DES-3550 Layer 2 Switch Command Line Interface Reference Manual First Edition (February 2004) 651ES3550015 Printed In Taiwan RECYCLABLE
Wichtige Sicherheitshinweise 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. Bitte lesen Sie sich diese Hinweise sorgfältig durch. Heben Sie diese Anleitung für den spätern Gebrauch auf. Vor jedem Reinigen ist das Gerät vom Stromnetz zu trennen. Vervenden Sie keine Flüssig- oder Aerosolreiniger. Am besten dient ein angefeuchtetes Tuch zur Reinigung. Um eine Beschädigung des Gerätes zu vermeiden sollten Sie nur Zubehörteile verwenden, die vom Hersteller zugelassen sind.
Limited Warranty Hardware: D-Link warrants each of its hardware products to be free from defects in workmanship and materials under normal use and service for a period commencing on the date of purchase from D-Link or its Authorized Reseller and extending for the length of time stipulated by the Authorized Reseller or D-Link Branch Office nearest to the place of purchase.
Subject to the terms and conditions set forth herein, D-Link Systems, Inc. (“D-Link”) provides this Limited warranty for its product only to the person or entity that originally purchased the product from: D-Link or its authorized reseller or distributor and Products purchased and delivered within the fifty states of the United States, the District of Columbia, U.S. Possessions or Protectorates, and U.S. Military Installations, addresses with an APO or FPO.
inventory clearance or liquidation sales or other sales in which D-Link, the sellers, or the liquidators expressly disclaim their warranty obligation pertaining to the product. Repair by anyone other than D-Link or an Authorized D-Link Service Office will void this Warranty.
Table of Contents Introduction ...................................................................................................................................................................................... 1 Using the Console CLI..................................................................................................................................................................... 4 Command Syntax ............................................................................................
Single IP Management Commands...............................................................................................................................................187 Command History List..................................................................................................................................................................198 Technical Specifications .............................................................................................................................
1 I NTRODUCTION The Switch can be managed through the Switch’s serial port, Telnet, or the Web-based management agent. The Command Line Interface (CLI) can be used to configure and manage the Switch via the serial port or Telnet interfaces. This manual provides a reference for all of the commands contained in the CLI. Configuration and management of the switch via the Web-based management agent is discussed in the User’s Guide.
Figure 1-2. Boot Screen The Switch’s MAC address can also be found in the Web management program on the Switch Information (Basic Settings) window on the Configuration menu. The IP address for the switch must be set before it can be managed with the Web-based manager. The Switch IP address can be automatically set using BOOTP or DHCP protocols, in which case the actual address assigned to the switch must be known.
In the above example, the Switch was assigned an IP address of 10.53.13.144/8 with a subnet mask of 255.0.0.0. The system message Success indicates that the command was executed successfully. The Switch can now be configured and managed via Telnet, SNMP MIB browser and the CLI or via the Web-based management agent using the above IP address to connect to the Switch.
2 U SING THE C ONSOLE CLI The DES-3550 supports a console management interface that allows the user to connect to the switch’s management agent via a serial port and a terminal or a computer running a terminal emulation program. The console can also be used over the network using the TCP/IP Telnet protocol. The console program can be used to configure the Switch to use an SNMP-based network management software over the network.
Commands are entered at the command prompt, DES-3550:4#. There are a number of helpful features included in the CLI. Entering the ? command will display a list of all of the top-level commands. Figure 2-2. The ? Command When you enter a command without its required parameters, the CLI will prompt you with a Next possible completions: message. Figure 2-3. Example Command Parameter Help In this case, the command config account was entered with the parameter .
Figure 2-4. Using the Up Arrow to Re-enter a Command In the above example, the command config account was entered without the required parameter , the CLI returned the Next possible completions: prompt. The up arrow cursor control key was pressed to re-enter the previous command (config account) at the command prompt. Now the appropriate username can be entered and the config account command re-executed. All commands in the CLI function in this way.
Figure 2-6. Next possible completions: Show Command In the above example, all of the possible next parameters for the show command are displayed. At the next command prompt, the up arrow was used to re-enter the show command, followed by the account parameter. The CLI then displays the user accounts configured on the Switch.
3 C OMMAND S YNTAX The following symbols are used to describe how command entries are made and values and arguments are specified in this manual. The online help contained in the CLI and available through the console interface uses the same syntax. Note: All commands are case-sensitive. Be sure to disable Caps Lock or any other unwanted function that changes text case. Purpose Encloses a variable or value that must be specified.
{braces} Description In the above syntax example, you have the option to specify config or detail. It is not necessary to specify either optional value, however the effect of the system reset is dependent on which, if any, value is specified. Therefore, with this example there are three possible outcomes of performing a system reset. See the following chapter, Basic Commands for more details about the reset command.
4 B ASIC S WITCH C OMMANDS The basic switch commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table.
Example usage: To create an administrator-level user account with the username “dlink”. DES-3550:4#create account admin dlink Command: create account admin dlink Enter a case-sensitive new password:**** Enter the new password again for confirmation:**** Success. DES-3550:4# config account Purpose Used to configure user accounts Syntax config account Description The config account command configures a user account that has been created using the create account command.
show account Description Displays all user accounts created on the switch. Up to 8 user accounts can exist on the switch at one time. Parameters None. Restrictions Only Administrator-level users can issue this command.
show session Syntax show session Description This command displays a list of all the users that are logged-in at the time the command is issued. Parameters None Restrictions None.
System Location System Contact Spanning Tree GVRP IGMP Snooping TELNET WEB RMON Asymmetric VLAN : 7th_flr_east_cabinet : Julius_Erving_212-555-6666 : Disabled : Disabled : Disabled : Enabled (TCP 23) : Enabled (TCP 80) : Enabled : Disabled DES-3550:4# show serial_port Purpose Used to display the current serial port settings. Syntax show serial_port Description This command displays the current serial port settings. Parameters None.
config serial_port 19200, 38400, 115200. never − No time limit on the length of time the console can be open with no user input. 2_minutes − The console will log out the current user if there is no user input for 2 minutes. 5_minutes − The console will log out the current user if there is no user input for 5 minutes. 10_minutes − The console will log out the current user if there is no user input for 10 minutes. 15_minutes − The console will log out the current user if there is no user input for 15 minutes.
DES-3550:4#enable clipaging Command: enable clipaging Success. DES-3550:4# disable clipaging Purpose Used to disable the pausing of the console screen scrolling at the end of each page when the show command displays more than one screen of information. Syntax disable clipaging Description This command is used to disable the pausing of the console screen at the end of each page when the show command would display more than one screen of information. Parameters None.
DES-3550:4#enable telnet 23 Command: enable telnet 23 Success. DES-3550:4# disable telnet Purpose Used to disable the Telnet protocol on the switch. Syntax disable telnet Description This command is used to disable the Telnet protocol on the switch. Parameters None. Restrictions Only administrator-level users can issue this command. Example usage: To disable the Telnet protocol on the switch: DES-3550:4#disable telnet Command: disable telnet Success.
DES-3550:4#enable web 80 Command: enable web 80 Success. DES-3550:4# disable web Purpose Used to disable the HTTP-based management software on the switch. Syntax disable web Description This command disables the Web-based management software on the switch. Parameters None. Restrictions Only administrator-level users can issue this command. Example usage: To disable HTTP: DES-3550:4#disable web Command: disable web Success.
DES-3550:4#save Command: save Saving all configurations to NV-RAM... Done. DES-3550:4# reboot Purpose Used to restart the switch. Syntax reboot Description This command is used to restart the switch. Parameters None. Restrictions None. Example usage: To restart the switch: DES-3550:4#reboot Command: reboot Are you sure want to proceed with the system reboot? (y|n) Please wait, the switch is rebooting... reset Purpose Used to reset the switch to the factory default settings.
To restore all of the switch’s parameters to their default values: DES-3550:4#reset config Command: reset config Are you sure to proceed with system reset?(y/n) Success. DES-3550:4# login Purpose Used to log in a user to the switch’s console. Syntax login Description This command is used to initiate the login procedure. The user will be prompted for his Username and Password. Parameters None. Restrictions None.
5 S WITCH P ORT C OMMANDS The switch port commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters config ports [ {speed [auto | 10_half | 10_full |100_half | 100_full | 1000_full} | flow_control [enable | disable] | learning [enable | disable] state [enable | disable]} description show ports {description} Each command is listed, in detail, in the following sections.
To configure the speed of port 3 to be 10 Mbps, full duplex, with learning and state enabled: DES-3550:4#config ports 1-3 speed 10_full learning enabled state enabled Command: config ports 1-3 speed 10_full learning enabled state enabled Success. DES-3550:4# show ports Purpose Used to display the current configuration of a range of ports. Syntax show ports {description} Description This command is used to display the current configuration of a range of ports.
