Enterasys® D-Series Ethernet Switches CLI Reference Firmware Version 1.0.
Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this document is subject to change without notice.
ENTERASYS NETWORKS, INC. FIRMWARE LICENSE AGREEMENT BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc.
If the Program is exported from the United States pursuant to the License Exception TSR under the U.S.
10. ENFORCEMENT. You acknowledge and agree that any breach of Sections 2, 4, or 9 of this Agreement by You may cause Enterasys irreparable damage for which recovery of money damages would be inadequate, and that Enterasys may be entitled to seek timely injunctive relief to protect Enterasys’ rights under this Agreement in addition to any and all remedies available at law. 11. ASSIGNMENT.
Contents About This Guide Using This Guide ............................................................................................................................................. xxi Structure of This Guide .................................................................................................................................... xxi Related Documents ........................................................................................................................................
set banner motd................................................................................................................................ 2-21 clear banner motd............................................................................................................................. 2-21 show version..................................................................................................................................... 2-22 set system name ................................................
set tftp timeout .................................................................................................................................. 2-47 clear tftp timeout ............................................................................................................................... 2-47 set tftp retry....................................................................................................................................... 2-48 clear tftp retry....................................
Disabling / Enabling and Naming Ports .......................................................................................................... 4-7 Purpose .................................................................................................................................................... 4-7 Commands ............................................................................................................................................... 4-7 set port disable ............................
Purpose .................................................................................................................................................. 4-31 Commands ............................................................................................................................................. 4-31 show port mirroring........................................................................................................................... 4-31 set port mirroring .............................
clear snmp community...................................................................................................................... 5-14 Configuring SNMP Access Rights ................................................................................................................ 5-15 Purpose .................................................................................................................................................. 5-15 Commands ..................................................
set spantree version ........................................................................................................................... 6-8 clear spantree version ........................................................................................................................ 6-8 show spantree bpdu-forwarding ......................................................................................................... 6-9 set spantree bpdu-forwarding...............................................
set spantree adminpathcost ............................................................................................................. 6-36 clear spantree adminpathcost .......................................................................................................... 6-36 show spantree adminedge ............................................................................................................... 6-37 set spantree adminedge .................................................................
Configuring the VLAN Egress List ................................................................................................................ 7-12 Purpose .................................................................................................................................................. 7-12 Commands ............................................................................................................................................. 7-12 show port egress ............................
show diffserv service stats................................................................................................................ 8-15 set diffserv service............................................................................................................................ 8-16 DiffServ Configuration Examples ..................................................................................................................
Configuring Priority to Transmit Queue Mapping ......................................................................................... 10-4 Purpose .................................................................................................................................................. 10-4 Commands ............................................................................................................................................. 10-4 show port priority-queue .............................
ping................................................................................................................................................. 12-13 show users ..................................................................................................................................... 12-13 disconnect ...................................................................................................................................... 12-14 Managing Switch Network Addresses and Routes ........
clear rmon history ............................................................................................................................. 13-7 Alarm Group Commands .............................................................................................................................. 13-7 Purpose .................................................................................................................................................. 13-7 Commands ........................................
set dhcp pool network..................................................................................................................... 14-13 clear dhcp pool network.................................................................................................................. 14-13 set dhcp pool hardware-address .................................................................................................... 14-14 clear dhcp pool hardware-address ....................................................
show macauthentication ................................................................................................................. 15-20 show macauthentication session .................................................................................................... 15-21 set macauthentication..................................................................................................................... 15-22 set macauthentication password .......................................................
set maclock firstarrival .................................................................................................................... 15-53 clear maclock firstarrival ................................................................................................................. 15-54 set maclock agefirstarrival .............................................................................................................. 15-54 clear maclock agefirstarrival ..........................................
2-6 2-7 3-8 3-9 3-10 4-11 4-12 4-13 4-14 4-15 4-16 5-17 5-18 5-19 5-20 5-21 5-22 5-23 5-24 5-25 5-26 5-27 6-28 7-29 7-30 7-31 8-32 9-33 9-34 9-35 12-36 12-37 12-38 12-39 12-40 12-41 12-42 13-43 13-44 13-45 15-46 15-47 15-48 15-49 15-50 15-51 15-52 15-53 show system Output Details ............................................................................................................. 2-12 show version Output Details .......................................................................................
xviii
About This Guide Welcome to the Enterasys Networks D‐Series CLI Reference. This manual explains how to access the device’s Command Line Interface (CLI) and how to use it to configure D‐Series switch devices. Important Notice Depending on the firmware version used in your device, some features described in this document may not be supported. Refer to the Release Notes shipped with your device to determine which features are supported.
Related Documents Chapter 6, Spanning Tree Configuration, describes how to review and set Spanning Tree bridge parameters for the device, including bridge priority, hello time, maximum aging time and forward delay; and how to review and set Spanning Tree port parameters, including port priority and path costs. Configuring the SpanGuard and Loop Protect functions is also described. Chapter 7, 802.
Conventions Used in This Guide Conventions Used in This Guide The following conventions are used in the text of this document: Convention Description Bold font Indicates mandatory keywords, parameters or keyboard keys. italic font Indicates complete document titles. Courier font Used for examples of information displayed on the screen. Courier font in italics Indicates a user-supplied value, either required or optional. [] Square brackets indicate an optional value.
Getting Help Before calling Enterasys Networks, have the following information ready: xxiv • Your Enterasys Networks service contract number • A description of the failure • A description of any action(s) already taken to resolve the problem (for example, changing mode switches or rebooting the unit) • The serial and revision numbers of all involved Enterasys Networks products in the network • A description of your network environment (for example, layout, cable type) • Network load and frame
1 Introduction This chapter provides an overview of the D‐Series’ unique features and functionality, an overview of the tasks that may be accomplished using the CLI interface, an overview of ways to manage the switch, factory default settings, and information about how to use the Command Line Interface to configure the switch. For information about... Refer to page...
Factory Default Settings • Remotely using WebView™, Enterasys Networks’ embedded web server application. The Installation Guide for your D‐Series device provides setup instructions for connecting a terminal or modem to the switch. Factory Default Settings The following tables list factory default settings available on the D‐Series switch. Table 1-1 Default Settings for Basic Switch Operation Feature Default Setting Switch Mode Defaults CDP discovery protocol Auto enabled on all ports.
Factory Default Settings Table 1-1 Default Settings for Basic Switch Operation (Continued) Feature Default Setting Link aggregation flow regeneration Disabled. Link aggregation system priority Set to 32768 for all ports. Link aggregation outport algorithm Set to DIP-SIP. Lockout Set to disable Read-Write and Read-Only users, and to lockout the default admin (Super User) account for 15 minutes, after 3 failed login attempts. Logging Syslog port set to UDP port number 514.
Factory Default Settings Table 1-1 1-4 Introduction Default Settings for Basic Switch Operation (Continued) Feature Default Setting Spanning Tree edge port administrative status Edge port administrative status begins with the value set to false initially after the device is powered up. If a Spanning Tree BDPU is not received on the port within a few seconds, the status setting changes to true. Spanning Tree edge port delay Enabled. Spanning Tree forward delay Set to 15 seconds.
Using the Command Line Interface Using the Command Line Interface Starting a CLI Session Connecting Using the Console Port Connect a terminal to the local console port as described in your D‐Series Installation Guide. The startup screen, Figure 1‐1, will display on the terminal.
Using the Command Line Interface Refer to the instructions included with the Telnet application for information about establishing a Telnet session. Logging In By default, the D‐Series switch is configured with three user login accounts—ro for Read‐Only access, rw for Read‐Write access, and admin for super‐user access to all modifiable parameters. The default password is set to a blank string. For information on changing these default settings, refer to “Setting User Accounts and Passwords” on page 2‐2.
Using the Command Line Interface Figure 1-2 Sample CLI Defaults Description Syntax show port status [port-string] Defaults If port‐string is not specified, status information for all ports will be displayed. CLI Command Modes Each command description in this guide includes a section entitled “Mode” which states whether the command is executable in Admin (Super User), Read‐Write, or Read‐Only mode. Users with Read‐Only access will only be permitted to view Read‐Only (show) commands.
Using the Command Line Interface Displaying Scrolling Screens If the CLI screen length has been set using the set length command as described on page 2‐25, CLI output requiring more than one screen will display --More-- to indicate continuing screens. To display additional screen output: • Press any key other than ENTER to advance the output one screen at a time. • Press ENTER to advance the output one line at a time.
Using the Command Line Interface Basic Line Editing Commands The CLI supports EMACs‐like line editing commands. Table 1‐2 lists some commonly used commands. Table 1-2 Basic Line Editing Commands Key Sequence Command Ctrl+A Move cursor to beginning of line. Ctrl+B Move cursor back one character. Ctrl+D Delete a character. Ctrl+E Move cursor to end of line. Ctrl+F Move cursor forward one character. Ctrl+H Delete character to left of cursor. Ctrl+I or TAB Complete word.
Using the Command Line Interface 1-10 Introduction
2 Basic Configuration At startup, the D‐Series switch is configured with many defaults and standard features. This chapter describes how to customize basic system settings to adapt to your work environment. For information about... Refer to page...
Setting User Accounts and Passwords Table 2-4 Optional CLI Setup Commands Refer to page... Task CLI commands Save the active configuration. save config 2-41 Enable or disable SSH. set ssh enable | disable 15-69 Enable or disable Telnet. set telnet {enable | disable} [inbound | outbound | all] 2-38 Enable or disable HTTP management (WebView). set webview {enable | disable} 2-52 Enable or disable SNMP port link traps.
show system login show system login Use this command to display user login account information. Syntax show system login Parameters None. Defaults None. Mode Switch command, super user. Example This example shows how to display login account information.
set system login set system login Use this command to create a new user login account, or to disable or enable an existing account. The D‐Series switch supports up to 16 user accounts, including the admin account, which cannot be deleted. Syntax set system login username {super-user | read-write | read-only} {enable | disable} Parameters username Specifies a login name for a new or existing user.
set password Example This example shows how to remove the “netops” user account: D2(su)->clear system login netops set password Use this command to change system default passwords or to set a new login password on the CLI. Syntax set password [username] Parameters username (Only available to users with super‐user access.) Specifies a system default or a user‐configured login account name. By default, the D‐Series switch provides the following account names: ro for Read‐Only access.
set system password length set system password length Use this command to set the minimum user login password length. Syntax set system password length characters Parameters characters Specifies the minimum number of characters for a user account password. Valid values are 0 to 40. Defaults None. Mode Switch command, super user.
set system password history set system password history Use this command to set the number of previously used user login passwords that will be checked for password duplication. This prevents duplicate passwords from being entered into the system with the set password command. Syntax set system password history size Parameters size Specifies the number of passwords checked for duplication. Valid values are 0 to 10. Defaults None. Mode Switch command, super user.
Setting Basic Switch Properties Table 2-5 show system lockout Output Details Output Field What It Displays... Lockout attempts Number of failed login attempts allowed before a read-write or read-only user’s account will be disabled. Lockout time Number of minutes the default admin user account will be locked out after the maximum login attempts. Setting Basic Switch Properties Purpose To display and set the system IP address and other basic system (switch) properties.
show ip address For information about... Refer to page... set system name 2-23 set system location 2-23 set system contact 2-24 set width 2-24 set length 2-25 show logout 2-25 set logout 2-26 show console 2-26 set console baud 2-27 show ip address Use this command to display the system IP address and subnet mask. Syntax show ip address Parameters None. Defaults None. Mode Switch command, read‐only.
clear ip address Parameters ip‐address Sets the IP address for the system. . mask ip‐mask (Optional) Sets the system’s subnet mask. gateway ip‐gateway (Optional) Sets the system’s default gateway (next‐hop device). Defaults If not specified, ip‐mask will be set to the natural mask of the ip‐address and ip‐gateway will be set to the ip‐address. Mode Switch command, read‐write. Usage Paramters must be entered in the order shown (host IP, then mask, then gateway) for the command to be accepted.
show ip protocol show ip protocol Use this command to display the method used to acquire a network IP address for switch management. Syntax show ip protocol Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display the method used to acquire a network IP address: D2(su)->show ip protocol System IP address acquisition method: dhcp set ip protocol Use this command to specify the protocol used to acquire a network IP address for switch management.
show system show system Use this command to display system information, including contact information, power and fan tray status and uptime. Syntax show system Parameters None. Defaults None. Mode Switch command, read‐only.
show system hardware Table 2-6 show system Output Details (Continued) Output What It Displays... PWR2-B Status Operational status for the power supply connected to PWR1-B on the switch. Fanx-Status Operational status of the fan(s). (This output not in use for the D2.) Uptime d,h:m:s System uptime. Logout Time an idle console or Telnet CLI session will remain connected before timing out. Default of 5 minutes can be changed with the set logout command (“set logout” on page 2-26).
show system utilization Parameters cpu Display information about the processor running on the switch. storage Display information about the overall memory usage on the switch. process Display information about the processes running on the switch. Defaults None. Mode Switch command, read‐only.
show system enhancedbuffermode show system enhancedbuffermode Use this command to display the status of enhanced buffer mode, which optimizes buffer distribution for single CoS queue operation. Syntax show system enhancedbuffermode Parameters None. Defaults None. Mode Switch command, read‐write.
show time show time Use this command to display the current time of day in the system clock. Syntax show time Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display the current time. The output shows the day of the week, month, day, and the time of day in hours, minutes, and seconds and the year: D2(su)->show time THU SEP 05 09:21:57 2002 set time Use this command to change the time of day on the system clock.
show summertime show summertime Use this command to display daylight savings time settings. Syntax show summertime Parameters None. Defaults None. Mode Switch command, read‐only.
set summertime date set summertime date Use this command to configure specific dates to start and stop daylight savings time. These settings will be non‐recurring and will have to be reset annually. Syntax set summertime date start_month start_date start_year start_hr_min end_month end_date end_year end_hr_min [offset_minutes] Parameters start_month Specifies the month of the year to start daylight savings time. start_date Specifies the day of the month to start daylight savings time.
clear summertime start_day Specifies the day of the week to restart daylight savings time. start_hr_min Specifies the time of day to restart daylight savings time. Format is hh:mm. end_week Specifies the week of the month to end daylight savings time. end_day Specifies the day of the week to end daylight savings time. end_hr_min Specifies the time of day to end daylight savings time. Format is hh:mm.
set prompt set prompt Use this command to modify the command prompt. Syntax set prompt prompt_string Parameters prompt_string Specifies a text string for the command prompt. Note: A prompt string containing a space in the text must be enclosed in quotes as shown in the example below. Defaults None. Mode Switch command, read‐write.
set banner motd set banner motd Use this command to set the banner message of the day displayed at session login. Note: Banner message text must be enclosed in beginning and ending double quotation marks. The message itself cannot contain any additional double quotation marks. Syntax set banner motd message Parameters message Specifies a message of the day. This is a text string that needs to be in double quotes if any spaces are used. Use a \n for a new line and \t for a tab (eight spaces).
show version Example This example shows how to clear the message of the day banner to a blank string: D2(rw)->clear banner motd show version Use this command to display hardware and firmware information. Refer to “Downloading a Firmware Image” on page 2‐33 for instructions on how to download a firmware image. Syntax show version Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display version information.
set system name set system name Use this command to configure a name for the system. Syntax set system name [string] Parameters string (Optional) Specifies a text string that identifies the system. Note: A name string containing a space in the text must be enclosed in quotes as shown in the example below. Defaults If string is not specified, the system name will be cleared. Mode Switch command, read‐write.
set system contact set system contact Use this command to identify a contact person for the system. Syntax set system contact [string] Parameters string (Optional) Specifies a text string that contains the name of the person to contact for system administration. Note: A contact string containing a space in the text must be enclosed in quotes as shown in the example below. Defaults If string is not specified, the contact name will be cleared. Mode Switch command, read‐write.
set length Example This example shows how to set the terminal columns to 50: D2(su)->set width 50 set length Use this command to set the number of lines the CLI will display. This command is persistent (written to NV‐RAM). Syntax set length screenlength Parameters screenlength Sets the number of lines in the CLI display. Valid values are 0, which disables the scrolling screen feature described in “Displaying Scrolling Screens” on page 1‐8, and from 5 to 512. Defaults None.
set logout Example This example shows how to display the CLI logout setting: D2(su)->show logout Logout currently set to: 10 minutes. set logout Use this command to set the time (in minutes) an idle console or Telnet CLI session will remain connected before timing out. Syntax set logout timeout Parameters timeout Sets the number of minutes the system will remain idle before timing out. Defaults None. Mode Switch command, read‐write.
set console baud Mode Switch command, read‐only. Example This example shows how to display all console settings: D2(su)->show console Baud Flow Bits ------ ------- ---9600 Disable 8 StopBits ---------1 Parity -----none set console baud Use this command to set the console port baud rate. Syntax set console baud rate Parameters rate Sets the console baud rate. Valid values are: 300, 600, 1200, 2400, 4800, 5760, 9600, 14400, 19200, 38400, and 115200. Defaults None. Mode Switch command, read‐write.
set license License Key Field Descriptions When Enterasys supplies a license, it will be sent to you as a character string similar to the following: INCREMENT D2Policy 2006.0127 27-jan-2011 0123456789AB 0123456789AB The contents of the six fields, from the left, indicate: • Type—the type of license. For the D‐Series, the value in this field is always “INCREMENT.” • Feature—description of the feature being licensed. For example, “D2Policy”as shown in the character string above.
show license Parameters type Specifies the type of license. For the D‐Series, the value in this field is always INCREMENT. feature The name of the feature being licensed. DBV A date‐related string generated as part of the license. expiration Indicates whether the license is a permanent or an evaluation license. If the license is an evaluation license, this field will contain the expiration date of the license. If the license is a permanent license, this field will contain the word “permanent.
clear license Usage Licenses can be displayed, applied, and cleared only with the license commands described in this chapter. General configuration commands such as show config or clear config do not affect licenses. Example This example shows how to display license key information. D2(ro)->show license key: INCREMENT D2Policy 2006.0728 permanent 31173CAC6495 045100039001 status: Active clear license Use this command to clear the license key settings..
show inlinepower Commands The commands used to review and set system power parameters are listed below. For information about... Refer to page... show inlinepower 2-31 set inlinepower threshold 2-31 set inlinepower trap 2-32 show port inlinepower 2-32 set port inlinepower 2-33 show inlinepower Use this command to display system power properties. Syntax show inlinepower Parameters None. Defaults None. Mode Switch command, read‐only.
set inlinepower trap Defaults None. Mode Switch command, read‐write. Example This example shows how to set the power threshold to 50 : D2(su)->set inlinepower threshold 50 set inlinepower trap Use this command to enable or disable the sending of an SNMP trap message for a unit whenever the status of its ports changes, or whenever the unit’s power usage threshold is crossed. The unit’s power usage threshold must be set using the set inlinepower threshold command as described on page 2‐31.
set port inlinepower Example This example shows how to display PoE information for port ge.2.1. In this case, the port’s administrative state, PoE priority and class have not been changed from default values: D2(su)->show port inlinepower ge.2.1 Port Type Admin Oper -------------ge.2.1 wireless auto searching Priority -------low Class ----0 Power(W) -------15.4 set port inlinepower Use this command to configure PoE parameters on one or more ports.
Downloading a Firmware Image – HyperTerminal Copyright 1999 – Tera Term Pro Version 2.3 Any other terminal applications may work but are not explicitly supported. The D2 switch allows you to download and store dual images. The backup image can be downloaded and selected as the startup image by using the commands described in this section. Downloading from a TFTP Server To perform a TFTP download, proceed as follows: 1.
Downloading a Firmware Image 3. Type 2. The following baud rate selection screen displays: 1 2 3 4 5 6 7 8 0 4. - 1200 2400 4800 9600 19200 38400 57600 115200 no change Type 8 to set the switch baud rate to 115200. The following message displays: Setting baud rate to 115200, you must change your terminal baud rate. 5. Set the terminal baud rate to 115200 and press ENTER. 6. From the boot menu options screen, type 4 to load new operational code using XMODEM.
