AX2200S/AX1250S/AX1240S Software Manual Operation Command Reference For Version 2.
Relevant products This manual applies to the models in the AX2200S, AX1250S, and AX1240S series of switches. The manual describes the functionality of software version 2.4 for the AX2200S, AX1250S, and AX1240S switches that is supported by the software OS-LT4, OS-LT3, OS-LT2, and optional licenses.
Location and title Changes MAC-based Authentication The list of operation log messages was modified: show mac-authentication logging In addition to the above changes, minor editorial corrections were made. Ver. 2.
Location and title Changes Ethernet The descriptions of the following commands were changed: show interfaces clear counters show port activate inactivate Link aggregation The descriptions of the following command were changed: show channel-group DHCP snooping A description of AX1250S was added. show ip arp inspection statistics IPv4, ARP, and ICMP A description of AX1250S was added.
Location and title Changes Spanning Tree Protocol The descriptions of the following command were changed: show spanning-tree statistics Ring Protocol This chapter was added. Filters The input format of the following command was changed: show access-filter QoS The input formats of the following commands were changed: show qos-flow show qos queueing Common to Layer 2 Authentication The descriptions of the following command were changed: show authentication logging IEEE802.
Location and title Changes Terminals and Remote Operations The following command was added: ftp Login Security and RADIUS The following command was added: show radius-server Parameters were added to the following command: clear radius-server The descriptions of the following commands were changed: show radius-server summary show radius-server statistics clear radius-server statistics Time Settings and NTP The descriptions of the following commands were changed: set clock set clock ntp
Location and title Changes MAC-based Authentication The descriptions of the following commands were changed: show mac-authentication auth-state show mac-authentication auth-state select-option show mac-authentication logging show mac-authentication Multistep authentication This chapter was added.
Preface Applicable products and software versions This manual applies to the AX2200S, AX1250S, and AX1240S series of switches. The manual describes the functionality of software version 2.4 for the AX2200S, AX1250S, and AX1240S series switches supported by the OS-LT4, OS-LT3, and OS-LT2 and optional licenses. Before you operate the equipment, carefully read the manual and make sure that you understand all instructions and cautionary notes.
Preface Abbreviations used in the manual AC ACK ADSL ALG ANSI ARP AS AUX BGP BGP4 BGP4+ bit/s BPDU BRI CC CDP CFM II Alternating Current ACKnowledge Asymmetric Digital Subscriber Line Application Level Gateway American National Standards Institute Address Resolution Protocol Autonomous System Auxiliary Border Gateway Protocol Border Gateway Protocol - version 4 Multiprotocol Extensions for Border Gateway Protocol - version 4 Bits per second (can also appear as bps) Bridge Protocol Data Unit Basic Rate In
Preface CIDR CIR CIST CLNP CLNS CONS CRC CSMA/CD CSNP CST DA DC DCE DHCP DIS DNS DR DSAP DSCP DTE DVMRP E-Mail EAP EAPOL EFM ES FAN FCS FDB FQDN FTTH GBIC GSRP HMAC IANA ICMP ICMPv6 ID IEC IEEE IETF IGMP IP IPCP IPv4 IPv6 IPV6CP IPX ISO ISP IST L2LD LAN LCP LED LLC LLDP LLQ+3WFQ LSP LSP LSR MA MAC Classless Inter-Domain Routing Committed Information Rate Common and Internal Spanning Tree ConnectionLess Network Protocol ConnectionLess Network System Connection Oriented Network System Cyclic Redundancy Check
Preface MC MD5 MDI MDI-X MEP MIB MIP MRU MSTI MSTP MTU NAK NAS NAT NCP NDP NET NLA ID NPDU NSAP NSSA NTP OADP OAM OSPF OUI packet/s PAD PAE PC PCI PDU PICS PID PIM PIM-DM PIM-SM PIM-SSM PoE PRI PS PSNP QoS RA RADIUS RDI REJ RFC RIP RIPng RMON RPF RQ RSTP SA SD SDH SDU SEL SFD SFP SMTP SNAP IV Memory Card Message Digest 5 Medium Dependent Interface Medium Dependent Interface crossover Maintenance association End Point Management Information Base Maintenance domain Intermediate Point Maximum Receive Unit Mu
Preface SNMP SNP SNPA SPF SSAP STP TA TACACS+ TCP/IP TLA ID TLV TOS TPID TTL UDLD UDP ULR UPC UPC-RED VAA VLAN VRRP WAN WDM WFQ WRED WS WWW XFP Simple Network Management Protocol Sequence Numbers PDU Subnetwork Point of Attachment Shortest Path First Source Service Access Point Spanning Tree Protocol Terminal Adapter Terminal Access Controller Access Control System Plus Transmission Control Protocol/Internet Protocol Top-Level Aggregation Identifier Type, Length, and Value Type Of Service Tag Protocol Iden
Preface VI
Contents Preface .............................................................................................................................................. I Part 1: Reading the Manual ............................................................................................................ 1 1. Reading the Manual .................................................................................................................... 1 Command description format ............................................
Contents show environment ................................................................................................................... 81 reload ...................................................................................................................................... 86 show tech-support ................................................................................................................... 88 backup ..............................................................................
Contents show spanning-tree statistics .................................................................................................. 251 clear spanning-tree statistics ................................................................................................... 258 clear spanning-tree detected-protocol..................................................................................... 259 show spanning-tree port-count ..............................................................................
Contents 26. Web Authentication .................................................................................................................. 369 set web-authentication user .................................................................................................... 370 set web-authentication passwd ............................................................................................... 372 set web-authentication vlan ......................................................................
Contents remove wol-device name [OP-WOL]....................................................................................... 513 show wol-device name [OP-WOL] .......................................................................................... 515 commit wol-device [OP-WOL] ................................................................................................. 519 store wol-device [OP-WOL] ....................................................................................................
Contents Part 12: Management of Neighboring Device Information .......................................................... 637 36. LLDP .......................................................................................................................................... 637 show lldp.................................................................................................................................. 638 clear lldp ...............................................................................
Part 1: Reading the Manual 1.
1 Reading the Manual Command description format Each command is described in the following format: Function Describes the purpose of the command. Syntax Defines the input format of the command. The format is governed by the following rules: 1. Parameters for setting values or character strings are enclosed in angle brackets (<>). 2. Characters that are not enclosed in angle brackets (<>) are keywords that must be typed exactly as they appear. 3. {A|B} indicates that either A or B must be selected.
1 Reading the Manual Response messages Lists the response messages that can be displayed after execution of the command. Note that the error messages displayed by entry-error detection function are not described here. For these messages, see 36. Error Messages Displayed When Editing the Configuration in the manual Configuration Command Reference. Notes Provides cautionary information on using the command.
1 Reading the Manual Specifiable values for parameters The following table describes the values that can be specified for parameters. Table 1-2 Specifiable values for parameters Parameter type Description Input example Any character string See List of character codes. hostname K0_LITE_1 Access list name QoS flow list name See List of character codes. Alphabetic characters can be used for the first character, and alphanumeric characters, hyphens (-), underscores (_), and periods (.
1 Reading the Manual file extension. (Example: xx.dat, xx.txt) If you do not use a file extension when specifying a file name, a command execution error might occur. #2: A forward slash is used as the path delimiter. A path name beginning with a forward slash is not allowed. Also, a path name meeting any of the following conditions is not allowed: The path name contains two successive periods (..). The path name contains a period (.).
1 Reading the Manual # Model Interface type Range of values 2 AX1240S-48T2C fastethernet 0/1 to 0/48 gigabitethernet 0/49 to 0/50 How to specify and the range of the specifiable values If is written in parameter input format, use a hyphen (-) or commas (,) in the format to specify multiple ports. You can also specify one port, as when is written as the parameter input format.
1 Reading the Manual List of character codes Character codes are listed in the following table.
1 Reading the Manual Messages displayed by the entry-error detection functionality For error messages output by the entry-error detection function (see 5.2.3 Entry-error detection functionality in the Configuration Guide Vol. 1), see 36. Error Messages Displayed When Editing the Configuration in the manual Configuration Command Reference.
Part 2: Basic Operation 2.
enable enable Changes the command input mode from user mode to administrator mode. In administrator mode, you can execute commands, such as the configure command, which cannot be input from user mode. Syntax enable Input mode User mode Parameters None Example Changes the command input mode from user mode to administrator mode. > enable Press the Enter key. password: ****** # If password authentication is successful, the administrator mode prompt (#) is displayed.
disable disable Changes the command input mode from administrator mode to user mode. Syntax disable Input mode Administrator mode Parameters None Example Changes the command input mode from administrator mode to user mode. # > disable Press the Enter key.
exit exit Ends the current command input mode as follows: 1. If you are in user mode or administrator mode, you are logged out from the device. 2. Ends configuration command mode and returns you to administrator mode. Syntax exit Input mode User mode and administrator mode Parameters None Example 1. Ends administrator mode and logs out from the device. # exit 2. Press the Enter key. End the configuration command mode. (config)# exit Press the Enter key.
logout logout Logs out from the device. Syntax logout Input mode User mode and administrator mode Parameters None Example In administrator mode, log out from the command input mode. # logout login: Press the Enter key.
configure configure Changes the command input mode from administrator mode to configuration command mode when the command input mode is administrator mode, and initiates configuration editing. Syntax configure [terminal] Input mode Administrator mode Parameters terminal Enables editing of the running configuration during operation. Example Change the command input mode from administrator mode to configuration command mode. # configure (config)# Press the Enter key.
3.
set exec-timeout set exec-timeout Sets the idle time (in minutes) for auto-logout (see 4.3 (3) Auto-logout in the Configuration Guide Vol. 1). Syntax set exec-timeout [save] Input mode User mode and administrator mode Parameters Specifies the time for auto-logout in minutes. Specifiable values 0-60 (If 0 is specified, auto logout is not performed.) save Saves the setting of the auto-logout time to the internal flash memory.
set exec-timeout Target set exec-timeout Default logout time Console Y (0-60 minutes) 30 minutes Telnet server Y (0-60 minutes) 30 minutes FTP server N 30 minutes Legend Y: Supported; N: Not supported Executing the show running-config command does not display this command setting. Executing the show system command will display the saved setting in the System Setting item.
set terminal pager set terminal pager Specifies whether to perform paging (see 5.2.6 Paging in the Configuration Guide Vol. 1). Syntax set terminal pager {enable | disable} [save] Input mode User mode and administrator mode Parameters { enable | disable } enable Paging is performed. disable Paging is not performed. Operation when this parameter is omitted: This parameter cannot be omitted. save Saves the paging setting to the internal flash memory.
telnet telnet Connects via Telnet, as a Telnet client, to the remote host that has the specified IP address. Syntax telnet Input mode User mode and administrator mode Parameters Specifies an IP address. Operation when this parameter is omitted: This parameter cannot be omitted. Example 1. Access the remote host whose IP address is 192.168.0.1 via Telnet. > telnet 192.168.0.1 Press the Enter key.
telnet 20 To break the attempted connection, press the Ctrl+Shift+6 keys and then the B key. Other escape sequences are not supported. This command sends the input key codes to the login destination host without making any modifications. Therefore, the key code used on the terminal on which this command is entered must be the same as the key code recognized by the destination host. If they are different, the command will not operate correctly.
ftp ftp Transfers files between the Switch and a remote operation terminal connected via TCP/IP. Syntax ftp Input mode User mode and administrator mode Parameters Specifies the IP address of the remote operation terminal. Operation when this parameter is omitted: This parameter cannot be omitted. Example Logs in to the remote operation terminal whose IP address is 192.168.0.1. > ftp 192.168.0.1 Press the Enter key.
ftp Parameter type Description Number of characters mget You can use alphanumeric characters, hyphens (-), underscores (_), periods (.), asterisks (*), and question marks (?). If the character string includes a question mark (?), enclose the entire character string in double quotation marks ("). See Base name under File name in Specifiable values for parameters.
ftp cd Changes the current directory on the remote operation terminal to . chmod Changes the attribute of the file specified for on the remote operation terminal to the attribute specified for . delete Deletes on the remote operation terminal. help [] Displays Help for the command specified by the argument . If no argument is specified, a list of available commands is displayed.
ftp rename Changes the name of a file on the remote operation terminal from to . rmdir Deletes a directory on the remote operation terminal. status Displays the current FTP status. verbose Enables (on) or disables (off) the display of the detailed response information from the FTP server. The default is enabled (on).
ftp Message Description Error: Invalid file name "". The file name is invalid (for example, an invalid character string was used). :The specified file name Error: Invalid parameter. An entered parameter was invalid. Error: Is a directory "". The specified is a directory. :The specified file name Error: Missing parameter. A parameter is missing. Error: Reply receive failed. A communication error occurred.
ftp 26 3. A local directory on the Switch can be moved only to /ramdisk. 4. A local file on the Switch can be sent to or received from /ramdisk only. 5. If the default file transfer format is ASCII, you will need to execute the binary command to enable the transfer of binary files. 6. If you press Ctrl+C while a file is being transferred with a get or put command, the file transfer is immediately interrupted.
line console speed line console speed Specifies the communication speed of CONSOLE (RS-232C). If a user has already logged in from CONSOLE (RS-232C) when the communication speed is changed, the speed changes immediately. If the communication speed is changed from a remote operation terminal while login authentication for a user who is trying to log in from CONSOLE (RS-232C) is in progress, the authentication might fail.
line console speed while login authentication for a user who is trying to log in from CONSOLE (RS-232C) is in progress, the authentication might fail. 28 For login to the Switch from CONSOLE (RS-232C) and via Telnet, if the Telnet side changes the communication speed with this command and then logs out, the CONSOLE (RS-232C) communication speed also changes, disabling communication from CONSOLE (RS-232C). Executing the show running-config command does not display this command setting.
trace-monitor trace-monitor Specifies whether to display the operation log on the monitor. When this command is entered with the enable parameter specified, the operation log is displayed on the console whenever necessary each time an event occurs. Syntax trace-monitor {enable | disable} [save] Input mode User mode and administrator mode Parameters { enable | disable } enable The operation log is displayed on the monitor. disable The operation log is not displayed on the monitor.
trace-monitor System Setting item. 30 After execution of the trace-monitor enable command, if an operation log is too large to be displayed on the monitor, the message WARNING !! There are too many messages to output. appears.
4.
show running-config show running-config Displays the running configuration. Syntax show running-config Input mode Administrator mode Parameters None Example None Display items None Impact on communication None Response messages Table 4-1 List of response messages for the show running-config command Message Description Can't execute. The command could not be executed. Re-execute the command. CAUTION!!! This configuration list is too big!!! (xxxxxxx byte) x:Indicates the size of running-config.
show startup-config show startup-config Displays the startup configuration file used at device startup.
copy copy Copies the specified file or directory.
copy mc { | } ramdisk { | } Copies a file or directory on the memory card to the RAMDISK. ramdisk startup-config Copies a file on the RAMDISK to the startup configuration file. A directory on the RAMDISK cannot be specified. ramdisk { | } mc { | } Copies a file or directory on the RAMDISK to the memory card.
copy Message Description Can't access to MC by write protection. Make sure the memory card's protect switch is not set to Lock. If the switch is set to Lock, move it to the opposite side, and then insert the memory card again. Make sure there is no dust in the memory card slot. If there is dust, remove it with a dry cloth and then insert the memory card again. Can't copy subdirectory. Subdirectories cannot be copied. File name length exceeds the limit.
copy file names (including their path names) are the same When both the copy source and the copy destination are the RAMDISK and the file names (including their path names) are the same Example: When the mc mc command is executed: copy mc aaa mc aaa Not allowed copy mc bbb/xxx mc bbb/xxx Not allowed copy mc bbb/xxx mc bbb/yyy OK If there are any subdirectories in the copy source directory, an error occurs.
erase startup-config erase startup-config Deletes the contents of the startup configuration file. Syntax erase startup-config Input mode Administrator mode Parameters None Example #erase startup-config Do you wish to erase startup-config? (y/n): y # Display items None Impact on communication None Response messages None Notes If you restart the device after executing this command, the contents of the startup configuration file will be deleted.
rename rename Renames a file on the memory card or the RAMDISK. Syntax rename {mc | ramdisk} { | } Input mode User mode and administrator mode Parameters {mc | ramdisk} mc Specifies a file on the memory card. ramdisk Specifies a file on the RAMDISK. Operation when this parameter is omitted: This parameter cannot be omitted. { | } Specifies the old file name. Specify the file name with 64 or fewer characters.
rename Impact on communication None Response messages Table 4-3 List of response messages for the rename command Message Description Can't execute. The command could not be executed. Re-execute the command. The possible causes are as follows: - The file name is incorrect. - The file was not found. - The memory card might be damaged. - The file system might be damaged. MC is not inserted. A memory card was not inserted. Can't access to MC by write protection.
del del Deletes a file on the memory card or the RAMDISK. Syntax del {mc | ramdisk} Input mode User mode and administrator mode Parameters {mc | ramdisk} mc Specifies a file on the memory card. ramdisk Specifies a file on the RAMDISK. Operation when this parameter is omitted: This parameter cannot be omitted. Specifies the name of the file to be deleted. Example Delete the file showtech_01 on the memory card. > del mc abc/showtech_01.txt Press the Enter key.
del Message Description Can't access to MC by write protection. Make sure the memory card's protect switch is not set to Lock. If the switch is set to Lock, move it to the opposite side, and then insert the memory card again. Make sure there is no dust in the memory card slot. If there is dust, remove it with a dry cloth and then insert the memory card again. Notes 42 If a file on the memory card is specified, the command can be executed only when the memory card is inserted.
mkdir mkdir Creates a new directory. Syntax mkdir {mc-dir | ramdisk} Input mode User mode and administrator mode Parameters {mc-dir | ramdisk} mc-dir Creates a directory on a memory card. ramdisk Creates a directory on the RAMDISK. Specifies the name of the directory to be created. Specify the directory name with 64 or fewer characters. For the characters that can be specified, see Specifiable values for parameters.
mkdir Message Description Can't access to MC by write protection. Make sure the memory card's protect switch is not set to Lock. If the switch is set to Lock, move it to the opposite side, and then insert the memory card again. Make sure there is no dust in the memory card slot. If there is dust, remove it with a dry cloth and then insert the memory card again. MC is not inserted. A memory card was not inserted. Notes 44 The mc-dir parameter cannot be used when a memory card is not inserted.
rmdir rmdir Deletes a specified empty directory. Syntax rmdir {mc-dir | ramdisk} Input mode User mode and administrator mode Parameters {mc-dir | ramdisk} mc-dir Deletes a directory on the memory card. ramdisk Deletes a directory on the RAMDISK. Specifies the name of the directory to be deleted. Example Delete the directory deldir on the memory card. > rmdir mc-dir deldir Press the Enter key. Delete the directory deldir on the RAMDISK.
rmdir Notes 46 The mc-dir parameter cannot be used when a memory card is not inserted. When the mc-dir parameter is specified, the ACC LED is on while the command is being executed. Do not remove or insert the memory card while the ACC LED is on. If there is a file in the specified directory, an error occurs. For details about deleting a file, see the description of the del command.
5.
password password Only the password of the logged-in user can be changed. The operation differs depending on the command input mode as follows: 1. In user mode, only the login user password can be changed. 2. In administrator mode, the login user password and the password for enable mode can be changed. Syntax password password enable-mode Input mode User mode and administrator mode Parameters enable-mode In administrator mode, a password for enable mode can be set.
password Response messages Table 5-1 List of response messages for the password command Message Description Mismatch; try again. The new password and the re-entered password are not the same. Re-enter both passwords. Password unchanged. The password change was canceled. Password: Permission denied. The password change is not allowed. Please don't use an all-lower case password. Unusual capitalization, control characters or digits are suggested.
clear password clear password Clears the user login password. The operation differs depending on the command input mode as follows: 1. In user mode, only the login user password can be deleted. 2. In administrator mode, the login user password and the password for enable mode can be deleted. Syntax clear password clear password enable-mode Input mode User mode and administrator mode Parameters enable-mode In administrator mode, a password for enable mode can be deleted.
clear password Notes When a password is deleted in administrator mode, the old password is not displayed.
show sessions(who) show sessions(who) Display the users currently logged in to the Switch. Syntax show sessions who Input mode User mode and administrator mode Parameters None Example Display the users currently logged in to the Switch. > show sessions Date 2008/11/25 13:42:29 UTC Username Type Login *operator console 2008/11/22 00:44:23 web0010 vty0 2008/11/25 13:36:09 Source 192.168.10.
rename user rename user Changes the initial user name operator to another name. Syntax rename user Input mode Administrator mode Parameters None Example Initial user name operator # rename user Changing username.--- The login user name is displayed. Old username:operator --- Enter the current user name. New username:ax12-1 --- Enter a new user name.
show radius-server show radius-server Displays the effective RADIUS server information set on the Switch. Syntax show radius-server Input mode User mode and administrator mode Parameters None Example Figure 5-2 Displaying the RADIUS server information > show radius-server Date 2009/10/29 05:13:12 UTC [Authentication] IP address Port * 192.168.0.251 1812 192.168.0.252 1812 192.168.0.253 1812 192.168.0.254 1812 192.168.11.1 1812 [Accounting] IP address Port * 192.168.0.251 1813 192.168.0.
show radius-server IP address 192.168.0.251 192.168.0.252 192.168.0.253 * 192.168.0.254 Port 1812 1812 1812 1812 Timeout 5 5 5 5 Retry 3 3 3 3 Remain 541 > Display items Table 5-5 Information displayed for the RADIUS server Item Meaning Displayed information Server type common: General-use RADIUS server dot1x: RADIUS server using IEEE 802.
show radius-server Response messages Table 5-6 List of response messages for the show radius-server command Message Description RADIUS Server is not configured. A RADIUS server has not been configured. Notes An asterisk (*) indicates the RADIUS server to which the next request will be submitted. A request to the RADIUS server is submitted in the order that hosts are set in radius-server. If no response is received from the first RADIUS server, a request is submitted to the next RADIUS server.
clear radius-server clear radius-server Restores the primary RADIUS server as the RADIUS server to which the Switch submits a request. Syntax clear radius-server [{common | dot1x | mac-authentication | web-authentication | group }] [-f] Input mode User mode and administrator mode Parameters {common | dot1x | mac-authentication | web-authentication | group } common Only a general-use RADIUS server can be restored as the primary RADIUS server.
clear radius-server > clear radius-server -f > Display items None Impact on communication None Response messages Table 5-7 List of response messages for the clear radius-server command Message Description RADIUS Server is not configured. A RADIUS server has not been configured. Notes 58 Executing this command does not clear statistics. To clear statistics, use the command clear radius-server statistics.
show radius-server statistics show radius-server statistics Displays statistics about the effective RADIUS server set on the Switch. Syntax show radius-server statistics [summary] Input mode User mode and administrator mode Parameters summary Displays summary information about the RADIUS server. Operation when this parameter is omitted: Statistics about the RADIUS server are displayed.
show radius-server statistics Item Meaning Displayed information [Authentication] Authentication information -- Current Request Number of authentication requests being submitted -- [Tx] Information on sent requests -- Request Total number of sent Access-Request packets Retries are excluded.
show radius-server statistics Item Meaning Displayed information responses Responses Number of sent and received Accounting-Response packets -- Malformed Number of received invalid data format replies -- BadAuth Number of received replies with invalid authenticators -- UnknownType Number of invalid packet types received -- Example 2 Figure 5-5 Displaying a summary of the RADIUS server > show radius-server statistics summary Date 2009/10/29 04:49:05 UTC IP address:192.168.0.
show radius-server statistics Response messages Table 5-10 List of response messages for the show radius-server statistics command Message Description RADIUS Server is not configured. A RADIUS server has not been configured.
clear radius-server statistics clear radius-server statistics Clears the RADIUS server statistics.
clear radius-server statistics 64
6.
set clock set clock Displays and sets the date and time. Syntax set clock <[[[[YY]MM]DD]HH]MM[.SS]> Input mode User mode and administrator mode Parameters YY Specifies the last two digits of the year in the range from 00 to 38 (for example, 00 for the year 2000). MM Specifies the month in the range from 01 to 12. DD Specifies the day of the month in the range from 01 to 31. HH Specifies the hour in the range from 00 to 23. MM Specifies the minute in the range from 00 to 59.
set clock 23:59:59. If you change the Switch's clock, in the statistics on CPU usage collected by the Switch, only the data displayed in seconds will be cleared to zero.
show clock show clock Displays the current date and time. Syntax show clock Input mode User mode and administrator mode Parameters None Displays the current time. Example Enter the following command to display the current time. > show clock Press the Enter key.
set clock ntp set clock ntp Manually obtains the time from the NTP server. Syntax set clock ntp [] Input mode User mode and administrator mode Parameters Specifies the NTP server address. Operation when this parameter is omitted: The NTP server address that is set by using the ntp client server configuration command (primary address) is used.
show ntp-client show ntp-client Displays the NTP client information. Syntax show ntp-client Input mode User mode and administrator mode Parameters None Example Figure 6-2 Displaying the NTP client information > show ntp-client Date 2009/02/23 11:38:05 UTC Last NTP Status NTP-Server : 192.168.7.
show ntp-client Item Displayed information Displayed information Mode NTP client acquisition mode Unicast, Multicast, Broadcast, or Command Lapsed time The amount of time that has elapsed since the time was obtained from the NTP server From 0 to 4294967295 (seconds) Offset Time lag with the NTP server The range of values is from -2147483648 to 2147483647 (seconds).
show ntp-client #1 Status display # Display Status Unicast Multicast Broadcas t Operation commands 1 offset-value Time has been updated normally. Y Y Y Y 2 Timeout Timeout Y -- -- Y 3 Cancel An operation command was executed while the time was being obtained. Y -- -- -- 4 30sRule The time was changed again within 30 seconds of the previous change. Y Y Y Y 5 Error An error occurs due to a condition other than the above.
