3Com® Switch 4500 Family Command Reference Guide Switch 4500 26-Port Switch 4500 50-Port Switch 4500 PWR 26-Port Switch 4500 PWR 50-Port www.3Com.com Part No. 10015729, Rev.
3Com Corporation 350 Campus Drive Marlborough, MA USA 01752-3064 Copyright © 2007, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
CONTENTS ABOUT THIS GUIDE About This Software Version 13 How This Guide is Organized 13 Intended Readership 14 Conventions 14 Related Documentation 15 1 USING SYSTEM ACCESS COMMANDS Logging in Commands 2 18 USING PORT COMMANDS Ethernet Port Configuration Commands 43 Ethernet Port Link Aggregation Commands 64 3 USING VLAN COMMANDS VLAN Configuration Commands 76 Voice VLAN Configuration Commands 4 USING POWER OVER ETHERNET (POE) COMMANDS PoE Configuration Commands 5 81 88 USING NETWORK PROTOCOL
7 USING MULTICAST PROTOCOL COMMANDS IGMP Snooping Configuration Commands 8 176 USING QOS/ACL COMMANDS ACL Commands List 184 QoS Configuration Commands List 190 Logon User’s ACL Control Command 201 9 USING STACK COMMANDS Stack Commands 10 207 USING RSTP COMMANDS RSTP Configuration Commands 11 216 USING AAA AND RADIUS COMMANDS 802.
13 A CONFIGURING PASSWORD CONTROL BOOTROM INTERFACE Accessing the Bootrom Interface Boot Menu 456 455
ALPHABETICAL LISTING OF COMMANDS display poe interface 88 display poe power 89 poe power-management 93 poe update 95 access-limit 254 accounting optional 270 acl 184 acl 201 am enable 114 am ip-pool 114 am trap enable 115 apply cost 166 arp check enable 101 arp static 102 arp static 103 ascii 320 attribute 254 authentication-mode 18 auto-execute command 19 binary 320 boot boot-loader 338 boot bootrom 338 Boot Menu File Download Commands 459 broadcast-suppression 43 bye 436 bye 321 cd 436 cdup 437 cdup 322
copy configuration 43 copy 299 cut connection 255 databits 20 data-flow-format 270 debugging arp packet 104 debugging dhcp client 108 debugging dhcp xrn xha 108 debugging dhcp-relay 110 debugging lacp packet 64 debugging lacp state 65 debugging link-aggregation error 64 debugging link-aggregation event 64 debugging mac-authentication event 247 debugging ssh server 417 debugging udp-helper 118 debugging 351 default cost 149 delete 437 Delete File from Flash 457 delete static-routes all 147 delete 300 delete
display dhcp-server 112 display dhcp-server interface vlan-interface 113 display diagnostic-information 352 display domain 258 display dot1x 236 display fan 340 display fib 121 display fib 123 display fib acl 122 display fib ip_address 122 display fib ip-prefix 123 display fib statistics 124 display ftm 209 display ftp-server 315 display ftp-user 315 display history-command 21 display icmp statistics 124 display igmp-snooping configuration 176 display igmp-snooping group 176 display igmp-snooping statistics
display memory 341 display mirror 190 display ntp-service sessions 404 display ntp-service status 405 display ntp-service trace 406 display password-control 445 display password-control super 446 display poe powersupply 90 display port 48 display power 341 display qos cos-local-precedencemap 191 display qos-interface all 191 display qos-interface line-rate 192 display qos-interface mirrored-to 192 display qos-interface traffic-limit 193 display radius statistics 273 display radius 272 display remote-ping 35
display this 311 display udp statistics 129 display udp-helper server 119 display unit 48 display user-interface 21 display users 23 display version 350 display vlan 77 display voice vlan oui 81 display voice vlan status 82 display xrn-fabric 209 domain 260 dot1x authentication-method 238 dot1x dhcp-launch 239 dot1x max-user 239 dot1x port-control 240 dot1x port-method 241 dot1x quiet-period 242 dot1x retry 243 dot1x supp-proxy-check 244 dot1x timer 245 dot1x 237 Download Application File to Flash 456 duple
idle-cut 261 idle-timeout 27 if-match cost 168 if-match interface 169 if-match ip next-hop 170 igmp-snooping 178 igmp-snooping host-aging-time 178 igmp-snooping max-response-time 179 igmp-snooping router-aging-time 180 import-route 153 info-center channel name 362 info-center enable 363 info-center logbuffer 364 info-center loghost source 366 info-center loghost 365 info-center monitor channel 366 info-center snmp channel 367 info-center source 368 info-center switch-on 371 info-center timestamp 372 info-ce
loopback-detection per-vlan enable 54 ls 440 ls 327 mac-address max-mac-count 336 mac-address timer 337 mac-address 335 mac-authentication 249 mac-authentication authmode 250 mac-authentication authpassword 251 mac-authentication authusername 252 mac-authentication domain 252 mac-authentication timer 253 mdi 54 messenger 264 mirrored-to 194 mirroring-port 195 mkdir 440 mkdir 303 mkdir 327 Modify Bootrom Password 458 monitor-port 196 more 303 move 304 multicast-suppression 55 nas-ip 276 network 154 ntp-servi
peer-public-key end 421 peer-public-key end 428 peer 155 ping 353 poe enable 91 poe legacy enable 91 poe max-power 92 poe mode 93 poe priority 94 port 79 port access vlan 56 port hybrid pvid vlan 56 port hybrid vlan 57 port isolate 117 port link-aggregation group 72 port link-type 58 port trunk permit vlan 59 port trunk pvid vlan 59 preference 156 primary accounting 277 primary authentication 278 priority 196 priority trust 197 protocol inbound 29 protocol inbound 422 public-key-code begin 423 public-key-co
remove 442 rename 442 rename 305 reset 156 reset acl counter 187 reset arp 107 reset counters interface 60 reset dot1x statistics 246 reset igmp-snooping statistics 180 reset ip statistics 130 reset lacp statistics 73 reset logbuffer 373 reset password-control blacklist 452 reset password-control history-record 451 reset password-control history-record super 452 reset radius statistics 280 reset recycle-bin 306 reset saved-configuration 312 reset stop-accounting-buffer 281 reset stp 217 reset tcp statistics
rsa peer-public-key 431 rule 187 save 313 schedule reboot at 343 schedule reboot delay 344 scheme 266 screen-length 31 secondary accounting 284 secondary authentication 285 Select Application File to Boot 456 self-service-url 267 send 32 server-type 285 service-type 319 service-type 268 service-type 32 set authentication password 33 Set Bootrom Password Recovery 458 Set Switch Startup Mode 459 set unit name 212 sftp 443 sftp server enable 435 shell 34 shutdown 80 shutdown 61 Skip Current Configuration File
ssh user assign rsa-key 426 ssh user authentication-type 427 ssh user service-type 435 ssh2 433 startup bootrom-access enable 314 state 269 state 286 stop-accounting-buffer enable 287 stopbits 35 stp 218 stp bpdu-protection 219 stp cost 220 stp edged-port 220 stp loop-protection 221 stp mcheck 222 stp mode 222 stp pathcost-standard 223 stp point-to-point 224 stp port priority 224 stp priority 225 stp root primary 226 stp root secondary 226 stp root-protection 227 stp timeout-factor 228 stp timer forward-del
timers 164 timer 288 tracert 359 traffic-limit 199 udp-helper enable 119 udp-helper port 119 udp-helper server 120 undelete 307 undo snmp-agent 393 unicast-suppression 62 user privilege level 40 user 331 user-interface 39 user-name-format 291 verbose 332 View 32 vlan 81 voice vlan 84 voice vlan aging 83 voice vlan enable 83 voice vlan mac_address 84 voice vlan mode 85 voice vlan security enable 86 wred 200 xrn-fabric authentication-mode 212 display packet-filter 185 if-match { acl | ip-prefix } 168 info-cen
ABOUT THIS GUIDE This guide provides all the information you need to use the configuration commands supported by version 3.0.x software on the 3Com® Switch 4500. About This Software Version The software in the Switch 4500 is a subset of that used in some other 3Com products. Depending on the capabilities of your hardware platform, some commands described in this guide may not be available on your Switch, although the unavailable commands may still display on the command line interface (CLI).
14 ABOUT THIS GUIDE ■ Intended Readership Conventions Using System Management Commands — Introduces the commands used for system management and maintenance. The guide is intended for the following readers: ■ Network administrators ■ Network engineers ■ Users who are familiar with the basics of networking This guide uses the following conventions: Table 1 Icons Icon Notice Type Description Information note Information that describes important features or instructions.
Related Documentation 15 Table 2 Text conventions [] Items shown in square brackets [ ] are optional. Example 1: in the command display users [all], the square brackets indicate that the parameter all is optional. You can enter the command with or without this parameter. Example 2: in the command user-interface [type] first-number [last-number] the square brackets indicate that the parameters [type] and [last-number] are both optional.
16 ABOUT THIS GUIDE
1 USING SYSTEM ACCESS COMMANDS This chapter describes how to use the following commands: Logging in Commands ■ authentication-mode ■ auto-execute command ■ command-privilege level ■ databits ■ display history-command ■ display user-interface ■ display users ■ flow-control ■ free user-interface ■ header ■ history-command max-size ■ idle-timeout ■ language-mode ■ lock ■ parity ■ protocol inbound ■ quit ■ return ■ screen-length ■ send ■ service-type ■ View ■ set a
18 CHAPTER 1: USING SYSTEM ACCESS COMMANDS Logging in Commands authentication-mode ■ system-view ■ telnet ■ user-interface ■ user privilege level This section describes the commands that you can use to configure system access and system security. Syntax authentication-mode { password | scheme | none } View User interface view Parameter password: Requires local authentication of password at log in. scheme: Requires local or remote authentication of username and password at log in.
Logging in Commands auto-execute command 19 Syntax auto-execute command text undo auto-execute command View User Interface View Parameter text: Specifies the command to be run automatically. Description Enter auto-execute command text to configure the Switch to automatically run a specified command. When the user logs in, the command will be executed automatically.
20 CHAPTER 1: USING SYSTEM ACCESS COMMANDS Description Use the command-privilege level command to configure the priority level assigned to any command within a selected view. The command levels are, from lowest to highest: ■ 0 – Visit ■ 1 – Monitoring ■ 2 – System ■ 3 – Management When the user logs into the Switch, the commands used depends on the user level settings and the command level settings on the user interface.
Logging in Commands 21 8 – Sets the data bits to 8. Description Use the databits command to configure the data bits for the AUX (Console) port to either 7 or 8. By default, the value is 8. Use the undo databits command to restore the default value (8). This command can only be performed in the AUX user interface view. Example To configure the data bits of the AUX (Console) port to 7 bits, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
22 CHAPTER 1: USING SYSTEM ACCESS COMMANDS summary: Display the summary of a user interface. Description Use the display user-interface command to view information on a user interface. You can choose to access this information by user interface type and type number, or by user interface index number. The information displayed is the same whichever access method you use.
Logging in Commands 1 character mode users. 1 total UIs in use. UI's name: aux0 23 (U) Table 4 Output Description of the display user-interface summary Command display users Field Description 0: U User interface type 1 character mode users One type of user interface 1 total UIs in use The total number of user interfaces in use UI’s name User interface name Syntax display users [ all ] View All views Parameter all: Enter to display information on all user interfaces.
24 CHAPTER 1: USING SYSTEM ACCESS COMMANDS flow-control Syntax flow-control { hardware | none | software } undo flow-control View User interface view Parameter hardware: Enter to set hardware flow control. none: Enter to set no flow control. software: Enter to set software flow control. Description Use the flow-control command to configure the flow control mode on the AUX (Console) port to hardware, software or none.
Logging in Commands 25 Example To reset user interface AUX 1 from another user interface on the Switch, enter the following: <4500>free user-interface aux 1 After the command is executed, user interface AUX 1 is disconnected. When you next log in using user interface AUX 1, it opens using the default settings. header Syntax header { shell | incoming | login } text undo header { shell | incoming | login } View System view Parameter login: Login information in case of authentication.
26 CHAPTER 1: USING SYSTEM ACCESS COMMANDS If you press after typing any of the three keywords shell, login and incoming in the command, then what you type after the word header is the contents of the login information, instead of identifying header type.
Logging in Commands 27 When you log on the Switch again, the terminal displays the configured session establishment title. [4500]quit <4500>quit Please press ENTER %SHELL: The initial character "%" is the header contents. Hello! Welcome <4500> history-command max-size Syntax history-command max-size value undo history-command max-size View User interface view Parameter value: Enter the number of previously entered commands that you want the Switch to save.
28 CHAPTER 1: USING SYSTEM ACCESS COMMANDS Parameter minutes: Enter the number of minutes you want to allow a user interface to remain idle before it is disconnected. This can be in the range 0 to 35791. seconds: Enter the number of seconds in addition to the number of minutes. Optional. Description Use the idle-timeout command to configure the amount of time you want to allow a user interface to remain idle before it is disconnected.
Logging in Commands 29 Parameter None Description Use the lock command to lock the current user interface and prevent unauthorized users from accessing it. An authorized user must enter a valid password to access the interface. Example To lock the current user interface, enter the following: <4500>lock Password: xxxx Again: xxxx parity Syntax parity { even | mark | none | odd | space } undo parity View User Interface View Parameter even: Sets the Switch to even parity.
30 CHAPTER 1: USING SYSTEM ACCESS COMMANDS View VTY user interface view Parameter all: Supports both Telnet and SSH protocols. ssh: Supports only SSH protocol. telnet: Supports only Telnet protocol. Description Use the protocol inbound command to configure the protocols supported by a designated user interface. By default, the user interface supports Telnet and SSH protocol. For the related commands, see user-interface vty. Example Configure SSH protocol supported by VTY0 user interface.
Logging in Commands return 31 Syntax return View System view or higher Parameter None Description Use the return command to return to user view from any other view. Ctrl+Z performs the same function as the return command. To return to the next highest level of view, use quit. Example To return to user view from any other view (the example below shows the command entered from the system view), enter the following. <4500>system-view System View: return to User View with Ctrl+Z.
32 CHAPTER 1: USING SYSTEM ACCESS COMMANDS send Syntax send { all | number | type } View User view Parameter all: Sends a message to all user interfaces. type: Enter the type and type number of the user interface that you want to send a message to. number: Enter the absolute/relative number of the interface that you want to send a message to. Description Use the send command to send messages to other user interfaces.
Logging in Commands 33 Description Use the command service-type to configure which level of command a user can access after login. Use the command undo service-type to restore the default level of command (level 1). Commands are classified into four levels, as follows: ■ 0 - Visit level. Users at this level have access to network diagnosis tools (such as ping and tracert), and the Telnet commands. A user at this level cannot save the configuration file. ■ 1 - Monitoring level.
34 CHAPTER 1: USING SYSTEM ACCESS COMMANDS Parameter cipher: Configure to display the password in encrypted text. simple: Configure to display the password in plain text. password: If the authentication is in the simple mode, the password must be in plain text. If the authentication is in the cipher mode, the password can be either in encrypted text or in plain text.
Logging in Commands 35 When using the undo shell command, note the following points. ■ For reasons of security, the undo shell command can only be used on user interfaces other than the AUX user interface. ■ You cannot use this command on the current user interface. ■ You are asked to confirm the command. Example To disable the terminal service on the VTY user interfaces 0 to 4, enter the following from another user interface: <4500>system-view System View: return to User View with Ctrl+Z.
36 CHAPTER 1: USING SYSTEM ACCESS COMMANDS Parameter 1: Sets the stop bits to 1. 1.5: Sets the stop bits to 1.5. 2: Sets the stop bits to 2. Description Use the stopbits command to configure the stop bits on the AUX (Console) port. Use the undo stopbits command to restore the default stop bits (the default is 1). This command can only be performed in AUX user interface view.
Logging in Commands super password 37 Syntax super password [ level level ]{ simple | cipher } password undo super password [ level level ] View System View Parameter level: Enter a user level in the range 1 to 3. The default is 3. The password you enter is set for the specified level. cipher: Configure to display the password in encrypted text. simple: Configure to display the password in plain text. password: If the authentication is in the simple mode, the password must be in plain text.
38 CHAPTER 1: USING SYSTEM ACCESS COMMANDS Parameter text: Enter the host name of the Switch. The host name must be no more than 30 characters long. The default is 4500. Description Use the sysname command to configure the host name of the Switch. Use the undo sysname command to restore the host name to the default of 4500. Changing the hostname of the Ethernet switch will affect the prompt of command line interface.
Logging in Commands 39 ip_address: Enter the IP address or the host name of the remote Switch. If you enter the host name, the Switch must be set to static resolution. service_port: Designates the management port on the remote Switch, in the range 0 to 65535. Optional. Description Use the telnet command to log in to another Ethernet switch from the current switch via Telnet for remote management. To terminate the Telnet logon, press or .
40 CHAPTER 1: USING SYSTEM ACCESS COMMANDS system-view System View: return to User View with Ctrl+Z. [SW4500]user-interface 0 9 [SW4500-ui0-9] This example command selects two AUX (Console) port user interfaces and two VTY user interfaces (VTY 0, VTY 1). You can now assign access levels to these interfaces using the user privilege level command.
2 USING PORT COMMANDS This chapter describes how to use the following commands: Ethernet Port Configuration Commands ■ copy configuration ■ broadcast-suppression ■ description ■ display interface ■ display loopback-detection ■ display port ■ display unit ■ duplex ■ flow-control ■ interface ■ loopback ■ loopback-detection control enable ■ loopback-detection enable ■ loopback-detection interval-time ■ loopback-detection per-vlan enable ■ mdi ■ multicast-suppression ■ port
42 CHAPTER 2: USING PORT COMMANDS ■ debugging link-aggregation event ■ debugging lacp packet ■ debugging lacp state ■ display link-aggregation summary ■ display link-aggregation verbose ■ display link-aggregation interface ■ display lacp system-id ■ lacp enable ■ lacp port-priority ■ lacp system-priority ■ link-aggregation group agg-id description ■ link-aggregation group agg-id mode ■ port link-aggregation group ■ reset lacp statistics
Ethernet Port Configuration Commands Ethernet Port Configuration Commands copy configuration 43 This section describes the commands you can use to configure and manage the ports on your Switch 4500. Syntax copy configuration source { interface-type interface_number | interface_name | aggregation-group agg-id } destination { interface_list [ aggregation-group agg-id ] | aggregation-group agg-id } View System View Parameter interface_type: Source port type. interface_num: Source port number.
44 CHAPTER 2: USING PORT COMMANDS undo broadcast-suppression View Ethernet Port View Parameter ratio: Specifies the bandwidth ratio of broadcast traffic allowed on an Ethernet port. The ratio value ranges from 1 to 100. The incremental step is 1. By default, the ratio is 100 meaning all broadcast traffic is accepted. The smaller the ratio is, the less bandwidth is allocated to broadcast traffic and therefore less broadcast traffic is accepted on the Ethernet port.
Ethernet Port Configuration Commands 45 Parameter text: Enter a description of the Ethernet port. This can be a maximum of 80 characters. Description Use the description command to enter a description of an Ethernet port. Use the undo description command to cancel the description. By default, an Ethernet port does not have a description. Example Set the description of port Ethernet1/0/1 to be lanswitch-interface. <4500>system-view System View: return to User View with Ctrl+Z.
46 CHAPTER 2: USING PORT COMMANDS The information displays in the following format: Ethernet1/0/1 current state : UP IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc00-0010 The Maximum Transmit Unit is 1500 Media type is twisted pair, loopback not set Port hardware type is 100_BASE_TX 100Mbps-speed mode, full-duplex mode Link speed type is autonegotiation, link duplex type is autonegotiation Flow-control is not enabled The Maximum Frame Length is 1536 Broadcast MAX-ratio: 100% Allo
Ethernet Port Configuration Commands 47 Table 6 Output Description of the Display Interface Command Allow jumbo frame to pass Indicates that jumbo frame are allowed to pass through the port PVID Indicates the port default VLAN ID.
