Release Note Software Version 2.9.1 For AT-8800, Rapier i, AT-8700XL, AT-8600, AT-9900, x900-48FE, AT-8900 and AT-9800 Series Switches, and AR400 and AR700 Series Routers Introduction .......................................................................................................3 Upgrading to Software Version 2.9.1 .................................................................4 Release Licences .........................................................................................
Release Note DHCP Snooping Enhancements ....................................................................... 50 Adding Default Access Routers to Static Entries ........................................ 50 Filtering Broadcast and Multicast Packets .................................................. 51 Command Reference Updates .................................................................. 52 MAC-Forced Forwarding ..................................................................................
Software Version 2.9.1 3 Introduction Allied Telesis announces the release of Software Version 2.9.1 on the products in the following table. This Release Note describes the new features and enhancements.
Upgrading to Software Version 2.9.1 Release Note Upgrading to Software Version 2.9.1 Software Version 2.9.1 is available as a flash release that can be downloaded directly from the Software/Documentation area of the Allied Telesis website: www.alliedtelesis.com/support/software For information about licencing this release, see “Release Licences” on page 5. The following table lists the file names for Software Version 2.9.1. Product name Release file GUI resource file CLI help file AT-9924T 89-291.
Software Version 2.9.1 5 Release Licences Release licences are valid for all releases for switches and routers manufactured at the end of 2006. This means you can upgrade on these devices without entering the enable release command. If you already have a device, contact your Allied Telesis representative for information about licencing.
Upgrading to Software Version 2.9.1 Release Note If you upgrade from a 2.9.1 version to a later 2.9.1 maintenance version, you can install the release and GUI in the same step. Also, some TFTP servers do not support filenames longer that 8 characters and therefore will not allow you to load the file from the server. With such servers, you can simply rename the GUI file to a short name on the TFTP server, then rename it correctly on the router or switch.
Software Version 2.9.1 7 Overview of New Features AT-8600: GUI Support for AT-8624POE and AT-8648T/2SP ! AT-8600: Protocol Independent Multicast (PIM) Support ! AT-8600: AT-8624POE Fan Enhancements ! AT-8600: Support for AT-45/xx series and AT-47 Expansion Modules ! AR400: VPN Configuration Wizards AT-9900 x900-48FE AT-8900 AT-9800 AT-8600 AT-8700XL AT-8800 Rapier AR700 AR400 The following table lists the new features and enhancements by product series.
AT-9900 x900-48FE AT-8900 AT-9800 AT-8600 AT-8700XL AT-8800 Rapier Release Note AR700 Overview of New Features AR400 8 IPv6: Additional Show Command Filtering ! ! ! ! Firewall: Using Automatic Client Management to Manage SIP Sessions ! ! ! ! Firewall: Setting a Trigger for Automatic Client Management ! ! ! ! Firewall: Limiting Firewall Sessions from a Device ! ! ! ! ! Firewall: Monitoring Firewall Sessions using SNMP ! ! ! ! ! Firewall: Dynamic Renumbering of Firewall Rules ! ! ! !
Software Version 2.9.1 9 AT-8600 Series Switch Enhancements This Software Version includes the following enhancements for the AT-8600 Series switches: ■ GUI Support for AT-8624POE and AT-8648T/2SP ■ Protocol Independent Multicast (PIM) Support ■ AT-8624POE Fan Enhancements ■ Support for AT-45/xx series and AT-47 Expansion Modules This section describes the enhancements. GUI Support for AT-8624POE and AT-8648T/2SP Software Version 2.9.
AT-8600 Series Switch Enhancements Release Note Support for AT-45/xx series and AT-47 Expansion Modules Previously, the AT-8600 Series switches supported the AT-A46 expansion module only. New in this Software Version is support for AT-A45/xx series and AT-A47 expansion modules on the AT-8600 Series switches.
Software Version 2.9.1 11 AR400 Series Router Enhancements This Software Version includes the following enhancement for the AR400 Series switches: ■ VPN Configuration Wizards This section describes the enhancement. VPN Configuration Wizards This enhancement makes it simple to configure VPNs on AR415S, AR440S, AR441S, and AR442S routers.
AR400 Series Router Enhancements Release Note These How To Notes are available in the Resource Center of the Documentation and Tools CDROM for Software Version 2.9.1, or from www.alliedtelesis.co.uk/site/solutions/techdocs.asp?area=howto. Command Changes This enhancement does not affect any commands. Software Version 2.9.
Software Version 2.9.1 13 System Enhancements This Software Version includes the following enhancements to the System: ■ Activate Findme Feature ■ Enhanced Protection for Filenames ■ Increased Module Support by Show Debug Active This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates. Activate Findme Feature On AT-8800 Series switches, Software Version 2.9.
System Enhancements Release Note Increased Module Support by Show Debug Active This Software Version increases the number of modules supported by the show debug active and disable debug active commands. See “Supported Modules” on page 15 for the list of newly supported modules.
Software Version 2.9.1 15 deactivate findme Syntax Description Example DEACTivate FINdme This command deactivates the findme LED flash pattern and returns the LED displays to their normal mode. To deactivate the “find me” feature, use the command: deact fin disable debug active Syntax DISable DEBug ACTive={ALL|module} where module is the predefined name of a module Description This command disables currently enabled debugging, either for a specific module or for all modules.
System Enhancements Release Note Module Related Debugging Commands FIREwall disable firewall policy debug enable firewall policy debug FRamerelay disable framerelay debug enable framerelay debug GARP disable garp debug enable garp debug show garp debug GRE disable gre debug enable gre debug HTTP disable http debug enable http debug show http debug IPSec disable ipsec policy debug enable ipsec policy debug IPV6 disable ipv6 debug disable ipv6 mld debug disable mldsnooping debug enable ip
Software Version 2.9.1 Software Version 2.9.
Switching Enhancements Release Note Switching Enhancements This Software Version includes the following enhancements to Switching: ■ Multiple Uplink Ports in Private VLANs ■ Group Parameter Required for Private VLAN Ports This section describes the enhancements. The modified commands to implement them are described in Command Reference Updates.
Software Version 2.9.1 19 Command Reference Updates This section describes the changed portions of the modified command. The modified parameter is shown in bold. add vlan port Syntax Description Software Version 2.9.1 C613-10486-00 REV C ADD VLAN={vlan-name|1..4094} POrt={port-list|ALL} [FRAme={TAGged|UNTAGged}] [UPLINk] [GROUP] When adding a trunk group to a private VLAN as private ports, you now must specify the group parameter.
Power Over Ethernet Enhancements Release Note Power Over Ethernet Enhancements This Software Version includes the following enhancement to Power over Ethernet (PoE): ■ PoE Firmware Upgrade This section describes the enhancement. The new commands to implement it are described in Command Reference Updates. PoE Firmware Upgrade Software Version 2.9.1 introduces the ability to upgrade PoE firmware via the CLI.
Software Version 2.9.1 Examples 21 To disable all PoE debugging, use one of the commands: dis poe deb=all dis poe debug=deb To disable high-level, essential debugging, use the command: dis poe deb=tra enable poe debug Syntax Description ENAble POE DEBug=[ALL|DEBug|TRAce|ERRor|FATal|TESt] This new command enables the specified PoE debugging modes. Parameter Description DEBug The debugging modes to enable.
Power Over Ethernet Enhancements Release Note During the upgrade the following limitations apply: ■ Other PoE commands do not execute. ■ You cannot use any PoE ports for powered devices, as Power over Ethernet is temporarily disabled. However, any non-powered devices that are connected to PoE ports will continue to operate normally. ■ You should avoid deleting, re-naming, or copying any files. All PoE configurations are restored once the upgrade has successfully completed.
Software Version 2.9.1 23 SHDSL Enhancements This Software Version includes the following enhancement to SHDSL: ■ ITU Standard Mode Operation This section describes the enhancement. The modified commands to implement it are described in Command Reference Updates. ITU Standard Mode Operation On the AR442S router, Software Version 2.9.1 enables you to set SHDSL operation for either standards-based, or enhanced 2-pair, modes of operation. The standards-based 2-pair mode is compatible with ITU standard G.
SHDSL Enhancements Release Note Command Reference Updates This section describes the changed portions of modified commands and output screens. The new parameters, options, and fields are shown in bold. set shdsl Syntax SET SHDsl=interface [MOde={CPE|CO}] [PAIRmode={2Wire|4WIREStandard|4WIREEnhanced| 1Pair|2PAIRStandard|2PAIREnhanced}] [STAndard={ANNEXA|ANNEXB|BOTH|ANNEXBAnfp|BOTHAnfp}] [PSDmask={SYMmetric|ASYMetric}] [AUTOretrain={ON|OFF}] [BITratemode=ADAptive|FIXed] [MINbitrate=72..
Software Version 2.9.1 25 show shdsl linedetails Syntax Description SHow SHDsl={interface|ALL} LINEdetails This command displays the current negotiated configuration information for the specified SHDSL interface or all SHDSL interfaces. If the SHDSL interface is not in the data state, the parameters displayed in the output are the last received or known parameters for the connection.
Bridging Enhancements Release Note Bridging Enhancements This Software Version includes the following enhancements to Bridging: ■ VLAN to WAN Bridging ■ Retaining or Stripping VLAN Tags This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates. VLAN to WAN Bridging Software Version 2.9.1 includes the ability to bridge between VLANs over a PPP WAN link. In general, it is better to route a protocol than to bridge it.
Software Version 2.9.1 27 Switch ports within each VLAN connect to the switch module, to obtain layer two connectivity (local or remote) for their attached devices. An internal data path, shown by the horizontal grey arrow, provides connectivity between the two modules. The VLAN-to-WAN Bridging Process The switch module provides layer two connectivity for locally attached ports within the same VLAN.
Bridging Enhancements Release Note Figure 4: Example configuration for a remotely bridged VLAN Bridge A Bridge B (Virtual) Port 1 (Virtual) Port 1 PPP Link Switch Port 11 Switch Port 21 Switch Port 22 Switch Port 12 Training VLAN VID=2 Training VLAN VID=2 Training Server BRG5 Table 2: VLAN membership in example of a network using tagged ports VLAN Member ports Training 11, 12 on Bridge A 21, 22 on Bridge B To configure VLAN-to-WAN bridge A 1.
Software Version 2.9.1 29 To configure VLAN-to-WAN bridge B 1. Create the Training VLAN. To create a Training VLAN with VID 2 to be used for VLAN-to-WAN bridging, use the command: create vlan=Training vid=2 2. Add switch ports to the VLAN. To add switch ports to the Training VLAN, use the command: add vlan=Training port=21,22 3. Add the VLAN to the bridge. To add the VLAN to the bridge, use the command: add vlan=2 bridge 4. Create a WAN interface.
Bridging Enhancements Release Note Retaining or Stripping VLAN Tags By default, when an AR400 or AR700 Series router receives a tagged packet on an Eth or VLAN interface and bridges it, the bridge strips out the packet’s VLAN tag. This enhancement enables you to set the bridge to instead retain the tag, by using off, no or false in the new command: set bridge stripvlantag={on|off|yes|no|true|false} The default is on.
Software Version 2.9.1 31 specified, this means there is no limit to the number of devices. The default is none. The ageingtimer parameter sets the number of seconds before an unused MAC entry will be removed. When none is specified, no time limit is set. The default is none.
Bridging Enhancements Release Note show bridge Syntax Description SHow BRIDge The output of this command includes a new field (Figure 5, Table 3). Figure 5: Example output from the show bridge command Remote Bridge -----------------------------------------------------------Bridge Address : 00-00-cd-00-0d-4d Bridge Name : Example version 2.7.
Software Version 2.9.1 33 Internet Protocol (IP) Enhancements This Software Version includes the following enhancements to IP: ■ Dynamic DNS Client ■ Preventing MAC Address Resolution Between Hosts Within a Subnet ■ IP Debug Timeout ■ Show IP Interface Command Displays Gratuitous ARP Status This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates. Dynamic DNS Client Software Version 2.9.
Internet Protocol (IP) Enhancements Release Note Command Changes The following table summarises the new commands: Command Change activate ddns update New command disable ddns New command disable ddns debug New command enable ddns New command enable ddns debug New command set ddns New command show ddns New command Preventing MAC Address Resolution Between Hosts Within a Subnet A new feature lets you stop MAC address resolution between hosts within an interface’s subnet.
Software Version 2.9.1 35 IP Debug Timeout This enhancement makes it possible to specify a timeout value when enabling IP debugging. After the timeout expires, IP debugging is automatically disabled. This helps to prevent problems from too much IP debugging clogging up the display. To specify the timeout, use the new optional timeout parameter in the command: enable ip debug={all|arp|packet|advertise|upnp} [timeout={none|1..2400}] The timeout units are seconds.
Internet Protocol (IP) Enhancements Release Note Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, the new parameters, options, and fields are shown in bold. activate ddns update Syntax Description Examples ACTivate DDNS UPdate This command activates a Dynamic DNS update.