Part 3: Operating Devices 7.
show version show version Displays the software version and hardware revision installed on the Switch. Syntax show version Input mode User mode and administrator mode Parameters None Example Figure 7-1 Example of the result of executing the show version command > show version Date 2012/06/14 08:23:12 UTC Model: AX2230S-24T S/W: OS-LT4 Ver. 2.
show version Item Display format Meaning H/W Hardware information Displays hardware information. For AX2200S AX-2230-hhhhh [SSS....SSS:R] For AX1250S AX-1250-hhhhh [SSS....SSS:R] For AX1240SY AX-1240-hhhhh [SSS....SSS:R] hhhhh: Hardware model SSS....
show system show system Displays operating status. Syntax show system Input mode User mode and administrator mode Parameters None Example Figure 7-2 Example of the information displayed for normal operation > show system Date 2012/07/06 10:11:19 UTC System: AX1240S-48T2C Ver. 2.4 (Build:yy) Name : AX1240S-48T225 Contact : Locate : Minatomirai Business Square 11F Machine ID : 0012.e210.
show system IP Routing Entry(connected) IP Interface Entry IP ARP Entry MAC-address Table Entry : : : : 4(max 4(max 3(max 16(max entry=128) entry=128) entry=2048) entry=16384) System Layer2 Table Mode : 1 Flow detection mode : layer2-2 Used resources for filter(Used/Max) MAC IPv4 Port 0/1-50 : 0/128 VLAN : 0/128 Used resources for QoS(Used/Max) MAC IPv4 Port 0/1-50 : 0/64 VLAN : 0/64 > Display items Table 7-2 Information displayed by the show system command Item Displayed information Displayed inform
show system Item Displayed information Displayed information for the AX1240S-48T2C model) Temperature Temperature environment status normal: Normal caution: Outside the normal range For details about the temperature value, see the description of the show environment command.
show system Item Displayed information Displayed information set terminal pager Operating status of the set terminal pager command enabled: Enabled disabled: Disabled The saved setting is displayed in parentheses. line console speed Operating status of the line console speed command 1200, 2400, 4800, 9600, or 19200 The saved setting is displayed in parentheses.
show system Item Displayed information Displayed information Used resources for QoS(Used/Max) The number of entries for QoS flow detection conditions and the operating information that are currently registered on the target interface, and the maximum number of specifiable entries -- #1: AX2200S series switches do not support this functionality. #2: Those items are displayed when the memory card status is enabled or write protect.
show environment show environment Displays the fan status, the power unit status, the status of the temperature in the chassis, and the cumulative operating time. Syntax show environment [temperature-logging] Input mode User mode and administrator mode Parameters temperature-logging Displays the temperature history of the target switch. Operation when this parameter is omitted: The environmental status of the switch is displayed.
show environment Item Displayed information Displayed information Mode Fan operation mode -: No fan 1 (silent): Reducing switch noise takes priority. 2 (cool): Keeping the switch cool takes priority. Temperature environment Temperature environment display -- Intake temperature information Converted value of the internal temperature Note, however, it shows - for 60 minutes after the Switch starts.
show environment Figure 7-4 Operating condition level and temperature [AX2200S] Figure 7-5 Operating condition level and temperature [AX1250] Figure 7-6 Operating condition level and temperature [AX1240] #3 When the configuration has not been set up yet, or when the temperature monitoring functionality does not work about 60 minutes after the device started, -/- appears. #4 If the parameter setting is omitted, the default average temperature appears.
show environment 4 hours later (cumulative operating time = 4 hours, time written in the internal flash memory = 0 hours) 8 hours later (cumulative operating time = 8 hours, time written in the internal flash memory = 6 hours) 13 hours later (cumulative operating time = 13 hours, time written in the internal flash memory = 12 hours) Example 2 The following shows an example of displaying the temperature history information.
show environment For the display of temperature history, if the date of the switch is changed, the change is applied at 0:00 on the next day. Because the information items are displayed in the order they are collected, they are not displayed chronologically.
reload reload Restarts the switch. Syntax reload [-f] Input mode User mode and administrator mode Parameters -f Executes the command without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. Example 1. Restarts the switch. > reload 2. Press the Enter key. Display a confirmation message when the reload command is started. Restart OK?(y/n):_ If y is entered, the device is restarted. If n is entered, restarting is canceled.
reload Notes If the memory card has been installed, remove it before restarting the device.
show tech-support show tech-support Collects hardware and software status information required for technical support. Syntax show tech-support [{ page | ramdisk }] Input mode Administrator mode Parameters { page | ramdisk } page Displays a page of the collected information on the console terminal screen. Pressing the Space key displays the next page of information, and pressing the Enter key displays the next line of information.
show tech-support Item Displayed information ########## ########## indicates the name of the command executed to collect the information. The execution result of the indicated command is displayed after this separator. ########## End of ########## A separator that indicates the end of the execution result of the indicated command. indicates the name of the command executed to collect the information.
backup backup Saves information about the running software and device to the memory card. The device information includes password information and the startup configuration file. Syntax backup mc [no-software] [AX2200S] backup mc [no-software] [AX1230] [AX1250S] [AX1240S] Input mode Administrator mode Parameters mc Specifies the memory card as the backup destination. Specifies the name of a file at the copy source or copy destination.
backup Copy file to MC... Backup information success! Example 3 [AX1250S][AX1240S] Save the current device information in AX1230 series switch file format to the MCBackup.dat file on the memory card. > enable Press the Enter key. # backup mc MCBackup.dat no-software AX1230 Backup information to MC (MCBackup.dat). Copy file to MC... Backup information success! Press the Enter key.
backup not be displayed correctly when the show mc-file or show ramdisk-file command is executed. 92 If you execute the backup command with the no-software parameter specified, also specify the no-software parameter when you execute the restore command.
restore restore Restores the device information saved on the memory card to the Switch. Syntax restore mc [no-software] Input mode Administrator mode Parameters mc Specifies the memory card as the location where the image is stored. Specifies the name of a file at the copy source or copy destination. Specify the file name with 64 or fewer characters. The file name is not case sensitive. If a file with the same name already exists at the copy destination, it will be overwritten.
restore Message Description Can't open (). The specified file could not be opened. Specify the correct file name. MC is not inserted. A memory card was not inserted. Restore operation failed. An attempt to restore the device information failed. After execution of the backup command with no-software specified, execution of the restore command might cause this message to be displayed. Also execute the restore command with no-software specified. Not enough space on device.
8.
set power-control schedule set power-control schedule Sets the startup mode for power saving schedule. Syntax set power-control schedule {enable | disable} Input mode User mode and administrator mode Parameters { enable | disable } Sets the startup mode for power saving schedule. enable Sets schedule-enabled mode. disable Sets schedule-disabled mode. Operation when this parameter is omitted: This parameter cannot be omitted. Example Set schedule-disabled mode.
show power-control port show power-control port Displays the operating status of the port power saving functionality. Syntax show power-control port Input mode User mode and administrator mode Parameters None Example Display the status of port power saving control.
show power-control port Item Meaning Displayed information status Port state up: Active (normal operating state). down: Active (a line failure has occurred). #1 inact: The port is inactive The following can cause a port to become inactive: Operation stopped by the inactivate command.
show power-control schedule show power-control schedule Display the current status of the power saving schedule and the dates and times the power saving schedule has been enabled. Syntax show power-control schedule [] [count ] Input mode User mode and administrator mode Parameters The scheduled date and time is displayed from midnight of the day specified here. The specifiable range of values is from January 1, 2000 to January 17, 2038.
show power-control schedule Display items Table 8-3 Information displayed for the operating status of the scheduling functionality Item Meaning Displayed information Current Schedule Status : Power saving schedule status Enable: Power saving is in effect as scheduled. Enable (force disabled):Same as above, except that power saving has been disabled as scheduled. Disable: Normal power control is in effect. Disable (force disabled): Same as above, except that power saving is disabled as scheduled.
9.
format mc format mc Initializes formats the memory card for use by the Switch. Syntax format mc [-f] Input mode User mode and administrator mode Parameters -f Executes the command without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. Example 1. Insert the memory card to be initialized into the slot, and then enter the following command: > format mc 2. Press the Enter key.
format mc Message Description Can't access to MC by write protection. Make sure the memory card's protect switch is not set to Lock. If the switch is set to Lock, move it to the opposite side, and then insert the memory card again. Make sure there is no dust in the memory card slot. If there is dust, remove it with a dry cloth and then insert the memory card again. Notes Executing this command deletes all the data on the memory card.
format flash format flash Initializes the internal flash memory file system. Syntax format flash [-f] Input mode Administrator mode Parameters -f Executes the command without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. Example 1. Enter the following command: # format flash 2. Press the Enter key. Display the message asking for confirmation at the start of format command execution.
format flash Message Description Flash format system error(1). detail=xxxx A system error occurred during initialization of the internal flash memory file system. detail=xxxx: Detailed reason Flash format system error(2). detail=xxxx A system error occurred during initialization of the internal flash memory file system. detail=xxxx: Detailed reason Flash format error. detail=xxxx Initialization of the internal flash memory file system failed.
show mc show mc Displays the memory card format and card usage. Syntax show mc Input mode User mode and administrator mode Parameters None Example > show mc Date 2008/11/13 10:19:51 UTC MC : enable Manufacture ID : 00000003 used 5,750,272 byte free 120,160,256 byte total 125,910,528 byte > Display items Table 9-3 Information displayed by the show mc command Item Displayed information Displayed information MC Memory card status enabled: The memory card can be accessed.
show mc Response messages Table 9-4 List of response messages for the show mc command Message Description Can't execute. The command could not be executed. Re-execute the command. MC : not connect There is no memory card. Notes This command shows both the used and the unused capacity for the file system on the memory card.
show mc-file show mc-file Displays the names and sizes of the files on the memory card. Syntax show mc-file [] Input mode User mode and administrator mode Parameters Displays the contents of the specified directory. If a period (.) is specified as the directory name, the contents of the current directory are displayed.
show mc-file Response messages Table 9-6 List of response messages for the show mc-file command Message Description Can't execute. The command could not be executed. Re-execute the command. The directory could not be found. Check the directory. There is no file. ( MC ) There are no files on the memory card. MC is not inserted. A memory card was not inserted. Some files are not listed due to resource limits. Some files cannot be displayed due to resource limits.
show ramdisk show ramdisk Displays the RAMDISK format and usage.
show ramdisk-file show ramdisk-file Displays the names and sizes of the files on the RAMDISK. Syntax show ramdisk-file [] Input mode User mode and administrator mode Parameters Displays the contents of the specified directory. If a period (.) is specified as the directory name, the contents of the current directory are displayed.
show ramdisk-file Response messages Table 9-10 List of response messages for the show ramdisk-file command Message Description Can't execute. The command could not be executed. Re-execute the command. The directory could not be found. Check the directory. There is no file. ( RAMDISK ) There is no file on the RAMDISK. Some files are not listed due to resource limits. Some files cannot be displayed due to resource limits. Notes 112 Specify the file name with 64 or fewer characters.
10.
show logging show logging Displays the time operation log entries and messages were acquired. All acquired entries are displayed in reverse chronological order. Syntax show logging [] [search ] Input mode User mode and administrator mode Parameters -h Displays log entries with no header information (System Information). System Information indicates the device model and software information.
show logging Figure 10-2 Displayed operation log (when "activate" is specified as a parameter) > show logging search activate Date 2011/03/22 15:49:34 UTC System Information AX1240S-48T2C, OS-LT2, Ver. 2.3 (Build:yy)# Logging Information Total Entry : 15 KEY INFO 11/03/22 15:49:34 console:show logging search activate EVT INFO 11/03/22 15:49:04 PORT Port 0/10 activated. KEY INFO 11/03/22 15:49:04 console:activate fastethernet 0/10 KEY INFO 11/03/22 15:48:59 console:activate fastethernet 0/5 4 events matched.
show logging Notes Log information is acquired in UTC immediately after the device is started. The operation log entries are displayed in reverse chronological order from the latest message or operation (the latest information is displayed at the top). If several log entries are generated at the same time, those log entries might not be displayed in reverse chronological order.
clear logging clear logging Clears the operation log entries recorded by the Switch. Syntax clear logging [-f] Input mode User mode and administrator mode Parameters -f Executes the command without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. Example 1. Clear the operation log entries. > clear logging 2. Press the Enter key. A confirmation message is displayed.
show critical-logging show critical-logging Displays the detailed information regarding device failure log data as log records. Syntax show critical-logging [] [ramdisk] Input mode User mode and administrator mode Parameters Specifies the number of the log record at which display of the detailed information begins. Operation when this parameter is omitted: Log records starting from log number 1 are displayed.
show critical-logging +110 +120 +130 +140 +150 +160 +170 +180 +190 +1A0 : : : : : : : : : : AFF0F000 00000200 00000100 00001E00 19B94081 19C06080 395F3134 2C203231 4275696C 3D33302E : 00000000 00000000 00000300 00001E81 16C80084 903FD880 20536570 3A35363A 643A3134 352C3431 00000000 00000200 00003C00 16F4A881 19C06084 09229C00 20313020 33332031 29205468 2E352C35 00000100 00010000 00003C00 16E7B884 19BB7084 0000312E 32303038 2E392028 65726D6F 302E3000 ................ ................ ..........<...<. .
show critical-logging Notes Before executing the show critical-logging ramdisk command, make sure there are no directories and files on the RAMDISK. If there are any directories or files on the RAMDISK, we recommend that you delete those files before executing this command.
show critical-logging summary show critical-logging summary Displays a list of device failure log entries in reference code format.
show critical-logging summary Response messages Table 10-6 List of response messages for the show critical-logging summary command Message Description No Log data. There is no log information. Notes Log information is acquired in UTC immediately after the device is started.
clear critical-logging clear critical-logging Clears the device failure log entries recorded by the Switch. Syntax clear critical-logging [-f] Input mode User mode and administrator mode Parameters -f Executes the command without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. Example 1. Clear the device failure log entries. > clear critical-logging 2. Press the Enter key. A confirmation message is displayed.
clear critical-logging 124
11.
ppupdate ppupdate Updates flash memory with new software that is copied from the memory card to the RAMDISK, or that is downloaded via FTP or a similar method. Syntax ppupdate [test][no-display][-f] [no-reload] [ramdisk ] Input mode Administrator mode Parameters test Performs a check by simulating command execution. The software is not actually updated. no-display Does not display the message output when the command is executed.
ppupdate administrator mode. Display items None Impact on communication If the no-reload option is not specified, the device is automatically restarted when the update finishes. During the restart, communication is temporarily suspended. Response messages Table 11-1 List of response messages for the ppupdate command Message Description Can't apply this image file. The specified file cannot be used because it is intended for a different device. Can't execute. The command could not be executed.
ppupdate 128
12.
show cpu show cpu Shows CPU usage. Syntax show cpu [days][hours][minutes][seconds] Input mode User mode and administrator mode Parameters days Displays statistics collected daily.Statistics for the past 31 days are displayed. hours Displays statistics collected hourly. Statistics for the past day are displayed. minutes Displays statistics collected by the minute. Statistics for the past hour are displayed. seconds Displays statistics collected by the second.
show cpu Date 03/12 03/12 : 03/12 03/12 Date 0 25 50 75 100[%] Time CPU average CPU peak +----+----+----+----+ 08:31:00-08:31:59 12 94 *** P 08:32:00-08:32:59 10 89 ** P 09:29:00-09:29:59 12 84 *** P 09:30:00-09:30:59 11 57 *** P Time CPU average CPU peak +----+----+----+----+ *** Seconds *** Date Time CPU average 03/12 09:30:56-09:31:05 0 0 11 03/12 09:31:06-09:31:15 16 10 5 03/12 09:31:16-09:31:25 31 5 5 03/12 09:31:26-09:31:35 44 31 5 03/12 09:31:36-09:31:45 21 78 22 03/12 09:31:46-09:31:55 5 5 31 5
show cpu Response messages None Notes 132 Statistics are cleared if the device is restarted, the time zone is changed, or the device enters sleep mode. If the time is changed by using the set clock command or the NTP client, only the statistics collected by the second and every 5 seconds are cleared.
show memory summary show memory summary Displays the installed capacity, used capacity, and free capacity of the device's physical memory. Syntax show memory summary Input mode User mode and administrator mode Parameters None Example Figure 12-3 Example of displaying memory information > show memory summary Date 2009/03/12 09:32:18 UTC Physical memory = 131072KB(128.00MB) Used memory = 100039KB( 97.69MB) Free memory = 31032KB( 30.
show memory summary 134
Part 4: Network Interfaces 13.
show interfaces show interfaces Displays information about an Ethernet interface. Syntax show interfaces gigabitethernet [detail] [AX2200S] show interfaces {fastethernet | gigabitethernet} [detail] [AX1250S] [AX1240S] Input mode User mode and administrator mode Parameters gigabitethernet [AX2200S] Specifies a 10BASE-T/100BASE-TX/1000BASE-T or 1000BASE-X interface. {fastethernet | gigabitethernet} [AX1250S][AX1240S] fastethernet Specify a 10BASE-T or 100BASE-TX interface.
show interfaces Late collision : 0 Defer indication : Single collision : 0 Excessive deferral : Multiple collisions : 0 Excessive collisions : Error frames : 0 CRC errors : 0 Symbol errors : Alignment : 0 Fragments : Short frames : 0 Jabber : Long frames : 0 Error frames : Link down : 0 Switchport backup pairs Preemption Primary Status Secondary Status Delay Limit Port 0/13 Forwarding Port 0/14 Blocking 30 - Flush VLAN
show interfaces 1024-1518 packets : 0 1024-1518 packets : Late collision : 0 Defer indication : Single collision : 0 Excessive deferral : Multiple collisions : 0 Excessive collisions : Error frames : 0 CRC errors : 0 Symbol errors : Alignment : 0 Fragments : Short frames : 0 Jabber : Long frames : 0 Error frames : Link down : 0 Switchport backup pairs Preemption Primary Status Secondary Status Delay Limit Port 0/13 Forw
show interfaces Item Displayed information Detailed information Meaning disable Operation was stopped by using the shutdown or schedule-power-control shutdown interface configuration command. 10BASE-T half 10BASE-T half duplex 10BASE-T half(auto) 10BASE-T half duplex (Line type determined by auto-negotiation.) 10BASE-T full 10BASE-T full duplex 10BASE-T full(auto) 10BASE-T full duplex (Line type determined by auto-negotiation.
show interfaces Item Displayed information #2 Class #2 Priority Detailed information Meaning inact The supply of power has been stopped by an operation command. Displays the current power-class conforming to IEEE 802.3af and IEEE 802.3at standards, or the manual power-allocation. 0 Class0 (15.4 W) 1 Class1 (4.0 W) 2 Class2 (7.0 W) 3 Class3 (15.4 W) 4 Class4 (30.0 W) manual Manual power-supply allocation - -: Disabled Displays the priority of the power supply that has been set.
show interfaces Item Displayed information Detailed information Meaning 1 bit to 1.5 Mbit. If the transferred data is 1.5 Mbit or more, the displayed value is rounded to one decimal place. The frame length used to calculate bps value starts from the MAC header and ends with the FCS field. Average in:bps Displays the average bandwidth (in bps) used on the receiving side of the line for the one minute interval before the command was executed.
show interfaces Item Displayed information Detailed information Frame size #5 Meaning Displays the maximum frame length of a port in octets. The maximum frame length is calculated starting from the MAC header and ending with the DATA/PAD field. For details about frame formats, see the description of frame formats in 13.1.3 Control on the MAC and LLC sublayers in the Configuration Guide Vol. 1. Interface name Displays the name of the interface assigned to the port.
show interfaces Item Displayed information items for send errors Detailed statistical items for receive errors Detailed statistical items for errors Detailed information Meaning Single collision The number of transmissions that were successful after one collision Multiple collisions The number of transmissions that were successful after two or more collisions Defer indication The number of times the initial transmission was delayed because the transmit line was busy Excessive deferral The num
show interfaces Item Displayed information Statistical items for uplink #8 redundancy Detailed information Meaning Startup active port selection Setting of the functionality that permanently assigns the active port at device startup primary only: The functionality that permanently assigns the active port at device startup is enabled. This item is displayed only when this functionality is enabled.
show interfaces also used for recovery.) The standby link functionality of link aggregation makes the standby port the active port. #2: Only the PoE model displays this item. #3: If the displayed value is smaller than 10000, the decimal point is not displayed. If the displayed value is 10000 or larger, the unit is K and one digit is displayed below the decimal point. If the displayed value is 10000 K or larger, the unit is M and one digit is displayed below the decimal point.
show interfaces Figure 13-4 Result of executing the command for displaying detailed information about the 1000BASE-T interface > show interfaces gigabitethernet 0/26 Date 2008/11/17 13:13:17 UTC Port 0/26 : active up 1000BASE-T full(auto) 00ed.f010.
show interfaces SFP connect Time-since-last-status-change: 00:00:17 | Bandwidth: 1000000kbps Average out: 0Mbps Average in: 1Mbps | Peak out: 1Mbps at 11:49:25 Peak in: 1Mbps at 11:50:42 | Output rate: 0bps 0pps | Input rate: 501bps 1pps |2 Flow control send : off | Flow control receive: off | TPID: 8100 | Frame size: 1518 Octets Interface name: gigaether0/25 | Description: Octets : 332 Octets : 6144| All packets : 5 All packets : 96| Multicast
show interfaces Item Displayed information Detailed information Meaning active up Running active down Stopped #1 inactive The port is in the inactive status. The following can cause a port to become inactive: Operation stopped by the inactivate command.
show interfaces Item Displayed information Detailed information Meaning 1000BASE-LH full(auto) 1000BASE-LH full duplex (Line type determined by auto-negotiation.) 1000BASE-BX10-D full 1000BASE-BX-D (10km) full duplex 1000BASE-BX10-U full 1000BASE-BX-U (10km) full duplex 1000BASE-BX40-D full 1000BASE-BX-D (40km) full duplex 1000BASE-BX40-U full 1000BASE-BX-U (40km) full duplex 1000BASE-BX10-D full(auto) 1000BASE-BX-D (10km) full duplex (Line type determined by auto-negotiation.
show interfaces Table 13-4 Display of the detailed information and statistics for a 1000BASE-T/100BASE-FX/1000BASE-X port Item Displayed information Detailed information Meaning Time-since-last-status-change Displays the elapsed time since the last change in status. hh:mm:ss (when the elapsed time is 24 hours or less: hh = hours, mm = minutes, ss = seconds) d.
show interfaces Item Displayed information Detailed information Output rate Input rate #3 Displays the send throughput of the line (in bps and pps) for the one second interval before the command was executed, rounded to two decimal places. The frame length used to calculate bps value starts from the MAC header and ends with the FCS field. #3 Displays the receive throughput of the line (in bps and pps) for the one second interval before the command was executed, rounded to two decimal places.
show interfaces Item Displayed information Detailed information receiving Detailed statistical items for #7 send error Detailed statistical items for receive errors 152 Meaning Multicast packets Number of multicast packets Broadcast packets Number of broadcast packets Pause packets Number of pause packets 64 packets Number of 64-octet packets 65-127 packets Number of 65-to-127-octet packets 128-255 packets Number of 128-to-255-octet packets 256-511 packets Number of 256-to-511-octet pac
show interfaces Item Displayed information Detailed information Meaning Fragments The number of times a short frame (whose length is shorter than 64 octets) is received and an FCS error or an #8 alignment error occurred Jabber The number of times a long frame (whose length exceeds the max frame length) was received and an FCS error or an #8 alignment error occurred Short frames The number of received packets that are #8 shorter than the frame length Long frames The number of received packets tha
show interfaces Item Displayed information Detailed information Preemption Flush Meaning Delay The time value (in seconds) for automatic or timer switch-back - is displayed when this item is not set. Limit The time remaining until a timer switch-back (in seconds) - is displayed when this item is not set. VLAN VLAN to which flush control frames are sent 1 to 4094: Indicates a VLAN ID. untag: No VLAN is specified. -: Send setting is not set.
show interfaces When the Switch starts up When the clear counters command is executed When a device hardware failure occurs For notes on uplink redundancy, see the description of the show switchport backup command.
clear counters clear counters Clears the statistics counter of an Ethernet interface to zero. Syntax clear counters [ gigabitethernet ] [AX2200S] clear counters [{fastethernet | gigabitethernet }] [AX1250S] [AX1240S] Input mode User mode and administrator mode Parameters gigabitethernet [AX2200S] Specifies a 10BASE-T/100BASE-TX/1000BASE-T or 1000BASE-X interface. {fastethernet | gigabitethernet } [AX1250S][AX1240S] fastethernet Specify a 10BASE-T or 100BASE-TX interface.
clear counters the show port statistics or show channel-group statistics command to zero.
show port show port Lists information about the Ethernet ports implemented on the device. Syntax show port {[] | protocol [] | statistics [] [{up | down}] [discard] | transceiver []} Input mode User mode and administrator mode Parameters [] | protocol [] | statistics [] [{up | down}] [discard] | transceiver [] Lists information about the port numbers specified for Ethernet ports in list format.