48 CHAPTER 2: USING PORT COMMANDS The details display in the following format: Port Ethernet1/0/1 loopback-detection is running system Loopback-detection is running Detection interval time is 30 seconds There is no port existing loopback link Table 7 Output Description of the Display Loopback-detection Command Field Description Port Ethernet1/0/1 loopback-detection is running display port System Loopback-detection is running System Loopback-detection is enabled Detection interval time is 30 seconds
Ethernet Port Configuration Commands 49 Description Using display unit unit-id interface command, you can view all port interfaces for the specified unit. Example Display the port information for all ports on Unit 1. <4500>display unit 1 interface Aux1/0/0 current state :DOWN Line protocol current state :DOWN Internet protocol processing : disabled Description : Aux1/0/0 Interface The Maximum Transmit Unit is 1500 Data drive mode: interactive 5 minutes input rate 0.0 bytes/sec, 0.
50 CHAPTER 2: USING PORT COMMANDS [4500-Ethernet1/0/1]duplex auto flow-control Syntax flow-control undo flow-control View Ethernet Port View Parameters None Description Use the flow-control command to enable flow control on an Ethernet port. This avoids discarding data packets due to congestion. Use the undo flow-control command to disable flow control. By default, flow control is disabled. Example To enable flow control on port “Ethernet1/0/1”, enter the following.
Ethernet Port Configuration Commands 51 Description Use the command interface interface_type interface_number to enter the interface of the specified port. If you want to configure the parameters of an Ethernet port, you must first use this command to enter the Ethernet port view. Example To enter the interface for port “Ethernet1/0/1”, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
52 CHAPTER 2: USING PORT COMMANDS Loop internal succeeded. [4500-Ethernet1/0/1] [4500-Ethernet1/0/1]loopback internal loopback-detection control enable Syntax loopback-detection control enable undo loopback-detection control enable View Ethernet Port View Parameter None Description Use the loopback-detection control enable command to enable loopback detection control function on a Trunk port or Hybrid port.
Ethernet Port Configuration Commands 53 Parameter None Description Use the loopback-detection enable command to enable port loopback detection. If there is a loopback port found, the switch will put it under control. Use the undo loopback-detection enable command to disable port loopback detection. Loopback detection of a specified port only functions after port loopback detection is enabled in the System or Ethernet port view. By default, port loopback detection is disabled.
54 CHAPTER 2: USING PORT COMMANDS [4500] loopback-detection per-vlan enable Syntax loopback-detection per-vlan enable undo loopback-detection per-vlan enable View Ethernet Port View Parameter None Description Use the loopback-detection per-vlan enable command to configure the system to perform loopback detection on all VLANs on Trunk and Hybrid ports. Use the undo loopback-detection per-vlan enable command to configure the system to only perform loopback detection on the default VLANs on the port.
Ethernet Port Configuration Commands 55 Description ■ Use the mdi command to configure the network cable type for an Ethernet port. ■ Use the undo mdi command to restore the default type. By default, the network cable type is recognized automatically (the mdi auto command). Note that this command only has effect on 10/100BASE-T and 10/100/1000BASE-T ports. The Switch 4500 only supports auto (auto-sensing). If you enter another type, an error message displays.
56 CHAPTER 2: USING PORT COMMANDS [4500-Ethernet1/0/1]multicast-suppression 20 [4500-Ethernet1/0/1] Specify the maximum packets per second of the multicast traffic on an Ethernet1/0/1 as 1000 Mpps. <4500>system-view System View: return to User View with Ctrl+Z.
Ethernet Port Configuration Commands 57 Description Use the port hybrid pvid vlan command to configure the default VLAN ID of the hybrid port. Use the undo port hybrid pvid command to restore the default VLAN ID of the hybrid port. Hybrid port can be configured together with the isolate-user-vlan. But if the default VLAN has set mapping in the isolate-user-vlan, the default VLAN ID cannot be modified. If you want to modify it, cancel the mapping first.
58 CHAPTER 2: USING PORT COMMANDS A hybrid port can belong to multiple VLANs. A port can only be added to a VLAN if the VLAN has already been created. See the vlan vlan-vid command. Related command: port link-type. Example To add the port Ethernet1/0/1 to VLAN 2, VLAN 4 and all VLANs in the range 50 to 100 as a tagged port, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
Ethernet Port Configuration Commands 59 [4500]interface ethernet 1/0/1 [4500-Ethernet1/0/1]port link-type trunk [4500-Ethernet1/0/1] port trunk permit vlan Syntax port trunk permit vlan {vlan_id_list | all} undo port trunk permit vlan {vlan_id_list| all} View Ethernet port view Parameter vlan_id: Enter a VLAN ID, or more than one VLAN ID, in the range 2 to 4094. The trunk port will be added to the specified VLANs.
60 CHAPTER 2: USING PORT COMMANDS View Ethernet Port View Parameter vlan_id: Enter a VLAN ID in the range 2 to 4094, as defined in IEEE802.1Q. This is the VLAN that you want to be the default VLAN for a trunk port. The default is 1. Description Use the port trunk pvid vlan command to configure the default VLAN ID for a trunk port. Use the undo port trunk pvid command to restore the default VLAN ID for a trunk port.
Ethernet Port Configuration Commands 61 number are specified, the information on the specified port will be cleared. After 802.1x is enabled, the port information cannot be reset. Example To reset statistical information on Ethernet1/0/1, enter the following: <4500>reset counters interface ethernet1/0/1 <4500> shutdown Syntax shutdown undo shutdown View Ethernet Port View Parameter None Description Use the shutdown command to disable an Ethernet port.
62 CHAPTER 2: USING PORT COMMANDS 1000: Enter to set the port speed to 1000 Mbps. (Only available on Gigabit ports). auto: Enter to set the port speed to auto-negotiation. Description Use the speed command to configure the port speed. Use the undo speed command to restore the default speed. By default, the speed is auto. Related command: duplex. Example To configure the port speed of port Ethernet1/0/1 to 10 Mbps, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
Ethernet Port Configuration Commands [4500-Ethernet1/0/1]unicast-suppression 20 [4500-Ethernet1/0/1] Specify the maximum packets per second of the unicast traffic on an Ethernet1/0/1 as 1000 Mpps. <4500>system-view System View: return to User View with Ctrl+Z.
64 CHAPTER 2: USING PORT COMMANDS Ethernet Port Link Aggregation Commands debugging link-aggregation error This section describes the commands you can use to configure Ethernet Port LInk Aggregation on the Switch. Syntax debugging link-aggregation error undo debugging link-aggregation error View User View Parameter None Description Use the debugging link-aggregation error command to enable link aggregation error debugging.
Ethernet Port Link Aggregation Commands 65 undo debugging lacp packet [ interface { interface_type interface_number | interface_name } [ to { interface_type interface_num | interface_name } ] ] View User View Parameter interface { interface_type interface_ num | interface_name } [ to { interface_type interface_ num | interface_name } ]: Specifies ports. You can specify multiple sequential ports with the to parameter, instead of specifying only one port.
66 CHAPTER 2: USING PORT COMMANDS interface_name: Specifies port name, in the format of interface_name = interface_type interface_num. interface_type: Specifies port type and interface_num port number. For more information, see the parameter item for the interface command. actor-churn: Debugging actor-churn state machine. mux: Debugging MUX state machine. partner-churn: Debugging partner-churn state machine. ptx: Debugging PTX state machine. rx: Debugging RX state machine.
Ethernet Port Link Aggregation Commands 67 AL AL Partner ID Select Standby Share Master ID Type Ports Ports Type Port ------------------------------------------------------------------1 D 0x8000,00e0-fcff-ff01 1 0 NonS Ethernet4/0/1 10 M none 1 0 NonS Ethernet4/0/2 20 S 0x8000,00e0-fcff-ff01 1 0 NonS Ethernet4/0/3 display link-aggregation verbose Syntax display link-aggregation verbose [ agg_id ] View Any view Parameter agg_id: Aggregation group ID, which must be a valid existing ID, in the range of 1
68 CHAPTER 2: USING PORT COMMANDS display link-aggregation interface Syntax display link-aggregation interface { interface_type interface_number | interface_name } [ to { interface_type interface-num | interface_name } ] View Any view Parameter interface { interface_type interface_ num | interface_name } [ to { interface_type interface_ num | interface_name } ]: Specifies ports. You can specify multiple sequential ports with the to parameter, instead of specifying only one port.
Ethernet Port Link Aggregation Commands 69 Local: Port-Priority: 32768, Oper key: 2, Flag: 0x3d Remote: System ID: 0x8000, 000e-84a6-fb00 Port Number: 2, Port-Priority: 32768 , Oper-key: 10, Flag: 0x3d Received LACP Packets: 8 packet(s), Illegal: 0 packet(s) Sent LACP Packets: 9 packet(s) Related command: display link-aggregation verbose.
70 CHAPTER 2: USING PORT COMMANDS Example To enable LACP at Ethernet1/0/1, enter the following: <4500>system-view System View: return to User View with Ctrl+Z. [4500]interface ethernet 1/0/1 [4500-Ethernet1/0/1]lacp enable [4500-Ethernet1/0/1] lacp port-priority Syntax lacp port-priority port-priority-value undo lacp port-priority View Ethernet Port View Parameter port-priority-value: Port priority, ranging from 0 to 65535. By default, it is 32768.
Ethernet Port Link Aggregation Commands 71 Use the undo lacp system-priority command to restore the default value. Related command: display lacp system-id. Example To set system priority as 64, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
72 CHAPTER 2: USING PORT COMMANDS manual: Manual aggregation group. static: Static aggregation group. Description Use the link-aggregation group agg_id mode command to create a manual or static aggregation group. Use the undo link-aggregation group command to delete an aggregation group. The Switch will select the lowest port number as the master port for the link aggregation. This applies to all types of link aggregation.
Ethernet Port Link Aggregation Commands 73 System View: return to User View with Ctrl+Z. [4500]link-aggregation group 22 mode manual [4500]interface ethernet 1/0/1 [4500-Ethernet1/0/1]port link-aggregation group 22 #Apr 2 03:29:48:954 2000 4500 LAGG/2/AggPortInactive:- 1 -Trap 1.3.6.1.4.1.2 011.5.25.25.2.
74 CHAPTER 2: USING PORT COMMANDS
3 USING VLAN COMMANDS This chapter describes how to use the following commands: VLAN Configuration Commands ■ description ■ display interface VLAN-interface ■ display vlan ■ interface VLAN-interface ■ shutdown ■ vlan Voice VLAN Commands ■ display voice vlan oui ■ display voice vlan status ■ voice vlan aging ■ voice vlan enable ■ voice vlan ■ voice vlan mac_address ■ voice vlan mode ■ voice vlan security enable
76 CHAPTER 3: USING VLAN COMMANDS VLAN Configuration Commands description This section describes the commands you can use to configure and manage the VLANs and VLAN interfaces on your system. Syntax description string undo description View VLAN view Parameter string: Enter a description of the current VLAN, up to a maximum of 32 characters. For a description of a VLAN interface, the maximum is 80 characters. Description Use the description command to set a description for the current VLAN.
VLAN Configuration Commands ■ VLAN interface description ■ Maximum Transmit Unit (MTU) ■ IP address and subnet mask ■ Format of the IP frames ■ MAC hardware address. 77 Use display interface vlan-interface to display information on all VLAN interfaces. Use display interface vlan-interface vlan_id to display information on a specific VLAN interface Related command: interface Vlan-interface.
78 CHAPTER 3: USING VLAN COMMANDS command display vlan vlan_id to display information on a specific VLAN. Use the command display vlan all to display information on all the VLANs. Use the command display vlan dynamic to display information on VLANs created dynamically by the system. Use the command display vlan static to display information of VLAN created statically by the system. Related command: vlan.
VLAN Configuration Commands 79 View System View Parameter vlan_id: Enter the ID of the VLAN interface you want to configure, in the range 1 to 4094. Note that VLAN1 is the default VLAN and cannot be deleted. Description Use the interface vlan-interface command to enter a VLAN interface view and use the related configuration commands. Use the undo interface vlan-interface command to exit the current VLAN interface. Related command: display interface vlan-interface.
80 CHAPTER 3: USING VLAN COMMANDS Example Add Ethernet1/0/2 through Ethernet1/0/4 to VLAN 2. <4500>system-view System View: return to User View with Ctrl+Z. [4500]vlan 2 [4500-vlan2]port ethernet1/0/2 to ethernet1/0/4 shutdown Syntax shutdown undo shutdown View VLAN Interface View Parameter None Description Use the shutdown command to disable the VLAN interface. Use the undo shutdown command to enable the VLAN interface.
Voice VLAN Configuration Commands 81 %Apr 2 00:05:28:213 2000 4500 STP/2/SPEED:- 1 -Ethernet1/0/1's speed changed ! %Apr 2 00:05:28:319 2000 4500 STP/2/PFWD:- 1 -Ethernet1/0/1 is forwarding! [4500-Vlan-interface2] vlan Syntax vlan vlan_id undo vlan vlan_id { [to vlan_id ] | all } View System View Parameter vlan_id: Enter the ID of the VLAN you want to configure, in the range 1 to 4094. all: Delete all VLANs.
82 CHAPTER 3: USING VLAN COMMANDS Description Use the display voice vlan oui command to display the OUI address supported by the current system and its relative features. Related commands: voice vlan vlan_id enable, voice vlan enable. Example To display the OUI address of Voice VLAN, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
Voice VLAN Configuration Commands voice vlan aging 83 Syntax voice vlan aging minutes undo voice vlan aging View System View Parameter minutes: The aging time of Voice VLAN, in minutes, ranging from 5 to 43200. The default value is 1440 minutes. Description Use the voice vlan aging command to set the aging time of Voice VLAN. Use the undo voice vlan aging command to set the aging time back to the default. Related commands: display voice vlan status.
84 CHAPTER 3: USING VLAN COMMANDS [4500-Ethernet1/0/2]voice vlan enable [4500-Ethernet1/0/2] voice vlan Syntax voice vlan vlan_id enable undo voice vlan enable View System View Parameter vlan_id: The VLAN ID for the Voice VLAN to be enabled, in the range of 2 to 4094. Description Use the voice vlan command to globally enable the Voice VLAN features of one VLAN. Use the undo voice vlan enable command to globally disable the Voice VLAN features of one VLAN.
Voice VLAN Configuration Commands 85 Description Use the voice vlan mac_address command to set the MAC address that the Voice VLAN can control. Use the undo voice vlan mac_address command to cancel this MAC address. Here the OUI address refers to a vendor and you need only input the first three-byte values of the MAC address. The OUI address system can learn 16 MAC addresses at most. There are four default OUI addresses after the system starts: Table 8 Default OUI Addresses No.
86 CHAPTER 3: USING VLAN COMMANDS <4500>system-view System View: return to User View with Ctrl+Z. [4500]undo voice vlan mode auto Can't change voice vlan configuration when voice vlan is running [4500]undo voice vlan enable [4500]undo voice vlan mode auto [4500] voice vlan security enable Syntax voice vlan security enable undo voice vlan security enable View System View Parameter None Description Use the voice vlan security enable command to enable the Voice VLAN security mode.
4 USING POWER OVER ETHERNET (POE) COMMANDS This chapter describes how to use the following commands: PoE Configuration Commands ■ display poe interface ■ display poe power ■ display poe powersupply ■ poe enable ■ poe legacy enable ■ poe max-power ■ poe mode ■ poe power-management ■ poe priority ■ poe update
88 CHAPTER 4: USING POWER OVER ETHERNET (POE) COMMANDS PoE Configuration Commands display poe interface This section describes the commands you can use to configure and manage the PoE on your Switch 4500 PWR. Syntax display poe interface [ interface-name | interface-type interface-num ] View Any view Parameter interface-name | interface-type interface-num: Port on the Switch. Description Use the display poe interface command to view the PoE status of a specific port or all ports on the Switch.
PoE Configuration Commands Ethernet1/0/15 Ethernet1/0/16 Ethernet1/0/17 Ethernet1/0/18 Ethernet1/0/19 Ethernet1/0/20 Ethernet1/0/21 Ethernet1/0/22 Ethernet1/0/23 Ethernet1/0/24 Ethernet1/0/25 Ethernet1/0/26 Ethernet1/0/27 Ethernet1/0/28 Ethernet1/0/29 Ethernet1/0/30 Ethernet1/0/31 Ethernet1/0/32 Ethernet1/0/33 Ethernet1/0/34 Ethernet1/0/35 Ethernet1/0/36 Ethernet1/0/37 Ethernet1/0/38 Ethernet1/0/39 Ethernet1/0/40 Ethernet1/0/41 Ethernet1/0/42 Ethernet1/0/43 Ethernet1/0/44 Ethernet1/0/45 Ethernet1/0/46 Ethe
90 CHAPTER 4: USING POWER OVER ETHERNET (POE) COMMANDS Port power :12400 mW Display the power information of all ports.
PoE Configuration Commands Description Use the display poe powersupply command to view the parameters of the power sourcing equipment (PSE). Example Display the PSE parameters.
92 CHAPTER 4: USING POWER OVER ETHERNET (POE) COMMANDS View System View Parameter None Description Use the poe legacy enable command to enable the nonstandard-PD detect function. Use the undo poe legacy enable command to disable the nonstandard-PD detect function. PDs compliant with 802.3af standards are called standard PDs. By default, the nonstandard-PD detect function is disabled. Example Enable the nonstandard-PD detect function.
PoE Configuration Commands 93 The unit of power is mW. You can set the power in the granularity of 100 mW. The actual maximum power will be 5% larger than what you have set allowing for the effect of transient peak power. Example Set the maximum power supplied by current port. [4500-Ethernet1/0/3]poe max-power 15000 Set Port max power successfully Restore the default maximum power on the current port.
94 CHAPTER 4: USING POWER OVER ETHERNET (POE) COMMANDS View System View Parameter auto: Adopt the auto mode, a PoE management mode based on port priority. manual: Adopt the manual mode. Description Use the poe power-management command to configure the PoE management mode of port used in the case of power overloading. Use the undo poe power-management command to restore the default mode. By default, the PoE management mode on port is auto. Example Configure the PoE management mode on port to auto.
PoE Configuration Commands 95 If there are too many ports with critical priority, the total power these ports need might exceed the maximum power supplied by the equipment, i.e., 300W. In this case, no new PD can be added to the switch. When the remaining power of the whole equipment is below 18.8 W, no new PD can be added to the Switch. Example Set the port priority to critical. [4500-Ethernet1/0/3]poe priority critical Set Port POE priority successfully Restore the default priority.
96 CHAPTER 4: USING POWER OVER ETHERNET (POE) COMMANDS Example Update the PSE processing software online. [4500]poe update refresh 0290_021.s19 ................................................................... .................................................................... .................................................................... .................................................................... .................................................................... ......................
5 USING NETWORK PROTOCOL COMMANDS This chapter describes how to use the following commands: IP Address Configuration Commands ■ display ip host ■ display ip interface vlan ■ ip address ■ ip host ARP Configuration Commands ■ arp check enable ■ arp static ■ arp static ■ debugging arp packet ■ display arp ■ display arp timer aging ■ reset arp DHCP Client Configuration Commands ■ debugging dhcp client ■ debugging dhcp xrn xha ■ display dhcp client ■ ip address dhcp-alloc DHCP Rel
98 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS ■ display isolate port ■ port isolate UDP Helper Configuration Commands ■ debugging udp-helper ■ display udp-helper server ■ udp-helper enable ■ udp-helper port ■ udp-helper server IP Performance Configuration Commands ■ display fib ■ display fib ip_address ■ display fib acl ■ display fib ■ display fib ip-prefix ■ display fib statistics ■ display icmp statistics ■ display ip socket ■ display ip statistics ■ display tcp statisti
IP Address Configuration Commands IP Address Configuration Commands display ip host 99 This section describes the commands you can use to configure and manage IP Addressing on your Switch 4500. Syntax display ip host View All views Parameter None Description Use the display ip host command to display all host names and their corresponding IP addresses.
100 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS Line protocol current state : DOWN Internet Address is 1.1.1.1/8 Primary Broadcast address : 1.255.255.
ARP Configuration Commands ip host 101 Syntax ip host hostname ip_address undo ip host hostname [ ip_address ] View System view Parameters hostname Enter the host name of the connecting device. This is a character string of up to 20 characters. ip_address Enter the host’s IP address. Description Use the ip host command to configure the host name and the host IP address in the Switch 4500’s host table. This allows you to ping or Telnet a local device by host name.
102 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS MAC address. Use the undo arp check enable command to disable the checking of ARP entry so the device learns the ARP entry where the MAC address is a multicast MAC address. By default, the checking of ARP entry is enabled and the device does not learn the ARP entry where the MAC address is a multicast MAC address. Example Configure that the device learns the ARP entry where the MAC address is multicast MAC address.
