AT8402 CLI Reference Manual AdvancedTCA M5306_TECH_2 2.
Revision History Publication Title: AT8402 CLI Reference Manual ID Number: M5306_TECH_2 Rev. Index Brief Description of Changes Date of Issue 2.00 First Release for AT8402 12 Feb., 2007 2.01 Clock commands added 16 May, 2007 2.02 Remove BCM5650x references in chapter QoS, acl commands rework, change copy command parameter 16 June, 2007 Imprint Kontron AG may be contacted via the following: North America Tel: EMEA Kontron Canada, Inc.
AT8402 Table of Content Revision History .........................................................................................................ii Imprint ........................................................................................................................ii Disclaimer ..................................................................................................................ii About This Book .......................................................................................
AT8402 Chapter 2. 2 Switching Commands ..................................................................................2 - 2 2.1 Port Configuration Commands ................................................................2 - 2 2.1.1 interface ..........................................................................................2 - 2 2.1.2 auto-negotiate .................................................................................2 - 2 2.1.3 auto-negotiate all ...................................
AT8402 2.3.1 vlan database ............................................................................... 2 - 17 2.3.2 network mgmt_vlan ....................................................................... 2 - 18 2.3.3 vlan ............................................................................................... 2 - 18 2.3.4 vlan acceptframe .......................................................................... 2 - 18 2.3.5 vlan ingressfilter ..................................................
AT8402 2.7.3 set garp timer leaveall ...................................................................2 - 33 2.7.4 show garp ......................................................................................2 - 33 2.8 GVRP Commands .................................................................................2 - 34 2.8.1 set gvrp adminmode ......................................................................2 - 34 2.8.2 set gvrp interfacemode ......................................................
AT8402 2.11.12 storm-control unicast all level ....................................................... 2 - 50 2.11.13 storm-control flowcontrol ............................................................... 2 - 51 2.11.14 show storm-control ....................................................................... 2 - 51 2.12 Port-Channel/LAG (802.3ad) Commands ............................................. 2 - 52 2.12.1 port-channel ............................................................................
AT8402 2.16.4 port-security mac-address .............................................................2 - 67 2.16.5 port-security mac-address move ...................................................2 - 68 2.16.6 show port-security .........................................................................2 - 68 2.16.7 show port-security dynamic ...........................................................2 - 68 2.16.8 show port-security static ................................................................
AT8402 3.1.3 classofservice trust ......................................................................... 3 - 3 3.1.4 cos-queue min-bandwidth ............................................................... 3 - 3 3.1.5 cos-queue strict .............................................................................. 3 - 4 3.1.6 traffic-shape .................................................................................... 3 - 4 3.1.7 show classofservice dot1p-mapping ......................................
AT8402 3.7 MAC Access Control List (ACL) Commands .........................................3 - 20 3.7.1 mac access-list extended ..............................................................3 - 21 3.7.2 mac access-list extended rename .................................................3 - 21 3.7.3 {deny | permit} ...............................................................................3 - 21 3.7.4 mac access-group .........................................................................3 - 22 3.7.
AT8402 4.3.9 show sysinfo ................................................................................. 4 - 16 4.3.10 show tech-support ........................................................................ 4 - 17 4.3.11 show boardinfo post-status ........................................................... 4 - 17 4.3.12 show boardinfo sensors ................................................................ 4 - 17 4.3.13 show boardinfo event-log ........................................................
AT8402 4.5.14 reload ............................................................................................4 - 26 4.5.15 copy ...............................................................................................4 - 26 4.6 Keying for Advanced Features ..............................................................4 - 27 4.6.1 license advanced ..........................................................................4 - 27 4.6.2 show key-features ...............................................
AT8402 4.8.28 show ip dhcp conflict ..................................................................... 4 - 41 4.9 DHCP Filtering ...................................................................................... 4 - 42 4.9.1 ip dhcp filtering .............................................................................. 4 - 42 4.9.2 ip dhcp filtering trust ...................................................................... 4 - 42 4.9.3 show ip dhcp filtering ......................................
AT8402 5.3.5 session-limit ....................................................................................5 - 8 5.3.6 session-timeout ...............................................................................5 - 8 5.3.7 telnetcon maxsessions ....................................................................5 - 8 5.3.8 telnetcon timeout .............................................................................5 - 9 5.3.9 disconnect .............................................................
AT8402 5.7 CLI Command Logging Command ........................................................ 5 - 23 5.7.1 logging cli-command ..................................................................... 5 - 23 5.8 RADIUS Commands ............................................................................. 5 - 23 5.8.1 radius accounting mode ................................................................ 5 - 24 5.8.2 radius server host .........................................................................
AT8402 5.15.1 set board storage connect .............................................................5 - 36 5.15.2 show boardinfo storage .................................................................5 - 37 5.15.3 set board sasexp program ............................................................5 - 37 5.15.4 show board sasexp program .........................................................5 - 37 5.16 Clock Support Commands .....................................................................
AT8402 Preface About This Book This document describes configuration commands for FASTPATH® software. The commands can be accessed from the CLI. Why the Document was Created This document was created primarily for system administrators configuring and operating a system using FASTPATH software. It is intended to provide an understanding of the configuration options of FASTPATH software.
Preface AT8402 names, company logos and trademarks, which are registered trademarks and, therefore, proprietary to their respective owners. Environmental Protection Statement This product has been manufactured to satisfy environmental protection requirements where possible. Many of the components used (structural parts, printed circuit boards, connectors, batteries, etc.) are capable of being recycled.
AT8402 Preface Your new Kontron product was developed and tested carefully to provide all features necessary to ensure its compliance with electrical safety requirements. It was also designed for a long fault-free life. However, the life expectancy of your product can be drastically reduced by improper treatment during unpacking and installation.
Preface AT8402 This device should only be installed in or connected to systems that fulfill all necessary technical and specific environmental requirements. This applies also to the operational temperature range of the specific board version, which must not be exceeded. If batteries are present their temperature restrictions must be taken into account. In performing all necessary installation and application operations, please follow only the instructions supplied by the present manual.
AT8402 Preface any particular application or purpose. As a result, the products are sold “as is,” and the responsibility to ensure their suitability for any given task remains that of the purchaser.
Preface AT8402 CLI Reference Manual AT8402 Page xxii
AT8402 Chapter 1 Using the Command-Line Interface Page 1 - 1 AT8402 CLI Reference Manual
Using the Command-Line Interface 1. AT8402 Using the Command-Line Interface The command-line interface (CLI) is a text-based way to manage and monitor the system. You can access the CLI by using a direct serial connection or by using a remote logical connection with telnet or SSH. This chapter describes the CLI syntax, conventions, and modes. It contains the following sections: • • • • • • • 1.1 1.1 “Command Syntax” on page 1 - 2 1.2 “Command Conventions” on page 1 - 2 1.
AT8402 Using the Command-Line Interface The parameters for a command might include mandatory values, optional values, or keyword choices. Table 4.1 describes the conventions this document uses to distinguish between value types. Table 4.1. Parameter Conventions Symbol 1.2.1 Example Description <> angle brackets Indicates that you must enter a value in place of the brackets and text inside them.
Using the Command-Line Interface AT8402 Table 4.2. Parameter Descriptions Parameter 1.3 Description Interface or slot/port Valid slot and port number separated by forward slashes. For example, 0/1 represents slot number 0 and port number 1. Logical Interface Represents a Logical slot and port number.. This is applicable in the case of a port-channel (LAG). You can use the logical slot/port to configure the port-channel.
AT8402 1.4 Using the Command-Line Interface Using the “No” Form of a Command The no keyword is a specific form of an existing command and does not represent a new or distinct command. Almost every configuration command has a no form. In general, use the no form to reverse the action of a command or reset a value back to the default. For example, the no shutdown configuration command reverses the shutdown of an interface.
Using the Command-Line Interface AT8402 Table 4.5. CLI Command Modes Command Mode Prompt Mode Description Line Config Switch (line)# Allows you to configure various telnet settings and the console interface. Policy Map Config Switch (Config-policy-map)# Allows you to access the QoS Policy-Map configuration mode to configure the QoS Policy-Map. Policy Class Config Switch (Config-policy-classmap)# Consists of class creation, deletion, and matching commands.
AT8402 Using the Command-Line Interface Table 4.6. CLI Mode Access and Exit Command Mode Interface Config Access Method From the Global Config mode, enter interface or interface loopback or interface tunnel or Line Config From the Global Config mode, enter lineconfig. To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z. To exit to the Global Config mode, enter exit. To return to the Privileged EXEC mode, enter Ctrl-Z.
Using the Command-Line Interface 1.5.2 AT8402 CLI Error Messages If you enter a command and the system is unable to execute it, an error message appears. Table 4.7 describes the most common CLI error messages. Table 4.7. CLI Error Messages Message Text 1.5.3 Description % Invalid input detected at '^' marker. Indicates that you entered an incorrect or unavailable command. The carat (^) shows where the invalid text is detected.
AT8402 1.6 Using the Command-Line Interface Using CLI Help Enter a question mark (?) at the command prompt to display the commands available in the current mode. (switch) >? enable help logout ping address. quit show telnet Enter into user privilege mode. Display help for various special keys. Exit this session. Any unsaved changes are lost. Send ICMP echo packets to a specified IP Exit this session. Any unsaved changes are lost. Display Switch Options and Settings. Telnet to a remote host.
Using the Command-Line Interface AT8402 CLI Reference Manual Page 1 - 10 AT8402
AT8402 Chapter 21 Switching Commands Page 2 - 1 AT8402 CLI Reference Manual
Switching Commands 2. AT8402 Switching Commands This chapter describes the switching commands available in the CLI. The Switching Commands chapter includes the following sections: • • • • • • • • • • • • • • • • • • 2.1 “Port Configuration Commands” on page 2 - 2 2.2 “Spanning Tree Protocol (STP) Commands” on page 2 - 6 2.3 “VLAN Commands” on page 2 - 17 2.4 “Double VLAN Commands” on page 2 - 28 2.5 “Provisioning (IEEE 802.1p) Commands” on page 2 - 29 2.6 “Protected Ports Commands” on page 2 - 30 2.