show port Example 1 Figure 13-6 Example of listing link information for ports > show port Date 2009/10/29 11:33:29 UTC Port Counts: 26 Port Name Status 0/1 fastether0/1 up 0/2 fastether0/2 down 0/3 fastether0/3 down 0/4 fastether0/4 down 0/5 fastether0/5 up 0/6 fastether0/6 down 0/7 fastether0/7 down 0/8 fastether0/8 down 0/9 fastether0/9 down 0/10 fastether0/10 down 0/11 fastether0/11 up 0/12 fastether0/12 down 0/13 fastether0/13 down 0/14 fastether0/14 down 0/15 fastether0/15 down 0/16 fastether0/16 down
show port Item Meaning Displayed information Status Port state up: Active (normal operating state). down: Active (a line failure has occurred).
show port #1: inact is cleared in the following conditions: The port is restored by execution of the activate command. Due to the BPDU guard functionality of the Spanning Tree Protocol The storm control functionality Detection of a unidirectional link failure by the UDLD functionality The L2 loop detection functionality.(The automatic restoration functionality can be also used for recovery.) The standby link functionality of link aggregation makes the standby port the active port.
show port Display items in Example 2 Table 13-6 Explanation of the display of the protocol information list for ports Item Meaning Displayed information Port Counts Number of target ports -- Port Port Interface port number Name Port name Displays the name assigned to a port.
show port Port 0/1 Name fastether0/1 Status up 0/2 fastether0/2 down 0/3 fastether0/3 down 0/4 fastether0/4 down 0/5 fastether0/5 up 0/6 fastether0/6 down 0/7 fastether0/7 down 0/8 fastether0/8 down 0/9 fastether0/9 down 0/10 fastether0/10 down 0/11 fastether0/11 up 0/12 fastether0/12 down 0/13 fastether0/13 down 0/14 fastether0/14 down 0/15 fastether0/15 down 0/16 fastether0/16 down 0/17 fastether0/17 down 0/18 fastether0/18 down 0/19 fastether0/19 down 0/20 fastether0/20 down 0/
show port Display items in Example 3 Table 13-7 Display of the number of sent, received, and discarded packets for ports Item Meaning Displayed information Port Counts Number of target ports -- Port Port Interface port number Name Port name Displays the name assigned to a port. Status Port state up: Active (normal operating state). down: Active (a line failure has occurred).
show port Port Counts: 2 Port: 0/25 Status: connect Type: SFP Vendor name: FINISAR CORP. Vendor PN : FTLF8519P2BNL Tx power : -4.5dBm Port: 0/26 Status: not connect Type: SFP Vendor name: Vendor PN : Tx power : - Speed: 1000BASE-SX Vendor SN : UA12BX3 Vendor rev: A Rx power : -5.
show port #1: If a hyphen (-) is displayed, reconnect the cable. #2: A hyphen (-) is displayed if the status of the transceiver is not connect or not support. If a hyphen (-) is displayed while the transceiver is being connected, re-execute the command, or reconnect the cable. Information is displayed when you re-execute the command. #3: If the optical power is outside the range from −40 to 8.2 dBm, a hyphen (-) is displayed. #4: An error might arise depending on the ambient conditions.
activate activate Returns the status of the Ethernet interface to active from inactive when the inactivate command has been used to set inactive. Syntax activate gigabitethernet [AX2200S] activate {fastethernet | gigabitethernet } [AX1250S] [AX1240S] Input mode User mode and administrator mode Parameters gigabitethernet [AX2200S] Specifies a 10BASE-T/100BASE-TX/1000BASE-T or 1000BASE-X interface.
activate Message Description command. Notes Using this command does not change the startup configuration file that was stored on the internal flash memory.
inactivate inactivate Returns the status of the Ethernet interface to inactive from active without changing the startup configuration file stored in internal flash memory. Syntax inactivate gigabitethernet [AX2200S] inactivate {fastethernet | gigabitethernet } [AX1250S] [AX1240S] Input mode User mode and administrator mode Parameters gigabitethernet [AX2200S] Specifies a 10BASE-T/100BASE-TX/1000BASE-T or 1000BASE-X interface.
inactivate Message Description command. Notes Using this command does not change the startup configuration file that was stored on the internal flash memory. If the device is restarted after command execution, the inactive status is canceled. To re-activate an Ethernet port that has been inactivated by this command, use the activate command.
show power inline [AX2200S][AX1240S] show power inline [AX2200S][AX1240S] Displays the usage of the device and the PoE information for each port so that PoE power can be controlled. Syntax show power inline [] [{on | off | faulty | denied | inact}] [{critical | high | low | never}] Input mode User mode and administrator mode Parameters Lists the PoE information for the port numbers specified in a list format. The range of specifiable values for is 0/1 to 0/24.
show power inline [AX2200S][AX1240S] Note on setting parameters This command can display only the information relevant to the condition applied by a parameter that has been set. If the parameter has not been set, information is displayed with no condition applied. If multiple parameters are specified, information that meets all the conditions will be displayed. Operation when all parameters are omitted: The PoE information for all ports that support PoE is listed.
show power inline [AX2200S][AX1240S] Item Meaning Displayed information device Priority Control Status of priority setting for supplying power to the device enable: Enabled disable: Disabled Table 13-13 Display of the power usage and port information by power supply system Item Meaning Displayed information Threshold(W) Threshold for guaranteeing power controlled by each power supply system The threshold for guaranteeing power of each power supply system is displayed to the tenths place.
show power inline [AX2200S][AX1240S] Item Meaning Displayed information Status Power supply status Displays the PoE status of a port. on: Power is being supplied. off: Power is not being supplied. faulty: Power cannot be supplied to the connected device. denied: Power is not being supplied because there is not enough power. inact: The supply of power has been stopped by an operation command.
show power inline [AX2200S][AX1240S] Threshold(W) : Total Allocate(W) : Total Power(W) : Priority Control : Port Counts : Port Status Priority 0/1 on high 0/2 on high 0/3 on high 0/4 inact high 0/5 on critical 0/6 off high 0/7 off never 0/8 on high 0/9 on low 0/10 off high 0/11 on critical 0/12 off high 0/13 off high 0/14 on high 0/15 off low 0/16 off high 0/17 off high 0/18 off never 0/19 off high 0/20 on high 0/21 off high 0/22 off high 0/23 on high 0/24 off high 370.0 146.6 87.
show power inline [AX2200S][AX1240S] Item Meaning Displayed information - Threshold value Total Power(W) Total power for the entire device Displays the total power for the entire device to the tenths place.
show power inline [AX2200S][AX1240S] Item Meaning Displayed information - 4: Power class Class 4 (30.0 W), which conforms to IEEE 802.3at If manual setting is performed: - manual: The amount of power supplied is assigned manually.
activate power inline [AX2200S][AX1240S] activate power inline [AX2200S][AX1240S] Manually resumes the supply of power. Syntax activate power inline gigabitethernet [AX2200S] activate power inline fastethernet [AX1240S] Input mode User mode and administrator mode Parameters gigabitethernet [AX2200S] Specifies a 10BASE-T/100BASE-TX/1000BASE-T interface. fastethernet [AX1240S] Specify a 10BASE-T or 100BASE-TX interface. Specify an interface port number.
inactivate power inline [AX2200S][AX1240S] inactivate power inline [AX2200S][AX1240S] Manually stops the supply of power. Syntax inactivate power inline gigabitethernet [AX2200S] inactivate power inline fastethernet [AX1240S] Input mode User mode and administrator mode Parameters gigabitethernet [AX2200S] Specifies a 10BASE-T/100BASE-TX/1000BASE-T interface. fastethernet [AX1240S] Specify a 10BASE-T or 100BASE-TX interface. Specify an interface port number.
inactivate power inline [AX2200S][AX1240S] 180
14.
show channel-group show channel-group Link aggregation information is displayed. Syntax show channel-group [{[[channel-group-number] ] [detail] | summary}] Input mode User mode and administrator mode Parameters {[[channel-group-number] ] [detail] | summary} channel-group-number Displays link aggregation information for the channel group numbers specified in list format.
show channel-group 0/4 Up State: Distributing 0/5 Down State: Detached 0/6 Down State: Detached 0/7 Down State: Detached 0/8 Down State: Detached Uplink redundant Switchport backup pairs Primary Status Secondary ChGr 8 Blocking Port 0/24 Status Forwarding Preemption Delay Limit 60 53 Flush VLAN - > Figure 14-2 Example of displaying the link aggregation information for a specific channel group number > show channel-group 8 Date 2008/11/13 10:54:25 UTC ChGr: 8 Mode: LACP CH Status : Up Elapsed Time: 00:0
show channel-group Item Meaning Displayed information Elapsed Time Time the channel group has been up hh:mm:ss (when the elapsed time is less than 24 hours) ddd.hh:mm:ss (when the elapsed time exceeds 24 hours) Over 1000 days (when the elapsed time is more than 1000 days) - is displayed when the channel group status is not Up.
show channel-group Item Meaning Displayed information defined for LACP. Priority System priority Priority of the LACP system ID 1 to 65535 can be specified as the priority value (1 indicates the highest priority). MAC MAC address MAC address Key Group key 0 to 65535 Port Information Information about the ports managed by the channel group is displayed.
show channel-group Item Preemption Flush Meaning Displayed information Status Status of the secondary port Forwarding: Forwarding Blocking: Blocking Down: Link down Delay The time value (in seconds) for automatic or timer switch-back - is displayed when this item is not set. Limit The time remaining until a timer switch-back (in seconds) - is displayed when this item is not set. VLAN VLAN to which flush control frames are sent 1 to 4094: Indicates a VLAN ID. untag: No VLAN is specified.
show channel-group Actor Port : Priority: 128 Partner System: Priority: 128 MAC: 0012.e214.
show channel-group Port: 0/8 Down State: Detached Speed: Actor Port : Priority: 128 Uplink redundant Switchport backup pairs Primary Status Secondary ChGr 8 Blocking Port 0/24 Duplex: - Status Forwarding Preemption Delay Limit 60 5 Flush VLAN - > Display items in Example 2 Table 14-2 Display items for the detailed link aggregation information Item Meaning Displayed information ChGr Channel group number Channel group number Mode Link aggregation mode LACP: LACP link aggregation mode Static: Sta
show channel-group Item Meaning Displayed information VLAN ID VLAN ID to which the channel group belongs VLAN ID Periodic Time Sending interval for LACPDU This item is displayed only when LACP mode is enabled. Short: The sending interval is 1 second. Long: The sending interval is 30 seconds. This item is not displayed if it has not been set. Actor System Information about the actor system Information about the actor system. This item is displayed only when LACP mode is enabled.
show channel-group Item Meaning Displayed information Distributing: Data can be sent and received. If the status of the port is Down, Detached is displayed. Speed Line speed 10M: 10 Mbit/s 100M: 100 Mbit/s 1G: 1 Gbit/s -- is displayed if the port status is Down. Duplex Duplex mode Full: Full duplex Half: Half duplex -- is displayed if the port status is Down. Priority Priority of the actor system port 0 to 65535 can be specified as the priority value (0 indicates the highest priority).
show channel-group Item Meaning Displayed information Startup active port selection Setting of the functionality that permanently assigns the active port at device startup primary only: The functionality that permanently assigns the active port at device startup is enabled. This item is displayed only when this functionality is enabled.
show channel-group Item Meaning Displayed information Down: Data packets cannot be sent or received. Disabled: Link aggregation is disabled. Port Port list of the channel group -- is displayed if the port has not been set. Impact on communication None Response messages Table 14-4 List of response messages for the show channel-group command Message Description There is no information. ( channel-group ) There is no channel-group information.
show channel-group statistics show channel-group statistics Displays link aggregation statistics. Syntax show channel-group statistics [lacp] [] Input mode User mode and administrator mode Parameters lacp Displays for each port the statistics for sent and received LACPDUs in link aggregation. Information is not displayed if static link aggregation mode is enabled or link aggregation mode has not been set.
show channel-group statistics Port: 0/2 Port: 0/3 Port: 0/4 Port: 0/5 Port: 0/6 Port: 0/7 Port: 0/8 Discards Octets Frames Discards Octets Frames Discards Octets Frames Discards Octets Frames Discards Octets Frames Discards Octets Frames Discards Octets Frames Discards Tx: Tx: Tx: Tx: Tx: Tx: Tx: Tx: Tx: Tx: Tx: Tx: Tx: Tx: Tx: Tx: Tx: Tx: Tx: Tx: Tx: Tx: 0 4992 39 0 5376 42 0 5376 42 0 0 0 0 7552 118 0 0 0 0 0 0 0 Rx: Rx: Rx: Rx: Rx: Rx: Rx: Rx: Rx: Rx: Rx: Rx: Rx: Rx: Rx: Rx: Rx: Rx: Rx: Rx: Rx
show channel-group statistics Display items in Example 1 Table 14-5 Display items for the statistics for sent and received data packets related to link aggregation Item Meaning Displayed information channel-group counts Number of channel groups to be displayed Number of channel groups ChGr Channel group number. The status of the channel group is displayed enclosed in parentheses. Channel group number Up: Data packets can be sent and received. Down: Data packets cannot be sent or received.
show channel-group statistics TxMarkerResponsePDUs: RxIllegals : Port: 0/7 TxLACPDUs : TxMarkerResponsePDUs: RxIllegals : Port: 0/8 TxLACPDUs : TxMarkerResponsePDUs: RxIllegals : 0 9 RxMarkerPDUs: RxUnknowns : 0 0 0 0 0 RxLACPDUs : RxMarkerPDUs: RxUnknowns : 0 0 0 0 0 0 RxLACPDUs : RxMarkerPDUs: RxUnknowns : 0 0 0 > Figure 14-9 Displaying statistics for sent and received LACPDUs for the specified channel group > show channel-group statistics 8 lacp Date 2008/11/13 11:21:42 UTC channel-group count
show channel-group statistics Display items in Example 2 Table 14-6 Display items for the statistics for sent and received LACPDUs in link aggregation Item Meaning Displayed information channel-group counts Number of channel groups to be displayed Number of channel groups ChGr Channel group number Channel group number Port Counts Number of ports to be displayed Number of ports Port Interface port number -- TxLACPDUs Number of sent LACPDUs -- RxLACPDUs Number of received LACPDUs -- Tx M
show channel-group statistics clear counters 198
clear channel-group statistics lacp clear channel-group statistics lacp Clears the statistics for sent and received LACPDUs in link aggregation.
clear channel-group statistics lacp 200
Part 5: Layer 2 Switching 15.
show mac-address-table show mac-address-table Displays information stored in the MAC address table.
show mac-address-table dynamic Displays the information in the MAC address table registered dynamically through MAC address learning. snoop Displays the information in the MAC address table registered by using the IGMP snooping or MLD snooping functionality. dot1x Displays the information in the MAC address table registered by using the IEEE 802.1X functionality. wa Displays the information in the MAC address table registered by using the Web authentication functionality.
show mac-address-table Item Meaning Displayed information MAC address MAC address -- VLAN VLAN ID -- Type Type of MAC address table entry Dynamic: Entry registered dynamically Snoop: Entry registered by using the IGP snooping or MLD snooping functionality Static: Entry registered statically Dot1x: Entry registered after authentication by the IEEE 802.
show mac-address-table Impact on communication None Response messages Table 15-3 List of response messages for the show mac-address-table command Message Description Can't execute. The command could not be executed. Re-execute the command. There is no information. ( mac-address-table ) There is no information in the MAC address table. Notes This command does not display information for undefined channel group numbers.
clear mac-address-table clear mac-address-table Clears the information in the MAC address table registered dynamically through MAC address learning. Syntax clear mac-address-table [-f] Input mode User mode and administrator mode Parameters -f Clears information in the MAC address table without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed.
16.
show vlan show vlan Displays various VLAN statuses and the status of accommodated lines. Syntax show vlan [{[id] | port | channel-group-number }][{summary | detail | list}] Input mode User mode and administrator mode Parameters { [id] | port | channel-group-number< Channel group# list>} [id] Displays the VLAN information for the VLAN IDs specified in list format.
show vlan Date 2009/10/28 16:32:45 UTC VLAN counts: 5 VLAN ID: 7 Type: Port based Status: Up Learning: On BPDU Forwarding: EAPOL Forwarding: Router Interface Name: VLAN0007 IP Address: Source MAC address: 0012.e294.
show vlan Untagged(1) Tagged(10) : 0/14 : 0/1,0/17-25 > Figure 16-2 Example of displaying VLAN information for a specific port > show vlan port 0/14 Date 2009/10/28 16:40:45 UTC VLAN counts: 1 VLAN ID: 4094 Type: Port based Status: Up Learning: On BPDU Forwarding: EAPOL Forwarding: Router Interface Name: VLAN4094 IP Address: 192.168.0.150/24 Source MAC address: 0012.e294.
show vlan Item Meaning Displayed information BPDU Forwarding BPDU forwarding Blank: No IP address has been set. On: BPDU forwarding functionality is being used. EAPOL Forwarding EAPOL forwarding Blank: The setting for this item does not exist. On: EAPOL forwarding functionality is being used. Router Interface Name Interface name Displays the name of the interface assign to the VLAN. IP Address IP address (/mask) Blank: No IP address has been set.
show vlan Figure 16-3 Example of displaying VLAN summary information > show vlan summary Date 2009/10/28 16:32:16 UTC Total(5) : 7,10,30,51,4094 Port based(3) : 7,10,4094 Protocol based(1) : 30 MAC based(1) : 51 > Display items in Example 2 Table 16-2 Display items of VLAN summary Item Meaning Displayed information Total(n) Applicable VLAN information n: Number of applicable VLANs n=0: Blank VLAN ID list Port based(n) Port VLAN information n: Number of applicable VLANs n=0: Blank VLAN ID list Prot
show vlan 0/23(ChGr:8) Down Tagged 0/24(ChGr:8) Up Forwarding Tagged 0/25 Up Forwarding Tagged VLAN ID: 4094 Type: Port based Status: Up Learning: On BPDU Forwarding: EAPOL Forwarding: Router Interface Name: VLAN4094 IP Address: 192.168.0.150/24 Source MAC address: 0012.e294.
show vlan Item Meaning Displayed information address learning is disabled. BPDU Forwarding BPDU forwarding Blank: No IP address has been set. On: BPDU forwarding functionality is being used. EAPOL Forwarding EAPOL forwarding Blank: No IP address has been set. On: EAPOL forwarding functionality is being used. Router Interface Name Interface name Displays the name of the interface assign to the VLAN. IP Address IP address (/mask) Blank: No IP address has been set.
show vlan Item Meaning Displayed information Data forwarding status Forwarding: Data is being forwarded. Blocking: Data forwarding is blocked. (VLAN): The VLAN is disabled. (CH): Data forwarding has been stopped by link aggregation. (STP): Data forwarding has been stopped by STP. (dot1x):Data transfer has been stopped by the IEEE 802.1x functionality. (ULR):Data transfer has been stopped by ULR. (AXRP): Forwarding has been suspended by the Ring Protocol.
show vlan Item Meaning Displayed information assignment. Up Number of ports in Up status The number of ports belonging to the VLAN that are in Up status This item includes ports that automatically participate in the VLAN through automatic VLAN assignment. Cfg Number of VLAN ports The number of ports belonging to the VLAN This item includes ports that automatically participate in the VLAN through automatic VLAN assignment.
show vlan Message Description There is no information. ( vlan ) No information was found.
show vlan mac-vlan show vlan mac-vlan Displays the MAC addresses registered for MAC VLANs. Syntax show show show show vlan vlan vlan vlan mac-vlan mac-vlan mac-vlan mac-vlan [] [{static | dynamic}] [[id] ] [{static | dynamic}] mac Input mode User mode and administrator mode Parameters [id] Displays the MAC VLAN information for the VLAN IDs specified in list format.
show vlan mac-vlan 0000.e22b.ffdd(mac-auth) 0050.daba.4fc8(mac-auth) 000b.972f.e22b(mac-auth) > Display items Table 16-6 Display items of MAC VLANs Item Meaning Displayed information VLAN counts Number of displayed MAC VLANs -- Total MAC Counts Number of displayed MAC addresses Number of displayed MAC addresses.
show vlan mac-vlan 220
17.
show spanning-tree show spanning-tree Displays Spanning Tree information. Syntax show spanning-tree [{vlan [ ] | single | mst [ instance ]} [port ] [channel-group-number ]] [detail] [active] Input mode User mode and administrator mode Parameters {vlan [] | single | mst [ instance ]} vlan Displays PVST+ Spanning Tree information.
show spanning-tree detail Displays detailed information about Spanning Tree Protocols. Operation when this parameter is omitted: Displays Spanning Tree information. active Displays port information for only those ports in the Up status. Operation when this parameter is omitted: Displays information for all ports. Operation when all parameters are omitted: Displays Spanning Tree information for Single Spanning Tree, PVST+ Spanning Tree Protocols, and Multiple Spanning Tree.
show spanning-tree 0/20 0/21 0/22 ChGr:8 Up Down Up Down Status:Forwarding Status:Disabled Status:Blocking Status:Disabled Role:Root Role:Role:Alternate Role:- PortFast RootGuard > Display items in Example 1 Item Meaning Displayed information VLAN VLAN ID ID of the VLAN on which PVST+ Spanning Tree Protocol is operating. (Disabled) is displayed if the VLAN is not running. PVST+ Spanning Tree: Operating status of the PVST+ Spanning Tree Protocol Enabled: The Spanning Tree Protocol is running.
show spanning-tree Item Meaning Displayed information Down The port is in Down status. Indicates that the port is in Down status. If link aggregation is used, this means that the channel group is in Down status. Status Port state If Mode is PVST+: Blocking: Blocking Listening: Listening Learning: Learning Forwarding: Indicates Forwarding status. Disabled: Disabled If Mode is Rapid PVST+: Discarding: Discarding Learning: Learning Forwarding: Indicates Forwarding status.
show spanning-tree Root Bridge ID Priority: 32768 Root Cost: 0 Root Port: Port Information 0/1 Up Status:Learning 0/2 Down Status:Disabled 0/3 Down Status:Disabled 0/4 Down Status:Disabled 0/5 Down Status:Disabled 0/6 Down Status:Disabled 0/7 Down Status:Disabled 0/8 Down Status:Disabled 0/11 Down Status:Disabled 0/12 Up Status:Blocking 0/14 Down Status:Disabled 0/16 Down Status:Disabled 0/17 Down Status:Disabled 0/18 Down Status:Disabled 0/19 Down Status:Disabled 0/20 Up Status:Forwarding 0/21 Down Status:
show spanning-tree Item Meaning Displayed information MAC Address MAC address MAC address for root bridge Root Cost Root path cost Path cost value from the Switch to the root bridge 0 is displayed if the Switch is the root bridge. Root Port Root port Displays the port number of the root port. If the root port is a link aggregation port, the port list for the channel group and the channel group number (ChGr) are displayed. A hyphen (-) is displayed if the Switch is the root bridge.
show spanning-tree Item Meaning Displayed information RootGuard Root guard Indicates that the port applies the root guard functionality. Compatible Compatible mode Indicates that the port is operating in compatible mode when Mode for the Spanning Tree Protocol is Rapid STP. Ports operating in compatible mode do not perform rapid status transitions.
show spanning-tree Display items in Example 3 Item Meaning Displayed information Multiple Spanning Tree Operating status of the protocol (Multiple Spanning Tree) Enabled: Running Disabled: Disabled Revision Level Revision level Displays the revision level that is set in the configuration. 0 to 65535 Configuration Name Region name Displays the region name that is set in the configuration.
show spanning-tree Item Meaning Displayed information Internal Root Cost Internal root path cost for MST instance 0 (IST) Path cost value from the Switch to the regional root bridge of MST instance 0 (IST). 0 is displayed if the Switch is the regional root bridge of MST instance 0 (IST). A hyphen (-) is displayed if Multiple Spanning Tree is disabled. Bridge ID Bridge ID for MST instance 0 (IST) of the Switch Displays information about the bridge of MST instance 0 (IST) of the Switch.
show spanning-tree Item Meaning Displayed information Port Information Information about the ports of the MST instance Displays information about the ports managed by Multiple Spanning Tree. If no VLANs are allocated to the MST instance, a response message is displayed because there are no ports. IF# Interface port number Number of the interface port whose information is to be displayed ChGr Channel group number Displays the number of the channel group for which information is displayed.
show spanning-tree Item Meaning Displayed information applied. RootGuard Root guard Indicates that the port applies the root guard functionality. Compatible Compatible mode Indicates that the port is operating in compatible mode for an MSTP Spanning Tree Protocol. Ports operating in compatible mode do not perform rapid status transitions.
show spanning-tree Root Cost:19 Root Port:0/20 Max Age:20 Hello Time:2 Forward Delay:15 Port Information Port:0/17 Down Status:Disabled Role:Priority:128 Cost:Link Type:Compatible Mode:Loop Guard:ON(Blocking) PortFast:OFF BPDUFilter:OFF RootGuard:OFF Port:0/20 Up Status:Forwarding Role:Root Priority:128 Cost:19 Link Type:Compatible Mode:Loop Guard:OFF PortFast:ON(BPDU received) BPDUFilter:OFF RootGuard:OFF BPDU Parameters(2008/11/14 11:26:47): Designated Root Priority:36862 MAC address:0012.e2c4.
show spanning-tree Item Meaning Displayed information BPDUs Hello Time Interval for sending BPDUs Interval for sending BPDUs that are regularly sent from the Switch Forward Delay Time required for a state transition of the port Time required for a state transition when the state transition is triggered by the timer Root Bridge ID Bridge ID for the root bridge -- Priority Bridge priority 0 to 65535 The lower the value, the higher the priority.
