Страница 1112: ...Command Description show smart manager environment In the privileged EXEC mode this command shows the global variable information show smart manager environment all variable name Parameter description...

Страница 1113: ...e show smart manager environment var_none inexistent global variables Ruijie show smart manager environment var_none No such environment variable defined Related commands Command Description smart man...

Страница 1114: ...Actv success Wed Nov11 10 15 23 2009 timer watchdog applet Test_1 6 2822 Actv success Wed Nov11 10 15 25 2009 timer watchdog applet Test_1 The following example executes the show smart manager history...

Страница 1115: ...licy all No Status Policy Name 1 commit Test_1 2 not commit Test_2 show smart manager policy registered In the privileged EXEC mode this command shows the policy registered show smart manager policy r...

Страница 1116: ...Thu Oct 21 13 46 16 2010 event_1 timer watchdog time 1 action 00 syslog msg Action_00 action 10 wait 360 action 20 syslog msg Action_20 Related commands Command Description smart manager applet Defin...

Страница 1117: ...38 2009 none Test_1 4 3162 N A running Wed Nov11 10 28 39 2009 none Test_1 5 3163 N A running Wed Nov11 10 28 39 2009 none Test_1 6 3164 N A running Wed Nov11 10 28 40 2009 none Test_1 The following e...

Страница 1118: ...guration N A Command mode Privileged EXEC mode Usage Guideline Use this command to show the policies of pending running Examples The following example executes the show smart manager policy pending co...

Страница 1119: ...none Test_1 maxrun 31536000 000 3 3193 N P pend Wed Nov11 10 28 54 2009 none Test_1 maxrun 31536000 000 4 3194 N P pend Wed Nov11 10 28 54 2009 none Test_1 maxrun 31536000 000 5 3195 N P pend Wed Nov1...

Страница 1120: ...show smart manager scheduler thread detailed Applet threads service class default total 1 running 0 idle 1 2 Applet threads service class A B C total 32 running 3 idle 29 class A 1 calss B 2 show sma...

Страница 1121: ...1 SEM grtd v310_throttle 1 0 7 SEM call home v310_throttle 1 0 6 Event Detectors Name Version application 01 00 syslog 01 00 cli 01 00 counter 01 00 interface 01 00 sysmon 01 00 none 01 00 oir 01 00 s...

Страница 1122: ...e Guidelines This command can only be executed in VSU mode Configuration Examples Example 1 enables BFD dual active detection Ruijie config switch virtual domain 1 Ruijie config vs domain dual active...

Страница 1123: ...Command Mode config vs domain configuration mode Usage Guidelines This command can only be executed in the VSU mode The exclude interface must be a routing interface but not a VSL interface Users can...

Страница 1124: ...onfiguration Command Mode config vs domain configuration mode Usage Guidelines The BFD detection interfaces must be routed ports on different devices Configuration Examples The following example confi...

Страница 1125: ...ce create the interface The latter configured detection interface will cover the formerly configured one Configuration Examples The following example configures aggregate port 1 as a detection interfa...

Страница 1126: ...rt 1 no dad relay enable Ruijie config if AggregatePort 1 exit Related Commands Command Description dual active detection Configure dual active detection dual active bfd interface Configure BFD dual a...

Страница 1127: ...member port in the standalone mode Ruijie config vsl aggregateport 1 Ruijie config vsl ap 1 port member interface GigabitEthernet 0 1 Ruijie config vsl ap 1 no port member interface GigabitEthernet 0...

Страница 1128: ...console of the master or any device session device sw_id master Parameter Description Parameter Description device Configure redirection to the console of the member device sw_id Member device ID in t...

Страница 1129: ...ines This command can be executed in both the VSU and standalone modes The current switch ID can be viewed in the VSU mode and the currently configured switch ID can be viewed in the standalone mode C...

Страница 1130: ...mode three member switches Ruijie show switch virtual Switch_id Domain_id Priority Status Role 1 1 1 1 100 100 OK ACTIVE switch 1 2 2 1 1 100 100 OK CANDIDATE switch 2 3 3 1 1 100 100 OK STANDBY swit...