AT8402 Switching Commands Mode 2.1.2.1 Interface Config no auto-negotiate This command disables automatic negotiation on a port. NOTE: Automatic sensing is disabled when automatic negotiation is disabled. 2.1.3 Format no auto-negotiate Mode Interface Config auto-negotiate all This command enables automatic negotiation on all ports. 2.1.3.1 Default enabled Format auto-negotiate all Mode Global Config no auto-negotiate all This command disables automatic negotiation on all ports. 2.1.
Switching Commands Mode 2.1.6 AT8402 Interface Config shutdown This command disables a port. NOTE: You can use the shutdown command on physical and port-channel (LAG) interfaces, but not on VLAN routing interfaces. 2.1.6.1 Default enabled Format shutdown Mode Interface Config no shutdown This command enables a port. 2.1.7 Format no shutdown Mode Interface Config shutdown all This command disables all ports.
AT8402 2.1.9 Switching Commands speed all This command sets the speed and duplex setting for all interfaces. Format speed all Mode Global Config {<100 | 10> } Acceptable values are: 2.1.10 100h 100BASE-T half-duplex 100f 100BASE-T full duplex 10h 10BASE-T half duplex 10f 10BASE-T full duplex block This command sets a port in blocking mode. A blocking port will not receive or forward data frames.
Switching Commands AT8402 Physical Mode The desired port speed and duplex mode. If auto-negotiation support is selected, then the duplex mode and speed is set from the auto-negotiation process. Note that the maximum capability of the port (full duplex -100M) is advertised. Otherwise, this object determines the port's duplex mode and transmission rate. The factory default is Auto. Physical Status The port speed and duplex mode. 2.1.12 Link Status The Link is up or down.
AT8402 2.2.2 Switching Commands Format no spanning-tree Mode Global Config spanning-tree bpdumigrationcheck Use this command to force a transmission of rapid spanning tree (RSTP) and multiple spanning tree (MSTP) BPDUs. Use the parameter to transmit a BPDU from a specified interface, or use the all keyword to transmit BPDUs from all interfaces. This command forces the BPDU transmission when you execute it, so the command does not change the system configuration or have a “no” version. 2.
Switching Commands 2.2.5 AT8402 spanning-tree edgeport This command specifies that this port is an Edge Port within the common and internal spanning tree. This allows this port to transition to Forwarding State without delay. 2.2.5.1 Format spanning-tree edgeport Mode Interface Config no spanning-tree edgeport This command specifies that this port is not an Edge Port within the common and internal spanning tree. 2.2.
AT8402 Switching Commands Mode 2.2.8 Global Config spanning-tree hello-time This command sets the Admin Hello Time parameter to a new value for the common and internal spanning tree. The hello time is in whole seconds within a range of 1 to 10, with the value being less than or equal to (Bridge Max Age / 2) - 1. 2.2.8.
Switching Commands 2.2.11 AT8402 Format no spanning-tree max-hops Mode Global Config spanning-tree mst This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance or in the common and internal spanning tree. If you specify an parameter that corresponds to an existing multiple spanning tree instance, the configurations are done for that multiple spanning tree instance.
AT8402 Switching Commands If you specify port-priority, this command sets the priority for this port within a specific multiple spanning tree instance or the common and internal spanning tree instance, depending on the parameter, to the default value. Format no spanning-tree mst Mode 2.2.12 Interface Config spanning-tree mst instance This command adds a multiple spanning tree instance to the switch.
Switching Commands AT8402 If 0 (defined as the default CIST ID) is passed as the , this command sets the Bridge Priority parameter for the common and internal spanning tree to the default value. 2.2.14 Format spanning-tree mst priority Mode Global Config spanning-tree mst vlan This command adds an association between a multiple spanning tree instance and a VLAN so that the VLAN is no longer associated with the common and internal spanning tree.
AT8402 2.2.16.1 Switching Commands no spanning-tree port mode all This command sets the Administrative Switch Port State for all ports to disabled. 2.2.17 Format no spanning-tree port mode all Mode Global Config show spanning-tree This command displays spanning tree settings for the common and internal spanning tree. The following details are displayed.
Switching Commands 2.2.18 AT8402 show spanning-tree brief This command displays spanning tree settings for the bridge. The following information appears. Format show spanning-tree brief Modes Privileged EXEC User EXEC Bridge Priority Configured value. Bridge Identifier The bridge identifier for the selected MST instance. It is made up using the bridge priority and the base MAC address of the bridge. Bridge Max Age Configured value. Bridge Max Hops Bridge max-hops count for the device.
AT8402 2.2.20 Switching Commands show spanning-tree mst port detailed This command displays the detailed settings and parameters for a specific switch port within a particular multiple spanning tree instance. The parameter is a number that corresponds to the desired existing multiple spanning tree instance. The is the desired switch port.
Switching Commands AT8402 Designated Bridge The bridge containing the designated port Designated Port Identifier Port on the Designated Bridge that offers the lowest cost to the LAN Topology Change Acknowledgement Value of flag in next Configuration Bridge Protocol Data Unit (BPDU) transmission indicating if a topology change is in progress for this port. Hello Time The hello time in use for this port. Edge Port The configured value indicating if this port is an edge port.
AT8402 Switching Commands MST Instance ID List List of multiple spanning trees IDs currently configured. For each MSTID: Associated FIDs List of forwarding database identifiers associated with this instance. Associated VLANs List of VLAN IDs associated with this instance. 2.2.23 show spanning-tree summary This command displays spanning tree settings and parameters for the switch. The following details are displayed on execution of the command.
Switching Commands Mode 2.3.2 AT8402 Privileged EXEC network mgmt_vlan This command configures the Management VLAN ID. 2.3.2.1 Default 1 Format network mgmt_vlan Mode Privileged EXEC <1-4069> no network mgmt_vlan This command sets the Management VLAN ID to the default. 2.3.3 Format no network mgmt_vlan Mode Privileged EXEC vlan This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). VLAN range is 2-4094.
AT8402 2.3.5 Switching Commands vlan ingressfilter This command enables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN. 2.3.5.1 Default disabled Format vlan ingressfilter Mode Interface Config no vlan ingressfilter This command disables ingress filtering.
Switching Commands Mode AT8402 Interface Config Participation options are: 2.3.9 include The interface is always a member of this VLAN. This is equivalent to registration fixed. exclude The interface is never a member of this VLAN. This is equivalent to registration forbidden. auto The interface is dynamically registered in this VLAN by GVRP. The interface will not participate in this VLAN unless a join request is received on this interface. This is equivalent to registration normal.
AT8402 2.3.11 Switching Commands Format no vlan port acceptframe all Mode Global Config vlan port ingressfilter all This command enables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN. 2.3.11.
Switching Commands 2.3.13.1 AT8402 no vlan port tagging all This command configures the tagging behavior for all interfaces in a VLAN to disabled. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. 2.3.14 Format no vlan port tagging all Mode Global Config vlan protocol group This command adds protocol-based VLAN groups to the system. The is a character string of 1 to 16 characters.
AT8402 2.3.17 Switching Commands protocol group This command attaches a to the protocol-based VLAN identified by . A group may only be associated with one VLAN at a time, however the VLAN association can be changed. The referenced VLAN should be created prior to the creation of the protocol-based VLAN except when GVRP is expected to create the VLAN. 2.3.17.
Switching Commands AT8402 You should create the referenced VLAN before you create the protocol-based VLAN except when you configure GVRP to create the VLAN. 2.3.19.1 Default none Format protocol vlan group all Mode Global Config no protocol vlan group all This command removes all interfaces from this protocol-based VLAN group that is identified by this . 2.3.
AT8402 2.3.22.1 Switching Commands Format vlan association subnet Mode VLAN Config no vlan association subnet This command removes association of a specific IP-subnet to a VLAN. 2.3.23 Format no vlan association subnet Mode VLAN Config vlan association mac This command associates a MAC address to a VLAN. 2.3.23.
Switching Commands AT8402 Autodetect - To allow the port to be dynamically registered in this VLAN via GVRP. The port will not participate in this VLAN unless a join request is received on this port. This is equivalent to registration normal in the IEEE 802.1Q standard. 2.3.25 Configured The configured degree of participation of this port in this VLAN. The permissible values are: Include - This port is always a member of this VLAN. This is equivalent to registration fixed in the IEEE 802.1Q standard.
AT8402 Switching Commands Acceptable Frame Types The types of frames that may be received on this port. The options are 'VLAN only' and 'Admit All'. When set to 'VLAN only', untagged frames or priority tagged frames received on this port are discarded. When set to 'Admit All', untagged frames or priority tagged frames received on this port are accepted and assigned the value of the Port VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance to the 802.
Switching Commands 2.4 AT8402 Double VLAN Commands This section describes the commands you use to configure double VLAN (DVLAN). Double VLAN tagging is a way to pass VLAN traffic from one customer domain to another through a Metro Core in a simple and cost effective manner. The additional tag on the traffic helps differentiate between customers in the MAN while preserving the VLAN identification of the individual customers when they enter their own 802.1Q domain. 2.4.
AT8402 2.4.4 Switching Commands Format no mode dvlan-tunnel Mode Interface Config show dot1q-tunnel Use this command without the optional parameters to display all interfaces enabled for Double VLAN Tunneling. Use the optional parameters to display detailed information about Double VLAN Tunneling for the specified interface or all interfaces. 2.4.5 Format show dot1q-tunnel Modes Privileged EXEC User EXEC Interface Valid slot and port number separated by forward slashes.
Switching Commands 2.5.1 AT8402 vlan port priority all This command configures the port priority assigned for untagged packets for all ports presently plugged into the device. The range for the priority is 0-7. Any subsequent per port configuration will override this configuration setting. 2.5.2 Format vlan port priority all Mode Global Config vlan priority This command configures the default 802.1p port priority assigned for untagged packets for a specific interface.
AT8402 2.6.1.1 Switching Commands no switchport protected (Global Config) Use this command to remove a protected port group. The groupid parameter identifies the set of protected ports. Use the name keyword to remove the name from the group. 2.6.2 Format no switchport protected Mode Global Config [name] switchport protected (Interface Config) Use this command to add an interface to a protected port group.
Switching Commands 2.7 AT8402 Mode User EXEC Privileged EXEC Name A string associated with this group as a convenience. It can be up to 32 alphanumeric characters long, including blanks. The default is blank. This field is optional. Protected Indicates whether the interface is protected or not. It shows TRUE or FALSE.