ARP Configuration Commands 103 By default, the ARP mapping table is empty, and the Switch uses dynamic ARP to maintain its address mapping. Related commands: reset arp, display arp, debugging arp. Example To associate the IP address 202.38.10.2 with the MAC address 00e0-fc01-0000, and the ARP mapping entry to Ethernet1/0/1 on VLAN1, enter the following: <4500>system-view System View: return to User View with Ctrl+Z. [4500]arp static 202.38.0.
104 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS Example To establish a mapping between IP address 129.102.0.1 and MAC address 00e0-fc01-0000, and to send frames to this address through VLAN 1, Ethernet port 1/0/1, enter the following: <4500>system-view System View: return to User View with Ctrl+Z. [4500]arp static 202.38.0.
ARP Configuration Commands 105 Description Use the debugging arp command to enable ARP debugging. Use the undo debugging arp command to disable the corresponding ARP debugging. By default, undo ARP debugging is enabled. For the related commands, see arp static and display arp. Example To enable ARP packet debugging, enter the following: <4500>debugging arp packet *0.771346-ARP-8-S1-arp_send:Send an ARP Packet, operation : 1, sender_eth_addr : 00e0-fc00-3500,sender_ip_addr : 10.110.91.
106 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS include: Enter to display only the ARP entries that contain the specified character string "text". exclude: Enter to display only the ARP entries that do not contain the specified character string "text". text Enter a character string. The ARP entries that contain this character string are displayed. Description Use the display arp command to display the ARP mapping table entries by entry type, or by a specified IP address.
ARP Configuration Commands 107 System View: return to User View with Ctrl+Z. [4500] display arp timer aging The information displays in the following format: Current ARP aging time is 20 minute(s) (default) [4500] reset arp Syntax reset arp [ dynamic | static | interface { interface_type interface_num | interface_name } ] View User view Parameters dynamic Enter to clear the dynamic ARP mapping entries. Note that dynamic ARP entries start re-learning immediately.
108 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS DHCP Client Configuration Commands debugging dhcp client This section describes the commands you can use to configure and manage the Dynamic Host Configuration Protocol (DHCP) Client operations on your Switch 4500. Syntax debugging dhcp client { all | error | event | packet } undo debugging dhcp client { all | error | event | packet } View User view Parameters all Enter to enable all DHCP client debugging.
DHCP Client Configuration Commands 109 Use the undo debugging dhcp xrn xha command to disable DHCP client hot backup debugging. By default, DHCP client hot backup debugging is disabled. Example To enable DHCP client hot backup debugging, enter the following: <4500>debugging dhcp xrn xha display dhcp client Syntax display dhcp client [ verbose ] View Any view Parameter verbose Enter to display detailed information about address allocation at DHCP client.
110 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS Parameter None Description Use the ip address dhcp-alloc command to configure VLAN interface to obtain IP address using DHCP. Use the undo ip address dhcp-alloc command to remove the configuration. By default, the VLAN interface does not obtain an IP address using DHCP. Example To configure VLAN interface to obtain IP address using DHCP, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
DHCP Relay Configuration Commands 111 Type: dhcp-request ClientHardAddress: 0010-dc19-695d ServerIpAddress: 192.168.1.2 *0.7200230-DHCP-8-dhcp_debug: From server to client: Interface: VLAN-Interface 1 ServerGroupNo: 0 Type: dhcp-ack ClientHardAddress: 0010-dc19-695d AllocatedIpAddress: 10.1.1.1 *0.7200580-DHCP-8-largehop: Discard DHCP request packet because of too large hop count! *0.
112 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS dhcp-server ip Syntax dhcp-server groupNo ip ipaddress1 [ ipaddress2 ] undo dhcp-server groupNo View System View Parameters groupNo Enter the DHCP server group number, in the range 0 to 19. ip_address1 Enter the IP address of the primary Server in the group. ip_address2 Enter the IP address of the secondary Server in the group. Optional. Description Use the dhcp-server ip command to configure the IP address of the DHCP Server used by the DHCP Server group.
DHCP Relay Configuration Commands 113 Related commands: dhcp-server ip, dhcp-server, display dhcp-server interface vlan-interface, debugging dhcp-relay. Example To view information on DHCP Server group 0, enter the following: <4500>display dhcp-server 0 The information displays in the following format: The first IP address of DHCP Server group 0: 1.1.1.1 The second IP address of DHCP Server group 0: 1.1.1.
114 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS The information shown above indicates that vlan-interface 2 is configured with a DHCP Server group whose ID is 0. Access Management Configuration Commands am enable This section describes the commands you can use to configure and manage the Access Management Configuration operations on your Switch 4500. Syntax am enable undo am enable View System View Parameter none Description Use the am enable command to enable the access management function.
Access Management Configuration Commands 115 address-list Enter IP address list in the start_ip_address [ip_address_num ] & < 1-10 > format. start_ip_address Is the start address of an IP address range in the pool. ip_address_num: Specifies how many IP addresses following start_ip_address in the range. &< 1-10 > means you can specify ten IP address ranges at most. Description Use the am ip-pool command to configure the IP address pool for access management on a port.
116 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS By default, the access management trap is disabled. Example To enable the access management trap, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
Access Management Configuration Commands 117 Table 11 Output Description of the display am Command Field Description Status AM state on the port: enabled or disabled IP Pools IP pools. NULL represents no configuration. Each IP address section is represented in X.X.X.X (number), of these, "X.X.X.X" represents the first address, and "number" represents that "number" consecutive IP addresses from the beginning of this address are within the IP pools Isolate Ports Isolate ports.
118 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS other ports of this group, that is, Layer 2 forwarding between the isolated ports is not available. Use the undo port isolate command to remove a port from an isolation group. By default, a port is not in an isolation group, namely Layer 2 forwarding is achievable between this port and other ports. Example To add Ethernet1/0/1 and Ethernet1/0/2 to isolation group, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
UDP Helper Configuration Commands display udp-helper server 119 Syntax display udp-helper server [ interface vlan-interface vlan_id ] View Any view Parameter vlan_id VLAN interface ID. Description Use the display udp-helper server command to view the information of destination Helper server corresponding to the VLAN interface.
120 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS View System view Parameters port Enter the ID of the UDP port with relay function to be enabled, in the range of 1 to 65535. dns Domain name service, corresponding to UDP port 53. netbios-ds NetBios datagram service, corresponding to UDP port 138. netbios-ns NetBios name service, corresponding to UDP port 137. tacacs TAC access control system, corresponding to UDP port 49. tftp Trivial file transfer protocol, corresponding to UDP port 69.
IP Performance Configuration Commands 121 Related command: display udp-helper server. Example To configure the relay destination server with IP address 192.1.1.2, enter the following: <4500>system-view System View: return to User View with Ctrl+Z. [4500]interface vlan-interface 1 [4500-Vlan-interface1]udp-helper server 192.1.1.
122 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS display fib ip_address Syntax display fib ip_address1 [ { mask1 | mask-length1 } [ ip_address2 { mask2 | mask-length2 } | longer ] | longer ] View Any view Parameters ip_address1, ip_address2 Enter destination IP address, in dotted decimal format. ip_address1 and ip_address2 jointly define the address range. The FIB entries in this address range will be displayed.
IP Performance Configuration Commands 123 Description Use the display fib acl command to view the FIB entries matching a specific ACL. Example To display the FIB entries matching ACL 2000, enter the following: <4500>display fib acl 2000 Route entry matched by access-list 2000: Summary counts: 1 Destination/Mask Nexthop Flag TimeStamp 127.0.0.0/8 127.0.0.
124 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS Description Use the display fib ip-prefix command to view the FIB entries matching the specific prefix list. Example To display the FIB entries matching prefix list abc0, enter the following: <4500>display fib ip-prefix abc0 Route Entry matched by prefix-list abc0: Summary count: 3 Destination/Mask Nexthop Flag TimeStamp 127.0.0.0/8 127.0.0.1 U t[0] 127.0.0.1/32 127.0.0.1 U t[0] 169.0.0.0/8 2.1.1.
IP Performance Configuration Commands 125 Description Use the display icmp statistics command to view the statistics information about ICMP packets. Related commands: display ip interface vlan-interface, reset ip statistics.
126 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS task-id Enter the ID of a task, with the value ranging from 1 to 100. socket-id Enter the ID of a socket, with the value ranging from 0 to 3072. Description Use the display ip socket command to display the information about the sockets in the current system. Example To display the information about the socket of TCP type, enter the following: <4500>display ip socket socktype 1 SOCK_STREAM: Task = VTYD(18), socketid = 1, Proto = 6, LA = 0.0.0.0:23, FA = 0.0.
IP Performance Configuration Commands 127 View Any view Parameter none Description Use the display ip statistics command to view the statistics information about IP packets. Related commands: display ip interface, reset ip statistics.
128 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS display tcp statistics Syntax display tcp statistics View Any view Parameter none Description Use the display tcp statistics command to view the statistics information about TCP packets. The statistics information about TCP packets are divided into two major kinds which are Received packets and Sent packets.
IP Performance Configuration Commands 129 Closed connections: 0 (dropped: 0, initiated dropped: 0) Packets dropped with MD5 authentication: 0 Packets permitted with MD5 authentication: 0 display tcp status Syntax display tcp status View Any view Parameter none Description Use the display tcp status command to view the TCP connection state. Example To display the state of all TCP connections, enter the following: <4500>display tcp status TCPCB Local Add:port 03e37dc4 0.0.0.0:4001 04217174 100.0.0.
130 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS Received packet: Total:0 checksum error:0 shorter than header:0, data length larger than packet:0 no socket on port:0 broadcast:0 not delivered, input socket full:0 input packets missing pcb cache:0 Sent packet: Total:0 reset ip statistics Syntax reset ip statistics View User view Parameter none Description Use the reset ip statistics command to clear the IP statistics information.
IP Performance Configuration Commands reset udp statistics 131 Syntax reset udp statistics View User view Parameter None Description Use the reset udp statistics command to clear the UDP statistics information.
132 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS undo tcp timer syn-timeout View System View Parameter time-value Enter the TCP synwait timer value measured in second, whose value ranges from 2 to 600. The default time-value is 75 seconds. Description Use the tcp timer syn-timeout command to configure the TCP synwait timer. Use the undo tcp timer syn-timeout command to restore the default value of the timer. TCP will enable the synwait timer, if a SYN packet is sent.
IP Performance Configuration Commands <4500>system-view System View: return to User View with Ctrl+Z.
134 CHAPTER 5: USING NETWORK PROTOCOL COMMANDS
6 USING ROUTING PROTOCOL COMMANDS This chapter describes how to use the following commands: Routing Table Display Commands ■ display ip routing-table ■ display ip routing-table acl ■ display ip routing-table ip_address ■ display ip routing-table ip_address1 ip_address2 ■ display ip routing-table ip-prefix ■ display ip routing-table protocol ■ display ip routing-table radix ■ display ip routing-table statistics ■ display ip routing-table verbose Static Route Configuration Command ■ delet
136 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS ■ rip metricin ■ rip metricout ■ rip output ■ rip split-horizon ■ rip version ■ rip work ■ summary ■ timers IP Routing Policy Commands Routing Table Display Commands ■ apply cost ■ display ip ip-prefix ■ display route-policy ■ if-match { acl | ip-prefix } ■ if-match cost ■ if-match interface ■ if-match ip next-hop ■ ip ip-prefix ■ route-policy This section describes the commands you can use to display routing table informat
Routing Table Display Commands 137 Only the currently used route, that is the best route, is displayed. Example To view a summary of routing table information, enter the following: <4500>display ip routing-table The information displays in the following format: Routing Table: public net Destination/Mask Proto Pre Cost 1.1.1.0/24 DIRECT 0 0 1.1.1.1/32 DIRECT 0 0 2.2.2.0/24 DIRECT 0 0 2.2.2.1/32 DIRECT 0 0 3.3.3.0/24 DIRECT 0 0 3.3.3.1/32 DIRECT 0 0 4.4.4.0/24 DIRECT 0 0 4.4.4.1/32 DIRECT 0 0 127.0.0.
138 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS Example To display a summary of the active routes filtered through basic ACL 2000, enter the following: <4500>system-view System View: return to User View with Ctrl+Z. [4500]acl number 2000 [4500-acl-basic-2000]rule permit source 10.1.1.1 0.0.0.
Routing Table Display Commands Table 18 139 Output Description of the ip routing-table acl verbose Command Field Description Interface Output interface, through which the data packet destined for the destination network is sent Vlinkindex Virtual link index State Route state description: ActiveU — The route is selected and is optimum Blackhole — Blackhole route is similar to Reject route, but it will not send the ICMP unreachable message to the source end Delete — The route is deleted Gateway — I
140 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS View All views Parameters ip_address Enter the destination IP address. mask Enter either the IP subnet mask (in x.x.x.x format), or the subnet mask length (in the range 0 to 32). Optional. longer-match Enter to display an address route that matches the destination IP address in natural mask range. Optional. verbose Enter to display verbose information about both active and inactive routes.
Routing Table Display Commands 141 Protocol: #Static Preference: 60 *NextHop: 2.1.1.1 Interface: 2.1.1.1(LoopBack1) Vlinkindex: 0 State: Age: 4:479 Cost: 0/0 Tag: 0 For detailed description of output information, refer to Table 18.
142 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS View All views Parameter ip_prefix_name Enter the ip prefix list name. verbose Enter to display verbose information about both the active and inactive routes that passed filtering rules. Without this parameter, this command displays the summary of active routes that passed filtering rules. Description Use the command display ip routing-table ip-prefix to view information on the routes that passed filtering rules for the specified IP prefix name.
Routing Table Display Commands 143 For detailed information of the output information, refer to Table 18. display ip routing-table protocol Syntax display ip routing-table protocol protocol [ inactive | verbose ] View All views Parameters protocol Enter one of the following: ■ direct Displays the direct connection route information ■ static Displays the static route information. ■ ospf Displays OSPF route information. ■ ospf-ase Displays OSPF ASE route information.
144 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS The information displays in the following format: STATIC Routing tables: Summary count: 1 STATIC Routing tables status:: Summary count: 0 STATIC Routing tables status:: Summary count: 1 Destination/Mask Protocol Pre Cost Nexthop 1.2.3.0/24 STATIC 60 0 1.2.4.5 Interface Vlan-interface2 The displayed information helps you to confirm whether the configuration of the static routing is correct.
Routing Table Display Commands 145 View All views Parameter None Description Use the display ip routing-table statistics command to display the routing information for all protocols. The information includes the number of routes per protocol, the number of active routes per protocol, the number of routes added and deleted per protocol, and the number of routes that are labeled deleted but that are not deleted per protocol. The total number of routes in each of these categories is also displayed.
146 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS The information displayed includes the route state, the verbose description of each route and the statistics of the entire routing table. All current routes, including inactive routes and invalid routes, are displayed.
Static Route Configuration Command delete static-routes all 147 Syntax delete static-routes all View System View Parameter None Description Use the delete static-routes all command to delete all the static routes. The system requests your confirmation before it deletes all the configured static routes. Related commands: ip route-static and display ip routing-table. Example Delete all the static routes in the router. <4500>system-view System View: return to User View with Ctrl+Z.
148 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS preference_value Enter the preference level of the route in the range 1 to 255. The default preference is 60. reject Enter to indicate an unreachable route. blackhole Enter to indicate a blackhole route. Description Use the ip route-static command to configure a static route. Use the undo ip route-static command to delete the configured static route. By default, the system can access the subnet route directly connected to the router.
RIP Configuration Commands 149 Example To configure the next hop of the default route as 129.102.0.2, enter the following: <4500>system-view System View: return to User View with Ctrl+Z. [4500]ip route-static 0.0.0.0 0.0.0.0 129.102.0.2 RIP Configuration Commands This section describes the commands you can use to configure the Routing Information Protocol (RIP). When the Switch 4500 runs a routing protocol, it is able to perform the functions of a router.
150 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS undo default cost View RIP view Parameter value Enter the default routing cost, in the range 1 to 16. The default is 1. Description Use the default cost command to set the default routing cost of an imported route. Use the undo default cost command to restore the default value. If you do not specify a routing cost when using the import-route command, the default cost you specify here is used. Related command: import-route.
RIP Configuration Commands 151 Garbage-collection timer : 120 No peer router Network : 202.38.168.
152 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS Description Use the filter-policy export command to configure RIP to filter the advertised routing information. Use the undo filter-policy export command to configure RIP not to filter the advertised routing information. This is the default. Related commands: acl, filter-policy import, ip ip-prefix. Example To filter the advertised route information using ACL 2000, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
RIP Configuration Commands 153 Use the filter-policy import command to configure the switch to filter global routing information. Use the undo filter-policy import command to disable filtering of received global routing information. By default, RIP does not filter the received routing information. Related commands: acl, filter-policy export, ip ip-prefix.
154 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS Parameters protocol Enter the routing protocol to be imported. This can be one of the following: direct or static. value Enter the cost value of the route to be imported. route-policy route_policy_name Enter a route-policy name. Only routes that match the conditions of the specified policy are imported. Description Use the import-route command to import the routes of other protocols into RIP.
RIP Configuration Commands 155 Use the undo network command to disable RIP on the interface. By default, RIP is disabled on an interface. After you have enabled RIP, you must also enable RIP for a specified interface using this command. RIP only operates on the interface of specified network segments. The undo network command is similar to the undo rip work command in the VLAN Interface View, in that an interface using either command will result in the interface not receiving/transmitting RIP routes.
156 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS System View: return to User View with Ctrl+Z. [4500]rip [4500-rip]peer 202.38.165.1 preference Syntax preference value undo preference View RIP view Parameter value Enter the preference level, in the range 1 to 255. By default, the value is 100. Description Use the preference command to configure the route preference of RIP. Use the undo preference command to restore the default preference.
RIP Configuration Commands 157 [4500]rip [4500-rip]reset rip Syntax rip undo rip View System view Parameter None Description Use the rip command to enable RIP and enter the RIP command view. From here, you can configure RIP using the other commands described in this section. Use the undo rip command to disable RIP. By default, RIP is disabled. Enabling RIP does not affect interface configurations.
158 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS current-configuration command is executed. Inputting the MD5 key in cipher text form with 24 characters long is also supported. nonstandard: Enter to set the MD5 cipher text authentication packet to use a packet format (as described in RFC2082). key-id Enter an MD5 cipher text authentication identifier, ranging from 1 to 255.
RIP Configuration Commands 159 To set MD5 authentication on Vlan-interface 1 with the key string set to “aaa” and the packet type set to usual, enter the following: [4500]interface Vlan-interface 1 [4500-Vlan-interface1]rip version 2 [4500-Vlan-interface1]rip authentication-mode md5 usual aaa rip input Syntax rip input undo rip input View Interface View Parameter None Description Use the rip input command to allow an interface to receive RIP packets.
160 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS Description Use the rip metricin command to configure an additional route metric to be added to the route when an interface receives RIP packets. Use the undo rip metricin command to restore the default value of this additional route metric. Related command: rip metricout.
RIP Configuration Commands 161 View Interface View Parameter None Description Use the rip output command to allow an interface to transmit RIP packets. Use the undo rip output command to disable an interface from transmitting RIP packets. By default, all interfaces except loopback interfaces are able to transmit RIP packets. This command is used in conjunction with two other commands: rip input and rip work.
162 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS Example To set the interface Vlan-interface 1 not to use split horizon when processing RIP packets, enter the following: <4500>system-view System View: return to User View with Ctrl+Z. [4500]interface Vlan-interface 1 [4500-Vlan-interface1]undo rip split-horizon rip version Syntax rip version 1 rip version 2 [ broadcast | multicast ] undo rip version View Interface View Parameters 1 Enter to set the interface version to RIP-1.
RIP Configuration Commands 163 [4500-Vlan-interface1]rip version 2 broadcast rip work Syntax rip work undo rip work View Interface View Parameter None Description Use the rip work command to enable the RIP on an interface. This is the default. Use the undo rip work command to disable RIP on an interface. This command is used in conjunction with the rip input, rip output and network commands. Refer to the descriptions of these commands for details. Related commands: network, rip input, rip output.