Example usage: To display the configuration of all ports on a switch, with description: DES-3550:4#show ports description Command: show ports description Port Port Settings State Speed/Duplex/FlowCtrl Speed/Duplex/FlowCtrl ------ -------1 Connection --------------------- Address Learning --------------------- -------- Link Down Enabled Link Down Enabled Link Down Enabled Link Down Enabled Link Down Enabled Link Down Enabled Link Down Enabled Link Down Enabled Link Down Enabled L
6 P ORT S ECURITY C OMMANDS The switch port security commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table.
To configure the port security: DES-3550:4#config port_security ports 1-5 admin_state enable max_learning_addr 5 lock_address_mode DeleteOnReset Command: config port_security ports 1-5 admin_state enable max_learning_addr 5 lock_address_mode DeleteOnReset Success. DES-3550:4# delete port_security_entry Purpose Used to delete a port security entry by MAC address, port number and VLAN ID.
clear port_security_entry to the port security function. Parameters − specifies a port or port range the user wishes to clear. Restrictions Only administrator-level users can issue this command. Example usage: To clear a port security entry by port: DES-3550:4# clear port_security_entry port 6 Command: clear port_security_entry port 6 Success. DES-3550:4# show port_security Purpose Used to display the current port security configuration.
7 N ETWORK M ANAGEMENT (SNMP) C OMMANDS The network management commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. The DES-3550 supports the Simple Network Management Protocol (SNMP) versions 1, 2c, and 3. You can specify which version of the SNMP you want to use to monitor and control the switch. The three versions of SNMP vary in the level of security provided between the management station and the network device.
Command Parameters engineID show snmp engineID create snmp group {v1 | v2c |v3 [noauth_nopriv | auth_nopriv | auth_priv ]} {read_view | write_view | notify_view } delete snmp group show snmp groups create snmp host {v1 |v2c | v3 [noauth_nopriv | auth_nopriv | auth_priv]} delete snmp host show snmp host create trusted_host delete trusted_host show trusted_hos
create snmp user group that is also created by this command. Syntax create snmp user {encrypted [by_password auth [md5 | sha ] priv [none | des ]|by_key auth [md5 | sha ] priv [none | des ]]} Description The create snmp user command creates a new SNMP user and adds the user to an SNMP group that is also created by this command.
To create an SNMP user on the switch: DES-3550:4#create snmp user dlink default encrypted by_password auth md5 auth_password priv none Command: create snmp user dlink default encrypted by_password auth md5 auth_password priv none Success.
DES-3550:4#show snmp user Command: show snmp user Username Group Name Ver Auth Priv --------------- -------------- ----- -------- ------- initial V3 None None initial Total Entries: 1 DES-3550:4# create snmp view Purpose Used to assign views to community strings to limit which MIB objects and SNMP manager can access.
delete snmp view Syntax delete snmp view [all | ] Description The delete snmp view command is used to remove an SNMP view previously created on the switch. Parameters − An alphanumeric string of up to 32 characters that identifies the SNMP view to be deleted. all − Specifies that all of the SNMP views on the switch will be deleted. − The object ID that identifies an object tree (MIB tree) that will be deleted from the switch.
restricted restricted restricted CommunityView CommunityView CommunityView 1.3.6.1.6.3.10.2.1 1.3.6.1.6.3.11.2.1 1.3.6.1.6.3.15.1.1 1 1.3.6.1.6.3 1.3.6.1.6.3.1 Included Included Included Included Excluded Included Total Entries: 11 DES-3550:4# create snmp community Purpose Used to create an SNMP community string to define the relationship between the SNMP manager and an agent. The community string acts like a password to permit access to the agent on the switch.
DES-3550:4#create snmp community dlink view ReadView read_write Command: create snmp community dlink view ReadView read_write Success. delete snmp community Purpose Used to remove a specific SNMP community string from the switch. Syntax delete snmp community Description The delete snmp community command is used to remove a previously defined SNMP community string from the switch.
DES-3550:4#show snmp community Command: show snmp community SNMP Community Table Community Name View Name -------------------------------- -------------------------------dlink ReadView Access Right -----------read_write private CommunityView read_write public CommunityView read_only Total Entries: 3 DES-3550:4# config snmp engineID Purpose Used to configure a name for the SNMP engine on the switch.
show snmp engineID Restrictions None. Example usage: To display the current name of the SNMP engine on the switch: DES-3550:4#show snmp engineID Command: show snmp engineID SNMP Engine ID : 0035636666 DES-3550:4# create snmp group Purpose Used to create a new SNMP group, or a table that maps SNMP users to SNMP views. This will set then entry in the VACM Access Table Settings.
create snmp group manager. auth_nopriv − Specifies that authorization will be required, but there will be no encryption of packets sent between the switch and a remote SNMP manager. auth_priv − Specifies that authorization will be required, and that packets sent between the switch and a remote SNMP manger will be encrypted. read_view – Specifies that the SNMP group being created can request SNMP messages. write_view – Specifies that the SNMP group being created has write privileges.
To delete the SNMP group named “sg1”. DES-3550:4#delete snmp group sg1 Command: delete snmp group sg1 Success. DES-3550:4# show snmp groups Purpose Used to display the group-names of SNMP groups currently configured on the switch. The security model, level, and status of each group are also displayed. Syntax show snmp groups Description The show snmp groups command displays the group-names of SNMP groups currently configured on the switch.
WriteView Name : WriteView Notify View Name : NotifyView Security Model : SNMPv3 Security Level : authPriv Group Name ReadView Name WriteView Name Notify View Name Security Model Security Level : Group7 : ReadView : WriteView : NotifyView : SNMPv3 : authPriv Group Name ReadView Name WriteView Name Notify View Name Security Model Security Level : initial : restricted : : restricted : SNMPv3 : NoAuthNoPriv Group Name ReadView Name WriteView Name Notify View Name Security Model Security Level : ReadGroup
create snmp host auth_nopriv | auth_priv] ] Description The create snmp host command creates a recipient of SNMP traps generated by the switch’s SNMP agent. Parameters − The IP address of the remote management station that will serve as the SNMP host for the switch. v1 – Specifies that SNMP version 1 will be used. The Simple Network Management Protocol (SNMP), version 1, is a network management protocol that provides a means to monitor and control network devices.
DES-3550:4#create snmp host 10.48.74.100 v3 auth_priv public Command: create snmp host 10.48.74.100 v3 auth_priv public Success. DES-3550:4# delete snmp host Purpose Used to remove a recipient of SNMP traps generated by the switch’s SNMP agent. Syntax delete snmp host Description The delete snmp host command deletes a recipient of SNMP traps generated by the switch’s SNMP agent.
DES-3550:4#show snmp host Command: show snmp host SNMP Host Table Host IP Address SNMP Version Community Name/SNMPv3 User Name --------------- --------------------- 10.48.76.23 V2c 10.48.74.100 V3 -----------------------------private authpriv public Total Entries: 2 DES-3550:4# create trusted_host Purpose Used to create the trusted host. Syntax create trusted_host Description The create trusted_host command creates the trusted host.
show trusted_host the switch using the create trusted_host command above. Parameters − The IP address of the trusted host. Restrictions none. Example Usage: To display the list of trust hosts: DES-3550:4#show trusted_host Command: show trusted_host Management Stations IP Address ----------------------10.53.13.94 Total Entries: 1 DES-3550:4# delete trusted_host Purpose Used to delete a trusted host entry made using the create trusted_host command above.
enable snmp traps Syntax enable snmp traps Description The enable snmp traps command is used to enable SNMP trap support on the switch. Parameters none. Restrictions Only administrator-level users can issue this command. Example usage: To enable SNMP trap support on the switch: DES-3550:4#enable snmp traps Command: enable snmp traps Success. DES-3550:4# enable snmp authenticate_traps Purpose Used to enable SNMP authentication trap support.
show snmp traps currently configured on the Switch. Parameters none. Restrictions Only administrator-level users can issue this command. Example usage: To view the current SNMP trap support: DES-3550:4#show snmp traps Command: show snmp traps SNMP Traps : Enabled Authenticate Traps : Enabled DES-3550:4# disable snmp traps Purpose Used to disable SNMP trap support on the switch. Syntax disable snmp traps Description This command is used to disable SNMP trap support on the Switch.
disable snmp authenticate_traps Parameters none. Restrictions Only administrator-level users can issue this command. Example Usage: To disable the SNMP authentication trap support: DES-3550:4#disable snmp authenticate_traps Command: disable snmp authenticate_traps Success. DES-3550:4# config snmp system_contact Purpose Used to enter the name of a contact person who is responsible for the switch.
config snmp system_location characters can be used. Parameters - A maximum of 255 characters is allowed. A NULL string is accepted if there is no location desired. Restrictions Only administrator-level users can issue this command. Example usage: To configure the switch location for “H Q 5 F ”: DES-3550:4#config snmp system_location HQ 5F Command: config snmp system_location HQ 5F Success. DES-3550:4# config snmp system_name Purpose Used to configure the name for the switch.
enable rmon Description This command is used, in conjunction with the disable rmon command below, to enable and disable remote monitoring (RMON) on the switch. Parameters none. Restrictions Only administrator-level users can issue this command. Example Usage: To enable RMON: DES-3550:4#enable rmon Command: enable rmon Success. DES-3550:4# disable rmon Purpose Used to disable RMON on the switch.