AT8402 2.7.2.1 Switching Commands Default 60 Format set garp timer leave Modes Interface Config Global Config <20-600> no set garp timer leave This command sets the GVRP leave time on all ports or a single port to the default and only has an effect when GVRP is enabled. 2.7.3 Format no set garp timer leave Modes Interface Config Global Config set garp timer leaveall This command sets how frequently Leave All PDUs are generated.
Switching Commands 2.8 AT8402 GVRP Commands This section describes the commands you use to configure and view GARP VLAN Registration Protocol (GVRP) information. GVRP-enabled switches exchange VLAN configuration information, which allows GVRP to provide dynamic VLAN creation on trunk ports and automatic VLAN pruning. NOTE: If GVRP is disabled, the system does not forward GVRP messages. 2.8.1 set gvrp adminmode This command enables GVRP on the system. 2.8.1.
AT8402 Switching Commands Interface Valid slot and port number separated by forward slashes. Join Timer The interval between the transmission of GARP PDUs registering (or re-registering) membership for an attribute. Current attributes are a VLAN or multicast group. There is an instance of this timer on a perPort, per-GARP participant basis. Permissible values are 10 to 100 centiseconds (0.1 to 1.0 seconds). The factory default is 20 centiseconds (0.2 seconds).
Switching Commands 2.9.1.1 AT8402 no set gmrp adminmode This command disables GARP Multicast Registration Protocol (GMRP) on the system. 2.9.2 Format no set gmrp adminmode Mode Privileged EXEC set gmrp interfacemode This command enables GARP Multicast Registration Protocol on a single interface (Interface Config mode) or all interfaces (Global Config mode).
AT8402 Switching Commands Leave Timer The period of time to wait after receiving an unregister request for an attribute before deleting the attribute. Current attributes are a VLAN or multicast group. This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service. There is an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 20 to 600 centiseconds (0.2 to 6.0 seconds).
Switching Commands AT8402 the switch. When a list is created, the authentication method “local” is set as the first method. When the optional parameters “Option1”, “Option2” and/or “Option3” are used, an ordered list of methods are set in the authentication login list. If the authentication login list does not exist, a new authentication login list is first created and then the authentication methods are set in the authentication login list. The maximum number of authentication login methods is three.
AT8402 Switching Commands Mode 2.10.4 Privileged EXEC dot1x defaultlogin This command assigns the authentication login list to use for non-configured users for 802.1x port security. This setting is over-ridden by the authentication login list assigned to a specific user if the user is configured locally. If this value is not configured, users will be authenticated using local authentication only. 2.10.
Switching Commands 2.10.8 AT8402 dot1x port-control This command sets the authentication mode to use on the specified port. Select forceunauthorized to specify that the authenticator PAE unconditionally sets the controlled port to unauthorized. Select force-authorized to specify that the authenticator PAE unconditionally sets the controlled port to authorized.
AT8402 2.10.11 Switching Commands dot1x re-authentication This command enables re-authentication of the supplicant for the specified port. 2.10.11.1 Default disabled Format dot1x re-authentication Mode Interface Config no dot1x re-authentication This command disables re-authentication of the supplicant for the specified port. 2.10.12 Format no dot1x re-authentication Mode Interface Config dot1x system-auth-control Use this command to enable the dot1x authentication support on the switch.
Switching Commands AT8402 server-timeout - The value, in seconds, of the timer used by the authenticator state machine on this port to timeout the authentication server. The supp-timeout must be a value in the range 1 - 65535. 2.10.13.
AT8402 2.10.16 Switching Commands users login This command assigns the specified authentication login list to the specified user for system login. The must be a configured and the must be a configured login list. If the user is assigned a login list that requires remote authentication, all access to the interface from all CLI, web, and telnet sessions will be blocked until the authentication is complete.
Switching Commands AT8402 If you do not use any of the optional parameters, the global dot1x configuration summary is displayed. Administrative mode Indicates whether authentication control on the switch is enabled or disabled. If you use the optional parameter summary { | all}, the dot1x configuration for the specified port or all ports are displayed. Port The interface whose configuration is displayed. Control Mode The configured control mode for this port.
AT8402 Switching Commands Maximum Requests The maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request/Identity before timing out the supplicant. The value will be in the range of 1 and 10. Reauthentication Period The timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place. The value is expressed in seconds and will be in the range of 1 and 65535.
Switching Commands 2.10.20 AT8402 show dot1x users This command displays 802.1x port security user information for locally configured users. 2.10.21 Format show dot1x users Mode Privileged EXEC User Users configured locally to have access to the specified port. show users authentication This command displays all user and all authentication login information. It also displays the authentication login list assigned to the default user.
AT8402 2.11.2 Switching Commands storm-control broadcast level Use this command to configure the broadcast storm recovery threshold for an interface. When you use this command, broadcast storm recovery mode is enabled on the interface and broadcast storm recovery is active. If the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of broadcast traffic is limited to the configured threshold. 2.11.2.
Switching Commands 2.11.4.1 AT8402 no storm-control broadcast all level This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables broadcast storm recovery. 2.11.5 Format no storm-control broadcast all level Mode Global Config storm-control multicast This command enables multicast storm recovery mode for an interface.
AT8402 Switching Commands dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold. 2.11.7.1 Default disabled Format storm-control multicast all Mode Global Config no storm-control multicast all This command disables multicast storm recovery mode for all interfaces. 2.11.
Switching Commands Mode 2.11.10 AT8402 Interface Config storm-control unicast level This command configures the unicast storm recovery threshold for an interface and enables unicast storm recovery. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
AT8402 2.11.12.1 Switching Commands Default 5 Format storm-control unicast all level Mode Global Config <0-100> no storm-control unicast all level This command returns the unicast storm recovery threshold to the default value and disables unicast storm recovery for all interfaces. 2.11.13 Format no storm-control unicast all level Mode Global Config storm-control flowcontrol This command enables 802.3x flow control for the switch and only applies to fullduplex mode ports. NOTE: 802.
Switching Commands 2.12 AT8402 Ucast Mode Shows whether the Unknown Unicast or DLF (Destination Lookup Failure) storm control mode is enabled or disabled. Ucast Level The Unknown Unicast or DLF (Destination Lookup Failure) storm control level Port-Channel/LAG (802.3ad) Commands This section describes the commands you use to configure port-channels, which are also known as link aggregation groups (LAGs).
AT8402 Switching Commands NOTE: Before adding a port to a port-channel, set the physical mode of the port. For more information, see 2.1.8 “speed” on page 2 - 4. 2.12.3 Format addport Mode Interface Config deleteport (Interface Config) This command deletes the port from the port-channel (LAG). The interface is a logical slot/port number. of a configured port-channel. 2.12.
Switching Commands 2.12.6.1 AT8402 no port lacpmode This command disables Link Aggregation Control Protocol (LACP) on a port. 2.12.7 Format no port lacpmode Mode Interface Config port lacpmode all This command enables Link Aggregation Control Protocol (LACP) on all ports. 2.12.7.1 Format port lacpmode all Mode Global Config no port lacpmode all This command disables Link Aggregation Control Protocol (LACP) on all ports. 2.12.
AT8402 Switching Commands Mode 2.12.10 Global Config port-channel adminmode This command enables a port-channel (LAG). The option all sets every configured port-channel with the same administrative mode setting. 2.12.10.1 Format port-channel adminmode [all] Mode Global Config no port-channel adminmode This command disables a port-channel (LAG). The option all sets every configured port-channel with the same administrative mode setting. 2.12.
Switching Commands Modes AT8402 Privileged EXEC User EXEC For each port-channel the following information is displayed: Logical Interface The slot/port of the logical interface. Port-channel Name The name of port-channel (LAG) interface. Link-State Shows whether the link is up or down. Type Shows whether the port-channel is statically or dynamically maintained. LACP Device Type/Timeout The timeout (long or short) for the type of device (actor or partner) 2.12.
AT8402 2.13.1 Switching Commands monitor session This command configures a probe port and a monitored port for monitor session (port monitoring). Use the source interface parameter to specify the interface to monitor. Use rx to monitor only ingress packets, or use tx to monitor only egress packets. If you do not specify an {rx | tx} option, the destination port monitors both ingress and egress packets.
Switching Commands AT8402 NOTE: The parameter is an integer value used to identify the session. In the current version of the software, the parameter is always one (1). Format show monitor session Mode Privileged EXEC Session ID An integer value used to identify the session. Its value can be anything between 1 and the maximum number of mirroring sessions allowed on the platform.
AT8402 2.14.2 Switching Commands macfilter addsrc This command adds the interface to the source filter set for the MAC filter with the MAC address of and VLAN of . The parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The parameter must identify a valid VLAN. 2.14.2.
Switching Commands AT8402 Source Port(s) The source port filter set's slot and port(s). 2.14.5 show mac-address-table staticfiltering This command displays the Static Filtering entries in the Multicast Forwarding Database (MFDB) table. Format show mac-address-table staticfiltering Mode Privileged EXEC Mac Address A unicast MAC address for which the switch has forwarding and or filtering information.
AT8402 2.15.1.1 Switching Commands Format set igmp Modes Global Config Interface Config Format set igmp Mode VLAN Config no set igmp This command disables IGMP Snooping on the system, an interface or a VLAN. 2.15.2 Format no set igmp Modes Global Config Interface Config Format no set igmp Mode VLAN Config set igmp interfacemode This command enables IGMP Snooping on all interfaces.
Switching Commands 2.15.3.1 AT8402 Format set igmp fast-leave Mode Interface Config Format set igmp fast-leave Mode VLAN Config no set igmp fast-leave This command disables IGMP Snooping fast-leave admin mode on a selected interface. 2.15.
AT8402 2.15.5.1 Switching Commands Default 10 seconds Format set igmp maxresponse Modes Global Config Interface Config Format set igmp maxresponse Mode VLAN Config <1-3599> <1-3599> no set igmp maxresponse This command sets the max response time (on the interface or VLAN) to the default value. 2.15.
