SFTOS Command Reference for the S2410 Version 2.4.1.
Copyright 2008 Force10 Networks All rights reserved. Printed in the USA. April 2008. Force10 Networks reserves the right to change, modify, revise this publication without notice. Trademarks Force10 Networks® and E-Series® are registered trademarks of Force10 Networks, Inc. Force10, the Force10 logo, E1200, E600, E600i, E300, EtherScale, TeraScale, FTOS, and SFTOS are trademarks of Force10 Networks, Inc. All other brand and product names are registered trademarks or trademarks of their respective holders.
New Features This preface describes SFTOS 2.4.1 by contrasting it to SFTOS 2.3.1.9. Major Changes Most of the differences in SFTOS 2.4.1 reflect the fact that SFTOS 2.4.1 is dedicated to supporting the S2410 models of the S-Series: • • • • Layer 2 only: The S2410 is limited to Layer 2 functionality, and therefore Layer 3 commands are not in the CLI, such as those for the OSPF and RIP protocols. Stacking/Port ID format: Because the S2410 does not support stacking, SFTOS version 2.4.
• • • • The maximum number of LAGs is 12, with a maximum of 12 ports in a LAG (vs. 32 LAGs, with a maximum of eight members each in SFTOS 2.3.1). See Chapter 15, LAG/ Port Channel Commands, on page 249. Maximum Jumbo Frame size increased from 9216 to 10240. IGMP Snooping: The current S2410 hardware does not support IGMP Snooping, so the commands in the IGMP Snooping chapter appear in the CLI but do not function. ACLs, CoS, and QoS: — IP ACLs are not available. — The CoS traffic class range is four.
Contents New Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Major Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Other Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Deprecated Commands . . . . . . . . . . . . . . . . . . . . . . .
Chapter 3 Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Command Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Command Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Command Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 show interface ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 show interface managementethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 show interface switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
snmp-server enable traps linkmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 snmp-server enable traps multiusers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 snmp-server enable traps stpmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 snmp-server enable trap violation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
priority (VLAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 protocol group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 protocol vlan group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 protocol vlan group all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuration Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 script apply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 script delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 script list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
port-security mac-address move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 show port-security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 show port-security dynamic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 show port-security static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 single-connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 show tacacs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
lease . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 netbios-name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 netbios-node-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
gvrp interfacemode enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 gvrp interfacemode enable all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 set gvrp adminmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 set gvrp interfacemode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 15 LAG/Port Channel Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 addport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 deleteport (interface config) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 deleteport (global config) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
spanning-tree mst priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 spanning-tree mst vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 spanning-tree port mode enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 spanning-tree port mode enable all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
List of Figures Figure 1 Force10 Networks iSupport Website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Figure 2 Example of Accessing the Boot Menu with the reload Command . . . . . . . . . . . . . . . . . 32 Figure 3 Example of Configuring the Ethernet Management Port . . . . . . . . . . . . . . . . . . . . . . . . 37 Figure 4 Partial Keyword Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Figure 35 Using the copy command to Upload the Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Figure 36 Using the copy command to Download the CLI Banner . . . . . . . . . . . . . . . . . . . . . . . 142 Figure 37 Sample Output from the show logging Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Figure 38 Sample Output from the show logging Command . . . . . . . . . . . . . . . . . . . . . . . . . . . .
List of Tables Table 1 Boot Menu Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Table 2 Network Address Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Table 3 Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Table 4 Interface ManagementEthernet Mode Command Families . . . . . . . . . . . . . . . . . .
About This Guide This guide describes configuration commands for SFTOS 2.4 software, which is dedicated to the S2410 models of the S-Series line of switches. The commands can be accessed from the SFTOS Command Line Interface (CLI), accessed through the console port or through a Telnet connection, and from the Node Manager component of Force10 Networks® Management System (FTMS).
Audience This guide assumes you are knowledgeable in Layer 2 and Layer 3 networking technologies, that you have an understanding of the SFTOS software base and have read the appropriate specification for the relevant switch platform. This document is primarily for system administrators configuring and operating a system using SFTOS software. It is intended to provide an understanding of the configuration options of SFTOS software.
Related Documents and Sources of Additional Information The following documents provide information on using the S2410 switch and SFTOS 2.4 software. All of the documents are available on the Documents tab of iSupport (the Force10 Networks support website): http://www.force10networks.com/support: • • • • • • • SFTOS Command Reference for the S2410, Version 2.4.1 SFTOS Configuration Guide for the S2410, Version 2.4.
Documentation Feedback If appropriate for the issue, please include the following information with your comments: • • • • Document name Document part number (from the front cover) Page number Software release version (from the front cover) The iSupport Website Access to some sections of the iSupport website do not require a password to access. However, if a section does require a password, you can request one at the website: 1. 2. 3. 4. On the Force10 Networks website home page, www.force10networks.
• • Documents: User documentation, FAQs, field notices, technical tips, and white papers Support Programs: Information on the complete suite of Force10 support and professional support services. For more on using the iSupport website and accessing services, see the Force10 Service and Support Guide, available on the Home tab, as displayed above. You can also contact the Force10 Technical Assistance Center (TAC) by email or phone.
About This Guide
Chapter 1 SFTOS Overview The SFTOS software loaded in every S-Series switch has two purposes: • • Assist attached hardware in switching frames, based on Layer 2, 3, or 4 information contained in the frames. Provide a complete device management portfolio to the network administrator. Switch Management Options SFTOS 2.4.
SFTOS 2.4.1 Features Note: The "Untested and Unsupported Features and Commands" section of the Release Notes contains the most current information on available features. The SFTOS 2.4.1 software provides the following features through a limited version (no stacking) of its “Layer 2 Package” (also called the “Switching Package”).
Multicast Protocols • • IGMP Snooping Layer 2 Multicast Forwarding Security and Packet Control Features • • • • • • • • • Ingress Rate Limiting Login Access Control RADIUS IEEE 802.1x SSH2 Server Support Port Mirroring Access Profiles on Routing Protocols DOS Protection MAC-based Port Security Management • • • • • • • • • Telnet (RFC 854) SSHv2 TFTP (RFC 783) Syslog SNMP v1/v2c RMON Groups HTML-based Management SNTP HTTPS/SSL SFTOS Command Reference for the S2410, Version 2.4.1.
SFTOS Overview
Chapter 2 Quick Start This chapter summarizes the procedures to start and operate the switch. For more detail, see the Getting Started chapter in the SFTOS Configuration Guide (and the rest of that guide) or the S2410 Quick Reference.
5. Press ENTER two times. The prompt of the User Exec mode of the CLI is displayed. 6. Enter enable to switch to the Privileged Exec mode. You can run all show commands from this mode, while some show commands do not run from User Exec mode. 7. Enter configure to access the Global Config mode to enter configuration commands. 8. Enter exit if you need to return to any previous mode. Using the Boot Menu The Boot menu is part of the boot code system software that loads before SFTOS and is separate from SFTOS.
2. At the [Boot Menu] prompt, press the number and Enter of the option that you want. The options are: Table 1 Boot Menu Options Boot Menu Options Details 1 - Start operational code Start SFTOS (the same option as presented in the two-option startup menu). 2 - Change baud rate Invoke a menu that offers console speed settings from 9600 to 115kb. 3 - Retrieve event log using XMODEM (64KB). Upload a text file of the event log to an external folder through Xmodem running on the console.
Physical Port Data To get information on the physical port, use the show port all command: Command Syntax Command Mode Purpose show port all Privileged Exec Displays the ports in unit/slot/port format and the following data for each port: Type - Indicates if the port is a special type of port Admin Mode - Selects the Port Control Administration State Physical Mode - Selects the desired port speed and duplex mode Physical Status - Indicates the port speed and duplex mode Link Status - Indicates whether
Note: Keywords and parameters that are shown within braces in syntax statements must be entered in the CLI. Keywords and parameters that are shown separated by a bar in syntax statements require you to choose one. Parameters in italics are variables for which you substitute a value. see Command Syntax Conventions on page 39.
Configuring the Management VLAN IP Address To configure the management VLAN IP address, use the following commands: Command Syntax Command Mode Purpose show interface managementethernet Privileged Exec Displays the Network Configurations IP Address: IP Address of the interface. Default IP is 0.0.0.0 Subnet Mask: IP Subnet Mask for the interface. Default is 0.0.0.0 Default Gateway: The default Gateway for this interface. Default value is 0.0.0.
Example of Configuring the Ethernet Management Port (Force10 S2410) (Config)#serviceport ip 10.11.197.177 255.255.0.0 10.11.197.190 (Force10 S2410) (Config)#exit (Force10 S2410) #show serviceport IP Address..................................... Subnet Mask.................................... Default Gateway................................ ServPort Configured Protocol Current........... Burned In MAC Address.......................... 10.11.197.177 255.255.0.0 10.11.197.
Downloading from a TFTP Server 1. Before starting a TFTP server download, configure the management IP address of the switch; see Management IP Address on page 35. 2. To download from a TFTP server, use the following command: Command Syntax Command Mode Purpose copy tftp://ip address/ {nvram:startup-config | system:image} Privileged Exec Set the destination (download) datatype: For the SFTOS software image, use system:image. For a configuration file, use nvram:startup-config.
Chapter 3 Using the Command Line Interface The SFTOS command line interface (CLI) is one of the three major ways to manage the S2410, and is the most complete. The SFTOS Web User Interface (Web UI) is discussed in Chapter 4, Using the Web User Interface, and SNMP is addressed in SNMP Management Commands on page 94 in the Management chapter.
The following conventions apply to the command name: • • The command name is displayed in bold font. It must be entered exactly as shown. When you have entered enough letters of a command name to uniquely identify the command, you can press the space bar or Tab key to cause the system to complete the word. For more keyboard shortcuts (speedkeys), see Keyboard Shortcuts on page 43. Command Format Some commands, such as show inventory or clear vlan, do not require parameters.
Words in italics (also sometimes shown in brackets: ) indicate that a mandatory parameter must be entered in place of the brackets and text inside them. [parameter]—square brackets indicate that an optional parameter may be entered in place of the brackets and text inside them. choice1 | choice2—pipe indicates that only one of the parameters should be entered. {parameter}—curly braces indicate that a parameter must be chosen from the list of choices.
unit/slot/port—Valid slot and port number separated by forward slashes. For example, 0/1 represents slot number 0 and port number 1. logical unit/slot/port—Logical unit, slot and port number. This is applicable in the case of a link aggregation group (LAG; also called a port channel). The operator can use the logical unit/slot/port to configure the LAG. character strings—Use double quotation marks to identify character strings, for example, “System Name with Spaces”. An empty string (“”) is not valid.
Keyboard Shortcuts The following key combinations (speedkeys, special characters) speed up use of the CLI: Backspace—delete previous character Ctrl-A—go to beginning of line Ctrl-B—go backward one character Ctrl-D—delete current character Ctrl-E—go to end of line Ctrl-F—go forward one character Ctrl-H—display command history or retrieve a command Ctrl-I—complete a keyword Ctrl-K—delete to end of line Ctrl-N—go to next line in history buffer Ctrl-P—go to previous line in history buffer Ctrl-T—transpose previ
• Type a partial keyword followed by a ? A display of keywords beginning with the partial keyword is listed. Figure 4 illustrates the results of entering ? to get a list of possible keywords. (Force10) #show ? access-lists arp authentication bootpdhcprelay class-map classofservice diffserv dot1q-tunnel dot1x dvlan-tunnel forwardingdb garp gmrp gvrp hardware igmpsnooping interface interfaces ip logging --More-- or (q)uit Display Access List information. Display Address Resolution Protocol cache.
The following command-mode tree diagram provides an overview of the names of the modes and how they relate to each other. The User Exec mode at the top of the tree is the mode you enter when you access the CLI. Mode-based Topology As detailed above, the CLI is built on a mode concept, where related commands are grouped together within modes that you access with particular mode-access commands. The mode-access commands are listed in Table 3 on page 47.
Figure 5 CLI Mode Diagram Note: In Release 2.4.1, you access the Interface VLAN mode from the Global Config mode with the command interface vlan vlanid. Note: Some modes listed in Table 3 are unavailable in SFTOS 2.4.1, including the Stacking mode and Layer 3 protocol modes, such as OSPF and RIP. Access to all commands beyond the User Exec mode can be restricted through the enable password, which you set with the enable passwd command. See enable passwd on page 142.
