AT8404 CLI Reference Manual AdvancedTCA M5307_TECH_2 2.
Revision History Publication Title: AT8404 CLI Reference Manual ID Number: M5307_TECH_2 Rev. Index Brief Description of Changes Date of Issue 2.00 First Release for AT8404 04 Sept. 2007 2.01 Update commands to FASTPATH 5.0.1.9 19 Dec. 2007 2.02 Update for FASTPATH 5.2, BETA Manual 15 May, 2009 2.03 Final Manual for FASTPATH 5.2 28 July, 2009 2.04 Remove sntp multicast commands, add stratum3 accurency to set board clock commands, add comment for clear config command 13 Nov, 2009 2.
AT8404 Preface About This Book This document describes command-line interface (CLI) commands you use to view and configure FASTPATH software. You can access the CLI by using a direct connection to the serial port or by using telnet or SSH over a remote network connection. This document is for system administrators who configure and operate systems using FASTPATH software. It provides an understanding of the configuration options of the FASTPATH software.
Preface AT8404 Environmental Protection Statement This product has been manufactured to satisfy environmental protection requirements where possible. Many of the components used (structural parts, printed circuit boards, connectors, batteries, etc.) are capable of being recycled. Final disposition of this product after its service life must be accomplished in accordance with applicable country, state, or local laws or regulations.
AT8404 Preface Caution, Electric Shock! Indicates that you must enter a value in place of the brackets and text inside them. Before installing your new Kontron product into a system always ensure that your mains power is switched off. This applies also to the installation of piggybacks. Serious electrical shock hazards can exist during all installation, repair and maintenance operations with this product.
Preface AT8404 Kontron Modular Computers GmbH warrants their own products, excluding software, to be free from manufacturing and material defects for a period of 24 consecutive months from the date of purchase. This warranty is not transferable nor extendible to cover any other users or long-term storage of the product. It does not cover products which have been modified, altered or repaired by any other party than Kontron Modular Computers GmbH or their authorized agents.
AT8404 Revision History .........................................................................................................ii Imprint ........................................................................................................................ii Disclaimer ..................................................................................................................ii About This Book ........................................................................................................
AT8404 2.1 Port Configuration Commands ................................................................2 - 2 2.1.1 interface ........................................................................................2 - 3 2.1.2 auto-negotiate ...............................................................................2 - 3 2.1.3 auto-negotiate all ..........................................................................2 - 3 2.1.4 advertise speed ...........................................................
AT8404 2.3 VLAN Commands ................................................................................. 2 - 20 2.3.1 vlan database ............................................................................. 2 - 20 2.3.2 network mgmt_vlan .................................................................... 2 - 21 2.3.3 vlan ............................................................................................ 2 - 21 2.3.4 vlan acceptframe ..........................................................
AT8404 2.7.2 switchport protected (Interface Config) .......................................2 - 35 2.7.3 show switchport protected ..........................................................2 - 36 2.7.4 show interfaces switchport .........................................................2 - 36 2.8 GARP Commands .................................................................................2 - 36 2.8.1 set garp timer join .......................................................................2 - 36 2.8.
AT8404 2.12.2 storm-control broadcast level ..................................................... 2 - 52 2.12.3 storm-control broadcast rate ...................................................... 2 - 53 2.12.4 storm-control broadcast all ......................................................... 2 - 53 2.12.5 storm-control broadcast all level ................................................ 2 - 54 2.12.6 storm-control broadcast all rate ................................................. 2 - 54 2.12.
AT8404 2.13.27 port lacpmode all ........................................................................2 - 70 2.13.28 port lacptimeout (Interface Config) .............................................2 - 70 2.13.29 port lacptimeout (Global Config) .................................................2 - 71 2.13.30 port-channel adminmode ............................................................2 - 71 2.13.31 port-channel linktrap ...................................................................2 - 72 2.
AT8404 2.16.18 show ip verify source ................................................................. 2 - 86 2.16.19 show ip source binding .............................................................. 2 - 87 2.17 Dynamic ARP Inspection Commands ................................................... 2 - 88 2.17.1 ip arp inspection vlan ................................................................. 2 - 88 2.17.2 ip arp inspection validate ...........................................................