Switching Commands 2.15.7.1 AT8402 Format set igmp mrouter Mode Interface Config no set igmp mrouter This command disables multicast router mode for a particular VLAN ID () . 2.15.8 Format no set igmp mrouter Mode Interface Config set igmp mrouter interface This command configures the interface as a multicast router interface. When configured as a multicast router interface, the interface is treated as a multicast router interface in all VLANs. 2.15.8.
AT8402 Switching Commands Fast Leave Mode Indicates whether IGMP Snooping Fast-leave is active on the interface. Group Membership Interval The amount of time in seconds that a switch will wait for a report from a particular group on a particular interface before deleting the interface from the entry.This value may be configured Maximum Response Time The amount of time the switch waits after it sends a query on an interface because it did not receive a report for a particular group on that interface.
Switching Commands 2.15.12 AT8402 Format show igmpsnooping mrouter vlan Mode Privileged EXEC Interface The port on which multicast router information is being displayed. VLAN ID The list of VLANs of which the interface is a member. show mac-address-table igmpsnooping This command displays the IGMP Snooping entries in the MFDB table.
AT8402 Switching Commands Modes 2.16.2 Global Config Interface Config port-security max-dynamic This command sets the maximum number of dynamically locked MAC addresses allowed on a specific port. 2.16.2.1 Default 600 Format port-security max-dynamic Mode Interface Config no port-security max-dynamic This command resets the maximum number of dynamically locked MAC addresses allowed on a specific port to its default value. 2.16.
Switching Commands 2.16.5 AT8402 port-security mac-address move This command converts dynamically locked MAC addresses to statically locked addresses. 2.16.6 Format port-security mac-address move Mode Interface Config show port-security This command displays the port-security settings. If you do not use a parameter, the command displays the settings for the entire system. Use the optional parameters to display the settings on a specific interface or on all interfaces.
AT8402 2.17 Switching Commands LLDP (802.1AB) Commands This section describes the command you use to configure Link Layer Discovery Protocol (LLDP), which is defined in the IEEE 802.1AB specification. LLDP allows stations on an 802 LAN to advertise major capabilities and physical descriptions. The advertisements allow a network management system (NMS) to access and display this information. 2.17.1 lldp transmit Use this command to enable the LLDP advertise capability. 2.17.1.
Switching Commands Mode 2.17.3.1 AT8402 Global Config no lldp timers Use this command to return any or all timing parameters for local data transmission on ports enabled for LLDP to the default values. 2.17.4 Format no lldp timers Mode Global Config [interval] [hold] [reinit] lldp transmit-tlv Use this command to specify which optional type length values (TLVs) in the 802.1AB basic management set are transmitted in the LLDPDUs. Use sys-name to transmit the system name TLV.
AT8402 2.17.6.1 Switching Commands Format lldp notification Mode Interface Config no lldp notification Use this command to disable notifications. 2.17.7 Default disabled Format no lldp notification Mode Interface Config lldp notification-interval Use this command to configure how frequently the system sends remote data change notifications. The parameter is the number of seconds to wait between sending notifications. The valid interval range is 5-3600 seconds. 2.17.7.
Switching Commands AT8402 Transmit Hold Multiplier The multiplier on the transmit interval that sets the TTL in local data LLDPDUs. Re-initialization Delay The delay before re-initialization, in seconds. Notification Interval How frequently the system sends remote data change notifications, in seconds. 2.17.11 show lldp interface Use this command to display a summary of the current LLDP configuration for a specific interface or for all interfaces. 2.17.
AT8402 Switching Commands Discards Total number of LLDP frames discarded on the port for any reason. Errors The number of invalid LLDP frames received on the port. Ageouts Total number of times a complete remote data entry was deleted for the port because the Time to Live interval expired. TVL Discards The number of TLVs discarded TVL Unknowns Total number of LLDP TLVs received on the port where the type value is in the reserved range, and not recognized. 2.17.
Switching Commands AT8402 Management Address For each interface on the remote device with an LLDP agent, lists the type of address the remote LLDP agent uses and specifies the address used to obtain information related to the device. Time To Live The amount of time (in seconds) the remote device's information received in the LLDPDU should be treated as valid information. 2.17.15 show lldp local-device Use this command to display summary information about the advertised LLDP local data.
AT8402 Switching Commands Service attacks. You can configure your system to monitor and block six types of attacks: • • • • • • 2.18.1 SIP=DIP: Source IP address = Destination IP address. First Fragment: TCP Header size smaller then configured value. TCP Fragment: IP Fragment Offset = 1. TCP Flag: TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP Sequence Number = 0 or TCP Flags SYN and FIN set.
Switching Commands 2.18.3 AT8402 dos-control tcpfrag This command enables TCP Fragment Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having IP Fragment Offset equal to one (1), the packets will be dropped if the mode is enabled. 2.18.3.1 Default disabled Format dos-control tcpfrag Mode Global Config no dos-control tcpfrag This command disabled TCP Fragment Denial of Service protection. 2.18.
AT8402 Switching Commands Mode 2.18.5.1 Global Config no dos-control l4port This command disables L4 Port Denial of Service protections. 2.18.6 Format no dos-control l4port Mode Global Config dos-control icmp This command enables Maximum ICMP Packet Size Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack.
Switching Commands 2.19.1 AT8402 bridge aging-time This command configures the forwarding database address aging timeout in seconds. The parameter must be within the range of 10 to 1,000,000 seconds. 2.19.1.1 Default 300 Format bridge aging-time Mode Global Config <10-1,000,000> no bridge aging-time This command sets the forwarding database address aging timeout to the default value. 2.19.
AT8402 Switching Commands Component The component that is responsible for this entry in the Multicast Forwarding Database. Possible values are IGMP Snooping, GMRP, and Static Filtering. Description The text description of this multicast table entry. Interfaces The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).
Switching Commands AT8402 CLI Reference Manual AT8402 Page 2 - 80
AT8402 Chapter 31 Quality of Service Commands Page 3 - 1 AT8402 CLI Reference Manual
Quality of Service (QoS) Commands 3. AT8402 Quality of Service (QoS) Commands This chapter describes the Quality of Service (QoS) commands available in the CLI. The QoS Commands chapter contains the following sections: • • • • • • • • 3.1 “Class of Service (CoS) Commands” on page 3 - 2 3.2 “Differentiated Services (DiffServ) Commands” on page 3 - 6 3.3 “DiffServ Class Commands” on page 3 - 7 3.4 “DiffServ Policy Commands” on page 3 - 12 3.5 “DiffServ Service Commands” on page 3 - 15 3.
AT8402 3.1.2 Quality of Service (QoS) Commands classofservice ip-dscp-mapping This command maps an IP DSCP value to an internal traffic class. The value is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef.
Quality of Service (QoS) Commands Modes 3.1.4.1 AT8402 Global Config Interface Config no cos-queue min-bandwidth This command restores the default for each queue's minimum bandwidth value. 3.1.5 Format no cos-queue min-bandwidth Modes Global Config Interface Config cos-queue strict This command activates the strict priority scheduler mode for each specified queue. 3.1.5.
AT8402 Quality of Service (QoS) Commands Format show classofservice dot1p-mapping Mode Privileged EXEC [] The following information is repeated for each user priority. User Priority The 802.1p user priority value. Traffic Class 3.1.8 The traffic class internal queue identifier to which the user priority value is mapped. show classofservice ip-precedence-mapping This command displays the current IP Precedence mapping to internal traffic classes for a specific interface.
Quality of Service (QoS) Commands AT8402 Untrusted Traffic Class The traffic class used for all untrusted traffic. This is only displayed when the COS trust mode is set to 'untrusted'. 3.1.11 show interfaces cos-queue This command displays the class-of-service queue configuration for the specified interface. The slot/port parameter is optional and is only valid on platforms that support independent per-port class of service mappings.
AT8402 Quality of Service (QoS) Commands The DiffServ class defines the packet filtering criteria. The attributes of a DiffServ policy define the way the switch processes packets. You can define policy attributes on a per-class instance basis. The switch applies these attributes when a match occurs. Packet processing begins when the switch tests the match criteria for a packet. The switch applies a policy to a packet when it finds a class match within that policy.
Quality of Service (QoS) Commands AT8402 match criteria are also known as class rules, with a class definition consisting of one or more rules to identify the traffic that belongs to the class. NOTE: Once you create a class match criterion for a class, you cannot change or delete the criterion. To change or delete a class match criterion, you must delete and re-create the entire class. The CLI command root is class-map. 3.3.1 class-map This command defines a DiffServ class of type match-all.
AT8402 Quality of Service (QoS) Commands Mode 3.3.4 Class-Map Config match class-map This command adds to the specified class definition the set of match conditions defined for another class. The is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition. There is no default value. Format match class-map Mode Class-Map Config NOTE: • • • • • • 3.3.4.
Quality of Service (QoS) Commands AT8402 echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, www. Each of these translates into its equivalent port number. To specify the match condition using a numeric notation, one layer 4 port number is required. The port number is an integer from 0 to 65535. 3.3.
AT8402 Quality of Service (QoS) Commands NOTE: The IP DSCP, IP Precedence, and IP ToS match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header, but with a slightly different user notation. NOTE: This “free form” version of the IP DSCP/Precedence/TOS match specification gives the user complete control when specifying which bits of the IP Service Type field are checked. 3.3.
Quality of Service (QoS) Commands 3.4 Default none Format match srcl4port Mode Class-Map Config AT8402 { | <0-65535>} DiffServ Policy Commands Use the DiffServ policy commands to specify traffic conditioning actions, such as policing and marking, to apply to traffic classes Use the policy commands to associate a traffic class that you define by using the class command set with one or more QoS policy attributes. Assign the class/policy association to an interface to form a service.
AT8402 Quality of Service (QoS) Commands conform level are specified. The parameter is the name of an existing Diffserv class map. NOTE: This command may only be used after specifying a police command for the policy-class instance. 3.4.
Quality of Service (QoS) Commands AT8402 The value is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef. Format mark ip-dscp Mode Policy-Class-Map Config Incompatibilities Drop, Mark CoS, Mark IP Precedence, Police 3.4.
AT8402 Quality of Service (QoS) Commands NOTE: The CLI mode is changed to Policy-Map Config when this command is successfully executed. 3.4.9.1 Format policy-map Mode Global Config in no policy-map This command eliminates an existing DiffServ policy. The parameter is the name of an existing DiffServ policy. This command may be issued at any time. If the policy is currently referenced by one or more interface service attachments, this delete attempt fails. 3.4.
