FortiSwitch-100 Version 4.
FortiSwitch-100 Userl Guide Version 4.0 MR1 Revision 2 November 23, 2009 © Copyright 2009 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.
Table of Contents 1 INTRODUCTION...................................................................................................................23 1.1 Switch Description .................................................................................................................................... 23 1.2 Features...................................................................................................................................................... 23 1.3 Front-Panel Components...........
3.2 How to log in .............................................................................................................................................. 41 3.3 Web-Based Management Menu................................................................................................................ 42 4 COMMAND LINE INTERFACE STRUCTURE AND MODE-BASED CLI.............................46 4.1 CLI Command Format ..............................................................................................
.2.3.2 show vlan id.............................................................................................................................. 71 5.2.3.3 show protocol group ................................................................................................................. 72 5.2.3.4 show interface switchport ......................................................................................................... 72 5.2.3.5 vlan database ....................................................
5.2.6.8 lacp .........................................................................................................................................111 5.2.6.9 channel-group.........................................................................................................................112 5.2.6.10 delete-channel-group............................................................................................................113 5.2.7 Storm Control ...................................................
5.3.3 Telnet Session Commands..............................................................................................................135 5.3.3.1 telnet .......................................................................................................................................135 5.3.3.2 show line vty ...........................................................................................................................135 5.3.3.3 line vty..................................................
5.3.7.2 ip ssh ......................................................................................................................................159 5.3.7.3 ip ssh protocol ........................................................................................................................159 5.3.7.4 ip ssh maxsessions ................................................................................................................160 5.3.7.5 ip ssh timeout .............................................
5.5.4 Configuration Commands ................................................................................................................184 5.5.4.1 logging buffered......................................................................................................................184 5.5.4.2 logging console.......................................................................................................................185 5.5.4.3 logging host ......................................................
5.8.2.3 username login .......................................................................................................................207 5.8.3 Dot1x Configuration Commands......................................................................................................208 5.8.3.1 dot1x initialize .........................................................................................................................208 5.8.3.2 dot1x default-login ................................................
5.9.1.2 show cdp neighbors................................................................................................................226 5.9.1.3 show cdp traffic.......................................................................................................................227 5.9.2 Configuration Commands ................................................................................................................227 5.9.2.1 cdp ..................................................................
5.11.1.17 clear radius statistics ..........................................................................................................243 5.11.1.18 clear tacacs ........................................................................................................................244 5.11.2 copy................................................................................................................................................244 5.11.3 delete ................................................
5.12.3.2 drop.......................................................................................................................................266 5.12.3.3 redirect..................................................................................................................................266 5.12.3.4 conform-color........................................................................................................................267 5.12.3.5 mark cos .............................................
5.14.1 Show Commands...........................................................................................................................288 5.14.1.1 show queue cos-map ...........................................................................................................288 5.14.1.2 show queue ip-precedence-mapping ...................................................................................289 5.14.1.3 show queue trust .......................................................................
6.2.1.7 show ip route precedence ......................................................................................................311 6.2.1.8 show ip traffic..........................................................................................................................312 6.2.2 Configuration Commands ................................................................................................................312 6.2.2.1 routing................................................................
6.3.2.10 area nssa translator-role ......................................................................................................330 6.3.2.11 area nssa translator-stab-intv...............................................................................................331 6.3.2.12 area range ............................................................................................................................331 6.3.2.13 area stub...................................................................
6.5 Domain Name Server Relay Commands ............................................................................................... 350 6.5.1 Show Commands.............................................................................................................................350 6.5.1.1 show hosts..............................................................................................................................350 6.5.1.2 show dns .............................................................
6.7.2 ip irdp ...............................................................................................................................................367 6.7.3 ip irdp broadcast...............................................................................................................................368 6.7.4 ip irdp holdtime.................................................................................................................................368 6.7.5 ip irdp maxadvertinterval...........
7.2.1 Show Commands.............................................................................................................................385 7.2.1.1 show ip igmp...........................................................................................................................385 7.2.1.2 show ip igmp groups...............................................................................................................385 7.2.1.3 show ip igmp interface.............................................
7.4.1.1 show ip pimdm........................................................................................................................406 7.4.1.2 show ip pimdm interface.........................................................................................................407 7.4.1.3 show ip pimdm interface stats ................................................................................................407 7.4.1.4 show ip pimdm neighbor...........................................................
8.2.1.4 Defining Forwarding Database...............................................................................................437 8.2.1.5 Viewing Logs ..........................................................................................................................439 8.2.1.6 Managing Switch Interface .....................................................................................................444 8.2.1.7 Defining SNMP .....................................................................
8.2.5 QOS Menu .......................................................................................................................................591 8.2.5.1 Managing Access Control Lists ..............................................................................................591 8.2.5.2 Managing Differentiated Services ..........................................................................................599 8.2.5.3 Configuring Diffserv Wizard Page ..............................................
1 Introduction 1.1 Switch Description The Fortinet FortiSwitch-100 Ethernet Switch is a modular Gigabit Ethernet backbone switch designed for adaptability and scalability. The switch can utilize up to forty-eight Gigabit Ethernet ports to function as a central distribution hub for other switches, switch groups, or routers. The two built-in combination Gigabit ports support 1000BASE-T or SFP Gigabit connections.
• TraceRoute support • Traffic Segmentation • TFTP upgrade • SysLog support • Simple Network Time Protocol • Web GUI Traffic Monitoring • SSH Secure Shell version 1 and 2 support • SSL Secure HTTP TLS Version 1 and SSL version 3 support • ARP support • IP Routing support • OSPF support • RIP v1 and v2 support • Router Discovery Protocol support • VLAN routing support • Virtual Router Redundancy Protocol (VRRP) support • IP Multicast support • Protocol Independent Multicast -
1.3 Front-Panel Components The front panel of the switch consists of 48 1-Giga interfaces, 4 LED indicators, an RS-232 communication port, and two SFP (Mini-GBIC) Combo ports. 4 LEDs divided into two parts. 2 LED indicators on the upper display the status and power the switch. 2 LED indicators on the lower are used to display the status of SFP interface. An RS-232 DCE console port is for setting up and managing the switch via a connection to a console terminal or PC using a terminal emulation program. 1.
1.6 Management Options The system may be managed out-of-band through the console port on the front panel or in-band using Telnet, a Web Browser, or SNMP. 1.7 Web-based Management Interface After you have successfully installed the switch, you can configure the switch, monitor the LED panel, and display statistics graphically using a Web browser, such as Netscape Navigator (version 6.2 and higher) or Microsoft® Internet Explorer (version 5.0).
• RFC 1850 (OSPF-MIB) • RFC 1850 (OSPF-TRAP-MIB) • RFC 2787 (VRRP-MIB) • RFC 3289 - DIFFSERV-DSCP-TC • RFC 3289 - DIFFSERV-MIB • QOS-DIFFSERV-EXTENSIONS-MIB • QOS-DIFFSERV-PRIVATE-MIB • RFC2674 802.
2 Installation and Quick Startup 2.1 Package Contents Before you begin installing the switch, confirm that your package contains the following items: • • • • • • • One Fortinet FortiSwitch-100 Ethernet switch Mounting kit: 2 mounting brackets and screws Four rubber feet with adhesive backing One AC power cord This User’s Guide with Registration Card CLI Reference CD-ROM with User’s Guide and CLI Reference 2.2 Switch Installation 2.2.1 Installing the Switch Without the Rack 1.
2.2.2 Installing the Switch in a Rack You can install the switch in most standard 19-inch (48.3-cm) racks. Refer to the illustrations below. 1. Use the supplied screws to attach a mounting bracket to each side of the switch. 2. Align the holes in the mounting bracket with the holes in the rack. 3. Insert and tighten two screws through each of the mounting brackets.
2.3 Quick Starting the Switch 1. Read the device Installation Guide for the connectivity procedure. In-band connectivity allows access to the FortiSwitch- 100 switch locally or from a remote workstation. The device must be configured with IP information (IP address, subnet mask, and default gateway). 2. Turn the Power ON. 3. Allow the device to load the software until the login prompt appears. The device initial state is called the default mode. 4.
show Interface status { | all } Displays the Ports slot/port Type - Indicates if the port is a special type of port Admin Mode - Selects the Port Control Administration State Physical Mode - Selects the desired port speed and duplex mode Physical Status - Indicates the port speed and duplex mode Link Status - Indicates whether the link is up or down Link Trap - Determines whether or not to send a trap when link status changes LACP Mode - Displays whether LACP is enabled or disabled on this port
confirmed password match a message will be displayed. The user password should not be more than eight characters in length. This will save passwords and all other changes to the device. If you do not save the running config, all changes will be lost when a power cycle is performed on the switch or when the switch is reset. Notes • Use of the optional [filename] parameter sets that file name as the system default location for the startup config.
show ip interface Displays the Network Configurations IP Address - IP Address of the interface Default IP is 0.0.0.0 Subnet Mask - IP Subnet Mask for the interface Default is 0.0.0.0 Default Gateway - The default Gateway for this interface Default value is 0.0.0.
2.4.6 Quick Start up Downloading from Out-of-Band PC to Switch (Only XMODEM) Table 2-6 Quick Start up Downloading from Out-of-Band PC to Switch Command Details Sets the download datatype to be an image or config file. The URL must be specified as: xmodem: filepath/ filename For example: If the user is using HyperTerminal, the user must specify which file is to be sent to the switch. The switch will restart automatically once the code has been downloaded. copy xmodem startup-config 2.4.
copy running-config startup-config [filename] Enter yes when the prompt pops up that asks if you want to save the configurations made to the switch. reload Enter yes when the prompt pops up that asks if you want to reset the system. You can reset the switch or cold boot the switch; both work effectively. 2.4.9 Connecting Devices to the Switch After assigning IP addresses to the switch, you can connect devices to the switch. To connect a device to an SFP transceiver port: 1.
---------- -------------------------------- -------------- ------- ----------Total: 5 files. Note whether there is one file with the file type “Operation Code” or two (as in the example above). If there are two “Operation Code” files, you must first delete the oldest image file using the following command sequence (inserting the file name of the oldest operation code file in place of the example below): (FortiSwitch-100_238) #delete lb4w-r-1.04.0221.
Note: When configuring a static IP address, you must also configure a default gateway. Use the following commands, substituting the appropriate default gateway address for the example: (FortiSwitch-100_238) (if-vlan 1)#exit (FortiSwitch-100_238) (Config)#ip default-gateway 172.18.20.1 (FortiSwitch-100_238) (Config)#ex (FortiSwitch-100_238) #show ip interface IP Address..................................... 172.18.21.210 Subnet Mask.................................... 255.255.252.0 Default Gateway............
---------- -------------------------------- -------------- ------- ----------2007/05/14 b4b-b-0.2.0514.biz Boot-Rom image 2007/11/20 default.cfg Config File 2008/04/03 lb4w-r-1.04.0403.img Operation Code 2008/08/19 lb4w-r-1.08.0819.img Operation Code 2008/05/20 test.2 Config File ---------- -------------------------------- -------------- ------- ----------- Y N Y N Y 127648 28701 8034434 8039249 29154 Total: 5 files. 5.
• If there is no response from the TFTP server, verify the IP settings by typing show ip interface to ensure that the IP address and default gateway have been entered correctly. • If the settings are correct but there is still no response from the TFTP server, ensure that the TFTP server is connected to a network which the FortiSwitch can access. The network connection must be made through one of the front ports of the FortiSwitch switch which belongs to VLAN 1.
Figure 3-1: Console Setting Environment 2.6 Set Up your Switch Using Telnet Access Once you have set an IP address for your switch, you can use a Telnet program (in a VT-100 compatible terminal mode) to access and control the switch. Most of the screens are identical, whether accessed from the console port or from a Telnet interface.
3 Web-Based Management Interface 3.1 Overview The Fortinet FortiSwitch-100 Managed Switch provides a built-in browser interface that lets you configure and manage it remotely using a standard Web browser such as Microsoft Internet Explorer 5.0 or later or Netscape Navigator 6.0 or later. This interface also allows for system monitoring and management of the switch. The ‘help’ page covers many of the basic functions and features of the switch and its Web interface.
4. Type the default user name of admin and default of no password, or whatever password you have set up. Once you have entered your access point name, your Web browser automatically finds the FortiSwitch-100 Managed Switch and display the home page, as shown below. 3.
• Routing • Security • QoS • IP Multicast Figure 4-4: Main Menus Secondary Menus The Secondary Menus under the Main Menu contain a host of options that you can use to configure your switch. The online help contains a detailed description of the features on each screen. You can click the ‘help’ or the question mark at the top right of each screen to view the help menu topics.
• Spanning Tree — see “Spanning Tree Commands” • Class of Service — see “L2 Priority Commands” • Port Security — see “Port Security Configuration Commands” Routing • ARP — see “Address Resolution Protocol (ARP) Commands” • IP — see “IP Routing Commands” • OSPF — see “Open Shortest Path First (OSPF) Commands” • BOOTP/DHCP Relay Agent — see “BOOTP/DHCP Relay Commands” • DNS Relay — see “Domain Name Server Relay Commands” • RIP — see “Routing Information Protocol (RIP) Commands” • Router Discovery — see “Route
Figure 4-5: System-wide menus You can also access the main navigation menu by right clicking on the image of the switch and browsing to the menu you want to use. Port-Specific Popup Menus The FortiSwitch-100 Managed Switch also provides several popup menus for each port. You can access a port-specific popup menu by right clicking on the desired port in the image of the switch and browsing to the menu you want to use.
4 Command Line Interface Structure and Mode-based CLI The Command Line Interface (CLI) syntax, conventions, and terminology are described in this section. Each CLI command is illustrated using the structure outlined below. 4.1 CLI Command Format Commands are followed by values, parameters, or both. Example 1 IP address [] • Ip address is the command name. • are the required values for the command. • [] is the optional value for the command.
The {} curly braces indicate that a parameter must be chosen from the list of choices. Values ipaddr This parameter is a valid IP address, made up of four decimal bytes ranging from 0 to 255. The default for all IP parameters consists of zeros (that is, 0.0.0.0). The interface IP address of 0.0.0.0 is invalid. macaddr The MAC address format is six hexadecimal numbers separated by colons, for example 00:06:29:32:81:40. areaid Area IDs may be entered in dotted-decimal notation (for example, 0.0.0.1).
Empty strings (““) are not valid user defined strings. Command completion finishes spelling the command when enough letters of a command are typed to uniquely identify the command word. The command may be executed by typing (command abbreviation) or the command word may be completed by typing the or (command completion). The value 'Err' designates that the requested value was not internally accessible.
5 Switching Commands 5.1 System Information and Statistics commands 5.1.1 show arp This command displays connectivity between the switch and other devices. The Address Resolution Protocol (ARP) cache identifies the MAC addresses of the IP stations communicating with the switch. Syntax show arp Default Setting None Command Mode Privileged Exec Display Message MAC Address: A unicast MAC address for which the switch has forwarding and/or filtering information.
show calendar Default Setting None Command Mode Privileged Exec Display Message Current Time displays system time 5.1.3 show eventlog This command displays the event log, which contains error messages from the system. The event log is not cleared on a system reset. Syntax show eventlog [unit] unit - The unit number of the remote system. The range is 1 to 1. Default Setting None Command Mode Privileged Exec Display Message File: The file in which the event originated. Line: The line number of the event.
5.1.4 show running-config This command is used to display/capture the current setting of different protocol packages supported on switch. This command displays/captures only commands with settings/configurations with values that differ from the default value. The output is displayed in script format, which can be used to configure another switch with the same configuration. When a script name is provided, the output is redirected to a configuration script.
Privileged Exec Display Message System Description: The text used to identify this switch. System Name: The name used to identify the switch. System Location: The text used to identify the location of the switch. May be up to 31 alpha-numeric characters. The factory default is blank. System Contact: The text used to identify a contact person for this switch. May be up to 31 alphanumeric characters. The factory default is blank. System Object ID: The manufacturing ID.
5.1.7 show loginsession This command displays current telnet and serial port connections to the switch. Syntax show loginsession Default Setting None Command Mode Privileged Exec Display Message ID: Login Session ID User Name: The name the user will use to login using the serial port or Telnet. A new user may be added to the switch by entering a name in a blank entry. The user name may be up to 8 characters, and is not case sensitive. Two users are included as the factory default, admin, and guest.
- is the desired interface number. all - This parameter displays information for all interfaces. Default Setting None Command Mode Privileged Exec Display Message Intf: The physical slot and physical port. Type: If not blank, this field indicates that this port is a special type of port. The possible values are: Source - This port is a monitoring port. PC Mbr - This port is a member of a port-channel (LAG). Dest - This port is a probe port.
Privileged Exec Display Message The display parameters when the argument is '' are as follows: Packets Received Without Error: The total number of packets (including broadcast packets and multicast packets) received by the processor. Packets Received With Error: The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. Broadcast Packets Received: The total number of packets received that were directed to the broadcast address.
Command Mode Privileged Exec Display Message The display parameters when the argument is ' ' are as follows: Total Packets Received (Octets): The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). This object can be used as a reasonable estimate of Ethernet utilization. If greater precision is desired, the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval.
Total Packets Received Without Errors Unicast Packets Received: The number of subnetwork-unicast packets delivered to a higher-layer protocol. Multicast Packets Received: The total number of good packets received that were directed to a multicast address. Note that this number does not include packets directed to the broadcast address. Broadcast Packets Received: The total number of good packets received that were directed to the broadcast address. Note that this does not include multicast packets.
Broadcast Packets Transmitted: The total number of packets that higher-level protocols requested be transmitted to the Broadcast address, including those that were discarded or not sent. Total Transmit Errors FCS Errors: The total number of packets transmitted that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad FCS with an integral number of octets Tx Oversized: The total number of frames that exceeded the max permitted frame size.
Receive Packets Discarded: The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. A possible reason for discarding a packet could be to free up buffer space. Octets Transmitted: The total number of octets transmitted out of the interface, including framing characters. Packets Transmitted without Errors: The total number of packets transmitted out of the interface.
Display Message Packets Received Without Error: The total number of packets (including broadcast packets and multicast packets) received by the processor. Broadcast Packets Received: The total number of packets received that were directed to the broadcast address. Note that this does not include multicast packets. Packets Received With Error: The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.
speed-duplex {10 | 100} {full-duplex | half-duplex} 100 - 100BASE-T 10 - 10BASE-T full-duplex - Full duplex half-duplex - Half duplex Default Setting None Command Mode Interface Config This command is used to set the speed and duplex mode for all interfaces. Syntax speed-duplex all {10 | 100} {full-duplex | half-duplex} 100 - 100BASE-T 10 - 10BASE-T full - duplex - Full duplex half - duplex - Half duplex all - This command represents all interfaces. Default Setting None Command Mode Global Config 5.2.1.
negotiate no negotiate no - This command disables automatic negotiation on a port. Default Setting Enable Command Mode Interface Config This command enables automatic negotiation on all interfaces. The default value is enabled. Syntax negotiate all no negotiate all all - This command represents all interfaces. no - This command disables automatic negotiation on all interfaces. Default Setting Enable Command Mode Global Config 5.2.1.
no capabilities {{10 | 100 } {full-duplex | half-duplex}} | {1000 full-duplex } 10 - 10BASE-T 100 - 100BASE-T 1000 - 1000BASE-T full-duplex - Full duplex half-duplex - Half duplex no - This command removes the advertised capability with using parameter. Default Setting 10 half-duplex, 10 full-duplex, 100 half-duplex, 100 full-duplex, and 1000 full-duplex Command Mode Interface Config This command is used to set the capabilities on all interfaces.
Note: This command only applies to full-duplex mode ports. Syntax storm-control flowcontrol no storm-control flowcontrol no - This command disables 802.3x flow control for the switch. Default Setting Disabled Command Mode Global Config This command enables 802.3x flow control for the specific interface. Note: This command only applies to full-duplex mode ports. Syntax storm-control flowcontrol no storm-control flowcontrol no - This command disables 802.3x flow control for the specific interface.
Syntax shutdown no shutdown no - This command enables a port. Default Setting Enabled Command Mode Interface Config This command is used to disable all ports. Syntax shutdown all no shutdown all all - This command represents all ports. no - This command enables all ports.
5.2.2 L2 MAC Address and Multicast Forwarding Database Tables 5.2.2.1 show mac-addr-table This command displays the forwarding database entries. If the command is entered with no parameter, the entire table is displayed. This is the same as entering the optional all parameter. Alternatively, the administrator can enter a MAC Address to display the table entry for the requested MAC address and all entries following the requested MAC address.
5.2.2.2 show mac-address-table gmrp This command displays the GARP Multicast Registration Protocol (GMRP) entries in the Multicast Forwarding Database (MFDB) table. Syntax show mac-address-table gmrp Default Setting None Command Mode Privileged Exec Display Message Mac Address: A unicast MAC address for which the switch has forwarding and/or filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB.
01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes. In an SVL system, the MAC address will be displayed as 6 bytes. Note: This software version only supports IVL systems. Type: This displays the type of the entry. Static entries are those that are configured by the end user. Dynamic entries are added to the table as a result of a learning process or protocol. Description: The text description of this multicast table entry.
5.2.2.5 show mac-address-table stats This command displays the MFDB statistics. Syntax show mac-address-table stats Default Setting None Command Mode Privileged Exec Display Message Max MFDB Table Entries: This displays the total number of entries that can possibly be in the MFDB. Most MFDB Entries Since Last Reset: This displays the largest number of entries that have been present in the Multicast Forwarding Database table. This value is also known as the MFDB high-water mark.
Syntax mac-address-table aging-time <10-1000000> no mac-address-table aging-time <10-1000000> <10-1000000> - aging-time (Range: 10-1000000) in seconds no - This command sets the forwarding database address aging timeout to 300 seconds. Default Setting 300 Command Mode Global Config 5.2.3 VLAN Management 5.2.3.1 show vlan This command displays brief information on a list of all configured VLANs.
5.2.3.2 show vlan id This command displays detailed information, including interface information, for a specific VLAN. Syntax show vlan {id | name } - VLAN ID (Range: 1 – 3965) - vlan name (up to 16 alphanumeric characters) Default Setting None Command Mode Privileged Exec Display Message VLAN ID: There is a VLAN Identifier (VID) associated with each VLAN. The range of the VLAN ID is 1 to 3965. VLAN Name: A string associated with this VLAN as a convenience.
5.2.3.3 show protocol group This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated Group. Syntax show protocol group { | all} - The group name of an entry in the Protocol-based VLAN table. all – Displays the entire table. Default Setting None Command Mode Privileged Exec Display Message Group Name: This field displays the group name of an entry in the Protocol-based VLAN table.
Command Mode Privileged Exec Display Message Slot/port: Indicates by slot id and port number which port is controlled by the fields on this line. It is possible to set the parameters for all ports by using the selectors on the top line. Port VLAN ID: The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port. The value must be for an existing VLAN. The factory default is 1. Acceptable Frame Types: Specifies the types of frames that may be received on this port.
vlan [] no vlan - VLAN ID (Range: 2 –3965). - Configure an optional VLAN Name (a character string of 1 to 32 alphanumeric characters). no - This command deletes an existing VLAN. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). VLAN range is 2-3965. Default Setting None Command Mode VLAN database 5.2.3.7 vlan name This command changes the name of a VLAN.
5.2.3.8 vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 2-3965. Syntax vlan makestatic - VLAN ID (Range: 2 –3965). Default Setting None Command Mode VLAN database 5.2.3.9 protocol group This command attaches a to the protocol-based VLAN identified by .
5.2.3.10 switchport acceptable-frame-type This command sets the frame acceptance mode per interface. For VLAN Only mode, untagged frames or priority frames received on this interface are discarded. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification.
interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification. Default Setting Admit all Command Mode Global Config 5.2.3.11 switchport ingress-filtering This command enables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
no switchport ingress-filtering all all - All interfaces. no - This command disables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN. Default Setting Disabled Command Mode Global Config 5.2.3.12 switchport native vlan This command changes the VLAN ID per interface.
- VLAN ID (Range: 1 –3965). all - All interfaces. no - This command sets the VLAN ID for all interfaces to 1. Default Setting 1 Command Mode Global Config 5.2.3.13 switchport allowed vlan This command configures the degree of participation for a specific interface in a VLAN. The ID is a valid VLAN identification number, and the interface is a valid interface number. Syntax switchport allowed vlan {add [tagged | untagged] | remove} - VLAN ID (Range: 1 –3965).
switchport allowed vlan {add {tagged | untagged} | remove} all - VLAN ID (Range: 1 –3965). all - All interfaces. add - The interface is always a member of this VLAN. This is equivalent to registration fixed. tagged - all frames transmitted for this VLAN will be tagged. untagged - all frames transmitted for this VLAN will be untagged. remove - The interface is removed from the member of this VLAN. This is equivalent to registration forbidden.
This command configures the tagging behavior for all interfaces in a VLAN to be enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. Syntax switchport tagging all - VLAN ID (Range: 1 –3965). all - All interfaces no - This command configures the tagging behavior for all interfaces in a VLAN to disabled.
This command configures the port priority assigned for untagged packets for all ports presently plugged into the device. Any subsequent per port configuration will override this configuration setting. Syntax switchport priority all <0-7> <0-7> - The range for the priority is 0-7. all – All interfaces Default Setting 0 Command Mode Global Config 5.2.3.16 switchport protocol group This command adds the physical interface to the protocol-based VLAN identified by .
This command adds a protocol-based VLAN group to the system. The is a character string of 1 to 16 characters. When it is created, the protocol group will be assigned a unique number that will be used to identify the group in subsequent commands. Syntax switchport protocol group no switchport protocol group - a VLAN Group Name (a character string of 1 to 16 characters).
Default Setting None Command Mode Global Config This command adds the to the protocol-based VLAN identified by . A group may have more than one protocol associated with it. Each interface and protocol combination can only be associated with one group. If adding a protocol to a group causes any conflicts with interfaces currently associated with the group, this command will fail, and the protocol will not be added to the group. The possible values for protocol are ip, arp, and ipx.
Syntax switchport forbidden vlan {add | remove} no switchport forbidden - VLAN ID (Range: 1 –3965). add - VLAND ID to add. remove - VLAND ID to remove. no - Remove the list of forbidden VLANs. Default Setting None Command Mode Interface Config 5.2.4 GVRP and Bridge Extension 5.2.4.1 show bridge-ext This command displays Generic Attributes Registration Protocol (GARP) information.
5.2.4.2 show gvrp configuration This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces. Syntax show gvrp configuration { | all} - An interface number. all - All interfaces. Default Setting None Command Mode Privileged Exec Display Message Interface: This displays the slot/port of the interface that this row in the table describes.
5.2.4.3 show gmrp configuration This command displays Generic Attributes Registration Protocol (GARP) information for one or All interfaces. Syntax show gmrp configuration { | all} - An interface number. all - All interfaces. Default Setting None Command Mode Privileged Exec Display Message Interface: This displays the slot/port of the interface that this row in the table describes.
Syntax show garp configuration { | all} - An interface number. all - All interfaces. Default Setting None Command Mode Privileged Exec Display Message Interface: This displays the slot/port of the interface that this row in the table describes. GVRP Mode: Indicates the GVRP administrative mode for the port. It may be enabled or disabled. If this parameter is disabled, Join Time, Leave Time, and Leave All Time have no effect. The factory default is disabled.
5.2.4.6 bridge-ext gmrp This command enables GARP Multicast Registration Protocol (GMRP) on the system. The default value is disabled. Syntax bridge-ext gmrp no bridge-ext gmrp no - This command disables GARP Multicast Registration Protocol (GMRP) on the system. Default Setting Disabled Command Mode Global Config 5.2.4.7 switchport gvrp This command enables GVRP (GARP VLAN Registration Protocol) for a specific port.