8 S WITCH U TILITY C OMMANDS The download/upload commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table.
To download a configuration file: DES-3550:4#download configuration 10.48.74.121 c:\cfg\setting.txt Command: download configuration 10.48.74.121 c:\cfg\setting.txt Connecting to server................... Done. Download configuration............. Done.
show firmware information Restrictions None. Example usage: To display the current firmware information on the switch: DES-3550:4#show firmware information Command: show firmware information ID Version Size(B) Update Time From User -- ------- ------------------- ------------------ --------------- -------- 1 1.00-B00 1360471 00000 days 00:00:00 Serial Port (PROM) *2 1.00-B02 Anonymous 2052372 00000 days 00:00:56 10.53.13.
To upload a configuration file: DES-3550:4#upload configuration 10.48.74.121 c:\cfg\log.txt Command: upload configuration 10.48.74.121 c:\cfg\log.txt Connecting to server................... Done. Upload configuration...................Done. DES-3550:4# ping Purpose Used to test the connectivity between network devices. Syntax ping {times } {timeout } Description The ping command sends Internet Control Message Protocol (ICMP) echo messages to a remote IP address.
9 N ETWORK M ONITORING C OMMANDS The network monitoring commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table.
DES-3550:4#show packet port 2 Port number : 2 Frame Size Frame Counts Frame/sec ------------ ------------ ---------- 64 3275 65-127 Frame Type Total Total/sec ---------- ------- --------- 10 RX Bytes 408973 1657 755 10 RX Frames 395 128-255 316 1 256-511 145 0 TX Bytes 7918 178 512-1023 15 0 TX Frames 111 2 1024-1518 0 0 Unicast RX 152 Multicast RX 557 2 Broadcast RX 3686 16 19 1 DES-3550:4# show error ports Purpose Used to display the error statistics for
show utilization Purpose Used to display real-time port and cpu utilization statistics. Syntax show utilization [cpu | ports {}] Description This command will display the real-time port and cpu utilization statistics for the switch. Parameters cpu – Entering this parameter will display the current cpu utilization of the switch. ports - Entering this parameter will display the current port utilization of the switch. Specifies a port or range of ports to be displayed.
To display the current cpu utilization: DES-3550:4#show utilization cpu Command: show utilization cpu CPU utilization : ------------------------------------------------------------------------------Five seconds - 15% One minute - 25% Five minutes - 14% DES-3550:4# clear counters Purpose Used to clear the switch’s statistics counters. Syntax clear counters {ports } Description This command will clear the counters used by the switch to compile statistics.
DES-3550:4#clear log Command: clear log Success. DES-3550:4# show log Purpose Used to display the switch history log. Syntax show log {index } Description This command will display the contents of the switch’s history log. Parameters index − This command will display the history log, beginning at 1 and ending at the value specified by the user in the field. If no parameter is specified, all history log entries will be displayed. Restrictions None.
Example usage: To the syslog function on the switch: DES-3550:4#enable syslog Command: enable syslog Success. DES-3550:4# disable syslog Purpose Used to enable the system log to be sent to a remote host. Syntax disable syslog Description The disable syslog command enables the system log to be sent to a remote host. Parameters None. Restrictions Only administrator-level users can issue this command.
DES-3550:4#show syslog Command: show syslog Syslog Global State: Enabled DES-3550:4# create syslog host Purpose Used to create a new syslog host. Syntax create syslog host ipaddress {severity [informational|warning|all]| facility[local0|local1|local2|local3| local4|local5|local6|local7] |udp_port| state[enable|disable] Description The create syslog host command is used to create a new syslog host.
create syslog host facility − Some of the operating system daemons and processes have been assigned Facility values. Processes and daemons that have not been explicitly assigned a Facility may use any of the"local use" facilities or they may use the "user-level" Facility. Those Facilities that have been designated are shown in the following: Bold font indicates the facility values that the switch currently supports.
create syslog host remote host. This corresponds to number 16 from the list above. local1 − Specifies that local use 1 messages will be sent to the remote host. This corresponds to number 17 from the list above. local2 − Specifies that local use 2 messages will be sent to the remote host. This corresponds to number 18 from the list above. local3 − Specifies that local use 3 messages will be sent to the remote host. This corresponds to number 19 from the list above.
config syslog host − Specifies that the command will be applied to an index of hosts. There are four available indexes, numbered 1 through 4. severity − Severity level indicator. These are described in the following: Bold font indicates that the corresponding severity level is currently supported on the switch.
config syslog host 11 FTP daemon 12 NTP subsystem 13 log audit 14 log alert 15 clock daemon 16 local use 0 (local0) 17 local use 1 (local1) 18 local use 2 (local2) 19 local use 3 (local3) 20 local use 4 (local4) 21 local use 5 (local5) 22 local use 6 (local6) 23 local use 7 (local7) local0 − Specifies that local use 0 messages will be sent to the remote host. This corresponds to number 16 from the list above.
DES-3550:4#config syslog host 1 severity all facility local0 Command: config syslog host all severity all facility local0 Success. DES-3550:4# Example usage: To configure a syslog host for all hosts: DES-3550:4#config syslog host all severity all facility local0 Command: config syslog host all severity all facility local0 Success. DES-3550:4# delete syslog host Purpose Used to remove a syslog host, that has been previously configured, from the switch.
show syslog host Parameters − Specifies that the command will be applied to an index of hosts. There are four available indexes, numbered 1 through 4. Restrictions None. Example usage: To show Syslog host information: DES-3550:4#show syslog host Command: show syslog host Syslog Global State: Disabled Host Id Host IP Address ------- --------------- 1 Severity Facility UDP port Status -------------- -------- -------- 10.1.1.2 All Local0 514 Disabled 2 10.40.2.
10 S PANNING T REE C OMMANDS The switch supports 802.1d STP and 802.1w Rapid STP. The spanning tree commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table.
config stp • stp – Selct this parameter for IEEE 802.1d STP and for IEEE 802.1w STP compatibility mode. • rstp - Select this paramter for IEEE 802.1w Rapid STP mode. txholdcount <1-10> - the maximum number of Hello packets transmitted per interval. Default value = 3. fbpdu [enable | disable] − Allows the forwarding of STP BPDU packets from other network devices when STP is disabled on the switch. The default is enabled. Restrictions Only administrator-level users can issue this command.
config stp ports portion of the segment. edge [true | false] – true designates the port as an edge port. Edge ports cannot create loops, however an edge port can lose edge port status if a topology change creates a potential for a loop. An edge port normally should not receive BPDU packets. If a BPDU packet is received it automatically loses edge port status. False indicates that the port does not have edge port status. p2p [true | false | auto] – true indicates a point-to-point (P2P) shared link.
DES-3550:4#enable stp Command: enable stp Success. DES-3550:4# disable stp Purpose Used to globally disable STP on the switch. Syntax disable stp Description This command allows the Spanning Tree Protocol to be globally disabled on the switch. Parameters None. Restrictions Only administrator-level users can issue this command. Example usage: To disable STP on the switch: DES-3550:4#disable stp Command: disable stp Success.
DES-3550:4#show stp Command: show stp Bridge Parameters Settings STP Status : Enabled Max Age : 20 Hello Time :2 Forward Delay : 15 Priority : 32768 STP Version : RSTP TX Hold Count : 3 Forwarding BPDU : Enabled Designated Root Bridge : 00-00-51-43-70-00 Root Priority : 32768 Cost to Root : 200000 Root Port : 10 Last Topology Change : 53sec Topology Changes Count : 1 Protocol Specification : 3 Max Age : 20 Hello Time :2 Forward Delay : 15 Hold Time :3 CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Re
show stp ports Description This command displays the switch’s current per-port group STP configuration. Parameters − Specifies a port or range of ports to be displayed.
