White Papers
Table Of Contents
- Dell PowerEdge FN I/O Module Command Line Reference Guide 9.14.1.5
- About this Guide
- Before You Start
- CLI Basics
- File Management
- boot system gateway
- boot system stack-unit
- cd
- copy
- copy running-config startup-config
- delete
- dir
- format flash
- HTTP Copy via CLI
- logging coredump stack-unit
- logging coredump server
- pwd
- rename
- restore factory-defaults
- show boot system
- show file
- show file-systems
- show os-version
- show running-config
- show startup-config
- show version
- upgrade boot
- upgrade system
- verify
- Control and Monitoring
- asf-mode
- asset-tag
- banner exec
- banner login
- banner motd
- clear alarms
- clear command history
- clear line
- configure
- debug cpu-traffic-stats
- debug ifm trace-flags
- debug ftpserver
- disable
- do
- enable
- exec-banner
- enable optic-info-update interval
- enable secure
- end
- exec-timeout
- exit
- feature unique-name
- ftp-server enable
- ftp-server topdir
- ftp-server username
- hostname
- http-server
- ip ftp password
- ip ftp source-interface
- ip telnet server enable
- ip telnet source-interface
- ip ftp username
- line
- login concurrent-session
- login statistics
- motd-banner
- show login statistics
- show software ifm
- ping
- reload
- service timestamps
- show alarms
- show command-history
- show configuration lock
- show cpu-traffic-stats
- show debugging
- show diag
- show environment
- show inventory
- show memory
- show processes cpu
- show processes ipc flow-control
- show processes memory
- show reset-reason
- show revision
- show server-interfaces
- show system
- show tech-support
- show uplink brief
- show util-threshold cpu
- show util-threshold memory
- ssh-peer-stack-unit
- telnet
- telnet-peer-stack-unit
- terminal length
- terminal monitor
- terminal xml
- trace route
- undebug all
- virtual-ip
- write
- 802.1X
- debug dot1x
- dot1x authentication (Configuration)
- dot1x authentication (Interface)
- dot1x auth-fail-vlan
- dot1x auth-server
- dot1x auth-type mab-only
- dot1x guest-vlan
- dot1x host-mode
- dot1x mac-auth-bypass
- dot1x max-eap-req
- dot1x max-supplicants
- dot1x port-control
- dot1x quiet-period
- dot1x reauthentication
- dot1x reauth-max
- dot1x server-timeout
- dot1x supplicant-timeout
- dot1x tx-period
- show dot1x cos-mapping interface
- show dot1x interface
- Access Control Lists (ACL)
- Commands Common to all ACL Types
- description
- remark
- resequence access-list
- resequence prefix-list ipv4
- show config
- Common IP ACL Commands
- access-class
- clear counters ip access-group
- ip access-group
- show ip access-lists
- show ip accounting access-list
- Standard IP ACL Commands
- ip access-list standard
- permit (for Standard IP ACLs)
- seq
- Extended IP ACL Commands
- deny (for Extended IP ACLs)
- deny icmp
- deny tcp
- deny udp
- ip access-list extended
- permit (for Extended IP ACLs)
- permit icmp
- permit tcp
- permit udp
- seq
- Common MAC Access List Commands
- clear counters mac access-group
- mac access-group
- show mac access-lists
- show mac accounting access-list
- Standard MAC ACL Commands
- deny
- deny
- mac access-list extended
- permit
- seq
- Extended MAC ACL Commands
- mac access-list standard
- permit
- seq
- IP Prefix List Commands
- clear ip prefix-list
- deny
- ip prefix-list
- permit
- seq
- show config
- show ip prefix-list detail
- show ip prefix-list summary
- Route Map Commands
- continue
- description
- match interface
- match ip address
- match ip next-hop
- match ip route-source
- match metric
- match route-type
- match tag
- route-map
- set automatic-tag
- set metric
- set metric-type
- set tag
- show config
- show route-map
- deny (for Standard IP ACLs)
- deny
- seq
- deny tcp
- deny udp
- deny arp (for Extended MAC ACLs)
- deny icmp
- deny ether-type (for Extended MAC ACLs)
- deny
- deny
- permit (for Standard IP ACLs)
- permit
- permit ether-type (for Extended MAC ACLs)
- permit icmp
- permit udp
- permit (for Extended IP ACLs)
- permit
- seq
- permit tcp
- seq arp
- seq ether-type
- seq
- seq
- permit udp
- permit tcp
- permit icmp
- permit
- deny udp (for IPv6 ACLs)
- deny tcp (for IPv6 ACLs)
- deny icmp (for Extended IPv6 ACLs)
- deny (for IPv6 ACLs)
- Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)
- Bidirectional Forwarding Detection (BFD)
- Border Gateway Protocol IPv4 (BGPv4)