Software Version 2.9.1 37 disable ddns Syntax Description Example DISable DDNS This command disables the Dynamic DNS feature. To disable the DDNS feature, use the command: dis ddns disable ddns debug Syntax Description Example DISable DDNS DEbug This command disables the Dynamic DNS debug facility. To disable DDNS debugging, use the command: dis ddns de enable ddns Syntax Description Example ENAble DDNS This command enables the Dynamic DNS feature.
Internet Protocol (IP) Enhancements Release Note enable ip debug Syntax Description ENAble IP DEBug={ARP|PACket|ADVertise|UPNP|ALL} [TIMEOut={NONE|1..2400}] The new timeout parameter specifies the time period, in seconds, for which IP debugging is enabled. Setting a timeout reduces the risk of overloading the router or switch and the display with too much debugging information.
Software Version 2.9.1 39 set ddns Syntax Description SET DDNS [SERVER=server] [PORT=port] [USer=userid] [PASSword=password] [DYNamichost=hostnames] [CUSTomhost=hostnames] [STAtichost=hostnames] [PRImaryint=interface] [SECOndaryint=interface] [WILdcard={ON|OFF|NOCHG}] [MAIlexchanger={mailexchanger|NOCHG}] [BAckmx={YES|NO|NOCHG}] [OFFline={YES|NO}] This command sets the parameters used for updating the Dynamic DNS. Parameter Description SERVER The name of the DDNS server.
Internet Protocol (IP) Enhancements Parameter (cont.) WILdcard Release Note Description (cont.) Whether to use the wildcard * feature when matching host names. Default: off MAIlexchanger ON Turns on the wildcard option. OFF Turns off the wildcard option. NOCHG Retains the previous wildcard value. A mail exchanger to be used with the hostname. The mail exchanger is a string of up to 31 characters.
Software Version 2.9.1 41 set ip interface Syntax Description Software Version 2.9.1 C613-10486-00 REV C SET IP INTerface=interface [ADVertise={YES|NO}] [PREferencelevel={-2147483648..2147483647|NOTDEFAULT}] [BROadcast={0|1}] [DIRectedbroadcast={False|NO|OFF|ON|True|YES}] [FILter={0..999|NONE}] [FRAgment={NO|OFF|ON|YES}] [GRAtuitousarp={ON|OFF}] [GRE={0..100|NONE}] [IGMPProxy={OFF|UPstream|DOWNstream}] [INVersearp={ON|OFF}] [IPaddress=ipadd|DHCP] [MASK=ipadd] [METric=1..
Internet Protocol (IP) Enhancements Release Note show ddns Syntax Description SHow DDNS This command displays information about DDNS configuration and operation (Figure 6, Table 4 on page 42). Figure 6: Example output from the show ddns command DDNS Configure Information: Client State ...................... Debug ............................. Server ............................ Port .............................. User .............................. Password .......................... system name ....
Software Version 2.9.1 43 Table 4: Parameters in output of the show ddns command (cont.) Parameter Meaning Offline Whether the hostnames are set to offline mode. Refer to the DynDNS website for offline redirection options, available at: http://www.dyndns.com/services/dns/dyndns/faq.html Primary WAN Interface The IP interface used for the main WAN connection. Secondary WAN Interface The IP interface used for the backup WAN connection. Server IP The IP address of Dynamic DNS server resolved by DNS.
Internet Protocol (IP) Enhancements Release Note show ip interface Syntax Description SHow IP INTerface[=interface] [COUnter[=MULticast]] This command displays interface configuration information for interfaces assigned to the IP module with the add ip interface command. The new GArp field displays whether or not the interface accepts gratuitous ARPs. The PArp field now displays Loc when local proxy ARP is enabled on the interface.
Software Version 2.9.1 45 DHCP Enhancements This Software Version includes the following enhancement to DHCP: ■ DHCP Options This section describes the enhancement. The new and modified commands to implement it are described in Command Reference Updates. DHCP Options Software Version 2.9.1 introduces the ability to create user-defined DHCP options and apply them to policies. DHCP allows the client to receive options from the DHCP server.
DHCP Enhancements Release Note Parameter Description OPTion A number for the option. number is a decimal number between 1 and 254. POLIcy The name of the policy to add the option to. name is a character string 1 to 15 characters long. Any printable character is allowed. When you enter a name that contains spaces, you must surround it with double quotation marks. NAMe Use this optional parameter to define a name for the option. option-name is a character string 1 to 15 characters long.
Software Version 2.9.1 47 delete dhcp option Syntax Description DELete DHCP OPTion=number POLIcy=name This new command deletes a user-defined option from the specified policy. User-defined options are created with the add dhcp option command. It is possible for the same option number to be specified for different options, one using add dhcp option and one using add dhcp policy. This command only deletes the option created with add dhcp option.
DHCP Enhancements Release Note Parameter Description OPTion The number of the user-defined option to modify. number is a decimal number between 1 and 254. POLIcy The policy to which the option applies. name is a character string 1 to 15 characters long. Any printable character is allowed. When you enter a name that contains spaces, you must surround it with double quotation marks. NAMe Use this optional parameter to set a new name for the option.
Software Version 2.9.1 49 show dhcp policy Syntax Description SHow DHCP POLIcy[=name] This command displays information about currently defined policies and the options configured for them. If you specify a policy name, then information about that policy is displayed only. Figure 9: Example output from the show dhcp policy command DHCP Policies Name: pol1 Base Policy: none 01 subnetmask .... 03 router ........ 06 dnsserver ..... 51 leasetime ..... *151 SVP server .... 255.255.255.0 202.36.163.21 192.
DHCP Snooping Enhancements Release Note DHCP Snooping Enhancements This Software Version includes the following enhancements to DHCP snooping: ■ Adding Default Access Routers to Static Entries ■ Filtering Broadcast and Multicast Packets This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates. Adding Default Access Routers to Static Entries You can now specify the access routers for a static entry.
Software Version 2.9.
DHCP Snooping Enhancements Release Note Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, the new parameters, options, and fields are shown in bold. add dhcpsnooping binding Syntax ADD DHCPSnooping BINDing[=macaddr] INTerface=vlan IP=ipadd POrt=port-number [ROUter=ipadd,ipadd...] Description This command adds a static entry to the DHCP snooping binding database.
Software Version 2.9.1 53 disable dhcpsnooping strictunicast Syntax Description DISable DHCPSnooping STRictunicast This new command disables strict unicast filtering on DHCP snooping clients. To use this command, DHCP snooping must be disabled. On AT-8600, AT-8700XL, AT-8800, and Rapier Series switches, this restarts normal forwarding of multicast and broadcast packets sent by clients to devices further upstream.
MAC-Forced Forwarding Release Note MAC-Forced Forwarding This Software Version adds support for MAC-Forced Forwarding. MAC-Forced Forwarding provides a method for subscriber separation on a network. It is appropriate for IPv4 Ethernet based networks, where a layer 2 bridged segment separates downstream clients from their upstream IPv4 gateways.
Software Version 2.9.1 55 IP Multicasting Enhancements This Software Version includes the following enhancements to IP Multicasting: ■ PIM Support on AT-8600 Series Switches ■ Query Solicitation This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates. PIM Support on AT-8600 Series Switches This Software Version introduces Protocol Independent Multicast (PIM) on the AT-8600 Series switches.
IP Multicasting Enhancements Release Note Once the Querier receives the Query Solicit message, it sends out a General Query and waits for responses, which update the snooping information throughout the network. If necessary, you can reduce the time this takes by tuning the IGMP timers, especially the queryresponseinterval parameter. For more information, see the “IGMP Timers and Counters” section of How To Configure IGMP on Allied Telesyn Routers and Switches for Multicasting.
Software Version 2.9.1 57 Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, the new parameters, options, and fields are shown in bold. set igmpsnooping vlan Syntax SET IGMPSNooping VLAN={vlan-name|1..4094|ALL} [Fastleave={ON|OFF|YES|NO|True|False}] [QUErysolicit={OFF|NO|False|ON|YES|True}] where vlan-name is a unique name from 1 to 32 characters.
IP Multicasting Enhancements Release Note show igmpsnooping Syntax SHow IGMPSNooping [VLAN={vlan-name|1..4094}] where vlan-name is a unique name for the VLAN 1 to 32 characters long. Valid characters are uppercase and lowercase letters, digits, the underscore, and the hyphen. Description This command displays information about IGMP snooping on a VLAN or VLANs (Figure 10, Table 7). This now includes the status of query solicitation.
Software Version 2.9.1 59 OSPF Enhancements This Software Version includes the following enhancement to OSPF: ■ Neighbour Retransmission List Debugging This section describes the enhancement. The modified commands to implement it are described in Command Reference Updates. Neighbour Retransmission List Debugging A new nrl debugging option has been added to OSPF, to show additions to and deletions from the neighbour retransmission list.
OSPF Enhancements Release Note Command Reference Updates This section describes the changed portions of modified commands. The new options are shown in bold. disable ospf debug Syntax DISable OSPF DEBug={ALL|AUTOcost|IFSTate|LSU|NBRSTate| NSSA|PACket|NRL|REDistribute|SPF|STAte} Description The option nrl has been added to the debug parameter. If you specify nrl, neighbour retransmission list debugging is disabled.
Software Version 2.9.1 61 BGP Enhancements This Software Version includes the following enhancements to BGP: ■ Improved BGP Route Selection ■ Improved BGP Backoff Show Command Output This section describes the enhancements. The modified commands to implement them are described in Command Reference Updates. Improved BGP Route Selection This Software Version changes the preference order that BGP uses when selecting a route based on the “route type” rule. The order of “route type” preference is now: 1.
BGP Enhancements Release Note Command Reference Updates This section describes the changed portions of modified output screens. The new fields are shown in bold. show bgp backoff Syntax Description SHow BGP BACkoff This command displays BGP backoff details (Figure 11, Table 8).
Software Version 2.9.1 63 IPv6 Enhancements This Software Version includes the following enhancements to IPv6: ■ Setting a Metric for RIPv6 ■ Additional Show Command Filtering This section describes the enhancements. The modified commands to implement them are described in Command Reference Updates. Setting a Metric for RIPv6 A new metric parameter lets you specify the cost to RIPv6 for crossing the logical interface. This parameter is allowed only on link-local interfaces.
IPv6 Enhancements Release Note create ipv6 interface Syntax Description CREate IPV6 INTerface=interface [DUPtrans=1..16] [METric=1..16] [RETRans=0..4294967295] This command creates an IPv6 Ethernet interface and uses stateless address autoconfiguration to assign it a link-local address. The new metric parameter specifies the cost to RIPv6 for crossing the logical interface. This parameter is allowed only on link-local interfaces.
Software Version 2.9.1 65 Firewall Enhancements This Software Version includes the following enhancements to Firewall: ■ Using Automatic Client Management to Manage SIP Sessions ■ Setting a Trigger for Automatic Client Management ■ Limiting Firewall Sessions from a Device ■ Monitoring Firewall Sessions using SNMP ■ Dynamic Renumbering of Firewall Rules This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates.
Firewall Enhancements Network address translation Release Note In automatic mode, the SIP ALG uses NAT on the sessions when NAT has been configured on the firewall. We recommend that you select enhanced NAT. In automatic mode, the SIP ALG is designed to give each SIP client a consistent identity on the public network when NAT is in use. It is possible to use the SIP ALG without NAT.
Software Version 2.9.1 67 To show details about the flash file and the current client sessions that the SIP ALG has, use the commands: show firewall sipalg autoclients[=session-number] [summary] show firewall sipalg autoclients ip=ipadd[-ipadd] [summary] To delete the current details in the client database, use the command: reset firewall sipalg autoclients Resetting the database does not delete any established SIP sessions.
Firewall Enhancements Release Note Command Changes The following table summarises the modified commands: Command Change create trigger Modified firewall parameter set trigger Modified firewall parameter Limiting Firewall Sessions from a Device This Software Version allows you to limit the number of concurrent sessions a device can initiate by using the new limitrule firewall commands.
Software Version 2.9.1 69 These commands limit sessions only as they are created; new or modified limit rules do not end any sessions already established by a device.
Firewall Enhancements Release Note The firewall Group of the Allied Telesis Enterprise MIB ({ enterprises(1) alliedTelesis(207) mibObject(8) brouterMib(4) atRouter(4) modules(4) 77 }), now includes firewallSessionsStatistics ({ firewall 2 }). This is a collection of objects for monitoring firewall sessions: ■ totalNumberOfSessions ({ firewallSessionsStatistics 1 }) is the total number of sessions going through the firewall. It is the sum of the number of sessions on all individual nodes.
Software Version 2.9.1 71 Command Changes This enhancement does not affect any commands. Software Version 2.9.
Firewall Enhancements Release Note Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, the new parameters, options, and fields are shown in bold. add firewall policy limitrule Syntax Description ADD FIREwall POLIcy=policy-name LIMitrule=rule-id [INTerface={interface}] [IP=ipadd[-ipadd]] [GBLRemoteip=ipadd[-ipadd]] [SRCIplimit=0..
Software Version 2.9.1 73 Parameter Description GBLRemoteip IP address of the public device or range of devices you are limiting the sessions for. Devices must be on the public side of the firewall. The IP address is specified using dotted decimal notation. Default: all public devices SCRIplimit Number of sessions matching this rule that each device is allowed.
