Dell PowerConnect 6200 Series System CLI Reference Guide Regulatory Models: PC6224, PC6248, PC6224P, PC6248P, and PC6224F
Notes NOTE: A NOTE indicates important information that helps you make better use of your computer. _________________ Information in this publication is subject to change without notice. © 2011 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. Trademarks used in this text: Dell™, the DELL logo, PowerConnect™, OpenManage™ are trademarks of Dell Inc.
Contents 1 Command Groups Introduction . . . . . . . . . . . . . . . . . . 59 . . . . . . . . . . . . . . . . . . . . . . . 59 Command Groups Mode Types . . . . . . . . . . . . . . . . . . . . 59 . . . . . . . . . . . . . . . . . . . . . . . 64 Layer 2 Commands . . . . . . . . . . . . . . . . . . . . 65 Layer 3 Commands . . . . . . . . . . . . . . . . . . . . 94 . . . . . . . . . . . . . . . . . . . . 120 Utility Commands 2 Using the CLI Introduction . . . . . . . . . . . . . . . . . .
aaa authentication login . . . . . . . . . . . . . . . . aaa authorization network default radius . . . . . . . 196 . . . . . . . . . . . . . . . . . 197 . . . . . . . . . . . . . . . . . . . 198 enable authentication enable password . ip http authentication . . . . . . . . . . . . . . . . . ip https authentication . login authentication 200 . . . . . . . . . . . . . . . . . . 201 password (User EXEC) . . . . . . . . . . . . 202 . . . . . . . . . . . . . . . . .
show ip access-lists . . . . . . . . . . . . . . . . . . . 218 show mac access-list . . . . . . . . . . . . . . . . . . 219 Address Table Commands . bridge address . . . . . . . . . . . 221 . . . . . . . . . . . . . . . . . . . . . bridge aging-time . . . . . . . . . . . . . . . . . . . . 222 223 bridge multicast address . . . . . . . . . . . . . . . . 223 bridge multicast filtering . . . . . . . . . . . . . . . . 225 bridge multicast forbidden address . . . . . . . . . . .
CDP Interoperability Commands . . . . . . 241 . . . . . . . . . . . . . . . . . . 242 . . . . . . . . . . . . . . . . . . . . 242 clear isdp counters clear isdp table . isdp advertise-v2 . isdp enable . . . . . . . . . . . . . . . . . . . . 243 . . . . . . . . . . . . . . . . . . . . . . 243 isdp holdtime . . . . . . . . . . . . . . . . . . . . . . 244 isdp timer . . . . . . . . . . . . . . . . . . . . . . . . 245 show isdp . . . . . . . . . . . . . . . . . . . . . . .
8 DHCP Snooping Commands . clear ip dhcp snooping statistics ip dhcp snooping . . . . . . . . . . . . . . . . . . . . . . 262 . . . . . . . . . . . . . . . . . . . . 262 ip dhcp snooping binding . . . . . . . . 265 . . . . . . . . . . . . . . . . . 266 ip dhcp snooping log-invalid ip dhcp snooping trust . . . . . . . . . . . . . . . 267 . . . . . . . . . . . . . . . . . 267 ip dhcp snooping verify mac-address . show ip dhcp snooping 264 . . . . . . . . . . . . . . .
ip arp inspection trust . . . . . . . . . . . . . . . . . ip arp inspection validate ip arp inspection vlan . . . . . . . . . . . . . . . 280 . . . . . . . . . . . . . . . . . 281 permit ip host mac host show arp access-list . . . . . . . . . . . . . . . . . 282 . . . . . . . . . . . . . . . . . 282 show ip arp inspection ethernet . . . . . . . . . . . . 283 show ip arp inspection statistics . . . . . . . . . . . 285 . . . . . . . . . . . . . 287 show ip arp inspection vlan .
show interfaces detail . . . . . . . . . . . . . . . . . . 303 show interfaces status . . . . . . . . . . . . . . . . . 307 show statistics ethernet . . . . . . . . . . . . . . . . . 310 . . . . . . . . . . . . . . . . . . . 314 . . . . . . . . . . . . . . . . . . . . . . . . 316 . . . . . . . . . . . . . . . . . . . . . . . . . . 316 show storm-control shutdown . speed . storm-control broadcast . . . . . . . . . . . . . . . . . 317 . . . . . . . . . . . . . . . . . 318 . . . . . . . .
12 IGMP Snooping Commands ip igmp snooping (global) . . . . . . . . . . 333 . . . . . . . . . . . . . . . 334 ip igmp snooping (interface) . . . . . . . . . . . . . . ip igmp snooping host-time-out . . . . . . . . . . . . ip igmp snooping leave-time-out . . . . . . . . . . . ip igmp snooping mrouter-time-out show ip igmp snooping groups 336 . . . . . . . . . . 337 . . . . . . . . . . . . 338 . . . . . . . . . . . 339 show ip igmp snooping mrouter . . . . . . . . . . . . 340 . . . . . .
ip igmp snooping querier version . show igmp snooping querier . . . . . . . . . . . 351 . . . . . . . . . . . . . . 352 14 IP Addressing Commands . . . . . . . . . . . 355 clear host . . . . . . . . . . . . . . . . . . . . . . . . 356 ip address . . . . . . . . . . . . . . . . . . . . . . . . 356 ip address dhcp . . . . . . . . . . . . . . . . . . . . . 357 ip address vlan . . . . . . . . . . . . . . . . . . . . . . 358 ip default-gateway . . . . . . . . . . . . . . . . . . . . 359 .
15 IPv6 Access List Commands {deny | permit} . . . . . . . . . 371 . . . . . . . . . . . . . . . . . . . . . 372 ipv6 access-list . . . . . . . . . . . . . . . . . . . . ipv6 access-list rename ipv6 traffic-filter . . . . . . . . . . . . . . . . 375 . . . . . . . . . . . . . . . . . . . . 376 show ipv6 access-lists. . . . . . . . . . . . . . . . . 16 IPv6 MLD Snooping Querier Commands . . . . . . . . . . . . . . ipv6 mld snooping querier . 381 . . . . . . . . . . . . . .
18 LACP Commands lacp port-priority . 394 . . . . . . . . . . . . . . . . . . . 394 . . . . . . . . . . . . . . . . . . . . . . . 395 show lacp ethernet 396 . . . . . . . . . . . . . . . . . . . show lacp port-channel . link-dependency group 398 . . . . . . . . . . . . . . . . 19 Link Dependency Commands . . . . . . . . 401 402 . . . . . . . . . . . . . . . . . no link-dependency group . add ethernet 393 . . . . . . . . . . . . . . . . . . . . lacp system-priority lacp timeout . . . . .
lldp med . . . . . . . . . . . . . . . . . . . . . . . . lldp med confignotification . . . . . . . . . . . . . . lldp med faststartrepeatcount . 414 . . . . . . . . . . . . . . . . . 415 . . . . . . . . . . . . . . . . . . . . 416 lldp notification-interval . . . . . . . . . . . . . . . . 417 . . . . . . . . . . . . . . . . . . . . . . 418 . . . . . . . . . . . . . . . . . . . . . . . 418 lldp receive . lldp timers lldp transmit . . . . . . . . . . . . . . . . . . . . . .
21 Port Channel Commands channel-group 441 . . . . . . . . . . . . . . 441 . . . . . . . . . . . . . . . . . . . . . . 442 no hashing-mode show statistics port-channel . . . . . . . . . . . . . 444 . . . . . . . . . . . . . . 445 22 Port Monitor Commands monitor session 443 . . . . . . . . . . . . . . . . . . . . show interfaces port-channel . . . . . . . . . . . . . 449 450 . . . . . . . . . . . . . . . . . . . . . show monitor session 23 QoS Commands class 440 . . . . . . . . . . .
cos-queue min-bandwidth . . . . . . . . . . . . . . . 461 . . . . . . . . . . . . . . . . . . . . 462 . . . . . . . . . . . . . . . . . . . . . . . . . 463 . . . . . . . . . . . . . . . . . . . . . . . . . . 464 cos-queue strict diffserv drop . mark cos . . . . . . . . . . . . . . . . . . . . . . . . mark ip-dscp . . . . . . . . . . . . . . . . . . . . . . mark ip-precedence 466 . . . . . . . . . . . . . . . . . . . 467 . . . . . . . . . . . . . . . . . . . . . . .
match srcip6 . . . . . . . . . . . . . . . . . . . . . . . match srcl4port . . . . . . . . . . . . . . . . . . . . . 480 . . . . . . . . . . . . . . . . . . . . . . . . 481 . . . . . . . . . . . . . . . . . . . . . . . . . . 481 match vlan mirror . 479 police-simple . . . . . . . . . . . . . . . . . . . . . . 482 . . . . . . . . . . . . . . . . . . . . . . . 483 . . . . . . . . . . . . . . . . . . . . . . . . . 484 policy-map . redirect . service-policy . . . . . . . . . . . . . . . . .
24 RADIUS Commands . . . . . . . . . . . . . . . . aaa accounting network default start-stop group radius . . . . . . . . . . . . . . . . . . . . . . 506 acct-port . . . . . . . . . . . . . . . . . . . . . . . . 506 auth-port . . . . . . . . . . . . . . . . . . . . . . . . 507 deadtime . . . . . . . . . . . . . . . . . . . . . . . . 508 . . . . . . . . . . . . . . . . . . . . . . . . . . . 509 key msgauth name . . . . . . . . . . . . . . . . . . . . . . . . 509 . . . . . . . . . . . . .
source-ip . . . . . . . . . . . . . . . . . . . . . . . . . 525 . . . . . . . . . . . . . . . . . . . . . . . . . 525 . . . . . . . . . . . . . . . . . . . . . . . . . . 526 timeout . usage . 25 Spanning Tree Commands . . . . . . . . . . . clear spanning-tree detected-protocols exit (mst) . . . . . . . . . 531 . . . . . . . . . . . . . . . . . . . . . . . . 531 instance (mst) name (mst) 529 . . . . . . . . . . . . . . . . . . . . . . 532 . . . . . . . . . . . . . . . . . . . . . . . .
spanning-tree max-hops . spanning-tree mode . . . . . . . . . . . . . . . 552 . . . . . . . . . . . . . . . . . . 553 spanning-tree mst 0 external-cost . . . . . . . . . . . 553 . . . . . . . . . . . 554 . . . . . . . . . . . . . . . . 555 spanning-tree mst configuration spanning-tree mst cost . spanning-tree mst port-priority . . . . . . . . . . . . 556 . . . . . . . . . . . . . . 557 . . . . . . . . . . . . . . . . . 558 spanning-tree mst priority .
priority 571 . . . . . . . . . . . . . . . . . . . . . . . . . . show tacacs tacacs-server host . tacacs-server key . . . . . . . . . . . . . . . . . . . 573 . . . . . . . . . . . . . . . . . . . . 573 tacacs-server timeout timeout . 572 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574 . . . . . . . . . . . . . . . . . . . . . . . . . 575 28 VLAN Commands . . . . . . . . . . . . . . . . . . dvlan-tunnel ethertype . interface vlan 577 . . . . . . . . .
show vlan association mac . . . . . . . . . . . . . . show vlan association subnet . switchport access vlan . . . . . . . . . . . . 595 . . . . . . . . . . . . . . . . 596 switchport forbidden vlan . . . . . . . . . . . . . . . switchport general acceptable-frame-type tagged-only . . . . . . . . . . . . . . . . . . switchport general allowed vlan 597 . . . . . . . . . . . 598 . . . . . 599 . . . . . . . . . . . . . . . . 600 . . . . . . . . . . . . . . . . . . .
vlan protocol group remove . vlan routing . . . . . . . . . . . . . . 612 . . . . . . . . . . . . . . . . . . . . . . . 613 29 Voice VLAN Commands . voice vlan . . . . . . . . . . . . 615 616 . . . . . . . . . . . . . . . . . . . . . . . . voice vlan (Interface) voice vlan data priority show voice vlan . . . . . . . . . . . . . . . . . 617 . . . . . . . . . . . . . . . . . . . . . 618 30 802.1x Commands . . . . . . . . . . . . . . . . . dot1x mac-auth-bypass dot1x max-req 616 . . . . . .
dot1x timeout tx-period show dot1x . . . . . . . . . . . . . . . . . 632 . . . . . . . . . . . . . . . . . . . . . . 633 show dot1x clients . . . . . . . . . . . . . . . . . . . show dot1x ethernet . . . . . . . . . . . . . . . . . . 638 show dot1x statistics . . . . . . . . . . . . . . . . . 640 . . . . . . . . . . . . . . . . . . . 642 . . . . . . . . . . . . . . . . . . . . 643 show dot1x users dot1x guest-vlan dot1x unauth-vlan . . . . . . . . . . . . . . . . . . .
ip proxy-arp show arp . . . . . . . . . . . . . . . . . . . . . . . . 657 . . . . . . . . . . . . . . . . . . . . . . . . 657 32 DHCP and BOOTP Relay Commands . . . 659 bootpdhcprelay cidridoptmode . . . . . . . . . . . . . 660 bootpdhcprelay maxhopcount . . . . . . . . . . . . . . 661 . . . . . . . . . . . . . . 661 bootpdhcprelay minwaittime bootpdhcprelay cidridoptmode show bootpdhcprelay . . . . . . . . . . . . . 662 . . . . . . . . . . . . . . . . . .
show ipv6 dhcp binding . . . . . . . . . . . . . . . . show ipv6 dhcp interface show ipv6 dhcp pool . . . . . . . . . . . . . . . . 676 . . . . . . . . . . . . . . . . . 678 show ipv6 dhcp statistics . . . . . . . . . . . . . . . 678 . . . . . . . . . . . . . . . . 681 . . . . . . . . . . . . . . . . . . . . . . . . 682 34 DVMRP Commands ip dvmrp ip dvmrp metric . . . . . . . . . . . . . . . . . . . . . ip dvmrp trapflags show ip dvmrp 683 . . . . . . . . . . . . . . . . . . . . .
ip igmp robustness . ip igmp startup-query-count . . . . . . . . . . . . . . 695 . . . . . . . . . . . . . . . . . . . . . 696 . . . . . . . . . . . . . . . . . . . . . . 697 ip igmp version . show ip igmp groups. 698 . . . . . . . . . . . . . . . . . . show ip igmp interface 699 . . . . . . . . . . . . . . . . . show ip igmp interface membership show ip igmp interface stats . . . . . . . . . . 700 . . . . . . . . . . . . . . 701 36 IGMP Proxy Commands . ip igmp-proxy 694 . . . . . . .
37 IP Helper Commands . . . . . . . . . . . . . . . 711 clear ip helper statistics . . . . . . . . . . . . . . . . 712 ip helper-address (global configuration) . . . . . . . ip helper-address (interface configuration) . ip helper enable . . . . . 714 . . . . . . . . . . . . . . . . . . . . 716 show ip helper-address . . . . . . . . . . . . . . . . show ip helper statistics . . . . . . . . . . . . . . . . 38 IP Routing Commands . . . . . . . . . . . . . . . . . . . . . 722 . . . . . . . .
show ip route show ip route preferences . . . . . . . . . . . . . . . 735 . . . . . . . . . . . . . . . . . 736 . . . . . . . . . . . . . . . . . . . . . . 737 . . . . . . . . . . . . . . . . . . . . . . . 739 show ip route summary show ip stats . vlan routing 734 . . . . . . . . . . . . . . . . . . . . . . 39 IPv6 MLD Snooping Commands . ipv6 mld snooping immediate-leave . . . . . . . . . . . 743 . . . . . . . . . . . . 743 ipv6 mld snooping mcrtexpiretime ipv6 mld snooping (Global) . .
ipv6 pimsm dr-priority . . . . . . . . . . . . . . . . . ipv6 pimsm hello-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . 756 ipv6 pimsm register-threshold . . . . . . . . . . . . . 757 . . . . . . . . . . . . . . . . 757 ipv6 pimsm rp-candidate . . . . . . . . . . . . . . . . 758 ipv6 pimsm spt-threshold . . . . . . . . . . . . . . . 759 . . . . . . . . . . . . . . . . . . . . 760 ipv6 pimsm ssm show ipv6 pimsm . . . . . . . . . . . . . . . . . . . .
ipv6 mld last-member-query-count . . . . . . . . . . . ipv6 mld last-member-query-interval ipv6 mld-proxy . . . . . . . . . . . 774 . . . . . . . . . . . . . . . . . . . . . 775 ipv6 mld-proxy reset-status . . . . . . . . . . . . . . . ipv6 mld-proxy unsolicit-rprt-interval . ipv6 mld query-interval 776 . . . . . . . . . 776 . . . . . . . . . . . . . . . . . 777 ipv6 mld query-max-response-time . . . . . . . . . . . 778 . . . . . . . . . . . . . . . . . . . . . 779 . . . . . . . . . . .
ipv6 route distance . . . . . . . . . . . . . . . . . . . 791 ipv6 unicast-routing . . . . . . . . . . . . . . . . . . 792 . . . . . . . . . . . . . . . . . . . . . . . . 792 ping ipv6 ping ipv6 interface . show ipv6 brief . . . . . . . . . . . . . . . . . . . 793 . . . . . . . . . . . . . . . . . . . . 795 show ipv6 interface . . . . . . . . . . . . . . . . . . show ipv6 mld groups . . . . . . . . . . . . . . . . . show ipv6 mld interface show ipv6 mld-proxy . 800 . . . . . . . . . . .
show ipv6 vlan . . . . . . . . . . . . . . . . . . . . . . 819 traceroute ipv6 . . . . . . . . . . . . . . . . . . . . . . 820 42 Loopback Interface Commands . interface loopback . 43 Multicast Commands . ip mroute . 824 824 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 827 . . . . . . . . . . . . . . . . . . . 829 . . . . . . . . . . . . . . . . . . . . . . . . 829 ip multicast. . . . . . . . . . . . . . . . . . . . . . . . ip multicast ttl-threshold ip pimsm 823 . . . . .
ip pimsm ssm . . . . . . . . . . . . . . . . . . . . . . show bridge multicast address-table count show ip mcast . . . . . 840 . . . . . . . . . . . . . . . . . . . . . 841 show ip mcast boundary . . . . . . . . . . . . . . . . 842 show ip mcast interface . . . . . . . . . . . . . . . . 843 . . . . . . . . . . . . . . . . . 844 show ip mcast mroute show ip mcast mroute group. . . . . . . . . . . . . . 845 show ip mcast mroute source . . . . . . . . . . . . .
area range . . . . . . . . . . . . . . . . . . . . . . . . 861 area stub . . . . . . . . . . . . . . . . . . . . . . . . . 862 area stub no-summary . area virtual-link . . . . . . . . . . . . . . . . . 863 . . . . . . . . . . . . . . . . . . . . . 864 area virtual-link authentication . . . . . . . . . . . . . 865 area virtual-link dead-interval . . . . . . . . . . . . . 866 area virtual-link hello-interval . . . . . . . . . . . . . 867 area virtual-link retransmit-interval . . . . . . .
ip ospf authentication ip ospf cost . . . . . . . . . . . . . . . . . . 880 . . . . . . . . . . . . . . . . . . . . . . 881 ip ospf dead-interval . . . . . . . . . . . . . . . . . . 881 ip ospf hello-interval . . . . . . . . . . . . . . . . . . 882 . . . . . . . . . . . . . . . . . . . 883 . . . . . . . . . . . . . . . . . . . . 884 . . . . . . . . . . . . . . . . . . . . . 885 ip ospf mtu-ignore ip ospf network . ip ospf priority ip ospf retransmit-interval . . . . . . . . . . . . . . .
show ip ospf abr . . . . . . . . . . . . . . . . . . . . . 903 show ip ospf area . . . . . . . . . . . . . . . . . . . . 903 show ip ospf asbr . . . . . . . . . . . . . . . . . . . . 905 show ip ospf database . show ip ospf database database-summary . show ip ospf interface . 906 . . . . . . . . . . . . . . . . . . . . . . . 909 . . . . . . . . . . . . . . . . . 911 show ip ospf interface brief . . . . . . . . . . . . . . . 913 show ip ospf interface stats . . . . . . . . . . . . . . .
area nssa no-summary . . . . . . . . . . . . . . . . . area nssa translator-role. . . . . . . . . . . . . . . . area nssa translator-stab-intv . 933 . . . . . . . . . . . . . . . . . . . . . . . 934 . . . . . . . . . . . . . . . . . . . . . . . . 935 area stub no-summary area virtual-link . . . . . . . . . . . . . . . . . 936 . . . . . . . . . . . . . . . . . . . . 936 area virtual-link dead-interval. . . . . . . . . . . . . 937 area virtual-link hello-interval . . . . . . . . . . . .
ipv6 ospf hello-interval . . . . . . . . . . . . . . . . . 949 . . . . . . . . . . . . . . . . . . 950 ipv6 ospf network . . . . . . . . . . . . . . . . . . . . 950 ipv6 ospf priority . . . . . . . . . . . . . . . . . . . . . 951 ipv6 ospf mtu-ignore . ipv6 ospf retransmit-interval . . . . . . . . . . . . . . 952 . . . . . . . . . . . . . . . . 953 ipv6 router ospf . . . . . . . . . . . . . . . . . . . . . 954 maximum-paths . . . . . . . . . . . . . . . . . . . . . 954 . . . . . . . .
show ipv6 ospf database database-summary . show ipv6 ospf interface . . . . . 972 . . . . . . . . . . . . . . . 973 show ipv6 ospf interface brief . . . . . . . . . . . . . 974 show ipv6 ospf interface stats . . . . . . . . . . . . . 975 . . . . . . . . . . . . . 977 . . . . . . . . . . . . . . . 978 . . . . . . . . . . . . . . . . . 980 show ipv6 ospf interface vlan show ipv6 ospf neighbor . show ipv6 ospf range show ipv6 ospf stub table . . . . . . . . . . . . . . .
show ip pimsm interface . . . . . . . . . . . . . . . . 992 show ip pimsm neighbor . . . . . . . . . . . . . . . . 993 . . . . . . . . . . . . . . . . . 994 show ip pimsm rphash . 48 Router Discovery Protocol Commands . . . . . . . . . . . . . ip irdp 997 . . . . . . . . . . 998 . . . . . . . . . . . . . . . . . . . . . . . . . . ip irdp address . . . . . . . . . . . . . . . . . . . . . . 998 ip irdp holdtime . . . . . . . . . . . . . . . . . . . . . 999 ip irdp maxadvertinterval . . .
hostroutesaccept . ip rip . . . . . . . . . . . . . . . . . . . 1012 . . . . . . . . . . . . . . . . . . . . . . . . . . 1013 ip rip authentication . . . . . . . . . . . . . . . . . . ip rip receive version . . . . . . . . . . . . . . . . . 1014 . . . . . . . . . . . . . . . . . . . 1015 . . . . . . . . . . . . . . . . . . . . . . 1016 . . . . . . . . . . . . . . . . . . . . . . . . 1017 ip rip send version redistribute . router rip show ip rip . . . . . . . . . . . . . . . . . . . . . . .
52 Virtual Router Redundancy Protocol Commands . . . . . ip vrrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ip vrrp authentication ip vrrp ip 1031 1032 . . . . . . . . . . . . . . . . . 1033 . . . . . . . . . . . . . . . . . . . . . . . . 1034 ip vrrp mode . . . . . . . . . . . . . . . . . . . . . . ip vrrp preempt . ip vrrp priority 1035 . . . . . . . . . . . . . . . . . . . . 1035 . . . . . . . . . . . . . . . . . . . . . 1036 ip vrrp timers advertise . . . . . .
54 Captive Portal Commands authentication timeout . 1051 . . . . . . . . . . . . . . . . . . . . . 1051 . . . . . . . . . . . . . . . . . . . . . . . . . 1052 http port. . . . . . . . . . . . . . . . . . . . . . . . . 1053 https port . . . . . . . . . . . . . . . . . . . . . . . . 1053 show captive-portal . . . . . . . . . . . . . . . . . . show captive-portal status block 1055 . . . . . . . . . . . . . . . . . . . . . . . . . . 1056 . . . . . . . . . . . . . . . . . . . . . 1057 . . . .
show captive-portal client status . . . . . . . . . . . show captive-portal configuration client status 1064 . . . 1066 show captive-portal interface client status . . . . . 1067 show captive-portal interface configuration status . . . . . . . . . . . . . . . . . . . . . . . . . . 1069 . . . . . . . . . . . . . . 1070 . . . . . . . . . . . . . . . . . . . . . . . . . 1070 clear captive-portal users . no user show captive-portal user . . . . . . . . . . . . . . . 1071 user group . . . .
55 Clock Commands show clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . show sntp configuration . 1084 show sntp status . . . . . . . . . . . . . . . . . . . . 1085 sntp authenticate . . . . . . . . . . . . . . . . . . . . 1086 . . . . . . . . . . . . . . . . sntp broadcast client enable sntp server 1087 . . . . . . . . . . . . . 1088 . . . . . . . . . . . . . . . . . 1088 . . . . . . . . . . . . . . . . . . . . . . . 1089 sntp client poll timer .
copy . . . . . . . . . . . . . . . . . . . . . . . . . . 1101 delete backup-config . . . . . . . . . . . . . . . . . 1104 delete backup-image . . . . . . . . . . . . . . . . . 1105 delete startup-config . . . . . . . . . . . . . . . . . 1106 . . . . . . . . . . . . . . . . . . . . . . . . 1106 filedescr script apply. . . . . . . . . . . . . . . . . . . . . . . 1107 script delete . . . . . . . . . . . . . . . . . . . . . . 1108 . . . . . . . . . . . . . . . . . . . . . . .
dos-control tcpfrag . . . . . . . . . . . . . . . . . . . 1123 ip icmp echo-reply . . . . . . . . . . . . . . . . . . . 1124 ip icmp error-interval . . . . . . . . . . . . . . . . . 1125 . . . . . . . . . . . . . . . . . . . . 1126 . . . . . . . . . . . . . . . . . . . . . . 1126 ip unreachables ip redirects . ipv6 icmp error-interval . . . . . . . . . . . . . . . . 1127 ipv6 unreachables . . . . . . . . . . . . . . . . . . . 1128 show dos-control . . . . . . . . . . . . . . . . . . .
show management access-class show management access-list 60 Password Management Commands . . . . . . . . . . . passwords aging . . . . . . . . . . . . 1143 . . . . . . . . . . . . 1144 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1145 1146 passwords history . . . . . . . . . . . . . . . . . . . 1146 passwords lock-out . . . . . . . . . . . . . . . . . . 1147 passwords min-length . . . . . . . . . . . . . . . . . show passwords configuration . . . . . . . . . . . .
power inline traps . . . . . . . . . . . . . . . . . . . power inline usage-threshold . . . . . . . . . . . . . 1161 . . . . . . . . . . . . . 1162 . . . . . . . . . . . . . . . . . . 1163 show poe-firmware-version . show power inline . show power inline ethernet . 63 RMON Commands rmon alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . rmon collection history rmon event 1167 1168 1169 . . . . . . . . . . . . . . . . . . . . . . .
debug clear . . . . . . . . . . . . . . . . . . . . . . debug console debug dot1x . . . . . . . . . . . . . . . . . . . . . 1190 . . . . . . . . . . . . . . . . . . . . . . 1191 debug igmpsnooping. debug ip acl 1190 . . . . . . . . . . . . . . . . . 1192 . . . . . . . . . . . . . . . . . . . . . . 1192 debug ip dvmrp . debug ip igmp . . . . . . . . . . . . . . . . . . . . 1193 . . . . . . . . . . . . . . . . . . . . . 1194 debug ip mcache . . . . . . . . . . . . . . . . . . . .
debug rip . . . . . . . . . . . . . . . . . . . . . . . . debug sflow . . . . . . . . . . . . . . . . . . . . . . debug spanning-tree . show debugging 1206 . . . . . . . . . . . . . . . . . . . . 1207 sflow destination . . . . . . . . . . . . . . . . . 1210 . . . . . . . . . . . . . . . . . . . . . 1211 sflow sampling . . . . . . . . . . . . . 1212 . . . . . . . . . . . . . . . . . . . . 1213 sflow sampling (Interface Mode) show sflow agent . . . . . . . . . . . 1214 . . . . . . . . . .
show snmp views show trapflags . . . . . . . . . . . . . . . . . . . . 1227 . . . . . . . . . . . . . . . . . . . . 1229 snmp-server community . . . . . . . . . . . . . . . . snmp-server community-group snmp-server contact . . . . . . . . . . . . . 1232 . . . . . . . . . . . . . . . . . 1233 snmp-server enable traps . . . . . . . . . . . . . . . snmp-server enable traps authentication . 1235 . . . . . . . . . . . . . 1236 . . . . . . . . . . . . . . . . . . . 1237 snmp-server group .
ip ssh server key-string . . . . . . . . . . . . . . . . . . . . . . . 1254 . . . . . . . . . . . . . . . . . . . . . . . 1254 show crypto key mypubkey . . . . . . . . . . . . . . show crypto key pubkey-chain ssh . . . . . . . . . . 1257 . . . . . . . . . . . . . . . . . . . . . . 1259 . . . . . . . . . . . . . . . . . . . . . . . . 1260 show ip ssh . user-key 68 Syslog Commands clear logging . 1262 1262 . . . . . . . . . . . . . . . . . . . . . . 1263 . . . . . . . . . . . . . . . . . .
show logging. . . . . . . . . . . . . . . . . . . . . . show logging file . . . . . . . . . . . . . . . . . . . show syslog-servers . . . . . . . . . . . . . . . . . . 69 System Management Commands asset-tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . banner motd . . . . . . . . . . . . . . . . . . . . . . 1272 1274 1275 1277 1279 1279 banner motd acknowledge . . . . . . . . . . . . . . 1280 clear checkpoint statistics . . . . . . . . . . . . . . 1281 . . . . . . . . . . . . .
show memory cpu show nsf . . . . . . . . . . . . . . . . . . . 1294 . . . . . . . . . . . . . . . . . . . . . . . . 1295 show process cpu show sessions . . . . . . . . . . . . . . . . . . . 1296 . . . . . . . . . . . . . . . . . . . . . 1299 show stack-port . . . . . . . . . . . . . . . . . . . . show stack-port counters . . . . . . . . . . . . . . . 1301 . . . . . . . . . . . . . . . . . 1303 . . . . . . . . . . . . . . . . . .
telnet . . . . . . . . . . . . . . . . . . . . . . . . . . traceroute . . . . . . . . . . . . . . . . . . . . . . . 70 Telnet Server Commands . ip telnet server disable ip telnet port . . . . . . . . . . 1331 1332 . . . . . . . . . . . . . . . . . . . . . . 1332 . . . . . . . . . . . . . . . . . . . . . 71 User Interface Commands . end 1327 . . . . . . . . . . . . . . . . show ip telnet enable 1325 . . . . . . . . . 1333 1335 . . . . . . . . . . . . . . . . . . . . . . . . . 1336 . . .
ip http server . . . . . . . . . . . . . . . . . . . . . . ip https certificate ip https port . . . . . . . . . . . . . . . . . . . . 1347 . . . . . . . . . . . . . . . . . . . . . . 1347 ip https server . . . . . . . . . . . . . . . . . . . . . 1348 key-generate . . . . . . . . . . . . . . . . . . . . . . 1349 . . . . . . . . . . . . . . . . . . . . . . . . 1350 location . organization-unit . . . . . . . . . . . . . . . . . . . . show crypto certificate mycertificate .
1 Command Groups Introduction The Command Line Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, the user has greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.
Table 1-1. System Command Groups (continued) Command Group Description Address Table Configures bridging address tables. CDP Interoperability Configures Cisco Discovery Protocol (CDP). DHCP l2 Relay Enables the Layer 2 DHCP Relay agent for an interface. DHCP Snooping Configures DHCP snooping and whether an interface is trusted for filtering. Dynamic ARP Inspection Configures for rejection of invalid and malicious ARP packets.
Table 1-1. System Command Groups (continued) Command Group Description Spanning Tree Configures and reports on Spanning Tree protocol. Switchport Voice Configures the Auto VoIP feature. TACACS+ Configures and displays TACACS+ information. VLAN Configures VLANs and displays VLAN information. Voice VLAN Configures voice VLANs and displays voice VLAN information 802.1x Configures and displays commands related to 802.1x security protocol.
Table 1-1. System Command Groups (continued) Command Group Description Router Discovery Protocol (IPv4) Manages router discovery operations. Routing Information Protocol (IPv4) Configures RIP activities. Tunnel Interface (IPv6) Managing tunneling operations. Virtual LAN Routing (IPv4) Controls virtual LAN routing. Virtual Router Redundancy (IPv4) Manages router redundancy on the system. Utility Commands Auto Config Automatically configures switch when a configuration file is not found.
Table 1-1. System Command Groups (continued) Command Group Description SNMP Configures SNMP communities, traps and displays SNMP information. SSH Configures SSH authentication. Syslog Manages and displays syslog messages. System Management Configures the switch clock, name and authorized users. Telnet Server Configures Telnet service on the switch and displays Telnet information. User Interface Describes user commands used for entering CLI commands.
Mode Types The tables on the following pages use these abbreviations for Command Mode names.
• SK — SSH Public Key-chain • TC — TACACS Configuration • UE — User EXEC • VLAN — VLAN Configuration • v6ACL — IPv6 Access List Configuration • v6CMC • v6DP — IPv6 DHCP Pool Configuration Layer 2 Commands AAA Command Description Mode* aaa authentication dot1x Specifies one or more authentication, authorization and accounting (AAA) methods for use on interfaces running IEEE 802.1X. GC aaa authentication enable Defines authentication method lists for accessing higher privilege levels.
Command Description Mode* show authentication methods Shows information about authentication methods PE show user accounts Displays information about the local user database PE show users login-history Displays information about login histories of users PE username Establishes a username-based authentication system. GC *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64.
Command Description Mode* show ip access-lists Displays an Access Control List (ACL) and all PE of the rules that are defined for the ACL. show mac access-list Displays a MAC access list and all of the rules that are defined for the ACL. PE *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64. Address Table Command Description Mode* bridge address Adds a static MAC-layer station source address IC to the bridge table.
Command Description Mode* show bridge address-table static Displays statically created entries in the bridge- PE forwarding database. show bridge multicast address-table Displays Multicast MAC address table information. PE show bridge multicast filtering Displays the Multicast filtering configuration. PE show ports security Displays the port-lock status. PE show ports security addresses Displays current dynamic addresses in locked ports.
DHCP l2 Relay Command Description Mode* dhcp l2relay Enables the Layer 2 DHCP Relay agent for an interface. GC/IC dhcp l2relay circuit-id Enables user to set the DHCP Option 82 Circuit ID for a VLAN. GC dhcp l2relay remote-id Enables user to set the DHCP Option 82 Remote ID for a VLAN. GC dhcp l2relay vlan Enables the L2 DHCP Relay agent for a set of VLANs. GC dhcp l2relay trust Configures an interface to trust a received DHCP Option 82.
Command Description Mode* ip dhcp snooping trust Configure a port as trusted for DHCP snooping. IC ip dhcp snooping verify mac-address Enables the verification of the source MAC address with the client MAC address in the received DHCP message. GC show ip dhcp snooping Displays the DHCP snooping global and per port configuration. PE show ip dhcp snooping binding Displays the DHCP snooping binding entries.
Command Description Mode* ip arp inspection vlan Enables Dynamic ARP Inspection on a single VLAN or a range of VLANs. GC permit ip host mac host Configures a rule for a valid IP address and ARPA MAC address combination used in ARP packet validation. show arp access-list Displays the configured ARP ACLs with the rules. show ip arp inspection ethernet Displays the Dynamic ARP Inspection PE configuration on all the DAI enabled interfaces.
Command Description Mode* negotiation Enables auto-negotiation operation for the speed and duplex parameters of a given interface. IC show interfaces advertise Displays information about auto negotiation advertisement. PE show interfaces configuration Displays the configuration for all configured interfaces. UE show interfaces counters Displays traffic seen by the physical interface. UE show interfaces description Displays the description for all configured interfaces.
Command Description Mode* gvrp enable (interface) Enables GVRP on an interface. IC gvrp registration-forbid De-registers all VLANs, and prevents dynamic VLAN registration on the port. IC gvrp vlan-creation-forbid Enables or disables dynamic VLAN creation. IC show gvrp configuration Displays GVRP configuration information, PE show gvrp error-statistics Displays GVRP error statistics. UE show gvrp statistics Displays GVRP statistics.
Command Description Mode* ip igmp snooping (VLAN) In VLAN Config mode, enables IGMP snooping VLAN on a particular VLAN or on all interfaces participating in a VLAN. ip igmp snooping fast-leave Enables or disables IGMP Snooping fast-leave mode on a selected VLAN. VLAN ip igmp snooping Sets the IGMP Group Membership Interval groupmembership-interval time on a VLAN. VLAN ip igmp snooping maxresponse Sets the IGMP Maximum Response time on a particular VLAN.
IP Addressing Command Description Mode* clear host Deletes entries from the host name-to-address cache PE helper address Enable forwarding User Datagram Protocol (UDP) Broadcast packets received on an interface. IC ip address Sets a management IP address on the switch. GC ip address dhcp Acquires an IP address on an interface from the GC DHCP server. ip address vlan Sets the management VLAN. GC ip default-gateway Defines a default gateway (router).
IPv6 ACL Command Description Mode* {deny | permit} Creates a new rule for the current IPv6 access list. v6AC L ipv6 access-list Creates an IPv6 Access Control List (ACL) GC consisting of classification fields defined for the IP header of an IPv6 frame. ipv6 access-list rename Changes the name of an IPv6 ACL. ipv6 traffic-filter Attaches a specific IPv6 ACL to an interface or GC associates it with a VLAN ID in a given IC direction.
Command Description Mode* show ipv6 mld snooping Displays MLD Snooping information. PE show ipv6 mld snooping groups Displays the MLD Snooping entries in the MFDB table. PE *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64. IPv6 MLD Snooping Querier Command Description Mode* ipv6 mld snooping querier Enables MLD Snooping Querier on the system GC or on a VLAN.
LACP Command Description Mode* lacp port-priority Configures the priority value for physical ports. IC lacp system-priority Configures the system LACP priority. GC lacp timeout Assigns an administrative LACP timeout. IC show lacp ethernet Displays LACP information for Ethernet ports. PE show lacp port-channel Displays LACP information for a port-channel. PE *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64.
Command Description Mode* no depends-on portchannel Removes the dependent port-channels list. Link Dependency show link-dependency Shows the link dependencies configured PE on a particular group. *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64. LLDP Command Description Mode* clear lldp remote data Deletes all data from the remote data table. PE clear lldp statistics Resets all LLDP statistics. PE lldp notification Enables remote data change notifications.
Command Description Mode* show lldp statistics Displays the current LLDP traffic statistics. PE lldp med Enables/disables LLDP-MED on an interface. IC lldp med transmit-tlv Spwcifies which optional TLVs in the LLDP MED set are transmitted in the LLDPDUs. IC lldp med faststartrepeatcount Sets the value of the fast start repeat count. GC lldp med confignotification Enables sending the topology change notifications. IC show lldp med Displays a summary of the current LLDP MED PE configuration.
Command Description Mode* show interfaces portchannel Displays port-channel information. PE show statistics port-channel Displays port-channel statistics. PE *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64. Port Monitor Command Description Mode* monitor session Configures a port monitoring session. GC show monitor session Displays the port monitoring status. PE *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64.
Command Description Mode* conform-color Specifies for each outcome, the only possible actions are drop, setdscp-transmit, set-prectransmit, or transmit PCM C cos-queue min-bandwidth Specifies the minimum transmission bandwidth GC for each interface queue. and IC cos-queue strict Activates the strict priority scheduler mode for GC each specified queue. and IC diffserv Sets the DiffServ operational mode to active.
Command Description Mode* match dstl4port Adds to the specified class definition a match CMC condition based on the destination layer 4 port of a packet using a single keyword, or a numeric notation. match ethertype Adds to the specified class definition a match condition based on the value of the ethertype. CMC match ip6flowlbl Adds to the specified class definition a match condition based on the IPv6 flow label of a packet.
Command Description Mode* match vlan Adds to the specified class definition a match condition based on the value of the layer 2 VLAN Identifier field. CMC mirror Mirrors all the data that matches the class defined to the destination port specified PCM C police-simple Establishes the traffic policing style for the specified class.
Command Description Mode* show policy-map Displays all configuration information for the specified policy. PE show policy-map interface Displays policy-oriented statistics information for the specified interface and direction PE show service-policy Displays a summary of policy-oriented statistics PE information for all interfaces in the specified direction. traffic-shape Specifies the maximum transmission bandwidth limit for the interface as a whole.
Command Description Mode* radius-server deadtime Improves RADIUS response times when servers GC are unavailable. Causes the unavailable servers to be skipped. radius-server host Specifies a RADIUS server host. GC radius-server key Sets the authentication and encryption key for all RADIUS communications between the switch and the RADIUS daemon. GC radius-server retransmit Specifies the number of times the software searches the list of RADIUS server hosts.
Command Description Mode* instance (mst) Maps VLANs to an MST instance. MC name (mst) Defines the MST configuration name. MC revision (mst) Defines the configuration revision number. MC show spanning-tree Displays spanning tree configuration. PE show spanning-tree summary Displays spanning tree settings and parameters PE for the switch. spanning tree Enables spanning-tree functionality. GC spanning-tree auto-portfast Sets the port to auto portfast mode.
Command Description Mode* spanning-tree mst configuration Enables configuring an MST region by entering GC the multiple spanning-tree (MST) mode. spanning-tree mst 0 external-cost Sets the external cost for the common spanning IC tree. spanning-tree mst cost Configures the path cost for multiple spanning IC tree (MST) calculations. spanning-tree mst portpriority Configures port priority. spanning-tree mst priority Configures the switch priority for the specified GC spanning tree instance.
Switchport Voice Command Description Mode* switchport voice detect auto Enables the VoIP Profile on all the interfaces of GC/IC the switch. show switchport voice Displays the status of auto-voip on an interface PE or all interfaces. *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64. TACACS+ Command Description Mode* key Specifies the authentication and encryption key TC for all TACACS communications between the device and the TACACS server.
Command Description Mode* interface range vlan Enters the interface configuration mode to configure multiple VLANs. GC mode dvlan-tunnel Enables Double VLAN tunneling on the specified interface IC name Configures a name to a VLAN. IC protocol group Attaches a vlanid to the protocol-based VLAN identified by groupid. VLAN protocol vlan group Adds the physical unit/port interface to the protocol-based VLAN identified by groupid.
Command Description Mode* switchport general allowed Adds or removes VLANs from a port in General IC vlan mode. switchport general ingress- Disables port ingress filtering. filtering disable IC switchport general pvid Configures the PVID when the interface is in general mode. IC switchport mode Configures the VLAN membership mode of a port. IC switchport protected Sets the port to Protected mode.
Voice VLAN Command Description Mode* voice vlan Enables the voice VLAN capability on the switch. GG voice vlan Enables the voice VLAN capability on the interface IC voice vlan data priority Trusts or not trusts the data traffic arriving on the voice VLAN port. IC show voice vlan Displays various properties of the voice VLAN. PE *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64. 802.1x Command Description Mode* dot1x mac-auth-bypass Enables MAB on an interface.
Command Description Mode* dot1x timeout servertimeout Sets the number of seconds the switch waits for IC a response from the authentication server before resending the request. dot1x timeout supptimeout Sets the number of seconds the switch waits for IC a response to an EAP-request frame from the client before retransmitting the request. dot1x timeout tx-period Sets the number of seconds the switch waits for IC a response to an EAP-request/identify frame from the client before resending the request.
Layer 3 Commands ARP (IPv4) Command Description Mode* arp Creates an Address Resolution Protocol (ARP) entry. GC arp cachesize Configures the maximum number of entries in the ARP cache. GC arp dynamicrenew Enables the ARP component to automatically renew dynamic ARP entries when they age out. GC arp purge Causes the specified IP address to be removed from the ARP cache. PE arp resptime Configures the ARP request response timeout.
DHCP and BOOTP Relay (IPv4) Command Description Mode* bootpdhcprelay cidridoptmode Enables the circuit ID option and remote agent GC ID mode for BootP/DHCP Relay on the system. bootpdhcprelay maxhopcount Configures the maximum allowable relay agent GC hops for BootP/DHCP Relay on the system. bootpdhcprelay minwaittime Configures the minimum wait time in seconds GC for BootP/DHCP Relay on the system. show bootpdhcprelay Shows the the BootP/DHCP Relay information.
Command Description Mode* service dhcpv6 Enables DHCPv6 configuration on the router. GC show ipv6 dhcp Displays the DHCPv6 server name and status. PE show ipv6 dhcp binding Displays the configured DHCP pool. PE show ipv6 dhcp interface Displays DHCPv6 information for all relevant interfaces or a specified interface. UE show ipv6 dhcp pool Displays the configured DHCP pool. PE show ipv6 dhcp statistics Displays the DHCPv6 server name and status.
IGMP Command Description Mode* ip igmp Sets the administrative mode of IGMP in the system to active. GC ip igmp last-member-query- Sets the number of Group-Specific Queries count sent before the router assumes that there are no local members on the interface. IC ip igmp last-member-query- Configures the Maximum Response Time interval inserted in Group-Specific Queries which are sent in response to Leave Group messages.
Command Description Mode* show ip igmp interface membership Displays the list of interfaces that have registered in the multicast group. PE show ip igmp interface stats Displays the IGMP statistical information for the interface. PE *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64. IGMP Proxy Command Description Mode* ip igmp-proxy Enables the IGMP Proxy on the router.
Command Description Mode* ip helper enable Enables relay of UDP packets. GC show ip helper-address Displays the IP helper address configuration. PE show ip helper statistics Displays the number of DHCP and other UDP PE packets processed and relayed by the UDP relay agent. *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64. IP Routing Command Description Mode* encapsulation Configures the link layer encapsulation type for IC the packet.
Command Description Mode* show ip route preferences Displays detailed information about the route preferences. PE show ip route summary Shows the number of all routes, including best and non-best routes. PE show ip stats Displays IP statistical information UE *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64. IPv6 Multicast Command Description Mode* ipv6 pimsm (Global config) Administratively enables PIMSM for IPv6 multicast routing.
Command Description Mode* ipv6 pimsm spt-threshold Configures the Data Threshold rate for the lasthop router to switch to the shortest path. GC ipv6 pimsm ssm Defines the Source Specific Multicast (SSM) range of multicast addresses. GC show ipv6 pimsm Displays global status of IPv6 PIMSM and its IPv6 routing interfaces. PE show ipv6 pimsm bsr Displays the bootstrap router (BSR) information. PE show ipv6 pimsm interface Displays interface config parameters.
Command Description Mode* ipv6 host Defines static host name-to- ipv6 address mapping in the host cache. GC ipv6 mld last-memberquery-count Sets the number of listener-specific queries sent IC before the router assumes that there are no local (VLA members on the interface. N) ipv6 mld last-memberquery-interval Sets the last member query interval for the IC (VLA MLD interface, which is the value of the maximum response time parameter in the N) groupspecific queries sent out of this interface.
Command Description Mode* ipv6 nd ra-interval Sets the transmission interval between router advertisements. IC ipv6 nd ra-lifetime Sets the value that is placed in the Router IC Lifetime field of the router advertisements sent from the interface. ipv6 nd reachable-time Sets the router advertisement time to consider a IC neighbor reachable after neighbor discovery confirmation. ipv6 nd suppress-ra Suppresses router advertisement transmission on an interface.
Command Description Mode* show ipv6 mld-proxy groups Displays information about multicast groups that the MLD Proxy reported. PE show ipv6 mld-proxy groups detail Displays information about multicast groups that MLD Proxy reported. PE show ipv6 mld-proxy interface Displays a detailed list of the host interface status parameters. PE show ipv6 mld traffic Displays MLD statistical information for the router. PE show ipv6 neighbors Displays information about IPv6 neighbors.
Loopback Interface Command Description Mode* interface loopback Enters the Interface Loopback configuration mode. GC show interface loopback Displays information about configured loopback interfaces. PE *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64. Multicast Command Description Mode* ip mcast boundary Adds an administrative scope multicast boundary. IC ip mroute Creates a static multicast route for a source range.
Command Description Mode* ip pimsm rp-address Statically configures the RP address for one or more multicast groups. GC ip pimsm rp-candidate Configures the router to advertise itself as a PIM candidate rendezvous point (RP) to the bootstrap router (BSR). IC ip pimsm spt-threshold Configures the Data Threshold rate for the lasthop router to switch to the shortest path. GC ip pimsm ssm Defines the Source Specific Multicast (SSM) range of IP multicast addresses.
Command Description Mode* show ip pimsm rp mapping Displays all group-to-RP mappings of which the PE router is aware (either configured or learned from the bootstrap router). *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64. OSPF Command Description Mode* area default-cost Configures the monetary default cost for the stub ROSPF area. area nssa Configures the specified area ID to function as an ROSPF NSSA.
Command Description area virtual-link deadinterval Configures the dead interval for the OSPF virtual ROSPF interface on the virtual interface identified by area-id and neighbor router. area virtual-link hellointerval Configures the hello interval for the OSPF virtual ROSPF interface on the virtual interface identified by the area ID and neighbor ID.
Command Description Mode* ip ospf cost Configures the cost on an OSPF interface. IC ip ospf dead-interval Sets the OSPF dead interval for the specified interface. IC ip ospf hello-interval Sets the OSPF hello interval for the specified interface. IC ip ospf mtu-ignore Disables OSPF maximum transmission unit (MTU) mismatch detection. IC ip ospf network Configure OSPF to treat an interface as a point- IC to-point rather than broadcast interface.
Command Description Mode* passive-interface (router Sets the interface or tunnel as passive. mode) ROSPF redistribute Configures OSPF protocol to allow redistribution ROSPF of routes from the specified source protocol/routers. router-id Sets a 4-digit dotted-decimal number uniquely identifying the router OSPF ID. ROSPF router ospf Enters Router OSPF mode. GC show ip ospf Displays information relevant to the OSPF router.
Command Description Mode* show ip ospf virtual-link Displays the OSPF Virtual Interface information PE for a specific area and neighbor. show ip ospf virtual-link Displays the OSPF Virtual Interface information PE brief for all areas in the system. timers spf Configures the SPF delay and hold time. ROSPF trapflags Enables OSPF traps. ROSPF 1583compatibility Enables OSPF 1583 compatibility. ROSPF *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64.
Command Description Mode* area virtual-link Creates the OSPF virtual interface for the specified areaid and neighbor. ROSV3 area virtual-link deadinterval Configures the dead interval for the OSPF virtual ROSV3 interface on the virtual interface identified by areaid and neighbor. area virtual-link hellointerval Configures the hello interval for the OSPF virtual ROSV3 interface on the virtual interface identified by areaid and neighbor.
Command Description Mode* ipv6 ospf mtu-ignore Disables OSPF maximum transmission unit (MTU) mismatch detection. IC ipv6 ospf network Changes the default OSPF network type for the interface. IC ipv6 ospf priority Sets the OSPF priority for the specified router interface. IC ipv6 ospf retransmitinterval Sets the OSPF retransmit interval for the specified interface. IC ipv6 ospf transmit-delay Sets the OSPF Transmit Delay for the specified interface.
Command Description Mode* show ipv6 ospf interface Displays the information for the IFO object or virtual interface tables. PE show ipv6 ospf interface Displays brief information for the IFO object or brief virtual interface tables. PE show ipv6 ospf interface Displays the statistics for a specific interface. stats UE show ipv6 ospf interface Displays OSPFv3 configuration and status vlan information for a specific vlan PE show ipv6 ospf neighbor Displays information about OSPF neighbors.
Command Description Mode* show ip pimdm interface stats Displays the statistical information for PIMDM on the specified interface. UE show ip pimdm neighbor Displays the neighbor information for PIM-DM PE on the specified interface. *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64. PIM-SM Command Description Mode* ip pimsm Sets administrative mode of PIM-SM multicast GC routing across the router to enabled.
Command Description Mode* show ip pimsm Displays the system-wide information for PIM- PE SM. show ip pimsm interface Displays interface information for PIM-SM on the specified interface. PE show ip pimsm neighbor Displays neighbor information for PIM-SM on the specified interface. PE show ip pimsm rphash Displays the RP router being selected from the PE set of active RP routers. *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64.
Routing Information Protocol Command Description Mode* auto-summary Enables the RIP auto-summarization mode. RIP default-information originate Controls the advertisement of default routes. RIP default-metric Sets a default for the metric of distributed routes. RIP distance rip Sets the route preference value of RIP in the router. RIP distribute-list out Specifies the access list to filter routes received RIP from the source protocol.
Command Description Mode* show ip rip interface brief Displays general information for each RIP interface. PE split-horizon Sets the RIP split horizon mode. RIP *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64. Tunnel Interface Command Description Mode* interface tunnel Enables the interface configuration mode for a GC tunnel. show interface tunnel Displays the parameters related to tunnel such as tunnel mode, tunnel source address and tunnel destination address.
Command Description Mode* ip vrrp authentication Sets the authorization details value for the virtual router configured on a specified interface. IC ip vrrp ip Sets the virtual router IP address value for an interface. IC ip vrrp mode Enables the virtual router configured on an interface. Enabling the status field starts a virtual router. IC ip vrrp preempt Sets the preemption mode value for the virtual IC router configured on a specified interface.
Utility Commands Auto Config Command Description Mode* boot host auto-save Enables/disables automatically saving the downloaded configuration on the switch. GC boot host dhcp Enables/disables Auto Config on the switch. GC boot host retry-count Set the number of attempts to download a configuration. GC show boot Displays the current status of the Auto Config process. PE *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64.
Command Description Mode* interface Associates an interface with a captive portal configuration. CPI locale Associates an interface with a captive portal configuration. CPI name Configures the name for a captive portal configuration. CPI protocol Configures the protocol mode for a captive portal configuration. CPI redirect Enables the redirect mode for a captive portal configuration.
Command Description Mode* show captive-portal user Displays all configured users or a specific user in PE the captive portal local user database. user idle-timeout Sets the session idle timeout value for a captive CP portal user. user name Modifies the user name for a local captive portal CP user. user password Creates a local user or changes the password for CP an existing user. user session-timeout Sets the session timeout value for a captive portal user.
