Instruction Manual

ManualsBrandsAllied Telesis ManualsComputer HardwareAT-S94 CLI (AT-8000S Series)

Table Of Contents

Preface
- Intended Audience
- Document Conventions
- Contacting Allied Telesis
Chapter 1. Using the CLI
- Overview
- CLI Command Modes
- Starting the CLI
- Editing Features
  - Entering Commands
  - Copying and Pasting Text
Chapter 2. ACL Commands
- ip access-list
- permit (ip)
- deny (IP)
- ipv6 access-list
- permit (IPv6)
- deny (IPv6)
- mac access-list
- permit (MAC)
- deny (MAC)
- service-acl
- show access-lists
- show interfaces access-lists
Chapter 3. AAA Commands
- aaa authentication login
- aaa authentication enable
- login authentication
- enable authentication
- ip http authentication
- ip https authentication
- show authentication methods
- password
- username
- aaa accounting login
- aaa accounting dot1x
- show users accounts
- enable password
- show accounting
Chapter 4. Address Table Commands
- bridge address
- bridge multicast filtering
- bridge multicast address
- bridge multicast forbidden address
- bridge multicast unregistered
- bridge multicast forward-all
- bridge multicast forbidden forward-all
- bridge aging-time
- clear bridge
- port security
- port security mode
- port security max
- port security routed secure-address
- show bridge address-table
- show bridge address-table static
- show bridge address-table count
- show bridge multicast address-table
- show bridge multicast address-table static
- show bridge multicast filtering
- show bridge multicast unregistered
- show ports security
- show ports security addresses
Chapter 5. Clock Commands
- clock set
- clock source
- clock timezone
- clock summer-time
- sntp authentication-key
- sntp authenticate
- sntp trusted-key
- sntp client poll timer
- sntp broadcast client enable
- sntp anycast client enable
- sntp client enable (Interface)
- sntp unicast client enable
- sntp unicast client poll
- sntp server
- show clock
- show sntp configuration
- show sntp status
Chapter 6. Configuration and Image File Commands
- copy
- dir
- delete
- boot system
- show running-config
- show startup-config
- show bootvar
Chapter 7. DHCP Snooping Commands
- ip dhcp snooping
- ip dhcp snooping vlan
- ip dhcp snooping trust
- ip dhcp snooping information option allowed-untrusted
- ip dhcp snooping verify
- ip dhcp snooping database
- ip dhcp snooping database update-freq
- ip dhcp snooping binding
- clear ip dhcp snooping database
- show ip dhcp snooping
- show ip dhcp snooping binding
Chapter 8. Ethernet Configuration Commands
- interface ethernet
- interface range ethernet
- shutdown
- description
- speed
- duplex
- negotiation
- flowcontrol
- mdix
- back-pressure
- system flowcontrol
- clear counters
- set interface active
- show interfaces advertise
- show interfaces configuration
- show interfaces status
- show interfaces description
- show interfaces counters
- port storm-control include-multicast (IC)
- port storm-control broadcast enable
- port storm-control broadcast rate
- show ports storm-control
Chapter 9. GVRP Commands
- gvrp enable (Global)
- gvrp enable (Interface)
- garp timer
- gvrp vlan-creation-forbid
- gvrp registration-forbid
- clear gvrp statistics
- show gvrp configuration
- show gvrp statistics
- show gvrp error-statistics
Chapter 10. IGMP Snooping Commands
- ip igmp snooping (Global)
- ip igmp snooping (Interface)
- ip igmp snooping mrouter learn-pim-dvmrp
- ip igmp snooping host-time-out
- ip igmp snooping querier enable
- ip igmp snooping querier address
- ip igmp snooping querier version
- ip igmp snooping mrouter-time-out
- ip igmp snooping leave-time-out
- show ip igmp snooping mrouter
- show ip igmp snooping interface
- show ip igmp snooping groups
Chapter 11. IP Addressing Commands
- ip address
- ip address dhcp
- ip default-gateway
- show ip interface
- arp
- arp timeout
- clear arp-cache
- show arp
- ip domain-lookup
- ip domain-name
- ip name-server
- ip host
- clear host
- clear host dhcp
- show hosts
Chapter 12. IPv6 Addressing Commands
- ipv6 enable
- ipv6 address
- ipv6 address link-local
- ipv6 default-gateway
- show ipv6 interface
- ipv6 nd dad attempts
- ipv6 host
- ipv6 neighbor
- show ipv6 neighbors
- clear ipv6 neighbors
Chapter 13. Line Commands
- line
- speed
- autobaud
- exec-timeout
- history
- history size
- terminal history
- terminal history size
- show line
Chapter 14. DHCP Option 82 Commands
- ip dhcp information option
- show ip dhcp information option
Chapter 15. IP DHCP Relay
- ip dhcp relay enable (global)
- ip dhcp relay enable (interface)
- ip dhcp relay address
- show ip dhcp relay
Chapter 16. LACP Commands
- lacp system-priority
- lacp port-priority
- lacp timeout
- show lacp ethernet
- show lacp port-channel
Chapter 17. LLDP Commands
- lldp enable (global)
- lldp enable (interface)
- lldp timer
- lldp hold-multiplier
- lldp reinit-delay
- lldp tx-delay
- lldp optional-tlv
- lldp management-address
- lldp notifications
- lldp med enable
- lldp med network-policy (global)
- lldp med network-policy (interface)
- lldp med location
- clear lldp rx
- show lldp configuration
- show lldp med configuration
- show lldp local
- show lldp neighbors
Chapter 18. Login Banner Commands
- login_banner
- show login_banner
Chapter 19. Management ACL Commands
- management access-list
- permit (Management)