This command enables GVRP (GARP VLAN Registration Protocol) for all ports. Syntax switchport gvrp all no switchport gvrp all all - All interfaces. no - This command disables GVRP (GARP VLAN Registration Protocol) for all ports. If GVRP is disabled, Join Time, Leave Time, and Leave All Time have no effect. Default Setting Disabled Command Mode Global Config 5.2.4.8 switchport gmrp This command enables GMRP Multicast Registration Protocol on a selected interface.
Interface Config This command enables GMRP Multicast Registration Protocol on all interfaces. If an interface which has GMRP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GMRP functionality will be disabled on that interface. GMRP functionality will subsequently be re-enabled if routing is disabled and port-channel (LAG) membership is removed from an interface that has GMRP enabled. Syntax switchport gmrp all no switchport gmrp all all - All interfaces.
no - This command sets the GVRP join time per port and per GARP to 20 centiseconds (0.2 seconds). This command has an effect only when GVRP and GMRP are enabled. Default Setting 20 centiseconds (0.2 seconds) Command Mode Interface Config This command sets the GVRP join time for all ports and per GARP. Join time is the interval between the transmission of GARP Protocol Data Units (PDUs) registering (or re-registering) membership for a VLAN or multicast group.
Note: This command has an effect only when GVRP and GMRP are enabled. Syntax garp timer leave < 20-600 > no garp timer leave <20-600> - leave time (Range: 20 – 600) in centiseconds. no - This command sets the GVRP leave time per port to 60 centiseconds (0.6 seconds). Note: This command has an effect only when GVRP and GMRP are enabled. Default Setting 60 centiseconds (0.6 seconds) Command Mode Interface Config This command sets the GVRP leave time for all ports.
Default Setting 60 centiseconds (0.6 seconds) Command Mode Global Config This command sets how frequently Leave All PDUs are generated per port. A Leave All PDU indicates that all registrations will be unregistered. Participants would need to rejoin in order to maintain registration. The value applies per port and per GARP participation. The time may range from 200 to 6000 (centiseconds). Note: This command has an effect only when GVRP and GMRP are enabled.
Syntax garp timer leaveall all < 200-6000 > no garp timer leaveall all <200-6000> - leave time (Range: 200 – 6000) in centiseconds. all - All interfaces. no - This command sets how frequently Leave All PDUs are generated for all ports to 1000 centiseconds (10 seconds). Note: This command has an effect only when GVRP and GMRP are enabled. Default Setting 1000 centiseconds (10 seconds) Command Mode Global Config 5.2.5 IGMP Snooping 5.2.5.
Display Message Admin Mode: This indicates whether or not IGMP Snooping is active on the switch. Multicast Control Frame Count: This displays the number of multicast control frames that are processed by the CPU. Interfaces Enabled for IGMP Snooping: This is the list of interfaces on which IGMP Snooping is enabled. Vlan Enabled for IGMP Snooping: This is the list of interfaces on which IGMP Snooping is enabled.
- VLAN ID (Range: 1 – 3965). static - Displays only the configured multicast entries. dynamic - Displays only entries learned through IGMP snooping. Default Setting None Command Mode Privileged Exec Display Message VLAN: This displays VLAN ID value. MAC Addr: This displays multicast group MAC addresses. Type: This displays the type of multicast group (Dynamic/Static). Member Port: This displays the number of ports of this vlan and multicast group.
Max Response Time This displays the amount of time the switch will wait after sending a query on an interface, participating in the VLAN, because it did not receive a report for a particular group on that interface. This value may be configured. Multicast Router Expiration Time If a query is not received on an interface, participating in the VLAN, within this amount of time, the interface is removed from the list of interfaces with multicast routers attached. This value may be configured. 5.2.5.
Default Setting 260 seconds Command Mode Global Config, Interface Config ip igmp snooping interfacemode This command enables IGMP Snooping on a selected interface. If an interface which has IGMP Snooping enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), IGMP Snooping functionality will be disabled on that interface.
all - All interfaces. no - This command disables IGMP Snooping on all interfaces. Default Setting Disabled Command Mode Global Config ip igmp snooping mcrtrexpiretime This command sets the Multicast Router Present Expiration time on the system. This is the amount of time in seconds that a switch will wait for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached. The range is 0 to 3600 seconds.
- Max time (Range: 1 – 3599). no - This command sets the IGMP Maximum Response time on the system to 10 seconds. Default Setting 10 seconds Command Mode Global Config, Interface Config. ip igmp snooping immediate-leave This command enables or disables IGMP Snooping fast-leave admin mode on a selected interface or on all interfaces.
ip igmp snooping mrouter This command configures a selected interface as a multicast router interface. When configured as a multicast router interface, the interface is treated as a multicast router interface in all VLANs. Syntax ip igmp snooping mrouter interface no ip igmp snooping mrouter interface no - This command disables the status of the interface as a statically configured multicast router interface. Default Setting Disabled Command Mode Interface Config.
Command Mode Interface Config. ip igmp snooping vlan static This command is used to add a port to a multicast group. Syntax ip igmp snooping vlan static interface - VLAN ID (Range: 1 – 3965). - Multicast group MAC address. - Interface number. Default Setting None Command Mode Global Config Command Usage The maximum number of static router ports that can be configured is 64.
Default Setting None Command Mode Vlan Database set igmp groupmembership-interval This command sets the IGMP Group Membership Interval on a particular VLAN. The Group Membership Interval time is the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface, which is participating in the VLAN, before deleting the interface from the entry. This value must be greater than IGMP Maximum Response time value. The range is 2 to 3600 seconds.
Syntax set igmp maxresponse <1-3965> <1-3599> no set igmp maxresponse <1-3965> <1-3965> - VLAN ID (Range: 1 – 3965). no - This command sets the IGMP maximum response time on a particular VLAN to the default value. Default Setting 10 Command Mode Vlan Database set igmp mcrtexpiretime This command sets the Multicast Router Present Expiration time on a particular VLAN.
Vlan Database set igmp fast-leave This command enables or disables IGMP Snooping fast-leave admin mode on a selected VLAN. Enabling fastleave allows the switch to immediately remove the layer 2 LAN interface, participating in the VLAN, from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending out MAC-based general queries to the interface.
5.2.6 Port Channel 5.2.6.1 show port-channel This command displays the static capability of all port-channels (LAGs) on the device as well as a summary of individual port-channels. Syntax show port-channel Default Setting None Command Mode Privileged Exec Display Message For each port-channel the following information is displayed: Logical Interface: The field displays logical slot and the logical port. Port-Channel Name: This field displays the name of the port-channel.
Display Message Log. Intf: The logical slot and the logical port. Port-Channel Name: The name of this port-channel (LAG). You may enter any string of up to 15 alphanumeric characters. Link : Indicates whether the Link is up or down. Admin Mode: May be enabled or disabled. The factory default is enabled. Link Trap Mode: This object determines whether or not to send a trap when link status changes. The factory default is enabled.
Command Usage 1. Max number of port-channels could be created by user are 6 and Max. Number of members for each port-channel are 8. 5.2.6.3 port-channel adminmode all This command sets every configured port-channel with the same administrative mode setting. Syntax port-channel adminmode all no port-channel adminmode all no - This command disables a port-channel (LAG). The option all sets every configured port-channel with the same administrative mode setting.
Default Setting Disabled Command Mode Interface Config 5.2.6.5 port-channel linktrap This command enables link trap notifications for the port-channel (LAG). The interface is a logical slot and port for a configured port-channel. The option all sets every configured port-channel with the same administrative mode setting. Syntax port-channel linktrap { | all} no port-channel linktrap { | all} - Port-Channel Interface number.
port-channel name { | all} - Port-Channel Interface number. all - all Port-Channel interfaces. - Configured Port-Channel name (up to 15 characters). Default Setting None Command Mode Global Config 5.2.6.7 adminmode This command enables a port-channel (LAG) members. The interface is a logical slot and port for a configured port-channel. Syntax adminmode no adminmode no - This command disables a configured port-channel (LAG).
Syntax lacp no lacp no - This command disables Link Aggregation Control Protocol (LACP) on a port. Default Setting Enabled Command Mode Interface Config This command enables Link Aggregation Control Protocol (LACP) on all ports. Syntax lacp all no lacp all all - All interfaces. no - This command disables Link Aggregation Control Protocol (LACP) on all ports. Default Setting Enabled Command Mode Global Config 5.2.6.9 channel-group This command adds one port to the port-channel (LAG).
Note: Before adding a port to a port-channel, set the physical mode of the port. See ‘speed’ command. Syntax channel-group - Port-Channel Interface number. Default Setting None Command Mode Interface Config Command Usage 1. The maximum number of members for each Port-Channel is 6. 5.2.6.10 delete-channel-group This command deletes the port from the port-channel (LAG). The interface is a logical slot and port number of a configured port-channel.
Syntax delete-channel-group all - Port-Channel Interface number. all - All members for specific Port-Channel. Default Setting None Command Mode Global Config 5.2.7 Storm Control 5.2.7.1 show storm-control This command is used to display broadcast storm control information. Syntax show storm-control broadcast Default Setting None Command Mode Privileged Exec Display Message Intf: Displays interface number. Mode: Displays status of storm control broadcast.
This command is used to display multicast storm control information. Syntax show storm-control multicast Default Setting None Command Mode Privileged Exec Display Message Intf: Displays interface number. Mode: Displays status of storm control multicast. Level: Displays level for storm control multicast Rate: Displays rate for storm control multicast.
5.2.7.2 storm-control broadcast This command enables broadcast storm recovery mode on the selected interface. If the mode is enabled, broadcast storm recovery with high threshold is implemented. The threshold implementation follows a percentage pattern.
Disabled Command Mode GlobaI Config 5.2.7.3 storm-control multicast This command enables multicast storm recovery mode on the selected interface. Syntax storm-control multicast no storm-control multicast no - This command disables multicast storm recovery mode on the selected interface. Default Setting None Command Mode Interface Config This command enables multicast storm recovery mode on all interfaces.
5.2.7.4 storm-control unicast This command enables unicast storm recovery mode on the selected interface. Syntax storm-control unicast no storm-control unicast no - This command disables unicast storm recovery mode on the selected interface. Default Setting None Command Mode Interface Config This command enables unicast storm recovery mode on all interfaces. Syntax storm-control unicast no storm-control unicast no - This command disables unicast storm recovery mode on all interfaces.
5.2.7.5 switchport broadcast packet-rate This command will protect your network from broadcast storms by setting a threshold level for broadcast traffic on each port. Syntax switchport broadcast packet-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 10G port. 2 - Threshold level represents 128 pps for 1G Port or 2084 pps for 10G port. 3 - Threshold level represents 256 pps for 1G Port or 3124 pps for 10G port.
Level 4 Command Mode Global Config 5.2.7.6 switchport multicast packet-rate This command will protect your network from multicast storms by setting a threshold level for multicast traffic on each port. Syntax switchport multicast packet-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 10G port. 2 - Threshold level represents 128 pps for 1G Port or 2084 pps for 10G port. 3 - Threshold level represents 256 pps for 1G Port or 3124 pps for 10G port.
all - This command represents all interfaces. Note: pps (packet per second) Default Setting Level 4 Command Mode Global Config 5.2.7.7 switchport unicast packet-rate This command will protect your network from unicast storms by setting a threshold level for unicast traffic on each port. Syntax switchport unicast packet-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 10G port. 2 - Threshold level represents 128 pps for 1G Port or 2084 pps for 10G port.
switchport unicast all packet-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 10G port. 2 - Threshold level represents 128 pps for 1G Port or 2084 pps for 10G port. 3 - Threshold level represents 256 pps for 1G Port or 3124 pps for 10G port. 4 - Threshold level represents 512 pps for 1G Port or 4167 pps for 10G port. all - This command represents all interfaces. Note: pps (packet per second) Default Setting Level 4 Command Mode Global Config 5.2.8 L2 Priority 5.2.8.
5.2.8.2 queue cos-map This command is used to assign class of service (CoS) value to the CoS priority queue. Syntax queue cos-map no queue cos-map - The queue id of the CoS priority queue (Range: 0 - 7 ). - The CoS value that is mapped to the queue id (Range: 0 - 7 ). no - Sets the CoS map to the default values. Default Setting priority queue 0 1 1 0 2 0 3 1 4 2 5 2 6 3 7 3 Command Mode Interface Config 5.2.9 Port Mirror 5.2.9.
Default Setting None Command Mode Privileged Exec Display Message Session ID: indicates the session ID. Admin Mode: indicates whether the Port Monitoring feature is enabled or disabled. The possible values are enabled and disabled. Probe Port: is the slot/port that is configured as the probe port. If this value has not been configured, 'Not Configured' will be displayed. Mirrored Port: is the slot/port that is configured as the monitored port.
Syntax no port-monitor Default Setting None Command Mode Global Config 5.2.9.3 port-monitor session mode This command configures the administration mode of port-monitoring function for a monitor session. Syntax port-monitor session mode no port-monitor session mode - Session ID. no - This command disables port-monitoring function for a monitor session. 5.3 Management Commands 5.3.1 Network Commands 5.3.1.
Syntax show ip interface Default Setting None Command Mode Privileged Exec Display Message IP Address: The IP address of the interface. The factory default value is 0.0.0.0 Subnet Mask: The IP subnet mask for this interface. The factory default value is 0.0.0.0 Default Gateway: The default gateway for this IP interface. The factory default value is 0.0.0.0 Burned In MAC Address: The burned in MAC address used for in-band connectivity.
5.3.1.3 show ip ipv6 This command displays the IPv6 forwarding status of all ports. Syntax show ip ipv6 Default Setting None Command Mode Privileged Exec Display Message Intf: Interface number Type: Status of each interface for IPv6. 5.3.1.4 mtu This command sets the maximum transmission unit (MTU) size (in bytes) for physical and port-channel (LAG) interfaces. For the standard implementation, the range of <1518-9216> is a valid integer between 1518-9216.
5.3.1.5 interface vlan This command is used to enter Interface-vlan configuration mode. Syntax interface vlan - VLAN ID (Range: 1 - 3965). Default Setting None Command Mode Global Config 5.3.1.6 ip address This command sets the IP Address, and subnet mask. The IP Address and the gateway must be on the same subnet.
Interface-Vlan Config Command Usage Once the IP address is set, the VLAN ID’s value will be assigned to management VLAN. 5.3.1.7 ip default-gateway This command sets the IP Address of the default gateway. Syntax ip default-gateway no ip default-gateway < gateway > - IP address of the default gateway no - Restore the default IP address of the default gateway Default Setting IP address: 0.0.0.0 Command Mode Global Config 5.3.1.
- Obtains IP address from DHCP. - Obtains IP address by setting configuration. Default Setting None Command Mode Interface-Vlan Config 5.3.1.9 ip filter This command is used to enable the IP filter function. Syntax ip filter no ip filter no – Disable ip filter. Default Setting Disabled Command Mode Global Config This command is used to set an IP address to be a filter. Syntax ip filter no ip filter - Configure a IP address to be a filter.
Default Setting None Command Mode Global Config 5.3.1.10 ip ipv6 This command is used to enable the Ipv6 function on specific interface. Syntax ip ipv6 no ip ipv6 no - disable IPv6. Default Setting Enabled Command Mode Interface Config This command is used to enable the Ipv6 function on all interfaces. Syntax ip ipv6 all no ip ipv6 all all - All interfaces. no - disable IPv6.
Command Mode Global Config 5.3.2 Serial Interface Commands 5.3.2.1 show line console This command displays serial communication settings for the switch. Syntax show line console Default Setting None Command Mode Privileged Exec Display Message Serial Port Login Timeout (minutes): Specifies the time, in minutes, of inactivity on a Serial port connection, after which the switch will close the connection. Any numeric value between 0 and 160 is allowed, the factory default is 5.
Syntax line console Default Setting None Command Mode Global Config 5.3.2.3 baudrate This command specifies the communication rate of the terminal interface. The supported rates are 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200. Syntax baudrate {1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600 | 115200} no baudrate no - This command sets the communication rate of the terminal interface to 115200. Default Setting 115200 Command Mode Line Config 5.3.2.
<0-160> - max connect time (Range: 0 -160). no - This command sets the maximum connect time (in minutes) without console activity to 5. Default Setting 5 Command Mode Line Config 5.3.2.5 password-threshold This command is used to set the password instruction threshold limiting the number of failed login attempts. Syntax password-threshold <0-120> no password-threshold - max threshold (Range: 0 - 120). no - This command sets the maximum value to the default.
<0-65535> - silent time (Range: 0 - 65535) in seconds. no - This command sets the maximum value to the default. Default Setting 0 Command Mode Line Config 5.3.3 Telnet Session Commands 5.3.3.1 telnet This command establishes a new outbound telnet connection to a remote host. Syntax telnet [port] [debug] [line] [echo] - A hostname or a valid IP address. [port] - A valid decimal integer in the range of 0 to 65535, where the default value is 23.
Syntax show line vty Default Setting None Command Mode Privileged Exec Display Message Remote Connection Login Timeout (minutes): This object indicates the number of minutes a remote connection session is allowed to remain inactive before being logged off. A zero means there will be no timeout. May be specified as a number from 0 to 160. The factory default is 5. Maximum Number of Remote Connection Sessions: This object indicates the number of simultaneous remote connection sessions allowed.
5.3.3.4 exec-timeout This command sets the remote connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set. A value of 0 indicates that a session remains active indefinitely. The time is a decimal value from 0 to 160. Note: Changing the timeout value for active sessions does not become effective until the session is reaccessed. Any keystroke will also activate the new timeout duration.
3 Command Mode Telnet Config 5.3.3.6 maxsessions This command specifies the maximum number of remote connection sessions that can be established. A value of 0 indicates that no remote connection can be established. The range is 0 to 5. Syntax maxsessions <0-5> no maxsessions <0-5> - max sessions (Range: 0 - 5). no - This command sets the maximum value to be 5. Default Setting 5 Command Mode Telnet Config 5.3.3.7 sessions This command regulates new telnet sessions.
no - This command disables telnet sessions. If sessions are disabled, no new telnet sessions are established. Default Setting Enabled Command Mode Telnet Config 5.3.3.8 telnet sessions This command regulates new outbound telnet connections. If enabled, new outbound telnet sessions can be established until it reaches the maximum number of simultaneous outbound telnet sessions allowed. If disabled, no new outbound telnet session can be established.
Syntax telnet maxsessions <0-5> no maxsessions <0-5> - max sessions (Range: 0 - 5). no - This command sets the maximum value to be 5. Default Setting 5 Command Mode Global Config 5.3.3.10 telnet exec-timeout This command sets the outbound telnet session timeout value in minute. Note: Changing the timeout value for active sessions does not become effective until the session is reaccessed. Any keystroke will also activate the new timeout duration.
5.3.3.11 show telnet This command displays the current outbound telnet settings. Syntax show telnet Default Setting None Command Mode User Exec, Privileged Exec Display Message Outbound Telnet Login Timeout (in minutes) Indicates the number of minutes an outbound telnet session is allowed to remain inactive before being logged off. A value of 0, which is the default, results in no timeout. Maximum Number of Outbound Telnet Sessions Indicates the number of simultaneous outbound telnet connections allowed.
Syntax show snmp Default Setting None Command Mode Privileged Exec Display Message SNMP Community Name: The community string to which this entry grants access. A valid entry is a case-sensitive alphanumeric string of up to 16 characters. Each row of this table must contain a unique community name. Client IP Address: An IP address (or portion thereof) from which this device will accept SNMP packets with the associated community.
Authentication Flag: May be enabled or disabled. The factory default is enabled. Indicates whether authentication failure traps will be sent. Link Up/Down Flag: May be enabled or disabled. The factory default is enabled. Indicates whether link status traps will be sent. Multiple Users Flag: May be enabled or disabled. The factory default is enabled. Indicates whether a trap will be sent when the same user ID is logged into the switch more than once at the same time (either via telnet or serial port).
snmp-server location - range is from 1 to 31 alphanumeric characters. Default Setting None Command Mode Global Config 5.3.4.5 snmp-server contact This command sets the organization responsible for the network. The range for contact is from 1 to 31 alphanumeric characters. Syntax snmp-server contact - Range is from 1 to 31 alphanumeric characters. Default Setting None Command Mode Global Config 5.3.4.6 snmp-server community This command adds (and names) a new SNMP community.
Syntax snmp-server community no snmp-server community - community name (up to 16 case-sensitive characters). no - This command removes this community name from the table. The name is the community name to be deleted. Default Setting Two default community names: public and private. You can replace these default community names with unique identifiers for each community. The default values for the remaining four community names are blank.
Command Mode Global Config This command sets a client IP mask for an SNMP community. The address is the associated community SNMP packet sending address and is used along with the client IP address value to denote a range of IP addresses from which SNMP clients may use that community to access the device. A value of 255.255.255.255 will allow access from only one station, and will use that machine's IP address for the client IP Address. A value of 0.0.0.0 will allow access from any IP address.
- access mode is read-only. - access mode is read/write. Default Setting None Command Mode Global Config 5.3.4.7 snmp-server host This command sets a client IP address for an SNMP community. The address is the associated community SNMP packet sending address and is used along with the client IP mask value to denote a range of IP addresses from which SNMP clients may use that community to access the device. A value of 0.0.0.0 allows access from any IP address.
Syntax snmp-server enable traps authentication no snmp-server enable traps authentication no - This command disables the Authentication trap. Default Setting Enabled Command Mode Global Config This command enables the DVMRP trap. Syntax snmp-server enable traps dvmrp no snmp-server enable traps dvmrp no - This command disables the DVMRP trap. Default Setting Enabled Command Mode Global Config This command enables Link Up/Down traps for the entire switch.
Default Setting Enabled Command Mode Global Config This command enables Multiple User traps. When the traps are enabled, a Multiple User Trap is sent when a user logs in to the terminal interface (EIA 232 or telnet) and there is an existing terminal interface session. Syntax snmp-server enable traps multiusers no snmp-server enable traps multiusers no - This command disables Multiple User trap. Default Setting Enabled Command Mode Global Config This command enables OSPF traps.
Global Config This command enables PIM traps. Syntax snmp-server enable traps pim no snmp-server enable traps pim no - This command disables PIM trap. Default Setting Enabled Command Mode Global Config This command enables the sending of new root traps and topology change notification traps. Syntax snmp-server enable traps stpmode no snmp-server enable traps stpmode no - This command disables the sending of new root traps and topology change notification traps.
5.3.5 SNMP Trap Commands 5.3.5.1 show snmptrap This command displays SNMP trap receivers. Trap messages are sent across a network to an SNMP Network Manager. These messages alert the manager to events occurring within the switch or on the network. Six trap receivers are simultaneously supported. Syntax show snmptrap Default Setting None Command Mode Privileged Exec Display Message SNMP Trap Name: The community string of the SNMP trap packet sent to the trap manager.
no snmp trap link-status no - This command disables link status traps by interface. Note: This command is valid only when the Link Up/Down Flag is enabled. (See ‘snmpserver enable traps linkmode’ command.) Default Setting Disabled Command Mode Interface Config This command enables link status traps for all interfaces. Note: This command is valid only when the Link Up/Down Flag is enabled (See ‘snmpserver enable traps linkmode’ command.
5.3.5.3 snmptrap This command adds an SNMP trap name. The maximum length of the name is 16 case-sensitive alphanumeric characters. Syntax snmptrap no snmptrap - SNMP trap name (Range: up to 16 case-sensitive alphanumeric characters). - an IP address of the trap receiver. no - This command deletes trap receivers for a community. Default Setting None Command Mode Global Config 5.3.5.
Default Setting None Command Mode Global Config 5.3.5.5 snmptrap mode This command activates or deactivates an SNMP trap. Enabled trap receivers are active (able to receive traps). Disabled trap receivers are inactive (not able to receive traps). Syntax snmptrap mode no snmptrap mode - SNMP trap name. - an IP address. no - This command deactivates an SNMP trap. Trap receivers are inactive (not able to receive traps).
Default Setting None Command Mode Privileged Exec Display Message HTTP Mode (Unsecure): This field indicates whether the HTTP mode is enabled or disabled. HTTP Port: This field specifies the port configured for HTTP. HTTP Mode (Secure): This field indicates whether the administrative mode of secure HTTP is enabled or disabled. Secure Port: This field specifies the port configured for SSLT. Secure Protocol Level(s): The protocol level may have the values of SSL3, TSL1, or both SSL3 and TSL1. 5.3.6.
Syntax ip http port <1-65535> no ip http port <1-65535> - HTTP Port value. no - This command is used to reset the http port to the default value. Default Setting 80 Command Mode Global Config 5.3.6.4 ip http server This command enables access to the switch through the Web interface. When access is enabled, the user can login to the switch from the Web interface. When access is disabled, the user cannot login to the switch's Web server. Disabling the Web interface takes effect immediately.
5.3.6.5 ip http secure-port This command is used to set the SSLT port where port can be 1-65535 and the default is port 443. Syntax ip http secure-port no ip http secure-port - SSLT Port value. no - This command is used to reset the SSLT port to the default value. Default Setting 443 Command Mode Global Config 5.3.6.6 ip http secure-server This command is used to enable the secure socket layer for secure HTTP.
5.3.6.7 ip http secure-protocol This command is used to set protocol levels (versions). The protocol level can be set to TLS1, SSL3 or to both TLS1 and SSL3. Syntax ip http secure-protocol [protocollevel2] no ip http secure-protocol [protocollevel2] - The protocol level can be set to TLS1, SSL3 or to both TLS1 and SSL3. no - This command is used to remove protocol levels (versions) for secure HTTP.
Max SSH Sessions Allowed: The maximum number of inbound SSH sessions allowed on the switch. SSH Timeout: This field is the inactive timeout value for incoming SSH sessions to the switch. 5.3.7.2 ip ssh This command is used to enable SSH. Syntax ip ssh no ip ssh no - This command is used to disable SSH. Default Setting Disabled Command Mode Global Config 5.3.7.3 ip ssh protocol This command is used to set or remove protocol levels (or versions) for SSH.
5.3.7.4 ip ssh maxsessions This command specifies the maximum number of SSH connection sessions that can be established. A value of 0 indicates that no ssh connection can be established. The range is 0 to 5. Syntax ip ssh maxsessions <0-5> no ip ssh maxsessions <0-5> - maximum number of sessions. no - This command sets the maximum number of SSH connection sessions that can be established to the default value. Default Setting SSH1 and SSH2 Command Mode Global Config 5.3.7.
<1-160> - timeout interval in seconds. no - This command sets the SSH connection session timeout value, in minutes, to the default. Changing the timeout value for active sessions does not become effective until the session is reaccessed. Any keystroke will also activate the new timeout duration. Default Setting 5 Command Mode Global Config 5.3.8 DHCP Client Commands 5.3.8.1 ip dhcp restart This command is used to initiate a BOOTP or DCHP client request.
no ip dhcp client-identifier - A text string. (Range: 1-15 characters). - The hexadecimal value (00:00:00:00:00:00). no - This command is used to restore to default value. Default Setting System Burned In MAC Address Command Mode Global Config 5.3.9 DHCP Relay Commands 5.3.9.1 Show bootpdhcprelay This command is used to display the DHCP relay agent configuration information on the system.
Server IP Address - IP address of the BOOTP/DHCP server or the IP address of the next BOOTP/DHCP Relay Agent. Circuit Id Option Mode - This is the Relay agent option which can be either enabled or disabled. When enabled Relay Agent options will be added to requests before they are forwarded to the server and removed from replies before they are forwarded to clients. Requests Received - The total number of BOOTP/DHCP requests received from all clients since the last time the switch was reset.