- BGPv4 Commands
- address-family
- aggregate-address
- bgp add-path
- bgp always-compare-med
- bgp asnotation
- bgp bestpath as-path ignore
- bgp bestpath as-path multipath-relax
- bgp bestpath med confed
- bgp bestpath med missing-as-best
- bgp bestpath router-id ignore
- bgp client-to-client reflection
- bgp cluster-id
- bgp confederation identifier
- bgp confederation peers
- bgp dampening
- bgp default local-preference
- bgp enforce-first-as
- bgp fast-external-failover
- bgp four-octet-as-support
- bgp graceful-restart
- bgp non-deterministic-med
- bgp outbound-optimization
- bgp recursive-bgp-next-hop
- bgp regex-eval-optz-disable
- bgp router-id
- bgp soft-reconfig-backup
- capture bgp-pdu neighbor
- capture bgp-pdu max-buffer-size
- clear ip bgp
- clear ip bgp dampening
- clear ip bgp flap-statistics
- clear ip bgp peer-group
- debug ip bgp
- debug ip bgp dampening
- debug ip bgp events
- debug ip bgp keepalives
- debug ip bgp notifications
- debug ip bgp soft-reconfiguration
- debug ip bgp updates
- default-metric
- description
- max-paths
- neighbor activate
- neighbor add-path
- neighbor advertisement-interval
- neighbor advertisement-start
- neighbor allowas-in
- neighbor default-originate
- neighbor description
- neighbor distribute-list
- neighbor ebgp-multihop
- neighbor fall-over
- neighbor local-as
- neighbor maximum-prefix
- neighbor password
- neighbor peer-group (assigning peers)
- neighbor peer-group (creating group)
- neighbor peer-group passive
- neighbor remote-as
- neighbor remove-private-as
- neighbor route-map
- neighbor route-reflector-client
- neighbor shutdown
- neighbor soft-reconfiguration inbound
- neighbor timers
- neighbor timers extended
- neighbor update-source
- neighbor weight
- network
- network backdoor
- redistribute
- redistribute ospf
- router bgp
- shutdown all
- shutdown address-family-ipv4–multicast
- shutdown address-family-ipv4–unicast
- shutdown address-family-ipv6–unicast
- show capture bgp-pdu neighbor
- show config
- show ip bgp
- show ip bgp cluster-list
- show ip bgp community
- show ip bgp community-list
- show ip bgp dampened-paths
- show ip bgp detail
- show ip bgp extcommunity-list
- show ip bgp filter-list
- show ip bgp flap-statistics
- show ip bgp inconsistent-as
- show ip bgp neighbors
- show ip bgp next-hop
- show ip bgp paths
- show ip bgp paths as-path
- show ip bgp paths community
- show ip bgp peer-group
- show ip bgp regexp
- show ip bgp summary
- show running-config bgp
- timers bgp
- timers bgp extended
- MBGP Commands
- BGP Extended Communities (RFC 4360)
- set extcommunity rt
- set extcommunity soo
- show ip bgp paths extcommunity
- show ip bgp extcommunity-list
- IPv6 BGP Commands
- bgp soft-reconfig-backup
- clear ip bgp ipv6 unicast soft
- debug ip bgp ipv6 unicast soft-reconfiguration
- ipv6 prefix-list
- show ipv6 prefix-list
- IPv6 MBGP Commands
- show ipv6 mbgproutes
- Configuration Cloning
- Content Addressable Memory (CAM)
- Control Plane Policing (CoPP)
- u-Boot
- boot change
- boot show net config retries
- boot write net config retries
- boot zero
- default gateway
- enable
- help
- ignore enable password
- ignore startup-config
- interface management ethernet ip address
- no default gateway
- no interface management ethernet ip address
- reload
- show boot blc
- show boot selection
- show bootflash
- show bootvar
- show default gateway
- show interface management ethernet
- show interface management port config
- syntax help
- Data Center Bridging (DCB)
- advertise dcbx-appln-tlv
- advertise dcbx-tlv
- bandwidth-percentage
- dcb-enable
- dcb-policy buffer-threshold (Global Configuration)
- dcb-policy buffer-threshold (Interface Configuration)
- clear dcbx counters
- clear ets counters
- clear pfc counters
- dcb enable pfc-queues
- dcb enable auto-detect on-next-reload
- dcb-map stack-unit all stack-ports all
- dcbx-port role
- dcbx version
- debug dcbx
- description
- fc-map
- fcoe-map
- fcoe priority-bits
- iscsi priority-bits
- keepalive
- interface vlan (NPIV proxy gateway)
- pfc mode on
- pfc no-drop queues
- priority
- priority-group bandwidth pfc
- priority-pgid
- qos-policy-output ets
- qos-policy-buffer
- priority-list
- scheduler
- show dcb
- show interface dcbx detail
- show interface ets
- show interface pfc
- show interface pfc statistics