The following table shows the relationship of the command mode names to the prompts visible in the mode and the exit method from that mode. The first three rows in the table are organized in the sequence in which you would access the child modes. Beyond the Global Config mode, the modes are either accessed from the Global Config mode or from the mode listed in the row above. The hostname in the Prompt column is a placeholder for the prompt name that you create using the hostname command.
Table 3 Command Modes Command Mode Mode Access Method Prompt Mac Access List Config In the Global Config mode, hostname (Mac-Access-List enter the mac access-list Config)# extended command To exit to the Global Config mode, enter the exit command. To return to the User Exec mode, enter Ctrl-Z. TACACS Config In the Global Config mode, enter the tacacs-server To exit to the Global Config mode, enter the exit command. To return to the User Exec mode, enter Ctrl-Z.
In this mode, a physical port is set up for a specific logical connection operation. The Interface Config mode provides access to the router interface configuration commands. Command Prompt: hostname (Interface )# The resulting prompt sequence for the interface configuration command entered in the Global Configuration mode is shown here: hostname (Config)# interface /1 hostname (Interface /1)# DHCP Pool Config Mode. Use the ip dhcp pool pool-name command to access the DHCP Pool Config.
TACACS Config Mode. Use this mode to configure the connection parameters to a TACACS+ user authentication server. VLAN Mode. (formally called the Interface Vlan Config mode, or more simply, the Interface Vlan mode) This mode groups all the commands pertaining to VLANs. Command Prompt: hostname (conf-if-vl-vlan-id)# Note: Before Release 2.3, the VLAN mode was accessed from the Privileged Exec mode. With Release 2.
Chapter 4 Using the Web User Interface This chapter covers the following topics: • • • • Configuring for Web Access on page 52 Web Page Layout on page 52 Starting the Web User Interface on page 52 Command Buttons on page 53 This chapter is a brief introduction to the SFTOS Web User Interface (Web UI), enabling you to manage your switch through a Web browser and Internet connection. To access the switch, the Web browser must support: • • • HTML version 4.0 or later HTTP version 1.
Configuring for Web Access To enable Web browser access to the switch: 1. Configure the switch for in-band connectivity. See Management IP Address on page 35. 2. Enable HTTP Web access to the switch with either the ip http server enable command or ip http secure-server enable (for details, see Hypertext Transfer Protocol (HTTP) Commands on page 195). Web Page Layout An SFTOS Web UI panel consists of three frames. Frame 1, across the top, displays a banner graphic of the switch.
3. Make your selection by clicking on the appropriate item in the navigation tree in Frame 2. Command Buttons The following command buttons are used throughout the Web UI panels: Save—Implements and saves the changes you just made. Some settings may require you to reset the system in order for them to take effect. Refresh—The Refresh button that appears next to the Apply button in Web interface panels refreshes the data on the panel. Submit—Send the updated configuration to the switch.
Using the Web User Interface
Chapter 5 System Management Commands The commands in this chapter either manage the switch in general, configure management interfaces, or show current management settings. For every configuration command, there is a show command that displays the configuration setting.
dir • • • • • • • • • • • • • • • • • • • • network protocol on page 62 protocol on page 63 serviceport ip on page 63 serviceport protocol on page 64 show arp switch on page 64 show hardware on page 65 show interface on page 65 show interface ethernet on page 67 show interface managementethernet on page 75 show interface switchport on page 76 show interfaces on page 77 show logging on page 78 show mac-addr-table on page 78 show msglog on page 80 show network on page 81 show running-config on page 81 show
hostname Example Force10 #dir nvram RamDiskVol:filesystem> . .. sslt.rnd dhcpsLeases.cfg startup-config 1024 85088 6392 Filesystem size 4179968 Bytes used 92504 Bytes free 4087464 CodeStorVol:> log2.bin slog0.txt olog0.txt mrt.log --More-- or (q)uit 131040 0 0 0 Filesystem size 20022272 Bytes used 131040 Bytes free 19891232 Force10# Figure 7 Example of dir nvram Command Output hostname Change the text that appears as part of the CLI prompt.
interface managementethernet interface managementethernet This command invokes the Interface ManagementEthernet mode (uses the(Config-if-ma)# prompt), where you can set up a management IP interface. For details on management interfaces, see the Management chapter of the SFTOS Configuration Guide. Syntax Mode Command History Usage Information interface managementethernet Global Config Version 2.
mac-address The value for ipaddr is the IP Address of the management interface. This is the IP address that you would enter in your Web browser to access the SFTOS Web User Interface. The value for subnetmask is a 4-digit dotted-decimal number which represents the subnet mask of the interface. Enter no ip address to remove the IP Address and subnet mask. Mode (Config-if-ma)# prompt within the Global Config mode Command History Version 2.
management route default Default Mode Command History Related Commands None Interface ManagementEthernet Version 2.3 Introduced. Replaces the network mac-type command. interface managementethernet Invokes the Interface ManagementEthernet mode, the (Config-if-ma)# prompt. management route default This command sets the IP gateway of the switch. The management IP address (configured with the ip address, above) and the gateway must be on the same subnet.
mtu Example (s50-1) (Config)#management route default 10.10.1.254 (s50-1) (Config)#interface managementethernet (Config-if-ma)#ip address 10.10.1.251 255.255.255.0 (Config-if-ma)#exit (s50-1) (Config)#ip http server enable (s50-1) (Config)#exit (s50-1) # (s50-1) #show interface managementethernet IP Address..................................... Subnet Mask.................................... Default Gateway................................ Burned In MAC Address..........................
network mac-address network mac-address This command is replaced by the mac-address command in Version 2.3. Mode Command History Privileged Exec Version 2.3 Introduced. Replaced by the mac-address command. network mac-type This command is replaced by the mac-type command in Version 2.3. Mode Command History Privileged Exec Version 2.3 Introduced. Replaced by the mac-type command. network parms Command History Version 2.
protocol protocol This command specifies the network configuration protocol to be used for the management VLAN. Syntax protocol {none | bootp | dhcp} If you modify this value, the change is effective immediately. The bootp keyword indicates that the switch periodically sends requests to a Bootstrap Protocol (BootP) server or a DHCP server until a response is received. The none keyword indicates that the switch should be manually configured with IP information.
serviceport protocol Related Commands serviceport protocol Set the network configuration protocol to be used for configuring access to the Ethernet Management port. show serviceport Display the IP configuration and MAC address of the Ethernet Management port. serviceport protocol This command specifies the network configuration protocol to be used for configuring access to the Ethernet Management port.
show hardware MAC Address—A unicast MAC address for which the switch has forwarding and/or filtering information. The format is 6 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB IP Address—The IP address assigned to each interface unit/slot/port—Valid unit, slot and port number separated by forward slashes. show hardware This command displays inventory information for the switch.
show interface Enter the port number of a particular port to query, where unit is the stack member, slot is always 0 (zero), and port is the port number. Mode Web User Interface Usage Information Privileged Exec Inventory Information panel, accessed from the System node The show interface command accepts other keywords besides unit/slot/port. See those syntax statements following this one. Figure 9 shows an example of the show interface report when the argument is unit/slot/ port.
show interface ethernet Related Commands ip address (management) Configures the IP address of the management interface. show interface ethernet Displays detailed statistics for a specific port or for all CPU traffic based upon the argument. show interface switchport Displays a summary of statistics on Layer 2 interfaces. show interface managementethernet Displays information about the management interface to the switch.
show interface ethernet Example 1 (Force10) #show interface ethernet switchport Total Packets Received (Octets)................ Unicast Packets Received....................... Multicast Packets Received..................... Broadcast Packets Received..................... Receive Packets Discarded...................... 40648140 324 307772 3 0 Octets Transmitted............................. Packets Transmitted Without Errors............. Unicast Packets Transmitted....................
show interface ethernet Table 7 Fields in Output of show interface ethernet switchport Command (continued) Field Description Broadcast Packets Transmitted The total number of packets that higher-level protocols requested be transmitted to the Broadcast address, including those that were discarded or not sent Transmit Packets Discarded The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol.
show interface ethernet The show interface ethernet display fields, when the argument is unit/slot/port, are as follows: Table 8 Fields in Output of show interface ethernet unit/slot/port Command Field Description Packets Received 70 Type Indicates current type of use of the port, such as “PC Mbr” to indicate port channel member, “Mirror” to indicate source port for port-mirroring, “Probe” to indicate destination port for mirroring, and, most commonly, “Normal”.
show interface ethernet Table 8 Fields in Output of show interface ethernet unit/slot/port Command (continued) Field Description Packets Received 1519-1522 Octets The total number of packets (including bad packets) received that were between 1519 and 1522 octets in length inclusive (excluding framing bits but including FCS octets).
show interface ethernet Table 8 Fields in Output of show interface ethernet unit/slot/port Command (continued) Field Description Local Traffic Frames The total number of frames dropped in the forwarding process because the destination address was located off of this port. 802.3x Pause Frames Received A count of MAC Control frames received on this interface with an opcode indicating the PAUSE operation. This counter does not increment when the interface is operating in half-duplex mode.
show interface ethernet Table 8 Fields in Output of show interface ethernet unit/slot/port Command (continued) Field Description Packets Transmitted 1024-1518 Octets The total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets) Packets Transmitted 1519-1522 Octets The total number of packets (including bad packets) received that were between 1519 and 1522 octets in length inclusive (excluding fra
show interface ethernet Table 8 Fields in Output of show interface ethernet unit/slot/port Command (continued) Field Description VLAN Viable Discards The number of frames discarded on this port when a lookup on a particular VLAN occurs while that entry in the VLAN table is being modified, or if the VLAN has not been configured Protocol Statistics BPDU's received The count of BPDUs (Bridge Protocol Data Units) received in the spanning tree layer BPDU's Transmitted The count of BPDUs (Bridge Protocol D
show interface managementethernet show interface managementethernet This command displays information about the management address of the switch. Syntax Mode Command History Usage Information show interface managementethernet Privileged Exec Version 2.3 Modified: Added the keyword managementethernet to show interface to provide the information that had been available through the show network command.
show interface switchport Related Commands ip address (management) Configures the IP address of the management VLAN. show interface Displays detailed statistics for a specific port or for all CPU traffic based upon the argument. show interface switchport Displays a summary of statistics on Layer 2 interfaces. show interface ethernet Displays detailed statistics for a specific ethernet port or for all CPU traffic based upon the argument.
show interfaces Table 10 Fields in Output of show interface switchport Command Related Commands Field Description VLAN Entries Currently In Use The number of VLAN entries presently occupying the VLAN table. Time Since Counters Last Cleared The elapsed time, in days, hours, minutes, and seconds since the statistics for this switch were last cleared. ip address (management) Configures the IP address of the management interface.
show logging Usage Information The following example shows sample output of the show interfaces description command with an interface specified in the unit/slot/port form: Example Force10#show interfaces description 1/0/1 Interface.......1/0/1 IfIndex.........1 Description.....1/0/1 is access port MAC Address.....00:01:E8:D5:BA:C0 Bit Offset Val..
show mac-addr-table Parameters Mode macaddr (OPTIONAL) Enter a 6 byte Mac address. all (OPTIONAL) Enter all to get results for all interfaces. interface unit/slot/port (OPTIONAL) To show MAC addresses on a particular interface, enter the keyword interface followed by the interface unit, slot, and port. This can be a physical or logical interface. vlan VLAN_ID (OPTIONAL) To show MAC addresses on a particular interface, enter the keyword vlan followed by the VLAN_ID.
show msglog Static—The value of the corresponding instance was added by the system or a user when a static MAC filter was defined. It cannot be relearned. Learned—The value of the corresponding instance was learned by observing the source MAC addresses of incoming traffic, and is currently in use. Management—The value of the corresponding instance (system MAC address) is also the value of an existing instance of dot1dStaticAddress.
show network show network Command History Related Commands Version 2.3 Deprecated: The keyword managementethernet in the command show interface provides the information that had been available through this command. show interface managementethernet Displays information about the management address of the switch. show running-config This command is used to display/capture the current setting of different protocol packages supported on the switch.
show serviceport Example (S50-TAC-5) #show running-config all !Current Configuration: ! hostname "S50-TAC-5" no set gmrp adminmode no set gvrp adminmode telnetcon timeout 5 telnetcon maxsessions 5 ip telnet server enable network protocol none network parms 172.17.1.222 255.255.255.0 172.17.1.
show sysinfo Example (Force10 S2410) #show serviceport IP Address..................................... Subnet Mask.................................... Default Gateway................................ ServPort Configured Protocol Current........... Burned In MAC Address.......................... Link Status.................................... 10.11.197.177 255.255.0.0 10.11.197.