164 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS summarization all the time. If RIP-2 is used, route summarization function can be disabled with the undo summary command, when it is necessary to broadcast the subnet route. Related command: rip version Example To set the RIP version on the interface Vlan-interface 1 to RIP-2, and then disable the route aggregation, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
RIP Configuration Commands 165 Example Set the values of the Period Update timer and the Timeout timer of RIP to 10 seconds and 30 seconds respectively. <4500>system-view System View: return to User View with Ctrl+Z.
166 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS IP Routing Policy Configuration Commands This section describes the commands you can use to configure IP Routing Policy. These commands operate across all routing protocols. When the Switch 4500 runs a routing protocol, it is able to perform the functions of a router. The term router in this section can refer either to a physical router or to the Switch 4500 running a routing protocol.
IP Routing Policy Configuration Commands 167 Example Display the information of the address prefix list named to p1. <4500>display ip ip-prefix p1 name index conditions ip-prefix / mask p1 10 permit 10.1.0.
168 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS if-match { acl | ip-prefix } Syntax if-match { acl acl_number | ip-prefix ip_prefix_name } undo if-match [ acl | ip-prefix ] View Route policy view Parameter acl_number Enter the number of the access control list used for filtration ip_prefix_name Enter the prefix address list used for filtration Description Use the if-match { acl | ip-prefix } command to configure the IP address range to match the Route-policy.
IP Routing Policy Configuration Commands 169 By default, no match sub-statement is defined. Related commands: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match tag, route-policy, apply ip next-hop, apply local-preference, apply cost, apply origin and apply tag. Example A match sub-statement is defined, which allows the routing information with routing cost 8 to pass this match sub-statement. <4500>system-view System View: return to User View with Ctrl+Z.
170 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS if-match ip next-hop Syntax if-match ip next-hop { acl acl_number | ip-prefix ip_prefix_name } undo if-match ip next-hop [ ip-prefix ] View Route policy view Parameter acl_number Enter the number of the access control list used for filtration. The range is 1 to 99. ip_prefix_name Enter the name of the prefix address list used for filtration.
IP Routing Policy Configuration Commands 171 index_number Identify an item in the prefix address list. The item with smaller index-number will be tested first. permit Enter to specify the match mode of the defined address prefix list items as permit mode. deny Enter to specify the match mode of the defined address prefix list items as deny mode. network Enter the IP address prefix range (IP address). If it is 0.0.0.0 0, all the IP addresses are matched.
172 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS route-policy Syntax route-policy route_policy_name { permit | deny } node { node_number } undo route-policy route_policy_name [ permit | deny | node node_number ] View System view Parameter route_policy_name Enter the Route-policy name to identify one Route-policy uniquely. permit Enter to specify the match mode of the defined Route-policy node as permit mode. deny Enter to specify the match mode of the defined Route-policy node as deny mode.
IP Routing Policy Configuration Commands [4500-route-policy] 173
174 CHAPTER 6: USING ROUTING PROTOCOL COMMANDS
7 USING MULTICAST PROTOCOL COMMANDS This chapter describes how to use the following commands: IGMP Snooping Configuration Commands ■ display igmp-snooping configuration ■ display igmp-snooping group ■ display igmp-snooping statistics ■ igmp-snooping ■ igmp-snooping host-aging-time ■ igmp-snooping max-response-time ■ igmp-snooping router-aging-time ■ reset igmp-snooping statistics
176 CHAPTER 7: USING MULTICAST PROTOCOL COMMANDS IGMP Snooping Configuration Commands display igmp-snooping configuration This section describes how to use the Internet Group Management Protocol (IGMP) configuration commands on your Switch 4500. Syntax display igmp-snooping configuration View All views Parameter None Description Use the display igmp-snooping configuration command to view the IGMP Snooping configuration information.
IGMP Snooping Configuration Commands 177 This command displays the IP multicast group and MAC multicast group information of a VLAN or all the VLAN where the Ethernet Switch is located. It displays the information such as VLAN ID, router port, IP multicast group address, member ports in the IP multicast group, MAC multicast group, MAC multicast group address, and the member ports in the MAC multicast group. Example Display the multicast group information about VLAN2.
178 CHAPTER 7: USING MULTICAST PROTOCOL COMMANDS <4500>display igmp-snooping statistics Received IGMP general query packet(s) number:0. Received IGMP specific query packet(s) number:0. Received IGMP V1 report packet(s) number:0. Received IGMP V2 report packet(s) number:0. Received IGMP leave packet(s) number:0. Received error IGMP packet(s) number:0. Sent IGMP specific query packet(s) number:0.
IGMP Snooping Configuration Commands 179 Parameter seconds: Specifies the port aging time of the multicast group member, ranging from 200 to 1000 and measured in seconds. The default is 260. Description Use the igmp-snooping host-aging-time command to configure the port aging time of the multicast group members. Use the undo igmp-snooping host-aging-time command to restore the default value. This command sets the aging time of the multicast group member so that the refresh frequency can be controlled.
180 CHAPTER 7: USING MULTICAST PROTOCOL COMMANDS [4500]igmp-snooping max-response-time 20 igmp-snooping router-aging-time Syntax igmp-snooping router-aging-time seconds undo igmp-snooping router-aging-time View System View Parameter seconds: Specifies the router port aging time, ranging from 1 to 1000 measured in seconds. The default is 105. Description Use the igmp-snooping router-aging-time command to configure the router port aging time of IGMP Snooping.
IGMP Snooping Configuration Commands <4500>reset igmp-snooping statistics 181
182 CHAPTER 7: USING MULTICAST PROTOCOL COMMANDS
8 USING QOS/ACL COMMANDS This chapter describes how to use the following commands: ACL Commands List ■ acl ■ display acl ■ display packet-filter ■ packet-filter ■ reset acl counter ■ rule QoS Configuration Commands List ■ display mirror ■ display qos cos-local-precedence- map ■ display qos-interface all ■ display qos-interface line-rate ■ display qos-interface mirrored-to ■ display qos-interface traffic-limit ■ line-rate ■ mirrored-to ■ mirroring-port ■ monitor-port ■ prio
184 CHAPTER 8: USING QOS/ACL COMMANDS ACL Commands List This section describes how to use the ACL configuration commands on your Switch 4500. acl Syntax acl acl-number1 { inbound | outbound } undo acl acl-number1 { inbound | outbound } acl acl-number2 inbound undo acl acl-number2 inbound View User interface view Parameter acl-number1: Number of number-based basic and advanced ACLs, in the range of 2,000 to 3,999. acl-number2: Number of number-based L2 ACLs, in the range of 4,000 to 4,999.
ACL Commands List 185 [4500] user-interface vty 0 4 [4500-user-interface-vty0-4] acl 2000 inbound display acl Syntax display acl { all | acl-number } View All views Parameter all: Displays all ACLs. acl-number: Specifies the sequence number of the ACL to be displayed. It can be a number chosen from 2000 to 5999.
186 CHAPTER 8: USING QOS/ACL COMMANDS Example To display the information of the activated ACL of all interfaces, enter the following: <4500>display packet-filter unitid 1 packet-filter Syntax packet-filter { inbound | outbound } { user-group acl-number [ rule rule ] | ip-group acl-number [ rule rule [ link-group acl-number rule rule ] ] | link-group acl-number [ rule rule ] } undo packet-filter { inbound | outbound } { user-group acl-number [ rule rule ] | ip-group acl-number [ rule rule [ link-group ac
ACL Commands List reset acl counter 187 Syntax reset acl counter { all | acl-number } View User View Parameter all: All ACLs. acl-number: Specifies the sequence number of an ACL. Description Use the reset acl counters command to reset the ACL statistics information to zero. Example Clear the statistics information of ACL 2000.
188 CHAPTER 8: USING QOS/ACL COMMANDS undo rule rule-id View Corresponding ACL View Parameter rule-id: Specifies the subitems of an ACL, ranging from 0 to 65534. permit: Permits packets that meet the requirements. deny: Denies packets that meet the requirements. The following parameters are various property parameters carried by packets. The ACL sets rules according to this parameter.
ACL Commands List 189 a number which ranges from 0 to 255; code represents ICMP code, which appears when the protocol is “icmp” and the type of packet is not notated by a character, ranging from 0 to 255. established: Means that it is only effective to the first SYN packet established by TCP, appears when protocol is TCP. precedence precedence: IP precedence, can be a name or a number ranging from 0 to 7. tos tos: ToS (Type of Service) value, can be a name or a number ranging from 0 to 15.
190 CHAPTER 8: USING QOS/ACL COMMANDS You can define several subrules for an ACL. If you include parameters when using the undo rule command, the system only deletes the corresponding content of the subrule. For related configurations, refer to command acl. Example Add a subrule to an advanced ACL: <4500>system-view System View: return to User View with Ctrl+Z [4500]acl number 3000 [4500-acl-adv-3000]rule 1 permit tcp established source 1.1.1.1 0 destination 2.2.2.
QoS Configuration Commands List 191 Related commands: mirroring-port, monitor-port. Example To display the port mirroring configuration, enter the following: <4500>system-view System View: return to User View with Ctrl+Z [4500] display mirror display qos cos-local-precedencemap Syntax display qos cos-local-precedence-map View All views Parameter None Description Use the display qos cos-local-precedence-map command to view COS and Local-precedence map. Example Display COS and Local-precedence map.
192 CHAPTER 8: USING QOS/ACL COMMANDS QoS setting information of the specified interfaces, including traffic policing, rate limit at interfaces, and so on. Example Display all the configurations of QoS parameters for unit 1.
QoS Configuration Commands List 193 Description Use the display qos-interface mirrored-to command to view the settings of the traffic mirror. This command is used for displaying the settings of traffic mirror. The information displayed includes the ACL of traffic to be mirrored and the observing port. Related command: mirrored-to.
194 CHAPTER 8: USING QOS/ACL COMMANDS View Ethernet Port View Parameter target-rate: The total limited rate of the packets sent by interfaces. Unit in Kbps. The number input must be a multiple of 64. For 100 Mbps port, the range is from 64 to 99968; for 1000 Mbps port, the range is from 64 to 1000000. Description Use the line-rate command, to limit the total rate of the packets received or delivered by interfaces. Use the undo line-rate command, to cancel the configuration of limit rate at interfaces.
QoS Configuration Commands List 195 rule rule: Specifies the subitem of an active ACL, ranging from 0 to 65534; if not specified, all subitems of the ACL will be activated. If only IP ACL or Layer 2 ACL is activated, this parameter can be omitted. If both IP and Layer 2 ACL are activated at the same time, the rule parameter cannot be omitted. cpu: Specifies the traffic will be mirror to CPU monitor-interface: Specifies that the destination port is the monitor port.
196 CHAPTER 8: USING QOS/ACL COMMANDS the Fabric. You need to configure the monitor port before configuring the monitored port. Related command: display mirror.
QoS Configuration Commands List 197 Parameter priority-level: Specifies the priority level of the port, ranging from 0 to 7. Description Use the priority command to configure the priority of Ethernet port. Use the undo priority command to restore the default port priority. By default, the priority level of the port is 0. The Switch replaces the 802.1p priority carried by a packet with the port priority that is defined. Every port on the Switch supports eight packet egress queues.
198 CHAPTER 8: USING QOS/ACL COMMANDS System View: return to User View with Ctrl+Z [4500]interface Ethernet 1/0/1 [4500-Ethernet1/0/1]priority trust [4500-Ethernet1/0/1] qos cos-local-precedence -map Syntax qos cos-local-precedence-map cos0-map-local-prec cos1-map-local-prec cos2-map-local-prec cos3-map-local-prec cos4-map-local-prec cos5-map-local-prec cos6-map-local-prec cos7-map-local-prec undo qos cos-local-precedence-map View System View Parameter cos0-map-local-prec: CoS 0 -> Local precedence (qu
QoS Configuration Commands List Cos and Local Precedence Value Local Precedence Queue 3 3 4 4 5 5 6 6 7 7 199 Example Configure CoS and Local Precedence table. <4500>system-view System View: return to User View with Ctrl+Z [4500]qos cos-local-precedence-map 0 1 2 3 4 5 6 7 [4500] The following is the configured "CoS Local-precedence” mapping table.
200 CHAPTER 8: USING QOS/ACL COMMANDS link-group acl-number: Activates Layer 2 ACLs. acl-number: Sequence number of ACL, ranging from 4000 to 4999. rule rule: Specifies the subitem of an active ACL, ranging from 0 to 65534; if not specified, all subitems of the ACL will be activated. If only an IP ACL or a Layer 2 ACL is activated, this parameter can be omitted. If both IP and Layer 2 ACLs are activated at the same time, the rule parameter cannot be omitted.
Logon User’s ACL Control Command 201 qstart: Start random discarding queue length, if the queue is shorter than the value, no packet will be dropped. Ranging from 1 to 128. The value must be a multiple of 16 KBytes. probability: discarding probability. Description Use the wred command to configure WRED parameters. WRED (Weighted Random Early Detection) is a queuing feature used in a network to mitigate the effects of queue congestion. Use the undo wred command to restore the default settings.
202 CHAPTER 8: USING QOS/ACL COMMANDS Example Perform ACL control to the users who access the local Switch using TELNET (basic ACL 2000 has been defined). <4500>system-view System View: return to User View with Ctrl+Z [4500]user-interface vty 0 4 [4500-ui-vty0-4]acl 2000 inbound [4500-ui-vty0-4] ip http acl Syntax ip http acl acl-number undo ip http acl View User Interface View Parameter acl-number: Specifies a basic ACL with a number in the range of 2000 to 2999.
Logon User’s ACL Control Command 203 write: Indicates that this community name has the read-write right within the specified view. community-name: Character string of the community name. mib-view: Set the MIB view name which can be accessed by the community name. view-name: MIB view name.
204 CHAPTER 8: USING QOS/ACL COMMANDS groupname: Group name, ranging from 1 to 32 bytes. authentication: If this parameter is added to configuration command, the system will authenticate but not encrypt SNMP data packets. privacy: Authenticates and encrypts the packets. read-view: Sets read-only view. read-view: Read-only view name, ranging from 1 to 32 bytes. write-view: Sets read-write view. write-view: Read-write view name, ranging from 1 to 32 bytes. notify-view: Sets notify view.
Logon User’s ACL Control Command 205 Parameter v1: V 1 security mode. v2c: V 2 security mode. v3: V 3 security mode. user-name: The user name, ranging from 1 to 32 bytes. group-name: The corresponding group name of the user, ranging from 1 to 32 bytes. authentication-mode: Specifies the security level to "to be authenticated" md5: Specifies the authentication protocol as HMAC-MD5-96. sha: Specifies the authentication protocol as HMAC-SHA-96.
206 CHAPTER 8: USING QOS/ACL COMMANDS [4500] snmp-agent usm-user v3 John Mygroup authentication-mode md5 hello acl 2002
9 USING STACK COMMANDS This chapter describes how to use the following commands: Stack Configuration Commands Stack Commands change self-unit ■ change self-unit ■ change unit-id ■ display ftm ■ display xrn-fabric ■ fabric save-unit-id ■ fabric-port enable ■ ftm stacking-vlan ■ xrn-fabric authentication-mode ■ set unit name ■ sysname This section describes how to use the stack configuration commands on your Switch 4500.
208 CHAPTER 9: USING STACK COMMANDS change unit-id Syntax change unit-id to < 1-8 >{ < 1-8 > | auto-numbering } View System View Parameter < 1-8 >: Unit ID of the unit in a stack. auto-numbering: Change the unit ID automatically. Description Use the change unit-id command to change the unit ID of a Switch in the stack. By default, the unit ID of a Switch is set to 1. A unit ID can be set to a value in the range from 1 to the maximum number of devices supported in the stack.
Stack Commands 2 3 6 5 4 7 8 display ftm 00e0-fc03-5502 00e0-fc04-5502 00e0-fc05-5502 00e0-fc06-5502 00e0-fc07-5502 00e0-fc04-6502 00e0-fc01-5502 10 10 10 10 5 10 10 UP/DOWN UP/DOWN UP/DOWN UP/DOWN UP/DOWN UP/DOWN UP/DOWN 2 2 2 2 2 2 2 2/3 4/5 10/11 8/9 6/7 12/13 14/15 3 3 3 3 3 3 5 209 A A A A M A A Syntax display ftm { information | route | topology-database } View Any view Parameter information: Displays the FTM protocol information. route: Displays the MAC forwarding table of the fabric.
210 CHAPTER 9: USING STACK COMMANDS displayed on the console port of a device, an asterisk (*) next to the unit ID indicates the current device. Example To display fabric information on the console port of unit 1, enter the following: [4500]display xrn-fabric Fabric name is 4500 , system mode is L3. Fabric authentication: no authentication, number of units in stack: 1.
Stack Commands Unit Unit Unit Unit Unit Unit 3 4 5 6 7 8 saved saved saved saved saved saved unit unit unit unit unit unit ID ID ID ID ID ID 211 successfully. successfully. successfully. successfully. successfully. successfully.
212 CHAPTER 9: USING STACK COMMANDS Description Use the ftm stacking-vlan command to specify the stacking VLAN of the Switch. Use the undo ftm stacking-vlan command to set the stacking VLAN of the Switch to its default value. You should specify the stacking VLAN before the stack is established.
Stack Commands 213 Description You can use this command to set a name for a device. Example To set the name “hello” for the device with unit ID 1, enter the following: <4500>display xrn-fabric Fabric name(HostName): 4500 Fabric authentication: md5, Fabric mode: L3, number of units in stack: 2 Unit Name Hello Second sysname Unit ID 1 2(*) Syntax sysname sysname undo sysname View System View Parameter sysname: A string comprising 1 to 30 characters. By default, the stack name of Ethernet Switch is 4500.
214 CHAPTER 9: USING STACK COMMANDS Unit Name First Second Unit ID 1 2 (*)
10 USING RSTP COMMANDS This chapter describes how to use the following commands: RSTP Configuration Commands ■ display stp ■ reset stp ■ stp ■ stp bpdu-protection ■ stp cost ■ stp edged-port ■ stp loop-protection ■ stp mcheck ■ stp mode ■ stp pathcost-standard ■ stp point-to-point ■ stp port priority ■ stp priority ■ stp root primary ■ stp root secondary ■ stp root-protection ■ stp timeout-factor ■ stp timer forward-delay ■ stp timer hello ■ stp timer max-age ■ stp
216 CHAPTER 10: USING RSTP COMMANDS RSTP Configuration Commands display stp This section describes how to use the Rapid Spanning Tree Protocol (RSTP) configuration commands on your Switch. Syntax display stp [ interface interface_list ] display stp brief View All views Parameter interface interface_list: Specifies the Ethernet port list, including multiple Ethernet ports.
RSTP Configuration Commands 217 Times: Hello Time 2 sec, Max Age 20 sec Forward Delay 15 sec, Message Age 0 BPDU sent: 0 TCN: 0, RST: 0, Config BPDU: 0 BPDU received: 0 TCN: 0, RST: 0, Config BPDU: 0 Table 27 Display information Field Description Protocol mode Current Switch is executing RSTP. The bridge ID (Pri.MAC): 32768.
218 CHAPTER 10: USING RSTP COMMANDS Parameter interface interface_list: Specifies the Ethernet port list, including multiple Ethernet ports. Expressed as interface _list = { { interface_type interface_num | interface_name } [ to { interface_type interface_num | interface_name } ] }&<1-10>. For details about interface_type, interface_num and interface_name, refer to the port command in this guide. &<1-10>: Indicates the preceding parameter can be input up to 10 times.
RSTP Configuration Commands 219 for the device and ports. This command enables/disables RSTP on a device in system view and enables/disables RSTP on a port in Ethernet Port View. Related command: stp mode. Example To enable RSTP on a Switch, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
220 CHAPTER 10: USING RSTP COMMANDS [4500]stp bpdu-protection stp cost Syntax stp cost cost undo stp cost View Ethernet Port View Parameter cost: Specifies the path cost, ranging from 1 to 2000000. Description Use the stp cost command to configure the path cost on a spanning tree for the current Ethernet port. Use the undo stp cost command to restore the default cost. By default, the bridge gets the path cost directly through the speed of the link connected to the port.
RSTP Configuration Commands 221 Parameter enable: Sets the current Ethernet port as an edge port. disable: Sets the current Ethernet port as a non-edge port. Description Use the stp edged-port enable command to configure the current port as an edge port. Use the stp edged-port disable command to configure the current port as a non-edge port. Use the undo stp edged-port command to restore the default setting. By default, all the Ethernet ports of the bridge are configured as non-edge ports.