- show qos priority-groups
- show qos dcb-map
- show stack-unit stack-ports ets details
- dcb pfc-shared-buffer-size
- dcb pfc-total-buffer-size
- dcb-buffer-threshold
- dcb enable pfc-queues
- dcb {ets | pfc} enable
- service-class buffer shared-threshold-weight
- show stack-unit stack-ports pfc details
- Dynamic Host Configuration Protocol
- Commands to Configure the System to be a DHCP Server
- Commands to Configure the System to be a DHCP Client
- Other Commands Supported by the DHCP Client
- Commands to Configure Secure DHCP
- arp inspection
- arp inspection-limit
- arp inspection-trust
- clear ip dhcp snooping
- clear ipv6 dhcp snooping binding
- ip dhcp relay source-interface
- ipv6 dhcp relay source-interface
- ip dhcp snooping
- ipv6 dhcp snooping
- ip dhcp snooping database
- ipv6 dhcp snooping database write-delay
- ip dhcp snooping binding
- ip dhcp snooping database renew
- ip dhcp snooping trust
- ipv6 dhcp snooping trust
- ip dhcp source-address-validation
- ip dhcp snooping vlan
- ipv6 dhcp snooping vlan
- ip dhcp relay
- show ip dhcp snooping
- show ipv6 DHCP snooping
- ip dhcp snooping verify mac-address
- ipv6 DHCP snooping verify mac-address
- Equal Cost Multi-Path (ECMP)
- FC FLEXIO FPORT
- FIPS Cryptography
- FIP Snooping
- Force10 Resilient Ring Protocol (FRRP)
- GARP VLAN Registration (GVRP)
- Internet Group Management Protocol (IGMP)
- IGMP Commands
- IGMP Snooping Commands
- clear ip igmp groups
- debug ip igmp
- ip igmp access-group
- ip igmp group-join-limit
- ip igmp querier-timeout
- ip igmp query-interval
- ip igmp query-max-resp-time
- ip igmp snooping enable
- ip igmp snooping fast-leave
- ip igmp snooping flood
- ip igmp snooping last-member-query-interval
- ip igmp snooping mrouter
- ip igmp snooping querier
- ip igmp version
- show ip igmp groups
- show ip igmp interface
- show ip igmp snooping mrouter
- Interfaces
- Basic Interface Commands
- clear counters
- clear dampening
- cx4-cable-length
- dampening
- description
- errdisable recovery cause
- errdisable recovery interval
- flowcontrol
- interface
- interface loopback
- interface ManagementEthernet
- interface null
- interface range
- interface range macro (define)
- interface range macro name
- interface vlan
- intf-type cr4 autoneg
- keepalive
- load-balance
- load-balance hg
- monitor interface
- mtu
- negotiation auto
- portmode hybrid
- rate-interval
- rate-interval (Configuration Mode)
- remote-fault-signaling rx
- show config
- show config (from INTERFACE RANGE mode)
- show interfaces
- show interfaces configured
- show interfaces dampening
- show interfaces description
- show interfaces stack-unit
- show interfaces status
- show interfaces switchport
- show interfaces transceiver
- show range
- shutdown
- speed (for 1000/10000/auto interfaces)
- stack-unit portmode
- wavelength
- Port Channel Commands
- Time Domain Reflectometer (TDR) Commands
- UDP Broadcast
- Port Interface Commands
- Virtual LAN (VLAN) Commands
- auto vlan
- clear mac-address-table dynamic
- default vlan-id
- feature fc
- monitor interface
- name
- show config (INTERFACE mode)
- show config (from INTERFACE VLAN mode)
- show config (from PROTOCOL LLDP mode)
- show vlan
- speed (for 1000/10000 interfaces)
- stack-unit port-group port mode ethernet
- vlan tagged (CMC)
- vlan untagged (CMC)
- Basic Interface Commands
- IPv4 Routing
- arp
- arp learn-enable
- arp retries
- arp timeout
- clear arp-cache
- clear host
- clear ip fib stack-unit
- clear ip route
- clear tcp statistics
- debug arp
- debug ip dhcp
- debug ip icmp
- debug ip packet
- icmp6-redirect enable
- ip address
- ip directed-broadcast
- ip domain-list
- ip domain-lookup
- ip domain-name
- ip helper-address
- ip helper-address hop-count disable
- ip host
- ip icmp source-interface
- ipv6 icmp source-interface
- ip max-frag-count
- ip name-server
- ip proxy-arp
- ip route
- ip source-route
- ip tcp initial-time
- show ip tcp initial-time
- ip unreachables
- management route
- show arp
- show arp retries
- show hosts
- show ip cam stack-unit
- show ip fib stack-unit
- show ip interface
- show ip management-route
- show ip multicast-cam stack-unit
- show ip protocols
- show ip route
- show ip route list
- show ip route summary
- show ip traffic
- show tcp statistics
- Internet Protocol Security (IPSec)
- IPv6 Access Control Lists (IPv6 ACLs)