Syntax bootpdhcprelay serverip no bootpdhcprelay serverip - A server IP address. no - This command is used to reset to the default value. Default Setting IP 0.0.0.0 Command Mode Global Config 5.4 Spanning Tree Commands z z This section provides detailed explanation of the spanning tree commands. The commands are divided into two functional groups: Show commands display spanning tree settings, statistics, and other information.
None Command Mode Privileged Exec Display Message Bridge Priority: Configured value. Bridge Identifier: The MAC Address for the Bridge from which the Bridge Identifiers used by the Spanning Tree Algorithm and Protocol. Time Since Topology Change: In seconds. Topology Change Count: Number of times changed. Topology Change in progress: Boolean value of the Topology Change parameter for the switch indicating if a topology change is in progress on any port assigned to the common and internal spanning tree.
Privileged Exec Display Message Port Mode: The administration mode of spanning tree. Port Up Time Since Counters Last Cleared: Time since the port was reset, displayed in days, hours, minutes, and seconds. STP BPDUs Transmitted: Spanning Tree Protocol Bridge Protocol Data Units sent. STP BPDUs Received: Spanning Tree Protocol Bridge Protocol Data Units received. RST BPDUs Transmitted: Rapid Spanning Tree Protocol Bridge Protocol Data Units sent.
Syntax show spanning-tree mst detailed <0-4094> <0-4094> - multiple spanning tree instance ID. Default Setting None Command Mode Privileged Exec Display Message MST Instance ID: The multiple spanning tree instance ID. MST Bridge Priority: The bridge priority of current MST. MST Bridge Identifier: The bridge ID of current MST. Time Since Topology Change: In seconds. Topology Change Count: Number of times the topology has changed for this multiple spanning tree instance.
For each MSTID: The multiple spanning tree instance ID. Associated FIDs: List of forwarding database identifiers associated with this instance. Associated VLANs: List of VLAN IDs associated with this instance. This command displays the detailed settings and parameters for a specific switch port within a particular multiple spanning tree instance. The instance is a number that corresponds to the desired existing multiple spanning tree instance. The is the desired switch port.
Auto-calculate Port Path Cost: Indicate the port auto-calculate port path cost Auto-calculate External Port Path Cost - Displays whether the external path cost is automatically calculated (Enabled) or not (Disabled). External Path cost will be calculated based on the link speed of the port if the configured value for External Port Path Cost is zero. External Port Path Cost - The External Path Cost of the specified port in the spanning tree.
STP Mode: Indicate STP mode. Type: Currently not used. STP State: The forwarding state of the port in the specified spanning tree instance. Port Role: The role of the specified port within the spanning tree. 5.4.1.5 show spanning-tree summary This command displays spanning tree settings and parameters for the switch. The following details are displayed on execution of the command.
Default Setting None Command Mode Privileged Exec Display Message Bridge Priority: Configured value. Bridge Identifier: The bridge ID of current Spanning Tree. Bridge Max Age: Configured value. Bridge Hello Time: Configured value. Bridge Forward Delay: Configured value. Bridge Hold Time: Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs). 5.4.2 Configuration Commands 5.4.2.1 spanning-tree This command sets the spanning-tree operational mode to be enabled.
Syntax spanning-tree protocol-migration { | all} no spanning-tree protocol-migration { | all} - is the desired interface number. all - All interfaces. no - This command disables BPDU migration check on a given interface. The all option disables BPDU migration check on all interfaces. Default Setting None Command Mode Global Config 5.4.2.
This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using. The Configuration Identifier Revision Level is a number in the range of 0 to 65535. Syntax spanning-tree configuration revision <0-65535> no spanning-tree configuration revision - Revision Level is a number in the range of 0 to 65535.
Command Mode Global Config 5.4.2.5 spanning-tree forward-time This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree. The forward-time value is in seconds within a range of 4 to 30, with the value being greater than or equal to "(Bridge Max Age / 2) + 1". Syntax spanning-tree forward-time <4-30> no spanning-tree forward-time <4-30> - forward time value (Range: 4 – 30).
<1-10> - hellotime value (Range: 1 – 10). no - This command sets the Hello Time parameter for the common and internal spanning tree to the default value, that is, 2. Default Setting 2 Command Mode Global Config 5.4.2.7 spanning-tree max-age This command sets the Bridge Max Age parameter to a new value for the common and internal spanning tree.
Syntax spanning-tree max-hops <1-127> no spanning-tree max-hops <1-127> - the Maximum hops value (Range: 1-127). no - This command sets the Bridge Max Hops parameter for the common and internal spanning tree to the default value. Default Setting 20 Command Mode Global Config 5.4.2.9 spanning-tree mst This command adds a multiple spanning tree instance to the switch. The instance <1-3965> is a number within a range of 1 to 3965 that corresponds to the new instance ID to be added.
This command sets the bridge priority for a specific multiple spanning tree instance. The instance is a number that corresponds to the desired existing multiple spanning tree instance. The priority value is a number within a range of 0 to 61440 in increments of 4096. If 0 (defined as the default CIST ID) is passed as the , then this command sets the Bridge Priority parameter to a new value for the common and internal spanning tree.
spanning-tree mst vlan <0-4094> <1-3965> no spanning-tree mst vlan <0-4094> <1-3965> <0-4094> - multiple spanning tree instance ID. <1-3965> - VLAN ID (Range: 1 – 3965). no - This command removes an association between a multiple spanning tree instance and a VLAN. The VLAN will again be associated with the common and internal spanning tree. The instance <0-4094> is a number that corresponds to the desired existing multiple spanning tree instance. The <1-3965> corresponds to an existing VLAN ID.
If the ‘cost’ token is specified, this command sets the path cost for this port within a multiple spanning tree instance or the common and internal spanning tree instance, depending on the <0-4094> parameter, to the default value, that is, a pathcost value based on the Link Speed. Default Setting Cost : auto Command Mode Interface Config This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance or in the common and internal spanning tree.
Interface Config 5.4.2.10 spanning-tree port mode This command sets the Administrative Switch Port State for this port to enabled. Syntax spanning-tree port mode no spanning-tree port mode no - This command sets the Administrative Switch Port State for this port to disabled. Default Setting Disabled Command Mode Interface Config This command sets the Administrative Switch Port State for all ports to enabled. Syntax spanning-tree port mode all no spanning-tree port mode all all - All interfaces.
5.4.2.11 spanning-tree edgeport This command specifies that this port is an Edge Port within the common and internal spanning tree. This will allow this port to transition to Forwarding State without delay. Syntax spanning-tree edgeport no spanning-tree edgeport no - This command specifies that this port is not an Edge Port within the common and internal spanning tree. Default Setting None Command Mode Interface Config 5.5 System Log Management Commands 5.5.1 Show Commands 5.5.1.
Display Message Logging Client Local Port The port on the collector/relay to which syslog messages are sent CLI Command Logging The mode for CLI command logging. Console Logging The mode for console logging. Console Logging Severity Filter The minimum severity to log to the console log. Messages with an equal or lower numerical severity are logged. Buffered Logging The mode for buffered logging. Syslog Logging The mode for logging to configured syslog hosts.
Syntax show logging traplogs Default Setting None Command Mode Privileged Exec Display Message Number of Traps since last reset: The number of traps that have occurred since the last reset of this device. Trap Log Capacity: The maximum number of traps that could be stored in the switch. Log: The sequence number of this trap. System Up Time: The relative time since the last reboot of the switch at which this trap occurred. Trap: The relevant information of this trap.
5.5.4 Configuration Commands 5.5.4.1 logging buffered This command enables logging to in-memory log where up to 128 logs are kept. Syntax logging buffered no logging buffered no - This command disables logging to in-memory log. Default Setting None Command Mode Privileged Exec This command enables wrapping of in-memory logging when full capacity reached. Otherwise when full capacity is reached, logging stops.
5.5.4.2 logging console This command enables logging to the console. Syntax logging console [ | <0-7>] no logging console [ | <0-7>] - The value is specified as either an integer from 0 to 7 or symbolically through one of the following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), informational (6), debug (7). no - This command disables logging to the console. Default Setting None Command Mode Privileged Exec 5.5.4.
Default Setting None Command Mode Privileged Exec This command disables logging to hosts. Syntax logging host remove < hostindex > - Index of the log server. Default Setting None Command Mode Privileged Exec This command reconfigures the IP address of the log server. Syntax logging host reconfigure < hostindex > - Index of the log server. - New IP address of the log server.
Privileged Exec 5.5.4.4 logging syslog This command enables syslog logging. Syntax logging syslog no logging syslog no - Disables syslog logging. Default Setting None Command Mode Privileged Exec This command sets the local port number of the LOG client for logging messages. . Syntax logging syslog port no logging syslog port no - Resets the local logging port to the default.
Command Mode Privileged Exec 5.5.4.5 clear logging buffered This command clears all in-memory log. Syntax clear logging buffered Default Setting None Command Mode Privileged Exec 5.6 Script Management Commands 5.6.1 script apply This command applies the commands in the configuration script to the switch. The apply command backs up the running configuration and then starts applying the commands in the script file. Application of the commands stops at the first failure of a command.
None Command Mode Privileged Exec 5.6.2 script delete This command deletes a specified script or all the scripts presented in the switch. Syntax script delete { | all} - The name of the script to be deleted. all - Delete all scripts presented in the switch Default Setting None Command Mode Privileged Exec 5.6.3 script list This command lists all scripts present on the switch as well as the total number of files present.
Default Setting None Command Mode Privileged Exec 5.6.4 script show This command displays the content of a script file. Syntax script show - Name of the script file. Default Setting None Command Mode Privileged Exec 5.7 User Account Management Commands 5.7.1 Show Commands 5.7.1.1 show users This command displays the configured user names and their settings. This command is only available for users with readwrite privileges.
Syntax show users Default Setting None Command Mode Privileged Exec Display Message User Name: The name the user will use to login using the serial port, Telnet or Web. A new user may be added to the switch by entering a name in a blank entry. The user name may be up to eight characters, and is not case sensitive. Two users are included as the factory default, admin, and guest.
no username - is a new user name (Range: up to 8 characters). no - This command removes a user name created before. Note: The admin user account cannot be deleted. nopassword - This command sets the password of an existing operator to blank. When a password is changed, a prompt will ask for the operator's former password. If none, press enter. Default Setting No password Command Mode Global Config 5.7.2.
Global Config 5.7.2.3 username snmpv3 encryption This command specifies the encryption protocol and key to be used for the specified login user. The valid encryption protocols are none or des. The des protocol requires a key, which can be specified on the command line. The key may be up to 16 characters. If the des protocol is specified but a key is not provided, the user will be prompted to enter the key. If none is specified, a key must not be provided.
Syntax show users authentication Default Setting None Command Mode Privileged Exec Display Message User: This field lists every user that has an authentication login list assigned. System Login: This field displays the authentication login list assigned to the user for system login. 802.1x: This field displays the authentication login list assigned to the user for 802.1x port security. 5.8.1.2 show authentication This command displays the ordered authentication methods for all authentication login lists.
5.8.1.3 show authentication users This command displays information about the users assigned to the specified authentication login list. If the login is assigned to non-configured users, the user “default” will appear in the user column. Syntax show authentication users - the authentication login listname. Default Setting None Command Mode Privileged Exec Display Message User Name: This field displays the user assigned to the specified authentication login list.
5.8.1.5 show dot1x detail This command is used to show a summary of the global dot1x configuration and the detailed dot1x configuration for a specified port. Syntax show dot1x detail - is the desired interface number. Default Setting None Command Mode Privileged Exec Display Message Port: The interface whose configuration is displayed Protocol Version: The protocol version associated with this port.
5.8.1.6 show dot1x statistics This command is used to show a summary of the global dot1x configuration and the dot1x statistics for a specified port. Syntax show dot1x statistics - is the desired interface number. Default Setting None Command Mode Privileged Exec Display Message Port: The interface whose statistics are displayed. EAPOL Frames Received: The number of valid EAPOL frames of any type that have been received by this authenticator.
5.8.1.7 show dot1x summary This command is used to show a summary of the global dot1x configuration and summary information of the dot1x configuration for a specified port or all ports. Syntax show dot1x summary { | all} - is the desired interface number. all - All interfaces. Default Setting None Command Mode Privileged Exec Display Message Interface: The interface whose configuration is displayed. Control Mode: The configured control mode for this port.
None Command Mode Privileged Exec Display Message User: Users configured locally to have access to the specified port. 5.8.1.9 show radius-servers This command is used to display items of the configured RADIUS servers.
Command Mode Privileged Exec Display Message Current Server IP Address: Indicates the configured server currently in use for authentication Number of configured servers: The configured IP address of the authentication server Number of retransmits: The configured value of the maximum number of times a request packet is retransmitted Timeout Duration: The configured timeout value, in seconds, for request re-transmissions RADIUS Accounting Mode: Disable or Enabled 5.8.1.
Requests: The number of RADIUS Accounting-Request packets sent to this accounting server. This number does not include retransmissions. Retransmission: The number of RADIUS Accounting-Request packets retransmitted to this RADIUS accounting server. Responses: The number of RADIUS packets received on the accounting port from this server. Malformed Responses: The number of malformed RADIUS Accounting-Response packets received from this server. Malformed packets include packets with an invalid length.
Access Requests: The number of RADIUS Access-Request packets sent to this server. This number does not include retransmissions. Access Retransmission: The number of RADIUS Access-Request packets retransmitted to this RADIUS authentication server. Access Accepts: The number of RADIUS Access-Accept packets, including both valid and invalid packets, which were received from this server.
Server 1 Retry: Retry count if TACACS server has no response Server 1 Mode: Current TACACS server admin mode (disable, master or slave) Server 2 Port: TACACS packet port number Server 2 Key: Secret Key between TACACS server and client Server 2 IP: Second TACACS Server IP address Server 2 Timeout (sec): Timeout value in seconds while TACACS server has no response Server 2 Retry: Retry count if TACACS server has no response Server 2 Mode: Current TACACS server admin mode (disable, master or slave) Server 3 Po
Syntax show port-security { | all } Default Setting None Command Mode Privileged Exec Display Message Intf Interface Number. Interface Admin Mode Port Locking mode for the Interface. Dynamic Limit Maximum dynamically allocated MAC Addresses. Static Limit Maximum statically allocated MAC Addresses. Violation Trap Mode Whether violation traps are enabled. This command shows the dynamically locked MAC addresses for port.
None Command Mode Privileged Exec Display Message MAC address Statically locked MAC address. This command displays the source MAC address of the last packet that was discarded on a locked port. Syntax show port-security violation Default Setting None Command Mode Privileged Exec Display Message MAC address MAC address of discarded packet on locked ports. 5.8.2 Configuration Commands 5.8.2.1 authentication login This command creates an authentication login list.
The value of local indicates that the user’s locally stored ID and password are used for authentication. The value of radius indicates that the user’s ID and password will be authenticated using the RADIUS server. The value of reject indicates that the user is never authenticated. The value of tacacs indicates that the user’s ID and password will be authenticated using the TACACS.
- an authentication login list. Default Setting None Command Mode Global Config 5.8.2.3 username login This command assigns the specified authentication login list to the specified user for system login. The must be a configured and the must be a configured login list. If the user is assigned a login list that requires remote authentication, all access to the interface from all CLI, web, and telnet sessions will be blocked until the authentication is complete.
5.8.3 Dot1x Configuration Commands 5.8.3.1 dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned. Syntax dot1x initialize - is the desired interface number. Default Setting None Command Mode Privileged Exec 5.8.3.
5.8.3.3 dot1x login This command assigns the specified authentication login list to the specified user for 802.1x port security. The parameter must be a configured user and the parameter must be a configured authentication login list. Syntax dot1x login - is the login user name. - an authentication login list. Default Setting None Command Mode Global Config 5.8.3.
Global Config 5.8.3.5 dot1x user This command adds the specified user to the list of users with access to the specified port or all ports. The parameter must be a configured user. Syntax dot1x user { | all} no dot1x user { | all} - Is the login user name. - Is the desired interface number. all - All interfaces. no - This command removes the user from the list of users with access to the specified port or all ports.
dot1x port-control all {auto | force-authorized | force-unauthorized} no dot1x port-control all all - All interfaces. no - This command sets the authentication mode to be used on all ports to 'auto'. Default Setting auto Command Mode Global Config This command sets the authentication mode to be used on the specified port. The control mode may be one of the following. force-unauthorized: The authenticator PAE unconditionally sets the controlled port to unauthorized.
5.8.3.7 dot1x max-req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. The <1-10> value must be in the range 1 - 10. Syntax dot1x max-req <1-10> no dot1x max-req <1-10> - maximum number of times (Range: 1 – 10).
5.8.3.9 dot1x re-reauthenticate This command begins the re-authentication sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned. Syntax dot1x re-authenticate - is the desired interface number. Default Setting None Command Mode Privileged Exec 5.8.3.
server-timeout: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to timeout the authentication server. The supp-timeout must be a value in the range 1 - 65535. Syntax dot1x timeout {quiet-period | reauth-period | server-timeout | supp-timeout | tx-period} no dot1x timeout {quiet-period | reauth-period | server-timeout | supp-timeout | tx-period} - Value in the range 0 – 65535.
no - This command is used to set the RADIUS accounting function to the default value - that is, the RADIUS accounting function is disabled. Default Setting Disabled Command Mode Global Config 5.8.4.2 radius-server host This command is used to configure the RADIUS authentication and accounting server. If the 'auth' token is used, the command configures the IP address to use to connect to a RADIUS authentication server. Up to 3 servers can be configured per RADIUS client.
Default Setting None Command Mode Global Config 5.8.4.3 radius-sever key This command is used to configure the shared secret between the RADIUS client and the RADIUS accounting / authentication server. Depending on whether the 'auth' or 'acct' token is used, the shared secret will be configured for the RADIUS authentication or RADIUS accounting server. The IP address provided must match a previously configured server. When this command is executed, the secret will be prompted.
no radius-server retransmit - the maximum number of times (Range: 1 - 15). no - This command sets the maximum number of times a request packet is re-transmitted, when no response is received from the RADIUS server, to the default value, that is, 10. Default Setting 10 Command Mode Global Config 5.8.4.5 radius-server timeout This command sets the timeout value (in seconds) after which a request must be retransmitted to the RADIUS server if no response is received.
Syntax radius-server msgauth - is a IP address. Default Setting None Command Mode Global Config 5.8.4.7 radius-server primary This command is used to configure the primary RADIUS authentication server for this RADIUS client. The primary server is the one that is used by default for handling RADIUS requests. The remaining configured servers are only used if the primary server cannot be reached. A maximum of three servers can be configured on each client.
5.8.5 TACACS Configuration Commands 5.8.5.1 tacacs This command is used to enable /disable the TACACS function. Syntax tacacs no tacacs no - This command is used to disable the TACACS function. Default Setting Disabled Command Mode Global Config 5.8.5.2 tacacs mode This command is used to enable/select/disable the TACACS server administrative mode Syntax tacacs mode <1-3> {master | slave} no tacacs mode <1-3> <1-3> - The valid value of index is 1, 2, and 3. no - This command is used to disable it.
5.8.5.3 tacacs server-ip This command is used to configure the TACACS server IP address. Syntax tacacs server-ip <1-3> no tacacs server-ip <1-3> - An IP address. <1-3> - The valid value of index is 1, 2, and 3. no - This command is used to remove the TACACS server IP address. Default Setting IP 0.0.0.0 Command Mode Global Config 5.8.5.4 tacacs port This command is used to configure the TACACS server’s service port.
Command Mode Global Config 5.8.5.5 tacacs key This command is used to configure the TACACS server shared secret key. Syntax tacacs key <1-3> no tacacs key <1-3> Note that the length of the secret key is up to 32 characters. <1-3> - The valid value of index is 1, 2, and 3. no - This command is used to remove the TACACS server secret key. Default Setting None Command Mode Global Config 5.8.5.6 tacacs retry This command is used to configure the TACACS packet retransmit times.
Default Setting 5 Command Mode Global Config 5.8.5.7 tacacs timeout This command is used to configure the TACACS request timeout of an instance. Syntax tacacs timeout <1-3> <1-255> no tacacs timeout <1-3> <1-255> - max timeout (Range: 1 to 255). <1-3> - The valid value of index is 1, 2, and 3. no - This command is used to reset the timeout value to the default value. Default Setting 3 Command Mode Global Config 5.8.6 Port Security Configuration Commands 5.8.6.
port-security no port-security Default Setting None Command Mode Global Config, Interface Config 5.8.6.2 port-security max-dynamic This command sets the maximum of dynamically locked MAC addresses allowed on a specific port. Syntax port-security max-dynamic [<0-600>] no port-security max-dynamic no - This command resets the maximum of dynamically locked MAC addresses allowed on a specific port to its default value. Default Setting 600 Command Mode Interface Config 5.8.6.
Syntax port-security max-static [<0-20>] no port-security max-static no - This command resets the maximum number of statically locked MAC addresses allowed on a specific port to its default value. Default Setting 20 Command Mode Interface Config 5.8.6.4 port-security mac-address This command adds a MAC address to the list of statically locked MAC addresses.
5.8.6.5 port-security mac-address move This command converts dynamically locked MAC addresses to statically locked addresses. Syntax port-security mac-address move Default Setting None Command Mode Interface Config 5.9 CDP (Cisco Discovery Protocol) Commands 5.9.1 Show Commands 5.9.1.1 show cdp This command displays the CDP configuration information.
show cdp Default Setting None Command Mode Privileged Exec Display Message CDP Admin Mode: CDP enable or disable CDP Holdtime (sec): The length of time a receiving device should hold the FortiSwitch-100 CDP information before discarding it CDP Transmit Interval (sec): A period of the FortiSwitch-100 to send CDP packet Ports: Port number vs CDP status CDP: CDP enable or disable 5.9.1.2 show cdp neighbors This command displays the CDP neighbor information.
5.9.1.3 show cdp traffic This command displays the CDP traffic counters information. Syntax show cdp traffic Default Setting None Command Mode Privileged Exec Display Message Incoming packet number: Received legal CDP packets number from neighbors. Outgoing packet number: Transmitted CDP packets number from this device. Error packet number: Received illegal CDP packets number from neighbors. 5.9.2 Configuration Commands 5.9.2.1 cdp This command is used to enable CDP Admin Mode.
5.9.2.2 cdp run This command is used to enable CDP on a specified interface. Syntax cdp run no cdp run no - This command is used to disable CDP on a specified interface. Default Setting Enabled Command Mode Interface Config This command is used to enable CDP for all interfaces. Syntax cdp run all no cdp run all all - All interfaces. no - This command is used to disable CDP for all interfaces.
5.9.2.3 cdp timer This command is used to configure an interval time (seconds) of the sending CDP packet. Syntax cdp timer <5-254> no cdp timer <5-254> - interval time (Range: 5 – 254). no - This command is used to reset the interval time to the default value. Default Setting 60 Command Mode Global Config 5.9.2.4 cdp holdtime This command is used to configure the hold time (seconds) of CDP. Syntax cdp holdtime <10-255> <10-255> - interval time (Range: 10 – 255).
5.10 SNTP (Simple Network Time Protocol) Commands 5.10.1 Show Commands 5.10.1.1 show sntp This command displays the current time and configuration settings for the SNTP client, and indicates whether the local time has been properly updated. Syntax show sntp Default Setting None Command Mode Privileged Exec Display Message Last Update Time Time of last clock update. Last Unicast Attempt Time Time of last transmit query (in unicast mode).
Command Mode Privileged Exec Display Message Client Supported Modes Supported SNTP Modes (Broadcast, Unicast, or Multicast). SNTP Version The highest SNTP version the client supports. Port SNTP Client Port Client Mode: Configured SNTP Client Mode. Unicast Poll Interval Poll interval value for SNTP clients in seconds as a power of two. Poll Timeout (Seconds) Poll timeout value in seconds for SNTP clients. Poll Retry Poll retry value for SNTP clients.
5.10.2 Configuration Commands 5.10.2.1 sntp broadcast client poll-interval This command will set the poll interval for SNTP broadcast clients in seconds as a power of two where can be a value from 6 to 16. Syntax sntp broadcast client poll-interval <6-10> no sntp broadcast client poll-interval <6-10> - The range is 6 to 16. no - This command will reset the poll interval for SNTP broadcast client back to its default value. Default Setting 6 Command Mode Global Config 5.10.2.
Default Setting None Command Mode Global Config 5.10.2.3 sntp client port This command will set the SNTP client port id and polling interval in seconds. Syntax sntp client port [<6-10>] no sntp client port - SNTP client port id. <6-10> - Polling interval. It's 2^(value) seconds where value is 6 to 10. no - Resets the SNTP client port id. Default Setting The default portid is 123. Command Mode Global Config 5.10.2.
no sntp unicast client poll-interval <6-10> - Polling interval. It's 2^(value) seconds where value is 6 to 10. no - This command will reset the poll interval for SNTP unicast clients to its default value. Default Setting The default value is 6. Command Mode Global Config 5.10.2.5 sntp unicast client poll-timeout This command will set the poll timeout for SNTP unicast clients in seconds.
Syntax sntp unicast client poll-retry no sntp unicast client poll-retry < poll-retry> - Polling retry in seconds. The range is 0 to 10. no - This command will reset the poll retry for SNTP unicast clients to its default value. Default Setting The default value is 1. Command Mode Global Config 5.10.2.7 sntp server This command configures an SNTP server (with a maximum of three) where the server address can be an ip address or a domain name and the address type either ipv4 or dns.
Command Mode Global Config 5.10.2.8 sntp clock timezone This command sets the time zone for the switch’s internal clock. Syntax sntp clock timezone <0-12> <0-59> {before-utc | after-utc} - Name of the time zone, usually an acronym. (Range: 1-15 characters) <0-12> - Number of hours before/after UTC. (Range: 0-12 hours) <0-59> - Number of minutes before/after UTC. (Range: 0-59 minutes) before-utc - Sets the local time zone before (east) of UTC.
Syntax clear arp Default Setting None Command Mode Privileged Exec 5.11.1.2 clear traplog This command clears the trap log. Syntax clear traplog Default Setting None Command Mode Privileged Exec 5.11.1.3 clear eventlog This command is used to clear the event log, which contains error messages from the system.
Command Mode Privileged Exec 5.11.1.4 clear logging buffered This command is used to clear the message log maintained by the switch. The message log contains system trace information. Syntax clear logging buffered Default Setting None Command Mode Privileged Exec 5.11.1.5 clear config This command resets the configuration to the factory defaults without powering off the switch. The switch is automatically reset when this command is processed. You are prompted to confirm that the reset should proceed.
5.11.1.6 clear pass This command resets all user passwords to the factory defaults without powering off the switch. You are prompted to confirm that the password reset should proceed. Syntax clear pass Default Setting None Command Mode Privileged Exec 5.11.1.7 clear counters This command clears the stats for a specified or for all the ports or for the entire switch based upon the argument. Syntax clear counters [ | all] - is the desired interface number.
Syntax clear dns counter Default Setting None Command Mode Privileged Exec 5.11.1.9 clear dns cache This command clears all entries from the DNS cache. Syntax clear dns cache Default Setting None Command Mode Privileged Exec 5.11.1.10 clear cdp This command is used to clear the CDP neighbors information and the CDP packet counters. Syntax clear cdp [traffic] traffic - this command is used to clear the CDP packet counters.
Default Setting None Command Mode Privileged Exec 5.11.1.11 clear vlan This command resets VLAN configuration parameters to the factory defaults. Syntax clear vlan Default Setting None Command Mode Privileged Exec 5.11.1.12 enable passwd This command changes Privileged EXEC password. Syntax enable passwd Default Setting None Command Mode Global Config.