Reviewing and Selecting a Boot Firmware Image Reverting to a Previous Image In the event that you need to downgrade to a previous version of code, you can do so by completing the following steps described in this chapter. Note: You will not be able to peform these steps remotely unless you have remote console support. 1. Save your configuration, as described in“save config” (page 2‐41). 2. Load your previous version of code on the device, as described in “Downloading a Firmware Image” (page 2‐33). 3.
set boot system Example This example shows how to display the switch’s boot firmware image: D2(su)->show boot system Current system image to boot: bootfile set boot system Use this command to set the firmware image the switch loads at startup. Syntax set boot system filename Parameters filename Specifies the name of the firmware image file. Defaults None. Mode Switch command, read‐write.
show telnet show telnet Use this command to display the status of Telnet on the switch. Syntax show telnet Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display Telnet status: D2(su)->show telnet Telnet inbound is currently: ENABLED Telnet outbound is currently: ENABLED set telnet Use this command to enable or disable Telnet on the switch.
telnet telnet Use this command to start a Telnet connection to a remote host. The D‐Series switch allows a total of four inbound and / or outbound Telnet session to run simultaneously. Syntax telnet host [port] Parameters host Specifies the name or IP address of the remote host. port (Optional) Specifies the server port number. Defaults If not specified, the default port number 23 will be used. Mode Switch command, read‐write.
show snmp persistmode Purpose To set and view the persistence mode for CLI configuration commands, manually save the running configuration, view, manage, and execute configuration files and image files, and set and view TFTP parameters. Commands For information about... Refer to page...
set snmp persistmode saved. In order to make configuration changes persistent when the mode is manual, the save config command must be issued as described in “Configuration Persistence Mode” on page 2‐39. Example This example shows how to display the configuration persistence mode setting. In this case, persistence mode is set to “manual”, which means configuration changes are not being automatically saved.
dir Defaults None. Mode Switch command, read‐write. Example This example shows how to save the running configuration: D2(su)->save config dir Use this command to list configuration and image files stored in the file system. Syntax dir [filename] Parameters filename (Optional) Specifies the file name or directory to list. Defaults If filename is not specified, all files in the system will be displayed. Mode Switch command, read‐only.
show file Files: ================================ configs: SSH baserouter_dec baserouter_jan baserouter_mar baserouter_apr logs: current.log Size ======== 8293 4197 8293 8293 8293 90129 show file Use this command to display the contents of a file. Syntax show file filename Parameters filename Specifies the name of the file to display. Defaults None. Mode Switch command, read‐only. Example This example shows how to display a text file named “mypolicy” in the configs/ directory.
show config show config Use this command to display the system configuration or write the configuration to a file. Syntax show config [all | facility] [outfile {configs/filename}] Parameters all (Optional) Displays default and non‐default configuration settings. facility (Optional) Specifies the exact name of one facility for which to show configuration. For example, enter “router” to show only router configuration.
configure configure Use this command to execute a previously downloaded configuration file stored on the switch. Syntax configure filename [append] Parameters filename Specifies the path and file name of the configuration file to execute. append (Optional) Appends the configuration file contents to the current configuration. This is equivalent to typing the contents of the config file directly into the CLI and can be used, for example, to make incremental adjustments to the current configuration.
delete Examples This example shows how to download an image via TFTP: D2(su)->copy tftp://10.1.192.34/version01000 system:image This example shows how to download a configuration file to the configs directory: D2(su)->copy tftp://10.1.192.1/Jan1_2004.cfg configs/Jan1_2004.cfg delete Use this command to remove an image or a CLI configuration file from the switch. Syntax delete filename Parameters filename Specifies the local path name to the file. Valid directories are /images and /configs.44.
set tftp timeout Usage The TFTP timeout value can be set with the set tftp timeout command. The TFTP retry value can be set with the set tftp retry command. Example This example shows the output of this command. D2(ro)->show tftp settings TFTP packet timeout (seconds): 2 TFTP max retry: 5 set tftp timeout Use this command to configure how long TFTP will wait for a reply of either an acknowledgement packet or a data packet during a data transfer.
set tftp retry Mode Switch command, read‐write. Example This example shows how to clear the timeout value to the default of 2 seconds. D2(rw)-> clear tftp timeout set tftp retry Use this command to configure how many times TFTP will resend a packet, either an acknowledgement packet or a data packet. Syntax set tftp retry retry Parameters retry Specifies the number of times a packet will be resent. The valid range is from 1 to 1000. Default value is 5 retries. Defaults None.
Clearing and Closing the CLI Example This example shows how to clear the retry value to the default of 5 retries. D2(rw)-> clear tftp retry Clearing and Closing the CLI Purpose To clear the CLI screen or to close your CLI session. Commands The commands used to clear and close the CLI session are listed below. For information about... Refer to page... cls 2-49 exit 2-49 cls (clear screen) Use this command to clear the screen for the current CLI session. Syntax cls Parameters None. Defaults None.
Resetting the Switch Parameters None. Defaults None. Mode Switch command, read‐only. Usage By default, switch timeout occurs after 15 minutes of user inactivity, automatically closing your CLI session. Use the set logout command (page 2‐26) to change this default. Example This example shows how to exit a CLI session: D2(su)->exit Resetting the Switch Purpose To reset one or more switches, and to clear the user‐defined configuration parameters. Commands For information about... Refer to page...
clear config Examples This example shows how to reset the system: D2(su)->reset This command will reset all modules and may disconnect your telnet session. Do you want to continue (y/n) [n]? clear config Use this command to clear the user‐defined configuration parameters. Syntax clear config Parameters None. Defaults None. Mode Switch command, read‐write. Usage Executing this command will clear the configuration in both NVRAM and on the memory card, if one is installed on the switch.
show webview Commands For information about... show webview 2-52 set webview 2-52 show ssl 2-53 set ssl 2-53 show webview Use this command to display WebView status. Syntax show webview Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display WebView status: D2(rw)->show webview WebView is Enabled. set webview Use this command to enable or disable WebView on the switch.
show ssl Usage It is good practice for security reasons to disable HTTP access on the switch when finished configuring with WebView, and then to only enable WebView on the switch when changes need to be made. Example This example shows how to disable WebView on the switch: D2(rw)->set webview disable show ssl Use this command to display SSL status. Syntax show ssl Parameters None. Defaults None. Mode Switch command, read‐only.
set ssl Mode Switch command, read‐write.
3 Discovery Protocol Configuration This chapter describes how to configure discovery protocols. For information about... Refer to page... Configuring CDP 3-1 Configuring Cisco Discovery Protocol 3-6 Configuring CDP Purpose To review and configure the Enterasys CDP discovery protocol. This protocol is used to discover network topology. When enabled, this protocol allows Enterasys devices to send periodic PDUs about themselves to neighboring devices.
show cdp Parameters port‐string (Optional) Displays CDP status for a specific port. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, all CDP information will be displayed. Mode Switch command, read‐only. Example This example shows how to display CDP information for ports ge.1.1 through ge.1.9: D2(su)->show cdp ge.1.
set cdp state Table 3-8 show cdp Output Details (Continued) Output Field What It Displays... Status Whether CDP is enabled, disabled or auto-enabled on the port. set cdp state Use this command to enable or disable the CDP discovery protocol on one or more ports. Syntax set cdp state {auto | disable | enable} [port-string] Parameters auto | disable | enable Auto‐enables, disables or enables the CDP protocol on the specified port(s).
set cdp interval Parameters auth‐code Specifies an authentication code for the CDP protocol. This can be up to 16 hexadecimal values separated by commas. Defaults None. Mode Switch command, read‐write. Usage The authentication code value determines a switch’s CDP domain. If two or more switches have the same CDP authentication code, they will be entered into each other’s CDP neighbor tables.
set cdp hold-time set cdp hold-time Use this command to set the hold time value for CDP discovery protocol configuration messages. Syntax set cdp hold-time hold-time Parameters hold‐time Specifies the hold time value for CDP messages in seconds.Valid values are from 15 to 600. Defaults None. Mode Switch command, read‐write. Example This example shows how to set CDP hold time to 60 seconds: D2(su)->set cdp hold-time 60 clear cdp Use this command to reset CDP discovery protocol settings to defaults.
show neighbors show neighbors This command displays Neighbor Discovery information for either the CDP or Cisco DP protocols. Syntax show neighbors [port-string] Parameters port‐string (Optional) Specifies the port or ports for which to display Neighbor Discovery information. Defaults If no port is specified, all Neighbor Discovery information is displayed. Mode Switch command, read‐only. Usage This command displays information discovered by both the CDP and the Cisco DP protocols.
show ciscodp Commands The commands used to review and configure the Cisco discovery protocol are listed below. Refer also to “show neighbors” on page 3‐6. For information about... Refer to page... show ciscodp 3-7 show ciscodp port info 3-8 set ciscodp status 3-9 set ciscodp timer 3-9 set ciscodp holdtime 3-10 set ciscodp port 3-10 clear ciscodp 3-12 show ciscodp Use this command to display global Cisco discovery protocol information. Syntax show ciscodp Parameters None. Defaults None.
show ciscodp port info Table 3-9 show ciscodp Output Details (Continued) Output Field What It Displays... Timer The number of seconds between Cisco discovery protocol PDU transmissions. The default of 60 seconds can be reset with the set ciscodp timer command. Holdtime Number of seconds neighboring devices will hold PDU transmissions from the sending device. Default value of 180 can be changed with the set ciscodp holdtime command. Device ID The MAC address of the switch.
set ciscodp status Table 3-10 show ciscodp port info Output Details (Continued) Output Field What It Displays... trusted The trust mode of the port. Default of trusted can be changed using the set ciscodp port command. cos The Class of Service priority value for untrusted traffic. The default of 0 can be changed using the set ciscodp port command. set ciscodp status Use this command to enable or disable the Cisco discovery protocol globally on the switch.
set ciscodp holdtime Mode Switch command, read‐write. Example This example shows how to set the Cisco DP timer to 120 seconds. D2(su)->set ciscodp timer 120 set ciscodp holdtime Use this command to set the time to live (TTL) for Cisco discovery protocol PDUs. This is the amount of time, in seconds, neighboring devices will hold PDU transmissions from the sending device. Syntax set ciscodp holdtime hold-time Parameters hold‐time Specifies the time to live for Cisco DP PDUs.
set ciscodp port none No voice VLAN will be used in CiscoDP PDUs. This is the default. dot1p Instructs attached phone to send 802.1p tagged frames. untagged Instructs attached phone to send untagged frames. trusted Sets the extended trust mode on the port. yes Instructs attached phone to allow the device connected to it to transmit traffic containing any CoS or Layer 2 802.1p marking. This is the default value. no Instructs attached phone to overwrite the 802.
clear ciscodp Note: The Cisco Discovery Protocol must be globally enabled using the set ciscodp status command before operational status can be set on individual ports. Examples This example shows how to set the Cisco DP port voice VLAN ID to 3 on port ge.1.6 and enable the port operational state. D2(rw)->set ciscodp port status enable vvid 3 ge.1.6 This example shows how to set the Cisco DP extended trust mode to untrusted on port ge.1.5 and set the CoS priority to 1.
4 Port Configuration This chapter describes the Port Configuration set of commands and how to use them. For information about... Refer to page...
Port Configuration Summary Port Slot/Unit Parameters Used in the CLI The “unit” parameter is often used interchangeably with “module” in the standalone switch CLI to indicate a module slot location. Examples Note: You can use a wildcard (*) to indicate all of an item. For example, ge.3.* would represent all 1-Gigabit Ethernet (ge) ports in slot 3. This example shows the port‐string syntax for specifying the 1‐Gigabit Ethernet port 14 in slot 3. ge.3.
Reviewing Port Status Example This example shows how to configure port ge.2.1 in the D2G124‐12 to operate with a 100BASE‐FX transceiver installed. First, the port status is shown as operating as a 1000BASE‐SX port. After the 1‐Gigabit transceiver is replaced with the a 100 Mbps transceiver, the port is configured appropriately and the new settings are verified. D2(su)->show port advertise ge.2.1 ge.2.
show port show port Use this command to display whether or not one or more ports are enabled for switching. Syntax show port [port-string] Parameters port‐string (Optional) Displays operational status for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, operational status information for all ports will be displayed. Mode Switch command, read‐only.
show port counters Example This example shows how to display status information for ge.3.14: D2(su)->show port status ge.3.14 Port Alias (truncated) ------------ -------------ge.3.14 Oper Status ------up Admin Status ------up Speed Duplex Type -------N/A ------- ------------N/A BaseT RJ45 Table 4‐11 provides an explanation of the command output. Table 4-11 show port status Output Details Output Field What It Displays... Port Port designation.
show port counters Mode Switch command, read‐only. Examples This example shows how to display all counter statistics, including MIB2 network traffic and traffic through the device for ge.3.1: D2(su)->show port counters ge.3.1 Port: ge.3.
Disabling / Enabling and Naming Ports Table 4-12 show port counters Output Details (Continued) Output Field What It Displays... MIB2 Interface Counters MIB2 network traffic counts 802.1Q Switch Counters Counts of frames received, transmitted, and filtered. Disabling / Enabling and Naming Ports Purpose To disable and re‐enable one or more ports, and to assign an alias to a port. By default, all ports are enabled at device startup.
set port enable set port enable Use this command to administratively enable one or more ports. Syntax set port enable port-string Parameters port‐string Specifies the port(s) to enable. For a detailed description of possible port‐ string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults None. Mode Switch command, read‐write. Example This example shows how to enable ge.1.3: D2(su)->set port enable ge.1.
set port alias set port alias Use this command to assign an alias name to a port. Syntax set port alias port-string [name] Parameters port‐string Specifies the port to which an alias will be assigned. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. name (Optional) Assigns an alias name to the port. If the alias name contains spaces, the text string must be surrounded by double quotes. Maximum length is 60 characters.
show port speed show port speed Use this command to display the default speed setting on one or more ports. Syntax show port speed [port-string] Parameters port‐string (Optional) Displays default speed setting(s) for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, default speed settings for all ports will display. Mode Switch command, read‐only.
show port duplex Example This example shows how to set ge.3.3 to a port speed of 10 Mbps: D2(su)->set port speed ge.3.3 10 show port duplex Use this command to display the default duplex setting (half or full) for one or more ports. Syntax show port duplex [port-string] Parameters port‐string (Optional) Displays default duplex setting(s) for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1.
Enabling / Disabling Jumbo Frame Support Mode Switch command, read‐write. Example This example shows how to set ge.1.17 to full duplex: D2(su)->set port duplex ge.1.17 full Enabling / Disabling Jumbo Frame Support Purpose To review, enable, and disable jumbo frame support on one or more ports. This allows Gigabit Ethernet ports to transmit frames up to 10 KB in size. Commands For information about... Refer to page...
set port jumbo Example This example shows how to display the status of jumbo frame support for ge.1.1: D2(su)->show port jumbo ge.1.1 Port Number Jumbo Status Max Frame Size ------------- --------------- -----------------ge.1.1 Enable 9216 set port jumbo Use this command to enable or disable jumbo frame support on one or more ports. Syntax set port jumbo {enable | disable}[port-string] Parameters enable | disable Enables or disables jumbo frame support.
Setting Auto-Negotiation and Advertised Ability Mode Switch command, read‐write. Example This example shows how to reset jumbo frame support status for Gigabit Ethernet port 14 in slot 3: D2(su)->clear port jumbo ge.3.14 Setting Auto-Negotiation and Advertised Ability Purpose To review, disable or enable auto‐negotiation, and to configure port advertisement for speed and duplex.
set port negotiation Parameters port‐string (Optional) Displays auto‐negotiation status for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, auto‐negotiation status for all ports will be displayed. Mode Switch command, read‐only. Example This example shows how to display auto‐negotiation status for 1‐Gigabit Ethernet port 14 in slot 3: D2(su)->show port negotiation ge.3.
set port advertise Parameters port‐string (Optional) Displays advertised ability for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, advertisement for all ports will be displayed. Mode Switch command, read‐only. Example This example shows how to display advertisement status for Gigabit ports 13 and 14: D2(su)->show port advertise ge.1.13-14 ge.1.
clear port advertise 100txfd Advertise 100BASE‐TX full duplex mode. Refer to “Configuring SFP Ports for 100BASE‐FX” on page 4‐2 for more information on setting advertised ability for 100 Mb SFP tranceivers. 1000t Advertise 1000BASE‐T half duplex mode. 1000tfd Advertise 1000BASE‐T full duplex mode. pause Advertise PAUSE for full‐duplex links. Defaults None. Mode Switch command, read‐write.
Setting Flow Control Example This example shows how to configure port 1 to not advertise 10 MB capability for auto‐ negotiation: D2(su)->clear port advertise ge.1.1 10t 10tfd Setting Flow Control Purpose To review, enable or disable port flow control. Flow control is used to manage the transmission between two devices as specified by IEEE 802.3x to prevent receiving ports from being overwhelmed by frames from transmitting devices. Commands For information about...
set flowcontrol set flowcontrol Use this command to enable or disable flow control. Syntax set flowcontrol {enable | disable} Parameters enable | disable Enables or disables flow control settings. Defaults None. Mode Switch command, read‐write. Example This example shows how to enable flow control: D2(su)->set flowcontrol enable Setting Port Link Traps and Link Flap Detection Purpose To disable or re‐enable link traps, display link trap status, and to configure the link flapping detection function.
show port trap For information about... Refer to page... clear linkflap action 4-25 set linkflap threshold 4-26 set linkflap downtime 4-27 clear linkflap down 4-27 clear linkflap 4-28 show port trap Use this command to display whether the port is enabled for generating an SNMP trap message if its link state changes. Syntax show port trap [port-string] Parameters port‐string (Optional) Displays link trap status for specific port(s).
show linkflap Parameters port‐string Specifies the port(s) for which to enable or disable port traps. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. enable | disable Enables or disables sending trap messages when link status changes. Defaults Sending traps when link status changes is enabled by default. Mode Switch command, read‐write. Example The following example disables sending trap on ge.3.1. D2(su)->set port trap ge.3.
show linkflap totalcount Displays how many linkdown transitions have occurred since the last reset. timelapsed Displays the time period since the last link down event or reset. violations Displays the number of link flap violations since the last reset. port‐string (Optional) Displays information for specific port(s). Defaults • If not specified, information about all link flap detection settings will be displayed. • If port‐string is not specified, information for all ports will be displayed.
set linkflap globalstate Table 4-13 show linkflap parameters Output Details Output Field What it displays... Port Port designation. LF Status Link flap enabled state. Actions Actions to be taken if the port violates allowed link flap behavior. D = disabled, S = Syslog entry will be generated, T= SNMP trap will be generated. Threshold Number of link down transitions necessary to trigger the link flap action. Interval Time interval (in seconds) for accumulating link down transitions.
set linkflap portstate Mode Switch mode, read‐write. Usage By default, the function is disabled globally and on all ports. If disabled globally after per‐port settings have been configured using the linkflap commands, per‐port settings will be retained. Example This example shows how to globally enable the link trap detection function. D2(rw)->set linkflap globalstate enable set linkflap portstate Use this command to enable or disable link flap monitoring on one or more ports.
set linkflap action Defaults None. Mode Switch command, read‐write. Example This example shows how to set the link flap interval on port ge.1.4 to 1000 seconds. D2(rw)->set linkflap interval ge.1.4 1000 set linkflap action Use this command to set reactions to a link flap violation. Syntax set linkflap action port-string {disableInterface | gensyslogentry | gentrap | all} Parameters port‐string Specifies the port(s) on which to set the link flap action.
set linkflap threshold Parameters port‐string (Optional) Specifies the port(s) on which to clear the link flap action. disableInterface Clears the reaction as disabling the interface. gensyslogentry Clears the reaction as generating a syslog entry. gentrap Clears the reaction as generating an SNMP trap. all Clears the reaction as all of the above. Defaults If port‐string is not specified, actions will be cleared on all ports. Mode Switch mode, read‐write.
set linkflap downtime set linkflap downtime Use this command to set the time interval (in seconds) one or more ports will be held down after a link flap violation. Syntax set linkflap downtime port-string downtime-value Parameters port‐string Specifies the port(s) on which to set the link flap downtime. downtime‐value Specifies a downtime in seconds. A value of 0 will set the downtime to forever. Defaults None. Mode Switch mode, read‐write.
clear linkflap clear linkflap Use this command to clear all link flap options and / or statistics on one or more ports. Syntax clear linkflap {all | stats [port-string] | parameter port-string {threshold | interval | downtime | all} Parameters all | stats Clears all options and statistics, or clears only statistics. parameter Clears link flap parameters. threshold | interval | downtime | all Clears link flap threshold, interval, downtime or all parameters.
show port broadcast show port broadcast Use this command to display port broadcast suppression thresholds. Syntax show port broadcast [port-string] Parameters port‐string (Optional) Select the ports for which to show broadcast suppression thresholds. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, broadcast status of all ports will be displayed. Mode Switch command, read‐only.
clear port broadcast Defaults None. Mode Switch command, read‐write. Usage Per port broadcast suppression is hardset to be globally enabled on the D2. If you would like to disable broadcast suppression, you can get the same result by setting the threshold limit for each port to the maximum number of packets which can be received per second as listed in the parameters section, above. The default broadcast suppression threshold for all ports is set to 14881.