Clock Command Description Mode* show clock Displays the time and date of the system clock. PE show sntp configuration Displays the SNTP configuration. PE show sntp status Displays the SNTP status. PE sntp authenticate Set to require authentication for received NTP GC traffic from servers. sntp authentication-key Defines an authentication key for SNTP. GC sntp broadcast client enable Enables SNTP Broadcast clients.
Configuration and Image Files Command Description Mode* boot system Specifies the system image that the switch loads PE at startup. clear config Restores switch to default configuration PE copy Copies files from a source to a destination. PE delete backup-image Deletes a file from a flash memory. PE delete backup-config Deletes the backup configuration file PE delete startup-config Deletes the startup configuration file. PE filedescr Adds a description to a file.
Denial of Service Command Description Mode* dos-control firstfrag Enables Minimum TCP Header Size Denial of GC Service protection. dos-control icmp Enables Maximum ICMP Packet Size Denial of GC Service protections. dos-control l4port Enables L4 Port Denial of Service protection. GC dos-control sipdip Enables Source IP Address = Destination IP Address (SIP=DIP) Denial of Service protection. GC dos-control tcpflag Enables TCP Flag Denial of Service protections.
Line Command Description Mode* exec-timeout Configures the interval that the system waits for LC user input. history Enables the command history function. history size Changes the command history buffer size for a LC particular line. line Identifies a specific line for configuration and enters the line configuration command mode. GC show line Displays line parameters. UE speed Sets the line baud rate. LC LC *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64.
Password Management Command Description Mode* passwords aging Implements aging on the passwords such that users are required to change passwords when they expire. GC passwords history Enables the administrator to set the number of GC previous passwords that are stored to ensure that users do not reuse their passwords too frequently. passwords lock-out Enables the administrator to strengthen the GC security of the switch by enabling the user lockout feature.
Power Over Ethernet (PoE) Command Description Mode* power inline Enables/disables the ability of the port to deliver power. IC (Ethernet ) power inline legacy Enables/disables the ability of the switch to GC support legacy Ethernet powered devices. power inline powereddevice Adds a comment or description of the powered device type. IC (Ethernet ) power inline priority Configures the port priority level for the delivery of power to an attached device.
Command Description Mode* show rmon alarm-table Displays the alarms summary table. UE show rmon collection history Displays the requested group of statistics. UE show rmon events Displays the RMON event table. UE show rmon history Displays RMON Ethernet Statistics history. UE show rmon log Displays the RMON logging table. UE show rmon statistics Displays RMON Ethernet Statistics. UE *NOTE: For the meaning of each Mode abbreviation, see "Mode Types" on page 64.
Command Description Mode* debug ip pimsm Traces PIMSM packet reception and transmission. PE debug ip vrrp Enables VRRP debug protocol messages. PE debug ipv6 mcache Traces MDATAv6 packet reception and transmission. PE debug ipv6 mld Traces MLD packet reception and transmission. PE debug ipv6 pimdm Traces PIMDMv6 packet reception and transmission. PE debug ipv6 pimsm Traces PIMSMv6 packet reception and transmission. PE debug isdp Traces ISDP packet reception and transmission.
sFlow Command Description Mode* sflow destination Configures sFlow collector parameters (owner string, receiver timeout, ip address, and port). GC sflow polling Enables a new sflow poller instance for the data GC source if rcvr_idx is valid. sflow polling (Interface Mode) Enable a new sflow poller instance for this data IC source if rcvr_idx is valid. sflow sampling Enables a new sflow sampler instance for this data source if rcvr_idx is valid.
Command Description Mode* snmp-server community Sets up the community access string to permit access to SNMP protocol. GC snmp-server communitygroup Maps SNMP v1 and v2 security models to the group name. GC snmp-server contact Sets up a system contact (sysContact) string. GC snmp-server enable traps Enables SNMP traps globally or enables specific GC SNMP traps. snmp-server engineID local Specifies the Simple Network Management GC Protocol (SNMP) engine ID on the local switch.
Command Description Mode* ip ssh pubkey-auth Enables public key authentication for incoming GC SSH sessions. ip ssh server Enables the switch to be configured from a SSH GC server connection. key-string Manually specifies a SSH public key. SK show crypto key mypubkey Displays its own SSH public keys stored on the PE switch. show crypto key pubkeychain ssh Displays SSH public keys stored on the switch. PE show ip ssh Displays the SSH server configuration.
Command Description Mode* logging file Limits syslog messages sent to the logging file based on severity. GC logging on Controls error messages logging. GC port Specifies the port number of syslog messages. L show logging Displays the state of logging and the syslog messages stored in the internal buffer. PE show logging file Displays the state of logging and the syslog messages stored in the logging file. PE show syslog-servers Displays the syslog servers settings.
Command Description Mode* no cut-through mode Disables the cut-through mode on the switch. GC no standby Removes standby configuration in the stack. SG ping Sends ICMP echo request packets to another node on the network. UE reload Reloads the operating system. PE set description Associates a text description with a switch in the stack. SG show boot-version Displays the boot image version details. UE show cut-through mode Show the cut-through mode on the switch.
Command Description Mode* show version Displays the system version information. UE stack Sets the mode to Stack Global Configuration mode. GC stack-port Sets the mode to Stack Global Configuration mode to configure Stack ports as either Stacking ports or as Ethernet ports. GC standby Configures the standby in the stack. SG switch priority Configures the ability of the switch to become the Management Switch. GC switch renumber Changes the identifier for a switch in the stack.
User Interface Command Description Mode* enable Enters the privileged EXEC mode. UE end Gets the CLI user control back to the privileged Any execution mode or user execution mode. exit(configuration) Exits any configuration mode to the previously (All) highest mode in the CLI mode hierarchy. exit(EXEC) Closes an active terminal session by logging off UE the switch. mode simple Selects the simple mode as the start up mode. GC mode-change confirm Confirms the mode selection.
Command Description Mode* ip https server Enables the switch to be configured from a secured browser. GC key-generate Specifies the key-generate. CC location Specifies the location or city name. CC organization-unit Specifies the organization-unit or department name CC show crypto certificate mycertificate Displays the SSL certificates of your switch. PE show ip http Displays the HTTP server configuration. PE show ip https Displays the HTTPS server configuration.
2 Using the CLI Introduction This chapter describes the basics of entering and editing the Dell PowerConnect 62xx Series Command Line Interface (CLI) commands and defines the command hierarchy. It also explains how to activate the CLI and implement its major functions.
• Partial keyword lookup — A command is incomplete and the key is entered in place of a parameter. The matched parameters for this command are displayed.
For information about the command syntax for configuring the command history buffer, see the history-size command in the Line command mode chapter of this guide. Negating Commands For many commands, the prefix keyword no is entered to cancel the effect of a command or reset the configuration to the default value. All configuration commands have this capability. This guide describes the negation effect for all commands to which it applies.
Keyboard Key Description Delete previous character + Go to beginning of line + Go to end of line + Go forward one character + Go backward one character + Delete current character + Delete to beginning of line + Delete to the end of the line.
• The range may be specified in the following manner: (#-#) — a range from a particular instance to another instance (inclusive). For example, 1/g1-g10 indicates that the operation applies to the gigabit Ethernet ports 1 to 10 on unit 1. (#, #, #) — a list of non-consecutive instances. For example, (1/g1, 1/g3,1/g5) indicates that the operation applies to the gigabit Ethernet ports 1, 3, and 5 on unit 1. (#, #-#, #) — ranges and non-consecutive instances listed together.
CLI Command Notation Conventions When entering commands there are certain command-entry notations which apply to all commands. The following table describes these conventions as they are used in syntax definitions. Convention Description [] In a command line, square brackets indicate an optional entry. {} In a command line inclusive brackets indicate a selection of compulsory parameters separated by the | character. One option must be selected.
CLI Command Modes Since the set of CLI commands is very large, the CLI is structured as a command-tree hierarchy, where related command sets are assigned to command modes for easier access. At each level, only the commands related to that level are available to the user and only those commands are shown in the context sensitive help for that level.
The Privileged EXEC mode provides access to commands that can not be executed in the User EXEC mode and permits access to the switch Configuration mode. The Global Configuration mode manages switch configuration on a global level. For specific interface configurations, command modes exist at a sublevel. Entering a at the system prompt displays a list of commands available for that particular command mode. A specific command is used to navigate from one command mode to another.
Global Configuration Mode Global Configuration commands apply to features that affect the system as a whole, rather than just a specific interface. The Privileged EXEC mode command configure is used to enter the Global Configuration mode. console(config)# Interface and Other Specific Configuration Modes Interface configuration modes are used to modify specific interface operations.
• Policy-map — Use the policy-map command to access the QoS policy map configuration mode to configure the QoS policy map. • Policy Class — Use the class command to access the QoS Policy-class mode to attach or remove a DiffServ class from a policy and to configure the QoS policy class. • Class-Map — This mode consists of class creation/deletion and matching commands. The class matching commands specify layer 2, layer 3 and general match criteria.
• MAC Access-List — Configures conditions required to allow traffic based on MAC addresses. The Global Configuration mode command macaccess-list is used to enter the MAC Access-List configuration mode. • TACACS — Configures the parameters for the TACACS server. • Radius — Configures the parameters for the RADIUS server. • SNMP Host Configuration — Configures the parameters for the SNMP server host. • SNMP v3 Host Configuration — Configures the parameters for the SNMP v3 server host.
[# | >] — The # sign is used to indicate that the system is in the Privileged EXEC mode. The > symbol indicates that the system is in the User EXEC mode, which is a read-only mode in which the system does not allow configuration. Navigating CLI Command Modes The following table describes how to navigate through the CLI Command Mode hierarchy.
Command Mode Access Method Command Prompt Exit or Access Previous Mode Line Interface From Global Configuration mode, use the line command. console(configline)# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode. Management Access-List From Global Configuration mode, use the management access-list command. console(configmacal)# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode.
Command Mode Access Method Command Prompt Exit or Access Previous Mode console(configmac-accesslist)# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode. SSH Public Key- From Global console(configChain Configuration pubkey-chain)# mode, use the crypto key pubkeychain ssh command. To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode.
Command Mode Access Method Command Prompt Exit or Access Previous Mode Radius From Global Configuration mode, use the radius-server host command. console(configradius)# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode. SNMP Host Configuration From Global Configuration mode, use the snmp-server command. console(configsnmp)# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode.
Command Mode Access Method Command Prompt Exit or Access Previous Mode Crypto Certificate Generation From Global Configuration mode, use the crypto certificate number generate command. console(configcrypto-cert)# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode. Crypto Certificate Request From Privileged EXEC mode, use the crypto certificate number request command.
Command Mode Access Method Command Prompt Exit or Access Previous Mode MST From Global Configuration mode, use the spanning-tree mst configuration command. console(configmst)# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode. VLAN Config From Global console(configConfiguration vlan)# mode, use the vlan database command. To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode.
Command Mode Access Method Command Prompt Exit or Access Previous Mode Router OSPFv3 Config From Global console(configConfiguration rtr)# mode, use the ipv6 router ospf command. To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode IPv6 DHCP Pool From Global console(configMode Configuration dhcp6s-pool)# mode, use the ipv6 dhcp pool command.
Command Mode Access Method Command Prompt Exit or Access Previous Mode VLAN From Global Configuration mode, use the interface vlan command. console(configif-vlann)# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode. Tunnel From Global Configuration mode, use the interface tunnel command. console(configtunneln)# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode.
Starting the CLI To begin running the CLI, perform the following steps: NOTE: This procedure is for use on the console line only. NOTE: The Easy Setup Wizard is available only when the system is in default state with no user configuration saved previously. 1 Start the switch and wait until the startup procedure is complete and the User EXEC mode is entered. The prompt console> is displayed. 2 Configure the switch using the Easy Setup Wizard and enter the necessary commands to complete the required tasks.
• Enables CLI login and HTTP access to use the local authentication setting only, which allows user account access via these management interfaces. The user may return later to configure Radius or TACACS+. • Sets up the IP address for the management VLAN or enables support for DHCP to configure the management IP address dynamically. • Sets up the SNMP community string to be used by the SNMP manager. The user may choose to skip this step if SNMP management is not used.
Since a switch may be powered on in the field without a serial connection, the switch waits 60 seconds for the user to respond to the setup wizard question in instances where no configuration files exist. If there is no response, the switch continues normal operation using the default factory configuration.
Figure 2-1.
Example Session This section describes an Easy Setup Wizard session. Refer to the state diagram in the previous section for general flow. The following values used by the example session are not the only possible ones: • IP address for the management VLAN is 192.168.2.1:255.255.255.0. • The user name is admin, and the password should be 8-64 characters in length (admin123). • The network management system IP address is 192.168.2.1. • The default gateway is 0.0.0.0.
Welcome to Dell Easy Setup Wizard The Setup Wizard guides you through the initial switch configuration, and gets you up and running as quickly as possible. You can skip the setup wizard, and enter CLI mode to manually configure the switch. You must respond to the next question to run the setup wizard within 60 seconds, otherwise the system will continue with normal operation using the default system configuration.Note: You can exit the setup wizard at any point by entering [ctrl+z].
{public}: public Please enter the IP address of the Management System (A.B.C.D) or wildcard (0.0.0.0) to manage from any Management Station. {0.0.0.0}: 192.168.2.1 Step 2: Now we need to setup your initial privilege (Level 15) user account. This account is used to login to the CLI and Web interface. You may setup other accounts and change privilege levels later. For more information on setting up user accounts and changing privilege levels, see the user documentation.
Please enter the IP address of the device (A.B.C.D) or enter "DHCP" (without the quotes) to automatically request an IP address from the network DHCP server. 192.168.2.1 Please enter the IP subnet mask (A.B.C.D or /nn): 255.255.255.0 Step 4: Finally, set up the gateway. Please enter the IP address of the gateway from which this network is reachable 192.168.1.1 This is the configuration information that has been collected: SNMP Interface = "public"@192.168.2.
Unit 1 - Waiting to select management unit)> Applying configuration, please wait ... Welcome to Dell Easy Setup Wizard The Setup Wizard guides you through the initial switch configuration, and gets you up and running as quickly as possible. You can skip the setup wizard, and enter CLI mode to manually configure the switch. You must respond to the next question to run the setup wizard within 60 seconds, otherwise the system will continue with normal operation using the default system configuration.
Please enter the user name. [root]:root Please enter the user password: Please reenter the user password: Step 3: Next, an IP address is setup. The IP address is defined on the default VLAN (VLAN #1), of which all ports are members. This is the IP address you use to access the CLI, Web interface, or SNMP interface for the switch. Optionally you may request that the system automatically retrieve an IP address from the network via DHCP (this requires that you have a DHCP server running on the network).
Do you want to select the operational mode as Simple Mode? [Y/N] n Step 6: If the information is correct, please select (Y) to save the configuration, and copy to the start-up configuration file.
Using CLI Functions and Tools The CLI has been designed to manage the switch’s configuration file system and to manage switch security. A number of resident tools exist to support these and other functions. Configuration Management All managed systems have software images and databases that must be configured, backed up and restored. Two software images may be stored on the system, but only one of them is active. The other one is a backup image.
configuration file. In this case, if the local configuration file does not exist, then it is created by the command. If it does exist, it is overwritten. If there is not enough space on the local file system to accommodate the file, an error is flagged. Refer to the copy command description in the Layer 2 commands section of the guide for command details.
CLI prevents the user from accidentally copying a configuration image onto a software image and vice versa. Management Interface Security This section describes the minimum set of management interface security measures implemented by the CLI. Management interface security consists of user account management, user access control and remote network/host access controls.
• The user password is saved internally in encrypted format and never appears in clear text anywhere on the CLI. • The CLI supports TACACS+ and Radius authentication servers. • The CLI allows the user to configure primary and secondary authentication servers. If the primary authentication server fails to respond within a configurable period, the CLI automatically tries the secondary authentication server.
• If authentication servers are used, the user can identify at least two remote servers (the user may choose to configure only one server) and what protocol to use with the server, TACACS+ or Radius. One of the servers is primary and the other is the secondary server (the user is not required to specify a secondary server). If the primary server fails to respond in a configurable time period, the CLI automatically attempts to authenticate the user with the secondary server.
• Denied attempts by external management system to access the system. The security log record contains the following information: • The user name, if available, or the protocol being accessed if the event is related to a remote management system. • The IP address from which the user is connecting or the IP address of the remote management system. • A description of the security event. • A timestamp of the event If syslog is available, the CLI sends the security log records to the syslog server.
Terminal Paging The terminal width and length for CLI displays is 79 characters and 25 lines, respectively. The length setting is used to control the number of lines the CLI will display before it pauses. For example, the CLI pauses at 24 lines and prompts the user with the -more- prompt on the 25th line. The CLI waits for the user to press either or any other key. If the user presses any key except , the CLI shows the next page. A key stops the display and returns to the CLI prompt.
total bytes in files: 19,656 Kb # of lost chains: 0 total bytes in lost chains: 0 volume descriptor ptr (pVolDesc): 0x38ff9d0 XBD device block I/O handle: 0x10001 auto disk check on mount: |DOS_CHK_VERB_2 DOS_CHK_REPAIR volume write mode: copyback (DOS_WRITE) max # of simultaneously open files: file descriptors in use: 52 0 # of different files in use: 0 # of descriptors for deleted files: # of obsolete descriptors: 0 0 current volume configuration: - volume label: NO LABEL ; (in boot s
- first cluster is in sector # 136 - Update last access date for open-read-close = FALSE - directory structure: - file name format: VFAT 8-bit (extended-ASCII) - root dir start sector: 121 - # of sectors per root: 15 - max # of entries in root: 240 FAT handler information: ------------------------ allocation group size: 2 clusters - free space on volume: 10,852,352 bytes Boot Menu 3.2.0.1 Select an option. If no selection in 10 seconds then operational code will start.
Adding 0 symbols for standalone. CPU: Motorola E500 : Unknown system version. Processor #0. Memory Size: 0x10000000. Created: Jan BSP version 1.2/0. 4 2010, 03:59:27 ED&R Policy Mode: deployed /DskVol// - disk check in progress ...
volume descriptor ptr (pVolDesc): 0x348ef70 XBD device block I/O handle: 0x10001 auto disk check on mount: |DOS_CHK_VERB_2 DOS_CHK_REPAIR volume write mode: copyback (DOS_WRITE) max # of simultaneously open files: file descriptors in use: 52 0 # of different files in use: 0 # of descriptors for deleted files: # of obsolete descriptors: 0 0 current volume configuration: - volume label: ) NO LABEL ; (in boot sector: - volume Id: 0x1b19 - total number of sectors: - bytes per sector: 60,716
- file name format: 8-bit (extended-ASCII) - root dir start sector: 121 - # of sectors per root: 15 - max # of entries in root: 240 FAT handler information: ------------------------ allocation group size: 2 clusters - free space on volume: 10,852,352 bytes Timebase: 66.666666 MHz, MEM: 266.666664 MHz, PCI: 66.666666 MHz, CPU: 533.
<186> JUN 28 14:29:09 0.0.0.0-1 UNKN[268434720]: bootos.c(222) 1 %% Event(0xaaaaaaaa) Instantiating RamCP: as rawFs, device = 0x30001 Formatting RamCP: for DOSFS Instantiating RamCP: as rawFs, device = 0x30001 RamCP:/ - disk check in progress ...
gets you up and running as quickly as possible. You can skip the setup wizard, and enter CLI mode to manually configure the switch. You must respond to the next question to run the setup wizard within 60 seconds, otherwise the system will continue with normal operation using the default system configuration.Note: You can exit the setup wizard at any point by entering [ctrl+z].
SW Management Standby Preconfig Status Status Model ID Plugged-in Model ID Switch Status Code Version ---- --------- -------- ---------- ------------ --------- -------1 Mgmt Sw PC6224 PCT6224 OK 3.2.1.3 console> Boot Utility Menu If a user is connected through the serial interface during the boot sequence, pressing the key interrupts the boot process and displays a Boot Utility Menu. Selecting item 2 displays the menu and may be typed only during the initial boot up sequence.
8 - Delete backup image 9 - Reset the system 10 - Restore Configuration to factory defaults (delete config files) 11 - Activate Backup Image 12 - Password Recovery Procedure The boot utility menu provides the following: • Option to set baud rate of the serial port. [Boot Menu]2 Select baud rate: 1 - 1200 2 - 2400 3 - 4800 4 - 9600 5 - 19200 6 - 38400 7 - 57600 8 - 115200 0 - no change The previously described setting takes effect immediately. • Option to retrieve event log using XMODEM.
• Option to load new operational code using XMODEM [Boot Menu] 4 Ready to receive the file with XMODEM/CRC.... Ready to RECEIVE File xcode.bin in binary mode Send several Control-X characters to cancel before transfer starts. • Option to display Boot Image Information. This option can be used to determine which image is active and will be booted when option one is chosen. [Boot Menu] 5 The following image is in the Flash File System: File Name......................................image2 CRC................
Operational Compression flag...................2 (lzma) Boot Code Version..............................1 Boot Code Size.................................0x100000 (1048576) Boot Code Offset...............................0x79027c (7930492) Boot Code FLASH flag...........................0 Boot Code CRC..................................0x2C8B VPD - rel 3 ver 2 maint_lvl 0 build_num 1 Timestamp - Mon Jan 4 04:26:56 2010 File - Dell-Ent-esw-kinnick-pct.8541-V6RCSxw-6IQHSr3v2m0b1.
Validating image2....OK Extracting boot code from image...CRC valid Erasing Boot Flash.....^^^^Done. Wrote 0x10000 bytes. Wrote 0x20000 bytes. Wrote 0x30000 bytes. Wrote 0x40000 bytes. Wrote 0x50000 bytes. Wrote 0x60000 bytes. Wrote 0x70000 bytes. Wrote 0x80000 bytes. Wrote 0x90000 bytes. Wrote 0xa0000 bytes. Wrote 0xb0000 bytes. Wrote 0xc0000 bytes. Wrote 0xd0000 bytes. Wrote 0xe0000 bytes. Wrote 0xf0000 bytes. Wrote 0x100000 bytes. Validating Flash.....Passed Flash update completed.
• Option to Clear All Flash and Reset the System to Default Setting. User action will be confirmed with a Y/N question before executing the command. The following is the procedure to reset the system through Boot Menu: [Boot Menu] 9 Are you SURE you want to reset the system? (y/n):y Boot code...... Boot Menu Version: 3.2.0.1 Select an option. If no selection in 10 seconds then operational code will start. 1 - Start operational code. 2 - Start Boot Menu.
• Option to use the password recovery procedure. It allows the switch to boot one time without prompting for a console password. Note that the ‘enable’ password is not prompted for in this mode. [Boot Menu] 12 Monitoring Traps from CLI It is possible to connect to the CLI session and monitor the events or faults that are being sent as traps from the system. This feature is equivalent to the alarm-monitoring window in a typical network management system.
Using the CLI
3 AAA Commands This chapter explains the following commands: • aaa authentication dot1x • aaa authentication enable • aaa authentication login • aaa authorization network default radius • enable authentication • enable password • ip http authentication • ip https authentication • login authentication • password (Line Configuration) • password (User EXEC) • show authentication methods • show users accounts • show users login-history • username AAA Commands 191
aaa authentication dot1x Use the aaa authentication dot1x command in Global Configuration mode to create an authentication login list. Syntax aaa authentication dot1x default method1 no aaa authentication dot1x default • method1 — At least one from the following table: Keyword Description radius Uses the list of all authentication servers for authentication none Uses no authentication Default Configuration No authentication method is defined.
aaa authentication enable Use the aaa authentication enable command in Global Configuration mode to set authentication for accessing higher privilege levels. To return to the default configuration, use the no form of this command. Syntax aaa authentication enable {default|list-name} method1 [method2...] no aaa authentication enable {default|list-name} • default — Uses the listed authentication methods that follow this argument as the default list of methods, when using higher privilege levels.
Create a list by entering the aaa authentication enable list-name method command where list-name is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries in the given sequence. The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
• method1 [method2...] — Specify at least one from the following table: Keyword Source or destination enable Uses the enable password for authentication. line Uses the line password for authentication. local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication.
console(config)# aaa authentication login default radius local enable none aaa authorization network default radius Use the aaa authorization network default radius command in Global Configuration mode to enable the switch to accept VLAN assignment by the RADIUS server.
enable authentication Use the enable authentication command in Line Configuration mode to specify the authentication method list when accessing a higher privilege level from a remote telnet or console. To return to the default specified by the enable authentication command, use the no form of this command. Syntax enable authentication {default|list-name} no enable authentication • default — Uses the default list created with the aaa authentication enable command.
enable password Use the enable password command in Global Configuration mode to set a local password to control access to the privileged EXEC mode. To remove the password requirement, use the no form of this command. Syntax enable password password [encrypted] no enable password • password — Password for this level (Range: 8- 64 characters). • encrypted — Encrypted password entered, copied from another switch configuration. Default Configuration This command has no default configuration.
ip http authentication Use the ip http authentication command in Global Configuration mode to specify authentication methods for http server users. To return to the default, use the no form of this command. Syntax ip http authentication method1 [method2...] no ip http authentication • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication.
ip https authentication Use the ip https authentication command in Global Configuration mode to specify authentication methods for https server users. To return to the default configuration, use the no form of this command. Syntax ip https authentication method1 [method2...] no ip https authentication • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication.
login authentication Use the login authentication command in Line Configuration mode to specify the login authentication method list for a line (console, telnet, or SSH). To return to the default specified by the authentication login command, use the no form of this command. Syntax login authentication {default|list-name} no login authentication • default — Uses the default list created with the aaa authentication login command.
password (Line Configuration) Use the password command in Line Configuration mode to specify a password on a line. To remove the password, use the no form of this command. Syntax password password [encrypted] no password • password — Password for this level. (Range: 8- 64 characters) • encrypted — Encrypted password to be entered, copied from another switch configuration. Default Configuration No password is specified.
Default Configuration There is no default configuration for this command. Command Mode User EXEC mode User Guidelines This command has no user guidelines. Example The following example shows the prompt sequence for executing the password command. console>password Enter old password:******** Enter new password:******** Confirm new password:******** show authentication methods Use the show authentication methods command in Privileged EXEC mode to display information about the authentication methods.
Example The following example displays the authentication configuration.
show users accounts Use the show users accounts command in Privileged EXEC mode to display information about the local user database. Syntax show users accounts [long] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays information about the local user database.
show users login-history Use the show users login-history command in Global Configuration mode to display information about the login history of users. Syntax show users login-history [long] • name — name of user. (Range: 1-20 characters) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example show user login history outputs.
username Use the username command in Global Configuration mode to add a new user to the local users database. To remove a user name use the no form of this command. Syntax username name password password [level level] [encrypted] no username name • name — The name of the user. (Range: 1-20 characters) • password — The authentication password for the user. (Range: 8-64 characters. This value can be 0 [zero] if the no passwords min-length command has been executed.) • level — The user level.
AAA Commands
4 ACL Commands This chapter explains the following commands: • access-list • deny | permit • ip access-group • no ip access-group • mac access-group • mac access-list extended • mac access-list extended rename • show ip access-lists • show mac access-list ACL Commands 209
access-list Use the access-list command in Global Configuration mode to create an Access Control List (ACL) that is identified by the parameter list-name.
• assign-queue queue-id — Specifies the particular hardware queue for handling traffic that matches the rule. (Range: 0-6) • mirror interface — Allows the traffic matching this rule to be copied to the specified interface. • redirect interface — This parameter allows the traffic matching this rule to be forwarded to the specified unit/port. Default Configuration This command has no default configuration.
Syntax {deny | permit} {srcmac srcmacmask | any} {dstmac dstmacmask | any | bpdu} [{ethertypekey | 0x0600-0xFFFF}] [vlan eq 0-4095] [cos 0-7] [secondary-vlan eq 0-4095] [secondary-cos 0-7] [log] [assign-queue queueid] [{mirror |redirect} interface] 212 • srcmac — Valid source MAC address in format xxxx.xxxx.xxxx. • srcmacmask — Valid MAC address bitmask for the source MAC address in format xxxx.xxxx.xxxx.
Default Configuration This command has no default configuration. Command Mode Mac-Access-List Configuration mode User Guidelines The no form of this command is not supported, as the rules within an ACL cannot be deleted individually. Rather the entire ACL must be deleted and respecified. The assign-queue and redirect parameters are only valid for permit commands. Example The following example configures a MAC ACL to deny traffic from MAC address 0806.c200.0000.
• seqnum — Precedence for this interface and direction. A lower sequence number has higher precedence. Range: 1 – 4294967295. Default is1. Default Configuration This command has no default configuration. Command Mode Global and Interface Configuration User Guidelines Global mode command configures the ACL on all the interfaces, whereas the interface mode command does so for the interface.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode or Interface Configuration (Ethernet, VLAN or Port Channel) mode User Guidelines An optional sequence number may be specified to indicate the order of this access-list relative to the other access-lists already assigned to this interface and direction. A lower number indicates higher precedence order.
mac access-list extended Use the mac access-list extended command in Global Configuration mode to create the MAC Access Control List (ACL) identified by the name parameter. Syntax mac access-list extended name no mac access-list extended name • name — Name of the access list. (Range: 1-31 characters) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Use this command to create a mac access control list.
mac access-list extended rename Use the mac access-list extended rename command in Global Configuration mode to rename the existing MAC Access Control List (ACL). Syntax mac access-list extended rename name newname • name — Existing name of the access list. (Range: 1-31 characters) • newname — New name of the access list. (Range: 1-31 characters) Default Configuration This command has no default configuration.
show ip access-lists Use the show ip access-lists command in Privileged EXEC mode to display access lists applied on interfaces and all rules that are defined for the access lists. Syntax show ip access-lists accesslistname • accesslistname — The name used to identify the ACL. The range is 1-31 characters. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
show mac access-list Use the show mac access-list command in Privileged EXEC mode to display a MAC access list and all of the rules that are defined for the ACL. Syntax show mac access-list name • name — Identifies a specific MAC access list to display. Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays a MAC access list and all associated rules.
ACL Commands
Address Table Commands 5 This chapter explains the following commands: • bridge address • bridge aging-time • bridge multicast address • bridge multicast filtering • bridge multicast forbidden address • bridge multicast forbidden forward-unregistered • bridge multicast forward-all • bridge multicast forward-unregistered • clear bridge • port security • port security max • show bridge address-table • show bridge address-table count • show bridge address-table static • show brid
bridge address Use the bridge address command in Interface Configuration mode to add a static MAC-layer station source address to the bridge table. To delete the MAC address, use the no form of the bridge address command (using the no form of the command without specifying a MAC address deletes all static MAC addresses belonging to this VLAN).
bridge aging-time Use the bridge aging-time command in Global Configuration mode to set the aging time of the address. To restore the default, use the no form of the bridge aging-time command. Syntax bridge aging-time seconds no bridge aging-time • seconds — Time is the number of seconds. (Range: 10–1000000 seconds) Default Configuration 300 seconds Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example In this example the bridge aging time is set to 400.
bridge multicast address {mac-multicast-address|ip-multicast-address} [add|remove] {ethernet interface-list|port-channel port-channel-numberlist} no bridge multicast address {mac-multicast-address|ip-multicast-address} • add — Adds ports to the group. If no option is specified, this is the default option. • remove — Removes ports from the group. • mac-multicast-address — MAC multicast address in the format xxxx.xxxx.xxxx. • ip- multicast-address — IP multicast address.
console(config)#interface vlan 8 console(config-if-vlan8)#bridge multicast address 0100.5e02.0203 add ethernet 1/g1-1/g9, 1/g2 bridge multicast filtering Use the bridge multicast filtering command in Global Configuration mode to enable filtering of Multicast addresses. To disable filtering of Multicast addresses, use the no form of the bridge multicast filtering command. Syntax bridge multicast filtering no bridge multicast filtering Default Configuration Disabled.
bridge multicast forbidden address Use the bridge multicast forbidden address command in Interface Configuration mode to forbid adding a specific Multicast address to specific ports. To return to the system default, use the no form of this command. If routers exist on the VLAN, do not change the unregistered multicast addresses state to drop on the routers ports.
Examples In this example the MAC address 01:00:5e:02:02:03 is forbidden on port 2/g9 within VLAN 8. console(config)#interface vlan 8 console(config-if-vlan8)#bridge multicast address 01:00:5e:02:02:03 console(config-if-vlan8)#bridge multicast forbidden address 01:00:5e:02:02:03 add ethernet 2/g9 bridge multicast forbidden forward-unregistered Use the bridge multicast forbidden forward-unregistered command in Interface Configuration mode to forbid Forwarding-unregistered-multicastaddresses.
bridge multicast forward-all Use the bridge multicast forward-all command in Interface Configuration mode to enable forwarding of all Multicast packets. To restore the default, use the no form of the bridge multicast forward-all command. Syntax bridge multicast forward-all no bridge multicast forward-all Default Configuration Forward-unregistered Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines.
Command Mode Interface Configuration (VLAN) mode User Guidelines If routers exist on the VLAN, do not change the unregistered multicast addresses state to drop on the routers ports. NOTE: Do not use the bridge multicast forbidden forward-unregistered command with the bridge multicast forward-unregistered command on the same interface. Example The following example displays how to enable forwarding of unregistered multicast addresses.
Example In this example, the bridge tables are cleared. console#clear bridge port security Use the port security command in Interface Configuration mode to disable the learning of new addresses on an interface. To enable new address learning, use the no form of the port security command. Syntax port security [discard] [trap seconds] no port security • discard — Discards frames with unlearned source addresses. This is the default if no option is indicated.
Example In this example, frame forwarding is enabled without learning, and with traps sent every 100 seconds on port g1. console(config)#interface ethernet 1/g1 console(config-if-1/g1)#port security forward trap 100 port security max Use the port security max command in Interface Configuration mode to configure the maximum addresses that can be learned on the port while the port is in port security mode. To return to the system default, use the no form of this command.
show bridge address-table Use the show bridge address-table command in Privileged EXEC mode to display all entries in the bridge-forwarding database. Syntax show bridge address-table [vlan vlan] [ethernet interface | port-channel port-channel-number] • vlan — Specific valid VLAN, such as VLAN 1. • interface — A valid Ethernet port. • port-channel-number — A valid port-channel number. Default Configuration This command has no default configuration.
show bridge address-table count Use the show bridge address-table count command in Privileged EXEC mode to display the number of addresses present in the Forwarding Database. Syntax show bridge address-table count [vlan vlan|ethernet interface-number|portchannel port-channel-number] • vlan — Specifies a valid VLAN, such as VLAN 1 • interface — Specifies a valid Ethernet port • port-channel-number — Specifies a valid port-channel-number Default Configuration This command has no default configuration.
show bridge address-table static Use the show bridge address-table static command in Privileged EXEC mode to display static entries in the bridge-forwarding database. Syntax show bridge address-table static [vlan vlan] [ethernet interface|port-channel port-channel-number] • vlan — Specific valid VLAN, such as VLAN 1. • interface — A valid Ethernet port. • port-channel-number — A valid port-channel number. Default Configuration This command has no default configuration.
show bridge multicast address-table Use the show bridge multicast address-table command in Privileged EXEC mode to display Multicast MAC address table information. Syntax show bridge multicast address-table [vlan vlan-id] [address mac-multicastaddress | ip-multicast-address] [format ip | mac] • vlan_id — A valid VLAN ID value. • mac-multicast-address — A valid MAC Multicast address. • ip- multicast-address — A valid IP Multicast address. • format — Multicast address format. Can be ip or mac.
Vlan MAC Address ---- ----------------------- 1 Ports --------------------------- 0100.5E05.0505 NOTE: A multicast MAC address maps to multiple IP addresses, as shown above. show bridge multicast filtering Use the show bridge multicast filtering command in Privileged EXEC mode to display the Multicast filtering configuration. Syntax show bridge multicast filtering vlan-id • vlan_id — A valid VLAN ID value. Default Configuration This command has no default configuration.
show ports security Use the show ports security command in Privileged EXEC mode to display the port-lock status. Syntax show ports security [ethernet interface | port-channel port-channel-number] • interface — A valid Ethernet port. • port-channel-number — A valid port-channel number. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
The following table describes the fields in this example. Field Description Port The port number. Status The status can be one of the following: Locked or Unlocked. Actions Action on violations. Maximum The maximum addresses that can be associated on this port in Static Learning mode or in Dynamic Learning mode. Trap Indicates if traps would be sent in case of violation. Frequency The minimum time between consecutive traps.
Examples The following example displays dynamic addresses for port channel number 1/g1.
Address Table Commands
CDP Interoperability Commands 6 This chapter explains the following commands: • clear isdp counters • clear isdp table • isdp advertise-v2 • isdp enable • isdp holdtime • isdp timer • show isdp • show isdp entry • show isdp interface • show isdp neighbors • show isdp traffic CDP Interoperability Commands 241
clear isdp counters The clear isdp counters command clears the ISDP counters. Syntax clear isdp counters Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#clear isdp counters clear isdp table The clear isdp table command clears entries in the ISDP table. Syntax clear isdp table Default Configuration There is no default configuration for this command.
Example console#clear isdp table isdp advertise-v2 The isdp advertise-v2 command enables the sending of ISDP version 2 packets from the device. Use the “no” form of this command to disable sending ISDP version 2 packets. Syntax isdp advertise-v2 no isdp advertise-v2 Default Configuration ISDP sends version 2 packets by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Default Configuration ISDP is enabled. Command Mode Global Configuration mode. Interface (Ethernet) configuration mode. User Guidelines There are no user guidelines for this command. Example The following example enables isdp on interface 1/g1. console(config)#interface ethernet 1/g1 console(config-if-1/g1)#isdp enable isdp holdtime The isdp holdtime command configures the hold time for ISDP packets that the switch transmits.
User Guidelines There are no user guidelines for this command. Example The following example sets isdp holdtime to 40 seconds. console(config)#isdp holdtime 40 isdp timer The isdp timer command sets period of time between sending new ISDP packets. The range is given in seconds. Use the “no” form of this command to reset the timer to the default. Syntax isdp timer time no isdp timer • time —The time in seconds (range: 5–254 seconds). Default Configuration The default timer is 30 seconds.
show isdp The show isdp command displays global ISDP settings. Syntax show isdp • hostname—The application will check to see if the Hostname configured on the switch is different from the default. If true, it uses the Hostname as the device ID. Otherwise, it uses the serial number as the device ID. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show isdp Timer....
(Switching) #hostname Dell-PC6248 (Dell-PC6248) #show isdp Timer............................... 30 Hold Time......................... 180 Version 2 Advertisements.......... Enabled Neighbors table last time changed. 0 days 00:12:46 Device ID......................... Dell-PC6248 Device ID format capability....... hostname Device ID format.................. hostname show isdp entry The show isdp entry command displays ISDP entries. If a device id specified, then only the entry about that device is displayed.
Example console#show isdp entry Switch Device ID Switch Address(es): IP Address: 172.20.1.18 IP Address: 172.20.1.18 Capability Router IGMP Platform cisco WS-C4948 Interface 1/g1 Port ID GigabitEthernet1/1 Holdtime 64 Advertisement Version 2 Entry last changed time 0 days 00:13:50 Version : Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000 I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.
show isdp interface The show isdp interface command displays ISDP settings for the specified interface. Syntax show isdp interface {all | ethernet interface} • all —Show ISDP settings for all interfaces. • interface —Specifies a valid interface. The full syntax is unit/port. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
1/g8 Enabled 1/g9 Enabled 1/g10 Enabled 1/g11 Enabled 1/g12 Enabled 1/g13 Enabled 1/g14 Enabled 1/g15 Enabled 1/g16 Enabled 1/g17 Enabled 1/g18 Enabled 1/g19 Enabled 1/g20 Enabled 1/g21 Enabled 1/g22 Enabled 1/g23 Enabled 1/g24 Enabled console#show isdp interface ethernet 1/g1 Interface Mode --------------- ---------- 1/g1 Enabled 250 CDP Interoperability Commands
show isdp neighbors The show isdp neighbors command displays the list of neighboring devices. Syntax show isdp neighbors {ethernet interface | detail} • interface — Specifies a valid interface. The full syntax is unit/port. • detail — Show detailed information about the neighbors. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
console#show isdp neighbors detail Device ID Switch Address(es): IP Address: 172.20.1.18 IP Address: 172.20.1.18 Capability Router IGMP Platform cisco WS-C4948 Interface 1/g1 Port ID GigabitEthernet1/1 Holdtime 162 Advertisement Version 2 Entry last changed time 0 days 00:55:20 Version : Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show isdp traffic ISDP Packets Received.......................... 4253 ISDP Packets Transmitted....................... 127 ISDPv1 Packets Received........................ 0 ISDPv1 Packets Transmitted..................... 0 ISDPv2 Packets Received........................ 4253 ISDPv2 Packets Transmitted..................... 4351 ISDP Bad Header................................
CDP Interoperability Commands
DHCP Layer 2 Relay Commands 7 This chapter explains the following commands: • dhcp l2relay (Global Configuration) (Global Configuration) • dhcp l2relay (Interface Configuration) (Interface Configuration) • dhcp l2relay circuit-id • dhcp l2relay remote-id • dhcp l2relay trust • dhcp l2relay vlan DHCP Layer 2 Relay Commands 255
dhcp l2relay (Global Configuration) Use the dhcp l2relay command to enable layer 2 DHCP relay functionality. The subsequent commands mentioned in this section can only be used when the L2-DHCP relay is enabled. Use the "no" form of this command to disable L2-DHCP relay. Syntax dhcp l2relay no dhcp l2relay Default Configuration DHCP L2 Relay is disabled by default. Command Mode Global Configuration. User Guidelines There are no user guidelines for this command.
Command Mode Interface Configuration (Ethernet). User Guidelines There are no user guidelines for this command. Example console(config-if-1/g1)#dhcp l2relay dhcp l2relay circuit-id Use the dhcp l2relay circuit-id command to enable setting the DHCP Option 82 Circuit ID for a VLAN. When enabled, the interface number is added as the Circuit ID in DHCP option 82. Use the "no" form of this command to disable setting the DHCP Option 82 Circuit ID.
dhcp l2relay remote-id Use the dhcp l2relay remote-id command to enable setting the DHCP Option 82 Remote ID for a VLAN. When enabled, the supplied string is used for the Remote ID in DHCP Option 82. Use the "no" form of this command to disable setting the DHCP Option 82 Remote ID. Syntax dhcp l2relay remote-id remoteId vlan vlan-range no dhcp l2relay remote-id remoteId vlan vlan-range • remoteId —The string to be used as the remote ID in the Option 82 (Range: 1 - 128 characters).
dhcp l2relay trust Use the dhcp l2relay trust command to configure an interface to mandate Option-82 on receiving DHCP packets. Syntax dhcp l2relay trust no dhcp l2relay trust Default Configuration DHCP Option 82 is discarded by default. Configuration Mode Interface Configuration (Ethernet). User Guidelines There are no user guidelines for this command.
Default Configuration DHCP L2 Relay is disabled on all VLANs by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
DHCP Snooping Commands 8 This chapter explains the following commands: • clear ip dhcp snooping statistics • ip dhcp snooping • ip dhcp snooping binding • ip dhcp snooping database • ip dhcp snooping database write-delay • ip dhcp snooping limit • ip dhcp snooping log-invalid • ip dhcp snooping trust • ip dhcp snooping verify mac-address • show ip dhcp snooping • show ip dhcp snooping binding • show ip dhcp snooping database • show ip dhcp snooping interfaces • show ip dhcp snoo
clear ip dhcp snooping statistics Use the clear ip dhcp snooping statistics command to clear all DHCP Snooping statistics. Syntax clear ip dhcp snooping statistics Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC User Guidelines There are no user guidelines for this command. Example console#clear ip dhcp snooping statistics ip dhcp snooping Use the ip dhcp snooping command to enable DHCP snooping globally or on a specific VLAN.
Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping console(config-if-vlan1,2,3)#ip dhcp snooping ip dhcp snooping binding Use the ip dhcp snooping binding command to configure a static DHCP Snooping binding. Use the “no” form of this command to remove a static binding.
User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping binding 00:00:00:00:00:01 vlan 10 10.131.12.134 interface 1/g1 ip dhcp snooping database Use the ip dhcp snooping database command to configure the persistent storage location of the DHCP snooping database. This can be local to the switch or on a remote machine. Syntax ip dhcp snooping database {local | tftp://hostIP/filename} • hostIP — The IP address of the remote host.
The following example configures the storage location of the snooping database as remote. console(config)#ip dhcp snooping database tftp://10.131.11.1/db.txt ip dhcp snooping database write-delay Use the ip dhcp snooping database write-delay command to configure the interval in seconds at which the DHCP Snooping database will be stored in persistent storage. Use the “no” form of this command to reset the write delay to the default.
ip dhcp snooping limit Use the ip dhcp snooping limit command to control the maximum rate of DHCP messages. Use the “no” form of this command to reset the limit to the default. Syntax ip dhcp snooping limit {none | rate pps [burst interval seconds]} no ip dhcp snooping limit • pps —The maximum number of packets per second allowed (Range: 0–300 pps). • seconds — The time allowed for a burst (Range: 1–15 seconds). Default Configuration The default maximum rate is 15 packets per second (pps).
ip dhcp snooping log-invalid Use the ip dhcp snooping log-invalid command to enable logging of DHCP messages filtered by the DHCP Snooping application. Use the “no” form of this command to disable logging. Syntax ip dhcp snooping log-invalid no ip dhcp snooping log-invalid Default Configuration Logging of filtered messages is disabled by default. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command.
Default Configuration Ports are untrusted by default. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example console(config-if-1/g1)#ip dhcp snooping trust console(config-if-1/g1)#no ip dhcp snooping trust ip dhcp snooping verify mac-address Use the ip dhcp snooping verify mac-address command to enable the verification of the source MAC address with the client MAC address in the received DHCP message.
Example console(config)#ip dhcp snooping verify mac-address show ip dhcp snooping Use the show ip dhcp snooping command to display the DHCP snooping global and per port configuration. Syntax show ip dhcp snooping Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
1/g2 No Yes 1/g3 No Yes 1/g4 No No 1/g6 No No show ip dhcp snooping binding Use the show ip dhcp snooping binding command to display the DHCP snooping binding entries. Syntax show ip dhcp snooping binding [{static | dynamic}] [interface port] [vlan vlan-id] • static | dynamic—Use these keywords to filter by static or dynamic bindings. • port — The interface for which to show bindings. Format is unit/port. • vlan-id — The number of the VLAN for which to show bindings.
MAC Address IP Address VLAN Interface Lease time(Secs) ------------------ ------------ ---- --------- ------------- 00:02:B3:06:60:80 210.1.1.3 10 1/g1 86400 00:0F:FE:00:13:04 210.1.1.4 10 1/g1 86400 show ip dhcp snooping database Use the show ip dhcp snooping database command to display the DHCP snooping configuration related to the database persistence. Syntax show ip dhcp snooping database Default Configuration There is no default configuration for this command.
show ip dhcp snooping interfaces Use the show ip dhcp snooping interfaces command to show the DHCP Snooping status of the interfaces. Syntax show ip dhcp snooping interfaces interface • interface—A valid physical interface. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC User Guidelines There are no user guidelines for this command.
console#show ip dhcp snooping interfaces ethernet 1/g15 Interface Trust State Rate Limit (pps) Burst Interval (seconds) ---------- ------------- ------------- --------------- 1/g15 Yes 15 1 show ip dhcp snooping statistics Use the show ip dhcp snooping statistics command to display the DHCP snooping filtration statistics. Syntax show ip dhcp snooping statistics Default Configuration There is no default configuration for this command.
Example console#show ip dhcp snooping statistics Interface MAC Verify Client Ifc Failures Mismatch ---------- ---------- ----------- 1/g2 0 0 0 1/g3 0 0 0 1/g4 0 0 0 1/g5 0 0 0 1/g6 0 0 0 1/g7 0 0 0 1/g8 0 0 0 1/g9 0 0 0 1/g10 0 0 0 1/g11 0 0 0 1/g12 0 0 0 1/g13 0 0 0 1/g14 0 0 0 1/g15 0 0 0 1/g16 0 0 0 1/g17 0 0 0 1/g18 0 0 0 1/g19 0 0 0 1/g20 0 0 0 ----------- 274 DHCP Snooping Commands DHCP Server Msgs Rec'd
Dynamic ARP Inspection Commands 9 This chapter explains the following commands: • arp access-list • clear counters ip arp inspection • ip arp inspection filter • ip arp inspection limit • ip arp inspection trust • ip arp inspection validate • ip arp inspection vlan • permit ip host mac host • show arp access-list • show ip arp inspection ethernet • show ip arp inspection statistics • show ip arp inspection vlan Dynamic ARP Inspection Commands 275
arp access-list Use the arp access-list command to create an ARP ACL. It will place the user in ARP ACL Configuration mode. Use the “no” form of this command to delete an ARP ACL. Syntax arp access-list acl-name no arp access-list acl-name • acl-name — A valid ARP ACL name (Range: 1–31 characters). Default Configuration There are no ARP ACLs created by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#clear counters ip arp inspection ip arp inspection filter Use the ip arp inspection filter command to configure the ARP ACL to be used for a single VLAN or a range of VLANs to filter invalid ARP packets. If the static keyword is given, packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings.
Example console(config)#ip arp inspection filter tier1 vlan 210 static console(config)#ip arp inspection filter tier1 vlan 20-30 ip arp inspection limit Use the ip arp inspection limit command to configure the rate limit and burst interval values for an interface. Configuring ‘none’ for the limit means the interface is not rate limited for Dynamic ARP Inspection. NOTE: The maximum pps value shown in the range for the rate option might be more than the hardware allowable limit.
Example console(config-if-1/g1)#ip arp inspection limit none console(config-if-1/g1)#ip arp inspection limit rate 100 burst interval 2 ip arp inspection trust The ip arp inspection trust command configures an interface as trusted for Dynamic ARP Inspection. Use the “no” form of this command to configure an interface as untrusted. Syntax ip arp inspection trust no ip arp inspection trust Default Configuration Interfaces are configured as untrusted by default.
ip arp inspection validate Use the ip arp inspection validate command to enable additional validation checks like source MAC address validation, destination MAC address validation or IP address validation on the received ARP packets. Each command overrides the configuration of the previous command.
ip arp inspection vlan Use the ip arp inspection vlan command to enable Dynamic ARP Inspection on a single VLAN or a range of VLANs. Use the “no” form of this command to disable Dynamic ARP Inspection on a single VLAN or a range of VLANs. Syntax ip arp inspection vlan vlan-range [logging] no ip arp inspection vlan vlan-range [logging] • vlan-range — A valid range of VLAN IDs. • logging — Use this parameter to enable logging of invalid packets.
permit ip host mac host Use the permit ip host mac host command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation. Use the “no” form of this command to delete an ARP ACL rule. Syntax permit ip host sender-ip max host sender-mac no permit ip host sender-ip max host sender-mac • sender-ip — Valid IP address used by a host. • sender-mac —Valid MAC address in combination with the above sender-ip used by a host.
Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC User Guidelines There are no user guidelines for this command. Example console#show arp access-list ARP access list H2 permit ip host 1.1.1.1 mac host 00:01:02:03:04:05 permit ip host 1.1.1.2 mac host 00:03:04:05:06:07 ARP access list H3 ARP access list H4 permit ip host 2.1.1.
Command Mode Privileged EXEC User Guidelines The following fields are displayed for each interface: Interface The interface-id for each displayed row. Trust State Whether interface is trusted or untrusted for DAI. Rate Limit The configured rate limit value in packets per second. Burst Interval The configured burst interval value in seconds.
show ip arp inspection statistics Use the show ip arp inspection statistics command to display the statistics of the ARP packets processed by Dynamic ARP Inspection. Given vlan-range argument, it displays the statistics on all DAI enabled Vlans in that range. In the case of no argument, it lists the summary of the forwarded and dropped ARP packets. Syntax show ip arp inspection statistics [vlan vlan-range] • vlan-range —A valid VLAN range.
Bad Dest MAC The number of packets dropped due to Destination MAC validation failure. Invalid IP The number of packets dropped due to invalid IP checks.
show ip arp inspection vlan Use the show ip arp inspection vlan command to display the Dynamic ARP Inspection configuration on all the VLANs in the given VLAN range. It also displays the global configuration values for source MAC validation, destination MAC validation and invalid IP validation. Syntax show ip arp inspection vlan [vlan-range] vlan-range — A valid VLAN range. Default Configuration There is no default configuration for this command.
Example console#show ip arp inspection vlan 10-12 Source Mac Validation : Disabled Destination Mac Validation : Disabled IP Address Validation Vlan Static flag : Disabled Configuration ----------------- ---------10 Enabled 288 Enabled Log Invalid ----------Enabled 11 Disabled Enabled 12 Enabled Disabled Dynamic ARP Inspection Commands ACL Name ------H2
10 Ethernet Configuration Commands This chapter explains the following commands: • clear counters • description • duplex • flowcontrol • interface ethernet • interface range ethernet • mtu • negotiation • show interfaces advertise • show interfaces configuration • show interfaces counters • show interfaces description • show interfaces detail • show interfaces status • show statistics ethernet • show storm-control • shutdown • speed • storm-control broadcast • storm-c
clear counters Use the clear counters command in Privileged EXEC mode to clear statistics on an interface. Syntax clear counters [ethernet interface | port-channel port-channel-number] • interface — Valid Ethernet port. The full syntax is: unit/port • port-channel-number — Valid port-channel index. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
Default Configuration By default, the interface does not have a description. Command Mode Interface Configuration (Ethernet, Port-Channel) mode User Guidelines This command has no user guidelines. Example The following example adds a description to the Ethernet port 5.