- IPv6 Basics
- clear ipv6 fib
- clear ipv6 route
- clear ipv6 mld_host
- ipv6 address autoconfig
- ipv6 address
- ipv6 address eui64
- ipv6 control-plane icmp error-rate-limit
- ipv6 flowlabel-zero
- ipv6 host
- ipv6 name-server
- ipv6 nd dad attempts
- ipv6 nd disable-reachable-timer
- ipv6 nd dns-server
- ipv6 nd prefix
- ipv6 nd reachable-time
- ipv6 route
- ipv6 unicast-routing
- show ipv6 cam stack-unit
- show ipv6 control-plane icmp
- show ipv6 fib stack-unit
- show ipv6 flowlabel-zero
- show ipv6 interface
- show ipv6 mld_host
- show ipv6 route
- trust ipv6-diffserv
- IPv6 Border Gateway Protocol (IPv6 BGP)
- IPv6 BGP Commands
- address family
- aggregate-address
- bgp always-compare-med
- bgp bestpath as-path ignore
- bgp bestpath med confed
- bgp bestpath med missing-as-best
- bgp client-to-client reflection
- bgp cluster-id
- bgp confederation identifier
- bgp confederation peers
- bgp dampening
- bgp default local-preference
- bgp enforce-first-as
- bgp fast-external-fallover
- bgp four-octet-as-support
- bgp graceful-restart
- bgp log-neighbor-changes
- bgp non-deterministic-med
- bgp recursive-bgp-next-hop
- bgp regex-eval-optz-disable
- bgp router-id
- bgp soft-reconfig-backup
- capture bgp-pdu neighbor (ipv6)
- capture bgp-pdu max-buffer-size
- clear ip bgp * (asterisk)
- clear ip bgp as-number
- clear ip bgp ipv6-address
- clear ip bgp peer-group
- clear ip bgp ipv6 dampening
- clear ip bgp ipv6 flap-statistics
- clear ip bgp ipv6 unicast soft
- debug ip bgp
- debug ip bgp events
- debug ip bgp ipv6 dampening
- debug ip bgp ipv6 unicast soft-reconfiguration
- debug ip bgp keepalives
- debug ip bgp notifications
- debug ip bgp updates
- default-metric
- description
- distance bgp
- maximum-paths
- neighbor activate
- neighbor advertisement-interval
- neighbor allowas-in
- neighbor default-originate
- neighbor description
- neighbor distribute-list
- neighbor ebgp-multihop
- neighbor fall-over
- neighbor filter-list
- neighbor maximum-prefix
- neighbor X:X:X::X password
- neighbor next-hop-self
- neighbor peer-group (assigning peers)
- neighbor peer-group (creating group)
- neighbor peer-group passive
- neighbor remote-as
- neighbor remove-private-as
- neighbor route-map
- neighbor route-reflector-client
- neighbor send-community
- neighbor shutdown
- neighbor soft-reconfiguration inbound
- neighbor subnet
- neighbor timers
- neighbor update-source
- neighbor weight
- network
- network backdoor
- redistribute
- redistribute isis
- redistribute ospf
- router bgp
- show capture bgp-pdu neighbor
- show config
- show ip bgp ipv6 unicast
- show ip bgp ipv6 unicast cluster-list
- show ip bgp ipv6 unicast community
- show ip bgp ipv6 unicast community-list
- show ip bgp ipv6 unicast dampened-paths
- show ip bgp ipv6 unicast detail
- show ip bgp ipv6 unicast extcommunity-list
- show ip bgp ipv6 unicast filter-list
- show ip bgp ipv6 unicast flap-statistics
- show ip bgp ipv6 unicast inconsistent-as
- show ip bgp ipv6 unicast neighbors
- show ip bgp ipv6 unicast peer-group
- show ip bgp ipv6 unicast summary
- show ip bgp next-hop
- show ip bgp paths
- show ip bgp paths as-path
- show ip bgp paths community
- show ip bgp paths extcommunity
- show ip bgp regexp
- timers bgp
- IPv6 MBGP Commands
- address family
- aggregate-address
- bgp dampening
- clear ip bgp ipv6 unicast
- clear ip bgp ipv6 unicast dampening
- clear ip bgp ipv6 unicast flap-statistics
- debug ip bgp ipv6 unicast dampening
- debug ip bgp ipv6 unicast peer-group updates
- debug ip bgp ipv6 unicast updates
- distance bgp
- neighbor activate
- neighbor advertisement-interval
- neighbor default-originate
- neighbor distribute-list
- neighbor filter-list
- neighbor maximum-prefix
- neighbor next-hop-self
- neighbor remove-private-as
- neighbor route-map
- neighbor route-reflector-client
- network
- redistribute
- show ip bgp ipv6 unicast
- show ip bgp ipv6 unicast cluster-list
- show ip bgp ipv6 unicast community
- show ip bgp ipv6 unicast community-list
- show ip bgp ipv6 unicast dampened-paths
- show ip bgp ipv6 unicast detail
- show ip bgp ipv6 unicast filter-list
- show ip bgp ipv6 unicast flap-statistics
- show ip bgp ipv6 unicast inconsistent-as
- show ip bgp ipv6 unicast neighbors
- show ip bgp ipv6 unicast peer-group
- show ip bgp ipv6 unicast summary
- IPv6 BGP Commands
- iSCSI Optimization