222 CHAPTER 10: USING RSTP COMMANDS Example To enable loop protection function in Ethernet1/0/1, enter the following: <4500>system-view System View: return to User View with Ctrl+Z. [4500]interface Ethernet1/0/1 [4500-Ethernet1/0/1]stp loop-protection stp mcheck Syntax stp mcheck View System View Parameter None Description If the network is unstable, even when the bridge running STP on the segment is removed, the corresponding port will still work in the STP compatible mode.
RSTP Configuration Commands 223 Parameter stp: Specifies to run Spanning Tree in STP compatible mode. rstp: Specifies to run Spanning Tree in RSTP mode. Description Use the stp mode command to configure Spanning Tree’s running mode. Use the undo stp mode command to restore the default Spanning Tree’s running mode. By default, the value is rstp. This command can be used for specifying the current Ethernet Switch to run the Spanning Tree in RSTP mode or in STP compatible mode.
224 CHAPTER 10: USING RSTP COMMANDS <4500>system-view System View: return to User View with Ctrl+Z. [4500]stp pathcost-standard dot1d-1998 To configure the Switch to calculate the default Path Cost of a port by the IEEE 802.
RSTP Configuration Commands 225 Parameter port-priority: Specifies the priority of the port, ranging from 0 to 240. The values are not consecutive integers. Step length is 16. By default, the value is 128. Description Use the stp port priority command to configure the priority of the current Ethernet port. Use the undo stp port priority command to restore the default priority. The priority value shall be a multiple of 16, such as 0, 16, 32, 48 etc. The smaller value represents the higher priority.
226 CHAPTER 10: USING RSTP COMMANDS stp root primary Syntax stp root primary undo stp root View System View Parameter None Description Use the stp root primary command to configure the current Switch as the primary root of a spanning tree. Use the undo stp root command to cancel the current Switch for primary root of a spanning tree. By default, the Switch is not a primary root. You can designate a primary root for the spanning tree without caring about the priority configuration of the Switch.
RSTP Configuration Commands 227 Description Use the stp root secondary command to configure the current Switch as a secondary root of a specified spanning tree. Use the undo stp root command to cancel the designation of the current Switch for a secondary root of a specified spanning tree. By default, a Switch is not a secondary root. You can designate one or more secondary roots for a spanning tree. When the primary root fails or is powered off, a secondary root can take its place.
228 CHAPTER 10: USING RSTP COMMANDS not forward any packets (as if the link to it is disconnected). It will resume normal status if it receives no BPDU with higher-priority for a period of time. Example To enable Root protection function on Ethernet1/0/1 of the Switch, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
RSTP Configuration Commands 229 undo stp timer forward-delay View System View Parameter centiseconds: Specifies the time of forward delay in centiseconds, ranging from 400 to 3000. By default, the value is 1500 centiseconds. Description Use the stp timer forward-delay command to configure the time of forward delay for the Switch. Use the undo stp timer forward-delay command to restore the default forward delay time. The value of forward delay is related to the “diameter” of the switching network.
230 CHAPTER 10: USING RSTP COMMANDS Related commands: stp timer forward-delay, stp timer max-age, stp transmit-limit. Example To set the hello time of the Switch to 300 centiseconds, enter the following: <4500>system-view System View: return to User View with Ctrl+Z. [4500]stp timer hello 300 stp timer max-age Syntax stp timer max-age centiseconds undo stp timer max-age View System View Parameter centiseconds: Specifies the maximum age in centiseconds, ranging from 600 to 4000.
RSTP Configuration Commands 231 Parameter packetnum: The maximum number of STP packets a port can send within one hello time. It ranges from 1 to 255 and defaults to 3. Description Use the stp transmit-limit command to set the maximum number of STP packets the current port can send within one hello time. Use the undo stp transmit-limit command to restore the default value. The larger the value of packetnum is, the larger the transmission rate is. However, more Switch resources will be used.
232 CHAPTER 10: USING RSTP COMMANDS
11 USING AAA AND RADIUS COMMANDS This chapter describes how to use the following commands: 802.
234 CHAPTER 11: USING AAA AND RADIUS COMMANDS ■ domain ■ idle-cut ■ level ■ local-user ■ local-user password-display-mode ■ messenger ■ password ■ radius-scheme ■ scheme ■ self-service-url ■ service-type ■ state RADIUS Protocol Configuration Commands ■ accounting optional ■ data-flow-format ■ display local-server statistics ■ display radius ■ display radius statistics ■ display stop-accounting-buffer ■ key ■ local-server ■ nas-ip ■ primary accounting ■ primary
235 ■ timer realtime-accounting ■ timer response-timeout ■ user-name-format
236 CHAPTER 11: USING AAA AND RADIUS COMMANDS 802.1x Configuration Commands display dot1x This section describes how to use the 802.1x configuration commands on your Switch 4500. Syntax display dot1x [ sessions | statistics [ interface interface-list ]] View All views Parameter interface: Displays the 802.1x information on the specified interface. sessions: Displays the session connection information of 802.1x. statistics: Displays the relevant statistics information of 802.1x.
802.1x Configuration Commands 237 Configuration: Transmit Period 30 s, Handshake Period 15 s Quiet Period 60 s, Quiet Period Timer is disabled Supp Timeout 30 s, Server Timeout 100 s The Max-Req 3 Total maximum 802.1x user resource number is 1024 Total current used 802.1x resource number is 0 Ethernet1/0/1 is link-up 802.
238 CHAPTER 11: USING AAA AND RADIUS COMMANDS enabled globally, if the parameters are not configured globally or for a specified port, they will maintain the default values. After the global 802.1x performance is enabled, only when port 802.1x performance is enabled will the configuration of 802.1x become effective on the port. Related commands: display dot1x. Example To enable 802.1x on Ethernet 1/0/1, enter the following.
802.1x Configuration Commands 239 forwarding to the RADIUS server. You can use EAP authentication in one of the four sub-methods: PEAP, EAP-TLS, EAP-TTLS and EAP-MD5. To use PAP, CHAP or EAP authentication, RADIUS server should support PAP, CHAP or EAP authentication respectively. Related command: display dot1x. Example Configure 802.
240 CHAPTER 11: USING AAA AND RADIUS COMMANDS Parameter user-number: Specifies the limit to the amount of supplicants on the port, ranging from 1 to 1024. By default, the maximum user number is 1024. interface interface-list: Ethernet interface list including several Ethernet interfaces, expressed in the format interface-list = { interface-num [ to interface-num ] } & < 1-10 >.
802.1x Configuration Commands 241 authorized-force: Forced authorized mode, configuring the interface to always stay in authorized state and the user is allowed to access the network resources without authentication/authorization. unauthorized-force: Forced unauthorized mode, configuring the interface to always stay in non-authorized mode and the user is not allowed to access the network resources.
242 CHAPTER 11: USING AAA AND RADIUS COMMANDS portbased: Configures the 802.1x authentication system to perform authentication on the supplicant based on interface number. interface interface-list: Ethernet interface list including several Ethernet interfaces, expressed in the format interface-list = { interface-num [ to interface-num ] } & < 1-10 >.
802.1x Configuration Commands 243 Parameter None Description Use the dot1x quiet-period command to enable the quiet-period timer. Use the undo dot1x quiet-period command to disable this timer. If an 802.1x user has not been authenticated, the Authenticator will keep quiet for a while (which is specified by quiet-period timer) before launching the authentication again. During the quiet period, the Authenticator does not do anything related to 802.1x authentication.
244 CHAPTER 11: USING AAA AND RADIUS COMMANDS Related commands: display dot1x.
802.1x Configuration Commands 245 Example To configure the Switch to cut the network connection to a user upon detecting the use of proxy on Ethernet 1/0/1 ~ Ethernet 1/0/8, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
246 CHAPTER 11: USING AAA AND RADIUS COMMANDS server-timeout-value: Specify how long the duration of a timeout timer of an Authentication Server is. The value ranges from 100 to 300 seconds and defaults to 100 seconds. supp-timeout: Specify the authentication timeout timer of a Supplicant. After the Authenticator sends Request/Challenge request packet which requests the MD5 encrypted text, the supp-timeout timer of the Authenticator begins to run.
Centralized MAC Address Authentication Configuration Commands 247 interface-type interface-num | interface-name }, where interface-type specifies the port type, interface-num specifies the port number and interface-name specifies the port name. For the respective meanings and value ranges, read the Parameter of the Port Configuration section. Description Use the reset dot1x statistics command to reset the statistics of 802.1x.
248 CHAPTER 11: USING AAA AND RADIUS COMMANDS Description Use the debugging mac-authentication event command to enable centralized MAC address authentication event debugging. Use the undo debugging mac-authentication event command to disable event debugging.
Centralized MAC Address Authentication Configuration Commands MAC ADDR Authenticate state 249 AuthIndex Table 29 Description of MAC address authentication configuration information mac-authentication Field Description mac address authentication is Enabled The centralized MAC address authentication feature is enabled on the switch authentication mode The centralized MAC address authentication mode. By default, it is MAC address mode. the Fixed username The username for fixed mode.
250 CHAPTER 11: USING AAA AND RADIUS COMMANDS Parameter interface interface-list: Ethernet interface list including several Ethernet interfaces, expressed in the format interface-list = { interface-num [ to interface-num ] } & < 1-10 >.
Centralized MAC Address Authentication Configuration Commands 251 Parameter usernamemacaddress: Specify the MAC address mode for authentication. usernamefixed: Specify the fixed mode for authentication. Description Use the mac-authentication authmode command to set the MAC address authentication mode. Use the undo mac-authentication authmode command to remove the configuration.
252 CHAPTER 11: USING AAA AND RADIUS COMMANDS <4500>system-view System View: return to User View with Ctrl+Z. [4500]mac-authentication authpassword mac mac-authentication authusername Syntax mac-authentication authusername text undo mac-authentication authusername View System View Parameter text: User name for authentication, a string ranging from 1 to 55 characters in length.
Centralized MAC Address Authentication Configuration Commands 253 By default, the domain used by centralized MAC address authentication user is null, that is, not configured. Example To configure the domain used by the MAC address to Cams, enter the following: <4500> system-view System View: return to User View with Ctrl+Z.
254 CHAPTER 11: USING AAA AND RADIUS COMMANDS AAA and RADIUS Configuration Commands access-limit This section describes how to use the AAA and RADIUS configuration commands on your Switch 4500. Syntax access-limit { disable | enable max-user-number } View ISP Domain View Parameter disable: No limit to the supplicant number in the current ISP domain.
AAA and RADIUS Configuration Commands 255 mac mac-address: Specifies the MAC address of a user. Where, mac-address takes on the hexadecimal format of HHHH-HHHH-HHHH-HHHH. idle-cut second: Allows/disallows the local users to enable the idle-cut function. (The specific data for this function depends on the configuration of the ISP domain where the users are located.) The argument minute defines the idle-cut time, which is in the range of 60 to 7200 seconds.
256 CHAPTER 11: USING AAA AND RADIUS COMMANDS Parameter all: Configures to disconnect all connection. access-type { dot1x | mac authentication }: Configures to cut a category of connections according to logon type. dot1x means the 802.1x users. mac authentication means the centralized MAC address authentication users. domain domain-name: Configures to cut the connection according to ISP domain. domain-name specifies the ISP domain name with a character string not exceeding 24 characters.
AAA and RADIUS Configuration Commands 257 ip-address | mac mac-address | radius-scheme radius-scheme-name | vlan vlanid | ucibindex ucib-index | user-name user-name ] View All views Parameter access-type { dot1x | mac-authentication }: Configures to display the supplicants according to their logon type. dot1x means the 802.1x users. mac-authentication means the centralized mac address authentication users. domain domain-name: Configures to display all the users in an ISP domain.
258 CHAPTER 11: USING AAA AND RADIUS COMMANDS display domain Syntax display domain [ isp-name ] View All views Parameter isp-name: Specifies the ISP domain name, with a character string not exceeding 24 characters. The specified ISP domain shall have been created. Description Use the display domain command to view the configuration of a specified ISP domain or display the summary information of all ISP domains.
AAA and RADIUS Configuration Commands 259 idle-cut: Configures to display the local users according to the state of idle-cut function. disable means that the user disables the idle-cut function and enable means the user enables the function. This parameter only takes effect on the users configured as lan-access type. For other types of users, the display local-user idle-cut enable and display local-user idle-cut disable commands do not display any information.
260 CHAPTER 11: USING AAA AND RADIUS COMMANDS Table 30 Output description of the display local-user command domain Field Description State The state of the user Idle-Cut The state of the idle-cut Switch Access-Limit The limit of the number of access users Bind location Indicates whether a port is bound with or not VLAN ID The ID of the VLAN to which the user is bound IP address The bound ip address of the user MAC address The bound MAC address of the user FTP Directory The directory aut
AAA and RADIUS Configuration Commands 261 For a Switch, each supplicant belongs to an ISP domain. The system supports up to 16 ISP domains. If a user has not reported its ISP domain name, the system will put it into the default domain. When this command is used, if the specified ISP domain does not exist, the system will create a new ISP domain. All the ISP domains are in the active state when they are created. Related commands: access-limit, radius scheme, state, display domain.
262 CHAPTER 11: USING AAA AND RADIUS COMMANDS Related command: domain Example To enable the user in the current ISP domain, 3Com163.net, to use the idle-cut attribute specified in the user template (that is, enabling the user to use the idle-cut function). The maximum idle time is 50 minutes and the minimum data traffic is 500 bytes. <4500> system-view System View: return to User View with Ctrl+Z. [4500]domain marlboro.net [4500-isp-marlboro.
AAA and RADIUS Configuration Commands 263 View System View Parameter user-name: Specifies a local username with a character string not exceeding 80 characters, excluding “/”, “:”, “*”, “?”, “<” and “>”. The @ character can only be used once in one username. The pure username (the part before @, namely the user ID) cannot exceed 55 characters. The user-name parameter is not case sensitive. service-type: Specifies the service type. telnet: The specified user type is telnet.
264 CHAPTER 11: USING AAA AND RADIUS COMMANDS auto: The auto mode specifies that a user is allowed to use the password command to set a password display mode. Description Use the local-user password-display-mode command, you can configure the password display mode of all the accessing user. Use the undo local-user password-display-mode command to cancel password display mode that has been set for all the accessing users. The password display mode of all the accessing users defaults to auto.
AAA and RADIUS Configuration Commands ■ 265 The client keeps the user informed of the remaining online time through a message alert dialog box. Example To configure to start the sending of alert messages when the user's remaining online time is 30 minutes and send the messages at an interval of five minutes, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
266 CHAPTER 11: USING AAA AND RADIUS COMMANDS Parameter radius-scheme-name: Specifies a RADIUS scheme, with a character string not exceeding 32 characters. Description Use the radius-scheme command to configure the RADIUS scheme used by the current ISP domain. This command is used to specify the RADIUS scheme for the current ISP domain. The specified RADIUS scheme shall have been created. Related commands: radius scheme, display radius.
AAA and RADIUS Configuration Commands ■ If the local or none scheme applies, no RADIUS scheme can be adopted. ■ If you want to specify the ISP domain to adopt RADIUS scheme, then the RADIUS scheme must have already been configured. 267 You can use either scheme or radius-scheme command to specify the RADIUS scheme for an ISP domain. If both of these two commands are used, the latest configuration will take effect.
268 CHAPTER 11: USING AAA AND RADIUS COMMANDS The "Change user password" option is available only after the user passed the authentication; otherwise, this option is in grey and unavailable. Example In the ISP domain "marlboro.net", configure the URL address of the page used to change the user password on the self-service server to http://10.153.89.94/selfservice/modPasswd1x.jsp|userName. <4500>system-view System View: return to User View with Ctrl+Z. [4500]domain marlboro.net [4500-isp-marlboro.
AAA and RADIUS Configuration Commands 269 You can use either level or service-type commands to specify the level for a local user. If both of these commands are used, the latest configuration takes effect. Example To set to provide the lan-access service for the user JohnQ, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
270 CHAPTER 11: USING AAA AND RADIUS COMMANDS [4500]domain marlboro.net [4500-isp-marlboro.net]state block [4500-isp-marlboro.net]quit To set the user 3Com1 to be in the block state, enter the following: [4500-user-3Com1]state block RADIUS Protocol Configuration Commands accounting optional This section describes how to use the RADIUS Protocol configuration commands on your Switch.
RADIUS Protocol Configuration Commands 271 undo data-flow format View RADIUS Scheme View Parameter data: Set data unit. byte: Set 'byte' as the unit of data flow. giga-byte: Set 'giga-byte' as the unit of data flow. kilo-byte: Set 'kilo-byte' as the unit of data flow. mega-byte: Set 'mega-byte' as the unit of data flow. packet: Set data packet unit. giga-packet: Set 'giga-packet' as the unit of packet flow. kilo-packet: Set 'kilo-packet' as the unit of packet flow.
272 CHAPTER 11: USING AAA AND RADIUS COMMANDS Parameter None Description Use the display local-server statistics command to view the statistics of local RADIUS authentication server. Related command: local-server.
RADIUS Protocol Configuration Commands 273 TimeOutValue(in second)=3 RetryTimes=3 RealtimeACCT(in minute)=12 Permitted send realtime PKT failed counts =5 Retry sending times of noresponse acct-stop-PKT =500 Quiet-interval(min) =5 Username format =without-domain Data flow unit =Byte Packet unit =1 -----------------------------------------------------------------Total 1 RADIUS scheme(s).
274 CHAPTER 11: USING AAA AND RADIUS COMMANDS PKT auth timeout display stop-accounting-buffer ,Num=0 ,Err=0 ,Succ=0 Syntax display stop-accounting-buffer { radius-scheme radius-scheme-name | session-id session-id | time-range start-time stop-time | user-name user-name } View All views Parameter radius-scheme radius-scheme-name: Configures to display the saved stopping accounting requests according to RADIUS server name.
RADIUS Protocol Configuration Commands 275 <4500>display stop-accounting-buffer time-range 0:0:0-2003/08/31 23:59:59-2003/08/31 Total find 0 record key Syntax key { accounting | authentication } string undo key { accounting | authentication } View RADIUS Scheme View Parameter accounting: Configures to set/delete the authentication key for the RADIUS accounting packet. authentication: Configures to set/delete the encryption key for RADIUS authentication/authorization packet.
276 CHAPTER 11: USING AAA AND RADIUS COMMANDS Example 2: To set the accounting packet key of the RADIUS scheme to “ok”, enter the following: [4500-radius]key accounting ok local-server Syntax local-server nas-ip ip-address key string undo local-server nas-ip ip-address View System View Parameter nas-ip ip-address: set NAS-IP address of access server. ip-address is expressed in the format of dotted decimal. By default, there is a local server with the NAS-IP address of 127.0.0.1.
RADIUS Protocol Configuration Commands 277 undo nas-ip View RADIUS Scheme View Parameter ip-address: IP address in dotted decimal format. Description Use the nas-ip command to set the source IP address of the network access server (NAS, the Switch in this guide), so that all packets destined for the RADIUS server carry the same source IP address. Use the undo nas-ip command to cancel the configuration.
278 CHAPTER 11: USING AAA AND RADIUS COMMANDS By default, as for the newly created RADIUS scheme, the IP address of the primary accounting server is 0.0.0.0, and the UDP port number of this server is 1813; as for the "system" RADIUS scheme created by the system, the IP address of the primary accounting server is 127.0.0.1, and the UDP port number is 1646. For the newly created RADIUS scheme, the IP address of the primary accounting server is 0.0.0.0 and the UDP port number of this server is 1813.
RADIUS Protocol Configuration Commands 279 After creating a RADIUS server group, you are supposed to set IP addresses and UDP port numbers for the RADIUS servers, including primary/second authentication/authorization servers and accounting servers. In real networking environments, the above parameters shall be set according to the specific requirements. However, you set at least one authentication/authorization server and an accounting server.
280 CHAPTER 11: USING AAA AND RADIUS COMMANDS radius scheme Syntax radius scheme radius-scheme-name undo radius scheme radius-scheme-name View System View Parameter radius-scheme-name: Specifies the Radius server name with a character string not exceeding 32 characters. Description Use the radius scheme command to configure a RADIUS scheme group and enter its view. Use the undo radius scheme command to delete the specified RADIUS scheme.