- deny (Management)
- management access-class
- show management access-list
- show management access-class
Chapter 20. PHY Diagnostics Commands
- test copper-port tdr
- show copper-ports tdr
- show copper-ports cable-length
- show fiber-ports optical-transceiver
Chapter 21. Port Channel Commands
- interface port-channel
- interface range port-channel
- channel-group
- show interfaces port-channel
Chapter 22. Port Monitor Commands
- port monitor
- show ports monitor
Chapter 23. Power over Ethernet Commands
- power inline
- power inline powered-device
- power inline priority
- power inline usage-threshold
- power inline traps enable
- show power inline
- show power inline power-consumption
- show power inline version
Chapter 24. QoS Commands
- qos
- show qos
- priority-queue out num-of-queues
- rate-limit
- traffic-shape
- show qos interface
- wrr-queue cos-map
- qos trust (Global)
- qos map dscp-queue
- qos cos
- show qos map
Chapter 25. Radius Commands
- radius-server host
- radius-server key
- radius-server retransmit
- radius-server source-ip
- radius-server source-ipv6
- radius-server timeout
- radius-server deadtime
- show radius-servers
Chapter 26. RMON Commands
- show rmon statistics
- rmon collection history
- show rmon collection history
- show rmon history
- rmon alarm
- show rmon alarm-table
- show rmon alarm
- rmon event
- show rmon events
- show rmon log
- rmon table-size
Chapter 27. SNMP Commands
- snmp-server community
- snmp-server view
- snmp-server group
- snmp-server user
- snmp-server engineID local
- snmp-server enable traps
- snmp-server filter
- snmp-server host
- snmp-server v3-host
- snmp-server trap authentication
- snmp-server contact
- snmp-server location
- snmp-server set
- show snmp
- show snmp engineid
- show snmp views
- show snmp groups
- show snmp filters
- show snmp users
Chapter 28. Spanning-Tree Commands
- spanning-tree
- spanning-tree mode
- spanning-tree forward-time
- spanning-tree hello-time
- spanning-tree max-age
- spanning-tree priority
- spanning-tree disable
- spanning-tree cost
- spanning-tree port-priority
- spanning-tree portfast
- spanning-tree link-type
- spanning-tree pathcost method
- spanning-tree bpdu
- spanning-tree guard root
- spanning-tree bpduguard
- clear spanning-tree detected-protocols
- spanning-tree mst priority
- spanning-tree mst max-hops
- spanning-tree mst port-priority
- spanning-tree mst cost
- spanning-tree mst configuration
- instance (mst)
- name (mst)
- revision (mst)
- show (mst)
- exit (mst)
- abort (mst)
- show spanning-tree
Chapter 29. SSH Commands
- ip ssh port
- ip ssh server
- crypto key generate dsa
- crypto key generate rsa
- ip ssh pubkey-auth
- crypto key pubkey-chain ssh
- user-key
- key-string
- show ip ssh
- show crypto key mypubkey
- show crypto key pubkey-chain ssh
Chapter 30. Syslog Commands
- logging on
- logging
- logging console
- logging buffered
- logging buffered size
- clear logging
- logging file
- clear logging file
- aaa logging
- file-system logging
- management logging
- show logging
- show logging file
- show syslog-servers
Chapter 31. TACACS+ Commands
- tacacs-server host
- tacacs-server key
- tacacs-server timeout
- tacacs-server source-ip
- show tacacs
Chapter 32. Tunnel Commands
- interface tunnel
- tunnel mode ipv6ip
- tunnel isatap router
- tunnel source
- tunnel isatap query-interval
- tunnel isatap solicitation-interval
- tunnel isatap robustness
- show ipv6 tunnel
Chapter 33. System Management Commands
- ping
- telnet
- reload
- resume
- hostname
- stack master
- stack reload
- stack change unit-id
- show stack
- show users
- show sessions
- show system
- show system id
- show version
Chapter 34. User Interface Commands
- do
- enable
- disable
- login
- configure
- exit (Configuration)
- exit
- end
- help
- terminal datadump
- show history
- show privilege
Chapter 35. VLAN Commands
- vlan database
- vlan
- interface vlan
- interface range vlan
- name
- switchport protected
- switchport mode
- switchport access vlan
- switchport trunk allowed vlan
- switchport trunk native vlan
- switchport general allowed vlan
- switchport general pvid
- switchport general ingress-filtering disable
- switchport general acceptable-frame-type tagged-only
- switchport general map macs-group vlan
- map mac macs-group
- show vlan macs-group
- switchport forbidden vlan
- ip internal-usage-vlan
- show vlan
- show vlan internal usage
- show interfaces switchport
Chapter 36. Web Server Commands
- ip http server
- ip http port
- ip http exec-timeout
- ip https server
- ip https port
- ip https exec-timeout
- crypto certificate generate
- crypto certificate request
- crypto certificate import
- ip https certificate
- show crypto certificate mycertificate
- show ip http
- show ip https
Chapter 37. 802.1x Commands
- aaa authentication dot1x
- dot1x system-auth-control
- dot1x port-control
- dot1x re-authentication
- dot1x timeout re-authperiod
- dot1x re-authenticate
- dot1x timeout quiet-period
- dot1x timeout tx-period
- dot1x max-req
- dot1x timeout supp-timeout
- dot1x timeout server-timeout
- show dot1x
- show dot1x users
- show dot1x statistics
- dot1x auth-not-req
- dot1x guest-vlan
- dot1x single-host-violation
- dot1x mac-authentication
- show dot1x advanced
- dot1x guest-vlan enable
- dot1x guest-vlan timeout
- dot1x radius-attributes vlan
Index

