ECS4100 Series CLI Reference Guide-R07
Table Of Contents
- How to Use This Guide
- Contents
- Tables
- Getting Started
- Initial Switch Configuration
- Connecting to the Switch
- Configuring the Switch for Remote Management
- Configuring the Switch for Cloud Management
- Enabling SNMP Management Access
- Managing System Files
- Installing a Port License File
- Automatic Installation of Operation Code and Configuration Settings
- Downloading a Configuration File and Other Parameters from a DHCP Server
- Setting the System Clock
- Initial Switch Configuration
- Command Line Interface
- Using the Command Line Interface
- General Commands
- System Management Commands
- SNMP Commands
- Remote Monitoring Commands
- Flow Sampling Commands
- Authentication Commands
- User Accounts and Privilege Levels
- Authentication Sequence
- RADIUS Client
- TACACS+ Client
- AAA
- Web Server
- Telnet Server
- Secure Shell
- 802.1X Port Authentication
- Management IP Filter
- PPPoE Intermediate Agent
- pppoe intermediate- agent
- pppoe intermediate- agent format-type
- pppoe intermediate- agent port-enable
- pppoe intermediate- agent port-format- type
- pppoe intermediate-agent port-format-type remote-id-delimiter
- pppoe intermediate- agent trust
- pppoe intermediate- agent vendor-tag strip
- clear pppoe intermediate-agent statistics
- show pppoe intermediate-agent info
- show pppoe intermediate-agent statistics
- General Security Measures
- Port Security
- Network Access (MAC Address Authentication)
- network-access aging
- network-access mac-filter
- mac-authentication reauth-time
- network-access dynamic-qos
- network-access dynamic-vlan
- network-access guest-vlan
- network-access link-detection
- network-access link- detection link-down
- network-access link- detection link-up
- network-access link-detection link-up-down
- network-access max- mac-count
- network-access mode mac-authentication
- network-access port- mac-filter
- mac-authentication intrusion-action
- mac-authentication max-mac-count
- clear network-access
- show network-access
- show network-access mac-address-table
- show network-access mac-filter
- Web Authentication
- DHCPv4 Snooping
- ip dhcp snooping
- ip dhcp snooping information option
- ip dhcp snooping information option encode no-subtype
- ip dhcp snooping information option remote-id
- ip dhcp snooping information option tr101 board-id
- ip dhcp snooping information policy
- ip dhcp snooping verify mac-address
- ip dhcp snooping vlan
- ip dhcp snooping information option carry-to-client
- ip dhcp snooping information option circuit-id
- ip dhcp snooping max-number
- ip dhcp snooping trust
- clear ip dhcp snooping binding
- clear ip dhcp snooping database flash
- ip dhcp snooping database flash
- show ip dhcp snooping
- show ip dhcp snooping binding
- DHCPv6 Snooping
- ipv6 dhcp snooping
- ipv6 dhcp snooping option interface-id
- ipv6 dhcp snooping option interface-id policy
- ipv6 dhcp snooping option remote-id
- ipv6 dhcp snooping option remote-id policy
- ipv6 dhcp snooping vlan
- ipv6 dhcp snooping max-binding
- ipv6 dhcp snooping trust
- clear ipv6 dhcp snooping binding
- clear ipv6 dhcp snooping statistics
- show ipv6 dhcp snooping
- show ipv6 dhcp snooping binding
- show ipv6 dhcp snooping statistics
- IPv4 Source Guard
- IPv6 Source Guard
- ARP Inspection
- ip arp inspection
- ip arp inspection filter
- ip arp inspection log-buffer logs
- ip arp inspection validate
- ip arp inspection vlan
- ip arp inspection limit
- ip arp inspection trust
- show ip arp inspection configuration
- show ip arp inspection interface
- show ip arp inspection log
- show ip arp inspection statistics
- show ip arp inspection vlan
- Port-based Traffic Segmentation
- Access Control Lists
- Interface Commands
- Link Aggregation Commands
- Power over Ethernet Commands