show version Mode Privileged Exec Table 12 Fields in Output of show sysinfo Command Field Description Switch Description Text used to identify this switch System Name Name used to identify the switch System Location Text used to identify the location of the switch. May be up to 31 alpha-numeric characters. The factory default is blank System Contact Text used to identify a contact person for this switch. May be up to 31 alpha-numeric characters.
show version Table 13 Fields in Output of show version Command (continued) Headings Explanation Burned in MAC Address Universally assigned network address Software Version The release.version.revision number of the code currently running on the switch Additional Packages This displays the additional packages that are incorporated into this system, such as SFTOS Multicast. 10/100 Ethernet/802.3 interface(s) Gig Ethernet/802.3 interface(s) 10Gig Ethernet/802.3 interface(s) Virtual Ethernet/802.
show tech-support Table 13 Fields in Output of show version Command (continued) Headings Explanation RFC 2863 - IF-MIB The Interfaces Group MIB using SMIv2 RFC 3635 - Etherlike-MIB Definitions of Managed Objects for the Ethernet-like Interface Types F10OS-SWITCHING-MIB F10OS Switching - Layer 2 F10OS-INVENTORY-MIB F10OS Unit and Slot configuration F10OS-PORTSECURITY-PRIVATE-MIB Port Security MIB IEEE8021-PAE-MIB Port Access Entity module for managing IEEE 802.
vlan participation (management) Related Commands show hardware Inventory information for the switch show logging Trap log maintained by the switch, and event log, containing error messages from the system show port Port information show running-config Updated configuration maintained by the switch. show version Details of the software/hardware present on the system vlan participation (management) This command assigns the management VLAN of the switch.
ip telnet maxsessions • • telnetcon maxsessions on page 91 telnetcon timeout on page 90 ip telnet maxsessions This command specifies the maximum number of Telnet connection sessions that can be established. Syntax ip telnet maxsessions 0-5 A value of 0 indicates that no Telnet connection can be established. The range is 0 to 5. The command no telnet maxsessions sets the maximum number of Telnet connection sessions that can be established to the default value.
ip telnet server enable Command History Version 2.3 Changed from telnetcon timeout and moved from Privileged Exec mode to Global Config. ip telnet server enable Enable or disable Telnet services. Syntax Mode [no] telnet server enable Global Config Command History Version 2.3 Related Commands Modified: Moved from Privileged Exec mode to Global Config mode. ip ssh server enable Enable/disable SSH services.
show telnet The no version of this command sets the outbound Telnet session timeout value to the default. Default Mode 1 (minute) Line Config show telnet This command displays the current outbound telnet settings. Syntax show telnet Modes Privileged Exec and User Exec Outbound Telnet Login Timeout (in minutes)—Indicates the number of minutes an outbound telnet session is allowed to remain inactive before being logged off. A value of 0, which is the default, results in no timeout.
telnetcon maxsessions telnetcon maxsessions Command History Version 2.3 Modified: Changed to ip telnet maxsessions Serial Commands This section describes the following SFTOS system management commands pertaining to console port connections (serial connections, EIA-232): • lineconfig on page 91 • serial baudrate on page 91 • serial timeout on page 92 • show serial on page 92 lineconfig This command accesses the Line Config mode from the Global Config mode.
serial timeout The no serial baudrate command sets the communication rate of the terminal interface to the 9600 default. Default Mode 9600 Line Config serial timeout This command specifies the maximum connect time (in minutes) without console activity. Syntax serial timeout 0-160 A value of 0 means no console timeout. The range is 0 to 160 minutes. The no serial timeout command sets the maximum connect time (in minutes) without console activity to the 5-minute default.
show serial Table 14 Fields of show serial Command Output Field Description Serial Port Login Timeout (minutes) Specifies the time, in minutes, of inactivity on a serial port connection, after which the switch will close the connection. Any numeric value between 0 and 160 is allowed, the factory default is 5. A value of 0 disables the timeout Baud Rate The default baud rate at which the serial port will try to connect.
show serial SNMP Management Commands This section describes the SNMP system management commands supported by SFTOS: • show snmpcommunity on page 95 • show snmptrap on page 95 • show trapflags on page 96 • snmp-server on page 97 • snmp-server community on page 97 • no snmp-server community on page 97 • snmp-server community ipaddr on page 98 • snmp-server community ipmask on page 98 • snmp-server community mode on page 98 • snmp-server community ro on page 99 • snmp-server community rw on page 99 • snmp-ser
show snmpcommunity show snmpcommunity This command displays SNMP community information. Six communities are supported. You can add, change, or delete communities. The switch does not have to be reset for changes to take effect. The SNMP agent of the switch complies with SNMP Version 1 (for more about the SNMP specification, see the SNMP RFCs). The SNMP agent sends traps through TCP/IP to an external SNMP manager based on the SNMP configuration (the trap receiver and other SNMP community parameters).
show trapflags Table 16 Fields of show snmptrap Command Report Field Description SNMP Trap Name The community string of the SNMP trap packet sent to the trap manager. This may be up to 16 alphanumeric characters. This string is case sensitive. IP Address The IP address to receive SNMP traps from this device. Enter four numbers between 0 and 255 separated by periods. Status Indicates the receiver's status (enabled or disabled) show trapflags This command displays trap conditions.
snmp-server snmp-server This command sets the name and the physical location of the switch, and the organization responsible for the network. The range for name, location, and contact is from 1 to 31 alphanumeric characters. Syntax snmp-server {sysname name | location loc | contact con} Default None Mode Global Config snmp-server community This command adds (and names) a new SNMP community.
snmp-server community ipaddr snmp-server community ipaddr This command sets a client IP address for an SNMP community. The address is the associated community SNMP packet-sending address and is used along with the client IP mask value to denote a range of IP addresses from which SNMP clients may use that community to access the device. A value of 0.0.0.0 allows access from any IP address. Otherwise, this value is ANDed with the mask to determine the range of allowed client IP addresses.
snmp-server community ro status is changed back to Enable.The no version of this command deactivates an SNMP community. If the community is disabled, no SNMP requests using this community are accepted. In this case the SNMP manager associated with this community cannot manage the switch until the Status is changed back to Enable. Syntax [no] snmp-server community mode name Default Enable Mode Global Config snmp-server community ro This command restricts access to switch information.
snmp-server enable traps linkmode Mode Command History Global Config Version 2.3 Introduced Note: The CLI indicates successful execution of this command, and the show trapflags report shows successful execution of the command, but this trap is not currently supported. Related Commands storm-control broadcast Enable broadcast storm recovery mode. show storm-control Display switch configuration information.
snmp-server enable traps stpmode snmp-server enable traps stpmode This command enables the sending of new root traps and topology change notification traps. Syntax [no] snmp-server enable traps stpmode The no version of this command disables the sending of new root traps and topology change notification traps.
snmptrap Command History Version 2.3 Corrected from snmp-server enable traps snmptrap This command adds an SNMP trap receiver name and trap receiver IP address. The maximum name length is 16 case-sensitive alphanumeric characters. Syntax [no] snmptrap name ipaddr The no version of this command deletes the specified trap receiver from the community. Mode Global Config snmptrap ipaddr This command assigns an IP address to a specified community name.
snmp trap link-status snmp trap link-status This command enables link status traps by interface. Syntax [no] snmp trap link-status The no version of this command disables link status traps by interface. Note: This command is valid only when the Link Up/Down Flag is enabled. See snmp-server enable traps linkmode command. Mode Command History Related Commands Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#. Version 2.
snmptrap snmpversion 104 System Management Commands
Chapter 6 System Configuration Commands This chapter provides a detailed explanation of the system configuration commands in the following major sections: • System Configuration Commands • Virtual LAN (VLAN) Commands on page 120 • System Utility Commands on page 138 • Configuration Scripting on page 146 Note: For Link Aggregation Group (LAG) (also called port channel) commands, see Chapter 15, LAG/Port Channel Commands, on page 249.
bridge aging-time • • • • • • • MAC Database Commands show mac-address-table multicast on page 115 show mac-address-table stats on page 116 show monitor session on page 116 show port on page 117 show port protocol on page 119 shutdown (Interface) on page 119 shutdown all on page 119 To configure and view information about the MAC databases, see the following commands in this section: • • • • bridge aging-time on page 106 show forwardingdb agetime on page 114 show mac-address-table multicast on page 115
enable Syntax Command Modes Usage Information configure Privileged Exec Users executing this command enter the Global Config mode, which provides access to many commands within that mode. Also, this mode is a gateway to all other more protocol-specific modes except the VLAN mode. For details on modes, see Chapter 3, Using the Command Line Interface, on page 39.
interface Related Commands enable passwd Configure a password for the enable command. configure Use this command to access the Global Config mode from the Exec Privilege mode. interface This command accesses the Interface Config mode for a designated logical or physical interface. The Interface Config mode provides access to configuration commands for the specified interface. Syntax interface unit/slot/port The unit/slot/port is a valid physical or logical port number.
interface range ethernet range,range,... Parameters Enter the keyword ethernet and one or more ports separated by hyphens and commas in this form: ethernet unit/slot/port - port,unit/slot/port - port. Spaces are not allowed around commas or hyphens. Example: ethernet 1/0/1-1/0/10,1/0/40-1/0/45 port-channel range,range,...
interface range Range and Port Channel Range prompts within that mode are displayed in the Link Aggregation chapter (LAGs) in the SFTOS Command Reference. Example (s50-1) (conf-if-range-et-1/0/10-1/0/11)#? addport auto-negotiate classofservice cos-queue deleteport description dot1x exit gmrp gvrp igmp ip mac mode mtu port port-channel port-security protocol service-policy --More-- or (q)uit set shutdown snmp snmp-server spanning-tree speed traffic-shape vlan Add this port to a port-channel.
interface range Example Force10(config)#interface range vlan 10 - 20 % Warning: Non-existing ports (not configured) are ignored by interface-range (conf-if-range-vlan 10-20)# Figure 22 Bulk Configuration Warning Message Figure 23 is an example of a correctly formatted single range bulk configuration.
monitor session monitor session This command adds a mirrored port (source port) or probe port (destination port) to a session identified with the session ID of 1. In all released versions of SFTOS, the session is always 1. Syntax Parameters [no] monitor session 1 {destination interface unit/slot/port | source interface unit/slot/port | mode} destination interface unit/slot/port Specify the probe port (target port).
monitor session 1 mode monitor session 1 mode This command sets the monitor session (port monitoring) mode to enabled. The probe and monitored ports must be configured before port monitoring can be enabled. When enabled, the probe port monitors all traffic received and transmitted on the physical monitored port. It is not necessary to disable port monitoring before modifying the probe and monitored ports.
no monitor session 1 no monitor session 1 This command removes all the source ports and a destination port of the mirroring session and restore the default value for mirroring session mode. The 1 or session-id parameter is an integer value used to identify the session. In the current version of the software, the session-id parameter is always 1. This is a stand-alone “no” command. This command does not have a “normal” form.
show mac-address-table multicast igmpsnooping—Display IGMP Snooping entries in the MFDB table. multicast—Display Multicast Forwarding Database Table information. stats—Display MFDB statistics. Mode Field Descriptions Privileged Exec Total Entries—This displays the total number of entries that can possibly be in the Multicast Forwarding Database table. Most MFDB Entries Ever Used—This displays the largest number of entries that have been present in the Multicast Forwarding Database table.
show mac-address-table stats Description—The text description of this multicast table entry. Interfaces—The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:). Forwarding Interfaces—The resultant forwarding list is derived from combining all the component’s forwarding interfaces and removing the interfaces that are listed as the static filtering interfaces.
show port Syntax Mode show monitor session 1 Privileged Exec Example Force10 #show monitor session 1 Session ID ---------1 Admin Mode ---------Enable Probe Port ---------2/0/26 Mirrored Port ------------1/0/1 Figure 27 Command Example: show monitor session 1 Field Descriptions Session ID—In all released versions of SFTOS, the session is always 1. Admin Mode—Indicates whether the Port Mirroring feature is enabled or disabled. The possible values are Enable and Disable.