11 F ORWARDING D ATABASE C OMMANDS The layer 2 forwarding database commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table.
DES-3550:4#create fdb default 00-00-00-00-01-02 port 5 Command: create fdb default 00-00-00-00-01-02 port 5 Success. DES-3550:4# create multicast_fdb Purpose Used to create a static entry to the multicast MAC address forwarding table (database) Syntax create multicast_fdb Description This command will make an entry into the switch’s multicast MAC address forwarding database. Parameters − The name of the VLAN on which the MAC address resides.
config multicast_fdb − Specifies a range of ports to be configured. Restrictions Only administrator-level users can issue this command. Example usage: To add multicast MAC forwarding: DES-3550:4#config multicast_fdb default 01-00-00-00-00-01 add 1-5 Command: config multicast_fdb default 01-00-00-00-00-01 add 11-5 Success. DES-3550:4# config fdb aging_time Purpose Used to set the aging time of the forwarding database.
delete fdb Purpose Used to delete an entry to the switch’s forwarding database. Syntax delete fdb Description This command is used to delete a previous entry to the switch’s MAC address forwarding database. Parameters − The name of the VLAN on which the MAC address resides. − The MAC address that will be added to the forwarding table. Restrictions Only administrator-level users can issue this command.
clear fdb through this port. all − Clears all dynamic entries to the switch’s forwarding database. Restrictions Only administrator-level users can issue this command. Example usage: To clear all FDB dynamic entries: DES-3550:4#clear fdb all Command: clear fdb all Success. DES-3550:4# show multicast_fdb Purpose Used to display the contents of the switch’s multicast forwarding database.
show fdb Purpose Used to display the current unicast MAC address forwarding database. Syntax show fdb {port | vlan | mac_address | static | aging_time} Description This command will display the current contents of the switch’s forwarding database. Parameters − The port number corresponding to the MAC destination address. The switch will always forward traffic to the specified device through this port.
config multicast port_filtering_mode Purpose Used to configure the multicast packet filtering mode on a port per port basis. Syntax config multicast port_filtering_mode [ | all] [forward_all_groups | forward_unregistered_groups | filter_unregistered_groups] Description This command will configure the multicast packet filtering mode for specified ports on the switch. Parameters Specifies a port or range of ports to view.
DES-3550:4#show multicast port_filtering_mode Command: show multicast port_filtering_mode Port Multicast Filter Mode ------ --------------------------- 1 forward_unregistered_groups 2 forward_unregistered_groups 3 forward_unregistered_groups 4 forward_unregistered_groups 5 forward_unregistered_groups 6 forward_unregistered_groups 7 forward_unregistered_groups 8 forward_unregistered_groups 9 forward_unregistered_groups 10 forward_unregistered_groups 11 forward_unregistered_groups 12
12 B ROADCAST S TORM C ONTROL C OMMANDS The broadcast storm control commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters config traffic control [ | all ] { broadcast [enabled | disabled] | multicast [enabled | disabled] | dlf [enabled | disabled] | threshold } show traffic control group_list Each command is listed, in detail, in the following sections.
show traffic control Purpose Used to display current traffic control settings. Syntax show traffic control {group_list } Description This command displays the current storm traffic control configuration on the switch. Parameters group_list − Used to specify a broadcast storm control group. This is specified by entering the syntax unit_id. Restrictions None.
13 Q O S C OMMANDS The DES-3550 switch supports 802.1p priority queuing. The switch has 4 priority queues. These priority queues are numbered from 3 (Class 3) — the highest priority queue — to 0 (Class 0) — the lowest priority queue. The eight priority tags specified in IEEE 802.1p (p0 to p7) are mapped to the switch’s priority queues as follows: • Priority 0 is assigned to the Switch’s Q1 queue. • Priority 1 is assigned to the Switch’s Q0 queue. • Priority 2 is assigned to the Switch’s Q0 queue.
config bandwidth_control bandwidth on a by-port basis. − Specifies a port or range of ports to be configured. Parameters rx_rate − Specifies that one of the parameters below (no_limit or ) will be applied to the rate at which the above specified ports will be allowed to receive packets no_limit − Specifies that there will be no limit on the rate of packets received by the above specified ports.
To display bandwidth control settings: DES-3550:4#show bandwidth_control 1-10 Command: show bandwidth_control 1-10 Bandwidth Control Table Port RX Rate (Mbit/sec) TX_RATE (Mbit/sec) ---- ------------------------ ---------------------- 1:1 no_limit 10 1:2 no_limit 10 1:3 no_limit 10 1:4 no_limit 10 1:5 no_limit 10 1:6 no_limit 10 1:7 no_limit 10 1:8 no_limit 10 1:9 no_limit 10 1:10 no_limit 10 DES-3550:4# config scheduling Purpose Used to configure the traffic scheduling mec
config scheduling transmitted 3 packets. The process will then repeat. The max_latency parameter allows you to specify the maximum amount of time that packets are delayed before being transmitted to a given hardware priority queue. A value between 0 and 255 can be specified. This number is then multiplied by 16 ms to determine the maximum latency. For example, if 3 is specified, the maximum latency allowed will be 3 X 16 = 48 ms.
show scheduling Parameters None. Restrictions None. Example usage: To display the current scheduling configuration: DES-3550:4# show scheduling Command: show scheduling QOS Output Scheduling Class ID ------------ MAX. Packets MAX. Latency ------------------- -------------------- Class-0 100 150 Class-1 99 100 Class-2 91 101 Class-3 21 201 DES-3550:4# config 802.1p user_priority Purpose Used to map the 802.
config 802.1p user_priority queue). − The 802.1p user priority you want to associate with the (the number of the hardware queue) with. − The number of the switch’s hardware priority queue. The switch has four hardware priority queues available. They are numbered between 0 (the lowest priority) and 3 (the highest priority). Restrictions Only administrator-level users can issue this command. Example usage: To configure 802.
config 802.1p default_priority Purpose Used to configure the 802.1p default priority settings on the switch. If an untagged packet is received by the switch, the priority configured with this command will be written to the packet’s priority field. Syntax config 802.1p default_priority [ | all] Description This command allows you to specify default priority handling of untagged packets received by the switch.
DES-3550:4# show 802.1p default_priority Command: show 802.
14 P ORT M IRRORING C OMMANDS The port mirroring commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters config mirror port [add | delete] source ports [rx | tx | both] enable mirror disable mirror show mirror Each command is listed, in detail, in the following sections. config mirror port Purpose Used to configure a mirror port − source port pair on the switch.
config mirror port level users can issue this command. Example usage: To add the mirroring ports: DES-3550:4# config mirror port 1 add source ports 2-7 both Command: config mirror port 1 add source ports 2-7 both Success. DES-3550:4# config mirror delete Purpose Used to delete a port mirroring configuration| Syntax config mirror port delete source port [rx | tx | both] Description This command is used to delete a previously entered port mirroring configuration.
enable mirror Purpose Used to enable a previously entered port mirroring configuration. Syntax enable mirror Description This command, combined with the disable mirror command below, allows you to enter a port mirroring configuration into the switch, and then turn the port mirroring on and off without having to modify the port mirroring configuration. Parameters None. Restrictions Only administrator-level users can issue this command.
show mirror Purpose Used to show the current port mirroring configuration on the switch. Syntax show mirror Description This command displays the current port mirroring configuration on the switch. Parameters None Restrictions None.
15 VLAN C OMMANDS The VLAN commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table.
DES-3550:4#create vlan v1 tag 2 Command: create vlan v1 tag 2 Success. DES-3550:4# delete vlan Purpose Used to delete a previously configured VLAN on the switch. Syntax delete vlan Description This command will delete a previously configured VLAN on the switch. Parameters − The VLAN name of the VLAN you want to delete. Restrictions Only administrator-level users can issue this command.
config vlan delete − Deletes the above specified VLAN from the switch. − A port or range of ports to add to the VLAN. advertisement [enable|disable] − Enables or disables GVRP on the specified VLAN. Restrictions Only administrator-level users can issue this command. Example usage: To add 4 through 8 as tagged ports to the VLAN v1: DES-3550:4#config vlan v1 add tagged 4-8 Command: config vlan v1 add tagged 4-8 Success. DES-3550:4# config gvrp Purpose Used to configure GVRP on the switch.
To set the ingress checking status, the sending and receiving GVRP information : DES-3550:4#config gvrp 1-4 state enable ingress_checking enable acceptable_frame tagged_only pvid 2 Command: config gvrp 1-4 state enable ingress_checking enable acceptable_frame tagged_only pvid 2 Success. DES-3550:4# enable gvrp Purpose Used to enable GVRP on the switch.