show spanning-tree Item Meaning Displayed information Status Port state If Mode is PVST+: Blocking: Blocking Listening: Listening Learning: Learning Forwarding: Indicates Forwarding status. Disabled: Disabled. This status is displayed when the port is in the Down status. Disabled(unmatched): Disabled. A configuration mismatch was detected because a BPDU with an IEEE 802.1Q tag was received when the port was disabled.
show spanning-tree Item Meaning Displayed information PortFast The PortFast status. The receive status of BPDUs is displayed enclosed in parentheses. OFF: PortFast is not operating. ON: PortFast is operating. BPDU Guard: The BPDU guard functionality is being applied to PortFast. The receive status of BPDUs is displayed when this item is On or BPDU Guard.
show spanning-tree Item Meaning Displayed information Message Age Timer Valid time of the received BPDUs Indicates how long received BPDUs are valid. A hyphen (-) is displayed if this period has expired.
show spanning-tree Loop Guard:OFF BPDUFilter:OFF PortFast:OFF RootGuard:ON > Display items in Example 5 Item Meaning Displayed information Single Spanning Tree: Operating status of the protocol (Single Spanning Tree) Enabled: The Spanning Tree Protocol is running. Disabled: The Spanning Tree Protocol is not running. Mode Configured protocol type STP: The protocol type is set to STP mode. Rapid STP: The protocol type is set to Rapid STP mode.
show spanning-tree Item Meaning Displayed information bridge Hello Time Interval for sending BPDUs sent from the root bridge Interval for sending BPDUs that are regularly sent from the root bridge Forward Delay Time required for a state transition of the root bridge port Time required for a state transition when the state transition in the root bridge is triggered by the timer Port Port number or channel group number The number of the port for which information is displayed or the channel group
show spanning-tree Item Meaning Displayed information Cost Port cost Value set for the port cost of the Switch. If the port is in the Down status, a hyphen (-) is displayed. Link Type Link type of the line point-to-point: The line is a 1-to-1 connection. shared: The line is a shared connection. A hyphen (-) is displayed when Mode is PVST+ or when the port is in the Down status. Compatible Mode Compatible mode ON: Operation is in progress in compatible mode.
show spanning-tree Item Meaning Displayed information Designated Bridge Information about the bridge that sent the BPDU -- Priority Bridge priority 0 to 65535 The lower the value, the higher the priority. MAC Address MAC address MAC address for root bridge Root Cost Root path cost Root path cost of the bridge that sent the BPDU Port ID Information about the port that sent the BPDU -- Priority Port priority 0 to 255 The lower the value, the higher the priority.
show spanning-tree Priority : 128 Link Type : point-to-point BPDUFilter: OFF RootGuard : ON Port:0/2 Down Status : Disabled Priority : 128 Link Type : BPDUFilter: OFF RootGuard : ON Cost : 1 PortFast : OFF Hello Time: 2 Role : Cost : PortFast : Hello Time: OFF 2 : Port:ChGr:8 Down Status : Disabled Role : Priority : 128 Cost : Link Type : PortFast : OFF BPDUFilter: OFF Hello Time: 2 RootGuard : ON MST Instance 1 Time Since Topology Change: 0:3:45 VLAN Mapped: 2 Regional Root Priority: 32769 MAC : 00ed.
show spanning-tree Link Type : BPDUFilter: OFF RootGuard : OFF Port:0/18 Down Status : Disabled Priority : 128 Link Type : BPDUFilter: OFF RootGuard : OFF Port:0/19 Down Status : Disabled Priority : 128 Link Type : BPDUFilter: OFF RootGuard : OFF Port:0/20 Up Status : Forwarding Priority : 128 Link Type : point-to-point BPDUFilter: OFF RootGuard : OFF PortFast : OFF Hello Time: 2 Role : Cost : PortFast : Hello Time: OFF 2 Role : Cost : PortFast : Hello Time: OFF 2 Role : Cost : PortFast : Hello Time:
show spanning-tree Item Meaning Displayed information CIST Root Bridge ID for the CIST root bridge -- Priority Bridge priority 0 to 65535 The lower the value, the higher the priority. MAC MAC address MAC address for the CIST root bridge External Root Cost External root path cost Path cost value from the Switch's CIST internal bridge to the CIST root bridge. 0 is displayed if the Switch is the CIST root bridge. Root Port Root port Displays the port number of the CIST root port.
show spanning-tree Item Meaning Displayed information the Switch Path Cost Method Path cost length mode Long: 32-bit values are used for the path cost value. Max Age Maximum valid time for BPDUs sent from the MST instance 0 (IST) of the Switch Displays the maximum valid time for BPDUs sent from the MST instance 0 (IST) bridge of the Switch.
show spanning-tree Item Meaning Displayed information Root Port Root port of the MST instance Displays the port number of the root port of the MST instance. If the root port of the MST instance is a link aggregation port, the link aggregation port list and the channel group number are displayed. A hyphen (-) is displayed if the Switch is the regional root bridge of the MST instance.
show spanning-tree Item Meaning Displayed information Down The port is in Down status. Indicates that the port is in Down status. If link aggregation is used, this means that the channel group is in Down status. Boundary Boundary port Indicates that the port is the boundary port for the region. If the role of the partner device port is alternate port or backup port, the boundary port might never receive BPDUs. In such cases, the port is not displayed as the boundary port.
show spanning-tree Item Meaning Displayed information BpduFilter BPDU filter ON: The BPDU filter functionality is being applied. OFF: The BPDU filter functionality is not being used. Hello Time Interval for sending and receiving BPDUs on the port For the root port, alternate port, and backup port, the value on the partner device is displayed. For the designated port, the value on the Switch is displayed. Root Guard Root guard functionality ON: The root guard functionality is being applied.
show spanning-tree Item Meaning Displayed information Regional Root Regional root bridge information stored in the BPDU If Protocol Version is MSTP, information about the CIST and MSTI regional root bridge is displayed. If Mode Version is STP or Rapid STP, this information is not displayed. Priority Bridge priority 0 to 65535 The lower the value, the higher the priority.
show spanning-tree Impact on communication None Response messages Table 17-1 List of response messages for the show spanning-tree command Message Description Can't execute. The command could not be executed. Re-execute the command. Spanning Tree is not configured. The Spanning Tree Protocol has not been configured. Check the configuration. Specified Spanning Tree is not configured. The specified Spanning Tree Protocol has not been configured. Check the configuration.
show spanning-tree statistics show spanning-tree statistics Displays statistics about Spanning Tree Protocols. Syntax show spanning-tree statistics [ {vlan [ ] | single | mst [ instance ]} [ port ] [channel-group-number ] ] Input mode User mode and administrator mode Parameters {vlan [ ] | single | mst [ instance ]} vlan Displays PVST+ statistics.
show spanning-tree statistics Date 2008/11/14 11:28:22 UTC VLAN 1 Time Since Topology Change:0 day 0 hour 15 minute 59 second Topology Change Times: 1 Port:0/14 Down TxBPDUs : 0 RxBPDUs : 0 Forward Transit Times: 0 RxDiscard BPDUs: 0 Discard BPDUs by reason Timeout : 0 Invalid : 0 Not Support : 0 Other : 0 Port:0/16 Down TxBPDUs : 0 RxBPDUs : 0 Forward Transit Times: 0 RxDiscard BPDUs: 0 Discard BPDUs by reason Timeout : 0 Invalid : 0 Not Support : 0 Other : 0 Port:0/23 Down TxBPDUs : 0 RxBPDUs : 0 Forward
show spanning-tree statistics TxBPDUs : Forward Transit Times: Discard BPDUs by reason Timeout : Not Support : Port:0/21 Down TxBPDUs : Forward Transit Times: Discard BPDUs by reason Timeout : Not Support : Port:0/22 Up TxBPDUs : Forward Transit Times: Discard BPDUs by reason Timeout : Not Support : ChGr:8 Down TxBPDUs : Forward Transit Times: Discard BPDUs by reason Timeout : Not Support : 2 2 RxBPDUs : RxDiscard BPDUs: 506 0 0 0 Invalid Other : : 0 0 0 0 RxBPDUs : RxDiscard BPDUs: 0 0 0 0 Inva
show spanning-tree statistics Display items in Example 1 Item Meaning Displayed information VLAN VLAN ID subject to PVST+ Displayed only when vlan is specified. Time Since Topology Change Time since a topology change was detected n day: Days n hour: Hours n minute: Minutes n second: Seconds For Rapid STP or Rapid PVST+, this item shows the time that has elapsed since Spanning Tree Protocol operation started.
show spanning-tree statistics Date 2008/11/14 13:09:55 UTC MST Instance ID: 1 Topology Change Times: 7 Port:0/1 Up TxBPDUs : 203 RxBPDUs : Forward Transit Times: 1 Discard Message: Exceeded Hop : 0 Port:0/2 Down TxBPDUs : 0 RxBPDUs : Forward Transit Times: 0 Discard Message: Exceeded Hop : 0 0 0 0 0 : ChGr:1 Up TxBPDUs : 203 RxBPDUs : Forward Transit Times: 1 Discard Message: Exceeded Hop : 0 MST Instance ID: 4095 Topology Change Times: 1 Port:0/17 Down TxBPDUs : 0 RxBPDUs : Forward Transit Times: 0 Disc
show spanning-tree statistics Item Meaning Displayed information TxBPDUs Number of sent BPDUs -- RxBPDUs Number of received BPDUs -- Forward Transit Times Number of transitions to the forwarding state -- RxDiscard BPDUs Number of discarded received BPDUs -(Displayed only for MST instance 0.) Discard BPDUs by reason Number of discarded received BPDUs -(Displayed only for MST instance 0.
show spanning-tree statistics Item Meaning Displayed information (Displayed only for MST Instance ID:0) Exceeded Hop Number of discarded MST configuration messages whose remaining hop value is 0 -- Impact on communication None Response messages Table 17-2 List of response messages for the show spanning-tree statistics command Message Description Can't execute. The command could not be executed. Re-execute the command. Spanning Tree is not configured.
clear spanning-tree statistics clear spanning-tree statistics Clears statistics about Spanning Tree Protocols.
clear spanning-tree detected-protocol clear spanning-tree detected-protocol Forces recovery of STP compatible mode for Spanning Tree Protocols. Syntax clear spanning-tree detected-protocol [{vlan [] | single | mst}] [port ] [channel-group-number ] Input mode User mode and administrator mode Parameters {vlan [ ] | single | mst} vlan Forces recovery of STP compatible mode for PVST+.
clear spanning-tree detected-protocol Display items None Impact on communication None Response messages Table 17-4 List of response messages for the clear spanning-tree detected-protocol command Message Description Can't execute. The command could not be executed. Re-execute the command. Notes This command is valid only for rapid PVST+, rapid Spanning Tree Protocols, and Multiple Spanning Tree.
show spanning-tree port-count show spanning-tree port-count Displays the number of accommodated Spanning Tree Protocols. Syntax show spanning-tree port-count [{vlan | single | mst}] Input mode User mode and administrator mode Parameters {vlan | single | mst} vlan Displays the number of accommodated PVST+ Spanning Trees. single Displays the number of accommodated Single Spanning Tree. mst Displays the number of accommodated Multiple Spanning Tree.
show spanning-tree port-count Date 2008/11/14 11:48:21 UTC Single VLAN Counts: 1 VLAN Port Counts: 6 > Display items in Example 2 Item Meaning Displayed information Single VLAN Counts Number of VLANs Number of VLANs subject to Single Spanning Tree VLAN Port Counts Number of VLAN ports Total number of ports configured for all VLANs subject to Single Spanning Tree Example 3 The following shows an example of displaying the number of accommodated Multiple Spanning Tree.
show spanning-tree port-count Message Description Spanning Tree is not configured. The Spanning Tree Protocol has not been configured. Check the configuration. Specified Spanning Tree is not configured. The specified Spanning Tree Protocol has not been configured. Check the configuration. Notes The number of PVST+ and Single Spanning Tree VLANs does not include the number of VLANs in the suspend status.
show spanning-tree port-count 264
18.
show axrp show axrp Displays Ring Protocol information. Syntax show axrp [] [detail] Input mode User mode and administrator mode Parameters Specify a list of ring IDs for which you want to display information. If you specify multiple ring IDs, you can specify a range. [Specifying a range by using "-" or ","] All rings defined by the range are specified. The specifiable values are from 1 to 65535. detail Displays detailed Ring Protocol information.
show axrp Item Meaning Displayed information Oper State Whether the ring is enabled or disabled enable: Enabled disable: Disabled Not Operating: The Ring Protocol functionality for a ring ID is not operating for a reason such as an improper configuration (-- is displayed if the necessary configuration for operating the Ring Protocol functionality has not been set).
show axrp Mode:transport Control VLAN ID:1000 > Display items in Example 2 Table 18-2 Description of displayed items (detailed Ring Protocol information) Item Meaning Displayed information Total Ring Counts Number of rings 1 to 4 Ring ID Ring ID 1 to 65535 Name Ring identification name -- Oper State Whether the ring is enabled or disabled enable: Enabled disable: Disabled Not Operating: The Ring Protocol functionality for a ring ID is not operating for a reason such as an improper configurati
show axrp Item Meaning Displayed information State Ring port state Forwarding: Forwarding Blocking: Blocking down: The port or channel group is down. (If the Ring Protocol functionality of the applicable ring ID is not enabled, or if the port is a shared port in a shared-link non-monitoring ring, -- is displayed.) Multi Fault Detection State Multi-fault monitoring is enabled -: This is displayed when the multi-fault-detection mode or multi-fault-detection vlan configuration command is set.
show axrp 270
19.
show ip dhcp snooping show ip dhcp snooping Displays DHCP snooping information.
show ip dhcp snooping Item Meaning Displayed information Trusted -- yes: Trusted port no: Untrusted port Verify source Terminal filter setting off: No filtering on: Filtering by IP address mac-only: Filtering by MAC address port-security: Filtering by IP address and MAC address Rate limit(pps) Limit on the reception rate for each port Displays the limit value set for the reception rate of DHCP packets. 1 to 300: (pps) unlimited: There is no limit.
show ip dhcp snooping binding show ip dhcp snooping binding Displays information about the DHCP snooping binding database. Syntax show ip dhcp snooping binding[ip ][mac ][vlan ] list>][channel-group-number ] [{static|dynamic}] [port Displays the entries for the specified IP address. mac Displays the entries for the specified MAC address.
show ip dhcp snooping binding Total Bindings: MAC Address 0000.0087.0001 0000.0087.0002 0000.0087.0003 0000.0087.0004 000d.0bbe.b0fb 5 IP Address 192.168.0.201 192.168.0.202 192.168.0.203 192.168.0.204 192.168.100.
show ip dhcp snooping binding Impact on communication None Response messages Table 19-3 List of response messages for the show ip dhcp snooping binding command Message Description DHCP Snooping is not configured. The command could not be executed because DHCP snooping had not been configured. No binding entry. There is no information to be displayed.
clear ip dhcp snooping binding clear ip dhcp snooping binding Clears information in the DHCP snooping binding database. This command clears only the entries that have been registered dynamically. Syntax clear ip dhcp snooping binding[ip ][mac ][vlan ] [port ][channel-group-number ] Input mode User mode and administrator mode Parameters ip Clears the entries for the specified IP address.
clear ip dhcp snooping binding Response messages Table 19-4 List of response messages for the clear ip dhcp snooping binding command Message Description DHCP Snooping is not configured. The command could not be executed because DHCP snooping had not been configured. No binding entry. There is no information to be cleared.
show ip dhcp snooping statistics show ip dhcp snooping statistics Displays statistics about DHCP snooping.
show ip dhcp snooping statistics Item Meaning Displayed information Rate over Of the DHCP packets received (Recv) on the untrusted port for DHCP snooping, the number of DHCP packets discarded when an exceeded rate limit was detected The number of discarded packets displayed in Filter is not included. # A rate check precedes an invalid packet check.
clear ip dhcp snooping statistics clear ip dhcp snooping statistics Clears the DHCP snooping statistics.
show ip arp inspection statistics show ip arp inspection statistics The following figure shows an example of displaying statistics for dynamic ARP inspection.
show ip arp inspection statistics Item Meaning Displayed information DB unmatch Number of ARP packets discarded because they did not match the information in the binding database -- Invalid Number of ARP packets discarded because of invalid binding information -- Impact on communication None Response messages Table 19-9 List of response messages for the show ip arp inspection statistics command Message Description ARP Inspection is not configured.
clear ip arp inspection statistics clear ip arp inspection statistics The following figure shows an example of clearing dynamic ARP inspection statistics.
20.
show igmp-snooping show igmp-snooping Displays IGMP snooping information.
show igmp-snooping Port (4): 0/13-16 Mrouter-port: 0/13-16 Group counts: 5 VLAN 3254: IP Address: 192.168.54.100/24 IGMP querying system: Port (4): 0/17-20 Mrouter-port: 0/17-20 Group counts: 5 VLAN 3255: IP Address: 192.168.55.100/24 IGMP querying system: Port (4): 0/21-24 Mrouter-port: 0/21-24 Group counts: 5 Querier: disable Querier: disable > > show igmp-snooping 3253 Date 2008/11/14 15:59:14 UTC VLAN counts: 3 VLAN 3253: IP Address: 192.168.53.100/24 Querier: enable IGMP querying system: 192.168.
show igmp-snooping Example 2 Figure 20-2 Example of displaying IGMP group information for each VLAN > show igmp-snooping group Date 2008/11/14 VLAN counts: 3 VLAN 3253 Group Group Address 230.0.0.11 Port-list: 230.0.0.10 Port-list: 230.0.0.14 Port-list: 230.0.0.13 Port-list: 230.0.0.12 Port-list: VLAN 3254 Group Group Address 230.0.0.34 Port-list: 230.0.0.33 Port-list: 230.0.0.32 Port-list: 230.0.0.31 Port-list: 230.0.0.30 Port-list: VLAN 3255 Group Group Address 230.0.0.24 Port-list: 230.0.0.
show igmp-snooping Port-list: 0/13 > Display items in Example 2 Item Meaning Displayed information Total Groups Number of participating groups on the device -- VLAN counts Number of VLANs on which IGMP snooping is enabled -- VLAN VLAN information -- Group counts Number of subscription multicast groups in the VLAN -- Group Address Subscription group addresses -- MAC Address Learned MAC addresses -- Port-list Forwarding port number (interface port number) -- Example 3 Figure 20-3 Exam
show igmp-snooping Item Meaning Displayed information Last Reporter IP address that last subscribed to the group -- Uptime Time elapsed since the group information was generated xx:yy xx (minutes), yy (seconds) "1hour", "2hours", ... are displayed if the time is 60 minutes or more. "1day", "2days", ... are displayed if the time is 24 hours or more.
show igmp-snooping Item Meaning Displayed information Query Query messages -- Report(V1) IGMP Version 1 Report messages -- Report(V2) IGMP Version 2 Report messages -- Leave Leave messages -- Error Error packets -- Impact on communication None Response messages Table 20-1 List of response messages for the show igmp-snooping command Message Description Can't execute. The command could not be executed. Re-execute the command. There is no information.
clear igmp-snooping clear igmp-snooping Clears all IGMP snooping information. Syntax clear igmp-snooping [-f] Input mode User mode and administrator mode Parameters -f Clears statistics without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. Example Figure 20-5 Clearing all IGMP snooping information > clear igmp-snooping Do you wish to clear IGMP or MLD snooping data? (y/n): y > If y is entered, IGMP snooping information is cleared.
show mld-snooping show mld-snooping Displays MLD snooping information.
show mld-snooping Port (1): 0/12 Mrouter-port: 0/12 Group counts: 1 VLAN 3002: IP Address: Querier: enable MLD querying system: Querier version: v1 Port (1): 0/12 Mrouter-port: 0/12 Group counts: 1 VLAN 3003: IP Address: Querier: enable MLD querying system: Querier version: v1 Port (1): 0/12 Mrouter-port: 0/12 Group counts: 1 > >show mld-snooping 3001 Date 2008/11/14 17:21:51 UTC VLAN counts: 3 VLAN 3001: IP Address: Querier: enable MLD querying system: Querier version: v1 Port (1): 0/12 Mrouter-port: 0/12
show mld-snooping Item Meaning Displayed information Group counts Number of subscription multicast groups in the VLAN -- Example 2 Figure 20-7 Example of displaying MLD group information for each VLAN > show mld-snooping group Date 2008/11/14 17:22:05 UTC Total Groups: 3 VLAN counts: 3 VLAN 3001 Group counts: 1 Group Address ff80:0:0:0:0:0:99:a0a Port-list: 0/12 VLAN 3002 Group counts: 1 Group Address ff80:0:0:0:0:0:99:a0a Port-list: 0/12 VLAN 3003 Group counts: 1 Group Address ff80:0:0:0:0:0:99:a0a
show mld-snooping Item Meaning Displayed information MAC Address Learned MAC addresses -- Version MLD version information v1: MLD version 1 v2: MLD version 2 v1, v2: MLD version 1 and version 2 mixed Mode Group mode INCLUDE: INCLUDE mode EXCLUDE: EXCLUDE mode (-- is displayed if the MLD version information is v1.
show mld-snooping Item Meaning Displayed information Uptime Time elapsed since the group information was generated xx:yy xx (minutes), yy (seconds) "1hour", "2hours", ... are displayed if the time is 60 minutes or more. "1day", "2days", ... are displayed if the time is 24 hours or more.
show mld-snooping Item Meaning Displayed information Report(v1) MLD Version 1 Report messages -- Report(v2) MLD Version 2 Report messages -- Done Done messages -- Error Error packets -- Impact on communication None Response messages Table 20-3 List of response messages for the show mld-snooping command Message Description Can't execute. The command could not be executed. Re-execute the command. There is no information. ( MLD snooping ) There is no MLD-snooping information.
clear mld-snooping clear mld-snooping Clears all MLD snooping information. Syntax clear mld-snooping [-f] Input mode User mode and administrator mode Parameters -f Clears statistics without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed. Example Figure 20-10 Clearing all MLD snooping information > clear mld-snooping Do you wish to clear IGMP or MLD snooping data? (y/n): y > If y is entered, MLD snooping information is cleared.
clear mld-snooping 300
Part 6: Forwarding IPv4 Packets 21.
show ip interface show ip interface Displays the status of IPv4 interfaces. Syntax show ip interface [{summary | up | down | vlan }] Input mode User mode and administrator mode Parameters {summary | up | down | vlan } summary Displays a summary of the status of all interfaces. up Displays detailed information about interfaces in the Up status. down Displays detailed information about interfaces in the Down status.
show ip interface Item Meaning Displayed information Dot notation IP address/subnet mask length -- Example 2 This example shows how to display detailed information about interfaces in the Up status. > show ip interface up Press the Enter key. Display the detailed status of an interface. > show ip interface vlan 3005 Press the Enter key. The following shows an example of executing the command with an interface specified.
show ip interface Item Meaning Displayed information xxxx.xxxx.xxxx MAC address The MAC address used by packets sent from the interface. ChGr Channel group number and channel status Displayed for a link aggregation line. Up: Indicates that the channel status is Up. Down: Indicates that the channel status is Down. Time-since-last-st atus-change Time elapsed since the status changed to Up or Down. Time elapsed since the status of the VLAN interface last changed.
show ip interface Port 0/4 : Down media Port 0/5 : Up media 100BASE-TX full(auto) Port 0/7 : Down media Time-since-last-status-change: 0day 00:00:23 Last down at: 2008/11/14 17:33:07 00ed.f010.0001 00ed.f010.0001 ChGr:7(Up) 00ed.f010.0001 ChGr:7(Up) : > Display items in Example 3 This is the same as in Display items in Example 2. See Table 21-2 Contents of the displayed detailed information.
show ip arp show ip arp Displays ARP information. Syntax show ip arp [{interface vlan | ip }] Input mode User mode and administrator mode Parameters {interface vlan | ip } interface vlan Specifies a VLAN ID. For , specify the VLAN ID set by the interface vlan configuration command. ip Specifies an IP address. Operation when all parameters are omitted: Displays the ARP information registered on all interfaces.
show ip arp Figure 21-6 Execution result when an IP address is specified > show ip arp ip 192.20.0.2 Date 2008/11/14 22:06:20 UTC Total: 1 IP Address Linklayer Address 192.20.0.2 0080.452d.
show ip route show ip route Displays the IPv4 routing table. Syntax show ip route Input mode User mode and administrator mode Parameters None Example Figure 21-7 Execution result of displaying IP route information > show ip route Date 2008/11/14 17:32:39 UTC Total: 5 Destination Nexthop 192.168.0.0/24 192.168.0.100 192.168.4.0/24 192.168.4.10 192.168.5.0/24 192.168.5.10 192.168.54.0/24 192.168.54.100 192.168.55.0/24 192.168.55.
show ip route Response messages Table 21-7 List of response messages for the show ip route command Message Description There is no information. ( ip route ) There is no IP route information.
ping ping The ping command is used to determine whether communication is possible to the device with the specified IP address. Syntax ping [{-t | -n }] [-l ] [-w ] Input mode User mode and administrator mode Parameters {-t | -n } -t Issues an unlimited number of ping transmissions. To interrupt the processing, press Ctrl+C. Operation when this parameter is omitted: The number of ping transmissions is the value specified for .