Firewall Enhancements Release Note delete firewall policy limitrule Syntax Description Example DELete FIREwall POLIcy=policy-name LIMitrule=rule-id This command deletes a limit rule from the specified policy. Parameter Description POLIcy The policy you are deleting the rule from. The policy-name is a string 1 to 15 characters long. Valid characters are uppercase and lowercase letters, digits (0–9), and the underscore character. The specified policy must already exist.
Software Version 2.9.1 75 enable firewall policy debug Syntax ENable FIREwall POLIcy[=policy-name] DEBug={ALL|ARP|CHecksum|HTTP|IDentproxy|LIMitrule| PACKet|PKT|PRocess|PROXy|RADius|SIPAlg|SMTP|TCP|UPNP} [DEBUGMode={ALL|ERRORcode|MESSage|PARSing|TRAce}] IP=ipadd[-ipadd] Description This command enables debugging of the specified policy or all policies. The new limitrule option for the debug parameter allows you to display debugging information related to limit rules.
Firewall Enhancements Release Note set firewall policy limitrule Syntax Description SET FIREwall POLIcy=policy-name LIMitrule=rule-id [INTerface={interface}] [IP=ipadd[-ipadd]] [GBLRemoteip=ipadd[-ipadd]] [SRCIplimit=0..10000] This command modifies a limit rule attached to a firewall policy. Limit rules apply a limit to the number of concurrent sessions that a device can initiate through the firewall. Each firewall policy can have up to 100 limit rules.
Software Version 2.9.1 Example 77 To modify limit rule 1 attached to vlan2 for the “Nerv_office” policy to match IP address 202.36.164.113, use the command: set fire poli=Nerv_office lim=1 int=vlan2 ip=202.36.164.113 set firewall sipalg Syntax Description SET FIREwall SIPAlg [CALLIdtranslation={False|NO|OFF|ON|True|YES}] [MODe={MANual|AUTOmatic}] [MAXAutoclients=1..1000] [MULTIservers={OUTOnly|False|NO|OFF|ON|True|YES}] This command modifies how the SIP ALG operates on the router or switch.
Firewall Enhancements Release Note Parameter (cont.) Description (cont.) MULTIservers How the SIP ALG interacts with sessions initiated to and from SIP Proxy Servers that are independent of the SIP Registrar. An independent proxy server does not have the same IP or port details as the SIP Registrar. This parameter is only valid when mode is set to automatic.
Software Version 2.9.1 79 set trigger Syntax Description SET TRIGger=trigger-id [FIREwall[={ALL|DOSattack|FRAgattack|HOStscan|PORtscan| SESSION|SIPAutomax|SMUrfattack|SYNattack|TCPattack}]] [MODE={STArt|END|BOTH}] [AFTer=hh:mm] [BEFore=hh:mm] [{DAte=date|DAYs=day-list}] [NAMe=name] [REPeat={Yes|No|ONCe|FORever|count}] [TEST={YES|NO|ON|OFF|True|False}] This command modifies the definition of a trigger for the firewall and defines events and conditions that activate it.
Firewall Enhancements Release Note show firewall policy Syntax Description SHow FIREwall POLIcy[=policy-name] [COUnter] [RUle=rule-id[-rule-id]] [SUMmary] This command displays detailed information about the specified policy or all policies. It now includes a field summarising the number of limit rules configured for each policy (Figure 13, Table 10). Figure 13: Example output from the show firewall policy command for a policy that has limit rules Policy : Office TCP Timeout (s) ...................
Software Version 2.9.1 81 Parameter Description POLIcy Name of the policy you wish to see the limit rule information for. LIMitrule Limit rule or range of limit rules to display. In no rule-id is specified, all limit rules for the policy are shown. DETail Displays a list of the devices that have active sessions matching the limit rule, and the number of sessions the device has active (Figure 15 on page 82, Table 11 on page 82).
Firewall Enhancements Release Note Figure 15: Example output from the show firewall policy limitrule detail command Policy=Nerv_office ----------------------------------------------------------Limitrule 1 ----------------------------------------------------------Interface ................... vlan1 IP .......................... 202.36.164.113 GBL Remote IP ............... all Source IP Limit .............
Software Version 2.9.1 83 show firewall sipalg Syntax SHow FIREwall SIPAlg SHow FIREwall SIPAlg IP=ipadd[-ipadd] SHow FIREwall SIPAlg CALLId=call-id SHow FIREwall SIPAlg SUMmary Description This command displays summary or detailed information for active SIP sessions using the SIP ALG on the router or switch (Figure 16, Table 12 on page 83). Parameter Description IP Displays only the active sessions related to a specified IP address or range.
Firewall Enhancements Release Note show firewall sipalg autoclients Syntax SHow FIREwall SIPAlg AUTOclients[=session-number] [SUMmary] SHow FIREwall SIPAlg AUTOclients IP=ipadd[-ipadd] [SUMmary] Description This command displays the client database details collected by the SIP ALG when in automatic client management mode (Figure 17, Table 13 on page 85). Parameter Description AUTOclients Displays the client database details.
Software Version 2.9.1 85 Figure 18: Example output from the show firewall sipalg autoclients summary command SIP ALG Automatic Clients --------------------------------------------------------------------------------Automatic client file ........ fwsipalg.sip Number of clients .......... 2 Last updated ............... 10:11:55 4-Jul-2006 Update pending ............. No Active clients Number of active clients ... 2 Last updated ...............
Firewall Enhancements Release Note Table 13: Parameters in the output of the show firewall sipalg autoclients command Example Parameter Meaning First registration time Time and date that the client first registered with the SIP Registrar using this session. The same session is used each time the SIP client re-registers with the SIP Registrar, unless the session expires.
Software Version 2.9.1 87 IP Security (IPsec) Enhancements This Software Version includes the following enhancements to IPsec: ■ Additional RFC and Draft Compliance for NAT-T ■ Increase to Maximum Number of IPsec SA Bundles ■ Improved Debugging Options for IPsec and ISAKMP ■ Improved Output for IPsec and ISAKMP Counters ■ Modified Expiry Timeout Limit for Security Associations This section describes the enhancements.
IP Security (IPsec) Enhancements Release Note Improved Debugging Options for IPsec and ISAKMP This Software Version allows you to use the show debug command to execute a specific sequence of show commands useful for debugging IPsec and ISAKMP.
Software Version 2.9.1 89 Command Changes The following table summarises the modified commands: Command Change create ipsec bundlespecification Modified expirykbytes parameter set ipsec bundlespecification Modified expirykbytes parameter Command Reference Updates This section describes the changed portions of modified commands and output screens. The new parameters, options, and fields are shown in bold.
IP Security (IPsec) Enhancements Release Note show debug Syntax Description SHow DEBug [STAck|FULl|IPSec] This command executes a specific sequence of show commands to produce output useful for debugging. The new ipsec parameter runs specific commands useful for debugging IPsec or ISAKMP problems. Note that output depends on the router or switch’s mode and user privilege as indicated in the following table.
Software Version 2.9.1 91 show ipsec policy counter Syntax Description SHow IPSec POLIcy[=name] COUnter This command displays the counters for IPsec policies. The output of this command includes two new fields (Figure 19, Table 14).
IP Security (IPsec) Enhancements Release Note show isakmp counters Syntax Description SHow ISAkmp COUnters[={AGGressive|GENeral|HEArtbeat|INFo|IPSec| MAIn|NETwork|QUIck|SAD|SPD|TRAnsaction|XDB}] This command displays all information counters for ISAKMP, or one or more categories of ISAKMP counters. The output displayed when you specify the quick parameter includes new fields (Figure 20, Table 15). Figure 20: Example output from the show isakmp counter=quick command Quick Mode Counters: . . .
Software Version 2.9.1 93 Link Layer Discovery Protocol This Software Version adds support for the Link Layer Discovery Protocol (LLDP). LLDP is a neighbour discovery protocol. Neighbour discovery protocols define standard methods for Ethernet network devices, such as switches and routers, to receive and transmit device-related information to other directly connected devices on the network, and to store the information that is learned about other devices in an LLDP defined MIB.
Management Stacking Enhancements Release Note Management Stacking Enhancements This Software Version includes the following enhancement to Stacking: ■ Changes to Local Commands This section describes the enhancement. Changes to Local Commands When several switches are managed as a stack, a few commands are local commands—they relate only to the switch on which you type them, and not to any other switch in the stack.
IP Multicasting Introduction ...................................................................................................... 3 References ........................................................................................................ 3 IP Multicast Routing .......................................................................................... 4 Interoperability between Multicast Routing Protocols ........................................ 5 Protocol Independent Multicast (PIM) ............
2 Software Reference delete pim rpcandidate ............................................................................. 58 destroy igmp filter .................................................................................... 59 destroy ip igmp destination ...................................................................... 59 destroy ip mvr .......................................................................................... 60 disable igmpsnooping .............................................
IP Multicasting 3 Introduction This chapter describes IP multicasting and support for multicasting on the switch. Most IP packets are sent to a single host—unicast transmission—or to all hosts on a network or subnetwork – broadcast transmission. Multicasting is an alternative where packets are sent to a group of hosts simultaneously on a network or sub-network. Multicasting is also known as group transmission.
4 Software Reference IP Multicast Routing For multicasting to succeed, the switch needs to know which of its interfaces are directly connected to members of each multicast group. To establish this, the switch uses IGMP for multicast group management (see “Internet Group Management Protocol (IGMP)” on page 17). The switch must also know where to send multicast traffic.
IP Multicasting 5 When the switch finds out from IGMP that a new host has joined a multicast group on one of its interfaces, the switch needs to receive the multicast traffic for this group, so that it can forward it to the host. The switch uses the multicast routing protocol (PIM-SM or PIM-DM) to notify routers closer to the sender (upstream) to forward it traffic for the group.
6 Software Reference Protocol Independent Multicast (PIM) The two Protocol Independent Multicast routing protocols rely on the presence of an existing unicast routing protocol to adapt to topology changes, but are independent of the mechanisms of the specific unicast routing protocol. Mode Description PIM Dense Mode Suitable for networks where bandwidth is plentiful, and where members of a multicast group are densely distributed on the network.
IP Multicasting 7 protocols. The broadcast-and-prune mechanism in PIM Dense Mode uses a technique called reverse path forwarding (RPF), in which a multicast datagram is forwarded only when the receiving interface is the one used to forward unicast datagrams to the source of the datagram. Configuring PIM Dense Mode PIM multicasting routing is disabled by default and must be enabled on the switch before any PIM configuration takes effect.
8 Software Reference General PIM-DM information PIM-DM timers The following commands display general PIM-DM information. This command... Shows... show pim config CLI commands that make up the switch’s PIM configuration. show pim counters the number of PIM messages that the switch has received and sent, and the number of bad messages it has received. show pim neighbour information about the neighbouring switches that PIM is aware of. show pim route the internal PIM routing table.
IP Multicasting 9 PIM Sparse Mode PIM Sparse Mode (PIM-SM) provides efficient communication between members of sparsely distributed groups - the type of groups that are most common in wide-area internetworks. It is designed on the principle that several hosts wishing to participate in a multicast conference does not justify flooding the entire internetwork with periodic multicast traffic.
10 Software Reference Rendezvous point Each multicast group must have a rendezvous point (RP). The RP forms the root of the group’s distribution tree. The designated router for a multicast sender sends multicast packets towards the RP. Designated routers with group members connected to them send join messages towards the group’s RP. The RP candidate with the lowest priority is elected from all the RP candidates for a group. If the RP becomes unavailable, the remaining RP candidates elect a new RP.
IP Multicasting 11 Operation of PIM Sparse Mode Once roles are established, multicast routing follows specific phases: 1. Rendezvous point tree 2. Register stop 3. Shortest path tree While multicast routing always begins with phase 1, the designated router for a receiver determines whether and when to move on to phases 2 and 3, depending on the amount of traffic from the source.
12 Software Reference Shortest path tree This phase further optimises routing by using shortest path trees (SPT). In phase 3 the receiver joins the shortest path tree between the source and receiver. This allows a multicast group member to receive multicast data by the shortest path from the sender, instead of from the shared RP tree. When the receiver’s DR receives multicast data from a particular sender, it sends a join message towards the sender.
IP Multicasting 13 Configuring PIM Sparse Mode PIM multicasting routing is disabled by default and must be enabled on the switch before PIM configuration takes effect. However, we recommend that the PIM configuration be completely set up on the switch before PIM is enabled.
14 Software Reference Bootstrap router candidates Each network of PIM–SM routers must have a bootstrap router (BSR). Each PIM–SM connected network must have at least one bootstrap router candidate. The candidate with the highest preference value becomes the bootstrap router. The default preference is 1. The bootstrap router sends a bootstrap message to other PIM–SM routers, containing a list of the RP candidates for multicast groups at BSM interval seconds.
IP Multicasting 15 Static RP mappings can be configured instead of using the bootstrap mechanism. To configure a static rendezvous point on the switch for a multicast group, specify the IP address of the rendezvous point by using the command: add pim rpcandidate=rp-address group=group-address [mask=ipaddress] where rp-address is the IP address of the router that is the rendezvous point for the multicast group(s) specified.