show port Example Force10 S2410 #show port all Admin Physical Physical Link Link LACP Flow Interface Type Mode Mode Status Status Trap Mode Mode ---------- ------ ------- ---------- ---------- ------ ------- ------- ------0/1 Enable 10G Full Down Enable Enable Disable 0/2 Enable 10G Full Down Enable Enable Disable 0/3 Enable 10G Full Down Enable Enable Disable 0/4 Enable 10G Full Down Enable Enable Disable 0/5 PC Mbr Enable 10G Full 10G Full Up Enable Enable Disable 0/6 Enable 10G Full 10G Full Up Enable E
show port protocol show port protocol This command displays the protocol-based VLAN information for either the entire system, or for the indicated group. Syntax Mode show port protocol groupid Privileged Exec Group Name—This field displays the group name of an entry in the protocol-based VLAN table. Group ID—This field displays the group identifier of the protocol group. Protocol(s)—This field indicates the type of protocol(s) for this group.
shutdown all Syntax [no] shutdown all Default enabled Mode Global Config Virtual LAN (VLAN) Commands In SFTOS 2.4.1, the interface vlan command is the starting point for VLAN configuration. Executing the command creates a new VLAN and invokes the Interface VLAN mode, where all VLAN configuration commands reside for the specified VLAN. You execute this interface vlan command (see interface vlan on page 123) from the Global Config mode.
clear vlan • • • • • • • • • • • • • • • • • • • • • • • • • participation (VLAN) on page 126 priority (VLAN) on page 126 protocol group on page 127 protocol vlan group on page 127 protocol vlan group all on page 128 pvid (VLAN) on page 128 show vlan on page 129 show vlan port on page 130 tagged on page 131 untagged on page 132 vlan on page 132 vlan acceptframe on page 133 vlan database on page 133 vlan ingressfilter on page 133 vlan participation (interface) on page 133 vlan participation all on page 134
description Mode Related Commands Privileged Exec show vlan Displays information about VLANs, either detailed information for a specific VLAN or summary information for all configured VLANs. show port Displays port information for a selected port or for all ports description Enter a description for the selected interface (port or VLAN). Syntax [no] description description The description allows spaces if you surround the statement with single or double quotes.
encapsulation (VLAN) show interfaces Displays information, including the description, about a selected interface. show running-config Display/capture the current setting of different protocol packages supported on the switch. encapsulation (VLAN) This command configures the link layer encapsulation type for the packet within the VLAN. Acceptable encapsulation types are Ethernet and SNAP.
makestatic Usage Information After using this command to access the Interface VLAN mode (the prompt for the Interface VLAN mode is (conf-if-vl-)#), you can configure the selected VLAN. You can also make configuration changes to a VLAN in the Interface Range mode (see interface range on page 108) and the Interface Config mode (see interface on page 108). For details on modes, see Chapter 3, Using the Command Line Interface, on page 39.
mtu (VLAN) Mode Interface VLAN Command History Version 2.3 Related Commands show vlan Displays information about VLANs, either detailed information for a specific VLAN or summary information for all configured VLANs. show port Displays port information for a selected port or for all ports Changed from vlan makestatic to makestatic and moved to Interface VLAN mode. mtu (VLAN) This command sets the MTU (Maximum Transmission Unit) of the selected VLAN.
network mgmt_vlan Command History Version 2.3 Related Commands show vlan Displays information about VLANs, either detailed information for a specific VLAN or summary information for all configured VLANs. show port Displays port information for a selected port or for all ports Modified: Changed from vlan name to name and mode changed from VLAN database to Interface VLAN. Removed ID range variable. network mgmt_vlan Command History Related Commands Version 2.
protocol group protocol group This command attaches a group ID to the selected VLAN. A group can only be associated with one VLAN at a time. However, the VLAN association can be changed. The referenced VLAN should be created prior to the creation of the protocol-based VLAN, except when GVRP is expected to create the VLAN. Syntax [no] protocol group groupid The no version of this command removes the group ID from this VLAN. Default Mode Command History Related Commands None Interface VLAN Version 2.
protocol vlan group all Command History Related Commands Version 2.3 Added Interface Range mode. interface range Defines an interface range and accesses the Interface Range mode protocol vlan group all This command adds all physical interfaces to the protocol-based VLAN identified by groupid. A group may have more than one interface associated with it. Each interface and protocol combination can only be associated with one group.
show vlan show vlan This command displays information about VLANs, either detailed information for a specific VLAN or summary information for all configured VLANs. The ID is a valid VLAN identification number. Syntax Parameters Mode Command History Usage Information show vlan [brief | id vlanid | name | port] brief (OPTIONAL) Enter the keyword brief to display summary information for all configured VLANs.
show vlan port Q: “T” indicates that the port is tagged; “U” indicates untagged.
tagged Parameters Mode Command History unit/slot/port Enter interface in unit/slot/port format for retrieving information about the associated interface. all Enter all for retrieving information about all interfaces. Privileged Exec Version 2.1 Introduced Example Force10-S50 #show Port Interface VLAN ID --------- ------1/0/1 1 vlan port 1/0/1 Acceptable Ingress Default Frame Types Filtering GVRP Priority ------------ ----------- ------- -------Admit All Enable Disable 0 Protected Port ...........
untagged Usage Information Related Commands The tagged command includes the functionality of the participation include command and the acceptframe vlanOnly command. For details, see the VLAN chapter in the SFTOS Configuration Guide. show vlan Displays information about VLANs, either detailed information for a specific VLAN or summary information for all configured VLANs.
vlan acceptframe vlan acceptframe This command sets the frame acceptance mode per interface. Mode Command History Related Commands Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#. Version 2.3 Deprecated tagged Adds the designated interface to the selected VLAN as a tagged interface. untagged Adds the designated interface to the selected VLAN as an untagged interface. vlan database Command History Version 2.
vlan participation all Command History Related Commands Version 2.3 Deprecated vlan participation (management) In the Interface ManagementEthernet mode, this command assigns the management VLAN of the switch. vlan participation all This command configures the degree of participation for all interfaces in a VLAN. The ID is a valid VLAN identification number. Mode Command History Related Commands Global Config Version 2.3 Deprecated tagged Configure a tagged interface in the selected VLAN.
vlan port tagging all Mode Global Config Command History Version 2.3 Related Commands show vlan Displays information about VLANs, either detailed information for a specific VLAN or summary information for all configured VLANs. show port Displays port information for a selected port or for all ports Deprecated vlan port tagging all This command sets the tagging behavior for all interfaces in a VLAN to enabled. Command History Related Commands Version 2.
vlan protocol group vlan protocol group This command adds a protocol-based VLAN group to the system. The groupname is a character string of 1 to 16 characters. When it is created, the protocol group will be assigned a unique number that will be used to identify the group in subsequent commands. Syntax Mode vlan protocol group groupname Global Config vlan protocol group add protocol This command adds the protocol to the protocol-based VLAN identified by groupid.
vlan pvid vlan pvid This command changes the VLAN ID per interface. Mode Command History Related Commands Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#. Version 2.3 Deprecated tagged Adds the designated interface to the selected VLAN as a tagged interface. untagged Adds the designated interface to the selected VLAN as an untagged interface.
clear config System Utility Commands This section describes system utilities. The commands are divided into two functional groups: • • Show commands display switch settings, statistics, and other information. Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
clear port-channel Syntax Mode clear counters {unit/slot/port | all} Privileged Exec clear port-channel This command clears all port-channels (LAGs). Syntax Mode clear port-channel Privileged Exec clear traplog This command clears the trap log. Syntax Mode clear traplog Privileged Exec clear igmpsnooping This command clears the tables managed by the IGMP Snooping function and will attempt to delete these entries from the Multicast Forwarding Database.
copy • • • • • Event log (also called the error log or the persistent log) (nvram:errorlog) Buffered message log (also called the System log) (nvram:log) startup configuration (nvram:startup-config) trap log (nvram:traplog) See also copy (clibanner).
copy (clibanner) The following command copies from the switch system memory to flash memory: copy system:running-config nvram:startup-config Note: This command creates a text-based startup-config file. Parameters Default Mode Command History Related Commands tftp_server_ip_address Enter the URL of the TFTP server in IPv4 address format: xxx.xxx.xxx.xxx path/filename Enter the path on the TFTP server and the filename. If the file resides in the root directory, then you can simply enter the filename.
enable passwd cannot be created on the switch. Instead, create the banner file using a text editor, put it on your TFTP server, and then download it to the switch. Syntax copy tftp://tftp_server_ip_address/filepath nvram:clibanner Reversing the sequence of the command parameters uploads the text file from the switch: copy nvram:clibanner tftp://tftp_server_ip_address/filepath The no clibanner command removes the CLI banner.
logout Syntax Parameters Mode Command History enable passwd password password Enter a text string, up to 32 characters long, as the clear text password. Global Config Version 2.3 Modified: Moved from Privileged Exec mode to Global Config mode. logout Close the current Telnet connection or reset the current serial connection. Note: Save configuration changes before logging out.
ping ping This command checks if another computer is on the network and listens for connections. To use this command, configure the switch for network (in-band) connection. The source and target devices must have the ping utility enabled and running on top of TCP/IP. The switch can be pinged from any IP workstation with which the switch is connected through the default VLAN (VLAN 1), as long as there is a physical path between the switch and the workstation.
terminal length terminal length Configure the number of lines to be displayed on the terminal screen in one page of output of “show” commands. Syntax Parameters Defaults Mode Command History Usage Information Related Commands terminal length number-of-lines number-of-lines Enter the number of lines that you want the output to display before pausing. Entering zero (0) will cause the terminal to display without pausing. Range: 0|5 to 512. (1-4 cannot be set.) Default: 24 lines.
write write The functionality of this command is the same as for the copy system:running-config nvram:startup-config command, to save the running configuration to NVRAM, which would be used while the system is re-booted the next time. The write command defaults to write memory. Syntax write memory Mode Privileged Exec Related Commands copy Uploads and downloads to/from the switch.
script apply script apply This command applies the commands in the configuration script to the switch. The apply command backs up the running configuration and then starts applying the commands in the script file. Application of the commands stops at the first failure of a command. The scriptname parameter is the name of the script to be applied.
script show script show This command displays the contents of a script file. The parameter scriptname is the name of the script file. Syntax Mode script show scriptname Privileged Exec The format of display is: Line : script validate This command validates a configuration script file by parsing each line in the script file where scriptname is the name of the script to be validated. The validation will stop at the first failure of a command.
Chapter 7 System Log This chapter provides a detailed explanation of the following Syslog commands: • • • • • • • • • • • • • • logging buffered on page 149 logging buffered wrap on page 150 logging cli-command on page 150 logging console on page 151 logging host on page 151 logging host reconfigure on page 152 logging host remove on page 152 logging persistent on page 152 logging port on page 152 logging syslog on page 153 show logging on page 153 show logging buffered on page 154 show logging hosts on
logging buffered wrap Use no logging buffered to disable logging to the in-memory log. Default Mode Related Commands disabled; critical Global Config logging buffered wrap Enables wrapping of in-memory logging when full capacity is reached. logging cli-command Enables logging to the System Log of all Command Line Interface (CLI) commands issued on the system. logging console Enables logging of System log messages to the console.
logging console logging console This command enables logging of System log messages to the console. Syntax logging console [severitylevel] The severitylevel value is specified through one of the following keywords or the keyword’s representative integer, as shown here: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), informational (6), debug (7). Note that the severity level set here does not change the severity level set for the System log messages saved in RAM.
logging host reconfigure logging host reconfigure This command enables you to revise the IP address of a configured syslog host. Syntax logging host reconfigure host-id hostaddress Use show logging hosts to learn association of host-id with hostaddress. Mode Command History Global Config Version 2.3 Introduced logging host remove This command removes the identified host. Syntax logging host remove host-id Use show logging hosts to learn association of host-id with hostaddress.
logging syslog logging syslog This command enables logging to any configured syslog server. Syntax logging syslog Use no logging syslog to disable syslog logging. Default Mode disabled; local0 Global Config show logging This command displays a combination of the system log and event log (buffered log).
show logging buffered Fields in the report include: Logging Client Local Port—The port on the collector/relay to which syslog messages are sent CLI Command Logging—The mode for logging CLI commands, whether enabled or disabled Console Logging—The mode for console logging, whether enabled or disabled Console Logging Severity Filter—The minimum event severity to display to the console Buffered Logging—The mode for buffered logging, whether enabled or disabled Syslog Logging—The mode for logging to configured
show logging hosts Buffered Logging Wrapping Behavior—The behavior of the in-memory log when faced with a log-full situation. “On” when wrapping is enabled, “Off” when not. Buffered Log Count—The count of valid entries in the buffered log The System log messages follow the summary statistics. Related Commands logging buffered Enables logging of the System Log to RAM and any other enabled destination, including the console and any enabled syslog server.
show logging traplogs Fields in the report include: Index—An integer from 1 to 8, used for removing the associated syslog host IP Address—IP Address of the configured syslog host Severity—The minimum severity to log to the specified address Port—Server Port Number.This is the port on the local host from which syslog messages are sent. Status—The state of logging to configured syslog hosts. If the status is Active, logging occurs; if Disable, no logging occurs.