Port Mirroring Port Mirroring Caution: Port mirroring configuration should be performed only by personnel who are knowledgeable about the effects of port mirroring and its impact on network operation. The D‐Series device allows you to mirror (or redirect) the traffic being switched on a port for the purposes of network traffic analysis and connection assurance. When port mirroring is enabled, one port becomes a monitor port for another port within the device.
set port mirroring Defaults None. Mode Switch command, read‐only. Example This example shows how to display port mirroring information. In this case, ge.1.4 is configured as a source port and ge.1.11 is a target and mirroring has been enabled between these ports: D2(su)->show port mirroring Port Mirroring ============== Source Port = ge.1.4 Target Port = ge.1.11 Frames Mirrored = Rx and Tx Port Mirroring status enabled.
clear port mirroring Usage Note that LAG ports and their underlying physical ports, as described in “Link Aggregation Control Protocol (LACP)” on page 4‐33, cannot be mirrored. Example This example shows how to create and enable port mirroring with ge.1.4 as the source port, and ge.1.11 as the target port: D2(su)->set port mirroring create ge.1.4 ge.1.11 D2(su)->set port mirroring enable ge.1.4 ge.1.11 clear port mirroring Use this command to clear a port mirroring relationship.
Link Aggregation Control Protocol (LACP) standard. This standard allows the switch to determine which ports are in LAGs and configure them dynamically. Since the protocol is based on the IEEE 802.3ad specification, any switch from any vendor that supports this standard can aggregate links automatically. 802.3ad LACP aggregations can also be run to end‐users (that is, a server) or to a router. Note: Earlier (proprietary) implementations of port aggregation referred to groups of aggregated ports as “trunks”.
Link Aggregation Control Protocol (LACP) Table 4-15 LACP Terms and Definitions Term Definition Aggregator Virtual port that controls link aggregation for underlying physical ports. Each D-Series module provides 6 aggregator ports, which are designated in the CLI as lag.0.1 through lag.0.6. LAG Link Aggregation Group. Once underlying physical ports (for example, ge.x.x) are associated with an aggregator port, the resulting aggregation will be represented as one LAG with a lag.x.x port designation.
show lacp There are a few cases in which ports will not aggregate: • An underlying physical port is attached to another port on this same switch (loopback). • There is no available aggregator for two or more ports with the same LAG ID. This can happen if there are simply no available aggregators, or if none of the aggregators have a matching admin key and system priority. • 802.1x authentication is enabled using the set eapol command (page 15‐17) and ports that would otherwise aggregate are not 802.
show lacp Parameters port‐string (Optional) Displays LACP information for specific LAG port(s). Valid port designations are lag.0.1 ‐ 6. Defaults If port‐string is not specified, link aggregation information for all LAGs will be displayed. Mode Switch command, read‐only. Usage Each D‐Series module provides 6 virtual link aggregator ports, which are designated in the CLI as lag.0.1 through lag.0.6. Once underlying physical ports (that is, ge.x.
set lacp Table 4-16 show lacp Output Details (Continued) Output Field What It Displays... Admin Key Port’s assigned key. D-Series devices provide a default admin key value of 32768 for all LAG ports (lag.0.1 though lag.0.6). Oper Key Port’s operational key, derived from the admin key. Only underlying physical ports with oper keys matching the aggregator’s will be allowed to aggregate. Attached Ports Underlying physical ports associated with this aggregator.
set lacp aadminkey Mode Switch command, read‐write. Usage LACP uses this value to determine aggregation precedence. If there are two partner devices competing for the same aggregator, LACP compares the LAG IDs for each grouping of ports. The LAG with the lower LAG ID is given precedence and will be allowed to use the aggregator.
set lacp static Parameters asyspri Clears system priority. aadminkey port‐string Resets admin keys for one or more ports to the default value of 32768. Defaults None. Mode Switch command, read‐write. Example This example shows how to clear the actor admin key for LAG port 6: D2(su)->clear lacp aadminkey lag.0.6 set lacp static Use this command to disable or enable static link aggregation, or to assign one or more underlying physical ports to a Link Aggregation Group (LAG).
clear lacp static clear lacp static Use this command to remove specific ports from a Link Aggregation Group. Syntax clear lacp static lagportstring port-string Parameters lagportstring Specifies the LAG aggregator port from which ports will be removed. port‐string Specifies the port(s) to remove from the LAG. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults None. Mode Switch command, read‐write.
clear lacp singleportlag previous LAG member ports comes up connected to the same switch as before the LAG went down. Example This example enables the formation of single port LAGs: D2(su)->set lacp singleportlag enable clear lacp singleportlag Use this command to reset the single port LAG function back to the default state of disabled. Syntax clear lacp singleportlag Parameters None. Defaults None. Mode Switch command, read‐write.
show port lacp Mode Switch command, read‐only. Usage State definitions, such as ActorAdminState and Partner AdminState, are indicated with letter abbreviations.
set port lacp set port lacp Use this command to set link aggregation parameters for one or more ports. These settings will determine the specified underlying physical ports’ ability to join a LAG, and their administrative state once aggregated.
clear port lacp padminport padminport Sets a default value to use as the port’s partner admin value. Valid values are 1 ‐ 65535. padminportpri padminportpri Sets a default value to use as the port’s partner port priority. Valid values are 0 ‐ 65535, with lower values given higher priority. padminstate lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire Sets a port’s partner LACP administrative state. See aadminstate for valid options.
clear port lacp Parameters port port‐string Specifies the physical port(s) on which LACP settings will be cleared. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. aadminkey Clears a port’s actor admin key. aportpri Clears a port’s actor port priority. asyspri Clears the port’s actor system priority.
Configuring Protected Ports Configuring Protected Ports The Protected Port feature is used to prevent ports from forwarding traffic to each other, even when they are on the same VLAN. Ports may be designated as either protected or unprotected. Ports are unprotected by default. Multiple groups of protected ports are supported. Protected Port Operation Ports that are configured to be protected cannot forward traffic to other protected ports in the same group, regardless of having the same VLAN membership.
show port protected Example This example shows how to assign ports ge.1.1 through ge.1.3 to protected port group 1: D2(rw)->set port protected ge.1.1-3 1 show port protected Use this command to display information about the ports configured for protected mode. Syntax show port protected [port-string] | [group-id] Parameters port‐string (Optional) Specifies the port or ports for which to display information. group‐id (Optional) Specifies the id of the group for which to display information.
set port protected name Mode Switch command, read‐write. Example This example shows how to clear protected ports ge.1.1 through ge.1.3: D2(rw)->clear port protected ge.1.1-3 set port protected name Use this command to assign a name to a protected port group id. Syntax set port protected name group-id name Parameters group‐id Specifies the id of this group. Id can range from 0 to 2. name Specifies a name for the group. The name can be up to 32 characters in length. Defaults None.
clear port protected name Example This example shows how to show the name of protected port group 1: D2(ro)->show port protected name 1 Group ID Group Name ----------------------------1 group1 clear port protected name Use this command to clear the name of a protected group. Syntax clear port protected name group-id Parameters group‐id Specifies the id of the group for which to clear the name. Id can range from 0 to 2. Defaults None. Mode Switch command, read‐write.
5 SNMP Configuration This chapter describes the Simple Network Management Protocol (SNMP) set of commands and how to use them. For information about... Refer to page...
SNMP Configuration Summary • SNMP network management applications, such as the Enterasys NetSight application, which communicate with agents to get statistics and alerts from the managed devices. SNMPv3 SNMPv3 is an interoperable standards‐based protocol that provides secure access to devices by authenticating and encrypting frames over the network. The advanced security features provided in SNMPv3 are as follows: – Message integrity — Collects data securely without being tampered with or corrupted.
Reviewing SNMP Statistics Table 5-17 SNMP Security Levels (Continued) Model Security Level Authentication Encryption How It Works v3 NoAuthNoPriv User name None Uses a user name match for authentication. AuthNoPriv MD5 or SHA None Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. authPriv MD5 or SHA DES Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms.
show snmp engineid Commands For information about... Refer to page... show snmp engineid 5-4 show snmp counters 5-5 show snmp engineid Use this command to display the SNMP local engine ID. This is the SNMP v3 engine’s administratively unique identifier. Syntax show snmp engineid Parameters None. Defaults None. Mode Switch command, read‐only.
show snmp counters show snmp counters Use this command to display SNMP traffic counter values. Syntax show snmp counters Parameters None. Defaults None. Mode Switch command, read‐only.
show snmp counters usmStatsUnknownEngineIDs usmStatsWrongDigests usmStatsDecryptionErrors = 0 = 0 = 0 Table 5‐19 provides an explanation of the command output. Table 5-19 5-6 show snmp counters Output Details Output Field What It Displays... snmpInPkts Number of messages delivered to the SNMP entity from the transport service. snmpOutPkts Number of SNMP messages passed from the SNMP protocol entity to the transport service.
Configuring SNMP Users, Groups, and Communities Table 5-19 show snmp counters Output Details (Continued) Output Field What It Displays... snmpOutBadValues Number of SNMP PDUs generated by the SNMP protocol entity with the value of the error-status field as "badValue." snmpOutGenErrs Number of SNMP PDUs generated by the SNMP protocol entity with the value of the error-status field as "genErr." snmpOutGetRequests Number of SNMP Get-Request PDUs generated by the SNMP protocol entity.
show snmp user Commands For information about... Refer to page... show snmp user 5-8 set snmp user 5-9 clear snmp user 5-10 show snmp group 5-11 set snmp group 5-12 clear snmp group 5-12 show snmp community 5-13 set snmp community 5-14 clear snmp community 5-14 show snmp user Use this command to display information about SNMP users. These are people registered to access SNMP management.
set snmp user Examples This example shows how to display an SNMP user list: D2(su)->show snmp user list --- SNMP user information ----- List of registered users: Guest admin1 admin2 netops This example shows how to display information for the SNMP “guest” user: (su)->show snmp user guest --- SNMP user information --EngineId: 00:00:00:63:00:00:00:a1:00:00:00:00 Username = Guest Auth protocol = usmNoAuthProtocol Privacy protocol = usmNoPrivProtocol Storage type = nonVolatile Row status = active Table 5‐20
clear snmp user volatile | nonvolatile (Optional) Specifies a storage type for this user entry. Defaults If remote is not specified, the user will be registered for the local SNMP engine. If authentication is not specified, no authentication will be applied. If privacy is not specified, no encryption will be applied. If storage type is not specified, nonvolatile will be applied. Mode Switch command, read‐write. Example This example shows how to create a new SNMP user named “netops”.
show snmp group show snmp group Use this command to display an SNMP group configuration. An SNMP group is a collection of SNMPv3 users who share the same access privileges. Syntax show snmp group [groupname groupname] [user user] [security-model {v1 | v2c | usm}] [volatile | nonvolatile | read-only] Parameters groupname groupname (Optional) Displays information for a specific SNMP group. user user (Optional) Displays information about users within the specified group.
set snmp group Table 5-21 show snmp group Output Details Output Field What It Displays... Security model SNMP version associated with this group. Security/user name User belonging to the SNMP group. Group name Name of SNMP group. Storage type Whether entry is stored in volatile, nonvolatile or read-only memory. Row status Status of this entry: active, notInService, or notReady. set snmp group Use this command to create an SNMP group.
show snmp community Parameters groupname Specifies the SNMP group to be cleared. user Specifies the SNMP user to be cleared. security‐model v1 | v2c | usm (Optional) Clears the settings associated with a specific security model. Defaults If not specified, settings related to all security models will be cleared. Mode Switch command, read‐write.
set snmp community set snmp community Use this command to configure an SNMP community group. Syntax set snmp community community [securityname securityname] [context context] [transport transport] [volatile | nonvolatile] Parameters community Specifies a community group name. securityname securityname (Optional) Specifies an SNMP security name to associate with this community. context context (Optional) Specifies a subset of management information this community will be allowed to access.
Configuring SNMP Access Rights Defaults None. Mode Switch command, read‐write. Example This example shows how to delete the community name “vip.” D2(su)->clear snmp community vip Configuring SNMP Access Rights Purpose To review and configure SNMP access rights, assigning viewing privileges and security levels to SNMP user groups. Commands For information about... Refer to page...
show snmp access volatile | nonvolatile | read‐ only (Optional) Displays access entries for a specific storage type. Defaults If groupname is not specified, access information for all SNMP groups will be displayed. If security‐model is not specified, access information for all SNMP versions will be displayed. If noauthentication, authentication or privacy are not specified, access information for all security levels will be displayed. If context is not specified, all contexts will be displayed.
set snmp access Table 5-22 show snmp access Output Details (Continued) Output Field What It Displays... Read View Name of the view that allows this group to view SNMP MIB objects. Write View Name of the view that allows this group to configure the contents of the SNMP agent. Notify View Name of the view that allows this group to send an SNMP trap message. Context match Whether or not SNMP context match must be exact (full context name match) or a partial match with a given prefix.
clear snmp access If read view is not specified none will be applied. If write view is not specified, none will be applied. If notify view is not specified, none will be applied. If storage type is not specified, entries will be stored as permanent and will be held through device reboot. Mode Switch command, read‐write.
Configuring SNMP MIB Views Configuring SNMP MIB Views Purpose To review and configure SNMP MIB views. SNMP views map SNMP objects to access rights. Commands For information about... Refer to page... show snmp view 5-19 show snmp context 5-20 set snmp view 5-21 clear snmp view 5-22 show snmp view Use this command to display the MIB configuration for SNMPv3 view‐based access (VACM).
show snmp context Example This example shows how to display SNMP MIB view configuration information: D2(su)->show snmp view --- SNMP MIB View information --View Name = All Subtree OID = 1 Subtree mask = View Type = included Storage type = nonVolatile Row status = active View Name Subtree OID Subtree mask View Type Storage type Row status = = = = = = All 0.0 View Name Subtree OID Subtree mask View Type Storage type Row status = = = = = = Network 1.3.6.1.2.
set snmp view Mode Switch command, read‐only. Usage An SNMP context is a collection of management information that can be accessed by an SNMP agent or entity. The default context allows all SNMP agents to access all management information (MIBs). When created using the set snmp access command (“set snmp access” on page 5‐17), other contexts can be applied to limit access to a subset of management information.
clear snmp view clear snmp view Use this command to delete an SNMPv3 MIB view. Syntax clear snmp view viewname subtree Parameters viewname Specifies the MIB view name to be deleted. subtree Specifies the subtree name of the MIB view to be deleted. Defaults None. Mode Switch command, read‐write. Example This example shows how to delete SNMP MIB view “public”: D2(su)->clear snmp view public 1.3.6.1 Configuring SNMP Target Parameters Purpose To review and configure SNMP target parameters.
show snmp targetparams Parameters targetParams (Optional) Displays entries for a specific target parameter. volatile | nonvolatile | read‐only (Optional) Displays target parameter entries for a specific storage type. Defaults If targetParams is not specified, entries associated with all target parameters will be displayed. If not specified, entries of all storage types will be displayed. Mode Switch command, read‐only.
set snmp targetparams set snmp targetparams Use this command to set SNMP target parameters, a named set of security/authorization criteria used to generate a message to a target. Syntax set snmp targetparams paramsname user user security-model {v1 | v2c | usm} messageprocessing {v1 | v2c | v3} [noauthentication | authentication | privacy] [volatile | nonvolatile] Parameters paramsname Specifies a name identifying parameters used to generate SNMP messages to a particular target.
Configuring SNMP Target Addresses Parameters targetParams Specifies the name of the parameter in the SNMP target parameters table to be cleared. Defaults None. Mode Switch command, read‐write. Example This example shows how to clear SNMP target parameters named “v1ExampleParams”: D2(su)->clear snmp targetparams v1ExampleParams Configuring SNMP Target Addresses Purpose To review and configure SNMP target addresses which will receive SNMP notification messages.
set snmp targetaddr If not specified, entries of all storage types will be displayed for a target address. Mode Switch command, read‐only. Example This example shows how to display SNMP target address information: D2(su)->show snmp targetaddr Target Address Name = labmachine Tag List = v2cTrap IP Address = 10.2.3.116 UDP Port# = 162 Target Mask = 255.255.255.
clear snmp targetaddr ipaddr Specifies the IP address of the target. param param Specifies an entry in the SNMP target parameters table, which is used when generating a message to the target. Maximum length is 32 bytes. udpport udpport (Optional) Specifies which UDP port of the target host to use. mask mask (Optional) Specifies the IP mask of the target. timeout timeout (Optional) Specifies the maximum round trip time allowed to communicate to this target address. This value is in .
Configuring SNMP Notification Parameters Parameters targetAddr Specifies the target address entry to delete. Defaults None. Mode Switch command, read‐write. Example This example shows how to clear SNMP target address entry “tr”: D2(su)->clear snmp targetaddr tr Configuring SNMP Notification Parameters About SNMP Notify Filters Profiles indicating which targets should not receive SNMP notification messages are kept in the NotifyFilter table.
show newaddrtrap For information about... Refer to page... show snmp notifyfilter 5-33 set snmp notifyfilter 5-33 clear snmp notifyfilter 5-34 show snmp notifyprofile 5-35 set snmp notifyprofile 5-35 clear snmp notifyprofile 5-36 show newaddrtrap Use this command to display the global and port‐specific status of the SNMP new MAC addresses trap function.
set newaddrtrap set newaddrtrap Use this command to enable or disable SNMP trap messaging, globally or on one or more ports, when new source MAC addresses are detected. Syntax set newaddrtrap [port-string] {enable | disable} Parameters port‐string (Optional) Enable or disable the new MAC addresses trap function on specific ports. enable | disable Enable or disable the new MAC addresses trap function. If entered without the port‐string parameter, enables or disables the function globally.
set snmp notify Defaults If a notify name is not specified, all entries will be displayed. If volatile, nonvolatile, or read‐only are not specified, all storage type entries will be displayed. Mode Switch command, read‐only.
clear snmp notify tag tag Specifies an SNMP notify tag. This binds the notify name to the SNMP target address table. trap | inform (Optional) Specifies SNMPv1 or v2 Trap messages (default) or SNMP v3 InformRequest messages. volatile | nonvolatile (Optional) Specifies temporary (default), or permanent storage for SNMP entries. Defaults If not specified, message type will be set to trap. If not specified, storage type will be set to nonvolatile. Mode Switch command, read‐write.
show snmp notifyfilter show snmp notifyfilter Use this command to display SNMP notify filter information, identifying which profiles will not receive SNMP notifications. Syntax show snmp notifyfilter [profile] [subtree oid-or-mibobject] [volatile | nonvolatile | read-only] Parameters profile (Optional) Displays a specific notify filter. subtree oid‐or‐ mibobject (Optional) Displays a notify filter within a specific subtree.
clear snmp notifyfilter Parameters profile Specifies an SNMP filter notify name. subtree oid‐or‐ mibobject Specifies a MIB subtree ID target for the filter. mask mask (Optional) Applies a subtree mask. included | excluded (Optional) Specifies that subtree is included or excluded. volatile | nonvolatile (Optional) Specifies a storage type. Defaults If not specified, mask is not set. If not specified, subtree will be included.
show snmp notifyprofile Example This example shows how to delete the SNMP notify filter “pilot1”: D2(su)->clear snmp notifyfilter pilot1 subtree 1.3.6 show snmp notifyprofile Use this command to display SNMP notify profile information. This associates target parameters to an SNMP notify filter to determine who should not receive SNMP notifications.
clear snmp notifyprofile Parameters profile Specifies an SNMP filter notify name. targetparam targetparam Specifies an associated entry in the SNMP Target Params Table. volatile | nonvolatile (Optional) Specifies a storage type. Defaults If storage type is not specified, nonvolatile (permanent) will be applied. Mode Switch command, read‐write. Example This example shows how to create an SNMP notify profile named area51 and associate a target parameters entry.
Creating a Basic SNMP Trap Configuration Creating a Basic SNMP Trap Configuration Traps are notification messages sent by an SNMPv1 or v2 agent to a network management station, a console, or a terminal to indicate the occurrence of a significant event, such as when a port or device goes up or down, when there are authentication failures, and when power supply errors occur.
Creating a Basic SNMP Trap Configuration Example This example shows how to: • Create an SNMP community called mgmt. • Configure a trap notification called TrapSink. This trap notification will be sent with the community name mgmt to the workstation 192.168.190.80 (which is target address tr). It will use security and authorization criteria contained in a target parameters entry called v2cExampleParams.