Страница 1131: ...tual balance Aggregate port LFF enable Related Commands Command Description show switch virtual Show the domain ID ID and role of every device Platform Description N A show switch virtual config Show...

Страница 1132: ...convert mode standalone Show the VSU configuration information in the VSU mode Ruijie show switch virtual config switch_id 1 mac 00d0 f810 1111 switch virtual domain 1 switch 1 switch 1 priority 200 s...

Страница 1133: ...member interface GigabitEthernet 0 2 Related Commands Command Description show switch virtual Show the domain ID the ID and role of each device Platform Description N A show switch virtual dual active...

Страница 1134: ...1 0 1 UP GigabitEthernet 2 0 2 UP Example 3 checks the status of AP based dual active detection Ruijie show switch virtual dual active aggregateport Aggregateport dual active detection enabled Yes Agg...

Страница 1135: ...1 100000 100000 1d 4h 29m VSL Status has two values DOWN and UP Example 2 shows the VSL port information Ruijie show switch virtual link port VSL AP 1 1 Port State Peer port Rx Tx Uptime GigabitEther...

Страница 1136: ...1 mac 001a a97e 0ecf description switch1 vsl ap 1 vsl ap 2 of switch 6 vsl ap 2 vsl ap 1 of switch 2 switch 2 mac 001a a97e 0ed1 description switch2 vsl ap 1 vsl ap 2 of switch 1 vsl ap 2 vsl ap 1 of...

Страница 1137: ...evice in a VSU system has an ID In the VSU mode the interface name changes from slot port into switch slot port format where the switch is the switch ID that the interface locates To select the master...

Страница 1138: ..._id Indicates the ID of the switch that needs to be configured with a priority dev_name Indicates the device name description Default Configuration N A Command Mode config vs domain configuration mode...

Страница 1139: ...he standalone mode The configuration becomes valid only after the device restarts The no form of this command is used to restore the default value 100 of the domain ID Configuration Examples Modify th...

Страница 1140: ...d only after the device restarts This command cannot modify sw_id In the standalone mode if sw_id is set to 1 running the switch 2 priority 200 command does not work You can first use switch 2 to modi...

Страница 1141: ...sage Guidelines This command can only be executed in the VSU mode instead of the standalone mode The configuration becomes valid only after the device restarts The no form of this command is used to r...

Страница 1142: ...hether to overwrite config text with standalone text writes related configurations of VSU in config_vsu_dat and finally restarts the switch This command can be executed in both the standalone and VSU...

Страница 1143: ...ocal priority forwarding feature namely to change into the cross switch traffic balancing mode switch virtual aggregateport lff enable no switch virtual aggregateport lff enable Parameter Description...

Страница 1144: ...devices that have the same domain ID can form a VSU system The domain ID must be unique in a WLAN Configuration Examples Configure the domain ID to 1 Ruijie config switch virtual domain 1 Ruijie conf...

Страница 1145: ...P member interface Platform Description N A vsu convert to stack Use this command to convert the VSU system to the stack system vsu convert to stack Parameter Description Parameter Description N A N A...

Страница 1146: ...CLI Reference VSU Configuration Commands Examples Ruijie vsu conver to stack Related Commands Command Description N A N A...

Страница 1147: ...Management and Monitoring 1 SNMP Configuration Commands 2 RMON Configuration Commands 3 NTP Configuration Commands 4 SNTP Configuration Commands 5 SPAN Configuration Commands 6 RSPAN Configuration Co...

Страница 1148: ...guration mode Usage Guide This command disables the SNMP agent services of all versions supported on the device Configuration Examples The example below disables the SNMP agent service Ruijie config n...

Страница 1149: ...ie show snmp Chassis 60FF60 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0...

Страница 1150: ...sage Guide This command is used to configure whether to send LinkTrap of an interface such as the Ethernet interface AP interface and SVI interface When the function is enabled if the link status of t...