5.11.1.13 clear igmp snooping This command clears the tables managed by the IGMP Snooping function and will attempt to delete these entries from the Multicast Forwarding Database. Syntax clear igmp snooping Default Setting None Command Mode Privileged Exec 5.11.1.14 clear port-channel This command clears all port-channels (LAGs). Syntax clear port-channel Default Setting None Command Mode Privileged Exec 5.11.1.15 clear ip filter This command is used to clear all ip filter entries.
clear ip filter Default Setting None Command Mode Privileged Exec 5.11.1.16 clear dot1x statistics This command resets the 802.1x statistics for the specified port or for all ports. Syntax clear dot1x statistics {all | } - is the desired interface number. all - All interfaces. Default Setting None Command Mode Privileged Exec 5.11.1.17 clear radius statistics This command is used to clear all RADIUS statistics.
None Command Mode Privileged Exec 5.11.1.18 clear tacacs This command is used to clear TACACS configuration. Syntax clear tacacs Default Setting None Command Mode Privileged Exec 5.11.2 copy This command uploads and downloads to/from the switch. Local URLs can be specified using tftp or xmodem. The following can be specified as the source file for uploading from the switch: startup config (startup-config), event log (eventlog), message log (msglog) and trap log (traplog).
copy startup-config copy {errorlog | log | traplog} copy script where ={xmodem | tftp://ipaddr/path/file} - The filename of a configuration file or a script file. - xmodem or tftp://ipaddr/path/file. errorlog - event Log file. log - message Log file. traplog - trap Log file.
sslpem-root - Secure Root PEM file. sslpem-server - Secure Server PEM file. sslpem-dhweak - Secure DH Weak PEM file. sslpem-dhstrong - Secure DH Strong PEM file. Default Setting None Command Mode Privileged Exec Write running configuration file into flash Syntax copy running-config startup-config [filename] [filename] – name of the configuration file.
no clibanner - xmodem or tftp://ipaddr/path/file. no - Delete CLI banner. Default Setting None Command Mode Privileged Exec 5.11.3 delete This command is used to delete a configuration or image file. Syntax delete - name of the configuration or image file. Default Setting None Command Mode Privileged Exec 5.11.4 dir This command is used to display a list of files in Flash memory.
- name of the configuration or image file. boot-rom - bootrom. config - configuration file. opcode - run time operation code. Default Setting None Command Mode Privileged Exec Display Message Column Headin g date file name file type startup size Description The date that the file was created. The name of the file. File types: Boot-Rom, Operation Code, and Config file. Shows if this file is used when the system is started. The length of the file in bytes. 5.11.
5.11.6 boot-system This command is used to specify the file or image used to start up the system. Syntax boot-system {boot-rom | config | opcode} - name of the configuration or image file. boot-rom - bootrom. config - configuration file. opcode - run time operation code. Default Setting None Command Mode Privileged Exec 5.11.7 ping This command checks if another computer is on the network and listens for connections.
Privileged Exec Ping on changing parameter value Syntax ping count <0-20000000> [size <32-512>] ping size <32-512> [count <0-20000000>] - an IP address. <0-20000000> - number of pings (Range: 0 - 20000000). Note that 0 means infinite. - packet size (Range: 32 - 512). Default Setting Count = 5 Size = 32 Command Mode Privileged Exec 5.11.
<1-255> - The maximum time to live used in outgoing probe packets. Default Setting None Command Mode Privileged Exec 5.11.9 logging cli-command This command enables the CLI command Logging feature. The Command Logging component enables the switch to log all Command Line Interface (CLI) commands issued on the system. Syntax logging cli-command Default Setting None Command Mode Global Config 5.11.10 calendar set This command is used to set the system clock.
<2000-2099> - Year (4-digit). (Range: 2000 - 2099). Default Setting None Command Mode Privileged Exec 5.11.11 reload This command resets the switch without powering it off. Reset means that all network connections are terminated and the boot code executes. The switch uses the stored configuration to initialize the switch. You are prompted to confirm that the reset should proceed. A successful reset is indicated by the LEDs on the switch.
5.11.13 disconnect This command is used to close a telnet session. Syntax disconnect {<0-10> | all} <0-11> - telnet session ID. all - all telnet sessions. Default Setting None Command Mode Privileged Exec 5.11.14 hostname This command is used to set the prompt string. Syntax hostname < prompt_string > - Prompt string.
5.11.15 quit This command is used to exit a CLI session. Syntax quit Default Setting None Command Mode Privileged Exec 5.12 Differentiated Service Command Note: This Switching Command function can only be used on the QoS software version. This chapter contains the CLI commands used for the QOS Differentiated Services (DiffServ) package. The user configures DiffServ in several stages by specifying: 1.
Note that the type of class - all, any, or acl - has a bearing on the validity of match criteria specified when defining the class. A class type of 'any' processes its match rules in an ordered sequence; additional rules specified for such a class simply extend this list. A class type of ‘acl’ obtains its rule list by interpreting each ACL rule definition at the time the Diffserv class is created.
Syntax Diffserv Command Mode Global Config 5.12.1.2 no diffserv This command sets the DiffServ operational mode to inactive. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, Diffserv services are activated. Syntax no diffserv Command Mode Global Config 5.12.
5.12.2.1 class-map This command defines a new DiffServ class of type match-all, match-any or match-access-group. Syntax class-map [ match-all ] is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the class. Note: The class name 'default' is reserved and must not be used here. When used without any match condition, this command enters the class-map mode. The is the name of an existing DiffServ class.
is the name of an existing DiffServ class. Note: The class name 'default' is reserved and is not allowed here. This command may be issued at any time; if the class is currently referenced by one or more policies or by any other class, this deletion attempt shall fail. Command Mode Global Config 5.12.2.3 class-map rename This command changes the name of a DiffServ class.
Command Mode Class-Map Config 5.12.2.5 match class-map This command adds to the specified class definition the set of match conditions defined for another class. Syntax match class-map is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition. Note: There is no [not] option for this match command.
no match class-map is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition. Note: There is no [not] option for this match command. Default None Command Mode Class-Map Config 5.12.2.7 match dstip This command adds to the specified class definition a match condition based on the destination IP address of a packet. Syntax match dstip specifies an IP address.
echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, www. Each of these translates into its equivalent port number, which is used as both the start and end of a port range. To specify the match condition using a numeric notation, one layer 4 port number is required. The port number is an integer from 0 to 65535. To specify the match condition using a numeric range notation, two layer 4 port numbers are required and together they specify a contiguous port range.
5.12.2.10 match ip precedence This command adds to the specified class definition a match condition based on the value of the IP Precedence field in a packet, which is defined as the high-order three bits of the Service Type octet in the IP header (the low-order five bits are not checked). The precedence value is an integer from 0 to 7.
Note: In essence, this the “free form” version of the IP DSCP/Precedence/TOS match specification in that the user has complete control of specifying which bits of the IP Service Type field are checked. Default None Command Mode Class-Map Config 5.12.2.12 match protocol This command adds to the specified class definition a match condition based on the value of the IP Protocol field in a packet using a single keyword notation or a numeric value notation.
specifies an IP address. specifies an IP address bit mask; note that although it resembles a standard subnet mask, this bit mask need not be contiguous. Default None Command Mode Class-Map Config 5.12.2.14 match srcl4port This command adds to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword or numeric notation or a numeric range notation.
5.12.3 Policy Commands The 'policy' command set is used in DiffServ to define: Traffic Conditioning Specify traffic conditioning actions (policing, marking, shaping) to apply to traffic classes Service Provisioning Specify bandwidth and queue depth management requirements of service levels (EF, AF, etc.) The policy commands are used to associate a traffic class, which was defined by the class command set, with one or more QoS policy attributes.
5.12.3.2 drop This command specifies that all packets for the associated traffic stream are to be dropped at ingress. Syntax drop Command Mode Policy-Class-Map Config 5.12.3.3 redirect This command specifies that all incoming packets for the associated traffic stream are redirected to a specific egress interface (physical port or port-channel).
5.12.3.4 conform-color This command is used to enable color-aware traffic policing and define the conform-color class maps used. Used in conjunction with the police command where the fields for the conform level (for simple, single-rate, and two-rate policing) are specified. The parameter is the name of an existing Diffserv class map, where different ones must be used for the conform and exceed colors.
Policy-Class-Map Config Policy Type In 5.12.3.6 class This command creates an instance of a class definition within the specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements. Syntax class is the name of an existing DiffServ class. Note that this command causes the specified policy to create a reference to the class definition. Command Mode Policy-Class-Map Config 5.12.3.
mark ip-dscp is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef. Command Mode Policy-Class-Map Config Policy Type In Incompatibilities Mark IP Precedence, Police (all forms) 5.12.3.9 mark ip-precedence This command marks all packets for the associated traffic stream with the specified IP Precedence value.
from 0-7. is required and is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef. , an IP Precedence value is required and is specified as an integer from 0-7.
policy-map rename - Old Policy name. - New policy name. Command Mode Global Config Policy Type In 5.12.4 Service Commands The 'service' command set is used in DiffServ to define: Traffic Conditioning Assign a DiffServ traffic conditioning policy (as specified by the policy commands) to an interface in the incoming direction.
Note: This command effectively enables DiffServ on an interface (in a particular direction). There is no separate interface administrative 'mode' command for DiffServ. Note: This command shall fail if any attributes within the policy definition exceed the capabilities of the interface. Once a policy is successfully attached to an interface, any attempt to change the policy definition such that it would result in a violation of said interface capabilities shall cause the policy change attempt to fail.
• Classes • Policies • Services This information can be displayed in either summary or detailed formats. The status information is only shown when the DiffServ administrative mode is enabled; it is suppressed otherwise. There is also a 'show' command for general DiffServ information that is available at any time. 5.12.5.1 show class-map This command displays all configuration information for the specified class. Syntax show class-map [] is the name of an existing DiffServ class.
Precedence, IP TOS, Protocol Keyword, Reference Class, Source IP Address, Source Layer 4 Port, Source MAC Address, and VLAN. Values This field displays the values of the Match Criteria. Excluded This field indicates whether this Match Criteria is excluded. If the Class Name is not specified, this command displays a list of all defined DiffServ classes. The following fields are displayed: Class Name The name of this class.
Class Rule Table Size Current/Max The current or maximum number of entries (rows) in the Class Rule Table. Policy Table Size Current/Max The current or maximum number of entries (rows) in the Policy Table. Policy Instance Table Size Current/Max The current or maximum number of entries (rows) in the Policy Instance Table. Policy Attribute Table Size Current/Max The current or maximum number of entries (rows) in the Policy Attribute Table.
Mark IP Precedence Denotes the mark/re-mark value used as the IP Precedence for traffic matching this class. This is not displayed if either mark DSCP or policing is in use for the class under this policy. Policing Style This field denotes the style of policing, if any, used simple. Committed Rate (Kbps) This field displays the committed rate, used in simple policing, single-rate policing, and two-rate policing. Committed Burst Size (KB) This field displays the committed burst size, used in simple policing.
Syntax show diffserv service in specifies a valid slot number and port number for the system. The direction parameter indicates the interface direction of interest. Default Setting None Command Mode Privileged EXEC Display Message DiffServ Admin Mode The current setting of the DiffServ administrative mode. An attached policy is only in effect on an interface while DiffServ is in an enabled mode. Interface The slot number and port number of the interface (slot/port).
DiffServ Admin Mode The current setting of the DiffServ administrative mode. An attached policy is only active on an interface while DiffServ is in an enabled mode. The following information is repeated for interface and direction (only those interfaces configured with an attached policy are shown): Interface The slot number and port number of the interface (slot/port). Direction The traffic direction of this interface service. OperStatus The current operational status of this DiffServ service interface.
The following information is repeated for each class instance within this policy: Class Name The name of this class instance. In Offered Octets/Packets A count of the octets/packets offered to this class instance before the defined DiffServ treatment is applied. Only displayed for the 'in' direction. In Discarded Octets/Packets A count of the octets/packets discarded for this class instance for any reason due to DiffServ treatment of the traffic class. Only displayed for the 'in' direction.
Privileged EXEC Display Message The following information is repeated for each interface and direction (only those interfaces configured with an attached policy are shown): Interface The slot number and port number of the interface (slot/port). Operational Status The current operational status of this DiffServ service interface. Policy Name The name of the policy attached to the interface. Note: None of the counters listed here are guaranteed to be supported on all platforms.
5.13 ACL Command 5.13.1 Show Commands 5.13.1.1 show mac access-lists This command displays a MAC access list and all of the rules that are defined for the ACL. The parameter is used to identify a specific MAC ACL to display. Syntax show mac access-list ACL name which uniquely identifies the MAC ACL to display. Default Setting None Command Mode Privileged EXEC Display Message MAC ACL Name The name of the MAC ACL rule.
5.13.1.2 show mac access-lists This command displays a summary of all defined MAC access lists in the system. Syntax show mac access-list Default Setting None Command Mode Privileged EXEC Display Message Current number of all ACLs The number of user-configured rules defined for this ACL. Maximum number of all ACLs The maximum number of ACL rules. MAC ACL Name The name of the MAC ACL rule. Rules The number of rule in this ACL.
Default Setting None Command Mode Privileged EXEC Display Message Current number of ACLs The number of user-configured rules defined for this ACL. Maximum number of ACLs The maximum number of ACL rules. ACL ID The identifier of this ACL. Rule This displays the number identifier for each rule that is defined for the ACL. Action This displays the action associated with each rule. The possible values are Permit or Deny. Match ALL Match all packets or not.
ACL Type This displays ACL type is IP or MAC. ACL ID This displays the ACL ID. Sequence Number This indicates the order of this access list relative to other access lists already assigned to this interface and direction. A lower number indicates higher precedence order. 5.13.2 Configuration Commands 5.13.2.1 mac access-list extended This command creates a MAC Access Control List (ACL) identified by , consisting of classification fields defined for the Layer 2 header of an Ethernet frame.
Syntax mac access-list extended rename - Old name which uniquely identifies the MAC access list. - New name which uniquely identifies the MAC access list. Default Setting None Command Mode Global Config 5.13.2.3 mac access-list This command creates a new rule for the current MAC access list. Each rule is appended to the list of configured rules for the list. Note that an implicit 'deny all' MAC rule always terminates the access list.
Default Setting None Command Mode Mac Access-list Config 5.13.2.4 mac access-group in This command attaches a specific MAC Access Control List (ACL) identified by to an interface in a given direction. The parameter must be the name of an exsiting MAC ACL. An optional sequence number may be specified to indicate the order of this access list relative to other access lists already assigned to this interface and direction. A lower number indicates higher precedence order.
5.13.2.5 access-list This command creates an Access Control List (ACL) that is identified by the parameter. Syntax access-list {( <1-99> {deny | permit} ) | ( {<100-199> {deny | permit} {evry | {{icmp | igmp | ip | tcp | udp | } [{eq { | }}] [{eq { | }}] [precedence ] [tos ] [dscp ]}})} . The ACL number is an integer from 1 to 199.
no access-list {<1-99> | <100-199>} Note: The ACL number is an integer from 1 to 199. The range 1 to 99 is for the normal ACL List and 100 to 199 is for the extended ACL List. Default Setting None Command Mode Global Config 5.13.2.7 ip access-group This command attaches a specified access-control list to an interface. Syntax ip access-group <1- 199> in [<1-4294967295>] <1- 199> The identifier of this ACL. <1-4294967295> The sequence number of this ACL.
support independent per-port class of service mappings. If specified, the 802.1p mapping table of the interface is displayed. If omitted, the most recent global configuration settings are displayed. Syntax show queue cos-map < slot/port > The interface number. Default Setting None Command Mode Privileged EXEC, User EXEC Display Message The following information is repeated for each user priority. User Priority The 802.1p user priority value.
Command Mode Privileged EXEC, User EXEC Display Message The following information is repeated for each user priority. IP Precedence The IP Precedence value. Traffic Class The traffic class internal queue identifier to which the IP Precedence value is mapped. 5.14.1.3 show queue trust This command displays the current trust mode setting for a specific interface. The slot/port parameter is optional and is only valid on platforms that support independent per-port class of service mappings.
5.14.1.4 show queue cos-queue This command displays the class-of-service queue configuration for the specified interface. The slot/port parameter is optional and is only valid on platforms that support independent per-port class of service mappings. If specified, the class-of-service queue configuration of the interface is displayed. If omitted, the most recent global configuration settings are displayed. Syntax show queue cos-queue [] < slot/port > The interface number.
5.14.2 Configuration Commands 5.14.2.1 queue cos-map This command maps an 802.1p priority to an internal traffic class on a "per-port" basis. Syntax queue cos-map <0-7> <0-6> no queue cos-map < 0-7 > - The range of queue priority is 0 to 7. < 0-6 > - The range of mapped traffic class is 0 to 6. no - Reset to the default mapping of the queue priority and the mapped traffic class. Default Setting None Command Mode Interface Config. This command maps an 802.
5.14.2.2 queue ip-precedence-mapping This command maps an IP precedence value to an internal traffic class on a "per-port" basis. Syntax queue ip-precedence-mapping <0-7> <0-6> no queue ip-precedence-mapping < 0-7 > - The range of IP precedence is 0 to 7. < 0-6 > - The range of mapped traffic class is 0 to 6. no - Reset to the default mapping of the IP precedence and the mapped traffic class. Default Setting None Command Mode Interface Config.
None Command Mode Global Config. 5.14.2.3 queue trust This command sets the class of service trust mode of an interface. The mode can be set to trust one of the Dot1p (802.1p), IP Precedence. Syntax queue trust {dot1p | ip-precedence | ip-dscp} no queue trust no - This command sets the interface mode to untrusted. Default Setting None Command Mode Interface Config. This command sets the class of service trust mode for all interfaces. The mode can be set to trust one of the Dot1p (802.
no - This command sets the class of service trust mode to untrusted for all interfaces. Default Setting None Command Mode Global Config. 5.14.2.4 queue cos-queue min-bandwidth This command specifies the minimum transmission bandwidth guarantee for each interface queue. Syntax queue cos-queue min-bandwidth … no queue cos-queue min-bandwidth … - Each Valid range is (0 to 100) in increments of 5 and the total sum is less than or equal to 100.
Syntax queue cos-queue min-bandwidth all … no queue cos-queue min-bandwidth all … - Each Valid range is (0 to 100) in increments of 5 and the total sum is less than or equal to 100. no - This command restores the default for each queue's minimum bandwidth value in the device. Default Setting None Command Mode Global Config. 5.14.2.5 queue cos-queue strict This command activates the strict priority scheduler mode for each specified queue on a "per-port" basis.
Command Mode Interface Config. This command activates the strict priority scheduler mode for each specified queue on a device. Syntax queue cos-queue strict all [ … ] no queue cos-queue strict all [ … ] no - This command restores the default weighted scheduler mode for each specified queue on a device. Default Setting None Command Mode Global Config. 5.14.2.
- Valid range is (0 to 100) in increments 5. no - This command restores the default shaping rate value. Default Setting None Command Mode Interface Config. This command specifies the maximum transmission bandwidth limit for all interfaces. Also known as rate shaping, this has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded.
6 Routing Commands VLAN Routing You can configure the FortiSwitch-100 software with some ports supporting VLANs and some supporting routing. You can also configure the software to allow traffic on a VLAN to be treated as if the VLAN were a router port. When a port is enabled for bridgin g (default) rather than routing, all normal bridge processing is performed for an inbound packet, which is then associated with a VLAN.
Figure 1. VLAN Routing Example Network Diagram Step 1: Create Two VLANs The following code sequence shows an example of creating two VLANs , and next specifies the VLAN ID assigned to untagged frames received on the ports.
Step 2: Set Up VLAN Routing for the VLANs and the Switch. The following code sequence shows how to enable routing for the VLANs: config vlan database vlan routing 10 vlan routing 20 exit # show ip vlan This returns the logical interface IDs that will be used instead of slot/port in subsequent routing commands. Assume that VLAN 10 is assigned ID 3/1 and VLAN 20 is assigned ID 3/2.
6.1 Address Resolution Protocol (ARP) Commands 6.1.1 Show Commands 6.1.1.1 show ip arp This command displays the Address Resolution Protocol (ARP) cache. Syntax show ip arp Default Setting None Command Mode Privileged Exec Display Message Age Time: Is the time it takes for an ARP entry to age out. This value was configured into the unit. Age time is measured in seconds. Response Time: Is the time it takes for an ARP request timeout. This value was configured into the unit.
show ip arp brief Default Setting None Command Mode Privileged Exec Display Message Age Time: Is the time it takes for an ARP entry to age out. This value was configured into the unit. Age time is measured in seconds. Response Time: Is the time it takes for an ARP request timeout. This value was configured into the unit. Response time is measured in seconds. Retries: Is the maximum number of times an ARP request is retried. This value was configured into the unit.
6.1.2 Configuration Commands 6.1.2.1 arp This command creates an ARP entry. The value for is the IP address of a device on a subnet attached to an existing routing interface. The value for is a unicast MAC address for that device. Syntax arp no arp - Is the IP address of a device on a subnet attached to an existing routing interface. - Is a MAC address for that device.
6.1.2.3 arp cachesize This command configures the maximum number of entries in the ARP cache. Syntax arp cachesize <256-1920> no arp cachesize <256-1920> - The range of cache size is 256 to 1920. no - This command configures the default ARP cache size. Default Setting The default cache size is 1920. Command Mode Global Config 6.1.2.4 arp dynamicrenew This command enables ARP component to automatically renew ARP entries of type dynamic when they age out.
- The IP address to be removed from the ARP table. Default Setting None Command Mode Privileged Exec 6.1.2.6 arp resptime This command configures the ARP request response timeout. Syntax arp resptime <1-10> no arp resptime <1-10> - The range of default response time is 1 to 10 seconds. no - This command configures the default response timeout time. Default Setting The default response time is 1. Command Mode Global Config 6.1.2.
6.1.2.8 arp timeout This command configures the ARP entry ageout time. Syntax arp timeout <15-21600> no arp timeout <15-21600> - Represents the IP ARP entry ageout time in seconds. The range is 15 to 21600 seconds. no - This command configures the default ageout time for IP ARP entry. Default Setting The default value is 1200. Command Mode Global Config 6.1.2.9 clear arp-cache This command causes all ARP entries of type dynamic to be removed form the ARP cache.
show ip brief Default Setting None Command Mode Privileged Exec, User Exec Display Message Default Time to Live: The computed TTL (Time to Live) of forwarding a packet from the local router to the final destination. Routing Mode: Show whether the routing mode is enabled or disabled. IP Forwarding Mode: Disable or enable the forwarding of IP frames. Maximum Next Hops: The maximum number of hops supported by this switch. 6.2.1.
Link Speed Data Rate: Is an integer representing the physical link data rate of the specified interface. This is measured in Megabits per second (Mbps). MAC Address: Is the physical address of the specified interface. Encapsulation Type: Is the encapsulation type for the specified interface. IP Mtu: Is the Maximum Transmission Unit size of the IP packet. 6.2.1.3 show ip interface brief This command displays summary information about IP configuration settings for all ports in the router.
Command Mode Privileged Exec Display Message Total Number of Routes: The total number of routes. for each next hop Network Address: Is an IP address identifying the network on the specified interface. Subnet Mask: Is a mask of the network and host portion of the IP address for the router interface. Protocol: Tells which protocol added the specified route. The possibilities are: local, static, OSPF, or RIP Next Hop Intf: The outgoing router interface to use when forwarding traffic to the next destination.
Syntax show ip route entry - Is a valid network address identifying the network on the specified interface. Default Setting None Command Mode Privileged Exec Display Message Network Address: Is a valid network address identifying the network on the specified interface. Subnet Mask: Is a mask of the network and host portion of the IP address for the attached network. Protocol: Tells which protocol added the specified route. The possibilities are: local, static, OSPF, or RIP.
Static: This field displays the static route preference value. OSPF Intra: This field displays the OSPF intra route preference value. OSPF Inter: This field displays the OSPF inter route preference value. OSPF Ext T1: This field displays the OSPF Type-1 route preference value. OSPF Ext T2: This field displays the OSPF Type-2 route preference value. RIP: This field displays the RIP route preference value. 6.2.1.8 show ip traffic This command displays IP statistical information.
6.2.2.2 ip routing This command enables the IP Router Admin Mode for the master switch. Syntax ip routing no ip routing no - Disable the IP Router Admin Mode for the master switch. Default Setting Enabled Command Mode Global Config 6.2.2.3 ip address This command configures an IP address on an interface. The IP address may be a secondary IP address. Syntax ip address [secondary] no ip address [secondary] - IP address of the interface.
Syntax ip route [ [<1-255 >] ] no ip route [ { | <1-255 > } ] - A valid IP address . - A valid subnet mask. - IP address of the next hop router. <1-255> - The precedence value of this route. The range is 1 to 255. no - delete all next hops to a destination static route.
the default precedence does not update the precedence of existing static routes, even if they were assigned the original default precedence. The new default precedence will only be applied to static routes created after invoking the "ip route precedence" command. Syntax ip route precedence <1-255> <1-255> - Default precedence value of static routes. The range is 1 to 255. Default Setting The default precedence value is 1. Command Mode Global Config 6.2.2.
no ip directed-broadcast no - Drop network directed broadcast packets. Default Setting Enabled Command Mode Interface Config 6.2.2.9 ip mtu This command sets the IP Maximum Transmission Unit (MTU) on a routing interface. The IP MTU is the size of the largest IP packet that can be transmitted on the interface without fragmentation. Syntax ip mtu <68-1500> no ip mtu <68-1500> <68-1500> - The IP MTU on a routing interface. The range is 68 to 1500. no - Reset the ip mtu to the default value.
The default value is ethernet. Command Mode Interface Config Restrictions Routed frames are always Ethernet encapsulated when a frame is routed to a VLAN. 6.3 Open Shortest Path First (OSPF) Commands 6.3.1 Show Commands 6.3.1.1 show ip ospf This command displays information relevant to the OSPF router Syntax show ip ospf Default Setting None Command Mode Privileged Exec Display Messages Router ID Is a 32 bit integer in dotted decimal format identifying the router.
External LSA Checksum A number which represents the sum of the LS checksums of external link-state advertisements contained in the link-state database. New LSAs Originated The number of new link-state advertisements that have been originated. LSAs Received The number of link-state advertisements received determined to be new instantiations. External LSDB Limit The maximum number of non-default AS-external-LSAs entries that can be stored in the link-state database.
Syntax show ip ospf database Default Setting None Command Mode Privileged Exec, User Exec Display Messages Router ID Is a 32 bit dotted decimal number representing the LSDB interface. Area ID Is the IP address identifying the router ID. LSA Type The types are: router, network, ipnet sum, asbr sum, as external, group member, tmp 1, tmp 2, opaque link, opaque area. LS ID Is a number that "uniquely identifies an LSA that a router originates from all other self originated LSA's of the same LS type.
Router Priority A number representing the OSPF Priority for the specified interface. This is a configured value. Retransmit Interval A number representing the OSPF Retransmit Interval for the specified interface. This is a configured value. Hello Interval A number representing the OSPF Hello Interval for the specified interface. This is a configured value. Dead Interval A number representing the OSPF Dead Interval for the specified interface. This is a configured value.
6.3.1.6 show ip ospf interface stats This command displays the statistics for a specific interface. Syntax show ip ospf interface stats - Interface number. Default Setting None Command Mode Privileged Exec, User Exec Display Messages OSPF Area ID The area id of this OSPF interface. Spf Runs The number of times that the intra-area route table has been calculated using this area's link-state database.