DES-3550:4#disable gvrp Command: disable gvrp Success. DES-3550:4# show vlan Purpose Used to display the current VLAN configuration on the switch Syntax show vlan {} Description This command displays summary information about each VLAN including the VLAN ID, VLAN name, the Tagging|Untagging status, and the Member|Non-member|Forbidden status of each port that is a member of the VLAN.
show gvrp status is to be displayed. Restrictions None.
16 A SYMMETRIC VLAN C OMMANDS The asymmetric VLAN commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters enable asymmetric_vlan disable asymmetric_vlan show asymmetric_vlan Each command is listed, in detail, in the following sections. enable asymmetric_vlan Purpose Used to enable the asymmetric VLAN function on the switch.
DES-3550:4#disable asymmetric_vlan Command: disable asymmetric_vlan Success. DES-3550:4# show asymmetric_vlan Purpose Used to view the asymmetric VLAN state on the switch. Syntax show asymmetric_vlan Description This command displays the asymmetric VLAN state on the switch Parameters None. Restrictions Only administrator-level users can issue this command.
17 L INK A GGREGATION C OMMANDS The link aggregation commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table.
create link_aggregation Restrictions Only administrator-level users can issue this command. Example usage: To create a link aggregation group: DES-3550:4#create link_aggregation group_id 1 Command: create link_aggregation group_id 1 Success. DES-3550:4# delete link_aggregation group_id Purpose Used to delete a previously configured link aggregation group. Syntax delete link_aggregation group_id Description This command is used to delete a previously configured link aggregation group.
config link_aggregation group _id − Specifies the group id. The switch allows up to 6 link aggregation groups to be configured. The group number identifies each of the groups. Parameters master_port − Master port ID. Specifies which port (by port number) of the link aggregation group will be the master port. All of the ports in a link aggregation group will share the port configuration with the master port.
config link_aggregation algorithm ip_source_dest − Indicates that the switch should examine the IP source address and the destination address. Restrictions Only administrator-level users can issue this command. Example usage: To configure link aggregation algorithm for mac-source-dest: DES-3550:4#config link_aggregation algorithm mac_source_dest Command: config link_aggregation algorithm mac_source_dest Success.
config lacp_ports Purpose Used to configure settings for LACP compliant ports. Syntax config lacp_ports mode [active | passive] Description This command is used to configure ports that have been previously designated as LACP ports (see create link_aggregation). Parameters − Specifies a port or range of ports to be configured. mode – Select the mode to determine if LACP ports will process LACP control frames.
To display LACP port mode settings: DES-3550:4#show lacp_port 1-10 Command: show lacp_port 1-10 Port -----1 2 3 4 5 6 7 8 9 10 Activity -------Active Active Active Active Active Active Active Active Active Active DES-3550:4# 107
18 B ASIC IP C OMMANDS The IP interface commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters config ipif [{ipaddress | vlan |state [enable | disable]} bootp |dhcp] show ipif Each command is listed, in detail, in the following sections. config ipif Purpose Used to configure the System IP interface.
DES-3550:4#config ipif System ipaddress 10.48.74.122/8 Command: config ipif System ipaddress 10.48.74.122/8 Success. DES-3550:4# show ipif Purpose Used to display the configuration of an IP interface on the switch. Syntax show ipif Description This command will display the configuration of an IP interface on the switch. Parameters − The name created for the IP interface. Restrictions None. Example usage: To display IP interface settings.
19 IGMP S NOOPING C OMMANDS The switch port commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table.
config igmp_snooping seconds. state [enable | disable] − Allows you to enable or disable IGMP snooping for the specified VLAN. Restrictions Only administrator-level users can issue this command. Example usage: To configure the igmp snooping: DES-3550:4#config igmp_snooping default host_timeout 250 state enable Command: config igmp_snooping default host_timeout 250 state enable Success. DES-3550:4# config igmp_snooping querier Purpose This command configures IGMP snooping querier.
config igmp_snooping querier • Other querier present interval—Amount of time that must pass before a multicast router decides that there is no longer another multicast router that is the querier. This interval is calculated as follows: (robustness variable x query interval) + (0.5 x query response interval). • Last member query count—Number of group-specific queries sent before the router assumes there are no local members of a group. The default number is the value of the robustness variable.
config router_ports − Specifies a port or range of ports that will be configured as router ports. Restrictions Only administrator-level users can issue this command. Example usage: To set up static router ports: DES-3550:4#config router_ports default add 1-10 Command: config router_ports default add 1-10 Success. DES-3550:4# enable igmp_snooping Purpose Used to enable IGMP snooping on the switch.
disable igmp_snooping traffic to flood within a given IP interface. Parameters forward_mcrouter_only – Adding this parameter to this command will disable forwarding all multicast traffic to a multicast-enabled routers .The switch will then forward all multicast traffic to any IP router. Entering this command without the parameter will disable igmp snooping on the switch. Restrictions Only administrator-level users can issue this command.
DES-3550:4#show igmp_snooping Command: show igmp_snooping IGMP Snooping Global State Multicast router Only : Disabled : Disabled VLAN Name Query Interval Max Response Time Robustness Value Last Member Query Interval Host Timeout Route Timeout Leave Timer Querier State Querier Router Behavior State : default : 125 : 10 :2 :1 : 260 : 260 :2 : Disabled : Non-Querier : Disabled VLAN Name Query Interval Max Response Time Robustness Value Last Member Query Interval Host Timeout Route Timeout Leave Timer Queri
DES-3550:4#show igmp_snooping group Command: show igmp_snooping group VLAN Name : default Multicast group: 224.0.0.2 MAC address : 01-00-5E-00-00-02 Reports :1 Port Member : 2,5 VLAN Name : default Multicast group: 224.0.0.9 MAC address : 01-00-5E-00-00-09 Reports :1 Port Member : 6,8 VLAN Name : default Multicast group: 234.5.6.7 MAC address : 01-00-5E-05-06-07 Reports :1 Port Member : 4,10 VLAN Name : default Multicast group: 236.54.63.
show router_ports − The name of the VLAN on which the router port resides. Parameters static − Displays router ports that have been statically configured. dynamic − Displays router ports that have been dynamically configured. Restrictions None. Example usage: To display the router ports.
show igmp_snooping group Purpose Used to display the current IGMP snooping configuration on the switch. Syntax show igmp_snooping group {vlan } Description This command will display the current IGMP setup currently configured on the switch. Parameters − The name of the VLAN for which you want to view IGMP snooping forwarding table information. Restrictions None.
Multicast group: 239.255.255.250 MAC address Reports : 01-00-5E-7F-FF-FA :2 Port Member : 18,20 VLAN Name : default Multicast group: 239.255.255.
20 802.1X C OMMANDS The DES-3550 implements the server-side of the IEEE 802.1x Port-based Network Access Control. This mechanism is intended to allow only authorized users, or other network devices, access to network resources by establishing criteria for each port on the switch that a user or network device must meet before allowing that port to forward or receive frames. Command Parameters enable 802.1x disable 802.1x show 802.1x auth_state {ports } show 802.
Example usage: To enable 802.1x switch wide: DES-3550:4#enable 802.1x Command: enable 802.1x Success. DES-3550:4# disable 802.1x Purpose Used to disable the 802.1x server on the switch. Syntax disable 802.1x Description The disable 802.1x command is used to disable the 802.1x Portbased Network Access control server application on the switch. Parameters None. Restrictions Only administrator-level users can issue this command. Example usage: To disable 802.1x on the switch: DES-3550:4#disable 802.
show 802.1x auth_configuration by mac address or by port. Authentication Protocol: Radius_Eap − Shows the authentication protocol suite in use between the switch and a Radius server. May read Radius_Eap or Radius_Pap. Port number − Shows the physical port number on the switch. Capability: Authenticator|None − Shows the capability of 802.1x functions on the port number displayed above. There are two 802.1x capabilities that can be set on the switch: Authenticator and None.