16 Software Reference PIM-SM debugging To display debugging information about PIM-SM, use the command: enable pim debug={all|assert|bsr|c-rp-adv|hello|join| register}[,...] To see which debugging options are enabled, use the command: show pim debug Logging and SNMP Traps for PIM Sparse Mode PIM-SM can be configured to produce log messages in response to status changes and errors, and SNMP traps. This feature does not apply to PIM-DM.
IP Multicasting 17 To specify the type of log messages and SNMP traps that the switch generates, use the command: set pim log={none|status|error|all} [trap={none|status|error|all}] To display the specified options, use the command: show pim debug Internet Group Management Protocol (IGMP) IGMP is a protocol used between hosts and multicast routers and switches on a single physical network to establish hosts’ membership in particular multicast groups.
18 Software Reference Configuring IGMP IGMP is disabled by default on the switch, and on all interfaces. To enable or disable IGMP on the switch, use the commands: enable ip igmp disable ip igmp IGMP snooping is enabled by default and is independent of IGMP. IGMP must be enabled on an interface before it can send or receive IGMP messages on the interface.
IP Multicasting 19 Static IGMP Static IGMP forwards multicast data over specific interfaces and ports. It is an alternative to dynamic IGMP, and is useful for network segments that have no multicast group members or have hosts that are unable to report group membership with IGMP. A dynamic IGMP configuration does not send multicast traffic to these network segments. Figure 2 shows a switch forwarding the multicast stream to a set-top box after a user specifies that group 224.1.1.
20 Software Reference Any of the four octets of the IP address may be replaced by an asterisk (*) to enable wildcard matches. To add more ports to an association, use the command: add ip igmp destination=ipaddress interface=interface port={all|port-list} Unlike dynamic IGMP group membership information, static IGMP associations never time out. If the network configuration changes, they must be manually modified.
IP Multicasting 21 When this message... Is received on this interface... Then the IGMP proxy agent...
22 Software Reference You can configure the IGMP proxy agent to monitor the reception of IGMP general query messages on an interface, and to generate a log message and an SNMP trap if an IGMP general query message is not received on the interface within a specified time interval. To enable monitoring on an interface and set the time interval, use the command: set ip igmp interface=interface querytimeout={none|0| 1..
IP Multicasting 23 Downstream routers IGMP snooping learns which ports have routers attached to them, so it can forward relevant IGMP messages and other IP multicast traffic out those ports.
24 Software Reference Static multicast router ports In some network configurations, the learning process cannot identify all router ports. For such networks, you can statically configure particular ports as multicast router ports. To specify the static router ports, use the command: add igmpsnooping vlan={vlan-name|1..4094} routerport=port-list To stop ports from being static router ports, use the command: delete igmpsnooping vlan={vlan-name|1..
IP Multicasting 25 detects a change, it generates a special IGMP Leave message known as a Query Solicit, and floods the Query Solicit message to all ports. When the IGMP Querier receives the message, it responds by sending a General Query. This refreshes snooped group membership information in the network. Query solicitation functions by default (without you enabling it) on the root bridge in an STP topology. By default, the root bridge always sends a Query Solicit message when the topology changes.
26 Software Reference entry made for port 7 only. The IGMP group received on port 7 will not be added to port 9. The all-groups disabled ports can be viewed in the output of the show ip igmp and show igmpsnooping commands. IGMP Filtering IGMP filtering lets you manage the distribution of multicast services on each switch port by controlling which multicast groups the hosts attached to a switch port can join. IGMP filtering is applied to multicast streams forwarded by IGMP, IGMP Snooping, or MVR.
IP Multicasting 27 Applying an empty IGMP filter (a filter with no entries) to a switch port allows all incoming IGMP messages to be processed as normal. Order of entries The order of entries in a filter is important. When IGMP tries to match an IGMP message to a filter, it performs a linear search of the filter to find a matching entry. Each entry is tried in turn, and processing stops at the first match found. Address ranges can overlap.
28 Software Reference IGMP Throttling IGMP throttling lets you manage the distribution of multicast services on each switch port by limiting the number of multicast groups that a host on a switch port can join. IGMP throttling is applied to multicast streams forwarded by IGMP, IGMP Snooping, or MVR. IGMP filtering and throttling can be applied separately, or together, on the same switch port.
IP Multicasting 29 Multicast Switching IP multicast switching (in hardware) between VLANs is automatically enabled when both of the following are true: ■ a multicast routing protocol (PIM-SM or PIM-DM) is enabled ■ an interface is configured for that multicast routing protocol. VLAN tagging is fully supported, and the Time To Live (TTL) value in the IP header is decremented. Multicast switching cannot be disabled.
30 Software Reference Immediate Leave The immediate leave parameter (imtleave) allows a receiver port to leave the multicast group as soon an IGMP Leave message is received by the switch on that port.
IP Multicasting 31 Configuration Examples This section contains the following multicasting configurations that use IGMP: ■ Static IGMP ■ Protocol Independent Multicast (PIM) Static IGMP The following example shows how to create a static IGMP association. It assumes that vlan1 has already been configured as an IP interface on the switch. 1. Enable IGMP on the switch. enable ip igmp 2. Enable IGMP on vlan1. This must be done before the static IGMP association is created.
32 Software Reference Protocol Independent Multicast (PIM) These examples use PIM-SM or PIM-DM for multicast routing between three switches. The network topology is the same for each example (Figure 3). Multicast group management uses IGMP. The examples assume that each switch starts from the default configuration. Figure 3: Multicast configuration using PIM sparse or dense mode. Switch C Switch A port 8 port 7 vlan 4: Admin 172.30.2.1 port 9 port 1 vlan 4: Admin 172.30.2.
IP Multicasting 33 2. Configure the VLANs. Configure the marketing VLAN, including ports 8 and 9. create vlan=marketing vid=2 add vlan=2 port=8,9 Configure the admin VLAN, including port 7. create vlan=admin vid=4 add vlan=4 port=7 3. Configure IP. Enable IP and assign IP addresses for the VLAN interfaces. enable ip add ip interface=vlan2 ipaddress=172.30.1.1 mask=255.255.255.0 add ip interface=vlan4 ipaddress=172.30.2.1 mask=255.255.255.0 4. Configure a unicast routing protocol.
34 Software Reference To configure Switch B 1. Set the system name. Set a unique system name on the switch. set sys name=B-pim 2. Configure the VLANs. Configure the marketing VLAN, including ports2 and 3. create vlan=marketing vid=2 add vlan=2 port=2,3 Configure the testing VLAN, including ports 4 and 5. create vlan=testing vid=3 add vlan=3 port=4,5 3. Configure IP. Enable IP, and assign IP addresses to the VLAN interfaces. enable ip add ip interface=vlan2 ipaddress=172.30.1.2 mask= 255.255.255.
IP Multicasting 35 2. Configure the VLANs. Configure the admin VLAN, including port 1. create vlan=admin vid=4 add vlan=4 port=1 Configure the research VLAN, including port2. create vlan=research vid=5 add vlan=5 port=2 3. Configure IP. Enable IP on the switch. enable ip Assign IP addresses to the VLAN interfaces. add ip interface=vlan4 ipaddress=172.30.2.2 mask= 255.255.255.0 add ip interface=vlan5 ipaddress=172.30.4.1 mask= 255.255.255.0 4. Configure a unicast routing protocol.
36 Software Reference 2. Check the multicast state. To check each switch, use the commands: show pim show ip igmp show ip route multicast PIM-DM This example uses PIM Dense Mode for multicast routing between switches in the same topology as the PIM Sparse Mode example (Figure 3 on page 32). Multicast group management uses IGMP. The example assumes that each switch starts from the default configuration. The configurations of Switch A, B, and C are identical except for names and interfaces.
IP Multicasting 37 6. Configure PIM. Define PIM interfaces for the VLAN interfaces. add pim interface=vlan2 mode=dense add pim interface=vlan4 mode=dense Enable PIM multicast routing. enable pim To configure Switch B 1. Set the system name. Set a unique system name on the switch. set sys name=B-pim 2. Configure the VLANs. Configure the marketing VLAN, including ports 2 and 3. create vlan=marketing vid=2 add vlan=2 port=2,3 Configure the testing VLAN, including ports 4 and 5.
38 Software Reference 6. Configure PIM. Define PIM interfaces for the VLAN interfaces. add pim interfacevlan2 mode=dense add pim interface=vlan3 mode=dense Enable PIM multicast routing. enable pim To configure Switch C 1. Set the system name. Set a unique system name on the switch. set sys name=C-pim 2. Configure the VLANs. Configure the admin VLAN, including port 1. create vlan=admin vid=4 add vlan=4 port=1 Configure the research VLAN, including port 2.
IP Multicasting 39 6. Configure PIM. Define PIM interfaces for the VLAN interfaces. add pim interfacevlan5 mode=dense add pim interfacevlan4 mode=dense Enable PIM multicast routing. enable pim Confirm multicasting When the three switches have been configured, RIP takes a few seconds to distribute the unicast routing information to all routers. Then the IP hosts connected to these interfaces can send and receive multicasts. 1. Test multicasting.
40 add igmp filter Software Reference Command Reference This section describes the commands available on the switch to configure IGMP for multicast group management, and the multicast routing protocols PIM-SM (Protocol Independent Multicast - Sparse Mode) and PIM-DM (Protocol Independent Multicast - Dense Mode). add igmp filter Syntax ADD IGMP FILter=filter-id GROupaddress={ipadd|ipadd-ipadd} [MSGType={QUEry|REPort|LEAVe}] [ACtion={INCLude| EXCLude}] [ENTry=1..
IP Multicasting add igmpsnooping routeraddress 41 used by another entry. If you do not specify an entry number, the entry is added after the last entry in the filter if there is a free position, or in the last unused position if the last position is already in use. Examples To add an entry to filter 6 to accept Membership Reports for multicast group addresses in the range 229.1.1.2 to 230.1.2.3, use the command: add igmp fil=6 msgt=rep gro=229.1.1.2-230.1.2.
42 add igmpsnooping vlan Software Reference add igmpsnooping vlan Syntax ADD IGMPSNooping VLAN={vlan-name|1..4094} ROUTERPort=port-list where Description ■ vlan-name is a unique name from 1 to 32 characters. Valid characters are uppercase and lowercase letters, digits, the underscore, and hyphen. The vlan-name cannot be all. ■ port-list is a port number, range (specified as n-m), or comma-separated list of numbers and/or ranges.
IP Multicasting add ip igmp destination 43 add ip igmp destination Syntax ADD IP IGMP DEStination=ipaddress INTerface=interface POrt={ALL|port-list} where: Description ■ ipaddress is an existing IGMP group destination address. ■ interface is the name of the interface over which multicast data is forwarded. This must be a VLAN interface. ■ port-list is a port number, a range of port numbers (specified as a-b), or a comma-separated list of port numbers and/or ranges.
44 add ip mvr Software Reference add ip mvr Syntax ADD IP MVR VLAN=1..4094 GROupaddress=ipadd[-ipadd] where ipadd is an IP address in dotted decimal notation Description This command adds an MVR IP multicast group address or range of addresses on a switch. All source ports and receiver ports belonging to this multicast group receive multicast data sent to this group address. The vlan parameter specifies the VLAN identifier with which the multicast VLAN is associated.
IP Multicasting add pim bsrcandidate 45 add pim bsrcandidate Syntax ADD PIM BSRCandidate [PREFerence=0..255] [HAShmasklength=0..32] [BSMinterval={10..15000| DEFault}] [INTerface=interface] where interface is the name of the interface over which multicast data is forwarded. The interface can be either a VLAN (e.g. vlan1) or a local interface (e.g. local1). Description This command configures the switch to be a Bootstrap Router candidate.
46 add pim interface Software Reference add pim interface Syntax ADD PIM INTerface=interface [DRPriority=0..4294967295] [ELectby={DRPriority|IPaddress}] [HEllointerval={10..15000|DEFault|65535}] [MODe={Dense| Sparse}] [SRCapable={Yes|No}] where interface is an interface name formed by concatenating a Layer 2 interface type, an interface instance, and optionally a hyphen followed by a logical interface number from 0 to 15. If a logical interface is not specified, 0 is assumed.
IP Multicasting add pim interface reset pim interface set pim interface show pim show pim interface 47
48 add pim rpcandidate Software Reference add pim rpcandidate Syntax ADD PIM RPCandidate[=rp-address] GROup=group-address [ADVinterval={10..15000|DEFault}] [INTerface=interface] [MASK=ipaddress] [PRIOrity=0..255] where: Description ■ group-address is the IP address of the multicast group in dotted decimal notation. ■ ipaddress is an IP address in dotted decimal notation. ■ rp-address is an IP address in dotted decimal notation. ■ interface is the name of a VLAN (e.g.
IP Multicasting add pim rpcandidate Examples To configure the switch to advertise that it is an RP candidate with a priority of 10 to become the RP for the multicast group with address 224.1.1.98, use the command: add pim rpc gro=224.1.1.