User Guidelines This command has no user guidelines. Example The following example configures the duplex operation of Ethernet port 5 to force full duplex operation. console(config)# interface ethernet 1/g5 console(config-if-1/g5)# duplex full flowcontrol Use the flowcontrol command in Global Configuration mode to configure the flow control. To disable flow control, use the no form of this command. Syntax flowcontrol no flowcontrol Default Configuration Flow Control is disabled.
interface ethernet Use the interface ethernet command in Global Configuration mode to enter the interface configuration mode to configure an Ethernet type interface. Syntax interface ethernet interface • interface — Valid Ethernet port. The full syntax is unit/port. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables port 5/g18 for configuration.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Commands under the interface range context are executed independently on each active interface in the range. If the command returns an error on one of the active interfaces, it does not stop executing commands on other active interfaces. Example The following example shows how ports 5/g18 to 5/g20 and ports 3/g1 to g24 are grouped to receive the same command.
Command Mode Interface Configuration (Ethernet) mode User Guidelines The value set allows an additional four bytes for the VLAN tag. Example The following example of the mtu command increases maximum packet size to 9216 bytes. console(config-if-1/g5)#mtu 9216 negotiation Use the negotiation command in Interface Configuration mode to enable auto-negotiation operation for the speed and duplex parameters of a given interface. To disable negotiation, use the no form of this command.
Example The following example enables auto negotiations on gigabit Ethernet port 5 of unit 1. console(config)#interface ethernet 1/g5 console(config-if-1/g5)#negotiation show interfaces advertise Use the show interfaces advertise command in Privileged EXEC mode to display information about auto-negotiation advertisement. Syntax show interfaces advertise [ethernet interface] interface — A valid Ethernet port. • Default Configuration This command has no default configuration.
console# show interfaces advertise ethernet 1/g1 Port: Ethernet 1/g1 Type: 1G-Copper Link state: Up Auto negotiation: enabled 10h 10f 100h 100f 1000f Admin Local Link ------ ------ ------ ------ -----Advertisement yes yes yes yes no show interfaces configuration Use the show interfaces configuration command in User EXEC mode to display the configuration for all configured interfaces.
Example The following example displays the configuration for all configured interfaces: console>show interfaces configuration Port Type Duplex Speed Neg Admin ----- ------------------------------ ------ ------- ---- ----- 1/g1 Gigabit - Level Full 100 Auto Up 1/g2 Gigabit - Level N/A Unknown Auto Up 1/g3 Gigabit - Level N/A Unknown Auto Up 1/g4 Gigabit - Level N/A Unknown Auto Up 1/g5 Gigabit - Level N/A Unknown Auto Up 1/g6 Gigabit - Level N/A Unknown Auto Up
The displayed port configuration information includes the following: Field Description Port The port number. Port Type The port designated IEEE shorthand identifier. For example 1000Base-T refers to 1000 Mbps baseband signaling including both Tx and Rx transmissions. Duplex Displays the port Duplex status. Speed Refers to the port speed. Neg Describes the Auto-negotiation status. Admin State Displays whether the port is enabled or disabled.
console>show interfaces counters Port InOctets InUcastPkts ---- ---------- --------- 1/g1 183892 1289 3/g1 123899 1788 Port OutOctets OutUcastPkts ---- ---------- --------- 1/g1 9188 9 2/g1 0 0 3/g1 8789 27 Ch InOctets InUcastPkts ---- ---------- --------- 1 27889 928 Ch OutOctets OutUcastPkts ---- ---------- --------- 1 23739 882 The following example displays counters for Ethernet port 1/g1.
Port OutOctets OutUcastPkts ---- ---------- --------- 1/g1 9188 9 Alignment Errors: 17 FCS Errors: 8 Single Collision Frames: 0 Multiple Collision Frames: 0 Deferred Transmissions: 0 Late Collisions: 0 Excessive Collisions: 0 Oversize Packets: 0 Internal MAC Rx Errors: 0 Received Pause Frames: 0 Transmitted Pause Frames: 0 The following table describes the fields shown in the display: Field Description InOctets Counted received octets. InUcastPkts Counted received Unicast packets.
Field Description Alignment Errors A count of frames received that are not an integral number of octets in length and do not pass the FCS check. FCS Errors Counted frames received that are an integral number of octets in length but do not pass the FCS check. Single Collision Frames Counted frames that are involved in a single collision, and are subsequently transmitted successfully.
Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the description for the interface 1/g1.
• interface — A valid Ethernet port. • port-channel-number — A valid port-channel trunk index. Default Configuration There is no default configuration for this command. Command Mode User EXEC mode User Guidelines The command will be show interfaces detail {ethernet interface | portchannel port-channel-number} where • interface—A valid Ethernet port. port-channel-number—A valid port-channel trunk index.
Port Description ---- ------------------------------------------- 1/xg1 ExampleName VLAN Info: --------VLAN Membership mode: General Operating parameters: PVID: 1 (default) Ingress Filtering: Enabled Acceptable Frame Type: All GVRP status: Enabled Protected: Enabled Port 1/xg1 is member in: VLAN Name Egress rule Type ---- --------- ----------- ----1 default untagged System 8 VLAN008 tagged Dynamic 11 VLAN0011 tagged Static 19 IPv6 VLAN untagged Static 72 VLAN0072 Static untagged
Acceptable Frame Type: All Port 1/xg1 is statically configured to: VLAN Name Egress rule ---- --------- ----------1 default untagged 11 VLAN0011 tagged 19 IPv6 VLAN untagged 72 VLAN0072 untagged Forbidden VLANS: VLAN Name ---- --------73 Out Spanning Tree Info -----------------Port 1 (1/xg1) enabled State: Forwarding Role: Root Port id: 128.1 Port cost: 20000 Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:01:42:97:e0:00 Designated port id: 128.
show interfaces status Use the show interfaces status command in User EXEC mode to display the status for all configured interfaces. Syntax show interfaces status [ethernet interface | port-channel port-channelnumber] • interface — A valid Ethernet port. • port-channel-number — A valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines This command has no user guidelines.
1/g9 Gigabit - Level N/A Unknown Auto Down Inactive 1/g10 Gigabit - Level N/A Unknown Auto Down Inactive 1/g11 Gigabit - Level N/A Unknown Auto Down Inactive 1/g12 Gigabit - Level N/A Unknown Auto Down Inactive 1/g13 Gigabit - Level N/A Unknown Auto Down Inactive 1/g14 Gigabit - Level N/A Unknown Auto Down Inactive 1/g15 Gigabit - Level N/A Unknown Auto Down Inactive 1/g16 Gigabit - Level N/A Unknown Auto Down Inactive 1/g17 Gigabit - Level N/A Unknown Aut
ch9 Link Aggregate Down --More-- or (q)uit ch10 Link Aggregate Down ch11 Link Aggregate Down ch12 Link Aggregate Down ch13 Link Aggregate Down ch14 Link Aggregate Down ch15 Link Aggregate Down ch16 Link Aggregate Down ch17 Link Aggregate Down ch18 Link Aggregate Down ch19 Link Aggregate Down ch20 Link Aggregate Down ch21 Link Aggregate Down ch22 Link Aggregate Down ch23 Link Aggregate Down ch24 Link Aggregate Down ch25 Link Aggregate Down ch26 Link Aggregate Down ch27 Li
ch40 Link Aggregate Down ch41 Link Aggregate Down ch42 Link Aggregate Down ch43 Link Aggregate Down ch44 Link Aggregate Down ch45 Link Aggregate Down ch46 Link Aggregate Down ch47 Link Aggregate Down ch48 Link Aggregate Down Flow Control:Disabled console# The displayed port status information includes the following: Field Description Port The port number. Type The port designated IEEE shorthand identifier.
• port-type — Values are g for gigabit Ethernet port, or xg for 10 gigabit Ethernet port. • port — port number. Values are 1-24 or 1-48 for port_type g, and 1-4 for port_type xg. Example: xg2 is the 10 gigabit Ethernet port 2. • switchport — Displays statistics for the entire switch. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines.
Packets RX and TX 512-1023 Octets.............. 4982 Packets RX and TX 1024-1518 Octets............. 479845 Packets RX and TX 1519-1522 Octets............. 0 Packets RX and TX 1523-2047 Octets............. 0 Packets RX and TX 2048-4095 Octets............. 0 Packets RX and TX 4096-9216 Octets............. 0 Total Packets Received Without Errors.......... 1280498 Unicast Packets Received....................... 1155457 Multicast Packets Received.....................
Packets Transmitted 128-255 Octets............. 245 --More-- or (q)uit Packets Transmitted 256-511 Octets............. 25 Packets Transmitted 512-1023 Octets............ 158 Packets Transmitted 1024-1518 Octets........... 302 Max Frame Size................................. 1518 Total Packets Transmitted Successfully......... 47182 Unicast Packets Transmitted.................... 2746 Multicast Packets Transmitted.................. 44432 Broadcast Packets Transmitted.................. 4 Total Transmit Errors.
console#show statistics ethernet switchport Total Packets Received (Octets)................ 16877295 Unicast Packets Received....................... 1608 Multicast Packets Received..................... 48339 Broadcast Packets Received..................... 69535 Receive Packets Discarded...................... 0 Octets Transmitted............................. 6451988 Packets Transmitted Without Errors............. 91652 Unicast Packets Transmitted.................... 2746 Multicast Packets Transmitted.......
Syntax show storm-control [all |interface] • interface — Valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Examples The following example shows storm control configurations for all valid Ethernet ports. The second example shows flow control mode status.
shutdown Use the shutdown command in Interface Configuration mode to disable an interface. To restart a disabled interface, use the no form of this command. Syntax shutdown no shutdown Default Configuration The interface is enabled. Command Mode Interface Configuration (Ethernet, Port-Channel, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Examples The following example disables Ethernet port 1/g5.
no speed • 10 — Configures the port to 10 Mbps operation. • 100 — Configures the port to 100 Mbps operation. Default Configuration This command has no default setting. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example configures the speed operation of Ethernet port 1/g5 to force 100-Mbps operation.
Default Configuration The default value is 5. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example console(config-if-1/g1)#storm-control broadcast level 5 storm-control multicast Use the storm-control multicast command in Interface Configuration mode to enable multicast storm recovery mode for an interface.
Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example console(config-if-1/g1)#storm-control multicast level 5 storm-control unicast Use the storm-control unicast command in Interface Configuration mode to enable unknown unicast storm control for an interface.
User Guidelines This command has no user guidelines.
GVRP Commands 11 This chapter explains the following commands: • clear gvrp statistics • garp timer • gvrp enable (global) • gvrp enable (interface) • gvrp registration-forbid • gvrp vlan-creation-forbid • show gvrp configuration • show gvrp error-statistics • show gvrp statistics GVRP Commands 321
clear gvrp statistics Use the clear gvrp statistics command in Privileged EXEC mode to clear all the GVRP statistics information. Syntax clear gvrp statistics [ethernet interface | port-channel port-channel-number] • interface — A valid Ethernet interface. • port-channel-number — A valid port-channel index. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
• leave — Indicates the time in centiseconds that the device waits before leaving its GARP state. • leaveall — Used to confirm the port within the VLAN. The time is the interval between messages sent, measured in centiseconds. • timer_value — Timer values in centiseconds. The range is 10-100 for join, 20-600 for leave, and 200-6000 for leaveall.
gvrp enable (global) Use the gvrp enable (global) command in Global Configuration mode to enable GVRP globally on the switch. To disable GVRP globally on the switch, use the no form of this command. Syntax gvrp enable no gvrp enable Default Configuration GVRP is globally disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables GVRP on the device.
Command Mode Interface Configuration (Ethernet, Port-Channel) mode User Guidelines An Access port cannot join dynamically to a VLAN because it is always a member of only one VLAN. Membership in untagged VLAN would be propagated in a same way as a tagged VLAN. In such cases it is the administrator’s responsibility to set the PVID to be the untagged VLAN VID. Example The following example enables GVRP on ethernet 1/g8.
User Guidelines This command has no user guidelines. Example The following example shows how default dynamic registering and deregistering is forbidden for each VLAN on port 1/g8. console(config)#interface ethernet 1/g8 console(config-if-1/g8)#gvrp registration-forbid gvrp vlan-creation-forbid Use the gvrp vlan-creation-forbid command in Interface Configuration mode to disable dynamic VLAN creation. To disable dynamic VLAN creation, use the no form of this command.
show gvrp configuration Use the show gvrp configuration command in Privileged EXEC mode to display GVRP configuration information. Timer values are displayed. Other data shows whether GVRP is enabled and which ports are running GVRP. Syntax show gvrp configuration [ethernet interface | port-channel port-channel- number] • interface — A valid Ethernet interface. • port-channel-number — A valid port-channel index. Default Configuration This command has no default configuration.
1/g2 20 60 1000 Disabled 1/g3 20 60 1000 Disabled 1/g4 20 60 1000 Disabled 1/g5 20 60 1000 Disabled 1/g6 20 60 1000 Disabled 1/g7 20 60 1000 Disabled 1/g8 20 60 1000 Disabled 1/g9 20 60 1000 Disabled 1/g10 20 60 1000 Disabled 1/g11 20 60 1000 Disabled 1/g12 20 60 1000 Disabled 1/g13 20 60 1000 Disabled 1/g14 20 60 1000 Disabled show gvrp error-statistics Use the show gvrp error-statistics command in User EXEC mode to display GVRP error statist
User Guidelines This command has no user guidelines. Example The following example displays GVRP error statistics information.
show gvrp statistics Use the show gvrp statistics command in User EXEC mode to display GVRP statistics. Syntax show gvrp statistics [ethernet interface | port-channel port-channel-number] • interface — A valid Ethernet interface. • port-channel-number — A valid port channel index. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines This command has no user guidelines. Example This example shows output of the show gvrp statistics command.
Port rJE rJIn rEmp rLIn rLE rLA sJE sJIn sEmp sLIn sLE sLA ---- --- ---- ---- ---- --- --- --- --- --- ---- ---- --- 1/g1 0 0 0 0 0 0 0 0 0 0 0 0 1/g2 0 0 0 0 0 0 0 0 0 0 0 0 1/g3 0 0 0 0 0 0 0 0 0 0 0 0 1/g4 0 0 0 0 0 0 0 0 0 0 0 0 1/g5 0 0 0 0 0 0 0 0 0 0 0 0 1/g6 0 0 0 0 0 0 0 0 0 0 0 0 1/g7 0 0 0 0 0 0 0 0 0 0 0 0 1/g8 0 0 0 0 0 0 0 0 0 0 0 0 GVRP Commands 331
GVRP Commands
IGMP Snooping Commands 12 This chapter explains the following commands: • ip igmp snooping (global) • ip igmp snooping (interface) • ip igmp snooping host-time-out • ip igmp snooping leave-time-out • ip igmp snooping mrouter-time-out • show ip igmp snooping groups • show ip igmp snooping interface • show ip igmp snooping mrouter • ip igmp snooping (VLAN) • ip igmp snooping fast-leave • ip igmp snooping groupmembership-interval • ip igmp snooping maxresponse • ip igmp snooping mcrt
ip igmp snooping (global) Use the ip igmp snooping command in Global Configuration mode to globally enable Internet Group Management Protocol (IGMP) snooping. Use the no form of this command to disable IGMP snooping globally. Syntax ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled. Command Mode Global Configuration mode User Guidelines IGMP snooping is enabled on static VLANs only and is not enabled on Private VLANs or their community VLANs.
Default Configuration IGMP snooping is disabled. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines IGMP snooping can be enabled on Ethernet interfaces. Example The following example enables IGMP snooping. console(config-if-1/g1)#ip igmp snooping ip igmp snooping host-time-out Use the ip igmp snooping host-time-out command in Interface Configuration mode to configure the host-time-out.
User Guidelines The timeout should be more than sum of response time and twice the query interval. Example The following example configures the host timeout to 300 seconds. console(config-if-1/g1)#ip igmp snooping host-timeout 300 ip igmp snooping leave-time-out Use the ip igmp snooping leave-time-out command in Interface Configuration mode to configure the leave-time-out.
User Guidelines The leave timeout should be set greater than the maximum time that a host is allowed to respond to an IGMP Query. Use immediate leave only where there is only one host connected to a port. Example The following example configures the host leave-time-out to 60 seconds. console(config-if-1/g1)#ip igmp snooping leave-timeout 60 ip igmp snooping mrouter-time-out Use the ip igmp snooping mrouter-time-out command in Interface Configuration mode to configure the mrouter-time-out.
Example The following example configures the mrouter timeout to 200 seconds. console(config-if-1/g1)#ip igmp snooping mroutertime-out 200 show ip igmp snooping groups Use the show ip igmp snooping groups command in User EXEC mode to display the Multicast groups learned by IGMP snooping. Syntax show ip igmp snooping groups [vlan vlan-id] [address ip-multicast-address] • vlan_id — Specifies a VLAN ID value. • ip-multicast-address — Specifies an IP Multicast address.
IGMP Reporters that are forbidden statically: --------------------------------------------Vlan IP Address ---- ------------------ 1 224-239.130|2.2.3 Ports ------------------1/g19 show ip igmp snooping interface Use the show ip igmp snooping interface command in Privileged EXEC mode to display the IGMP snooping configuration. Syntax show ip igmp snooping interface interface {ethernet interface | port-channel port-channel-number} • interface — Valid Ethernet port. The full syntax is unit/port.
Fast Leave Mode........................... Disabled Group Membership Interval................. 260 Max Response Time......................... 10 Multicast Router Present Expiration Time.. 300 show ip igmp snooping mrouter Use the show ip igmp snooping mrouter command in Privileged EXEC mode to display information on dynamically learned Multicast router interfaces. Syntax show ip igmp snooping mrouter Default Configuration This command has no default configuration.
ip igmp snooping (VLAN) Use the ip igmp snooping command in VLAN Configuration mode to enable IGMP snooping on a particular interface or on all interfaces participating in a VLAN. To disable IGMP snooping use the no form of this command. Syntax ip igmp snooping vlan-id no ip igmp snooping Default Configuration IGMP snooping is disabled on VLAN interfaces by default. Command Mode VLAN Configuration mode User Guidelines This command has no user guidelines.
Syntax ip igmp snooping fast-leave vlan-id no ip igmp snooping fast-leave • vlan id — Number assigned to the VLAN. Default Configuration IGMP snooping fast-leave mode is disabled on VLANs by default. Command Mode VLAN Configuration mode User Guidelines This command has no user guidelines. Example The following example enables IGMP snooping fast-leave mode on VLAN 2.
Default Configuration The default group membership interval time is 260 seconds. Command Mode VLAN Configuration mode User Guidelines This command has no user guidelines. Example The following example configures an IGMP snooping group membership interval of 520 seconds. console(config-vlan)#ip igmp snooping groupmembership-interval 2 520 ip igmp snooping maxresponse This command sets the IGMP Maximum Response time on a particular VLAN.
Command Mode VLAN Configuration mode User Guidelines When using IGMP Snooping Querier, this parameter should be less than the value for the IGMP Snooping Querier query interval. Example The following example sets the maximum response time to 60 seconds on VLAN 2. console(config-vlan)#ip igmp snooping maxresponse 2 60 ip igmp snooping mcrtrexpiretime This command sets the Multicast Router Present Expiration time. The time is set on a particular VLAN.
User Guidelines This command has no user guidelines. Example The following example sets the multicast router present expiration time on VLAN 2 to 60 seconds.
IGMP Snooping Commands
13 IGMP Snooping Querier Commands This chapter explains the following commands: • ip igmp snooping querier • ip igmp snooping querier election participate • ip igmp snooping querier query-interval • ip igmp snooping querier timer expiry • ip igmp snooping querier version • show igmp snooping querier IGMP Snooping Querier Commands 347
ip igmp snooping querier This command enables or disables IGMP Snooping Querier on the system (Global Configuration mode) or on a VLAN. Using this command, you can specify the IP address that the snooping querier switch should use as the source address when generating periodic queries. The no form of this command disables IGMP Snooping Querier on the system. Use the optional address parameter to reset the querier address to 0.0.0.0.
configured, then use the management IP address as the IGMP snooping querier source address. Using all zeros for the querier IP address removes it. The VLAN IP address takes precedence over the global IP address. Example The following example enables IGMP snooping querier in VLAN Configuration mode. console(config-vlan)#ip igmp snooping querier 1 address 10.19.67.
Example The following example configures the snooping querier to participate in the querier election. console(config-vlan)#ip igmp snooping querier election participate ip igmp snooping querier query-interval This command sets the IGMP Querier Query Interval time, which is the amount of time in seconds that the switch waits before sending another periodic query. The no form of this command sets the IGMP Querier Query Interval time to its default value.
ip igmp snooping querier timer expiry This command sets the IGMP Querier timer expiration period which is the time period that the switch remains in Non-Querier mode after it has discovered that there is a Multicast Querier in the network. The no form of this command sets the IGMP Querier timer expiration period to its default value.
Syntax ip igmp snooping querier version number no ip igmp snooping querier version • number — IGMP version. (Range: 1–2) Default Configuration The querier version default is 2. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the IGMP version of the querier to 1. ip igmp snooping querier version 1 show igmp snooping querier This command displays IGMP Snooping Querier information.
• Querier Timeout — Displays the amount of time to wait in the NonQuerier operational state before moving to a Querier state. When you specify a value for vlan_id, the following information appears: • VLAN Admin Mode — Indicates whether IGMP Snooping Querier is active on the VLAN. • VLAN Operational State — Indicates whether IGMP Snooping Querier is in the Querier or Non-Querier state. When the switch is in Querier state it sends out periodic general queries.
Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example shows querier information for VLAN 2. console#show ip igmp snooping querier vlan 2 Vlan 2 : IGMP Snooping querier status ---------------------------------------------IGMP Snooping Querier Vlan Mode............. Disable Querier Election Participate Mode........... Disable Querier Vlan Address........................ 0.0.0.0 Operational State...........................
IP Addressing Commands 14 This chapter explains the following commands: • clear host • ip address • ip address dhcp • ip address vlan • ip default-gateway • ip domain-lookup • ip domain-name • ip host • ip name-server • ipv6 address • ipv6 enable • ipv6 gateway • show arp switch • show hosts • show ip helper-address • show ip interface management IP Addressing Commands 355
clear host Use the clear host command in Privileged EXEC mode to delete entries from the host name-to-address cache. Syntax clear host {name|*} • name — Host name to be deleted from the host name-to-address cache. (Range: 1-255 characters) • * — Deletes all entries in the host name-to-address cache. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
• mask — Specifies a valid subnet (network) mask IP address. • prefix-length — The number of bits that comprise the IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 1-30) Default Configuration The switch management interface obtains an IP address via DHCP by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Examples The following examples configure the IP address 131.108.1.27 and subnet mask 255.255.255.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The ip address dhcp command allows the switch to dynamically obtain an IP address by using the DHCP protocol. Example The following example acquires an IP address for the switch management interface from DHCP. console(config)#ip address dhcp ip address vlan Use the ip address vlan command in Global Configuration mode to set the management VLAN.
Example The following example sets VLAN 5 as management VLAN. console(config)#ip address vlan 5 ip default-gateway Use the ip default-gateway command in Global Configuration mode to define a default gateway (router). Syntax ip default-gateway ip-address • ip-address — Valid IP address that specifies the IP address of the default gateway. Default Configuration No default gateway is defined.
ip domain-lookup Use the ip domain-lookup command in Global Configuration mode to enable IP Domain Naming System (DNS)-based host name-to-address translation. To disable the DNS, use the no form of this command. Syntax ip domain-lookup no ip domain-lookup Default Configuration The DNS is enabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables the IP Domain Naming System (DNS)-based host name-to-address translation.
• name — Default domain name used to complete an unqualified host name. Do not include the initial period that separates the unqualified host name from the domain name (Range: 1-255 characters). Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines a default domain name of dell.com. console(config)#ip domain-name dell.
User Guidelines This command has no user guidelines. Example The following example defines a static host name-to-address mapping in the host cache. console(config)#ip host accounting.dell.com 176.10.23.1 ip name-server Use the ip name-server command in Global Configuration mode to define available IPv4 or IPv6 name servers. To delete a name server, use the no form of this command.
Example The following example sets the available name server. console(config)#ip name-server 176.16.1.18 ipv6 address Use the ipv6 address command to set the IPv6 address of the management interface. Use the "no" form of this command to reset the IPv6 address to the default. Syntax ipv6 address {prefix/prefix-length [eui64] | autoconfig | dhcp} no ipv6 address • prefix —Consists of the bits of the address to be configured.
Example console(config)#ipv6 address dhcp console(config)#ipv6 address autoconfig console(config)#ipv6 address 2003::6/64 console(config)#ipv6 address 2001::/64 eui64 console(config)#no ipv6 address dhcp console(config)#no ipv6 address autoconfig console(config)#no ipv6 address 2003::6/64 console(config)#no ipv6 address 2001::/64 eui64 console(config)#no ipv6 address ipv6 enable Use the ipv6 enable command to enable IPv6 on the management interface.
Default Configuration IPv6 is enabled on the management interface by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#no ipv6 enable ipv6 gateway Use the ipv6 gateway command to configure an IPv6 gateway for the management interface. Use the "no" form of this command to reset the gateway to the default.
Example console(config)#ipv6 gateway 2003::1 console(config)#no ipv6 gateway show arp switch Use the show arp switch command in Privileged EXEC mode to display the ARP cache entries learned on the management port. Syntax show arp switch Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines Note that this command only show ARP entries used by the management interface. It is logically separate from the ARP table used by the routing interfaces.
show hosts Use the show hosts command in User EXEC mode to display the default domain name, a list of name server hosts, and the static and cached list of host names and addresses. The command itself shows hosts [hostname]. • Host name. (Range: 1–255 characters) Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines This command has no user guidelines. Example The following example displays information about IP hosts.
show ip helper-address Use the show ip helper-address command in Privileged EXEC mode to display IP helper addresses configuration. Syntax show ip helper-address [intf-address] • intf-address — IP address of a routing interface. (Range: Any valid IP address) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
show ip interface management Use the show ip interface management command to display the management interface configuration. Syntax show ip interface management Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the management interface configuration. console#show ip interface management IP Address..................................... 10.27.21.
IP Addressing Commands
IPv6 Access List Commands 15 This chapter explains the following commands: • {deny | permit} • ipv6 access-list • ipv6 access-list rename • ipv6 traffic-filter • show ipv6 access-lists IPv6 Access List Commands 371
{deny | permit} This command creates a new rule for the current IPv6 access list. Each rule is appended to the list of configured rules for the list. A rule may either deny or permit traffic according to the specified classification fields. At a minimum, either the 'every' keyword or the protocol, source address, and destination address values must be specified. The source and destination IPv6 address fields may be specified using the keyword 'any' to indicate a match on any value in that field.
• portvalue — The source layer 4 port match condition for the ACL rule is specified by the port value parameter. (Range: 0–65535). • destination ipv6 prefix — IPv6 prefix in IPv6 global address format. • flow label value — The value to match in the Flow Label field of the IPv6 header (Range 0–1048575). • dscp dscp — Specifies the TOS for an IPv6 ACL rule depending on a match of DSCP values using the parameter dscp. • log — Specifies that this rule is to be logged.
console(Config-ipv6-acl)#deny ipv6 2001:DB8::/32 any eq http console(Config-ipv6-acl)#permit ipv6 2001:DB8::/32 any console(Config-ipv6-acl)# ipv6 access-list The ipv6 access-list command creates an IPv6 Access Control List (ACL) consisting of classification fields defined for the IP header of an IPv6 frame. The parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the IPv6 access list.
console(config)#ipv6 access-list DELL_IP6 console(Config-ipv6-acl)# ipv6 access-list rename The ipv6 access-list rename command changes the name of an IPv6 Access Control List (ACL). This command fails if an IPv6 ACL with the new name already exists. Syntax ipv6 access-list rename name newname • name — the name of an existing IPv6 ACL. • newname — alphanumeric string from 1 to 31 characters uniquely identifying the IPv6 access list.
ipv6 traffic-filter The ipv6 traffic-filter command either attaches a specific IPv6 Access Control List (ACL) to an interface or associates it with a VLAN ID in a given direction. An optional sequence number may be specified to indicate the order of this access list relative to other IPv6 access lists already assigned to this interface and direction. A lower number indicates higher precedence order.
Example The following example attaches an IPv6 access control list to an interface. console(config-if-1/g1)#ipv6 traffic-filter DELL_IP6 in show ipv6 access-lists The show ipv6 access-lists command displays an IPv6 access list and all of the rules that are defined for the IPv6 ACL. Use the [name] parameter to identify a specific IPv6 ACL to display. Syntax show ipv6 access-lists [name] Default Configuration There is no default configuration for this command.
console#show ipv6 access-lists STOP_HTTP ACL Name: STOP_HTTP Inbound Interface(s): 1/g1 Rule Number: 1 Action......................................... deny Protocol....................................... 255(ipv6) Source IP Address.............................. 2001:DB8::/32 Destination L4 Port Keyword.................... 80(www/http) Rule Number: 2 Action......................................... permit Protocol....................................... 255(ipv6) Source IP Address..........................
Destination L4 Port Keyword This field displays the destination port for this rule. IP DSCP This field indicates the value specified for IP DSCP. Flow Label This field indicates the value specified for IPv6 Flow Label. Log Displays when you enable logging for the rule. Assign Queue Displays the queue identifier to which packets matching this rule are assigned. Mirror Interface Displays the interface to which packets matching this rule are copied.
IPv6 Access List Commands
IPv6 MLD Snooping Querier Commands 16 This chapter explains the following commands: • ipv6 mld snooping querier • ipv6 mld snooping querier (VLAN mode) • ipv6 mld snooping querier address • ipv6 mld snooping querier election participate • ipv6 mld snooping querier query-interval • ipv6 mld snooping querier timer expiry • show ipv6 mld snooping querier IPv6 MLD Snooping Querier Commands 381
ipv6 mld snooping querier Use the ipv6 mld snooping querier command to enable MLD Snooping Querier on the system. Use the "no" form of this command to disable MLD Snooping Querier. Syntax ipv6 mld snooping querier no ipv6 mld snooping querier Default Configuration MLD Snooping Querier is disabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Command Mode VLAN Database mode User Guidelines There are no user guidelines for this command. Example console(config-vlan)#ipv6 mld snooping querier 10 ipv6 mld snooping querier address Use the ipv6 mld snooping querier address command to set the global MLD Snooping Querier address. Use the "no" form of this command to reset the global MLD Snooping Querier address to the default.
ipv6 mld snooping querier election participate Use the ipv6 mld snooping querier election participate command to enable the Snooping Querier to participate in the Querier Election process when it discovers the presence of another Querier in the VLAN. When this mode is enabled, if the Snooping Querier finds that the other Querier's source address is higher than the Snooping Querier's address, it stops sending periodic queries.
ipv6 mld snooping querier query-interval Use the ipv6 mld snooping querier query-interval command to set the MLD Querier Query Interval time. It is the amount of time in seconds that the switch waits before sending another general query. Use the "no" form of this command to reset the Query Interval to the default. Syntax ipv6 mld snooping querier query-interval interval ipv6 mld snooping querier query-interval • interval — Amount of time that the switch waits before sending another general query.
ipv6 mld snooping querier timer expiry • timer — The time that the switch remains in Non-Querier mode after it has discovered that there is a multicast querier in the network. (Range: 60–300 seconds) Default Configuration The default timer expiration period is 60 seconds. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
User Guidelines When the optional argument vlan vlan-id is not used, the command shows the following information: MLD Snooping Querier Mode Indicates whether or not MLD Snooping Querier is active on the switch. Querier Address Shows the IP Address which will be used in the IPv6 header while sending out MLD queries. MLD Version Indicates the version of MLD that will be used while sending out the queries. This is defaulted to MLD v1 and it can not be changed.
When the optional argument detail is used, the command shows the global information and the information for all Querier enabled VLANs as well as the following information: Last Querier Address Indicates the IP address of the most recent Querier from which a Query was received. MLD Version Indicates the version of MLD.
17 iSCSI Optimization Commands This chapter explains the following commands: • iscsi enable • show iscsi iSCSI Optimization Commands 389
iscsi enable The iscsi enable command globally enables iSCSI awareness. To disable iSCSI awareness use the no form of this command. Syntax iscsi enable no iscsi enable Default Configuration The default iSCSI optimization mode is disabled. NOTE: Rapid Spanning Tree Protocol (RSTP) and flow-control are globally enabled by default. Command Mode Global Configuration mode.
Example The following example enables iSCSI awareness. console(config)#iscsi enable show iscsi The show iscsi command output indicates whether iSCSI optimization is enabled or disabled. Syntax show iscsi Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Example The following example displays the iSCSI settings.
iSCSI Optimization Commands
LACP Commands 18 This chapter explains the following commands: • lacp port-priority • lacp system-priority • lacp timeout • show lacp ethernet • show lacp port-channel LACP Commands 393
lacp port-priority Use the lacp port-priority command in Interface Configuration mode to configure the priority value for physical ports. To reset to default priority value, use the no form of this command. Syntax lacp port-priority value no lacp port-priority • value — Port priority value. (Range: 1–65535) Default Configuration The default port priority value is 1. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines.
• value — Port priority value. (Range: 1–65535) Default Configuration The default system priority value is 1. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the system priority to 120. console(config)#lacp system-priority 120 lacp timeout Use the lacp timeout command in Interface Configuration mode to assign an administrative LACP timeout.
User Guidelines This command has no user guidelines. Example The following example assigns an administrative LACP timeout for port 1/g8 to a long timeout value. console(config)#interface ethernet 1/g8 console(config-if-1/g8)#lacp timeout long show lacp ethernet Use the show lacp ethernet command in Privileged EXEC mode to display LACP information for Ethernet ports. Syntax show lacp ethernet interface [parameters|statistics] • Interface — Ethernet interface.
system priority: 1 system mac addr: 00:00:12:34:56:78 port Admin key: 30 port Oper key: 30 port Oper priority: 1 port Admin timeout: LONG port Oper timeout: LONG LACP Activity: ACTIVE Aggregation: AGGREGATABLE synchronization: FALSE collecting: FALSE distributing: FALSE expired: FALSE Partner system priority: 0 system mac addr: 00:00:00:00:00:00 port Admin key: 0 port Oper key: 0 port Admin priority: 0 port Oper priority: 0 port Oper timeout: LONG LACP Activity: ASSI
expired: FALSE Port 1/g1 LACP Statistics: LACP PDUs sent: 2 LACP PDUs received: 2 show lacp port-channel Use the show lacp port-channel command in Privileged EXEC mode to display LACP information for a port-channel. Syntax show lacp port-channel [port_channel_number] • port_channel_number — The port-channel number. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
Oper Key: 29 Partner System Priority: 0 MAC Address: 000000:000000 Oper Key: 14 LACP Commands 399
LACP Commands
Link Dependency Commands 19 This chapter explains the following commands: • link-dependency group • no link-dependency group • add ethernet • add port-channel • add port-channel • no add port-channel • depends-on ethernet • no depends-on ethernet • depends-on port-channel • no depends-on port-channel • show link-dependency Link Dependency Commands 401
link-dependency group Use the link-dependency group command to enter the link-dependency mode to configure a link-dependency group Syntax link-dependency group GroupId • GroupId — Link dependency group identifier. (Range: 1–16) Default Configuration This command has no default configuration.
Command Mode Global Configuration mode User Guidelines No specific guidelines Example console(config)#no link-dependency group 1 add ethernet Use the add ethernet command to add member Ethernet port(s) to the dependency list. Syntax add ethernet intf-list • intf-list — List of Ethernet interfaces. Separate nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports.
add port-channel Use the add port-channel command to add member port-channels to the dependency list. Syntax add port-channel port-channel-list • port-channel-list — List of port-channel interfaces. Separate nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports. (Range: Valid port-channel interface list or range) Default Configuration This command has no default configuration.
Default Configuration This command has no default configuration. Command Mode Link Dependency mode User Guidelines No specific guidelines Example console(config-linkDep-group-1)#no add port-channel 2 depends-on ethernet Use the depends-on ethernet command to add the dependent Ethernet ports list. Syntax depends-on ethernet intf-list • intf-list — List of Ethernet interfaces. Separate nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports.
no depends-on ethernet Use the no depends-on ethernet command to remove the dependent Ethernet ports list. Syntax no depends-on ethernet intf-list • intf-list — List of Ethernet interfaces. Separate nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports. (Range: Valid Ethernet interface list or range) Default Configuration This command has no default configuration.
Default Configuration This command has no default configuration. Command Mode Link Dependency mode User Guidelines No specific guidelines Example console(config-linkDep-group-1)#depends-on portchannel 6 no depends-on port-channel Use the no depends-on port-channel command to remove the dependent port-channels list. Syntax no depends-on port-channel port-channel-list • port-channel-list — List of port-channel interfaces. Separate nonconsecutive ports with a comma and no spaces.
Example console(config-linkDep-group-1)# no depends-on portchannel 6 show link-dependency Use the show link-dependency command to show the link dependencies configured for a particular group. If no group is specified, then all the configured link-dependency groups are displayed. Syntax show link-dependency [group GroupId] GroupId — Link dependency group identifier. (Range: Valid Group Id, 1–16) • Default Configuration This command has no default configuration.
The following command shows link dependencies for group 2 only.
Link Dependency Commands
LLDP Commands 20 This chapter explains the following commands: • clear lldp remote-data • clear lldp statistics • lldp med • lldp med confignotification • lldp med faststartrepeatcount • lldp med transmit-tlv • lldp notification • lldp notification-interval • lldp receive • lldp timers • lldp transmit • lldp transmit-mgmt • lldp transmit-tlv • show lldp • show lldp interface • show lldp local-device • show lldp med • show lldp med interface • show lldp med local-device
clear lldp remote-data Use the clear lldp remote-data command in Privileged EXEC mode to delete all LLDP information from the remote data table. Syntax clear lldp remote-data Default Configuration By default, data is removed only on system reset. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays how to clear the LLDP remote data.
User Guidelines This command has no user guidelines. Example The following example displays how to reset all LLDP statistics. console#clear lldp statistics lldp med This command is used to enable/disable LLDP-MED on an interface. By enabling MED, the transmit and receive functions of LLDP are effectively enabled. Syntax Description lldp med no lldp med Parameter Ranges Not applicable Command Mode Interface (Ethernet) Configuration Default Value LLDP-MED is disabled on all supported interfaces.
lldp med confignotification This command is used to enable sending the topology change notification. Syntax Description lldp med confignotification no lldp med confignotification Parameter Ranges Not applicable Command Mode Interface (Ethernet) Configuration Default Value By default, notifications are disabled on all supported interfaces. Usage Guidelines No specific guidelines.
Command Mode Global Configuration Default Value 3 Usage Guidelines No specific guidelines. Example console(config)# lldp med faststartrepeatcount 2 lldp med transmit-tlv This command is used to specify which optional TLVs in the LLDP MED set are transmitted in the LLDPDUs. There are certain conditions that have to be met for this port to be MED compliant. These conditions are explained in the normative section of the specification. For example, the MED TLV 'capabilities' is mandatory.
Parameter Ranges Not applicable. Command accepts keywords only. Command Mode Interface (Ethernet) Configuration Default Value By default, the capabilities and network policy TLVs are included. Example console(config)#interface ethernet 1/g1 console(config-if-1/g1)#lldp med transmit-tlv capabilities console(config-if-1/g1)#lldp med transmit-tlv network-policies lldp notification Use the lldp notification command in Interface Configuration mode to enable remote data change notifications.
Example The following example displays how to enable remote data change notifications. console(config-if-1/g3)#lldp notification lldp notification-interval Use the lldp notification-interval command in Global Configuration mode to limit how frequently remote data change notifications are sent. To return the notification interval to the factory default, use the no form of this command.
lldp receive Use the lldp receive command in Interface Configuration mode to enable the LLDP receive capability. To disable reception of LLDPDUs, use the no form of this command. Syntax lldp receive no lldp receive Default Configuration The default lldp receive mode is disabled. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example displays how to enable the LLDP receive capability.
• transmit-interval — The interval in seconds at which to transmit local data LLDPDUs. (Range: 5–32768 seconds) • hold-multiplier — Multiplier on the transmit interval used to set the TTL in local data LLDPDUs. (Range: 2–10) • reinit-delay — The delay in seconds before re-initialization. (Range: 1–10 seconds) Default Configuration The default transmit interval is 30 seconds. The default hold-multiplier is 4. The default delay before re-initialization is 2 seconds.
lldp transmit Use the lldp transmit command in Interface Configuration mode to enable the LLDP advertise (transmit) capability. To disable local data transmission, use the no form of this command. Syntax lldp transmit no lldp transmit Default Configuration LLDP is disabled on all supported interfaces. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example displays how enable the transmission of local data.
Default Configuration By default, management address information is not included. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example displays how to include management information in the LLDPDU. console(config-if-1/g3)#lldp transmit-mgmt lldp transmit-tlv Use the lldp transmit-tlv command in Interface Configuration mode to specify which optional type-length-value settings (TLVs) in the 802.
User Guidelines This command has no user guidelines. Example The following example shows how to include the system description TLV in local data transmit. console(config-if-1/g3)#lldp transmit-tlv sys-desc show lldp Use the show lldp command in Privileged EXEC mode to display the current LLDP configuration summary. Syntax show lldp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
console#show lldp LLDP transmit and receive disabled on all interfaces show lldp interface Use the show lldp interface command in Privileged EXEC mode to display the current LLDP interface state. Syntax show lldp interface {interface | all} • interface — Specifies a valid physical interface on the switch or unit/port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
System Capability console# show lldp interface 1/g1 Interface Link Transmit Receive Notify TLVs Mgmt --------- ---- -------- -------- -------- ------ ---1/g1 Up Enabled Enabled Enabled 0,1,2,3 Y TLV Codes: 0 – Port Description, 1 – System Name, 2 – System Description, 3 – System Capability show lldp local-device Use the show lldp local-device command in Privileged EXEC mode to display the advertised LLDP local data. This command can display summary information or detail for each interface.
Interface Port ID Port Description --------- -------------------- -------------------1/g1 00:62:48:00:00:02 console# show lldp local-device detail 1/g1 LLDP Local Device Detail Interface: 1/g1 Chassis ID Subtype: MAC Address Chassis ID: 00:62:48:00:00:00 Port ID Subtype: MAC Address Port ID: 00:62:48:00:00:02 System Name: System Description: Routing Port Description: System Capabilities Supported: bridge, router System Capabilities Enabled: bridge Management Address: Type: IPv4 Address: 192.168.17.
show lldp med This command displays a summary of the current LLDP MED configuration. Syntax Description show lldp med Parameter Ranges Not applicable Command Mode Privileged EXEC Default Value Not applicable Usage Guidelines No specific guidelines. Example console(config)#show lldp med LLDP MED Global Configuration Fast Start Repeat Count: 3 Device Class: Network Connectivity show lldp med interface This command displays a summary of the current LLDP MED configuration for a specific interface.
• All — Indicates all valid LLDP interfaces. Parameter Ranges Not applicable Command Mode Privileged EXEC.
show lldp med local-device This command displays the advertised LLDP local data. This command can display summary information or detail for each interface. Syntax Description show lldp med local-device detail • unit/port — Indicates a specific physical interface. • detail — Includes a detailed version of remote data for the indicated interface.
DSCP: 1 Unknown: False Tagged: True Media Policy Application Type : streamingvideo Vlan ID: 20 Priority: 1 DSCP: 2 Unknown: False Tagged: True Inventory Hardware Rev: xxx xxx xxx Firmware Rev: xxx xxx xxx Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice LLDP Commands 429
Extended POE PSE Available: 0.3 watts Source: primary Priority: critical Extended POE PD Required: 0.2 watts Source: local Priority: low show lldp med remote-device This command displays the current LLDP MED remote data. This command can display summary information or detail for each interface. Syntax Description show lldp med remote-device { | all} show lldp med remote-device detail • unit/port — Indicates a specific physical interface.
Default Value Not applicable Example Console#show lldp med remote-device all LLDP MED Remote Device Summary Local InterfaceDevice Class --------------------1/g1Class I 1/g2 Not Defined 1/g3Class II 1/g4Class III 1/g5Network Con Console#show lldp med remote-device detail 1/g1 LLDP MED Remote Device Detail Local Interface: 1/g1 Capabilities MED Capabilities Supported: capabilities, networkpolicy, location, extendedpse MED Capabilities Enabled: capabilities, networkpolicy Device Class: Endpoint Class I
Network Policies Media Policy Application Type : voice Vlan ID: 10 Priority: 5 DSCP: 1 Unknown: False Tagged: True Media Policy Application Type : streamingvideo Vlan ID: 20 Priority: 1 DSCP: 2 Unknown: False Tagged: True Inventory Hardware Rev: xxx xxx xxx Firmware Rev: xxx xxx xxx Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location 432 LLDP Commands
Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 Watts Source: primary Priority: critical Extended POE PD Required: 0.2 Watts Source: local Priority: low show lldp remote-device Use the lldp remote-device command in Privileged EXEC mode to display the current LLDP remote data. This command can display summary information or detail for each interface.
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Examples These examples show current LLDP remote data, including a detailed version.
show lldp statistics Use the show lldp statistics command in Privileged EXEC mode to display the current LLDP traffic statistics. Syntax show lldp statistics {interface | all} • interface — Specifies a valid physical interface on the switch or unit/port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Examples The following examples shows an example of the display of current LLDP traffic statistics.
Total Ageouts................................ 1 Tx TLV Rx TLV TLV TLV TLV Interface Total Total Discards Errors Ageout Discards Unknowns MED 802.1 802.3 --------- ----- ----- -------- ------ ------ -------- -------- -------- ----1/g11 4 29395 82562 0 0 1 0 0 0 1 The following table explains the fields in this example. Parameter Description Last Update The value of system of time the last time a remote data entry was created, modified, or deleted.
Parameter Description Errors Number of non-valid LLDP frames received on the indicated port. Ageouts Number of times a remote data entry on the indicated port has been deleted due to TTL expiration. TLV Discards Number LLDP TLVs (Type, Length, Value sets) received on the indicated port and discarded for any reason by the LLDP agent. TLV Unknowns Number of LLDP TLVs received on the indicated port for a type not recognized by the LLDP agent.
LLDP Commands
Port Channel Commands 21 This chapter explains the following commands: • channel-group • interface port-channel • interface range port-channel • hashing-mode • no hashing-mode • show interfaces port-channel • show statistics port-channel Port Channel Commands 439
channel-group Use the channel-group command in Interface Configuration mode to configure a port-to-port channel. To remove the channel-group configuration from the interface, use the no form of this command. Syntax channel-group port-channel-number mode {on|auto} no channel-group • port-channel-number — Number of a valid port-channel for the current port to join. • on — Forces the port to join a channel without LACP. • auto — Forces the port to join a channel with LACP.
interface port-channel Use the interface port-channel command in Global Configuration mode to configure a port-channel type and enter port-channel configuration mode. Syntax interface port-channel port-channel-number • port-channel-number — A valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enters the context of port-channel number 1.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Commands in the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, it stops the execution of the command on subsequent interfaces. Example The following example shows how port-channels 1, 2 and 8 are grouped to receive the same command.
Default Configuration This command has no default configuration. Command Mode Interface Configuration (port-channel) User Guidelines No specific guidelines. Example console(config)#interface port-channel l console(config-if-ch1)#hashing-mode 4 no hashing-mode Use the no hashing-mode command to set the hashing algorithm on Trunk ports to the default (3). Syntax Description no hashing-mode Default Configuration This command has no default configuration.
show interfaces port-channel Use the show interfaces port-channel command to show port-channel information. Syntax Description show interfaces port-channel [port-channel number] • [port-channel-number] — Number of the port channel to show. This parameter is optional. If the port channel number is not given, all the channel groups are displayed. (Range: Valid port-channel number, 1 to 48) Default Configuration This command has no default configuration.
Hash algorithm type 1 - Source MAC, VLAN, EtherType, source module and port Id 2 - Destination MAC, VLAN, EtherType, source module and port Id 3 - Source IP and source TCP/UDP port 4 - Destination IP and destination TCP/UDP port 5 - Source/Destination MAC, VLAN, EtherType and source MODID/port 6 - Source/Destination IP and source/destination TCP/UDP port show statistics port-channel Use the show statistics port-channel command in Privileged EXEC mode to display statistics about a specific port-channel.
Total Packets Received (Octets)................ 0 Packets Received > 1522 Octets................. 0 Packets RX and TX 64 Octets.................... 1064 Packets RX and TX 65-127 Octets................ 140 Packets RX and TX 128-255 Octets............... 201 Packets RX and TX 256-511 Octets............... 418 Packets RX and TX 512-1023 Octets.............. 1 Packets RX and TX 1024-1518 Octets............. 0 Packets RX and TX 1519-1522 Octets............. 0 Packets RX and TX 1523-2047 Octets.............
Unacceptable Frame Type........................ 0 Multicast Tree Viable Discards................. 0 Reserved Address Discards...................... 0 Broadcast Storm Recovery....................... 0 CFI Discards................................... 0 Upstream Threshold............................. 0 Total Packets Transmitted (Octets)............. 263567 Max Frame Size................................. 1518 Total Packets Transmitted Successfully......... 1824 Unicast Packets Transmitted....................
GVRP Failed Registrations...................... 0 Time Since Counters Last Cleared...............
Port Monitor Commands 22 This chapter explains the following commands: • monitor session • show monitor session Port Monitor Commands 449
monitor session Use the monitor session command in Global Configuration mode to configure a probe port and a monitored port for monitor session (port monitoring). Use the src-interface parameter to specify the interface to monitor. Use rx to monitor only ingress packets, or use tx to monitor only egress packets. If you do not specify an {rx | tx} option, the destination port monitors both ingress and egress packets. Use the destination interface to specify the interface to receive the monitored traffic.
Example The following examples shows various port monitoring configurations. console(config)#monitor session 1 source interface 1/g8 console(config)#monitor session 1 destination interface 1/g10 console(config)#monitor session 1 mode show monitor session Use the show monitor session command in Privileged EXEC mode to display status of port monitoring. Syntax show monitor session session-id • session id — Session identification number. Default Configuration This command has no default configuration.
Port Monitor Commands
QoS Commands 23 This chapter explains the following commands: • assign-queue • class • class-map • class-map rename • classofservice dot1p-mapping • classofservice ip-dscp-mapping • classofservice trust • conform-color • cos-queue min-bandwidth • cos-queue strict • diffserv • drop • mark cos • mark ip-dscp • mark ip-precedence • match class-map • match cos • match destination-address mac • match dstip • match dstip6 • match dstl4port • match ethertype • match i
• match ip tos • match protocol • match source-address mac • match srcip • match srcip6 • match srcl4port • match vlan • mirror • police-simple • policy-map • redirect • service-policy • show class-map • show classofservice dot1p-mapping • show classofservice ip-dscp-mapping • show classofservice trust • show diffserv • show diffserv service interface ethernet in • show diffserv service interface port-channel in • show diffserv service brief • show interfaces co
assign-queue Use the assign-queue command in Policy-Class-Map Configuration mode to modify the queue ID to which the associated traffic stream is assigned. Syntax assign-queue • queueid — Specifies a valid queue ID. (Range: integer from 0–6.) Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode Policy Map Configuration mode User Guidelines This command causes the specified policy to create a reference to the class definition. The command mode is changed to Policy-Class-Map Configuration when this command is executed successfully. Example The following example shows how to specify the DiffServ class name of "DELL.
User Guidelines There are no user guidelines for this command. Example The following example creates a class-map named "DELL" which requires all ACE’s to be matched. console(config)#class-map DELL console(config-cmap)# class-map rename Use the class-map rename command in Global Configuration mode to change the name of a DiffServ class. Syntax class-map rename • classname — The name of an existing DiffServ class.
console(config)# classofservice dot1p-mapping Use the classofservice dot1p-mapping command in Global Configuration mode to map an 802.1p priority to an internal traffic class. In Interface Configuration mode, the mapping is applied only to packets received on that interface. Use the no form of the command to remove mapping between an 802.1p priority and an internal traffic class. Syntax classofservice dot1p-mapping 802.1ppriority trafficclass no classofservice dot1p-mapping • 802.
classofservice ip-dscp-mapping Use the classofservice ip-dscp-mapping command in Global Configuration mode to map an IP DSCP value to an internal traffic class. Syntax classofservice ip-dscp-mapping ipdscp trafficclass • ipdscp — Specifies the IP DSCP value to which you map the specified traffic class.
classofservice trust Use the classofservice trust command in either Global Configuration mode or Interface Configuration mode to set the class of service trust mode of an interface. To set the interface mode to untrusted, use the no form of this command. Syntax classofservice trust {dot1p|untrusted|ip-dscp} no classofservice trust • dot1p — Sets the CoS mode to trust dot1p (802.1p) packet markings. • untrusted — Sets the CoS Mode for all interfaces to Untrusted.
conform-color Use the conform-color command in Policy-Class-Map Configuration mode to specify second-level matching for traffic flow, the only possible actions are drop, setdscp-transmit, set-prec-transmit, or transmit. In this two-rate form of the policy command, the conform action defaults to send, the exceed action defaults to drop, and the violate action defaults to drop. These actions can be set with this command. Syntax conform-color Default Configuration This command has no default configuration.
• bw-0 — Specifies the minimum transmission bandwidth for an interface. You can specify as many bandwidths as there are interfaces (bw-0 through bw-n). (Range: 0–100 in increments of 5) Default Configuration This command has no default configuration. Command Mode Global Configuration mode or Interface Configuration (Ethernet, Portchannel) mode User Guidelines The maximum number of queues supported per interface is seven.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode or Interface Configuration (Ethernet, Portchannel) mode User Guidelines This command has no user guidelines. Example The following example displays how to activate the strict priority scheduler mode for two queues. console(config)#cos-queue strict 1 2 The following example displays how to activate the strict priority scheduler mode for three queues.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to set the DiffServ operational mode to active. console(Config)#diffserv drop Use the drop command in Policy-Class-Map Configuration mode to specify that all packets for the associated traffic stream are to be dropped at ingress. Syntax drop Default Configuration This command has no default configuration.
mark cos Use the mark cos command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified class of service value in the priority field of the 802.1p header. If the packet does not already contain this header, one is inserted. Syntax mark cos cos-value • cos-value — Specifies the CoS value as an integer. (Range: 0–7) Default Configuration The default value for this command is 1.