DES-3550:4#show 802.1x auth_configuration ports 1 Command: show 802.1x auth_configuration ports 1 802.
show 802.1x auth_state Restrictions Only administrator-level users can issue this command. Example usage: To display the 802.1x auth state: DES-3550:4#show 802.1x auth_state Command: show 802.
config 802.1x capability ports all − Specifies all of the ports on the switch. authenticator − A user must pass the authentication process to gain access to the network. none − The port is not controlled by the 802.1x functions. Restrictions Only administrator-level users can issue this command. Example usage: To configure 802.1x capability on ports 1-10 on switch 1: DES-3550:4#config 802.1x capability ports 1 –10 authenticator Command: config 802.1x capability ports 1-10 authenticator Success.
config 802.1x auth_parameter • auto − Allows the port’s status to reflect the outcome of the authentication process. • force_unauth − Forces the Authenticator for the port to become unauthorized. Network access will be blocked. quiet_period − Configures the time interval between authentication failure and the start of a new authentication attempt. tx_period - Configures the time to wait for a response from a supplicant (user) to send EAP Request/Identity packets.
config 802.1x init addresses operating from a specified range of ports. Parameters port_based – This instructs the switch to initialize 802.1x functions based only on the port number. Ports approved for initialization can then be specified. mac_based ports − This instructs the switch to initialize 802.1x functions based only on the MAC address. MAC addresses approved for initialization can then be specified. − Specifies a port or range of ports to be configured.
DES-3550:4#config 802.1x auth_mode mac_based Command: config 802.1x auth_mode mac_based Success. DES-3550:4# config 802.1x reauth Purpose Used to configure the 802.1x re-authentication feature of the switch. Syntax config 802.1x reauth {port_based ports [ | all] | mac_based [ports] [ | all ] {mac_address }] Description The config 802.1x reauth command is used to re-authenticate a previously authenticated device based on port number.
config radius add Description The config radius add command is used to configure the settings the switch will use to communicate with a RADIUS server. Parameters − Assigns a number to the current set of RADIUS server settings. Up to 3 groups of RADIUS server settings can be entered on the switch. − The IP address of the RADIUS server. key − Specifies that a password and encryption key will be used between the switch and the Radius server.
DES-3550:4#config radius delete 1 Command: config radius delete 1 Success. DES-3550:4# config radius Purpose Used to configure the switch’s RADIUS settings. Syntax config radius {ipaddress | key | auth_port | acct_port } Description The config radius command is used to configure the switch’s Radius settings. Parameters − Assigns a number to the current set of RADIUS server settings.
DES-3550:4#config radius 1 10.48.74.121 key dlink default Command: config radius 1 10.48.74.121 key dlink default Success. DES-3550:4# show radius Purpose Used to display the current RADIUS configurations on the switch. Syntax show radius Description The show radius command is used to display the current RADIUS configurations on the switch. Parameters None. Restrictions None.
21 A CCESS C ONTROL L IST (ACL) C OMMANDS The DES-3550 implements Access Control Lists that enable the switch to deny network access to specific devices or device groups based on IP settings or MAC address. Command Parameters create access_profile [ ethernet{ vlan | source_mac | destination_mac | 802.
Creating an access profile is divided into two basic parts. First, an access profile must be created using the create access_profile command. For example, if you want to deny all traffic to the subnet 10.42.73.0 to 10.42.73.255, you must first create an access profile that instructs the switch to examine all of the relevant fields of each frame: create access_profile ip source_ip_mask 255.255.255.
create access_profile the config access_profile command, below. Parameters ethernet − Specifies that the switch will examine the layer 2 part of each packet header. • vlan − Specifies that the switch will examine the VLAN part of each packet header. • source_mac − Specifies a MAC address mask for the source MAC address. This mask is entered in the following hexadecimal format: • destination_mac − Specifies a MAC address mask for the destination MAC address. • 802.
create access_profile • flag_mask [ all | {urg | ack | psh | rst | syn | fin}] – Enter the appropriate flag_mask parameter. All incoming packets have TCP port numbers contained in them as the forwarding criterion. These numbers have flag bits asscociated with them which are parts of a packet that determine what to do with the packet. The user may deny packets by denying certain flag bits within the packets.
DES-3550:4#create access_profile ip vlan source_ip_mask 20.0.0.0 destination_ip_mask 10.0.0.0 dscp icmp type code permit profile_id 101 Command: create access_profile ip vlan source_ip_mask 20.0.0.0 destination_ip_mask 10.0.0.0 dscp icmp type code permit profile_id 101 Success. DES-3550:4# delete access_profile Purpose Used to delete a previously created access profile.
config access_profile syn | fin}]} | udp {src_port | dst_port } | protocol_id {user_define }]} | packet_content_mask {offset_015 | offset_16-31 | offset_32-47
config access_profile profile will apply to only packets with this destination IP address. • dscp − Specifies that the access profile will apply only to packets that have this value in their Type-of-Service (DiffServ code point, DSCP) field in their IP packet header. • priority − Specifies that the access profile will apply to packets that contain this value in their 802.1p priority field of their header.
config access_profile Datagram Protocol (UDP) field in each packet. • src_port − Specifies that the access profile will apply only to packets that have this UDP source port in their header. • dst_port − Specifies that the access profile will apply only to packets that have this UDP destination port in their header.
Example usage: To configure the access profile with the profile ID of 1 to filter frames that have IP addresses in the range between 10.42.73.0 to 10.42.73.255: DES-3550:4# config access_profile profile_id 2 add access_id 1 ip source_ip 10.42.73.1 deny Command: config access_profile profile_id 1 add access_id 1 ip source_ip 10.42.73.1 deny Success. DES-3550:4# show access_profile Purpose Used to display the currently configured access profiles on the switch.
Ports : All Masks : Source IP Addr --------------255.0.0.0 ID Mode --- ------ --------------Access Profile ID : 247 Type : Ethernet Frame Filter Ports : All Masks : 802.
ID Mode --- ------ ---------------Access Profile ID : 251 Type : Ethernet Frame Filter Ports : All Masks : VLAN ---------------ID Mode --- ------ ---------------Access Profile ID : 252 Type : Ethernet Frame Filter Ports : All Masks : VLAN ---------------ID Mode --- ------ ---------------Access Profile ID : 253 Type : Ethernet Frame Filter Ports : All Masks : VLAN ---------------ID Mode --- ------ ---------------Total Entries : 1 DES-3550:4# 142
22 T RAFFIC S EGMENTATION C OMMANDS Traffic segmentation allows you to further sub-divide VLANs into smaller groups of ports that will help to reduce traffic on the VLAN. The VLAN rules take precedence, and then the traffic segmentation rules are applied. Command Parameters config traffic_segmentation [] forward_list [null | ] show traffic_segmentation config traffic_segmentation Purpose Used to configure traffic segmentation on the switch.
show traffic_segmentation Syntax show traffic_segmentation Description The show traffic_segmentation command is used to display the current traffic segmentation configuration on the switch. Parameters − Specifies a port or range of ports for which the current traffic segmentation configuration on the switch will be displayed. Restrictions The port lists for segmentation and the forward list must be on the same switch.
23 T IME AND SNTP C OMMANDS The Simple Network Time Protocol (SNTP) (an adaptation of the Network Time Protocol (NPT)) commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table.
config sntp Restrictions Only administrator-level users can issue this command. SNTP service must be enabled for this command to function (enable sntp). Example usage: To configure SNTP settings: DES-3550:4#config sntp primary 10.1.1.1 secondary 10.1.1.2 poll-interval 30 Command: config sntp primary 10.1.1.1 secondary 10.1.1.2 poll-interval 30 Success. DES-3550:4# show sntp Purpose Used to display the SNTP information.
enable sntp will override any manually configured system time settings. Parameters None. Restrictions Only administrator-level users can issue this command. SNTP settings must be configured for SNTP to function (config sntp). Example usage: To enable the SNTP function: DES-3550:4#enable sntp Command: enable sntp Success. DES-3550:4# disable sntp Purpose Disables SNTP server support. Syntax disable sntp Description This will disable SNTP support.
config time month, and four numerical characters for the year. For example: 03aug2003. time – Express the system time using the format hh:mm:ss, that is, two numerical characters each for the hour using a 24-hour clock, the minute and second. For example: 19:42:30. Restrictions Only administrator-level users can issue this command. Manually configured system time and date settings are overridden if SNTP support is enabled.
config dst Purpose Used to enable and configure time adjustments to allow for the use of Daylight Savings Time (DST).
config dst e-mth - Configure the month in which DST ends. - The month to end DST expressed as a number. s-time – Configure the time of day to begin DST. Time is expressed using a 24-hour clock. e-time - Configure the time of day to end DST. Time is expressed using a 24-hour clock. s-date - Configure the specific date (day of the month) to begin DST. The date is expressed numerically. e-date - Configure the specific date (day of the month) to begin DST. The date is expressed numerically.