ping Reply from 192.168.0.1: count=1. bytes=46 Reply from 192.168.0.1: count=2. bytes=46 Reply from 192.168.0.1: count=3. bytes=46 Reply from 192.168.0.1: count=4. bytes=46 ---- 192.168.0.1 Ping statistics ---Packet: sent 4, received 4, lost 0 (0% loss) > Execute an echo test by specifying the following conditions:10 attempts, data size of 1500 bytes, and a reply wait time of 2 seconds. > ping -n 10 -l 1500 -w 2 192.168.0.1 Press the Enter key.
traceroute traceroute Displays the route (the route of gateways that have been passed through and the response time between the gateways) over which UDP messages are sent to the destination host. Syntax traceroute [-m ] [-w ] Input mode User mode and administrator mode Parameters -m Specifies the maximum number of hops permitted to the destination IP address. The specifiable values are from 1 to 255.
traceroute Display items None Impact on communication None Response messages Table 21-9 List of response messages for the traceroute command Message Description Destination host Unreachable. The sent data was unable to reach the specified destination IP address. traceroute to x.x.x.x, over a maximum of yy hops. The traceroute command is being executed. to x. x. x. x Destination IP address yy hops Maximum number of hops Trace complete. Processing by the traceroute command has finished.
traceroute 314
Part 7: Filters 22.
show access-filter show access-filter Displays the filter conditions applied on the Ethernet interface or VLAN interface by the access group commands (mac access-group and ip access-group), the number of packets that meet the filter conditions, and the number of packets discarded because they did not match any filter conditions in the access list.
show access-filter Figure 22-2 Result of displaying the standard IP access list > show access-filter 0/2 acl-std Date 2008/09/18 12:56:43 UTC Using Port: interface fastethernet 0/2 in Standard IP access-list: acl-std remark "permit of ip access-list standard" 10 permit 172.16.1.12 0.0.0.
show access-filter Item Displayed information Statistics Detailed information Meaning matched packets: Number of packets that meet the filter conditions in the access list implicitly denied packets: Number of packets that were discarded because they did not meet any of the filter conditions in the access list Impact on communication None Response messages Table 22-2 List of response messages for the show access-filter command Message Description Can't execute.
clear access-filter clear access-filter For the access list information displayed by the show access-filter command, this command resets the number of packets that met the filter conditions (indicated in matched packets) and the number of packets discarded because they did not meet the filter conditions (indicated in implicitly denied packets).
clear access-filter 320
Part 8: QoS 23.
show qos-flow show qos-flow Displays the flow detection conditions and operations to be performed in the QoS flow list applied on the Ethernet interface or VLAN interface by the QoS flow group command (ip qos-flow-group and mac qos-flow-group), and the number of packets that meet the flow detection conditions.
show qos-flow Figure 23-2 Result of displaying IP QoS flow list information > show qos-flow 0/25 "http-qos" Date 2008/09/18 18:47:48 UTC Using Port: interface gigabitethernet 0/25 in IP qos-flow-list: http-qos remark "cos 4" 10 qos tcp any host 10.10.10.
show qos-flow Response messages Table 23-2 List of response messages for the show qos-flow command Message Description Can't execute. The command could not be executed. Re-execute the command. No configuration. No QoS flow group was set for the Ethernet interface or VLAN interface. Make sure the specified parameter or QoS flow group setting is correct, and then try again. No such ID. No QoS flow group that is specified with the QoS flow list name was applied to the interface.
clear qos-flow clear qos-flow Clears the number of packets (indicated by matched packets) that met the flow detection conditions in the QoS flow list, which is displayed by the show qos-flow command.
show qos queueing show qos queueing Displays information about the send queue of the port. The send queue length, the maximum queue length, and the number of packets discarded without being accumulated in the send queue are displayed to enable monitoring of the traffic status.
show qos queueing Queue 7: Queue 8: discard HOL1= Queue 9: Queue10: Queue11: Queue12: Queue13: Queue14: Queue15: Queue16: discard HOL1= Queue17: Queue18: Queue19: Queue20: Queue21: Queue22: Queue23: Queue24: discard HOL1= Queue25: Queue26: Queue27: Queue28: Queue29: Queue30: Queue31: Queue32: discard HOL1= Qlen= 0, Limit_Qlen= Qlen= 0, Limit_Qlen= packets 0, HOL2= Qlen= 0, Limit_Qlen= Qlen= 0, Limit_Qlen= Qlen= 0, Limit_Qlen= Qlen= 0, Limit_Qlen= Qlen= 0, Limit_Qlen= Qlen= 0, Limit_Qlen= Qlen= 0, Limit_Qle
show qos queueing HOL1= 0, HOL2= 0, Tail_drop= 0 > Display items Table 23-4 Display items of statistics Item Interface information QoS information Queue information 328 Displayed information Detailed information Meaning Port (outbound) Port send queues To-CPU (outbound) Send queues for traffic from the ports to the CPU SW (outbound) Send queues for traffic among internal LSIs (This item is displayed only for the AX1240S-48T2C.
show qos queueing Item Displayed information Detailed information Meaning queue Port statistics Limit_Qlen= Maximum number of send queues discard packets Number of packets discarded without being accumulated in the send queue HOL1= Number of packets discarded because the send queue or the packet buffer of the send port was full at the time of determination of the destination port after the packets were received. HOL is an abbreviation for head of line blocking.
clear qos queueing clear qos queueing For the information displayed by the show qos queueing command, this command clears to 0 the number of packets (HOL1, HOL2, and Tail_drop) that were not placed in the send queue and were discarded.
Part 9: Layer 2 Authentication 24.
show authentication fail-list show authentication fail-list Displays information related to terminals that failed to be authenticated by Layer 2 authentication in ascending order of MAC address. Syntax show authentication fail-list [mac ] Input mode Administrator mode Parameters mac Displays information related to terminals that failed to be authenticated for the specified MAC address.
show authentication fail-list Item Meaning Displayed information Last fail time Date and time last authentication attempt failed year/month/day hour:minute:second Count Number of authentication failures -- Impact on communication None Response messages Table 24-2 List of response messages for the show authentication fail-list command Message Description There is no information. There is no information about terminals that failed to be authenticated. Authentication is not configured.
clear authentication fail-list clear authentication fail-list Clears information related to terminals that failed to be authenticated by Layer 2 authentication. Syntax clear authentication fail-list Input mode Administrator mode None Parameters None Example The following shows an example of clearing information related to terminals that failed to be authenticated by Layer 2 authentication.
show authentication logging show authentication logging Displays operational log messages logged for each type of Layer 2 authentication in chronological order. Syntax show authentication logging [search ] Input mode Administrator mode Parameters search Specifies the search string. If you specify this parameter, operation log messages that include the search string will be displayed. Specify the string with 1 to 64 characters. The characters are case sensitive.
show authentication logging Display items The following shows the display format of a message. (Example: Web authentication) (1) Log functionality type: Indicates the type of authentication functionality. (Fixed at AUT.) (2) Date and time: Indicates the date and time (month/date hour:minute:second) an event occurred. (3) Authentication ID: Indicates the type of Layer 2 authentication. - 1X: IEEE 802.
clear authentication logging clear authentication logging Clears the operation log information for each type of Layer 2 authentication. Syntax clear authentication logging Input mode Administrator mode Parameters None Example The following shows an example of clearing operation log information for Layer 2 authentication.
clear authentication logging 338
25. IEEE802.
show dot1x statistics show dot1x statistics Displays statistics about IEEE 802.1X authentication. Syntax show dot1x statistics [{port | channel-group-number | vlan dynamic}] Input mode User mode and administrator mode Parameters {port | channel-group-number | vlan dynamic} port Displays statistics for port-based authentication for the physical ports specified in list format.
show dot1x statistics (Dynamic) TxSuccess RxTotal RxResp/Id RxLenErr : : : : 12 TxFailure : 26 RxStart : 8 RxResp : 0 3 TxNotify : 6 RxLogoff : 6 RxInvalid : 0 0 0 [EAPoverRADIUS frames] Port 0/4 TxTotal : (Dynamic) RxTotal : RxAccChllg: 12 TxNakResp : 12 RxAccAccpt: 6 RxInvalid : 0 TxNoNakRsp: 6 RxAccRejct: 0 12 0 > Figure 25-3 Displaying statistics for each channel group that uses IEEE 802.
show dot1x statistics : : : : : : : : : : : : 7 0 111 40 87 29 0 412 185 191 3 0 [EAPoverRADIUS frames] Port 0/1 TxTotal : RxTotal : RxAccChllg: Port 0/4 TxTotal : (Dynamic) RxTotal : RxAccChllg: ChGr 1 TxTotal : RxTotal : RxAccChllg: VLAN TxTotal : (Dynamic) RxTotal : RxAccChllg: 10 10 5 10 10 5 38 38 19 4 4 2 ChGr 1 VLAN (Dynamic) RxResp/Id RxLenErr TxTotal TxSuccess RxTotal RxResp/Id RxLenErr TxTotal TxSuccess RxTotal RxResp/Id RxLenErr RxResp : 5 RxInvalid : 0 TxReq/Id TxFailure RxStart RxRes
show dot1x statistics Item Meaning RxStart The number of EAPOL Start frames that have been received RxLogoff The number of EAPOL Logoff frames that have been received RxResp/Id The number of EAP Response/Identity frames that have been received RxResp The number of EAP Response frames (excluding Identity frames) that have been received RxInvalid The number of invalid EAPOL frames that have been received (the # number of discarded frames) RxLenErr The number of invalid-length EAPOL frames that h
show dot1x statistics Message Description No operational Channel Group. There are no available channel groups. Check the authentication mode set by the configuration. No operational Port. There are no available ports. Check the authentication mode set by the configuration. No operational VLAN(Dynamic). VLAN-based authentication (dynamic) was not configured. Check the authentication mode set by the configuration.
show dot1x show dot1x Displays status information about IEEE 802.1X authentication. Syntax show dot1x [{port | channel-group-number | vlan dynamic []}] [detail] Input mode User mode and administrator mode Parameters {port | channel-group-number | vlan dynamic [] } port Displays status information about port-based authentication for the physical ports specified in list format.
show dot1x > Figure 25-7 Displaying the status information for all types of IEEE 802.1X authentication > show dot1x detail Date 2009/10/28 10:24:25 UTCSystem 802.
show dot1x Display items Table 25-3 Display items for the status information about IEEE 802.1X authentication Item Meaning Displayed information System 802.1X Displays the operating status of IEEE 802.1X authentication. Enable: Running Disable: Disabled AAA Authentication Dot1x Displays the operating status of authentication requests to RADIUS.
show dot1x Item Meaning Displayed information Status Displays the authentication status of the port. Authorized: Already authenticated. Unauthorized: Not authenticated. ---: Terminal authentication mode Last EAPOL Displays the source MAC address of the last received EAPOL. ----.----.---- is displayed when authentication has not been completed. Supplicants (summary) Displays the number of supplicants that have already been authenticated or assigned for authentication.
show dot1x Item Meaning Displayed information VLAN(s) (For VLAN-based authentication (dynamic) and port-based authentication (dynamic) only) This item displays the VLAN list. Note that the list does not include VLANs registered by automatic VLAN assignment. VLAN(Dynamic) Supplicants (For VLAN-based authentication (dynamic) only) This item displays the number of supplicants already authenticated.
show dot1x Item Meaning Displayed information SessionTime Displays the time (in seconds for each supplicant) required to establish a session after a successful authentication. Date/Time Displays the first time that authentication of the supplicant was successful. SubState (For port-based authentication (static or dynamic) only) This item displays the authentication sub-status of the supplicant.
clear dot1x statistics clear dot1x statistics Clears the IEEE 802.1X authentication statistics. Syntax clear dot1x statistics Input mode User mode and administrator mode Parameters None Example Figure 25-8 Clearing IEEE 802.1X authentication statistics > clear dot1x statistics > Display items None Impact on communication None Response messages Table 25-5 List of response messages for the clear dot1x statistics command Message Description Can't execute. The command could not be executed.
clear dot1x auth-state clear dot1x auth-state Initializes the IEEE 802.1X authentication status.
clear dot1x auth-state Impact on communication If initialization is performed, the IEEE 802.1X authentication status on the relevant ports or VLANs is initialized, and communication is lost. To restore communication, re-authentication is necessary. Response messages Table 25-6 List of response messages for the clear dot1x auth-state command Message Description Can't execute. The command could not be executed. Re-execute the command. Dot1x doesn't seem to be running. The IEEE 802.
reauthenticate dot1x reauthenticate dot1x Re-authenticates the status of IEEE 802.1X authentication. Even if re-authentication timer (reauth-period) is 0 (disabled), re-authentication is forcibly performed.
reauthenticate dot1x Display items None Impact on communication When re-authentication is initiated, no problems with communication arise if re-authentication is successful. If re-authentication fails, however, communication will be lost. Response messages Table 25-7 List of response messages for the reauthenticate dot1x command Message Description Can't execute. The command could not be executed. Re-execute the command. Dot1x doesn't seem to be running. The IEEE 802.1X setting has not been enabled.
show dot1x logging show dot1x logging Displays the operation log messages collected by IEEE 802.1X authentication. Syntax show dot1x logging [search ] Input mode User mode and administrator mode Parameters search Specifies the search string. If you specify this parameter, only information that includes the search string will be displayed. Specify the string with 1 to 64 characters. The characters are case sensitive.
show dot1x logging > Display items The following shows the display format of a message. (1) Log functionality type: Indicates the type of authentication functionality. (Fixed at AUT.) (2) Date and time: Indicates the date and time (month/date hour:minute:second) an event occurred. (3) Authentication ID: Indicates IEEE 802.1X. (4) Message number: Indicates the number assigned to each message shown in Table 25-10 List of operation log messages. (5) Log ID: Indicates the level of the operation log message.
show dot1x logging Table 25-9 Added info Display format Meaning MAC=xxxx.xxxx.xxxx Indicates the MAC address. PORT=xx/xx CHGR=x Indicates the port number or channel group number VLAN=xxxx Indicates the VLAN ID. ServerIP=xxx.xxx.xxx Indicates the server IP address. Table 25-10 List of operation log messages No. Log ID Log type Authentication mode Message text Description Added info 1 2 3 NORMAL LOGIN Login succeeded. ; New Supplicant Auth Success.
show dot1x logging 11 12 # authentication (dynamic) VLAN-based authentication (dynamic) MAC, PORT or CHGR, VLAN ID NORMAL Force logout. ; "clear dot1x auth-state" command succeeded. LOGOUT Port-based authentication (static) Port-based authentication (dynamic) VLAN-based authentication (dynamic) Authentication has been canceled by a command. [Action] None NORMAL Force logout. ; The supplicant was cleared, because it was registered to MAC VLAN with the configuration.
show dot1x logging 17 18 30 31 Port-based authentication (static) Port-based authentication (dynamic) VLAN-based authentication (dynamic) Authentication has been canceled because the port is in the link-down state. [Action] None NORMAL Force logout. ; VLAN status down. LOGOUT # MAC, PORT or CHGR, VLAN ID Port-based authentication (static) Port-based authentication (dynamic) VLAN-based authentication (dynamic) Authentication has been canceled because the VLAN has gone down.
show dot1x logging 34 NOTICE LOGIN Port-based authentication (dynamic) VLAN-based authentication (dynamic) Login failed. ; Failed to assign VLAN. (Reason: Tunnel-Type Attribute is not VLAN(13).) VLAN dynamic assignment failed because the value of the Tunnel-Type attribute was not VLAN(13). [Action] Set the Tunnel-Type attribute in the Accept packet to be sent by the RADIUS server to VLAN(13).
show dot1x logging 39 NOTICE LOGIN Port-based authentication (dynamic) VLAN-based authentication (dynamic) Login failed. ; Failed to assign VLAN. (Reason: The VLAN ID is out of range.) VLAN dynamic assignment failed because the VLAN ID was not in the normal range. [Action] Check the range of the VLAN IDs set for the Tunnel-Private-Group-ID attribute in the Accept packet to be sent by the RADIUS server.
show dot1x logging 44 NOTICE LOGIN Port-based authentication (static) Port-based authentication (dynamic) Login failed. ; The number of supplicants on the interface is full. Authentication was not available because there were too many supplicants on the interface. [Action] Attempt authentication again when the number of authenticated supplicants on the interface is below the capacity limit.
show dot1x logging 81 WARNING SYSTEM Port-based authentication (static) Port-based authentication (dynamic) VLAN-based authentication (dynamic) Invalid EAP over RADIUS frame received. An invalid EAPoverRADIUS frame has been received.
show dot1x logging Port-based authentication (static) Port-based authentication (dynamic) Authentication has been canceled because multistep authentication either succeeded or failed. [Action] None # MAC, PORT, VLAN ID 330 NOTICE LOGIN Port-based authentication (static) Port-based authentication (dynamic) Login failed. ; Failed to authenticate the supplicant because MAC authentication reject. Authentication was not performed because MAC-based authentication failed in multistep authentication.
show dot1x logging Response messages Table 25-11 List of response messages for the show dot1x logging command Message Description There is no logging data. There is no log data. There is no log data to match. Log data matching the specified character string could not be found. There is no memory. There is not enough memory to collect data.
clear dot1x logging clear dot1x logging Clears the operation log messages collected by IEEE 802.1X authentication. Syntax clear dot1x logging Input mode User mode and administrator mode Parameters None Example Figure 25-11 Clearing IEEE 802.1X operation log messages > clear dot1x logging > Display items None Impact on communication None Response messages Table 25-12 List of response messages for the clear dot1x logging command Message Description Can't execute. The command could not be executed.
clear dot1x logging 368
26.
set web-authentication user set web-authentication user Adds a user for Web authentication. At this time, specify the VLAN to which the user belongs. To apply the change to the authentication information, execute the commit web-authentication command. Syntax set web-authentication user Input mode Administrator mode Parameters Specify a user name to be registered. Specify 1 to 128 characters.
set web-authentication user Response messages Table 26-1 List of response messages for the set web-authentication user command Message Description Already user '' exists. The specified user has already been registered. The number of users exceeds 300. The number of users to be registered exceeds 300. Web-Authentication is not configured. The Web authentication functionality is not enabled. Check the configuration.
set web-authentication passwd set web-authentication passwd Changes the password of a Web-authenticated user. To apply the change to the authentication information, execute the commit web-authentication command. Syntax set web-authentication passwd Input mode Administrator mode Parameters Specify the name of the user whose password is to be changed. Specify the current password.
set web-authentication passwd The settings are available as authentication information only after the commit web-authentication command has been executed.
set web-authentication vlan set web-authentication vlan Changes the VLAN to which a Web-authenticated user belongs. To apply the change to the authentication information, execute the commit web-authentication command. Syntax set web-authentication vlan Input mode Administrator mode Parameters Specify the name of the user for which the VLAN is being changed. Specify the VLAN that is to be changed.
remove web-authentication user remove web-authentication user Deletes a user for Web authentication. To apply the change to the authentication information, execute the commit web-authentication command. Syntax remove web-authentication user { | -all} [-f] Input mode Administrator mode Parameters { | -all} Deletes the specified user. -all Deletes all users. -f Deletes the user without displaying a confirmation message.
remove web-authentication user Response messages Table 26-4 List of response messages for the remove web-authentication user command Message Description Unknown user ''. The specified user has not been registered. (when a single MAC address is specified). User does not exist. The user was not found (when the -all parameter is specified). Web-Authentication is not configured. The Web authentication functionality is not enabled. Check the configuration.
show web-authentication user show web-authentication user Displays the user information registered on the Switch used for Web authentication. This command can also display user information that is being entered or edited by using the following commands: set web-authentication user command set web-authentication passwd command set web-authentication Vlan command remove web-authentication user command User information is displayed in ascending order of user name.
show web-authentication user Item Meaning Displayed information # Entry number -- VLAN VLAN The VLAN set for the registered user User name user name A registered user name Impact on communication None Response messages Table 26-6 List of response messages for the show web-authentication user command Message Description There is no information. ( edit ) There was no information in the edit area of the internal Web authentication DB. There is no information.
show web-authentication login show web-authentication login Displays the users currently logged in (users that have already been authenticated) in ascending order by login date and time.
show web-authentication login Item Meaning Displayed information # Entry number The entry number for an authenticated, currently logged-in user. This is just the displayed number, which changes depending on such factors as the filter conditions. F Forced authentication indication *: Indicates a user logged in by using the forced authentication functionality.
show web-authentication login Notes None 381
show web-authentication login select-option show web-authentication login select-option Extracts a portion of the authenticated users currently logged in based on selected items and displays those users in ascending order by login date and time. If you execute the command with the detail option specified, the entries being authenticated are also displayed as the entries to be extracted.
show web-authentication login select-option Example 1 Figure 26-2 Displaying information when specifying ports # show web-authentication login select-option port 0/10 Date 2009/03/24 17:12:22 UTC Static VLAN mode total login counts(Login/Max): 1 / 1024 Authenticating client counts : 0 Port roaming : Disable No F User name Port VLAN Login time Limit 1 USER10-all_floor@example.
show web-authentication login select-option Item Meaning Displayed information mode only) VLAN VLAN The VLAN ID of the VLAN that is accommodating the authenticated, currently logged-in user Login time Login date and time The first time the authenticated, currently logged-in user logged in year/month/day hour:minute:second Limit Remaining login time The remaining login time (hours:minutes:seconds) for the currently logged-in user.
show web-authentication login select-option Item Meaning counts Displayed information If a maximum number of registered users has not been set, the default value is displayed. Static VLAN mode total login counts Authenticating client counts The number of terminals on which authentication is being processed -- Port roaming Roaming information Changing of ports within the same VLAN.
show web-authentication login select-option Item Meaning Displayed information infinity Authenticating client list List of terminals on which authentication is being processed Information about terminals on which Web authentication is being processed # Entry number The entry number of a user for which Web authentication is being processed. This is just the displayed number, which changes depending on such factors as the filter conditions.
show web-authentication login summary show web-authentication login summary Displays the number of authenticated, currently logged-in users by port or by VLAN. Syntax show web-authentication login summary {port [] | vlan []} Input mode Administrator mode Parameters {port [] | vlan [] } port [] Displays the number of authenticated, currently logged-in users for the specified port.
show web-authentication login summary Display items 1 Table 26-12 Display items for each port Item Meaning Displayed information Dynamic VLAN mode total login counts The number of users currently logged in (Login / Max): The number of users currently logged in / the maximum number of users set for the device If a maximum number of registered users has not been set, the default value is displayed. Port roaming Roaming information Changing of ports within the same VLAN.
show web-authentication login summary Display items 2 Table 26-13 Items displayed for a VLAN Item Meaning Displayed information Dynamic VLAN mode total login counts The number of users currently logged in (Login / Max): The number of users currently logged in / the maximum number of users set for the device If a maximum number of registered users has not been set, the default value is displayed. Port roaming Roaming information Changing of ports within the same VLAN.
show web-authentication logging show web-authentication logging Displays the operation log messages collected by the Web authentication functionality. Syntax show web-authentication logging [search ] Input mode Administrator mode Parameters search Specifies the search string. If you specify this parameter, only information that includes the search string will be displayed. Specify the string with 1 to 64 characters. The characters are case sensitive.
show web-authentication logging # Display items The following shows the display format of a message. (1) Log functionality type: Indicates the type of authentication functionality. (Fixed at AUT.) (2) Date and time: Indicates the date and time (month/date hour:minute:second) an event occurred. (3) Authentication ID: Indicates Web authentication. (4) Message number: Indicates the number assigned to each message shown in Table 26-17 List of operation log messages.
show web-authentication logging Display format Meaning USER=xxxxxxxxxx Indicates the user ID. IP=xxx.xxx.xxx Indicates the IP address. PORT=xx/xx CHGR=x Indicates the port number or channel group number VLAN=xxxx Indicates the VLAN ID. Table 26-17 List of operation log messages No. Log ID Log type Authentication mode Message text Description Added info 1 NORMA L LOGIN Legacy Dynamic VLAN Fixed VLAN Login succeeded. The client was successfully authenticated.
show web-authentication logging No. Log ID Log type Authentication mode Message text Description Added info #2 Fixed VLAN 5 NORMA L MAC, USER, IP, PORT or CHGR, VLAN LOGOUT Legacy Dynamic VLAN Fixed VLAN Force logout ; Connection time was beyond a limit. Authentication was canceled because the maximum connection time was exceeded. [Action] None #2 MAC, USER, IP, PORT or CHGR, VLAN 6 NORMA L LOGOUT Legacy Dynamic VLAN Fixed VLAN Force logout ; mac-address-table aging.
show web-authentication logging No. Log ID Log type Authentication mode Message text Description Added info Legacy Dynamic VLAN Fixed VLAN Authentication failed because the specified user ID was not registered in the internal Web authentication DB, or the number of characters for the user ID was out of range. [Action] Use the correct user ID to log in. USER 11 NOTICE LOGIN Legacy Dynamic VLAN Fixed VLAN Login failed ; Password not found to web authentication DB.
show web-authentication logging No. Log ID Log type Authentication mode Message text Description Added info Legacy Dynamic VLAN Fixed VLAN Authentication could not be performed because the number of logins exceeded the maximum allowable number. [Action] Log in again when the number of authenticated users drops low enough. MAC, USER 16 NOTICE LOGIN Legacy Dynamic VLAN Fixed VLAN Login failed ; The login failed because of hardware restriction.
show web-authentication logging No. Log ID Log type Authentication mode Message text Description Added info Legacy Dynamic VLAN Fixed VLAN Authentication failed because an attempt to communicate with the RADIUS server failed. [Action] Check whether communication is possible between the Switch and the RADIUS server. After the Switch is able to communicate with the RADIUS server, log in again.