Chapter 8 User Account Commands Commands in this chapter manage user accounts. The commands are are comprised of two functional groups: • • Show commands display switch settings, statistics, and other information. Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
disconnect disconnect This command closes the designated remote session or all sessions. Syntax Mode disconnect {sessionID | all} Privileged Exec show loginsession This command displays current telnet and serial port connections to the switch. It also displays SSH sessions. Syntax Mode ID Parameters show loginsession Privileged Exec Login Session ID User Name—The name the user will use to login using the serial port or Telnet. A new user may be added to the switch by entering a name in a blank entry.
username passwd User Access Mode—Shows whether the operator is able to change parameters on the switch (Read/ Write) or is only able to view them (Read Only). As a factory default, the ‘admin’ user has Read/Write access. There can only be one Read/Write user and up to five Read Only users. SNMPv3 Access Mode—This field displays the SNMPv3 Access Mode. If the value is set to ReadWrite, the SNMPv3 user will be able to set and retrieve parameters on the system.
users snmpv3 accessmode users snmpv3 accessmode This command specifies the SNMP v3 access privileges for the specified login user. The valid accessmode values are readonly or readwrite. The username is the login user name for which the specified access mode applies. The default is readwrite for ‘admin’ user; readonly for all other users. The no version of this command sets the snmpv3 access privileges for the specified login user as readwrite for the ‘admin’ user; readonly for all other users.
users snmpv3 encryption If des is specified, the required key may be specified on the command line. The key may be up to 16 characters long. If the des protocol is specified but a key is not provided, the user will be prompted for the key. When using the des protocol, the user login password is also used as the snmpv3 encryption password and therefore must be at least eight characters in length. If none is specified, a key must not be provided.
users snmpv3 encryption 162 User Account Commands
Chapter 9 Security Commands This chapter provides a detailed explanation of the security commands available in the SFTOS software, presented in the following sections: • • • • • • • Port Security Commands Port-Based Network Access Control (IEEE 802.
port-security Implementation Notes • • • • If port security is enabled on a port, and then an ACL is applied to the port, the ACL is given precedence and port security is ignored. For example, if port security is applied, and then an ACL with a permit rule for a particular source address is applied, frames with that source address will be permitted.
port-security max-static Syntax port-security max-dynamic maxvalue no port-security max-dynamic Default Mode Command History Related Commands 600 Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#. Version 2.3 Added Interface Range mode.
port-security mac-address move no port-security mac-address mac-address vid Mode Command History Related Commands Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#. Version 2.3 Added Interface Range mode. interface range Defines an interface range and accesses the Interface Range mode port-security mac-address move This command converts dynamically locked MAC addresses to statically locked addresses.
show port-security dynamic Example Force10 #show port-security all Admin Dynamic Intf Mode Limit --------- ------- ---------1/0/1 Disabled 600 1/0/2 Disabled 600 1/0/3 Disabled 600 1/0/4 Disabled 600 1/0/5 Disabled 600 1/0/6 Disabled 600 1/0/7 Disabled 600 1/0/8 Disabled 600 1/0/9 Disabled 600 1/0/10 Disabled 600 1/0/11 Disabled 600 1/0/12 Disabled 600 1/0/13 Disabled 600 1/0/14 Disabled 600 1/0/15 Disabled 600 1/0/16 Disabled 600 1/0/17 Disabled 600 1/0/18 Disabled 600 --More-- or (q)uit --!output deleted
show port-security static show port-security static This command displays the statically locked MAC addresses for port. Syntax Mode show port-security static unit/slot/port Privileged Exec The one report field is: MAC Address—MAC Address of statically locked MAC show port-security violation This command displays the source MAC address of the last packet that was discarded on a locked port.
authentication login • • • • • • • • • dot1x timeout on page 174 dot1x user on page 175 show authentication on page 175 show authentication users on page 176 show dot1x on page 176 show dot1x users on page 179 show users authentication on page 179 users defaultlogin on page 180 users login on page 180 authentication login This command creates an authentication login list.
clear dot1x statistics The no version of this command deletes the specified authentication login list. The attempt to delete fails if any of the following conditions are true: • • The login list name is invalid or does not match an existing authentication login list The specified authentication login list is assigned to any user or to the non configured user for any component The login list is the default login list included with the default configuration and was not created using ‘authentication login’.
dot1x initialize Syntax Mode dot1x defaultlogin listname Global Config dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned. Syntax Mode Command History dot1x initialize unit/slot/port Global Config Version 2.3 Modified: Moved from Privileged Exec mode to Global Config mode.
dot1x port-control Default Mode Command History Related Commands 2 Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#. Version 2.3 Interface Range mode added interface range Defines an interface range and accesses the Interface Range mode dot1x port-control This command sets the authentication mode to be used on the specified port. The control mode may be one of the following.
dot1x re-authenticate Force-unauthorized—The authenticator PAE unconditionally sets the controlled port to unauthorized. Force-authorized—The authenticator PAE unconditionally sets the controlled port to authorized. Auto—The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant, authenticator and the authentication server.
dot1x system-auth-control Command History Related Commands Version 2.3 Interface Range mode added interface range Defines an interface range and accesses the Interface Range mode dot1x system-auth-control This command is used to enable the dot1x authentication support on the switch. By default, the authentication support is disabled. While disabled, the dot1x configuration is retained and can be changed, but is not activated.
dot1x user tx-period—Sets the value, in seconds, of the timer used by the authenticator state machine on this port to determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The quiet-period must be a value in the range 1 - 65535. supp-timeout—Sets the value, in seconds, of the timer used by the authenticator state machine on this port to timeout the supplicant. The supp-timeout must be a value in the range 1 - 65535.
show authentication users Syntax Mode show authentication Privileged Exec Authentication Login List—This displays the authentication login listname. Method 1—This displays the first method in the specified authentication login list, if any. Method 2—This displays the second method in the specified authentication login list, if any. Method 3—This displays the third method in the specified authentication login list, if any. Related Commands authentication login Define authentication login lists.
show dot1x If the optional parameter summary {unit/slot/port | all} is used, the dot1x configuration for the specified port or all ports are displayed. Port—The interface whose configuration is displayed. Control Mode—The configured control mode for this port. Possible values are force-unauthorized | force-authorized | auto Operating Control Mode—The control mode under which this port is operating.
show dot1x Example Force10 #show dot1x detail 0/1 Port........................................... Protocol Version............................... PAE Capabilities............................... Authenticator PAE State........................ Backend Authentication State................... Quiet Period................................... Transmit Period................................ Supplicant Timeout............................. Server Timeout (secs).......................... Maximum Requests.............
show dot1x users show dot1x users This command displays 802.1x port security user information for locally configured users. Syntax Mode show dot1x users unit/slot/port Privileged Exec Example Force10 #show dot1x users 0/1 Users ----------------admin Figure 41 Example of Output from the show dot1x users Command User—Users configured locally to have access to the specified port. Related Commands dot1x user Add the specified user to the list of users with access to the specified port or all ports.
users defaultlogin users defaultlogin This command assigns the authentication login list to use for non-configured users when attempting to log in to the system. This setting is overridden by the authentication login list assigned to a specific user if the user is configured locally. If this value is not configured, users will be authenticated using local authentication only.
radius accounting mode radius accounting mode This command is used to enable the RADIUS accounting function. The no version of this command is used to set the RADIUS accounting function to the default value - i.e. the RADIUS accounting function is disabled. Syntax radius accounting mode Default disabled Mode Global Config radius server host Configure the RADIUS authentication and accounting server connections.
radius server key If the acct keyword is used, the command configures the IP address to use for the RADIUS accounting server. Only a single accounting server can be configured. If an accounting server is currently configured, it must be removed from the configuration using the no form of the command before this command succeeds. If the optional port parameter is used, the command will configure the UDP port to use to connect to the RADIUS accounting server.
radius server msgauth radius server msgauth This command enables the message authenticator attribute for a specified server. Syntax Mode radius server msgauth ipaddr Global Config radius server primary This command is used to configure the primary RADIUS authentication server for this RADIUS client. The primary server is the one that is used by default for handling RADIUS requests. The remaining configured servers are only used if the primary server cannot be reached.
radius server timeout radius server timeout This command sets the timeout value (in seconds) after which a request must be retransmitted to the RADIUS server if no response is received. The timeout value is an integer in the range of 1 to 30. Syntax radius server timeout seconds The no radius server timeout command sets the timeout value to the default value, after which a request must be retransmitted to the RADIUS server if no response is received.
show radius accounting statistics show radius accounting statistics This command is used to display the configured RADIUS accounting mode, accounting server, and the statistics for the configured accounting server.
show radius statistics (authentication) Table 20 show radius accounting Command Example Fields Field Description RADIUS Accounting Server IP Address of the configured RADIUS accounting server IP Address Round Trip Time The time interval, in hundredths of a second, between the most recent Accounting-Response and the Accounting-Request that matched it from the RADIUS accounting server. Requests The number of RADIUS Accounting-Request packets sent to this accounting server.
show radius statistics (authentication) Round Trip Time—The time interval, in hundredths of a second, between the most recent Access-Reply | Access-Challenge and the Access-Request that matched it from the RADIUS authentication server. Access Requests—The number of RADIUS Access-Request packets sent to this server. This number does not include retransmissions. Access Retransmission—The number of RADIUS Access-Request packets retransmitted to this RADIUS authentication server.
tacacs-server host tacacs-server host Configure a TACACS+ server and enter into TACACS+ Configuration mode. Syntax tacacs-server host ip-address To remove a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command. Parameters Default Mode Usage Information Related Commands ip-address Enter the IP address, in dotted decimal format, of the TACACS+ server host.
tacacs-server timeout Parameters Default Command Modes Usage Information Related Commands key Enter a text string, up to 127 characters long, as the clear text password. Leading spaces are ignored. Not configured. CONFIGURATION The key configured with this command must match the key configured on the TACACS+ daemon. tacacs-server host Identify a TACACS server. key Specify the authentication and encryption key for all communications between the client and a particular TACACS server.
port Default Command Mode Related Commands If unspecified, the key-string defaults to the global value. TACACS Configuration tacacs-server host Identify a TACACS server. tacacs-server key Specify the authentication and encryption key at a global level for communications between the client and TACACS servers. port Specify a server port number for a particular TACACS host.
single-connection single-connection Configure the client to maintain a single open connection with the TACACS server. Syntax [no] single-connection Default Use multiple connections. In other words, the client will use a separate connection for each authentication session. Command Mode Related Commands TACACS Configuration tacacs-server host Identify a TACACS server. show tacacs Display configuration and status for a particular TACACS server.
ip ssh maxsessions Secure Shell (SSH) Commands The commands in this section are: • • • • • • • ip ssh maxsessions on page 192 ip ssh protocol on page 193 ip ssh server enable on page 193 ip ssh timeout on page 194 show ip ssh on page 194 sshcon maxsessions on page 195 sshcon timeout on page 195 This section provides a detailed explanation of the SSH commands. The commands are of two functional types: • • Configuration commands are used to configure features and options of the switch.
ip ssh protocol ip ssh protocol This command is used to set or remove protocol levels (or versions) for SSH. Either SSH1 (1), SSH2 (2), or both SSH 1 and SSH 2 (1 and 2) can be set. Syntax ip ssh protocol [1] [2] Default 1 and 2 Mode Command History Global Config Version 2.3 Modified: Moved from Privileged Exec mode to Global Config mode. ip ssh server enable Enable SSH. The no version of this command disables SSH..
ip ssh timeout ip ssh timeout This command sets the SSH connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set. Changing the timeout value for active sessions does not become effective until the session is reaccessed. Any keystroke will also activate the new timeout duration. Changing the timeout value for active sessions does not become effective until the session is reaccessed. Any keystroke will also activate the new timeout duration.
sshcon maxsessions SSH Sessions Currently Active Max SSH Sessions Allowed SSH Timeout—SSH login timeout configured by ip ssh timeout command sshcon maxsessions Command History Version 2.3 Replaced by ip ssh maxsessions. sshcon timeout Command History Version 2.3 Replaced by ip ssh timeout.