- Port Mirroring Commands
- Congestion Control Commands
- Rate Limit Commands
- Storm Control Commands
- Automatic Traffic Control Commands
- Threshold Commands
- SNMP Trap Commands
- snmp-server enable port-traps atc broadcast-alarm-clear
- snmp-server enable port-traps atc broadcast-alarm-fire
- snmp-server enable port-traps atc broadcast-control- apply
- snmp-server enable port-traps atc broadcast-control- release
- snmp-server enable port-traps atc multicast-alarm-clear
- snmp-server enable port-traps atc multicast-alarm-fire
- snmp-server enable port-traps atc multicast-control- apply
- snmp-server enable port-traps atc multicast-control- release
- ATC Display Commands
- Loopback Detection Commands
- MAC-Thrashing Commands
- UniDirectional Link Detection Commands
- Address Table Commands
- Smart Pair Commands
- TWAMP Commands
- Spanning Tree Commands
- spanning-tree
- spanning-tree cisco-prestandard
- spanning-tree forward-time
- spanning-tree hello-time
- spanning-tree max-age
- spanning-tree mode
- spanning-tree mst configuration
- spanning-tree pathcost method
- spanning-tree priority
- spanning-tree system-bpdu-flooding
- spanning-tree transmission-limit
- max-hops
- mst priority
- mst vlan
- name
- revision
- spanning-tree bpdu-filter
- spanning-tree bpdu-guard
- spanning-tree cost
- spanning-tree edge-port
- spanning-tree link-type
- spanning-tree loopback-detection
- spanning-tree loopback-detection action
- spanning-tree loopback-detection release-mode
- spanning-tree loopback-detection trap
- spanning-tree restricted-tcn
- spanning-tree mst cost
- spanning-tree mst port-priority
- spanning-tree port-bpdu-flooding
- spanning-tree port-priority
- spanning-tree root-guard
- spanning-tree spanning-disabled
- spanning-tree tc-prop-stop
- spanning-tree loopback-detection release
- spanning-tree protocol-migration
- show spanning-tree
- show spanning-tree mst configuration
- VLAN Commands
- GVRP and Bridge Extension Commands
- Editing VLAN Groups
- Configuring VLAN Interfaces
- Displaying VLAN Information
- Configuring IEEE 802.1Q Tunneling
- dot1q-tunnel system-tunnel-control
- dot1q-tunnel tpid
- switchport dot1q-tunnel mode
- switchport dot1q- tunnel priority map
- switchport dot1q- tunnel service default match all discard
- switchport dot1q- tunnel service default match untag discard
- switchport dot1q-tunnel service match cvid
- show dot1q-tunnel service
- show dot1q-tunnel
- Configuring L2PT Tunneling
- Configuring VLAN Translation
- Configuring Protocol-based VLANs
- Configuring IP Subnet VLANs
- Configuring MAC Based VLANs
- Configuring Voice VLANs
- Configuring Excluded VLANs
- ERPS Commands
- erps
- erps node-id
- erps vlan-group
- erps ring
- erps instance
- ring-port
- exclusion-vlan
- enable (ring)
- enable (instance)
- meg-level
- control-vlan
- rpl owner
- rpl neighbor
- wtr-timer
- guard-timer
- holdoff-timer
- mep-monitor
- major-ring
- propagate-tc
- non-revertive
- raps-def-mac
- raps-without-vc
- version
- inclusion-vlan
- physical-ring
- erps forced-switch
- erps manual-switch
- erps clear
- clear erps statistics
- show erps statistics
- show erps
- Class of Service Commands
- Quality of Service Commands
- Multicast Filtering Commands
- IGMP Snooping
- ip igmp snooping
- ip igmp snooping mrouter-forward- mode dynamic
- ip igmp snooping proxy-reporting
- ip igmp snooping querier
- ip igmp snooping router-alert-option- check
- ip igmp snooping router-port- expire-time
- ip igmp snooping tcn-flood
- ip igmp snooping tcn-query-solicit
- ip igmp snooping unregistered-data- flood
- ip igmp snooping unsolicited-report- interval
- ip igmp snooping version
- ip igmp snooping version-exclusive
- ip igmp snooping vlan general-query- suppression
- ip igmp snooping vlan immediate-leave
- ip igmp snooping vlan last-memb-query- count