show web-authentication logging No. Log ID Log type Authentication mode Message text Description Added info MAC, USER, IP, PORT, VLAN 29 NORMA L LOGOUT Legacy Dynamic VLAN Fixed VLAN Force logout ; Client moved. Authentication was canceled because it was detected that the port of an authenticated terminal was moved. [Action] Log in again. #2 MAC, USER, IP, PORT or CHGR, VLAN 31 NORMA L LOGOUT Fixed VLAN Force logout ; Port not specified.
show web-authentication logging No. Log ID Log type Authentication mode Message text Description Added info MAC, USER, IP, PORT, VLAN 40 NORMA L LOGOUT Legacy Dynamic VLAN Fixed VLAN Force logout ; Ping packet accepted. Authentication of the user was canceled because a logout ping was received. [Action] None #2 MAC, USER, IP, PORT or CHGR, VLAN 41 NORMA L LOGOUT Legacy Dynamic VLAN Fixed VLAN Force logout ; Other authentication program.
show web-authentication logging No. Log ID Log type Authentication mode Message text Description Added info Dynamic VLAN All authentications were canceled because authentication mode changed from dynamic VLAN mode to legacy mode. [Action] None MAC, USER, IP, PORT, VLAN 82 NORMA L SYSTEM Legacy Dynamic VLAN Fixed VLAN #2 Accepted clear auth-state command. A request issued by the clear web-authentication auth-state command to cancel authentication was received.
show web-authentication logging No. Log ID Log type Authentication mode Message text Description Added info Legacy Dynamic VLAN Fixed VLAN A response to an accounting request was not received from the RADIUS server. [Action] Check whether communication is available between the Switch and the RADIUS server. MAC, USER 105 NOTICE LOGIN Legacy Dynamic VLAN Login failed ; VLAN suspended.
show web-authentication logging No. Log ID Log type Authentication mode Message text Description Added info Legacy Dynamic VLAN Fixed VLAN A login attempt failed because duplicate authentication requests were issued. [Action] Open only one login window, and log in again. Also, press the Login button only once. MAC, USER, PORT or CHGR 264 NORMA L SYSTEM Legacy Dynamic VLAN Fixed VLAN Received login request. A login request was received.
show web-authentication logging No. Log ID Log type Authentication mode Message text Description Added info Dynamic VLAN Fixed VLAN The terminal is roaming. [Action] None MAC, USER, PORT 269 NOTICE LOGIN Legacy Login failed ; Authentic mode intermingled. (legacy vlan) Authentication failed in legacy mode because there are multiple authentication modes. [Action] Use only one authentication mode (legacy mode or dynamic VLAN mode) for one interface.
show web-authentication logging No. Log ID Log type Authentication mode Message text Description Added info Legacy Dynamic VLAN Fixed VLAN Authentication failed due to user invalidation because the response from the RSA authentication server was not received. [Action] Log in again. MAC, IP 276 NORMA L LOGOUT Dynamic VLAN Fixed VLAN Force logout ; Authentic method changed (single <-> multi-step).
show web-authentication logging Impact on communication None Response messages Table 26-18 List of response messages for the show web-authentication logging command Message Description There is no logging data. There is no operation log data. There is no log data to match. Log data matching the specified character string could not be found. There is no memory. There is not enough memory to collect data.
clear web-authentication logging clear web-authentication logging Clears the operation log information for Web authentication. Syntax clear web-authentication logging Input mode Administrator mode Parameters None Example The following shows an example of clearing the operation log information for Web authentication.
show web-authentication show web-authentication Displays the configuration for Web authentication. Syntax show web-authentication Input mode Administrator mode Parameters None Example The following shows an example of displaying the configuration for Web authentication.
show web-authentication service dhcp vlan: Disable Port Count Port VLAN ID Forceauth VLAN Access-list-No ARP relay Max-user HTML fileset : 2 : : : : : : : Port : VLAN ID : Forceauth VLAN : Access-list-No : ARP relay : Max-user : Authentication method : HTML fileset : 0/6 40 Disable L2-auth Enabled 256 FILESETXYZ 0/22 40 Disable L2-auth Enabled 256 port-list-AAA FILESETXYZ <<>> * Authentication parameter Authentic-mode : Static-VLAN ip address : Disable web-port
show web-authentication Port : VLAN ID : Forceauth VLAN : Access-list-No : ARP relay : Max-user : Authentication method : HTML fileset : 0/5 4 Disable L2-auth Enabled 1024 port-list-AAA FILESETXYZ Port VLAN ID Forceauth VLAN Access-list-No ARP relay Max-user HTML fileset 0/6 4 Disable L2-auth Enabled 1024 FILESETXYZ : : : : : : : Port : VLAN ID : Forceauth VLAN : Access-list-No : ARP relay : Max-user : Authentication method : HTML fileset : 0/22 4 Disable L2-auth Enabled 1024 port-list-AAA FILESETXYZ
show web-authentication Item Meaning Displayed information Mode D fqdn Domain name Domain name This item is not displayed if it is not set.
show web-authentication Item Meaning Displayed information Mode D L F Authentication The list name and authentication method for the authentication method list Displays the RADIUS server group name for the authentication method list. RADIUS RADIUS: Indicates RADIUS authentication : RADIUS server group name (Not defined) is displayed after the group name if the RADIUS server group name that has been set is invalid. This item is not displayed if it is not set.
show web-authentication Item Meaning Displayed information Mode D retry-interval The interval for retransmitting monitoring packets The interval for retransmitting connection monitoring packets (in seconds) redirect Redirect functionality Usage state of URL redirection in Web authentication Enable: Enabled Disable: Disabled Y redirect-mode Redirect mode A protocol for displaying the Web authentication Login page when the URL redirect functionality is enabled Y tcp-port TCP port number The
show web-authentication Item Meaning Displayed information Mode D L F Y Y Y Port Port information Port number (Legacy is displayed after a port number if legacy mode is used.) VLAN ID VLAN information VLAN ID registered in Web authentication. -- is displayed if this item has not been set. Y Y Y Forceauth VLAN Forced authentication Setting status of forced authentication in dynamic #4 VLAN mode or legacy mode xxxx: Enabled. xxxx indicates the VLAN ID set in configuration.
show web-authentication of configuration for Web authentication in the Configuration Guide Vol. 2. #2: Legacy mode is not supported. #3: VLAN IDs registered by automatic VLAN allocation are not displayed. However, VLAN IDs are displayed if they are accommodated in the native VLAN (fixed) as the result of automatic VLAN allocation. #4: When the authentication force-authorized enable command is enabled and the authentication force-authorized vlan command is not set, native vlan is displayed.
show web-authentication statistics show web-authentication statistics Displays statistics for Web authentication. Syntax show web-authentication statistics Input mode Administrator mode Parameters None Example The following shows an example of displaying statistics related to Web authentication.
show web-authentication statistics Item Meaning RxTotal The total number of receptions from the RADIUS server RxAccAccpt The total number of Access-Accept packets received from the RADIUS server RxAccRejct The total number of Access-Reject packets received from the RADIUS server RxAccChllg The total number of Access-Challenge packets received from the RADIUS server RxInvalid The total number of invalid frames received from the RADIUS server Account frames Accounting information TxTotal The t
clear web-authentication statistics clear web-authentication statistics Clears Web authentication statistics.
commit web-authentication commit web-authentication Stores the internal Web authentication DB in internal flash memory and reflects its contents for operation. Syntax commit web-authentication [-f] Input mode Administrator mode Parameters -f Stores the internal Web authentication DB in internal flash memory and reflects its contents for operation. No confirmation message is displayed. Operation when this parameter is omitted: A confirmation message is displayed.
commit web-authentication 418 set web-authentication passwd set web-authentication vlan remove web-authentication user
store web-authentication store web-authentication Backs up the internal Web authentication DB to a file. Syntax store web-authentication ramdisk [-f] Input mode Administrator mode Parameters ramdisk Backs up the internal Web authentication DB to a file on the RAMDISK. Specify the name of the file to which the internal Web authentication DB is to be backed up. Specify the file name with 64 or fewer characters.
store web-authentication Message Description Command information was damaged. A backup file could not be created because the authentication information was corrupted. Data doesn't exist. A backup file could not be created. A commit operation might not have been executed. Execute a commit operation, and then check the result. If the commit operation fails again, the internal flash memory might be corrupted. Web-Authentication is not configured. The Web authentication functionality is not enabled.
load web-authentication load web-authentication Restores the internal Web authentication DB from a backup file.
load web-authentication Response messages Table 26-27 List of response messages for the load web-authentication command Message Description Restore complete. Restoration from the backup file was successful. File format error. The format of the specified backup file is different from the internal Web authentication DB. Load operation failed. Restoration from the backup file failed. Flash memory write failed. Writing of the information to internal flash memory failed.
clear web-authentication auth-state clear web-authentication auth-state Forcibly logs out an authenticated, currently logged-in user. Syntax clear web-authentication auth-state { user { | -all} | mac-address } [-f] Input mode Administrator mode Parameters user { | -all } Forces user logout by specifying an authenticated user that is currently logged in. -all Forces the logout of all authenticated uses that are currently logged in.
clear web-authentication auth-state Response messages Table 26-28 List of response messages for the clear web-authentication auth-state command Message Description Can't execute. The command could not be executed. Re-execute the command. Web-Authentication is not configured. The Web authentication functionality is not enabled. Check the configuration. The specified user is not login user. The specified user is not a logged-in user. The specified MAC address does not exist.
set web-authentication html-files set web-authentication html-files Replaces the images for Web authentication pages (such as login and logout pages), the messages output for authentication errors, and the icons displayed in the Favorites menu of the Web browser. When you execute this command, specify the name of the directory in which the page images, messages, or icons to be registered are stored.
set web-authentication html-files pages. Specify the name with 1 to 16 characters. Use only uppercase alphanumeric characters. Operation when this parameter is omitted: The basic Web authentication page is replaced with the custom file set. -f Replaces pages, messages, and icons without displaying a confirmation message. Operation when this parameter is omitted: A confirmation message is displayed.
set web-authentication html-files Message Description File name 'xxx' is reserved. The file name xxx is a reserved word and cannot be used. The following files are included in the directory specified for . auth wol Use the del command to delete both of the files in this directory, and then try again. Install operation failed. An attempt to register the file failed. No login.html file in the directory. There is no login.html file in the specified directory. No such directory.
store web-authentication html-files store web-authentication html-files Retrieves the images of Web authentication pages (such as login and logout pages), the messages output for authentication errors, and the icons displayed on the Favorites menu of the Web browser, all of which are in current use, and stores them in any directory on the RAMDISK. Related files are also retrieved at the same time. Specific files cannot be specified.
store web-authentication html-files Impact on communication None Response messages Table 26-30 List of response messages for the store web-authentication html-files command Message Description Can't execute. The command could not be executed. Re-execute the command. Directory isn't empty. The specified directory is not empty. Make sure there is no files or subdirectories in the directory. File name is too long.
show web-authentication html-files show web-authentication html-files Displays the size of the file (in bytes) registered by the set web-authentication html-files command and the date and time registered. If no file has been registered, that the default setting is being used is displayed.
show web-authentication html-files 2009/10/29 02:14 666 loginNG.html 2009/10/29 02:14 937 logout.html 2009/10/29 02:14 586 logoutOK.html 2009/10/29 02:14 640 logoutNG.html 2009/10/29 02:14 545 webauth.msg default now 0 favicon.ico 2009/10/29 02:14 17,730 the other files # 1. Displays the time required to register the basic Web authentication page custom file set. 2. For the default status, default now is displayed. 3.
show web-authentication html-files 2009/10/29 02:14 default now 545 webauth.msg 0 favicon.ico 2009/10/29 02:14 8,441 IMAGE001.JPG 2009/10/29 02:14 5,528 IMAGE002.JPG 2009/10/29 02:14 3,761 IMAGE003.GIF # Display items None Impact on communication None Response messages Table 26-31 List of response messages for the show web-authentication html-files command Message Description Can't execute. The command could not be executed. Re-execute the command.
clear web-authentication html-files clear web-authentication html-files Deletes the Web authentication pages registered by the set web-authentication html-files command, messages, and icons, and reverts to the default file set. Syntax clear web-authentication html-files [{html-fileset | -all}][-f] Input mode Administrator mode Parameters {html-fileset | -all} html-fileset Deletes the custom file set for the specified individual Web authentication page.
clear web-authentication html-files Impact on communication None Response messages Table 26-32 List of response messages for the clear web-authentication html-files command Message Description Can't clear because it is default now. The file could not be deleted because it had default status. Can't execute. The command could not be executed. Re-execute the command. Clear operation failed. An attempt to delete the file failed. No such html-fileset 'xxx'. The specified custom file set was not found.
show ip dhcp binding show ip dhcp binding Displays the binding information on the DHCP server. Syntax show ip dhcp binding [{ | sort}] Input mode User mode and administrator mode Parameters { | sort} Displays the binding information for the specified IP address. sort Displays the binding information sorted in ascending order using the IP address as the key.
show ip dhcp binding Response messages Table 26-34 List of response messages for the show ip dhcp binding command Message Description Can't execute. The command could not be executed. Re-execute the command. No such IP Address. The specified IP address could not be found. There is no information. ( binding ) There is no binding information. Notes Binding information for which the lease has been expired is not displayed.
clear ip dhcp binding clear ip dhcp binding Deletes the binding information from the DHCP server database. Syntax clear ip dhcp binding [{ | all}] Input mode User mode and administrator mode Parameters { | all} Deletes binding information for the specified IP address. all All IP addresses in the binding information are deleted. Operation when this parameter is omitted: All IP addresses in the binding information are deleted.
show ip dhcp conflict show ip dhcp conflict Displays an IP address conflict detected by the DHCP server. An IP address conflict refers to an IP address assigned to a terminal over the network, although it is blank as a pool IP address on the DHCP server. An IP address conflict is detected by the DHCP DECLINE packet received from the client that detected the collision, or as a result of duplication of the IP address and the IP address for the VLAN that defines DHCP.
show ip dhcp conflict Response messages Table 26-37 List of response messages for the show ip dhcp conflict command Message Description Can't execute. The command could not be executed. Re-execute the command. No such IP Address. The specified IP address could not be found. There is no information. ( conflict ) There is no IP address conflict information.
clear ip dhcp conflict clear ip dhcp conflict Clears the IP address conflict information from the DHCP server. Syntax clear ip dhcp conflict [{ | all}] Input mode User mode and administrator mode Parameters { | all} Deletes IP address conflict information for the specified IP address. all All IP address conflict information is deleted. Operation when this parameter is omitted: All IP address conflict information is deleted.
show ip dhcp server statistics show ip dhcp server statistics Displays statistics about the DHCP server.
show ip dhcp server statistics Item Meaning Displayed information discard packets Number of discarded packets -- < Receive Packets > The number of received packets -- DHCPDISCOVER Number of received DHCPDISCOVER packets -- DHCPREQUEST Number of received DHCPREQUEST packets -- DHCPDECLINE Number of received DHCPDECLINE packets -- DHCPRELEASE Number of received DHCPRELEASE packets -- DHCPINFORM Number of received DHCPINFORM packets -- < Send Packets > Send packet information -- DHC
clear ip dhcp server statistics clear ip dhcp server statistics Clears the DHCP server statistics. Syntax clear ip dhcp server statistics Input mode User mode and administrator mode Parameters None Example Figure 26-11 Result of executing the command for clearing DHCP statistics > clear ip dhcp server statistics > Display items None Impact on communication None Response messages Table 26-41 List of response messages for the clear ip dhcp server statistics command Message Description Can't execute.
clear ip dhcp server statistics 444
27.
show mac-authentication auth-state show mac-authentication auth-state Displays information about the terminals (MAC address) that have been authenticated in ascending order by authenticated date and time.
show mac-authentication auth-state Item Meaning Displayed information Port roaming Roaming information Changing of ports within the same VLAN. Enable: Enabled Disable: Disabled (default) L Legacy mode L: MAC-based authentication entries in legacy mode # Entry number The entry number for a currently authenticated terminal. This is just the displayed number, which changes depending on such factors as the filter conditions.
show mac-authentication auth-state Message Description authentication. MAC-Authentication is not configured. The MAC-based authentication functionality is not configured. Check the configuration. Notes The input format and the information that is displayed are the same as that displayed by the description of the show mac-authentication login command.
clear mac-authentication auth-state clear mac-authentication auth-state Forces cancellation of the authentication of a currently authenticated terminal. Syntax clear mac-authentication auth-state mac-address { | -all} [-f] clear mac-authentication auth-state { | -all}[-f] Input mode Administrator mode Parameters mac-address { | -all} { | -all} Forces cancellation of the authentication of the currently authenticated terminal with the specified MAC address.
clear mac-authentication auth-state Response messages Table 27-3 List of response messages for the clear mac-authentication auth-state command Message Description Can't execute. The command could not be executed. Re-execute the command. The specified MAC address does not exist. The specified terminal (MAC address) does not exist (when a single MAC address is specified). MAC address does not exist. No terminals (MAC addresses) exist (when the -all parameter is specified).
show mac-authentication auth-state select-option show mac-authentication auth-state select-option Extracts specified items from the information about the currently authenticated terminals (MAC address) and displays them in ascending order by authentication date and time. Note that if you execute the command with the detail option specified, entries in the process of authentication and entries for which authentication processing has been suspended are also displayed as extracted entries.
show mac-authentication auth-state select-option Date 2009/03/24 17:15:14 UTC Dynamic VLAN mode total client counts(Login/Max): 256 Authenticating client counts : 1 Hold down client counts : 1 Port roaming : Disable No F MAC address Port VLAN Login time Limit Reauth 1 * 00d0.5909.
show mac-authentication auth-state select-option Item Meaning Displayed information Limit Remaining time for authentication The remaining time for the authenticated state of the currently authenticated terminal (hour:minute:second). When a terminal is authenticated, the remaining time might be displayed as 00:00:00 immediately before authentication for the terminal is canceled due to a timeout.
show mac-authentication auth-state select-option Display items 2 Table 27-5 Items displayed for the detailed authentication status of MAC-based authentication Item Meaning Displayed information The explanation of (A) is the same as in Display items 1. See Table 27-4 Items displayed for the authenticated terminal information.
show mac-authentication auth-state select-option Item Meaning Displayed information Remaining The remaining time until re-authentication will start again hours:minutes:seconds Impact on communication None Response messages Table 27-6 List of response messages for the show mac-authentication auth-state select-option command Message Description There is no information. ( mac auth-state ) There is no MAC address authenticated by MAC-based authentication. MAC-Authentication is not configured.
show mac-authentication auth-state summary show mac-authentication auth-state summary Displays the number of currently authenticated terminal entries by port or by VLAN. Syntax show mac-authentication auth-state summary {port [] | vlan []} Input mode Administrator mode Parameters {port [] | vlan []} Displays the number of currently authenticated terminals for the specified port.
show mac-authentication auth-state summary Display items 1 Table 27-7 Display items for each port Item Meaning Displayed information Dynamic VLAN mode total client counts The number of currently authenticated terminals (Login / Max): The number of currently authenticated terminals / the maximum number of registered terminals set for the device Authenticating client counts The number of terminals on which authentication is being processed -- Hold down client counts The number of terminals on which
show mac-authentication auth-state summary 1 10 1 # Display items 2 Table 27-8 Items displayed for a VLAN Item Meaning Displayed information Dynamic VLAN mode total client counts The number of currently authenticated terminals (Login / Max): The number of currently authenticated terminals / the maximum number of registered terminals set for the device Authenticating client counts The number of terminals on which authentication is being processed -- Hold down client counts The number of termina
show mac-authentication auth-state summary Notes The input format and the information that is displayed are the same as that displayed by the description of the show mac-authentication login summary command.
show mac-authentication login show mac-authentication login The input format and display contents for this command are the same as those of the show mac-authentication auth-state command. For details, see the description of the show mac-authentication auth-state command.
show mac-authentication login select-option show mac-authentication login select-option The input format and display contents for this command are the same as those of the show mac-authentication auth-state select-option command. For details, see the description of the show mac-authentication auth-state select-option command.
show mac-authentication login summary show mac-authentication login summary The input format and display contents for this command are the same as those of the show mac-authentication auth-state summary command.
show mac-authentication logging show mac-authentication logging Displays the operation log messages collected by the MAC-based authentication functionality. Syntax show mac-authentication logging [search ] Input mode Administrator mode Parameters search Specifies the search string. If you specify this parameter, only information that includes the search string will be displayed. Specify the string with 1 to 64 characters. The characters are case sensitive.
show mac-authentication logging Date 2008/11/13 16:55:32 UTC AUT 11/13 16:18:48 MAC No=1:NORMAL:LOGIN: MAC=0000.e227.8bf8 PORT=0/2 VLAN=4 Login succeeded. AUT 11/13 16:18:48 MAC No=1:NORMAL:LOGIN: MAC=0000.e28c.4add PORT=0/8 VLAN=4000 Login succeeded. AUT 11/13 16:18:48 MAC No=1:NORMAL:LOGIN: MAC=0000.0000.0003 PORT=0/4 VLAN=40 Login succeeded. 3 events matched. # Display items The following shows the display format of a message.
show mac-authentication logging Log ID Description Log type ERROR LOGOUT Indicates that the attempt to cancel authentication failed. SYSTEM Indicates an alternate operation when a communication failure occurs. SYSTEM Indicates a communication failure or an operation failure in MAC-based authentication functionality. Table 27-11 Added info Display format Meaning MAC=xxxx.xxxx.xxxx Indicates the MAC address. PORT=xx/xx Indicates the port number. VLAN=xxxx Indicates the VLAN ID.
show mac-authentication logging No. Log ID Log type Authentication mode Message text Description Added info Legacy Dynamic VLAN Fixed VLAN Authentication was canceled because the authentication method was switched.
show mac-authentication logging No. Log ID Log type Authentication mode Message text Description Added info 9 NORMA L LOGOUT Legacy Dynamic VLAN Fixed VLAN Force logout ; Program stopped. The authentication of all terminals was canceled because the MAC-based authentication functionality stopped. [Action] To subsequently perform MAC-based authentication, set the configuration. #2 MAC, PORT, VLAN 10 NORMA L LOGOUT Legacy Dynamic VLAN Fixed VLAN Force logout ; Other authentication program.
show mac-authentication logging No. Log ID Log type Authentication mode Message text Description Added info #2 MAC, PORT, VLAN 15 NOTICE LOGIN Legacy Dynamic VLAN Fixed VLAN Login failed ; Number of login was beyond limit. Authentication could not be performed because the number of logins exceeded the maximum allowable number. [Action] Attempt authentication again after the number of authentications decreases.
show mac-authentication logging No. Log ID Log type Authentication mode Message text Description Added info [Action] Check the configuration. #2 MAC, PORT, VLAN 30 NORMA L LOGOUT Legacy Dynamic VLAN Fixed VLAN Force logout ; mac-address-table aging. Authentication was canceled because a MAC address was deleted due to MAC address table aging. [Action] The terminal is not in use. Check the terminal.
show mac-authentication logging No. Log ID Log type Authentication mode Message text Description Added info Legacy Dynamic VLAN Fixed VLAN A response to an accounting request was not received from the RADIUS server. [Action] Check whether communication is available between the Switch and the RADIUS server. After the Switch can communicate with the RADIUS server, perform authentication again. MAC 105 NOTICE LOGIN Legacy Dynamic VLAN Fixed VLAN Login failed ; VLAN suspended.
show mac-authentication logging No. Log ID Log type Authentication mode Message text Description Added info MAC, VLAN 255 ERROR SYSTEM Legacy Dynamic VLAN Fixed VLAN The other error. An internal MAC-based authentication error occurred. [Action] None -- 256 NORMA L LOGIN Legacy Dynamic VLAN Fixed VLAN Reauthentication succeeded. Re-authentication was successful.
show mac-authentication logging No. Log ID Log type Authentication mode Message text Description Added info #2 Fixed VLAN 264 NORMA L MAC, PORT (destination is displayed for port information), VLAN LOGOUT Legacy Dynamic VLAN Fixed VLAN Force logout ; MAC address changed the port, but the new port is not target of MAC Authentication. Authentication has been canceled because the new port does not support MAC-based authentication.
show mac-authentication logging No. Log ID Log type Authentication mode Message text Description Added info Message 269 NORMA L SYSTEM Dynamic VLAN Fixed VLAN Client port roaming. The terminal is roaming. [Action] None MAC, PORT 270 NOTICE SYSTEM Legacy Dynamic VLAN Fixed VLAN MAC address was force-authorized. Forced authentication has started because an error occurred when a request was sent to the RADIUS server.
show mac-authentication logging No. Log ID Log type Authentication mode Message text Description Added info #2 MAC, PORT, VLAN 280 NORMA L LOGOUT Dynamic VLAN Fixed VLAN Force logout ; Multi-step finished. MAC-based authentication has been canceled because multistep authentication has completed. [Action] None #2 MAC, PORT, VLAN 282 NORMA L LOGOUT Dynamic VLAN Fixed VLAN Force logout ; Authentic method changed (single <-> multi-step).
show mac-authentication logging Message Description There is no log data to match. Log data matching the specified character string could not be found. There is no memory. There is not enough memory to collect data. Notes MAC-based authentication operation log messages are displayed starting from the newer messages.
clear mac-authentication logging clear mac-authentication logging Clears the operation log information for MAC-based authentication.
show mac-authentication show mac-authentication Displays the configuration for MAC-based authentication.