Страница 1151: ...p server community Use this command to specify the SNMP community access string in global configuration mode The no format of the command cancels the SNMP community access string snmp server community...

Страница 1152: ...nd store the community string as a ciphertext In this case after the configuration of the service password encryption command is removed the community string is still displayed and stored as a ciphert...

Страница 1153: ...mode The no form of this command is used to disable the SNMP server to actively send the SNMP Trap massage to NMS snmp server enable traps snmp no snmp server enable traps Parameter Description Parame...

Страница 1154: ...NMPv3 priv Authenticate and encrypt the messages transmitted by the user group This applies to only SNMPv3 readview Associate with a read only view aclnum Sequence number of the ACL in the range of 1...

Страница 1155: ...e type of the SNMP trap message sent actively such as snmp Defaults By default no SNMP host is specified If no type of the SNMP trap message is specified all types of the SNMP trap message will be inc...

Страница 1156: ...on snmp server location text no snmp server location Parameter Description Parameter Description text String describing the system Defaults Null Command Mode Global configuration mode Configuration Ex...

Страница 1157: ...ain spaces Defaults The device network element code information is null Command Mode Global configuration mode Usage Guide Configuration Examples The following example sets a device network element co...

Страница 1158: ...ueue length length Parameter Description Parameter Description length Queue length in the range of 1 to 1000 Defaults 10 Command Mode Global configuration mode Usage Guide The SNMP trap message queue...

Страница 1159: ...otification function The RGOS sends the SNMP trap messages to the NMS to notify the system pending before the device is reloaded or rebooted Configuration Examples The example below enables the SNMP s...

Страница 1160: ...Command Description snmp server enable traps Enable the function of sending Trap message initiatively snmp server host Specify a host for NMS Platform Description snmp server trap source Use this com...

Страница 1161: ...SNMP trap message in global configuration mode The no form of this command is used to restore the default value snmp server trap timeout seconds no snmp server trap timeout Parameter Description Para...

Страница 1162: ...Command Mode Global configuration mode Usage Guide Configuration Examples The following example specifies the protocol port 15000 to receive SNMP packets Ruijie config snmp server udp port 15000 Rela...

Страница 1163: ...used for encryption The system will change the password to the corresponding encryption key md5 Enable the MD5 authentication protocol While the sha enables the SHA authentication protocol aclnumber S...

Страница 1164: ...e Specify the MIB object to associate with the view include Include the sub trees of the MIB object in the view exclude Exclude the sub trees of the MIB object from the view Defaults By default a defa...

Страница 1165: ...sampling type is changed value sampling When the sampling time is up the system will draw the changing values during the sampling interval rising threshold valueevent number Set as the value of the up...

Страница 1166: ...ory control entry in the range of 1 to 65535 ownerownername Set the entry ownername in a character string composed of 1 to 64 characters the character string is case sensitive and does not include spa...

Страница 1167: ...the statistics information sheet in range of 1 to 65535 owner ownername Set the entry ownername in a character string composed of 1 to 64 characters The character string is case sensitive and does not...

Страница 1168: ...tring composed of 1 to 64 characters owner owner name Set the entry ownername in a character string composed of 1 to 64 characters The character string is case sensitive and does not include space Def...

Страница 1169: ...2 1 2 2 1 12 6 sampleType 2 alarmValue 0 startupAlarm 3 risingThreshold 20 fallingThreshold 10 risingEventIndex 1 fallingEventIndex 1 owner zhangesan stats 1 Related Commands Command Description rmon...

Страница 1170: ...tion ifInNUcastPkts type 4 community rmon lastTimeSent 0 d 0 h 0 m 0 s owner zhangsan status 1 Related Commands Command Description rmon event number log trap community description description string...

Страница 1171: ...dex 1 sampleIndex 198 intervalStart 0d 14h 0m 47s dropEvents 0 octets 67988 pkts 726 broadcastPkts 502 multiPkts 189 crcAlignErrors 0 underSizePkts 0 overSizePkts 0 fragments 0 jabbers 0 collisions 0...