ip http javamode enable ip http javamode enable Enable Java mode for the Web interface to SFTOS. Syntax ip http javamode enable Use no ip http javamode enable to disable Java mode. Default Mode Command History disabled Global Config Version 2.3 Modified: Moved from Privileged Exec mode to Global Config mode. ip http secure-port This command is used to set the SSLT port. Syntax ip http secure-port portid The no ip http secure-port command resets the SSLT port to the default value.
ip http secure-server enable ip http secure-server enable This command is used to enable the secure socket layer for secure HTTP. The no version of this command is used to disable the secure socket layer for secure HTTP. Note: This command requires keys/certificates to be generated offline before the service will start. See s50-secure-management.pdf at (log-in required): https://www.force10networks.com/csportal20/KnowledgeBase/Documentation.
show ip http show ip http This command displays the HTTP settings for the switch. Syntax Mode show ip http Privileged Exec The report fields are: HTTP Mode (Unsecure) — This field indicates whether basic HTTP is enabled or disabled on the switch. HTTP Mode (Secure) — This field indicates whether the administrative mode of secure HTTP (HTTPS) is enabled or disabled on the switch. Java Mode — This field indicates whether Java mode is enabled or disabled on the switch.
show storm-control Broadcast Storm Control Commands This section contains the following commands: • • • show storm-control storm-control broadcast on page 200 storm-control flowcontrol on page 200 Note: This feature works on the 10G ports of the S2410, but because of S2410 hardware limitations, broadcast storm recovery counters are not incremented. show storm-control This command displays switch configuration information.
storm-control broadcast Related Commands storm-control broadcast Configure storm control. show interface ethernet The report generated by the show interface ethernet command contains broadcast storm statistics. snmp-server enable traps bcaststorm Enable the sending of Broadcast Storm traps. storm-control broadcast This command enables broadcast storm recovery mode. If the mode is enabled, broadcast storm recovery with high and low thresholds is implemented.
storm-control flowcontrol The no version of this command disables 802.3x flow control for the switch. Note: This command only applies to full-duplex mode ports. Note: 802.3x flow control works by pausing a port when the port becomes oversubscribed and dropping all traffic for small bursts of time during the congestion condition. This can lead to high-priority and/or network control traffic loss. Default Mode disabled Global Config SFTOS Command Reference for the S2410, Version 2.4.1.
storm-control flowcontrol 202 Security Commands
Chapter 10 DHCP Server Commands These commands configure the Dynamic Host Configuration Protocol (DHCP) Server parameters and address pools.
bootfile bootfile The command specifies the name of the default boot image for a DHCP client. The filename specifies the boot image file. The no version of this command deletes the boot image name. Syntax bootfile filename no bootfile Default Mode none DHCP Pool Config clear ip dhcp binding This command deletes an automatic address binding from the DHCP server database. If “*” is specified, the bindings corresponding to all the addresses are deleted.
clear ip dhcp conflict clear ip dhcp conflict The command is used to clear an address conflict from the DHCP Server database. The server detects conflicts using a ping. DHCP server clears all conflicts If the asterisk (*) character is used as the address parameter. Syntax clear ip dhcp conflict {address | *} Default none Mode Privileged Exec client-identifier This command specifies the unique identifier for a DHCP client. The unique identifier is a valid notation in hexadecimal format.
default-router default-router This command specifies the default router list for a DHCP client. {address1, address2… address8} are valid IP addresses, each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. The no version of this command removes the default router list. Syntax default-router address1 [address2....address8] no default-router Default Mode None DHCP Pool Config dns-server This command specifies the IP servers available to a DHCP client.
hardware-address hardware-address This command specifies the hardware address of a DHCP client. The hardware-address is the MAC address of the hardware platform of the client consisting of 6 bytes in dotted hexadecimal format. The type indicates the protocol of the hardware platform. It is 1 for 10 MB Ethernet and 6 for IEEE 802. The no version of this command removes the hardware address of the DHCP client.
ip dhcp bootp automatic ip dhcp bootp automatic This command enables the allocation of the addresses to the bootp client. The addresses are from the automatic address pool. The no version of this command disables the allocation of the addresses to the bootp client. The address are from the automatic address pool. Syntax ip dhcp bootp automatic Default disable Mode Global Config ip dhcp conflict logging This command enables conflict logging on DHCP server.
ip dhcp ping packets ip dhcp ping packets This command is used to specify the number in a range from 2-10, of packets a DHCP server sends to a pool address as part of a ping operation. Setting the number of ping packets to 0 is the same as ‘no ip dhcp ping packets’ and will prevent the server from pinging pool addresses. Syntax ip dhcp ping packets 0,2-10 Use no ip dhcp ping packets to prevent the server from pinging pool addresses and will set the number of packets to 0.
network network This command is used to configure the subnet number and mask for a DHCP address pool on the server. Network-number is a valid IP address, made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Mask is the IP subnet mask for the specified address pool. The prefix-length is an integer from 0 to 32. The no version of this command removes the subnet number and mask.
next-server • h-node—Hybrid (recommended) The no version of this command removes the NetBIOS node type. Syntax netbios-node-type type Default none Mode DHCP Pool Config next-server This command configures the next server in the boot process of a DHCP client. Address is the IP address of the next server in the boot process, which is typically a Trivial File Transfer Protocol (TFTP) server. The no version of this command removes the boot server list.
service dhcp no option code Default Mode none DHCP Pool Config service dhcp This command enables the DHCP server and relay agent features on the router. The no version of this command disables the DHCP server and relay agent features. Syntax service dhcp Default disabled Mode Global Config show ip dhcp binding This command displays address bindings for the specific IP address on the DHCP server. If no IP address is specified, the bindings corresponding to all the addresses are displayed.
show ip dhcp global configuration show ip dhcp global configuration This command displays address bindings for the specific IP address on the DHCP server. If no IP address is specified, the bindings corresponding to all the addresses are displayed. Syntax Mode show ip dhcp global configuration Privileged Exec and User Exec Service DHCP—The field to display the status of dhcp protocol.
show ip dhcp server statistics show ip dhcp server statistics This command displays DHCP server statistics. Syntax Mode show ip dhcp server statistics Privileged Exec and User Exec Address Pool—The number of configured address pools in the DHCP server. Automatic Bindings—The number of IP addresses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database.
Chapter 11 SNTP Commands This section provides a detailed explanation of the Simple Network Time Protocol (SNTP) commands. The commands are comprised of two functional groups: • • Configuration Commands configure features and options of the switch. Show commands display settings, statistics, and other information. For every configuration command there is a show command that displays the configuration setting.
sntp client mode sntp client mode This command enables the Simple Network Time Protocol (SNTP) client, and optionally sets the mode to either broadcast or unicast. Syntax sntp client mode [broadcast | unicast] Use the no sntp client mode command to disable SNTP client mode. Parameters Default Mode broadcast SNTP operates in the same manner as multicast mode but uses a local broadcast address instead of a multicast address.
sntp unicast client poll-interval sntp unicast client poll-interval This command sets the poll interval for SNTP unicast clients in seconds as a power of two where poll-interval can be a value from 6 to 16. Syntax sntp unicast client poll-interval poll-interval Use the no sntp unicast client poll-interval command to reset the poll interval for SNTP unicast clients to its default. Usage Default Mode You can also set the poll interval for an SNTP client with the sntp client port command.
sntp server Default Mode 1 retry Global Config sntp server This command configures an SNTP server connection (with a maximum of three). Syntax Parameters sntp server ipaddress [priority [version [portid]]] ipaddress Specify either the IPv4 address of the server or a DNS hostname. If DNS, then that hostname should be resolved into an IP address each time a SNTP request is sent to it.
show sntp client Field Descriptions Last Update Time—Time of last clock update Last Attempt Time—Time of last transmit query (in unicast mode). Last Attempt Status—Status of the last SNTP request (in unicast mode) or unsolicited message (in broadcast mode). Broadcast Count—Current number of unsolicited broadcast messages that have been received and processed by the SNTP client since last reboot.
show sntp server show sntp server This command is used to display SNTP server settings and configured servers. Syntax Mode show sntp server Privileged Exec Example Force10# show sntp server Server Server Server Server Server Server Server IP Address: Type: Stratum: Reference Id: Mode: Maximum Entries: Current Entries: unknown 0 Reserved 3 0 No SNTP Servers exist.
Chapter 12 VLAN-Stack Commands VLAN-Stack commands, also called Double VLAN tagging, QinQ, and VLAN tunneling. With this feature, you can “stack” VLANs into one tunnel and switch them through the network.
mode dot1q-tunnel mode dot1q-tunnel This command is used to enable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled. This command performs the same function as mode dvlan-tunnel. The no version of this command is used to disable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled.
show dot1q-tunnel Related Commands show dot1q-tunnel Displays information about Double VLAN Tunneling for a specified interface or for all interfaces. show dvlan-tunnel same as above show dot1q-tunnel This command displays whether an interface is enabled for Double VLAN Tunneling, along with the system-configured etherType and detailed information about Double VLAN Tunneling for the specified interface, or a list of interfaces and their tunneling status.
show dvlan-tunnel Related Commands dvlan-tunnel ethertype Configures the etherType for all vlan-stack (Double VLAN tagging) interfaces on the system. mode dot1q-tunnel Enable Double VLAN Tunneling on the specified interface.
Chapter 13 GARP, GVRP, and GMRP Commands This chapter provides a detailed explanation of the General Attribute Registration Protocol (GARP) commands, including GVRP and GMRP commands. The commands are divided into two functional groups: • • Show commands display switch settings, statistics, and other information. Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
set garp timer leave This command has an effect only when GVRP is enabled. The time is from 10 to 100 (centiseconds). the value 20 centiseconds is 0.2 seconds. Syntax set garp timer join 10-100 no set garp timer join The no version of this command sets the GVRP join time per port and per GARP to 20 centiseconds (0.2 seconds). This command has an effect only when GVRP is enabled.
set garp timer leaveall set garp timer leaveall This command sets how frequently Leave All PDUs are generated per port. A Leave All PDU indicates that all registrations will be unregistered. Participants would need to rejoin in order to maintain registration. The value applies per port and per GARP participation. The time may range from 200 to 6000 (centiseconds). The value 1000 centiseconds is 10 seconds.
gvrp adminmode enable GARP VLAN Registration Protocol (GVRP) Commands This section provides a detailed explanation of the GVRP commands: • • • • • • • gvrp adminmode enable on page 228 gvrp interfacemode enable on page 228] gvrp interfacemode enable all on page 229 set gvrp adminmode on page 229 set gvrp interfacemode on page 229 set gvrp interfacemode all on page 229 show gvrp configuration on page 229 gvrp adminmode enable This command enables GVRP globally.
gvrp interfacemode enable all gvrp interfacemode enable all This command enables GVRP (GARP VLAN Registration Protocol) for all ports. Syntax set gvrp interfacemode enable all Use no set gvrp interfacemode enable all to disable GVRP for all ports. If GVRP is disabled, Join Time, Leave Time, and Leave All Time have no effect. Default Mode Command History disabled Global Config Version 2.3 Changed from set gvrp interfacemode all set gvrp adminmode Command History Version 2.
show gvrp configuration Example (Force10_S50) #show gvrp configuration 0/1 Join Leave LeaveAll Port Interface Timer Timer Timer GVRP Mode (centisecs) (centisecs) (centisecs) ----------- ----------- ----------- ----------- ----------0/1 20 60 1000 Disabled Force10-S50 #show gvrp configuration all Join Leave LeaveAll Port Interface Timer Timer Timer GVRP Mode (centisecs) (centisecs) (centisecs) ----------- ----------- ----------- ----------- ----------0/1 20 60 1000 Disabled 0/2 20 60 1000 Disabled 0/3 20 60
gmrp adminmode GARP Multicast Registration Protocol (GMRP) Commands This section provides details on GMRP commands. The commands in this sections are: • • • • • • gmrp adminmode on page 231 set gmrp adminmode on page 232 gmrp interfacemode enable all on page 232 set gmrp interfacemode all on page 233 show gmrp configuration on page 233 show mac-address-table gmrp on page 234 GARP Multicast Registration Protocol (GMRP) • • • • • GMRP propagates group membership throughout a network.
set gmrp adminmode Use no gmrp adminmode enable to disable GARP Multicast Registration Protocol (GMRP) on the system. Mode Command History Global Config Version 2.3 Changed from set gmrp adminmode. Modified syntax and moved to Global Config mode from Privileged Exec mode. set gmrp adminmode Command History Version 2.3 Changed to gmrp adminmode. gmrp interfacemode enable all This command enables GARP Multicast Registration Protocol on all interfaces.
set gmrp interfacemode set gmrp interfacemode This command enables GARP Multicast Registration Protocol on a selected interface. If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GARP functionality will be disabled on that interface. GARP functionality will subsequently be re-enabled if routing is disabled and port-channel (LAG) membership is removed from an interface that has GARP enabled.
show mac-address-table gmrp Leave Timer—Specifies the period of time to wait after receiving an unregister request for an attribute before deleting the attribute. Current attributes are a VLAN or multicast group. This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service. There is an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 20 to 600 centiseconds (0.2 to 6.0 seconds).