show mac-authentication Port VLAN ID Forceauth VLAN Access-list-No ARP relay Max-user Authentication method : : : : : : : 0/22 40 Disable L2-auth Enabled 256 port-list-BBB <<>> * Authentication parameter Authentic-mode : Static-VLAN max-user : 1024 id-format type : xx-xx-xx-xx-xx-xx password : Disable vlan-check : Disable roaming : Disable mac-authentication vlan : * AAA methods Authentication Default Authentication port-list-BBB Authentication End-by-reject Accounting Default * Lo
show mac-authentication Display items Table 27-15 Items displayed for the configuration of MAC-based authentication Item Meaning Displayed information Mode D Dynamic-VLAN Dynamic VLAN mode Operating status of dynamic VLAN mode Enable: Enabled Disable: Disabled (If this item is Disable, the information that follows <<>> is not displayed.
show mac-authentication Item Meaning Displayed information Mode D L F * AAA methods Authentication Default Default authentication method on the Switch Local: Indicates local authentication RADIUS: Indicates RADIUS authentication Local, RADIUS: RADIUS authentication after local authentication RADIUS, Local: Local authentication after RADIUS authentication Local is displayed when this item is not set.
show mac-authentication Item Meaning Displayed information Mode D L F [Syslog send] syslog Setting status of syslog information output Enable: Enabled Disable: Disabled Y Y [Traps] Traps SNMP trap setting status Disable is displayed if SNMP traps are disabled. Y Y Port Count Total number of ports Number of ports for which MAC-based authentication is enabled Y Y Port Port information Port number (Legacy is displayed after a port number if legacy mode is used.
show mac-authentication Y: Applicable N: Not applicable (-- is also displayed on the screen) #1: For details about the conditions for enabling the operating status, see 11.1.2 Configuration procedure for MAC-based authentication in the Configuration Guide Vol. 2. #2: Legacy mode is not supported. #3: VLAN IDs registered by automatic VLAN allocation are not displayed. However, VLAN IDs are displayed if they are accommodated in the native VLAN (fixed) as the result of automatic VLAN allocation.
show mac-authentication statistics show mac-authentication statistics Displays MAC-based authentication statistics.
show mac-authentication statistics Item Meaning re-authentication) RADIUS frames RADIUS server information TxTotal The total number of transmissions to the RADIUS server TxAccReq The total number of Access-Request packets sent to the RADIUS server TxError The number of errors occurring during transmission to the RADIUS server RxTotal The total number of receptions from the RADIUS server RxAccAccpt The total number of Access-Accept packets received from the RADIUS server RxAccRejct The total
clear mac-authentication statistics clear mac-authentication statistics Clears the MAC-based authentication statistics.
set mac-authentication mac-address set mac-authentication mac-address Adds a MAC address for MAC-based authentication to the internal MAC-based authentication DB. A MAC mask and a VLAN ID to which the MAC address belongs can also be specified. You can add a MAC address that has already been registered if its MAC mask or VLAN ID is different from the registered MAC address. To check the editing or registration status, execute the show mac-authentication mac-address command.
set mac-authentication mac-address Adding ffff.ffff.ffff as the MAC mask: # set mac-authentication mac-address 0000.0000.0000 ffff.ffff.ffff 1 Display items None Impact on communication None Response messages Table 27-20 List of response messages for the set mac-authentication mac-address command Message Description Already mac address xxxx.xxxx.xxxx,dddd exists. The specified MAC address has already been registered. xxxx.xxxx.xxxx: MAC address dddd: VLAN ID (If 0 is displayed, no VLAN ID is set.
remove mac-authentication mac-address remove mac-authentication mac-address Deletes MAC addresses, for MAC-based authentication, from the internal MAC-based authentication DB. All entries specified by the MAC address and MAC mask (if registered) are deleted, (including when there are different VLAN IDs). To check the editing or registration status, execute the show mac-authentication mac-address command. To apply the setting to the authentication information, execute the commit mac-authentication command.
remove mac-authentication mac-address Display items None Impact on communication None Response messages Table 27-21 List of response messages for the remove mac-authentication mac-address command Message Description Unknown MAC address 'xxxx.xxxx.xxxx'. The MAC address has not been registered. (when a single MAC address is specified). xxxx.xxxx.xxxx: MAC address Unknown MAC address 'xxxx.xxxx.xxxx(nnnn.nnnn.nnnn)'. The MAC address has not been registered. (when a single MAC address is specified).
show mac-authentication mac-address show mac-authentication mac-address Displays information about the MAC addresses for MAC-based authentication that are registered in a Switch. MAC address information which is either being entered or being edited by using the following commands can also be displayed: set mac-authentication mac-address remove mac-authentication mac-address Information is displayed in ascending order by MAC address.
show mac-authentication mac-address mac-address mac-mask VLAN 0012.e200.1234 - 4094 0012.e200.abcd - 4 0012.e200.1234 0000.0000.ffff 10 # Display items Table 27-22 Items displayed for the MAC address information for MAC-based authentication Item Meaning Displayed information Total mac-address counts The total number of registered MAC addresses The number of registered MAC addresses mac-address MAC address Registered MAC address (any): An entry registered with 0000.0000.
commit mac-authentication commit mac-authentication Stores the internal MAC-based authentication DB in internal flash memory and reflects its contents for operation.
commit mac-authentication Notes The information in the internal MAC-based authentication DB which is being used is modified only when this command is executed.
store mac-authentication store mac-authentication Backs up the internal MAC-based authentication DB to files. Syntax store mac-authentication ramdisk [-f] Input mode Administrator mode Parameters ramdisk Backs up the internal MAC-based authentication DB to files on the RAMDISK. Specify the name of a file to which the internal MAC-based authentication DB is to be backed up.
store mac-authentication Response messages Table 27-25 List of response messages for the store mac-authentication command Message Description Backup complete. A backup file has been created successfully. Store operation failed. The command could not be executed because of insufficient RAMDISK capacity. Command information was damaged. A backup file could not be created because the authentication information was corrupted. Data doesn't exist. A backup file could not be created.
load mac-authentication load mac-authentication Restores the internal MAC-based authentication DB from a backup file to the internal MAC-based authentication DB.
load mac-authentication Response messages Table 27-26 List of response messages for the load mac-authentication command Message Description Restore complete. Restoration from the backup file was successful. Load operation failed. Restoration from the backup file failed. File format error. The format of the specified backup file is different from the internal MAC-based authentication DB. Flash memory write failed. Writing of the information to internal flash memory failed.
load mac-authentication 498
28.
show authentication multi-step show authentication multi-step Displays the information for authenticated terminals on a multistep authentication port for an interface. Syntax show authentication multi-step [port ] [mac ] Input mode Administrator mode Parameters port Specify the number of the interface for which you want to display the multistep authentication progress. Operation when this parameter is omitted: The progress of multistep authentication is displayed for all MAC addresses.
show authentication multi-step Display items Table 28-1 Information displayed for authenticated terminals on a multistep authentication port Item Meaning Displayed information Port Port number Displayed only when an authentication entry exists on the multistep authentication port. Multi-step User authentication is not permitted if MAC-based authentication fails.
show authentication multi-step Item Meaning Displayed information Last Final authentication functionality Displays the authentication functionality used for final authentication of the terminal. mac: MAC-based authentication web: Web authentication dot1x: IEEE 802.1X -- is displayed if the final authentication processing has not been completed.
29.
set wol-device name [OP-WOL] set wol-device name [OP-WOL] Registers information about a new terminal that sends the startup command for Secure Wake-on-LAN. The information is registered in the internal DB used to register the terminal that sends the startup command. To apply the setting to the terminal information, execute the commit wol-device command.
set wol-device name [OP-WOL] description Sets supplementary information about the terminal. Specify 1 to 128 characters. You can use alphanumeric characters (case sensitive), at marks (@), hyphens (-), underscores (_), and periods (.). Operation when this parameter is omitted: No supplementary information is provided. Example Registering a new terminal PC01: # set wol-device name PC01 1234.5678.9abc 1000 ip 192.168.100.100 alive check timeout 600 description Commom-NotePC@example.
set wol-device mac [OP-WOL] set wol-device mac [OP-WOL] Changes the MAC address of the terminal information that has been registered. To apply the setting to the terminal information, execute the commit wol-device command. Syntax set wol-device mac Input mode Administrator mode Parameters Specify the name of the terminal whose MAC address is to be changed. Specify a new MAC address. Specify the MAC address in the range from 0000.0000.0000 to feff.ffff.ffff.
set wol-device vlan [OP-WOL] set wol-device vlan [OP-WOL] Changes the VLAN ID in the terminal information that has been registered. To apply the setting to the terminal information, execute the commit wol-device command. Syntax set wol-device vlan Input mode Administrator mode Parameters Specify the name of the terminal whose VLAN ID is to be changed. Changes the VLAN ID of the VLAN to which the terminal will belong.
set wol-device ip [OP-WOL] set wol-device ip [OP-WOL] Changes the IP address and method used to identify the IP address in the terminal information that has been registered. To apply the setting to the terminal information, execute the commit wol-device command. Syntax set wol-device ip { | dhcp} Input mode Administrator mode Parameters Specify the name of the terminal whose IP address information is to be changed.
set wol-device ip [OP-WOL] Before execution of this command, terminal information must be registered by the set wol-device name command. If the alive nocheck parameter is specified, the address information specified for the ip parameter is invalid.
set wol-device alive [OP-WOL] set wol-device alive [OP-WOL] Changes the method for verifying terminal activation in the information that has been registered. To apply the setting to the terminal information, execute the commit wol-device command. Syntax set wol-device alive {check [timeout ] | nocheck} Input mode Administrator mode Parameters Specify the name of the terminal whose setting for activation verification method is to be changed.
set wol-device alive [OP-WOL] Notes This command can be executed only after the software option license key has been installed. Before execution of this command, terminal information must be registered by the set wol-device name command. If the alive nocheck parameter is specified, the address information specified for the ip parameter is invalid.
set wol-device description [OP-WOL] set wol-device description [OP-WOL] Changes the supplementary information in the terminal information that has been registered. To apply the setting to the terminal information, execute the commit wol-device command. Syntax set wol-device description [] Input mode Administrator mode Parameters Specify the name of the terminal whose supplementary information is to be changed. Enter the new supplementary information.
remove wol-device name [OP-WOL] remove wol-device name [OP-WOL] Deletes the terminal information that has been registered. To apply the setting to the terminal information, execute the commit wol-device command. Syntax remove wol-device name { | -all} [-f] Input mode Administrator mode Parameters { | -all} Specify the name of the terminal to be deleted. -all Deletes all terminal information. -f Deletes the terminal information without displaying a confirmation message.
remove wol-device name [OP-WOL] Message Description Device does not exist. The terminal information was not found (when the -all parameter is specified). License key is not installed. The Secure Wake-on-LAN software option license key has not been set. Notes 514 This command can be executed only after the software option license key has been installed.
show wol-device name [OP-WOL] show wol-device name [OP-WOL] Displays the terminal information that has been registered in the internal DB used to register the terminal that sends the startup command.
show wol-device name [OP-WOL] 1 PC01 0012.ee86.6fd4 4094 202.68.133.72 2 PC02 00ee.16fd.a142 100 10.1.10.10 3 PC03_High... 0022.fa12.34dd 4 PC04 5 PC05 04ff.d423.f145 300 600 10 dhcp 5 dhcp 0612.7faf.1fdd 2000 202.68.133.70 60 change-user all-user-...
show wol-device name [OP-WOL] No 3 : PC03_High-Speed_machine MAC: 0022.fa12.34dd, VLAN: 10 IP address: dhcp, Alive: check Timeout: 60(s) Description: High_price No 4 : PC04 MAC: 04ff.d423.f145, VLAN: 5 IP address: dhcp, Alive: check Description: Timeout: 120(s) No 5 : PC05 MAC: 0612.7faf.1fdd, VLAN: 2000 IP address: 202.68.133.
show wol-device name [OP-WOL] Message Description License key is not installed. The Secure Wake-on-LAN software option license key has not been set. Notes 518 This command can be executed only after the software option license key has been installed.
commit wol-device [OP-WOL] commit wol-device [OP-WOL] Stores the edited terminal information in internal flash memory and reflects its contents for operation. Syntax commit wol-device [-f] Input mode Administrator mode Parameters -f Stores the edited terminal information in internal flash memory and reflects its contents for operation. A confirmation message is not displayed. Operation when this parameter is omitted: A confirmation message is displayed.
commit wol-device [OP-WOL] login. (Even if the information for the terminal being used has been deleted, the user can continue to use the terminal.
store wol-device [OP-WOL] store wol-device [OP-WOL] Creates a backup file of the internal DB used to register the terminal that sends the startup command. Syntax store wol-device ramdisk [-f] Input mode Administrator mode Parameters ramdisk Creates on the RAMDISK a backup file of the internal DB used to register the terminal that sends the startup command.
store wol-device [OP-WOL] Message Description Command information was damaged. A backup file could not be created because the database information is corrupted. Data doesn't exist. A backup file could not be created. A commit operation might not have been executed. Execute a commit operation, and then check the result. If the commit operation fails again, the internal flash memory might be corrupted. License key is not installed. The Secure Wake-on-LAN software option license key has not been set.
load wol-device [OP-WOL] load wol-device [OP-WOL] Restores from a backup file the internal DB used to register the terminal that sends the startup command.
load wol-device [OP-WOL] Impact on communication None Response messages Table 29-13 List of response messages for the load wol-device command Message Description Restore complete. Restoration from the backup file was successful. File format error. The format of the specified backup file is different from the internal DB used to register the terminal that sends the startup command. Load operation failed. Restoration from the backup file failed. Flash memory write failed.
set wol-authentication user [OP-WOL] set wol-authentication user [OP-WOL] Registers new user information in the internal DB for user authentication. Specify the name of an accessible terminal and access permissions. To apply the setting to user information, execute the commit wol-authentication command. Syntax set wol-authentication user permit [any] [manual] [device-name ] Input mode Administrator mode Parameters The user name. Specify 1 to 128 characters.
set wol-authentication user [OP-WOL] Response messages Table 29-14 List of response messages for the set wol-authentication user command Message Description Already user '' exists. The specified user has already been registered. The number of users exceeds 300. The number of users to be registered exceeds 300. The sum of the device of each user exceeds 300. The number of combinations of users and terminals set for each user has exceeded 300. License key is not installed.
set wol-authentication password [OP-WOL] set wol-authentication password [OP-WOL] Changes a user password that has been registered. To apply the setting to user information, execute the commit wol-authentication command. Syntax set wol-authentication password Input mode Administrator mode Parameters Specify the name of the user whose password is to be changed. Specify the current password. Specify the new password.
set wol-authentication password [OP-WOL] wol-authentication user command.
set wol-authentication permit [OP-WOL] set wol-authentication permit [OP-WOL] Changes (adds or deletes) information about the terminals that can be accessed by registered users. To apply the setting to user information, execute the commit wol-authentication command.
set wol-authentication permit [OP-WOL] # set wol-authentication permit USER01 add device-name PC02 Deleting user access permissions for a terminal: # set wol-authentication permit USER01 del any manual device-name PC02@ example.com Display items None Impact on communication None Response messages Table 29-16 List of response messages for the set wol-authentication permit command Message Description Unknown user ''. The specified user has not been registered.
remove wol-authentication user [OP-WOL] remove wol-authentication user [OP-WOL] Deletes the user information that has been registered. To apply the setting to user information, execute the commit wol-authentication command. Syntax remove wol-authentication user { | -all} [-f] Input mode Administrator mode Parameters { | -all } Specify the name of the user to be deleted. -all Deletes all users. -f Deletes the user without displaying a confirmation message.
remove wol-authentication user [OP-WOL] Message Description User does not exist. The user was not found (when the -all parameter is specified). License key is not installed. The Secure Wake-on-LAN software option license key has not been set. Notes 532 This command can be executed only after the software option license key has been installed.
show wol-authentication user [OP-WOL] show wol-authentication user [OP-WOL] Displays user information that has been registered in the internal DB for user authentication.
show wol-authentication user [OP-WOL] * 5 permit deny 1 USER05 # * indicates that the relevant terminal name has not been registered in the internal DB used to register the terminal that sends the startup command.
show wol-authentication user [OP-WOL] permit : any=permit, manual=deny No 5 : USER05 permit : any=permit, manual=deny device-name * 1 : PC04@ # * indicates that the relevant terminal name has not been registered in the internal DB used to register the terminal that sends the startup command.
show wol-authentication user [OP-WOL] Notes 536 This command can be executed only after the software option license key has been installed. (*) indicates that the relevant terminal name has not been registered in the internal DB used to register the terminal that sends the startup command. Use the show wol-device-name command to check the information that has been registered.
commit wol-authentication [OP-WOL] commit wol-authentication [OP-WOL] Stores the edited user information in internal flash memory and reflects its contents for operation. Syntax commit wol-authentication [-f] Input mode Administrator mode Parameters -f Stores the internal DB for user authentication in internal flash memory and reflects its contents for operation. A confirmation message is not displayed. Operation when this parameter is omitted: A confirmation message is displayed.
commit wol-authentication [OP-WOL] continue to use the terminal.
store wol-authentication [OP-WOL] store wol-authentication [OP-WOL] Creates a backup file of the internal DB for user authentication. Syntax store wol-authentication ramdisk [-f] Input mode Administrator mode Parameters ramdisk Creates a backup file of the internal DB for user authentication on the RAMDISK. Specify the name of the file to which the internal DB for user authentication is to be backed up. Specify the file name with 64 or fewer characters.
store wol-authentication [OP-WOL] Message Description Data doesn't exist. A backup file could not be created. A commit operation might not have been executed. Execute a commit operation, and then check the result. If the commit operation fails again, the internal flash memory might be corrupted. License key is not installed. The Secure Wake-on-LAN software option license key has not been set. Notes 540 This command can be executed only after the software option license key has been installed.
load wol-authentication [OP-WOL] load wol-authentication [OP-WOL] Restores the internal DB for user authentication from a backup file.
load wol-authentication [OP-WOL] Response messages Table 29-23 List of response messages for the load wol-authentication command Message Description Restore complete. Restoration from the backup file was successful. File format error. The format of the specified backup file is different from the internal DB for authentication. Load operation failed. Restoration from the backup file failed. Flash memory write failed. Writing of the information to internal flash memory failed.
wol [OP-WOL] wol [OP-WOL] Directly sends the startup command to the specified terminal to turn it on. Syntax wol Input mode Administrator mode Parameters Specify the MAC address of the terminal to which the startup command is to be sent. Specify the MAC address in the range from 0000.0000.0000 to feff.ffff.ffff. Note that you cannot specify a multicast MAC address (address in which the lowest bit of the first byte is 1).
show wol [OP-WOL] show wol [OP-WOL] Displays information about the users currently using the Secure Wake-on-LAN functionality from Web browsers. Syntax show wol Input mode Administrator mode Parameters None Example Example of displaying information about current users: # show wol Date No 1 2 3 4 5 6 2008/11/06 17:32:25 UTC User name User-A User-B User-C User-D User-E Mail-Address_of_USER04_of_The_Co... Phase IDLE CHECK IDLE RESOLVE RESOLVE IDLE Magic Sent Sent Failed Sent Sent Device IP 192.168.1.
show wol [OP-WOL] Item Meaning Displayed information Magic The status of sending the startup command Sent: The startup command has been sent. Failed: An attempt to send the startup command failed. -: Not executed. Device IP Terminal IP address Unknown IP address Waiting: The IP address for the DHCP terminal is being checked. IPv4: The terminal IP address has been resolved. Target The status of the applicable terminal -: Not executed. Waiting: The terminal is being monitored.
show wol [OP-WOL] 546
Part 10: High Reliability Based on Redundant Configurations 30.
show gsrp aware show gsrp aware Displays GSRP aware information. Syntax show gsrp aware Input mode User mode and administrator mode Parameters None Example Figure 30-1 Example of displaying the show gsrp aware command > show gsrp aware Date 2008/11/14 14:34:40 UTCLast mac_address_table Flush Time : 2008/11/14 14:34:35 GSRP Flush Request Parameters : GSRP ID : 10 VLAN Group ID : 6 Port : 0/16 Source MAC Address : 0012.e208.
show gsrp aware Response messages Table 30-1 List of response messages for the show gsrp aware command Message Description No received flush request frame. No GSRP Flush request frames were received. Notes Receiving a GSRP Flush request frame clears all MAC address tables for every VLAN group IDs.
show gsrp aware 550
31.
select switchport backup interface select switchport backup interface Specifies the interface that performs a manual switchback. Syntax select switchport backup interface{gigabitethernet | port-channel } [AX2200S] select switchport backup interface{{fastethernet | gigabitethernet} | port-channel } [AX1250S] [AX1240S] Input mode Administrator mode Parameters gigabitethernet [AX2200S] Specifies a 10BASE-T/100BASE-TX/1000BASE-T or 1000BASE-X interface.
select switchport backup interface Message Description Port-channel is already selected. The specified interface is already running. : Channel group number Ethernet < IF# > is down. The specified interface is not running. : Interface port number Port-channel is down. The specified interface is not running. : Channel group number Not ready. Please wait a minute. Uplink redundancy is being initialized. Wait a while.
show switchport backup show switchport backup Displays information about uplink redundancy.
show switchport backup Item Preemption Flush Meaning Displayed information Status Status of the secondary port Forwarding: Forwarding Blocking: Blocking Down: Link down Delay The time value (in seconds) for automatic or timer switch-back - is displayed when this item is not set. Limit The time remaining until a timer switch-back (in seconds) - is displayed when this item is not set. VLAN VLAN to which flush control frames are sent 1 to 4094: Indicates a VLAN ID. untag: No VLAN is specified.
show switchport backup statistics show switchport backup statistics Displays statistics related to flush control frames. Syntax show switchport backup statistics Input mode User mode and administrator mode Parameters None Example Figure 31-3 Example of displaying statistics about the flush control frames > show switchport backup statistics Date 2008/11/04 17:34:51 UTC System ID : 00ed.f009.
show switchport backup statistics > Display items Table 31-4 Items displayed for statistics about the flush control frames Item Meaning Displayed information System ID MAC address of the Switch -- Port: Interface port number -- ChGr Channel group number -- Transmit Whether the transmission of flush control frames has been set on: Transmit off: Does not transmit Transmit Total packets Number of times a flush control frame was sent -- Receive Total packets Number of ti
show switchport backup statistics If the elapsed time is more than 24 hours: d days hh:mm:ss ago (d=number of days, hh=hours, mm=minutes, ss=seconds) Impact on communication None Response messages None Notes None 558
clear switchport backup statistics clear switchport backup statistics Clears statistics related to flush control frames.
show switchport backup mac-address-table update show switchport backup mac-address-table update Displays information about MAC address update frames.
show switchport backup mac-address-table update Item Meaning Displayed information Status Status of the primary port Forwarding: Forwarding Blocking: Blocking Down: Link down Secondary The number of the secondary port or the channel group -- Status Status of the secondary port Forwarding: Forwarding Blocking: Blocking Down: Link down Delay The time value (in seconds) for automatic or timer switch-back - is displayed when this item is not set.
show switchport backup mac-address-table update statistics show switchport backup mac-address-table update statistics Displays statistics related to MAC address update frames. Syntax show switchport backup mac-address-table update statistics Input mode User mode and administrator mode Parameters None Example Figure 31-5 Example of displaying statistics about the MAC address update frames > show switchport backup mac-address-table update statistics Date 2009/03/20 18:04:33 UTC System ID : 0012.e244.
show switchport backup mac-address-table update statistics Display items Table 31-7 Display items for statistics about MAC address update frames Item Meaning Displayed information System ID MAC address of the Switch -- Port Interface port number -- ChGr Channel group number -- Transition count Number of primary and secondary switchovers -- Update transmit total packets Number of MAC address update frames that have been sent -- Transmission over flows Number of overfl
show switchport backup mac-address-table update statistics Message Description Not ready. Please wait a minute. Uplink redundancy is being initialized. Wait a while. Notes If there is no configuration for the port channel interface specified as the secondary port, no information about a primary or secondary pair is displayed.
clear switchport backup mac-address-table update statistics clear switchport backup mac-address-table update statistics Clears the statistics related to MAC address update frames.
clear switchport backup mac-address-table update statistics 566
Part 11: High Reliability Based on Network Failure Detection 32. IEEE 802.
show efmoam show efmoam Displays the IEEE 802.3ah/OAM configuration information and the status of ports. Syntax show efmoam [port ] Input mode User mode and administrator mode Parameters port Displays the IEEE 802.3ah/OAM configuration information for the specified port. For details about how to specify and the specifiable range of values, see Specifiable values for parameters. Operation when this parameter is omitted: The IEEE 802.
show efmoam Item Meaning Displayed information recognized.(Whether the partner switch has recognized the Switch is not clear.) Mutually Seen: The partner switch has been recognized. (The partner switch has also recognized the Switch.) Dest MAC MAC address of the port on the partner device unknown: No information has been received from the partner switch since the device started up.
show efmoam statistics show efmoam statistics Displays IEEE 802.3ah/OAM statistics. Syntax show efmoam statistics [port ] Input mode User mode and administrator mode Parameters port Displays the IEEE 802.3ah/OAM statistics for the specified port in list format. For details about how to specify and the specifiable range of values, see Specifiable values for parameters. Operation when this parameter is omitted: Statistics for all IEEE 802.
show efmoam statistics Item Meaning Displayed information [Status] Port status in the IEEE 802.3ah/UDLD functionality Forced Down (UDLD): Forced link-down in the UDLD functionality Down: Link-down due to some other reason Passive Wait: Wait status because the partner switch has not been recognized Active Wait: Wait status because the partner switch has not been recognized (OAM is being sent) Partner Seen: The partner switch has been recognized.