• dscpval — Specifies a DSCP value (10, 12, 14, 18, 20, 22, 26, 28, 30, 34, 36, 38, 0, 8, 16, 24, 32, 40, 48, 56, 46) or a DSCP keyword (af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef). Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines This command has no user guidelines.
User Guidelines. This command has no user guidelines. Example The following example displays console(config)#policy-map p1 in console(config-policy-map)#class c1 console(config-policy-classmap)#mark ip-precedence 2 console(config-policy-classmap)# match class-map Use the match class-map command to add to the specified class definition the set of match conditions defined for another class.
• Any attempts to delete the refclassname class while the class is still referenced by any class-map-name fails. • The combined match criteria of class-map-name and refclassname must be an allowed combination based on the class type. • Any subsequent changes to the refclassname class match criteria must maintain this validity, or the change attempt fails.
Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition to the specified class. console(config-classmap)#match cos 1 match destination-address mac Use the match destination-address mac command in Class-Map Configuration mode to add to the specified class definition a match condition based on the destination MAC address of a packet.
Example The following example displays adding a match condition for the specified MAC address and bit mask. console(config-classmap)#match destination-address mac AA:ED:DB:21:11:06 FF:FF:FF:EF:EE:EE match dstip Use the match dstip command in Class-Map Configuration mode to add to the specified class definition a match condition based on the destination IP address of a packet. Syntax match dstip ipaddr ipmask • ipaddr — Specifies a valid IP address. • ipmask — Specifies a valid IP address bit mask.
match dstip6 The match dstip6 command adds to the specified class definition a match condition based on the destination IPv6 address of a packet. Syntax match dstip6 destination-ipv6-prefix/prefix-length • destination-ipv6-prefix — IPv6 prefix in IPv6 global address format. • prefix-length —IPv6 prefix length value. Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command.
Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition based on the destination layer 4 port of a packet using the "echo" port name keyword.
Example The following example displays how to add a match condition based on ethertype. console(config-classmap)#match ethertype arp match ip6flowlbl The match ip6flowlbl command adds to the specified class definition a match condition based on the IPv6 flow label of a packet. Syntax match ip6flowlbl label • label - The value to match in the Flow Label field of the IPv6 header (Range 0-1048575). Default Configuration There is no default configuration for this command.
match ip dscp Use the match ip dscp command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the IP DiffServ Code Point (DSCP) field in a packet. This field is defined as the high-order six bits of the Service Type octet in the IP header. The low-order two bits are not checked. Syntax match ip dscp dscpval • dscpval — Specifies an integer value or a keyword value for the DSCP field.
match ip precedence Use the match ip precedence command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the IP precedence field. Syntax match ip precedence precedence • precedence — Specifies the precedence field in a packet. This field is the high-order three bits of the Service Type octet in the IP header. (Integer Range: 0–7) Default Configuration This command has no default configuration.
Syntax match ip tos tosbits tosmask • tosbits — Specifies a two-digit hexadecimal number. (Range: 00–ff) • tosmask — Specifies the bit positions in the tosbits parameter that are used for comparison against the IP TOS field in a packet. This value of this parameter is expressed as a two-digit hexadecimal number. (Range: 00–ff) Default Configuration This command has no default configuration.
• protocol-name — Specifies one of the supported protocol name keywords. The supported values are icmp, igmp, ip, tcp, and udp. • protocol-number — Specifies the standard value assigned by IANA. (Range 0–255) Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition based on the "ip" protocol name keyword.
Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example adds to the specified class definition a match condition based on the source MAC address of the packet. console(config-classmap)# match source-address mac 10:10:10:10:10:10 11:11:11:11:11:11 match srcip Use the match srcip command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source IP address of a packet.
Example The following example displays adding a match condition for the specified IP address and address bit mask. console(config-classmap)#match srcip 10.240.1.1 10.240.0.0 match srcip6 The match srcip6 command adds to the specified class definition a match condition based on the source IPv6 address of a packet. Syntax match srcip6 source-ipv6-prefix/prefix-length • source-ipv6-prefix —IPv6 prefix in IPv6 global address format. • prefix-length —IPv6 prefix length value.
match srcl4port Use the match srcl4port command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword or a numeric notation. Syntax match srcl4port {portkey|port-number} • portkey — Specifies one of the supported port name keywords. A match condition is specified by one layer 4 port number. The currently supported values are: domain, echo, ftp, ftpdata, http, smtp,snmp, telnet, tftp, and www.
match vlan Use the match vlan command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the layer 2 VLAN Identifier field. This field is the only tag in a single tagged packet or the first or outer tag of a double VLAN packet. Syntax match vlan • vlan-id — Specifies a VLAN ID as an integer. (Range: 0–4095) Default Configuration This command has no default configuration.
Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines The port identified in this command is identical to the destination port of the monitor command. Example The following example displays how to copy all the data to ethernet port 1/g5. console(config-policy-classmap)#mirror 1/g5 police-simple Use the police-simple command in Policy-Class-Map Configuration mode to establish the traffic policing style for the specified class.
• dscpval — DSCP value. (Range: 0–63 or a keyword from this list, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef) Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines Only one style of police command (simple) is allowed for a given class instance in a particular policy.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The CLI mode is changed to Policy-Class-Map Configuration when this command is successfully executed. The policy type dictates which of the individual policy attribute commands are valid within the policy definition. Example The following example shows how to establish a new DiffServ policy named "DELL.
User Guidelines This command has no user guidelines. Example The following example shows how to redirect incoming packets to port 1/g1. console(config-policy-classmap)#redirect 1/g1 service-policy Use the service-policy command in either Global Configuration mode (for all system interfaces) or Interface Configuration mode (for a specific interface) to attach a policy to an interface. To return to the system default, use the no form of this command.
Ensure that no attributes within the policy definition exceed the capabilities of the interface. When a policy is attached to an interface successfully, any attempt to change the policy definition, such that it would result in a violation of the interface capabilities, causes the policy change attempt to fail. Example The following example shows how to attach a service policy named "DELL" to all interfaces.
Example The following example displays all the configuration information for the class named "Dell". console#show class-map Class L3 Class Name Type Proto Reference Class Name --------------------- ----- ----- ----------------------------ipv4 All ipv4 ipv6 All ipv6 stop_http_class All ipv6 match_icmp6 All ipv6 console#show class-map ipv4 Class Name..................................... ipv4 Class Type..................................... All Class Layer3 Protocol..........................
console#show class-map stop_http_class Class Name........................... stop_http_class Class Type........................... All Class Layer3 Protocol................ ipv6 Match Criteria Values ---------------------------- ----------------------Source IP Address 2001:DB8::/32 Source Layer 4 Port 80(http/www) show classofservice dot1p-mapping Use the show classofservice dot1p-mapping command in Privileged EXEC mode to display the current Dot1p (802.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines If the interface is specified, the 802.1p mapping table of the interface is displayed. If omitted, the most recent global configuration settings are displayed. Example The following example displays the dot1p traffic class mapping and user priorities.
The following table lists the parameters in the example and gives a description of each. Parameter Description User Priority The 802.1p user priority value. Traffic Class The traffic class internal queue identifier to which the user priority value is mapped. show classofservice ip-dscp-mapping Use the show classofservice ip-dscp-mapping command in Privileged EXEC mode to display the current IP DSCP mapping to internal traffic classes for a specific interface.
2 1 3 1 4 1 5 1 6 1 7 1 8(cs1) 0 9 0 10(af11) 0 11 0 12(af12) 0 13 0 14(af13) 0 15 0 16(cs2) 0 17 0 18(af21) 0 19 0 --More-- or (q)uit 20(af22) 0 21 0 22(af23) 0 23 0 24(cs3) 1 25 1 26(af31) 1 QoS Commands 491
27 1 28(af32) 1 29 1 30(af33) 1 31 1 32(cs4) 2 33 2 34(af41) 2 35 2 36(af42) 2 37 2 38(af43) 2 39 2 40(cs5) 2 41 2 42 2 --More-- or (q)uit 492 43 2 44 2 45 2 46(ef) 2 47 2 48(cs6) 3 49 3 50 3 51 3 QoS Commands
52 3 53 3 54 3 55 3 56(cs7) 3 57 3 58 3 59 3 60 3 61 3 62 3 63 3 console# show classofservice trust Use the show classofservice trust command in Privileged EXEC mode to display the current trust mode setting for a specific interface. Syntax show classofservice trust [/|port-channel port- channel number] • / — Specifies a valid unit/port combination: – — Physical switch identifier within the stack. Values are 1-12.
• port-channel number — Specifies a valid port-channel number. Range is 18. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines If the interface is specified, the port trust mode of the interface is displayed. If omitted, the port trust mode for global configuration is shown. Example The following example displays the current trust mode settings for the specified port.
User Guidelines This command has no user guidelines. Example The following example displays the DiffServ information. console#show diffserv DiffServ Admin mode........................ Enable Class Table Size Current/Max............... 5 / 25 Class Rule Table Size Current/Max.......... 6 / 150 Policy Table Size Current/Max.............. 2 / 64 Policy Instance Table Size Current/Max..... 2 / 640 Policy Attribute Table Size Current/Max.... 2 / 1920 Service Table Size Current/Max.............
Example console#show diffserv service interface ethernet 1/g1 in DiffServ Admin Mode.......................... Enable Interface..................................... 1/g1 Direction..................................... In No policy is attached to this interface in this direction. show diffserv service interface port-channel in Syntax Description show diffserv service interface port-channel channel-group in • channel-group: A valid port-channel in the system.
Direction................................... In No policy is attached to this interface in this direction show diffserv service brief Use the show diffserv service brief command in Privileged EXEC mode to display all interfaces in the system to which a DiffServ policy has been attached. Syntax show diffserv service brief Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
show interfaces cos-queue Use the show interfaces cos-queue command in Privileged EXEC mode to display the class-of-service queue configuration for the specified interface. Syntax show interfaces cos-queue [/|port-channel port-channel number] • / — Specifies a valid unit/port combination: – — Physical switch identifier within the stack. Values are 1-12. – — Values are g for gigabit Ethernet port, or xg for 10 gigabit Ethernet port.
Global Configuration Interface Shaping Rate......................... 0 Queue Id Min. Bandwidth Scheduler Type Queue Management Type -------- -------------- -------------- --------------------- 0 0 Weighted Tail Drop 1 0 Weighted Tail Drop 2 0 Weighted Tail Drop 3 0 Weighted Tail Drop 4 0 Weighted Tail Drop 5 0 Weighted Tail Drop 6 0 Weighted Tail Drop This example displays the COS configuration for the specified interface 1/g1.
The following table lists the parameters in the examples and gives a description of each. Parameter Description Interface The port of the interface. If displaying the global configuration, this output line is replaced with a global configuration indication. Intf Shaping Rate The maximum transmission bandwidth limit for the interface as a whole. It is independent of any per-queue maximum bandwidth values in effect for the interface. This value is a configured value.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the DiffServ information.
User Guidelines This command has no user guidelines. Example The following example displays the statistics information for port 1/g1. console#show policy-map interface 1/g1 in Interface.................................... 1/g1 Operational Status........................... Down Policy Name.................................. DELL Interface Summary: Class Name................................... murali In Discarded Packets......................... 0 Class Name...................................
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays a summary of policy-oriented statistics information.
traffic-shape Use the traffic-shape command in Global Configuration mode and Interface Configuration mode to specify the maximum transmission bandwidth limit for the interface as a whole. This process, also known as rate shaping, has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded. To restore the default interface shaping rate value, use the no form of this command.
24 RADIUS Commands This chapter explains the following commands: • aaa accounting network default start-stop group radius • acct-port • auth-port • deadtime • key • msgauth • name • primary • priority • radius-server deadtime • radius-server host • radius-server key • radius-server retransmit • radius-server source-ip • radius-server timeout • retransmit • show radius-servers • show radius-servers statistics • source-ip • timeout • usage RADIUS Commands 505
aaa accounting network default start-stop group radius Use the aaa accounting network default start-stop group radius command to enable RADIUS accounting on the switch. Use the “no” form of this command to disable RADIUS accounting. Syntax aaa accounting network default start-stop group radius no aaa accounting network default start-stop group radius Default Configuration RADIUS accounting is disabled by default.
Default Configuration The default value of the port number is 1813. Command Mode Radius (accounting) mode User Guidelines There are no user guidelines for this command. Example The following example sets port number 56 for accounting requests. console(config)#radius-server host acct 3.2.3.2 console(Config-acct-radius)#acct-port 56 auth-port Use the auth-port command in Radius mode to set the port number for authentication requests of the designated Radius server.
Example The following example sets the port number 2412 for authentication requests. console(config)#radius-server host 192.143.120.123 console(config-radius)#auth-port 2412 deadtime Use the deadtime command in Radius mode to improve Radius response times when a server is unavailable by causing the unavailable server to be skipped. Syntax deadtime deadtime • deadtime — The amount of time that the unavailable server is skipped over.
key Use the key command to specify the encryption key which is shared with the RADIUS server. Use the "no" form of this command to remove the key. Syntax key key-string • key-string — A string specifying the encryption key (Range: 0 - 128 characters). Default Configuration There is no key configured by default. Command Mode Radius mode User Guidelines There are no user guidelines for this command. Example The following example specifies an authentication and encryption key of “lion-king”.
Default Configuration The message authenticator attribute is enabled by default. Command Mode Radius mode User Guidelines There are no user guidelines for this command. Example console(Config-auth-radius)#msgauth name Use the name command to assign a name to a RADIUS server. Use the "no" form of this command to reset the name to the default. Syntax name servername no name servername — The name for the RADIUS server (Range: 1 - 32 characters).
primary Use the primary command to specify that a configured server should be the primary server in the group of authentication servers which have the same server name. Multiple primary servers can be configured for each group of servers which have the same name. When the RADIUS client has to perform transactions with an authenticating RADIUS server of the specified name, it uses the primary server that has the specified server name by default.
Default Configuration The default priority is 0. Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command. Example The following example specifies a priority of 10 for the designated server. console(config)#radius-server host 192.143.120.
User Guidelines This command has no user guidelines. Example The following example sets the interval for which any unavailable Radius servers are skipped over by transaction requests to 10 minutes. console(config)#radius-server deadtime 10 radius-server host Use the radius-server host command in Global Configuration mode to specify a RADIUS server host and enter RADIUS Configuration mode. To delete the specified Radius host, use the no form of this command.
Example The following example specifies a Radius server host with the following characteristics: Server host IP address — 192.168.10.1 console(config)#radius-server host 192.168.10.1 radius-server key Use the radius-server key command in Global Configuration mode to set the authentication and encryption key for all Radius communications between the switch and the Radius server. To reset to the default, use the no form of this command.
radius-server retransmit Use the radius-server retransmit command in Global Configuration mode to specify the number of times the Radius client will retransmit requests to the Radius server. To reset the default configuration, use the no form of this command. Syntax radius-server retransmit retries no radius-server retransmit • retries — Specifies the retransmit value. (Range: 1–10) Default Configuration The default is 3 attempts.
no radius-server source-ip • source — Specifies the source IP address. Default Configuration The default IP address is the outgoing IP interface. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the source IP address used for communication with Radius servers to 10.1.1.1. console(config)#radius-server source-ip 10.1.1.
User Guidelines This command has no user guidelines. Example The following example sets the interval for which a switch waits for a server host to reply to 5 seconds. console(config)#radius-server timeout 5 retransmit Use the retransmit command in Radius mode to specify the number of times the Radius client retransmits requests to the Radius server. Syntax retransmit retries • retries — Specifies the retransmit value. (Range: 1-10 attempts) Default Configuration The default number for attempts is 3.
show radius-servers Use the show radius-servers command to display the list of configured RADIUS servers and the values configured for the global parameters of the RADIUS client. Syntax show radius-servers [accounting | authentication] [name [servername]] accounting — This optional parameter will cause accounting servers to be displayed. authentication — This optional parameter will cause authentication servers to be displayed.
Field Description Named Accounting Server Groups The number of configured named RADIUS server groups. Timeout The configured timeout value, in seconds, for request retransmissions. Retransmit The configured value of the maximum number of times a request packet is retransmitted. Deadtime The length of time an unavailable RADIUS server is skipped. RADIUS Accounting Mode A Global parameter to indicate whether the accounting mode for all the servers is enabled or not.
Retransmit : 3 Deadtime : 0 Source IP : 0.0.0.0 RADIUS Attribute 4 Mode : Disable RADIUS Attribute 4 Value : 0.0.0.0 console#show radius-servers accounting name Server Name Host Address Port Type -------------------------- -------------------- ------ ---------Default-RADIUS-Server 2.2.2.2 1813 Secondary console#show radius-servers name Default-RADIUS-Server RADIUS Server Name........................... Default-RADIUS-Server Current Server IP Address...................... 1.1.1.1 Retransmits......
show radius-servers statistics Use the show radius-servers statistics command to show the statistics for an authentication or accounting server. Syntax show radius-servers statistics [accounting | authentication] {ipaddress | hostname | name servername} • accounting | authentication — The type of server (accounting or authentication). • ipaddress — The RADIUS server host IP address. • hostname — Host name of the Radius server host (Range: 1–158 characters).
Field Description Requests The number of RADIUS Accounting Request packets sent to this server not including the retransmissions. Retransmissions The number of RADIUS Accounting Request packets retransmitted to this RADIUS accounting server. Responses The number of RADIUS packets received on the accounting port from this server. Malformed Responses The number of malformed RADIUS Accounting Response packets received from this server. Malformed packets include packets with an invalid length.
Field Description Access Accepts The number of RADIUS Access Accept packets, including both valid and invalid packets, that were received from this server. Access Rejects The number of RADIUS Access Reject packets, including both valid and invalid packets, that were received from this server. Access Challenges The number of RADIUS Access Challenge packets, including both valid and invalid packets, that were received from this server.
Retransmissions............................... 0 Responses..................................... 0 Malformed Responses........................... 0 Bad Authenticators............................ 0 Pending Requests.............................. 0 Timeouts...................................... 0 Unknown Types................................. 0 Packets Dropped............................... 0 console#show radius-server statistics name Default_RADIUS_Server RADIUS Server Name...................
source-ip Use the source-ip command in Radius mode to specify the source IP address to be used for communication with Radius servers. 0.0.0.0 is interpreted as a request to use the IP address of the outgoing IP interface. Syntax source-ip source • source — A valid source IP address. Default Configuration The IP address is of the outgoing IP interface. Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command.
Default Configuration The default value is 3 seconds. Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command. Example The following example specifies the timeout setting for the designated Radius Server. console(config)#radius-server host 192.143.120.123 console(config-radius)#timeout 20 usage Use the usage command in Radius mode to specify the usage type of the server.
User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command. Example The following example specifies usage type login. console(config)#radius-server host 192.143.120.
RADIUS Commands
Spanning Tree Commands 25 This chapter explains the following commands: • clear spanning-tree detected-protocols • exit (mst) • instance (mst) • name (mst) • revision (mst) • show spanning-tree • show spanning-tree summary • spanning-tree • spanning-tree auto-portfast • spanning-tree bpdu flooding • spanning-tree bpdu-protection • spanning-tree cost • spanning-tree disable • spanning-tree forward-time • spanning-tree guard • spanning-tree loopguard • spanning-tree max-age
• spanning-tree portfast bpdufilter default • spanning-tree portfast default • spanning-tree port-priority • spanning-tree priority • spanning-tree tcnguard • spanning-tree transmit hold-count Spanning Tree Commands
clear spanning-tree detected-protocols Use the clear spanning-tree detected-protocols command in Privileged EXEC mode to restart the protocol migration process (force the renegotiation with neighboring switches) on all interfaces or on the specified interface. Syntax clear spanning-tree detected-protocols [ethernet interface| port-channel port-channel-number] • interface — A valid Ethernet port. The full syntax is: unit/port. • port-channel-number — A valid port channel.
Default Configuration MST configuration. Command Mode MST mode User Guidelines This command has no user guidelines. Example The following example shows how to exit the MST configuration mode and save changes. console(config)#spanning-tree mst configuration console(config-mst)#exit instance (mst) Use the instance command in MST mode to map VLANS to an MST instance. Syntax instance instance-id {add | remove} vlan vlan-range • instance-ID — ID of the MST instance.
User Guidelines Before mapping VLANs to an instance use the spanning-tree mst enable command to enable the instance. All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree (CIST) instance (instance 0) and cannot be unmapped from the CIST. For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number, and the same name.
Example The following example sets the configuration name to “region1”. console(config)#spanning-tree mst configuration console(config-mst)#name region1 revision (mst) Use the revision command in MST mode to identify the configuration revision number. To return to the default setting, use the no form of this command. Syntax revision value no revision • value — Configuration revision number. (Range: 0-65535) Default Configuration Revision number is 0.
Syntax show spanning-tree [ethernet interface-number | port-channel port-channelnumber] [instance instance-id] show spanning-tree [detail] [active | blockedports] | [instance instance-id] show spanning-tree mst-configuration • detail — Displays detailed information. • active — Displays active ports only. • blockedports — Displays blocked ports only. • mst-configuration — Displays the MST configuration identifier. • interface-number — A valid Ethernet port number.
Address 80:00:00:FC:E3:90:00:5D This Switch is the Root. Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec TxHoldCount 6 sec Interfaces Name ------ State Prio.Nbr Cost Sts -------- --------- ---------- Role PortFast Restricted ---- ----- -------- ------- 1/g1 Enabled 128.1 0 DIS Disb No No 1/g2 Enabled 128.2 0 DIS Disb No No 1/g3 Enabled 128.3 0 DIS Disb No No 1/g4 Enabled 128.4 0 DIS Disb No No --More-- or (q)uit Name ------ 536 State Prio.
1/g19 Enabled 128.19 0 DIS Disb No No 1/g20 Enabled 128.20 0 DIS Disb No No --More-- or (q)uit Name ------ State Prio.Nbr Cost Sts -------- --------- ---------- Role PortFast Restricted ---- ----- -------- ------- 1/g21 Enabled 128.21 0 DIS Disb No No 1/g22 Enabled 128.22 0 DIS Disb No No 1/g23 Enabled 128.23 0 DIS Disb No No 1/g24 Enabled 128.24 0 DIS Disb No No 1/xg1 Enabled 128.25 0 DIS Disb No No 1/xg2 Enabled 128.
Regional Root Path Cost: 0 ROOT ID Address Path Cost Root Port 40:00:00:FC:E3:90:06:0F 20000 1/g1 Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec TxHoldCount 6 sec Bridge ID Priority 32768 Address 80:00:00:FC:E3:90:00:5D Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Restricted ------ Prio.Nbr Cost Sts -------- --------- ---------- Role PortFast ---- ----- -------- ------- --More-- or (q)uit Name State Restricted ------ 538 Prio.
1/g12 Enabled 128.12 0 DIS Disb No No 1/g13 Enabled 128.13 0 DIS Disb No No 1/g14 Enabled 128.14 0 DIS Disb No No 1/g15 Enabled 128.15 0 DIS Disb No No 1/g16 Enabled 128.16 0 DIS Disb No No Sts Role PortFast --More-- or (q)uit Name State Restricted ------ Prio.Nbr Cost -------- --------- ---------- ---- ----- -------- ------- 1/g17 Enabled 128.17 0 DIS Disb No No 1/g18 Enabled 128.18 0 DIS Disb No No 1/g19 Enabled 128.
ch6 Enabled 128.631 0 DIS Disb No No ch7 Enabled 128.632 0 DIS Disb No No ch8 Enabled 128.633 0 DIS Disb No No ch9 Enabled 128.634 0 DIS Disb No No ch10 Enabled 128.635 0 DIS Disb No No ch11 Enabled 128.636 0 DIS Disb No No ch12 Enabled 128.637 0 DIS Disb No No ch13 Enabled 128.638 0 DIS Disb No No ch14 Enabled 128.639 0 DIS Disb No No ch15 Enabled 128.640 0 DIS Disb No No ch16 Enabled 128.
Priority 32768 Address 80:00:00:FC:E3:90:00:5D Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State RestrictedPort ------ Prio.Nbr Cost -------- --------- ---------- Sts Role PortFast ---- ----- -------- ------- --More-- or (q)uit Name State RestrictedPort ------ Prio.Nbr Cost -------- --------- ---------- Sts Role PortFast ---- ----- -------- ------- 1/g1 Enabled 128.1 20000 FWD Root No No 1/g3 Enabled 128.
Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 Address 80:00:00:FC:E3:90:00:5D Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State RestrictedPort ------ Prio.Nbr Cost -------- --------- ---------- Sts Role PortFast ---- ----- -------- ------- --More-- or (q)uit Name State RestrictedPort ------ Prio.Nbr Cost -------- --------- ---------- Sts Role PortFast ---- ----- -------- ------- 1/g4 Enabled 128.
User Guidelines The following fields are displayed: Spanning Tree Admin Mode Enabled or disabled Spanning Tree Version Version of 802.1 currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE 802.1d) based upon the mode parameter. BPDU Protection Mode Enabled or disabled. BPDU Filter Mode Enabled or disabled. BPDU Flooding Mode Enabled or disabled. Configuration Name Identifier used to identify the configuration currently being used.
Configuration Revision Level...... 0 Configuration Digest Key.......... 0xac36177f50283cd4b83821d8ab26de62 Configuration Format Selector..... 0 No MST instances to display. spanning-tree Use the spanning-tree command in Global Configuration mode to enable spanning-tree functionality. To disable spanning-tree functionality, use the no form of this command. Syntax spanning-tree no spanning-tree Default Configuration Spanning-tree is enabled.
spanning-tree auto-portfast Use the spanning-tree auto-portfast command to set the port to auto portfast mode. This enables the port to become a portfast port if it does not see any BPDUs for 3 seconds. Use the “no” form of this command to disable auto portfast mode. Syntax spanning-tree auto-portfast no spanning-tree auto-portfast Default Configuration Auto portfast mode is disabled by default.
no spanning-tree bpdu flooding Default Configuration This feature is disabled by default. Command Mode Global Configuration mode Usage Guidelines There are no usage guidelines for this command. Example console#spanning-tree bpdu flooding spanning-tree bpdu-protection Use the spanning-tree bpdu-protection command in Global Configuration mode to enable BPDU protection on a switch. Use the no form of this command to resume the default status of BPDU protection function.
Default Configuration BPDU protection is not enabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables BPDU protection. console(config)#spanning-tree bpdu-protection spanning-tree cost Use the spanning-tree cost command in Interface Configuration mode to configure the spanning-tree path cost for a port. To return to the default port path cost, use the no form of this command.
Command Mode Interface Configuration (Ethernet, Port-Channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures the spanning-tree cost on 1/g5 to 35000. console(config)#interface ethernet 1/g5 console(config-if-1/g5)#spanning-tree cost 35000 spanning-tree disable Use the spanning-tree disable command in Interface Configuration mode to disable spanning-tree on a specific port. To enable spanning-tree on a port, use the no form of this command.
console(config-if-1/g5)#spanning-tree disable spanning-tree forward-time Use the spanning-tree forward-time command in Global Configuration mode to configure the spanning-tree bridge forward time, which is the amount of time a port remains in the listening and learning states before entering the forwarding state. To reset the default forward time, use the no form of this command. Syntax spanning-tree forward-time seconds no spanning-tree forward-time • seconds — Time in seconds.
spanning-tree guard The spanning-tree guard command selects whether loop guard or root guard is enabled on an interface. If neither is enabled, the port operates in accordance with the multiple spanning tree protocol. Use the “no” form of this command to disable loop guard or root guard on the interface. Syntax spanning-tree guard {root | loop | none} • root — Enables root guard. • loop — Enables loop guard • none — Disables root and loop guard.
Syntax spanning-tree loopguard default no spanning-tree loopguard default Default Configuration Loop guard is disabled by default. Command Mode Global Configuration mode Usage Guidelines There are no usage guidelines for this command. Example The following example enables spanning-tree loopguard functionality on all ports.
User Guidelines When configuring the Max-Age the following relationships should be satisfied: 2*(Forward-Time - 1) >= Max-Age Max-Age >= 2*(Hello-Time + 1) Example The following example configures the spanning-tree bridge maximum-age to 10 seconds. console(config)#spanning-tree max-age 10 spanning-tree max-hops Use the spanning-tree max-hops command to set the MSTP Max Hops parameter to a new value for the common and internal spanning tree.
spanning-tree mode Use the spanning-tree mode command in Global Configuration mode to configure the spanning-tree protocol. To return to the default configuration, use the no form of this command. Syntax spanning-tree mode {stp | rstp |mstp} no spanning-tree mode • stp — Spanning Tree Protocol (STP) is enabled. • rstp — Rapid Spanning Tree Protocol (RSTP) is enabled. • mstp — Multiple Spanning Tree Protocol (MSTP) is enabled. Default Configuration Rapid Spanning Tree Protocol (RSTP) is supported.
This command is used to configure rstp path cost. Use the “no” form of this command to reset the external cost to the default. Syntax spanning-tree mst 0 external-cost cost no spanning-tree mst 0 external-cost • cost — The external cost of the common spanning tree (Range: 0–200000000). Default Configuration The default cost is 0, which signifies that the cost is automatically calculated based on port speed.
Syntax spanning-tree mst configuration Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number and the same name. Example The following example configures an MST region.
• cost — The port path cost. (Range: 0–200,000,000) Default Configuration The default value is 0, which signifies that the cost will be automatically calculated based on port speed. The default configuration is: • Ethernet (10 Mbps) — 2,000,000 • Fast Ethernet (100 Mbps) — 200,000 • Gigabit Ethernet (1000 Mbps) — 20,000 • Port-Channel — 20,000 Command Mode Interface Configuration (Ethernet, Port-Channel) mode User Guidelines This command has no user guidelines.
• priority — The port priority. (Range: 0–240 in multiples of 16) Default Configuration The default port-priority for IEEE MSTP is 128. Command Mode Interface Configuration (Ethernet, Port-Channel) mode User Guidelines This command has no user guidelines. Example The following example configures the port priority of port 1/g1 to 144.
Command Mode Global Configuration mode User Guidelines The priority value must be a multiple of 4096. The switch with the lowest priority is selected as the root of the spanning tree. Example The following example configures the spanning tree priority of instance 1 to 4096. console(config)#spanning-tree mst 1 priority 4096 spanning-tree portfast Use the spanning-tree portfast command in Interface Configuration mode to enable PortFast mode.
An interface with PortFast mode enabled is moved directly to the spanning tree forwarding state when linkup occurs without waiting the standard forward-time delay. Example The following example enables PortFast on 1/g5. console(config)#interface ethernet 1/g5 console(config-if-1/g5)#spanning-tree portfast spanning-tree portfast bpdufilter default The spanning-tree portfast bpdufilter default command discards BPDUs received on spanning-tree ports in portfast mode.
spanning-tree portfast default Use the spanning-tree portfast default command to enable Portfast mode only on access ports. Use the “no” form of this command to disable Portfast mode on all ports. Syntax spanning-tree portfast default no spanning-tree portfast default Default Configuration Portfast mode is disabled by default. Command Mode Global Configuration mode Usage Guidelines There are no usage guidelines for this command. Example The following example enables Portfast mode on all ports.
Default Configuration The default port-priority for IEEE STP is 128. Command Mode Interface Configuration (Ethernet, Port-Channel) mode User Guidelines The priority value must be a multiple of 16. Example The following example configures the spanning priority on 1/g5 to 96. console(config)#interface ethernet 1/g5 console(config-if-1/g5)#spanning-tree port-priority 96 spanning-tree priority Use the spanning-tree priority command in Global Configuration mode to configure the spanning-tree priority.
User Guidelines The priority value must be a multiple of 4096. The switch with the lowest priority is the root of the spanning tree. Example The following example configures spanning-tree priority to 12288. console(config)#spanning-tree priority 12288 spanning-tree tcnguard Use the spanning-tree tcnguard command to prevent a port from propagating topology change notifications. Use the “no” form of the command to enable TCN propagation.
spanning-tree transmit hold-count Use the spanning-tree transmit hold-count command to set the maximum number of BPDUs that a bridge is allowed to send within a hello time window (2 seconds). Use the “no” form of this command to reset the hold count to the default value. Syntax spanning-tree transmit hold-count [value] no spanning-tree transmit hold-count • value — The maximum number of BPDUs to send (Range: 1–10). Default Configuration The default hold count is 6 BPDUs.
Spanning Tree Commands
Switchport Voice Commands 26 This chapter explains the following commands: • show switchport voice • switchport voice detect auto Switchport Voice Commands 565
show switchport voice Use the show switchport voice command to show the status of auto-voip on an interface or all interfaces. Syntax show switchport voice [interface {ethernet interface | port-channel index}] • ethernet interface —Specifies a valid interface. The full syntax is unit/port. • port-channel index — Specifies the port-channel number. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode.
1/g8 Enabled 6 1/g9 Enabled 6 1/g10 Enabled 6 1/g11 Enabled 6 1/g12 Enabled 6 1/g13 Enabled 6 1/g14 Enabled 6 1/g15 Enabled 6 1/g16 Enabled 6 1/g17 Enabled 6 1/g18 Enabled 6 1/g19 Enabled 6 1/g20 Enabled 6 --More-- or (q)uit console#show switchport voice ethernet 1/g1 Interface Auto VoIP Mode Traffic Class --------- -------------- ------------1/g1 Disabled 6 console#show switchport voice port-channel 1 Interface Auto VoIP Mode Traffic Class --------- ------------
The command output provides the following information: • AutoVoIP Mode—The Auto VoIP mode on the interface. • Traffic Class—The Cos Queue or Traffic Class to which all VoIP traffic is mapped. This is not configurable and defaults to the highest COS queue available in the system for data traffic.
TACACS+ Commands 27 This chapter explains the following commands: • key • port • priority • show tacacs • tacacs-server host • tacacs-server key • tacacs-server timeout • timeout TACACS+ Commands 569
key Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all TACACS communications between the device and the TACACS server. This key must match the key used on the TACACS daemon. Syntax key [key-string] • key-string — To specify the key name. (Range: 1–128 characters) Default Configuration If left unspecified, the key-string parameter defaults to the global value.
Default Configuration The default port number is 49. Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to specify server port number 1200. console(tacacs)#port 1200 priority Use the priority command in TACACS Configuration mode to specify the order in which servers are used, where 0 (zero) is the highest priority. Syntax priority [priority] • priority — Specifies the priority for servers.
console(config-tacacs)#priority 10000 show tacacs Use the show tacacs command in Privileged EXEC mode to display the configuration and statistics of a TACACS+ server. Syntax show tacacs [ip-address] • ip-address — The name or IP address of the host. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Examples The following example displays TACACS+ server settings.
tacacs-server host Use the tacacs-server host command in Global Configuration mode to configure a TACACS+ server. This command enters into the TACACS+ configuration mode. To delete the specified hostname or IP address, use the no form of this command. Syntax tacacs-server host {ip-address | hostname} no tacacs-server host {ip-address | hostname} • ip-address — The IP address of the TACACS+ server. • hostname — The hostname of the TACACS+ server. (Range: 1-255 characters).
Syntax tacacs-server key [key-string] no tacacs-server key • key-string — Specifies the authentication and encryption key for all TACACS communications between the switch and the TACACS+ server. This key must match the key used on the TACACS+ daemon. (Range: 0–128 characters) Default Configuration The default is an empty string. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the authentication encryption key.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the timeout value as 30. console(config)#tacacs-server timeout 30 timeout Use the timeout command in TACACS Configuration mode to specify the timeout value in seconds. If no timeout value is specified, the global value is used. Syntax timeout [timeout] • timeout — The timeout value in seconds.
TACACS+ Commands
28 VLAN Commands This chapter explains the following commands: • dvlan-tunnel ethertype • interface vlan • interface range vlan • mode dvlan-tunnel • name • protocol group • protocol vlan group • protocol vlan group all • show dvlan-tunnel • show dvlan-tunnel interface • show interfaces switchport • show port protocol • show port protocol • show vlan • show vlan association mac • show vlan association subnet • switchport access vlan • switchport forbidden vlan • switchp
• switchport trunk allowed vlan • vlan • vlan association mac • vlan association subnet • vlan database • vlan makestatic • vlan protocol group • vlan protocol group add protocol • vlan protocol group name • vlan protocol group remove • groupid — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command.
dvlan-tunnel ethertype Use the dvlan-tunnel ethertype command in Global Configuration mode to configure the ethertype for the specified interface. To configure the EtherType on the specified interface to its default value, use the no form of this command. Syntax dvlan-tunnel ethertype {802.1Q | vman | custom <0-65535>} no dvlan-tunnel ethertype • 802.1Q — Configures the EtherType as 0x8100. • vman — Configures the EtherType as 0x88A8. • custom — Custom configures the EtherType for the DVLAN tunnel.
Syntax interface vlan vlan-id • vlan-id — The ID of a valid VLAN (Range: 1–4093). Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the VLAN 1 IP address of 131.108.1.27 and subnet mask 255.255.255.0. console(config)#interface vlan 1 console(config-vlan)#ip address 131.108.1.27 255.255.255.
Command Mode Global Configuration mode User Guidelines Commands used in the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, an error message is displayed and execution continues on other interfaces. Example The following example groups VLAN 221 till 228 and VLAN 889 to receive the same command.
Example The following example displays how to enable Double VLAN Tunneling at ethernet port 1/g1. console(config-if-1/g1)#mode dvlan-tunnel name Use the name command in Interface Configuration mode to add a name to a VLAN. To remove the VLAN name, use the no form of this command. NOTE: This command cannot be configured for a range of interfaces (range context). Syntax name string no name • string — Comment or description to help identify a specific VLAN (Range: 1–32 characters).
protocol group Use the protocol group command in VLAN Database mode to attach a VLAN ID to the protocol-based group identified by groupid. A group may only be associated with one VLAN at a time. However, the VLAN association can be changed. The referenced VLAN should be created prior to the creation of the protocol-based group except when GVRP is expected to create the VLAN. To detach the VLAN from this protocol-based group identified by this groupid, use the no form of this command.
protocol vlan group Use the protocol vlan group command in Interface Configuration mode to add the physical unit/port interface to the protocol-based group identified by groupid. A group may have more than one interface associated with it. Each interface and protocol combination can be associated with one group only. If adding an interface to a group causes any conflicts with protocols currently associated with the group, this command fails and the interface(s) are not added to the group.
console(config-if-1/g1)#protocol vlan group 2 protocol vlan group all Use the protocol vlan group all command in Global Configuration mode to add all physical interfaces to the protocol-based group identified by groupid. A group may have more than one interface associated with it. Each interface and protocol combination can be associated with one group only.
console(config)#protocol vlan group all 2 show dvlan-tunnel Use the show dvlan-tunnel command in Privileged EXEC mode to display all interfaces enabled for Double VLAN Tunneling. Syntax show dvlan-tunnel Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example shows how to display all interfaces for Double VLAN Tunneling.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays detailed information for unit/port "1/g1." console#show dvlan-tunnel interface 1/g1 Interface Mode EtherType --------- ------- -------------- 1/g1 Enable vMAN The following table describes the significant fields shown in the example.
Syntax show interfaces switchport {ethernet interface|port-channel port-channelnumber} • Interface — Specific interface, such as ethernet 1/g8. • port-channel-number — Valid port-channel trunk index. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Examples The following example displays switchport configuration individually for g1.
8 VLAN008 tagged Dynamic 11 VLAN0011 tagged Static 19 IPv6 VLAN untagged Static 72 VLAN0072 untagged Static Static configuration: PVID: 1 (default) Ingress Filtering: Enabled Acceptable Frame Type: All Port 1/g1 is statically configured to: VLAN Name Egress rule ---- --------- ----------- 11 VLAN0011 tagged 19 IPv6 VLAN untagged 72 VLAN0072 untagged Forbidden VLANS: VLAN Name ---- --------- 73 Out The following example displays switchport configuration individually for 1
Port 1/g1 is member in: VLAN Name Egress rule Type ---- --------- ----------- ----- 91 IP Telephony tagged Static Static configuration: PVID: 8 Ingress Filtering: Disabled Acceptable Frame Type: All Port 1/g2 is statically configured to: VLAN Name Egress rule ---- --------- ----------- 8 VLAN0072 untagged 91 IP Telephony tagged Forbidden VLANS: VLAN Name ---- --------- 73 Out The following example displays switchport configuration individually for 2/g19.
Port 2/g19 is member in: VLAN Name Egress rule Type ---- --------- ----------- ----- 2921 Primary A untagged Static 2922 Community A1 untagged Static Static configuration: PVID: 2922 Ingress Filtering: Enabled Acceptable Frame Type: Untagged GVRP status: Disabled Port 2/g19 is member in: VLAN Name Egress rule Type ---- --------- ----------- ----- 2921 Primary A untagged Static 2922 Community A1 untagged Static show port protocol Use the show port protocol command in Privilege
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the Protocol-Based VLAN information for either the entire system.
User Guidelines This command has no user guidelines. Example The following example identifies test as the protected group. console#show switchport protected 0 Name......................................... test show vlan Use the show vlan command in Privileged EXEC mode to display VLAN information. Syntax show vlan [id vlan-id | name vlan-name] • vlan-id — A valid VLAN ID. • vlan-name — A valid VLAN name string. (Range: 1–32 characters) Default Configuration This command has no default configuration.
2/g1-1/g4 10 VLAN0010 1/g3-1/g4 dynamic Required 11 VLAN0011 1/g1-1/g2 static Required 20 VLAN0020 1/g3-1/g4 static Required 21 VLAN0021 static Required 30 VLAN0030 static Required 31 VLAN0031 static Required 91 VLAN0011 1/g1-1/g2 static Not Required 3964 Guest VLAN 1/g17 Guest - show vlan association mac Use the show vlan association mac command in Privileged EXEC mode to display the VLAN associated with a specific configured MAC address.
MAC Address VLAN ID ----------------------- ------- 0001.0001.0001.0001 1 show vlan association subnet Use the show vlan association subnet command in Privileged EXEC mode to display the VLAN associated with a specific configured IP-Address and netmask. If no IP Address and net mask are specified, the VLAN associations of all the configured IP-subnets are displayed.
switchport access vlan Use the switchport access vlan command in Interface Configuration mode to configure the VLAN ID when the interface is in access mode. To reconfigure the default, use the no form of this command. Syntax switchport access vlan vlan-id no switchport access vlan • vlan-id — A valid VLAN ID of the VLAN to which the port is configured. Default Configuration The default value for the vlan-id parameter is 1.
Syntax switchport forbidden vlan {add vlan-list | remove vlan-list} • add vlan-list — List of valid VLAN IDs to add to the forbidden list. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. • remove vlan-list — List of valid VLAN IDs to remove from the forbidden list. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. Default Configuration All VLANs allowed.
no switchport general acceptable-frame-type tagged-only Default Configuration All frame types are accepted at ingress. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines This command has no user guidelines. Example The following example configures 1/g8 to discard untagged frames at ingress.
• untagged — Sets the port to transmit untagged packets for the VLANs. Default Configuration Untagged. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines You can use this command to change the egress rule (for example, from tagged to untagged) without first removing the VLAN from the list. Example The following example shows how to add VLANs 1, 2, 5, and 8 to the allowed list.
User Guidelines This command has no user guidelines. Example The following example shows how to enables port ingress filtering on 1/g8. console(config)#interface ethernet 1/g8 console(config-if-1/g8)#switchport general ingressfiltering disable switchport general pvid Use the switchport general pvid command in Interface Configuration mode to configure the Port VLAN ID (PVID) when the interface is in general mode. Use the switchport mode general command to set the VLAN membership mode of a port to "general.
Example The following example shows how to configure the PVID for 1/g8, when the interface is in general mode. console(config)#interface ethernet 1/g8 console(config-if-1/g8)#switchport general pvid 234 switchport mode Use the switchport mode command in Interface Configuration mode to configure the VLAN membership mode of a port. To reset the mode to the appropriate default for the switch, use the no form of this command.
User Guidelines This command has no user guidelines. Example The following example configures 1/g8 to access mode. console(config)#interface ethernet 1/g8 console(config-if-1/g8)#switchport mode access switchport protected Use the switchport protected command in Interface Configuration mode to configure a protected port. The groupid parameter identifies the set of protected ports to which this interface is assigned. You can only configure an interface as protected in one group.
Example The following example configures Ethernet port 1/g1 as a member of protected group 1. console(config)#interface ethernet 1/g1 console(config-if-1/g1)#switchport protected 1 switchport protected name Use the switchport protected name command in Global Configuration mode to adds the port to the protected group 1 and also sets the group name to "protected".
switchport trunk allowed vlan Use the switchport trunk allowed vlan command in Interface Configuration mode to add VLANs to or remove VLANs from a trunk port. Syntax switchport trunk allowed vlan {add vlan-list | remove vlan-list} • add vlan-list — List of VLAN IDs to add. Separate non-consecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. • remove vlan-list — List of VLAN IDs to remove. Separate non-consecutive VLAN IDs with a comma and no spaces.
Syntax vlan vlan-range no vlan vlan-range • vlan-range — A list of valid VLAN IDs to be added. List separate, nonconsecutive VLAN IDs separated by commas (without spaces); use a hyphen to designate a range of IDs. (Range: 2–4093) Default Configuration This command has no default configuration. Command Mode VLAN Database mode User Guidelines Deleting the VLAN for an access port will cause that port to become unusable until it is assigned a VLAN that exists.
vlanid — VLAN to associate with subnet. (Range: 1-4093) Default Configuration No assigned MAC address. Command Mode VLAN Database mode User Guidelines This command has no user guidelines. Example The following example associates MAC address with VLAN ID 1. console(config-vlan)#vlan association mac 0001.0001.0001 1 vlan association subnet Use the vlan association subnet command in VLAN Database mode to associate a VLAN to a specific IP-subnet.
User Guidelines This command has no user guidelines. Example The following example associates IP address with VLAN ID 100. console(config-vlan)#vlan association subnet 192.245.23.45 255.255.255.0 100 vlan database Use the vlan database command in Global Configuration mode to enter the VLAN database configuration mode. Syntax vlan database Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 24093. Syntax vlan makestatic vlan-id • vlan-id — Valid vlan ID. Range is 2–4093. Default Configuration This command has no default configuration.
existing command vlan protocol group is updated to vlan protocol group so that groupid is used for both configuration and script generation. NOTE: If an attempt is made to migrate to the latest implementation with any of the groupnames deleted prior to saving configuration on the pre 3.0.0.x code (applicable only for platforms PC62xx, PCM622x, PCM8024), the problem on the latest code will remain.
To remove the protocol from the protocol-based VLAN group identified by groupid, use the no form of this command. Syntax vlan protocol group add protocol ethertype no vlan protocol group add protocol ethertype • groupid — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command.
vlan protocol group name This is a new command for assigning a group name to vlan protocol group id. Syntax vlan protocol group name no vlan protocol group name • groupid—The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command • groupName—The group name you want to add.
vlan protocol group remove Use the vlan protocol group remove command in Global Configuration mode to remove the protocol-based VLAN group identified by groupid. Syntax vlan protocol group remove groupid • groupid — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command.
vlan routing Use the vlan routing command to enable routing on a VLAN. Use the “no” form of this command to disable routing on a VLAN. Syntax vlan routing vlanid [index] • vlanid— Valid VLAN ID (Range 1–4093). • index — Internal interface ID. This optional parameter is listed in the configuration file for all VLAN routing interfaces.
VLAN Commands
Voice VLAN Commands 29 This chapter explains the following commands: • voice vlan • voice vlan (Interface) • voice vlan data priority • show voice vlan Voice VLAN Commands 615
voice vlan This command is used to enable the voice vlan capability on the switch. Syntax voice vlan no voice vlan Parameter Ranges Not applicable Command Mode Global Configuration Usage Guidelines Not applicable Default Value This feature is disabled by default. Example console(config)#voice vlan console(config)#no voice vlan voice vlan (Interface) This command is used to enable the voice vlan capability on the interface.
• trust —Trust the dot1p priority or DSCP values contained in packets arriving on the voice vlan port. • untrust —Do not trust the dot1p priority or DSCP values contained in packets arriving on the voice vlan port. • dscp —The DSCP value (Range: 0–64). Default Configuration The default DSCP value is 46. Command Mode Interface Configuration (Ethernet) mode. User Guidelines There are no user guidelines for this command.
Command Mode Interface Configuration Default Value trust Example console(config-if-1/g1)#voice vlan data priority untrust console(config-if-1/g1)#voice vlan data priority trust show voice vlan show voice vlan [interface { |all}] Syntax When the interface parameter is not specified, only the global mode of the voice VLAN is displayed. When the interface parameter is specified: Voice VLAN ModeThe admin mode of the voice VLAN on the interface. Voice VLAN IdThe voice VLAN ID.
Example (console) #show voice vlan interface 1/g1 Interface...............................1/g1 Voice VLAN Interface Mode...............Enabled Voice VLAN ID...........................1 Voice VLAN COS Override.................False Voice VLAN Port Status..................
Voice VLAN Commands
802.
dot1x mac-auth-bypass Use the dot1x mab-enable command to enable MAB on an interface. Use the “no” form of this command to disable MAB on an interface. Syntax dot1x mac-auth-bypass no dot1x mac-auth-bypass Default Configuration MAC Authentication Bypass is disabled by default. Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command.
Default Configuration The default value for the count parameter is 2. Command Mode Interface Configuration (Ethernet) mode User Guidelines Change the default value of this command only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. Example The following example sets the number of times that the switch sends an EAP-request/identity frame to 6.
Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following command limits the number of devices that can authenticate on port 1/g2 to 3. console(config-if-1/g2)#dot1x max-users 3 dot1x port-control Use the dot1x port-control command in Interface Configuration mode to enable the IEEE 802.1X operation on the port.
Default Configuration The default configuration is auto. Command Mode Interface Configuration (Ethernet) mode User Guidelines It is recommended that you disable the spanning tree or enable spanning-tree PortFast mode on 802.1x edge ports (ports in auto state that are connected to end stations), in order to go immediately to the forwarding state after successful authentication. When configuring a port to use MAC-based authentication, the port must be in switchport general mode.
User Guidelines This command has no user guidelines. Example The following command manually initiates a re-authentication of the 802.1xenabled port. console# dot1x re-authenticate ethernet 1/g16 dot1x re-authentication Use the dot1x re-authentication command in Interface Configuration mode to enable periodic re-authentication of the client. To return to the default setting, use the no form of this command.
dot1x system-auth-control Use the dot1x system-auth-control command in Global Configuration mode to enable 802.1x globally. To disable 802.1x globally, use the no form of this command. Syntax dot1x system-auth-control no dot1x system-auth-control Default Configuration The default for this command is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables 802.1x globally.
Default Configuration The switch remains in the quiet state for 90 seconds. Command Mode Interface Configuration (Ethernet) mode User Guidelines It is recommended that the user set the dot1x timeout guest-vlan-period to at least three times the while timer, so that at least three EAP Requests are sent, before assuming that the client is a dot1x unaware client. Example The following example sets the dot1x timeout guest vlan period to 100 seconds.
Command Mode Interface Configuration (Ethernet) mode User Guidelines During the quiet period, the switch does not accept or initiate any authentication requests. Change the default value of this command only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. To provide a faster response time to the user, enter a smaller number than the default.
Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example sets the number of seconds between re-authentication attempts to 300. console(config)# interface ethernet 1/g16 console(config-if-1/g16)# dot1x timeout re-authperiod 300 dot1x timeout server-timeout Use the dot1x timeout server-timeout command in Interface Configuration mode to set the time that the switch waits for a response from the authentication server.
User Guidelines The actual timeout is this parameter or the product of the Radius transmission times the Radius timeout, whichever is smaller Example The following example sets the time for the retransmission to the authentication server to 3600 seconds.
Example The following example sets the time for the retransmission of an EAP-request frame to the client to 3600 seconds. console(config-if-1/g1)# dot1x timeout supp-timeout 3600 dot1x timeout tx-period Use the dot1x timeout tx-period command in Interface Configuration mode to set the number of seconds that the switch waits for a response to an Extensible Authentication Protocol (EAP)-request/identity frame from the client before resending the request.
Example The following command sets the number of seconds that the switch waits for a response to an EAP-request/identity frame to 3600 seconds. console(config)# interface ethernet 1/g16 console(config-if-1/g16)# dot1x timeout tx-period 3600 show dot1x Use the show dot1x command in Privileged EXEC mode to display 802.1X status for the switch or for the specified interface. This feature is an extension of Dot1x Option 81 feature added in Power Connect Release 2.1.
Port Admin Oper Reauth Mode Mode Control ------- ------------------ ------------ -------- 1/g8 auto Authorized FALSE Reauth Period ---------3600 User Name...................................... Clark Quiet Period................................... 60 Transmit Period................................ 30 Maximum Requests............................... 2 Max Users...................................... 16 VLAN Assigned.................................. Supplicant Timeout............................
Field Description Reauth Control Indicates whether re-authentication is enabled on this port. Reauth Period The timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place. The value is expressed in seconds and will be in the range of 1 and 65535. Username The username representing the identity of the Supplicant. This field shows the username when the port control is auto or mac-based.
Field Description Authenticator PAE State Current state of the authenticator PAE state machine. Possible values are Initialize, Disconnected, Connecting, Authenticating, Authenticated, Aborting, Held, ForceAuthorized, and ForceUnauthorized. Backend Authentication Current state of the backend authentication state State machine. Possible values are Request, Response, Success, Fail, Timeout, Idle, and Initialize.
User Guidelines This command has no user guidelines. Example The following example displays information about the 802.1x clients authenticated on port 1/g9. console#show dot1x clients ethernet 1/g9 Interface............................ 1/g9 User Name............................ guest1 Supp MAC Address..................... 0012.1756.76EA Session Time......................... 118 Filter Id............................ VLAN Assigned........................ 1 Interface............................
The following table describes the significant fields shown in the display: Field Description Interface The port number. Username The username representing the identity of the Supplicant. This field shows the username when the port control is auto or mac-based. If the port is Authorized, it shows the username of the current user. If the port is unauthorized it shows the last user that was authenticated successfully.