Quality of Service (QoS) Commands Format service-policy in Modes Global Config Interface Config AT8402 NOTE: Each interface can have one policy attached. 3.5.1.1 no service-policy This command detaches a policy from an interface in the inbound direction. The parameter is the name of an existing DiffServ policy. NOTE: This command causes a service to remove its reference to the policy. This command effectively disables DiffServ on an interface in the inbound direction.
AT8402 Quality of Service (QoS) Commands If you do not specify the Class Name, this command displays a list of all defined DiffServ classes. The following fields are displayed: Class Name The name of this class. (Note that the order in which classes are displayed is not necessarily the same order in which they were created.) Class Type A class type of ‘all’ means every match criterion defined for the class is evaluated simultaneously and must all be true to indicate a class match.
Quality of Service (QoS) Commands AT8402 If the Policy Name is specified the following fields are displayed: Policy Name The name of this policy. Type The policy type (Only inbound policy definitions are supported for this platform.) The following information is repeated for each class associated with this policy (only those policy attributes actually configured are displayed): Assign Queue Directs traffic stream to the specified QoS queue.
AT8402 Quality of Service (QoS) Commands If the Policy Name is not specified this command displays a list of all defined DiffServ policies. The following fields are displayed: Policy Name The name of this policy. (The order in which the policies are displayed is not necessarily the same order in which they were created.) Policy Type The policy type (Only inbound is supported). Class Members List of all class names associated with this policy. 3.6.
Quality of Service (QoS) Commands 3.6.6 AT8402 show policy-map interface This command displays policy-oriented statistics information for the specified interface and direction. The parameter specifies a valid interface for the system. NOTE: This command is only allowed while the DiffServ administrative mode is enabled. Format show policy-map interface Mode Privileged EXEC Interface Valid slot and port number separated by forward slashes.
AT8402 3.7.1 Quality of Service (QoS) Commands mac access-list extended This command creates a MAC Access Control List (ACL) identified by , consisting of classification fields defined for the Layer 2 header of an Ethernet frame. The parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list. If a MAC ACL by this name already exists, this command enters Mac-Access-List config mode to allow updating the existing MAC ACL.
Quality of Service (QoS) Commands AT8402 The Ethertype may be specified as either a keyword or a four-digit hexadecimal value from 0x0600-0xFFFF. The currently supported values are: appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp. Each of these translates into its equivalent Ethertype value(s). Table 4.1.
AT8402 Quality of Service (QoS) Commands specified for this command, a sequence number that is one greater than the highest sequence number currently in use for this interface and direction is used. This command specified in 'Interface Config' mode only affects a single interface, whereas the 'Global Config' mode setting is applied to all interfaces. The 'Interface Config' mode command is only available on platforms that support independent perport class of service queue configuration. 3.7.4.
Quality of Service (QoS) Commands • • • 3.8.1 AT8402 The maximum number of rules per IP ACL is hardware dependent. If you configure a MAC ACL on an interface, you cannot configure an IP ACL on the same interface. Wildcard masking for ACLs operates differently from a subnet mask. A wildcard mask is in essence the inverse of a subnet mask. With a subnet mask, the mask has ones (1's) in the bit positions that are used for the network address, and has zeros (0's) for the bit positions that are not used.
AT8402 Quality of Service (QoS) Commands Table 4.2. ACL Command Parameters Parameter Description [{eq { | <0-65535>}] Specifies the source layer 4 port match condition for the IP ACL rule. You can use the port number, which ranges from 0-65535, or you specify the , which can be one of the following keywords: domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, and www.
Quality of Service (QoS) Commands 3.8.3 Format no ip access-group Mode Interface Config AT8402 in acl-trapflags This command enables the ACL trap mode. 3.8.3.1 Default disabled Format acl-trapflags Mode Global Config no acl-trapflags This command disables the ACL trap mode. 3.8.4 Format no acl-trapflags Mode Global Config show ip access-lists This command displays an IP ACL is the number used to identify the IP ACL.
AT8402 3.8.5 Quality of Service (QoS) Commands show access-lists This command displays IP ACLs and MAC access control lists information for a designated interface and direction. Format show access-lists interface Mode Privileged EXEC ACL Type Type of access list (IP or MAC). ACL ID Access List name for a MAC access list or the numeric identifier for an IP access list.
Quality of Service (QoS) Commands AT8402 CLI Reference Manual Page 3 - 28 AT8402
AT8402 Chapter 41 Utility Commands Page 4 - 1 AT8402 CLI Reference Manual
Utility Commands 4. AT8402 Utility Commands This chapter describes the utility commands available in the CLI. The FASTPATH Utility Commands chapter includes the following sections: • • • • • • • • • • 4.1 “Commands for update and startup Configuration“ on page 4 - 2 4.2 “ATCA commands“ on page 4 - 4 4.3 “System Information and Statistics Commands“ on page 4 - 5 4.4 “Logging Commands“ on page 4 - 19 4.5 “System Utility and Clear Commands“ on page 4 - 24 4.
AT8402 Utility Commands Modes 4.1.4 Privileged EXEC download fwum This command updates the FWUM firmware. It downloads an FWUM firmware image from URL and flashes the FWUM with the new image. If the flash process is interrupted or fails, the FWUM will not recover gracefully and the board has to be repaired manually. Use this command with extreme care. It is not field safe. Do not interrupt the upgrade process. 4.1.
Utility Commands 4.1.9 AT8402 show startupconfig This command shows either the installed system images or configuration files. For “startup” it shows the information about images and configuration files used at system startup. For “all” it shows all the information about installed images/files and the startup information. Format show startupconfig Modes Privileged EXEC 4.2 ATCA commands 4.2.
AT8402 Utility Commands • • 4.2.5 pci-rst-hs: If the PCIE-reset capability is enabled, the PCIE infrastructure is set into reset if AMC in upstream-port is deactivated. pci-rst-cfg: If the PCIE-configuration setting is enabled, the PCIE switch will be reset if configuration is changed.
Utility Commands 4.3.1 AT8402 show arp switch This command displays the contents of the IP stack’s Address Resolution Protocol (ARP) table. The IP stack only learns ARP entries associated with the management interfaces - network or service ports. ARP entries associated with routing interfaces are not listed. Format show arp switch Mode Privileged EXEC IP Address IP address of the management interface or another device on the management network. MAC Address Hardware MAC address of that device.
AT8402 Utility Commands Mode Privileged EXEC Switch Description Text used to identify the product name of this switch. Machine Type The machine model as defined by the Vital Product Data. Machine Model The machine model as defined by the Vital Product Data. Serial Number The unique box serial number for this switch. FRU Number The field replaceable unit number. Part Number Manufacturing part number. Maintenance Level Hardware changes that are significant to software.
Utility Commands AT8402 Broadcast Packets Received The total number of packets received that were directed to the broadcast address. Note that this does not include multicast packets. Packets Received With Error The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. Packets Transmitted Without Error The total number of packets transmitted out of the interface.
AT8402 Utility Commands Packets Received 128-255 Octets - The total number of packets (including bad packets) received that were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets). Packets Received 256-511 Octets - The total number of packets (including bad packets) received that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
Utility Commands AT8402 Packets RX and TX 2048-4095 Octets - The total number of packets received that were between 2048 and 4095 octets in length inclusive (excluding framing bits, but including FCS octets) and were otherwise well formed. Packets RX and TX 4096-9216 Octets - The total number of packets received that were between 4096 and 9216 octets in length inclusive (excluding framing bits, but including FCS octets) and were otherwise well formed.
AT8402 Utility Commands Total - A count of valid frames received which were discarded (in other words, filtered) by the forwarding process. Local Traffic Frames - The total number of frames dropped in the forwarding process because the destination address was located off of this port. 802.3x Pause Frames Received - A count of MAC Control frames received on this interface with an opcode indicating the PAUSE operation. This counter does not increment when the interface is operating in half-duplex mode.
Utility Commands AT8402 Packets Transmitted 1024-1518 Octets - The total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets). Max Frame Size - The maximum size of the Info (non-MAC) field that this port will receive or transmit. Packets Transmitted Successfully Total - The number of frames that have been transmitted by this port to its segment.
AT8402 Utility Commands operation. This counter does not increment when the interface is operating in half-duplex mode. GVRP PDUs Received - The count of GVRP PDUs received in the GARP layer. GVRP PDUs Transmitted - The count of GVRP PDUs transmitted from the GARP layer. GVRP Failed Registrations - The number of times attempted GVRP registrations could not be completed. GMRP PDUs Received - The count of GMRP PDU's received in the GARP layer.
Utility Commands AT8402 Broadcast Packets Received The total number of packets received that were directed to the broadcast address. Note that this does not include multicast packets. Receive Packets Discarded The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. A possible reason for discarding a packet could be to free up buffer space.
AT8402 4.3.7 Utility Commands show mac-addr-table This command displays the forwarding database entries. These entries are used by the transparent bridging function to determine how to forward a received frame. Enter all or no parameter to display the entire table. Enter a MAC Address and VLAN ID to display the table entry for the requested MAC address on the specified VLAN. Enter the count parameter to view summary information about the forwarding database table.
Utility Commands AT8402 Static Address (User-defined) count Number of MAC addresses in the forwarding database that were manually entered by a user. Total MAC Addresses in use Number of MAC addresses currently in the forwarding database. Total MAC Addresses available Number of MAC addresses the forwarding database can handle. 4.3.8 show running-config Use this command to display or capture the current setting of different protocol packages supported on the switch.
AT8402 4.3.10 Utility Commands show tech-support Use the show tech-support command to display system and configuration information when you contact technical support. The output of the show techsupport command combines the output of the following commands: • • • • • • • • 4.3.
Utility Commands 4.3.15 AT8402 Format show boardinfo update-status Mode Privileged EXEC show boardinfo version This command displays hardware and software revision information. This includes serial-numbers, software and hardware revisions as applicable. Format show boardinfo version Mode Privileged EXEC Version information included • • • • • • • • • • • • • • 4.3.