Страница 1172: ...rnet 0 1 owner zhangsan status 0 dropEvents 0 octets 1884085 pkts 3096 broadcastPkts 161 multiPkts 97 crcAlignErrors 0 underSizePkts 0 overSizePkts 1200 fragments 0 jabbers 0 collisions 0 packets64Oct...

Страница 1173: ...ig no ntp Related commands Command Description ntp server Specify a NTP server ntp access group Use this command to configure the access control priority of the ntp service Use the no form of this com...

Страница 1174: ...from the smallest to the largest to access restriction and the first matched rule shall prevail The matching order is peer serve serve only query only Caution Control query function is not supported...

Страница 1175: ...specified by ntp authentication key and ntp trusted key Examples After an authentication key is configured and specified as the global trusted key enable the authentication mechanism Ruijie config ntp...

Страница 1176: ...e global trusted key The upeer limit of the keys is 1024 However each server can only support one key Examples The following example configures an authentication key with ID 6 Ruijie config ntp authen...

Страница 1177: ...figuration example below disables the function of receiving the NTP message on the interface Ruijie config no ntp disable ntp master Use this command to configure the local time as the NTP master the...

Страница 1178: ...In addition before using this command if the system has never been synchronized with an external clock source it is necessary to manually calibrate the system clock to prevent too much bias Examples T...

Страница 1179: ...te the encrypted communication with the server In the same condition for instance precision the prefer clock is used for synchronization It should be noted that the configured interface is that config...

Страница 1180: ...ronizes the NTP realtime Ruijie config ntp synchronize Related commands Command Description ntp server Specify a NTP server Platform description N A ntp trusted key Use this command to set a key at th...

Страница 1181: ...source Use the no form of this command to disable the update calendar function ntp update calendar no ntp update calendar Parameter description N A Default By default update the calendar periodically...

Страница 1182: ...e below enables the NTP debugging switch Ruijie config debug ntp show ntp status Use this command to show the NTP information show ntp status Parameter description N A Default N A Command mode Privile...

Страница 1183: ...s of SNTP Examples Ruijie config sntp enable Related commands Command Description show sntp Show the SNTP configuration clock update calendar Synchronize the software clock with the hardware clock clo...

Страница 1184: ...sntp enable Enable SNTP show sntp Show the SNTP configuration clock update calendar Synchronizes the software clock with the hardware clock Platform description N A sntp server Use this command to set...

Страница 1185: ...sntp enable Enable SNTP Platform description N A show sntp Use this command to show the parameters of SNTP show sntp Command mode Privileged EXEC mode Usage guidelines This command shows the paramete...

Страница 1186: ...description Parameter Description session_number SPAN session number source interface interface id Specify the source port interface id interface ID which can be physical interface not SVI destinatio...

Страница 1187: ...sion status Note session 1 supports global port mirroring crossing line cards To configure the SPAN crossing the line cards only the session 1 can be used Examples The example below describes how to c...

Страница 1188: ...e Usage guidelines N A Examples This example shows how to use show monitor to display SPAN session 1 Ruijie show monitor session 1 sess num 1 src intf GigabitEthernet 3 1 frame type Both dest intf Gig...

Страница 1189: ...itch Set remote source mirroring monitor session session num source interface interface name rx tx both no monitor session session num source interface interface name rx tx both Set the mirroring refl...

Страница 1190: ...gabitEthernet1 1 switch Related Commands Command Description show monitor Show mirroring session information Platform Description N A remote span Use this command to enable the remote port mirroring f...

Страница 1191: ...CLI Reference Guide RSPAN Configuration Commands Platform Description N A...

Страница 1192: ...CLI Reference Guide...

Результаты поиска

Содержание RG-S2600G-I Series

Отзывы:

Похожие инструкции для RG-S2600G-I Series

Бренды по названию

Популярные бренды

Ruijie RG-S2600G-I Series, Справочное руководство CLI

Результаты поиска

Содержание RG-S2600G-I Series

Отзывы:

Похожие инструкции для RG-S2600G-I Series

Бренды по названию

Популярные бренды