CLI Reference Guide-R01
Table Of Contents
- How to Use This Guide
- Contents
- Tables
- Getting Started
- Initial Switch Configuration
- Connecting to the Switch
- Configuring the Switch for Remote Management
- Enabling SNMP Management Access
- Managing System Files
- Installing a Port License File
- Automatic Installation of Operation Code and Configuration Settings
- Downloading a Configuration File and Other Parameters from a DHCP Server
- Setting the System Clock
- Initial Switch Configuration
- Command Line Interface
- Using the Command Line Interface
- General Commands
- System Management Commands
- SNMP Commands
- Remote Monitoring Commands
- Flow Sampling Commands
- Authentication Commands
- User Accounts and Privilege Levels
- Authentication Sequence
- RADIUS Client
- TACACS+ Client
- AAA
- Web Server
- Telnet Server
- Secure Shell
- 802.1X Port Authentication
- Management IP Filter
- PPPoE Intermediate Agent
- pppoe intermediate- agent
- pppoe intermediate- agent format-type
- pppoe intermediate- agent port-enable
- pppoe intermediate- agent port-format- type
- pppoe intermediate-agent port-format-type remote-id-delimiter
- pppoe intermediate- agent trust
- pppoe intermediate- agent vendor-tag strip
- clear pppoe intermediate-agent statistics
- show pppoe intermediate-agent info
- show pppoe intermediate-agent statistics
- General Security Measures
- Port Security
- Network Access (MAC Address Authentication)
- network-access aging
- network-access mac-filter
- mac-authentication reauth-time
- network-access dynamic-qos
- network-access dynamic-vlan
- network-access guest-vlan
- network-access link-detection
- network-access link- detection link-down
- network-access link- detection link-up
- network-access link-detection link-up-down
- network-access max- mac-count
- network-access mode mac-authentication
- network-access port- mac-filter
- mac-authentication intrusion-action
- mac-authentication max-mac-count
- clear network-access
- show network-access
- show network-access mac-address-table
- show network-access mac-filter
- Web Authentication
- DHCPv4 Snooping
- ip dhcp snooping
- ip dhcp snooping information option
- ip dhcp snooping information option encode no-subtype
- ip dhcp snooping information option remote-id
- ip dhcp snooping information option tr101 board-id
- ip dhcp snooping information policy
- ip dhcp snooping verify mac-address
- ip dhcp snooping vlan
- ip dhcp snooping information option circuit-id
- ip dhcp snooping max-number
- ip dhcp snooping trust
- clear ip dhcp snooping binding
- clear ip dhcp snooping database flash
- ip dhcp snooping database flash
- show ip dhcp snooping
- show ip dhcp snooping binding
- DHCPv6 Snooping
- ipv6 dhcp snooping
- ipv6 dhcp snooping option remote-id
- ipv6 dhcp snooping option remote-id policy
- ipv6 dhcp snooping vlan
- ipv6 dhcp snooping max-binding
- ipv6 dhcp snooping trust
- clear ipv6 dhcp snooping binding
- clear ipv6 dhcp snooping statistics
- show ipv6 dhcp snooping
- show ipv6 dhcp snooping binding
- show ipv6 dhcp snooping statistics
- IPv4 Source Guard
- IPv6 Source Guard
- ARP Inspection
- ip arp inspection
- ip arp inspection filter
- ip arp inspection log-buffer logs
- ip arp inspection validate
- ip arp inspection vlan
- ip arp inspection limit
- ip arp inspection trust
- show ip arp inspection configuration
- show ip arp inspection interface
- show ip arp inspection log
- show ip arp inspection statistics
- show ip arp inspection vlan
- Denial of Service Protection
- Port-based Traffic Segmentation
- Access Control Lists
- Interface Commands
- Link Aggregation Commands
- Port Mirroring Commands
- Congestion Control Commands
- Rate Limit Commands
- Storm Control Commands
- Automatic Traffic Control Commands
- Threshold Commands
- SNMP Trap Commands
- snmp-server enable port-traps atc broadcast-alarm-clear
- snmp-server enable port-traps atc broadcast-alarm-fire
- snmp-server enable port-traps atc broadcast-control- apply
- snmp-server enable port-traps atc broadcast-control- release
- snmp-server enable port-traps atc multicast-alarm-clear
- snmp-server enable port-traps atc multicast-alarm-fire
- snmp-server enable port-traps atc multicast-control- apply
- snmp-server enable port-traps atc multicast-control- release
- ATC Display Commands
- Loopback Detection Commands
- UniDirectional Link Detection Commands
- Address Table Commands
- TWAMP Commands
- Spanning Tree Commands
- spanning-tree
- spanning-tree cisco-prestandard
- spanning-tree forward-time
- spanning-tree hello-time
- spanning-tree max-age