Chapter 14 IGMP Snooping Commands Note: The current S2410 hardware does not support IGMP Snooping, so the commands in this chapter appear in the CLI but do not function.
igmp enable (interface) igmp enable (interface) This command enables IGMP Snooping on a selected interface. If an interface that has IGMP Snooping enabled is enabled for routing or is enlisted as a member of a LAG (port channel), IGMP Snooping functionality will be disabled on that interface. IGMP Snooping functionality will subsequently be re-enabled if routing is disabled or LAG membership is removed from that interface.
igmp fast-leave (interface) igmp fast-leave (interface) This command enables or disables IGMP Snooping fast-leave admin mode on a selected interface. Enabling fast-leave allows the switch to immediately remove the Layer 2 LAN interface from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending out MAC-based general queries to the interface.
igmp interfacemode enable all Mode Command History Related Commands Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#; Interface VLAN. Version 2.3 Modified: Revised from set igmp groupmembership-interval. Added Interface Range mode. igmp enable (interface) Enables IGMP Snooping on a selected interface. set igmp groupmembership-interval (global) Sets the IGMP Group Membership Interval time globally.
igmp mcrtexpiretime (interface) Syntax igmp maxresponse 1-3599 The variable must be less than the IGMP query interval time value. The range is 1 to 3599 seconds. The no igmp maxresponse command sets the IGMP Maximum Response time on the interface to the default value. Default Mode 10 seconds Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#; Interface VLAN. Command History Version 2.
igmp mrouter (interface) Related Commands igmp enable (interface) Enables IGMP Snooping on a selected interface. set igmp mcrtexpiretime (global) sets the Multicast router present expiration time for all routers. interface range Defines an interface range and accesses the Interface Range mode show igmpsnooping Displays IGMP Snooping status information. show igmpsnooping Displays IGMP Snooping status information.
set igmp (interface) Related Commands igmp enable (interface) Enables IGMP Snooping on a selected interface. set igmp (interface) Command History Related Commands Version 2.3 Revised to igmp (interface). igmp enable (interface) Enables IGMP Snooping on a selected interface. set igmp (system) Command History Related Commands Version 2.3 Changed to igmp enable (global) igmp enable (global) Enables IGMP Snooping on the system.
set igmp groupmembership-interval (interface) The variable must be greater than the IGMPv3 maximum response time value. The range is 2 to 3600 seconds. The no igmp groupmembership-interval command sets the IGMP v3 group membership interval time globally to the default value. Default Mode Related Commands 260 seconds Global Config igmp groupmembership-interval (interface) Sets the IGMP Group Membership Interval time on a particular interface.
set igmp maxresponse (global) Related Commands igmp interfacemode enable all Sets the IGMP Group Membership Interval time on a particular interface. igmp enable (interface) Enables IGMP Snooping on a selected interface. set igmp maxresponse (global) This command sets the IGMP maximum response time on the system.
set igmp mcrtexpiretime (global) set igmp mcrtexpiretime (global) This command sets the Multicast router present expiration time for all routers. Syntax [no] set igmp mcrtexpiretime 0-3600 The variable is the amount of time in seconds that a switch will wait for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached. The range is 0 to 3600 seconds. A value of 0 indicates an infinite timeout, i.e. no expiration.
set igmp mrouter set igmp mrouter Command History Related Commands Version 2.3 Revised to igmp mrouter. igmp enable (interface) Enables IGMP Snooping on a selected interface. igmp mrouter (interface) Configures a selected interface as a multicast router interface. show igmpsnooping This command displays IGMP Snooping information. Configured information is displayed whether or not IGMP Snooping is enabled.
show igmpsnooping fast-leave Max Response Time—This displays the amount of time the switch will wait after sending a query on an interface because it did not receive a report for a particular group on that interface. This value may be configured. Multicast Router Present Expiration Time—If a query is not received on an interface within this amount of time, the interface is removed from the list of interfaces with multicast routers attached. This value may be configured.
show mac-address-table igmpsnooping show mac-address-table igmpsnooping This command displays the IGMP Snooping entries in the Multicast Forwarding Database (MFDB) table. Syntax Mode Report Fields show mac-address-table igmpsnooping Privileged Exec Mac Address—A multicast MAC address for which the switch has forwarding and or filtering information. The format is two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB.
show mac-address-table igmpsnooping 248 IGMP Snooping Commands
Chapter 15 LAG/Port Channel Commands This section provides syntax details of the Link Aggregation Group (LAG) commands (802.3ad), also called port channel, port trunking, and other terms.
deleteport (interface config) In Ethernet Range mode (Interface Range mode for the selected range of physical ports), this command adds the selected ports to the designated LAG. Syntax addport unit/slot/port Specify the LAG ID in its logical slot/port format (e.g., 1/4). Mode Command History Related Commands Interface Config; Interface Range (specifically Ethernet Range, which is indicated by the (conf-if-range-et-[interfaces])# prompt, such as (conf-if-range-et-1/0/10-1/0/11)#). Version 2.
deleteport (global config) deleteport (global config) This command deletes all configured ports from the LAG (port channel). Syntax Mode Related Commands deleteport {unit/slot/port} all Global Config show port-channel Display the configured LAG names and their IDs. The interface number is specified in logical slot/port format, which displays one (1) as the slot number; the port number is a sequential integer, based on existing LAG numbers when the new LAG is created.
port-channel enable all (global) port-channel enable all (global) This command enables the administrative mode for all LAGs (port channels). The no version of this command disables all LAGs. Syntax Mode Command History [no] port-channel enable all Global Config Version 2.3 Replaced adminmode with enable. port-channel enable (interface) This command enables the selected port channel (LAG). The no version of this command disables the selected LAG.
port-channel name Parameters Default Mode unit/slot/ port Enter the logical ID of a configured LAG (slot/port format, such as 1/4). all Enter all to select all configured LAGs. enabled Global Config port-channel name This command renames a LAG (port channel) or all LAGs. Syntax Parameters Mode Related Commands port-channel name {unit/slot/port | all} name unit/slot/ port Enter the logical ID of a configured LAG (slot/port format, such as 1/4). all Enter all to select all configured LAGs.
port lacpmode Mode Global Config port lacpmode This command enables Link Aggregation Control Protocol (LACP) on a port. The no version of this command disables Link Aggregation Control Protocol (LACP) on a port. Syntax [no] port lacpmode Default disabled Mode Command History Related Commands Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#. Version 2.4 Deprecated. Use [no] port-channel staticcapability. Version 2.
port lacptimeout (interface) The no version of this command removes the Link Aggregation Control Protocol (LACP) timeout on all ports. Syntax Parameters Mode Related Commands [no] port lacptimeout {short all | long all} short all Enter short all to select the short timeout setting (3 seconds) for all ports. long all Enter long all to select the long timeout setting (90 seconds) for all ports. Global Config port lacptimeout (interface) Set the LACP timeout on the selected port(s).
show port-channel Syntax Mode show port-channel brief Privileged Exec and User Exec Example Force10 S2410 #show port-channel brief Static Capability: Disabled Logical Interface Port-Channel Name Link State Mbr Ports Active Ports ----------------- ----------------- ---------- --------- -----------1/1 lag1 Up 0/16, 0/16,0/17, 0/17, 0/18,0/19, 0/18, 0/20,0/21, 0/19, 0/22,0/23, 0/20, 0/8,0/9,0/5, 0/21, 0/12 0/22, 0/23,0/8, 0/9,0/5, 0/12 1/2 lag2 Up 0/10,0/11 0/10,0/11 Figure 51 Example of show port-channel
show port-channel summary Admin Mode—May be enabled or disabled. The factory default is enabled. Link Trap Mode—This object determines whether or not to send a trap when link status changes. The factory default is enabled. STP Mode—The Spanning Tree Protocol Administrative Mode associated with the port or port channel (LAG). The possible values are: Disable - Spanning tree is disabled for this port. Enable - Spanning tree is enabled for this port.
shutdown shutdown This command disables the selected LAG (port channel). The no version of this command enables the selected LAG. Syntax [no] shutdown Default disabled Mode Related Commands 258 Interface Config; Interface Range (Port Channel Range), which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-po-1/1-1/2)#. interface Defines an interface range and accesses the Interface Range mode interface range Identifies an interface and enters the Interface Config mode.
Chapter 16 Spanning Tree (STP) Commands This chapter provides a detailed explanation of the Spanning Tree commands. The commands are divided into two functional groups: • • Show commands display switch settings, statistics, and other information. Configuration commands configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting. Note: The SFTOS software platform STP default mode is IEEE 802.1s, but the legacy IEEE 802.
show spanning-tree • • • • • • • • • spanning-tree max-age on page 269 spanning-tree max-hops on page 269 spanning-tree mst on page 269 no spanning-tree mst on page 270 spanning-tree mst instance on page 271 spanning-tree mst priority on page 271 spanning-tree mst vlan on page 272 spanning-tree port mode enable on page 272 spanning-tree port mode enable all on page 273 show spanning-tree This command displays spanning tree settings for the common and internal spanning tree, when the optional parameter “b
show spanning-tree interface Bridge Hold Time—Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs) CST Regional Root—Bridge Identifier of the common spanning tree regional root. It is derived using the bridge priority and the base MAC address of the bridge. Regional Root Path Cost—Path cost to the common spanning tree Regional Root. Associated FIDs—List of forwarding database identifiers currently associated with this instance.
show spanning-tree mst detailed RST BPDUs Received—Rapid Spanning Tree Protocol Bridge Protocol Data Units received. MSTP BPDUs Transmitted—Multiple Spanning Tree Protocol Bridge Protocol Data Units sent MSTP BPDUs Received—Multiple Spanning Tree Protocol Bridge Protocol Data Units received. show spanning-tree mst detailed This command displays settings and parameters for the specified multiple spanning tree instance.
show spanning-tree mst port detailed Mode Privileged Exec and User Exec MST Instance ID—The ID of the MST instance. Port Identifier—The port identifier for the specified port within the spanning tree. Port Priority—The priority for a particular port within the selected MST instance. Port Forwarding State—Current spanning tree state of this port Port Role—Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree.
show spanning-tree mst port summary show spanning-tree mst port summary This command displays the settings of one or all ports within the specified multiple spanning tree instance. The parameter mstid indicates a particular MST instance. The parameter {unit/slot/port | all} indicates the desired switch port or all ports. If 0 (defined as the default CIST ID) is passed as the mstid, then the status summary is displayed for one or all ports within the common and internal spanning tree.
show spanning-tree summary show spanning-tree summary This command displays spanning tree settings and parameters for the switch. The following details are displayed on execution of the command. Syntax Mode show spanning-tree summary Privileged Exec and User Exec Spanning Tree Adminmode—Enabled or disabled. Spanning Tree Version—Version of 802.1 currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE 802.
spanning-tree bpdumigrationcheck Default Mode disabled Global Config spanning-tree bpdumigrationcheck This command enables BPDU migration check on a given interface, by using unit/slot/port, or all interfaces, by using the all keyword. The no version of this command disables BPDU migration check on all interfaces or the designated interface. Syntax Mode Command History [no] spanning-tree bpdumigrationcheck {unit/slot/port | all} Global Config Version 2.
spanning-tree edgeport The no version of this command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using to the default value, in other words, 0. Syntax spanning-tree configuration revision 0-65535 Default 0 Mode Global Config spanning-tree edgeport This command specifies that this port is an edge port (portfast) within the common and internal spanning tree.
spanning-tree forward-time Syntax [no] spanning-tree forceversion 802.1d | 802.1w | 802.1s Default 802.1s Mode Global Config spanning-tree forward-time This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree. The forward-time value is in seconds within a range of 4 to 30, with the value being greater than or equal to "(Bridge Max Age / 2) + 1".