DES-3550:4#show time Command: show time Current Time Source : System Clock Current Time : 2 Days 01:43:41 Time Zone : GMT +02:30 Daylight Saving Time : Repeating Offset in Minutes Repeating From To Annual : 30 : Apr 2nd Tue 15:00 : Oct 2nd Wed 15:30 From : 29 Apr 00:00 To : 12 Oct 00:00 DES-3550:4# 151
24 ARP C OMMANDS The ARP commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters create arpentry config arpentry delete arpentry {[ | all]} show arpentry {ipif | ipaddress | [static | local]} config arp_aging time clear arptable Each command is listed, in detail, in the following sections.
config arpentry address of an entry in the switch’s ARP table. Parameters − The IP address of the end node or station. − The MAC address corresponding to the IP address above. Restrictions Only administrator-level users can issue this command. Example Usage: To configure a static arp entry for the IP address 10.48.74.12 and MAC address 00:50:BA:00:07:36: DES-3550:4#config arpentry 10.48.74.12 00-50-BA-00-07-36 Command: config arpentry 10.48.74.12 00-50-BA-00-07-36 Success.
config arp_aging time Syntax config arp_aging time Description This command sets the maximum amount of time, in minutes, that an ARP entry can remain in the switch’s ARP table, without being accessed, before it is dropped from the table. Parameters time − The ARP age-out time, in minutes. The value may be set in the range of 0-65535 minutes with a default setting of 20 minutes. Restrictions Only administrator-level users can issue this command.
System System System System System System System System System System System System System System System System System System System System 10.0.0.0 10.1.1.169 10.1.1.254 10.9.68.1 10.9.68.4 10.10.27.51 10.11.22.145 10.11.94.10 10.14.82.24 10.15.1.60 10.17.42.153 10.19.72.100 10.21.32.203 10.40.44.60 10.42.73.221 10.44.67.1 10.47.65.25 10.50.8.7 10.90.90.90 10.255.255.
25 R OUTING TABLE C OMMANDS The routing table commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters create iproute default {} delete iproute default show iproute {} {static} Each command is listed, in detail, in the following sections. create iproute default Purpose Used to create IP route entries to the switch’s IP routing table.
delete iproute default Description This command will delete an existing default entry from the switch’s IP routing table. Parameters none Restrictions Only administrator-level users can issue this command. Example usage: To delete the default IP route 10.53.13.254: DES-3550:4#delete iproute default 10.53.13.254 Command: delete iproute default 10.53.13.254 Success. DES-3550:4# show iproute Purpose Used to display the switch’s current IP routing table.
26 MAC N OTIFICATION C OMMANDS The MAC Notification Commands in the Command Line Interface (CLI) are listed, in the following table, along with their appropriate parameters.
disable mac_notification Parameters None. Restrictions Only administrator-level users can issue this command. Example Usage: To disable MAC notification without changing basic configuration: DES-3550:4#disable mac_notification Command: disable mac_notification Success. DES-3550:4# config mac_notification Purpose Used to configure MAC address notification.
config mac_notification ports Description MAC address notificiation is used to monitor MAC addresses learned and entered into the FDB. Parameters Specify a port or range of ports to be configured. all – Entering this command will set all ports on the system. enable / disable – These commands will enable or disable MAC address table notification on the switch. Restrictions Only administrator-level users can issue this command.
show mac_notification ports Purpose Used to display the switch’s MAC address table notification status settings Syntax show mac_notification ports Description This command is used to display the switch’s MAC address table notification status settings. Parameters - Specify a port or group of ports to be viewed. Entering this command without the parameter will display the MAC notification table for all ports.
27 A CCESS A UTHENTICATION C ONTROL C OMMANDS The TACACS / XTACACS / TACACS+ commands let you secure access to the switch using the TACACS / XTACACS / TACACS+ protocols. When a user logs in to the switch or tries to access the administrator level privelege, he or she is prompted for a password. If TACACS / XTACACS / TACACS+ authentication is enabled on the switch, it will contact a TACACS / XTACACS / TACACS+ server to verify the user. If the user is verified, he or she is granted access to the switch.
Command Parameters enable authen_policy disable authen_policy show authen_policy create authen_login method_list_name config authen_login [default | method_list_name ] method {tacacs | xtacacs | tacacs+ | server_group | local | none} delete authen_login method_list_name show authen_login {default | method_list_name | all} create authen_enable method_list_name config authen_enable [default | method_list_name ] meth
enable authen_policy Purpose Used to enable system access authentication policy. Syntax enable authen_policy Description This command will enable an administrator-defined authentication policy for users trying to access the switch. When enabled, the device will check the method list and choose a technique for user authentication upon login. Parameters None. Restrictions Only administrator-level users can issue this command.
show authen_policy Purpose Used to display the system access authentication policy status on the switch. Syntax show authen_policy Description This command will show the current status of the access authentication policy on the switch Parameters None. Restrictions None.
config authen_login Purpose Used to configure a user-defined or default method list of authentication methods for user login. Syntax config authen_login [default | method_list_name ] method {tacacs | xtacacs | tacacs+ | server_group | local | none} Description This command will configure a user-defined or default method list of authentication methods for users logging on to the switch. The sequence of methods implemented in this command will affect the authentication result.
config authen_login name defined by the user. The user may add one, or a combination of up to four (4) of the following authentication methods to this method list: tacacs – Adding this parameter will require the user to be authenticated using the tacacs protocol from a remote tacacs server. xtacacs – Adding this parameter will require the user to be authenticated using the xtacacs protocol from a remote xtacacs server.
DES-3550:4#config authen_login default method xtacacs tacacs+ local Command: config authen_login default method xtacacs tacacs+ local Success. DES-3550:4# delete authen_login method_list_name Purpose Used to delete a previously configured user defined method list of authentication methods for users logging on to the switch. Syntax delete authen_login method_list_name Description This command is used to delete a list for authentication methods for user login.
show authen_login methods currewntly configured on the switch. The window will display the following parameters: Method List Name – The name of a previously configured method list name. Priority – Defines which order the method list protocols will be queried for authentication when a user attempts to log on to the switch. Priority ranges from 1(highest) to 4 (lowest). Method Name – Defines which security protocols are implemeted, per method list name. Comment – Defines the type of Method.
create authen_enable method_list_name to gain administrator privileges on the switch, which is defined by the Administrator. A maximum of eight (8) enable method lists can be implemented on the switch. Parameters Enter an alphanumeric string of up to 15 characters to define the given enable method list the user wishes to create. Restrictions Only administrator-level users can issue this command.
config authen_enable tacacs – Adding this parameter will require the user to be authenticated using the tacacs protocol from the remote tacacs server hosts of the tacacs server group list. xtacacs – Adding this parameter will require the user to be authenticated using the xtacacs protocol from the remote xtacacs server hosts of the xtacacs server group list.
DES-3550:4#config authen_enable method_list_name Trinity method tacacs xtacacs local Command: config authen_enable method_list_name Trinity method tacacs xtacacs local Success. DES-3550:4# Example usage: To configure the default method list with authentication methods xtacacs, tacacs+ and local, in that order: DES-3550:4#config authen_enable default method xtacacs tacacs+ local Command: config authen_enable default method xtacacs tacacs+ local Success.
show authen_enable Purpose Used to display the method list of authentication methods for promoting normal user level priveledges to Administrator level priveledges on the switch. Syntax show authen_enable [default | method_list_name | all] Description This command is used to delete a user-defined method list of authentication methods for promoting user level privileges to Adminstrator level privileges.
DES-3550:4#show authen_enable all Command: show authen_enable all Method List Name Priority Method Name Comment ---------------- -------- --------------- ------------------ Permit 1 tacacs+ Built-in Group 2 tacacs Built-in Group 3 Darren User-defined Group 4 local Keyword default 1 tacacs+ Built-in Group 2 local Keyword Total Entries : 2 DES-3550:4# config authen application Purpose Used to configure various applications on the switch for authentication using a previously configure
config authen application authentication using the default method list. method_list_name - Use this parameter to configure an application for user authentication using a prevoisly configured method list. Enter a alphanumeric string of up to 15 characters to define a previously configured method list. Restrictions Only administrator-level users can issue this command.
create authen server_host Purpose Used to create an authentication server host. Syntax create authen server_host protocol [tacacs | xtacacs | tacacs+] {port | key [ | none] | timeout | retransmit < 1-255>} Description This command will create an authentication server host for the tacacs/xtacacs/tacacs+ security protocols on the switch.
DES-3550:4#create authen server_host 10.1.1.121 protocol tacacs+ port 1234 timeout 10 retransmit 5 Command: create authen server_host 10.1.1.121 protocol tacacs+ port 1234 timeout 10 retransmit 5 Success. DES-3550:4# config authen server_host Purpose Used to configure a user-defined authentication server host.
config authen server_host change how many times the device will resend an authentication request when the TACACS server does not respond. This field is inoperable for the tacacs+ protocol. Restrictions Only administrator-level users can issue this command. Example usage: To configure a TACACS+ authentication server host, with port number 4321, a timeout value of 12 seconds and a retransmit count of 4. DES-3550:4#config authen server_host 10.1.1.