AT8402 4.3.20 Utility Commands Format show boardinfo led Mode Privileged EXEC show boardinfo fcap This command shows the user changeable firmware capabilities. 4.3.21 Format show boardinfo fcap Mode Privileged EXEC show boardinfo amc connection This command displays the connections to an AMC carrier. 4.3.
Utility Commands 4.4.1 AT8402 logging buffered This command enables logging to an in-memory log that keeps up to 128 logs. 4.4.1.1 Default disabled; critical when enabled Format logging buffered Mode Global Config no logging buffered This command disables logging to in-memory log. 4.4.2 Format no logging buffered Mode Global Config logging buffered wrap This command enables wrapping of in-memory logging when the log file reaches full capacity.
AT8402 Utility Commands keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), info (6), or debug (7). 4.4.4.1 Default disabled; critical when enabled Format logging console Mode Global Config [severitylevel] no logging console This command disables logging to the console. 4.4.5 Format no logging console Mode Global Config logging host This command enables logging to a host. You can configure up to eight hosts.
Utility Commands 4.4.8 AT8402 logging syslog This command enables syslog logging. The parameter is an integer with a range of 1-65535. 4.4.8.1 Default disabled Format logging syslog Mode Global Config [port ] no logging syslog This command disables syslog logging. 4.4.9 Format no logging syslog Mode Global Config show logging This command displays logging configuration information.
AT8402 4.4.11 Utility Commands show logging hosts This command displays all configured logging hosts. Format show logging hosts Mode Privileged EXEC Host Index (Used for deleting hosts) IP Address IP address of the logging host. Severity Level The minimum severity to log to the specified address. The possible values are emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), info (6), or debug (7). 4.4.
Utility Commands 4.5 AT8402 Format show logging diag-report Mode Privileged Exec System Utility and Clear Commands This section describes the commands you use to help troubleshoot connectivity issues and to restore various configurations to their factory defaults. 4.5.1 traceroute Use the traceroute command to discover the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. The value should be a valid IP address.
AT8402 Utility Commands Mode 4.5.6 Privileged EXEC clear port-channel This command clears all port-channels (LAGs). 4.5.7 Format clear port-channel Mode Privileged EXEC clear traplog This command clears the trap log. 4.5.8 Format clear traplog Mode Privileged EXEC clear vlan This command resets VLAN configuration parameters to the factory defaults. 4.5.9 Format clear vlan Mode Privileged EXEC enable passwd This command prompts you to change the Privileged EXEC password.
Utility Commands Mode 4.5.12 AT8402 Privileged EXEC ping This command checks if another computer is on the network and listens for connections. To use this command, configure the switch for network (in-band) connection. The source and target devices must have the ping utility enabled and running on top of TCP/IP. You can ping the switch from any IP workstation the switch is connected to through the default VLAN (VLAN 1), as long as there is a physical path between the switch and the workstation.
AT8402 Utility Commands Table 4.1. Copy Parameters Source 4.6 Destination Description nvram:clibanner Copies the CLI banner to a server. nvram:errorlog Copies the error log file to a server. nvram:log Copies the log file to a server. nvram:script name> Copies a specified configuration script file to a server. nvram:startup-config Copies the startup configuration to a server. nvram:traplog Copies the trap log file to a server.
Utility Commands Mode 4.6.1.1 AT8402 Privileged EXEC no license advanced This command disables a particular feature. This command also disables the corresponding show commands. The parameter specifies the hexadecimal key for the feature. 4.6.2 Format no license advanced Mode Privileged EXEC show key-features This command displays the enabled or disabled status for all keyable features. 4.
AT8402 4.7.2.1 Utility Commands no sntp client mode This command disables Simple Network Time Protocol (SNTP) client mode. 4.7.3 Format no sntp client mode Mode Global Config sntp client port This command sets the SNTP client port id to a value from 1-65535. 4.7.3.1 Default 123 Format sntp client port Mode Global Config no sntp client port This command resets the SNTP client port back to its default value. 4.7.
Utility Commands 4.7.6 AT8402 sntp unicast client poll-retry This command will set the poll retry for SNTP unicast clients to a value from 0 to 10. 4.7.6.1 Default 1 Format sntp unicast client poll-retry Mode Global Config no sntp unicast client poll-retry This command will reset the poll retry for SNTP unicast clients to its default value. 4.7.
AT8402 Utility Commands Last Update Time Time of last clock update. Last Attempt Time Time of last transmit query (in unicast mode). Last Attempt Status Status of the last SNTP request (in unicast mode) or unsolicited message (in broadcast mode). Broadcast Count Current number of unsolicited broadcast messages that have been received and processed by the SNTP client since last reboot.
Utility Commands AT8402 Last Update Status Last server attempt status for the server. Total Unicast Requests Number of requests to the server. Failed Unicast Requests Number of failed requests from server. 4.8 DHCP Server Commands This section describes the commands you to configure the DHCP server settings for the switch. DHCP uses UDP as its transport protocol and supports a number of features that facilitate in administration address allocations. 4.8.
AT8402 4.8.3 Utility Commands client-name This command specifies the name for a DHCP client. Name is a string consisting of standard ASCII characters. 4.8.3.1 Default none Format client-name Mode DHCP Pool Config no client-name This command removes the client name. 4.8.4 Format no client-name Mode DHCP Pool Config default-router This command specifies the default router list for a DHCP client.
Utility Commands 4.8.6 AT8402 hardware-address This command specifies the hardware address of a DHCP client. Hardware-address is the MAC address of the hardware platform of the client consisting of 6 bytes in dotted hexadecimal format. Type indicates the protocol of the hardware platform. It is 1 for 10 MB Ethernet and 6 for IEEE 802. 4.8.6.
AT8402 4.8.8.1 Utility Commands no lease This command restores the default value of the lease time for DHCP Server. 4.8.9 Format no lease Mode DHCP Pool Config network (DHCP Pool Config) Use this command to configure the subnet number and mask for a DHCP address pool on the server. Network-number is a valid IP address, made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Mask is the IP subnet mask for the specified address pool.
Utility Commands 4.8.12 AT8402 Format no domain-name Mode DHCP Pool Config netbios-name-server This command configures NetBIOS Windows Internet Naming Service (WINS) name servers that are available to DHCP clients. One IP address is required, although one can specify up to eight addresses in one command line. Servers are listed in order of preference (address1 is the most preferred server, address2 is the next most preferred server, and so on). 4.8.12.
AT8402 4.8.14.1 Utility Commands Format next-server
Mode DHCP Pool Config no next-server This command removes the boot server list. 4.8.15 Format no next-server Mode DHCP Pool Config option The option command configures DHCP Server options. The parameter specifies the DHCP option code and ranges from 1-254. The parameter specifies an NVT ASCII character string. ASCII character strings that contain white space must be delimited by quotation marks.Utility Commands Mode 4.8.17 AT8402 Global Config ip dhcp ping packets Use this command to specify the number, in a range from 2-10, of packets a DHCP server sends to a pool address as part of a ping operation. By default the number of packets sent to a pool address is 2, which is the smallest allowed number when sending packets. Setting the number of packets to 0 disables this command. 4.8.17.
AT8402 Utility Commands Mode 4.8.20 Global Config ip dhcp conflict logging This command enables conflict logging on DHCP server. 4.8.20.1 Default enabled Format ip dhcp conflict logging Mode Global Config no ip dhcp conflict logging This command disables conflict logging on DHCP server. 4.8.21 Format no ip dhcp conflict logging Mode Global Config clear ip dhcp binding This command deletes an automatic address binding from the DHCP server database.
Utility Commands AT8402 Modes Privileged EXEC User EXEC IP address The IP address of the client. Hardware Address The MAC address or the client identifier. Lease expiration The lease expiration time of the IP address assigned to the client. Type 4.8.25 The manner in which IP address was assigned to the client. show ip dhcp global configuration This command displays address bindings for the specific IP address on the DHCP server.
AT8402 Utility Commands Host 4.8.27 The IP address and the mask for a manual binding to a DHCP client. show ip dhcp server statistics This command displays DHCP server statistics. Format show ip dhcp server statistics Modes Privileged EXEC User EXEC Automatic Bindings The number of IP addresses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database. Expired Bindings The number of expired leases.
Utility Commands 4.9 AT8402 DHCP Filtering You can configure the DHCP Filtering feature as a security measure against unauthorized DHCP servers. DHCP filtering works by allowing you to configure each port as either a trusted port or an untrusted port. To optimize the DHCP filtering feature, configure the port that is connected to an authorized DHCP server on your network as a trusted port. Any DHCP responses received on a trusted port are forwarded.
AT8402 4.10 Utility Commands Serviceability Packet Tracing Commands These commands improve the capability of network engineers to diagnose conditions affecting their FASTPATH product. CAUTION: The output of “debug” commands can be long and may adversely affect system performance. 4.10.1 debug console This command enables the display of “debug” trace output on the login session in which it is executed. Debug console display must be enabled in order to view any trace output.
Utility Commands AT8402 TX A packet transmitted by the device. Intf The interface that the packet went out on. Format used is port/slot (internal interface number). Source_Mac Source MAC address of the packet. Version Spanning tree protocol version (0-3). 0 refers to STP, 2 RSTP and 3 MSTP. Root_Mac MAC address of the CIST root bridge. Root_Priority Priority of the CIST root bridge. The value is between 0 and 61440. It is displayed in hex in multiples of 4096. Path_Cost 4.10.3.
AT8402 4.10.4.1 Utility Commands no debug spanning-tree bpdu receive This command disables tracing of received spanning tree BPDUs. 4.10.5 Format no debug spanning-tree bpdu receive Mode Privileged EXEC debug spanning-tree bpdu This command enables tracing of spanning tree bpdus received and transmitted by the switch. 4.10.5.1 Default disabled Format debug spanning-tree bpdu Mode Privileged EXEC no debug spanning-tree bpdu This command disables tracing of spanning tree BPDUs. 4.10.
Utility Commands AT8402 V2_Membership_Report – IGMP Version 2 Membership Report V3_Membership_Report – IGMP Version 3 Membership Report V2_Leave_Group – IGMP Version 2 Leave Group Group 4.10.6.1 Multicast group address in the IGMP header. no debug igmpsnooping transmit This command disables tracing of transmitted IGMP snooping packets. 4.10.