- Intermediate System to Intermediate System (IS-IS)
- adjacency-check
- advertise
- area-password
- clear config
- clear isis
- clns host
- debug isis
- debug isis adj-packets
- debug isis local-updates
- debug isis snp-packets
- debug isis spf-triggers
- debug isis update-packets
- default-information originate
- description
- distance
- distribute-list in
- distribute-list out
- distribute-list redistributed-override
- domain-password
- graceful-restart ietf
- graceful-restart interval
- graceful-restart t1
- graceful-restart t2
- graceful-restart t3
- graceful-restart restart-wait
- hello padding
- hostname dynamic
- ignore-lsp-errors
- ip router isis
- ipv6 router isis
- isis circuit-type
- isis csnp-interval
- isis csnp-interval
- isis hello-multiplier
- isis hello padding
- isis ipv6 metric
- isis metric
- isis network point-to-point
- isis password
- isis priority
- is-type
- log-adjacency-changes
- lsp-gen-interval
- lsp-mtu
- lsp-refresh-interval
- max-area-addresses
- max-lsp-lifetime
- maximum-paths
- metric-style
- multi-topology
- net
- passive-interface
- redistribute
- redistribute bgp
- redistribute ospf
- router isis
- set-overload-bit
- show config
- show isis database
- show isis graceful-restart detail
- show isis hostname
- show isis interface
- show isis neighbors
- show isis protocol
- show isis traffic
- spf-interval
- Isolated Networks
- Link Aggregation Control Protocol (LACP)
- auto-lag enable
- clear lacp counters
- debug lacp
- io-aggregator auto-lag enable
- lacp link-fallback
- lacp long-timeout
- lacp port-priority
- port-channel mode
- port-channel-protocol lacp
- show interfaces port-channel
- show io-aggregator auto-lag status
- show lacp
- show link-bundle-distribution port-channel
- show port-channel-flow
- Layer 2
- MAC Addressing Commands
- clear mac-address-table dynamic
- mac-address-table aging-time
- mac-address-table static
- mac-address-table station-move refresh-arp
- mac learning-limit
- mac learning-limit learn-limit-violation
- mac learning-limit station-move-violation
- mac learning-limit reset
- mac port-security
- show cam mac stack-unit
- show mac-address-table
- show mac-address-table aging-time
- show mac learning-limit
- Virtual LAN (VLAN) Commands
- MAC Addressing Commands
- Link Layer Discovery Protocol (LLDP)
- advertise dot1-tlv
- advertise dot3-tlv
- advertise interface-port-desc
- advertise management-tlv
- clear lldp counters
- clear lldp neighbors
- debug lldp interface
- disable
- hello
- mode
- multiplier
- protocol lldp (Configuration)
- protocol lldp (Interface)
- show lldp neighbors
- show lldp statistics
- show running-config lldp
- LLDP-MED Commands
- Microsoft Network Load Balancing
- Multicast Source Discovery Protocol (MSDP)
- clear ip msdp peer
- clear ip msdp sa-cache
- clear ip msdp statistic
- debug ip msdp
- ip msdp cache-rejected-sa
- ip msdp default-peer
- ip msdp log-adjacency-changes
- ip msdp mesh-group
- ip msdp originator-id
- ip msdp peer
- ip msdp redistribute
- ip msdp sa-filter
- ip msdp sa-limit
- ip msdp shutdown
- ip multicast-msdp
- show ip msdp
- show ip msdp sa-cache rejected-sa
- Multiple Spanning Tree Protocol (MSTP)
- Multicast
- Neighbor Discovery Protocol (NDP)
- NPIV Proxy Gateway
- Open Shortest Path First (OSPFv2 and OSPFv3)
- OSPFv2 Commands
- area default-cost
- area nssa
- area range
- area stub
- auto-cost
- clear ip ospf
- clear ip ospf statistics
- debug ip ospf
- default-information originate
- default-metric
- description
- distance
- distance ospf
- distribute-list in
- distribute-list out
- fast-convergence
- flood-2328
- graceful-restart grace-period
- graceful-restart helper-reject
- graceful-restart mode
- graceful-restart role
- ip ospf auth-change-wait-time
- ip ospf authentication-key
- ip ospf cost
- ip ospf dead-interval
- ip ospf hello-interval
- ip ospf message-digest-key
- ip ospf mtu-ignore
- ip ospf network
- ip ospf priority
- ip ospf retransmit-interval
- ip ospf transmit-delay
- log-adjacency-changes
- maximum-paths
- mib-binding
- network area
- passive-interface
- redistribute
- redistribute bgp
- redistribute isis
- router-id
- router ospf
- show config
- show ip ospf
- show ip ospf asbr
- show ip ospf database
- show ip ospf database asbr-summary
- show ip ospf database external
- show ip ospf database network