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show dot1x ethernet 1/g1 Administrative Mode............... Disabled Port Admin Oper Reauth Reauth Mode Mode Control ------- ------------------ ------------ -------- ---------- Period 1/g1 auto Authorized FALSE 3600 Quiet Period................................... 60 Transmit Period................................ 30 Maximum Requests...............................
show dot1x statistics Use the show dot1x statistics command in Privileged EXEC mode to display 802.1x statistics for the specified interface. Syntax show dot1x statistics ethernet interface • interface — Ethernet port name. The full syntax is unit/port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays 802.1x statistics for the specified interface.
EAP Request/Id Frames Transmitted.............. 0 EAP Request Frames Transmitted................. 0 Invalid EAPOL Frames Received.................. 0 EAPOL Length Error Frames Received............. 0 The following table describes the significant fields shown in the display. Field Description EapolFramesRx The number of valid EAPOL frames of any type that have been received by this Authenticator. EapolFramesTx The number of EAPOL frames of any type that have been transmitted by this Authenticator.
Field Description EapLengthErrorFramesRx The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid. LastEapolFrameVersion The protocol version number carried in the most recently received EAPOL frame. LastEapolFrameSource The source MAC address carried in the most recently received EAPOL frame. show dot1x users Use the show dot1x users command in Privileged EXEC mode to display 802.1x authenticated users for the switch.
Example The following example displays 802.1x users. console#show dot1x users Port Username --------- --------1/g1 Bob 1/g2 John Switch# show dot1x users username Bob Port Username --------- --------1/g1 Bob The following table describes the significant fields shown in the display: Field Description Username The username representing the identity of the Supplicant. Port The port that the user is using. 802.
Default Configuration The guest VLAN is disabled on the interface by default. Command Mode Interface Configuration (Ethernet) mode User Guidelines Configure the guest VLAN before using this command. Example The following example sets the guest VLAN on port 1/g2 to VLAN 10. console(config-if-1/g2)#dot1x guest-vlan 10 dot1x unauth-vlan Use the dot1x unauth-vlan command in Interface Configuration mode to specify the unauthenticated VLAN on a port.
Example The following example set the unauthenticated VLAN on port 1/g2 to VLAN 20. console(config-if-1/g2)#dot1x unauth-vlan 20 show dot1x advanced Use the show dot1x advanced command in Privileged EXEC mode to display 802.1x advanced features for the switch or for the specified interface. The output of this command has been updated in release 2.1 to remove the Multiple Hosts column and add an Unauthenticated VLAN column, which indicates whether an unauthenticated VLAN is configured on a port.
Example The following example displays 802.1x advanced features for the switch. console#show dot1x advanced Port Guest Unauthenticated VLAN Vlan --------- --------- --------------- 1/g1 Disabled Disabled 1/g2 10 20 1/g3 Disabled Disabled 1/g4 Disabled Disabled 1/g5 Disabled Disabled 1/g6 Disabled Disabled console#show dot1x advanced ethernet 1/g2 Port Guest VLAN Unauthenticated Vlan --------- --------- --------------- 1/g2 10 20 646 802.
802.1x Option 81 radius-server attribute 4 Use the radius-server attribute 4 command in Global Configuration mode to set the network access server (NAS) IP address for the RADIUS server. Use the no version of the command to set the value to the default. Syntax radius-server attribute 4 ip-address no dot1x guest-vlan • ip-address — Specifies the IP address to be used as the RADIUS attribute 4, the NAS IP address.
802.
ARP Commands 31 This chapter explains the following commands: • arp • arp cachesize • arp dynamicrenew • arp purge • arp resptime • arp retries • arp timeout • clear arp-cache • clear arp-cache management • ip proxy-arp • show arp ARP Commands 649
arp Use the arp command in Global Configuration mode to create an Address Resolution Protocol (ARP) entry. Use the no form of the command to remove the entry. Syntax arp ip-address mac-address no arp ip-address • ip-address — IP address of a device on a subnet attached to an existing routing interface. • mac-address — A unicast MAC address for that device. Default Configuration This command has no default configuration.
Syntax arp cachesize integer no arp cachesize • integer — Maximum number of ARP entries in the cache. (Range: 256–1024) Default Configuration The default integer value is 896. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines an arp cachesize of 500.
Command Mode Global Configuration mode User Guidelines When an ARP entry reaches its maximum age, the system must decide whether to retain or delete the entry. If the entry has recently been used to forward data packets, the system will renew the entry by sending an ARP request to the neighbor. If the neighbor responds, the age of the ARP cache entry is reset to 0 without removing the entry from the hardware. Traffic to the host continues to be forwarded in hardware without interruption.
Syntax arp purge ip-address • ip-address — The IP address to be removed from ARP cache. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example removes the specified IP address from arp cache. console#arp purge 192.168.1.10 arp resptime Use the arp resptime command in Global Configuration mode to configure the ARP request response timeout.
User Guidelines This command has no user guidelines. Example The following example defines a response timeout of 5 seconds. console(config)#arp resptime 5 arp retries Use the arp retries command in Global Configuration mode to configure the ARP count of maximum requests for retries. To return to the default value, use the no form of this command. Syntax arp retries integer no arp retries • integer — The maximum number of requests for retries.
arp timeout Use the arp timeout command in Global Configuration mode to configure the ARP entry ageout time. Use the no form of the command to set the ageout time to the default. Syntax arp timeout integer no arp timeout • integer — The IP ARP entry ageout time. (Range: 15-21600 seconds) Default Configuration The default value is 1200 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines 900 seconds as the timeout.
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example clears all entries ARP of type dynamic, including gateway, from ARP cache. console#clear arp-cache gateway clear arp-cache management Use the clear arp-cache management command to clear all entries from the ARP cache learned from the management port. Syntax clear arp-cache management Default Configuration This command has no default configuration.
ip proxy-arp Use the ip proxy-arp command in Interface Configuration mode to enable proxy ARP on a router interface. Without proxy ARP, a device only responds to an ARP request if the target IP address is an address configured on the interface where the ARP request arrived. With proxy ARP, the device may also respond if the target IP address is reachable. The device only responds if all next hops in its route to the destination are through interfaces other than the interface that received the ARP request.
Syntax show arp [brief] [switch] • brief — Display ARP parameters and cache. • switch — Display ARP cache for the switch. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example shows show arp command output. console#show arp Age Time (seconds)............................. 1200 Response Time (seconds)........................ 1 Retries........................................
32 DHCP and BOOTP Relay Commands This chapter explains the following commands: • bootpdhcprelay cidridoptmode • bootpdhcprelay maxhopcount • bootpdhcprelay minwaittime • show bootpdhcprelay DHCP and BOOTP Relay Commands 659
bootpdhcprelay cidridoptmode Use the bootpdhcprelay cidridoptmode command in Global Configuration mode to enable the circuit ID option and remote agent ID mode for BootP/DHCP Relay on the system. Use the no form of the command to disable the circuit ID option and remote agent ID mode for BootP/DHCP Relay. Syntax bootpdhcprelay cidridoptmode arpshow arpw arpoptshshow arposhow arpwshow arp arpshoshow arpw arpshow arpmshow arpode Default Configuration Disabled is the default configuration.
bootpdhcprelay maxhopcount Use the bootpdhcprelay maxhopcount command in Global Configuration mode to configure the maximum allowable relay agent hops for BootP/DHCP Relay on the system. Use the no form of the command to set the maximum hop count to the default value. Syntax bootpdhcprelay maxhopcount integer no bootpdhcprelay maxhshoshow arpshow arpw arpopcshow arpsshshow show arprpow arphshow arpow show arparpount • integer — Maximum allowable relay agent hops for BootP/DHCP Relay on the system.
Syntax bootpdhcprelay minwaittiime integer no bootpdhcprelay minshoshow arpshow arpwshshow arposhow arpwshoshow arpwshow arp arp arp ashow arprpwaittime • integer — Minimum wait time for BootP/DHCP Relay on the system. (Range: 0-100 seconds) Default Configuration 0 is the default integer configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines a minimum wait time of 10 seconds.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables the circuit ID and remote agent ID options. console(config)#bootpdhcprelay cidridoptmode Circuit Id and Remote Agent Id Mode set Successfully. show bootpdhcprelay Use the show bootpdhcprelay command in User EXEC mode to display the BootP/DHCP Relay information. Syntax show bootpdhcprelay Default Configuration The command has no default configuration.
Example The following example defines the Boot/DHCP Relay information. console#show bootpdhcprelay Maximum Hop Count.............................. 4 Minimum Wait Time(Seconds)..................... 0 Circuit Id Option Mode.........................
DHCPv6 Commands 33 This chapter explains the following commands: • clear ipv6 dhcp • dns-server • domain-name • ipv6 dhcp pool • ipv6 dhcp relay • ipv6 dhcp relay-agent-info-opt • ipv6 dhcp relay-agent-info-remote-id-subopt • ipv6 dhcp server • prefix-delegation • service dhcpv6 • show ipv6 dhcp • show ipv6 dhcp binding • show ipv6 dhcp interface • show ipv6 dhcp pool • show ipv6 dhcp statistics DHCPv6 Commands 665
clear ipv6 dhcp Use the clear ipv6 dhcp command in Privileged EXEC mode to clear DHCPv6 statistics for all interfaces or for a specific interface. Syntax clear ipv6 dhcp {statistics | interface vlan vlan-id statistics} • vlan-id — Valid VLAN ID. • statistics — Indicates statistics display if VLAN is specified. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode IPv6 DHCP Pool Configuration mode User Guidelines DHCPv6 pool can have multiple number of domain names with maximum of 8. Example The following example sets the ipv6 DNS server address of 2020:1::1, which is provided to a DHCPv6 client by the DHCPv6 server.
User Guidelines DHCPv6 pool can have multiple number of domain names with maximum of 8. Example The following example sets the DNS domain name "test", which is provided to a DHCPv6 client by the DHCPv6 server. console(config)#ipv6 dhcp pool addrpool console(config-dhcp6s-pool)#domain-name test console(config-dhcp6s-pool)#no domain-name test ipv6 dhcp pool Use the ipv6 dhcp pool command in Global Configuration mode to enter IPv6 DHCP Pool Configuration mode.
Example The following example enters IPv6 DHCP Pool Configuration mode. console(config)#ipv6 dhcp pool addrpool console(config-dhcp6s-pool)# ipv6 dhcp relay Use the ipv6 dhcp relay command in Interface Configuration mode to configure an interface for DHCPv6 relay functionality. Syntax ipv6 dhcp relay {destination relay-address [interface vlan vlan-id] | interface vlan vlan-id} [remote-id {duid-ifid | user-defined-string}] • destination — Keyword that sets the relay server IPv6 address.
User Guidelines If relay-address is an IPv6 global address, then relay-interface is not required. If relay-address is a link-local or multicast address, then relay-interface is required. Finally, a value for relay-address is not specified, then a value for relay-interface must be specified and the DHCPV6-ALLAGENTS multicast address (i.e. FF02::1:2) is used to relay DHCPv6 messages to the relay server. Example The following example configures VLAN 15 for DHCPv6 relay functionality.
Example The following example configures the number 100 to represent the DHCPv6 Relay Agent Information Option. console(config)#ipv6 dhcp relay-agent-info-opt 100 ipv6 dhcp relay-agent-info-remote-id-subopt Use the ipv6 dhcp relay-agent-info-remote-id-subopt command in Global Configuration mode to configure a number to represent the DHCPv6 the “remote-id” sub-option. Syntax ipv6 dhcp relay-agent-info-remote-id-subopt suboption • suboption — Remote ID suboption.
Syntax ipv6 dhcp server pool-name [rapid-commit] [preference pref-value] • pool-name — The name of the DHCPv6 pool containing stateless and/or prefix delegation parameters • rapid-commit — Is an option that allows for an abbreviated exchange between the client and server. • pref-value — Preference value —used by clients to determine preference between multiple DHCPv6 servers. (Range: 0-4294967295) Default Configuration This command has no default configuration.
• DUID — Client DUID (e.g. 00:01:00:09:f8:79:4e:00:04:76:73:43:76'). • hostname — Client hostname used for logging and tracing. (Range: 0-31 characters.) • valid-lifetime — Valid lifetime for delegated prefix. (Range: 0-4294967295 seconds) • preferred-lifetime — Preferred lifetime for delegated prefix. (Range: 04294967295 seconds) Default Configuration 2592000 seconds is the default value for preferred-lifetime. 604800 seconds is the default value for valid-lifetime.
Default Configuration Enabled is the default state. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables DHCPv6 globally. console#configure console(config)#service dhcpv6 console(config)#no service dhcpv6 show ipv6 dhcp Use the show ipv6 dhcp command in Privileged EXEC mode to display the DHCPv6 server name and status. Syntax show ipv6 dhcp Default Configuration This command has no default configuration.
Example The following example displays the DHCPv6 server name and status. console#show ipv6 dhcp DHCPv6 is disabled Server DUID: show ipv6 dhcp binding Use the show ipv6 dhcp binding command in Privileged EXEC mode to display the configured DHCP pool. Syntax show ipv6 dhcp binding [ipv6-addr] • ipv6-addr — Valid IPv6 address. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
show ipv6 dhcp interface Use the show ipv6 dhcp interface command in User EXEC mode to display DHCPv6 information for all relevant interfaces or a specified interface. If an interface is specified, the optional statistics parameter is available to view statistics for the specified interface. Syntax show ipv6 dhcp interface {tunnel tunnel-id | vlan vlan-id} [statistics] • tunnel-id — Tunnel identifier. (Range: 0–7) • vlan-id — Valid VLAN ID.
Option Flags................................... console> show ipv6 dhcp interface vlan 11 statistics DHCPv6 Interface vlan11 Statistics -----------------------------------DHCPv6 Solicit Packets Received................ 0 DHCPv6 Request Packets Received................ 0 DHCPv6 Confirm Packets Received................ 0 DHCPv6 Renew Packets Received.................. 0 DHCPv6 Rebind Packets Received................. 0 DHCPv6 Release Packets Received................ 0 DHCPv6 Decline Packets Received.........
show ipv6 dhcp pool Use the show ipv6 dhcp pool command in Privileged EXEC mode to display the configured DHCP pool. Syntax show ipv6 dhcp pool pool-name • pool-name — Name of the pool. (Range: 1-32 characters) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the configured DHCP pool.
Command Mode User EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the DHCPv6 server name and status. console> show ipv6 dhcp statistics DHCPv6 Interface Global Statistics -----------------------------------DHCPv6 Solicit Packets Received................ 0 DHCPv6 Request Packets Received................ 0 DHCPv6 Confirm Packets Received................ 0 DHCPv6 Renew Packets Received.................. 0 DHCPv6 Rebind Packets Received.................
DHCPv6 Relay-forward Packets Transmitted....... 0 Total DHCPv6 Packets Transmitted...............
DVMRP Commands 34 This chapter explains the following commands: • ip dvmrp • ip dvmrp metric • ip dvmrp trapflags • show ip dvmrp • show ip dvmrp interface • show ip dvmrp neighbor • show ip dvmrp nexthop • show ip dvmrp prune • show ip dvmrp route DVMRP Commands 681
ip dvmrp Use the ip dvmrp command to set the administrative mode of DVMRP in the router to active. IGMP must be enabled before DVMRP can be enabled. Syntax ip dvmrp no ip dvmrp Default Configuration Disabled is the default configuration. Command Mode Global Configuration Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets VLAN 15’s administrative mode of DVMRP to active.
Default Configuration 1 the default value. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures a metric of 5 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp metric 5 ip dvmrp trapflags Use the ip dvmrp trapflags command in Global Configuration mode to enable the DVMRP trap mode. Syntax ip dvmrp trapflags no ip dvmrp trapflags Default Configuration Disabled is the default state.
console(config)#ip dvmrp trapflags console(config)#no ip dvmrp trapflags show ip dvmrp Use the show ip dvmrp command in Privileged EXEC mode to display the system-wide information for DVMRP. Syntax show ip dvmrp Default Configuration This command has no default condition. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays system-wide information for DVMRP. console(config)#show ip dvmrp Admin Mode.................................
show ip dvmrp interface Use the show ip dvmrp interface command in Privileged EXEC mode to display the interface information for DVMRP on the specified interface. Syntax show ip dvmrp interface vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default condition. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays interface information for VLAN 11 DVMRP.
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the neighbor information for DVMRP. console(config)#show ip dvmrp neighbor No neighbors available. show ip dvmrp nexthop Use the show ip dvmrp nexthop command in Privileged EXEC mode to display the next hop information on outgoing interfaces for routing multicast datagrams. Syntax show ip dvmrp nexthop Default Configuration This command has no default condition.
Example The following example displays the next hop information on outgoing interfaces for routing multicast datagrams. console(config)#show ip dvmrp nexthop Next Hop Source IP Source Mask Interface Type -------------- -------------- --------- ------ show ip dvmrp prune Use the show ip dvmrp prune command in Privileged EXEC mode to display the table that lists the router’s upstream prune information. Syntax show ip dvmrp prune Default Configuration This command has no default condition.
show ip dvmrp route Use the show ip dvmrp route command in Privileged EXEC mode to display the multicast routing information for DVMRP. Syntax show ip dvmrp route Default Configuration This command has no default condition. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the multicast routing information for DVMRP.
IGMP Commands 35 This chapter explains the following commands: • ip igmp • ip igmp last-member-query-count • ip igmp last-member-query-interval • ip igmp query-interval • ip igmp query-max-response-time • ip igmp robustness • ip igmp startup-query-count • ip igmp startup-query-interval • ip igmp version • show ip igmp • show ip igmp groups • show ip igmp interface • show ip igmp interface membership • show ip igmp interface stats IGMP Commands 689
ip igmp Use the ip igmp command in Global Configuration mode to set the administrative mode of IGMP in the system to active. Syntax ip igmp no ip igmp Default Configuration Disabled is the default state. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables IGMP.
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets 10 as the number of VLAN 2 Group-Specific Queries.
User Guidelines This command has no user guidelines. Example The following example configures 2 seconds as the Maximum Response Time inserted in VLAN 15’s Group-Specific Queries. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp last-member-queryinterval 20 ip igmp query-interval Use the ip igmp query-interval command in Interface Configuration mode to configure the query interval for the specified interface.
console(config-if-vlan15)#ip igmp query-interval 10 ip igmp query-max-response-time Use the ip igmp query-max-response-time command in Internet Configuration mode to configure the maximum response time interval for the specified interface. It is the maximum query response time advertised in IGMPv2 queries on this interface. The time interval is specified in tenths of a second.
ip igmp robustness Use the ip igmp robustness command in Interface Configuration mode to configure the robustness that allows tuning of the interface, that is, tuning for the expected packet loss on a subnet. If a subnet is expected to have significant loss, the robustness variable may be increased for the interface. Syntax ip igmp robustnest robustness no ip igmp robustnest • robustness — Robustness variable. (Range: 1-255) Default Configuration The default robustness value is 2.
no ip igmp startup-query-count • count — The number of startup queries. (Range: 1-20) Default Configuration The default count value is 2. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets for VLAN 15 the number of queries sent out on startup at 10.
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets at 10 seconds the interval between general queries sent at startup for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp startup-queryinterval 10 ip igmp version Use the ip igmp version command in Interface Configuration mode to configure the version of IGMP for an interface. Syntax ip igmp version version • version — IGMP version.
console(config-if-vlan15)#ip igmp version 2 show ip igmp Use the show ip igmp command in Privileged EXEC mode to display systemwide IGMP information. Syntax show ip igmp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays system-wide IGMP information. console#show ip igmp IGMP Admin Mode............................ Enabled IGMP Router-Alert check..................
show ip igmp groups Use the show ip igmp groups command in Privileged EXEC mode to display the registered multicast groups on the interface. If detail is specified, this command displays the registered multicast groups on the interface in detail. Syntax show ip igmp groups interface vlan vlanid [detail] • vlan-id — Valid VLAN ID Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
show ip igmp interface Use the show ip igmp interface command in Privileged EXEC mode to display the IGMP information for the specified interface. Syntax show ip igmp interface vlan vlan-id • vlan-id — Valid VLAN ID Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays IGMP information for VLAN 11. console#show ip igmp vlan 11 Interface...............................
show ip igmp interface membership Use the show ip igmp interface membership command in Privileged EXEC mode to display the list of interfaces that have registered in the multicast group. If detail is specified, this command displays detailed information about the listed interfaces. Syntax show ip igmp interface membership groupaddr [detail] • groupaddr — Group IP address Default Configuration This command has no default configuration.
show ip igmp interface stats Use the show ip igmp interface stats command in User EXEC mode to display the IGMP statistical information for the interface. The statistics are only displayed when the interface is enabled for IGMP. Syntax show ip igmp interface stats vlan vlan-id • vlan-id — Valid VLAN ID Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command has no user guidelines.
IGMP Commands
IGMP Proxy Commands 36 This chapter explains the following commands: • ip igmp-proxy • ip igmp-proxy reset-status • ip igmp-proxy unsolicited-report-interval • show ip igmp-proxy • show ip igmp-proxy interface • show ip igmp-proxy groups • show ip igmp-proxy groups detail IGMP Proxy Commands 703
ip igmp-proxy Use the ip igmp-proxy command in Interface Configuration mode to enable the IGMP Proxy on the router. To enable the IGMP Proxy on the router, multicast forwarding must be enabled and there must be no multicast routing protocols enabled on the router. Syntax ip igmp-proxy no ip igmp-proxy Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example resets the host interface status parameters of the IGMP Proxy router.
Example The following example sets 10 seconds as the unsolicited report interval for the IGMP Proxy router. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp-proxy unsolicitedreport-interval 10 show ip igmp-proxy Use the show ip igmp-proxy command in Privileged EXEC mode to display a summary of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp-proxy Default Configuration This command has no default configuration.
Operational Mode............................. Enable Version...................................... 3 Number of Multicast Groups................... 0 Unsolicited Report Interval.................. 1 Querier IP Address on Proxy Interface........ 0.0.0.0 Older Version 1 Querier Timeout.............. 0 Older Version 2 Querier Timeout.............. 0 Proxy Start Frequency........................
----------------------------------------------------------------1 0 0 0 ----- ----- 2 0 0 0 0 0 3 0 0 0 ----- ----- show ip igmp-proxy groups Use the show ip igmp-proxy groups command in Privileged EXEC mode to display a table of information about multicast groups that IGMP Proxy reported. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp-proxy groups Default Configuration This command has no default configuration.
show ip igmp-proxy groups detail Use the show ip igmp-proxy groups detail command in Privileged EXEC mode to display complete information about multicast groups that IGMP Proxy has reported. Syntax show ip igmp-proxy groups detail Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays complete information about multicast groups that IGMP Proxy has reported.
IGMP Proxy Commands
IP Helper Commands 37 This chapter explains the following commands: • clear ip helper statistics • ip helper-address (global configuration) • ip helper-address (interface configuration) • ip helper enable • show ip helper-address • show ip helper statistics IP Helper Commands 711
clear ip helper statistics Use the clear ip helper statistics command to reset to 0 the statistics displayed in show ip helper statistics. Syntax clear ip helper statistics Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
• dest-udp-port — A destination UDP port number from 0 to 65535. • port-name — The destination UDP port may be optionally specified by its name. Whether a port is specified by its number or its name has no effect on behavior.
To relay UDP packets received on any interface for all default ports (Table 4) to the server at 20.1.1.1, use the following commands: console#config console(config)#ip helper-address 20.1.1.1 ip helper-address (interface configuration) Use the ip helper-address (interface configuration) command to configure the relay of certain UDP broadcast packets received on a specific interface. To delete a relay entry on an interface, use the no form of this command.
Default Configuration No helper addresses are configured. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command can be invoked multiple times on routing interface, either to specify multiple server addresses for a given port number or to specify multiple port numbers handled by a specific server. The command no ip helper-address with no arguments clears all helper addresses on the interface. Example To relay DHCP packets received on vlan 5 to two DHCP servers, 192.168.10.
This command takes precedence over an ip helperaddress command given in global configuration mode. With the following configuration, the relay agent relays DHCP packets received on any interface other than vlan 5 and vlan 6 to 192.168.40.1, relays DHCP and DNS packets received on vlan 5 to 192.168.40.2, relays SNMP traps (port 162) received on interface vlan 6 to 192.168.23.1, and drops DHCP packets received on vlan 6: console#config console(config)#ip helper-address 192.168.40.
Default Configuration IP helper is enabled by default. Command Mode Global Configuration mode. User Guidelines This command can be used to temporarily disable IP helper without deleting all IP helper addresses. This command replaces the bootpdhcprelay enable command, but affects not only relay of DHCP packets, but also relay of any other protocols for which an IP helper address has been configured.
Interface The relay configuration is applied to packets that arrive on this interface. This field is set to “any” for global IP helper entries. UDP Port The relay configuration is applied to packets whose destination UDP port is this port. Entries whose UDP port is identified as “any” are applied to packets with the destination UDP ports listed in Table 4. Discard If “Yes”, packets arriving on the given interface with the given destination UDP port are discarded rather than relayed.
Syntax show ip helper statistics Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines Field descriptions: DHCP client messages received The number of valid messages received from a DHCP client. The count is only incremented if IP helper is enabled globally, the ingress routing interface is up, and the packet passes a number of validity checks, such as having a TTL > 1 and having valid source and destination IP addresses.
DHCP message with secs field below min The number of DHCP client messages received with secs fields that are less than the minimum value. The minimum secs value is a configurable value and is displayed in show bootpdhcprelay. A log message is written for each such failure. The DHCP relay agent does not relay these packets.
IP Routing Commands 38 This chapter explains the following commands: • encapsulation • ip address • ip mtu • ip netdirbcast • ip route • ip route default • ip route distance • ip routing • routing • show ip brief • show ip interface • show ip protocols • show ip route • show ip route preferences • show ip route summary • show ip stats • vlan routing IP Routing Commands 721
encapsulation Use the encapsulation command in Interface Configuration mode to configure the link layer encapsulation type for the packet. Routed frames are always ethernet encapsulated when a frame is routed to a VLAN. Syntax encapsulation {ethernet | snap} • ethernet — Specifies Ethernet encapsulation. • snap — Specifies SNAP encapsulation. Default Configuration Ethernet encapsulation is the default configuration.
no ip address ip-address {subnet-mask | prefix-length} [secondary] • ip-address — IP address of the interface. • subnet-mask — Subnet mask of the interface • prefix-length — Length of the prefix. Must be preceded by a forward slash (/). (Range: 1-30 bits) • secondary — Indicates the IP address is a secondary address. Default Configuration This command has no default configuration.
stack uses its default IP MTU and ignores the value set using the ip mtu command. OSPF advertises the IP MTU in the Database Description packets it sends to its neighbors during database exchange. If two OSPF neighbors advertise different IP MTUs, they will not form an adjacency (unless OSPF has been instructed to ignore differences in IP MTU with the ip ospf mtuignore command). Syntax ip mtu integer • integer — Specifies the distance (preference) of an individual static route.
no ip netdirbcast Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example defines the IP address and subnet mask for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip netdirbcast ip route Use the ip route command in Global Configuration mode to configure a static route. Use the no form of the command to delete the static route.
• prefix-length — Length of prefix. Must be preceded with a forward slash (/). (Range: 0-32 bits) • nextHopRtr — IP address of the next hop router. • preference — Specifies the preference value, a.k.a. administrative distance, of an individual static route. (Range: 1-255) Default Configuration Default value of preference is 1. Command Mode Global Configuration mode User Guidelines For the static routes to be visible, you must: • Enable ip routing globally. • Enable ip routing for the interface.
• preference — Specifies the preference value, a.k.a administrative distance, of an individual static route. (Range: 1-255) Default Configuration Default value of preference is 1. Command Mode Global Configuration mode User Guidelines For routed management traffic: 1 Router entries are checked for applicable destinations. 2 The globally assigned default-gateway is consulted. Router entries take precedence over an assigned default-gateway.
no ip route distance integer • integer — Specifies the distance (preference) of an individual static route. (Range 1-255) Default Configuration Default value of distance is 1. Command Mode Global Configuration mode User Guidelines Lower route distance values are preferred when determining the best route. Example The following example sets the default route metric to 80.
User Guidelines Use this command to globally enable IPv4 routing. Example console(config)#ip routing routing Use the routing command in Interface Configuration mode to enable IPv4 and IPv6 routing for an interface. View the current value for this function with the show ip brief command. The value is labeled Routing Mode in the output display. Use the no form of the command to disable routing for an interface. Syntax routing no routing Default Configuration Disabled is the default configuration.
show ip brief Use the show ip brief command in Privileged EXEC mode to display all the summary information of the IP. Syntax show ip brief Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays IP summary information. console#show ip brief Default Time to Live........................... 30 Routing Mode................................... Disabled IP Forwarding Mode.....
• vlan-id — Valid VLAN ID • loopback-id — Valid loopback ID. (Range: 0-7) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Examples The following examples display all IP information and information specific to VLAN 15. console#show ip interface Management Interface: IP Address................................... 10.240.4.125 Subnet Mask.................................. 255.255.255.0 Default Gateway.
console#show ip interface vlan 15 Primary IP Address............. 192.168.10.10/255.255.255.0 Secondary IP Address(es)....... 192.168.20.20/255.255.255.0 Routing Mode................................... Disable Administrative Mode............................ Disable Forward Net Directed Broadcasts................ Disable Proxy ARP...................................... Enable Local Proxy ARP................................ Disable Active State................................... Inactive Link Speed Data Rate..
Example The following example displays parameters and current state of active routing protocols. console#show ip protocols Routing Protocol is "rip" Sending updates every 30 seconds Invalid after 180 seconds, hold down 120, flushed after 300 Redistributing: RIP, Static, OSPF Default version control: send version 1, receive version 1 Interfaces: Interface Send Receive Key-chain -------- --------- ----------- ---------176.1.1.1 1 1 flowers 176.2.1.
Routing Information Sources: Gateway State 176.1.1.2 Full External Preference: 60 Internal Preference: 20 show ip route Use the show ip route command in Privileged EXEC mode to display the routing table. Syntax show ip route [protocol |address ip-address [subnet-mask | prefix-length] [longer-prefixes]] • protocol — Specifies the protocol that installed the routes.
Example The following example displays the routing table. console#show ip route Route Codes: R - RIP Derived, O - OSPF Derived, C Connected, S - Static B - BGP Derived, IA - OSPF Inter Area E1 - OSPF External Type 1, E2 - OSPF External Type 2 N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA external type 2 show ip route preferences Use the show ip route preferences command in Privileged EXEC mode displays detailed information about the route preferences.
Local.......................................... 0 Static......................................... 1 OSPF Intra-area routes......................... 110 OSPF Inter-area routes......................... 110 OSPF External routes........................... 110 RIP............................................ 120 show ip route summary Use the show ip route summary command in Privileged EXEC mode to display the routing table summary.
RIP Routes..................................... 0 OSPF Routes.................................... 0 Intra Area Routes.............................. 0 Inter Area Routes.............................. 0 External Type-1 Routes......................... 0 External Type-2 Routes......................... 0 Total routes................................... 0 show ip stats Use the show ip stats command in User EXEC mode to display IP statistical information.
IpForwDatagrams................................ 0 IpInUnknownProtos.............................. 0 IpInDiscards................................... 0 IpInDelivers................................... 18467 IpOutRequests.................................. 295 IpOutDiscards.................................. 0 IpOutNoRoutes.................................. 0 IpReasmTimeout................................. 0 IpReasmReqds................................... 0 IpReasmOKs.....................................
IcmpInAddrMasks................................ 0 IcmpInAddrMaskReps............................. 0 IcmpOutMsgs.................................... 3 IcmpOutErrors.................................. 0 IcmpOutDestUnreachs............................ 0 IcmpOutTimeExcds............................... 0 IcmpOutParmProbs............................... 0 IcmpOutSrcQuenchs.............................. 0 IcmpOutRedirects............................... 0 IcmpOutEchoReps................................
User Guidelines The user is not required to use this command. Routing can still be enabled using the routing command in VLAN Interface Configuration mode.
39 IPv6 MLD Snooping Commands This chapter explains the following commands: • ipv6 mld snooping immediate-leave • ipv6 mld snooping groupmembership-interval • ipv6 mld snooping maxresponse • ipv6 mld snooping mcrtexpiretime • ipv6 mld snooping (Global) • ipv6 mld snooping (Interface) • ipv6 mld snooping (VLAN) • show ipv6 mld snooping • show ipv6 mld snooping groups IPv6 MLD Snooping Commands 741
ipv6 mld snooping immediate-leave The ipv6 mld snooping immediate-leave command enables or disables MLD Snooping snooping immediate-leave admin mode on a selected interface or VLAN. Enabling fast-leave allows the switch to immediately remove the layer 2 LAN interface from its forwarding table entry upon receiving an MLD done message for that multicast group without first sending out MAC-based general queries to the interface.
ipv6 mld snooping groupmembership-interval The ipv6 mld snooping groupmembership-interval command sets the MLD Group Membership Interval time on a VLAN or interface. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry. This value must be greater than the MLDv2 Maximum Response time value. The range is 2 to 3600 seconds.
interface because it did not receive a report for a particular group in that interface. This value must be less than the MLD Query Interval time value. The range is 1 to 3599 seconds. Syntax ipv6 mld snooping maxresponse [vlan-id] [seconds] no ipv6 mld snooping maxresponse [vlan-id] • vlan_id — Specifies a VLAN ID value in VLAN Database mode. • seconds — MLD maximum response time in seconds. (Range: 1–3599) Default Configuration The default maximum response time is 10 seconds.
no ipv6 mld snooping mcrtexpiretime [vlan-id] • • vlan_id — Specifies a VLAN ID value in VLAN Database mode. seconds — multicast router present expiration time in seconds. (Range: 1–3600) Default Configuration The default multicast router present expiration time is 300 seconds. Command Mode Interface Configuration mode. VLAN Database mode.
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 mld snooping ipv6 mld snooping (Interface) The ipv6 mld snooping (Interface) command enables MLD Snooping on an interface. If an interface has MLD Snooping enabled and it becomes a member of a port-channel (LAG), MLD Snooping functionality is disabled on that interface. MLD Snooping functionality is re-enabled if the interface is removed from a port-channel (LAG).
Syntax ipv6 mld snooping vlan-id no ipv6 mld snooping vlan-id • vlan-id — Specifies a VLAN ID value. Default Configuration MLD Snooping is disabled. Command Mode VLAN Database mode. User Guidelines There are no user guidelines for this command. Example console(config-vlan)#ipv6 mld snooping 1 show ipv6 mld snooping The show ipv6 mld snooping command displays MLD Snooping information. Configured information is displayed whether or not MLD Snooping is enabled.
User Guidelines This command has no user guidelines. Example With no optional arguments, the command displays the following information: • Admin Mode — Indicates whether or not MLD Snooping is active on the switch. • Interfaces Enabled for MLD Snooping — Interfaces on which MLD Snooping is enabled. • MLD Control Frame Count — This displays the number of MLD control frames that are processed by the CPU. • VLANs Enabled for MLD Snooping — VLANs on which MLD Snooping is enabled.
show ipv6 mld snooping groups The show ipv6 mld snooping groups command displays the MLD Snooping entries in the MFDB table. Syntax show ipv6 mld snooping groups [{vlan vlan-id | address ipv6-multicast- address}] • vlan_id — Specifies a VLAN ID value. • ipv6-multicast-address — Specifies an IPv6 Multicast address. Default configuration This command has no default configuration. Command Mode Privileged EXEC mode.
--------------------------------------------- Vlan Ipv6 Address ---- ---------------------------------- Ports ---------------------------- console#show ipv6 mld snooping groups vlan 2 Vlan Ipv6 Address Type Ports ---- ----------------------------------- ------- ------------------- 2 3333.0000.0004 Dynamic 1/g1,1/g3 2 3333.0000.
IPv6 Multicast Commands 40 This chapter explains the following commands: • ipv6 pimsm (Global config) • ipv6 pimsm (VLAN Interface config) • ipv6 pimsm bsr-border • ipv6 pimsm bsr-candidate • ipv6 pimsm dr-priority • ipv6 pimsm hello-interval • ipv6 pimsm join-prune-interval • ipv6 pimsm register-threshold • ipv6 pimsm rp-address • ipv6 pimsm rp-candidate • ipv6 pimsm spt-threshold • ipv6 pimsm ssm • show ipv6 pimsm • show ipv6 pimsm bsr • show ipv6 pimsm interface • show ip
ipv6 pimsm (Global config) Use the ipv6 pimsm command to administratively enable of PIMSM for IPv6 multicast routing. Use the "no" form of this command to disable PIMSM for IPv6. Syntax ipv6 pimsm no ipv6 pimsm Default Configuration IPv6 PIMSM is disabled on the router by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 pimsm ipv6 pimsm bsr-border Use the ipv6 pimsm bsr-border command to prevent bootstrap router (BSR) messages from being sent or received through an interface. Use the "no" form of this command to disable the interface from being the BSR border. Syntax ipv6 pimsm bsr-border no ipv6 pimsm bsr-border Default Configuration BSR-border is disabled by default.
ipv6 pimsm bsr-candidate Use the ipv6 pimsm bsr-candidate command to configure the router to announce its candidacy as a bootstrap router (BSR). Use the "no" form of this command to stop the router from announcing its candidacy as a bootstrap router. Syntax ipv6 pimsm bsr-candidate vlan vlan-id hash-mask-len [priority] no ipv6 pimsm bsr-candidate vlan vlan-id • vlan-id — A valid VLAN ID value.
ipv6 pimsm dr-priority Use the ipv6 pimsm dr-priority command to set the priority value for which a router is elected as the designated router (DR). Use the "no" form of this command to set the priority to the default. Syntax ipv6 pimsm dr-priority priority no ipv6 pimsm dr-priority • priority — The election priority (Range: 0–2147483647). Default Configuration The default election priority is 1.
Default Configuration The default hello interval is 30 seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 pimsm hello-interval 45 ipv6 pimsm join-prune-interval Use the ipv6 pimsm join-prune-interval command to configure the interface join/prune interval for the PIM-SM router. Use the "no" form of this command to set the join/prune interval to the default.
Example console(config-if-vlan3)#ipv6 pimsm join-pruneinterval 90 ipv6 pimsm register-threshold Use the ipv6 pimsm register-threshold command to configure the Register Threshold rate for the RP router to switch to the shortest path. Use the "no" form of this command to set the register threshold rate to the default. Syntax ipv6 pimsm register-threshold threshold no ipv6 pimsm register-threshold • threshold—The threshold rate (Range: 0–2000 Kbps). Default Configuration The default threshold rate is 0.
Syntax ipv6 pimsm rp-address rp-address group-address/prefixlength [override] no ipv6 pimsm rp-address • rp-address — An RP address. • group-address —The group address to display. • prefixlength —This parameter specifies the prefix length of the IP address for the media gateway. (Range: 1–32) Default Configuration There are no static RP addresses configured by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
• prefixlength—This parameter specifies the prefix length of the IP address for the media gateway. (Range: 1–32) Default Configuration The router does not advertise itself as a PIM candidate rendezvous point by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pimsm spt-threshold 1000 ipv6 pimsm ssm Use the ipv6 pimsm ssm command to define the Source Specific Multicast (SSM) range of multicast addresses. Syntax ipv6 pimsm ssm {default | group-address/prefixlength} • default—Defines the SSM range access list to 232/8. • group-address—Group IP address supported by RP. • prefixlength—This parameter specifies the prefix length of the IP address for the media gateway.
Syntax show ipv6 pimsm Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show ipv6 pimsm Admin Mode..................................... Enabled Data Threshold Rate (Kbps)..................... 1000 Register Threshold Rate (Kbps).................
vlan 6 Enabled Operational vlan 9 Enabled Operational show ipv6 pimsm bsr Use the show ipv6 pimsm bsr command to display the bootstrap router (BSR) information. The output includes elected BSR information and information about the locally configured candidate rendezvous point (RP) advertisement. Syntax show ipv6 pimsm bsr Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
show ipv6 pimsm interface Use the show ipv6 pimsm interface command to display interface config parameters. If no interface is specified, all interfaces are displayed. Syntax show ipv6 pimsm interface [vlan vlan-id] • vlan-id— A valid VLAN ID value. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show ipv6 pimsm interface vlan 6 Slot/Port..........................
BSR Border..................................... Disabled show ipv6 pimsm neighbor Use the show ipv6 pimsm neighbor command to display IPv6 PIMSM neighbors learned on the routing interfaces. Syntax show ipv6 pimsm neighbor [all | interface vlan vlan-id] • vlan-id —A valid VLAN ID value. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
show ipv6 pimsm rphash Use the show ipv6 pimsm rphash command to display which rendezvous point (RP) is being selected for a specified group. Syntax show ipv6 pimsm rphash group-address group-address —Group IP address supported by RP. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Syntax show ipv6 pimsm rp mapping [rp-address] • rp-address — IP address of RP. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show ipv6 pimsm rp mapping Group Address.................................. FF1E::/64 RP Address..................................... 2001::1 origin......................................... Static Group Address..............................
IPv6 Routing Commands 41 This chapter explains the following commands: • clear ipv6 neighbors • clear ipv6 statistics • ipv6 address • ipv6 enable • ipv6 forwarding • ipv6 host • ipv6 mld last-member-query-count • ipv6 mld last-member-query-interval • ipv6 mld-proxy • ipv6 mld-proxy reset-status • ipv6 mld-proxy unsolicit-rprt-interval • ipv6 mld query-interval • ipv6 mld query-max-response-time • ipv6 mld router • ipv6 mtu • ipv6 nd dad attempts • ipv6 nd managed-config-f
• ipv6 route • ipv6 route distance • ipv6 unicast-routing • ping ipv6 • ping ipv6 interface • show ipv6 brief • show ipv6 interface • show ipv6 mld groups • show ipv6 mld interface • show ipv6 mld-proxy • show ipv6 mld-proxy groups • show ipv6 mld-proxy groups detail • show ipv6 mld-proxy interface • show ipv6 mld traffic • show ipv6 neighbors • show ipv6 pimdm • show ipv6 pimdm interface • show ipv6 pimdm neighbor • show ipv6 route • show ipv6 route preferences
clear ipv6 neighbors Use the clear ipv6 neighbors command in Privileged EXEC mode to clear all entries in the IPv6 neighbor table or an entry on a specific interface. Syntax clear ipv6 neighbors [vlan vlan-id] • vlan-id — Valid VLAN ID. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example clears all entries in the IPv6 neighbor table.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example clears IPv6 statistics for VLAN 11. console(config)#clear ipv6 statistics vlan 11 ipv6 address Use the ipv6 address command in Interface Configuration mode to configure an IPv6 address on an interface (including tunnel and loopback interfaces) and to enable IPv6 processing on this interface.
• prefix — Consists of the bits of the address to be configured. • prefix-length — Designates how many of the high-order contiguous bits of the address make up the prefix. • eui64 — The optional eui-64 field designates that IPv6 processing on the interfaces is enabled using an EUI-64 interface ID in the low order 64 bits of the address. If this option is used, the value of prefix_length must be 64 bits. Default Configuration This command has no default configuration.
Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines. Example The following example enables IPv6 routing, which has not been configured with an explicit IPv6 address. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 enable ipv6 forwarding Use the ipv6 forwarding command in Global Configuration mode to enable IPv6 forwarding on a router.
Example The following example globally enables IPv6 forwarding. console#configure console(config)#ipv6 forwarding console(config)#no ipv6 forwarding ipv6 host The ipv6 host command is used to define static host name-to- ipv6 address mapping in the host cache. Syntax ipv6 host name ipv6-address no ipv6 host name • name — Host name. • ipv6-address — IPv6 address of the host. Default Configuration No IPv6 hosts are defined. Command Mode Global Configuration mode.
ipv6 mld last-member-query-count The ipv6 mld last-member-query-count command sets the number of listener-specific queries sent before the router assumes that there are no local members on the interface. Use the “no” form of this command to set the last member query count to the default. Syntax ipv6 mld last-member-query-count last-member-query-count no ipv6 mld last-member-query-count • last-member-query-count — Query count (Range: 1–20). Default Configuration The default last member query count is 2.
no ipv6 mld last-member-query-interval • last-member-query-interval — The last member query interval (Range: 0–65535 milliseconds). Default Configuration The default last member query interval is 1 second. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld last-member-queryinterval 5000 ipv6 mld-proxy Use the ipv6 mld-proxy command to enable MLD Proxy on the router.
User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld-proxy ipv6 mld-proxy reset-status Use the ipv6 mld-proxy reset-status command to reset the host interface status parameters of the MLD Proxy router. This command is only valid when MLD Proxy is enabled on the interface. Syntax ipv6 mld-proxy reset-status Command Mode Interface Configuration (VLAN) mode. Default Configuration There is no default configuration for this command.
Syntax ipv6 mld-proxy unsolicited-report-interval interval no ipv6 mld-proxy unsolicited-report-interval • interval — The interval between unsolicited reports (Range: 1–260 seconds). Default Configuration The unsolicited report interval is 1 second by default. Command Mode Interface Configuration (VLAN) mode.
Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld query-interval 130 ipv6 mld query-max-response-time The ipv6 mld query-max-response-time command sets MLD query maximum response time for the interface. This value is used in assigning the maximum response time in the query messages that are sent on that interface. Use the “no” form of this command to set the maximum query response time to the default.
ipv6 mld router The ipv6 mld router command is used to enable MLD in the router in global configuration mode and for a specific interface in interface configuration mode. Use the “no” form of this command to disable MLD. Syntax ipv6 mld router no ipv6 mld router Default Configuration MLD is disabled by default. Command Mode Global Configuration mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command.
• mtu — Is the maximum transmission unit. (Range: 1280-1500) Default Configuration The default MTU is 1500. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example sets the maximum transmission unit (MTU) size, in bytes, of IPv6 packets.
User Guidelines This command has no user guidelines. Example The following example sets at 10 the number of duplicate address detection probes transmitted while doing neighbor discovery. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd dad attempts 10 ipv6 nd managed-config-flag Use the ipv6 nd managed-config-flag command in Interface Configuration mode to set the “managed address configuration” flag in router advertisements. When the value is true, end nodes use DHCPv6.
Example In the following example, the end node uses DHCPv6. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd managed-config-flag ipv6 nd ns-interval Use the ipv6 nd ns-interval command in Interface Configuration mode to set the interval between router advertisements for advertised neighbor solicitations. An advertised value of 0 means the interval is unspecified. Syntax ipv6 nd ns-interval milliseconds no ipv6 nd ns-interval • milliseconds — Interval duration.
ipv6 nd other-config-flag Use the ipv6 nd other-config-flag command in Interface Configuration mode to set the “other stateful configuration” flag in router advertisements sent from the interface. Syntax ipv6 nd other-config-flag no ipv6 nd other-config-flag Default Configuration False is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines.
ipv6 nd prefix Use the ipv6 nd prefix command to configure parameters associated with prefixes that the router advertises in its router advertisements. Syntax ipv6 nd prefix prefix/prefix-length [{valid-lifetime| infinite} {preferredlifetime| infinite}] [no-autoconfig] [off-link] no ipv6 nd prefix prefix/prefix-length • prefix — IPv6 prefix. • prefix-length — IPv6 prefix length. • valid-lifetime — Valid lifetime of the router in seconds.
The ipv6 nd prefix command will allow you to preconfigure RA prefix values before you configure the associated interface address. In order for the prefix to be included in RAs, you must configure an address that matches the prefix using the ipv6 address command. Prefixes specified using ipv6 nd prefix without an associated interface address will not be included in RAs and will not be committed to the device configuration.
Example The following example sets the transmission interval between router advertisements at 1000 seconds. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd ra-interval 1000 ipv6 nd ra-lifetime Use the ipv6 nd ra-lifetime command in Interface Configuration mode to set the value that is placed in the Router Lifetime field of the router advertisements sent from the interface. Syntax ipv6 nd ra-lifetime seconds no ipv6 nd ra-lifetime • seconds — Lifetime duration.
ipv6 nd reachable-time Use the ipv6 nd reachable-time command in Interface Configuration mode to set the router advertisement time to consider a neighbor reachable after neighbor discovery confirmation. Syntax ipv6 nd reachable-time milliseconds no ipv6 nd reachable-time • milliseconds — Reachable-time duration. A value of zero means the time is unspecified by the router. (Range: 0-3600000 milliseconds) Default Configuration The default value for neighbor discovery reachable times is 0 milliseconds.
ipv6 nd suppress-ra Use the ipv6 nd suppress-ra command in Interface Configuration mode to suppress router advertisement transmission on an interface. Syntax ipv6 nd suppress-ra no ipv6 nd suppress-ra Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example suppresses router advertisement transmission.
Default Configuration IPv6 PIM-DM is disabled by default. Command Mode Global Configuration mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 pimdm ipv6 pimdm hello-interval The ipv6 pimdm hello-interval command is used to configure the PIM-DM Hello Interval for the specified router interface. The Hello-interval is to be specified in seconds.
Example console(config-if-vlan5)#ipv6 pimdm hello-interval 500 ipv6 route Use the ipv6 route command in Global Configuration mode to configure an IPv6 static route. Syntax ipv6 route ipv6-prefix /prefix-length [Null | interface {tunnel tunnel-id | vlan vlan-id}] next-hop-address [preference] no ipv6 route ipv6-prefix /prefix-length [Null | interface {tunnel tunnel-id | vlan vlan-id}] next-hop-address • ipv6-prefix — Is the IPv6 network that is the destination of the static route.
User Guidelines This command has no user guidelines. Example The following example configure an IPv6 static route. console(config)#ipv6 route 2020:1::1/64 2030:1::2 ipv6 route distance Use the ipv6 route distance command in Global Configuration mode to set the default distance (preference) for static routes. Lower route preference values are preferred when determining the best route. The ipv6 route and ipv6 route default commands allow optional setting of the distance of an individual static route.
Example The following example sets the default distance to 80. console(config)#ipv6 route distance 80 ipv6 unicast-routing Use the ipv6 unicast-routing command in Global Configuration mode to enable forwarding of IPv6 unicast datagrams. Syntax ipv6 unicast-routing no ipv6 unicast-routing Default Configuration Disabled is the default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
through the default VLAN (VLAN 1), as long as there is a physical path between the switch and the workstation. The terminal interface sends three pings to the target station. Syntax ping ipv6 {ip-address | hostname} [size size] • ipv6-address — Target IPv6 address to ping. • hostname — Hostname to ping (contact). (Range: 1–158 characters) • size — Size of the datagram. (Range: 48–2048 bytes) Default Configuration This command has no default configuration.
is a physical path between the switch and the workstation. The terminal interface sends three pings to the target station. Use the interface keyword to ping an interface by using the link-local address or the global IPv6 address of the interface. The source can be a loopback, tunnel, or logical interface. Syntax ping ipv6 interface {vlan vlan-id| tunnel tunnel-id} | loopback loopback-id} link-local-address [size datagram-size] • vlan-id — Valid VLAN ID. • tunnel-id — Tunnel identifier.
show ipv6 brief Use the show ipv6 brief command in Privileged EXEC mode to display the IPv6 status of forwarding mode and IPv6 unicast routing mode. Syntax show ipv6 brief Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the IPv6 status of forwarding mode and IPv6 unicast routing mode. console#show ipv6 brief IPv6 Forwarding Mode........................
• tunnel-id — Valid tunnel interface ID • vlan-id — Valid VLAN ID. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Examples The following examples show the usability status of a IPv6 VLAN interface individually and all IPv6 interfaces collectively in an abbreviated format. console#show ipv6 interface vlan 3 IPv6 is enabled IPv6 Prefix is.......................
Router Advertisement Suppress Flag............. Disabled Prefix 3FF0:1236:C261::1/64 Preferred Lifetime............................. 10000 Valid Lifetime................................. 100000 Onlink Flag.................................... Enabled Autonomous Flag................................ Enabled console#show ipv6 interface brief Oper.
Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines The following fields are displayed as a table when vlan vlan-id is specified: Number of (*, G) entries Displays the number of groups present in the MLD Table. Number of (S, G) entries Displays the number of include and exclude mode sources present in the MLD Table. Group Address The address of the multicast group.
Compatibility Mode The compatibility mode of the multicast group on this interface. The values it can take are MLDv1 and MLDv2. Version 1 Host Timer The time remaining until the router assumes there are no longer any MLD version-1 Hosts on the specified interface. The following table is displayed to indicate all the sources associated with this group: Source Address The IP address of the source. Uptime Time elapsed in seconds since the source has been known.
Group Address.................................. FF1E::1 Interface...................................... vlan 6 Up Time (hh:mm:ss)............................. 00:04:23 Expiry Time (hh:mm:ss)......................... ------ Group Address.................................. FF1E::2 Interface...................................... vlan 6 Up Time (hh:mm:ss)............................. 00:04:23 Expiry Time (hh:mm:ss)......................... ------ Group Address..................................
Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines The following information is displayed for the specified interface: Interface The interface number in unit/slot/port format. MLD Global Admin Mode This field displays the configured global administrative status of MLD. MLD Interface Admin Mode This field displays the configured interface administrative status of MLD.
The following information is displayed if the operational mode of the MLD interface is enabled: Querier Status This value indicates whether the interface is a MLD querier or non-querier on the subnet with which it is associated. Querier Address The IP address of the MLD querier on the subnet the interface with which it is associated. Querier Up Time Time elapsed in seconds since the querier state has been updated.
Last Member Query Interval (milli-secs)........ 1111 Last Member Query Count........................ 2 show ipv6 mld-proxy Use the show ipv6 mld-proxy command to display a summary of the host interface status parameters. Syntax show ipv6 mld-proxy Command Mode Privileged EXEC mode Default Configuration There is no default configuration for this command.
Older Version 1 Querier Timeout The interval used to timeout the older version 1 queriers. Proxy Start Frequency The number of times the MLD-Proxy has been stopped and started. Example console#show ipv6 mld-proxy Interface Index................................ vlan 10 Admin Mode..................................... Enabled Operational Mode............................... Enabled Version........................................ 3 Num of Multicast Groups........................
Interface The MLD Proxy interface. Group Address The IP address of the multicast group. Last Reporter The IP address of the host that last sent a membership report for the current group on the network attached to the MLD-Proxy interface (upstream interface). Up Time (in secs) The time elapsed in seconds since last created. Member State Possible values are: • Idle_Member—The interface has responded to the latest group membership query for this group.
Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC User Guidelines The following parameters are displayed by this command: Interface The interface number of the MLD-Proxy. Group Address The IP address of the multicast group. Last Reporter The IP address of the host that last sent a membership report for the current group on the network attached to the MLD Proxy interface (upstream interface).
------------- ---------------- --------- ----------------- ------------ ------FF1E::1 2 FE80::100:2.3 244 DELAY_MEMBER Group Source List Expiry Time ------------------ --------------- 2001::1 00:02:40 2001::2 -------- FF1E::2 1 FE80::100:2.3 243 DELAY_MEMBER Group Source List Expiry Time ------------------ --------------- 3001::1 00:03:32 3002::2 00:03:32 Exclude Include FF1E::3 0 FE80::100:2.3 328 DELAY_MEMBER Exclude FF1E::4 4 FE80::100:2.
show ipv6 mld-proxy interface Use the show ipv6 mld-proxy interface command to display a detailed list of the host interface status parameters. Syntax show ipv6 mld-proxy interface Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC User Guidelines The following parameters are displayed only when MLD Proxy is enabled: Interface The MLD Proxy interface. The column headings of the table associated with the interface are as follows: Ver The MLD version.
Ver Query Rcvd Report Rcvd Report Sent Leave Rcvd Leave Sent -----------------------------------------------------------------1 2 0 0 0 2 2 3 0 4 ----- ----- show ipv6 mld traffic The show ipv6 mld traffic command is used to display MLD statistical information for the router. Syntax show ipv6 mld traffic Default Configuration There is no default configuration for this command.
Bad Checksum MLD Packets The number of bad checksum MLD packets received by the router. Malformed MLD Packets The number of malformed MLD packets received by the router. Example console#show ipv6 mld traffic Valid MLD Packets Received..................... 52 Valid MLD Packets Sent......................... 7 Queries Received............................... 0 Queries Sent................................... 7 Reports Received............................... 52 Reports Sent...................................
User Guidelines This command has no user guidelines. Example The following example displays information about the IPv6 neighbors. console(config)#show ipv6 neighbors Neighbor Last IPv6 Address Address isRtr MAC State Updated Interface -------------------- ----------------- ------------- ------- show ipv6 pimdm The show ipv6 pimdm command is used to display PIM-DM Global Configuration parameters and PIM DM interface status. Syntax show ipv6 pimdm Command Mode Privileged EXEC mode.
Admin Mode..................................... Enable PIM-DM INTERFACE STATUS Interface Interface Mode Protocol State --------- -------------- ---------------- vlan 10 Enable Non-Operational vlan 20 Enable Non-Operational show ipv6 pimdm interface The show ipv6 pimdm interface command is used to display PIM-DM Configuration information for all interfaces or for the specified interface. If no interface is specified, Configuration of all interfaces is displayed.
Slot/Port...................................... vlan 10 IP Address..................................... FE80::221:9BFF:FEC3:1216/128 Neighbor Count................................. 0 Hello Interval (secs).......................... 30 Designated Router.............................. Not Supported console#show ipv6 pimdm interface all Address -------------- Interface Neighbor Hello Count Interval --------- -------- ------- 192.168.37.6 vlan 10 2 30 192.168.36.129 vlan 20 2 30 10.1.37.
Command Mode Privileged EXEC User Guidelines There are no user guidelines for this command. Example console#show ipv6 pimdm neighbor interface vlan 10 Neighbor Addr Interface Up Time Expiry Time hh:mm:ss hh:mm:ss --------------- ---------- --------- ----------- show ipv6 route Use the show ipv6 route command in Privileged EXEC mode to display the IPv6 routing table.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the IPv6 routing table.
User Guidelines This command has no user guidelines. Example The following example shows the preference value associated with the type of route. console#show ipv6 route preferences Local.......................................... 0 Static......................................... 1 OSPF Intra-area routes......................... 110 OSPF Inter-area routes......................... 110 OSPF External routes...........................
User Guidelines This command has no user guidelines. Example The following example displays a summary of the routing table. console#show ipv6 route summary IPv6 Routing Table Summary - 0 entries Connected Routes............................... 0 Static Routes.................................. 0 OSPF Routes.................................... 0 Intra Area Routes............................ 0 Inter Area Routes............................ 0 External Type-1 Routes.......................
Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines This command has no user guidelines. Examples The following examples show traffic and statistics for IPv6 and ICMPv6, first for all interfaces and an individual VLAN. console> show ipv6 traffic IPv6 STATISTICS Total Datagrams Received.................................. 0 Received Datagrams Locally Delivered...................... 0 Received Datagrams Discarded Due To Header Errors.........
Multicast Datagrams Transmitted........................... 0 console> show ipv6 traffic vlan 11 Interface...................................... 11 IPv6 STATISTICS Total Datagrams Received.................................. 0 Received Datagrams Locally Delivered...................... 0 Received Datagrams Discarded Due To Header Errors......... 0 Received Datagrams Discarded Due To MTU................... 0 Received Datagrams Discarded Due To No Route.............. 0 Received Datagrams With Unknown Protocol...
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays IPv6 VLAN routing interface addresses.
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example discovers the packet routes on a hop-by-hop basis.
IPv6 Routing Commands
42 Loopback Interface Commands This chapter explains the following commands: • interface loopback • show interfaces loopback Loopback Interface Commands 823
interface loopback Use the interface loopback command in Global Configuration mode to enter the Interface Loopback configuration mode. Syntax interface loopback loopback-id no interface loopback loopback-id • loopback-id — Loopback identifier. (Range: 0-7) Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example The following example enters the Interface Loopback 1 configuration mode.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Examples The following examples display information about configured loopback interfaces. console# show interfaces loopback Loopback Id Interface IP Address Received Packets Sent Packets ----------- --------- ---------- --------- ----------- 1 loopback 1 0.0.0.0 0 0 console# show interfaces loopback 1 Interface Link Status..................
Loopback Interface Commands
Multicast Commands 43 This chapter explains the following commands: • ip mcast boundary • ip mroute • ip multicast • ip multicast ttl-threshold • ip pimsm • ip pimsm bsr-border • ip pimsm bsr-candidate • ip pimsm dr-priority • ip pimsm hello-interval • ip pimsm join-prune-interval • ip pimsm register-threshold • ip pimsm rp-address • ip pimsm rp-candidate • ip pimsm spt-threshold • ip pimsm ssm • show bridge multicast address-table count • show ip mcast • show ip mcast b
• show ip pimsm rphash • show ip pimsm rp mapping Multicast Commands
ip mcast boundary Use the ip mcast boundary command in Interface Configuration mode to add an administrative scope multicast boundary specified by groupipaddr and mask for which this multicast administrative boundary is applicable. groupipaddr is a group IP address and mask is a group IP mask. Syntax ip mcast boundary groupipaddr mask no ip mcast boundary groupipaddr mask • groupipaddr — IP address of multicast group. Valid range is 239.0.0.0 to 239.255.255.255. • mask — IP mask of multicast group.
Syntax ip mroute source-address source-mask rpf-address preference no ip mroute source-address source • source-address — The IP address of the multicast data source. • source-mask — The IP subnet mask of the multicast data source. • rpf-address — The IP address of the next hop towards the source. • preference — The cost of the route (Range: 1 - 255). Default Configuration There is no default configuration for this command.
no ip multicast Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables IP multicast on the router. console#configure console(config)#ip multicast console(config)#no ip multicast ip multicast ttl-threshold Use the ip multicast ttl-threshold command in Interface Configuration mode to apply a ttlvalue to a routing interface.
User Guidelines This command has no user guidelines. Example The following example applies a ttlvalue of 5 to the VLAN 15 routing interface. console(config)#interface vlan 15 console(config-if-vlan15)#ip multicast ttl-threshold 5 ip pimsm The ip pimsm command is used to administratively enable PIM-SM multicast routing mode on a particular router interface. Use the “no” form of this command to disable PIM SM on an interface. This command deprecates the ip pimsm mode command.
ip pimsm bsr-border The ip pimsm bsr-border command is used to prevent bootstrap router (BSR) messages from being sent or received through an interface. Use the “no” form of this command to disable the interface from being the BSR border. Syntax ip pimsm bsr-border no ip pimsm bsr-border Default Configuration The interface is not enabled to send BSR messages by default. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command.
• hash-mask-length — The length of a mask that is to be ANDed with the group address before the hash function is called. All groups with the same seed hash correspond to the same RP. For example, if this value is 24, only the first 24 bits of the group addresses matter. This allows you to get one RP for multiple groups. (Range 0–32 bits). • priority — The priority of the candidate BSR. The BSR with the higher priority is preferred.
Default Configuration The default election priority is 1. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ip pimsm dr-priority 12 ip pimsm hello-interval The ip pimsm hello-interval command is used to configure the PIM-SM Hello Interval for the specified interface. Use the “no” form of this command to set the hello interval to the default. This command deprecates the ip pimsm query-interval command.
Example console(config-if-vlan3)#ip pimsm hello-interval 60 ip pimsm join-prune-interval The ip pimsm join-prune-interval command is used to configure the interface join/prune interval for the PIM-SM router. Use the “no” form of this command to set the join/prune interval to the default. This command deprecates the ip pimsm message-interval command. Syntax ip pimsm join-prune-interval interval no ip pimsm join-prune-interval • interval — The join/prune interval (Range: 0–18000 seconds).
Syntax ip pimsm register-threshold threshold no ip pimsm register-threshold • threshold — The threshold rate (Range: 0–2000 Kbps). Default Configuration The default threshold rate is 0. Previously, the default was 50. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Default Configuration There are no static RP addresses configured by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip pimsm rp-address 192.168.20.1 225.1.0.0 255.255.255.0 ip pimsm rp-candidate The ip pimsm rp-candidate command is used to configure the router to advertise itself as a PIM candidate rendezvous point (RP) to the bootstrap router (BSR).
User Guidelines There are no user guidelines for this command. Example console(config)#ip pimsm rp-candidate interface vlan 3 225.2.0.0 255.255.0.0 ip pimsm spt-threshold The ip pimsm spt-threshold command is used to configure the Data Threshold rate for the last-hop router to switch to the shortest path. Use the “no” form of this command to set the data threshold to the default. Syntax ip pimsm spt-threshold threshold no ip pimsm spt-threshold • threshold — The threshold rate (Range: 0–2000 Kbps).
Syntax ip pimsm ssm {default | group-address group-mask} no ip pimsm ssm • default — Defines the SSM range access list to 232/8. • group-address group-mask — defines the SSM range. Default Configuration There is no SSM range defined by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip pimsm ssm default console(config)#ip pimsm ssm 224.1.0.0 255.255.0.
User Guidelines This command has no user guidelines. Example The following command shows information about the entries in the multicast address table. console#show bridge multicast address-table count Capacity: 1024 Used: 4 Static addresses: 2 Dynamic addresses: 1 Forbidden addresses: 1 The following table shows the information the command displays: Field Description Capacity The maximum number of addresses that can be stored in the multicast address table.
Syntax show ip mcast Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays system-wide multicast information. console#show ip mcast Admin Mode..................................... Enabled Protocol State................................. Non-Operational Table Max Size................................. 256 Protocol.......................................
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays all the configured administrative scoped multicast boundaries. console#show ip mcast boundary all MULTICAST BOUNDARY Interface -------- Group ------ Ip Mask --------------- show ip mcast interface Use the show ip mcast interface command in Privileged EXEC mode to display the multicast information for the specified interface.
Example The following example displays the multicast information for VLAN 15. console#show ip mcast interface vlan 15 Interface TTL --------- ----- show ip mcast mroute Use the show ip mcast mroute command in Privileged EXEC mode to display a summary or all the details of the multicast table. Syntax show ip mcast mroute {detail | summary} Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
Expiry Up Time Source Ip Group Ip Time(secs) (secs) RPF Neighbor Flags --------- ----------- ---------- ----------- --------------- ----- show ip mcast mroute group Use the show ip mcast mroute group command in Privileged EXEC mode to display the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the entries in the multicast mroute table containing the groupipaddr value.
console#show ip mcast mroute group 224.5.5.
console#show ip mcast mroute source 10.1.1.1 224.5.5.5 Multicast Route Table Expiry Up Time Source IP Group IP Time(secs) (secs) RPF Neighbor Flags --------- --------- ----------- ----------- ------------ ----- show ip mcast mroute static Use the show ip mcast mroute static command in Privileged EXEC mode to display all the static routes configured in the static mcast table if it is specified or display the static route associated with the particular sourceipaddr.
show ip pimsm bsr The show ip pimsm bsr command displays the bootstrap router (BSR) information. The output includes elected BSR information and information about the locally configured candidate rendezvous point (RP) advertisement. This command deprecates the show ip pimsm componenttable command. Syntax show ip pimsm bsr Default Configuration There is no default configuration for this command.
Example console#show ip pimsm bsr BSR Address.................................... 1.1.1.1 BSR Priority................................... 20 BSR Hash Mask Length........................... 10 Next bootstrap message(hh:mm:ss)............... 00:00:11 Next Candidate RP advertisement(hh:mm:ss)...... 00:00:00 show ip pimsm interface The show ip pimsm interface command displays interface config parameters. If no interface is specified, all interfaces are displayed.
Example console#show ip pimsm interface vlan 3 Slot/Port...................................... vlan 3 IP Address..................................... 1.1.1.1 Subnet Mask.................................. 255.255.255.0 Hello Interval (secs).......................... 30 Join Prune Interval (secs)..................... 60 Neighbor Count................................. 0 Designated Router.............................. 1.1.1.1 DR Priority.................................... 1 BSR Border.........................
Example console#show ip pimsm rphash 225.1.0.5 RP Type Address ---------------- ----1.1.1.1 Static show ip pimsm rp mapping The show ip pimsm rp mapping command is used to display all group-to-RP mappings of which the router is aware (either configured or learned from the bootstrap router (BSR)). If no RP is specified, all active RPs are displayed. This command deprecates the show ip pimsm rp candidate, show ip pimsm staticrp and show ip pimsm rp commands.
Example console#show ip pimsm rp mapping Group Address.......................... 225.1.0.0 Group Mask............................. 255.255.255.0 RP Address............................. 1.1.1.1 origin................................. Static Group Address.......................... 225.2.0.0 Group Mask............................. 255.255.255.0 RP Address............................. 2.2.2.2 origin.................................
OSPF Commands 44 This chapter explains the following commands: • area default-cost • area nssa • area nssa default-info-originate • area nssa no-redistribute • area nssa no-summary • area nssa translator-role • area nssa translator-stab-intv • area range • area stub • area stub no-summary • area virtual-link • area virtual-link authentication • area virtual-link dead-interval • area virtual-link hello-interval • area virtual-link retransmit-interval • area virtual-link trans
• exit-overflow-interval • external-lsdb-limit • ip ospf area • ip ospf authentication • ip ospf cost • ip ospf dead-interval • ip ospf hello-interval • ip ospf mtu-ignore • ip ospf network • ip ospf priority • ip ospf retransmit-interval • ip ospf transmit-delay • maximum-paths • passive-interface default • nsf • nsf helper • nsf helper strict-lsa-checking • nsf restart-interval • passive-interface default • passive-interface • redistribute • router-id • ro
• show ip ospf interface • show ip ospf interface brief • show ip ospf interface stats • show ip ospf neighbor • show ip ospf range • show ip ospf statistics • show ip ospf stub table • show ip ospf virtual-link • show ip ospf virtual-link brief • timers spf • 1583compatibility OSPF Commands 855
area default-cost Use the area default-cost command in Router OSPF Configuration mode to configure the monetary default cost for the stub area. Use the no form of the command to return the cost to the default value. Syntax area area-id default-cost integer no area area-id default-cost • area-id — Identifies the OSPF stub area to configure. (Range: IP address or decimal from 0-4294967295) • integer — The default cost for the stub area.
Syntax area area-id nssa no area area-id nssa • area-id — Identifies the OSPF not-so-stubby-area. (Range: 0–4294967295) Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures not-so-stubby-area 10 as an NSSA.
• integer — Specifies the metric of the default route advertised to the NSSA. (Range: 1–16777214) • comparable — A metric type of nssa-external 1 • non-comparable — A metric type of nssa-external 2 Default Configuration If no metric is defined, 10 is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the metric value and type for the default route advertised into the NSSA.
Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the NSSA ABR. console(config-router)#area 20 nssa no-redistribute area nssa no-summary Use the area nssa no-summary command in Router OSPF Configuration mode to configure the NSSA so that summary LSAs are not advertised into the NSSA. Syntax area area-id nssa no-summary no area area-id nssa no-summary • area-id — Identifies the OSPF NSSA to configure.
area nssa translator-role Use the area nssa translator-role command in Router OSPF Configuration mode to configure the translator role of the NSSA. Syntax area area-id nssa translator-role {always | candidate} no area area-id nssa translator-role • area-id — Identifies the OSPF NSSA to configure. (Range: IP address or decimal from 0–4294967295) • always — The router assumes the role of the translator when it becomes a border router.
Syntax area area-id nssa translator-stab-intv integer no area area-id nssa translator-stab-intv • area-id — Identifies the OSPF NSSA to configure. (Range: IP address or decimal from 0–4294967295) • integer — The period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router. (Range: 0–3600) Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode.
Syntax area area-id range ip-address subnet-mask {summarylink | nssaexternallink} [advertise |not-advertise] no area area-id range ip-address subnet-mask {summarylink | nssaexternallink} • area-id — Identifies the OSPF NSSA to configure. (Range: IP address or decimal from 0–4294967295) • ip-address — IP address. • subnet-mask — Subnet mask associated with IP address. • summarylink — Specifies a summary link LSDB type. • nssaexternallink — Specifies an NSSA external link LSDB type.
External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area. Use the no form of the command to remove the stub area. Syntax area area-id stub no area area-id stub • area-id — Identifies the area identifier of the OSPF stub. (Range: IP address or decimal from 0–4294967295) Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines.
no area area-id stub no-summary • area-id — Identifies the OSPF area to configure. (Range: IP address or decimal from 0–4294967295) Default Configuration Disabled is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example prevents the Summary LSA from being advertised into the area 3 NSSA.
Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example creates an OSPF virtual interface for area 10 and neighbor router. console(config-router)#area 10 virtual-link 192.168.2.2 area virtual-link authentication Use the area virtual-link authentication command in Router OSPF Configuration mode to configure the authentication type and key for the OSPF virtual interface identified by the area ID and neighbor ID.
Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode. User Guidelines Unauthenticated interfaces do not need an authentication key. Example The following example configures the authentication type and key for the area 10 OSPF virtual interface and neighbor ID. console(config-router)#area 10 virtual-link 192.168.2.
Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the dead interval for the area 10 OSPF virtual interface on the virtual interface and neighbor router. console(config-router)#area 10 virtual-link 192.168.2.
User Guidelines This command has no user guidelines. Example The following example configures a 50-second wait interval. console(config-router)#area 10 virtual-link 192.168.2.2 hello-interval 50 area virtual-link retransmit-interval Use the area virtual-link retransmit-interval command in Router OSPF Configuration mode to configure the retransmit interval for the OSPF virtual interface on the virtual interface identified by the area ID and neighbor ID.
Example The following example configures a 500-second retransmit wait interval. console(config-router)#area 10 virtual-link 192.168.2.2 retransmit-interval 500 area virtual-link transmit-delay Use the area virtual-link transmit-delay command in Router OSPF Configuration mode to configure the transmit delay for the OSPF virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the transmit delay to the default value.
console(config-router)#area 10 virtual-link 192.168.2.2 transmit-delay 40 auto-cost By default, OSPF computes the link cost of each interface from the interface bandwidth. The link cost is computed as the ratio of a “reference bandwidth” to the interface bandwidth (ref_bw / interface bandwidth), where interface bandwidth is defined by the “bandwidth” command. Because the default reference bandwidth is 100 Mbps, OSPF uses the same default link cost for all interfaces whose bandwidth is 100 Mbps or greater.
bandwidth By default, OSPF computes the link cost of an interface as the ratio of the reference bandwidth to the interface bandwidth. Reference bandwidth is specified with the auto-cost command. For the purpose of the OSPF link cost calculation, the bandwidth command specifies the interface bandwidth. The bandwidth is specified in kilobits per second.
no capability opaque Default Configuration Opaque Capability is enabled by default. Command Mode Router Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-router)#capability opaque clear ip ospf Use the clear ip ospf command to reset specific OSPF states. If no parameters are specified, OSPF is disabled and then re-enabled.
Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Example The following example shows the options for the clear ip ospf command. console#clear ip ospf ? Press enter to execute the command.
Default Configuration The default metric is none and the default type is 2. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example always advertises default routes. console(config-router)#default-information originate always metric 100 metric-type 1 default-metric Use the default-metric command in Router OSPF Configuration mode to set a default for the metric of distributed routes.
Example The following example sets a value of 50 for the default metric. console(config-router)#default-metric 50 distance ospf The distance ospf command sets the preference values of OSPF route types in the router. Lower route preference values are preferred when determining the best route. The type of OSPF route can be intra, inter, external. All the external type routes are given the same preference value. Use the “no” form of this command to reset the preference values to the default.
distribute-list out Use the distribute-list out command in Router OSPF Configuration mode to specify the access list to filter routes received from the source protocol. Use the no form of the command to remove the specified source protocol from the access list. Syntax distribute-list accesslistname out {rip|static \ connected} no distribute-list accesslistname out {rip|static \ connected} • accesslistname — The name used to identify an existing ACL. The range is 1–31 characters.
enable Use the enable command in Router OSPF Configuration mode to reset the default administrative mode of OSPF in the router (active). Use the no form of the command to disable the administrative mode for OSPF. Syntax enable no enable Default Configuration Enabled is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example enables OSPF router mode.
• seconds — Number of seconds after entering overflow state that a router will wait before attempting to leave the overflow state. (Range: 0–2147483647) Default Configuration 0 seconds is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets the exit overflow interval for OSPF at 10 seconds.
Command Mode Router OSPF Configuration mode. User Guidelines The external LSDB limit MUST be set identically in all routers attached to the OSPF backbone and/or any regular OSPF area. Example The following example configures the external LSDB limit for OSPF with the number of non-default ASexternal-LSAs set at 20. console(config-router)#external-lsdb-limit 20 ip ospf area The ip ospf area command enables OSPFv2 and sets the area ID of an interface.
Example console(config-if-vlan1)#ip ospf area 192.168.1.10 ip ospf authentication Use the ip ospf authentication command in the Interface Configuration mode to set the OSPF Authentication Type and Key for the specified interface. Use the no form of the command to return the authentication type to the default value. Syntax ip ospf authentication {none | {simple key} | {encrypt key key-id}} no ip ospf authentication • encrypt — MD5 encrypted authentication key.
console(config-if-vlan15)#ip ospf authentication encrypt test123 100 ip ospf cost Use the ip ospf cost command in Interface Configuration mode to configure the cost on an OSPF interface. Use the no form of the command to return the cost to the default value. Syntax ip ospf cost integer no ip ospf cost • integer — Specifies the cost (link-state metric) of the OSPF interface. (Range: 1–65535) Default Configuration 10 is the default link-state metric configuration.
Syntax ip ospf dead-interval seconds no ip ospf dead-interval • seconds — Number of seconds that a router's Hello packets have not been seen before its neighbor routers declare that the router is down. (Range: 1–65535) Default Configuration 40 is the default number of seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines The value for the length of time must be the same for all routers attached to a common network. This value should be some multiple of the Hello Interval (i.e. 4).
Default Configuration 10 is the default number of seconds. Command Mode Interface Configuration (VLAN) mode. User Guidelines The value for the length of time must be the same for all routers attached to a network. Example The following example sets the OSPF hello interval at 30 seconds. console(config-if-vlan15)#ip ospf hello-interval 30 ip ospf mtu-ignore Use the ip ospf mtu-ignore command in Interface Configuration mode to disable OSPF maximum transmission unit (MTU) mismatch detection.
User Guidelines This command has no user guidelines. Example The following example disables OSPF MTU mismatch detection on VLAN interface 15. console(config-if-vlan15)#ip ospf mtu-ignore ip ospf network Use the ip ospf network command to configure OSPF to treat an interface as a point-to-point rather than broadcast interface. To return to the default value, use the no form of this command.
Example The following example shows the options for the ip ospf network command. console(config-if-vlan1)#ip ospf network ? broadcast point-to-point Set the OSPF network type to Broadcast Set the OSPF network type to Point-to-Point ip ospf priority Use the ip ospf priority command in Interface Configuration mode to set the OSPF priority for the specified router interface. Use the no form of the command to return the priority to the default value.
ip ospf retransmit-interval Use the ip ospf retransmit-interval command in Interface Configuration mode to set the OSPF retransmit Interval for the specified interface. Use the no form of the command to return the interval to the default value. Syntax ip ospf retransmit-interval seconds no ip ospf retransmit-interval • seconds — Number of seconds between link-state advertisement retransmissions for adjacencies belonging to this router interface.
Syntax ip ospf transmit-delay seconds no ip ospf transmit-delay • seconds — Sets the estimated number of seconds it takes to transmit a link state update packet over this interface. (Range: 1–3600 seconds) Default Configuration 1 is the default number of seconds. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets the OSPF Transit Delay for VLAN 15 at 20 seconds.
Command Mode Router OSPF Configuration mode. User Guidelines OSPF is only enabled on an interface if the primary IPv4 address on the interface matches a network area range. Any individual interface can only be attached to a single area. If an interface address matches multiple network area ranges, the interface is assigned to the area for the first matching range. If the ip ospf area command is given for an interface, it overrides any matching network area command.
Default Configuration OSPFv2 is disabled Command Mode Router OSPF Configuration mode. User Guidelines OSPF is only enabled on an interface if the primary IPv4 address on the interface matches a network area range. Any individual interface can only be attached to a single area. If an interface address matches multiple network area ranges, the interface is assigned to the area for the first matching range. If the ip ospf area command is given for an interface, it overrides any matching network area command.
planned-only — This keyword indicates that OSPF should only perform a graceful restart when the restart is planned (i.e., when the restart is a result of the initiate failover command). Default Configuration Graceful restart is disabled by default Command Mode Router OSPF Configuration mode User Guidelines Graceful restart works in concert with nonstop forwarding to enable the hardware to continue forwarding IPv4 packets using OSPFv2 routes while a backup unit takes over management unit responsibility.
no nsf helper • planned-only — This keyword indicates that OSPF should only help a restarting router performing a planned restart. Default Configuration OSPF may act as a helpful neighbor for both planned and unplanned restarts Command Mode Router OSPF Configuration mode User Guidelines The grace LSA announcing the graceful restart includes a restart reason. Reasons 1 (software restart) and 2 (software reload/upgrade) are considered planned restarts.
Default Configuration A helpful neighbor exits helper mode when a topology change occurs. Command Mode Router OSPF Configuration mode User Guidelines The restarting router is unable to react to topology changes. In particular, the restarting router will not immediately update its forwarding table; therefore, a topology change may introduce forwarding loops or black holes that persist until the graceful restart completes.
Default Configuration The default restart interval is 120 seconds. Command Mode Router OSPF User Guidelines The grace period must be set long enough to allow the restarting router to reestablish all of its adjacencies and complete a full database exchange with each of those neighbors. Example – passive-interface default The passive-interface default command enables the global passive mode by default for all interfaces. It overrides any interface level passive mode.
Example console(config-router)#passive-interface passive-interface Use the passive-interface command to set the interface as passive. It overrides the global passive mode that is currently effective on the interface. Use the “no” form of this command to set the interface as non-passive. Syntax passive-interface vlan vlan-id no passive-interface vlan vlan-id • vlan-id — The vlan number Default Configuration Passive interface mode is disabled by default. Command Mode Router OSPF Configuration mode.
Syntax redistribute {rip | static | connected} [metric integer] [metric-type {1 | 2}] [tag integer] [subnets] no redistribute {rip | static | connected} [metric integer] [metric-type {1 | 2}] [tag integer] [subnets] • rip — Specifies RIP as the source protocol. • static — Specifies that the source is a static route. • connected — Specifies that the source is a directly connected route. • metric — Specifies the metric to use when redistributing the route.
router-id Use the router-id command in Router OSPF Configuration mode to set a 4digit dotted-decimal number uniquely identifying the router OSPF ID. Syntax router-id ip-address • ip-address — IP address that uniquely identifies the router OSPF ID. Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example defines the router OSPF ID as 5.5.5.5.
Command Mode Global Configuration mode. User Guidelines The command prompt changes when the router ospf command executes. Example The following example enters into router OSPF mode. console(config)#router ospf console(config-router)# show ip ospf Use the show ip ospf command to display information relevant to the OSPF router. This command has been modified to show additional fields. Syntax show ip ospf Default Configuration There is no default configuration for this command.
RFC 1583 Compatibility This configuration option controls the preference rules used when choosing among multiple external LSAs advertising the same destination. When enabled, the preference rules remain those specified by RFC 1583. When disabled, the preference rules are those stated in Section 16.4.1 of RFC 2328. These rules prevent routing loops when external LSAs for the same destination have been originated from different areas.
Number of Active Areas The number of OSPF areas to which the router is attached on interfaces that are up. ABR Status Shows whether the router is an OSPF Area Border Router. ASBR Status Indicates whether the router is an autonomous system border router. Router automatically becomes an ASBR when it is configured to redistribute routes learned from another protocol.
LSA High Water Mark The maximum number of LSAs that have been in the link state database since OSPF began operation. Retransmit List Entries The current number of entries on all neighbors’ retransmit lists. Maximum Number The maximum number of entries that can be on neighbors’ of Retransmit retransmit lists at any given time. This is the sum for all Entries neighbors.
Distribute-List Shows the access list used to filter redistributed routes. Example The following example displays OSPF router information. console#show ip ospf Router ID...................................... 1.1.1.1 OSPF Admin Mode................................ Enable RFC 1583 Compatibility......................... Enable External LSDB Limit............................ No Limit Exit Overflow Interval......................... 0 Spf Delay Time................................. 5 Spf Hold Time.............
ASBR Status.................................... Disable Stub Router.................................... FALSE External LSDB Overflow......................... FALSE External LSA Count............................. 0 External LSA Checksum.......................... 0 AS_OPAQUE LSA Count............................ 0 AS_OPAQUE LSA Checksum......................... 0 New LSAs Originated............................ 25 LSAs Received.................................. 7 LSA Count......................................
show ip ospf abr The show ip ospf abr command displays the internal OSPF routing table entries to Area Border Routers (ABR). This command takes no options. Syntax show ip ospf abr Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Example console#show ip ospf abr Type Router Id Cost Area ID Next Hop ----- --------- ----- --------------- --------- NextHop Intf ------- INTRA 3.3.3.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays OSPF router information. console#show ip ospf area 10 AreaID......................................... 0.0.0.10 External Routing............................... Import External LSAs Spf Runs....................................... 0 Area Border Router Count....................... 0 Area LSA Count.......................
Default Metric................................. 250 Default Metric Type......................... Non-Comparable Translator Role................................ Candidate Translator Stability Interval.................. 2000 Translator State............................... Disabled show ip ospf asbr The show ip ospf asbr command displays the internal OSPF routing table entries to Autonomous System Boundary Routes (ASBR). This command takes no options.
show ip ospf database Use the show ip ospf database command in Privileged EXEC mode to display information about the link state database when OSPF is enabled. If parameters are entered, the command displays the LSA headers. Use the optional parameters to specify the type of link state advertisements to display.
Example The following example displays information about the link state database when OSPF is enabled. console#show ip ospf database Router Link States (Area 0.0.0.0) Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----5.2.0.0 0.0.0.0 1360 80000006 3a1f ------ ----- 5.2.0.0 5.2.0.0 1360 80000009 a47e ------ ---E- 20.20.20.20 20.20.20.20 1165 8000000b 0f80 -E---- ----- Network Link States (Area 0.0.0.
Link Opaque States (Area 0.0.0.0) Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----5.2.0.0 0.0.0.0 1361 80000005 ef59 ------ Area Opaque States (Area 0.0.0.0) Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----5.2.0.0 0.0.0.
show ip ospf database database-summary Use the show ip ospf database database-summary command to display the number of each type of LSA in the database for each area and for the router. The command also displays the total number of LSAs in the database. This command has been modified. Syntax show ip ospf database database-summary Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode.
Example The following example displays the number of each type of LSA in the database for each area and for the router. console#show ip ospf database database-summary OSPF Router with ID (5.5.5.5) Area 0.0.0.0 database summary Router......................................... 0 Network........................................ 0 Summary Net.................................... 0 Summary ASBR................................... 0 Type-7 Ext..................................... 0 Self Originated Type-7.............
Router......................................... 0 Network........................................ 0 Summary Net.................................... 0 Summary ASBR................................... 0 Type-7 Ext..................................... 0 Opaque Link.................................... 0 Opaque Area.................................... 0 Type-5 Ext..................................... 0 Self-Originated Type-5 Ext..................... 0 Opaque AS...................................... 0 Total.......
Example The following example displays the information for the IFO object or virtual interface tables associated with VLAN 3. console#show ip ospf interface vlan 10 IP Address.......................... 1.1.1.1 Subnet Mask......................... 255.255.255.0 Secondary IP Address(es)............. OSPF Admin Mode...................... Enable OSPF Area ID......................... 0.0.0.0 OSPF Network Type.................... Broadcast Router Priority...................... 1 Retransmit Interval..............
show ip ospf interface brief Use the show ip ospf interface brief command in Privileged EXEC mode to display brief information for the IFO object or virtual interface tables. Syntax show ip ospf interface brief Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays brief information for the IFO object or virtual interface tables.
Syntax show ip ospf interface stats vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays the ospf statistics for VLAN 15. console>show ip ospf interface stats vlan15 OSPF Area ID........................................... 0.0.0.0 Area Border Router Count............................... 0 AS Border Router Count..................
• vlan-id — Valid VLAN ID. • ip-address — Valid IP address of the neighbor. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following examples display information about OSPF neighbors on the specified Ethernet and IP interfaces. console #show ip ospf neighbor 10.1.23.50 Interface................................. vlan 20 Neighbor IP Address....................... 10.1.13.
Field Descriptions Interface — The name of the interface on which the adjacency is formed. Neighbor IP Address — The IPv4 address on the neighbor's interface used to form the adjacency. Interface Index — The SNMP interface index.
– Software restart (1) – Software reload/upgrade (2) – Switch to redundant control processor (3) – Unrecognized - a value not defined in RFC 3623 When FASTPATH sends a grace LSA, it sets the Restart Reason to Software Restart on a planned warm restart (when the "initiate failover" command is invoked), and to Unknown on an unplanned warm restart. • Remaining Grace Time — The number of seconds remaining in the current graceful restart interval.
show ip ospf range Use the show ip ospf range command in Privileged EXEC mode to display information about the area ranges for the specified area-id. Syntax show ip ospf range area-id • area-id — Identifies the OSPF area whose ranges are being displayed. (Range: IP address or decimal from 0–4294967295) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines.
Syntax show ip ospf statistics Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example console>show ip ospf statistics Area 0.0.0.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays the OSPF stub table. console(config)#show ip ospf stub table AreaId TypeofService Metric Val Import SummaryLSA ------------- ------------- ---------- ----------------- 0.0.0.
Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays the OSPF Virtual Interface information for area 10 and its neighbor. console#show ip ospf virtual-link 10 192.168.2.2 Area ID........................................ 10 Neighbor Router ID............................. 192.168.2.2 Hello Interval................................. 10 Dead Interval.................................. 655555 Iftransit Delay Interval.......................
Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays the OSPF Virtual Interface information in the system. console#show ipv6 ospf virtual-link brief Hello Dead Retransmit Transit Area ID Neighbor Interval Interval Interval Delay ------- -------- -------- -------- ---------- -------- 0.0.0.2 5.5.5.
User Guidelines This command has no user guidelines. Example The following example configures the SPF delay and hold time. console(config-router)#timers spf 20 30 1583compatibility Use the 1583compatibility command in Router OSPF Configuration mode to enable OSPF 1583 compatibility. Use the no form of the command to disable it. Syntax 1583compatibility no 1583compatibility Default Configuration Enabled is the default configuration. Command Mode Router OSPF Configuration mode.
OSPF Commands
OSPFv3 Commands 45 This chapter explains the following commands: • area default-cost • area nssa • area nssa default-info-originate • area nssa no-redistribute • area nssa no-summary • area nssa translator-role • area nssa translator-stab-intv • area range • area stub • area stub no-summary • area virtual-link • area virtual-link dead-interval • area virtual-link hello-interval • area virtual-link retransmit-interval • area virtual-link transmit-delay • default-information o
• ipv6 ospf hello-interval • ipv6 ospf mtu-ignore • ipv6 ospf network • ipv6 ospf priority • ipv6 ospf retransmit-interval • ipv6 ospf transmit-delay • ipv6 router ospf • maximum-paths • nsf • nsf helper • nsf helper strict-lsa-checking • nsf restart-interval • passive-interface • passive-interface default • redistribute • router-id • show ipv6 ospf • show ipv6 ospf abr • show ipv6 ospf area • show ipv6 ospf asbr • show ipv6 ospf database • show ipv6 ospf data
• show ipv6 ospf virtual-link • show ipv6 ospf virtual-link brief OSPFv3 Commands 927
area default-cost Use the area default-cost command in Router OSPFv3 Configuration mode to configure the monetary default cost for the stub area. The operator must specify the area id and an integer value between 1-16777215. Use the no form of the command to return the cost to the default value. Syntax area areaid default-cost cost no area areaid default-cost • areaid — Valid area identifier. • cost — Default cost. (Range: 1-16777215) Default Configuration This command has no default configuration.
Syntax area areaid nssa no area areaid nssa • areaid — Valid OSPFv3 area identifier. Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures area 1 to function as an NSSA.
• comparable — Metric Type (nssa-external 1). • non-comparable — Metric Type (nssa-external 2). Default Configuration If no metric is defined, 10 is the default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the default metric value for the default route advertised into the NSSA.
Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the area 1 NSSA ABR so that learned external routes will not be redistributed to the NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 nssa no-redistribute area nssa no-summary Use the area nssa no-summary command in Router OSPFv3 Configuration mode to configure the NSSA so that summary LSAs are not advertised into the NSSA.
Example The following example configures the area 1 NSSA so that summary LSAs are not advertised into the NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 nssa no-summary area nssa translator-role Use the area nssa translator-role command in Router OSPFv3 Configuration mode to configure the translator role of the NSSA. Use the no form of the command to remove the configuration.
console(config-rtr)#area 1 nssa translator-role always area nssa translator-stab-intv Use the area nssa translator-stab-intv command in Router OSPFv3 Configuration mode to configure the translator stability interval of the NSSA. The stability interval is the period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router.
area range Use the area range command in Router OSPF Configuration mode to configure a summary prefix for routes learned in a given area. There are two types of area ranges. An area range can be configured to summarize intra-area routes. An ABR advertises the range rather than the specific intra-area route as a type 3 summary LSA. Also, an area range can be configured at the edge of an NSSA to summarize external routes reachable within the NSSA. The range is advertised as a type 5 external LSA.
Example The following example creates an area range for the area 1 NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 range 2020:1::1/64 summarylink area stub Use the area stub command in Router OSPFv3 Configuration mode to create a stub area for the specified area ID. A stub area is characterized by the fact that AS External LSAs are not propagated into the area. Removing AS External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area.
area stub no-summary Use the area stub no-summary command in Router OSPFv3 Configuration mode to disable the import of Summary LSAs for the stub area identified by areaid. Syntax area areaid stub no-summary no area areaid stub no-summary • areaid — Valid OSPFv3 area identifier. Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
no area areaid virtual-link neighbor-id • areaid — Valid OSPFv3 area identifier (or decimal value in the range of 04294967295). • neighbor-id — Identifies the Router ID or IP address of the neighbor. Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example creates the OSPF virtual interface for area 1 and its neighbor router.
Default Configuration 40 is the default value for seconds. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures a 20-second dead interval for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
User Guidelines This command has no user guidelines. Example The following example configures a hello interval of 20 seconds for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
Example The following example configures the retransmit interval of 20 seconds for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor. (config)#ipv6 router ospf (config-rtr)#area 1 virtual-link 2 retransmitinterval 20 area virtual-link transmit-delay Use the area virtual-link transmit-delay command in Router OSPFv3 Configuration mode to configure the transmit delay for the OSPF virtual interface on the virtual interface identified by areaid and neighbor.
console(config-rtr)#area 1 virtual-link 2 transmitdelay 20 default-information originate Use the default-information originate command in Router OSPFv3 Configuration mode to control the advertisement of default routes. Use the no form of the command to return the default route advertisement settings to the default value. Syntax default-information originate [always] [metric integer] [metric-type {1 | 2}] no default-information originate [metric] [metric-type] • always — Always advertise default routes.
console(config-rtr)#default-information originate metric 100 metric-type 2 default-metric Use the default-metric command in Router OSPFv3 Configuration mode to set a default for the metric of distributed routes. Syntax default-metric metric no default-metric • metric — Metric value used for distribution (Range: 1-16777214) Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
Syntax distance ospf {external | inter-area | intra-area } distance no distance ospf {external | inter-area | intra-area } distance • distance— Used to select the best path when there are two or more routes to the same destination from two different routing protocols (Range: 1–255). Default Configuration The default preference value is 110. Command Mode Router OSPF Configuration mode. Router OSPFv3 Configuration mode. User Guidelines There are no user guidelines for this command.
Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example enables administrative mode of OSPF in the router (active). console(config)#ipv6 router ospf console(config-rtr)#enable exit-overflow-interval Use the exit-overflow-interval command in Router OSPFv3 Configuration mode to configure the exit overflow interval for OSPF.
Example The following example configures the exit overflow interval for OSPF at 100 seconds. console(config)#ipv6 router ospf console(config-rtr)#exit-overflow-interval 100 external-lsdb-limit Use the external-lsdb-limit command in Router OSPFv3 Configuration mode to configure the external LSDB limit for OSPF. If the value is -1, then there is no limit. When the number of non-default AS-external-LSAs in a router's link-state database reaches the external LSDB limit, the router enters overflow state.
Example The following example sets the external LSDB limit at 100 for OSPF. console(config)#ipv6 router ospf console(config-rtr)#external-lsdb-limit 100 ipv6 ospf Use the ipv6 ospf command in Interface Configuration mode to enable OSPF on a router interface or loopback interface. Syntax ipv6 ospf no ipv6 ospf Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines.
Syntax ipv6 ospf areaid areaid no ipv6 ospf areaid areaid • areaid — Is a 32-bit integer, formatted as a 4-digit dotted-decimal number or a decimal value. It uniquely identifies the area to which the interface connects. Assigning an area id which does not exist on an interface causes the area to be created with default values. (Range: 0-4294967295). Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode.
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines. Example The following example configures a cost of 100. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf cost 100 ipv6 ospf dead-interval Use the ipv6 ospf dead-interval command in Interface Configuration mode to set the OSPF dead interval for the specified interface.
Example The following example sets the OSPF dead interval at 100 seconds. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf dead-interval 100 ipv6 ospf hello-interval Use the ipv6 ospf hello-interval command in Interface Configuration mode to set the OSPF hello interval for the specified interface. Syntax ipv6 ospf hello-interval seconds no ipv6 ospf hello-interval • seconds — A valid positive integer which represents the length of time of the OSPF hello interval.
ipv6 ospf mtu-ignore Use the ipv6 ospf mtu-ignore command in Interface Configuration mode to disable OSPF maximum transmission unit (MTU) mismatch detection. OSPF Database Description packets specify the size of the largest IP packet that can be sent without fragmentation on the interface. When a router receives a Database Description packet, it examines the MTU advertised by the neighbor.
default to point-to-point. When an Ethernet port is used as a single large bandwidth IP network between two routers, the network type can be point-topoint since there are only two routers. Using point-to-point as the network type eliminates the overhead of the OSPF designated router election. It is normally not useful to set a tunnel to OSPF network type broadcast. Syntax ipv6 ospf network { broadcast | point-to-point } no ipv6 ospf network • broadcast — The network type is broadcast.
Syntax ipv6 ospf priority priority no ipv6 ospf priority • priority — OSPF priority for specified interface. (Range: 0-255. A value of 0 indicates that the router is not eligible to become the designated router on this network) Default Configuration 1, the highest router priority, is the default value. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines. Example The following example sets the OSPF priority at 50 for VLAN 15.
Default Configuration 5 seconds is the default value. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines. Example The following example sets the OSPF retransmit interval at 100 seconds. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf retransmitinterval 100 ipv6 ospf transmit-delay Use the ipv6 ospf transmit-delay command in Interface Configuration mode to set the OSPF Transmit Delay for the specified interface.
User Guidelines This command has no user guidelines. Example The following example sets the OSPF Transmit Delay at 100 seconds for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf transmit-delay 100 ipv6 router ospf Use the ipv6 router ospf command in Global Configuration mode to enter Router OSPFv3 Configuration mode. Syntax ipv6 router ospf Default Configuration This command has no default configuration. Command Mode Global Configuration mode.
Syntax maximum-paths maxpaths no maximum-paths • maxpaths — Number of paths that can be reported. (Range: 1-2) Default Configuration 2 is the default value for maxpaths. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets the number of paths that OSPF can report for a destination to 1. console(config)#ipv6 router ospf console(config-rtr)#maximum-paths 1 nsf Use this command to enable OSPF graceful restart.
Default Configuration Graceful restart is disabled by default Command Mode Router OSPFv3 Configuration mode User Guidelines Graceful restart works in concert with nonstop forwarding to enable the hardware to continue forwarding IPv6 packets using OSPFv3 routes while a backup unit takes over management unit responsibility. When OSPF executes a graceful restart, it informs its neighbors that the OSPF control plane is restarting, but that it will be back shortly.
Default Configuration OSPF may act as a helpful neighbor for both planned and unplanned restarts Command Mode Router OSPFv3 Configuration mode User Guidelines The grace LSA announcing the graceful restart includes a restart reason. Reasons 1 (software restart) and 2 (software reload/upgrade) are considered planned restarts. Reasons 0 (unknown) and 3 (switch to redundant control processor) are considered unplanned restarts.
Command Mode Router OSPFv3 Configuration mode User Guidelines The restarting router is unable to react to topology changes. In particular, the restarting router will not immediately update its forwarding table; therefore, a topology change may introduce forwarding loops or black holes that persist until the graceful restart completes. By exiting the graceful restart on a topology change, a router tries to eliminate the loops or black holes as quickly as possible by routing around the restarting router.
Command Mode Router OSPFv3 Configuration mode User Guidelines The grace period must be set long enough to allow the restarting router to reestablish all of its adjacencies and complete a full database exchange with each of those neighbors. Example – passive-interface Use the passive-interface command to set the interface or tunnel as passive. It overrides the global passive mode that is currently effective on the interface or tunnel.
Example console(config-router)#passive-interface vlan 1 passive-interface default The passive-interface default command enables the global passive mode by default for all interfaces. It overrides any interface level passive mode. Use the “no” form of this command to disable the global passive mode by default for all interfaces. Any interface previously configured to be passive reverts to nonpassive mode.
Syntax redistribute {static | connected} [metric metric] [metric-type {1 | 2}] [tag tag ] no redistribute {static | connected} [metric] [metric-type] [tag] • metric — Metric value used for default routes. (Range: 0-16777214) • tag — Tag. (Range: 0-4294967295) Default Configuration 2 is the default value for metric-type, 0 for tag. Command Mode Router OSPFv3 Configuration mode User Guidelines This command has no user guidelines.
Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets a 4-digit dotted-decimal number identifying the Router OSPF ID as 2.3.4.5. console(config)#ipv6 router ospf console(config-rtr)#router-id 2.3.4.5 show ipv6 ospf Use the show ipv6 ospf command in Privileged EXEC mode to display information relevant to the OSPF router. Syntax show ipv6 ospf Default Configuration This command has no default configuration.
External LSDB Limit Shows the maximum number of non-default external LSAs entries that can be stored in the link-state database. Exit Overflow Interval Shows the number of seconds that, after entering OverflowState, as defined by RFC 1765, a router will attempt to leave OverflowState. AutoCost Ref BW The configured autocost reference bandwidth. This value is used to determine the OSPF metric on its interfaces. The reference bandwidth is divided by the interface speed to compute the metric.
Stub Router OSPF enters stub router mode, as described in RFC 3137, when it encounters a resource limitation that prevents it from computing a complete routing table. In this state, OSPF sets the link metrics of non-stub links in its own router LSAs to the largest possible value, discouraging other routers from computing paths through the stub router, but allowing other routers to compute routes to destinations attached to the stub router.
NSF Restart Interval The number of seconds a helpful neighbor allows a restarting router to complete its graceful restart. NSF Restart Status Whether the router is currently performing a graceful restart. NSF Restart Age The number of seconds until a graceful restart expires. Only non-zero when the router is in graceful restart. NSF Restart Exit Reason The reason the previous graceful restart ended. Possible values are Not attempted, In progress, Completed, Timed out, Topology change, and Manual clear.
New LSAs Originated............................ 0 LSAs Received.................................. 0 External LSDB Limit............................ No Limit Default Metric................................. Not Configured Maximum Paths.................................. 2 Default Route Advertise........................ Disabled Always......................................... FALSE Metric......................................... Metric Type.................................... External Type 2 NSF Support........
Example console#show ipv6 ospf abr Type Router Id ---- -------- Cost ---- Area ID Next Hop -------- Next Hop Intf ----------------------- ----- INTRA 3.3.3.3 10 0.0.0.1 FE80::211:88FF:FE2A:3CB3 vlan11 INTRA 4.4.4.4 10 0.0.0.1 FE80::210:18FF:FE82:8E1 vlan12 show ipv6 ospf area Use the show ipv6 ospf area command in Privileged EXEC mode to display information about the area. Syntax show ipv6 ospf area areaid • areaid — Identifier for the OSPF area being displayed.
Area LSA Count................................. 0 Area LSA Checksum.............................. 0 Stub Mode...................................... Disable Import Summary LSAs............................ Enable show ipv6 ospf asbr The show ipv6 ospf asbr command displays the internal OSPFv3 routes to reach Autonomous System Boundary Routes (ASBR). This command takes no options. Syntax show ipv6 ospf asbr Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
show ipv6 ospf database Use the show ipv6 ospf database command in Privileged EXEC mode to display information about the link state database when OSPFv3 is enabled. If no parameters are entered, the command displays the LSA headers. Optional parameters specify the type of link state advertisements to display. The information below is only displayed if OSPF is enabled.
User Guidelines This command has no user guidelines. Example The following example displays information about the link state database when OSPFv3 is enabled. console#show ipv6 ospf database Router Link States (Area 0.0.0.0) Adv Router Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.1.1 0 4 80000034 54BD V6E--R- ----B 2.2.2.2 0 2 80000044 95A5 V6E--R- ----B Network Link States (Area 0.0.0.
Intra Prefix Adv Router States (Area 0.0.0.0) Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.1.1 0 1 8000003C 9F31 2.2.2.2 0 2 8000004D 9126 Router Link States (Area 0.0.0.1) Adv Router Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.1.1 0 1 8000002E 35AD V6E--R- --V-B 2.2.2.2 0 0 8000004A D2F3 V6E--R- ----B Network Link States (Area 0.0.0.
-------------- --------------- ----- -------- ---- ------- ------1.1.1.1 0 6 8000003A 37C4 2.2.2.2 0 1 8000004F 439A 1.1.1.1 10634 434 80000002 440A show ipv6 ospf database database-summary Use the show ipv6 ospf database database-summary command in Privileged EXEC mode to display the number of each type of LSA in the database and the total number of LSAs in the database. Syntax show ipv6 ospf database database-summary Default Configuration This command has no default configuration.
Type-7 Ext..................................... 0 Link........................................... 0 Intra-area Prefix.............................. 0 Link Unknown................................... 0 Area Unknown................................... 0 AS Unknown..................................... 0 Type-5 Ext..................................... 0 Self-Originated Type-5 Ext..................... 0 Total..........................................
Example The following example displays the information in VLAN 11’s virtual interface tables. console#show ipv6 ospf interface vlan 11 IP Address..................................... Err ifIndex........................................ 1 OSPF Admin Mode................................ Enable OSPF Area ID................................... 0.0.0.0 Router Priority................................ 1 Retransmit Interval............................ 5 Hello Interval.................................
User Guidelines This command has no user guidelines. Example The following example displays brief ospf interface information. console#show ipv6 ospf interface brief Admin Interface Intval Mode Router Area ID --------- -------- ------------ Hello Dead Retrax Int. Int. Prior. Cost Val. Int. Val. LSA Retrax Ack Val.
Example The following example displays the interface statistics for VLAN 5. console>show ipv6 ospf interface stats vlan 5 OSPFv3 Area ID................................. 0.0.0.1 Spf Runs....................................... 265 Area Border Router Count....................... 1 AS Border Router Count......................... 0 Area LSA Count................................. 6 IPv6 Address................................... FE80::202:BCFF:FE00:3146/1283FFE::2/64 OSPF Interface Events...................
LS Request 4 4 LS Update 521 398 LS Acknowledgement 209 282 show ipv6 ospf interface vlan Use the show ipv6 ospf interface vlan command in Privileged EXEC mode to display OSPFv3 configuration and status information for a specific vlan. Syntax show ipv6 ospf interface vlan {vlan-id| brief } • vlan-id — Valid VLAN ID. Range is 1-4093. • brief — Displays a snapshot of configured interfaces. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
Hello Interval........................... 10 Dead Interval............................ 40 LSA Ack Interval......................... 1 Iftransit Delay Interval................. 1 Authentication Type...................... None Metric Cost.............................. 10 (computed) OSPF Mtu-ignore.......................... Disable OSPF Interface Type...................... broadcast State.................................... backupdesignated-router Designated Router........................ 1.1.1.
Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Examples The following examples display information about OSPF neighbors, in the first case in a summary table, and in the second in a table specific to tunnel 1. console#show ipv6 ospf neighbor Router ID Priority Intf Interface State ID --------- -------- ---- ----------- Dead Time ------------- ---- console#show ipv6 ospf neighbor interface tunnel 1 IP Address..................................... Err ifIndex....
show ipv6 ospf range Use the show ipv6 ospf range command in Privileged EXEC mode to display information about the area ranges for the specified area identifier. Syntax show ipv6 ospf range areaid • areaid — Identifies the OSPF area whose ranges are being displayed. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays information about the area ranges for area 1.
Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays the OSPF stub table. console#show ipv6 ospf stub table AreaId TypeofService Metric Val Import SummaryLSA ------------ ------------- ---------- ----------------- 0.0.0.10 Normal 1 Enable show ipv6 ospf virtual-link Use the show ipv6 ospf virtual-link command in Privileged EXEC mode to display the OSPF Virtual Interface information for a specific area and neighbor.
Example The following example displays the OSPF Virtual Interface information for area 1 and its neighbor. console#show ipv6 ospf virtual-link 1 1.1.1.1 Area ID........................................ 1 Neighbor Router ID............................. 1.1.1.1 Hello Interval................................. 10 Dead Interval.................................. 40 Iftransit Delay Interval....................... 1 Retransmit Interval............................ 5 State......................................
Example The following example displays the OSPF stub table.
OSPFv3 Commands
PIM-DM Commands 46 This chapter explains the following commands: • ip pimdm • show ip pimdm • show ip pimdm interface • show ip pimdm neighbor PIM-DM Commands 985
ip pimdm Use the ip pimdm command in Global Configuration mode to enable the administrative mode of PIM-DM in the router. Syntax ip pimdm no ip pimdm Default Configuration Disabled is the default state. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables PIM-DM in the router. console(config)#ip pimdm show ip pimdm Use the show ip pimdm command in Privileged EXEC mode to display system-wide information for PIM-DM.
User Guidelines This command has no user guidelines. Example The following example displays system-wide information for PIM-DM. console(config)#show ip pimdm Admin Mode.................................. Disable PIM-DM INTERFACE STATUS Interface Interface Mode Protocol State --------- --------------- --------------- show ip pimdm interface Use the show ip pimdm interface command in Privileged EXEC mode to display interface information for PIM-DM on the specified interface.
Interface Mode................................. Disable Hello Interval (secs).......................... 30 show ip pimdm neighbor Use the show ip pimdm neighbor command in Privileged EXEC mode to display the neighbor information for PIM-DM on the specified interface. Syntax show ip pimdm neighbor [interface vlan vlan-id | all] • vlan-id — A valid VLAN ID. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode.
PIM-SM Commands 47 This chapter explains the following commands: • ip pimsm • ip pimsm spt-threshold • ip pim-trapflags • show ip pimsm • show ip pimsm interface • show ip pimsm neighbor • show ip pimsm rphash PIM-SM Commands 989
ip pimsm Use the ip pimsm command in Global Configuration mode to set administrative mode of PIM-SM multicast routing across the router to enabled. IGMP must be enabled before PIM-SM can be enabled. Syntax ip pimsm no ip pimsm Default Configuration PIM-SM is disabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables PIM-SM on the router.
Default Configuration 50 kilobits/sec is the default rate. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures a threshold rate of 100 kilobits/sec. console(config)#ip pimsm spt-threshold 100 ip pim-trapflags Use the ip pim-trapflags command in Global Configuration mode to enable the PIM trap mode for both Sparse Mode (SM) and Dense Mode (DM).
show ip pimsm Use the show ip pimsm command in Privileged EXEC mode to display the system-wide information for PIM-SM. Syntax show ip pimsm Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays the system-wide information for PIM-SM. console#show ip pimsm Admin Mode..................................... Disable Join/Prune Interval (secs).....................
Syntax show ip pimsm interface [vlan vlan-id] • vlan-id — Valid VLAN ID Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays interface information for VLAN 11 PIM-SM. console#show ip pimsm interface vlan 11 Interface...................................... 11 IP Address..................................... 0.0.0.0 Subnet Mask.................................... 0.0.0.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays neighbor information for PIM-SM on all interfaces.
User Guidelines This command has no user guidelines. Example The following example displays the RP router being selected from the set of active RP routers. console#show ip pimsm rphash 224.5.5.5 There are no static RPs for that group on the router.
PIM-SM Commands
Router Discovery Protocol Commands 48 Routers can be configured to periodically send router discovery messages to announce their presence to locally attached hosts. The router discovery message advertises one or more IP addresses on the router that hosts can use as their default gateway. Hosts can send a router solicitation message asking any router that receives the message to immediately send a router advertisement, so that the host does not have to wait for the next periodic message.
ip irdp Use the ip irdp command in Interface Configuration mode to enable Router Discovery on an interface. Use the no form of the command to disable Router Discovery. Syntax ip irdp no ip irdp Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example enables router discovery on the selected interface.
• ip-address — IP address for router discovery advertisements. (Range: 224.0.0.1 [all-hosts IP multicast address] or 255.255.255.255 [limited broadcast address]) Default Configuration IP address 224.0.0.1 is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. This command is deprecated in favor of the ip irdp multicast command. If you issue this command, the configuration will show the ip irdp multicast command instead.
• integer — Integer value in seconds of the the holdtime field of the router advertisement sent from this interface. The holdtime must be no less than the maximum advertisement interval and cannot be greater than 9000 seconds. Default Configuration The holdtime defaults to 3 times the maximum advertisement interval. Command Mode Interface Configuration (VLAN) mode. User Guidelines The holdtime is the length of time that a host considers the router advertisement valid.
Default Configuration 600 seconds is the default value. Command Mode Interface Configuration (VLAN) mode. User Guidelines The default values of the minimum advertisement interval and the holdtime depend on the value of the maximum advertisement interval. Setting the maximum advertisement interval changes the minimum advertisement interval and holdtime if those values are at their defaults; so, the maximum advertisement interval should always be set first.
• integer — Minimum time in seconds allowed between sending router advertisements from the interface. (Range: 3 to value of maximum advertisement interval in seconds) Default Configuration The default value is 0.75 times the maximum advertisement interval. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets minimum advertisement interval at 100 seconds for VLAN 15.
Command Mode Interface Configuration (VLAN) mode User Guidelines If a subnet includes any hosts that do not accept IP multicast packets, send router advertisements to the limited broadcast address.
User Guidelines This command has no user guidelines. Example The following example sets the ip irdp preference to 1000 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip irdp preference 1000 show ip irdp Use the show ip irdp command in Privileged EXEC mode to display the router discovery information for all interfaces, or for a specified interface. Syntax show ip irdp {vlan vlan-id |all} • vlan-id — Valid VLAN ID • all — Shows information for all interfaces.
Example The following example shows router discovery information for VLAN 15. console#show ip irdp vlan 15 Interface Ad Mode Time Preference Advertise Address Max Int Min Int Hold --------- --------- ---------- ----------------- ------- ------- ----- vlan15 224.0.0.
Router Discovery Protocol Commands
Routing Information Protocol Commands 49 This chapter explains the following commands: • auto-summary • default-information originate • default-metric • distance rip • distribute-list out • enable • hostroutesaccept • ip rip • ip rip authentication • ip rip receive version • ip rip send version • redistribute • router rip • show ip rip • show ip rip interface • show ip rip interface brief • split-horizon Routing Information Protocol Commands 1007
auto-summary Use the auto-summary command in Router RIP Configuration mode to enable the RIP auto-summarization mode. Use the no form of the command to disable auto-summarization mode. Syntax auto-summary no auto-summary Default Configuration Disabled is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines.
Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example console(config-router)#default-information originate default-metric Use the default-metric command in Router RIP Configuration mode to set a default for the metric of distributed routes. Use the no form of the command to return the metric to the default value. Syntax default-metric integer no default-metric • integer — Metric for the distributed routes.
distance rip Use the distance rip command in Router RIP Configuration mode to set the route preference value of RIP in the router. Lower route preference values are preferred when determining the best route. Use the no form of the command to return the preference to the default value. Syntax distance rip integer no distance rip • integer — RIP route preference. (Range: 1-255) Default Configuration 15 is the default configuration. Command Mode Router RIP Configuration mode.
no distribute-list accesslistname out {ospf | static | connected} • accesslistname — The name used to identify the existing ACL. The range is 1-31 characters. • ospf — Apply the specific access list when OSPF is the source protocol. • static — Apply the specified access list when packets come through a static route. • connected — Apply the specified access list when packets come from a directly connected route. Default Configuration This command has no default configuration.
Default Configuration Enabled is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example console(config-router)#enable hostroutesaccept Use the hostroutesaccept command in Router RIP Configuration mode to enable the RIP hostroutesaccept mode. Use the no form of the command to disable the RIP hostroutesaccept mode. Syntax hostroutesaccept no hostroutesaccept Default Configuration Enabled is the default configuration.
ip rip Use the ip rip command in Interface Configuration mode to enable RIP on a router interface. Use the no form of the command to disable RIP on the interface. Syntax ip rip no ip rip Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines.
• encrypt — Specifies the Ethernet unit/port of the interface to view information. • key-id — Authentication key identifier for authentication type encrypt. (Range: 0-255) Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets the RIP Version 2 Authentication Type and Key for VLAN 11.
Default Configuration Both is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example allows no RIP control packets to be received by VLAN 11. console(config-if-vlan11)#ip rip receive version none ip rip send version Use the ip rip sent version command in Interface Configuration mode to configure the interface to allow RIP control packets of the specified version to be sent.
Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example allows no RIP control packets to be sent by VLAN 11. console(config-if-vlan11)#ip rip send version none redistribute The redistribute command configures RIP protocol to redistribute routes from the specified source protocol/routers. If the source protocol is OSPF, there are five possible match options.
• connected — Redistributes directly-connected routes. Default Configuration metric integer — not configured match — internal Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example console(config-router)#redistribute ospf metric 10 match nssa-external 1 console(config-router)#redistribute connected metric 1 router rip Use the router rip command in Global Configuration mode to enter Router RIP mode.
Example The following example enters Router RIP mode. console(config)#router rip console(config-router)# show ip rip Use the show ip rip command in Privileged EXEC mode to display information relevant to the RIP router. Syntax show ip rip Default Configuration The command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays information relevant to the RIP router. console#show ip rip RIP Admin Mode..
Default Route Advertise................... 0 Redistributing............................. Source.................................... Connected Metric.................................... 2 Distribute List........................... Not configured Redistributing............................ Source.................................... ospf Metric.................................... 10 Match Value............................... 'nssa-external 1' Distribute List...........................
Example The following example displays information related to the VLAN 15 RIP interface. console#show ip rip interface vlan 15 Interface...................................... 15 IP Address..................................... ----Send version................................... RIP-2 Receive version................................ Both RIP Admin Mode................................. Disable Link State..................................... ----Authentication Type............................
User Guidelines This command has no user guidelines. Example The following example displays general information for each RIP interface. console#show ip rip interface brief Interface IP Address Send Receive RIP Version Version Mode Link State ---------- ---------- -------- ----------- --------- ---------- vlan1 0.0.0.0 RIP-2 Both Disable Down vlan2 0.0.0.
Example The following example does not use split horizon.
Tunnel Interface Commands 50 This chapter explains the following commands: • interface tunnel • show interfaces tunnel • tunnel destination • tunnel mode ipv6ip • tunnel source Tunnel Interface Commands 1023
interface tunnel Use the interface tunnel command in Global Configuration mode to enter the interface configuration mode for a tunnel. Syntax interface tunnel tunnel-id no interface tunnel tunnel-id • tunnel-id — Tunnel identifier. (Range: 0–7) Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example The following example enables the interface configuration mode for tunnel 1.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Examples The following examples show the parameters related to an individual tunnel and to all tunnel interfaces. console#show interfaces tunnel 1 Interface Link Status.......................... down MTU size....................................... 1480 bytes console#show interfaces tunnel TunnelId Interface TunnelMode SourceAddress Dest.
Command Mode Interface Configuration (Tunnel) mode. User Guidelines This command has no user guidelines. Example The following example specifies the destination transport address of tunnel 1. console(config)#interface tunnel 1 console(config-if-tunnel1)#tunnel destination 10.1.1.1 tunnel mode ipv6ip Use the tunnel mode ipv6ip command in Interface Configuration mode to specify the mode of the tunnel. Syntax tunnel mode ipv6ip [6to4] no tunnel mode • 6to4 — Sets the tunnel mode to automatic.
Example The following example specifies ipv6ip mode for tunnel 1. console(config)#interface tunnel 1 console(config-if-tunnel1)#tunnel mode ipv6ip console(config-if-tunnel1)#tunnel mode ipv6ip 6to4 tunnel source Use the tunnel source command in Interface Configuration mode to specify the source transport address of the tunnel, either explicitly or by reference to an interface. Syntax tunnel source {ipv4addr | vlan vlan-id} no tunnel source • ipv4addr — Valid ipv4 address. • vlan-id — Valid VLAN ID.
Tunnel Interface Commands
51 Virtual LAN Routing Commands This chapter explains the following command: • show ip vlan Virtual LAN Routing Commands 1029
show ip vlan Use the show ip vlan command in Privileged EXEC mode to display the VLAN routing information for all VLANs with routing enabled. Syntax show ip vlan Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays VLAN routing information.
52 Virtual Router Redundancy Protocol Commands This chapter explains the following Virtual LAN routing commands: • ip vrrp • ip vrrp authentication • ip vrrp ip • ip vrrp mode • ip vrrp preempt • ip vrrp priority • ip vrrp timers advertise • ip vrrp track interface • ip vrrp track ip route • show ip vrrp • show ip vrrp interface • show ip vrrp interface brief • show ip vrrp interface stats Virtual Router Redundancy Protocol Commands 1031
ip vrrp Use the ip vrrp command in Global Configuration mode to enable the administrative mode of VRRP for the router. In Interface Config mode, this command enables the VRRP protocol on an interface. Use the no form of the command to disable the administrative mode of VRRP for the router. Syntax (Global Config Mode) ip vrrp no ip vrrp Syntax (Interface Config Mode) ip vrrp vr-id no ip vrrp vr-id • vr-id — Virtual router identification.
ip vrrp authentication Use the ip vrrp authentication command in Interface Configuration mode to set the authorization details value for the virtual router configured on a specified interface. Use the no form of the command to return the authentication type to the default value. Syntax ip vrrp vr-id authentication {none | simple key} no ip vrrp vr-id authentication • vr-id — The virtual router identifier. (Range: 1-255) • none — Indicates authentication type is none.
ip vrrp ip Use the ip vrrp ip command in Interface Configuration mode to set the virtual router IP address value for an interface. Use the no form of the command to remove the secondary IP address. NOTE: In order to be configured on a routing interface, the VRRP IP address must belong to subnet(s) (Primary or Secondary) corresponding to the IP address (Primary/Secondary) configured on that routing interface, otherwise the CLI and Web interfaces will report an error message.
ip vrrp mode Use the ip vrrp mode command in Interface Configuration mode to enable the virtual router configured on an interface. Enabling the status field starts a virtual router. Use the no form of the command to disable the virtual router. Syntax ip vrrp vr-id mode no ip vrrp vr-id mode • vr-id — The virtual router identifier. (Range: 1-255) Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode.
• vr-id — The virtual router identifier. (Range: 1-255) Default Configuration Enabled is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets the preemption mode value for the virtual router for VLAN 15.
User Guidelines This command has no user guidelines. Example The following example sets the priority value for the virtual router for VLAN 15. console(config-if-vlan15)#ip vrrp 5 priority 20 ip vrrp timers advertise Use the ip vrrp timers advertise command in Interface Configuration mode to set the frequency, in seconds, that an interface on the specified virtual router sends a virtual router advertisement. Use the no form of the command to return the advertisement frequency to the default value.
console(config-if-vlan15)#ip vrrp 5 timers advertise 10 ip vrrp track interface Use the ip vrrp track interface command to alter the priority of the VRRP router based on the availability of its interfaces. It is useful for tracking interfaces that are not configured for VRRP. Only IP interfaces are tracked. A tracked interface is up if IP on that interface is up. Otherwise, the tracked interface is down.
The default decrement priority is 10. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example The following example adds VLAN 2 to the virtual router tracked list (with a priority decrement value of 20). (config-if-vlan10)#ip vrrp 1 track interface vlan 2 decrement 20 ip vrrp track ip route Use the ip vrrp track ip route command to track the route reachability.
Default Configuration There are no routes tracked by default. The default decrement priority is 10. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example The following example adds the route 2.2.2.0/24 to the virtual router tracked list (with a priority decrement value of 20). console(config-if-vlan10)#ip vrrp 1 track ip route 2.2.2.
Example The following example displays VRRP’s enabled status. console#show ip vrrp Admin Mode..................................... Enable Router Checksum Errors......................... 0 Router Version Errors.......................... 0 Router VRID Errors............................. 0 show ip vrrp interface Use the show ip vrrp interface command in Privileged EXEC mode to display all configuration information and VRRP router statistics of a virtual router configured on a specific interface.
Primary IP Address......................... 192.168.5.55 VMAC Address............................... 0000.5E00.0101 Authentication Type........................ None Priority................................... 60 Advertisement Interval (secs).............. 10 Pre-empt Mode.............................. Enable Administrative Mode........................ Enable State......................................
User Guidelines This command has no user guidelines. Example The following example displays all configuration information about the virtual router on the selected interface. console#show ip vrrp interface brief Interface VRID IP Address Mode --------- ---- -------------- ------ State ------------ vlan1 2 0.0.0.0 Disable Initialize vlan2 5 192.168.5.
Example The following example displays all statistical information about the VLAN 15 virtual router. console#show ip vrrp interface stats vlan 15 5 UpTime..................... 0 days 0 hrs 0 mins 0 secs Protocol....................................... IP State Transitioned to Master................... 0 Advertisement Received......................... 0 Advertisement Interval Errors.................. 0 Authentication Failure......................... 0 IP TTL Errors..................................
Autoconfig Commands 53 This chapter explains the following commands: • boot host auto-save • boot host dhcp • boot host retry-count • show boot Autoconfig Commands 1045
boot host auto-save The boot host auto-save command enables/disables the option to automatically save configuration files downloaded to the switch by Auto Config. Syntax boot host auto-save no boot host auto-save Default Configuration The downloaded configuration is not automatically saved by default.
Command Mode Global Configuration. User Guidelines This command has no user guidelines Example console#no boot host dhcp boot host retry-count The boot host retry-count command sets the number of attempts to download a configuration. Use the "no" form of this command to reset the number to the default. Syntax boot host retry-count retry no boot host retry-count • retry —The number of attempts to download a configuration (Range: 1–6).
show boot The show autoconfig command displays the current status of the Auto Config process. Syntax show boot Default Configuration Not applicable Command Mode Privileged EXEC. User Guidelines This command has no user guidelines. Example console#show boot Config Download via DHCP: enabled Auto Config State : Waiting for boot options ... Auto Config State : Resolving switch hostname ... Auto Config State 1048 : Downloading file .
Captive Portal Commands 54 This chapter explains the following commands: Captive Portal Global Commands • authentication timeout • captive-portal • enable • http port • https port • show captive-portal • show captive-portal status Captive Portal Configuration Commands • block • configuration • enable • group • interface • locale • name • protocol • redirect • redirect-url • session-timeout • verification Captive Portal Client Connection Commands • captive-portal clie
• show captive-portal interface client status • show captive-portal interface configuration status Captive Portal Interface Commands • clear captive-portal users Captive Portal Local User Commands • clear captive-portal users • no user • show captive-portal user • user group • user name • user password • user session-timeout Captive Portal Status Commands • show captive-portal configuration • show captive-portal configuration interface • show captive-portal configuration locales •
Captive Portal Global Commands authentication timeout Use the authentication timeout command to configure the authentication timeout. If the user does not enter valid credentials within this time limit, the authentication page needs to be served again in order for the client to gain access to the network. Use the “no” form of this command to reset the authentication timeout to the default.
Syntax captive-portal Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#captive-portal console(config-CP)# enable Use the enable command to globally enable captive portal. Use the “no” form of this command to globally disable captive portal. Syntax enable no enable Default Configuration Captive Portal is disabled by default.
Example console(config-CP)#enable http port Use the http port command to configure an additional HTTP port for captive portal to monitor. Use the “no” form of this command to remove the additional HTTP port from monitoring. Syntax http port port-num no http port • port-num —The port number to monitor (Range: 1–65535). Default Configuration Captive portal only monitors port 80 by default. Command Mode Captive Portal Configuration mode User Guidelines There are no user guidelines for this command.
no https port • port-num —The port number to monitor (Range: 1–65535). Default Configuration Captive portal only monitors port 443 by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-CP)#https port 1443 console(config-CP)#no https port show captive-portal Use the show captive-portal command to display the status of the captive portal feature.
Example console#show captive-portal Administrative Mode.......... Disabled Operational Status........... Disabled Disable Reason............... Administrator Disabled Captive Portal IP Address.... 1.2.3.4 show captive-portal status Use the show captive-portal status command to report the status of all captive portal instances in the system. Syntax show captive-portal status Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode.
Configured Captive Portals..................... 1 Active Captive Portals......................... 0 Local Supported Users.......................... 128 Configured Local Users......................... 3 System Supported Users......................... 1024 Authenticated Users............................ 0 Captive Portal Configuration Commands The commands in this section are related to captive portal configurations. block Use the block command to block all traffic for a captive portal configuration.
configuration Use the configuration command to enter the captive portal instance mode. The captive portal configuration identified by CP ID 1 is the default CP configuration. The system supports a total of ten CP configurations. Use the “no” form of this command to delete a configuration. The default configuration cannot be deleted. Syntax configuration cp-id no configuration cp-id • cp-id —Captive Portal ID (Range: 1–10). Default Configuration There is no default configuration for this command.
Default Configuration Configurations are enabled by default Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#no enable group Use the group command to configure the group number for a captive portal configuration. If a group number is configured, the user entry (Local or RADIUS) must be configured with the same name and the group to authenticate to this captive portal instance.
Example console(config-CP 2)#group 2 interface Use the interface command to associate an interface with a captive portal configuration. Use the “no” form of this command to remove an association. Syntax interface interface no interface interface interface —An interface or range of interfaces. Default Configuration No interfaces are associated with a configuration by default. Command Mode Captive Portal Instance Config mode. User Guidelines There are no user guidelines for this command.
• web-id — The locale number (Range: Only locale 1 is supported) Default Configuration Locale 1 is configured by default. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. name Use the name command to configure the name for a captive portal configuration. Use the “no” form of this command to remove a configuration name. Syntax name cp-name no name • cp-name — CP configuration name (Range: 1–32 characters).
protocol Use the protocol command to configure the protocol mode for a captive portal configuration. Syntax protocol {http | https} Default Configuration The default protocols mode is https. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#protocol http redirect Use the redirect command to enable the redirect mode for a captive portal configuration. Use the “no” form of this command to disable redirect mode.
User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#redirect redirect-url Use the redirect-url command to configure the redirect URL for a captive portal configuration. Syntax redirect-url url • url —The URL for redirection (Range: 1–512 characters). Default Configuration There is no redirect URL configured by default. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command.
no session-timeout • timeout —Session timeout. 0 indicates timeout not enforced (Range: 0–86400 seconds). Default Configuration There is no session timeout by default. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#session-timeout 86400 console(config-CP 2)#no session-timeout verification Use the verification command to configure the verification mode for a captive portal configuration.
User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#verification local Captive Portal Client Connection Commands captive-portal client deauthenticate Use the captive-portal client deauthenticate command to deauthenticate a specific captive portal client. Syntax captive-portal client deauthenticate macaddr • macaddr — Client MAC address. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode.
Syntax show captive-portal client [macaddr] status • macaddr — Client MAC address. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Example console#show captive-portal client status Client MAC Address Client IP Address Protocol Verification Session Time ------------------ ----------------- -------- ----------------------0002.BC00.1290 0d:00:01:20 10.254.96.47 https Local 0002.
CP Name................................... cp1 Interface................................. 1/g1 Interface Description..................... Unit: 1 Slot: 0 Port: 1 Gigabit - Level User Name................................. user123 Session Time.............................. 0d:00:00:13 show captive-portal configuration client status Use the show captive-portal configuration client status command to display the clients authenticated to all captive portal configurations or a to specific configuration.
0002.BC00.1291 10.254.96.48 1/g2 2 1/g3 cp2 0002.BC00.1292 10.254.96.49 3 1/g4 cp3 0002.BC00.1293 10.254.96.50 console#show captive-portal configuration 1 client status CP ID..................................... 1 CP Name................................... cp1 Client Client MAC Address Description IP Address Interface Interface -------------- --------------- --------- ------------------------------0002.BC00.1290 10.254.96.47 Port: 1 Gigabit 1/g1 Unit: 1 Slot: 0 0002.BC00.1291 10.254.96.
Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Example console#show captive-portal interface client status Client Intf Address Intf Description Client MAC Address IP ------ ----------------------------------- ----------------- -------------1/g1 Unit: 1 Slot: 0 Port: 1 Gigabit 10.254.96.47 0002.BC00.1290 0002.BC00.1291 10.254.96.48 1/g2 Unit: 1 Slot: 0 Port: 2 Gigabit 10.254.96.49 0002.BC00.1292 1/g3 Unit: 1 Slot: 0 Port: 3 Gigabit 10.254.96.
Captive Portal Interface Commands show captive-portal interface configuration status Use the show captive-portal interface configuration status command to display the interface to configuration assignments for all captive portal configurations or for a specific configuration. Syntax show captive-portal interface configuration [cp-id] status • cp-id —Captive Portal ID. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode.
Interface Interface Description Type --------- ----------------------------------- -------1/g1 Unit: 1 Slot: 0 Port: 1 Gigabit ... Physical Captive Portal Local User Commands clear captive-portal users Use the clear captive-portal users command to delete all captive portal user entries. Syntax clear captive-portal users Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command.
Default Configuration There is no default configuration for this command. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-CP)#no user 1 show captive-portal user Use the show captive-portal user command to display all configured users or a specific user in the captive portal local user database. Syntax show captive-portal user [user-id] • user-id — User ID (Range: 1–128).
------- --------------------- ------- ------------ -----------1 user123 14400 1 Default 2 user234 0 1 Default 2 group2 console#show captive-portal user 1 User ID........................................ 1 User Name...................................... user123 Password Configured............................ Yes Session Timeout................................
User Guidelines There are no user guidelines for this command. Example console(config-CP)#user 1 group 3 user name Use the user name command to modify the user name for a local captive portal user. Syntax user user-id name name • user-id — User ID (Range: 1–128). • name — user name (Range: 1–32 characters). Default Configuration There is no name for a user by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines.
• user-id — User ID (Range: 1–128). • password —User password (Range: 8–64 characters). • enc-password —User password in encrypted form. Default Configuration There are no users configured by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-CP)#user 1 session-timeout 86400 console(config-CP)#no user 1 session-timeout Captive Portal Status Commands show captive-portal configuration Use the show captive-portal configuration command to display the operational status of each captive portal configuration. Syntax show captive-portal configuration cp-id cp-id —Captive Portal ID.
Operational Status........................ Disabled Disable Reason............................ Administrator Disabled Blocked Status............................ Not Blocked Authenticated Users....................... 0 show captive-portal configuration interface Use the show captive-portal configuration interface command to display information about all interfaces assigned to a captive portal configuration or about a specific interface assigned to a captive portal configuration.
--------- ---------------------------------------- ------------ -------1/g1 Unit: 1 Slot: 0 Port: 1 Gigabit - Level Disabled Blocked console#show captive-portal configuration 1 interface 1/g1 CP ID..................................... 1 CP Name................................... cp1 Interface................................. 1/g1 Interface Description..................... Unit: 1 Slot: 0 Port: 1 Gigab... Operational Status........................ Disabled Disable Reason............................
Example console#show captive-portal configuration 1 locales Locale Code --------------en show captive-portal configuration status Use the show captive-portal configuration status command to display information about all configured captive portal configurations or about a specific captive portal configuration. Syntax show captive-portal configuration [cp-id] status • cp-id —Captive Portal ID. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode.
console#show captive-portal configuration 1 status CP ID.......................................... 1 CP Name........................................ cp1 Mode........................................... Enabled Protocol Mode.................................. https Verification Mode.............................. Guest Group Name..................................... group123 Redirect URL Mode.............................. Enabled Redirect URL................................... www.cnn.
Client Database Full Traps..................... Disable Client Disconnection Traps..................... Disable Captive Portal User Group Commands user group Use the user group command to create a user group. Use the “no” form of this command to delete a user group. The default user group (1) cannot be deleted. Syntax user group group-id no user group group-id group-id —Group ID (Range: 1–10). Default Configuration User group 1 is created by default and cannot be deleted.
user group moveusers Use the user group moveusers command to move a group's users to a different group. Syntax user group group-id moveusers new-group-id • group-id —Group ID (Range: 1–10). • new-group-id —Group ID (Range: 1–10). Default Configuration There is no default configuration for this command. Command Mode Captive Portal Configuration mode User Guidelines The new group-id must already exist.
user group name Use the user group name command to configure a group name. Syntax user group group-id name name • group-id — Group ID (Range: 1–10). • name — Group name (Range: 1–32 characters). Default Configuration User groups have no names by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
Clock Commands 55 This chapter explains the following commands: • show clock • show sntp configuration • show sntp status • sntp authenticate • sntp authentication-key • sntp broadcast client enable • sntp client poll timer • sntp server • sntp trusted-key • sntp unicast client enable • clock timezone hours-offset • no clock timezone • clock summer-time recurring • clock summer-time date • no clock summer-time • show clock show clock Use the show clock command in User EXEC
Command Mode User EXEC mode User Guidelines This command has no user guidelines. Examples The following example displays the time and date from the system clock console>show clock 15:29:03 Jun 17 2002 Time source is SNTP show sntp configuration Use the show sntp configuration command in Privileged EXEC mode to show the configuration of the Simple Network Time Protocol (SNTP). Syntax show sntp configuration Default Configuration This command has no default configuration.
Polling interval: 64 seconds MD5 Authentication keys: Authentication is not required for synchronization. Trusted keys: No trusted keys. Unicast clients: Disable Unicast servers: Server Key Polling Priority ------------- ----------- ----------- ----- 10.27.128.21 Disabled Enabled 1 show sntp status Use the show sntp status command in Privileged EXEC mode to show the status of the Simple Network Time Protocol (SNTP).
Examples The following example shows the status of the SNTP. console#show sntp status Client Mode: Unicast Last Update Time: MAR 30 21:21:20 2009 Unicast servers: Server Status Last response ------------ ----------- ---------------------- 192.168.0.1 Up 21:21:20 Mar 30 2009 sntp authenticate Use the sntp authenticate command in Global Configuration mode to require server authentication for received Network Time Protocol (NTP) traffic. To disable the feature, use the no form of this command.
Example The following example, after defining the authentication key for SNTP, grants authentication. console(config)# sntp authentication-key 8 md5 ClkKey console(config)# sntp trusted-key 8 console(config)# sntp authenticate sntp authentication-key Use the sntp authentication-key command in Global Configuration mode to define an authentication key for Simple Network Time Protocol (SNTP). To remove the authentication key for SNTP, use the no form of this command.
console(config)# sntp authenticate sntp broadcast client enable Use the sntp broadcast client enable command in Global Configuration mode to enable a Simple Network Time Protocol (SNTP) Broadcast client. To disable an SNTP Broadcast client, use the no form of this command. Syntax sntp broadcast client enable no sntp broadcast client enable Default Configuration The SNTP Broadcast client is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
• seconds — Polling interval. (Range: 64-1024 seconds, in powers of 2) Default Configuration The polling interval is 64 seconds. Command Mode Global Configuration mode User Guidelines If a user enters a value which is not an exact power of two, the nearest powerof-two value is applied. Example The following example sets the polling time for the Simple Network Time Protocol (SNTP) client to 1024 seconds.
• priority — Priority assigned to the server. (Range: 1–8) Default Configuration No servers are defined. Command Mode Global Configuration mode User Guidelines Up to 8 SNTP servers can be defined. Use the sntp client enable command in Global Configuration mode to enable unicast clients globally. Polling time is determined by the sntp client poll timer <64-1024> global configuration command.
Default Configuration No keys are trusted. Command Mode Global Configuration mode User Guidelines This command is relevant for both received Unicast and Broadcast. Example The following defines SNTP trusted-key.
Examples The following example enables the device to use Simple Network Time Protocol (SNTP) to request and accept SNTP traffic from servers. console(config)# sntp unicast client enable clock timezone hours-offset Use the clock timezone [hours-offset] [minutes minutes-offset] [zone acronym] command to set the offset to Coordinated Universal Time (UTC). If the optional parameters are not specified, they will be read as either '0' or '\0, as appropriate.
Syntax no clock timezone Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no specific user guidelines. Example console(config)#no clock timezone clock summer-time recurring Use the clock summer-time recurring {usa | eu | {week day month hh:mm week day month hh:mm}} [offset offset] [zone acronym] command to set the summertime offset to UTC recursively every year.
• acronym — The acronym for the time zone to be displayed when summertime is in effect.
• acronym — The acronym for the time zone to be displayed when summertime is in effect. (Range: Up to four characters) Default Configuration This command has no default configuration.
User Guidelines No specific guidelines Example console(config)#no clock summer-time show clock Use the show clock command to display the time and date from the system clock. Use the show clock detail command to show the time zone and summertime configuration. Syntax Description show clock [detail] Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines No specific guidelines Example The following example shows the time and date only.
Time source is SNTP Time zone: Acronym is PST Offset is UTC-7 Summertime: Acronym is PDT Recurring every year. Begins at first Sunday of April at 2:00. Ends at last Sunday of October at 2:00. Offset is 60 minutes.
Clock Commands
Configuration and Image File Commands 56 This chapter explains the following commands: • boot system • clear config • copy • delete backup-config • delete backup-image • delete startup-config • filedescr • script apply • script delete • script list • script show • script validate • show backup-config • show bootvar • show dir • show running-config • show startup-config • update bootcode Configuration and Image File Commands 1099
boot system Use the boot system command in Privileged EXEC mode to specify the system image that the device loads at startup. Syntax boot system [image1|image2] • image1|image2 — Image file. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines Use the show bootvar command to find out which image is the active image. Example The following example loads system image image1 for the next device startup.
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example restores the switch to its default configuration. console#clear config copy Use the copy command in Privileged EXEC mode to copy files from a source to a destination.
Reserved Keyword Description startup-config Represents the startup configuration file. startup-log Represents the startup syslog file. This can only be the source of a copy operation. operational-log Represents the operational syslog file. This can only be the source of a copy operation. script scriptname Represents a CLI script file. image Represents the software image file. When "image" is the target of a copy command, it refers to the backup image.
The entire copying process may take several minutes and differs from protocol to protocol and from network to network. Understanding Invalid Combinations of Source and Destination Some combinations of source and destination are not valid. Specifically, if the following conditions exist, you can not use the copy command: • If the source file and destination file are defined to be the same. • xmodem cannot be a source and destination for the same copy operation. xmodem can only be copied to image.
Saving the Running Configuration to the Startup Configuration Use the copy running-config startup-config command to copy the running configuration to the startup configuration. Backing up the Running Configuration or Startup Configuration to the Backup Configuration Use the copy running-config backup-config command to back up the running configuration to the backup configuration file. Use the copy startupconfig backup-config command to back up the startup configuration to the backup configuration file.
Syntax delete backup-config Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example deletes the backup-config file. console#delete backup-config Delete backup-config (Y/N)?y delete backup-image Use the delete backup-image command in Privileged EXEC mode to delete a file from a flash memory device.
Example The following example deletes test file in Flash memory. console#delete backup-image Delete: image2 (y/n)? delete startup-config Use the delete startup-config command in Privileged EXEC mode to delete the startup-config file. Syntax delete startup-config Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines If the startup-config file is not present when system reboots, it reboots with default settings.
Syntax filedescr {image 1|image2} description no filedescr {image 1|image2} • image1|image2 — Image file. • description — Block of descriptive text. (Range: 0-128 characters) Default Configuration No description is attached to the file. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example attaches a file description to image2.
User Guidelines This command has no user guidelines. Example The following example applies the config.scr script to the switch. console#script apply config.scr script delete Use the script delete command in Privileged EXEC mode to delete a specified script. Syntax script delete {scriptname|all} • scriptname — Script name of the file being deleted. (Range 1-31 characters) Default Configuration This command has no default configuration.
Syntax script list Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays all scripts present on the switch. console#script list Configuration Script Name Size(Bytes) -------------------------------- ----------0 configuration script(s) found. 2048 Kbytes free. script show Use the script show command in Privileged EXEC mode to display the contents of a script file.
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the contents of the script file config.scr. console#script show config.scr interface ethernet 1/g1 ip address 176.242.100.100 255.255.255.0 exit script validate Use the script validate command in Privileged EXEC mode to validate a script file by parsing each line in the script file.The validate option is intended for use as a tool in script development.
Example The following example validates the contents of the script file config.scr. console#script validate config.scr show backup-config Use the show backup-config command in Privileged EXEC mode to display the contents of the backup configuration file. Syntax show backup-config Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example shows backup-config data.
interface ethernet 1/g2 ip address 176.243.100.100 255.255.255.0 duplex full speed 1000 exit show bootvar Use the show bootvar command in User EXEC mode to display the active system image file that the device loads at startup. Syntax show bootvar [unit] • unit —Unit number. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines This command has no user guidelines.
Images currently available on Flash -----------------------------------------------------------------------unit active image1 image2 next-active current- ------------------------------------------------------------------------ 1 image2 0.31.0.0 0.31.0.0 image2 show dir Use the show dir command to list all the files available on the flash file system (TrueFlashFileSystem). The user can view the file names, and the size of each file.
--------- --------------- image1 6351288 image2 6363424 fastpath.cfg 321894 show running-config Use the show running-config command in Privileged EXEC mode to display the contents of the currently running configuration file. The command only displays the configurations that are non-default. NOTE: All non-default configurations for the Captve Portal branding images and encoded Unicode are not displayed via the standard show running-config command.
show startup-config Use the show startup-config command in Privileged EXEC mode to display the startup configuration file contents. Syntax show startup-config Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the contents of the startup-config file. console#show startup-config 1 : !Current Configuration: 2 : !System Description "PowerConnect M8024, 1.0.0.
11 : exit 12 : ip address dhcp 13 : ip address vlan 1001 14 : interface vlan 3 15 : routing 16 : exit 17 : username "lvl7" password fb3604df5a109405b2d79ecb06c47ab5 level 15 encrypted 18 : ! 19 : interface ethernet 1/g17 20 : switchport mode general 21 : switchport general pvid 1001 22 : no switchport general acceptable-frame-type tagged-only 23 : switchport general allowed vlan add 1000-1001 24 : switchport general allowed vlan remove 1 25 : exit 26 : ! 27 : interface ethernet 1/xg3 28 : channel-group 1 mo
update bootcode Use the update bootcode command in Privileged EXEC mode to update the bootcode on one or more switches. For each switch, the bootcode is extracted from the active image and programmed to flash. Syntax update bootcode [unit] • unit —Unit number. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines If unit is not specified, all units are updated. Example The following example updates the bootcode on unit 2.
Configuration and Image File Commands
Denial of Service Commands 57 This chapter explains the following commands: • dos-control firstfrag • dos-control icmp • dos-control l4port • dos-control sipdip • dos-control tcpflag • dos-control tcpfrag • ip icmp echo-reply • ip icmp error-interval • ip unreachables • ip redirects • ipv6 icmp error-interval • ipv6 unreachables • show dos-control Denial of Service Commands 1119
dos-control firstfrag Use the dos-control firstfrag command in Global Configuration mode to enable Minimum TCP Header Size Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having a TCP Header Size smaller than the configured value, the packets are dropped. Syntax dos-control firstfrag [size] no dos-control firstfrag • size —TCP header size. (Range: 0-255). The default TCP header size is 20. ICMP packet size is 512.
Syntax dos-control icmp [size] no dos-control icmp • size — Maximum ICMP packet size. (Range: 0-1023). If size is unspecified, the value is 512. Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates the Maximum ICMP Packet Denial of Service protection with a maximum packet size of 1023.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates L4 Port Denial of Service protection. console(config)#dos-control l4port dos-control sipdip Use the dos-control sipdip command in Global Configuration mode to enable Source IP Address = Destination IP Address (SIP=DIP) Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack.
dos-control tcpflag Use the dos-control tcpflag command in Global Configuration mode to enable TCP Flag Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having TCP Flag SYN set and a source port less than 1024, having TCP Control Flags set to 0 and TCP Sequence Number set to 0, having TCP Flags FIN, URG, and PSH set and TCP Sequence Number set to 0, or having TCP Flags SYN and FIN both set, the packets are dropped.
no dos-control tcpfrag Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates TCP Fragment Denial of Service protection. console(config)#dos-control tcpfrag ip icmp echo-reply Use the ip icmp echo-reply command to enable or disable the generation of ICMP Echo Reply messages. Use the “no” form of this command to prevent the generation of ICMP Echo Replies.
Example console(config)#ip icmp echo-reply ip icmp error-interval Use the ip icmp error-interval command to limit the rate at which IPv4 ICMP error messages are sent. The rate limit is configured as a token bucket with two configurable parameters: Burst-size and burst-interval. To disable ICMP rate limiting, set burst-interval to zero. Use the “no” form of this command to return burst-interval and burst-size to their default values.
ip unreachables Use the ip unreachables command to enable the generation of ICMP Destination Unreachable messages. Use the “no” form of this command to prevent the generation of ICMP Destination Unreachable messages. Syntax ip unreachables no ip unreachables Default Configuration ICMP Destination Unreachable messages are enabled. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command.
Default Configuration ICMP Redirect messages are enabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan10)#ip redirects ipv6 icmp error-interval Use the icmp error-interval command to limit the rate at which ICMP error messages are sent. The rate limit is configured as a token bucket with two configurable parameters: Burst-size and burst interval.
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 icmp error-interval 2000 20 ipv6 unreachables Use the ipv6 unreachables command to enable the generation of ICMPv6 Destination Unreachable messages. Use the “no” form of this command to prevent the generation of ICMPv6 Destination Unreachable messages.
Syntax show dos-control Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays Denial of Service configuration information. console#show dos-control SIPDIP Mode...............................Disable First Fragment Mode.......................Disable Min TCP Hdr Size..........................20 TCP Fragment Mode........................ Disable TCP Flag Mode..............
Denial of Service Commands
Line Commands 58 This chapter explains the following commands: • exec-timeout • history • history size • line • show line • speed Line Commands 1131
exec-timeout Use the exec-timeout command in Line Configuration mode to set the interval that the system waits for user input before timeout. To restore the default setting, use the no form of this command. Syntax exec-timeout minutes [seconds] no exec-timeout • minutes — Integer that specifies the number of minutes. (Range: 0–65535) • seconds — Additional time intervals in seconds. (Range: 0–59) Default Configuration The default configuration is 10 minutes.
Syntax history no history Default Configuration The default value for this command is enabled. Command Mode Line Interface mode User Guidelines This command has no user guidelines. Example The following example disables the command history function for the current terminal session. console(config-line)# no history history size Use the history size command in Line Configuration mode to change the command history buffer size for a particular line.
Command Mode Line Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the command history buffer size to 20 commands for the current terminal session. console(config-line)#history size 20 line Use the line command in Global Configuration mode to identify a specific line for configuration and enter the line configuration command mode. Syntax line {console | telnet | ssh} • console — Console terminal line.
console(config-line)# show line Use the show line command in User EXEC mode to display line parameters. Syntax show line [console | telnet | ssh] • console — Console terminal line. • telnet — Virtual terminal for remote console access (Telnet). • ssh — Virtual terminal for secured remote console access (SSH). Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines This command has no user guidelines.
Telnet configuration: Interactive timeout: 10 minutes 10 seconds History: 10 SSH configuration: Interactive timeout: 10 minutes 10 seconds History: 10 speed Use the speed command in Line Configuration mode to set the line baud rate. Use the no form of the command to restore the default settings. Syntax speed {bps} no speed • bps — Baud rate in bits per second (bps). The options are 2400, 9600, 19200, 38400, 57600, and 115200. Default Configuration This default speed is 9600.
Management ACL Commands 59 This chapter explains the following commands: • deny (management) • management access-class • management access-list • permit (management) • show management access-class • show management access-list Management ACL Commands 1137
deny (management) Use the deny command in Management Access-List Configuration mode to set conditions for the management access list. Syntax deny [ethernet interface-number | vlan vlan-id | port-channel number] [service service] [priority priority] deny ip-source ip-address [mask mask | prefix-length] [ethernet interfacenumber | vlan vlan-id | port-channel number] [service service] [priority priority] • ethernet interface-number — A valid Ethernet-routed port number.
Example The following example shows how all ports are denied in the access-list called mlist. console(config)# management access-list mlist console(config-macal)# deny management access-class Use the management access-class command in Global Configuration mode to restrict management connections. To disable restriction, use the no form of this command. Syntax management access-class {console-only | name} no management access-class • name — A valid access-list name.
management access-list Use the management access-list command in Global Configuration mode to define an access list for management, and enter the access-list for configuration. Once in the access-list configuration mode, the denied or permitted access conditions are configured with the deny and permit commands. To remove an access list, use the no form of this command. Syntax management access-list name no management access-list name • name — The access list name.
console(config-macal)# permit ethernet 1/g1 priority <1-64> console(config-macal)# permit ethernet 2/g9 priority <1-64> console(config-macal)# exit console(config)#management access-class mlist The following example shows how to configure all the interfaces to be management interfaces except for two interfaces, Ethernet 1/g1 and Ethernet 2/g9.
• vlan vlan-id — A valid VLAN number. • port-channel number — A valid port channel number. • ip-address — Source IP address. • mask mask — Specifies the network mask of the source IP address. • mask prefix-length — Specifies the number of bits that comprise the source IP address prefix. The prefix length must be preceded by a forward slash (/). (Range: 0–32) • service service — Indicates service type. Can be one of the following: telnet, ssh, http, https, tftp, or snmp.
The following example shows how to configure all the interfaces to be management interfaces except for two interfaces, Ethernet 1/g1 and Ethernet 2/g9.
Management access-class is enabled, using access list mlist show management access-list Use the show management access-list command in Privileged EXEC mode to display management access-lists. Syntax show management access-list [name] • name — A valid access list name. (Range: 1–32 characters) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
60 Password Management Commands This chapter explains the following commands: • passwords aging • passwords history • passwords lock-out • passwords min-length • show passwords configuration Password Management Commands 1145
passwords aging Use the passwords aging command in Global Configuration mode to implement expiration date on the passwords. The user is required to change the passwords when they expire. Use the no form of this command to disable the aging function. Syntax passwords aging age no passwords aging • age — Time for the expiration of the password. (Range: 1-365 days) Default Configuration Password aging is disabled.
Syntax passwords history historylength no passwords history • historylength — Number of previous passwords to be maintained in the history. (Range: 0–10.) Default Configuration No password history is maintained. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the number of previous passwords remembered by the system at 10.
• attempts — Number of attempts the user is allowed to enter a correct password. (Range: 1-5) Default Configuration The user lockout feature is disabled. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets the number of user attempts before lockout at 2.
User Guidelines This command has no user guidelines. Example The following example sets the minimum password length to 12 characters. console(config)#passwords min-length 12 show passwords configuration Use the show passwords configuration command in Privileged EXEC mode to show the parameters for password configuration. Syntax show passwords configuration Default Configuration This command has no default configuration.
aging : enabled aging value : 30 days User lockout : enabled User lockout attempts : 3 1150 Password Management Commands
PHY Diagnostics Commands 61 This chapter explains the following commands: • show copper-ports cable-length • show copper-ports tdr • show fiber-ports optical-transceiver • test copper-port tdr PHY Diagnostics Commands 1151
show copper-ports cable-length Use the show copper-ports cable-length command in Privileged EXEC mode to display the estimated copper cable length attached to a port. Syntax show copper-ports cable-length [interface] • interface — A valid Ethernet port. The full syntax is unit / port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines The port must be active and working in a 100M or 1000M mode.
show copper-ports tdr Use the show copper-ports tdr command in Privileged EXEC mode to display the last Time Domain Reflectometry (TDR) tests on specified ports. Syntax show copper-ports tdr [interface] • interface — A valid Ethernet port. The full syntax is unit / port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines The copper-related commands do not apply to the stacking, CX-4, or 10GBaseT ports associated with these plug-in modules.
show fiber-ports optical-transceiver Use the show fiber-ports optical-transceiver command in Privileged EXEC mode to display the optical transceiver diagnostics. Syntax show fiber-ports optical-transceiver [interface] • interface — A valid Ethernet port. The full syntax is unit / port. Default Configuration This command has no default configuration.
test copper-port tdr Use the test copper-port tdr command in Privileged EXEC mode to diagnose with Time Domain Reflectometry (TDR) technology the quality and characteristics of a copper cable attached to a port. Syntax test copper-port tdr interface • interface — A valid Ethernet port. The full syntax is unit / port. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines.
PHY Diagnostics Commands
62 Power Over Ethernet Commands This chapter explains the following commands: • power inline • power inline legacy • power inline powered-device • power inline priority • power inline traps • power inline usage-threshold • show poe-firmware-version • show power inline • show power inline ethernet Power Over Ethernet Commands 1157
power inline The power inline command enables/disables the ability of the port to deliver power. Syntax Description power inline {auto | never} no power inline • auto — Enables the device discovery protocol and, if found, supplies power to the device. • never — Disables the device discovery protocol and stops supplying power to the device. Command Mode Interface Configuration (Ethernet). Usage Guidelines No specific guidelines.
Parameter Ranges Not applicable Command Mode Global Configuration. Usage Guidelines No specific guidelines. Default Value Legacy Support is disabled by default. Examples console(config)# power inline legacy console(config)# no power inline legacy power inline powered-device The power inline powered-device Interface Configuration (Ethernet) mode command adds a comment or description of the powered device type to enable the user to remember what is attached to the interface.
Examples console(config)#interface ethernet 1/g1 console(config-if-1/g1)# power inline powered-device IP-phone power inline priority The power inline priority command configures the port priority level, for the delivery of power to an attached device. The switch may not be able to supply power to all connected devices, so the port priority is used to determine which ports will supply power if adequate power capacity is not available for all enabled ports.
power inline traps The power inline traps command enables inline power traps. To disable inline power traps, use the no form of this command. Syntax Description power inline traps enable no power inline traps enable • enable — Enables traps on the specified unit. Command Mode Global Configuration. Usage Guidelines No specific guidelines.
Syntax Description power inline usage-threshold no power inline usage-threshold • threshold — Power threshold at which trap is generated. Parameter Ranges — 11–99 % Command Mode Global Configuration. Usage Guidelines No specific guidelines. Default Value 95 % Examples console(config)# power inline usage-threshold 90 show poe-firmware-version The show poe-firmware-version command displays the version of the PoE controller firmware present on the switch file system.
Examples console#show poe-firmware-version image version..............501_4 show power inline The show power inline command displays the total available power, the total power consumed in the system, and the globally set usage threshold. Syntax Description show power inline Parameter Ranges None. Command Mode Privileged EXEC. Usage Guidelines No specific guidelines.
Power:On Nominal Power:150 watt Consumed Power:120 watts (80%) Global Configuration Usage Threshold:95% Traps:Enabled Port Configuration PortPowered DeviceStatePriorityStatusClassification [w] ----------------------------------------------------1/g1IP Phone Model AAutoHighOn0.44 - 12.95 1/g2Wireless AP ModelAutoLowOn0.44 - 3.84 show power inline ethernet The show power inline ethernet command displays the inline power summary for the interface.
Examples: console#show power inline ethernet 1/g13 Port Powered Device Class[W] Power[mW] State Priority Status ----- ------------------------ ----- -------- -------- ------------- --------1/g13 3.84 - 6.49 auto Low On 5000 Overload Counter............................... 0 Short Counter.................................. 0 Denied Counter................................. 0 Absent Counter................................. 0 Invalid Signature Counter......................
Power Over Ethernet Commands
RMON Commands 63 This chapter explains the following commands: • rmon alarm • rmon collection history • rmon event • show rmon alarm • show rmon alarm-table • show rmon collection history • show rmon events • show rmon history • show rmon log • show rmon statistics RMON Commands 1167
rmon alarm Use the rmon alarm command in Global Configuration mode to configure alarm conditions. To remove an alarm, use the no form of this command. Also see the related show rmon alarm command. Syntax rmon alarm index variable interval rthreshold fthreshold revent fevent [type type] [startup direction] [owner name] no rmon alarm index • index — The alarm index. (Range: 1–65535) • variable — A fully qualified SNMP object identifier that resolves to a particular instance of an MIB object.
Default Configuration The following parameters have the following default values: • type type — If unspecified, the type is absolute. • startup direction — If unspecified, the startup direction is rising-falling. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the following alarm conditions: • Alarm index — 1 • Variable identifier — 1.3.6.1.2.1.2.2.1.10.
Syntax rmon collection history index [owner ownername] [buckets bucket-number] [interval seconds] no rmon collection history index • index — The requested statistics index group. (Range: 1–65535) • owner ownername — Records the RMON statistics group owner name. If unspecified, the name is an empty string. • buckets bucket-number — A value associated with the number of buckets specified for the RMON collection history group of statistics. If unspecified, defaults to 50.
rmon event Use the rmon event command in Global Configuration mode to configure an event. To remove an event, use the no form of this command. Also see the show rmon events command. Syntax rmon event index type [community text] [description text] [owner name] no rmon event index • index — The event index. (Range: 1–65535) • type — The type of notification that the device generates about this event. Can have the following values: none, log, trap, log-trap.
show rmon alarm Use the show rmon alarm command in User EXEC mode to display alarm configuration. Also see the rmon alarm command. Syntax show rmon alarm number • number — Alarm index. (Range: 1–65535) Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines This command has no user guidelines. Example The following example displays RMON 1 alarms. console> show rmon alarm 1 Alarm 1 ------OID: 1.3.6.1.2.1.2.2.1.10.