- IP address of the neighbor. - Interface number. Default Setting None Command Mode Privileged Exec, User Exec Display Messages Interface Is the interface number. Router Id Is a 4-digit dotted-decimal number identifying neighbor router. Options An integer value that indicates the optional OSPF capabilities supported by the neighbor. The neighbor's optional OSPF capabilities are also listed in its Hello packets. This enables received Hello Packets to be rejected (i.e.
Syntax show ip ospf neighbor brief { | all} Default Setting None Command Mode Privileged Exec, User Exec Display Messages Router ID A 4 digit dotted decimal number representing the neighbor interface. IP Address An IP address representing the neighbor interface. Neighbor Interface Index Is a slot/port identifying the neighbor interface index. State The types are: Down- initial state of the neighbor conversation - no recent information has been received from the neighbor.
Command Mode Privileged Exec, User Exec Display Messages Area ID The area id of the requested OSPF area. IP Address An IP Address which represents this area range. Subnet Mask A valid subnet mask for this area range. Lsdb Type The type of link advertisement associated with this area range. Advertisement The status of the advertisement. Advertisement has two possible settings: enabled or disabled. 6.3.1.10 show ip ospf stub table This command displays the OSPF stub table.
Syntax show ip ospf virtual-link - Area ID. - Neighbor's router ID. Default Setting None Command Mode Privileged Exec, User Exec Display Messages Area ID The area id of the requested OSPF area. Neighbor Router ID The input neighbor Router ID. Hello Interval The configured hello interval for the OSPF virtual interface. Dead Interval The configured dead interval for the OSPF virtual interface.
Neighbor Is the neighbor interface of the OSPF virtual interface. Hello Interval Is the configured hello interval for the OSPF virtual interface. Dead Interval Is the configured dead interval for the OSPF virtual interface. Retransmit Interval Is the configured retransmit interval for the OSPF virtual interface. Transit Delay Is the configured transit delay for the OSPF virtual interface. 6.3.2 Configuration Commands 6.3.2.
None Command Mode Router OSPF Config 6.3.2.3 ip ospf This command enables OSPF on a router interface. Syntax ip ospf no ip ospf - This command disables OSPF on a router interface. Default Setting Disabled Command Mode Interface Config 6.3.2.4 1583compatibility This command enables OSPF 1583 compatibility. Note that if all OSPF routers in the routing domain are capable of operating according to RFC 2328, OSPF 1583 compatibility mode should be disabled.
Router OSPF Config 6.3.2.5 area default-cost This command configures the monetary default cost for the stub area. Syntax area default-cost <1-16777215> - Area ID <1-16777215> - The default cost value. The range is 1 to 16777215. Default Setting None Command Mode Router OSPF Config 6.3.2.6 area nssa This command configures the specified areaid to function as an NSSA. Syntax area nssa no area nssa - Area ID.
6.3.2.7 area nssa default-info-originate This command configures the metric value and type for the default route advertised into the NSSA. Syntax area nssa default-info-originate [<1-16777215>] [{comparable | non-comparable}] - Area ID. <1-16777215> - The metric of the default route. The range is 1 to 16777215. comparable - It's NSSA-External 1. non-comparable - It's NSSA-External 2. Default Setting None Command Mode Router OSPF Config 6.3.2.
6.3.2.9 area nssa no-summary This command configures the NSSA so that summary LSAs are not advertised into the NSSA Syntax area nssa no- summary - Area ID. Default Setting None Command Mode Router OSPF Config 6.3.2.10 area nssa translator-role This command configures the translator role of the NSSA. Syntax area nssa translator-role {always | candidate} - Area ID.
6.3.2.11 area nssa translator-stab-intv This command configures the translator stability interval of the NSSA. The is the period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router. Syntax area nssa translator-stab-intv <0-3600> - Area ID. <0-3600> - The range is 0 to 3600. Default Setting None Command Mode Router OSPF Config 6.3.2.
Router OSPF Config 6.3.2.13 area stub This command creates a stub area for the specified area ID. A stub area is characterized by the fact that AS External LSAs are not propagated into the area. Removing AS External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area. Syntax area stub no area stub - Area ID. - This command deletes a stub area for the specified area ID.
Disabled Command Mode Router OSPF Config 6.3.2.15 area virtual-link authentication This command configures the authentication type and key for the OSPF virtual interface identified by and . Syntax area virtual-link authentication [{none | {simple } | {encrypt <0-255>}}] no area virtual-link authentication - Area ID. - Router ID of the neighbor. none - No authentication.
Syntax area virtual-link dead-interval <1-65535> no area virtual-link dead-interval - Area ID. - Router ID of the neighbor. <1-65535> - The range of the dead interval is 1 to 65535. - This command deletes the OSPF virtual interface from the given interface, identified by and . Default Setting The default value of dead interval is 40 seconds. Command Mode Router OSPF Config 6.3.2.
6.3.2.18 area virtual-link retransmit-interval This command configures the retransmit interval for the OSPF virtual interface on the interface identified by and . Syntax area virtual-link retransmit-interval <0-3600> no area virtual-link retransmit-interval - Area ID. - Router ID of the neighbor. <0-3600> - The range of the retransmit interval is 0 to 3600.
The default value of hello interval is 1 second. Command Mode Router OSPF Config 6.3.2.20 default-information originate This command is used to control the advertisement of default routes. Syntax default-information originate [always] [metric <1-16777215>] [metric-type {1 | 2}] no default-information originate [metric] [metric-type] [always] - Sets the router advertise 0.0.0.0/0.0.0.0. metric - The range of the metric is 1 to 16777215. metric type - The value of metric type is type 1 or type 2.
<1-16777215> - The range of default metric is 1 to 16777215. - This command configures the default advertisement of default routes. Default Setting None Command Mode Router OSPF Config 6.3.2.22 distance ospf This command sets the route preference value of OSPF in the router. Lower route preference values are preferred when determining the best route. The type of OSPF can be intra, inter, type-1, or type-2.
Syntax distribute-list <1-199> out {rip | static | connected} no distribute-list <1-199> out {rip | static | connected} <1-199> - The range of default list id is 1 to 199. - This command is used to specify the access list to filter routes received from the source protocol. Default Setting None Command Mode Router OSPF Config 6.3.2.24 exit-overflow-interval This command configures the exit overflow interval for OSPF.
6.3.2.25 external-lsdb-limit This command configures the external LSDB limit for OSPF. If the value is -1, then there is no limit. When the number of non-default AS-external-LSAs in a router's link-state database reaches the external LSDB limit, the router enters overflow state. The router never holds more than the external LSDB limit non-default AS-external-LSAs in it database. The external LSDB limit MUST be set identically in all routers attached to the OSPF backbone and/or any regular OSPF area.
Default Setting None Command Mode Interface Config 6.3.2.27 ip ospf authentication This command sets the OSPF Authentication Type and Key for the specified interface. The value of is either none, simple or encrypt. If the type is encrypt a in the range of 0 and 255 must be specified.
Syntax ip ospf cost <1-65535> no ip ospf cost < 1-65535 > - The range of the cost is 1 to 65535. - This command configures the default cost on an OSPF interface. Default Setting The default cost value is 10. Command Mode Interface Config 6.3.2.29 ip ospf dead-interval This command sets the OSPF dead interval for the specified interface.
6.3.2.30 ip ospf hello -interval This command sets the OSPF hello interval for the specified interface. Syntax ip ospf hello-interval <1-65535> no ip ospf hello-interval < 1-65535 > - Is a valid positive integer, which represents the length of time in seconds. The value for the length of time must be the same for all routers attached to a network. - This command sets the default OSPF hello interval for the specified interface. Default Setting The default hello interval is 10 seconds.
Interface Config 6.3.2.32 ip ospf retransmit-interval This command sets the OSPF retransmit Interval for the specified interface. The retransmit interval is specified in seconds. Syntax ip ospf retransmit-interval <0-3600> no ip ospf retransmit-interval < 0-3600 > - The value is the number of seconds between link-state advertisement retransmissions for adjacencies belonging to this router interface. This value is also used when retransmitting database and link-state request packets.
< 1-3600 > - The range of transmit delay is 1 to 3600. - This command sets the default OSPF Transit Delay for the specified interface. Default Setting The default transmit delay is 1 second. Command Mode Interface Config 6.3.2.34 ip ospf mtu-ignore This command disables OSPF maximum transmission unit (MTU) mismatch detection. OSPF Database Description packets specify the size of the largest IP packet that can be sent without fragmentation on the interface.
6.3.2.35 router-id This command sets a 4-digit dotted-decimal number uniquely identifying the router ospf id. Syntax router-id < ipaddress > - IP Address. Default Setting None. Command Mode Router OSPF Config 6.3.2.36 redistribute This command configures OSPF protocol to redistribute routes from the specified source protocol/routers.
6.3.2.37 maximum-paths This command sets the number of paths that OSPF can report for a given destination where is platform dependent. Syntax maximum-paths <1-1> no maximum-paths < 1-1 > - The maximum number of paths that OSPF can report for a given destination. The range of the value is 1 to 1. Default Setting The default value is 1. Command Mode Router OSPF Config. 6.4 Bootp/DHCP Relay Commands 6.4.1 show bootpdhcprelay This command displays the BootP/DHCP Relay information.
Maximum Hop Count: Is the maximum allowable relay agent hops. Minimum Wait Time (Seconds) Is the minimum wait time. Admin Mode Represents whether relaying of requests is enabled or disabled. Server IP Address Is the IP Address for the BootP/DHCP Relay server. Circuit Id Option Mode Is the DHCP circuit Id option which may be enabled or disabled. Requests Received Is the number of requests received. Requests Relayed Is the number of requests relayed. Packets Discarded Is the number of packets discarded. 6.4.
6.4.4 bootpdhcprelay maxhopcount This command configures the maximum allowable relay agent hops for BootP/DHCP Relay on the system. Syntax bootpdhcprelay maxhopcount <1-16> no bootpdhcprelay maxhopcount - The range of maximum hop count is 1 to 16. no - Set the maximum hop count to 4. Default Setting The default value is 4. Command Mode Global Config 6.4.5 bootpdhcprelay minwaittime This command configures the minimum wait time in seconds for BootP/DHCP Relay on the system.
6.4.6 bootpdhcprelay serverip This command configures the server IP Address for BootP/DHCP Relay on the system. Syntax bootpdhcprelay serverip no bootpdhcprelay serverip - The IP address of the BootP/DHCP server. no - Clear the IP address of the BootP/DHCP server. Default Setting None Command Mode Global Config 6.4.7 ip dhcp restart Submit a BootP or DHCP client request. Syntax ip dhcp restart Default Setting None Command Mode Global Config 6.4.
- A text string which length is 1 to 15. - A hex string which format is XX:XX:XX:XX:XX:XX (X is 0-9, A-F). Default Setting The default value for client-identifier is a text string "fortinet". Command Mode Global Config 6.5 Domain Name Server Relay Commands 6.5.1 Show Commands 6.5.1.1 show hosts This command displays the static host name-to-address mapping table. Syntax show hosts Default Setting None Command Mode Privileged Exec Display Message Domain Name List: Domain Name.
show dns Default Setting None Command Mode Privileged Exec Display Message Domain Lookup Status: Enable or disable the IP Domain Naming System (DNS)-based host name-to-address translation function. Default Domain Name: The default domain name that will be used for querying the IP address of a host. Domain Name List: A list of domain names that will be used for querying the IP address of a host. Name Server List: A list of domain name servers. Request: Number of the DNS query packets been sent.
6.5.2 Configuration Commands 6.5.2.1 ip hosts This command creates a static entry in the DNS table that maps a host name to an IP address. Syntax ip host no ip host - Host name. - IP address of the host. - Remove the corresponding name to IP address mapping entry. Default Setting None Command Mode Privileged Exec 6.5.2.2 clear hosts This command clears the entire static host name-to-address mapping table.
Command Mode Privileged Exec 6.5.2.3 ip domain-name This command defines the default domain name to be appended to incomplete host names (i.e., host names passed from a client are not formatted with dotted notation). Syntax ip domain-name no ip domain-name - Default domain name used to complete unqualified host names. Do not include the initial period that separates an unqualified name from the domain name. (Range: 1-64 characters) Default Setting None Command Mode Privileged Exec 6.
Default Setting None Command Mode Privileged Exec 6.5.2.5 ip name-server This command specifies the address of one or more domain name servers to use for name-to-address resolution. There are maximum 6 entries in the Domain Name Server Table. Syntax ip name-server no ip name-server < ipaddr > - IP address of the Domain Name Servers. - Remove the corresponding Domain Name Server entry from the table.
- This command disables the IP Domain Naming System (DNS)-based host name-to-address translation. Default Setting None Command Mode Privileged Exec 6.5.2.7 clear domain-list This command clears all entries in the domain name list table. Syntax clear domain-list Default Setting None Command Mode Privileged Exec 6.5.2.8 clear dns This command sets the DNS configuration to default value.
Default Setting None Command Mode Privileged Exec 6.5.2.9 clear dns cache This command clears all entries in the DNS cache table. Syntax clear dns cache Default Setting None Command Mode Privileged Exec 6.5.2.10 clear dns counter This command clears the statistics of all entries in the DNS cache table.
6.6 Routing Information Protocol (RIP) Commands 6.6.1 Show Commands 6.6.1.1 show ip rip This command displays information relevant to the RIP router. Syntax show ip rip Default Setting None Command Mode Privileged Exec Display Message RIP Admin Mode: Select enable or disable from the pulldown menu. If you select enable RIP will be enabled for the switch. The default is disabled. Split Horizon Mode: Select none, simple or poison reverse from the pulldown menu.
6.6.1.2 show ip rip interface This command displays information related to a particular RIP interface. Syntax show ip rip interface < slot/port > - Interface number Default Setting None Command Mode Privileged Exec Display Message Interface: Valid slot and port number separated by a forward slash. This is a configured value. IP Address: The IP source address used by the specified RIP interface. This is a configured value.
Syntax show ip rip interface brief Default Setting None Command Mode Privileged Exec Display Message Interfacet: Valid slot and port number separated by a forward slash. IP Address: The IP source address used by the specified RIP interface. Send Version: The RIP version(s) used when sending updates on the specified interface. The types are none, RIP-1, RIP-1c, RIP-2. Receive Version: The RIP version(s) allowed when receiving updates from the specified interface.
6.6.2.2 ip rip This command enables RIP on a router interface. Syntax Ip rip no ip rip no - This command disables RIP on a router interface. Default Setting Disabled Command Mode Interface Config 6.6.2.3 auto-summary This command enables the RIP auto-summarization mode. Syntax auto-summary no auto-summary no - This command disables the RIP auto-summarization mode.
6.6.2.4 default-information originate This command is used to set the advertisement of default routes. Syntax default-information originate no default-information originate no - This command is used to cancel the advertisement of default routes. Default Setting Not configured Command Mode Router RIP Config 6.6.2.5 default-metric This command is used to set a default for the metric of distributed routes. Syntax default-metric <1-15> no default-metric <1 - 15> - a value for default-metric.
6.6.2.6 distance rip This command sets the route preference value of RIP in the router. Lower route preference values are preferred when determining the best route. Syntax distance rip <1-255> no distance rip <1 - 255> - the value for distance. no - This command sets the default route preference value of RIP in the router. Default Setting 15 Command Mode Router RIP Config 6.6.2.7 hostrouteaccept This command enables the RIP hostroutesaccept mode.
6.6.2.8 split-horizon This command sets the RIP split horizon mode. None mode will not use RIP split horizon mode. Simple mode will be that a route is not advertised on the interface over which it is learned. Poison mode will be that routes learned over this interface should be re-advertised on the interface with a metric of infinity (16). Syntax split-horizon {none | simple | poison} no split-horizon none - This command sets without using RIP split horizon mode.
0 Command Mode Router RIP Config 6.6.2.10 redistribute This command configures RIP protocol to redistribute routes from the specified source protocol/routers. There are five possible match options. When you submit the command redistribute ospf match the match-type or types specified are added to any match types presently being redistributed. Internal routes are redistributed by default. Source protocols have OSPF, Static, and Connetced.
The value for authentication key [key] must be 16 bytes or less. The [key] is composed of standard displayable, non-control keystrokes from a Standard 101/102-key keyboard. If the value of is encrypt, a keyid in the range of 0 and 255 must be specified. Syntax ip rip authentication {none | {simple } | {encrypt }} no ip rip authentication none - This command uses no authentication. simple - This command uses simple authentication for RIP authentication .
Default Setting Both Command Mode Interface Config 6.6.2.13 ip rip send version This command configures the interface to allow RIP control packets of the specified version to be sent. The value for is one of: rip1 to broadcast RIP version 1 formatted packets, rip1c (RIP version 1 compatibility mode) which sends RIP version 2 formatted packets via broadcast, rip2 for sending RIP version 2 using multicast, or none to not allow any RIP control packets to be sent.
show ip irdp {slot/port | all} - Show router discovery information for the specified interface. - Show router discovery information for all interfaces. Default Setting None Command Mode Privileged Exec, User Exec Display Message Ad Mode Displays the advertise mode which indicates whether router discovery is enabled or disabled on this interface. Advertise Address: Addresses to be used to advertise the router for the interface.
6.7.3 ip irdp broadcast This command configures the address to be used to advertise the router for the interface. Syntax ip irdp broadcast no ip irdp broadcast broadcast - The address used is 255.255.255.255. no - The address used is 224.0.0.1. Default Setting The default address is 224.0.0.1 Command Mode Interface Config 6.7.4 ip irdp holdtime This commands configures the value, in seconds, of the holdtime field of the router advertisement sent from this interface.
6.7.5 ip irdp maxadvertinterval This commands configures the maximum time, in seconds, allowed between sending router advertisements from the interface. Syntax ip irdp maxadvertinterval < minadvertinterval-1800 > no ip irdp maxadvertinterval < minadvertinterval-1800 > - The range is 4 to 1800 seconds. no - This command configures the default maximum time, in seconds. Default Setting The default value is 600. Command Mode Global Config 6.7.
6.7.7 ip irdp preference This command configures the preferability of the address as a default router address, relative to other router addresses on the same subnet. Syntax ip irdp preference < -2147483648-2147483647> no ip irdp preference < -2147483648-2147483647> - The range is -2147483648 to 2147483647. no - This command sets the preference to 0. Default Setting The default value is 0. Command Mode Global Config 6.8 VLAN Routing Commands 6.8.
Logical Interface Indicates the logical slot/port associated with the VLAN routing interface. IP Address Displays the IP Address associated with this VLAN. Subnet Mask Indicates the subnet mask that is associated with this VLAN. . 6.8.2 vlan routing This command creates routing on a VLAN. Syntax vlan routing no vlan routing - The range is 1 to 3965. no - Delete routing on a VLAN. Default Setting None Command Mode VLAN Database 6.
None Command Mode Privileged Exec, User Exec Display Message Admin Mode Displays the administrative mode for VRRP functionality on the switch. Router Checksum Errors Represents the total number of VRRP packets received with an invalid VRRP checksum value. Router Version Errors Represents the total number of VRRP packets received with Unknown or unsupported version number. Router VRID Errors Represents the total number of VRRP packets received with invalid VRID for this virtual router. 6.9.1.
- Virtual router ID. Default Setting None Command Mode Privileged Exec, User Exec Display Message VRID Represents the router ID of the virtual router. Primary IP Address This field represents the configured IP Address for the Virtual router. VMAC address Represents the VMAC address of the specified router. Authentication type Represents the authentication type for the specific virtual router. Priority Represents the priority value for the specific virtual router.
Authentication Failure Represents the total number of VRRP packets received that don't pass the authentication check. IP TTL errors Represents the total number of VRRP packets received by the virtual router with IP TTL (time to live) not equal to 255. Zero Priority Packets Received Represents the total number of VRRP packets received by virtual router with a priority of '0'.
ip vrrp <1-255> no ip vrrp <1-255> <1-255> - The range of virtual router ID is 1 to 255. - This command removes all VRRP configuration details of the virtual router configured on a specific interface. Default Setting None Command Mode Interface Config 6.9.2.2 ip vrrp ip This commands also designates the configured virtual router IP address as a secondary IP address on an interface.
Syntax ip vrrp <1-255> mode no ip vrrp <1-255> mode <1-255> - The range of virtual router ID is 1 to 255. - Disable the virtual router configured on the specified interface. Disabling the status field stops a virtual router. Default Setting Disabled Command Mode Interface Config 6.9.2.4 ip vrrp authentication This command sets the authorization details value for the virtual router configured on a specified interface.
Syntax ip vrrp <1-255> preempt no ip vrrp <1-255> preempt <1-255> - The range of virtual router ID is 1 to 255. - This command sets the default preemption mode value for the virtual router configured on a specified interface. Default Setting Enabled Command Mode Interface Config 6.9.2.6 ip vrrp priority This command sets the priority value for the virtual router configured on a specified interface.
Syntax ip vrrp <1-255> timers advertise <1-255> ip vrrp <1-255> timers advertise <1-255> - The range of virtual router ID is 1 to 255. < 1-255 > - The range of advertisement interval is 1 to 255. - This command sets the default advertisement value for a virtual router. . Default Setting The default value of advertisement interval is 1.
7 IP Multicast Commands 7.1 Distance Vector Multicast Routing Protocol (DVMRP) Commands This section provides a detailed explanation of the DVMRP commands. The commands are divided into the following different groups: Show commands are used to display device settings, statistics and other information. Configuration commands are used to configure features and options of the switch. For every configuration command there is a show command that will display the configuration setting. 7.1.1 Show Commands 7.1.1.
7.1.1.2 show ip dvmrp interface This command displays the interface information for DVMRP on the specified interface. Syntax show ip dvmrp interface - Valid slot and port number separated by a forward slash. Default Setting None Command Mode Privileged Exec User EXEC Display Message Interface Mode This field indicates whether DVMRP is enabled or disabled on the specified interface. This is a configured value. Interface Metric This field indicates the metric of this interface.
Nbr IP Addr This field indicates the IP Address of the DVMRP neighbor for which this entry contains information. State This field displays the state of the neighboring router. The possible value for this field are ACTIVE or DOWN. Up Time This field indicates the time since this neighboring router was learned. Expiry Time This field indicates the time remaining for the neighbor to age out. This field is not applicable if the State is DOWN. Generation ID This is the Generation ID value for the neighbor.
Default Setting None Command Mode Privileged Exec User EXEC Display Message Group IP This field identifies the multicast Address that is pruned. Source IP This field displays the IP Address of the source that has pruned. Source Mask This field displays the network Mask for the prune source. It should be all 1s or both the prune source and prune mask must match. Expiry Time (secs) This field indicates the expiry time in seconds. This is the time remaining for this prune to age out. 7.1.1.
7.1.2 Configuration Commands 7.1.2.1 ip dvmrp This command sets administrative mode of DVMRP in the router to active. IGMP must be enabled before DVMRP can be enabled. Syntax ip dvmrp no ip dvmrp no - This command sets administrative mode of DVMRP in the router to inactive. IGMP must be enabled before DVMRP can be enabled. Default Setting Disabled Command Mode Global Config 7.1.2.2 ip dvmrp metric This command configures the metric for an interface.
7.2 Internet Group Management Protocol (IGMP) Commands This section provides a detailed explanation of the IGMP commands. The commands are divided into the following different groups: Show commands are used to display device settings, statistics and other information. Configuration commands are used to configure features and options of the switch. For every configuration command there is a show command that will display the configuration setting. 7.2.1 Show Commands 7.2.1.
show ip igmp groups [detail] - Valid slot and port number separated by a forward slash. [detail] - Display details of subscribed multicast groups. Default Setting None Command Mode Privileged Exec Display Message IP Address This displays the IP address of the interface participating in the multicast group. Subnet Mask This displays the subnet mask of the interface participating in the multicast group.
Privileged Exec User EXEC Display Message Slot/Port Valid slot and port number separated by a forward slash. IGMP Admin Mode This field displays the administrative status of IGMP. This is a configured value. Interface Mode This field indicates whether IGMP is enabled or disabled on the interface. This is a configured value. IGMP Version This field indicates the version of IGMP running on the interface. This value can be configured to create a router capable of running either IGMP version 1 or 2.
IInterface Valid slot and port number separated by a forward slash. Interface IP This displays the IP address of the interface participating in the multicast group. State This displays whether the interface has IGMP in Querier mode or Non-Querier mode. Group Compatibility Mode The group compatibility mode (v1, v2 or v3) for the specified group on this interface. Source Filter Mode The source filter mode (Include/Exclude) for the specified group on this interface.
Wrong Version Queries This field indicates the number of queries received whose IGMP version does not match the IGMP version of the interface. Number of Joins This field displays the number of times a group membership has been added on this interface. Number of Groups This field indicates the current number of membership entries for this interface. 7.2.2 Configuration Commands 7.2.2.1 ip igmp This command sets the administrative mode of IGMP in the router to active.
Default Setting 3 Command Mode Interface Config 7.2.2.3 ip igmp last-member-query-count This command sets the number of Group-Specific Queries sent before the router assumes that there are no local members on the interface. Syntax ip igmp last-member-query-count <1-20> no ip igmp last-member-query-count <1-20> - The range for <1-20> is 1 to 20. no - This command resets the number of Group-Specific Queries to the default value. Default Setting Disabled Command Mode Interface Config 7.2.2.
no - This command resets the Maximum Response Time being inserted into Group-Specific Queries sent in response to Leave Group messages on the interface to the default value. Default Setting 1 second Command Mode Interface Config 7.2.2.5 ip igmp query-interval This command configures the query interval for the specified interface. This is the frequency at which IGMP Host-Query packets are transmitted on this interface.
no - This command resets the maximum response time interval for the specified interface, which is the maximum query response time advertised in IGMPv2 queries on this interface to the default value. The maximum response time interval is reset to the default time. Default Setting 100 Command Mode Interface Config 7.2.2.7 ip igmp robustness This command configures the robustness that allows tuning of the interface. The robustness is the tuning for the expected packet loss on a subnet.
no - This command resets the number of Queries sent out on startup, separated by the Startup Query Interval on the interface to the default value. Default Setting 2 Command Mode Interface Config 7.2.2.9 ip igmp startup-query-interval This command sets the interval between General Queries sent by a Querier on startup on the interface. The time interval value is in seconds. Syntax ip igmp startup-query-interval <1-300> no ip igmp startup-query-interval <1-300> - The range for <1-300> is 1 to 300 seconds.
Syntax show ip mcast Default Setting None Command Mode Privileged Exec Display Message Admin Mode: This field displays the administrative status of multicast. This is a configured value. Protocol State: This field indicates the current state of the multicast protocol. Possible values are Operational or Non-Operational. Table Max Size: This field displays the maximum number of entries allowed in the multicast table.
Interface: Valid slot and port number separated by a forward slash. Group IP: The group IP address. Mask: The group IP mask. 7.3.1.3 show ip mcast interface This command displays the multicast information for the specified interface. Syntax show ip mcast interface < slot/port > - Interface number. Default Setting None Command Mode Privileged Exec Display Message Interface: Valid slot and port number separated by a forward slash.
None Command Mode Privileged Exec Display Message If the “detail” parameter is specified, the following fields are displayed: Source IP: This field displays the IP address of the multicast data source. Group IP: This field displays the IP address of the destination of the multicast packet. Expiry Time (secs): This field displays the time of expiry of this entry in seconds. Up Time (secs): This field displays the time elapsed since the entry was created in seconds.