- show ip ospf database nssa-external
- show ip ospf database opaque-area
- show ip ospf database opaque-as
- show ip ospf database opaque-link
- show ip ospf database router
- show ip ospf database summary
- show ip ospf interface
- show ip ospf neighbor
- show ip ospf routes
- show ip ospf statistics
- show ip ospf timers rate-limit
- show ip ospf topology
- summary-address
- timers spf
- timers throttle lsa all
- timers throttle lsa arrival
- OSPFv3 Commands
- area authentication
- area encryption
- area nssa
- auto-cost
- clear ipv6 ospf process
- debug ipv6 ospf
- debug ipv6 ospf bfd
- debug ipv6 ospf events
- debug ipv6 ospf packet
- debug ipv6 ospf spf
- default-information originate
- graceful-restart grace-period
- graceful-restart mode
- ipv6 ospf area
- ipv6 ospf authentication
- ipv6 ospf bfd all-neighbors
- ipv6 ospf cost
- ipv6 ospf dead-interval
- ipv6 ospf encryption
- ipv6 ospf graceful-restart helper-reject
- ipv6 ospf hello-interval
- ipv6 ospf priority
- ipv6 router ospf
- maximum-paths
- passive-interface
- redistribute
- router-id
- show crypto ipsec policy
- show crypto ipsec sa ipv6
- show ipv6 ospf database
- show ipv6 ospf interface
- show ipv6 ospf neighbor
- snmp context
- timers spf
- Policy-based Routing (PBR)
- PIM-Sparse Mode (PIM-SM)
- IPv4 PIM-Sparse Mode Commands
- clear ip pim rp-mapping
- clear ip pim tib
- debug ip pim
- ip pim bsr-border
- ip pim bsr-candidate
- ip pim dr-priority
- ip pim join-filter
- ip pim ingress-interface-map
- ip pim neighbor-filter
- ip pim query-interval
- ip pim register-filter
- ip pim rp-address
- ip pim rp-candidate
- ip pim sparse-mode
- ip pim sparse-mode sg-expiry-timer
- ip pim spt-threshold
- no ip pim snooping dr-flood
- show ip pim bsr-router
- show ip pim interface
- show ip pim neighbor
- show ip pim rp
- show ip pim snooping interface
- show ip pim snooping neighbor
- show ip pim snooping tib
- show ip pim summary
- show ip pim tib
- show running-config pim
- IPv6 PIM-Sparse Mode Commands
- ipv6 pim bsr-border
- ipv6 pim bsr-candidate
- ipv6 pim dr-priority
- ipv6 pim join-filter
- ipv6 pim query-interval
- ipv6 pim neighbor-filter
- ipv6 pim register-filter
- ipv6 pim rp-address
- ipv6 pim rp-candidate
- ipv6 pim sparse-mode
- ipv6 pim spt-threshold
- show ipv6 pim bsr-router
- show ipv6 pim interface
- show ipv6 pim neighbor
- show ipv6 pim rp
- show ipv6 pim tib
- Port Monitoring
- Private VLAN (PVLAN)
- Per-VLAN Spanning Tree Plus (PVST+)
- Quality of Service (QoS)
- Global Configuration Commands
- Per-Port QoS Commands
- Policy-Based QoS Commands
- bandwidth-percentage
- class-map
- clear qos statistics
- crypto key zeroize rsa
- ip ssh rekey
- match ip access-group
- match ip vlan
- match ip vrf
- description
- match ip dscp
- match ip precedence
- match mac access-group
- match mac dot1p
- match mac vlan
- policy-aggregate
- policy-map-input
- policy-map-output
- qos-policy-input
- qos-policy-output
- rate police
- rate shape
- service-policy input
- service-policy output
- service-queue
- set
- show qos class-map
- show qos dcb-map
- show qos policy-map
- show qos policy-map-input
- show qos qos-policy-output
- show qos qos-policy-input
- show qos qos-policy-output
- show qos statistics
- show qos wred-profile
- test cam-usage
- trust
- wred
- wred ecn
- wred-profile
- dscp
- qos dscp-color-map
- qos dscp-color-policy
- show qos dscp-color-policy
- show qos dscp-color-map
- show qos dot1p-queue-mapping
- trust
- Routing Information Protocol (RIP)
- auto-summary
- clear ip rip
- debug ip rip
- default-information originate
- default-metric
- description
- distance
- distribute-list in
- distribute-list out
- ip poison-reverse
- ip rip receive version
- ip rip send version
- ip split-horizon
- maximum-paths
- neighbor
- network
- offset-list
- output-delay
- passive-interface
- redistribute
- redistribute ospf
- router rip
- show config
- show ip rip database
- show running-config rip
- timers basic
- version
- Remote Monitoring (RMON)
- Rapid Spanning Tree Protocol (RSTP)
- Security
- AAA Accounting Commands
- Authentication and Password Commands
- aaa authentication enable
- aaa authentication login
- authorization
- aaa authorization commands
- aaa authorization role-only
- aaa authorization config-commands
- aaa authorization exec
- aaa reauthenticate enable
- privilege level (CONFIGURATION mode)