DES-3550:4#delete authen server_host 10.1.1.121 protocol tacacs+ Command: delete authen server_host 10.1.1.121 protocol tacacs+ Success. DES-3550:4# show authen server_host Purpose Used to view a user-defined authentication server host. Syntax show authen server_host Description This command is used to view user-defined authentication server hosts previously created on the switch. The following parameters are displayed: IP address – The IP address of the authentication server host.
DES-3550:4#show authen server_host Command: show authen server_host IP Address Protocol Port Timeout Retransmit Key --------------- -------- ----- ------- --------------- -------- 10.53.13.94 TACACS 49 2 5 No Use Total Entries : 1 DES-3550:4# create authen server_group Purpose Used to create a user-defined authentication server group. Syntax create authen server_group Description This command will create an authentication server group.
config authen server_group authentication server hosts may be added to any particular group Parameters server_group - The user may define the group by protocol groups built into the switch(tacacs/xtacacs/tacacs+), or by a user-defined group previously created using the create authen server_group command. tacacs – Use this parameter to utilize the built-in tacacs server protocol on the switch. Only server hosts utilizing the tacacs protocol may be added to this group.
delete authen server_group Purpose Used to delete a user-defined authentication server group. Syntax delete authen server_group Description This command will delete an authentication server group. Parameters Enter an alphanumeric string of up to 15 characters to define the previously created server group the user wishes to delete. Restrictions Only administrator-level users can issue this command.
DES-3550:4#show authen server_group Command: show authen server_group Group Name IP Address Protocol --------------- --------------- -------- Darren 10.53.13.2 TACACS tacacs 10.53.13.94 TACACS tacacs+ (This group has no entry) xtacacs (This group has no entry) Total Entries : 4 DES-3550:4# config authen parameter response_timeout Purpose Used to configure the amount of time the switch will wait for a user to enter authentication before timing out.
config authen parameter attempt authenticated after the set amount of attempts will be denied access to the switch and will be locked out of further authentication attempts. Command line interface users will have to wait 60 seconds before another authentication attempt. Telnet users will be disconnected from the switch. Parameters parameter attempt - Set the maximum number of attempts the user may try to become authenticated by the switch, before being locked out.
DES-3550:4#show authen parameter Command: show authen parameter Response timeout: 60 seconds User attempts :5 DES-3550:4# enable admin Purpose Used to promote user level privileges to administrator level privileges Syntax enable admin Description This command is for users who have logged on to the switch on the normal user level, to become promoted to the administrator level. After logging on to the switch users, will have only user level privileges.
config admin local_enable Parameters - After entering this command, the user will be prompted to enter the old password, then a new password in an alphanumeric string of no more than 15 characters, and finally prompted to enter the new password again to confirm. See the example below. Restrictions Only administrator-level users can issue this command. Example usage: To configure the password for the “local_enable” authentication method.
28 S INGLE IP M ANAGEMENT C OMMANDS Simply put, Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. Switches using Single IP Management(labeled here as SIM) must conform to the following rules: SIM is an optional feature on the switch and can easily be enabled or disabled. SIM grouping has no effect on the normal operation of the switch in the user’s network. There are three classifications for switches using SIM.
6. The CaS can be configured through the CS to become a MS. After configuring one switch to operate as the CS of a SIM group, additional DES-3550 switches may join the group by either an automatic method or by manually configuring the switch to be a MS. The CS will then serve as the in band entry point for access to the MS. The CS’s IP address will become the path to all MS’s of the group and the CS’s Administrator’s password, and/or authentication will control access to all MS’s of the SIM group.
DES-3550:4#enable sim Command: enable sim Success. DES-3550:4# disable sim Purpose Used to disable Single IP Management(SIM) on the switch Syntax disable sim Description This command will disable SIM globally on the switch.. Parameters None. Restrictions Only administrator-level users can issue this command. Example usage: To disable SIM on the switch: DES-3550:4#disable sim Command: disable sim Success.
show sim (L3). Platform – Switch Description including name and model number. SIM State –Displays the current Single IP Management State of the switch, whether it be enabled or disabled. Role State – Displays the current role the switch is taking, including Commander, Member or Candidate. A Stand-alone switch will always have the commander role. Discovery Interval - Time in seconds the switch will send discovery packets out over the network.
Platform : DES-3550 Fast-Ethernet Switch SIM State : Enabled Role State : Commander Discovery Interval : 60 sec Hold Time : 180 sec DES-3550:4# To show the candidate information in summary, if the candidate id is specified: DES-3550:4#show sim candidate Command: show sim candidate ID MAC Address Platform / Hold Firmware Capability Time Version --------- Device Name --- ----------------- ------------------------ ----- ---------------- 1 00-01-02-03-04-00 DES-3550 L2 Switch 40 1.
ID MAC Address Platform / Hold Firmware Capability Time Version ----- --------- *1 00-01-02-03-04-00 DES-3550 L2 Switch 40 1.00-B06 Trinity 2 00-55-55-00-55-00 DES-3550 L2 Switch 140 1.
reconfig switch the user desires to configure. exit – This command is used to exit from managing the member switch and will return to managing the commander switch. Restrictions Only administrator-level users can issue this command.
config sim hold time – Using this parameter, the user may set the time, in seconds, the switch will hold information sent to it from other switches, utilizing the discovery interval protocol. The user amy set the hold time from 1 to 180 seconds. Restrictions Only administrator-level users can issue this command. To change the time interval of the discovery protocol: DES-3550:4# config sim commander dp_interval 30 Command: config sim commander dp_interval 30 Success.
DES-3550:4# config sim commander group_name Trinity Command: config sim commander group_name Trinity Success. DES-3550:4# download sim_ms Purpose Used to download firmware or configuration file to an indicated device. Syntax download sim_ms [ firmware | configuration] {members | all} Description This command will download a firmware file or configuration file to a specified device from a TFTP server.
Download Status : ID MAC Address Result --- ----------------- ---------------- 1 00-01-02-03-04-00 Success 2 00-07-06-05-04-03 Success 3 00-07-06-05-04-03 Success DES-3550:4# To download configuration files: DES-3550:4# download sim_ms configuration 10.53.13.94 c:/des3550.txt members all Command: download sim_ms firmware 10.53.13.94 c:/des35250.txt members all This device is updating configuation. Please wait...
Example usage: To upload configuration files to a TFTP server: DES-3550:4# upload sim_ms configuration 10.55.47.1 D:\configuration.txt 1 Command: upload sim_ms configuration 10.55.47.1 D:\configuration.txt 1 Success.
29 C OMMAND H ISTORY L IST The switch history commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters ? dir config command_history show command_history Each command is listed, in detail, in the following sections. ? Purpose Used to display all commands in the Command Line Interface (CLI).
config 802.1x reauth config access_profile profile_id config account config admin local_enable config arp_aging time config arpentry config authen application CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All dir Purpose Used to display all commands in the Command Line Interface (CLI). Syntax dir Description This command will display all of the commands available through the Command Line Interface (CLI). Parameters None. Restrictions None.
config arpentry config authen application CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All config command_history Purpose Used to configure the command history. Syntax config command_history Description This command is used to configure the command history. Parameters − the number of previously executed commands maintained in the buffer. Up to 40 of the latest executed commands may be viewed. Restrictions None.
A T ECHNICAL S PECIFICATIONS Physical and Environmental AC input & External Redundant power Supply: 100 - 240 VAC, 50-60 Hz (internal universal power supply) Power Consumption: 90 watts maximum DC fans: 2 built-in 40 x 40 x10 mm fans Operating Temperature: 0 to 40 degrees Celsius Storage Temperature: -40 to 70 degrees Celsius Humidity: Operating: 5% to 95% RH non-condensing; 95% RH non-condensing Dimensions: 441 mm x 207 mm x 44 mm (1U), 19 inch rack-mount width Weight: 3.
General n|a Fiber Optic 2000Mbps SFP (Mini GBIC) Support IEEE 802.3z 1000BASE-LX (DEM-310GT transceiver) IEEE 802.3z 1000BASE-SX (DEM-311GT transceiver) IEEE 802.3z 1000BASE-LH (DEM-314GT transceiver) IEEE 802.3z 1000BASE-ZX (DEM-315GT transceiver) Network Cables: 10BASE-T: UTP Cat.5, Cat.5 Enhanced for 1000Mbps UTP Cat.5 for 100Mbps UTP Cat.