- spanning-tree mode
- spanning-tree mst configuration
- spanning-tree pathcost method
- spanning-tree priority
- spanning-tree system-bpdu-flooding
- spanning-tree tc-prop
- spanning-tree transmission-limit
- max-hops
- mst priority
- mst vlan
- name
- revision
- spanning-tree bpdu-filter
- spanning-tree bpdu-guard
- spanning-tree cost
- spanning-tree edge-port
- spanning-tree link-type
- spanning-tree loopback-detection
- spanning-tree loopback-detection action
- spanning-tree loopback-detection release-mode
- spanning-tree loopback-detection trap
- spanning-tree restricted-tcn
- spanning-tree mst cost
- spanning-tree mst port-priority
- spanning-tree port-bpdu-flooding
- spanning-tree port-priority
- spanning-tree root-guard
- spanning-tree spanning-disabled
- spanning-tree tc-prop-stop
- spanning-tree loopback-detection release
- spanning-tree protocol-migration
- show spanning-tree
- show spanning-tree mst configuration
- show spanning-tree tc-prop
- VLAN Commands
- GVRP and Bridge Extension Commands
- Editing VLAN Groups
- Configuring VLAN Interfaces
- Displaying VLAN Information
- Configuring IEEE 802.1Q Tunneling
- Configuring L2PT Tunneling
- Configuring VLAN Translation
- Configuring Protocol-based VLANs
- Configuring IP Subnet VLANs
- Configuring MAC Based VLANs
- Configuring Voice VLANs
- ERPS Commands
- erps
- erps node-id
- erps vlan-group
- erps ring
- erps instance
- ring-port
- exclusion-vlan
- enable (ring)
- enable (instance)
- meg-level
- control-vlan
- rpl owner
- rpl neighbor
- wtr-timer
- guard-timer
- holdoff-timer
- major-ring
- propagate-tc
- bpdu-tcn-notify
- non-revertive
- raps-def-mac
- raps-without-vc
- version
- inclusion-vlan
- physical-ring
- erps forced-switch
- erps manual-switch
- erps clear
- clear erps statistics
- show erps statistics
- show erps
- Class of Service Commands
- Quality of Service Commands
- Control Plane Commands
- Multicast Filtering Commands
- IGMP Snooping
- ip igmp snooping
- ip igmp snooping mrouter-forward- mode dynamic
- ip igmp snooping priority
- ip igmp snooping proxy-reporting
- ip igmp snooping querier
- ip igmp snooping router-alert-option- check
- ip igmp snooping router-port- expire-time
- ip igmp snooping tcn-flood
- ip igmp snooping tcn-query-solicit
- ip igmp snooping unregistered-data- flood
- ip igmp snooping unsolicited-report- interval
- ip igmp snooping version
- ip igmp snooping version-exclusive
- ip igmp snooping vlan general-query- suppression
- ip igmp snooping vlan immediate-leave
- ip igmp snooping vlan last-memb-query- count
- ip igmp snooping vlan last-memb-query- intvl
- ip igmp snooping vlan mrd
- ip igmp snooping vlan proxy-address
- ip igmp snooping vlan query-interval
- ip igmp snooping vlan query-resp-intvl
- ip igmp snooping vlan report-suppression
- ip igmp snooping vlan static
- ip igmp snooping immediate-leave
- clear ip igmp snooping groups dynamic
- clear ip igmp snooping statistics
- show ip igmp snooping
- show ip igmp snooping group
- show ip igmp snooping mrouter
- show ip igmp snooping statistics
- Static Multicast Routing
- IGMP Filtering and Throttling
- ip igmp filter (Global Configuration)
- ip igmp profile
- permit, deny
- range
- ip igmp authentication
- ip igmp filter (Interface Configuration)
- ip igmp max-groups
- ip igmp max-groups action
- ip igmp query-drop
- ip multicast-data-drop
- show ip igmp authentication
- show ip igmp filter
- show ip igmp profile
- show ip igmp query-drop
- show ip igmp throttle interface
- show ip multicast-data-drop
- MLD Snooping
- ipv6 mld snooping
- ipv6 mld snooping proxy-reporting
- ipv6 mld snooping querier
- ipv6 mld snooping query-interval
- ipv6 mld snooping query-max-response- time
- ipv6 mld snooping robustness
- ipv6 mld snooping router-port- expire-time
- ipv6 mld snooping unknown-multicast mode
- ipv6 mld snooping unsolicited-report- interval
- ipv6 mld snooping version
- ipv6 mld snooping vlan immediate-leave
- ipv6 mld snooping vlan mrouter
- ipv6 mld snooping vlan static
- clear ipv6 mld snooping groups dynamic
- clear ipv6 mld snooping statistics
- show ipv6 mld snooping
- show ipv6 mld snooping group
- show ipv6 mld snooping group source-list
- show ipv6 mld snooping mrouter
- show ipv6 mld snooping statistics
- MLD Filtering and Throttling
- MVR for IPv4
- mvr
- mvr associated-profile
- mvr domain
- mvr profile
- mvr proxy-query- interval
- mvr proxy-switching
- mvr robustness-value
- mvr source-port- mode
- mvr upstream- source-ip
- mvr vlan
- mvr immediate-leave
- mvr type
- mvr vlan group
- clear mvr groups dynamic