6 Spanning Tree Configuration This chapter describes the Spanning Tree Configuration set of commands and how to use them. For information about... Refer to page...
Spanning Tree Configuration Summary blocking for all traffic flowing between the two switches. The blocking links are effectively used only if the forwarding link goes down. MSTP assigns each VLAN present on the network to a particular Spanning Tree instance, allowing each switch port to be in a distinct state for each such instance: blocking for one Spanning Tree while forwarding for another.
Configuring Spanning Tree Bridge Parameters learning and the priority vector is worse than that already held by the port. If a disputed BPDU is received, the port is forced to the listening state. When an inferior designated BPDU with the learning bit set is received on a designated port, its state is set to discarding to prevent loop formation. Note that the Dispute mechanism is always active regardless of the configuration setting of Loop Protection.
Configuring Spanning Tree Bridge Parameters Commands For information about... 6-4 Refer to page...
show spantree stats For information about... Refer to page...
show spantree stats Example This example shows how to display the device’s Spanning Tree configuration: D2(su)->show spantree stats Spanning tree status Spanning tree instance Designated Root MacAddr Designated Root Priority Designated Root Cost Designated Root Port Root Max Age Root Hello Time Root Forward Delay Bridge ID MAC Address Bridge ID Priority Bridge Max Age Bridge Hello Time Bridge Forward Delay Topology Change Count Time Since Top Change Max Hops - enabled 0 00-e0-63-9d-c1-c8 0 10000 lag.0.
set spantree Table 6-28 show spantree Output Details (Continued) Output What It Displays... Bridge Forward Delay Amount of time (in seconds) the bridge spends in listening or learning mode. This is a default value, or is assigned using the set spantree fwddelay command. For details, refer to “set spantree fwddelay” on page 6-20. Topology Change Count Number of times topology has changed on the bridge.
set spantree version Mode Switch command, read‐only. Example This example shows how to display Spanning Tree version information for the device: D2(su)->show spantree version Force Version is mstp set spantree version Use this command to set the version of the Spanning Tree protocol to MSTP (Multiple Spanning Tree Protocol), RSTP (Rapid Spanning Tree Protocol) or to STP 802.1D‐compatible. Syntax set spantree version {mstp | stpcompatible | rstp} Parameters mstp Sets the version to STP 802.
show spantree bpdu-forwarding Parameters None. Defaults None. Mode Switch command, read‐write. Example This example shows how to reset the Spanning Tree version: D2(su)->clear spantree version show spantree bpdu-forwarding Use this command to display the Spanning Tree BPDU forwarding mode. Syntax show spantree bpdu-forwarding Parameters None. Defaults None. Mode Switch command, read‐only.
show spantree bridgeprioritymode Defaults By default BPDU forwarding is disabled. Mode Switch command, read‐write. Usage The Spanning Tree protocol must be disabled (set spantree disable) for this feature to take effect. Example This example shows how to enable BPDU forwarding: D2(rw)-> set spantree bpdu-forwarding enable show spantree bridgeprioritymode Use this command to display the Spanning Tree bridge priority mode setting. Syntax show spantree bridgeprioritymode Parameters None. Defaults None.
clear spantree bridgeprioritymode 8021t Sets the bridge priority mode to use 802.1t values, which are 0 to 61440, in increments of 4096. Values will automatically be rounded up or down, depending on the 802.1t value to which the entered value is closest. This is the default bridge priority mode. Defaults None Mode Switch command, read‐write.
show spantree mstilist show spantree mstilist Use this command to display a list of Multiple Spanning Tree (MST) instances configured on the device. Syntax show spantree mstilist Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display a list of MST instances.
clear spantree msti clear spantree msti Use this command to delete one or more Multiple Spanning Tree instances. Syntax clear spantree msti [sid sid] Parameters sid sid (Optional) Deletes a specific multiple Spanning Tree ID. Defaults If sid is not specified, all MST instances will be cleared. Mode Switch command, read‐write.
set spantree mstmap set spantree mstmap Use this command to map one or more filtering database IDs (FIDs) to a SID. Since VLANs are mapped to FIDs, this essentially maps one or more VLAN IDs to a Spanning Tree (SID). Note: Since any MST maps that are associated with GVRP-generated VLANs will be removed from the configuration if GVRP communication is lost, it is recommended that you only create MST maps on statically-created VLANs.
show spantree vlanlist show spantree vlanlist Use this command to display the Spanning Tree ID(s) assigned to one or more VLANs. Syntax show spantree vlanlist [vlan-list] Parameters vlan‐list (Optional) Displays SIDs assigned to specific VLAN(s). Defaults If not specified, SID assignment will be displayed for all VLANs. Mode Switch command, read‐only. Example This example shows how to display the SIDs mapped to VLAN 1. In this case, SIDs 2, 16 and 42 are mapped to VLAN 1.
set spantree mstcfgid D2(su)->show spantree mstcfgid MST Configuration Identifier: Format Selector: 0 Configuration Name: 00:01:f4:89:51:94 Revision Level: 0 Configuration Digest: ac:36:17:7f:50:28:3c:d4:b8:38:21:d8:ab:26:de:62 set spantree mstcfgid Use this command to set the MST configuration name and/or revision level. Syntax set spantree mstcfgid {cfgname name | rev level} Parameters cfgname name Specifies an MST configuration name. rev level Specifies an MST revision level.
set spantree priority set spantree priority Use this command to set the device’s Spanning Tree priority. Syntax set spantree priority priority [sid] Parameters priority Specifies the priority of the bridge. Valid values are from 0 to 61440 (in increments of 4096), with 0 indicating highest priority and 61440 lowest priority. sid (Optional) Sets the priority on a specific Spanning Tree. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed.
set spantree hello Example This example shows how to reset the bridge priority on SID 1: D2(su)->clear spantree priority 1 set spantree hello Use this command to set the device’s Spanning Tree hello time, This is the time interval (in seconds) the device will transmit BPDUs indicating it is active. Syntax set spantree hello interval Parameters interval Specifies the number of seconds the system waits before broadcasting a bridge hello message (a multicast message indicating that the system is active).
set spantree maxage set spantree maxage Use this command to set the bridge maximum aging time. Syntax set spantree maxage agingtime Parameters agingtime Specifies the maximum number of seconds that the system retains the information received from other bridges through STP. Valid values are 6 ‐ 40. Defaults None. Mode Switch command, read‐write.
set spantree fwddelay Example This example shows how to globally reset the maximum aging time: D2(su)->clear spantree maxage set spantree fwddelay Use this command to set the Spanning Tree forward delay. Syntax set spantree fwddelay delay Parameters delay Specifies the number of seconds for the bridge forward delay. Valid values are 4 ‐ 30. Defaults None. Mode Switch command, read‐write. Usage The forward delay is the maximum time (in seconds) the root device will wait before changing states (i.e.
show spantree backuproot Mode Switch command, read‐write. Example This example shows how to globally reset the bridge forward delay: D2(su)->clear spantree fwddelay show spantree backuproot Use this command to display the backup root status for an MST instance. Syntax show spantree backuproot [sid] Parameters sid (Optional) Display backup root status for a specific Spanning Tree identifier. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed.
clear spantree backuproot Usage The Spanning Tree backup root function is disabled by default on the D‐Series. When this feature is enabled and the switch is directly connected to the root bridge, stale Spanning Tree information is prevented from circulating if the root bridge is lost. If the root bridge is lost, the backup root will dynamically lower its bridge priority so that it will be selected as the new root over the lost root bridge.
set spantree tctrapsuppress Mode Switch command, read‐only. Example This example shows how to display the status of topology change trap suppression: D2(rw)->show spantree tctrapsuppress Topology change Trap Suppression is set to enabled set spantree tctrapsuppress Use this command to disable or enable topology change trap suppression on Rapid Spanning Tree edge ports.
set spantree protomigration Parameters None. Defaults None. Mode Switch command, read‐write. Example This example shows how to clear topology change trap suppression setting: D2(rw)->clear spantree tctrapsuppress set spantree protomigration Use this command to reset the protocol state migration machine for one or more Spanning Tree ports. When operating in RSTP mode, this forces a port to transmit MSTP BPDUs.
set spantree spanguard Defaults None. Mode Switch command, read‐only. Example This example shows how to display the SpanGuard function status: D2(su)->show spantree spanguard Spanguard is disabled set spantree spanguard Use this command to enable or disable the Spanning Tree SpanGuard function. Syntax set spantree spanguard {enable | disable} Parameters enable | disable Enables or disables the SpanGuard function. Defaults None. Mode Switch command, read‐write.
clear spantree spanguard clear spantree spanguard Use this command to reset the status of the Spanning Tree SpanGuard function to disabled. Syntax clear spantree spanguard Parameters None. Defaults None. Mode Switch command, read‐write. Example This example shows how to reset the status of the SpanGuard function to disabled: D2(rw)->clear spantree spanguard show spantree spanguardtimeout Use this command to display the Spanning Tree SpanGuard timeout setting.
clear spantree spanguardtimeout Syntax set spantree spanguardtimeout timeout Parameters timeout Specifies a timeout value in seconds. Valid values are 0 to 65535. A value of 0 will keep the port locked until manually unlocked. The default value is 300 seconds. Defaults None. Mode Switch command, read‐write.
clear / set spantree spanguardlock Parameters port‐string (Optional) Specifies the port(s) for which to show SpanGuard lock status. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If no port string is specified, the SpanGuard lock status for all ports is displayed. Mode Switch command, read‐only. Example This example shows how to display the SpanGuard lock status for ge.1.1: D2(su)->show spantree spanguardlock ge.1.
set spantree spanguardtrapenable Syntax show spantree spanguardtrapenable Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display the state of the SpanGuard trap function: D2(ro)->show spantree spanguardtrapenable Spanguard SNMP traps are enabled set spantree spanguardtrapenable Use this command to enable or disable the sending of an SNMP trap message when SpanGuard has locked a port.
show spantree legacypathcost Parameters None. Defaults None. Mode Switch command, read‐write. Example This example shows how to reset the SpanGuard trap function to enabled: D2(rw)->clear spantree spanguardtrapenable show spantree legacypathcost Use this command to display the default Spanning Tree path cost setting. Syntax show spantree legacypathcost Parameters None. Defaults None. Mode Switch command, read‐only.
clear spantree legacypathcost Defaults None. Mode Switch command, read‐write. Usage By default, legacy path cost is disabled. Enabling the device to calculate legacy path costs affects the range of valid values that can be entered in the set spantree adminpathcost command. Example This example shows how to set the default path cost values to 802.1D.
set spantree portadmin For information about... Refer to page... show spantree portpri 6-33 set spantree portpri 6-34 clear spantree portpri 6-35 show spantree adminpathcost 6-35 set spantree adminpathcost 6-36 clear spantree adminpathcost 6-36 show spantree adminedge 6-37 set spantree adminedge 6-37 clear spantree adminedge 6-38 set spantree portadmin Use this command to disable or enable the Spanning Tree algorithm on one or more ports.
show spantree portadmin Parameters port‐string Resets the default admin status on specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults None. Mode Switch command, read‐write. Example This example shows how to reset the default Spanning Tree admin state to enable on ge.1.12: D2(rw)->clear spantree portadmin ge.1.
set spantree portpri Parameters port port‐string (Optional) Specifies the port(s) for which to display Spanning Tree priority. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. sid sid (Optional) Displays port priority for a specific Spanning Tree identifier. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed. Defaults If port‐string is not specified, port priority will be displayed for all Spanning Tree ports.
clear spantree portpri clear spantree portpri Use this command to reset the bridge priority of a Spanning Tree port to a default value of 128. Syntax clear spantree portpri port-string [sid sid] Parameters port‐string Specifies the port(s) for which to set Spanning Tree port priority. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. sid sid (Optional) Resets the port priority for a specific Spanning Tree identifier.
set spantree adminpathcost Example This example shows how to display the admin path cost for ge.3.4 on SID 1: D2(su)->show spantree adminpathcost port ge.3.4 sid 1 Port ge.3.4 has a Port Admin Path Cost of 0 on SID 1 set spantree adminpathcost Use this command to set the administrative path cost on a port and one or more Spanning Trees. Syntax set spantree adminpathcost port-string cost [sid sid] Parameters port‐string Specifies the port(s) on which to set an admin path cost.
show spantree adminedge Defaults If sid is not specified, admin path cost will be reset for Spanning Tree 0. Mode Switch command, read‐write. Example This example shows how to reset the admin path cost to 0 for ge.3.2 on SID 1: D2(su)->clear spantree adminpathcost ge.3.2 sid 1 show spantree adminedge Use this command to display the edge port administrative status for a port.
clear spantree adminedge Defaults None. Mode Switch command, read‐write. Usage The default behavior of the edge port administrative status begins with the value set to false initially after the device is powered up. If a Spanning Tree BDPU is not received on the port within a few seconds, the status setting changes to true. Example This example shows how to set ge.1.11 as an edge port: D2(su)->set spantree adminedge ge.1.
set spantree lp Commands For information about... Refer to page...
show spantree lp Defaults If no SID is specified, SID 0 is assumed. Mode Switch command, read‐write. Usage Loop Protect takes precedence over per port STP enable/disable (portAdmin). Normally portAdmin disabled would cause a port to go immediately to forwarding. If Loop Protect is enabled, that port should go to listening and remain there. Note: The Loop Protect enable/disable settings for an MSTI port should match those for the CIST port. Example This example shows how to enable Loop Protect on ge.2.
clear spantree lp clear spantree lp Use this command to return the Loop Protect status per port and optionally, per SID, to its default state of disabled. Syntax clear spantree lp port-string [sid sid] Parameters port‐string Specifies port(s) for which to clear the Loop Protect feature status. sid sid (Optional) Specifies the specific Spanning Tree(s) for which to clear the Loop Protect feature status. Valid values are 0 ‐ 4094. If not specified, SID 0 is assumed.
clear spantree lplock Mode Switch command, read‐only. Example This example shows how to display Loop Protect lock status on ge.1.1: D2(rw)->show spantree lplock port ge.1.1 The LoopProtect lock status for port ge.1.1 , SID 0 is UNLOCKED clear spantree lplock Use this command to manually unlock a blocked port and optionally, per SID. The default state is unlocked. Syntax clear spantree lplock port-string [sid sid] Parameters port‐string Specifies port(s) for which to clear the Loop Protect lock.
show spantree lpcapablepartner true | false Specifies whether the link partner is capable (true) or not (false). Defaults None. Mode Switch command, read‐write. Usage The default value for Loop Protect capable partner is false. If the port is configured with a Loop Protect capable partner (true), then the full functionality of the Loop Protect feature is used.
clear spantree lpcapablepartner clear spantree lpcapablepartner Use this command to reset the Loop Protect capability of port link partners to the default state of false. Syntax clear spantree lpcapablepartner port-string Parameters port‐string Specifies port(s) for which to clear their link partners’ Loop Protect capability (reset to false). Defaults None. Mode Switch command, read‐write. Example This example shows how to reset the Loop Protect partner capability for ge.1.
show spantree lpthreshold Example This example shows how to set the Loop Protect threshold value to 4: D2(rw)->set spantree lpthreshold 4 show spantree lpthreshold Use this command to display the current value of the Loop Protect event threshold. Syntax show spantree lpthreshold Parameters None. Defaults None. Mode Switch command, read‐only.
set spantree lpwindow set spantree lpwindow Use this command to set the Loop Protect event window value in seconds. Syntax set spantree lpwindow value Parameters value Specifies the number of seconds that comprise the period during which Loop Protect events are counted. The default event window is 180 seconds. Defaults None. Mode Switch command, read‐write. Usage The Loop Protect Window is a timer value, in seconds, that defines a period during which Loop Protect events are counted.
clear spantree lpwindow clear spantree lpwindow Use this command to reset the Loop Protect event window to the default value of 180 seconds. Syntax clear spantree lpwindow Parameters None. Defaults None. Mode Switch command, read‐write. Example This example shows how to reset the Loop Protect event window to the default of 180 seconds: D2(rw)->clear spantree lpwindow set spantree lptrapenable Use this command to enable or disable Loop Protect event notification.
show spantree lptrapenable show spantree lptrapenable Use this command to display the current status of Loop Protect event notification. Syntax show spantree lptrapenable Parameters None. Defaults None. Mode Switch command, read‐only.
show spantree disputedbpduthreshold Syntax set spantree disputedbpduthreshold value Parameters value Specifies the number of disputed BPDUs that must be received on a given port/SID to cause a disputed BPDU trap to be sent. A threshold of 0 indicates that traps should not be sent. The default value is 0. Defaults None. Mode Switch command, read‐write.
clear spantree disputedbpduthreshold Mode Switch command, read‐only. Example This example shows how to display the current disputed BPDU threshold: D2(rw)->show spantree disputedbpduthreshold The disputed BPDU threshold value is 0 clear spantree disputedbpduthreshold Use this command to return the disputed BPDU threshold to its default value of 0, meaning that disputed BPDU traps should not be sent. Syntax clear spantree disputedbpduthreshold Parameters None. Defaults None.
show spantree nonforwardingreason Mode Switch command, read‐only. Usage Exceptional conditions causing a port to be placed in listening or blocking state include a Loop Protect event, receipt of disputed BPDUs, and loopback detection. Example This example shows how to display the non‐forwarding reason on ge.1.1: D2(rw)->show spantree nonforwardingreason port ge.1.1 The non-forwarding reason for port ge.1.
show spantree nonforwardingreason 6-52 Spanning Tree Configuration
7 802.1Q VLAN Configuration This chapter describes the D‐Series system’s capabilities to implement 802.1Q virtual LANs (VLANs). For information about... Refer to page...
Viewing VLANs If the D‐Series device is to be configured for multiple VLANs, it may be desirable to configure a management‐only VLAN. This allows a station connected to the management VLAN to manage the device. It also makes management secure by preventing configuration via ports assigned to other VLANs. To create a secure management VLAN, you must: Step Task Refer to page... 1. Create a new VLAN. 7-4 2. Set the PVID for the desired switch port to the VLAN created in Step 1. 7-8 3.
show vlan Command For information about... Refer to page... show vlan 7-3 show vlan Use this command to display all information related to one or more VLANs. Syntax show vlan [static] [vlan-list] [portinfo [vlan vlan-list | vlan-name] [port portstring]] Parameters static (Optional) Displays information related to static VLANs. Static VLANs are manually created using the set vlan command (“set vlan” on page 7‐4), SNMP MIBs, or the WebView management application.
Creating and Naming Static VLANs Table 7-30 show vlan Output Details Output Field What It Displays... VLAN VLAN ID. NAME Name assigned to the VLAN. Status Whether it is enabled or disabled. VLAN Type Whether it is permanent (static) or dynamic. Egress Ports Ports configured to transmit frames for this VLAN. Forbidden Egress Ports Ports prevented from transmitted frames for this VLAN. Untagged Ports Ports configured to transmit untagged frames for this VLAN.
set vlan name Mode Switch command, read‐write. Usage Once a VLAN is created, you can assign it a name using the set vlan name command described in “set vlan name” on page 7‐5. Each VLAN ID must be unique. If a duplicate VLAN ID is entered, the device assumes that the Administrator intends to modify the existing VLAN. Enter the VLAN ID using a unique number between 1 and 4093. The VLAN IDs of 0 and 4094 and higher may not be used for user‐defined VLANs.
clear vlan name Parameters vlan‐list Specifies the VLAN ID of the VLAN(s) to be removed. Defaults None. Mode Switch command, read‐write. Example This example shows how to remove a static VLAN 9 from the device’s VLAN list: D2(su)->clear vlan 9 clear vlan name Use this command to remove the name of a VLAN from the VLAN list. Syntax clear vlan name vlan-list Parameters vlan‐list Specifies the VLAN ID of the VLAN(s) for which the name will be cleared. Defaults None. Mode Switch command, read‐write.
show port vlan Commands For information about... Refer to page... show port vlan 7-7 set port vlan 7-8 clear port vlan 7-8 show port ingress filter 7-9 set port ingress filter 7-10 show port discard 7-10 set port discard 7-11 show port vlan Use this command to display port VLAN identifier (PVID) information. PVID determines the VLAN to which all untagged frames received on one or more ports will be classified.
set port vlan set port vlan Use this command to configure the PVID (port VLAN identifier) for one or more ports. Syntax set port vlan port-string pvid [modify-egress | no-modify-egress] Parameters port‐string Specifies the port(s) for which to configure a VLAN identifier. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. pvid Specifies the VLAN ID of the VLAN to which port(s) will be added.
show port ingress filter Defaults None. Mode Switch command, read‐write. Example This example shows how to reset ports ge.1.3 through 11 to a VLAN ID of 1 (Host VLAN): D2(su)->clear port vlan ge.1.3-11 show port ingress filter Use this command to show all ports that are enabled for port ingress filtering, which limits incoming VLAN ID frames according to a port VLAN egress list.
set port ingress filter set port ingress filter Use this command to discard all frames received with a VLAN ID that don’t match the port’s VLAN egress list. Syntax set port ingress-filter port-string {disable | enable} Parameters port‐string Specifies the port(s) on which to enable of disable ingress filtering. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. disable | enable Disables or enables ingress filtering. Defaults None.
set port discard Mode Switch command, read‐only. Example This example shows how to display the frame discard mode for ge.2.7. In this case, the port has been set to discard all tagged frames: D2(su)->show port discard ge.2.7 Port Discard Mode ------------ ------------ge.2.7 tagged set port discard Use this command to set the frame discard mode on one or more ports.