- privilege level (LINE mode)
- banner exec
- banner login
- banner motd
- debug radius
- debug tacacs+
- exec-banner
- access-class
- enable password
- enable restricted
- enable secret
- enable sha256-password
- login authentication
- password
- password-attributes
- service password-encryption
- show privilege
- show users
- secure-cli enable
- timeout login response
- username
- RADIUS Commands
- client
- client-key
- coa-bounce-port
- coa-disable-port
- coa-reauthenticate
- debug radius
- da-rsp-timeout
- disconnect-user
- dynamic-auth-enable
- ip radius source-interface
- port
- radius dynamic-auth
- radius-server deadtime
- radius-server host
- radius-server key
- radius-server retransmit
- radius-server timeout
- role
- rate-limit
- replay-protection-window
- terminate-session
- show privilege
- Suppressing AAA Accounting for Null Username Sessions
- TACACS+ Commands
- SSH Server and SCP Commands
- crypto key generate
- debug ip ssh
- ip scp topdir
- ip ssh authentication-retries
- ip ssh cipher
- ip ssh connection-rate-limit
- ip ssh hostbased-authentication
- ip ssh key-size
- ip ssh mac
- ip ssh password-authentication
- ip ssh rhostsfile
- ip ssh rekey
- ip ssh rsa-authentication (Config)
- ip ssh rsa-authentication (EXEC)
- ip ssh server
- ip ssh server dns enable
- show crypto
- show ip ssh
- show ip ssh client-pub-keys
- show ip ssh rsa-authentication
- show role
- show userroles
- ssh
- ip ssh pub-key-file
- Secure DHCP Commands
- ICMP Vulnerabilities
- System Security Commands
- sFlow
- Service Provider Bridging
- Simple Network Management Protocol (SNMP) and Syslog
- SNMP Commands
- clear logging auditlog
- show snmp
- show snmp engineID
- show snmp group
- show snmp supported-mibs
- show snmp supported-traps
- show snmp user
- snmp context
- snmp context
- snmp ifmib ifalias long
- snmp-server community
- snmp-server contact
- snmp-server enable traps
- snmp-server engineID
- snmp-server group
- snmp-server host
- snmp-server location
- snmp-server packetsize
- snmp-server trap-source
- snmp-server user
- snmp-server user (for AES128-CFB Encryption)
- snmp-server view
- snmp trap link-status
- Syslog Commands
- clear logging
- default logging buffered
- default logging console
- logging extended
- default logging monitor
- default logging trap
- logging
- logging buffered
- logging console
- logging facility
- logging history
- logging history size
- logging monitor
- logging on
- logging source-interface
- logging synchronous
- logging trap
- logging version
- show logging
- show logging driverlog stack-unit
- show logging auditlog
- terminal monitor
- Stacking Commands
- power-cycle stack-unit
- redundancy disable-auto-reboot
- redundancy force-failover stack-unit
- reset stack-unit
- show redundancy
- show system stack-ports
- show system stack-unit iom-mode
- show system stack-unit stack-group
- stack-unit iom-mode
- stack-unit priority
- stack-unit provision
- stack-unit renumber
- track-stack-ports disable-all-links
- Storm Control
- io-aggregator broadcast storm-control
- show io-aggregator broadcast storm-control status
- show storm-control unknown-unicast
- show storm-control broadcast
- show storm-control multicast
- storm-control multicast (Interface)
- storm-control broadcast (Configuration)
- storm-control broadcast (Interface)
- storm-control multicast (Configuration)
- storm-control PFC/LLFC
- storm-control unknown-unicast (Configuration)
- storm-control unknown-unicast (Interface)
- SupportAssist
- Spanning Tree Protocol (STP)
- System Time
- Tunneling
- u-Boot
- boot change
- boot selection
- boot show net config retries
- boot write net config retries
- boot zero
- default gateway
- enable
- help
- ignore enable password
- ignore startup config
- interface management ethernet ip address
- no default-gateway
- no interface management ethernet ip address
- reload
- show boot blc
- show boot selection
- show bootflash
- show bootvar
- show default-gateway
- show interface management Ethernet
- show interface management port config
- syntax help
- Uplink Failure Detection (UFD)
- VLAN Stacking
- Virtual Link Trunking (VLT)
- back-up destination
- clear ip mroute
- clear ip pim tib
- clear vlt statistics
- delay-restore abort-threshold
- lacp ungroup member-independent
- multicast peer-routing timeout
- peer-link port-channel