RADIUS Protocol Configuration Commands 281 View User View Parameter None Description Use the reset radius statistics command to clear the statistic information related to the RADIUS protocol. Related command: display radius.
282 CHAPTER 11: USING AAA AND RADIUS COMMANDS retransmit it for several times, which is set through the retry realtime-accounting command. This command is used to delete the stopping accounting requests from the Switch buffer. You can select to delete the packets transmitted to a specified RADIUS server, or according to the session-id or username, or delete the packets transmitted during the specified time-range.
RADIUS Protocol Configuration Commands 283 <4500>system-view System View: return to User View with Ctrl+Z. [4500]radius scheme 3Com [4500-radius-3Com]retry 5 retry realtime-accounting Syntax retry realtime-accounting retry-times undo retry realtime-accounting View RADIUS Scheme View Parameter retry-times: Specifies the maximum times of real-time accounting request failing to be responded, ranging from 1 to 255. By default, the accounting request can fail to be responded up to 5 times.
284 CHAPTER 11: USING AAA AND RADIUS COMMANDS View RADIUS Scheme View Parameter retry-times: Specifies the maximal retransmission times after stopping accounting request,. ranging from 10 to 65535. By default, the value is 500. Description Use the retry stop-accounting command to configure the maximal retransmission times after stopping accounting request. Use the undo retry stop-accounting command to restore the retransmission times to the default value.
RADIUS Protocol Configuration Commands 285 For detailed information, read the Description of the primary accounting command. Related commands: key, radius scheme, state. Example To set the IP address of the second accounting server of RADIUS scheme, 3Com, to 10.110.1.1 and the UDP port 1813 to provide RADIUS accounting service, enter the following: <4500>system-view System View: return to User View with Ctrl+Z. [4500]radius scheme 3Com [4500-radius-3Com]secondary accounting 10.110.1.
286 CHAPTER 11: USING AAA AND RADIUS COMMANDS undo server-type View RADIUS Scheme View Parameter 3Com: Configures the Switch to support the extended RADIUS server type, which requires the RADIUS client end (Switch) and RADIUS server to interact according RADIUS extensions.
RADIUS Protocol Configuration Commands 287 authentication: Configures to set the state of RADIUS authentication/authorization. block: Configures the RADIUS server to be in the state of block. active: Configures the RADIUS server to be active, namely the normal operation state. Description Use the state command to configure the state of RADIUS server.
288 CHAPTER 11: USING AAA AND RADIUS COMMANDS Description Use the stop-accounting-buffer enable command to configure to save the stopping accounting requests without response in the Switch buffer. Use the undo stop-accounting-buffer enable command to cancel the function of saving the stopping accounting requests without response in the Switch buffer. By default, enable to save the stopping accounting requests in the buffer.
RADIUS Protocol Configuration Commands 289 Related commands: radius scheme, retry. Example To set the response timeout timer of RADIUS scheme, 3Com, to 5 seconds, enter the following: <4500>system-view System View: return to User View with Ctrl+Z. [4500]radius scheme 3Com [4500-radius-3Com]timer 5 timer quiet Syntax time quiet minutes undo timer quiet View RADIUS Scheme View Parameter minutes: Quiet time interval, ranging from 1 to 255 in minutes. The default value is 5.
290 CHAPTER 11: USING AAA AND RADIUS COMMANDS Parameter minutes: Real-time accounting interval, ranging from 3 to 60, measured in minutes in multiples of 3. By default, the value is 12. Description Use the timer realtime-accounting command to configure the real-time accounting interval. Use the undo timer realtime-accounting command to restore the default interval. To implement real-time accounting, it is necessary to set a real-time accounting interval.
RADIUS Protocol Configuration Commands 291 Description Use the timer response-timeout command to configure the RADIUS server response timer. Use the undo timer command to restore the default. If the NAS receives no response from the RADIUS server after sending a RADIUS request (authentication/authorization or accounting request) for a period of time, the NAS resends the request, thus ensuring the user can obtain the RADIUS service.
292 CHAPTER 11: USING AAA AND RADIUS COMMANDS domains. Otherwise, the RADIUS server will regard two users in different ISP domains as the same user by mistake, if they have the same username (excluding their respective domain names.) Related command: radius scheme. Example To specify to send the username without domain name to RADIUS server, enter the following: <4500>system-view System View: return to User View with Ctrl+Z.
12 USING SYSTEM MANAGEMENT COMMANDS This chapter describes how to use the following commands: File System Management Commands ■ cd ■ copy ■ delete ■ dir ■ execute ■ file prompt ■ format ■ mkdir ■ more ■ move ■ pwd ■ rename ■ reset recycle-bin ■ rmdir ■ undelete Configuration File Management Commands ■ display current-configuration ■ display saved-configuration ■ display this ■ display startup ■ reset saved-configuration ■ save ■ startup bootrom-access enable ■
294 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS ■ ftp timeout ■ local-user ■ password ■ service-type FTP Client Commands ■ ascii ■ binary ■ bye ■ cd ■ cdup ■ close ■ delete ■ dir ■ disconnect ■ ftp ■ get ■ lcd ■ ls ■ mkdir ■ passive ■ put ■ pwd ■ quit ■ remotehelp ■ rmdir ■ user ■ verbose TFTP Configuration Commands ■ tftp get ■ tftp put MAC Address Table Management Commands ■ display mac-address ■ display mac-address aging-time ■ mac-address
295 Device Management Commands ■ boot boot-loader ■ boot bootrom ■ display boot-loader ■ display cpu ■ display device ■ display fan ■ display memory ■ display power ■ display schedule reboot ■ reboot ■ schedule reboot at ■ schedule reboot delay Basic System Configuration and Management Commands ■ clock datetime ■ clock summer-time ■ clock timezone ■ sysname System Status and System Information Display Commands ■ display clock ■ display config-agent ■ display debugging
296 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS ■ info-center channel name ■ info-center console channel ■ info-center enable ■ info-center logbuffer ■ info-center loghost ■ info-center loghost source ■ info-center monitor channel ■ info-center snmp channel ■ info-center source ■ info-center switch-on ■ info-center timestamp ■ info-center trapbuffer ■ reset logbuffer ■ reset trapbuffer ■ terminal debugging ■ terminal logging ■ terminal monitor ■ terminal trapping SNMP
297 ■ snmp-agent trap source ■ snmp-agent usm-user ■ undo snmp-agent RMON Configuration Commands ■ display rmon alarm ■ display rmon event ■ display rmon eventlog ■ display rmon history ■ display rmon prialarm ■ display rmon statistics ■ rmon alarm ■ rmon event ■ rmon history ■ rmon prialarm ■ rmon statistics NTP Configuration Commands ■ display ntp-service sessions ■ display ntp-service status ■ display ntp-service trace ■ ntp-service access ■ ntp-service authenticatio
298 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS ■ peer-public-key end ■ protocol inbound ■ public-key-code begin ■ public-key-code end ■ rsa local-key-pair create ■ rsa local-key-pair destroy ■ rsa peer-public-key ■ ssh server authentication-retries ■ ssh server timeout ■ ssh user assign rsa-key ■ ssh user authentication-type SSH Client Configuration Commands ■ display ssh server-info ■ peer-public-key end ■ public-key-code begin ■ public-key-code end ■ quit ■ rsa peer-pu
File System Management Commands File System Management Commands ■ quit ■ remove ■ rename ■ rmdir ■ sftp 299 This section describes the commands you can use to manage the file system on your Switch 4500. In switches supporting the XRN feature, the file path must start with "unit[No.]>flash:/:", the [No.] is the unit ID. For example, suppose unit ID is 1, and the path of the "text.txt" file under the root directory must be "unit1>flash:/text.txt".
300 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS When the destination filename is the same as that of an existing file, the system will ask whether to overwrite it. Example Display current directory information. <4500>dir Directory of unit1>flash:/ 0 -rw595 Jul 12 2001 19:41:50 test.txt 16125952 bytes total (13975552 bytes free) Copy the file test.txt and save it as test.bak. <4500>copy test.txt test.bak %Copy file unit1>flash:/test.txt to unit1>flash:/test.bak ...
File System Management Commands 301 <4500> dir Syntax dir [ /all ] [ file-path ] View User view Parameter /all: Display all the files (including the deleted ones). file-path: File or directory name to be displayed. The file-path parameter supports “*” matching. For example, using dir *.txt will display all the files with the extension txt in the current directory. dir without any parameters will display the file information in the current directory.
302 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS 1 -rw- 248 Aug 29 2000 17:49:36 text.txt 20578304 bytes total (3104544 bytes free) execute Syntax execute filename View System view Parameter filename: Name of the batch file, which is a string up to 256 characters in length, with a suffix of “.bat”. Description Use the execute command to execute the specified batch file. The batch command executes the command lines in the batch file one by one. There should be no invisible character in the batch file.
File System Management Commands 303 [4500]file prompt quiet [4500] format Syntax format filesystem View User view Parameter filesystem: Device name. Description Use the format command to format the storage device. All of the files on the storage device will be lost and non-recoverable. Specially, configuration files will be lost after formatting flash memory.
304 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS View User view Parameter file-path: File name. Description Use the more command to display the contents f of the specified file formatted as text. Example Display contents of file test.txt. <4500>more test.txt AppWizard has created this test application for you. This file contains a summary of what you will find in each of the files that make up your test application. Test.
File System Management Commands 305 Move flash:/test/sample.txt to flash:/sample.txt. <4500>move flash:/test/sample.txt flash:/sample.txt Move unit1>flash:/test/sample.txt to unit1>flash:/sample.txt ?[confirm]:y % Moved file unit1>flash:/test/sample.txt unit1>flash:/sample.txt Display the directory after moving a file. <4500>dir Directory of unit1>flash:/ 0 -rw- 2145718 Jul 12 2001 12:28:08 3Com.bin 1 drw0 Jul 12 2001 19:41:20 test 2 -rw50 Jul 12 2001 20:26:48 sample.
306 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS If the destination file name is the same as an existing directory name, the rename operation will fail. If the destination file name is the same as an existing file name, a prompt will be displayed asking whether to overwrite the existing file. Example Display the current directory information. <4500>dir Directory of unit1>flash: 0 drw0 Jul 12 2001 19:41:20 test 1 -rw50 Jul 12 2001 20:26:48 sample.
File System Management Commands 307 View User view Parameter directory: Directory name. Description Use the rmdir command to delete a directory. The directory to be deleted must be empty. Example Delete the directory test. <4500>rmdir test Rmdir unit1>flash:/test?[Y/N]:y Removed directory unit1>flash:/test undelete Syntax undelete file-path View User view Parameter file-path: Name of the file to be recovered. Description Use the undelete command to recover the deleted file.
308 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Display the information for all of the files in the current directory, including the deleted files . <4500>dir /all Directory of unit1>flash:/ 0 -rw50 Jul 12 2001 20:34:19 1 -rw595 Jul 12 2001 20:13:19 16125952 bytes total (13972480 bytes free) Configuration File Management Commands display current-configuration sample.bak test.txt This section describes the commands you can use to manage the configuration files on your Switch 4500.
Configuration File Management Commands 309 By default, if some running configuration parameters are the same with the default operational parameters, they will not be displayed. If a user needs to authenticate whether the configurations are correct after finishing a set of configuration, the display current-configuration command can be used to display the running parameters. Although the user has configured some parameters, but the related functions are not effective, they are not displayed.
310 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS interface Ethernet1/0/6 interface Ethernet1/0/7 interface Ethernet1/0/8 interface Ethernet1/0/9 interface Ethernet1/0/10 interface Ethernet1/0/11 interface Ethernet1/0/12 ---- More ---- To view configuration information beginning with “user”, enter the following: <4500>display current-configuration | include ^user user-interface aux 0 7 user-interface vty 0 4 To view the pre-positive and post-positive configuration information, enter the following: <4500>
Configuration File Management Commands 311 <4500>display saved-configuration local-server nas-ip 127.0.0.
312 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS display startup Syntax display startup View All views Parameter None Description Use the display startup command, to display the related system software and configuration filenames used for the current and the next start-ups.
Configuration File Management Commands 313 Generally, this command is used in the following situations: ■ After upgrade of software, configuration files in flash memory may not match the new version's software. Perform reset saved-configuration command to erase the old configuration files. ■ When a Switch 4500 is reused on a network but in a different manner to previously, the original configuration file should be erased and the switch reconfigured.
314 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Related commands: reset saved-configuration, display current-configuration, display saved-configuration. Example Get the current configuration files stored in flash memory. <4500>save The configuration will be written to the device. Are you sure?[Y/N] y Please input the file name(*.cfg)[flash:/4500cfg.cfg]: Now saving current configuration to the device. Saving configuration. Please wait ..... .......... Configuration is saved to flash memory successfully.
FTP Server Configuration Commands 315 Parameter cfgfile: The name of the configuration file. It is a string with a length of 5 to 56 characters. Description Use the startup saved-configuration command to configure the configuration file used for enabling the system for the next time. The configuration file must have ".cfg" as its extension name and must be saved under the root directory of the Flash.
316 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS View All views Parameter None Description Use the display ftp-user command to display the parameters of current FTP user. You can perform this command to examine the configuration after setting FTP parameters. Example Show the configuration of FTP user parameters. <4500>display ftp-user % No ftp user <4500> ftp server Syntax ftp server enable undo ftp server View System view Parameter enable: Start FTP Server.
FTP Server Configuration Commands 317 View System view Parameter minute: Connection timeouts (measured in minutes), ranging from 1 to 35791; The default connection timeout time is 30 minutes. Description ■ Use the ftp timeout command to configure connection timeout interval. ■ Use the undo ftp timeout command to restore the default connection timeout interval.
318 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS terminal: Specifies that the user type is terminal which refers to users who use the terminal service (login from the Console, AUX or Asyn port). Description Use the local-user command to configure a local user and enter the local user view. Use the undo local-user command to cancel a specified local user, a type of user or all users. By default, a local user is not configured. Related commands: display local-user, service-type.
FTP Server Configuration Commands 319 [4500]local-user 3Com1 New local user added [4500-luser-3Com1]password simple 20030422 service-type Syntax service-type { ftp [ ftp-directory directory ] | lan-access | { ssh | telnet | terminal }* [ level level ] } undo service-type { ftp [ ftp-directory ] | lan-access | { ssh | telnet | terminal }* [ level level ] } View Local user view Parameters telnet: Specifies the user’s service type as Telnet. ssh: Specifies the user type as SSH.
320 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS <4500>sys System View: return to User View with Ctrl+Z. [4500]local-user-3Com1 New local user added. [4500-luser-3Com1]service-type lan-access FTP Client Commands ascii This section describes the File Transfer Protocol (FTP) Client commands on your Switch 4500. Syntax ascii View FTP Client view Parameter None Description Use the ascii command to configure data transmission mode as ASCII mode. By default, the file transmission mode is ASCII mode.
FTP Client Commands 321 Description Use the binary command to configure file transmission type as binary mode. Example Configure to transmit data in the binary mode. <4500>ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):hello 331 Password required for hello. Password: 230 User logged in. [ftp]binary 200 Type set to I.
322 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS View FTP Client view Parameter pathname: Path name. Description Use the cd command to change the working path on the remote FTP Server. This command is used to access another directory on FTP Server. Note that the user can only access the directories authorized by the FTP server. Example Change the working path to flash:/temp <4500>ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready.
FTP Client Commands 323 230 User logged in. [ftp]cdup 501 Change to no authenticated directory. [ftp] close Syntax close View FTP Client view Parameter None Description Use the close command to disconnect FTP client side from FTP server side without exiting FTP client side view so that you terminate the control connection and data connection with the remote FTP server at the same time. Example Terminate connection with the remote FTP Server and stay in FTP Client view. <4500>ftp 1.1.1.1 Trying ...
324 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):hello 331 Password required for hello. Password: 230 User logged in. [ftp]delete temp.c 250 DELE command successful [ftp] dir Syntax dir [ filename [ localfile ]] View FTP Client view Parameter filename: File name to be queried. localfile: Saved local file name. Description Use the dir command to query a specified file.
FTP Client Commands 325 Parameter None Description Using the disconnect command, subscribers can disconnect FTP client side from FTP server side without exiting FTP client side view. This command terminates the control connection and data connection with the remote FTP Server at the same time. Example Terminate connection with the remote FTP Server and stay in FTP Client view. ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready.
326 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS [ftp] get Syntax get remotefile [ localfile ] View FTP Client view Parameter localfile: Local file name. remotefile: Name of a file on the remote FTP Server. Description Use the get command to download a remote file and save it locally. If no local file name is specified, it will be considered the same as that on the remote FTP Server. Example Download the file temp1.c and saves it as temp.c ftp 1.1.1.1 Trying ...
FTP Client Commands ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):hello 331 Password required for hello. Password: 230 User logged in [ftp]lcd % Local directory now flash:/temp [ftp] ls Syntax ls [ remotefile [ localfile ]] View FTP Client view Parameter remotefile: Remote file to be queried. localfile: Saved local file name. Description Use the ls command to query a specified file. If no parameter is specified, all the files will be shown.
328 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Parameter pathname: Directory name. Description Use the mkdir command to create a directory on the remote FTP Server. User can perform this operation as long as the remote FTP server has authorized the operation. Example Create the directory flash:/lanswitch on the remote FTP Server. ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):hello 331 Password required for hello.
FTP Client Commands 329 230 User logged in [ftp]passive % Passive is on [ftp] put Syntax put localfile [ remotefile ] View FTP Client view Parameter localfile: Local file name. remotefile: File name on the remote FTP Server. Description Use the put command to upload a local file to the remote FTP Server. If the user does not specify the filename on the remote server, the system will consider it the same as the local file name by default. Example Upload the local file temp.
330 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Example Show the current directory on the remote FTP Server. ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):hello 331 Password required for hello. Password: 230 User logged in [ftp]pwd 257 "flash:/temp" is current directory. [ftp] quit Syntax quit View FTP Client view Parameter None Description Use the quit command to terminate the connection with the remote FTP Server and return to user view.
FTP Client Commands 331 Description Use the remotehelp command to display help information about the FTP protocol command. Example Show the syntax of the protocol command user. ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):hello 331 Password required for hello.
332 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Parameter username: Logon username. password: Logon password. Description Use the user command to register an FTP user. Example Log in the FTP Server with username tom and password hello. ftp 1.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):hello 331 Password required for hello. Password: 230 User logged in [ftp]user tom hello 331 Password required for tom. 230 User logged in.
TFTP Configuration Commands 333 % Verbose is on [ftp] TFTP Configuration Commands tftp get This section describes the Trivial File Transfer Protocol (TFTP) Commands on your Switch 4500. Syntax tftp tftpserver get source-file [ dest-file ] View User view Parameter tftp-server: IP address or host name of the TFTP server. The name of the TFTP server should be a string ranging from 1 to 20 characters. source-file: Specify the filename of the source file on the TFTP server.
334 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Description Use the tftp put command to upload a file from the switch to the specified directory on the TFTP server and save it with a new name. Related commands: tftp get. Example tftp 1.1.3.214 put sw5500cfg.txt temp.txt MAC Address Table Management Commands display mac-address This section describes the commands you can use to manage the MAC Address Table on your Switch 4500.
MAC Address Table Management Commands 335 When managing the Layer-2 addresses of the switch, the administrator can perform this command to view such information as the Layer-2 address table, address status (static or dynamic), Ethernet port of the MAC address, VLAN of the address, and system address aging time. For the related commands, see mac-address, mac-address timer. Example Show the information of the entry with MAC address at 00e0-fc01-0101 sys System View: return to User View with Ctrl+Z.
336 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS undo mac-address [ { static | dynamic | blackhole } mac-address interface { interface-name | interface-type interface-num ] vlan vlan-id ] View System view Parameter static: Static table entry, lost after resetting switch. dynamic: Dynamic table entry, which will be aged. blackhole: Blackhole table entry, the packet with this destination MAC address will be discarded. mac-addr: Specify the MAC address. interface-type: Specify the interface type.
MAC Address Table Management Commands 337 undo mac-address max-mac-count View Ethernet port view Parameter count: Enter a value in the range 0 to 32768 to specify how many MAC addresses a port can learn. 0 means that the port is not allowed to learn MAC addresses. Description Use the mac-address max-mac-count command to configure the maximum number of MAC addresses that can be learned by a specified Ethernet port. The port stops learning MAC addresses when the specified limit is reached.