AT8402 Utility Commands Mode 4.10.8 Privileged EXEC debug igmpsnooping packet This command enables tracing of IGMP Snooping packets received and transmitted by the switch. 4.10.8.1 Default disabled Format debug igmpsnooping packet Mode Privileged EXEC no debug igmpsnooping packet This command disables tracing of IGMP Snooping packets. 4.10.9 Format no debug igmpsnooping packet Mode Privileged EXEC debug ping packet This command enables tracing of ICMP echo requests and responses.
Utility Commands Mode 4.10.10 AT8402 Privileged EXEC debug rip packet This command turns on tracing of RIP requests and responses. This command takes no options. The output is directed to the log file. Default disabled Format debug rip packet Mode Privileged EXEC A sample output of the trace message is shown below. <15> JAN 01 00:35:15 192.168.17.29-1 RIP[181783160]: rip_map_debug.c(96) 775 % Pkt RX on Intf: 1/0/1(1), Src_IP:43.1.1.1 Dest_IP:43.1.1.
AT8402 4.10.11 Utility Commands debug ospf packet This command enables tracing of OSPF packets received and transmitted by the switch. Default disabled Format debug ospf packet Mode Privileged EXEC Sample outputs of the trace messages are shown below. <15> JAN 02 11:03:31 10.50.50.1-2 OSPF[46300472]: ospf_debug.c(297) 25430 % Pkt RX - Intf:2/0/48 Src Ip:192.168.50.2 DestIp:224.0.0.5 AreaId:0.0.0.0 Type:HELLO NetMask:255.255.255.0 D esigRouter:0.0.0.0 Backup:0.0.0.0 <15> JAN 02 11:03:35 10.50.50.
Utility Commands Backup AT8402 Backup router IP address. DB_DSCR packet field definitions: MTU MTU Options Options in the OSPF packet. Flags Could be one or more of the following: I – Init M – More MS – Master/Slave Seq Sequence Number of the DD packet. LS_REQ packet field definitions: Length Length of packet. LS_UPD packet field definitions. Length Length of packet. LS_ACK packet field definitions. Length 4.10.11.1 Length of packet.
AT8402 Chapter 51 Management Commands Page 5 - 1 AT8402 CLI Reference Manual
Management Commands 5. AT8402 Management Commands This chapter describes the management commands available in the CLI. The Management Commands chapter contains the following sections: • • • • • • • • • • • • • • • • 5.1 “Network Interface Commands” on page 5 - 2 5.2 “Console Port Access Commands” on page 5 - 5 5.3 “Telnet Commands” on page 5 - 6 5.4 “Secure Shell (SSH) Command” on page 5 - 10 5.5 “User Account Commands” on page 5 - 12 5.6 “SNMP Commands” on page 5 - 15 5.
AT8402 5.1.3 Management Commands serviceport protocol This command specifies the network management port configuration protocol. If you modify this value, the change is effective immediately. If you use the bootp parameter, the switch periodically sends requests to a BootP server until a response is received. If you use the dhcp parameter, the switch periodically sends requests to a DHCP server until a response is received.
Management Commands Mode 5.1.7.1 AT8402 Privileged EXEC no network mac-type This command resets the value of MAC address to its default. 5.1.8 Format no network mac-type Mode Privileged EXEC show network This command displays configuration settings associated with the switch's network interface. The network interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel ports.
AT8402 Management Commands Mode Privileged EXEC IP Address The IP address of the interface. The factory default value is 0.0.0.0 Subnet Mask The IP subnet mask for this interface. The factory default value is 0.0.0.0 Default Gateway The default gateway for this IP interface. The factory default value is 0.0.0.0 ServPort Configuration Protocol Current The network protocol used on the last, or current power-up cycle, if any. Burned in MAC Address The burned in MAC address used for in-band connectivity.
Management Commands 5.2.4 AT8402 serial timeout This command specifies the maximum connect time (in minutes) without console activity. A value of 0 indicates that a console can be connected indefinitely. The time range is 0 to 160. 5.2.4.1 Default 5 Format serial timeout Mode Line Config <0-160> no serial timeout This command sets the maximum connect time (in minutes) without console activity. 5.2.
AT8402 5.3.1.1 Management Commands Default enabled Format ip telnet server enable Mode Privileged EXEC no ip telnet server enable Use this command to disable Telnet access to the system and to disable the Telnet Server Admin Mode. This command closes the Telnet listening port and disconnects all open Telnet sessions. 5.3.2 Format no ip telnet server enable Mode Privileged EXEC telnet This command establishes a new outbound Telnet connection to a remote host.
Management Commands 5.3.4.1 AT8402 Default enabled Format transport output telnet Mode Line Config no transport output telnet Use this command to prevent new outbound Telnet connection from being established. 5.3.5 Format no transport output telnet Mode Line Config session-limit This command specifies the maximum number of simultaneous outbound Telnet sessions. A value of 0 indicates that no outbound Telnet session can be established. 5.3.5.
AT8402 Management Commands Mode 5.3.7.1 Privileged EXEC no telnetcon maxsessions This command sets the maximum number of Telnet connection sessions that can be established to the default value. 5.3.8 Format no telnetcon maxsessions Mode Privileged EXEC telnetcon timeout This command sets the Telnet connection session timeout value, in minutes. A session is active as long as the session has not been idle for the value set. The time is a decimal value from 1 to 160.
Management Commands AT8402 Connection From IP address of the Telnet client machine or EIA-232 for the serial port connection. Idle Time Time this session has been idle. Session Time Total time this session has been connected. 5.3.11 show telnet This command displays the current outbound Telnet settings. In other words, these settings apply to Telnet connections initiated from the switch to a remote system.
AT8402 5.4.1.1 Management Commands Default disabled Format ip ssh Mode Privileged EXEC no ip ssh Use this command to disable SSH access to the system. 5.4.2 Format no ip ssh Mode Privileged EXEC ip ssh protocol This command is used to set or remove protocol levels (or versions) for SSH. Either SSH1 (1), SSH2 (2), or both SSH 1 and SSH 2 (1 and 2) can be set. 5.4.
Management Commands 5.4.5 AT8402 sshcon timeout This command sets the SSH connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set. The time is a decimal value from 1 to 160. Changing the timeout value for active sessions does not become effective until the session is re accessed. Also, any keystroke activates the new timeout duration. 5.4.5.
AT8402 Management Commands NOTE: The is not case sensitive when you add and delete users, and when the user logs in. However, when you use the to set the user password, authentication, or encryption, you must enter the in the same case you used when you added the user. To see the case of the , enter the show users command. 5.5.1.1 Format users name Mode Global Config no users name This command removes a user account.
Management Commands 5.5.3.1 AT8402 Default admin - readwrite other - readonly Format users snmpv3 accessmode Mode Global Config {readonly | readwrite} no users snmpv3 accessmode This command sets the snmpv3 access privileges for the specified user as readwrite for the “admin” user and readonly for all other users. The value is the user name for which the specified access mode will apply. 5.5.
AT8402 5.5.5.1 Management Commands Format users snmpv3 encryption Mode Global Config {none | des[key]} no users snmpv3 encryption This command sets the encryption protocol to none. The is the login user name for which the specified encryption protocol will be used. 5.5.6 Format no users snmpv3 encryption Mode Global Config show users This command displays the configured user names and their settings.
Management Commands 5.6.2 AT8402 snmp-server community This command adds (and names) a new SNMP community. A community is a name associated with the switch and with a set of SNMP managers that manage it with a specified privileged level. The length of can be up to 16 case-sensitive characters. NOTE: Community names in the SNMP Community Table must be unique.
AT8402 5.6.4.1 Management Commands Default 0.0.0.0 Format snmp-server community ipmask Mode Global Config no snmp-server community ipmask This command sets a client IP mask for an SNMP community to 0.0.0.0. The name is the applicable community name. The community name may be up to 16 alphanumeric characters. 5.6.5 Format no snmp-server community ipmask Mode Global Config snmp-server community mode This command activates an SNMP community.
Management Commands 5.6.8 AT8402 snmp-server enable traps violation This command enables the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port. NOTE: For other port security commands, see 2.6 “Protected Ports Commands” on page 2 - 30. 5.6.8.1 Default disabled Format snmp-server enable traps violation Mode Interface Config no snmp-server enable traps violation This command disables the sending of new violation traps. 5.6.
AT8402 5.6.11 Management Commands snmp-server enable traps linkmode This command enables Link Up/Down traps for the entire switch. When enabled, link traps are sent only if the Link Trap flag setting associated with the port is enabled. See “snmp trap link-status” on page 5 - 21. 5.6.11.1 Default enabled Format snmp-server enable traps linkmode Mode Global Config no snmp-server enable traps linkmode This command disables Link Up/Down traps for the entire switch. 5.6.
Management Commands 5.6.14 AT8402 snmptrap This command adds an SNMP trap receiver. The maximum length of is 16 case-sensitive alphanumeric characters. The is the version of SNMP. The version parameter options are snmpv1 or snmpv2. NOTE: The parameter does not need to be unique, however; the and pair must be unique. Multiple entries can exist with the same , as long as they are associated with a different . The reverse scenario is also acceptable.
AT8402 5.6.17.1 Management Commands Format snmptrap mode Mode Global Config no snmptrap mode This command deactivates an SNMP trap. Disabled trap receivers are unable to receive traps. 5.6.18 Format no snmptrap mode Mode Global Config snmp trap link-status This command enables link status traps by interface. NOTE: This command is valid only when the Link Up/Down Flag is enabled. See “snmp-server enable traps linkmode” on page 5 - 19. 5.6.18.
Management Commands AT8402 The SNMP agent of the switch complies with SNMP Versions 1, 2 or 3. For more information about the SNMP specification, see the SNMP RFCs. The SNMP agent sends traps through TCP/IP to an external SNMP manager based on the SNMP configuration (the trap receiver and other SNMP community parameters). Format show snmpcommunity Mode Privileged EXEC SNMP Community Name The community string to which this entry grants access.
AT8402 Management Commands Mode Privileged EXEC Authentication Flag Can be enabled or disabled. The factory default is enabled. Indicates whether authentication failure traps will be sent. Link Up/Down Flag Can be enabled or disabled. The factory default is enabled. Indicates whether link status traps will be sent. Multiple Users Flag Can be enabled or disabled. The factory default is enabled.