- ip igmp snooping vlan last-memb-query- intvl
- ip igmp snooping vlan mrd
- ip igmp snooping vlan proxy-address
- ip igmp snooping vlan query-interval
- ip igmp snooping vlan query-resp-intvl
- ip igmp snooping vlan static
- ip igmp snooping immediate-leave
- clear ip igmp snooping groups dynamic
- clear ip igmp snooping statistics
- show ip igmp snooping
- show ip igmp snooping interface
- show ip igmp snooping group
- show ip igmp snooping mrouter
- show ip igmp snooping statistics
- Static Multicast Routing
- IGMP Filtering and Throttling
- ip igmp filter (Global Configuration)
- ip igmp igmp-with- pppoe
- ip igmp profile
- permit, deny
- range
- ip igmp authentication
- ip igmp filter (Interface Configuration)
- ip igmp max-groups
- ip igmp max-groups action
- ip igmp query-drop
- ip multicast-data-drop
- show ip igmp authentication
- show ip igmp filter
- show ip igmp igmp- with-pppoe
- show ip igmp query-drop
- show ip igmp throttle interface
- show ip multicast-data-drop
- MLD Snooping
- ipv6 mld snooping
- ipv6 mld snooping proxy-reporting
- ipv6 mld snooping querier
- ipv6 mld snooping query-interval
- ipv6 mld snooping query-max-response- time
- ipv6 mld snooping robustness
- ipv6 mld snooping router-port- expire-time
- ipv6 mld snooping unknown-multicast mode
- ipv6 mld snooping unsolicited-report- interval
- ipv6 mld snooping version
- ipv6 mld snooping vlan immediate-leave
- ipv6 mld snooping vlan mrouter
- ipv6 mld snooping vlan static
- clear ipv6 mld snooping groups dynamic
- clear ipv6 mld snooping statistics
- show ipv6 mld snooping
- show ipv6 mld snooping group
- show ipv6 mld snooping group source-list
- show ipv6 mld snooping mrouter
- show ipv6 mld snooping statistics
- MLD Filtering and Throttling
- MVR for IPv4
- mvr
- mvr associated-profile
- mvr domain
- mvr profile
- mvr proxy-query- interval
- mvr proxy-switching
- mvr robustness-value
- mvr source-port- mode dynamic
- mvr upstream- source-ip
- mvr vlan
- mvr immediate-leave
- mvr type
- mvr vlan group
- clear mvr groups dynamic
- clear mvr statistics
- show mvr
- show mvr associated-profile
- show mvr interface
- show mvr members
- show mvr profile
- show mvr statistics
- MVR for IPv6
- mvr6 associated- profile
- mvr6 domain
- mvr6 profile
- mvr6 proxy-query- interval
- mvr6 proxy-switching
- mvr6 robustness- value
- mvr6 source-port- mode dynamic
- mvr6 upstream- source-ip
- mvr6 vlan
- mvr6 immediate-leave
- mvr6 type
- mvr6 vlan group
- clear mvr6 groups dynamic
- clear mvr6 statistics
- show mvr6
- show mvr6 associated-profile
- show mvr6 interface
- show mvr6 members
- show mvr6 domain
- show mvr6 profile
- show mvr6 statistics
- IGMP Snooping
- LLDP Commands
- lldp
- lldp holdtime-multiplier
- lldp med-fast-start-count
- lldp notification-interval
- lldp refresh-interval
- lldp reinit-delay
- lldp tx-delay
- lldp admin-status
- lldp basic-tlv management-ip- address
- lldp basic-tlv management-ipv6- address
- lldp basic-tlv port-description
- lldp basic-tlv system-capabilities
- lldp basic-tlv system-description
- lldp basic-tlv system-name
- lldp dot1-tlv proto-ident
- lldp dot1-tlv proto-vid
- lldp dot1-tlv pvid
- lldp dot1-tlv vlan-name
- lldp dot3-tlv link-agg
- lldp dot3-tlv mac-phy
- lldp dot3-tlv max-frame
- lldp dot3-tlv poe
- lldp med-location civic-addr
- lldp med-notification
- lldp med-tlv ext-poe
- lldp med-tlv inventory
- lldp med-tlv location
- lldp med-tlv med-cap
- lldp med-tlv network-policy
- lldp notification
- show lldp config
- show lldp info local-device
- show lldp info remote-device
- show lldp info statistics
- CFM Commands
- Defining CFM Structures
- ethernet cfm ais level
- ethernet cfm ais ma
- ethernet cfm ais period
- ethernet cfm ais suppress alarm
- ethernet cfm domain
- ethernet cfm enable
- ma index name