show efmoam statistics displayed.
clear efmoam statistics clear efmoam statistics Clears the IEEE 802.3ah/OAM statistics. Syntax clear efmoam statistics Input mode User mode and administrator mode Parameters None Example Figure 32-3 Example of clearing IEEE 802.
clear efmoam statistics 574
33.
show storm-control show storm-control Displays storm control information. Syntax show storm-control [port ][broadcast][multicast][unicast][detail] Input mode User mode and administrator mode Parameters port Displays the storm control information for the specified port. For details about how to specify and the specifiable range of values, see Specifiable values for parameters.
show storm-control Display items in Example 1 Table 33-1 Display items for storm control information Item Meaning Displayed information Port Port number -- Detect Storm detection threshold Displays the upper threshold. Recovery Recovery-from-storm threshold -- Filter Flow rate limit value Displays the lower threshold. -- is displayed if a storm-control action filter has not been set. State Storm detection status Forwarding: Forwarding normally Filtering: The flow rate limit is on.
show storm-control Item Meaning Displayed information Recover rate Recovery-from-storm threshold -- is displayed if this item has not been set. Filter rate Flow rate limit value Displays the lower threshold. -- is displayed if a storm-control action filter has not been set. Action Operations when a storm is detected Inactivate: The applicable port is blocked. Filter: The flow rate of the received frames has a limit. Trap: An SNMP trap is issued. Log: A log message is output.
clear storm-control clear storm-control Clears the storm control statistics counters. Syntax clear storm-control Input mode User mode and administrator mode Parameters None Example 1 Figure 33-3 Clearing the storm control statistics counters > clear storm-control > Impact on communication None Response messages Table 33-4 List of response messages for the clear storm-control command Message Description Can't execute. The command could not be executed. Re-execute the command.
clear storm-control 580
34.
show loop-detection show loop-detection Displays L2 loop detection information. Syntax show loop-detection [port ] [channel-group-number ] Input mode User mode and administrator mode Parameters port Displays L2 loop detection information for the specified port numbers. For details about how to specify and the specifiable range of values, see Specifiable values for parameters.
show loop-detection 0/9 0/10 0/17 0/18 0/19 0/20 0/21 0/22 0/24 0/25 0/26 ChGr:1 ChGr:2 ChGr:5 ChGr:8 Down Down Down Down Down Down Down Down Down Down Down Down(loop) Down(loop) Down Down trap trap trap trap trap trap trap uplink trap trap trap send-inact send-inact trap uplink 0 0 0 0 0 0 0 0 0 0 200 200 0 - 3569 3569 - ChGr:2 ChGr:1 0/8 1 1 1 > Display items Table 34-1 Items displayed for L2 loop detection information Item Meaning Displayed information Interval Time Sending interval of L2 loo
show loop-detection Item Meaning Displayed information Status Port state Up: Indicates that the port status is Up. Down: The port is in Down status. Down(loop): The port status is Down due to the L2 loop detection functionality. Type Port type send-inact: Detection-frame-sending-and-port-blocking port send: Detection-frame-sending port trap: Detecting port exception: Out-of-scope port uplink: Uplink port DetectCnt Number of current detections Displays the number of L2 loop detections.
show loop-detection Message Description L2 Loop Detection is not configured. L2 loop detection has not been set, or the functionality has not been enabled. Check the configuration. Notes Changing or disabling the L2 loop detection functionality clears the L2 loop detection information.
show loop-detection statistics show loop-detection statistics Displays L2 loop detection statistics. Syntax show loop-detection statistics [port ] [channel-group-number ] Input mode User mode and administrator mode Parameters port Displays L2 loop detection statistics for the specified port number. For details about how to specify and the specifiable range of values, see Specifiable values for parameters.
show loop-detection statistics Port:0/5 Up TxFrame : Inactive Count: Last Inactive : Type :exception 0 RxFrame 0 RxDiscard - Last RxFrame : : 201 : 0 : 2008/11/12 16:22:46 : > Display items Table 34-3 Items displayed for L2 loop detection statistics Item Meaning Displayed information Port Port number : Port number ChGr Channel group number : Channel group number Up The port is in Up status. -- Down The port is in Down status.
show loop-detection statistics Response messages Table 34-4 List of response messages for the show loop-detection statistics command Message Description Can't execute. The command could not be executed. Re-execute the command. No corresponding port information. No port and channel group information for L2 loop detection was found. L2 Loop Detection is not configured. L2 loop detection has not been set, or the functionality has not been enabled. Check the configuration.
clear loop-detection statistics clear loop-detection statistics Clears L2 loop detection statistics. Syntax clear loop-detection statistics [port ] [channel-group-number ] Input mode User mode and administrator mode Parameters port Clears the L2 loop detection statistics for the specified port number. For details about how to specify and the specifiable range of values, see Specifiable values for parameters.
clear loop-detection statistics Response messages Table 34-5 List of response messages for the clear loop-detection statistics command Message Description Can't execute. The command could not be executed. Re-execute the command. L2 Loop Detection is not configured. L2 loop detection has not been set, or the functionality has not been enabled. Check the configuration. Notes 590 Disabling the L2 loop detection functionality clears the statistics.
show loop-detection logging show loop-detection logging Displays the log information for the received L2 loop detection frames. With this command, you can check the port from which an L2 loop detection frame was sent and the port on which it was received. Log entries for the latest 1000 received frames are displayed in reverse chronological order. Note that the discarded frames are not displayed.
show loop-detection logging Item Meaning Displayed information number Vlan VLAN ID Displays the VLAN ID when an L2 loop detection frame was sent. Uplink Uplink port Indicates that the L2 loop detection frame was received at the uplink port. Inactive Port blocked Indicates that a port has been blocked. Impact on communication None Response messages Table 34-7 List of response messages for the show loop-detection logging command Message Description Can't execute.
clear loop-detection logging clear loop-detection logging Clears the log information for the received L2 loop detection frames. Syntax clear loop-detection logging Input mode User mode and administrator mode Parameters None Example The following figure is an example of clearing t the log information for the received L2 loop detection frames.
clear loop-detection logging 594
35.
l2ping l2ping This command can be used to determine whether the MEP of the Switch can communicate with a remote MEP or MIP. Syntax l2ping {remote-mac | remote-mep } domain-level ma mep [count ] [timeout ] [framesize ] Input mode User mode and administrator mode Parameters {remote-mac | remote-mep } remote-mac Specify the MAC address of the remote MEP or MIP whose connectivity you want to verify.
l2ping Figure 35-1 Example of executing the l2ping command > l2ping remote-mep 1010 domain-level 7 ma 1000 mep 1020 count 3 L2ping to MP:1010(0012.e254.dc01) on Level:7 MA:1000 MEP:1020 VLAN:20 Time:2009/10/28 06:59:50 1: L2ping Reply from 0012.e254.dc01 64bytes Time= 20 ms 2: L2ping Reply from 0012.e254.dc01 64bytes Time= 10 ms 3: L2ping Reply from 0012.e254.
l2ping Item Meaning Displayed information Lost Frame Percentage of lost frames (%) -- Round-trip Min/Avg/Max Minimum, average, and maximum response time -- Impact on communication None Response messages Table 35-2 List of response messages for the l2ping command Message Description Can't execute. The command could not be executed. Re-execute the command. CFM is not configured. CFM has not been configured. Check the configuration. No such Remote MEP. The specified remote MEP is unknown.
l2traceroute l2traceroute Verifies the route from the Switch's MEP to a remote MEP or MIP. Syntax l2traceroute {remote-mac | remote-mep } domain-level ma mep [timeout ] [ttl ] Input mode User mode and administrator mode Parameters {remote-mac | remote-mep } remote-mac Specify the MAC address of the destination remote MEP or MIP whose route you want to verify.
l2traceroute Display items Table 35-3 Items displayed for the l2traceroute command Item Meaning Displayed information L2traceroute to MP: The MAC address of the destination remote MEP or MIP. The MAC address of the destination remote MEP or MIP. : When the MAC address of a remote MEP or MIP is specified. (): When a remote MEP ID is specified.
l2traceroute Message Description No such Remote MEP. The specified remote MEP is unknown. Make sure the specified parameter is correct, and then try again. Specified Domain Level is not configured. The specified domain level has not been configured. Make sure the specified parameter is correct, and then try again. Specified MA is not configured. The specified MA ID number or the primary VLAN for the specified MA has not been configured.
show cfm show cfm Displays the configuration information for domains and MPs, and the CFM information related to detected failures. Syntax show cfm [{[domain-level ] [ma ] [mep ] | summary}] Input mode User mode and administrator mode Parameters {[domain-level ] [ma ] [mep ] | summary} domain-level Displays CFM information for the specified domain level. ma Displays CFM information for the specified MA ID number.
show cfm MIP Information CH8 (Up) Enable MAC:00ed.f205.0108 > Display items in Example 1 Table 35-5 Items displayed for the CFM configuration information Item Meaning Displayed information Domain Level Domain level and domain name : Domain level Name:-: Indicates that the domain name is not used. Name(str):: A character string is used for the domain name. Name(dns):: A domain name server name is used for the domain name.
show cfm Item Meaning Displayed information 3: Indicates CCM timeout. 4: Indicates that an invalid CCM was received from the remote MEP in the MA. 5: Indicates that a CCM was received from another MA. - is displayed if CC is disabled. Start Time Time from the detection of a failure until an alarm is issued 2500 to 10000 ms: The time lapsing from the detection of a failure until an alarm is issued -- is displayed if CC is not operating.
show cfm Item Meaning Displayed information Status The status of failure detection on the MEP The highest-level failure of the failures detected by MEP is displayed. OtherCCM: Indicates that a CCM was received from another MA. ErrorCCM: Indicates that a CCM that contains an invalid MEP ID, or a CCM with an invalid transmission interval, was received. Timeout: Indicates CCM timeout. PortState: Indicates that a CCM reporting a port failure was received.
show cfm Display items in Example 2 Table 35-6 Items displayed for the number of entities accommodated in the CFM configuration Item Meaning Displayed information DownMEP Counts Number of Down MEPs Number of Down MEPs set in the configuration UpMEP Counts Number of Up MEPs Number of Up MEPs set in the configuration MIP Counts Number of MIPs Number of MIPs set in the configuration CFM Port Counts Total number of CFM ports Total number of ports from which CFM PDUs are sent in the primary VLAN t
show cfm remote-mep show cfm remote-mep Displays the configuration of a remote MEP that has been detected by the CC functionality of CFM, and the status of connection monitoring between the Switch and the remote MEP. Syntax show cfm remote-mep [domain-level ] [ma ] [mep ] [remote-mep ] [detail] Input mode User mode and administrator mode Parameters domain-level Displays the remote MEP information for the specified domain level. ma
show cfm remote-mep ID:8004 Status:- MAC:00ed.f006.0108 Time:2009/10/29 06:04:35 > Display items in Example 1 Table 35-8 Items displayed for remote MEP information Item Meaning Displayed information Total RMEP Counts Total number of remote MEPs -- Domain Level Domain level and domain name :Domain level Name:-: Indicates that the domain name is not used. Name(str):: A character string is used for the domain name.
show cfm remote-mep Item Meaning Displayed information RMEP Information Remote MEP information -- Counts Number of remote MEPs -- ID Remote MEP ID -- Status The status of failure detection in the remote MEP The highest-level failure of the failures detected by the remote MEP is displayed. OtherCCM: Indicates that a CCM was received from another MA. ErrorCCM: Indicates that a CCM that contains an invalid MEP ID, or a CCM with an invalid transmission interval, was received.
show cfm remote-mep Display items in Example 2 Table 35-9 Items displayed for detailed remote MEP information Item Meaning Displayed information Total RMEP Counts Total number of remote MEPs -- Domain Level Domain level and domain name : Domain level Name:-: Indicates that the domain name is not used. Name(str):: A character string is used for the domain name. Name(dns):: A domain name server name is used for the domain name.
show cfm remote-mep Item Meaning Displayed information ID Remote MEP ID -- Status The status of failure detection in the remote MEP The highest-level failure of the failures detected by the remote MEP is displayed. OtherCCM: Indicates that a CCM was received from another MA. ErrorCCM: Indicates that a CCM that contains an invalid MEP ID, or a CCM with an invalid transmission interval, was received. Timeout: Indicates CCM timeout.
show cfm remote-mep Item Meaning Displayed information Chassis ID Chassis ID of the remote MEP Displays the chassis ID information in the CCM that was last received. Type Subtype of the chassis ID Type of the information displayed for Info. CHAS-COMP: Indicates that entPhysicalAlias of the Entity MIB is displayed for Info. CHAS-IF: Indicates that ifAlias of the interface MIB is displayed for Info. PORT: Indicates that portEntPhysicalAlias of the Entity MIB is displayed for Info.
show cfm remote-mep Notes None 613
clear cfm remote-mep clear cfm remote-mep Clears the remote MEP information. Syntax clear cfm remote-mep [domain-level [ma [mep ][remote-mep ]]] Input mode User mode and administrator mode Parameters domain-level Clears the remote MEP information for the specified domain level. ma Clears the remote MEP information for the specified MA ID number. mep Clears the remote MEP information for the specified MEP.
clear cfm remote-mep Message Description CFM is not configured. CFM has not been configured. Check the configuration.
show cfm fault show cfm fault Displays the type of failure that has been detected by the CC functionality of CFM, and the information in the CCM that triggered the failure. Syntax show cfm fault [domain-level ] [ma ] [mep ] [{fault | cleared}] [detail] Input mode User mode and administrator mode Parameters domain-level Displays the failure information for the specified domain level. ma Displays the failure information for the specified MA ID number.
show cfm fault Display items in Example 1 Table 35-12 Items displayed for failure information Item Meaning Displayed information MD Domain level 0 to 7 MA MA ID number Configured MA ID number MEP MEP ID MEP ID for the Switch Fault A failure is being detected. -- Cleared A failure has been cleared. -- Time Time a failure was detected The time a failure was detected by the MEP If multiple failures have been detected, the time each failure was detected is displayed.
show cfm fault Item Meaning Displayed information Fault A failure is being detected. -- Cleared A failure has been cleared. -- OtherCCM Failure level 5 A CCM was received from another MA. Indicates that a CCM was received from the remote MEP belonging to another MA. On: A failure was found. -: No failures were found. ErrorCCM Failure level 4 An invalid CCM was received. Indicates that an invalid CCM was received from the remote MEP belonging to the same MA.
show cfm fault Message Description CFM is not configured. CFM has not been configured. Check the configuration. Specified Domain Level is not configured. The specified domain level has not been configured. Make sure the specified parameter is correct, and then try again. Specified MA is not configured. The specified MA ID has not been configured. Make sure the specified parameter is correct, and then try again. Specified MEP is not configured. The specified MEP ID has not been configured.
clear cfm fault clear cfm fault Clears the CFM failure information. Syntax clear cfm fault [domain-level [ma [mep ]]] Input mode User mode and administrator mode Parameters domain-level Clears the failure information for the specified domain level. ma Clears the failure information for the specified MA ID number. mep Clears the failure information for the specified MEP ID.
clear cfm fault Notes None 621
show cfm l2traceroute-db show cfm l2traceroute-db Displays route information acquired by the l2traceroute command and information about the MP on the route. The information registered in the linktrace database is displayed. Syntax show cfm l2traceroute-db [{remote-mac | remote-mep } domain-level ma
show cfm l2traceroute-db Display items in Example 1 Table 35-16 Items displayed for linktrace database information Item Meaning Displayed information L2traceroute to MP: The MAC address of the destination remote MEP or MIP. The MAC address of the destination remote MEP or MIP. : When the MAC address of a remote MEP or MIP is specified. (): When a remote MEP ID is specified.
show cfm l2traceroute-db Chassis ID Ingress Port MP Address: Egress Port MP Address: Type: MAC Type: LOCAL 0012.e254.dc01 Type: LOCAL 0012.e254.dc09 Info: 0012.e254.dbf0 Info: Port 0/17 Action: OK Info: Port 0/25 Action: OK > Display items in Example 2 Table 35-17 Items displayed for the detailed linktrace database information Item Meaning Displayed information L2traceroute to MP: The MAC address of the destination remote MEP or MIP. The MAC address of the destination remote MEP or MIP.
show cfm l2traceroute-db Item Meaning Displayed information Relay Action The processing method for forwarding a linktrace message The processing method for forwarding a linktrace message RlyHit: A linktrace message was not forwarded because it had reached the destination (the destination remote MEP or MIP). MacAdrTbl: A linktrace message was forwarded by using the MAC address table. MPCCMDB: A linktrace message was forwarded by using the MIPCCM database.
show cfm l2traceroute-db Item Meaning Displayed information Type Subtype of the ingress port Type of the information displayed for Info. PORT: Indicates that ifAlias of the interface MIB is displayed for Info. COMP: Indicates that entPhysicalAlias of the Entity MIB is displayed for Info. MAC: Indicates that macAddress of the CFM MIB is displayed for Info. NET: Indicates that networkAddress of the CFM MIB is displayed for Info.
show cfm l2traceroute-db Item Meaning Displayed information Type Subtype of the egress port Type of the information displayed for Info. PORT: Indicates that ifAlias of the interface MIB is displayed for Info. COMP: Indicates that entPhysicalAlias of the Entity MIB is displayed for Info. MAC: Indicates that macAddress of the CFM MIB is displayed for Info. NET: Indicates that networkAddress of the CFM MIB is displayed for Info.
show cfm l2traceroute-db Message Description No such destination MAC address. The specified destination MAC address is unknown. Make sure the specified parameter is correct, and then try again. No such Domain Level. The specified domain level is unknown. Make sure the specified parameter is correct, and then try again. No such MA. The specified MA ID is unknown. Make sure the specified parameter is correct, and then try again. No such Remote MEP. The specified remote MEP is unknown.
clear cfm l2traceroute-db clear cfm l2traceroute-db Clears CFM linktrace database information. Syntax clear cfm l2traceroute-db Input mode User mode and administrator mode Parameters None Example The following figure is an example of clearing CFM linktrace database information.
show cfm statistics show cfm statistics Displays the CFM statistics. Syntax show cfm statistics [domain-level ] [ma ] [mep ] Input mode User mode and administrator mode Parameters domain-level Displays the CFM statistics for the specified domain level. ma Displays the CFM statistics for the specified MA ID number. mep Displays the CFM statistics for the specified MEP ID.
show cfm statistics Display items Table 35-20 Items displayed for CFM statistics Item Meaning Displayed information Domain Level Domain level and domain name : Domain level Name:-: Indicates that the domain name is not used. Name(str):: A character string is used for the domain name. Name(dns):: A domain name server name is used for the domain name. Name(mac):(ID): A MAC address and ID are used for the domain name. MA MA ID number and MA name
show cfm statistics Item Meaning Displayed information CFM Operating status of CFM on a port The operating status of CFM on a port to which MIP belongs. Enable: Indicates that CFM on the port is enabled. Disable: Indicates that CFM on the port is disabled. Tx Number of CCM transmissions - is displayed for MIP. Rx Number of CCM receptions - is displayed for MIP.
show cfm statistics Item LTM LTR Meaning Displayed information RxDiscard Number of loopback replies that have been discarded For an MEP, the following loopback replies are discarded: A loopback reply with an invalid format A loopback reply whose destination MAC address is different from the MAC address of the MEP A loopback reply whose source MAC address is the multicast address or broadcast address A loopback reply whose Loopback Transaction Identifier value is different from that in the lo
show cfm statistics Item Meaning Displayed information discarded Impact on communication None Response messages Table 35-21 List of response messages for the show cfm statistics command Message Description Can't execute. The command could not be executed. Re-execute the command. CFM is not configured. CFM has not been configured. Check the configuration. Specified Domain Level is not configured. The specified domain level has not been configured.
clear cfm statistics clear cfm statistics Clears the CFM statistics. Syntax clear cfm statistics [domain-level [ma [mep ]]] clear cfm statistics [domain-level [mip] [port ] [channel-group-number ]] Input mode User mode and administrator mode Parameters domain-level Clears CFM statistics for the specified domain level. ma Clears CFM statistics for the specified MA ID number.
clear cfm statistics Response messages Table 35-22 List of response messages for the clear cfm statistics command Message Description Can't execute. The command could not be executed. Re-execute the command. CFM is not configured. CFM has not been configured. Check the configuration.
Part 12: Management of Neighboring Device Information 36.
show lldp show lldp Displays LLDP configuration information and neighboring device information. Syntax show lldp [port ] [detail] Input mode User mode and administrator mode Parameters port Displays LLDP information for the specified port. For details about how to specify and the specifiable range of values, see Specifiable values for parameters. Operation when this parameter is omitted: The LLDP information for all ports is displayed.
show lldp Display items in Example 1 Table 36-1 Simplified display of LLDP setting information and neighboring device information Item Meaning Displayed information Status Status of the LLDP functionality on the Switch Enabled: The LLDP functionality is enabled. Disabled: The LLDP functionality is disabled. When the status is Disabled, LLDP is not configured is displayed because there is no information.
show lldp Ver. 2.3.B OS-LT2 Total Neighbor Counts=4 Port Counts=5 Port 0/5(CH:1) Link: Up Neighbor Counts: 1 Port ID: Type=MAC Info=0012.e204.0105 | Port Description: FastEther 0/5 |1 Tag ID: Tagged=10,100,4094 | IPv4 Address: Tagged: 10 192.168.10.2 1 TTL:92 Chassis ID: Type=MAC Info=0012.e284.0001 System Description: ALAXALA AX1240 AX-1240-24T2C [AX1240S-24T2C] Switching software Ver. 2.3.B OS-LT2 |2 Port ID: Type=MAC Info=0012.e284.
show lldp Item Meaning Displayed information System Description System description of the Switch The same character string as the string used for the MIB (sysDescr) Total Neighbor Counts Total number of neighboring devices connected to the Switch Number of neighboring devices whose information is retained by the Switch.
show lldp Item Meaning Displayed information Type Subtype for the chassis ID CHAS-COMP: Indicates that entPhysicalAlias of the Entity MIB is displayed for Info. CHAS-IF: Indicates that ifAlias of the interface MIB is displayed for Info. PORT: Indicates that portEntPhysicalAlias of the Entity MIB is displayed for Info. MAC: Indicates that macAddress of the LLDP MIB is displayed for Info. NET: Indicates that networkAddress of the LLDP MIB is displayed for Info.
show lldp Item Meaning Displayed information assigned described in the previous item. IPv6 Address IP address assigned to the neighboring device (IPv6) This item is not displayed if it has not been reported. Untagged When the VLAN to which the IPv6 address of the neighboring device has been assigned is untagged -- Tagged VLAN ID for the VLAN to which the IPv6 address of the neighboring device has been assigned The smallest ID is displayed if multiple IDs have been assigned.
clear lldp clear lldp Clears LLDP neighboring device information. Syntax clear lldp Input mode User mode and administrator mode Parameters None Example Figure 36-3 Example of executing the clear lldp command > clear lldp > Display items None Impact on communication None Response messages Table 36-4 List of response messages for the clear lldp command Message Description LLDP is not configured. LLDP has not been configured. Check the configuration.
show lldp statistics show lldp statistics Displays LLDP statistics. Syntax show lldp statistics [port ] Input mode User mode and administrator mode Parameters port Displays LLDP statistics for the specified ports in list format. For details about how to specify and the specifiable range of values, see Specifiable values for parameters. Operation when this parameter is omitted: Displays statistics for all LLDP frames by port.
show lldp statistics Item Meaning Displayed information Discard TLV TLV statistics -- TLVs Number of TLVs that have been discarded 0 to 4294967295 Impact on communication None Response messages Table 36-6 List of response messages for the show lldp statistics command Message Description LLDP is not configured. LLDP has not been configured. Check the configuration. There is no information. ( lldp statistics ) There is no lldp statistics information.
clear lldp statistics clear lldp statistics Clears LLDP statistics.
clear lldp statistics 648
Index Index A activate, 167 activate power inline [AX2200S][AX1240S], 178 B backup, 90 C clear access-filter, 319 clear authentication fail-list, 334 clear authentication logging, 337 clear cfm fault, 620 clear cfm l2traceroute-db, 629 clear cfm remote-mep, 614 clear cfm statistics, 635 clear channel-group statistics lacp, 199 clear counters, 156 clear critical-logging, 123 clear dot1x auth-state, 352 clear dot1x logging, 367 clear dot1x statistics, 351 clear efmoam statistics, 573 clear igmp-snooping, 292
Index R reauthenticate dot1x, 354 reload, 86 remove mac-authentication mac-address, 488 remove web-authentication user, 375 remove wol-authentication user [OP-WOL], 531 remove wol-device name [OP-WOL], 513 rename, 39 rename user, 53 restore, 93 rmdir, 45 S select switchport backup interface, 552 set clock, 66 set clock ntp, 69 set exec-timeout, 16 set mac-authentication mac-address, 486 set power-control schedule, 96 set terminal pager, 18 set web-authentication html-files, 425 set web-authentication passw
Index show spanning-tree statistics, 251 show startup-config, 33 show storm-control, 576 show switchport backup, 554 show switchport backup mac-address-table update, 560 show switchport backup mac-address-table update statistics, 562 show switchport backup statistics, 556 show system, 76 show tech-support, 88 show version, 74 show vlan, 208 show vlan mac-vlan, 218 show web-authentication, 406 show web-authentication html-files, 430 show web-authentication logging, 390 show web-authentication login, 379 sho