RPF Neighbor: This field displays the IP address of the RPF neighbor. Flags: This field displays the flags associated with this entry. If the summary parameter is specified the follow fields are displayed: Source IP: This field displays the IP address of the multicast data source. Group IP: This field displays the IP address of the destination of the multicast packet. Protocol This field displays the multicast routing protocol by which this entry was created.
This command displays all the static routes configured in the static mcast table if is specified or displays the static route associated with the particular . Syntax show ip mcast mroute static [] < sourceipaddr > - the IP Address of the multicast data source. Default Setting None Command Mode Privileged Exec Display Message Source IP: This field displays the IP address of the multicast packet source.
Command Mode Privileged Exec Display Message Router Interface: The IP address of this neighbor. Neighbor: The neighbor associated with the router interface. Metric: The metric value associated with this neighbor. TTL: The TTL threshold associated with this neighbor. Flags: Status of the neighbor. 7.3.1.
show mtrace Default Setting None Command Mode Privileged Exec Display Message Hops Away From Destination: The ordering of intermediate routers between the source and the destination. Intermediate Router Address: The address of the intermediate router at the specified hop distance. Mcast Protocol In Use: The multicast routing protocol used for the out interface of the specified intermediate router. TTL Threshold: The Time-To-Live threshold of the out interface on the specified intermediate router.
Disbale Command Mode Global Config 7.3.2.2 ip multicast staticroute This command creates a static route which is used to perform RPF checking in multicast packet forwarding. The combination of the and the fields specify the network IP address of the multicast packet source. The is the IP address of the next hop toward the source. The is the cost of the route entry for comparison with other routes to the source network and is a value in the range of 0 and 255.
The source parameter is used to clear the routes in the mroute table entries containing the specified or [groupipaddr] pair. The source address is the source IP address of the multicast packet. The group address is the Group Destination IP address of the multicast packet. The group parameter is used to clear the routes in the mroute table entries containing the specified . The group address is the Group Destination IP address of the multicast packet.
no - This command deletes an administrative scope multicast boundary specified by and for which this multicast administrative boundary is applicable. is a group IP address and is a group IP mask. Default Setting None Command Mode Interface Config 7.3.2.5 ip multicast ttl-threshold This command applies the given to a routing interface.
Syntax mrinfo [] - the IP address of the multicast capable router. Default Setting None Command Mode Privileged Exec 7.3.2.7 mstat This command is used to find the packet rate and loss information path from a source to a receiver (unicast router id of the host running mstat). The results of this command will be available in the results bufferpool which can be displayed by using "show mstat". If a debug command is already in progress, a message is displayed and the new request fails.
7.3.2.8 mtrace This command is used to find the multicast path from a source to a receiver (unicast router ID of the host running mtrace). A trace query is passed hop-by-hop along the reverse path from the receiver to the source, collecting hop addresses, packet counts, and routing error conditions along the path, and then the response is returned to the requestor. The results of this command will be available in the results buffer pool which can be displayed by using "show mtrace".
no disable ip multicast mdebug mtrace no - This command is used to enable the processing capability of mtrace query on this router. If the mode is enabled, the mtrace queries received by the router are processed and forwarded appropriately by the router. If the mode is disabled, this router does not respond to the mtrace queries it receives from other router devices. Default Setting None Command Mode Global Config 7.4 Protocol Independent Multicast – Dense Mode (PIM-DM) Commands 7.4.1 Show Commands 7.4.1.
7.4.1.2 show ip pimdm interface This command displays the interface information for PIM-DM on the specified interface. Syntax show ip pimdm interface < slot/port > - Interface number. Default Setting None Command Mode Privileged Exec Display Message Interface Mode: This field indicates whether PIM-DM is enabled or disabled on the specified interface. This is a configured value.
Privileged Exec Display Message Interface: Valid slot and port number separated by a forward slash. IP Address: This field indicates the IP Address that represents the PIM-DM interface. Nbr Count: This field displays the neighbor count for the PIM-DM interface. Hello Interval: This field indicates the time interval between two hello messages sent from the router on the given interface. Designated Router: This indicates the IP Address of the Designated Router for this interface. 7.4.1.
Syntax ip pimdm no ip pimdm no - This command disables the administrative mode of PIM-DM in the router. IGMP must be enabled before PIM-DM can be enabled. Default Setting Disabled Command Mode Global Config 7.4.2.2 ip pimdm mode This command sets administrative mode of PIM-DM on an interface to enabled. Syntax ip pimdm mode no ip pimdm mode no - This command sets administrative mode of PIM-DM on an interface to disabled. Default Setting Disabled Command Mode Interface Config 7.4.2.
Syntax ip pimdm query-interval <10 - 3600> no ip pimdm query-interval <10 - 3600> - This is time interval in seconds. no - This command resets the transmission frequency of hello messages between PIM enabled neighbors to the default value. Default Setting 30 Command Mode Interface Config 7.5 Protocol Independent Multicast – Sparse Mode (PIM-SM) Commands 7.5.1 Show Commands 7.5.1.1 show ip pimsm This command displays the system-wide information for PIM-SM.
Data Threshold Rate (Kbps): This field shows the data threshold rate for the PIM-SM router. This is a configured value. Register Threshold Rate (Kbps): This field indicates the threshold rate for the RP router to switch to the shortest path. This is a configured value. Interface: Valid slot and port number separated by a forward slash. Interface Mode: This field indicates whether PIM-SM is enabled or disabled on the interface. This is a configured value.
< slot/port > - Interface number. Default Setting None Command Mode Privileged Exec Display Message Slot/Port: Valid slot and port number separated by a forward slash. IP Address: This field indicates the IP address of the specified interface. Subnet Mask: This field indicates the Subnet Mask for the IP address of the PIM interface. Mode: This field indicates whether PIM-SM is enabled or disabled on the specified interface. This is a configured value. By default it is disabled.
Subnet Mask: This field indicates the Subnet Mask of this PIM-SM interface. Designated Router: This indicates the IP Address of the Designated Router for this interface. Neighbor Count: This field displays the number of neighbors on the PIM-SM interface. 7.5.1.5 show ip pimsm neighbor This command displays the neighbor information for PIM-SM on the specified interface. Syntax show ip pimsm neighbor [ | all] < slot/port > - Interface number. all - this command represents all interfaces.
< group-mask > - the multicast group address mask. candidate - this command display PIM-SM candidate-RP table information. all - this command display all group addresses. Default Setting None Command Mode Privileged Exec Display Message Group Address: This field specifies the IP multicast group address. Group Mask: This field specifies the multicast group address subnet mask. Address: This field displays the IP address of the Candidate-RP. Hold Time: This field displays the hold time of a Candidate-RP.
Group Mask: This field displays the group mask for the group address. 7.5.1.8 show ip pimsm staticrp This command displays the static RP information for the PIM-SM router. Syntax show ip pimsm staticrp Default Setting None Command Mode Privileged Exec Display Message Address: This field displays the IP address of the RP. Group Address: This field displays the group address supported by the RP. Group Mask: This field displays the group mask for the group address. 7.5.2 Configuration Commands 7.5.2.
Disbaled Command Mode Global Config 7.5.2.2 ip pimsm message-interval This command is used to configure the global join/prune interval for PIM-SM router. The join/prune interval is specified in seconds. This parameter can be configured to a value from 10 to 3600. Syntax ip pimsm message-interval <10 - 3600> no ip pimsm message-interval <10 - 3600> - This is time interval in seconds. no - This command is used to reset the global join/prune interval for PIM-SM router to the default value.
no - This command is used to reset the Threshold rate for the RP router to switch to the shortest path to the default value. Default Setting 50 Command Mode Global Config 7.5.2.4 ip pimsm spt-threshold This command is used to configure the Threshold rate for the last-hop router to switch to the shortest path. The rate is specified in Kilobytes per second. The possible values are 0 to 2000. Syntax ip pimsm spt-threshold <0 - 2000> no ip pimsm spt-threshold <0 - 2000> - This is time interval in seconds.
ip pimsm staticrp no ip pimsm staticrp < rp-address > - the IP Address of the RP. < group-address > - the group address supported by the RP. < group-mask > - the group mask for the group address. no - This command is used to delete RP IP address for the PIM-SM router. The parameter is the IP address of the RP. The parameter is the group address supported by the RP.
7.5.2.7 ip pimsm query-interval This command configures the transmission frequency of hello messages in seconds between PIM enabled neighbors. This field has a range of 10 to 3600 seconds. Syntax ip pimsm query-interval <10 - 3600> no ip pimsm query-interval <10 - 3600> - This is time interval in seconds. no - This command resets the transmission frequency of hello messages between PIM enabled neighbors to the default value. Default Setting 30 Command Mode Interface Config 7.5.2.
7.5.2.9 ip pimsm cbsrhashmasklength This command is used to configure the CBSR hash mask length to be advertised in bootstrap messages for a particular PIM-SM interface. This hash mask length will be used in the hash algorithm for selecting the RP for a particular group. The valid range is 0 - 32. The default value is 30. Syntax ip pimsm cbsrhashmasklength <0 - 32> no ip pimsm cbsrhashmasklength <0 - 32> - The CBSR hash mask length.
<-1 - 255> - The preference value for the local interface. no - This command is used to reset the Candidate Rendezvous Point (CRP) for a particular PIM-SM interface to the default value.
8 Web-Based Management Interface 8.1 Overview Your Layer 3 Network Switch provides a built-in browser software interface that lets you configure and manage it remotely using a standard Web browser such as Microsoft Internet Explorer or Netscape Navigator. This software interface also allows for system monitoring and management of the Network Switch. When you configure this Network Switch for the first time from the console, you have to assign an IP address and subnet mask to the Network Switch.
8.2 Main Menu 8.2.1 System Menu 8.2.1.1 View ARP Cache The Address Resolution Protocol (ARP) dynamically maps physical (MAC) addresses to Internet (IP) addresses. This panel displays the current contents of the ARP cache.
8.2.1.2 Viewing Inventory Information Use this panel to display the switch's Vital Product Data, stored in non-volatile memory at the factory. Non-Configurable Data System Description - The product name of this switch. Machine Type - The machine type of this switch. Machine Model - The model within the machine type. Serial Number - The unique box serial number for this switch. Part Number - The manufacturing part number. Base MAC Address - The burned-in universally administered MAC address of this switch.
Additional Packages - A list of the optional software packages installed on the switch, if any. Command Buttons Refresh - Updates the information on the page. 8.2.1.3 Configuring Management Session and Network Parameters Viewing System Description Page Configurable Data System Name - Enter the name you want to use to identify this switch. You may use up to 31 alpha-numeric characters. The factory default is blank. System Location - Enter the location of this switch.
System Description - The product name of this switch. System Object ID - The base object ID for the switch's enterprise MIB. System IP Address - The IP Address assigned to the network interface. System Up time - The time in days, hours and minutes since the last switch reboot. MIBs Supported - The list of MIBs supported by the management agent running on this switch. Command Buttons Submit - Update the switch with the values on the screen.
Configuring Network Connectivity Page The network interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front panel ports through which traffic is switched or routed. To access the switch over a network you must first configure it with IP information (IP address, subnet mask, and default gateway).
Configuring Telnet Session Page Configurable Data Telnet Session Timeout (minutes) - Specify how many minutes of inactivity should occur on a telnet session before the session is logged off. You may enter any number from 1 to 160. The factory default is 5. Maximum Number of Telnet Sessions - Use the pulldown menu to select how many simultaneous telnet sessions will be allowed. The maximum is 5, which is also the factory default.
Configuring Outbound Telnet Client Configuration Page Configurable Data Admin Mode - Specifies if the Outbound Telnet service is Enabled or Disabled. Default value is Enabled. Maximum Sessions - Specifies the maximum number of Outbound Telnet Sessions allowed. Default value is 5. Valid Range is (0 to 5). Session Timeout - Specifies the Outbound Telnet login inactivity timeout. Default value is 5. Valid Range is (1 to 160). Command Buttons Submit - Sends the updated configuration to the switch.
Baud Rate (bps) - Select the default baud rate for the serial port connection from the pull-down menu. You may choose from 1200, 2400, 4800, 9600, 19200, 38400, 57600, and 115200 baud. The factory default is 9600 baud. Password Threshold - When the logon attempt threshold is reached on the console port, the system interface becomes silent for a specified amount of time before allowing the next logon attempt. (Use the silent time command to set this interval.
User Name Selector - You can use this screen to reconfigure an existing account, or to create a new one. Use this pulldown menu to select one of the existing accounts, or select 'Create' to add a new one, provided the maximum of five 'Read Only' accounts has not been reached. Configurable Data User Name - Enter the name you want to give to the new account. (You can only enter data in this field when you are creating a new account.) User names are up to eight characters in length and are not case sensitive.
Defining Authentication List Configuration Page You use this screen to configure login lists. A login list specifies the authentication method(s) you want used to validate switch or port access for the users associated with the list. The pre-configured users, admin and guest, are assigned to a pre-configured list named defaultList, which you may not delete.
select a method that does not time out as the second method, the third method will not be tried. Note that this parameter will not appear when you first create a new login list. Method 3 - Use the dropdown menu to select the method, if any, that should appear third in the selected authentication login list. Note that this parameter will not appear when you first create a new login list. Command Buttons Submit - Sends the updated screen to the switch and causes the changes to take effect on the switch.
Viewing Authentication List Summary Page Non-Configurable Data Authentication List - Identifies the authentication login list summarized in this row. Method List - The ordered list of methods configured for this login list. Login Users - The users you assigned to this login list on the User Login Configuration screen. This list is used to authenticate the users for system login access. 802.
the user's access to the switch from all CLI, web, and telnet sessions will be blocked until the authentication is complete. Refer to the discussion of maximum delay in the RADIUS configuration help. Configurable Data Authentication List - Select the authentication login list you want to assign to the user for system login. Command Buttons Submit - Sends the updated screen to the switch and causes the changes to take effect on the switch.
Viewing Forwarding Database Page Use this panel to display information about entries in the forwarding database. These entries are used by the transparent bridging function to determine how to forward a received frame. Configurable Data Filter - Specify the entries you want displayed. Learned: If you choose "learned" only MAC addresses that have been learned will be displayed. All: If you choose "all" the whole table will be displayed. MAC Address Search - You may also search for an individual MAC address.
8.2.1.5 Viewing Logs Viewing Buffered Log Configuration Page This log stores messages in memory based upon the settings for message component and severity. Configurable Data Admin Status - A log that is "Disabled" shall not log messages. A log that is "Enabled" shall log messages. Enable or Disable logging by selecting the corresponding line on the pulldown entry field. Behavior Indicates the behavior of the log when it is full. It can either wrap around or stop when the log space is filled.
Viewing Buffered Log Page This help message applies to the format of all logged messages which are displayed for the buffered log, persistent log, or console log. Format of the messages <15>Aug 24 05:34:05 STK0 MSTP[2110]: mspt_api.c(318) 237 %% Interface 12 transitioned to root state on message age timer expiry -The above example indicates a user-level message (1) with severity 7 (debug) generated by component MSTP running in thread id 2110 on Aug 24 05:34:05 by line 318 of file mstp_api.c.
Configuring Command Logger Page Configurable Data Admin Mode - Enable/Disable the operation of the CLI Command logging by selecting the corresponding pulldown field and clicking Submit. Command Buttons Submit - Update the switch with the values you entered. Configuring Console Log Page This allows logging to any serial device attached to the host. Configurable Data Admin Status -A log that is "Disabled" shall not log messages. A log that is "Enabled" shall log messages.
Viewing Event Log Page Use this panel to display the event log, which is used to hold error messages for catastrophic events. After the event is logged and the updated log is saved in FLASH memory, the switch will be reset. The log can hold at least 2,000 entries (the actual number depends on the platform and OS), and is erased when an attempt is made to add an entry after it is full. The event log is preserved across system resets. Non-Configurable Data Entry - The number of the entry within the event log.
IP Address - This is the ip address of the host configured for syslog. Status -This specifies wether the host has been configured to be actively logging or not. Set the host to be active/out of service from the drop down menu. Port -This is the port on the host to which syslog messages are sent. The default port is 514. Specify the port in the text field. Severity Filter -A log records messages equal to or above a configured severity threshold.
Messages Relayed - The count of syslog messages relayed. Messages Ignored - The count of syslog messages ignored. Command Buttons Submit - Update the switch with the values you entered. Refresh - Refetch the database and display it again starting with the first entry in the table. 8.2.1.6 Managing Switch Interface Configuring Switch Interface Page Selection Criteria Slot/Port - Selects the interface for which data is to be displayed or configured.
Link Trap - This object determines whether or not to send a trap when link status changes. The factory default is enabled. Maximum Frame Size - The maximum Ethernet frame size the interface supports or is configured, including Ethernet header, CRC, and payload. (1518 to 9216). The default maximum frame size is 1518 . Flow Control - Used to enable or disable flow control feature on the selected interface.
Viewing Switch Interface Configuration Page This screen displays the status for all ports in the box. Selection Criteria MST ID - Select the Multiple Spanning Tree instance ID from the list of all currently configured MST ID's to determine the values displayed for the Spanning Tree parameters. Changing the selected MST ID will generate a screen refresh. If Spanning Tree is disabled this will be a static value, CST, instead of a selector.
Disable - spanning tree is disabled for this port. Forwarding State - The port's current state Spanning Tree state. This state controls what action a port takes on receipt of a frame. If the bridge detects a malfunctioning port it will place that port into the broken state. The other five states are defined in IEEE 802.1D: Disabled Blocking Listening Learning Forwarding Broken Port Role - Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree.
Configuring Multiple Port Mirroring Function Page Configurable Data Session ID - A session ID or "All Sessions" option may be selected. By default the First Session is selected. Session Mode - Specifies the Session Mode for a selected session ID. By default Session Mode is enabled. Source Port(s) - Specifies the configured port(s) as mirrored port(s). Traffic of the configured port(s) is sent to the probe port.
These are well-known communities, you can use this menu to change the defaults or to add other communities. Only the communities that you define using this menu will have access to the switch using the SNMPv1 and SNMPv2c protocols. Only those communities with read-write level access will have access to this menu via SNMP. You should use this menu when you are using the SNMPv1 and SNMPv2c protocol: if you want to use SNMP v3 you should use the User Accounts menu.
Configuring SNMP Trap Receiver Configuration Page This menu will display an entry for every active Trap Receiver. Configurable Data SNMP Community Name - Enter the community string for the SNMP trap packet to be sent to the trap manager. This may be up to 16 characters and is case sensitive. SNMP Version - Select the trap version to be used by the receiver from the pull down menu: SNMP v1 - Uses SNMP v1 to send traps to the receiver. SNMP v2 - Uses SNMP v2 to send traps to the receiver.
Viewing SNMP supported MIBs Page This is a list of all the MIBs supported by the switch. Non-configurable Data Name - The RFC number if applicable and the name of the MIB. Description - The RFC title or MIB description. Command Buttons Refresh - Update the data.
8.2.1.8 Viewing Statistics Viewing the whole Switch Detailed Statistics Page Non-Configurable Data ifIndex - This object indicates the ifIndex of the interface table entry associated with the Processor of this switch. Octets Received - The total number of octets of data received by the processor (excluding framing bits but including FCS octets). Packets Received Without Errors - The total number of packets (including broadcast packets and multicast packets) received by the processor.
Multicast Packets Received - The total number of packets received that were directed to a multicast address. Note that this number does not include packets directed to the broadcast address. Broadcast Packets Received - The total number of packets received that were directed to the broadcast address. Note that this does not include multicast packets.
Command Buttons Clear Counters - Clear all the counters, resetting all switch summary and detailed statistics to default values. The discarded packets count cannot be cleared. Refresh - Refresh the data on the screen with the present state of the data in the switch. Viewing the whole Switch Summary Statistics Page Non-Configurable Data ifIndex - This object indicates the ifIndex of the interface table entry associated with the Processor of this switch.
Transmit Packet Errors - The number of outbound packets that could not be transmitted because of errors. Address Entries Currently in Use - The total number of Forwarding Database Address Table entries now active on the switch, including learned and static entries. VLAN Entries Currently in Use - The number of VLAN entries presently occupying the VLAN table. Time Since Counters Last Cleared - The elapsed time, in days, hours, minutes, and seconds since the statistics for this switch were last cleared.
Packets RX and TX 128-255 Octets - The total number of packets (including bad packets) received or transmitted that were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets). Packets RX and TX 256-511 Octets - The total number of packets (including bad packets) received or transmitted that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
Packets Received 1024-1518 Octets - The total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets). Packets Received > 1522 Octets - The total number of packets received that were longer than 1522 octets (excluding framing bits, but including FCS octets) and were otherwise well formed. Total Packets Received Without Errors - The total number of packets received that were without errors.
Packets Transmitted 65-127 Octets - The total number of packets (including bad packets) received that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets). Packets Transmitted 128-255 Octets - The total number of packets (including bad packets) received that were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets).
Tx Oversized - The total nummber of frames that exceeded the max permitted frame size. This counter has a max increment rate of 815 counts per sec at 10 Mb/s. Underrun Errors - The total number of frames discarded because the transmit FIFO buffer became empty during frame transmission. Total Transmit Packets Discarded - The sum of single collision frames discarded, multiple collision frames discarded, and excessive frames discarded.
Refresh - Refresh the data on the screen with the present state of the data in the switch.
Viewing Each Port Summary Statistics Page Selection Criteria Slot/Port - Selects the interface for which data is to be displayed or configured. Non-Configurable Data ifIndex - This object indicates the ifIndex of the interface table entry associated with this port on an adapter. Total Packets Received without Errors - The total number of packets received that were without errors.
8.2.1.9 Managing System Utilities Saving All Configuration Changed Page Command Buttons Save - Click this button to have configuration changes you have made saved across a system reboot. All changes submitted since the previous save or system reboot will be retained by the switch. Resetting the Switch Page Command Buttons Reset - Select this button to reboot the switch. Any configuration changes you have made since the last time you issued a save will be lost.
Resetting the Passwords to Default Values Page Command Buttons Reset - Select this button to have all passwords reset to their factory default values. Downloading Specific Files to Switch Flash Page Use this menu to download a file to the switch. Configurable Data File Type - Specify what type of file you want to download: Script - specify configuration script when you want to update the switch's script file. CLI Banner - Specify the banner that you want to display before user login to the switch.
Start File Transfer - To initiate the download you need to check this box and then select the submit button. Non-Configurable Data The last row of the table is used to display information about the progress of the file transfer. The screen will refresh automatically until the file transfer completes. Command Buttons Submit - Send the updated screen to the switch and perform the file download.
Defining Configuration and Runtime Startup File Page Specify the file used to start up the system. Configurable Data Configuration File - Configuration files. Runtime File - Run-time operation codes. Command Buttons Submit - Send the updated screen to the switch and specify the file start-up. Removing Specific File Page Delete files in flash. If the file type is used for system startup, then this file cannot be deleted. Configurable Data Configuration File - Configuration files.
Copying Running Configuration to Flash Page Use this menu to copy a start-up configuration file from the running configuration file on switch. Configurable Data File Name - Enter the name you want to give the file being copied. You may enter up to 32 characters. The factory default is blank. Non-Configurable Data The last row of the table is used to display information about the progress of the file copy. The screen will refresh automatically until the file copy completes.
Submit - This will initiate the ping. Managing CDP Function Defining CDP Configuration Page Use this menu to configure the parameters for CDP, which is used to discover a CISCO device on the LAN. Configurable Data Admin Mode - CDP administration mode which are Enable and Disable. Hold Time - the legal time period of a received CDP packet. Transmit Interval - the CDP packet sending interval. Port Authen. State - the CDP administration mode for all ports which are Enable and Disable.
Viewing Neighbors Information Page Non-Configurable Data Use this menu to display CDP neighbors device information in the LAN. Command Buttons Clear - Clear all the counters, resetting all switch summary and detailed statistics to default values. The discarded packets count cannot be cleared. Refresh - Refresh the data on the screen with the present state of the data in the switch. Viewing Traffic Statistics Page Use this menu to display CDP traffic statistics.
8.2.1.10 Defining Trap Manager Configuring Trap Flags Page Use this menu to specify which traps you want to enable. When the condition identified by an active trap is encountered by the switch a trap message will be sent to any enabled SNMP Trap Receivers, and a message will be written to the trap log. Configurable Data Authentication - Enable or disable activation of authentication failure traps by selecting the corresponding line on the pull down entry field. The factory default is enabled.
Viewing Trap Log Page This screen lists the entries in the trap log. The information can be retrieved as a file by using System Utilities, Upload File from Switch. Non-Configurable Data Number of Traps since last reset - The number of traps that have occurred since the switch were last reset. Trap Log Capacity - The maximum number of traps stored in the log. If the number of traps exceeds the capacity, the entries will overwrite the oldest entries. Log - The sequence number of this trap.
8.2.1.11 Configuring SNTP Configuring SNTP Global Configuration Page Configurable Data Client Mode - Specifies the mode of operation of SNTP Client. An SNTP client may operate in one of the following modes. • Disable- SNTP is not operational. No SNTP requests are sent from the client nor are any received SNTP messages processed. • Unicast- SNTP operates in a point to point fashion.
Unicast Poll Retry - Specifies the number of times to retry a request to an SNTP server after the first time-out before attempting to use the next configured server when configured in unicast mode. Allowed range is (0 to 10). Default value is 1. Command Buttons Submit - Sends the updated configuration to the switch. Configuration changes take effect immediately. Viewing SNTP Global Status Page Non-Configurable Data Version - Specifies the SNTP Version the client supports.
• Server Kiss Of DeathThe SNTP server indicated that no further queries were to be sent to this server. This is indicated by a stratum field equal to 0 in a message received from a server. Server IP Address - Specifies the IP address of the server for the last received valid packet. If no message has been received from any server, an empty string is shown. Address Type - Specifies the address type of the SNTP Server address for the last received valid packet.
Address - Specifies the address of the SNTP server. This is a text string of up to 64 characters containing the encoded unicast IP address or hostname of a SNTP server. Unicast SNTP requests will be sent to this address. If this address is a DNS hostname, then that hostname should be resolved into an IP address each time a SNTP request is sent to it. Address Type - Specifies the address type of the configured SNTP Server address.
Address - Specifies all the existing Server Addresses. If no Server configuration exists, a message saying "No SNTP server exists" flashes on the screen. Last Update Time - Specifies the local date and time (UTC) that the response from this server was used to update the system clock. Last Attempt Time - Specifies the local date and time (UTC) that this SNTP server was last queried. Last Attempt Status - Specifies the status of the last SNTP request to this server.
Hour - Hour in 24-hour format. (Range: 0 - 23). Minute - Minute. (Range: 0 - 59). Second - Second. (Range: 0 - 59). Command Buttons Submit - Send the updated screen to the switch. Changes take effect on the switch but these changes will not be retained across a power cycle unless a save is performed. Configuring Time Zone Settings Page Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates from a time server.
Submit - Send the updated screen to the switch. Changes take effect on the switch but these changes will not be retained across a power cycle unless a save is performed. 8.2.1.12 Defining DHCP Client Configuring DHCP Restart Page This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the IP address command. DHCP requires the server to reassign the client's last address if available.
z Specific Text String z Specific Hexadecimal Value Text String - A text string. Hex Value - The hexadecimal value. Command Buttons Submit - Send the updated screen to the switch perform the setting DHCP client identifier. 8.2.2 Switching Menu 8.2.2.1 Managing Port-based VLAN Configuring Port-based VLAN Configuration Page Selection Criteria VLAN ID and Name - You can use this screen to reconfigure an existing VLAN, or to create a new one.
z Autodetect - Specifies that port may be dynamically registered in this VLAN via GVRP. The port will not participate in this VLAN unless it receives a GVRP request. This is equivalent to registration normal in the IEEE 802.1Q standard. Tagging - Select the tagging behavior for this port in this VLAN. The factory default is 'Untagged'. The possible values are: Tagged - all frames transmitted for this VLAN will be tagged. Untagged - all frames transmitted for this VLAN will be untagged.