Configuring the VLAN Egress List Configuring the VLAN Egress List Purpose To assign or remove ports on the egress list of a particular VLAN. This determines which ports on the switch will be eligible to transmit frames for a particular VLAN. For example, ports 1, 5, 7, 8 could be allowed to transmit frames belonging to VLAN 20 and ports 7,8, 9, 10 could be allowed to transmit frames tagged with VLAN 30 (a port can belong to multiple VLAN Egress lists).
set vlan forbidden Mode Switch command, read‐write. Example This example shows you how to show VLAN egress information for ge.1.1 through 3. In this case, all three ports are allowed to transmit VLAN 1 frames as tagged and VLAN 10 frames as untagged. Both are static VLANs: D2(su)->show port egress ge.1.1-3 Port Vlan Egress Registration Number Id Status Status ------------------------------------------------------ge.1.1 1 tagged static ge.1.1 10 untagged static ge.1.2 1 tagged static ge.1.
set vlan egress set vlan egress Use this command to add ports to the VLAN egress list for the device, or to prevent one or more ports from participating in a VLAN. This determines which ports will transmit frames for a particular VLAN. Syntax set vlan egress vlan-list port-string [untagged | forbidden | tagged] Parameters vlan‐list Specifies the VLAN where a port(s) will be added to the egress list. port‐string Specifies one or more ports to add to the VLAN egress list of the specified vlan‐list.
show vlan dynamicegress Syntax clear vlan egress vlan-list port-string [forbidden] Parameters vlan‐list Specifies the number of the VLAN from which a port(s) will be removed from the egress list. port‐string Specifies one or more ports to be removed from the VLAN egress list of the specified vlan‐list. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1.
set vlan dynamicegress Example This example shows how to display the dynamic egress status for VLANs 50‐55: D2(rw)->show vlan dynamicegress 50-55 VLAN 50 is disabled VLAN 51 is disabled VLAN 52 is disabled VLAN 53 is enabled VLAN 54 is enabled VLAN 55 is enabled set vlan dynamicegress Use this command to administratively set the dynamic egress status for one or more VLANs.
Setting the Host VLAN Setting the Host VLAN Purpose To configure a host VLAN that only select devices are allowed to access. This secures the host port for management‐only tasks. Note: The host port is the management entity of the device. Refer to “Creating a Secure Management VLAN” on page 7-1 for more information. Commands For information about... Refer to page... show host vlan 7-17 set host vlan 7-17 clear host vlan 7-18 show host vlan Use this command to display the current host VLAN.
clear host vlan Parameters vlan‐id Specifies the number of the VLAN to set as the host VLAN. Defaults None. Mode Switch command, read‐write. Usage The host VLAN should be a secure VLAN where only designated users are allowed access. For example, a host VLAN could be specifically created for device management. This would allow a management station connected to the management VLAN to manage all ports on the device and make management secure by preventing management via ports assigned to other VLANs.
Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Enabling/Disabling GVRP (GARP VLAN Registration Protocol) About GARP VLAN Registration Protocol (GVRP) The following sections describe the device operation when its ports are operating under the Generic Attribute Registration Protocol (GARP) application – GARP VLAN Registration Protocol (GVRP). Overview The purpose of GVRP is to dynamically create VLANs across a switched network.
Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Figure 7-7 Example of VLAN Propagation via GVRP Switch 3 Switch 2 R 2D 1 3 1 D R Switch 1 1 R 2 End Station A D 3 D 1 R D Switch 4 1 R Switch 5 R = Port registered as a member of VLAN Blue = Port declaring VLAN Blue Purpose To dynamically create VLANs across a switched network.
show gvrp show gvrp Use this command to display GVRP configuration information. Syntax show gvrp [port-string] Parameters port‐string (Optional) Displays GVRP configuration information for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, GVRP configuration information will be displayed for all ports and the device. Mode Switch command, read‐only.
set gvrp Example This example shows how to display GARP timer information on ports 1 through 10 in slot 1: Note: For a functional description of the terms join, leave, and leaveall timers, refer to the standard IEEE 802.1Q documentation, which is not supplied with this device. D2(su)->show garp timer ge.1.1-10 Port based GARP Configuration: (Timer units are centiseconds) Port Number Join Leave Leaveall ----------- ---------- ---------- ---------ge.1.1 20 60 1000 ge.1.2 20 60 1000 ge.1.3 20 60 1000 ge.1.
clear gvrp Mode Switch command, read‐write. Examples This example shows how to enable GVRP globally on the device: D2(su)->set gvrp enable This example shows how to disable GVRP globally on the device: D2(su)->set gvrp disable This example shows how to enable GVRP on ge.1.3: D2(su)->set gvrp enable ge.1.3 clear gvrp Use this command to clear GVRP status or on one or more ports. Syntax clear gvrp [port-string] Parameters port‐string (Optional) Clears GVRP status on specific port(s).
set garp timer leaveall timer‐ value Sets the GARP leaveall timer in centiseconds (Refer to 802.1Q standard.) port‐string Specifies the port(s) on which to configure GARP timer settings. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults None. Mode Switch command, read‐write. Usage The setting of these timers is critical and should only be changed by personnel familiar with the 802.
8 Differentiated Services Configuration This chapter describes the Differentiated Services (Diffserv) set of commands and how to use them. D‐Series devices support Diffserv policy‐based provisioning of network resources by allowing IT administrators to: • Create, change or remove Diffserv policies based on business‐specific use of network services. • Prioritize and police traffic according to assigned policies and conditions.
Globally Enabling or Disabling Diffserv Globally Enabling or Disabling Diffserv Purpose To globally enable or disable Diffserv on the device. Command The command used to globally enable or disable Diffserv on the device is listed below and described in the associated section as shown. For information about... set diffserv adminmode Refer to page... 8‐2 set diffserv adminmode Use this command to globally enable or disable Diffserv on the device. By default, this function is disabled at device startup.
Creating Diffserv Classes and Matching Conditions Creating Diffserv Classes and Matching Conditions Purpose To review, create, and configure Diffserv classes and matching conditions. Commands The commands used to review, create, and configure Diffserv classes and matching conditions are listed below and described in the associated section as shown. For information about... Refer to page...
show diffserv class show diffserv class Use this command to display information about Diffserv classes. Syntax show diffserv class {summary | detailed classname} Parameters summary Displays a summary of Diffserv class information. detailed classname Displays detailed Diffserv information for a specific class. Defaults None. Mode Switch command, read‐only. Example This example shows how to display a summary of Diffserv class information.
set diffserv class delete Example This example shows how to create a Diffserv class called “admin”: D2(rw)->set diffserv class create all admin set diffserv class delete Use this command to delete a Diffserv class and remove any match assigned to the class. Syntax set diffserv class delete classname Parameters classname Specifies the class name to be deleted. Defaults None. Mode Switch command, read‐write. Usage You cannot use this command to delete a class that has been assigned to a policy.
set diffserv class match dstip | srcip classname ipaddr ipmask Matches to a specific class based on destination or source IP address. dstl4port | srcl4port keyword classname keyword | number classname portnumber Matches to a specific class based on destination or source layer 4 port number or keyword. Valid keyword values are: • domain • echo • ftp • ftpdata • http • smtp • snmp • telnet • tftp • www Valid portnumber values are 0 ‐ 65535.
set diffserv class match Table 8-32 Valid IP DSCP Numeric and Keyword Values (Continued) Code Point Map Numeric Value Keyword (Usage) b'010xx0 18,20,22 af21, af22, af23 (Assured Forwarding) b'011xx0 26,28,30 af31, af32, af33 (Assured Forwarding) b'100xx0 34,36,38 af41, af42, af43 (Assured Forwarding) b'101110 46 ef (Expedited Forwarding) Defaults None. Mode Switch command, read‐write.
set diffserv class rename Note: The match type every will work with any group. You cannot create and add a class to a policy before adding any rules (match conditions) to the class. Once a class is added to a policy, you cannot add any more rules (match conditions) to the class. You cannot create outbound policies. You can only add rules that fit into the same category (shown in the groupings above) to a class.
Configuring Diffserv Policies and Assigning Classes Configuring Diffserv Policies and Assigning Classes Purpose To review, create, and configure Diffserv policies and assign classes. Commands The commands used to review, create, and configure Diffserv policies and assign classes are listed below and described in the associated section as shown. For information about... Refer to page...
set diffserv policy create Example This example shows how to display a summary of Diffserv policy information. In this case, there is one policy named “admin”, to which members of the “admin” class have been assigned.
set diffserv policy class Mode Switch command, read‐write. Usage In order to delete a policy you must first remove the service port(s) assigned to the policy using the set diffserv service remove command as described in “set diffserv service” on page 8‐16. Example This example shows how to delete the Diffserv “admin” policy: D2(rw)->set diffserv policy delete admin set diffserv policy class Use this command to add or remove a Diffserv class to a specified policy.
set diffserv policy police style simple Parameters ipdscp | ipprecedence Specifies that packets will be marked with either an IP DSCP or precedence value. policyname Specifies the policy name being configured. classname Specifies a Diffserv class to associate to this policy. value Specifies an IP DSCP or precedence value. Valid numeric or keyword DCSP values can be entered as listed in Section 8‐32. Valid precedence values are: 0 ‐ 7. Defaults None. Mode Switch command, read‐write.
set diffserv policy police action conform set diffserv policy police action conform Use this command to configure traffic policing actions for packets that conform to associated Diffserv classifications. Syntax set diffserv policy police action conform {drop | send policyname classname} | {markdscp | markprec policyname classname value} Parameters drop | send Specifies whether the policing action for packets conforming to the classification parameters will be to drop or send packets.
set diffserv policy rename policyname Specifies the policy name being configured. classname Specifies a Diffserv class to associate to this policing action. markdscp | markprec Specifies a policing action based on IP DHCP or precedence. value Specifies an IP DHCP or precedence value set with the set diffserv policy mark command (page 8‐11). Defaults None. Mode Switch command, read‐write.
show diffserv service info Commands The commands used to review and assign Diffserv policies to service ports are listed below and described in the associated section as shown. For information about... Refer to page... show diffserv service info 8-15 show diffserv service stats 8-15 set diffserv service 8-16 show diffserv service info Use this command to display information about Diffserv service ports.
set diffserv service Parameters summary Displays Diffserv a summary of service statistics. detailed port‐string Displays detailed statistics for a specific port. in Displays information about incoming traffic. Defaults None. Mode Switch command, read‐only. Example This example shows how to display a detailed incoming traffic statistics about service port ge.1.1: D2(rw)->show diffserv service stats detailed ge.1.1 in Interface...................................... ge.1.1 Direction...................
DiffServ Configuration Examples DiffServ Configuration Examples Typically, you would use the Diffserv command set to complete configuration tasks in the following order: 1. Enable DiffServ. 2. Create a Class. 3. Create one or more classification rules within the Class. 4. Create a Policy. 5. Add one or more Classes to the Policy. 6. Add Policing (Conforming/Non‐conforming, Drop/Forward, Rate Limit, Precedence/DSCP Rewrite) actions or just Marking (Precedence/DSCP Rewrite) actions to the Policy.
DiffServ Configuration Examples 8-18 Differentiated Services Configuration
9 Policy Classification Configuration This chapter describes the Policy Classification set of commands and how to use them. For information about... Refer to page...
show policy profile Commands For information about... Refer to page... show policy profile 9-2 set policy profile 9-4 clear policy profile 9-5 show policy profile Use this command to display policy profile information. Syntax show policy profile {all | profile-index [consecutive-pids] [-verbose]} Parameters all | profile‐index Displays policy information for all profile indexes or a specific profile index.
show policy profile Example This example shows how to display policy information for profile 11: D2(su)->show policy profile 11 Profile Index : 11 Profile Name : MacAuth1 Row Status : active Port VID Status : Enable Port VID Override : 11 CoS : 0 CoS Status : Disable Egress Vlans : none Forbidden Vlans : none Untagged Vlans : none Rule Precedence : 1-31 :MACSource(1),MACDest(2),Unknown(3), :Unknown(4),Unknown(5),Unknown(6), :Unknown(7),Unknown(8),Unknown(9), :Unknown(10),Unknown(11),IPSource(12), :IPDest(1
set policy profile Table 9-33 show policy profile Output Details (Continued) Output Field What It Displays... Oper Profile Usage Ports currently assigned to use this policy profile. Dynamic Profile Usage Port dynamically assigned to use this policy profile. set policy profile Use this command to create a policy profile entry.
clear policy profile clear policy profile Use this command to delete a policy profile entry. Syntax clear policy profile profile-index Parameters profile‐index Specifies the index number of the profile entry to be deleted. Valid values are 1 to 255. Defaults None. Mode Switch command, read‐write.
show policy rule show policy rule Use this command to display policy classification rule information.
show policy rule admin‐pid admin‐pid Displays rules associated with a specific administrative policy ID [1..1023]. ‐verbose (Optional) Displays detailed information. usage‐list (Optional) If selected, each ruleʹs usage‐list shall be checked and shall display only those ports which have applied this rule. display‐if‐used (Optional) Displays rule(s) only if they are applied to at least one port. Defaults If verbose is not specified, summary information will be displayed.
show policy capability Table 9-34 show policy rule Output Details (Continued) Output Field What It Displays... ST Whether or not this rule’s storage type is non-volatile (NV) or volatile (V). VLAN VLAN ID to which this rule applies and whether or not matching packets will be dropped or forwarded. CoS If applicable, Class of Service value to which this rule applies. U Whether or not this rule has been used. dPID Whether or not this is a dynamic profile ID.
show policy capability Example This example shows how to display the device’s policy classification capabilities.
set policy rule set policy rule Use this command to assign incoming untagged frames to a specific policy profile and to VLAN rules. This command has two forms of syntax—one to create an admin rule (for policy ID 0), and the other to create a classification rule and attach it to a policy profile.
set policy rule macsource Classifies based on MAC source address. tcpdestport Classifies based on TCP destination port. tcpsourceport Classifies based on TCP source port. udpdestport Classifies based on UDP destination port. udpsourceport Classifies based on UDP source port. data Specifies the code for a predefined classifier. This value is dependent on the classification type entered. Refer to Table 9‐35 for valid values for each classification type.
clear policy rule Table 9-35 Valid Values for Policy Classification Rules (Continued) Classification Rule Parameter data value mask bits Destination or Source UDP port: udpsourceport udpdestport UDP Port Number: 0 - 65535 or 0 - 0xFFFF 1 - 16 vlantag VLAN tag: 1- 4094 1 -12 Examples This example shows how to use Table 9‐35 to assign a rule to policy profile 3 that will filter Ethernet II Type 1526 frames to VLAN 7: D2(su)->set policy rule 3 ether 1526 vlan 7 This example shows how to use Table
clear policy all-rules profile‐index Specifies a policy profile for which to delete classification rules. Valid profile‐index values are 1 ‐ 255. all‐pid‐entries Deletes all entries associated with the specified policy profile. ether Deletes associated Ethernet II classification rule. icmptype Deletes associated ICMP classification rule. ipproto Deletes associated IP protocol classification rule. ipdestsocket Deletes associated IP destination classification rule.
Assigning Ports to Policy Profiles Mode Switch command, read‐write. Example This example shows how to remove all administrative and policy index rules: D2(su)->clear policy all-rules Assigning Ports to Policy Profiles Note: The D2 switch supports up to eight user policies per port. Purpose To assign and unassign ports to policy profiles. Commands For information about... Refer to page...
clear policy port Example This example shows how to allow Gigabit Ethernet ports 5 through 15 in slot 1 to transmit frames according to policy profile 1: D2(su)->set policy port ge.1.5-15 1 clear policy port Use this command to remove a policy profile from one or more ports. Syntax clear policy port port-string profile-index Parameters port‐string Specifies the port(s) from which to remove the policy profile.
Configuring Policy Class of Service (CoS) enabled, the default and user‐assigned policy‐based settings will override port‐based settings described in Chapter 10. About Policy-Based CoS Configurations Once enabled using the set cos state command as described in “set cos state” on page 9‐18, you can add to the policy‐based CoS function by defining new port groupings, and assigning inbound rate limiters.
Configuring Policy Class of Service (CoS) 3. D2(su)->show cos port-resource irl 1.0 1 Group Index Resource Type Unit Rate ----------- -------- ---- ---- ---------1.0 1 irl kbps 512 Rate Limit Type Action --------------- -----drop none D2(su)->show cos port-resource irl 2.0 1 Group Index Resource Type Unit Rate ----------- -------- ---- ---- ---------2.
set cos state Commands For information about... Refer to page...
show cos state Example This example shows how to enable Class of Service: D2(rw)->set cos state enable show cos state Use this command to display the Class of Service enable state. Syntax show cos state Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to show the Class of Service enable state: D2(rw)->show cos state Class-of-Service application is enabled clear cos state Use this command to set CoS state back to its default setting of disabled.
set cos settings set cos settings Use this command to configure a Class of Service entry in the CoS settings table. Syntax set cos settings cos-index priority priority [tos-value tos-value] [irl-reference irl-reference] Parameters cos‐index Specifies a Class of Service entry. Valid values are 0 to 255. priority priority Specifies an 802.1d priority value. Valid values are 0 to 7, with 0 being the lowest priority. See Usage section below for more information.
clear cos settings Example This example shows how to create CoS entry 8 with a priority value of 3: D2(rw)->set cos settings 8 priority 3 clear cos settings Use this command to clear Class of Service entry settings. Syntax clear cos settings cos-list {[all] | [priority] [tos-value] [irl-reference]} Parameters cos‐list Specifies a Class of Service entry to clear. all Clears all settings associated with this entry. priority Clears the priority value associated with this entry.
set cos port-config Example This example shows how to show all CoS settings: D2(su)->show cos settings CoS Index Priority ToS IRL --------- ---------- ------- ----0 0 * * 1 1 * * 2 2 * * 3 3 * * 4 4 * * 5 5 * * 6 6 * * 7 7 * * set cos port-config Use this command to create a port group for inbound rate limiting and add or remove ports from the group.
show cos port-config groups (1 through 7) can be configured. Currently, only one port type (type 0) is supported. This port type supports 100 limiters. Additional port groups may be created for flexibility. Ports assigned to a new port group must be mutually exclusive from the other port group entries—ports are automatically removed from the default port group—and must be comprised of the same port type as defined by the port group.
clear cos port-config Inbound Rate Limiting Port Configuration Entries ---------------------------------------------------------------------Port Group Name :Default Port Group :0 Port Type :0 Assigned Ports :none ---------------------------------------------------------------------Port Group Name :Users Port Group :1 Port Type :0 Assigned Ports :ge.1.1-46 ---------------------------------------------------------------------Port Group Name :Uplink Port Group :2 Port Type :0 Assigned Ports :ge.1.
set cos port-resource Example This example deletes all Port Groups except for the Default group 0.0: D2(su)->clear cos port-config irl all set cos port-resource Use this command to set the inbound rate limit parameters for a specific IRL resource for a specific port group. Syntax set cos port-resource irl group-type-index irl-index {[unit {kbps}] [rate rate] [type {drop}]} Parameters irl Set an IRL port resource. group‐type‐index Specifies an inbound rate limiting port group/type index.
show cos port-resource Example This example sets the inbound rate limit resource index number 1 for port group 2.0 to 10000 Kbps or 1 MB: D2(su)->set cos port-resource irl 2.0 1 unit kbps rate 10000 type drop show cos port-resource Use this command to display the IRL port resources. Syntax show cos port-resource [irl [group-type-index [irl-index]]] Parameters irl (Optional) Specifies that inbound rate limiting port resources should be displayed.
set cos reference Parameters irl Specifies that an IRL resource is to be cleared. all Clear all IRL resources for all port groups. group‐type‐index Specifies an inbound rate limiting port group/type index. Valid entries are in the form of group#.port‐type. Valid values for group# can range from 0 to 7. Valid values for port‐type can range from 0 to 1, although only port type 0 is currently supported. For example, port group 3 would be specified as 3.0.
show cos reference Mode Switch command, read‐write. Usage The CoS reference table maps the user‐defined IRL references found in the CoS settings table (see “set cos settings” on page 9‐20) to rate limiters created in the port resource table (see “set cos port‐ resource” on page 9‐25). The CoS reference table indexes can be thought of as virtual rate limiters. The table accounts for the maximum number of rate limiters supported by the device. The virtual limiters then map to the physical rate limiters.
clear cos reference Example This example shows the Class of Service IRL references for port group 1.0. Note that not all of the 100 possible references are displayed in this output example. D2(su)->show cos reference irl 1.0 Group Index ----------1.0 1.0 1.0 1.0 ... 1.0 1.0 1.
show cos unit show cos unit Use this command to show possible CoS unit entries. Syntax show cos unit Parameters None. Defaults None. Mode Switch command, read‐only.
show cos port-type show cos port-type Use this command to display Class of Service port type configurations. Syntax show cos port-type [irl [port-type]] Parameters irl (Optional) Displays inbound rate limiting information. port‐type (Optional) Displays information for a specific port type. Defaults If no parameters are specified, inbound rate limiting information for all port types is displayed. Mode Switch command, read‐only.
show cos port-type 9-32 Policy Classification Configuration
10 Port Priority and Rate Limiting Configuration This chapter describes the Port Priority and Rate Limiting set of commands and how to use them. For information about... Refer to page...