50 create igmp filter Software Reference create igmp filter Syntax CREate IGMP FILter=filter-id where filter-id is a decimal number from 1 to 99 Description This command creates an IGMP filter. IGMP filters control a port’s membership of multicast groups by filtering incoming IGMP messages from hosts attached to the port. The filter parameter specifies the number of the filter to create, and is used to identify the filter. A filter with the specified number must not already exist.
IP Multicasting create ip igmp destination 51 create ip igmp destination Syntax CREate IP IGMP DEStination=ipaddress INTerface=interface [POrt={ALL|port-list}] where: Description ■ ipaddress is an existing IGMP group destination address. ■ interface is the name of the interface over which multicast data is forwarded. ■ port-list is a port number, a range of port numbers (specified as n-m), or a comma-separated list of port numbers and/or ranges.
52 create ip mvr Software Reference create ip mvr Syntax CREate IP MVR VLAN=1..4094 SOurceport=port-list RECeiverport=port-list [IMTLeave=port-list] [MODe={DYnamic|COMpatible}] where port-list is a port number, a range of port numbers (specified as n-m), or a comma-separated list of port numbers and/or ranges. Port numbers start at 1 and end at m, where m is the highest numbered Ethernet switch port, including uplink ports. Description This command creates Multicast VLAN Registration on the switch.
IP Multicasting delete igmpsnooping routeraddress 53 delete igmp filter Syntax DELete IGMP FILter=filter-id ENTry={1..65535|ALL} where filter-id is a decimal number from 1 to 99 Description This command deletes the specified entry or all entries from an IGMP filter. The filter parameter specifies the number of the filter that the entry belongs to. A filter with the specified number must already exist. The entry parameter specifies the entry to delete. The specified entry must exist.
54 delete igmpsnooping vlan Software Reference delete igmpsnooping vlan Syntax DELete IGMPSNooping vlan={vlan-name|1..4094} routerport=port-list where Description ■ vlan-name is a unique name from 1 to 32 characters. Valid characters are uppercase and lowercase letters, digits, the underscore, and hyphen. The vlan-name cannot be a number or all. ■ port-list is a port number, range (specified as n-m), or comma-separated list of numbers and/or ranges.
IP Multicasting delete ip igmp destination 55 delete ip igmp destination Syntax DELete IP IGMP DEStination=ipaddress INTerface=interface POrt={ALL|port-list} where: Description ■ ipaddress is an existing IGMP group destination address. ■ interface is the name of the interface over which multicast data is forwarded. This must be a VLAN interface. ■ port-list is a port number, a range of port numbers (specified as n-m), or a comma- separated list of port numbers and/or ranges.
56 delete ip mvr Software Reference delete ip mvr Syntax DELete IP MVR VLAN=1..4094 GROupaddress=ipadd-[ipadd] where ipadd is an IP address in dotted decimal notation Description This command deletes an MVR IP multicast group address or range of addresses on a switch. The vlan parameter specifies the VLAN Identifier that the multicast VLAN is associated with. The groupaddress parameter specifies the multicast group IP address or range of IP addresses that belong to the multicast VLAN.
IP Multicasting delete pim interface 57 delete pim interface Syntax DELete PIM INTerface=interface where interface is an interface name formed by concatenating a Layer 2 interface type, an interface instance, and optionally a hyphen followed by a logical interface number from 0 to 15. If a logical interface is not specified, 0 is assumed.
58 delete pim rpcandidate Software Reference delete pim rpcandidate Syntax DELete PIM RPCandidate[=rp-address] GROup=group-address [MASK=ipaddress] where: Description ■ group-address is the IP address of the multicast group in dotted decimal notation. ■ ipaddress is an IP address in dotted decimal notation. ■ rp-address is an IP address in dotted decimal notation. This command deconfigures the switch from acting as a rendezvous point candidate for a multicast group.
IP Multicasting destroy ip igmp destination 59 destroy igmp filter Syntax DESTroy IGMP FILter=filter-id where filter-id is a decimal number from 1 to 99 Description This command destroys an IGMP filter and all entries in the filter. IGMP filters control a port’s membership of multicast groups by filtering incoming IGMP messages received from hosts attached to the port. The filter parameter specifies the number of an existing filter to destroy.
60 destroy ip mvr Software Reference destroy ip mvr Syntax Description DESTroy IP MVR VLAN=1..4094 This command removes MVR from a switch. The vlan parameter specifies the VLAN Identifier with which the multicast VLAN is associated.
IP Multicasting disable ip igmp 61 disable igmpsnooping Syntax Description DISable IGMPSNooping This command disables IGMP snooping on the switch. IGMP snooping is enabled by default. Note that multicast packets flood the VLAN when IGMP snooping is disabled. Disabling IGMP snooping may be useful when filters are used extensively because IGMP snooping uses a Layer 3 filter. When IGMP snooping is disabled, this filter becomes available.
62 disable ip igmp allgroup Software Reference disable ip igmp allgroup Syntax DISable IP IGMP ALLGroup=[port-list|ALL] where port-list is a port number, a range of port numbers (specified as n-m), or a comma separated list of port numbers and/or ranges. Port numbers start at 1 and end at m, where m is the highest numbered Ethernet switch port, including uplink ports. Description Example This command disables the specified port or ports from acting as a router port.
IP Multicasting disable ip igmp interface 63 disable ip igmp interface Syntax DISable IP IGMP INTerface=interface where interface is an interface name formed by concatenating a Layer 2 interface type, an interface instance, and optionally a hyphen followed by a logical interface number from 0 to 15. If a logical interface is not specified, 0 is assumed. Description This command disables IGMP on an IP interface.
64 disable ip mvr Software Reference disable ip mvr Syntax Description Examples DISable IP MVR This command disables MVR. MVR must be currently enabled. The default is disabled. To disable MVR, use the command: dis ip mvr Related Commands enable ip mvr disable ip mvr debug Syntax Description DISable IP MVR DEBug={ALL|JOInt|LEAVe|MARL} This command disables debugging messages when specific actions are taken. The current debug option may or may not be disabled. The default is disabled.
IP Multicasting disable pim debug 65 disable pim bsmsecuritycheck Syntax Description DISable PIM BSMSecuritycheck This command disables PIM bootstrap message security checking. The switch stops checking that the source IP address of a bootstrap message is the expected address of the PIM neighbour. Bootstrap message security checking is enabled by default. You may need to disable it when interoperating with some PIM implementations.
66 enable igmpsnooping Software Reference enable igmpsnooping Syntax Description ENAble IGMPSNooping This command enables IGMP snooping on the switch. IGMP snooping is enabled by default. IGMP snooping can be enabled only when a free Layer 3 filter is available. Note that IGMP snooping is independent of IGMP, which is disabled by default.
IP Multicasting enable ip igmp debug 67 enable ip igmp allgroup Syntax ENAble IP IGMP ALLGroup=[port-list|ALL] where port-list is a port number, a range of port numbers (specified as n-m), or a comma separated list of port numbers and/or ranges. Port numbers start at 1 and end at m, where m is the highest numbered Ethernet switch port, including uplink ports. Description Example This command enables one or more ports to act like a router port.
68 enable ip igmp interface Software Reference enable ip igmp interface Syntax ENAble IP IGMP INTerface=interface where interface is an interface name formed by concatenating a Layer 2 interface type, an interface instance, and optionally a hyphen followed by a logical interface number from 0 to 15. If a logical interface number is not specified, 0 is assumed. Description This command enables IGMP on an IP interface.
IP Multicasting enable pim 69 enable ip mvr debug Syntax Description ENAble IP MVR DEBug={ALL|JOInt|LEAVe|MARL} This command enables the display of debugging messages when specific actions are taken. The current debug option may or may not be enabled. The default is enabled. If all is specified, debugging on all ports is enabled. If joint is specified, debugging of joint messages is enabled. If leave is specified, debugging of leave messages is enabled.
70 enable pim bsmsecuritycheck Software Reference enable pim bsmsecuritycheck Syntax Description ENAble PIM BSMSecuritycheck This command enables PIM bootstrap message security checking, which checks that the source IP address of a bootstrap message is the expected address of the PIM neighbour. This checking is enabled by default. You may need to disable it when interoperating with some PIM implementations.
IP Multicasting reset pim interface 71 purge pim Syntax Description PURge PIM This command purges all configuration information relating to the PIM multicast routing module, and reinitialises the data structures used by the module. It also stops the current PIM operation. It should be used when first setting up the PIM module or when a major change is required. Caution All current PIM configuration information will be lost.
72 set igmp filter Software Reference set igmp filter Syntax SET IGMP FILter=filter-id ENTry=1..65535 [GROupaddress={ipadd|ipadd-ipadd}] [MSGType={QUEry| REPort|LEAVe}] [ACtion={INCLude|EXCLude}] where: Description ■ filter-id is a decimal number from 1 to 99. ■ ipadd is an IP address in dotted decimal notation. This command modifies an entry in an IGMP filter. IGMP filters control a port’s membership of multicast groups by filtering incoming IGMP messages from hosts attached to the port.
IP Multicasting set igmpsnooping vlan 73 set igmpsnooping vlan Syntax SET IGMPSNooping VLAN={vlan-name|1..4094|ALL} [Fastleave={ON|OFF|YES|NO|True|False}] [QUErysolicit={OFF|NO|False|ON|YES|True}] where vlan-name is a unique name from 1 to 32 characters. Valid characters are uppercase and lowercase letters, digits, the underscore, and hyphen. The vlan-name cannot be a number or all. Description This command enables or disables Fast Leave processing and query solicitation for IGMP Snooping.
74 set igmpsnooping routermode Software Reference set igmpsnooping routermode Syntax Description SET IGMPSNooping ROUTERMode={ALL|DEFault|IP| MULTICAstrouter|NONE} This command determines the kinds of packets that IGMP snooping uses to indicate that a router is attached to a port. For more information, see “Downstream routers” on page 23. The all option specifies that all reserved multicast addresses (i.e. 224.0.0.1 to 224.0.0.255) are treated as router multicast addresses.
IP Multicasting set ip igmp 75 set ip igmp Syntax Description SET IP IGMP [LMQi=1..255] [LMQC=1..5] [QUEryinterval=1..65535] [QUERYREsponseinterval=1..255] [ROBustness=1..5] [TIMEOut=1..65535] This command sets operational timers and thresholds for IGMP. Caution The defaults for these timers suit most networks. Changing them to inappropriate values can cause IGMP to function in undesirable ways.
76 set ip igmp interface Software Reference set ip igmp interface Syntax SET IP IGMP INTerface=interface QUERYtimeout={NONE|0| 1..65535} where: ■ Description interface is an interface name formed by concatenating a Layer 2 interface type, an interface instance, and optionally a hyphen followed by a logical interface number from 0 to 15. If a logical interface is not specified, 0 is assumed.
IP Multicasting set ip mvr 77 set ip mvr Syntax SET IP MVR VLAN=1..4094 [IMTLeave=port-list] [MODe={DYnamic|COMpatible}] [RECeiverport=port-list] [SOurceport=port-list] where port-list is a port number, a range of port numbers (specified as n-m), or a comma-separated list of port numbers and/or ranges. Port numbers start at 1 and end at m, where m is the highest numbered Ethernet switch port. Description This command modifies MVR on a switch.
78 set pim Software Reference set pim Syntax Description SET PIM [ADVinterval={10..15000|DEFault}] [BSMinterval={10..15000|DEFault}] [JPInterval={1..65535|DEFault}] [KEEPalivetime={10..65535|DEFault}] [PRObetime={1..65535|DEFAULT}] [PRUNEholdtime={1..65535|DEFault}] [SOURCealivetime={10..65535|DEFault}] [SRINterval={10..255|DEFault}] [SUPPressiontime={1..65535|DEFault}] This command sets timers for PIM operations. Caution The defaults for these timers suit most networks.
IP Multicasting set pim log 79 The suppressiontime parameter specifies the register suppression time. This determines the interval at which the sender’s DR sends null register messages to the group’s RP to tell it to send another register stop message if it still does not need the data to be registered and sent to it. The default is 60 seconds. This timer applies to PIM-SM only.
80 set pim bsrcandidate Software Reference set pim bsrcandidate Syntax SET PIM BSRCandidate [HAShmasklength=0..32] [INTerface=interface] [PREFerence=0..255] where interface is the name of the interface over which multicast data is forwarded. The interface can be either a VLAN (e.g. vlan1) or a local interface (e.g. local1). Description This command sets the switch’s Bootstrap Router Candidate preference.
IP Multicasting set pim interface 81 set pim interface Syntax SET PIM INTerface=interface[DRPriority=0..4294967295] [ELectby={DRPriority|IPaddress}] [HEllointerval={10..15000|DEFault|65535}] [MODe={Dense| Sparse}] [SRCapable={Yes|No}] where interface is an interface name formed by concatenating a Layer 2 interface type, an interface instance, and optionally a hyphen followed by a logical interface number from 0 to 15. If a logical interface is not specified, 0 is assumed.
82 set pim interface Software Reference reset pim interface show pim show pim interface
IP Multicasting set pim rpcandidate 83 set pim rpcandidate Syntax SET PIM RPCandidate GROup=group-address [INTerface=interface] [MASK=ipaddress] [PRIOrity=0..255] where: Description ■ group-address is the IP address of the multicast group in dotted decimal notation ■ ipaddress is an IP address in dotted decimal notation ■ interface is the name of a VLAN (e.g. vlan1) or a local interface (e.g. local1). This command sets the rendezvous point candidate priority for the specified multicast groups.