spanning-tree max-age spanning-tree max-age This command sets the Bridge Max Age parameter to a new value for the common and internal spanning tree. The max-age value is in seconds within a range of 6 to 40, with the value being less than or equal to "2 times (Bridge Forward Delay - 1)". The no version of this command sets the Bridge Max Age parameter for the common and internal spanning tree to the default value, in other words, 20.
no spanning-tree mst If the “cost” token is specified, this command sets the path cost for this port within a multiple spanning tree instance or the common and internal spanning tree instance, depending on the mstid parameter. The pathcost can be specified as a number in the range of 1 to 200000000 or auto. If "auto" is specified, the pathcost value will be set based on Link Speed.
spanning-tree mst instance If the “port-priority” token is specified, this command sets the priority for this port within a specific multiple spanning tree instance or the common and internal spanning tree instance, depending on the mstid parameter, to the default value, in other words, 128. Syntax Mode no spanning-tree mst mstid {cost | port-priority} Interface Config spanning-tree mst instance This command adds a multiple spanning tree instance to the switch.
spanning-tree mst vlan If 0 (defined as the default CIST ID) is passed as the mstid, then this command sets the Bridge Priority parameter for the common and internal spanning tree to the default value, in other words, 32768. Syntax spanning-tree mst priority mstid 0-61440 no spanning-tree mst priority mstid Default Mode Command History Related Commands 32768 Global Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#. Version 2.
spanning-tree port mode enable all Syntax [no] spanning-tree port mode enable Default disabled Mode Command History Related Commands Interface Config; Interface Range, which is indicated by the (conf-if-range-interface)# prompt, such as (conf-if-range-vlan 10-20)#. Version 2.3 Modified: Added enable keyword. Added Interface Range and Interface VLAN modes. interface Identifies an interface and enters the Interface Config mode.
spanning-tree port mode enable all 274 Spanning Tree (STP) Commands
Chapter 17 Quality of Service (QoS) Commands This chapter provides a detailed explanation of available Quality of Service (QoS) commands. The chapter is divided into the following sections: • • • Class of Service (CoS) Commands Differentiated Services (DiffServ) Commands on page 285 Provisioning (IEEE 802.
classofservice dot1p-mapping By default, SFTOS 2.4.1 configures all egress queues in weighted round robin mode with equal minimum bandwidths. This means that no egress queue will be given priority over any other. To change this, in weighted round robin mode, use the cos-queue min-bandwidth command to assign minimum bandwidths to each queue. You should then see queue 3 get the appropriate share of the bandwidth.
classofservice trust Command History Related Commands Version 2.3 Interface Range mode added classofservice dot1pmapping Maps an 802.1p priority to an internal traffic class. interface range Defines an interface range and accesses the Interface Range mode show classofservice dot1p-mapping Displays the current Dot1p (802.1p) priority mapping to internal traffic classes for a specific interface classofservice trust This command sets the class of service trust mode of an interface to Dot1p (802.1p).
cos-queue min-bandwidth The no cos-queue max-bandwidth command restores the default for each queue's maximum bandwidth value. Modes Command History Related Commands Global Config Version 2.4.1 Introduced cos-queue min-bandwidth Specify the minimum transmission bandwidth guarantee for each interface queue. traffic-shape Specify the maximum transmission bandwidth limit for the interface as a whole.
cos-queue strict Usage Command History Related Commands Specific WRED parameters are configured using the random-detect queue-parms and random-detect exponential-weighting-constant commands. Version 2.4.1 Modified: Removed Interface Config mode random-detect exponential-weighting-constant Set the decay exponent used by the WRED average queue depth calculation for the interface. random-detect queue-parms Set the WRED parameters for each drop precedence level supported by a queue.
random-detect queue-parms random-detect queue-parms This command sets the WRED parameters for each drop precedence level supported by a queue. The actual number of queue drop precedence levels is platform-specific (S2410 has four). Use the no form of this command to restore the default values for the queue WRED parameters.
show classofservice dot1p-mapping show classofservice dot1p-mapping This command displays the current Dot1p (802.1p) priority mapping to internal traffic classes for a specific interface. Syntax show classofservice dot1p-mapping [unit/slot/port] The unit/slot/port parameter is optional. If specified, the 802.1p mapping table of the interface is displayed. If omitted, the most recent global configuration settings are displayed.
show interfaces cos-queue Report Fields Non-IP Traffic: Class—The traffic class used for non-IP traffic. This is only displayed when the COS trust mode is set to either 'trust ip-dscp' or 'trust ip-precedence'. Untrusted Traffic Class—The traffic class used for all untrusted traffic. This is only displayed when the COS trust mode is set to 'untrusted'. show interfaces cos-queue This command displays the class-of-service queue configuration for the specified interface.
show interfaces tail-drop-threshold Syntax show interfaces random-detect slot/port The slot/port parameter is optional. If specified, the class-of-service WRED configuration of the interface is displayed. If omitted, the most recent global configuration settings are displayed. Mode Report Fields Privileged Exec Interface — This displays the slot/port of the interface. If displaying the global configuration, this output line is replaced with a Global Config indication.
tail-drop queue-parms Mode Report Fields Privileged Exec Interface — This displays the slot/port of the interface. If displaying the global configuration, this output line is replaced with a Global Config indication. The following information is repeated for each queue on the interface. Queue IdQueue identification number — An interface supports n queues numbered 0 to (n-1). The number n is platform dependent and corresponds to the number of supported queues (traffic classes).
traffic-shape traffic-shape This command specifies the maximum transmission bandwidth limit for the interface as a whole. Also known as rate shaping, this has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded. Syntax traffic-shape bw bw Parameters Enter the shaping bandwidth percentage from 0 to 100 in increments of 5. Use the no traffic-shape command to restore the default interface shaping rate value.
show classofservice dot1pmapping show classofservice dot1pmapping This command displays the current 802.1p priority mapping to internal traffic classes for all or specific interfaces. Syntax Mode show classofservice dot1pmapping [unit/slot/port] Privileged Exec and User Exec vlan port priority all This command configures the port priority assigned for untagged packets for all ports presently plugged into the device. The range for the priority is 0-6.
Chapter 18 ACL Commands This chapter covers the following commands: • • • • • {deny|permit} on page 288 mac access-list extended on page 290 mac access-list extended rename on page 291 mac access-group on page 292 show mac access-lists on page 292 Note: SFTOS 2.4.1 does not support IP-based ACL commands. An Access Control List (ACL) ensures that only authorized users and types of traffic to have access to specific resources, while blocking unwarranted attempts to reach network resources.
{deny|permit} Implementation Notes • • • If the CPU MA table (This MAC address table is separate from the software MAC address table) is filled so that the ACL logic cannot create another MA table entry, all frames from that source address will be dropped. If the ACL rules are changed or ACLs are unapplied to the port, all CPU MA table entries associated with that port will be flushed from the table.
{deny|permit} secondary-vlan (Optional) As above, for the vlan keyword. secondary-cos (Optional) As above, for the cos keyword. assign-queue (Optional) The assign-queue parameter allows specification of a particular hardware queue for handling traffic that matches this rule. The allowed queue-id value is 0-(n-1), where n is the number of user configurable queues available for the hardware platform. (See the Usage section, below.
mac access-list extended Table 23 Ethertype Keyword and 4-digit Hexadecimal Value (continued) Ethertype Keyword Corresponding Value novell 0x8137, 0x8138 pppoe 0x8863, 0x8864 rarp 0x8035 The assign-queue and redirect parameters are only valid for a permit rule. Mode Related Commands Mac Access List Config interface range Identify an interface range and access the Interface Range mode.
mac access-list extended rename mac access-group (port channel) In the Interface Port Channel Config mode, attaches a MAC ACL to the selected port channel mac access-group Attaches a specific MAC Access Control List (ACL) identified by name to an interface in the ingress direction mac access-list extended rename Changes the name of an existing MAC ACL. show mac access-lists Displays the rules defined for the MAC access list specified by name.
mac access-group mac access-group This command attaches a specific MAC Access Control List (ACL) identified by name to an interface in the ingress direction. This command, when used in Interface Config mode, only affects a single interface, whereas the Global Config mode setting is applied to all interfaces. Syntax mac access-group name [1-4294967295] in The no mac access-group name command removes the MAC ACL identified by name from the interface in the ingress direction.
show mac access-lists When the command is used with the name option, the report displays details for the identified MAC access list, in the following fields: Field Descriptions Rule Number—The ordered rule number identifier defined within the ACL. Action—Displays the action associated with each rule. The possible values are Permit or Deny. Match all—TRUE OR FALSE Source MAC Address—Displays the source MAC address for this rule. Source MAC Mask—Displays the source MAC mask for this rule.
show mac access-lists 294 ACL Commands
Index Symbols {deny|permit} 288 Numerics 10/100 Ethernet port 3, 79 802.3ad 28 802.
config vlan ports ingressfilter 134–135 configuration guide 23 configuration reset 138 Configuration Scripting 146 configure 106 configure command 47 configuring a range 108 Contact and Patents Information 23 control characters 43 copy 37–38, 139 copy (clibanner) 141 copy system 34 Copyright 2 CoS Queue Prioritization 276 cos-queue max-bandwidth 277 cos-queue min-bandwidth 278 cos-queue random-detect 278 cos-queue strict 279 Ctrl characters 43 CX4 cable configuration 3 CX4 pre-emphasis commands 3 dot1x tim
HTML 51 HTTP 51 I IEEE 802.
deleting ports from 251 enabling or disabling 251–252 link traps 252 logical ID 256 name 253 summary information 256 user-assigned name 256 lease 209 leave time 226–227 Line Config mode 47, 49 lineconfig command 47 link aggregate group (LAG) 249 Link Aggregation (IEEE 802.3ad) 28 link aggregations.
setting user 34, 159 user 159 patents 23 PDUs 225, 227 ping 144 p-node (peer-to-peer) 210 Policy Class Mode 49 policy map command 49 Policy Map Mode 49 port (for TACACS+) 190 port channel 249 Port Channel mode 47 Port Channel Range 109, 252, 257 Port ID format 3 port lacpmode 253 port lacpmode enable all 254 port lacpmode enable all command 4 port lacpmode enable command 4 port lacpmode lacptimeout (global) 254 port lacpmode lacptimeout (interface) 255 port mirroring 112, 116 port mode, spanning-tree 273 po
script show 148 script validate 148 serial baudrate 91 serial timeout 92 service dhcp 212 service port 79 serviceport commands 3 serviceport ip 37, 63 serviceport protocol 64 session-limit 89 sessions closing 143, 158 displaying 158 session-timeout 89 set garp timer join 225 set garp timer leave 226 set garp timer leaveall 227 set gmrp adminmode 232 set gmrp interfacemode 233 set gmrp interfacemode all 233 set gvrp adminmode 229 set gvrp interfacemode 229 set gvrp interfacemode all 229 set igmp (interface)
show port-channel brief 255 show port-channel summary 257 show port-security 166 show port-security dynamic 167 show port-security static 168 show port-security violation 168 show radius 184 show radius accounting statistics 185 show radius statistics (authentication) 186 show running-config 81 show serial 92 show serviceport 37, 82 show serviceport command 36 show snmpcommunity 95 show snmptrap 95 show sntp 218 show sntp client 219 show sntp server 220 show spanning-tree 260 show spanning-tree interface 26
resetting 144 statistics, related 201 commands U 66, 68, 70, 75–77 switch navigation icon in Web UI 53 syntax conventions 39 syslog servers 78, 80 system information and statistics commands 201 commands 97 system utilities 138–144 System Utility Commands 138 T Tab 43 TACACS key 189 port 190 priority 190 show tacacs 191 single-connection 191 timeout 191 TACACS Config mode 45, 48, 50 tacacs-server host 188 tacacs-server host ip-address command 48 tacacs-server key 188 tacacs-server timeout 189 tagged 131
VLAN Range mode 47 vlan tagging 137 vlan tagging command 4 VLAN tunneling 221 vlan untagging 137 vlan untagging command 4 VLANs adding 108 changing the name of 125 deleting 108, 123 details 77, 129, 280, 282–284 frame acceptance mode 133–134 GVRP 228–229 IDs 134, 137 ingress filtering 133–134 jointime 225 leave all time 227 leave time 226 making static 124 participation in 133–134 resetting parameters 121 tagging 131–132, 135, 137 W Web connections, displaying 158 Web interface command buttons 53 configuri
Index