338 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Description Use the mac-address timer command to configure the aging time of the Layer-2 dynamic address table entry. Use the undo mac-address timer command to restore the default value. Setting the aging time on the switch to be too long or too short will cause the switch to broadcast data packets without MAC addresses, this will affect the operational performance of the switch.
Device Management Commands 339 View User view Parameter file-path: File path and file name of Bootrom. Description Use the boot bootrom command to upgrade bootrom. Example Upgrade bootrom of the switch. boot bootrom PLATV100R002B09D002.btm display boot-loader Syntax display boot-loader [unit unit-id] View All views Parameter unit unit-id: Specify the Unit ID of the switch. Description Use the display boot-loader command to display APP file used for this boot and the next boot.
340 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS The information displays in the following format: Unit 1 Board 0 CPU busy 11% in last 5 12% in last 1 14% in last 5 status: seconds minute minutes Table 32 Display information display device Field Description Board 0 CPU busy status The busy status of the Switch 11% in last 5 seconds The CPU occupancy rate is 11% at last 5 seconds 12% in last 1 minute The CPU occupancy rate is 12% at last 1 minute 14% in last 5 minutes The CPU occupancy rate is
Device Management Commands 341 Parameter unit unit-id: Specify the Unit ID of the switch Description Use the display fan command to display the working state of the built-in fans. Example Display the working state of the fans. display fan Unit 1 Fan 1 State: Normal The above information indicates that the fan works normally.
342 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Parameter unit unit-id: Specify the Unit ID of the switch power-ID: Power ID. Description Use the display power command to display the working state of the built-in power supply. Example Show power state.
Device Management Commands 343 Example Reboots the Switch. reboot This will reboot device. Continue? [Y/N] schedule reboot at Syntax schedule reboot at hh:mm [ yyyy/mm/dd ] undo schedule reboot View User view Parameter hh:mm: Reboot time of the switch, in the format of "hour: minute" The hh ranges from 0 to 23, and the mm ranges from 0 to 59. yyyy/mm/dd: Reboot date of the switch, in the format of "year/month/day.
344 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Example Set the switch to be restarted at 22:00 that night (the current time is 15:50). schedule reboot at 22:00 Reboot system at 22:00:00 2000/04/02 (in 19 hours and 47 minutes) confirm? [Y/N]:y %Apr 2 02:12:20:72 2000 3Com CMD/5/REBOOT:- 1 aux0: schedule reboot parameters at 02:12:20 2000/04/02. And system will reboot at 22:00 2000/04/02.
Device Management Commands 345 Confirm? [Y/N]:y %Apr 2 02:13:10:09 2000 3Com CMD/5/REBOOT:- 1 aux0: schedule reboot parameters at 02:13:10 2000/04/02. And system will reboot at 03:41 2000/04/02.
346 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Basic System Configuration and Management Commands clock datetime This section describes the basic system configuration and system management commands available on your Switch 4500. Syntax clock datetime time date View User view Parameters time : Enter the current time in HH:MM:SS format . HH can be in the range 0 to 23. MM and SS can be in the range 0 to 59. date : Enter the current year in MM/DD/YYYY or YYYY/MM/DD format .
Basic System Configuration and Management Commands 347 end_time: Enter the end time of summer time, in the format HH:MM:SS. end_date: Enter the end date of summer time, in the format YYYY/MM/DD. offset_time: Enter the offset time, that is the amount of time added, in the format HH:MM:SS. Description Use the clock summer-time command to set the name, start date and time, and end date and time of summer time. Use the undo clock summer-time command to cancel the currently configured summer time.
348 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Use the undo clock timezone command to return to the default, which is Universal Time Coordinated (UTC). Use the display clock command to check the summer time settings.
System Status and System Information Display Commands 349 View All views Parameter None Description Use the display clock command to obtain information about system data and time from the terminal display.. For the related commands, see clock. Example View the current system date and clock. display clock 15:50:45 UTC Mon 01/01/2001 display config-agent Syntax display config-agent unit-id unit-id View Any view Parameter unit-id: Unit ID of current switch, in the range of 1 to 8.
350 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Config message send: Notification message recv: Notification message send: Information message recv: Information message send: display debugging 0 0 0 0 0 0 0 0 0 0 Syntax display debugging [ interface { interface-name | interface-type interface-num } ] [ module-name ] View All views Parameter interface-name: Specify the Ethernet port name. interface-type: Specify the Ethernet port type. interface-num: Specify the Ethernet port number.
System Debug Commands System Debug Commands debugging 351 This section describes the system debugging options, and the system diagnostics information that can be displayed on your Switch 4500. Syntax debugging module-name [ debugging-option ] undo debugging { all | module-name [ debugging-option ] } View User view Parameter all: Disable all the debugging. timeout interval: The interval during which the debugging command is valid. The interval value can range from 1 to 1440 minutes.
352 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS after the synchronization information statistics and detection, you must execute the undo info-center switch-on command to disable the switch in time. For the related commands, see display debugging. Example Enable IP Packet debugging. debugging ip packet IP packet debugging switch is on.
Network Connection Test Commands 353 Use the undo end-station polling ip-address command to delete the IP address requiring periodic testing. The switch can ping an IP address every one minute to test if it is reachable. Three PING packets can be sent at most for every IP address in every testing with a time interval of five seconds. If the switch cannot ping successfully the IP address after the three PING packets, it assumes that the IP address is unreachable.
354 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS -q: Configure not to display any other detailed information except statistics. -r: Record route. -s packetsize: Specify the length of ECHO-REQUEST (excluding IP and ICMP packet header) in bytes. -t timeout: Maximum waiting time after sending the ECHO-REQUEST (measured in ms). -tos tos: Specify TOS value for echo requests to be sent, range from 0 to 255. -v: Show other received ICMP packets (non ECHO-RESPONSE).
Network Connection Test Commands ■ 355 The final statistics, including number of sent packets, number of response packets received, percentage of non-response packets and minimal/maximum/average value of response time. If the network transmission rate is too low to increase the response message timeout. For the related commands, see tracert. Example Check whether the host 202.38.160.244 is reachable. ping 202.38.160.244 ping 202.38.160.244 : 56 data bytes Reply from 202.38.160.
356 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS View This command can be used in the following views: ■ System view Description Remote-ping is a network diagnostic tool used to test the performance of protocols (only ICMP by far) operating on network. It is an enhanced alternative to the ping command. Remote-ping test group is a set of remote-ping test parameters. A test group contains several test parameters and is uniquely identified by an administrator name plus a test tag.
Network Connection Test Commands 357 Destination ip address:10.10.10.10 Send operation times: 10 Receive response times: 10 Min/Max/Average Round Trip Time: 1/2/1 Square-Sum of Round Trip Time: 13 Last complete test time: 2004-11-25 16:28:55.
358 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS 9 10 1 1 1 1 0 0 2004-11-25 16:28:55.9 2004-11-25 16:28:55.9 Table 35 Description on the fields of the display remote-ping history command Field Description Response Round trip time in ms or timeout time. It is 0 if the test fails.
Network Connection Test Commands 359 Syntax remote-ping-agent enable undo remote-ping-agent enable Parameters None Example Enable remote-ping client. [S5500] remote-ping-agent enable View This command can be used in the following views: ■ System view Description You can perform a test only after the remote-ping client function is enabled.
360 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Description Use the tracert command to check the reachability of network connection and troubleshoot the network. User can test gateways passed by the packets transmitted from the host to the destination. By default, when the parameters are not specified, first-TTL is 1, max-TTL is 30, port is 33434, nqueries is 3 and timeout is 5s.
Log Commands Log Commands display channel 361 This section displays the logging options available on your Switch 4500. Syntax display channel [ channel-number | channel-name ] View All views Parameter channel-number: Channel number, ranging from 0 to 9, that is, the system has ten channels. channel-name: Specify the channel name, the name can be console, monitor, loghost, trapbuffer, logbuffer, snmpagent, channel6, channel7, channel8, channel9.
362 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS For the related commands, see info-center enable, info-center loghost, info-center logbuffer, info-center console channel, info-center monitor channel. Example Show the system log information. display info-center Information Center: enabled Log host: 173.168.1.
Log Commands 363 Example Rename channel 0 as execconsole. system-view System View: return to User View with Ctrl+Z. [SW4500]info-center channel 0 name execconsole [SW4500] info-center console channel Syntax info-center console channel { channel-number | channel-name } undo info-center console channel View System view Parameter channel-number: Channel number, ranging from 0 to 9, that is, system has ten channels. channel-name: : Specify the channel name.
364 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Parameter None Description Use the info-center enable command to enable the system log function. Use the undo info-center enable command to disable system log function. By default, system log function is enabled. Only after the system log function is enabled can the system output the log information to the info-center loghost and console, etc.
Log Commands 365 This command takes effect only after the system logging is enabled. For the related commands, see info-center enable, display info-center. Example Send log information to buffer and sets the size of buffer as 50. system-view System View: return to User View with Ctrl+Z.
366 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Example Configure to send log information to the UNIX workstation at 202.38.160.1. system-view System View: return to User View with Ctrl+Z. [SW4500]info-center loghost 202.38.160.
Log Commands 367 channel-name: Specify the channel name. The name can be channel6, channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer. Description Use the info-center monitor channel command to set the channel to output the log information to the user terminal. Use undo info-center monitor channel command to restore the channel to output the log information to the user terminal to the default value.
368 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS System View: return to User View with Ctrl+Z.
Log Commands 369 channel-name: Channel name to be set. The name can be channel6, channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer. state: Set the state of the information. state: Specify the state as on or off. Table 36 Module names in logging information Module name Description 8021X 802.
370 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Table 36 Module names in logging information Module name Description QACL QoS/ACL module QOSF Qos profile module RDS Radius module RM Routing management RMON Remote monitor module RSA Revest, shamir and adleman encryption system RTPRO Routing protocol SHELL User interface SNMP Simple network management protocol SOCKET Socket SSH Secure shell module STP Spanning tree protocol module SYSMIB System MIB module TELNET Telnet module
Log Commands 371 Table 37 Information Channel in Each Output Direction by Default Trap buffer trapbuffer snmp snmpagent In addition, each information channel has a default record with the module name “all” and module number as 0xffff0000. However, for different information channel, the default log, trap and debugging settings in the records may be different with one another. Use default configuration record if a module does not have any specific configuration record in the channel.
372 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS After the forming of a Fabric by switches which support the XRN, the log, debugging and trap information among the switches is synchronous. The synchronization process is as follows: each switch sends its own information to other switches in the Fabric and meantime receives the information from others, and then the switch updates the local information to ensure the information coincidence within the Fabric.
Log Commands 373 Example Configure the debugging information timestamp format as boot. system-view System View: return to User View with Ctrl+Z. [SW4500]info-center timestamp debugging boot [SW4500] info-center trapbuffer Syntax info-center trapbuffer [ size buffersize ] [ channel { channel-number | channel-name } ] undo info-center trapbuffer [ channel | size ] View System view Parameter size: Configure the size of the trap buffer. buffersize: Size of trap buffer (numbers of messages).
374 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS View User view Parameter None Description Use the reset logbuffer command to clear information in log buffer. Example Clear information in log buffer. reset logbuffer reset trapbuffer Syntax reset trapbuffer View User view Parameter None Description Use the reset trapbuffer command to clear information in trap buffer. Example Clear information in trap buffer.
Log Commands 375 Example Enable the terminal display debugging. terminal debugging % Current terminal debugging is on terminal logging Syntax terminal logging undo terminal logging View User view Parameter None Description Use the terminal logging command to start logging the information displayed on the terminal. Use the undo terminal logging command to disable terminal log information display. By default, this function is enabled. Example Disable the terminal log display.
376 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS This command only takes effect on the current terminal where the commands are input. The debugging/log/trap information can be output to the current terminal, beginning in user view. When the terminal monitor is shut down, no debugging/log/trap information will be displayed in local terminal, which is equals to having performed the undo terminal debugging, undo terminal logging, undo terminal trapping commands.
SNMP Configuration Commands 377 Parameter local-engineid: local engine ID. remote-engineid: remote engine ID. Description Use the display snmp-agent engineid command to view the engine ID of current device. SNMP engine is the core of SNMP entity. It performs the function of sending, receiving and authenticating SNMP message, extracting PDU, packet encapsulation and the communication with SNMP application, etc. Example Display the engine ID of current device.
378 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Parameter groupname: Group name, ranging from 1 to 32 bytes. Description Use the display snmp-agent group command to display group name, safe mode, state of various views and storage modes. Example Display SNMP group name and safe mode. display snmp-agent group groupname: public Security model: v2c noAuthnoPriv readview:v1default writeview: no writeview specified notifyview: *tv.
SNMP Configuration Commands 379 display snmp-agent mib-view View name:ViewDefault MIB Subtree:snmpUsmMIB Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active View name:ViewDefault MIB Subtree:snmpVacmMIB Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active View name:ViewDefault MIB Subtree:snmpModules.
380 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS 3 0 0 0 0 0 3 Messages passed from the SNMP entity SNMP PDUs which had a tooBig error (Maximum packet size 1500) SNMP PDUs which had a noSuchName error SNMP PDUs which had a badValue error SNMP PDUs which had a general error Response PDUs accepted and processed Trap PDUs accepted and processed The following table describes the output fields.
SNMP Configuration Commands display snmp-agent sys-info 381 Syntax display snmp-agent sys-info [ contact | location | version ]* View All views Parameter None Description Use the display snmp-agent sys-info command to view the system information of SNMP configuration. The information includes the character string sysContact (system contact), the character string describing the system location, the version information about the running SNMP in the system.
382 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS display snmp-agent usm-user User name: hello Group name: hellogroup Engine ID: 800007DB00E0FC0039006877 Storage-type: nonVolatile UserStatus: active Acl:2000 display snmp-proxy unit Syntax display snmp-proxy unit unit-id View Any view Parameter unit-id:Unit ID of the switch. Description Using display snmp-proxy unit command, you can view statistics information of SNMP proxy. Example View statistics information of SNMP proxy on unit 1.
SNMP Configuration Commands 383 Parameter None. Description Use the enable snmp trap updown command to enable the current port to transmit the LINK UP and LINK DOWN trap information. Use the undo enable snmp trap updown command to disable the current port to transmit the LINK UP and LINK DOWN trap information. Example Enable the current port Ethernet1/0/1 to transmit the LINK UP and LINK DOWN trap information. system-view System View: return to User View with Ctrl+Z.
384 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Configure community name as mgr and read-write access permission. system-view System View: return to User View with Ctrl+Z. [SW4500]snmp-agent community write mgr [SW4500] Delete the community name comaccess.
SNMP Configuration Commands 385 3Com recommends that you do not use the notify-view parameter when configuring an SNMP group, for the following reasons: ■ The snmp-agent target-host command automatically generates a notify-view for a user, and adds it to the corresponding group. ■ Any change of the SNMP group notify-view will affect all the users related to this group. Example To create an SNMP group named 3Com, enter the following: system-view System View: return to User View with Ctrl+Z.
386 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS View System view Parameter included: Include this MIB subtree. excluded: Exclude this MIB subtree. view-name: Specify the view name, with a character string, ranging from 1 to 32 characters. oid-tree: MIB object subtree. It can be a character string of the variable OID, or a variable name, ranging from 1 to 255 characters. Description Use the snmp-agent mib-view command to create or update the view information.
SNMP Configuration Commands 387 Example Set the size of SNMP packet to 1042 bytes. system-view System View: return to User View with Ctrl+Z.
388 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS undo snmp-agent target-host host-addr securityname community-string View System view Parameter trap: Specifies the host to receive traps or notifications address: Specifies the transport address to be used in the generation of SNMP messages. udp-domain: Specifies the transport domain over UDP for the target address. host-addr: Enter the IP address of the destination host.
SNMP Configuration Commands 389 [SW4500]snmp-agent target-host trap address udp-domain 2.2.2.2 params securityname comaccess [SW4500] To enable Trap messages to be sent to 2.2.2.2 with a community name of public, enter the following: system-view System View: return to User View with Ctrl+Z. [SW4500]snmp-agent trap enable [SW4500]snmp-agent target-host trap address udp-domain 2.2.2.
390 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Description Use the snmp-agent trap enable command to enable the device to send Trap message. Use the undo snmp-agent trap enable command to disable Trap message sending. By default, Trap message sending is disabled. The snmp-agent trap enable command and the snmp-agent target-host command should be used at the same time. The snmp-agent target-host command specifies which hosts can receive Trap message.
SNMP Configuration Commands snmp-agent trap queue-size 391 Syntax snmp-agent trap queue-size length undo snmp-agent trap queue-size View System view Parameter length: Length of queue, ranging from 1 to 1000; the default length is 100. Description Use the snmp-agent trap queue-size command to configure the information queue length of Trap packet sent to destination host. Use the undo snmp-agent trap queue-size command to restore the default value.
392 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS snmp-agent usm-user Syntax snmp-agent usm-user { v1 | v2c } username groupname [ acl acl-list ] undo snmp-agent usm-user { v1 | v2c } username groupname snmp-agent usm-user v3 username groupname [ authentication-mode { md5 | sha } authpassstring [ privacy-mode { des56 privpassstring }]] [ acl acl-list ] undo snmp-agent usm-user v3 username groupname { local | engineid engine-id } View System view Parameter username: Enter the user name, up to 32 character
SNMP Configuration Commands 393 Use the undo snmp-agent usm-user command to delete a user from an SNMP group. SNMP engineID (for authentication) is required when configuring remote users. This command will not be effective if engineID is not configured. For v1 and v2C, this command will add a new community name. For v3, it will add a new user for an SNMP group. See Related Commands below.
394 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS RMON Configuration Commands display rmon alarm This section describes the Remote Monitoring (RMON) configuration commands available on your Switch 4500. Syntax display rmon alarm [ alarm-table-entry ] View All views Parameter alarm-table-entry: Alarm table entry index. Description Use the display rmon alarm command to view RMON alarm information. For the related commands, see rmon alarm. Example Display the RMON alarm information.
RMON Configuration Commands 395 View All views Parameter event-table-entry: Entry index of event table. Description Use the display rmon event command to view RMON events. The display includes event index in event table, owner of the event, description to the event, action caused by event (log or alarm information), and occurrence time of the latest event (counted on system initiate/boot time in centiseconds). Related command: rmon event. Example Show the RMON event.
396 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS display rmon eventlog 1 Event table 1 owned by 3Com is VALID. Generates eventLog 1.1 at 0days 00h:01m:39s. Description: The 1.3.6.1.2.1.16.1.1.1.4.1 defined in alarm table 1, less than(or =) 100 with alarm value 0. Alarm sample type is absolute. Generates eventLog 1.2 at 0days 00h:02m:27s. Description: The alarm formula defined in private alarm table 1, less than(or =) 100 with alarm value 0. Alarm sample type is absolute.
RMON Configuration Commands Table 43 Output description of the display rmon history command display rmon prialarm Field Description History control table Index number in history control table 3COM Owner VALID The entry corresponding to the index is valid Samples interface The sampled interface Sampling interval Sampling interval buckets Records in history control table dropevents Dropping packet events octets Sent/received octets in sampling time packets Packets sent/received in sampli
398 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Table 44 Output description of the display rmon prialarm command Field Description Prialarm table 1 Index of extended alarm entry. owned by 3COM Creator of the extended alarm entry. VALID The entry corresponding to the index is valid Samples absolute value Sampling the absolute value of the node 1.3.6.1.2.1.16.1.1.1.4.1 Rising threshold Rising threshold.
RMON Configuration Commands 399 Table 45 Output description of the display rmon statistics command rmon alarm Field Description Interface Port 3Com Owner VALID The entry corresponding to the index is valid octets Received/Sent octets in sampling time packets Packets received/sent in sampling time broadcast packets Number of broadcast packets multicast packets Number of multicast packets undersized packets Number of undersized packets oversized packets Number of oversized packets frag
400 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS falling-threshold threshold-value2: Falling threshold, ranging from 0 to 2147483647. event-entry2: Event number corresponding to the falling threshold, ranging from 0 to 65535. owner text: Specifies the creator of the alarm. Length of the character string ranges from 1 to 127. Description Use the rmon alarm command to add an entry to the alarm table. Use the undo rmon alarm command to delete an entry from this table.