84 show igmp filter Software Reference show igmp filter Syntax SHow IGMP FILter[=filter-id] where filter-id is a decimal number in the range 1 to 99 Description This command displays information about an IGMP filter or all IGMP filters (Figure 4, Table 1). If a filter is specified, only information about that filter is displayed. Figure 4: Example output from the show igmp filter command IGMP Filters ------------------------------------------------------------------------------No.
IP Multicasting Related Commands show igmp filter add igmp filter create igmp filter delete igmp filter destroy igmp filter set igmp filter 85
86 show igmpsnooping Software Reference show igmpsnooping Syntax SHow IGMPSNooping [VLAN={vlan-name|1..4094}] where vlan-name is a unique name for the VLAN 1 to 32 characters long. Valid characters are uppercase and lowercase letters, digits, the underscore, and the hyphen. Description This command displays information about IGMP snooping on a VLAN or VLANs (Figure 5, Table 2). If a vlan is specified, only output for that VLAN is displayed.
IP Multicasting show igmpsnooping 87 Table 2: Parameters in output of the show igmpsnooping command (cont.) Examples Parameter Meaning Static Router Ports A list of ports that have been statically configured as multicast router ports. These are in addition to any ports that the switch dynamically determines are multicast router ports. Query Solicitation Whether query solicitation is enabled on this VLAN. Group List A list of multicast group memberships for this VLAN.
88 show igmpsnooping counter Software Reference show igmpsnooping counter Syntax SHow IGMPSNooping COUnter [VLAN={vlan-name|1..4094}] where vlan-name is a unique name for the VLAN 1 to 32 characters long. Valid characters are uppercase and lowercase letters, digits, the underscore, and the hyphen. Description This command displays IGMP snooping counters on a VLAN or VLANs (Figure 6, Table 3). If a vlan is specified, only output for that VLAN is displayed.
IP Multicasting show igmpsnooping counter 89 Table 3: Parameters in output of the show igmpsnooping counter command (cont.) Examples Parameter Meaning inTotal The total number of IGMP messages that were received by the interface. badTotal The total number of IGMP messages with errors that were received by the interface.
90 show igmpsnooping routeraddress Software Reference show igmpsnooping routeraddress Syntax Description SHow IGMPSNooping ROUTERAddress This command displays the current list of configured IP multicast router addresses configured on the switch. Figure 7: Example output from the show igmpsnooping routeraddress command IGMP Snooping Router Address --------------------------------------------------------IGMP Snooping Router Mode .........
IP Multicasting show ip igmp 91 show ip igmp Syntax SHow IP IGMP [INTerface=interface] [DEStination=ipadd] where: Description ■ interface is an interface name formed by concatenating a Layer 2 interface type, an interface instance, and optionally a hyphen followed by a logical interface number from 0 to 15. If a logical interface is not specified, 0 is assumed. ■ ipadd is an IGMP multicast group address in dotted decimal notation.
92 show ip igmp Software Reference Table 5: Parameters in output of the show ip igmp command Parameter Meaning General information about IGMP Status Whether IGMP is enabled. Default Query Interval The default interval at which Host Membership Queries are sent. Default Timeout Interval The default interval after which entries are removed from the group database when no Host Membership Report is received.
IP Multicasting show ip igmp Table 5: Parameters in output of the show ip igmp command (cont.) Parameter Static Ports Examples Meaning The list of static ports listening to this group. This is a subset of the ports listed in the Ports field, and is only displayed for static groups on a VLAN. To display general information about IGMP, use the command: sh ip igmp To limit the display to IP interfaces that have multicast group memberships matching 224.*.*.*, use the command: sh ip igmp des=224.*.*.
94 show ip igmp counter Software Reference show ip igmp counter Syntax SHow IP IGMP COUnter [INTerface=interface] [DEStination=ipaddress] where: Description ■ interface is an interface name formed by concatenating a Layer 2 interface type, an interface instance, and optionally a hyphen followed by a logical interface number from 0 to 15. If a logical interface is not specified, 0 is assumed. ■ ipadd is an IGMP multicast group address in dotted decimal notation.
IP Multicasting show ip igmp counter 95 Table 6: Parameters in output of the show ip igmp counter command (cont.) Examples Parameter Meaning inV2Report The number of IGMP Version 2 membership report messages that were received by the interface. inLeave The number of IGMP Leave Group messages that were received by the interface. inTotal The total number of IGMP messages that were received by the interface.
96 show ip igmp counter destroy ip igmp destination disable ip igmp disable ip igmp interface enable ip igmp enable ip igmp interface set ip igmp show ip igmp Software Reference
IP Multicasting show ip igmp debug 97 show ip igmp debug Syntax Description SHow IP IGMP DEBug This command shows the IGMP debugging options that have been set. Figure 10: Example output from show ip igmp debug command IGMP Debugging Information -----------------------------------------------------------IGMP Debugging Enabled Filter by group destination 224.1.2.3 Filter by source IP 10.10.1.
98 show ip mvr Software Reference show ip mvr Syntax Description SHow IP MVR [VLAN=1..4094] This command displays all information about MVR on the switch (Figure 11, Table 8). The vlan parameter specifies the VLAN identifier of the multicast VLAN to be displayed. If none is provided, all multicast VLANs on the switch are displayed.
IP Multicasting show ip mvr counter 99 show ip mvr counter Syntax Description SHow IP MVR [VLAN=1..4094] COUnter This command displays the number of times a port has joined and/or left a multicast VLAN (Figure 12, Table 9). The vlan parameter specifies the VLAN identifier of the Multicast VLAN to be displayed. If none is provided, all multicast VLANs on the switch are displayed.
100 show pim Software Reference show pim Syntax Description SHow PIM This command displays detailed information about the PIM routing status on the switch, and is equivalent to specifying all of the following commands in the following order: 1. show PIM interface 2. show PIM route 3. show PIM neighbour 4. show PIM counters 5. show PIM debug 6. show PIM rpcandidate 7. show PIM bsrcandidate 8. show PIM rpset 9. show PIM timer 10.
IP Multicasting show pim bsrcandidate 101 show pim bsrcandidate Syntax Description SHow PIM BSRCandidate This command displays information about the switch as a BSR candidate for PIM-SM (Figure 13, Figure 14, Table 10). Figure 13: Example output from the show pim bsrcandidate command for an elected BSR PIM BSR Candidate -----------------------------------------------------------Preference ......................... 1 BSR State ......................... Elected BSR Elected BSR IP address .......... 101.
102 show pim config Software Reference show pim config Syntax Description SHow PIM CONFig This command lists the command line interface commands that make up the PIM configuration (Figure 15).
IP Multicasting show pim counters 103 show pim counters Syntax Description SHow PIM COUnters This command displays information about PIM counters (Figure 16, Figure 17, Table 11 on page 104). Figure 16: Example output from the show pim counters command for PIM Sparse Mode PIM4 Counters -----------------------------------------------------------Sparse Mode -----------------------------------------------------------: inHello .............. 14 outHello .............. 15 inRegister ............
104 show pim counters Software Reference Table 11: Parameters in output of the show pim counters command Parameter Meaning inHello The number of PIM hello messages received by the interface. inRegister The number of PIM register messages that were received by the interface. This parameter is displayed for PIM-SM interfaces only. inRegisterStop The number of PIM register stop messages received by the interface. This parameter is displayed for PIM-SM interfaces only.
IP Multicasting show pim counters 105 Table 11: Parameters in output of the show pim counters command (cont.) Examples Parameter Meaning outBSM The number of PIM bootstrap messages transmitted by the interface. This parameter is displayed for PIM-SM interfaces only. outCRPAdv The number of PIM candidate RP advertisement messages transmitted by the interface. This parameter is displayed for PIM-SM interfaces only. outSRM The number of PIM state refresh messages transmitted by the interface.
106 show pim counters Software Reference show pim debug show pim interface show pim neighbour show pim route show pim rpcandidate show pim rpset show pim timer
IP Multicasting show pim debug 107 show pim debug Syntax Description SHow PIM DEBug This command displays the list of PIM interface debugging options (Figure 18, Table 12). Figure 18: Example output from the show pim debug command PIM Debug Options -----------------------------------------------------------Debug Options Enabled: Join, Assert Logging Options Enabled : status Trapping Options Enabled: none Info (1097049): The PIM module is not enabled.
108 show pim interface Software Reference show pim interface Syntax Description SHow PIM INTerface This command displays information about all PIM interfaces and their designated router status (Figure 19, Figure 20, Table 13). Valid interfaces are: ■ VLAN (such as vlan1, vlan1-1) Figure 19: Example output from the show pim interface command for PIM Sparse Mode. PIM4 Sparse mode Interface Table -----------------------------------------------------------Interface ........................ IP address ....
IP Multicasting show pim interface 109 Table 13: Parameters in output of the show pim interface command (cont.) Examples Parameter Meaning Hello interval The interval, in seconds, at which the switch sends PIM Hello messages on this interface. The value 65535 indicates that the Hello message never expires.
110 show pim neighbour Software Reference show pim neighbour Syntax Description SHow pim NEIghbour This command displays information about the PIM Neighbour Table (Figure 21, Figure 22, Table 14). Figure 21: Example output from the show pim neighbour command for PIM Sparse Mode PIM4 Sparse mode Neighbour Table -----------------------------------------------------------Interface ........................ IP Address ..................... 137.39.3.93 DR Priority ..................
IP Multicasting show pim route 111 show pim route Syntax Description SHow PIM ROUte This command displays information about the internal PIM routing table, for PIM Sparse Mode (Figure 23, Figure 24 on page 112, Table 15 on page 112) and/or Dense Mode (Figure 25 on page 115, Table 16 on page 115). Figure 23: Example output from the show pim route command for PIM Sparse Mode, when the switch is the RP PIM4 Sparse Mode Tree Information Base -----------------------------------------------------------Group .
112 show pim route Software Reference Figure 24: Example output from the show pim route command for PIM Sparse Mode, when the switch is not the RP PIM4 Sparse Mode Tree Information Base -----------------------------------------------------------Group ............................ 224.1.1.1 Type ........................... (*,G) RP Address ................... 192.168.1.1 RPF Neighbour to RP .......... 192.168.2.1 RPF Interface to RP .......... Expiry time .................. 630 Join/prune time ............
IP Multicasting show pim route 113 Table 15: Parameters in output of the show pim route command for PIM Sparse Mode Parameter Entry Parameter for Type Entry Type Meaning Expiry time The time remaining until this entry is deleted, in seconds. A zero value indicates that the timer is not running. This timer decrements when there are no (S,G) entries. Join/prune time The join/prune timer in seconds.
114 show pim route Software Reference Table 15: Parameters in output of the show pim route command for PIM Sparse Mode Parameter Entry Parameter for Type Entry Type Meaning (S,G, rpt) The entry that is used for suppressing traffic on the RP tree from a particular source to a particular group. This entry applies when the traffic is known to be flowing down the shortest path tree, so the traffic is no longer needed via the RP tree. Source The IP address of the multicast sender.
IP Multicasting show pim route 115 Figure 25: Example output from the show pim route command for PIM Dense Mode PIM4 Dense Mode Tree Information Base -----------------------------------------------------------Source ......................... 172.95.1.1 Group .......................... 238.1.2.3 RPF Neighbour to Src ......... Directly connected RPF Interface to Src ......... Source Alive time ............ 200 Expiry time .................. 220 Prune override time .......... 0 Prune limit time ............
116 show pim route Examples Software Reference To display information about the internal PIM routing table, use the command: sh pim rou Related Commands disable pim enable pim set pim show pim show pim bsrcandidate show pim counters show pim debug show pim interface show pim neighbour show pim rpcandidate show pim rpset show pim timer
IP Multicasting show pim rpcandidate 117 show pim rpcandidate Syntax Description SHow PIM RPCandidate This command displays information about multicast groups for which the switch is a PIM-SM rendezvous point candidate (Figure 26, Table 17). Figure 26: Example output from the show pim rpcandidate command PIM4 RP Candidate -----------------------------------------------------------Priority ....................... 192 Interface .......................vlan1 Group address/Mask ........... 224.1.1.1 / 255.
118 show pim rpset Software Reference show pim rpset Syntax Description SHow PIM RPSet This command displays the static group-to-RP mapping (Figure 27, Table 18), followed by the elected bootstrap router’s current set of RP candidates and the groups they are configured for (Figure 28, Table 19). It applies to PIM-SM only.
IP Multicasting show pim rpset 119 Table 19: Parameters in output of the show pim rpset command when the RP is determined using the bootstrap mechanism Examples Parameter Meaning Holdtime The time in seconds for which this RP candidate is valid. Unless the RP advertisement is refreshed, the RP candidate is deleted when this time has elapsed.
120 show pim staterefresh Software Reference show pim staterefresh Syntax Description SHow PIM STATerefresh This command displays the internal State Refresh table for PIM-DM (Figure 29, Table 20). Figure 29: Example output from the show pim staterefresh command PIM4 Dense Mode State Refresh ----------------------------------------------------------Source .............................. 172.95.2.1 Group ............................... 238.1.2.3 Originator state ..................