Configuring Port Priority Configuring Port Priority Purpose To view or configure port priority characteristics as follows: • Display or change the port default Class‐of Service (CoS) transmit priority (0 through 7) of each port for frames that are received (ingress) without priority information in their tag header. • Display the current traffic class mapping‐to‐priority of each port. • Set each port to transmit frames according to 802.1D (802.1p) priority set in the frame header.
set port priority set port priority Use this command to set the 802.1D (802.1p) Class‐of‐Service transmit priority (0 through 7) on each port. A port receiving a frame without priority information in its tag header is assigned a priority according to the priority setting on the port. For example, if the priority of a port is set to 5, the frames received through that port without a priority indicated in their tag header are classified as a priority 5.
Configuring Priority to Transmit Queue Mapping Parameters port‐string Specifies the port for which to clear priority. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults None. Mode Switch command, read‐write. Example This example shows how to reset ge.1.11 to the default priority: D2(rw)->clear port priority ge.1.
set port priority-queue Parameters port‐string (Optional) Displays the mapping of priorities to transmit queues for one or more ports. Defaults If port-string is not specified, priority queue information for all ports will be displayed. Mode Switch command, read‐only. Example This example shows how to display priority queue information for ge.1.1.
clear port priority-queue Usage Priority to transmit queue mapping on an individual port basis can only be configured on Gigabit Ethernet ports (ge.x.x). When you use the set port priority‐queue command to configure a Fast Ethernet port (fe.x.x), the mapping values are applied globally to all Fast Ethernet ports on the system. Example This example shows how to set priority 5 frames received on ge.2.12 to transmit on queue 0. D2(su)->set port priority-queue ge.2.
show port txq For information about... Refer to page... set port txq 10-7 clear port txq 10-8 show port txq Use this command to display QoS transmit queue information for one or more physical ports. Syntax show port txq [port-string] Parameters port‐string (Optional) Specifies port(s) for which to display QoS settings. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Only physical ports will be displayed.
clear port txq Parameters port‐string Specifies port(s) on which to set queue arbitration values. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Only physical ports can be configured with this command. LAG ports cannot be configured. Specifies percentage to allocate to a specific transmit queue. The values must total 100 percent. value0 ‐ value7 Defaults None. Mode Switch command, read‐write.
clear port txq Parameters port‐string Clears transmit queue values on specific port(s) back to their default values. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Only physical ports can be configured with this command. LAG ports cannot be configured.
clear port txq 10-10 Port Priority and Rate Limiting Configuration
11 IGMP Configuration This chapter describes the IGMP Configuration set of commands and how to use them. For information about... Refer to page... IGMP Overview 11-1 Configuring IGMP at Layer 2 11-2 IGMP Overview About IP Multicast Group Management The Internet Group Management Protocol (IGMP) runs between hosts and their immediately neighboring multicast device.
Configuring IGMP at Layer 2 multicast switch/router it passes through to ensure that traffic is only passed to the hosts that subscribed to this service. Configuring IGMP at Layer 2 Purpose To configure IGMP snooping from the switch CLI. Commands For information about...
set igmpsnooping adminmode Usage Configured information is displayed whether or not IGMP snooping is enabled. Status information is displayed only when the function is enabled. For information on enabling IGMP on the system, refer to “set igmpsnooping adminmode” on page 11‐3. For information on enabling IGMP on one or more ports, refer to “set igmpsnooping interfacemode” on page 11‐4. Example This example shows how to display IGMP snooping information: D2(su)->show igmpsnooping Admin Mode.................
set igmpsnooping interfacemode set igmpsnooping interfacemode Use this command to enable or disable IGMP on one or all ports. Syntax set igmpsnooping interfacemode port-string {enable | disable} Parameters port‐string Specifies one or more ports on which to enable or disable IGMP. enable | disable Enables or disables IGMP. Defaults None. Mode Switch command, read‐write.
set igmpsnooping maxresponse Usage The IGMP group membership interval time sets the frequency of host‐query frame transmissions and must be greater than the IGMP maximum response time as described in “set igmpsnooping maxresponse” on page 11‐5. Example This example shows how to set the IGMP group membership interval to 250 seconds: D2(su)->set igmpsnooping groupmembershipinterval 250 set igmpsnooping maxresponse Use this command to configure the IGMP query maximum response time for the system.
set igmpsnooping add-static Parameters time Specifies the IGMP multicast router expiration time. Valid values are 0 ‐ 3600 seconds. A value of 0 will configure the system with an infinite expiration time. The default value is 0. Defaults None. Mode Switch command, read‐write. Usage This timer is for expiring the switch from the multicast database. If the timer expires, and the only address left is the multicast switch, then the entry will be removed.
set igmpsnooping remove-static Example This example creates an IGMP entry for the multicast group with IP address of 233.11.22.33 configured on VLAN 20 configured with the port ge.1.1. D2(su)->set igmpsnooping add-static 233.11.22.33 20 ge.1.1 set igmpsnooping remove-static This command deletes a static IGMP entry or removes one or more new ports from an existing entry.
show igmpsnooping mfdb Mode Switch command, read‐only. Example This example displays the static IGMP ports for VLAN 20. D2(su)->show igmpsnooping static 20 -------------------------------------------------------------------------------Vlan Id = 20 Static Multicast Group Address = 233.11.22.33 Type = IGMP IGMP Port List = ge.1.1 show igmpsnooping mfdb Use this command to display multicast forwarding database (MFDB) information.
clear igmpsnooping Parameters None. Defaults None. Mode Switch command, read‐write. Example This example shows how to clear all IGMP snooping entries: D2(su)->clear igmpsnooping Are you sure you want to clear all IGMP snooping entries? (y/n) y IGMP Snooping Entries Cleared.
clear igmpsnooping 11-10 IGMP Configuration
12 Logging and Network Management This chapter describes switch‐related logging and network management commands and how to use them. Note: The commands in this chapter pertain to network management of the D-Series device from the switch CLI only. For information on router-related network management tasks, including reviewing router ARP tables and IP traffic, refer to Chapter 15. For information about... Refer to page...
show logging server For information about... Refer to page... clear logging application 12-8 show logging local 12-9 set logging local 12-9 clear logging local 12-10 show logging buffer 12-10 show logging server Use this command to display the Syslog configuration for a particular server. Syntax show logging server [index] Parameters index (Optional) Displays Syslog information pertaining to a specific server table entry. Valid values are 1‐8.
set logging server set logging server Use this command to configure a Syslog server. Syntax set logging server index [ip-addr ip-addr] [facility facility] [severity severity] [descr descr] [port port] [state {enable | disable}] Parameters index Specifies the server table index number for this server. Valid values are 1 ‐ 8. ip‐addr ip‐addr (Optional) Specifies the Syslog message server’s IP address. facility facility (Optional) Specifies the server’s facility name.
clear logging server clear logging server Use this command to remove a server from the Syslog server table. Syntax clear logging server index Parameters index Specifies the server table index number for the server to be removed. Valid values are 1 ‐ 8. Defaults None. Mode Switch command, read‐write.
set logging default set logging default Use this command to set logging default values. Syntax set logging default {[facility facility] [severity severity] port port]} Parameters facility facility Specifies the default facility name. Valid values are: local0 to local7. severity severity Specifies the default logging severity level.
show logging application port (Optional) Resets the default UDP port the client uses to send to the server to 514. Defaults At least one optional parameter must be entered. All three optional keywords must be entered to reset all logging values to defaults. Mode Switch command, read‐write.
set logging application Example This example shows how to display system logging information pertaining to the SNMP application. D2(ro)->show logging application SNMP Application Current Severity Level --------------------------------------------90 SNMP 6 1(emergencies) 4(errors) 7(information) 2(alerts) 5(warnings) 8(debugging) 3(critical) 6(notifications) Table 12‐37 provides an explanation of the command output. Table 12-37 show logging application Output Details Output Field What it displays...
clear logging application level level (Optional) Specifies the severity level at which the server will log messages for applications.
show logging local Parameters mnemonic Resets the severity level for a specific application to 6. Valid mnemonic values and their corresponding applications are listed in Table 12‐38 on page 12‐8. all Resets the severity level for all applications to 6. Defaults None. Mode Switch command, read‐write. Example This example shows how to reset the logging severity level to 6 for SNMP.
clear logging local Parameters console enable | disable Enables or disables logging to the console. file enable | disable Enables or disables logging to a persistent file. Defaults None. Mode Switch command, read‐write. Example This command shows how to enable logging to the console and disable logging to a persistent file: D2(su)->set logging local console enable file disable clear logging local Use this command to clear the console and persistent store logging for the local session.
Monitoring Network Events and Status Defaults None. Mode Switch command, read‐only. Example This example shows a portion of the information displayed with the show logging buffer command: D2(su)->show logging buffer <165>Sep 4 07:43:09 10.42.71.13 CLI[5]User:rw logged in from 10.2.1.122 (telnet) <165>Sep 4 07:43:24 10.42.71.13 CLI[5]User: debug failed login from 10.4.1.
show history Mode Switch command, read‐only. Example This example shows how to display the contents of the command history buffer. It shows there are five commands in the buffer: D2(su)->history 1 hist 2 show gvrp 3 show vlan 4 show igmp 5 show ip address show history Use this command to display the size (in lines) of the history buffer. Syntax show history Parameters None. Defaults None. Mode Switch command, read‐only.
ping Mode Switch command, read‐write. Example This example shows how to set the size of the command history buffer to 30 lines: D2(su)->set history 30 ping Use this command to send ICMP echo‐request packets to another node on the network from the switch CLI. Syntax ping host Parameters host Specifies the IP address of the device to which the ping will be sent. Defaults None. Mode Switch command, read‐write. Examples This example shows how to ping IP address 134.141.89.29.
disconnect Mode Switch command, read‐only. Example This example shows how to use the show users command. In this output, there are two Telnet users logged in with Read‐Write access privileges from IP addresses 134.141.192.119 and 134.141.192.18: D2(su)->show users Session User Location -------- ----- -------------------------* telnet rw 134.141.192.119 telnet rw 134.141.192.18 disconnect Use this command to close an active console port or Telnet session from the switch CLI.
Managing Switch Network Addresses and Routes Managing Switch Network Addresses and Routes Purpose To display or delete switch ARP table entries, and to display MAC address information. Commands For information about... Refer to page...
set arp Example This example shows how to display the ARP table: D2(su)->show arp LINK LEVEL ARP TABLE IP Address Phys Address Flags Interface ----------------------------------------------------10.20.1.1 00-00-5e-00-01-1 S host 134.142.21.194 00-00-5e-00-01-1 S host 134.142.191.192 00-00-5e-00-01-1 S host 134.142.192.18 00-00-5e-00-01-1 S host 134.142.192.119 00-00-5e-00-01-1 S host ----------------------------------------------------- Table 12‐39 provides an explanation of the command output.
clear arp clear arp Use this command to delete a specific entry or all entries from the switch’s ARP table. Syntax clear arp {ip-address | all} Parameters ip‐address | all Specifies the IP address in the ARP table to be cleared, or clears all ARP entries. Defaults None. Mode Switch command, read‐write. Example This example shows how to delete entry 10.1.10.10 from the ARP table: D2(su)->clear arp 10.1.10.
show mac Defaults If not specified, waittime will be set to 5 seconds. If not specified, first‐ttl will be set to 1 second. If not specified, max‐ttl will be set to 30 seconds. If not specified, port will be set to 33434. If not specified, nqueries will be set to 3. If ‐r is not specified, normal host routing tables will be used. If ‐d is not specified, the debug socket option will not be used. If ‐v is not specified, summary output will be displayed. Mode Switch command, read‐only.
show mac agetime Mode Switch command, read‐only. Example This example shows how to display MAC address information for ge.3.1: D2(su)->show mac port ge.3.1 MAC Address FID Port Type ----------------- ---- ------------- -------00-09-6B-0F-13-E6 15 ge.3.1 Learned MAC Address VLAN Port Type Status Egress Ports ----------------- ---- ------------- ------- ------- --------------------------01-01-23-34-45-56 20 any mcast perm ge.3.1 Table 12‐40 provides an explanation of the command output.
set mac agetime Mode Switch command, read‐only. Example This example shows how to display the MAC timeout period: D2(su)->show mac agetime Aging time: 300 seconds set mac agetime Use This command to set the timeout period for aging learned MAC entries. Syntax set mac agetime time Parameters time Specifies the timeout period in seconds for aging learned MAC addresses. Valid values are 10 to 1,000,000 seconds. Default value is 300 seconds. Defaults None. Mode Switch command, read‐only.
set mac algorithm Example This example shows how to reset the MAC timeout period to the default value of 300 seconds. D2(su)->clear mac agetime set mac algorithm Use this command to set the MAC algorithm mode, which determines the has mechanism used by the device when performing Layer 2 lookups on received frames.
clear mac algorithm Defaults None. Mode Switch command, read‐only. Example This example shows the output of this command. D2(su)->show mac algorithm Mac hashing algorithm is mac-crc16-upperbits. clear mac algorithm Use this command to return the MAC hashing algorithm to the default value of mac‐crc16‐ upperbits. Syntax clear mac algorithm Parameters None. Defaults None. Mode Switch command, read‐write. Example This example resets the MAC hashing algorithm to the default value.
clear mac address port‐string Specifies the port or range of ports the multicast MAC address can be learned on or flooded to. append | clear Appends or clears the port or range of ports from the egress port list. Defaults If no port‐string is defined, the command will apply to all ports. Mode Switch command, read‐write. Example This example configures multicast MAC address 01‐01‐22‐33‐44‐55 for VLAN 24.
set mac unreserved-flood Parameters None. Defaults None. Mode Switch command, read‐write. Example This example displays the status of multicast flood protection. D2(su)->show mac unreserved-flood mac unreserved flood is disabled. set mac unreserved-flood Use this command to enable or disable multicast flood protection. When enabled, this prevents policy profiles requiring a full 10 masks from being loaded.
Configuring Simple Network Time Protocol (SNTP) Configuring Simple Network Time Protocol (SNTP) Purpose To configure the Simple Network Time Protocol (SNTP), which synchronizes device clocks in a network. Note: A host IP address must be configured on the D2 to support SNTP. Commands For information about... Refer to page...
show sntp Example This example shows how to display SNTP client settings: D2(su)->show sntp SNTP Version: 3 Current Time: TUE SEP 09 16:13:33 2003 Timezone: 'EST', offset from UTC is -4 hours and 0 minutes Client Mode: unicast Broadcast Count: 0 Poll Interval: 512 seconds Poll Retry: 1 Poll Timeout: 5 seconds SNTP Poll Requests: 1175 Last SNTP Update: TUE SEP 09 16:05:24 2003 Last SNTP Request: TUE SEP 09 16:05:24 2003 Last SNTP Status: Success SNTP-Server Precedence Status --------------------------------
set sntp client set sntp client Use this command to set the SNTP operation mode. Syntax set sntp client {broadcast | unicast | disable} Parameters broadcast Enables SNTP in broadcast client mode. unicast Enables SNTP in unicast (point‐to‐point) client mode. In this mode, the client must supply the IP address from which to retrieve the current time. disable Disables SNTP. Defaults None. Mode Switch command, read‐write.
set sntp server set sntp server Use this command to add a server from which the SNTP client will retrieve the current time when operating in unicast mode. Up to 10 servers can be set as SNTP servers. Syntax set sntp server ip-address [precedence] Parameters ip‐address Specifies the SNTP server’s IP address. precedence (Optional) Specifies this SNTP server’s precedence in relation to its peers. Valid values are 1 (highest) to 10 (lowest). Defaults If precedence is not specified, 1 will be applied.
set sntp poll-interval set sntp poll-interval Use this command to set the poll interval between SNTP unicast requests. Syntax set sntp poll-interval interval Parameters interval Specifies the poll interval in seconds. Valid values are 16 to 16284. Defaults None. Mode Switch command, read‐write.
clear sntp poll-retry Parameters retry Specifies the number of retries. Valid values are 0 to 10. Defaults None. Mode Switch command, read‐write. Example This example shows how to set the number of SNTP poll retries to 5: D2(su)->set sntp poll-retry 5 clear sntp poll-retry Use this command to clear the number of poll retries to a unicast SNTP server. Syntax clear sntp poll-retry Parameters None. Defaults None. Mode Switch command, read‐write.
clear sntp poll-timeout Mode Switch command, read‐write. Example This example shows how to set the SNTP poll timeout to 10 seconds: D2(su)->set sntp poll-timeout 10 clear sntp poll-timeout Use this command to clear the SNTP poll timeout. Syntax clear sntp poll-timeout Parameters None. Defaults None. Mode Switch command, read‐write.
show nodealias config show nodealias config Use this command to display node alias configuration settings on one or more ports. Syntax show nodealias config [port-string] Parameters port‐string (Optional) Displays node alias configuration settings for specific port(s). Defaults If port‐string is not specified, node alias configurations will be displayed for all ports. Mode Switch command, read‐only. Example This example shows how to display node alias configuration settings for ports ge.2.
clear nodealias config Parameters enable | disable Enables or disables a node alias agent. maxentries maxentries Set the maximum number of alias entries per ports. Valid range is 0 to 4096. The default value is 32. port‐string Specifies the port(s) on which to enable/disable node alias agent or set a maximum number of entries. Defaults None. Mode Switch command, read‐write.
clear nodealias config 12-34 Logging and Network Management
13 RMON Configuration This chapter describes the commands used to configure RMON on a D‐Series switch. For information about... Refer to page...
RMON Monitoring Group Functions Table 13-43 RMON Group History RMON Monitoring Group Functions and Commands (Continued) What It Does... What It Monitors... CLI Command(s) Records periodic statistical samples from a network. Sample period, number of samples and item(s) sampled.