- peer-routing
- peer-routing-timeout
- primary-priority
- show ip mroute
- show vlt backup-link
- show vlt brief
- show vlt detail
- show vlt inconsistency
- show vlt mismatch
- show vlt role
- show vlt statistics
- stack-unit iom-mode
- system-mac
- unit-id
- vlt domain
- vlt-peer-lag port-channel
- show vlt private-vlan
- Virtual Router Redundancy Protocol (VRRP)
- SNMP Traps
- FC Flex IO Modules
- Debugging and Diagnostics
- Offline Diagnostic Commands
- Hardware Commands
- clear hardware stack-unit
- clear hardware system-flow
- show hardware layer2 acl
- show hardware layer3
- diag stack-unit
- hardware watchdog
- online stack-unit
- offline stack-unit
- show diag
- show hardware stack-unit
- show hardware system-flow
- show hardware buffer interface
- show hardware counters interface interface
- show hardware drops
- Internet Control Message Protocol (ICMP) Message Types
which the generation of ACL logs is terminated with the seq, permit, or deny
commands. The threshold range is from 1 to 100.
interval
minutes
(OPTIONAL) Enter the keyword interval followed by the time period in minutes
at which ACL logs must be generated. The time interval range is from 1 to 10
minutes.
monitor (OPTIONAL) Enter the keyword monitor when the rule is describing the traffic
that you want to monitor and the ACL in which you are creating the rule is applied
to the monitored interface.
Defaults By default, 10 ACL logs are generated if you do not specify the threshold explicitly. The default frequency
at which ACL logs are generated is five minutes. By default, flow-based monitoring is not enabled.
Command Modes CONFIGURATION-EXTENDED-ACCESS-LIST
Supported Modes Full–Switch
Command
History
Version Description
9.9(0.0) Introduced on the FN IOM.
9.4(0.0) Added support for flow-based monitoring on the MXL 10/40GbE Switch IO Module
platform.
9.3(0.0) Added support for logging of ACLs on the MXL 10/40GbE Switch IO Module
platform.
Usage
Information
When the configured maximum threshold is exceeded, generation of logs is stopped. When the interval
at which ACL logs are configured to be recorded expires, the subsequent, fresh interval timer is started
and the packet count for that new interval commences from zero. If ACL logging was stopped previously
because the configured threshold is exceeded, it is re-enabled for this new interval.
If ACL logging is stopped because the configured threshold is exceeded, it is re-enabled after the logging
interval period elapses. ACL logging is supported for standard and extended IPv4 ACLs, IPv6 ACLs, and
MAC ACLs. You can configure ACL logging only on ACLs that are applied to ingress interfaces; you
cannot enable logging for ACLs that are associated with egress interfaces.
You can activate flow-based monitoring for a monitoring session by entering the flow-based enable
command in the Monitor Session mode. When you enable this capability, traffic with particular flows
that are traversing through the ingress and egress interfaces are examined and, appropriate ACLs can
be applied in both the ingress and egress direction. Flow-based monitoring conserves bandwidth by
monitoring only specified traffic instead all traffic on the interface. This feature is particularly useful when
looking for malicious traffic. It is available for Layer 2 and Layer 3 ingress and egress traffic. You may
specify traffic using standard or extended access-lists. This mechanism copies all incoming or outgoing
packets on one port and forwards (mirrors) them to another port. The source port is the monitored port
(MD) and the destination port is the monitoring port (MG).
Related
Commands
deny tcp — assigns a filter to deny TCP packets.
deny udp — assigns a filter to deny UDP packets.
ip access-list extended — creates an extended ACL.
deny icmp
To drop all or specific internet control message protocol (ICMP) messages, configure a filter.
Syntax
deny icmp {source mask | any | host ip-address} {destination mask | any
| host ip-address} [dscp] [count [byte]] [order] [fragments][threshold-in-
msgs] [count]]
To remove this filter, you have two choices:
● Use the no seq sequence-number command, if you know the filter’s sequence number.
● Use the no deny icmp {source mask | any | host ip-address} {destination
mask | any | host ip-address} command.
152 Access Control Lists (ACL)