IP Multicasting show pim timer 121 show pim timer Syntax Description SHow PIM TIMer This command displays information about timer intervals for PIM operations (Figure 30, Table 21). Figure 30: Example output from the show pim timer command PIM Timers -----------------------------------------------------------Join/Prune interval ................... 60 Register probe time ................... 5 Register suppression time ............. 60 Keep Alive time ....................... 210 BSM interval .............
Link Layer Discovery Protocol (LLDP) Introduction .......................................................................................................2 Link Layer Discovery Protocol .............................................................................2 Type Length Values ..................................................................................... 3 Transmission and Reception ........................................................................ 4 Storing LLDP Information .............
2 Software Reference Introduction This chapter describes the Link Layer Discovery Protocol (LLDP), how it is implemented on the switch, and how to configure the switch to use it. LLDP is a neighbour discovery protocol. Neighbour discovery protocols define standard methods for Ethernet network devices, such as switches and routers, to receive and/or transmit device-related information to other nodes on the network, and to store the information that is learned about other devices.
Link Layer Discovery Protocol (LLDP) 3 Type Length Values The LLDP agent transmits and receives information via LLDPDUs. A single LLDPDU contains multiple advertisement messages, each of which is communicated within a Type Length Value (TLV). TLVs are short information elements which communicate complex data, such as variable length strings, in an organized format.
4 Software Reference Optional TLVs You can configure the switch to send up to five optional TLVs alongside the mandatory TLVs in each LLDPDU. The the following table describes the optional TLVS from the LLDP-defined Basic Management TLV Set. Optional TLV Description Port description A description of the device’s port in alpha-numeric format. System name The system's assigned name in alpha-numeric format. System description A description of the device in alpha-numeric format.
Link Layer Discovery Protocol (LLDP) 5 Transmission When LLDP transmission is enabled, the LLDP agent advertises information about your switch to neighbours at regular, user-configured intervals. Each transmitted LLDPDU contains the mandatory TLVs, and any optional TLVs that you have enabled. See “Type Length Values” on page 3 for more information about TLVs. Or, see “Configuring LLDP” on page 8 to find out how to configure the TLVs that are advertised on your switch.
6 Software Reference Storing LLDP Information Whenever an LLDP device receives a valid and current LLDP advertisement from a neighbouring network device, it stores the information in an IEEEdefined Simple Network Management Protocol (SNMP) Management Information Base (MIB). For more information, see Section 12.2 of the IEEE Standard 802.1AB-2005. LLDP Local System MIB Information about your device is called local system information.
Link Layer Discovery Protocol (LLDP) 7 Once either of these limits is reached, the LLDP agent stops processing new neighbours. This condition is called toomanyneighbours. For more information, see Section 10.3.4 of the IEEE Standard 802.1AB-2005. When the toomanyneighbours condition occurs, a trigger is sent, and a log is activated. For more information, see LLDP Triggers on page 10, and Appendix A, Messages.
8 Software Reference Configuring LLDP LLDP is best configured and managed with SNMP, however you can also use the command line interface (CLI). This section contains an example of a basic LLDP configuration using the CLI. Enabling and disabling LLDP By default, LLDP is disabled.
Link Layer Discovery Protocol (LLDP) To clear all remote LLDP MIB data, and start the LLDP re-initialization procedure, use the command: reset lldp [other-options] Monitoring LLDP To display general LLDP information, use the command: show lldp [other-options] To display information about LLDP counters, use the command: show lldp counters [other-options] To display information about LLDP memory, use the command: show lldp memory [other-options] To display detailed information about LLDP neighbours, use
10 Software Reference LLDP Triggers You can use the Trigger Facility to automatically run specific command scripts when particular triggers are activated. When a trigger is activated by an event, parameters specific to the event are passed to the script that is run. Triggers can be activated: ■ when the LLDP remote systems MIB changes ■ when LLDP too many neighbour events occur For more information about the Trigger Facility, see Chapter 5, Trigger Facility.
Link Layer Discovery Protocol (LLDP) disable lldp managementaddress 11 Command Reference This section describes the commands available on the switch to enable, configure, control and monitor LLDP. The shortest valid command is denoted by capital letters in the Syntax section. See “Conventions” on page lxxxii of About this Software Reference in the front of this manual for details of the conventions used to describe command syntax.
12 disable lldp notifications Software Reference disable lldp notifications Syntax Description DISable LLDP NOTIfications [POrt={ALL|port-list}] This command stops the switch from sending LLDP SNMP notifications from the specified ports. Notifications are SNMP traps, triggers, and logs. Use the port parameter to specify the ports for which to disable LLDP notifications, either a list of ports or all ports. port-list can be any/all of the following: ■ a single switch port number.
Link Layer Discovery Protocol (LLDP) disable lldp port 13 disable lldp port Syntax Description DISable LLDP POrt={ALL|port-list} [{TX|RX|TXRX}] This command disables the specified LLDP actions on the specified ports, either tx (transmission), rx (reception), or txrx (both). By default, all LLDP actions are disabled for all ports. Parameter Description POrt The ports for which to disable the specified LLDP actions, either a list of ports or all ports.
14 disable lldp portdescription Software Reference disable lldp portdescription Syntax Description DISable LLDP PORTDescription [POrt={ALL|port-list}] This command stops the switch from advertising the port description TLV on the specified ports. This is the IEEE 802 LAN station's port description that is associated with the local system. The LLDP agent now sends LLDPDUs without port description information.
Link Layer Discovery Protocol (LLDP) disable lldp systemcapabilities 15 disable lldp systemcapabilities Syntax Description DISable LLDP SYSTEMCapabilities [POrt={ALL|port-list}] This command stops the switch from advertising the system capabilities TLV on the specified ports. System capabilities are the primary functions of your system, including bridge and/or switch. The LLDP agent now sends LLDPDUs without system capabilities information.
16 disable lldp systemdescription Software Reference disable lldp systemdescription Syntax Description DISable LLDP SYSTEMDescription [POrt={ALL|port-list}] This command stops the switch from advertising the system description TLV on the specified ports. This is the description of the local system, and is displayed in output of the show system command. The LLDP agent now sends LLDPDUs without system description information.
Link Layer Discovery Protocol (LLDP) disable lldp systemname 17 disable lldp systemname Syntax Description DISable LLDP SYSTEMName [POrt={ALL|port-list}] This command stops the switch from advertising the system name TLV on the specified ports. The LLDP agent now excludes the local system name information from any LLDPDUs it sends. Use the port parameter to specify the ports for which to disable system name TLV advertisement, either a list of ports or all ports.
18 enable lldp managementaddress Software Reference enable lldp managementaddress Syntax Description ENAble LLDP MANAgementaddress [POrt={ALL|port-list}] This command enables management address TLV advertisement on the specified ports. The LLDP agent now includes management address information in any LLDPDUs it sends. By default, the managementaddress is the MAC address of the switch. To advertise the IPv4 management address of the local LLDP agent instead, use the set lldp managementaddress command.
Link Layer Discovery Protocol (LLDP) enable lldp notifications 19 enable lldp notifications Syntax Description ENAble LLDP NOTIfications [POrt={ALL|port-list}] This command enables the switch to send LLDP SNMP notifications from the specified ports. Notifications are SNMP traps, triggers, and logs. Use the port parameter to specify the ports for which to enable LLDP notifications, either a list of ports or all ports. port-list can be any/all of the following: ■ a single switch port number.
20 enable lldp port Software Reference enable lldp port Syntax Description ENAble LLDP POrt={ALL|port-list} [{TX|RX|TXRX}] This command enables the specified LLDP actions on the specified ports, either tx (transmission), rx (reception), or txrx (both). By default, all LLDP actions are disabled for all ports. Parameter Description POrt The ports for which to enable the specified LLDP actions, either a list of ports or all ports. port-list can be any/all of the following: • a single switch port number.
Link Layer Discovery Protocol (LLDP) enable lldp portdescription 21 enable lldp portdescription Syntax Description ENAble LLDP PORTDescription [POrt={ALL|port-list}] This command enables port description TLV advertisement on the specified ports. The IEEE 802 LAN station's port description that is associated with the local system. You can set this using the set switch port description command. Note that you cannot set an Ethernet port’s description, because Ethernet ports are static.
22 enable lldp systemcapabilities Software Reference enable lldp systemcapabilities Syntax Description ENAble LLDP SYSTEMCapabilities [POrt={ALL|port-list}] This command enables system capabilities TLV advertisement on the specified ports. System capabilities are the primary functions of your system, including bridge and/or switch. The LLDP agent now includes system capabilities information in any LLDPDUs it sends.
Link Layer Discovery Protocol (LLDP) enable lldp systemdescription 23 enable lldp systemdescription Syntax Description ENAble LLDP SYSTEMDescription [POrt={ALL|port-list}] This command enables system description TLV advertisement on the specified ports. This is the description of the local system, and is displayed in output of the show system command. The LLDP agent now includes system description information in any LLDPDUs it sends.
24 enable lldp systemname Software Reference enable lldp systemname Syntax Description ENAble LLDP SYSTEMName [POrt={ALL|port-list}] This command enables system name TLV advertisement on the specified ports. The LLDP agent now includes local system name information in any LLDPDUs it sends. Use the port parameter to specify the ports for which to enable system name TLV advertisement, either a list of ports or all ports. port-list can be any/all of the following: ■ a single switch port number.
Link Layer Discovery Protocol (LLDP) set lldp managementaddress 25 reset lldp Syntax Description RESET LLDP This command clears all your remote LLDP MIB data, and starts the LLDP reinitialization procedure. LLDP reverts to the previous, user-defined configuration. This command does not reset LLDP MIB counters because these counters cannot be reset.
26 set lldp notification interval Software Reference set lldp notification interval Syntax Description SET LLDP NOTIFicationinterval=5..3600 This command sets the amount of time between LLDP notifications. Notifications include SNMP traps, log messages and triggers. The notificationinterval parameter is the number of seconds to elapse between LLDP notifications.The notification interval prevents multiple notifications occurring within the given time. The default is 5.
Link Layer Discovery Protocol (LLDP) set lldp txdelay 27 set lldp txdelay Syntax Description SET LLDP TXDelay=1..8192 This command changes the default time delay between successive LLDP transmissions initiated by value or status changes in the local LLDP MIB. For more information, see Transmission delay timer on page 5. This is the LLDP MIB object lldpTxDelay. For more information, see Section 12 of the IEEE Standard 802.1AB-2005.
28 set lldp txhold Software Reference set lldp txhold Syntax Description SET LLDP TXHold=2..10 This command changes the default value of the LLDP MIB object lldpMessageTxHoldMultiplier. For more information, see Section 12 of the IEEE Standard 802.1AB-2005. The txhold parameter specifies the multiplier on the msgTxInterval parameter of the set lldp txinterval command. The default is 4. Changing the default can affect LLDP operation.
Link Layer Discovery Protocol (LLDP) show lldp 29 show lldp Syntax Description SHow LLDP [LOCALData] [POrt={ALL|port-list}] [DETail] This command displays information about your LLDP configuration. If no optional parameters are specified, the global LLDP configuration is displayed. Parameter Description LOCALData Displays additional LLDP local system data for the specified ports, or all ports if you do not specify the port parameter.
30 show lldp Software Reference Figure 1: Example output from the show lldp port command LLDP configuration LLDP global configuration: msgTxInterval ......................... msgTxHold ............................. reinitDelay ........................... txDelay ............................... Notification interval ................. Management address .................... Total current neighbours .............. Too many neighbours events ............ System errors .........................
Link Layer Discovery Protocol (LLDP) show lldp Figure 2: Example output from the show lldp localdata port=1,2 command LLDP configuration LLDP global configuration: msgTxInterval ......................... msgTxHold ............................. reinitDelay ........................... txDelay ............................... Notification interval ................. Management address .................... Total current neighbours .............. Too many neighbours events ............ System errors ............
32 show lldp Software Reference Figure 3: Example output from the show lldp port=1,3 detail command LLDP configuration LLDP global configuration: msgTxInterval ......................... msgTxHold ............................. reinitDelay ........................... txDelay ............................... Notification interval ................. Management address .................... Total current neighbours .............. Too many neighbours events ............ System errors .........................
Link Layer Discovery Protocol (LLDP) show lldp 33 Table 1: Parameters in output of the show lldp command Parameter Meaning LLDP global configuration msgTxInterval The time interval in seconds between which the switch transmits LLDPDUs on behalf of the LLDP agent. You can set this using the set lldp txinterval command. msgTxHold The current multiplier on msgTxInterval. You can set this using the set lldp txhold command.
Table 1: Parameters in output of the show lldp command (cont.) Parameter Meaning LLDP TLVs A list of the LLDP optional TLVs currently advertised on the listed ports, one or more of: • PD - Port Description • SN - System Name • SD - System Description • SC - System Capabilities • MA - Management Address LLDP local system data This section is displayed only when you specify the localdata parameter.