VLAN Name - The name of the VLAN. VLAN ID 1 is always named `Default`. VLAN Type - The VLAN type: Default ( VLAN ID = 1) -- always present Static -- a VLAN you have configured Dynamic -- a VLAN created by GVRP registration that you have not converted to static, and that GVRP may therefore remove. Configuring VLAN Port Configuration Page Selection Criteria Slot/Port - Select the physical interface for which you want to display or configure data.
Viewing VLAN Port Summary Page Non-Configurable Data Slot/Port - The interface. Port VLAN ID - The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port. Acceptable Frame Types - Specifies the types of frames that may be received on this port. The options are 'VLAN only' and 'Admit All'. When set to 'VLAN only', untagged frames or priority tagged frames received on this port are discarded.
Resetting VLAN Configuration Page Command Buttons Reset - If you select this button and confirm your selection on the next screen, all VLAN configuration parameters will be reset to their factory default values. Also, all VLANs, except for the default VLAN, will be deleted. The factory default values are: z All ports are assigned to the default VLAN of 1. z All ports are configured with a PVID of 1. z All ports are configured to an Acceptable Frame Types value of Admit All Frames.
8.2.2.2 Managing Protocol-based VLAN Protocol-based VLAN Configuration Page You can use a protocol-based VLAN to define filtering criteria for untagged packets. By default, if you do not configure any port- (IEEE 802.1Q) or protocol-based VLANs, untagged packets will be assigned to VLAN 1. You can override this behavior by defining either port-based VLANs or protocol-based VLANs, or both. Tagged packets are always handled according to the IEEE 802.1Q standard, and are not included in protocol-based VLANs.
Slot/Port(s) - Select the interface(s) you want to be included in the group. Note that a given interface can only belong to one group for a given protocol. If you have already added interface 0.1 to a group for IP, you cannot add it to another group that also includes IP, although you could add it to a new group for IPX. Non-Configurable Data Group ID - A number used to identify the group created by the user. Group IDs are automatically assigned when a group is created by the user.
VLAN - The VLAN ID associated with the group. Slot/Port(s) - The interfaces associated with the group. Command Buttons Refresh - Update the screen with the latest information. 8.2.2.3 Defining GARP Viewing GARP Information Page This screen shows the GARP Status for the switch and for the individual ports. Note that the timers are only relevant when the status for a port shows as enabled.
1.5*LeaveAllTime. Permissible values are 200 to 6000 centiseconds (2 to 60 seconds). The factory default is 1000 centiseconds (10 seconds). Configuring the whole Switch GARP Configuration Page Note: It can take up to 10 seconds for GARP configuration changes to take effect. Configurable Data GVRP Mode - Choose the GARP VLAN Registration Protocol administrative mode for the switch by selecting enable or disable from the pull down menu. The factory default is disabled.
Configuring each Port GARP Configuration Page Note: It can take up to 10 seconds for GARP configuration changes to take effect. Selection Criteria Slot/Port - Select the physical interface for which data is to be displayed or configured. It is possible to set the parameters for all ports by selecting 'All'. Configurable Data Port GVRP Mode - Choose the GARP VLAN Registration Protocol administrative mode for the port by selecting enable or disable from the pull down menu.
8.2.2.4 Managing IGMP Snooping Configuring IGMP Snooping Global Configuration Page Use this menu to configure the parameters for IGMP Snooping, which is used to build forwarding lists for multicast traffic. Note that only a user with Read/Write access privileges may change the data on this screen. Configurable Data Admin Mode - Select the administrative mode for IGMP Snooping for the switch from the pulldown menu. The default is disable.
Defining IGMP Snooping Interface Configuration Page Configurable Data Slot/Port - The single select box lists all physical ,VLAN and LAG interfaces. Select the interface you want to configure. Admin Mode - Select the interface mode for the selected interface for IGMP Snooping for the switch from the pulldown menu. The default is disable.
Multicast Router Present Expiration Time - Specify the amount of time you want the switch to wait to receive a query on an interface before removing it from the list of interfaces with multicast routers attached. Enter a value between 0 and 3600 seconds. The default is 0 seconds. A value of zero indicates an infinite timeout, i.e. no expiration. Fast Leave Admin mode - Select the Fast Leave mode for the a particular interface from the pulldown menu. The default is disable.
Configuring IGMP Snooping VLAN Page Configurable Data VLAN ID - Specifies list of VLAN IDs for which IGMP Snooping is enabled. VLAN ID - Appears when "New Entry" is selected in VLAN ID combo box. Specifies VLAN ID for which pre-configurable Snooping parameters are to be set. Admin Mode - Enable or disable the Igmp Snooping for the specified VLAN ID. Fast Leave Admin Mode - Enable or disable the Igmp Snooping Fast Leave Mode for the specified VLAN ID.
Viewing Multicast Router Statistics Page Non-Configurable Data Slot/Port - The single select box lists all physical and LAG interfaces. Select the interface for which you want to display the statistics. Multicast Router - Specifies for the selected interface whether multicast router is enable or disabled. Command Buttons Refresh - Refetch the database and display it again starting with the first entry in the table.
Viewing Multicast Router VLAN Statistics Page Selection Criteria Slot/Port - The select box lists all Slot/Ports. Select the interface for which you want to display the statistics. Non-Configurable Data VLAN ID - All Vlan Ids for which the Multicast Router Mode is Enabled Multicast Router - Multicast Router Mode for Vlan ID. Configuring Multicast Router VLAN Page Selection Criteria Slot/Port - The select box lists all Slot/Ports.Select the interface for which you want Multicast Router to be enabled.
Configuring L2 Static Multicast Group Configuration Page Non-Configurable Data MAC Address Table - This is the list of MAC address and VLAN ID pairings for all configured L2Mcast Groups. To change the port mask(s) for an existing L2Mcast Group, select the entry you want to change. To add a new L2Mcast Group, select "Create Filter" from the top of the list. Configurable Data MAC Filter - The MAC address of the L2Mcast Group in the format 01:00:5E:xx:xx:xx.
Selection Criteria Static - Displays static unit for L2Mcast Groups. Dynamic - Displays dynamic unit for L2Mcast Groups. All - Displays all of L2Mcast Groups. Configurable Data Filter - Specify the entries you want displayed. Static: If you choose "Static" only L2Mcast addresses that have been configured will be displayed. Dynamic: If you choose "Dynamic" only L2Mcast addresses that have been learned will be displayed. All: If you choose "all" the whole table will be displayed.
Viewing L2 Multicast Router Port Information Page Use this panel to display information about entries in the L2Mcast Static/Dynamic router ports. These entries are used by the transparent bridging function to determine how to forward a received frame. Selection Criteria Static - Displays static unit for L2Mcast router port(s). Dynamic - Displays dynamic unit for L2Mcast router port(s). All - Displays all of L2Mcast router port(s). Configurable Data Filter - Specify the entries you want displayed.
8.2.2.5 Managing Port-Channel Configuring Port-Channel Configuration Page Selection Criteria Port Channel Name – You can use this screen to reconfigure an existing Port Channel, or to create a new one. Use this pull down menu to select one of the existing Port Channels, or select 'Create' to add a new one. There can be a maximum of 6 Port Channels. Configurable Data Port Channel Name - Enter the name you want assigned to the Port Channel. You may enter any string of up to 15 alphanumeric characters.
Refresh - Refresh the data on the screen with the present state of the data in the switch. Viewing Port-Channel Information Page Non-Configurable Data Port Channel - The Slot/Port identification of the Port Channel. Port Channel Name - The name of the Port Channel. Port Channel Type - The type of this Port Channel. Admin Mode - The Administrative Mode of the Port Channel, enable or disable. Link Status - Indicates whether the Link is up or down.
Active Ports - A listing of the ports that are actively participating members of this Port Channel, in Slot/Port notation. There can be a maximum of 8 ports assigned to a Port Channel. 8.2.2.6 Viewing Multicast Forwarding Database Viewing All of Multicast Forwarding Database Tables Page The Multicast Forwarding Database holds the port membership information for all active multicast address entries. The key for an entry consists of a VLAN ID and MAC address pair.
Refresh - Refresh the data on the screen with the present state of the data in the switch. Viewing GMRP MFDB Table Page This screen will display all of the entries in the Multicast Forwarding Database that were created for the GARP Multicast Registration Protocol. Non-Configurable Data MAC Address - A VLAN ID - multicast MAC address pair for which the switch has forwarding and/or filtering information.
Description - The text description of this multicast table entry. Possible values are Management Configured, Network Configured, and Network Assisted. Slot/Port(s) - The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:). Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch. Clear Entries - Clicking this button tells the IGMP Snooping component to delete all of its entries from the multicast forwarding database.
8.2.2.7 Managing Spanning Tree Configuring Switch Spanning Tree Configuration Page Configurable Data Spanning Tree Mode - Specifies whether spanning tree operation is enabled on the switch. Value is enabled or disabled Force Protocol Version - Specifies the Force Protocol Version parameter for the switch. The options are IEEE 802.1d, IEEE 802.1w, and IEEE 802.1s The default value is IEEE 802.1w. Configuration Name- Identifier used to identify the configuration currently being used.
Bridge Max Age - Specifies the bridge max age for the Common and Internal Spanning tree (CST). The value lies between 6 and 40, with the value being less than or equal to "2 * (Bridge Forward Delay - 1)" and greater than or equal to "2 * (Bridge Hello Time + 1)". The default value is 20. Bridge Hello Time - Specifies the bridge hello time for the Common and Internal Spanning tree (CST), with the value being less than or equal to "(Bridge Max Age / 2) - 1". The default hello time value is 2.
Configuring Spanning Tree MST Configuration Page Selection Criteria MST ID - Create a new MST which you wish to configure or configure already existing MSTs. Configurable Data MST ID - This is only visible when the select option of the MST ID select box is selected. The ID of the MST being created. Valid values for this are between 1 and 4054. Priority - The bridge priority for the MST instance selected. The bridge priority is set in multiples of 4096.
Topology change - The value of the topology change parameter for the switch indicating if a topology change is in progress on any port assigned to the selected MST instance. It takes a value if True or False. Designated root - The bridge identifier of the root bridge. It is made up from the bridge priority and the base MAC address of the bridge Root Path Cost - Path Cost to the Designated Root for this MST instance. Root port - Port to access the Designated Root for this MST instance.
Port Path Cost - Set the Path Cost to a new value for the specified port in the common and internal spanning tree. It takes a value in the range of 1 to 200000000. Non-Configurable Data Auto-calculate Port Path Cost - Displays whether the path cost is automatically calculated (Enabled) or not (Disabled). Path cost will be calculated based on the link speed of the port if the configured value for Port Path Cost is zero. Port ID - The port identifier for the specified port within the CST.
Configuring each Port MST Configuration Page Selection Criteria MST ID - Selects one MST instance from existing MST instances. Slot/Port - Selects one of the physical or LAG interfaces associated with VLANs associated with the selected MST instance. Configurable Data Port Priority - The priority for a particular port within the selected MST instance. The port priority is set in multiples of 16. For example, if you set the priority to any value between 0 and 15, it will be set to 0.
Port ID - The port identifier for the specified port within the selected MST instance. It is made up from the port priority and the interface number of the port. Port Up Time Since Counters Last Cleared - Time since the counters were last cleared, displayed in Days, Hours, Minutes, and Seconds. Port Mode - Spanning Tree Protocol Administrative Mode associated with the port or LAG. The possible values are Enable or Disable. Port Forwarding State - The Forwarding State of this port.
Viewing Spanning Tree Statistics Page Selection Criteria Slot/Port - Selects one of the physical or LAG interfaces of the switch. Non-Configurable Data STP BPDUs Received - Number of STP BPDUs received at the selected port. STP BPDUs Transmitted - Number of STP BPDUs transmitted from the selected port. RSTP BPDUs Received - Number of RSTP BPDUs received at the selected port. RSTP BPDUs Transmitted - Number of RSTP BPDUs transmitted from the selected port.
Submit - Update the switch with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save. 8.2.2.9 Managing Port Security Configuring Port Security Administration Mode Page Configurable Data Allow Port Security - Used to enable or disable the Port Security feature. Command Buttons Submit - Applies the new configuration and causes the changes to take effect.
Slot/Port - Selects the interface to be configured. Configurable Data Allow Port Security - Used to enable or disable the Port Security feature for the selected interface. Maximum Dynamic MAC Addresses allowed - Sets the maximum number of dynamically locked MAC addresses on the selected interface. Add a static MAC address- Adds a MAC address to the list of statically locked MAC addresses for the selected interface.
Deleting Port Security Statically Configured MAC Address Page Selection Criteria Slot/Port - Select the physical interface for which you want to display data. VLAN ID - selects the VLAN ID corresponding to the MAC address being deleted. Configurable data MAC Address - Accepts user input for the MAC address to be deleted. Non-configurable data MAC Address - Displays the user specified statically locked MAC address. VLAN ID - Displays the VLAN ID corresponding to the MAC address.
Number of Dynamic MAC addresses learned - Displays the number of dynamically learned MAC addresses on a specific port. Viewing Port Security Violation Status Page Selection Criteria Slot/Port - Select the physical interface for which you want to display data. Non-configurable data Last Violation MAC Address - Displays the source MAC address of the last packet that was discarded at a locked port. VLAN ID - Displays the VLAN ID corresponding to the Last Violation MAC address. 8.2.3 Routing Menu 8.2.3.
IP - Specifies all the existing static ARP along with an additional option "Create". When the user selects "Create" another text boxes " IP Address" and "MAC Address" appear where the user may enter IP address and MAC address to be configured. IP Address - Enter the IP address you want to add. It must be the IP address of a device on a subnet attached to one of the switch's existing routing interfaces. MAC Address - The unicast MAC address of the device.
Remove from Table - Allows the user to remove certain entries from the ARP Table.
8.2.3.2 Managing IP Interfaces Configuring IP Use this menu to configure routing parameters for the switch as opposed to an interface. Configurable Data Routing Mode - Select enable or disable from the pulldown menu. You must enable routing for the switch before you can route through any of the interfaces. The default value is disable. IP Forwarding Mode - Select enable or disable from the pulldown menu. This enables or disables the forwarding of IP frames. The default value is enable.
Viewing IP Statistics The statistics reported on this panel are as specified in RFC 1213. Non-Configurable Data IpInReceives - The total number of input datagrams received from interfaces, including those received in error. IpInHdrErrors - The number of input datagrams discarded due to errors in their IP headers, including bad checksums, version number mismatch, other format errors, time-to-live exceeded, errors discovered in processing their IP options, etc.
that this counter would include datagrams counted in ipForwDatagrams if any such packets met this (discretionary) discard criterion. IpNoRoutes - The number of IP datagrams discarded because no route could be found to transmit them to their destination. Note that this counter includes any packets counted in ipForwDatagrams which meet this `no-route' criterion. Note that this includes any datagrams which a host cannot route because all of its default gateways are down.
IcmpInTimestampReps - The number of ICMP Timestamp Reply messages received. IcmpInAddrMasks - The number of ICMP Address Mask Request messages received. IcmpInAddrMaskReps - The number of ICMP Address Mask Reply messages received. IcmpOutMsgs - The total number of ICMP messages which this entity attempted to send. Note that this counter includes all those counted by icmpOutErrors.
Configuring IP Interfaces Selection Criteria Slot/Port - Select the interface for which data is to be displayed or configured. Configurable Data IP Address - Enter the IP address for the interface. Subnet Mask - Enter the subnet mask for the interface. This is also referred to as the subnet/network mask, and defines the portion of the interface's IP address that is used to identify the attached network. Routing Mode - Setting this enables or disables routing for an interface. The default value is enable.
8.2.3.3 Managing OSPF Configuring OSPF Configurable Data Router ID - The 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS). If you want to change the Router ID you must first disable OSPF. After you set the new Router ID, you must re-enable OSPF to have the change take effect. The default value is 0.0.0.0, although this is not a valid Router ID. OSPF Admin Mode* - Select enable or disable from the pulldown menu.
non-default AS-external-LSAs. If you enter 0, the router will not leave Overflow State until restarted. The range is 0 to 2147483647 seconds. Default Metric - Sets a default for the metric of redistributed routes.This field displays the default metric if one has already been set or blank if not configured earlier. The valid values are (1 to 16777215) Maximum Paths - Sets the maximum number of paths that OSPF can report for a given destination. The valid values are (1 to 6).
Configuring Area Selection Criteria Area ID - Select the area to be configured. Configurable Data Import Summary LSAs - Select enable or disable from the pulldown menu. If you select enable summary LSAs will be imported into stub areas. Metric Value - Enter the metric value you want applied for the default route advertised into the stub area. Valid values range from 1 to 16,777,215. Metric Type - Select the type of metric specified in the Metric Value field.
Translator Stability Interval - Enter the translator stability interval of the NSSA. The stability interval is the period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router. Valid values range from 0 to 3600. No-Redistribute Mode - Select enable or disable from the pulldown menu. If you select enable learned external routes will not be redistributed to the NSSA. Non-Configurable Data Area ID - The OSPF area.
Delete Stub Area - Delete the stub area designation. The area will be returned to normal state. Create NSSA - Configure the area ads a NSSA Delete NSSA - Delete the DSSA. The area will e returned to normal state. Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Viewing Stub Area Summary Information Non-Configurable Data Area ID - The Area ID of the Stub area Type of Service - The type of service associated with the stub metric. The switch supports Normal only. Metric Value - Set the metric value you want applied for the default route advertised into the area. Valid values range from 1 to 16,777,215.
LSDB Type - Select the type of Link Advertisement associated with the specified area and address range. The default type is 'Network Summary'. Advertisement - Select enable or disable from the pulldown menu. If you selected enable the address range will be advertised outside the area via a Network Summary LSA. The default is enable. Non-Configurable Data Area ID - The OSPF area. IP address - The IP Address of an address range for the area. Subnet Mask - The Subnet Mask of an address range for the area.
SPF Runs - The number of times that the intra-area route table has been calculated using this area's link-state database. Area Border Router Count - The total number of area border routers reachable within this area. This is initially zero, and is calculated in each SPF Pass. AS Border Router Count - The total number of Autonomous System border routers reachable within this area. This is initially zero, and is calculated in each SPF Pass.
Configuring OSPF Interface Selection Criteria Slot/Port - Select the interface for which data is to be displayed or configured. Configurable Data OSPF Admin Mode* - You may select enable or disable from the pulldown menu. The default value is 'disable.' You can configure OSPF parameters without enabling OSPF Admin Mode, but they will have no effect until you enable Admin Mode.
Retransmit Interval - Enter the OSPF retransmit interval for the specified interface. This is the number of seconds between link-state advertisements for adjacencies belonging to this router interface. This value is also used when retransmitting database descriptions and link-state request packets. Valid values range from 1 to 3600 seconds (1 hour). The default is 5 seconds. Hello Interval - Enter the OSPF hello interval for the specified interface in seconds.
LSA Ack Interval - The number of seconds between LSA Acknowledgment packet transmissions, which must be less than the Retransmit Interval. OSPF Interface Type - The OSPF interface type, which will always be broadcast. State - The current state of the selected router interface. One of: Down - This is the initial interface state. In this state, the lower-level protocols have indicated that the interface is unusable. In this state, interface parameters will be set to their initial values.
Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. Viewing Neighbor Table Information This panel displays the OSPF neighbor table list. When a particular neighbor ID is specified, detailed information about a neighbor is given. The information below will only be displayed if OSPF is enabled.
designated router. The Neighbor IP address is learned when Hello packets are received from the neighbor. For virtual links, the Neighbor IP address is learned during the routing table build process. Neighbor Interface Index - A Slot/Port identifying the neighbor interface index. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch. Configuring OSPF Neighbor This panel displays the OSPF neighbor configuration for a selected neighbor ID.
Down - This is the initial state of a neighbor conversation. It indicates that there has been no recent information received from the neighbor. On NBMA networks, Hello packets may still be sent to "Down" neighbors, although at a reduced frequency. Attempt - This state is only valid for neighbors attached to NBMA networks. It indicates that no recent information has been received from the neighbor, but that a more concerted effort should be made to contact the neighbor.
Viewing OSPF Link State Database Non-Configurable Data Router ID - The 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS). The Router ID is set on the IP Configuration page. If you want to change the Router ID you must first disable OSPF. After you set the new Router ID, you must re-enable OSPF to have the change take effect. The default value is 0.0.0.0, although this is not a valid Router ID.
Checksum - The checksum is used to detect data corruption of an advertisement. This corruption can occur while an advertisement is being flooded, or while it is being held in a router's memory. This field is the checksum of the complete contents of the advertisement, except the LS age field. Options - The Options field in the link state advertisement header indicates which optional capabilities are associated with the advertisement.
Dead Interval - Enter the OSPF dead interval for the specified interface in seconds. This specifies how long a router will wait to see a neighbor router's Hello packets before declaring that the router is down. This parameter must be the same for all routers attached to a network. This value should a multiple of the Hello Interval (e.g. 4). Valid values range from 1 to 2147483647. The default is 40. Iftransit Delay Interval - Enter the OSPF Transit Delay for the specified interface.
network-LSA for the network node. The network- LSA will contain links to all routers (including the Designated Router itself) attached to the network. Backup Designated Router - This router is itself the Backup Designated Router on the attached network. It will be promoted to Designated Router if the present Designated Router fails. The router establishes adjacencies to all other routers attached to the network.
Viewing OSPF Virtual Link Summary Table Non-Configurable Data Area ID - The Area ID portion of the virtual link identification for which data is to be displayed. The Area ID and Neighbor Router ID together define a virtual link. Neighbor Router ID - The neighbor portion of the virtual link identification. Virtual links may be configured between any pair of area border routers having interfaces to a common (non-backbone) area. Hello Interval - The OSPF hello interval for the virtual link in units of seconds.
Configuring OSPF Route Redistribution This screen can be used to configure the OSPF Route Redistribution parameters. The allowable values for each fields are displayed next to the field. If any invalid values are entered, an alert message will be displayed with the list of all the valid values. Configurable Data Configured Source - This select box is a dynamic selector and would be populated by only those Source Routes that have already been configured for redistribute by OSPF.
Viewing OSPF Route Redistribution Summary Information This screen displays the OSPF Route Redistribution Configurations. Non Configurable Data Source - The Source Route to be Redistributed by OSPF. Metric- The Metric of redistributed routes for the given Source Route. Display "Unconfigured" when not configured. Metric Type - The OSPF metric types of redistributed routes. Tag - The tag field in routes redistributed.
8.2.3.4 Managing BOOTP/DHCP Relay Agent Configuring BOOTP/DHCP Relay Agent Configurable Data Maximum Hop Count - Enter the maximum number of hops a client request can take before being discarded. Server IP Address - Enter either the IP address of the BOOTP/DHCP server or the IP address of the next BOOTP/DHCP Relay Agent. Admin Mode - Select enable or disable from the pulldown menu. When you select 'enable' BOOTP/DHCP requests will be forwarded to the IP address you entered in the 'Server IP address' field.
Viewing BOOTP/DHCP Relay Agent Status Non-Configurable Data Maximum Hop Count - The maximum number of Hops a client request can go without being discarded. Server IP Address - IP address of the BOOTP/DHCP server or the IP address of the next BOOTP/DHCP Relay Agent. Admin Mode - Administrative mode of the relay. When you select 'enable' BOOTP/DHCP requests will be forwarded to the IP address you entered in the 'Server IP address' field. Minimum Wait Time - The Minimum time in seconds.
8.2.3.5 Managing DNS Relay Configuring DNS Relay The DNS protocol controls the Domain Name System (DNS), a distributed database with which you can map host names to IP addresses. When you configure DNS on your switch, you can substitute the host name for the IP address with all IP commands, such as ping, telnet, traceroute, and related Telnet support operations.
Configuring Domain Name You can use this panel to change the configuration parameters for the domain names that can be appended to incomplete host names (i.e., host names passed from a client that are not formatted with dotted notation). You can also use this screen to display the contents of the table. Configurable Data Domain - Specifies all the existing domain names along with an additional option "Create".
Configuring Name Server You can use this panel to change the configuration parameters for the domain name servers. You can also use this screen to display the contents of the table. Configurable Data Name Server - Specifies all the existing domain name servers along with an additional option "Create". When the user selects "Create" another text box "IP Address" appears where the user may enter domain name server to be configured. IP Address - Specifies the address of the domain name server.
TTL - The time to live reported by the name server. Flag - The flag of the record. Command Buttons Refresh - Refresh the page with the latest DNS cache entries. Clear All - Clear all entries in the DNS cache. Configuring DNS Host You can use this screen to change the configuration parameters for the static entry in the DNS table. You can also use this screen to display the contents of the table. Configurable Data Domain - Specifies all the existing hosts along with an additional option "Create".
8.2.3.6 Managing Routing Information Protocol (RIP) Configuring RIP Global Configuration Page Configurable Data RIP Admin Mode - Select enable or disable from the pulldown menu. If you select enable RIP will be enabled for the switch. The default is disabled. Split Horizon Mode - Select none, simple or poison reverse from the pulldown menu. Split horizon is a technique for avoiding problems caused by including routes in updates sent to the router from which the route was originally learned.
Viewing Each Routing Interface’s RIP Configuration Page Non-Configurable Data Slot/Port - The slot and port for which the information is being displayed. IP Address - The IP Address of the router interface. Send Version - The RIP version to which RIP control packets sent from the interface conform. The value is one of the following: RIP-1 - RIP version 1 packets will be sent using broadcast. RIP-1c - RIP version 1 compatibility mode. RIP version 2 formatted packets will be transmitted using broadcast.
Defining The Routing Interface’s RIP Configuration Page Selection Criteria Slot/Port - Select the interface for which data is to be configured. Configurable Data Send Version - Select the version of RIP control packets the interface should send from the pulldown menu. The value is one of the following: RIP-1 - send RIP version 1 formatted packets via broadcast. RIP-1c - RIP version 1 compatibility mode. Send RIP version 2 formatted packets via broadcast. RIP-2 - send RIP version 2 packets using multicast.
Encrypt - If you select 'Encrypt' you will be prompted to enter both an authentication key and an authentication ID. Encryption uses the MD5 Message-Digest algorithm. All routers on the network must be configured with the same key and ID. Authentication Key - Enter the OSPF Authentication Key for the specified interface. If you do not choose to use authentication you will not be prompted to enter a key. If you choose 'simple' or 'encrypt' the key may be up to 16 octets long.
Configuring Route Redistribution Configuration This screen can be used to configure the RIP Route Redistribution parameters. The allowable values for each field are displayed next to the field. If any invalid values are entered, an alert message will be displayed with the list of all the valid values. Configurable Data Configured Source - This select box is a dynamic selector and would be populated by only those Source Routes that have already been configured for redistribute by RIP.
Viewing Route Redistribution Configuration This screen displays the RIP Route Redistribution Configurations. Non Configurable Data Source - The Source Route to be Redistributed by RIP. Metric- The Metric of redistributed routes for the given Source Route. Displays "Unconfigured" when not configured. Match - List of Routes redistributed when "OSPF" is selected as Source.
Command Buttons Refresh - Displays the latest RIP Route Redistribution Configuration data. 8.2.3.7 Managing Router Discovery Configuring Router Discovery Selection Criteria Slot/Port - Select the router interface for which data is to be configured. Configurable Data Advertise Mode - Select enable or disable from the pulldown menu. If you select enable, Router Advertisements will be transmitted from the selected interface. Advertise Address - Enter the IP Address to be used to advertise the router.