Statistics Group Commands Statistics Group Commands Purpose To display, configure, and clear RMON statistics. Note: Due to hardware limitations, the only frame error counted is oversized frames. Commands For information about... Refer to page... show rmon stats 13-3 set rmon stats 13-4 clear rmon stats 13-5 show rmon stats Use this command to display RMON statistics measured for one or more ports.
set rmon stats Example This example shows how to display RMON statistics for Gigabit Ethernet port 1 in switch 1. D2(su)->show rmon stats ge.1.1 : Port: ge.1.1 ------------------------------------Index = 1 Owner = monitor Data Source = ifIndex.
clear rmon stats clear rmon stats Use this command to delete one or more RMON statistics entries. Syntax clear rmon stats {index-list | to-defaults} Parameters index‐list Specifies one or more stats entries to be deleted, causing them to disappear from any future RMON queries. to‐defaults Resets all history entries to default values. This will cause entries to reappear in RMON queries. Defaults None. Mode Switch command, read‐write.
set rmon history Parameters port‐string (Optional) Displays RMON history entries for specific port(s). Defaults If port‐string is not specified, information about all RMON history entries will be displayed. Mode Switch command, read‐only. Example This example shows how to display RMON history entries for Gigabit Ethernet port 1 in switch 1. A control entry displays first, followed by actual entries corresponding to the control entry.
clear rmon history Defaults If buckets is not specified, the maximum number of entries maintained will be 50. If not specified, interval will be set to 30 seconds. If owner is not specified, monitor will be applied. Mode Switch command, read‐write. Example This example shows how configure RMON history entry 1 on port ge.2.1 to sample every 20 seconds: D2(rw)->set rmon history 1 ge.2.
show rmon alarm Commands For information about... Refer to page... show rmon alarm 13-8 set rmon alarm properties 13-9 set rmon alarm status 13-10 clear rmon alarm 13-11 show rmon alarm Use this command to display RMON alarm entries. The RMON alarm group periodically takes statistical samples from RMON variables and compares them with previously configured thresholds. If the monitored variable crosses a threshold an RMON event is generated.
set rmon alarm properties Table 13-44 show rmon alarm Output Details (Continued) Output Field What It Displays... Status Whether this event entry is enabled (valid) or disabled. Variable MIB object to be monitored. Sample Type Whether the monitoring method is an absolute or a delta sampling. Startup Alarm Whether alarm generated when this entry is first enabled is rising, falling, or either. Interval Interval in seconds at which RMON will conduct sample monitoring.
set rmon alarm status startup rising | falling | either (Optional) Specifies the type of alarm generated when this event is first enabled as: • Rising ‐ Sends alarm when an RMON event reaches a maximum threshold condition is reached, for example, more than 30 collisions per second. • Falling ‐ Sends alarm when RMON event falls below a minimum threshold condition, for example when the network is behaving normally again. • Either ‐ Sends alarm when either a rising or falling threshold is reached.
clear rmon alarm Parameters index Specifies an index number for this entry. Maximum number or entries is 50. Maximum value is 65535. enable Enables this alarm entry. Defaults None. Mode Switch command, read‐write. Usage An RMON alarm entry can be created using this command, configured using the set rmon alarm properties command (“set rmon alarm properties” on page 13‐9), then enabled using this command.
Event Group Commands Event Group Commands Purpose To display and clear RMON events, and to configure RMON event properties. Commands For information about... Refer to page... show rmon event 13-12 set rmon event properties 13-13 set rmon event status 13-14 clear rmon event 13-14 show rmon event Use this command to display RMON event entry properties. Syntax show rmon event [index] Parameters index (Optional) Displays RMON properties and log entries for a specific entry index ID.
set rmon event properties Table 13-45 show rmon event Output Details Output Field What It Displays... Index Index number for this event entry. Owner Text string identifying who configured this entry. Status Whether this event entry is enabled (valid) or disabled. Description Text string description of this event. Type Whether the event notification will be a log entry, and SNMP trap, both, or none. Community SNMP community name if message type is set to trap.
set rmon event status Example This example shows how to create and enable an RMON event entry called “STP topology change” that will send both a log entry and an SNMP trap message to the “public” community: D2(rw)->set rmon event properties 2 description "STP topology change" type both community public owner Manager set rmon event status Use this command to enable an RMON event entry. An event entry describes the parameters of an RMON event that can be triggered.
Filter Group Commands Defaults None. Mode Switch command, read‐write. Example This example shows how to clear RMON event 1: D2(rw)->clear rmon event 1 Filter Group Commands The packet capture and filter function is disabled by default. Only one interface can be configured for capturing and filtering at a time. When packet capture is enabled on an interface, the D‐Series switch will capture 100 frames as close to sequentially as possible. These 100 frames will be placed into a buffer for inspection.
show rmon channel show rmon channel Use this command to display RMON channel entries for one or more ports. Syntax show rmon channel [port-string] Parameters port‐string (Optional) Displays RMON channel entries for a specific port(s). Defaults If port‐string is not specified, information about all channels will be displayed. Mode Switch command, read‐only. Example This example shows how to display RMON channel information for ge.2.12: D2(rw)->show rmon channel ge.2.12 Port ge.2.
clear rmon channel description description (Optional) Specifies a description for this channel. owner owner (Optional) Specifies the name of the entity that configured this entry. Defaults If an action is not specified, packets will be accepted on filter matches. If not specified, control will be set to off. If a description is not specified, none will be applied. If owner is not specified, it will be set to monitor. Mode Switch command, read‐write.
set rmon filter Parameters index index | channel channel (Optional) Displays information about a specific filter entry, or about all filters which belong to a specific channel. Defaults If no options are specified, information for all filter entries will be displayed. Mode Switch command, read‐only.
clear rmon filter dmask dmask (Optional) Specifies the mask applied to data to indicate which bits are significant. dnotmask dnotmask (Optional) Specifies the inversion mask that indicates which bits should be set or not set. owner (Optional) Specifies the name of the entity that configured this entry. Defaults If owner is not specified, it will be set to monitor. If no other options are specified, none (0) will be applied. Mode Switch command, read‐write.
Packet Capture Commands Packet Capture Commands Note that packet capture filter is sampling only and does not guarantee receipt of back‐to‐back packets. Purpose To display RMON capture entries, configure, enable, or disable capture entries, and clear capture entries. Commands For information about... Refer to page... show rmon capture 13-20 set rmon capture 13-21 clear rmon capture 13-22 show rmon capture Use this command to display RMON capture entries and associated buffer control entries.
set rmon capture Example This example shows how to display RMON capture entries and associated buffer entries: D2(rw)->show rmon capture Buf.control= 28062 Channel= 38283 EntryStatus= valid ---------------------------------------------------------FullStatus avail FullAction lock Captured packets 251 Capture slice 1518 Download size 100 Download offset 0 Max Octet Requested 50000 Max Octet Granted 50000 Start time 1 days 0 hours 51 minutes 15 seconds Owner monitor captureEntry= 1 Buff.
clear rmon capture Defaults If not specified, action defaults to lock. If not specified, offset defaults to 0. If not specified, asksize defaults to ‐1 (which will request as many octets as possible). If slice is not specified, 1518 will be applied. If loadsize is not specified, 100 will be applied. If owner is not specified, it will be set to monitor. Mode Switch command, read‐write.
14 DHCP Server Configuration This chapter describes the commands to configure the IPv4 DHCP server functionality on a D‐ Series switch. For information about... Refer to page... DHCP Overview 14-1 Configuring General DHCP Server Parameters 14-3 Configuring IP Address Pools 14-10 DHCP Overview Dynamic Host Configuration Protocol (DHCP) for IPv4 is a network layer protocol that implements automatic or manual assignment of IP addresses and other configuration information to client devices by servers.
DHCP Overview • Boot file • DHCP options as defined by RFC 2132 Note: A total of 16 address pools, dynamic and/or static, can be configured on the D-Series. Configuring a DHCP Server For DHCP to function on D‐Series systems, the system has to “know about” the IP network for which the DHCP pool is to be created. This is done by associating the DHCP address pool with the switch’s host port IP address.
Configuring General DHCP Server Parameters Configuring General DHCP Server Parameters Purpose To configure DHCP server parameters, and to display and clear address binding information, server statistics, and conflict information. Commands For information about... Refer to page...
set dhcp bootp Example This example enables DHCP server functionality. D2(rw)->set dhcp enable set dhcp bootp Use this command to enable or disable automatic address allocation for BOOTP clients. By default, address allocation for BOOTP clients is disabled. Refer to RFC 1534, “Interoperation Between DHCP and BOOTP,” for more information. Syntax set dhcp bootp {enable | disable} Parameters enable | disable Enables or disables address allocation for BOOTP clients. Defaults None.
show dhcp conflict show dhcp conflict Use this command to display conflict information, for one address or all addresses. Syntax show dhcp conflict [address] Parameters address [Optional] Specifies the address for which to display conflict information. Defaults If no address is specified, conflict information for all addresses is displayed. Mode Read‐only. Example This example displays conflict information for all addresses. Note that ping is the only detection method used.
set dhcp exclude Examples This example disables DHCP conflict logging. D2(rw)->clear dhcp conflict logging This example clears the conflict information for the IP address 192.0.0.2. D2(rw)->clear dhcp conflict 192.0.0.2 set dhcp exclude Use this command to configure the IP addresses that the DHCP server should not assign to DHCP clients. Multiple address ranges can be configured but the ranges cannot overlap. Up to 128 non‐ overlapping address ranges can be excluded.
set dhcp ping high‐ipaddr (Optional) Specifies the last IP address in the address range to be cleared. Defaults None. Mode Switch command, read‐write. Example This example clears the previously excluded range of IP addresses between 192.168.1.88 through 192.168.1.100. D2(rw)->clear dhcp exclude 192.168.1.88 192.168.1.100 set dhcp ping Use this command to configure the number of ping packets the DHCP server sends to an IP address before assigning the address to a requesting client.
show dhcp binding Defaults None. Mode Switch command, read‐write. Example This example resets the number of ping packets sent back to the default value. D2(rw)->clear dhcp ping packets show dhcp binding Use this command to display binding information for one or all IP addresses. Syntax show dhcp binding [ip-address] Parameters ip‐address (Optional) Specifies the IP address for which to display binding information.
show dhcp server statistics Parameters ip‐addr Specifies the IP address for which to clear/delete the DHCP binding. * Deletes all address bindings. Defaults None. Mode Switch command, read‐write. Example This example deletes the DHCP address binding for IP address 192.168.1.1. D2(rw)->clear dhcp binding 192.168.1.1 show dhcp server statistics Use this command to display DHCP server statistics. Syntax show dhcp server statistics Parameters None. Defaults None. Mode Read‐only.
clear dhcp server statistics clear dhcp server statistics Use this command to clear all DHCP server counters. Syntax clear dhcp server statistics Parameters None. Defaults None. Mode Switch command, read‐write. Example This example clears all DHCP server counters.
Configuring IP Address Pools Commands For information about... Refer to page...
set dhcp pool set dhcp pool Use this command to create and assign a name to a DHCP server pool of addresses. Up to 16 address pools may be configured on a D‐Series. Note that entering this command is not required to create an address pool before configuring other address pool parameters. Syntax set dhcp pool poolname Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read‐write.
set dhcp pool network set dhcp pool network Use this command to configure the subnet number and mask for an automatic DHCP address pool. Syntax set dhcp pool poolname network number {mask | prefix-length} Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. number Specifies an IP subnet for the address pool. mask Specifies the subnet mask in dotted quad notation. prefix‐length Specifies the subnet mask as an integer. Defaults None.
set dhcp pool hardware-address Defaults None. Mode Switch command, read‐write. Example This example deletes the network and mask from the address pool named “auto1.” D2(rw)->clear dhcp pool auto1 network set dhcp pool hardware-address Use this command to configure the MAC address of the DHCP client and create an address pool for manual binding. You can use either this command or the set dhcp pool client‐identifier command to create a manual binding pool, but using both is not recommended.
set dhcp pool host Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read‐write. Example This example deletes the client hardware address from the address pool named “manual1.” D2(rw)->clear dhcp pool manual1 hardware-address set dhcp pool host Use this command to configure an IP address and network mask for a manual DHCP binding.
clear dhcp pool host clear dhcp pool host Use this command to remove the host IP address from a manual binding address pool. Syntax clear dhcp pool poolname host Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read‐write. Example This example deletes the host IP address from the address pool named “manual1.
clear dhcp pool client-identifier Example This example shows how to configure the minimum requirements for a manual binding address pool, using a client identifier rather than the hardware address of the client’s hardware platform. D2(rw)->set dhcp pool manual2 client-identifier 01:00:01:22:33:44:55 D2(rw)->set dhcp pool manual2 host 10.12.1.10 255.255.255.0 clear dhcp pool client-identifier Use this command to remove the unique identifier of a DHCP client from a manual binding address pool.
clear dhcp pool client-name Mode Switch command, read‐write. Example This example configures the client name “appsvr1” to the manual binding pool “manual2.” D2(rw)->set dhcp pool manual2 client-identifier 01:22:33:44:55:66 D2(rw)->set dhcp pool manual2 host 10.12.1.10 255.255.255.0 D2(rw)->set dhcp pool manual2 client-name appsvr1 clear dhcp pool client-name Use this command to delete a DHCP client name from an address pool for manual binding.
clear dhcp pool bootfile Mode Switch command, read‐write. Example This example sets the boot image filename for address pool named “auto1.” D2(rw)->set dhcp pool auto1 bootfile image1.img clear dhcp pool bootfile Use this command to remove a default boot image from the address pool being configured. Syntax clear dhcp pool poolname bootfile Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. Defaults None. Mode Switch command, read‐write.
clear dhcp pool next-server Mode Switch command, read‐write. Example This example specifies the file server from which clients being served by address pool “auto1” should download the boot image file “image1.img.” D2(rw)->set dhcp pool auto1 bootfile image1.img D2(rw)->set dhcp pool auto1 next-server 10.1.1.10 clear dhcp pool next-server Use this command to remove the boot image file server from the address pool being configured.
clear dhcp pool lease hours (Optional) When a days value has been assigned, specifies the number of hours an address lease will remain valid. Value can range from 0 to 1439. minutes (Optional) When a days value and an hours value have been assigned, specifies the number of minute an address lease will remain valid. Value can range from 0 to 86399. infinite Specifies that the duration of the lease will be unlimited. Defaults If no lease time is specified, a lease duration of 1 day is configured.
clear dhcp pool default-router Syntax set dhcp pool poolname default-router address [address2 ... address8] Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. address Specifies the IP address of a default router. address2 ... address8 (Optional) Specifies, in order of preference, up to 7 additional default router addresses. Defaults None. Mode Switch command, read‐write. Example This example assigns a default router at 10.10.10.
clear dhcp pool dns-server Syntax set dhcp pool poolname dns-server address [address2 ... address8] Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. address Specifies the IP address of a DNS server. address2 ... address8 (Optional) Specifies, in order of preference, up to 7 additional DNS server addresses. Defaults None. Mode Switch command, read‐write. Example This example assigns a DNS server at 10.14.10.1 to the address pool “‘auto1.
clear dhcp pool domain-name Syntax set dhcp pool poolname domain-name domain Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. domain Specifies the domain name string. The domain name can be up to 255 characters in length. Defaults None. Mode Switch command, read‐write. Example This example assigns the “mycompany.com” domain name to the address pool “auto1.” D2(rw)->set dhcp pool auto1 domain-name mycompany.
clear dhcp pool netbios-name-server Syntax set dhcp pool poolname netbios-name-server address [address2 ... address8] Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. address Specifies the IP address of a NetBIOS name server. address2 ... address8 (Optional) Specifies, in order of preference, up to 7 additional NetBIOS name server addresses. Defaults None. Mode Switch command, read‐write.
set dhcp pool netbios-node-type set dhcp pool netbios-node-type Use this command to specify a NetBIOS node (server) type for the DHCP clients served by the address pool being configured. Syntax set dhcp pool poolname netbios-node-type {b-node | h-node | p-node | m-node} Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. b‐node Specifies the NetBIOs node type to be broadcast (no WINS).
set dhcp pool option Example This example removes the NetBIOS node type from the address pool “auto1.” D2(rw)->clear dhcp pool auto1 netbios-node-type set dhcp pool option Use this command to configure DHCP options, described in RFC 2132. Syntax set dhcp pool poolname option code {ascii string | hex string-list | ip addresslist} Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. code Specifies the DHCP option code, as defined in RFC 2132.
show dhcp pool configuration Parameters poolname Specifies the name of the address pool. Pool names may be up to 31 characters in length. code Specifies the DHCP option code, as defined in RFC 2132. Value can range from 1 to 254. Defaults None. Mode Switch command, read‐write. Example This example removes option 19 from address pool “auto1.” D2(rw)->clear dhcp pool auto1 option 19 show dhcp pool configuration Use this command to display configuration information for one or all address pools.
show dhcp pool configuration Example This example displays configuration information for all address pools. D2(rw)->show dhcp pool configuration all Pool: Atg_Pool Pool Type Network Lease Time Default Routers Dynamic 192.0.0.0 255.255.255.0 1 days 0 hrs 0 mins 192.0.0.1 Pool: static1 Pool Type Client Name Client Identifier Host Lease Time Option Manual appsvr1 01:00:01:f4:01:27:10 10.1.1.1 255.0.0.
show dhcp pool configuration 14-30 DHCP Server Configuration
15 Security Configuration This chapter describes the Security Configuration set of commands and how to use them. For information about... Refer to page... Overview of Security Methods 15-1 Configuring RADIUS 15-3 Configuring 802.
Overview of Security Methods ports. For details on using CLI commands to configure 802.1X, refer to “Configuring 802.1X Authentication” on page 15‐9. Note: To configure EAP pass-through, which allows client authentication packets to be forwarded through the switch to an upstream device, 802.1X authentication must be globally disabled with the set dot1x command.
Configuring RADIUS • To specify a management level (management access authentication): Enterasys:version=1:mgmt=level where level indicates the management level, either ro, rw, or su. • To specify both management level and policy profile: Enterasys:version=1:mgmt=level:policy=string The undecorated format is simply a string that specifies a policy profile name. The undecorated format cannot be used for management access authentication. Decorated Filter‐IDs are processed first by the switch.
show radius Parameters status (Optional) Displays the RADIUS server’s enable status. retries (Optional) Displays the number of retry attempts before the RADIUS server times out. timeout (Optional) Displays the maximum amount of time (in seconds) to establish contact with the RADIUS server before retry attempts begin. server (Optional) Displays RADIUS server configuration information.
set radius set radius Use this command to enable, disable, or configure RADIUS authentication. Syntax set radius {enable | disable} | {retries number-of-retries} | {timeout timeout} | {server index ip-address port [secret-value] [realm {management-access | any | network-access}} | {realm {management-access | any | network-access} {index| all}} Parameters enable | disable Enables or disables the RADIUS client.
clear radius Note: If RADIUS is configured with no host IP address on the device, it will use the loopback interface 0 IP address (if it has been configured) as its source for the NAS-IP attribute. For information about configuring loopback interfaces, refer to “interface” on page 15-3. Examples This example shows how to enable the RADIUS client for authenticating with RADIUS server 1 at IP address 192.168.6.203, UDP authentication port 1812, and an authentication password of “pwsecret.
show radius accounting Examples This example shows how to clear all settings on all RADIUS servers: D2(su)->clear radius server all This example shows how to reset the RADIUS timeout to the default value of 20 seconds: D2(su)->clear radius timeout show radius accounting Use this command to display the RADIUS accounting configuration. This transmits accounting information between a network access server and a shared accounting server.
set radius accounting set radius accounting Use this command to configure RADIUS accounting. Syntax set radius accounting {[enable | disable] [retries retries] [timeout timeout] [server ip_address port [server-secret] Parameters enable | disable Enables or disables the RADIUS accounting client. retries retries Sets the maximum number of attempts to contact a specified RADIUS accounting server before timing out. Valid retry values are 0 ‐ 10.
clear radius accounting clear radius accounting Use this command to clear RADIUS accounting configuration settings. Syntax clear radius accounting {server ip-address | retries | timeout | counter} Parameters server ip‐address Clears the configuration on one or more accounting servers. retries Resets the retries to the default value of 3. timeout Resets the timeout to 5 seconds. counter Clears counters. Mode Switch command, read‐write. Defaults None.
show dot1x For information about... Refer to page... show eapol 15-16 set eapol 15-17 clear eapol 15-18 show dot1x Use this command to display 802.1X status, diagnostics, statistics, and reauthentication or initialization control information for one or more ports. Syntax show dot1x [auth-diag] [auth-stats] [port [init | reauth]] [port-string] Parameters auth‐diag (Optional) Displays authentication diagnostics information. auth‐stats (Optional) Displays authentication statistics.
show dot1x auth-config Examples This example shows how to display 802.1X status: D2(su)->show dot1x DOT1X is disabled. This example shows how to display authentication diagnostics information for ge.1.1: D2(su)->show dot1x auth-diag ge.1.
show dot1x auth-config Parameters authcontrolled‐ portcontrol (Optional) Displays the current value of the controlled Port control parameter for the port. maxreq (Optional) Displays the value set for maximum requests currently in use by the backend authentication state machine. quietperiod (Optional) Displays the value set for quiet period currently in use by the authenticator PAE state machine.
set dot1x This example shows how to display all 802.1X authentication configuration settings for ge.1.1: D2(ro)->show dot1x auth-config Port : 1 Auth-Config PAE state: Backend auth state: Admin controlled directions: Oper controlled directions: Auth controlled port status: Auth controlled port control: Quiet period: Transmission period: Supplicant timeout: Server timeout: Maximum requests: Reauthentication period: Reauthentication control: ge.1.
set dot1x auth-config set dot1x auth-config Use this command to configure 802.1X authentication. Syntax set dot1x auth-config {[authcontrolled-portcontrol {auto | forced-auth | forced-unauth}] [maxreq value] [quietperiod value] [reauthenabled {false | true}] [reauthperiod value] [servertimeout timeout] [supptimeout timeout] [txperiod value]} [port-string] Parameters authcontrolled‐ portcontrol auto | forced‐auth | forced‐unauth Specifies the 802.1X port control mode.
clear dot1x auth-config Examples This example shows how to enable reauthentication control on ports ge.1.1‐3: D2(su)->set dot1x auth-config reauthenabled true ge.1.1-3 This example shows how to set the 802.1X quiet period to 120 seconds on ports ge.1.1‐3: D2(su)->set dot1x auth-config quietperiod 120 ge.1.1-3 clear dot1x auth-config Use this command to reset 802.1X authentication parameters to default values on one or more ports.
show eapol This example shows how to reset the 802.1X quiet period to 60 seconds on ports ge.1.1‐3: D2(su)->clear dot1x auth-config quietperiod ge.1.1-3 show eapol Use this command to display EAPOL status or settings for one or more ports. Syntax show eapol [port-string] Parameters port‐string (Optional) Displays EAPOL status for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1.
set eapol Table 15-47 show eapol Output Details (Continued) Output Field What It Displays... Authentication State Current EAPOL authentication state for each port. Possible internal states for the authenticator (switch) are: • initialize: A port is in the initialize state when: – authentication is disabled, – authentication is enabled and the port is not linked, or – authentication is enabled and the port is linked.
clear eapol Parameters enable | disable Enables or disables EAPOL. auth‐mode Specifies the authentication mode as: auto | forced‐auth | forced‐unauth • auto ‐ Auto authorization mode. This is the default mode and will forward frames according to the authentication state of the port. For details on this mode, refer to Table 15‐47. • forced‐auth ‐ Forced authorized mode, which disables authentication on the port.