Link Layer Discovery Protocol (LLDP) show lldp 35 Table 1: Parameters in output of the show lldp command (cont.) Parameter Meaning adminStatus The LLDP transmission and reception status of the port, one of: • txOnly Transmission is enabled only • rxOnly Reception is enabled only • txAndrx Both transmission and reception are enabled • disabled Both transmission and reception are disabled You can enable a value of txOnly, rxOnly, or txAndrx for the port using the enable lldp port command.
36 show lldp counters Software Reference show lldp counters Syntax Description SHow LLDP COUnters [POrt={ALL|port-list}] [DETail] This command displays information about LLDP counters in your configuration. If no optional parameters are specified, global LLDP counters are displayed. For information about LLDP counters, see the IEEE Standard 802.1AB-2005. Parameter Description POrt The ports for which to display LLDP counter information, either a list of ports or all ports.
Link Layer Discovery Protocol (LLDP) show lldp counters 37 Figure 5: Example output from the show lldp counters port=1,2 detail command LLDP counters information LLDP statistics Remote tables Remote tables Remote tables Remote tables Remote tables group: last change time .......... inserts ................... deletes ................... drops ..................... ageouts ................... 00:12:30 (75038) 1 0 0 0 LLDP port statistics: Port 1: framesIn ..................... framesDiscarded .........
38 show lldp counters Software Reference Table 2: Parameters in output of the show lldp counters command (cont.) Parameter Meaning LLDP port statistics A list of LLDP frame counters for each specified LLDP port. Examples framesIn The total number of LLDP frames received by the port. framesOut The total number of LLDP frames transmitted from the port. framesDiscarded The total number of LLDP frames received and subsequently discarded.
Link Layer Discovery Protocol (LLDP) show lldp memory 39 show lldp memory Syntax Description SHow LLDP MEMory This command displays the available memory for LLDP, the total memory usage by LLDP as a whole, and the amount of memory used by the remote systems MIB. This information is displayed both in kbps and as a percentage.
40 show lldp neighbour Software Reference show lldp neighbour Syntax Description SHow LLDP NEIghbour [POrt={ALL|port-list}] [DETail] This command displays information about neighbours discovered on the specified ports. If no optional parameters are specified, information about all LLDP neighbours is displayed. Parameter Description POrt The ports for which to display LLDP neighbour information, either a list of ports or all ports.
Link Layer Discovery Protocol (LLDP) show lldp neighbour Figure 8: Example output from the show lldp neighbour port=1,2 detail command LLDP neighbour information Neighbour information for port 1: There are no neighbours for this port. Neighbour information for port 2: Remote index 1: lldpRemTable: lldpRemLocalPortNum ................. 2 lldpRemIndex ........................ 1 lldpRemTimeMark ..................... 89148 lldpRemChassisIdSubtype ............. 4 lldpRemChassisId ....................
42 show lldp neighbour Software Reference Table 4: Parameters in output of the show lldp neighbour command Parameter Meaning remoteIndex A unique neighbour identity assigned to each neighbour added to the remote system MIBs. timeMark The number of centiseconds since this neighbour was added. chassisId The chassis identity of the neighbour. sysName The system name of the neighbour’s system. lldpRemTable This information is displayed when you enter the detailed parameter.
Link Layer Discovery Protocol (LLDP) show lldp neighbour 43 Table 4: Parameters in output of the show lldp neighbour command (cont.) Parameter Meaning lldpRemOrgDefInfoSubtype The subtype of the organisationally defined information received from the neighbour. lldpRemOrgDefInfoIndex An arbitrary local integer value used by your LLDP agent to identify a particular, unrecognized, organisationally defined information instance.
MAC-Forced Forwarding Introduction .......................................................................................................2 Overview of MAC-Forced Forwarding ................................................................2 Configuring an Ethernet Access Node ................................................................4 Monitoring and Troubleshooting ........................................................................7 Debugging ......................................................
2 Software Reference Introduction This chapter describes MAC-Forced Forwarding, how it is implemented, and how to configure it on the switch. MAC-Forced Forwarding is a method for subscriber separation on a network. It is appropriate for IPv4 Ethernet based networks, where a layer 2 bridged segment separates downstream clients from their upstream IPv4 gateways, known as Access Routers (ARs). MAC-Forced Forwarding directs all traffic from a client to a specific AR.
MAC-Forced Forwarding 3 Figure 1: Example Ethernet network with layer 2 bridging devices separating ARs and their clients aggregation network access router access router application server aggregation network Ethernet Access Nodes (EANs) client networks macff_s MAC-Forced Forwarding with DHCP snooping MAC-Forced Forwarding is designed to work in conjunction with DHCP snooping. DHCP snooping looks for DHCP ACK messages sent from DHCP servers to clients.
4 Software Reference Configuring an Ethernet Access Node To implement MAC-Forced Forwarding, configure the EAN to: ■ isolate clients within a subnet from one another. See “Isolating clients using VLANs” on page 4. ■ gather the details of any clients, ARs and ASs on the network. See “Using the DHCP Snooping Database” on page 5. ■ proxy ARP on behalf of ARs and ASs. See “Enabling MAC-Forced Forwarding” on page 5. ■ prevent malicious spoofing or traffic from clients.
MAC-Forced Forwarding 5 Using the DHCP Snooping Database MAC-Forced Forwarding gathers the AR, AS and client details from the DHCP snooping database.
6 Software Reference Using DHCP filtering and ARP security ARP security To permit only trusted clients to access the network, you must enable ARP security. This ensures that only the clients listed in the DHCP snooping database can send ARP messages into the network. To enable ARP security, use the command: enable dhcpsnooping arpsecurity For more information, see “DHCP Snooping ARP Security” in the DHCP Snooping chapter of your Software Reference.
MAC-Forced Forwarding 7 Monitoring and Troubleshooting To see a summary of the VLANs with MAC-Forced Forwarding enabled, use the command: show macff [counter] To see details about a specific VLAN, use the command: show macff interface=vlan To see detailed counters for the traffic flowing through a VLAN, or through specific ports on a VLAN, use the command: show macff interface=vlan [port=port-list] counter To see a detailed list of clients in the DHCP snooping database, use the command: show dhcpsnoopi
8 Software Reference Configuration Examples For an example of how to configure the switch to perform MAC-Forced Forwarding, see How to Use MAC-Forced Forwarding with DHCP Snooping to Create Enhanced Private VLANs. This How To Note is available from www.alliedtelesis.co.uk/site/solutions/techdocs.asp?area=howto.
MAC-Forced Forwarding add macff server 9 Command Reference This section describes the commands available on the switch to configure MAC-Forced Forwarding. The shortest valid command is denoted by capital letters in the Syntax section. See “Conventions” in About this Software Reference in the front of your Software Reference for details of the conventions used to describe command syntax. See Appendix A, Messages for a complete list of messages and their meanings.
10 delete macff server Software Reference delete macff server Syntax Description DELete MACFF SERVER INTerface=vlan IPaddress=ipadd This command deletes a static AR or AS entry from the DHCP snooping database. The switch no longer sends proxy ARP replies on behalf of the AR or AS, and clients can no longer access the AR or AS. This command requires a user with security officer privilege when the switch is in security mode.
MAC-Forced Forwarding disable macff interface 11 disable macff interface Syntax Description DISable MACFF INTerface=vlan This command disables MAC-Forced Forwarding on the specified VLAN. Normal ARP behaviour recommences on this VLAN. vlan is the name of a VLAN interface such as vlan46 or vlan122. The specified VLAN must be a private VLAN. The switch’s default interface, vlan1, is public and cannot have MAC-Forced Forwarding enabled (or disabled) on it.
12 disable macff interface debug Software Reference disable macff interface debug Syntax Description DISable MACFF INTerface=vlan DEBug={ALL|ARP|DHCP|ERRor|PACKet|SERVER|TRAce} This command disables debugging for MAC-Forced Forwarding. This command requires a user with security officer privilege when the switch is in security mode. Parameter Description INTerface The interface that debugging is disabled on. vlan is the name of a VLAN interface such as vlan46 or vlan122.
MAC-Forced Forwarding enable macff interface 13 enable macff interface Syntax Description ENAble MACFF INTerface=vlan This command enables MAC-Forced Forwarding on the specified VLAN. When a client attached to the VLAN sends an ARP request, MAC-Forced Forwarding responds by sending a proxy ARP reply on behalf of the client’s AR. This prevents clients from learning the MAC addresses of other clients within their subnet, and ensures that all traffic is routed to a specific AR.
14 enable macff interface debug Software Reference enable macff interface debug Syntax Description ENAble MACFF INTerface=vlan DEBug={ALL|ARP|DHCP|ERRor|PACKet|SERVER|TRAce} This command enables debugging of MAC-Forced Forwarding on the specified VLAN. You can use debugging to find out what information is coming in on a VLAN, when a new client, AR or AS is discovered or deleted, and to do in-depth packet debugging of MAC-Forced Forwarding on your network.
MAC-Forced Forwarding reset macff counter 15 reset macff counter Syntax Description RESEt MACFF COUNTer [POrt=port-list] This command resets all the current MAC-Forced Forwarding counter information for a range of ports, or all ports. The port parameter allows you to select only a subset of ports to reset the counters for. port-list is either a specific port, a range of ports using a hyphen to specify the range (n-m), or a comma-separated list of ports or port ranges.
16 set macff server Software Reference set macff server Syntax Description SET MACFF SERVer INTerface=vlan IPaddress=ipadd DESCription={desc} This command allows you to change the description of a statically configured AR or AS. You cannot modify the IP address or interface, as these two values are used as unique keys to permit device identification. This command requires a user with security officer privilege when the switch is in security mode.
MAC-Forced Forwarding show macff show macff Syntax Description SHOW MACFF [COUnter] This command displays a summary of the VLANs with MAC-Forced Forwarding enabled on them, and MAC-Forced Forwarding status details (Figure 2, Figure 3, Table 1 on page 18). The counter parameter displays the combined counters for all VLANs, and counters for server activity on all VLANs.
18 show macff Software Reference Table 1: Parameters in the output of the show macff [counter] command Parameter Meaning VLAN Interface The VLAN for which MAC-Forced Forwarding information is displayed. Dbg Whether debugging is currently executing on the VLAN; “<*>” indicates yes, a blank space indicates no. IP Address Current IP address assigned to the specified VLAN. State Status of MAC-Forced Forwarding on the VLAN, either ENABLED or DISABLED.
MAC-Forced Forwarding show macff 19 Table 1: Parameters in the output of the show macff [counter] command (cont.) Example Parameter Meaning ARP Still Valid Number of ARP resolution requests where the correct details for the AR or AS are already in the DHCP snooping database. Static Add Number of entries in the DHCP snooping database that were added using add macff server. Static Delete Number of entries in the DHCP snooping database that were removed using delete macff server.
20 show macff database Software Reference show macff database Syntax Description SHOW MACFF DATABase This command displays a detailed list of the ARs and ASs held in the DHCP snooping database (Figure 4, Table 2). Figure 4: Example output from the show macff database command Vlan .................... IP Address .............. Description ............. MAC Address ............. Server type ............. vlan2 82.20.54.1 DHCP Server (Nerv) 00-00-04-01-16-13 Static, Dynamic(4) Vlan ....................
MAC-Forced Forwarding show macff database 21 Table 2: Parameters in the output of the show macff database command Parameter Meaning Vlan VLAN interface that the AR or AS is attached to. IP Address IP address of the AR or AS. Description Description given to a statically defined AR or AS, as set with the add macff server and set macff server commands. A “-” is shown for dynamically defined entries, or static entries without a description. MAC Address MAC address of the AR or AS.
22 show macff interface Software Reference show macff interface Syntax Description SHOW MACFF INTerface=vlan This command displays the current status of MAC-Forced Forwarding on the specified VLAN (Figure 5, Table 3 on page 22). vlan is the name of a VLAN interface such as vlan46 or vlan122. Figure 5: Example output from the show macff interface command MAC Forced Forwarding Information: -----------------------------------------------------------------------------Interface ...............
MAC-Forced Forwarding show macff interface 23 Table 3: Parameters in the output of the show macff interface command (cont.) Parameter Meaning Server Type How the EAN knows of the AR or AS. • “Dynamic” means that DHCP snooping added the AR. The number in brackets is the number of DHCP snooping clients that can access this AR. • “Static” means the AR or AS was statically defined using the add macff server command.
24 show macff interface counter Software Reference show macff interface counter Syntax Description SHOW MACFF INTerface=vlan [POrt=port-list] COUNTer This command displays MAC-Forced Forwarding counters for each port on an VLAN (Figure 6, Table 4). The port parameter allows you to select only a subset of ports to display information about. port-list is either a specific port, a range of ports using a hyphen to specify the range (n-m), or a comma-separated list of ports or port ranges.
MAC-Forced Forwarding show macff interface counter 25 Table 4: Parameters in the output of the show macff interface counter command (cont.) Parameter Meaning Active Servers Number of ARs and ASs in use by clients on this VLAN. Debugging Debugging modes that are enabled on the VLAN. Counters for Port: Specific port that the counters are for. ARP Counters Example Requests Number of ARP Requests received by MAC-Forced Forwarding from clients on this port.