RMON Configuration Commands 401 owner rmon-station: Name of the network management station that creates this entry. The length of the character string ranges from 1 to 127. Description Use the rmon event command to add an entry to the event table. Use the undo rmon event command to delete an entry from this table. Event management of RMON defines the way to deal with event number and event-log, send trap message or log while sending trap message.
402 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS [SW4500]interface Ethernet1/0/1 [SW4500-Ethernet1/0/1]undo rmon history 15 [SW4500-Ethernet1/0/1] rmon prialarm Syntax rmon prialarm entry-number alarm-var [ alarm-des ] sampling-timer { delta | absolute | changeratio } rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 entrytype { forever | cycle cycle-period } [ owner text ] undo rmon prialarm entry-number View System view Parameter entry-number: Specifies th
NTP Configuration Commands 403 The number of instances can be created in the table depends on the hardware resource of the product. Example Delete line 10 from the extended RMON alarm table. system-view System View: return to User View with Ctrl+Z.
404 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS display ntp-service sessions ■ Execute either ntp-service unicast-server, ntp-service unicast-peer, ntp-service broadcast-client, ntp-service broadcast-server, ntp-service multicast-client, and ntp-service multicast-server commands to enable the NTP feature and open UDP port 123 at the same time. ■ Use the undo form of one of the above six commands to disable all implementation modes of the NTP feature and close UDP port 123 at the same time.
NTP Configuration Commands 405 Table 46 Description on the fields of the display ntp-service sessions command disper display ntp-service status Maximum offset of the local clock relative to the reference clock Syntax display ntp-service status View Any view Parameter None Description Use the display ntp-service status command to display the status of NTP services. Example # View the status of the local NTP service.
406 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Table 47 Description on fields of the display ntp-service status command display ntp-service trace Field Description Reference time Reference timestamp Syntax display ntp-service trace View Any view Parameter None Description Use the display ntp-service trace command to display the brief information of each NTP time server along the time synchronization chain from the local device to the reference clock source.
NTP Configuration Commands 407 server: Allows time request and query on the local NTP server. The local clock cannot be synchronized to the remote server. synchronization: Allows only time request on the local NTP server. query: Allows only query on the local NTP server. acl-number: Basic access control list (ACL) number, in the range of 2000 to 2999. Description Use the ntp-service access command to set the access control right to the local NTP server.
408 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Description Use the ntp-service authentication enable command to enable the NTP authentication. Use the undo ntp-service authentication enable command to disable the NTP authentication. By default, the NTP authentication is disabled. Example Enable the NTP authentication. system-view System View: return to User View with Ctrl+Z.
NTP Configuration Commands ntp-service broadcast-client 409 Syntax ntp-service broadcast-client undo ntp-service broadcast-client View VLAN interface view Parameter None Description Use the ntp-service broadcast-client command to configure an Ethernet switch to operate in the NTP broadcast client mode and receive NTP broadcast messages through the current interface. Use the undo ntp-service broadcast-client command to remove the configuration. By default, no switch operates in the broadcast client mode.
410 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Description Use the ntp-service broadcast-server command to configure an Ethernet switch to operate in the NTP broadcast server mode and send NTP broadcast messages through the current interface. Use the undo ntp-service broadcast-server command to remove the configuration. By default, no Ethernet switch operates in the NTP broadcast server mode.
NTP Configuration Commands 411 undo ntp-service max-dynamic-sessions View System view Parameter number: Maximum number of the NTP sessions that can be established locally. This argument ranges from 0 to 100. Description Use the ntp-service max-dynamic-sessions command to set the maximum number of NTP sessions that can be established locally. Use the undo ntp-service max-dynamic-sessions command to restore the default. By default, up to 100 dynamic NTP sessions can be established locally.
412 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Example Configure the switch to receive NTP multicast messages through Vlan-interface1, with the multicast IP address being 224.0.1.1. system-view System View: return to User View with Ctrl+Z. [SW4500] interface Vlan-interface 1 [SW4500-Vlan-interface1] ntp-service multicast-client 224.0.1.
NTP Configuration Commands ntp-service reliable authentication-keyid 413 Syntax ntp-service reliable authentication-keyid key-id undo ntp-service reliable authentication-keyid key-id View System view Parameter key-id: Authentication key ID, in the range of 1 to 4294967295. Description Use the ntp-service reliable authentication-keyid command to specify an authentication key as a trusted key. If authentication is enabled, a client can only be synchronized to a server that can provide a trusted key.
414 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Use the undo ntp-service source-interface command to remove the configuration. If you do not want the IP addresses of the other interfaces on the local device to be the destination addresses of response messages, you can use this command to specify a specific interface to send all NTP packets. In this way, the IP address of the interface is the source IP address of all NTP messages sent by the local device.
NTP Configuration Commands 415 By default, the local Ethernet switch is not configured as an active NTP peer. If you use remote-ip to specify a remote server as the peer of the local Ethernet switch, the local switch operates in the active peer mode. In this case, the local Ethernet switch and the remote server can be synchronized to each other. Example Configure the local peer to obtain time information from the peer with the IP address 128.108.22.
416 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Use the undo ntp-service unicast-server command to remove the configuration. By default, no Ethernet switch operates in the NTP client mode. The remote server specified by remote-ip serves as the NTP server and the local Ethernet switch serves as the NTP client. The client can be synchronized to the server while the server cannot be synchronized to the client. Example # Configure the local device to be synchronized to the NTP server with the IP address 128.
SSH Terminal Service Configuration Commands SSH Terminal Service Configuration Commands debugging ssh server 417 This section describes the SSH configuration commands available on your Switch 4500. Syntax debugging ssh server { VTY vty-num | all} undo debugging ssh server {VTY vty-num | all} View User View Parameter vty-num: SSH channel to be debugged whose value is dictated by VTY numbers ranging from 0 to 4.
418 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS *0.1481894 SW4500 SSH/8/debugging_msg_send:- 1 -SSH2_MSG_USERAUTH_SUCCESS message sent on VTY 3 *0.1481995 SW4500 SSH/8/msg_rcv_vty:- 1 -SSH_MSG_REQUEST_PTY message received on VTY 3 *0.1482095 SW4500 SSH/8/msg_rcv_vty:- 1 -SSH_MSG_START_SHELL message received on VTY 3 %Apr 2 00:19:42:212 2000 SW4500 SHELL/5/LOGIN:- 1 - Bono(158.101.28.103) in unit1 login *0.1484308 SW4500 SSH/8/msg_rcv_vty:- 1 -SSH_MSG_CHANNEL_DATA message received on VTY 3 *0.
SSH Terminal Service Configuration Commands 419 Key name: SW4500_Host Key type: RSA encryption Key ===================================================== Key code: 308188 028180 A768F212 CDF98303 7D641E14 89BC50AC 6B0B1B82 9EA5E2A1 66164625 A092CA18 7CCBF3BC 74BA2A6F 9A5783F9 D2DD4BE7 F65296BE E8D3AC9C EE35A380 0F626AFA E1B6B9B4 84F25041 EEE8B407 49D4AF18 3D4FB033 D4365AE4 58483507 664D5AE5 0122D602 19E47685 DD49481B 0D443A73 34A0EA6B 24A66472 0BB4A01A 509926D3 0203 010001 Host public key for PEM format co
420 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Example To display all of the RSA public keys currently configured, enter the command display rsa peer-public-key .
SSH Terminal Service Configuration Commands 421 [SW4500]display ssh server status SSH version : 2.0 SSH connection timeout : 60 seconds SSH server key generating interval : 0 hours SSH Authentication retries : 3 times SFTP Server: Disable To display SSH sessions: [SW4500]display ssh server session Conn Ver Encry State Retry VTY 3 2.
422 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Description Use the peer-public-key end command to exit from the public key view and return to the system view. Related commands: rsa peer-public-key, public-key-code begin. Example To quit public key view, enter the following: system-view System View: return to User View with Ctrl+Z.
SSH Terminal Service Configuration Commands 423 [SW4500-ui-vty0-4]protocol inbound ssh To disable the Telnet function of VTY 0 and make it support SSH only: [SW4500]user-interface vty 0 [SW4500-ui-vty0]protocol inbound ssh public-key-code begin Syntax public-key-code begin View Public key edit view Parameter None Description Use the public-key-code begin command to enter the public key edit view and input the public key of the client.
424 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS After this command is performed to end the public key edit procedure, the system will check the validity of the key before saving the input public key. If the public key string contains any illegal character, the system will prompt the failure of the configuration and the configured key will be discarded; otherwise, the key is valid and will be saved to the user public key list. Related command: rsa peer-public-key, public-key-code begin.
SSH Terminal Service Configuration Commands rsa local-key-pair destroy 425 Syntax rsa local-key-pair destroy View System view Parameter None Description Use the rsa local-key-pair destroy command to destroy all the RSA key pairs of the server, including the host keys and server keys. Related command: rsa local-key-pair create. Example To destroy all the RSA key pairs of the server, enter the following: [SW4500]rsa local-key-pair destroy % The name for the keys which will be destroyed is SW4500_Host .
426 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS View System view Parameter times: Specifies authentication retry times, in the range of 1~5. Description Use the ssh server authentication-retries command to define SSH authentication retry times value, which takes effect at next logon. Use the undo ssh server authentication-retries command to restore the default retry value. By default, it is 3. Related command: display ssh server.
SSH Terminal Service Configuration Commands 427 View System view Parameter username: A valid SSH username, which is a string consisting of 1 to 80 characters. keyname: A name of the client public key which is a string consisting of 1 to 54 characters. Description Use the ssh user username assign rsa-key command to assign an existing public key for the specified SSH user. Use the undo ssh user username assign rsa-key command to delete the association.
428 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Use the undo ssh user username authentication-type command to restore the default mode in which logon fails. By default, user cannot logon to the Switch through SSH or TELNET, you need to specify the authentication type for a new user. The new configuration takes effects at the next logon. Related commands: display ssh user-information.
SSH Client Configuration Commands 429 Parameter None Description Use the peer-public-key end command to exit from the public key view and return to the system view. Related commands: rsa peer-public-key, public-key-code begin.
430 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS [SW4500-key-code]BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125 [SW4500-key-code]public-key-code end [SW4500-rsa-public-key] public-key-code end Syntax public-key-code end View Public key edit view Parameter None Description Use the public-key-code end command to return from the public key edit view to the public key view and save the public key of the server entered.
SSH Client Configuration Commands 431 quit rsa peer-public-key Syntax rsa peer-public-key key-name View System View Parameter key-name: The name of the public key of the server, which is a string consisting of 1 to 64 characters. Description Use the rsa peer-public-key command to enter the public key view. Performing this command, you can enter the public key view. Then you can use the public-key-code begin command to configure the public key of the server on the client.
432 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Description Use the ssh client assign rsa-key command to specify the public key of the server to connect with on the client, so that the client authenticates if the server is trustworthy. Use the undo ssh client assign rsa-key command to cancel the specified relationship with the public key of the server. Example To specify abc as the public key name of the server with IP address 192.168.0.1 on the client, enter the following: [SW4500]ssh client 192.168.0.
SSH Client Configuration Commands 433 [SW4500]ssh client first-time enable ssh2 Syntax ssh2 { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des | aes128 } ] [ prefer_stoc_cipher { des | 3des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] View System View Parameter host-ip: IP address of the server. host-name: The name of the server.
434 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS md5_96: HMAC algorithm hmac-md5-96. Description Use the ssh2 command to enable the connection between the SSH client and the server, and specify the preferred key exchange algorithm, encryption algorithm and HMAC algorithm of the client and the server. Example To log in to the remote SSH2 server with the IP address 10.214.50.
SFTP Server Configuration Commands SFTP Server Configuration Commands sftp server enable 435 This section describes the SFTP server configuration commands available on your Switch 4500. Syntax sftp server enable undo sftp server View System View Parameter None Description Use the sftp server enable command to start the SFTP server. Use the undo sftp server command to shutdown the SFTP server. By default, the SFTP server is shutdown.
436 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Description Use the ssh user service-type command to specify the service type for a particular user. Use the undo ssh user service-type command to restore the default service type. By default, the service type is stelnet.
SFTP Client Configuration Commands 437 Parameter remote-path: The name of a path on the server. Description Use the cd command to change the current path on the SFTP server. If you do not specify the remote-path argument, the current path will be displayed. Example To change the current path to d:/temp, enter the following: sftp-client>cd d:/temp cdup Syntax cdup View SFTP Client View Parameter None Description Use the cdup command to change the current path to its upper directory.
438 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS Example To delete the file temp.c from the server, enter the following: sftp-client>delete temp.c dir Syntax dir[remote-path] View SFTP client view Parameter remote-path:The name of the directory to view. Description Use the dir command to view the files in the specified directory. If remote-path is not specified, the files in the current directory will be displayed. This command has the same functionality as the ls command.
SFTP Client Configuration Commands 439 Example To terminate the connection with the remote SFTP server, enter the following: sftp-client>exit [SW4500] get Syntax get remote-file [ local-file ] View SFTP client view Parameter remote-file: The name of a file on the remote SFTP server. local-file: The name of a local file. Description Use the get command to download a file from the remote server and save it locally.
440 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS sftp-client>help get get remote-path [local-path] Download file Default local-path is the same with remote-path ls Syntax ls [ remote-path ] View SFTP client view Parameter remote-path: The name of the directory to view. Description Use the ls command to view the files in the specified directory. If remote-path is not specified, the files in the current directory will be displayed. This command has the same functionality as the dir command.
SFTP Client Configuration Commands put 441 Syntax put local-file [ remote-file ] View SFTP client view Parameter local-file: The name of a local file. remote-file: The name of a file on the remote SFTP server. Description Use the put command to upload a local file to the remote SFTP server. By default, if the name of the file on the remote server is not specified, it is assumed that the file on the remote server has the same name as the local file. Example To upload local file temp.
442 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS View SFTP client view Parameter None Description Use the quit command to terminate the connection with the remote SFTP server and return to the System view. This command has the same functionality as the bye and exit commands. Example To terminate the connection with the remote SFTP server, enter the following: sftp-client>quit [SW4500] remove Syntax remove remote-file View SFTP client view Parameter remote-file: The name of a file on the server.
SFTP Client Configuration Commands 443 newname: New file name. Description Use the rename command to change the name of the specified file on the SFTP server. Example To change the name of the file temp1 on the SFTP server to temp2, enter the following: sftp-client>rename temp1 temp2 rmdir Syntax rmdir remote-path View SFTP client view Parameter remote-path: The name of a directory on the remote SFTP server. Description Use the rmdir command to delete the specified directory from the SFTP server.
444 CHAPTER 12: USING SYSTEM MANAGEMENT COMMANDS prefer_kex: Preferred key exchange algorithm, which can be either diffie-hellman-group1-sha1 or diffie-hellman-group-exchange-sha1. dh_group1: Key exchange algorithm diffie-hellman-group1-sha1, which is default algorithm. dh_exchange_group: Key exchange algorithm diffie-hellman-group-exchange-sha1. prefer_ctos_cipher: Preferred encryption algorithm from the client to the server. The default algorithm is aes128.
13 CONFIGURING PASSWORD CONTROL This chapter describes how to use the following password control commands: display password-control ■ display password-control ■ display password-control blacklist ■ display password-control super ■ password ■ password-control ■ password-control enable ■ password-control super ■ reset password-control history-record ■ reset password-control history-record super ■ reset password-control blacklist Syntax display password-control View Any view Parameter
446 CHAPTER 13: CONFIGURING PASSWORD CONTROL Table 48 describes the output fields of the display password-control command.
447 Description Use the display password-control super command to display the information about the password control for super passwords, including the password aging time and the minimum password length. Example # Display the information about the password control for super passwords.
448 CHAPTER 13: CONFIGURING PASSWORD CONTROL View System view Parameter ■ aging-time: Password aging time. It ranges from 1 day to 365 days and defaults to 90 days. ■ length: Minimum password length. It ranges from 4 characters to 32 characters and defaults to 10 characters. ■ login-times: Login attempt times allowed for each user. It ranges from 2 to 10 and defaults to 3. ■ max-record-num: Maximum number of history records allowed for each user. It ranges from 2 to 10 and defaults to 4.
449 Use the password-control authentication-timeout authentication-timeout command to configure the timeout time for user password authentication. Use the password-control exceed command to configure the procession mode used after password attempt failure. Example # Configure the password aging time of the system login passwords to 100 days. <4500>system-view System View: return to User View with Ctrl+Z.
450 CHAPTER 13: CONFIGURING PASSWORD CONTROL Description Use the following password-control enable commands to enable the various password control functions of the system: ■ Use the password-control aging enable command to enable password aging. ■ Use the password-control length enable command to enable the limitation of the minimum password length. ■ Use the password-control history enable command to enable the history password recording.
451 View System view Parameter ■ aging-time: Aging time for super passwords. It ranges from 1 day to 365 days and defaults to 90 days. ■ min-length: Minimum length for super passwords. It ranges from 4 characters to 16 characters and defaults to 10 characters. Description Use the password-control super command to configure the parameters related with the supper passwords, including the password aging time and the minimum password length.
452 CHAPTER 13: CONFIGURING PASSWORD CONTROL # Delete the history password records of user test <4500> reset password-control history-record username test Are you sure to delete all the history record of user test ?[Y/N] If you input "Y", the system deletes all the history password records of the specified user and gives the following prompt: All historical passwords have been cleared for reset password-control history-record super user test.
453 Use the reset password-control blacklist username username command to delete one specific user entry in the blacklist. Example # Check the user information in the blacklist; as you can see, the blacklist contains three users: test, tes, and test2. <4500>display password-control blacklist USERNAME IP test 192.168.30.25 tes 192.168.30.24 test2 192.168.30.
454 CHAPTER 13: CONFIGURING PASSWORD CONTROL
A Accessing the Bootrom Interface BOOTROM INTERFACE During the initial boot phase of the Switch the following prompt is displayed with a five second countdown timer allowing access to the bootrom: Starting...... ******************************************************* * * SuperStack 4 Switch 4500 50-Port BOOTROM, Version 1.0 * ****************************************************** Copyright 2003-2005 3Com Corporation. All Rights Reserved.
456 APPENDIX A: BOOTROM INTERFACE BOOT 1. 2. 3. 4. 5. 6. 7. 8. 9. 0. MENU Download application file to flash Select application file to boot Display all files in flash Delete file from flash Modify bootrom password Enter bootrom upgrade menu Skip current configuration file Set bootrom password recovery Set switch startup mode Reboot Enter your choice(0-9): 1 Boot Menu Download Application File to Flash The following section describes the various options available in the boot menu.
Boot Menu 457 Enter Option 1 at the prompt to display the following: File Number File Size(bytes) File Name ================================================= 1(*) 4649088 s4h03_01_04s168.app Free Space: 10491904 bytes (*)-with main attribute;(b)-with backup attribute (*b)-with both main and backup attribute Please input the file number to be change: An asterisk (*) indicates the current main boot file. A similar screen will be displayed for the configuration files and the web files.
458 APPENDIX A: BOOTROM INTERFACE File Number File Size(bytes) File Name 4 576218 s4h03_04.web 5 10301 3comoscfg.def 6 10369 3comoscfg.cfg 7 10369 [test.cfg] Free Space: 10460160 bytes The current application file is s4b03_01_04s168.app (*)-with main attribute;(b)-with backup attribute (*b)-with both main and backup attribute Please input the file number to delete: The current application file is name and an * indicates the file in the list.
Boot Menu 459 Are you sure to disable bootrom password recovery? Yes or No(Y/N) n If the bootrom super password is disabled and the bootrom password (set at Boot Menu Option 5) is lost, bootrom access is no longer possible. If access to the bootrom menu is required, the Switch will need to be returned to 3Com for repair. The super password is a fixed password that is based on the hardware of the Switch.
460 APPENDIX A: BOOTROM INTERFACE Selecting a FTP download 1. 2. 3. 0. Set TFTP protocol parameter Set FTP protocol parameter Set XMODEM protocol parameter Return to boot menu Enter your choice(0-3): 2 Load File name:s4b03_01_04s168.app Switch IP address:10.1.1.200 Server IP address:10.1.1.177 FTP User Name :anonymous FTP User Password :pass Are you sure to download file to flash? Yes or No(Y/N) y Loading.....done Free flash Space: 10456064 bytes Writing flash....