- clear mvr statistics
- show mvr
- show mvr associated-profile
- show mvr interface
- show mvr members
- show mvr profile
- show mvr statistics
- IGMP Snooping
- LLDP Commands
- lldp
- lldp holdtime-multiplier
- lldp med-fast-start-count
- lldp notification-interval
- lldp refresh-interval
- lldp reinit-delay
- lldp tx-delay
- lldp admin-status
- lldp basic-tlv management-ip- address
- lldp basic-tlv management-ipv6- address
- lldp basic-tlv port-description
- lldp basic-tlv system-capabilities
- lldp basic-tlv system-description
- lldp basic-tlv system-name
- lldp dot1-tlv proto-ident
- lldp dot1-tlv proto-vid
- lldp dot1-tlv pvid
- lldp dot1-tlv vlan-name
- lldp dot3-tlv link-agg
- lldp dot3-tlv mac-phy
- lldp dot3-tlv max-frame
- lldp med-location civic-addr
- lldp med-notification
- lldp med-tlv inventory
- lldp med-tlv location
- lldp med-tlv med-cap
- lldp med-tlv network-policy
- lldp notification
- show lldp config
- show lldp info local-device
- show lldp info remote-device
- show lldp info statistics
- OAM Commands
- efm oam
- efm oam critical-link-event
- efm oam link-monitor frame
- efm oam link-monitor frame threshold
- efm oam link-monitor frame window
- efm oam mode
- clear efm oam counters
- clear efm oam event-log
- efm oam remote-loopback
- efm oam remote- loopback test
- show efm oam counters interface
- show efm oam event-log interface
- show efm oam remote-loopback interface
- show efm oam status interface
- show efm oam status remote interface
- Domain Name Service Commands
- DHCP Commands
- IP Interface Commands
- IPv4 Interface
- IPv6 Interface
- Interface Address Configuration and Utilities
- Neighbor Discovery
- ipv6 hop-limit
- ipv6 neighbor
- ipv6 nd dad attempts
- ipv6 nd managed-config-flag
- ipv6 nd other-config-flag
- ipv6 nd ns-interval
- ipv6 nd raguard
- show ipv6 nd raguard
- ipv6 nd reachable-time
- ipv6 nd prefix
- ipv6 nd ra interval
- ipv6 nd ra lifetime
- ipv6 nd ra router-preference
- ipv6 nd ra suppress
- clear ipv6 neighbors
- show ipv6 neighbors
- show ipv6 nd prefix
- ND Snooping
- ipv6 nd snooping
- ipv6 nd snooping auto-detect
- ipv6 nd snooping auto-detect retransmit count
- ipv6 nd snooping auto-detect retransmit interval
- ipv6 nd snooping prefix timeout
- ipv6 nd snooping max-binding
- ipv6 nd snooping trust
- clear ipv6 nd snooping binding
- clear ipv6 nd snooping prefix
- show ipv6 nd snooping
- show ipv6 nd snooping binding
- show ipv6 nd snooping prefix
- IP Routing Commands
- Appendices
- List of Commands
Chapter 30
| IP Interface Commands
ND Snooping
– 855 –
Example
The following shows all neighbor discovery IPv6 prefixes for VLAN 1:
Console#show ipv6 nd prefix vlan 1
Ipv6 Neighbor Discovery Prefix Information.
VLAN Name : DefaultVlan
IPv6 Prefix : 2011:dbf::/35
Valid Lifetime : 2592000
Preferred Lifetime : 604800
On-link Flag : On
Autonomous Flag : On
Console#
ND Snooping
Neighbor Discover (ND) Snooping maintains an IPv6 prefix table and user address
binding table. These tables can be used for stateless address auto-configuration or
for address filtering by IPv6 Source Guard.
ND snooping maintains a binding table in the process of neighbor discovery. When
it receives an Neighbor Solicitation (NS) packet from a host, it creates a new
binding. If it subsequently receives a Neighbor Advertisement (NA) packet, this
means that the address is already being used by another host, and the binding is
therefore deleted. If it does not receive an NA packet after a timeout period, the
binding will be bound to the original host. ND snooping can also maintain a prefix
table used for stateless address auto-configuration by monitoring Router
Advertisement (RA) packets sent from neighboring routers.
ND snooping can also detect if an IPv6 address binding is no longer valid. When a
binding has been timed out, it checks to see if the host still exists by sending an NS
packet to the target host. If it receives an NA packet in response, it knows that the
target still exists and updates the lifetime of the binding; otherwise, it deletes the
binding.
This section describes commands used to configure ND Snooping.
Table 168: ND Snooping Commands
Command Function Mode
ipv6 nd snooping Enables ND snooping globally or on a specified VLAN or
range of VLANs
GC
ipv6 nd snooping auto-detect Enables automatic validation of binding table entries by
periodically sending NS messages and awaiting NA
replies
GC
ipv6 nd snooping auto-detect
retransmit count
Sets the number of times to send an NS message to
determine if a binding is still valid
GC