Viewing Router Discovery Status Non-Configurable Data Slot/Port - The router interface for which data is displayed. Advertise Mode - The values are enable or disable. Enable denotes that Router Discovery is enabled on that interface. Advertise Address - The IP Address used to advertise the router. Maximum Advertise Interval - The maximum time (in seconds) allowed between router advertisements sent from the interface.
8.2.3.8 Managing Route Table Viewing Router Route Table Non-Configurable Data Network Address - The IP route prefix for the destination. Subnet Mask - Also referred to as the subnet/network mask, this indicates the portion of the IP interface address that identifies the attached network. Protocol - This field tells which protocol created the specified route.
OSPF Type-1 OSPF Type-2 RIP BGP4 Next Hop Slot/Port - The outgoing router interface to use when forwarding traffic to the destination. Next Hop IP Address - The outgoing router IP address to use when forwarding traffic to the next router (if any) in the path towards the destination. The next router will always be one of the adjacent neighbors or the IP address of the local interface for a directly attached network. Total Number of Routes - The total number of routes in the route table.
OSPF Type-2 RIP BGP4 Next Hop Slot/Port - The outgoing router interface to use when forwarding traffic to the destination. Next Hop IP Address - The outgoing router IP address to use when forwarding traffic to the next router (if any) in the path towards the destination. The next router will always be one of the adjacent neighbors or the IP address of the local interface for a directly attached network. Total Number of Routes - The total number of routes in the route table.
OSPF Intra OSPF Inter OSPF Type-1 OSPF Type-2 RIP BGP4Local Next Hop Slot/Port - The outgoing router interface to use when forwarding traffic to the destination. Next Hop IP Address - The outgoing router IP address to use when forwarding traffic to the next router (if any) in the path towards the destination. The next router will always be one of the adjacent neighbors or the IP address of the local interface for a directly attached network.
Preference - Specifies a preference value for the configured next hop. Command Buttons Add Route - Go to a separate page where a route can be created. Configuring Router Route Preference Use this panel to configure the default preference for each protocol (e.g. 60 for static routes, 170 for BGP). These values are arbitrary values in the range of 1 to 255 and are independent of route metrics.
Local - This field displays the local route preference value. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. 8.2.3.9 Managing VLAN Routing Configuring VLAN Routing Selection Criteria VLAN ID - Enter the ID of a VLAN you want to configure for VLAN Routing. Initially, the field will display the ID of the first VLAN.
Instructions for creating a VLAN Enter a new VLAN ID in the field labeled VLAN ID. Click on the Create button. The page will be updated to display the interface and MAC address assigned to this new VLAN. The IP address and Subnet Mask fields will be 0.0.0.0. Note the interface assigned to the VLAN. Use the index pane to change to the IP Interface Configuration page. Select the interface assigned to the VLAN. The IP address and Subnet Mask fields will be 0.0.0.0.
8.2.3.10 Managing VRRP Configuring VRRP Configurable Data VRRP Admin Mode - This sets the administrative status of VRRP in the router to active or inactive. Select enable or disable from the pulldown menu. The default is disable. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Slot/Port - This field is only configurable if you are creating new Virtual Router, in which case select the Slot/Port for the new Virtual Router from the pulldown menu. Pre-empt Mode - Select enable or disable from the pulldown menu. If you select enable a backup router will preempt the master router if it has a priority greater than the master virtual router's priority provided the master is not the owner of the virtual router IP address. The default is enable.
Viewing Virtual Router Status Non-Configurable Data VRID - Virtual Router Identifier. Slot/Port - Indicates the interface associate with the VRID. Priority - The priority value used by the VRRP router in the election for the master virtual router. Pre-empt Mode Enable - if the Virtual Router is a backup router it will preempt the master router if it has a priority greater than the master virtual router's priority provided the master is not the owner of the virtual router IP address.
Owner - Set to 'True' if the Virtual IP Address and the Interface IP Address are the same, otherwise set to 'False'. If this parameter is set to 'True', the Virtual Router is the owner of the Virtual IP Address, and will always win an election for master router when it is active. VMAC Address - The virtual MAC Address associated with the Virtual Router, composed of a 24 bit organizationally unique identifier, the 16 bit constant identifying the VRRP address block and the 8 bit VRID.
Router Checksum Errors - The total number of VRRP packets received with an invalid VRRP checksum value. Router Version Errors - The total number of VRRP packets received with an unknown or unsupported version number. Router VRID Errors - The total number of VRRP packets received with an invalid VRID for this virtual router. VRID - the VRID for the selected Virtual Router. Slot/Port - The Slot/Port for the selected Virtual Router.
Refresh - Refresh the data on the screen with the present state of the data in the switch. 8.2.4 Security Menu 8.2.4.1 Managing Access Control (802.1x) Defining Access Control Page Configurable Data Administrative Mode - This selector lists the two options for administrative mode: enable and disable. The default value is disabled.
Command Buttons Submit - Sends the updated screen to the switch and causes the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is performed. Configuring each Port Access Control Configuration Page Selection Criteria Port - Selects the port to be configured. When the selection is changed, a screen refresh will occur causing all fields to be updated for the newly selected port. All physical interfaces are valid.
Maximum Requests - This input field allows the user to enter the maximum requests for the selected port. The maximum requests value is the maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request/Identity before timing out the supplicant. The maximum requests value must be in the range of 1 to 10. The default value is 2. Changing the value will not change the configuration until the Submit button is pressed.
Port - Selects the port to be displayed. When the selection is changed, a screen refresh will occur causing all fields to be updated for the newly selected port. All physical interfaces are valid. Non-Configurable Data Control Mode - Displays the configured control mode for the specified port.
"Initialize" "Disconnected" "Connecting" "Authenticating" "Authenticated" "Aborting" "Held" "ForceAuthorized" "ForceUnauthorized". Backend State - This field displays the current state of the backend authentication state machine. Possible values are: "Request" "Response" "Success" "Fail" "Timeout" "Initialize" "Idle" Command Buttons Refresh - Update the information on the page.
Viewing Access Control Summary Page Non-Configurable Data Port - Specifies the port whose settings are displayed in the current table row. Control Mode - This field indicates the configured control mode for the port. Possible values are: Force Unauthorized: The authenticator port access entity (PAE) unconditionally sets the controlled port to unauthorized. Force Authorized: The authenticator PAE unconditionally sets the controlled port to authorized.
Viewing each Port Access Control Statistics Page Selection Criteria Port - Selects the port to be displayed. When the selection is changed, a screen refresh will occur causing all fields to be updated for the newly selected port. All physical interfaces are valid. Non-Configurable Data EAPOL Frames Received - This displays the number of valid EAPOL frames of any type that have been received by this authenticator.
Last EAPOL Frame Source - This displays the source MAC address carried in the most recently received EAPOL frame. EAP Response/Id Frames Received - This displays the number of EAP response/identity frames that have been received by this authenticator. EAP Response Frames Received - This displays the number of valid EAP response frames (other than resp/id frames) that have been received by this authenticator.
Configurable Data Login - Selects the login to apply to the specified user. All configured logins are displayed. Command Buttons Submit - Sends the updated screen to the switch and causes the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is performed. Refresh - Update the information on the page. Defining each Port Access Privileges Page Selection Criteria Port - Selects the port to configure.
Port - Displays the port in Slot/Port format. Users - Displays the users that have access to the port. Command Buttons Refresh - Update the information on the page. 8.2.4.2 Managing RADIUS Configuring RADIUS Configuration Page Configurable Data Max Number of Retransmits - The value of the maximum number of times a request packet is retransmitted. The valid range is 1 - 15. Consideration to maximum delay time should be given when configuring RADIUS maxretransmit and RADIUS timeout.
sum of (retransmit times timeout) for all configured servers. If the RADIUS request was generated by a user login attempt, all user interfaces will be blocked until the RADIUS application returns a response. Timeout Duration (secs) - The timeout value, in seconds, for request retransmissions. The valid range is 1 - 30. Consideration to maximum delay time should be given when configuring RADIUS maxretransmit and RADIUS timeout.
Configuring RADIUS Server Configuration Page Selection Criteria RADIUS Server IP Address - Selects the RADIUS server to be configured. Select add to add a server. Configurable Data IP Address - The IP address of the server being added. Port - The UDP port used by this server. The valid range is 0 - 65535. Secret - The shared secret for this server. This is an input field only. Apply - The Secret will only be applied if this box is checked.
RADIUS Server IP Address - Selects the IP address of the RADIUS server for which to display statistics. Non-Configurable Data Round Trip Time (secs) - The time interval, in hundredths of a second, between the most recent Access-Reply/Access-Challenge and the Access-Request that matched it from this RADIUS authentication server. Access Requests - The number of RADIUS Access-Request packets sent to this server. This number does not include retransmissions.
Defining RADIUS Accounting Server Configuration Page Selection Criteria Accounting Server IP Address - Selects the accounting server for which data is to be displayed or configured. If the add item is selected, a new accounting server can be configured. Configurable Data IP Address - The IP address of the accounting server to add. This field is only configurable if the add item is selected. Port - Specifies the UDP Port to be used by the accounting server. The valid range is 0 - 65535.
Viewing RADIUS Accounting Server Statistics Page Non-Configurable Statistics Accounting Server IP Address - Identifies the accounting server associated with the statistics. Round Trip Time (secs) - Displays the time interval, in hundredths of a second, between the most recent Accounting-Response and the Accounting-Request that matched it from this RADIUS accounting server. Accounting Requests - Displays the number of RADIUS Accounting-Request packets sent not including retransmissions.
Resetting All RADIUS Statistics Page Command Buttons Clear All RADIUS Statistics - This button will clear the accounting server, authentication server, and RADIUS statistics. 8.2.4.3 Defining TACACS Configuration Configuring TACACS Configuration Page Use this menu to configure the parameters for TACACS+, which is used to verify the login user's authentication. Note that only a user with Read/Write access privileges may change the data on this screen. Configurable Data Authen.
Authen. Port - The TCP port number of TACACS+. Server Time Out - Timeout value of TACACS+ packet transmit. Retry Count - Retry count after transmit timeout. Status - The TACACS+ server status which are "disable”, “master" and "slave". Share Secret - The key only transmit between TACACS+ client and server.. Command Buttons Submit - Send the updated screen to the switch. Changes take effect on the switch but these changes will not be retained across a power cycle unless a save is performed.
Command Buttons Submit - Send the updated screen to the switch. Changes take effect on the switch but these changes will not be retained across a power cycle unless a save is performed. 8.2.4.5 Defining Secure Http Configuration Secure HTTP Configuration Page Configurable Data Admin Mode - This field is used to enable or disable the Administrative Mode of Secure HTTP. The currently configured value is shown when the web page is displayed. The default value is disabled.
8.2.4.6 Defining Secure Shell Configuration Configuring Secure Shell Configuration Page Configurable Data Admin Mode - This select field is used to Enable or Disable the administrative mode of SSH. The currently configured value is shown when the web page is displayed. The default value is Disable. SSH Version 1 - This select field is used to Enable or Disable Protocol Level 1 for SSH. The currently configured value is shown when the web page is displayed. The default value is Enable.
8.2.5 QOS Menu 8.2.5.1 Managing Access Control Lists Configuring IP Access Control List Configuration Page An IP ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. On this menu the interfaces to which an IP ACL applies must be specified, as well as whether it applies to inbound traffic.
Viewing IP Access Control List Summary Page Non-Configurable Data IP ACL ID - The IP ACL identifier. Rules - The number of rules currently configured for the IP ACL. Direction - The direction of packet traffic affected by the IP ACL. Direction can only be: Inbound Slot/Port(s) - The interfaces to which the IP ACL applies. Command Buttons Refresh - Refresh the data on the screen to the latest state.
Selection Criteria IP ACL ID - Use the pulldown menu to select the IP ACL for which to create or update a rule. Rule - Select an existing rule from the pulldown menu, or select 'Create New Rule.' ACL as well as an option to add a new Rule. New rules cannot be created if the maximum number of rules has been reached. For each rule, a packet must match all the specified criteria in order to be true against that rule and for the specified rule action (Permit/Deny) to take place.
Destination IP Address - Enter an IP address using dotted-decimal notation to be compared to a packet's destination IP Address as a match criteria for the selected extended IP ACL rule. Destination IP Mask - Specify the IP Mask in dotted-decimal notation to be used with the Destination IP Address value. Destination L4 Port Keyword - Specify the destination layer 4 port match conditions for the selected extended IP ACL rule.
Configuring MAC Access Control List Configuration Page A MAC ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. On this menu the interfaces to which an MAC ACL applies must be specified, as well as whether it applies to inbound or outbound traffic.
Viewing MAC Access Control List Summary Page Non-Configurable Data MAC ACL Name - MAC ACL identifier. Rules - The number of rules currently configured for the MAC ACL. Direction - The direction of packet traffic affected by the MAC ACL. Valid Directions Inbound Slot/Port - The interfaces to which the MAC ACL applies. Command Buttons Refresh - Refresh the data on the screen to the latest state.
Configurable Data Rule - Enter a whole number in the range of (1 to 8) that will be used to identify the rule. Action - Specify what action should be taken if a packet matches the rule's criteria. The choices are permit or deny. Assign Queue ID - Specifies the hardware egress queue identifier used to handle all packets matching this ACL rule. Valid range of Queue Ids is (0 to 6).
Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. Delete - Remove the currently selected Rule from the selected ACL. These changes will not be retained across a power cycle unless a save configuration is performed.
number. If the sequence number is not specified by the user, a sequence number that is one greater than the highest sequence number currently in use for this interface and direction will be used. Valid range is (1 to 4294967295). Non-Configurable Data Slot/Port - Displays selected interface. Direction - Displays selected packet filtering direction for ACL. ACL Type - Displays the type of ACL assigned to selected interface and direction.
on a per-class instance basis, and it is these attributes that are applied when a match occurs. The configuration process begins with defining one or more match criteria for a class. Then one or more classes are added to a policy. Policies are then added to interfaces. Packet processing begins by testing the match criteria for a packet. The 'all' class type option defines that each match criteria within a class must evaluate to true for a packet to match that class.
Class Selector - Along with an option to create a new class, this lists all the existing DiffServ class names, from which one can be selected. The content of this screen varies based on the selection of this field. If an existing class is selected then the screen will display the configured class. If '--create--' is selected, another screen appears to facilitate creation of a new class. The default is the first class created. If no classes exist, the default is '--create--'.
Class Type - Displays types of the configured classes as 'all', 'any', or 'acl'. Class types are platform dependent. Reference Class/ACL Number - Displays name of the configured class of type 'all' or 'any' referenced by the specified class of the same type. For the specified class type of 'acl', the ACL number attached to the specified class is displayed.
Viewing DiffServ Policy Summary Page Non-Configurable Data Policy Name - Displays name of the DiffServ policy. Policy Type - Displays type of the policy as 'In'. Member Classes - Displays name of each class instance within the policy. Configuring DiffServ Policy Class Definition Page Selection Criteria Policy Selector - This lists all the existing DiffServ policy names, from which one can be selected.
Viewing DiffServ Policy Attribute Summary Page Non-Configurable Data Policy Name - Displays name of the specified DiffServ policy. Policy Type - Displays type of the specified policy as 'In’ or 'Out'. Class Name - Displays name of the DiffServ class to which this policy is attached. Attribute - Displays the attributes attached to the policy class instances. Attribute Details - Displays the configured values of the attached attributes. Command Buttons Refresh - Refresh the displayed data.
Slot/Port - Shows the Slot/Port that uniquely specifies an interface. Direction - Shows the traffic direction of this service interface. Oper. Status - Shows the operational status of this service interface, either Up or Down. Policy Name - Shows the name of the attached policy. Viewing DiffServ Service Summary Page Non-Configurable Data Slot/Port - Shows the Slot/Port that uniquely specifies an interface. Direction - Shows the traffic direction of this service interface, either In or Out. Oper.
Viewing DiffServ Service Detailed Statistics Page This screen displays class-oriented statistical information for the policy, which is specified by the interface and direction. The 'Member Classes' drop down list is populated on the basis of the specified interface and direction and hence the attached policy (if any). Highlighting a member class name displays the statistical information for the policy-class instance for the specified interface and direction.
8.2.5.3 Configuring Diffserv Wizard Page Operation The DiffServ Wizard enables DiffServ on the switch by creating a traffic class, adding the traffic class to a policy, and then adding the policy to the ports selected on DiffServ Wizard page. The DiffServ Wizard will: Create a DiffServ Class and define match criteria used as a filter to determine if incoming traffic meets the requirements to be a member of the class.
8.2.5.4 Managing Class of Service Managing Table Configuration Page Selection Criteria Slot/Port - Specifies all CoS configurable interfaces. The option "Global" represents the most recent global configuration settings. These may be overridden on a per-interface basis. Configurable Data Interface Trust Mode - Specifies whether or not to trust a particular packet marking at ingress.
Non-IP Traffic Class - Displays traffic class (i.e. queue) to which all non-IP traffic is directed when in 'trust ip-precedence' or 'trust ip-dscp' mode. Valid Range is (0 to 6). 802.1p Priority - Displays the 802.1p priority to be mapped. IP Precedence Value - Displays IP Precedence value. Valid Range is (0 to 7). Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately.
Slot/Port - Specifies all CoS configurable interfaces. The option "Global" represents the most recent global configuration settings. These may be overridden on a per-interface basis. Configurable Data Interface Shaping Rate - Specifies the maximum bandwidth allowed, typically used to shape the outbound transmission rate. This value is controlled independently of any per-queue maximum bandwidth configuration. It is effectively a second-level shaping mechanism. Default value is 0.
Scheduler Type - Specifies the type of scheduling used for this queue. Scheduler Type can only be one of the following: strict weighted Default value is weighted. Queue Management Type - Queue depth management technique used for queues on this interface. This is only used if device supports independent settings per-queue. Queue Management Type can only be: taildrop Default value is taildrop.
Minimum Bandwidth - Specifies the minimum guaranteed bandwidth allotted to this queue. The value 0 means no guaranteed minimum. Sum of individual Minimum Bandwidth values for all queues in the selected interface cannot exceed defined maximum (100). Scheduler Type - Specifies the type of scheduling used for this queue. Scheduler Type can only be one of the following: strict weighted Queue Management Type - Queue depth management technique used for queues on this interface.
Non-Configurable Data Version - The current value of the DVMRP version string. Total Number of Routes - The number of routes in the DVMRP routing table. Reachable Routes - The number of routes in the DVMRP routing table that have a non-infinite metric. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Viewing DVMRP Configuration Summary Selection Criteria o Slot/Port - Select the interface for which data is to be displayed. You must configure at least one router interface before you can display data for a DVMRP interface. Otherwise you will see a message telling you that no router interfaces are available, and the configuration summary screen will not be displayed. Non-Configurable Data Interface Mode - The administrative mode of the selected DVMRP routing interface, either enable or disable.
Neighbor Expiry Time - The DVMRP expiry time for the specified neighbor on the selected interface. This is the time left before this neighbor entry will age out, and is not applicable if the neighbor router's state is down. Generation ID - The DVMRP generation ID for the specified neighbor on the selected interface. Major Version - The DVMRP Major Version for the specified neighbor on the selected interface. Minor Version - The DVMRP Minor Version for the specified neighbor on the selected interface.
Viewing DVMRP Next Hop Configuration Summary Non-Configurable Data Source IP - The IP address used with the source mask to identify the source network for this table entry. Source Mask - The network mask used with the source IP address. Next Hop Interface - The outgoing interface for this next hop. Type - The next hop type. 'Leaf' means that no downstream dependent neighbors exist on the outgoing interface. Otherwise, the type is 'branch'.
Viewing DVMRP Prune Summary Non-Configurable Data Group IP - The group address which has been pruned. Source IP - The address of the source or source network which has been pruned. Source Mask - The subnet mask to be combined with the source IP address to identify the source or source network which has been pruned. Expiry Time - The amount of time remaining before this prune should expire at the upstream neighbor.
Source Mask - The subnet mask to be combined with the source address to identify the sources for this entry. Upstream Neighbor - The address of the upstream neighbor (e.g., RPF neighbor) from which IP datagrams from these sources are received. Interface - The interface on which IP datagrams sent by these sources are received. A value of 0 typically means the route is an aggregate for which no next-hop interface exists. Metric - The distance in hops to the source subnet.
Configuring IGMP Interface Configuration Page Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed or configured from the pulldown menu. Slot 0 is the base unit. You must have configured at least one router interface before configuring or displaying data for an IGMP interface, otherwise an error message will be displayed. Configurable Data Interface Mode - Select enable or disable from the pulldown menu to set the administrative status of IGMP on the selected interface.
Command Buttons Submit - Send the updated configuration to the router. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. Viewing IGMP Configuration Summary Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed. Slot 0 is the base unit. Non-Configurable Data Interface Mode - The administrative status of IGMP on the selected interface. IP Address - The IP address of the selected interface.
Query Max Response Time - The maximum query response time advertised in IGMPv2 queries sent from the selected interface. Robustness - The robustness parameter for the selected interface. This variable allows tuning for the expected packet loss on a subnet. If a subnet is expected to be lossy, the robustness variable may be increased. IGMP is robust to (robustness variable-1) packet losses. Startup Query Interval - The interval at which startup queries are sent on the selected interface.
Viewing IGMP Cache Information Selection Criteria Slot/Port - Select the Slot and port for which data is to be displayed. Slot 0 is the base unit. Multicast Group IP - Select the IP multicast group address for which data is to be displayed. If no group membership reports have been received on the selected interface you will not be able to make this selection, and none of the non-configurable data will be displayed.
Version 1 Host Timer - The time remaining until the local router will assume that there are no longer any IGMP version 1 members on the IP subnet attached to this interface. When an IGMPv1 membership report is received, this timer is reset to the group membership timer. While this timer is non-zero, the local router ignores any IGMPv2 leave messages for this group that it receives on the selected interface. This field is displayed only if the interface is configured for IGMP version 1.
Source Filter Mode - The source filter mode (Include/Exclude/NA) for the specified group on this interface. Source Hosts - This parameter shows source addresses which are members of this multicast address. Expiry Time - This parameter shows expiry time interval against each source address which are members of this multicast group. This is the amount of time after which the specified source entry is aged out. 8.2.6.
Configuring Interface’s Multicast Configuration Page Selection Criteria Slot/Port - Select the routing interface you want to configure from the dropdown menu. Configurable Data TTL Threshold - Enter the TTL threshold below which a multicast data packet will not be forwarded from the selected interface. You should enter a number between 0 and 255. If you enter 0 all multicast packets for the selected interface will be forwarded. You must configure at least one router interface before you will see this field.
Source IP - Enter the IP address of the multicast packet source to be combined with the Group IP to fully identify a single route whose Mroute table entry you want to display or clear. You may leave this field blank. Group IP - Enter the destination group IP address whose multicast route(s) you want to display or clear. Non-Configurable Data Incoming Interface - The incoming interface on which multicast packets for this source/group arrive.
Configurable Data Source IP - Enter the IP Address that identifies the multicast packet source for the entry you are creating. Source Mask - Enter the subnet mask to be applied to the Source IP address. RPF Neighbor - Enter the IP address of the neighbor router on the path to the source. Metric - Enter the link state cost of the path to the multicast source. The range is 0 - 255 and the default is one. You can change the metric for a configured route by selecting the static route and editing this field.
Configuring Multicast Admin Boundary Configuration Page The definition of an administratively scoped boundary is a mechanism is a way to stop the ingress and egress of multicast traffic for a given range of multicast addresses on a given routing interface. Selection Criteria Group IP - Select 'Create Boundary' from the pulldown menu to create a new admin scope boundary, or select one of the existing boundary specifications to display or update its configuration.
Slot/Port - The router interface to which the administratively scoped address range is applied. Group IP - The multicast group address for the start of the range of addresses to be excluded. Group Mask - The mask that is applied to the multicast group address. The combination of the mask and the Group IP gives the range of administratively scoped addresses for the selected interface. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the router. 8.2.6.
Non-Configurable Data Router Interface - The IP address of the router interface for which configuration information was requested. Neighboring router's IP Address - The IP address of the neighboring router. Metric - The routing metric for this router. TTL Threshold - The time-to-live threshold on this hop. Flags - The flags indicating whether the router is an IGMP querier or whether or not it has neighbors (leaf router).
Viewing Mstat Summary Page This screen is used to display the results of an mstat command. Non-Configurable Data This screen shows the path taken by multicast traffic between the specified IP addresses. Forward data flow is indicated by arrows pointing downward and the query path is indicated by arrows pointing upward.
Admin Mode - Select enable or disable from the pulldown menu. If you select enable the router will process and forward mtrace requests received from other routers, otherwise received mtrace requests will be discarded. This field is non-configurable for read-only users. Command Buttons Submit - Send the updated configuration to the router. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
Viewing Mtrace Summary Page This screen displays the results of an mtrace command. The mtrace command is used to trace the path from source to a destination branch for a multicast distribution tree. Non-Configurable Data Number of hops away from destination - The number of hops away from the destination. IP address of intermediate router - The IP address of the intermediate router in the path being traced between source and destination for the hop number in the previous field.
Configuring Interface’s PIM-DM Configuration Page Selection Criteria Slot/Port - Select the Slot and port for which data is to be displayed or configured. Slot 0 is the base unit. You must have configured at least one router interface before configuring or displaying data for a PIM-DM interface, otherwise an error message will be displayed. Configurable Data Interface Mode - Select enable or disable from the pulldown menu to set the administrative status of PIM-DM for the selected interface.
Protocol State - The operational state of the PIM-DM protocol on this interface. Hello Interval - The frequency at which PIM hello messages are transmitted on the selected interface. IP Address - The IP address of the selected interface. Neighbor Count - The number of PIM neighbors on the selected interface. Designated Router - The designated router on the selected PIM interface. For point- to-point interfaces, this will be 0.0.0.0.
Data Threshold Rate - Enter the minimum source data rate in K bits/second above which the last-hop router will switch to a source-specific shortest path tree. The valid values are from (0 to 2000 K bits/sec) . The default value is 50. Register Threshold Rate - Enter the minimum source data rate in K bits/second above which the Rendezvous Point router will switch to a source-specific shortest path tree. The valid values are from (0 to 2000 K bits/sec) . The default value is 50.
Configuring Interface’s PIM-SM Configuration Page Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed or configured. Slot 0 is the base unit. Configurable Data Mode - Select enable or disable from the pulldown menu to set the administrative status of PIM-SM in the router. The default is disable. Hello Interval - Enter the time in seconds between the transmission of which PIM Hello messages on this interface. The valid values are from (10 to 3600 secs) .
Protocol State - The operational state of the PIM-SM protocol on this interface. IP Address - The IP address of the selected PIM interface. Net Mask - The network mask for the IP address of the selected PIM interface. Designated Router - The Designated Router on the selected PIM interface. For point-to- point interfaces, this object has the value 0.0.0.0. Hello Interval - The frequency at which PIM Hello messages are transmitted on the selected interface.
Component Index - Unique number identifying the component index. Component BSR Address - Displays the IP address of the bootstrap router (BSR) for the local PIM region. Component BSR Expiry Time - Displays the minimum time remaining before the bootstrap router in the local domain will be declared. Component CRP Hold Time - The hold time of the component when it is a candidate Rendezvous Point in the local domain.
Group Address - The group address transmitted in Candidate-RP-Advertisements. Group Mask - The group address mask transmitted in Candidate-RP-Advertisements to fully identify the scope of the group which the router will support if elected as a Rendezvous Point. Address - Displays the unicast address of the interface which will be advertised as a Candidate RP. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the router.