- ma index name-format
- ethernet cfm mep
- ethernet cfm port-enable
- clear ethernet cfm ais mpid
- show ethernet cfm configuration
- show ethernet cfm md
- show ethernet cfm ma
- show ethernet cfm maintenance-points local
- show ethernet cfm maintenance-points local detail mep
- show ethernet cfm maintenance-points remote detail
- Continuity Check Operations
- Cross Check Operations
- Link Trace Operations
- Loopback Operations
- Fault Generator Operations
- Delay Measure Operations
- Defining CFM Structures
- OAM Commands
- efm oam
- efm oam critical-link-event
- efm oam link-monitor frame
- efm oam link-monitor frame threshold
- efm oam link-monitor frame window
- efm oam mode
- clear efm oam counters
- clear efm oam event-log
- efm oam remote-loopback
- efm oam remote- loopback test
- show efm oam counters interface
- show efm oam event-log interface
- show efm oam remote-loopback interface
- show efm oam status interface
- show efm oam status remote interface
- Domain Name Service Commands
- DHCP Commands
- IP Interface Commands
- IPv4 Interface
- IPv6 Interface
- ND Snooping
- ipv6 nd snooping
- ipv6 nd snooping auto-detect
- ipv6 nd snooping auto-detect retransmit count
- ipv6 nd snooping auto-detect retransmit interval
- ipv6 nd snooping prefix timeout
- ipv6 nd snooping max-binding
- ipv6 nd snooping trust
- clear ipv6 nd snooping binding
- clear ipv6 nd snooping prefix
- show ipv6 nd snooping
- show ipv6 nd snooping binding
- show ipv6 nd snooping prefix
- IP Routing Commands
- Global Routing Configuration
- Routing Information Protocol (RIP)
- router rip
- default-information originate
- default-metric
- distance
- maximum-prefix
- neighbor
- network
- passive-interface
- redistribute
- timers basic
- version
- ip rip authentication mode
- ip rip authentication string
- ip rip receive version
- ip rip receive-packet
- ip rip send version
- ip rip send-packet
- ip rip split-horizon
- clear ip rip route
- show ip rip
- Appendices
- List of Commands
Chapter 9
| General Security Measures
DHCPv4 Snooping
– 326 –
◆ DHCP snooping must be enabled for the DHCP Option 82 information to be
inserted into packets. When enabled, the switch will only add/remove option
82 information in incoming DHCP packets but not relay them. Packets are
processed as follows:
■
If an incoming packet is a DHCP request packet with option 82 information,
it will modify the option 82 information according to settings specified with
ip dhcp snooping information policy command.
■
If an incoming packet is a DHCP request packet without option 82
information, enabling the DHCP snooping information option will add
option 82 information to the packet.
■
If an incoming packet is a DHCP reply packet with option 82 information,
enabling the DHCP snooping information option will remove option 82
information from the packetExample
This example enables the DHCP Snooping Information Option.
Console(config)#ip dhcp snooping information option
Console(config)#
ip dhcp snooping
information option
encode no-subtype
This command disables the use of sub-type and sub-length fields for the
circuit-ID (CID) and remote-ID (RID) in Option 82 information generated by the
switch. Use the no form to enable the use of these fields.
Syntax
[no] ip dhcp snooping information option encode no-subtype
Default Setting
CID/RID sub-type: Enabled
Command Mode
Global Configuration
Command Usage
◆ Option 82 information generated by the switch is based on TR-101 syntax as
shown below:
The circuit identifier used by this switch starts at sub-option1 and goes to the
end of the R-124 string. The R-124 string includes the following information:
■
sub-type - Distinguishes different types of circuit IDs.
Table 61: Option 82 information
82 3-69 1 1-67 x1 x2 x3 x4 x5 x63
opt82 opt-len sub-opt1 string-len R-124 string