ACL Commands

Page 34

User Guidelines

•

IPv6 Syntax — The 128-bit IPv6 address format is divided into eight groups of four hexadecimal digits.

Abbreviation of this format is done by replacing a group of zeros with double colons. The IPv6 address

representation can be further simplified by suppressing the leading zeros.

• All different IPv6 address formats are acceptable for insertion, yet for display purposes, the system displays

the most abbreviated form, which replaces groups of zeros with double colons and removes the leading

zeros.

• IPv6 Prefixes — While Unicast IPv6 addresses written with their prefix lengths are permitted, in practice their

prefix lengths are always 64 bits and therefore are not required to be expressed. Any prefix that is less than

64 bits is a route or address range that is summarizing a portion of the IPv6 address space.

• For every assignment of an IP address to an interface, the system runs the Duplicate Address Detection

algorithm to ensure uniqueness.

• An intermediary transition mechanism is required for IPv6-only nodes to communicate with IPv6 nodes over

an IPv4 infrastructure. The tunneling mechanism implemented is the Intra-Site Automatic Tunnel Addressing

Protocol (ISATAP). This protocol treats the IPv4 network as a virtual IPv6 local-link, with each IPv4 address

mapped to a Link Local IPv6 address.

Examples

The following example sets the conditions to deny a packet to pass an IPv6 Access List acl1.

mac access-list

The mac access-list Global Configuration mode command defines a Layer 2 Access List and places the device in

MAC-Access List Configuration mode. Use the no form of this command to remove the Access List.

Syntax

mac access-list access-list-name

no mac access-list access-list-name

Parameters

•

access-list-name — Name of the MAC-Access List.

Default Configuration

No MAC-Access List is defined.

Command Mode

Global Configuration mode

User Guidelines

MAC ACLs are defined by a unique name. An IPv4 ACL, IPv6 ACL and MAC ACL cannot share the same name.

Switch(config)# ipv6 access-list acl1

Switch(config-ipv6-acl)# deny-tcp 2001:0DB8:0300:0201::/64 any any 80