Falling Event: 1 Owner: CLI The following table describes the significant fields shown in the display: Field Description Alarm Alarm index. OID Monitored variable OID. Last Sample Value The statistic value during the last sampling period. For example, if the sample type is delta, this value is the difference between the samples at the beginning and end of the period. If the sample type is absolute, this value is the sampled value at the end of the period.
show rmon alarm-table Use the show rmon alarm-table command in User EXEC mode to display the alarms summary table. Syntax show rmon alarm-table Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the alarms summary table: console> show rmon alarm-table Index ----- OID ---------------------- Owner ------- 1 1.3.6.1.2.1.2.2.1.10.1 CLI 2 1.3.6.1.2.1.2.2.1.10.
show rmon collection history Use the show rmon collection history command in User EXEC mode to display the requested group of statistics. Also see the rmon collection history command. Syntax show rmon collection history [ethernet interface | port-channel port- channel-number] • interface — Valid Ethernet port. The full syntax is unit |port. • port-channel-number — Valid trunk index. Default Configuration This command has no default configuration.
The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the entry. Interface The sampled Ethernet interface. Interval The interval in seconds between samples. Requested Samples The requested number of samples to be saved. Granted Samples The granted number of samples to be saved. Owner The entity that configured this entry.
The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the event. Description A comment describing this event. Type The type of notification that the device generates about this event. Can have the following values: none, log, trap, log-trap. In the case of log, an entry is made in the log table for each event. In the case of trap, an SNMP trap is sent to one or more management stations.
User Guidelines This command has no user guidelines. Examples The following example displays RMON Ethernet Statistics history for "throughput" on index number 1.
The following example displays RMON Ethernet Statistics history for "other" on index number 1. console> show rmon history 1 other Sample Set: 1 Interface: Owner: Me 1/g1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 270 Time ------------------10-Mar-2005 22:06:00 10-Mar-2005 22:06:20 Dropped Collisions ----------- ----------3 0 3 0 The following table describes the significant fields shown in the display: Field Description Time Date and Time the entry is recorded.
Field Description Undersize The number of packets received during this sampling interval that were less than 64 octets long (excluding framing bits but including FCS octets) and were otherwise well formed. Oversize The number of packets received during this sampling interval that were longer than 1518 octets (excluding framing bits but including FCS octets) but were otherwise well formed.
show rmon log Use the show rmon log command in User EXEC mode to display the RMON logging table. Syntax show rmon log [event] • event — Event index. (Range: 1–65535) Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines This command has no user guidelines. Example The following examples display the RMON logging table.
console> show rmon log Maximum table size: 100 (100 after reset) Event Description ----- ----------1 Errors Time -------------------Jan 18 2005 23:48:19 1 Errors Jan 18 2005 23:58:17 2 High Broadcast Jan 18 2005 23:59:48 The following table describes the significant fields shown in the display: Field Description Event An index that uniquely identifies the event. Description A comment describing this event. Time The time this entry was created.
User Guidelines This command has no user guidelines. Example The following example displays RMON Ethernet Statistics for port 1/g1.
Field Description Broadcast The total number of good packets received and directed to the Broadcast address. This does not include Multicast packets. Multicast The total number of good packets received and directed to a Multicast address. This number does not include packets directed to the Broadcast address.
Field Description 128 to 255 Octets The total number of packets (including bad packets) received that are between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets). 256 to 511 Octets The total number of packets (including bad packets) received that are between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
RMON Commands
64 Serviceability Tracing Packet Commands This chapter explains the following commands: • debug arp • debug auto-voip • debug clear • debug console • debug dot1x • debug igmpsnooping • debug ip acl • debug ip dvmrp • debug ip igmp • debug ip mcache • debug ip pimdm • debug ip pimsm • debug ip vrrp • debug ipv6 mcache • debug ipv6 mld • debug ipv6 pimdm • debug ipv6 pimsm • debug isdp • debug lacp • debug mldsnooping • debug ospf • debug ospfv3 • debug ping Servi
• debug rip • debug sflow • debug spanning-tree • show debugging NOTE: Debug commands are not persistent across resets.
debug arp Use the debug arp command to enable tracing of ARP packets. Use the “no” form of this command to disable tracing of ARP packets. Syntax debug arp no debug arp Default Configuration ARP packet tracing is disabled by default. Command Mode Privileged EXEC mode. User Guidelines There are no usage guidelines for this command. Example console#debug arp debug auto-voip Use the debug auto-voip command to enable Auto VOIP debug messages.
Command Mode Privileged EXEC mode. User Guidelines There are no usage guidelines for this command. Example console#debug auto-voip debug clear Use the debug clear command to disable all debug traces. Syntax debug clear Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode. User Guidelines There are no usage guidelines for this command.
appears on all login sessions for which debug console has been enabled. The configuration of this command remains in effect for the life of the login session. The effect of this command is not persistent across resets. Syntax debug console Default Configuration Display of debug traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines There are no usage guidelines for this command.
User Guidelines There are no usage guidelines for this command. Example console#debug dot1x packet debug igmpsnooping Use the debug igmpsnooping to enable tracing of IGMP Snooping packets transmitted and/or received by the switch. IGMP Snooping should be enabled on the device and the interface in order to monitor packets for a particular interface.
Syntax debug ip acl acl no debug ip acl acl • acl — The number of the IP ACL to debug. Default Configuration Display of IP ACL traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines There are no usage guidelines for this command. Example console#debug ip acl 1 debug ip dvmrp Use the debug ip dvmrp to trace DVMRP packet reception and transmission. The receive option traces only received DVMRP packets and the transmit option traces only transmitted DVMRP packets.
Command Mode Privileged EXEC mode. User Guidelines There are no usage guidelines for this command. Example console#debug ip dvmrp packet debug ip igmp Use the debug ip igmp command to trace IGMP packet reception and transmission. The receive option traces only received IGMP packets and the transmit option traces only transmitted IGMP packets. When neither keyword is used in the command, then all IGMP packet traces are dumped.
debug ip mcache Use the debug ip mcache command for tracing MDATA packet reception and transmission. The receive option traces only received data packets and the transmit option traces only transmitted data packets. When neither keyword is used in the command, then all data packet traces are dumped. Vital information such as source address, destination address, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
Syntax debug ip pimdm packet [receive | transmit] no debug ip pimdm packet [receive | transmit] Default Configuration Display of PIMDM traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines There are no usage guidelines for this command. Example console#debug ip pimdm packet debug ip pimsm Use the debug ip pimsm command to trace PIMSM packet reception and transmission.
Command Mode Privileged EXEC mode. User Guidelines There are no usage guidelines for this command. Example console#debug ip pimsm packet debug ip vrrp Use the debug ip vrrp command to enable VRRP debug protocol messages. Use the “no” form of this command to disable VRRP debug protocol messages. Syntax debug ip vrrp no debug ip vrrp Default Configuration Display of VRRP traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines.
debug ipv6 mcache Use the debug ipv6 mcache command to trace MDATAv6 packet reception and transmission. The receive option traces only received data packets and the transmit option traces only transmitted data packets. When neither keyword is used in the command, then all data packet traces are dumped. Vital information such as source address, destination address, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
Syntax debug ipv6 mld packet [receive | transmit] no debug ipv6 mld packet [receive | transmit] Default Configuration Display of MLD traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines There are no usage guidelines for this command. Example console#debug ipv6 mld packet debug ipv6 pimdm Use the debug ipv6 pimdm command to trace PIMDMv6 packet reception and transmission.
Command Mode Privileged EXEC mode. Usage Guidelines There are no usage guidelines for this command. Example console#debug ipv6 pimdm packet debug ipv6 pimsm Use the debug ipv6 pimsm command to trace PIMSMv6 packet reception and transmission. The receive option traces only received PIMSMv6 packets and the transmit option traces only transmitted PIMSMv6 packets. When neither keyword is used in the command, then all PIMSMv6 packet traces are dumped.
debug isdp Use the debug isdp command to trace ISDP packet reception and transmission. The receive option traces only received ISDP packets and the transmit option traces only transmitted ISDP packets. When neither keyword is used in the command, then all ISDP packet traces are dumped. Vital information such as source address, destination address, control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
Default Configuration Display of LACP traces is disabled by default. Command Mode Privileged EXEC mode. Usage Guidelines There are no usage guidelines for this command. Example console#debug lacp packet debug mldsnooping Use the debug mldsnooping command to trace MLD snooping packet reception and transmission. The receive option traces only received MLD snooping packets and the transmit option traces only transmitted MLD snooping packets.
Usage Guidelines There are no usage guidelines for this command. Example console#debug mldsnooping debug ospf Use the debug ospf command to enable tracing of OSPF packets received and transmitted by the switch. Use the “no” form of this command to disable tracing of OSPF packets. Syntax debug ospf packet no debug ospf packet Default Configuration Display of OSPF traces is disabled by default. Command Mode Privileged EXEC mode. Usage Guidelines There are no usage guidelines for this command.
Syntax debug ospfv3 packet no debug ospfv3 packet Default Configuration Display of OSPFv3 traces is disabled by default. Command Mode Privileged EXEC mode. Usage Guidelines There are no usage guidelines for this command. Example console#debug ospfv3 packet debug ping Use the debug ping command to enable tracing of ICMP echo requests and responses. This command traces pings on the network port and on the routing interfaces.
Usage Guidelines There are no usage guidelines for this command. Example The following example displays. console#debug ping packet debug rip Use the debug rip command to enable tracing of RIP requests and responses. Use the “no” form of this command to disable tracing of RIP requests and responses. Syntax debug rip packet no debug rip packet Default Configuration Display of RIP traces is disabled by default. Command Mode Privileged EXEC mode.
Syntax debug sflow packet no debug sflow packet Default Configuration Display of sFlow traces is disabled by default. Command Mode Privileged EXEC mode. Usage Guidelines There are no usage guidelines for this command. Example console#debug sflow packet debug spanning-tree Use the debug spanning-tree command to trace spanning tree BPDU packet reception and transmission. The receive option traces only received spanning tree BPDUs and the transmit option traces only transmitted BPDUs.
Command Mode Privileged EXEC mode. Usage Guidelines There are no usage guidelines for this command. Example console#debug spanning-tree bpdu show debugging Use the show debugging command to display packet tracing configurations. Syntax show debugging no show debugging Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. Usage Guidelines Enabled packet tracing configurations are displayed. Example console #debug arp Arp packet tracing enabled.
Serviceability Tracing Packet Commands
sFlow Commands 65 This chapter explains the following commands: • sflow destination • sflow polling • sflow polling (Interface Mode) • sflow sampling • sflow sampling (Interface Mode) • show sflow agent • show sflow destination • show sflow polling • show sflow sampling sFlow Commands 1209
sflow destination Use the sflow destination command to configure the sFlow collector parameters (owner string, receiver timeout, maxdatagram, ip address and port). Use the “no” form of this command to set receiver parameters to the default or remove a receiver.
Default Configuration No receivers are configured by default. The default IP address is 0.0.0.0 The default maximum datagram size is 1400. The default owner string is the empty string. The default receiver timeout is 0. The default port is 6343. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines Example console(config)#sflow 1 destination owner 1 timeout 2000 console(config)#sflow 1 destination maxdatagram 500 console(config)#sflow 1 destination 30.30.30.
• interfaces — The list of interfaces to poll. • poll-interval — The sFlow instance polling interval. A poll interval of 0 disables counter sampling. A value of n means once in n seconds a counter sample is generated. (Range: 0–86400). Default Configuration There are no pollers configured by default. The default poll interval is 0. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines.
Default Configuration There are no pollers configured by default. The default poll interval is 0. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example console(config-if-1/g2)#sflow 1 polling 6055 sflow sampling Use the sflow sampling command to enable a new sflow sampler instance for this data source if rcvr_idx is valid. Use the “no” form of this command to reset sampler parameters to the default.
Default Configuration There are no samplers configured by default. The default sampling rate is 0. The default maximum header size is 128. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example console(config)#sflow 1 sampling ethernet 1/g2 1500 50 sflow sampling (Interface Mode) Use the sflow sampling command in Interface Mode to enable a new sflow sampler instance for this data source if rcvr_idx is valid.
Default Configuration There are no samplers configured by default. The default sampling rate is 0. The default maximum header size is 128. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example console(config-if-1/g15)#sflow 1 sampler 1500 50 show sflow agent Use the show sflow agent command to display the sflow agent information. Syntax show sflow agent Default Configuration This command has no default configuration.
sFlow Version Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version; Organization; Software Revision where: MIB Version: 1.3, the version of this MIB. Organization: Dell Corp. Revision: 1.0 IP Address The IP address associated with this agent. Example console#show sflow agent sFlow Version.................................. 1.3;Dell Corp.;10.23.18.28 IP Address..................................... 0.0.0.
Owner String The identity string for receiver, the entity making use of this sFlowRcvrTable entry. Time Out The time (in seconds) remaining before the receiver is released and stops sending samples to sFlow receiver. Max Datagram Size The maximum number of bytes that can be sent in a single sFlow datagram. Port The destination Layer4 UDP port for sFlow datagrams.
Poller Data Source The sFlowDataSource (unit/port) for this sFlow sampler. This agent will support Physical ports only. Receiver Index The sFlowReceiver associated with this sFlow counter poller. Poller Interval The number of seconds between successive samples of the counters associated with this data source.
Sampler Data Source The sFlowDataSource (unit/port) for this sFlow sampler. This agent will support Physical ports only. Receiver Index The sFlowReceiver configured for this sFlow sampler. Packet Sampling Rate The statistical sampling rate for packet sampling from this source. Max Header Size The maximum number of bytes that should be copied from a sampled packet to form a flow sample.
sFlow Commands
SNMP Commands 66 This chapter explains the following commands: • show snmp • show snmp engineID • show snmp filters • show snmp groups • show snmp users • show snmp views • show trapflags • snmp-server community • snmp-server community-group • snmp-server contact • snmp-server enable traps • snmp-server enable traps authentication • snmp-server engineID local • snmp-server filter • snmp-server group • snmp-server host • snmp-server location • snmp-server user • snmp-se
show snmp Use the show snmp command in Privileged EXEC mode to display the SNMP communications status. Syntax show snmp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the SNMP communications status.
Target Address Type Community -------------- -----192.122.173.42 192.122.173.42 Version UDP Filter TO Port name Sec --------- ------- Trap Inform public public =2 2 Retries ---- ------ --- ----162 filt1 162 filt2 15 3 15 3 Version 3 notifications Target Address Type Username -------------- ----- -------192.122.173.
show snmp filters Use the show snmp filters command in Privileged EXEC mode to display the configuration of filters. Syntax show snmp filters filtername • filtername — Specifies the name of the filter. (Range: 1-30) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following examples display the configuration of filters with and without a filter name specification.
Name OID Tree Type ------------------- --------------------------------user-filter1 1.3.6.1.2.1.1 Included user-filter1 1.3.6.1.2.1.1.7 Excluded show snmp groups Use the show snmp groups command in Privileged EXEC mode to display the configuration of groups. Syntax show snmp groups [groupname] • groupname — Specifies the name of the group. (Range: 1-30) Default Configuration This command has no default configuration.
managers-group V3 NoAuth-priv Default "" "" console# show snmp groups user-group Name Security Model Level ----------------- -----user-group V3 Views -----Auth-Priv Read Write Notify -------- -------- ------Default "" "" The following table contains field descriptions. Field Description Name Name of the group Security Model SNMP model in use (v1, v2 or v3) Security Level Authentication of a packet with encryption. Applicable only to SNMP Version 3 security model.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the configuration of users with the user name specified.
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following examples display the configuration of views with and without a view name specified. console# show snmp views Name OID Tree Type ----------- ----------------------- --------- user-view1 1.3.6.1.2.1.1 Included user-view1 1.3.6.1.2.1.1.7 Excluded user-view2 1.3.6.1.2.1.2.2.1.*.
show trapflags Use the show trapflags command to show the status of the configurable SNMP traps. Syntax show trapflags [ospf | ospfv3] ospf | ospfv3—Use this parameter to show detailed OSPF trap status information Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show trapflags Authentication Flag............................ Enable Link Up/Down Flag..................
console#show trapflags ospf OSPF Traps: errors: all..............................Disabled authentication failure...........Enabled bad packet.......................Enabled config error.....................Enabled virt authentication failure .....Disabled virt bad packet..................Disabled virt config error................Disabled if-rx: if-rx-packet.....................Disabled lsa: lsa-maxage.......................Disabled lsa-originate....................Disabled overflow: lsdb-overflow....
Syntax snmp-server community community-string {ro | rw | su} [ipaddress ipaddress] [view viewname] no snmp-server community community-string • community-string — Permits access to the SNMP protocol. (Range: 1-20 characters) • ro — Indicates read-only access • rw — Indicates read-write access. • su — Indicates SNMP administrator access. • ipaddress — Specifies the IP address of the management station. If no IP address is specified, all management stations are permitted.
Example The following example configures community access string public to permit administrative access to SNMP at an administrative station with IP address 192.168.1.20. console(config)# snmp-server community public su ipaddress 192.168.1.20 snmp-server community-group Use the snmp-server community-group command in Global Configuration mode to map the internal security name for SNMP v1 and SNMP v2 security models to the group name. To remove the specified community string, use the no form of this command.
Example The following example maps a community access string dell_community to group dell_group. console(config)# snmp-server community-group dell_community dell_group 192.168.29.1 snmp-server contact Use the snmp-server contact command in Global Configuration mode to set up a system contact (sysContact) string. To remove the system contact information, use the no form of the command.
snmp-server enable traps Use the snmp-server enable traps command to enable SNMP traps globally or to enable specific SNMP traps. Use the “no” form of this command to disable SNMP traps. See Granular OSPF v2/v3 Traps for more detail about the OSPF trap types.
Command Mode Global Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example displays the options for the snmp-server enable traps command. console(config)#snmp-server enable traps ? Press enter to execute the command. acl acl all Enable/Disable all Traps. authentication To enable the device to send SNMP traps when authentication fails. dvmrp dvmrp link Enable/Disable switch level Link Up/Down trap flag.
no snmp-server enable traps authentication Default Configuration Traps are enabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays the command to enable authentication failed SNMP traps.
Default Configuration The engineID is not configured. Command Mode Global Configuration mode User Guidelines If you want to use SNMPv3, you need to specify an engine ID for the device. You can specify your own ID or use a default string that is generated using the MAC address of the device. If the SNMPv3 engine ID is deleted, or the configuration file is erased, then SNMPv3 cannot be used.
Syntax snmp-server filter filter-name oid-tree {included | excluded} no snmp-server filter filter-name [oid-tree] • filter-name — Specifies the label for the filter record that is being updated or created. The name is used to reference the record. (Range: 1-30 characters.) • oid-tree — Specifies the object identifier of the ASN.1 subtree to be included or excluded from the view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as system.
console(config)# snmp-server filter user-filter ifEntry.*.1 included snmp-server group Use the snmp-server group command in Global Configuration mode to configure a new Simple Management Protocol (SNMP) group or a table that maps SNMP users to SNMP views. To remove a specified SNMP group, use the no form of this command.
• writeview — A string that is the name of the view that enables the user to enter data and configure the contents of the agent. If unspecified, nothing is defined for the write view. (Range: 1-30 characters.) Default Configuration No group entry exists. There will be some default groups for Read/Write/Super users. These groups cannot be deleted or modified by the user. This command is used only to configure the user-defined groups.
These commands are updated to allow space(s) in host name when specified in double quotes. Example #snmp-server host “host name” #snmp-server v3-host “host name” Syntax snmp-server host {ip-address | hostname} community {traps {v1 | v2} | informs [timeout seconds] [retries retries]} [udpport port] [filter filtername] no snmp-server host ip-address {traps | informs} • ip-address — Specifies the IPv4 address of the host (targeted recipient). • hostname — Specifies the name of the host.
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables SNMP traps for host 192.16.12.143. console(config)# snmp-server host 192.16.12.143 Dell_powerconnect traps v2 snmp-server location Use the snmp-server location command in Global Configuration mode to set the system location string. To remove the location string, use the no form of this command.
Example The following example sets the device location as "New_York". console(config)# snmp-server location New_York snmp-server user Use the snmp-server user command in Global Configuration mode to configure a new SNMP Version 3 user. To delete a user, use the no form of this command.
• priv-des — The CBC-DES Symmetric Encryption privacy level. Enter a password. • priv-des-key — The CBC-DES Symmetric Encryption privacy level. The user should enter a pregenerated MD5 or SHA key depending on the authentication level selected. • des-key — The pregenerated DES encryption key. Length is determined by authentication method selected —32 hex characters if MD5 Authentication is selected, 48 hex characters if SHA Authentication is selected. Default Configuration No user entry exists.
• view-name — Specifies the label for the view record that is being created or updated. The name is used to reference the record. (Range: 1-30 characters.) • oid-tree — Specifies the object identifier of the ASN.1 subtree to be included or excluded from the view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as system. Replace a single subidentifier with the asterisk (*) wildcard to specify a subtree family; for example 1.3.*.4.
snmp-server v3-host Use the snmp-server v3-host command in Global Configuration mode to specify the recipient of Simple Network Management Protocol Version 3 notifications. To remove the specified host, use the no form of this command.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example identifies an SNMPv3 host. console(config)# snmp-server v3-host 192.168.0.
SNMP Commands
SSH Commands 67 This chapter explains the following commands: • crypto key generate dsa • crypto key generate rsa • crypto key pubkey-chain ssh • ip ssh port • ip ssh pubkey-auth • ip ssh server • key-string • show crypto key mypubkey • show crypto key pubkey-chain ssh • show ip ssh • user-key SSH Commands 1249
crypto key generate dsa Use the crypto key generate dsa command in Global Configuration mode to generate DSA key pairs for your switch. A key pair is one public DSA key and one private DSA key. Syntax crypto key generate dsa Default Configuration DSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs: one public DSA key and one private DSA key.
Default Configuration RSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines RSA keys are generated in pairs: one public RSA key and one private RSA key. If your switch already has RSA keys when you issue this command, you are warned and prompted to replace the existing keys. The keys are not saved in the switch configuration; they are saved in the file system and the private key is never displayed to the user.
Example The following example enters the SSH Public Key-chain configuration mode.
User Guidelines This command has no user guidelines. Example The following example specifies the port to be used by the SSH server as 8080. console(config)#ip ssh port 8080 ip ssh pubkey-auth Use the ip ssh pubkey-auth command in Global Configuration mode to enable public key authentication for incoming SSH sessions. To disable this function, use the no form of this command. Syntax ip ssh pubkey-auth no ip ssh pubkey-auth Default Configuration The function is disabled.
ip ssh server Use the ip ssh server command in Global Configuration mode to enable the switch to be configured from SSH. To disable this function, use the no form of this command. Syntax ip ssh server no ip ssh server Default Configuration This command is enabled by default. Command Mode Global Configuration mode User Guidelines To generate SSH server keys, use the commands crypto key generate rsa, and crypto key generate dsa. Example The following example enables the switch to be configured using SSH.
Default Configuration By default, the key-string is empty. Command Mode SSH Public Key Configuration mode User Guidelines Use the key-string row command to specify which SSH public key you will configure interactively next. To complete the interactive command, you must enter key-string row with no characters. Examples The following example shows how to enter a public key string for a user called "bob.
console(config)#crypto key pubkey-chain ssh console(config-pubkey-chain)#user-key bob rsa console(config-pubkey-key)#key-string row AAAAB3Nza console(config-pubkey-key)#key-string row C1yc2 show crypto key mypubkey Use the show crypto key mypubkey command in Privileged EXEC mode to display the SSH public keys of the switch. Syntax show crypto key mypubkey [rsa|dsa] • rsa — RSA key. • dsa — DSA key. Default Configuration This command has no default configuration.
dxUXEAiDHXcWHVr0R/ak1HDQitBzeEv1vVEToEn5ddLmRhtIgRdKU JHgBHJV R2VaSN/WC0IK53j9re4B11AE+O3qAxwJs0KD7cTkvF9I+YdiXeOM8 VE4skkw AiyLDNVWXgNQ6iat8+8Mjth+PIo5t3HykYUCkD8B1v93nzi/sr4hH HJCdx7w wRW3QtgXaGwYt2rdlr3x8ViAF6B7AKYd8xGVVjyJTD6TjrCRRwQHg B/BHsFr z/Rl1SYa0vFjel/7/0qaIDSHfHqWhajYkMa4xPOtIye7oqzAOm1b7 6l28uTB luBEoLQ+PKOKMiK8sQ== Fingerprint(hex): 58:7f:5c:af:ba:d3:60:88:42:00:b0:2f:f1:5a:a8:fc Fingerprint(bubbleBabble): xodob-liboh-heret-tiverdyrib-godac-pynah-muzyt-mofim-bihog-cuxyx show crypto key pubkey
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays all SSH public keys stored on the switch. console#show crypto key pubkey-chain ssh Username Fingerprint -------- --------------------------------------------------bob 1:86 9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F john 7:C8 98:F7:6E:28:F2:79:87:C8:18:F8:88:CC:F8:89:8 The following example displays the SSH public called "dana.
show ip ssh Use the show ip ssh command in Privileged EXEC mode to display the SSH server configuration. Syntax show ip ssh Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the SSH server configuration. console#show ip ssh SSH server enabled. Port: 22 RSA key was generated. DSA key was generated. SSH Public Key Authentication is enabled.
user-key Use the user-key command in SSH Public Key Chain Configuration mode to specify which SSH public key you are configuring manually. To remove a SSH public key, use the no form of this command. Syntax user-key username {rsa|dsa} no user-key username • username — Specifies the remote SSH client username. (Range: 1–48 characters) • rsa — RSA key • dsa — DSA key Default Configuration By default, there are no keys.
Syslog Commands 68 This chapter explains the following commands: • clear logging • clear logging file • description • level • logging • logging buffered • logging console • logging facility • logging file • logging on • logging snmp • logging web-session • port • show logging • show logging file Syslog Commands 1261
clear logging Use the clear logging command in Privileged EXEC mode to clear messages from the internal logging buffer. Syntax clear logging Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example clears messages from the internal syslog message logging buffer.
Command Mode Privileged EXEC User Guidelines This command has no user guidelines. Example The following example shows the clear logging file command and confirmation response. console#clear logging file Clear logging file [y/n] description Use the description command in Logging mode to describe the syslog server. Syntax description description • description — Sets the description of the syslog server. (Range: 1-64 characters.) Default Configuration This command has no default value.
level Use the level command in Logging mode to specify the importance level of syslog messages. To reset to the default value, use the no form of the command. Syntax level level no level • level — The level number for syslog messages. (Range: emergency, alert, critical, error, warning, notice, info, debug) Default Configuration The default value for level is info.
Default Configuration Disabled Command Mode Global Configuration User Guidelines To see the CLI commands by using the show logging command. Example console(config)#logging cli-command <189> JAN 13 05:20:27 192.168.2.1-1 UNKN[248900192]: cmd_logger_api.c(87) 2113 %% CLI:EIA232:----:vlan 3 <189> JAN 13 05:20:27 192.168.2.1-1 UNKN[248900192]: cmd_logger_api.c(87) 2114 %% CLI:EIA232:----:ex <189> JAN 13 05:20:28 192.168.2.1-1 UNKN[248900192]: cmd_logger_api.
no logging {ip-address | hostname} • ip-address — IP address of the host to be used as a syslog server. • hostname — Hostname of the host to be used as a syslog server. (Range: 1158 characters) Default Configuration No syslog servers defined. Command Mode Global Configuration mode User Guidelines Up to eight syslog servers can be used. Example The following example places the designated server in logging configuration mode. console(config)#logging 192.168.15.
Command Mode Global Configuration mode User Guidelines All the syslog messages are logged to the internal buffer. This command limits the commands displayed to the user. Example The following example limits syslog messages displayed from an internal buffer based on the severity level "error." console(config)#logging buffered error logging console Use the logging console command in Global Configuration mode to limit messages logged to the console based on severity.
Example The following example limits messages logged to the console based on severity level "alert". console(config)#logging console alert logging facility Use the logging facility command in Global Configuration mode to set the facility for logging messages. To reset to the default value, use the no form of the command. Syntax logging facility facility no logging facility • facility — The facility that will be indicated in the message.
Syntax logging file level no logging file • level — Limits the logging of messages to the buffer to a specified level. (Range: emergency, alert, critical, error, warning, notice, info, debug) Default Configuration The default value for level is error. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example limits syslog messages sent to the logging file based on the severity level "warning.
Command Mode Global Configuration mode User Guidelines The logging process controls the distribution of logging messages to the various destinations, such as the logging buffer, logging file, or syslog server. Logging on and off for these destinations can be individually configured using the logging buffered, logging file, and logging global configuration commands. However, if the logging on command is disabled, no messages are sent to these destinations. Only the console receives messages.
logging web-session Use the logging web-session command in Global Configuration mode to enable web session logging. To disable, use the no form of this command. Syntax logging web-session no logging web-session Default Configuration Disabled. Command Mode Global Configuration mode User Guidelines To see web session logs use the show logging command. Example console(config)#logging web-session <133> MAR 24 07:46:07 10.131.7.165-2 UNKN[83102768]: cmd_logger_api.c(140) 764 %% WEB:10.131.7.
no port • port — The port number for syslog messages. (Range: 1-65535) Default Configuration The default port number is 514. Command Mode Logging mode User Guidelines After entering the view corresponding to a specific syslog server, the command can be executed to set the port number for the server. Example The following example sets the syslog message port to 300.
Example The following example displays the state of logging and the syslog messages stored in the internal buffer. console#show logging Logging is enabled. Console logging: level debugging. console Messages: 0 Dropped. Buffer logging: level debugging. Buffer Messages: 11 Logged, 200 Max. File logging: level notifications. File Messages: 0 Dropped. Syslog server 192.180.2.27 logging: errors. Messages: 6 Dropped. console#show logging Console logging: level warning. Console Messages: 2100 Dropped.
11-Aug-2005 15:41:43: %LINK-3-UPDOWN: Interface Ethernet g1, changed state to up 11-Aug-2005 15:41:43: %LINK-3-UPDOWN: Interface Ethernet g1, changed state to up 11-Aug-2005 15:41:43: %LINK-3-UPDOWN: Interface Ethernet g2, changed state to up 11-Aug-2005 15:41:43: %LINK-3-UPDOWN: Interface Ethernet g3, changed state to up 11-Aug-2005 15:41:43: %SYS-5-CONFIG_I: Configured from memory by console 11-Aug-2005 15:41:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet g1, changed state to up 11-Aug-2
User Guidelines This command has no user guidelines. Example The following example displays the state of logging and syslog messages sorted in the logging file. console#show logging file Persistent Logging : enabled Persistent Log Count : 1 <186> JAN 01 00:00:05 0.0.0.0-1 UNKN[268434928]: bootos.c(382) 3 %% Event(0xaaaaaaaa) show syslog-servers Use the show syslog-servers command in Privileged EXEC mode to display the syslog servers settings.
IP address Port Severity Facility Description --------------------------------------------------------192.180.2.275 14 Info local7 7 192.180.2.
69 System Management Commands This chapter explains the following commands: • asset-tag • banner motd • banner motd acknowledge • clear checkpoint statistics • cut-through mode • hostname • initiate failover • member • movemanagement • no standby • nsf • ping • reload • set description • show boot-version • show checkpoint statistics • show cut-through mode • show memory cpu • show nsf • show process cpu • show sessions • show stack-port • show stack-port counte
• show supported switchtype • show switch • show system • show system id • show tech-support • show users • show version • stack • stack-port • standby • switch priority • switch renumber • telnet • traceroute 1278 System Management Commands
asset-tag Use the asset-tag command in Global Configuration mode to specify the switch asset tag. To remove the existing asset tag, use the no form of the command. Syntax asset-tag [unit] tag no asset-tag [unit] • unit — Switch number. (Range: 1–12) • tag — The switch asset tag. Default Configuration No asset tag is defined by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example specifies the switch asset tag as 1qwepot.
Syntax banner motd no banner motd Default Configuration The banner is disabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)# banner motd “IMPORTANT: There is a power shutdown at 23:00hrs today, duration 1 hr 30 minutes.” When the MOTD banner is executed, the following displays: IMPORTANT: There is a power shutdown at 23:00hrs today, duration 1 hr 30 minutes.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)# banner motd “There is a power shutdown at 23:00hrs today, duration 1 hr 30 minutes.” console(config)# banner motd acknowledge When the MOTD banner is executed, the following displays: IMPORTANT: There is a power shutdown at 23:00hrs today, duration 1 hr 30 minutes.
Command Mode Privileged EXEC mode User Guidelines When nonstop forwarding is enabled on a stack, the stack's management unit checkpoints operational data to the backup unit. If the backup unit takes over as the management unit, the control plane on the new management unit uses the checkpointed data when initializing its state. Checkpoint statistics track the amount of data checkpointed from the management unit to the backup unit.
Example console(config)#cut-through mode The mode (enable) is effective from the next reload of Switch/Stack. hostname Use the hostname command in Global Configuration mode to specify or modify the switch host name. To restore the default host name, use the no form of the command. Syntax hostname name no hostname • name — The name of the host. (Range: 1–255 characters) Default Configuration Host name not configured.
Syntax This command has no user guidelines. Default Configuration There is no default configuration. Command Mode Stack Configuration mode User Guidelines This command forces a warm restart of the stack. The backup unit takes over as the new management unit without clearing the hardware state on any of the stack members. The original management unit reboots.
Syntax member unit switchindex no member unit • unit — The switch identifier of the switch to be added or removed from the stack. (Range: 1–12) • switchindex — The index into the database of the supported switch types, indicating the type of the switch being preconfigured. The switch index is a 32-bit integer. Default configuration This command has no defaults.
Default Configuration This command has no default configuration. Command Mode Stack Global Configuration mode User Guidelines Upon execution, the entire stack, including all interfaces in the stack, are unconfigured and reconfigured with the configuration on the new Management Switch. After the reload is complete, all stack management capability must be performed on the new Management Switch.
Command Mode Stack Global Configuration User Guidelines No specific guidelines.
nsf Use this command to enable non-stop forwarding. The “no” form of the command will disable NSF. Syntax nsf no nsf Default Configuration Non-stop forwarding is enabled by default. Command Mode Stack Global Configuration mode User Guidelines Nonstop forwarding allows the forwarding plane of stack units to continue to forward packets while the control and management planes restart as a result of a power failure, hardware failure, or software fault on the stack management unit.
• interval — The time between Echo Requests, in seconds (Range: 1–60 seconds). • size — Number of data bytes in a packet (Range: 0–65507 bytes). Default Configuration The default count is 4. The default interval is 3 seconds. The default size is 0 data bytes. Command Mode User EXEC mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following example displays a ping to IP address 10.1.1.1. console>ping 10.1.1.1 Pinging 10.1.1.
console#ping yahoo.com Pinging yahoo.com [66,217,71,198] with 64 bytes of data; 64 bytes from 10.1.1.1: icmp_seq=0. time=11 ms 64 bytes from 10.1.1.1: icmp_seq=1. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=2. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=3. time=7 ms ----10.1.1.1 PING Statistics---4 packets transmitted, 4 packets received, 0% packet loss round-trip (ms) min/avg/max = 7/8/11 reload Use the reload command in Privileged EXEC mode to reload stack members.
Management switch has unsaved changes. Would you like to save them now? (y/n)n Configuration Not Saved! Are you sure you want to reload the switch? (y/n) y Reloading management switch 1. set description Use the set description command in Stack Global Configuration mode to associate a text description with a switch in the stack. Syntax set description unit description • unit — The switch identifier. (Range: 1–12) • description — The text description.
show boot-version Use the show boot-version command to display the boot image version details. The details available to the user include the build date and time. Syntax show boot-version [unit] • unit — The switch identifier. (Range: 1–12) Default Configuration This command has no default configuration. Command Mode User EXEC or Privileged EXEC User Guidelines No specific guidelines.
Command Mode Privileged EXEC mode User Guidelines When nonstop forwarding is enabled on a stack, the stack's management unit checkpoints operational data to the backup unit. If the backup unit takes over as the management unit, the control plane on the new management unit uses the checkpointed data when initializing its state. Checkpoint statistics track the amount of data checkpointed from the management unit to the backup unit. Example console#show checkpoint statistics Messages Checkpointed...........
Default Configuration This command has no default configuration. User Guidelines No specific guidelines. Example Console#show cut-through mode Current mode : Enable Configured mode : Disable (This mode is effective on next reload) show memory cpu Use the show memory cpu command to check the total and available RAM space on the switch. Syntax show memory cpu Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines No specific guidelines.
Total Memory................................... 262144 KBytes Available Memory Space......................... 121181 KBytes show nsf Use the show nsf command to show the status of non-stop forwarding. Syntax show nsf Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show nsf Administrative Status.......................... Enable Operational Status............................
Copy of Running Configuration to Backup Unit: Status...................................... Stale Time Since Last Copy........................ 0 days 4 hrs 53 mins 22 secs Time Until Next Copy........................ 28 seconds Unit NSF Support ---- ----------- 1 Yes 2 Yes 3 Yes show process cpu Use the show process cpu command to check the CPU utilization for each process currently running on the switch.
status bytes ------ ---------free 64022608 alloc 151568112 CPU Utilization: PID Name 5 Sec 1 Min 5 Min --------------------------------------------------------328bb20 tTffsPTask 0.00% 0.00% 0.02% 3291820 tNetTask 0.00% 0.00% 0.01% 3295410 tXbdService 0.00% 0.00% 0.03% 347dcd0 ipnetd 0.00% 0.00% 0.01% 348a440 osapiTimer 1.20% 1.43% 1.21% 358ee70 bcmL2X.0 0.40% 0.30% 0.12% 359d2e0 bcmCNTR.0 0.80% 0.42% 0.50% 3b5b750 bcmRX 0.00% 0.13% 0.12% 3d3f6d0 MAC Send Task 0.
62038a0 dot1s_timer_task 0.00% 0.00% 0.03% 687f360 dot1xTimerTask 0.00% 0.06% 0.07% 6e23370 radius_task 0.00% 0.00% 0.01% 6e2c870 radius_rx_task 0.00% 0.06% 0.03% 7bc9030 spmTask 0.00% 0.09% 0.01% 7c58730 ipMapForwardingTask 0.00% 0.06% 0.03% 7f6eee0 tRtrDiscProcessingTask 0.00% 0.00% 0.01% b1516d0 dnsRxTask 0.00% 0.00% 0.01% b194d60 tCptvPrtl 0.00% 0.06% 0.03% b585770 isdpTask 0.00% 0.00% 0.02% bda6210 RMONTask 0.00% 0.11% 0.11% bdb24b0 boxs Req 0.00% 0.13% 0.
show sessions Use the show sessions command in Privileged EXEC mode to display a list of the open telnet sessions to remote hosts. Syntax show sessions Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays a list of open telnet sessions to remote hosts. console#show sessions Connection Host Address ---------- ------------ 1 Remote switch 172.16.1.1 23 2 172.
show stack-port Use the show stack-port command in Privileged EXEC mode to display summary stack-port information for all interfaces. Syntax show stack-port Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays information about the summary stack-port. console#show stack-port ............... .
Field Description Interface Unit/Port Configured Stack Mode Stack or Ethernet Running Stack Mode Stack of Ethernet Link Status Status of the link Link Speed Speed (Gb/sec) of the stack port link show stack-port counters Use the show stack-port counters command in Privileged EXEC mode to display summary data counter information for all interfaces. Syntax show stack-port counters Default Configuration This command has no default configuration.
Example The following example displays information about the summary stack-port counters.
show stack-port diag NOTE: This command is intended only for Field Application Engineers (FAE) and developers. An FAE will advise when to run this command and capture this information. Use the show stack-port diag command in Privileged EXEC mode to display front panel stacking diagnostics for each port. Syntax show stack-port diag Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
Legend: RBYT : Received Bytes RPKT : Received Packets TBYT : Transmitted Bytes TPKT : Transmitted Packets RFCS : Received Frame Check Sequence Errors RFRG : Received Fragment Errors RJBR : Received Jabber Errors RUND : Received Underrun Errors ROVR : Received Overrun Errors TFCS : Transmit Frame Check Sequence Errors TERR : Transmit Errors 1 - xg1: RBYT:148174422 RPKT:528389 TBYT:679827058 TPKT:2977561 RFCS:0 RFRG:0 RJBR:0 RUND:0 ROVR:0 TFCS:0 TERR:0 1 - xg2: RBYT:0 RPKT:0 TBYT:419413311 TPKT:620443 RFCS:
Field Description Interface Port Diagnostic Entry 1 80 character string used for diagnostics Diagnostic Entry 2 80 character string used for diagnostics Diagnostic Entry 3 80 character string used for diagnostics show stack-standby Use the show stack-standby command to show the Standby configured in the stack. The show stack-standby command shows the configured or automatically selected standby unit number.
show supported switchtype Use the show supported switchtype command in User EXEC mode to display information about all supported switch types. Syntax show supported switchtype [switchindex] • switchindex — Specifies the index into the database of the supported switch types, indicating the type of the switch being preconfigured. The switch index is a 32-bit integer. (Range: 0–65535) Default Configuration This command has no default configuration.
Field Description Switch Index (SID) This field displays the index into the database of supported switch types. This index is used when preconfiguring a member to be added to the stack. Model Identifier This field displays the model identifier for the supported switch type. Management Preference This field indicates the management preference value of the switch type. Code Version This field displays the code load target identifier of the switch type.
Field Description Switch Description This field displays the description for the supported switch type. show switch Use the show switch command in User EXEC mode to display information about all units in the stack. Use the show switch [unit] command to display the information about a specific unit on the stack. Syntax show switch [unit] • unit — The unit number. Default Configuration This command has no default configuration.
Switch Status..................... OK Switch Description................ PCM8024 Expected Code Type................ 0x100b000 Detected Code Version............. I.12.21.1 Detected Code in Flash............ I.12.21.1 Boot Code Version................. I.12.1 Up Time........................... 1 days 0 hrs 16 mins 37 secs The following table describes the fields in the example. Unit Description Switch This field displays the unit identifier assigned to the switch.
Unit Description Detected Code Version This field displays the version of code running on this switch. If the switch is not present and the data is from preconfiguration, the code version is "None." Detected Code in Flash This field displays the version of code that is currently stored in FLASH memory on the switch. This code will execute after the switch is reset. If the switch is not present and the data is from pre-configuration, then the code version is "None.
Unit Description Plugged-In Model Identifier This field displays the model identifier of the switch in the stack. Model Identifier is a 32character field assigned by the switch manufacturer to identify the switch. Switch Status This field indicates the switch status. Possible values for this state are: OK, Unsupported, CodeMismatch, ConfigMismatch, or NotPresent Code Version This field indicates the detected version of code on this switch.
Parameter Description Range Default Last Startup Reason The type of activation that caused the software to start the last time. There are four options. “Power-On” means that the switch rebooted. This could have been caused by a power cycle or an administrative “Reload” command. “Administrative Move” means that the administrator issued a command for the stand-by manager to take over.
Parameter Description Range Time Since Last Copy When the running configuration was last copied from the management unit to the backup unit. Time Stamp Time Until Next Copy The number of seconds until the running configuration will be copied to the backup unit. This line only appears when the running configuration on the backup unit is Stale. 0L7_UNITMGR_ CONFIG_COPY _HOLDDOWN Default (nsf-stack) #show nsf Administrative Status.......................... Enable Operational Status..................
Per Unit Status Parameters are explained as follows: Parameter Description Range NSF Support Whether a unit supports NSF Yes or No Default show system Use the show system command in User EXEC mode command to display system information. Syntax show system [unit] • unit — The unit number. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines This command has no user guidelines. Example The following example displays system information.
Burned In MAC Address: 00FF.F2A3.8888 System Object ID: 1.3.6.1.4.1.674.10895.
show system id Use the show system id command in User EXEC mode to display the system identity information. Syntax show system id [unit] • unit — The unit number. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines The tag information is on a switch by switch basis. Example The following example displays the system service tag information.
show tech-support Use the show tech-support command to display system and configuration information for use in debugging or contacting technical support.
Example console#show tech-support ***************** Show Version ****************** Switch: 2 System Description............................. Powerconnect 6248P, 1.23.0.33 VxWorks 6.5 Machine Type................................... Powerconnect 6248P Machine Model.................................. PCT6248P Serial Number.................................. CN0PK4632829881C0067 FRU Number..................................... 1 Part Number.................................... BCM56314 Maintenance Level........
System Up Time................................. 0 days 0 hrs 11 mins 47 secs 10/100 Ethernet/802.3 interface(s)............. 4 Gig Ethernet/802.3 interface(s)................ 1 10Gig Ethernet/802.3 interface(s).............. 0 Virtual Ethernet/802.3 interface(s)............ 0 MIBs Supported: --More-- or (q)uit Selecting More (m) continues the display of output for the show tech-support command. show users Use the show users command in Privileged EXEC mode to display information about the active users.
Example The following example displays a list of active users and the information about them. console#show users Username Protocol Location -------- -------- ------------ Bob Serial John SSH 172.16.0.1 Robert HTTP 172.16.0.8 Betty Telnet 172.16.1.7 show version Use the show version command in User EXEC mode to displays the system version information. Syntax show version [unit] • unit — The unit number. Default Configuration This command has no default configuration.
Example The following example displays a system version (this version number is only for demonstration purposes). console>show version Image Descriptions image1 : default image image2 : Images currently available on Flash ---------------------------------------------------------unit image1 image2 current-active next-active ----------------------------------------------------------1 K.3.9.1 0.0.0.0 image1 image1 2 K.3.9.1 0.0.0.
Example The following example sets the mode to Stack Global Config. console(config)#stack console(config-stack)# stack-port Use the stack-port command in Stack Configuration mode to configure Stack ports as either Stacking ports or as Ethernet ports. This command is used to configure CX-4 ports to be either stacking or Ethernet ports. By default, CX-4 ports are Ethernet ports.
standby Use the standby command to configure the standby in the stack. This unit comes up as the master when the stack failover occurs. Use the no form of this command to reset to default, in which case, FASTPATH automatically selects a standby from the existing stack units if there no preconfiguration. Syntax standby unit • unit — Valid unit number in the stack. (Range: 1–12 maximum. The range is limited to the number of units available on the stack.
• value — The priority of one backup switch over another. (Range: 0–12) Default Configuration The switch priority defaults to the hardware management preference value of 1. Command Mode Global Configuration mode User Guidelines Switches that do not have the hardware capability to become the Management Switch are not eligible for management. Once the priority of a switch has been configured, it cannot be reset to the default. Switch priority is not affected by the "clear config" command.
User Guidelines This command is executed on the Management Switch. Example The following example displays how to reconfigure switch number “1” to an identifier of “2.” console(config)#switch 1 renumber 2 telnet Use the telnet command in Privileged EXEC mode to log into a host that supports Telnet. Syntax telnet {ip-address | hostname} [port] [keyword1......] • ip-address — Valid IP address of the destination host. • hostname — Hostname of the destination host.
Keywords Table Options Description debug Enable telnet debugging mode. line Enable telnet linemode. localecho Enable telnet localecho. Press ENTER to execute the command. Enter the port number.
Keyword Description Port Number lpd Printer service 515 nntp Network News Transport Protocol 119 pim-auto-rp PIM Auto-RP 496 pop2 Post Office Protocol v2 109 pop3 Post Office Protocol v3 110 smtp Simple Mail Transport Protocol 25 sunrpc Sun Remote Procedure Call 111 syslog Syslog 514 tacacs TAC Access Control System 49 talk Talk 517 telnet Telnet 23 time Time 37 uucp Unix-to-Unix Copy Program 540 whois Nickname 43 www World Wide Web 80 Example Following is an
• You can enter traceroute to without specifying the IP address and hostname, and specify values for the traceroute parameters. Syntax traceroute [ ip | ipv6 ] ipaddress | hostname [ initTtl initTtl ] [ maxTtl maxTtl ] [ maxFail maxFail ] [ interval interval ] [ count count ] [ port port ] [ size size ] • ipaddress — Valid IP address of the destination host. • hostname — Hostname of the destination host (Range: 1–158 characters).
Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Examples The following example discovers the routes that packets will actually take when traveling to the destination specified in the command. console#traceroute 192.168.77.171 Tracing route over a maximum of 20 hops 1 192.168.21.
Tracing route over a maximum of 20 hops 1 192.168.21.
Telnet Server Commands 70 This chapter explains the following commands: • ip telnet server disable • ip telnet port • show ip telnet Telnet Server Commands 1331
ip telnet server disable The ip telnet server disable command is used to enable/disable the Telnet service on the switch. Syntax ip telnet server disable no ip telnet server disable Parameter Ranges Not applicable Command Mode Global Configuration Usage Guidelines No specific guidelines. Default Value This feature is enabled by default.
Default Configuration This command has no default configuration. Command Mode Global Configuration Usage Guidelines No specific guidelines. Example console(config)#ip telnet port 45 console(config)#no ip telnet port show ip telnet The show ip telnet command displays the status of the Telnet server and the Telnet service port number. Syntax show ip telnet Default Configuration This command has no default configuration.
Telnet Server Commands
User Interface Commands 71 This chapter explains the following commands: • enable • end • exit • quit User Interface Commands 1335
enable Use the enable command in User EXEC mode to enter the Privileged EXEC mode. Syntax enable Default Configuration The default privilege level is 15. Command Mode User EXEC mode User Guidelines If there is no authentication method defined for enable, then a level 1 user is not allowed to execute this command. Example The following example shows how to enter privileged mode.
Command Mode All command modes User Guidelines No specific guidelines. Example console(config)#end console#end console> exit Use the exit command to go to the next lower command prompt. Syntax exit Default Configuration This command has no default configuration. Command Mode All command modes except User EXEC User Guidelines There are no user guidelines for this command.
Example The following example changes the configuration mode from Interface Configuration mode to User EXEC mode. console(config-if-1/g1)# exit console(config)# exit console#exit console> quit Use the quit command in User EXEC mode to close an active terminal session by logging off the switch. Syntax quit Default Configuration This command has no default configuration. Command Mode User EXEC command mode User Guidelines There are no user guidelines for this command.
Web Server Commands 72 This chapter explains the following commands: • common-name • country • crypto certificate generate • crypto certificate import • crypto certificate request • duration • ip http port • ip http server • ip https certificate • ip https port • ip https server • key-generate • location • organization-unit • show crypto certificate mycertificate • show ip http • show ip https • state Web Server Commands 1339
common-name Use the common-name command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the common-name for the switch. Syntax common-name common-name • common-name — Specifies the fully qualified URL or IP address of the switch. If left unspecified, this parameter defaults to the lowest IP address of the switch (when the certificate is generated). (Range: 1–64) Default Configuration This command has no default configuration.
Default Configuration This command has no default configuration. Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command. Example The following example displays how to specify the country as "us.
User Guidelines This command is not saved in the router switch configuration; however, the certificate and keys generated by this command are saved in the private configuration. This saved information is never displayed to the user or backed up to another switch. If the RSA keys do not exist, the generate parameter must be used. Example The following example generates a self-signed HTTPS certificate.
If the public key found in the certificate does not match the switch's SSL RSA key, the command fails. This command is not saved in the router configuration; however, the certificate imported by this command is saved in the private configuration (which is never displayed to the user or backed up to another switch). Example The following example imports a certificate sighed by the Certification Authority for HTTPS.
crypto certificate request Use the crypto certificate request command in Privileged EXEC mode to generate and display a certificate request for HTTPS. This command takes you to Crypto Certificate Request mode. Syntax crypto certificate number request • number — Specifies the certificate number. (Range: 1–2) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines Use this command to export a certificate request to a Certification Authority.
duration Use the duration command in Crypto Certificate Generation mode to specify the duration. Syntax duration days • days — Specifies the number of days a certification would be valid. If left unspecified, the parameter defaults to 365 days. (Range: 30–3650 days) Default Configuration This command defaults to 365 days. Command Mode Crypto Certificate Generation mode User Guidelines This command mode is entered using the crypto certificate generate command.
• port-number — Port number for use by the HTTP server. (Range: 1–65535) Default Configuration This default port number is 80. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. However, specifying 0 as the port number effectively disables HTTP access to the switch. Example The following example shows how the http port number is configured to 100.
Example The following example enables the switch to be configured from a browser. console(config)#ip http server ip https certificate Use the ip https certificate command in Global Configuration mode to configure the active certificate for HTTPS. To return to the default setting, use the no form of this command. Syntax ip https certificate number no ip https certificate • number — Specifies the certificate number. (Range: 1–2) Default Configuration The default value of the certificate number is 1.
Syntax ip https port port-number no ip https port • port-number — Port number for use by the secure HTTP server. (Range: 1–65535) Default Configuration This default port number is 443. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the https port number to 100.
User Guidelines You must use the crypto certificate generate command to generate the HTTPS certificate. Example The following example enables the switch to be configured from a browser. console(config)#ip https server key-generate Use the key-generate command in Crypto Certificate Generation mode to specify the key-generate. Syntax key-generate [length] • length — Specifies the length of the SSL RSA key. If left unspecified, this parameter defaults to 1024.
location Use the location command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the location or city name. Syntax location location • location — Specifies the location or city name. (Range: 1–64 characters) Default Configuration This command has no default configuration. Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command.
Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command. Example The following example displays how to specify the "generalmotors" organization-unit.
NnH/xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0km fhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYe BABDAEEw CwR0PBAQDAgFGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAf4 MT9BRD47 ZvKBAEL9Ggp+6MIIBNgYDVR0fBIIBLTCCASkwgdKggc+ggcyGgcls ZGFwOi8v L0VByb3h5JTIwU29mdHdhcmUlMjBSb290JTIwQ2VydGlmaWVyLENO PXNlcnZl -----END CERTIFICATE----Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.
Example The following example displays the HTTP server configuration. console#show ip http HTTP server enabled. Port: 80 show ip https Use the show ip http command in Privileged EXEC mode to display the HTTPS server configuration. Syntax show ip https Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays an HTTPS server configuration with DH Key exchange enabled.
Finger print: DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by: self-signed Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: 1873B936 88DC3411 BC8932EF 782134BA The following example displays the HTTPS server configuration with DH Key exchange disabled. console#show ip https HTTPS server enabled. Port: 443 DH Key exchange disabled, parameters are being generated. Certificate 1 is active Issued by: www.verisign.
state Use the state command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the state or province name. Syntax state state • state — Specifies the state or province name. (Range: 1–64 characters) Default Configuration This command has no default configuration. Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command.
Web Server Commands