Management Commands 5.8.1 AT8402 radius accounting mode This command is used to enable the RADIUS accounting function. 5.8.1.1 Default disabled Format radius accounting mode Mode Global Config no radius accounting mode This command is used to set the RADIUS accounting function to the default value - i.e. the RADIUS accounting function is disabled. 5.8.
AT8402 5.8.3 Management Commands Format no radius server host Mode Global Config {auth | acct} radius server key This command is used to configure the shared secret between the RADIUS client and the RADIUS accounting / authentication server. Depending on whether the 'auth' or 'acct' token is used, the shared secret is configured for the RADIUS authentication or RADIUS accounting server. The IP address provided must match a previously configured server.
Management Commands 5.8.6.1 AT8402 no radius server retransmit This command sets the maximum number of times a request packet is re-transmitted, to the default value. 5.8.7 Format no radius server retransmit Mode Global Config radius server timeout This command sets the timeout value (in seconds) after which a request must be retransmitted to the RADIUS server if no response is received. The timeout value is an integer in the range of 1 to 30. 5.8.7.
AT8402 Management Commands Message Authenticator The message authenticator attribute for the selected server, which can be enables or disables. 5.8.9 show radius accounting This command is used to display the configured RADIUS accounting mode, accounting server and the statistics for the configured accounting server.
Management Commands 5.8.10 AT8402 show radius statistics This command is used to display the statistics for RADIUS or configured server. To show the configured RADIUS server statistic, the IP address specified must match that of a previously configured RADIUS server. On execution, the following fields are displayed. Format show radius statistics Mode Privileged EXEC [] If you do not specify the IP address, then only Invalid Server Address field is displayed.
AT8402 5.9 Management Commands TACACS+ Commands TACACS+ provides access control for networked devices via one or more centralized servers. Similar to RADIUS, this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network. TACACS+ is based on the TACACS protocol (described in RFC1492) but additionally provides for separate authentication, authorization, and accounting services.
Management Commands 5.9.3 AT8402 tacacs-server timeout Use the tacacs-server timeout command to set the timeout value for communication with the TACACS+ servers. The parameter has a range of 1-30 and is the timeout value in seconds. 5.9.3.1 Default 5 Format tacacs-server timeout Mode Global Config no tacacs-server timeout Use the no tacacs-server timeout command to restore the default timeout value for all TACACS servers. 5.9.
AT8402 5.9.7 Management Commands timeout Use the timeout command in TACACS Configuration mode to specify the timeout value in seconds. If no timeout value is specified, the global value is used. The parameter has a range of 1-30 and is the timeout value in seconds. 5.9.8 Format timeout Mode TACACS Config show tacacs Use the show tacacs command to display the configuration and statistics of a TACACS+ server. 5.
Management Commands AT8402 show telnet !Displays the information about remote connections ! Display information about direct connections show serial ! End of the script file! NOTE: To specify a blank password for a user in the configuration script, you must specify it as a space within quotes. For example, to change the password for user jane from a blank password to hello, the script entry is as follows: users passwd jane " " hello hello 5.10.
AT8402 Management Commands used as a tool for script development. Validation identifies potential problems. It might not identify all problems with a given script on any given device. 5.11 Format script validate Mode Privileged EXEC Pre-login Banner and System Prompt Commands This section describes the commands you use to configure the pre-login banner and the system prompt. The pre-login banner is the text that displays before you login at the User: prompt. 5.11.
Management Commands 5.12.2 AT8402 Default disabled (0) Format set set set set set Mode Privileged EXEC watchdog watchdog watchdog watchdog watchdog bist <0,60-6000> osloader <0,120-6000> init <0,120-6000> application <0,120-6000> heartbeat <0,1-6000> show watchdog This command displays the watchdog settings.
AT8402 Management Commands none). This ports must be specified, all not specified ports are set downstream. Below all sensible combinations are listed.
Management Commands AT8402 On the AT8402, any of the AMC slots or the update channel can be configured to be upstream or NT-port. Programming the address translation mapping to support the cross-domain traffic must be done by the enumerating root complex! Dual Host Mode The dual host mode is similar to the intelligent adapter mode as any of the AMC slots or the update channel can be configured to be the upstream port or NT-port.
AT8402 Management Commands set board storage connect amcb3 sas set board storage connect amcb4 amcb2 set board storage connect amcb4 sas Mode 5.15.2 Privileged EXEC show boardinfo storage This commands displays information about a connection from an AMC to a storage modul. 5.15.
Management Commands • • • • 5.16.
AT8402 5.16.8 Management Commands set board clock map This command selects/deselects a source for a backplane clock. If a source is selected the attributes (frequency) must be set too. Other attributes are fixed (direction=source, family=1, accuracy=50).
Management Commands AT8402 CLI Reference Manual AT8402 Page 5 - 40
AT8402 Getting Help Appendix A Getting Help Page A - 1 AT8402 CLI Reference Manual
AT8402 A. Getting Help Getting Help If at any time you encounter difficulties with your application or with any of our products, or if you simply need guidance on system setups and capabilities, contact our Technical Support at: North America EMEA Tel.: (450) 437-5682 Tel.: +49 (0) 8341 803 xxx Fax: (450) 437-8053 Fax: +49 (0) 8341 803 xxx If you have any questions about Kontron, our products, or services, visit our Web site at: www.kontron.
AT8402 Getting Help RETURNING DEFECTIVE MERCHANDISE Before returning any merchandise please do one of the following if your product malfunctions: • Call 1. Call our Technical Support department in North America at (450) 437-5682 and in EMEA at +49 (0) 8341 803 xxx. Make sure you have the following on hand: our Invoice #, your Purchase Order #, and the Serial Number of the defective unit. 2.
AT8402 Getting Help WHEN RETURNING A UNIT • In the box, you have to include the name and telephone number of a person whom we can contact for further explanations if necessary when returning goods. Where applicable, always include all duty papers and invoice(s) associated with the item(s) in question. • Ensure that the unit is properly packed. Pack it in a rigid cardboard box. • Clearly write or mark the RMA number on the outside of the package you are returning. • Ship prepaid.
AT8402 Getting Help Return to Manufacturer Authorization Request Contact Name: __________________________________________________________ Company Name: __________________________________________________________ Street Address: __________________________________________________________ City: ________________________ Province/State: Country: ________________________ Postal/Zip Code: _______________________ Phone Number: ________________________ Extension: _______________________ Fax Number:
AT8402 Appendix B List of Commands AT8402 CLI Reference Manual
List of Commands PRELIMINARY B. AT8402 List of Commands {deny | permit} ................................................................................................................... 3 - 21 access-list ........................................................................................................................... 3 - 24 acl-trapflags ........................................................................................................................ 3 - 26 addport ...................
List of Commands debug clear ..........................................................................................................................4 - 43 debug console .....................................................................................................................4 - 43 debug igmpsnooping packet ...............................................................................................4 - 47 debug igmpsnooping packet receive .....................................................
PRELIMINARY List of Commands AT8402 ekeying (interface) ............................................................................................................. 4 - 5 enable (Privileged EXEC access) ...................................................................................... 5 - 2 enable passwd .................................................................................................................... 4 - 25 hardware-address .........................................................
List of Commands mark ip-dscp .......................................................................................................................3 - 13 mark ip-precedence ............................................................................................................3 - 14 match any ............................................................................................................................3 - 8 match class-map .................................................................
PRELIMINARY List of Commands AT8402 no debug lacp packet........................................................................................................... 4 - 50 no debug ospf packet .......................................................................................................... 4 - 50 no debug ping packet .......................................................................................................... 4 - 47 no debug rip packet ................................................
List of Commands no lldp transmit-tlv ..............................................................................................................2 - 70 no logging buffered wrap ....................................................................................................4 - 20 no logging buffered .............................................................................................................4 - 20 no logging cli-command..................................................................
PRELIMINARY List of Commands AT8402 no radius server timeout...................................................................................................... 5 - 26 no serial baudrate ................................................................................................................ 5 - 5 no serial timeout.................................................................................................................. 5 - 6 no service dhcp ...............................................
List of Commands no sntp unicast client poll-timeout ......................................................................................4 - 29 no spanning-tree configuration name ..................................................................................2 - 7 no spanning-tree configuration revision ..............................................................................2 - 7 no spanning-tree edgeport ...........................................................................................
PRELIMINARY List of Commands AT8402 no vlan acceptframe ............................................................................................................ 2 - 18 no vlan association mac ...................................................................................................... 2 - 25 no vlan association subnet .................................................................................................. 2 - 25 no vlan ingressfilter.................................................
List of Commands script apply .........................................................................................................................5 - 32 script delete .........................................................................................................................5 - 32 script list .............................................................................................................................5 - 32 script show .......................................................
PRELIMINARY List of Commands AT8402 show arp switch .................................................................................................................. 4 - 6 show atca ekeying .............................................................................................................. 4 - 5 show authentication ........................................................................................................... 2 - 43 show authentication users ........................................
List of Commands show igmpsnooping mrouter interface ...............................................................................2 - 65 show igmpsnooping mrouter vlan ......................................................................................2 - 65 show interface .....................................................................................................................4 - 7 show interface ethernet ......................................................................................
PRELIMINARY List of Commands AT8402 show port-security dynamic ............................................................................................... 2 - 68 show port-security static .................................................................................................... 2 - 68 show port-security violation .............................................................................................. 2 - 68 show radius ..................................................................
List of Commands snmp-server community .....................................................................................................5 - 16 snmp-server community ipaddr ..........................................................................................5 - 16 snmp-server community ipmask .........................................................................................5 - 16 snmp-server community mode ......................................................................................
PRELIMINARY List of Commands AT8402 storm-control broadcast ..................................................................................................... 2 - 46 storm-control broadcast all ................................................................................................ 2 - 47 storm-control broadcast all level ........................................................................................ 2 - 47 storm-control broadcast level ................................................
AT8402 List of Commands PRELIMINARY vlan port pvid all .................................................................................................................2 - 21 vlan port tagging all ............................................................................................................2 - 21 vlan priority ........................................................................................................................2 - 30 vlan protocol group ....................................
AT8402 PRELIMINARY List of Commands AT8402 CLI Reference Manual Page B - 18