Configuring MAC Authentication Mode Switch command, read‐write. Example This example shows how to clear the EAPOL authentication mode for port ge.1.3: D2(su)->clear eapol auth-mode ge.1.3 Configuring MAC Authentication Purpose To review, disable, enable and configure MAC authentication. This authentication method allows the device to authenticate source MAC addresses in an exchange with an authentication server.
show macauthentication For information about... Refer to page... clear macauthentication significant-bits 15-29 show macauthentication Use this command to display MAC authentication information for one or more ports. Syntax show macauthentication [port-string] Parameters port‐string (Optional) Displays MAC authentication information for specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1.
show macauthentication session Table 15-48 show macauthentication Output Details (Continued) Output Field What It Displays... Port username significant bits Number of significant bits in the MAC addresses to be used starting with the leftmost bit of the vendor portion of the MAC address. The significant portion of the MAC address is sent as a user-name credential when the primary attempt to authenticate the full MAC address fails. Any other failure to authenticate the full address, (i.e.
set macauthentication Example This example shows how to display MAC session information: D2(su)->show macauthentication session Port MAC Address Duration Reauth Period --------------------- ---------- ------------ge.1.2 00:60:97:b5:4c:07 0,00:52:31 3600 Reauthentications ----------------disabled Table 15‐49 provides an explanation of the command output. Table 15-49 show macauthentication session Output Details Output Field What It Displays... Port Port designation.
set macauthentication password set macauthentication password Use this command to set a MAC authentication password. Syntax set macauthentication password password Parameters password Specifies a text string MAC authentication password. Defaults None. Mode Switch command, read‐write.
set macauthentication portinitialize Parameters enable | disable Enables or disables MAC authentication. port‐string Specifies port(s) on which to enable or disable MAC authentication. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults None. Mode Switch command, read‐write.
set macauthentication portquietperiod set macauthentication portquietperiod This sets the number of seconds following a failed authentication before another attempt may be made on the port. Syntax set macauthentication portquietperiod time port-string Parameters time Period in seconds to wait after a failed authentication. By default, this is 30 seconds. port‐string Specifies the ports for which the quit period is to be applied.
set macauthentication macinitialize set macauthentication macinitialize Use this command to force a current MAC authentication session to re‐initialize and remove the session. Syntax set macauthentication macinitialize mac-addr Parameters mac‐addr Specifies the MAC address of the session to re‐initialize. Mode Switch command, read‐write. Defaults None.
set macauthentication portreauthenticate set macauthentication portreauthenticate Use this command to force an immediate reauthentication of the currently active sessions on one or more MAC authentication ports. Syntax set macauthentication portreauthenticate port-string Parameters port‐string Specifies MAC authentication port(s) to be reauthenticated. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults None.
set macauthentication reauthperiod set macauthentication reauthperiod Use this command to set the MAC reauthentication period (in seconds). This is the time lapse between attempts to reauthenticate any current MAC address authenticated to a port. Syntax set macauthentication reauthperiod time port-string Parameters time Specifies the number of seconds between reauthentication attempts. Valid values are 1 ‐ 4294967295. port‐string Specifies the port(s) on which to set the MAC reauthentication period.
set macauthentication significant-bits Example This example shows how to globally clear the MAC reauthentication period: D2(su)->clear macauthentication reauthperiod set macauthentication significant-bits Use this command to set the number of significant bits of the MAC address to use for authentication. Syntax set macauthentication significant-bits number Parameters number Specifies the number of significant bits to be used for authentication. Defaults None. Mode Switch command, read‐write.
Configuring Multiple Authentication Methods Parameters None. Defaults None. Mode Switch command, read‐write. Example This example resets the MAC authentication significant bits to 48. D2(su)->clear macauthentication significant-bits Configuring Multiple Authentication Methods Note: D2 devices support up to eight authenticated users per port. About Multiple Authentication Types When enabled, multiple authentication types allow users to authenticate using more than one method on the same port.
show multiauth For information about... Refer to page... set multiauth idle-timeout 15-38 clear multiauth idle-timeout 15-38 show multiauth session-timeout 15-39 set multiauth session-timeout 15-40 clear multiauth session-timeout 15-40 show multiauth Use this command to display multiple authentication system configuration. Syntax show multiauth Parameters None. Defaults None. Mode Switch command, read‐only.
clear multiauth mode Parameters multi Allows the system to use multiple authenticators simultaneously (802.1x, PWA, and MAC Authentication) on a port. This is the default mode. strict User must authenticate using 802.1x authentication before normal traffic (anything other than authentication traffic) can be forwarded. Defaults None. Mode Switch command, read‐write. Usage Multiauth multi mode requires that MAC, PWA, and 802.
set multiauth precedence set multiauth precedence Use this command to set the system’s multiple authentication administrative precedence. Syntax set multiauth precedence {[dot1x] [mac] } Parameters dot1x Sets precedence for 802.1X authentication. mac Sets precedence for MAC authentication. pwa Sets precedence for port web authentication Defaults None. Mode Switch command, read‐write.
show multiauth port show multiauth port Use this command to display multiple authentication properties for one or more ports. Syntax show multiauth port [port-string] Parameters port‐string (Optional) Displays multiple authentication information for specific port(s). Defaults If port‐string is not specified, multiple authentication information will be displayed for all ports. Mode Switch command, read‐only. Example This example shows how to display multiple authentication information for ports ge.3.
clear multiauth port port‐string Specifies the port(s) on which to set multiple authentication properties. Defaults None. Mode Switch command, read‐write. Examples This example shows how to set the port multiple authentication mode to required on ge.3.14: D2(rw)->set multiauth port mode auth-reqd ge.3.14 This example shows how to set the number of users allowed to authenticate on port ge.3.14 to 8: D2(rw)->set multiauth port numusers 8 ge.3.
show multiauth station show multiauth station Use this command to display multiple authentication station (end user) entries. Syntax show multiauth station [mac address] [port port-string] Parameters mac address (Optional) Displays multiple authentication station entries for specific MAC address(es). port port‐string (Optional) Displays multiple authentication station entries for specific port(s). Mode Switch command, read‐only.
show multiauth idle-timeout Defaults If no options are specified, multiple authentication session entries will be displayed for all sessions, authentication types, MAC addresses, and ports. Mode Switch command, read‐only. Example This example shows how to display multiple authentication session information for port ge.1.1. D2(su)->show multiauth session port ge.1.1 __________________________________________ Port | ge.1.
set multiauth idle-timeout set multiauth idle-timeout Use this command to set the maximum number of consecutive seconds an authenticated session may be idle before termination of the session. Syntax set multiauth idle-timeout [dot1x | mac | pwa] timeout Parameters dot1x (Optional) Specifies the IEEE 802.1X port‐based network access control authentication method for which to set the timeout value. mac (Optional) Specifies the Enterasys MAC authentication method for which to set the timeout value.
show multiauth session-timeout Parameters dot1x (Optional) Specifies the IEEE 802.1X port‐based network access control authentication method for which to reset the timeout value to its default. mac (Optional) Specifies the Enterasys MAC authentication method for which to reset the timeout value to its default. pwa (Optional) Specifies the Enterasys Port Web Authentication method for which to reset the timeout value to its default.
set multiauth session-timeout set multiauth session-timeout Use this command to set the maximum number of seconds an authenticated session may last before termination of the session. Syntax set multiauth session-timeout [dot1x | mac | pwa] timeout Parameters dot1x (Optional) Specifies the IEEE 802.1X port‐based network access control authentication method for which to set the session timeout value.
Configuring VLAN Authorization (RFC 3580) Parameters dot1x (Optional) Specifies the IEEE 802.1X port‐based network access control authentication method for which to reset the timeout value to its default. mac (Optional) Specifies the Enterasys MAC authentication method for which to reset the timeout value to its default. pwa (Optional) Specifies the Enterasys Port Web Authentication method for which to reset the timeout value to its default.
show policy maptable response Commands For information about... Refer to page... show policy maptable response 15-42 set policy maptable response 15-42 set vlanauthorization 15-43 set vlanauthorization egress 15-44 clear vlanauthorization 15-44 show vlanauthorization 15-45 show policy maptable response Displays the current policy maptable response setting.
set vlanauthorization Parameters policy Sets the maptable response to policy. This is the default setting, which allows authentication of up to 8 multiauth users per port. tunnel Sets the maptable response to tunnel, which allows authentication of up to multiauth users per port. This setting is required to configure VLAN authorization for multiple users per Gigabit port. Defaults Set to policy. Mode Switch command, read‐write.
set vlanauthorization egress set vlanauthorization egress Controls the modification of the current VLAN egress list of 802.1x authenticated ports for the VLANs returned in the RADIUS authorization filter id string. Syntax set vlanauthorization egress {none | tagged | untagged} port-string Parameters none Specifies that no egress manipulation will be made. tagged Specifies that the authenticating port will be added to the current tagged egress for the VLAN‐ID returned.
show vlanauthorization Mode Switch command, read‐write. Example This example show how to clear VLAN authorization for all ports on slots 3, 4, and 5: D2(rw)->clear vlanauthorization ge.3-5.* show vlanauthorization Displays the VLAN authentication status and configuration information for the specified ports. Syntax show vlanauthorization [port-string] Parameters port‐string (Optional) Displays VLAN authentication status for the specified ports.
Configuring MAC Locking Table 15-50 show vlanauthorization Output Details (Continued) Output Field What It Displays... authenticated mac address If authentication has succeeded, displays the MAC address assigned for egress. vlan id If authentication has succeeded, displays the assigned VLAN id for ingress. Configuring MAC Locking This feature locks a MAC address to one or more ports, preventing connection of unauthorized devices through the port(s).
show maclock For information about... Refer to page... set maclock static 15-52 clear maclock static 15-52 set maclock firstarrival 15-53 clear maclock firstarrival 15-54 set maclock agefirstarrival 15-54 clear maclock agefirstarrival 15-55 set maclock move 15-55 set maclock trap 15-56 show maclock Use this command to display the status of MAC locking on one or more ports.
show maclock stations Table 15-51 show maclock Output Details (Continued) Output Field What It Displays... Port Status Whether MAC locking is enabled or disabled on the port. MAC locking is globally disabled by default. For details on enabling MAC locking on the switch and on one or more ports, refer to “set maclock enable” on page 15-49 and “set maclock” on page 15-50. Trap Status Whether MAC lock trap messaging is enabled or disabled on the port.
set maclock enable Example This example shows how to display MAC locking information for the end stations connected to all Gigabit Ethernet ports in unit/module 2: D2(su)->show maclock stations ge.2.* Port Number MAC Address Status ------------ -----------------------------ge.2.1 00:a0:c9:39:5c:b4 active ge.2.7 00:a0:c9:39:1f:11 active State -------------first arrival static Aging ----true false Table 15‐52 provides an explanation of the command output.
set maclock disable Usage When enabled and configured, MAC locking defines which MAC addresses, as well as how many MAC addresses are permitted to use specific port(s). MAC locking is disabled by default at device startup. Configuring one or more ports for MAC locking requires globally enabling it on the device and then enabling it on the desired ports. Example This example shows how to enable MAC locking on ge.2.3: D2(su)->set maclock enable ge.2.
clear maclock port‐string Specifies the port on which to create, enable or disable MAC locking for the specified MAC. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. create Establishes a MAC locking association between the specified MAC address and port. Create automatically enables MAC locking between the specified MAC address and port. enable | disable Enables or disables MAC locking between the specified MAC address and port.
set maclock static Usage The MAC address that is cleared will no longer be able to communicate on the port unless the first arrival limit has been set to a value greater than 0 and this limit has not yet been met. For example, if user B’s MAC is removed from the static MAC address list and the first arrival limit has been set to 0, then user B will not be able to communicate on the port.
set maclock firstarrival Parameters port‐string Specifies the port on which to reset number of static MAC addresses allowed. For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults None. Mode Switch command, read‐write. Example This example shows how to reset the number of allowable static MACs on ge.2.3: D2(rw)->clear maclock static ge.2.
clear maclock firstarrival Example This example shows how to restrict MAC locking to 6 MAC addresses on ge.2.3: D2(su)->set maclock firstarrival ge.2.3 6 clear maclock firstarrival Use this command to reset the number of first arrival MAC addresses allowed per port to the default value of 600. Syntax clear maclock firstarrival port-string Parameters port‐string Specifies the port on which to reset the first arrival value.
clear maclock agefirstarrival Mode Switch mode, read‐write. Example This example enables first arrival aging on port ge.1.1. D2(su)-> set maclock agefirstarrival ge.1.1 enable clear maclock agefirstarrival Use this command to reset first arrival aging on one or more ports to its default state of disabled. Syntax clear maclock agefirstarrival port-string Parameters port‐string Specifies the port(s) on which to disable first arrival aging.
set maclock trap Mode Switch command, read‐write. Usage If there are more first arrival MACs than the allowed maximum static MACs, then only the latest first arrival MACs will be moved to static entries. For example, if you set the maximum number of static MACs to 2 with the set maclock static command, and then executed the set maclock move command, even though there were five MACs in the first arrival table, only the two most recent MAC entries would be moved to static entries.
Configuring Port Web Authentication (PWA) Configuring Port Web Authentication (PWA) About PWA PWA provides a way of authenticating users before allowing general access to the network To log on using PWA, the user makes a request through a web browser for the PWA web page or is automatically redirected to this login page after requesting a URL in a browser. Depending upon the authenticated state of the user, a login page or a logout page will display.
show pwa show pwa Use this command to display port web authentication information for one or more ports. Syntax show pwa [port-string] Parameters port‐string (Optional) Displays PWA information for specific port(s). Defaults If port‐string is not specified, PWA information will be displayed for all ports. Mode Switch command, read‐only. Example This example shows how to display PWA information for ge.2.1: D2(su)->show pwa ge.2.
set pwa Table 15-53 show pwa Output Details (Continued) Output Field What It Displays... PWA Logo Whether the Enterasys Networks logo will be displayed or hidden at user login. Default state of enabled (displayed) can be changed using the set pwa displaylogo command as described in “set pwa displaylogo” on page 15-61. PWA Guest Networking Status Whether PWA guest user status is disabled or enabled with RADIUS or no authentication.
show pwa banner Example This example shows how to enable port web authentication: D2(su)->set pwa enable show pwa banner Use this command to display the port web authentication login banner string. Syntax show pwa banner Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display the PWA login banner: D2(su)->show pwa banner Welcome to Enterasys Networks set pwa banner Use this command to configure a string to be displayed as the PWA login banner.
clear pwa banner clear pwa banner Use this command to reset the PWA login banner to a blank string. Syntax clear pwa banner Parameters None. Defaults None. Mode Switch command, read‐write. Example This example shows how to reset the PWA login banner to a blank string D2(su)->clear pwa banner set pwa displaylogo Use this command to set the display options for the Enterasys Networks logo.
set pwa ipaddress set pwa ipaddress Use this command to set the PWA IP address. This is the IP address of the end station from which PWA will prevent network access until the user is authenticated. Syntax set pwa ipaddress ip-address Parameters ip‐address Specifies a globally unique IP address. This same value must be configured into every authenticating switch in the domain. Defaults None. Mode Switch command, read‐write. Example This example shows how to set a PWA IP address of 1.2.3.
set pwa guestname set pwa guestname Use this command to set a guest user name for PWA networking. PWA will use this name to grant network access to guests without established login names and passwords. Syntax set pwa guestname name Parameters name Specifies a guest user name. Defaults None. Mode Switch command, read‐write.
set pwa guestpassword set pwa guestpassword Use this command to set the guest user password for PWA networking. Syntax set pwa guestpassword Parameters None. Defaults None. Mode Switch command, read‐write. Usage PWA will use this password and the guest user name to grant network access to guests without established login names and passwords.
set pwa initialize Usage PWA will use a guest password and guest user name to grant network access with default policy privileges to users without established login names and passwords. Example This example shows how to enable PWA guest networking with RADIUS authentication: D2(su)->set pwa guestnetworking authradius set pwa initialize Use this command to initialize a PWA port to its default unauthenticated state.
set pwa maxrequest Defaults If port‐string is not specified, quiet period will be set for all ports. Mode Switch command, read‐write. Example This example shows how to set the PWA quiet period to 30 seconds for ports ge.1.5‐7: D2(su)->set pwa quietperiod 30 ge.1.5-7 set pwa maxrequest Use this command to set the maximum number of log on attempts allowed before transitioning the PWA port to a held state.
show pwa session port‐string (Optional) Sets the control mode on specific port(s). For a detailed description of possible port‐string values, refer to “Port String Syntax Used in the CLI” on page 4‐1. Defaults If port‐string is not specified, PWA will enabled on all ports. Mode Switch command, read‐write. Example This example shows how to enable PWA on ports 1‐22: D2(su)->set pwa portcontrol enable ge.1.1-22 show pwa session Use this command to display information about current PWA sessions.
set pwa enhancedmode set pwa enhancedmode This command enables PWA URL redirection. The switch intercepts all HTTP packets on port 80 from the end user, and sends the end user a refresh page destined for the PWA IP Address configured. Syntax set pwa enhancedmode {enable | disable} Parameters enable | disable Enables or disables PWA enhancedmode. Defaults None. Mode Switch command, read‐write.
set ssh Parameters None. Defaults None. Mode Switch command, read‐only. Example This example shows how to display SSH status on the switch: D2(su)->show ssh status SSH Server status: Disabled set ssh Use this command to enable, disable or reinitialize SSH server on the switch. By default, the SSH server is disabled. Syntax set ssh {enable | disable | reinitialize} Parameters enable | disable Enables or disables SSH, or reinitializes the SSH server. reinitialize Reinitializes the SSH server.
set ssh hostkey Defaults If reinitialize is not specified, the user must supply SSH authentication key values. Mode Switch command, read‐write.
Index Numerics 802.1D 6-1 802.1p 9-15, 10-1 802.1Q 7-1 802.1s 6-1 802.1w 6-1 802.
configuring 10-2 Port String syntax used in the CLI 4-1 Port Trunking 4-33 Port web authentication configuring 15-57 Port(s) alias 4-9 assignment scheme 4-1 auto-negotiation and advertised ability 4-14 broadcast suppression 4-28 counters, reviewing statistics 4-5 duplex mode, setting 4-9 flow control 4-18 link flap about 4-19 configuration defaults 4-22 configuring 4-21 link traps, configuring 4-19 MAC lock 15-49 priority, configuring 10-2 speed, setting 4-9 status, reviewing 4-3 Power over Ethernet (PoE),