AT8404 2.20.9 show mldsnooping ....................................................................2 - 106 2.20.10 show mldsnooping mrouter interface ........................................2 - 107 2.20.11 show mldsnooping mrouter vlan ...............................................2 - 107 2.20.12 show mac-address-table mldsnooping .....................................2 - 107 2.21 MLD Snooping Querier Commands .....................................................2 - 108 2.21.1 set mld querier .............
AT8404 2.24.8 show lldp med .......................................................................... 2 - 123 2.24.9 show lldp med interface ........................................................... 2 - 123 2.24.10 show lldp med local-device detail ............................................. 2 - 124 2.24.11 show lldp med remote-device .................................................. 2 - 125 2.24.12 show lldp med remote-device detail ......................................... 2 - 125 2.
AT8404 Chapter 3. 3 Quality of Service (QoS) Commands ...........................................................3 - 2 3.1 Class of Service (CoS) Commands .........................................................3 - 2 3.1.1 classofservice dot1p-mapping ......................................................3 - 2 3.1.2 classofservice ip-dscp-mapping ...................................................3 - 3 3.1.3 classofservice trust .......................................................................
AT8404 3.3.18 match srcip6 ............................................................................... 3 - 16 3.3.19 match srcl4port .......................................................................... 3 - 16 3.3.20 match vlan .................................................................................. 3 - 16 3.3.21 match secondary-vlan ................................................................ 3 - 16 3.4 DiffServ Policy Commands .......................................................
AT8404 3.9.1 ipv6 access-list ...........................................................................3 - 35 3.9.2 ipv6 access-list rename ..............................................................3 - 36 3.9.3 {deny | permit} (IPv6) ..................................................................3 - 36 3.9.4 ipv6 traffic-filter ...........................................................................3 - 37 3.9.5 show ipv6 access-lists .............................................................
AT8404 4.4.16 show boardinfo event-log ........................................................... 4 - 17 4.4.17 show boardinfo update-status .................................................... 4 - 18 4.4.18 show boardinfo version .............................................................. 4 - 18 4.4.19 show boardinfo address ............................................................. 4 - 18 4.4.20 show boardinfo fru ..................................................................... 4 - 18 4.4.
AT8404 4.6.16 copy ............................................................................................4 - 29 4.6.17 delete nvram:extra-profile ...........................................................4 - 31 4.6.18 set bootstopkey ..........................................................................4 - 31 4.7 Simple Network Time Protocol (SNTP) Commands ..............................4 - 32 4.7.1 sntp broadcast client poll-interval ...............................................4 - 32 4.7.
AT8404 4.9.2 ip dhcp filtering trust ................................................................... 4 - 46 4.9.3 show ip dhcp filtering ................................................................. 4 - 46 4.10 DNS Client Commands ......................................................................... 4 - 46 4.10.1 ip domain lookup ........................................................................ 4 - 46 4.10.2 ip domain name .................................................................
AT8404 Chapter 5. 5 Management Commands .............................................................................5 - 2 5.1 Network Interface Commands .................................................................5 - 2 5.1.1 enable (Privileged EXEC access) .................................................5 - 2 5.1.2 serviceport ip ................................................................................5 - 2 5.1.3 serviceport protocol .........................................................
AT8404 5.6 Access Commands ............................................................................... 5 - 14 5.6.1 disconnect .................................................................................. 5 - 14 5.6.2 show loginsession ...................................................................... 5 - 14 5.7 User Account Commands ..................................................................... 5 - 15 5.7.1 users name ....................................................................
AT8404 5.8.26 show boardinfo snmp site ...........................................................5 - 30 5.8.27 set board snmp ipmi-trap ............................................................5 - 30 5.8.28 set board snmp ipmi-trap interval ...............................................5 - 30 5.8.29 set board snmp ipmi-trap filter ....................................................5 - 30 5.8.30 enable (filter) ...............................................................................5 - 31 5.8.
AT8404 5.13.1 diagnostics ................................................................................. 5 - 47 5.13.2 show logging diag-report ............................................................ 5 - 47 5.14 PCI express Commands ....................................................................... 5 - 47 5.14.1 show boardinfo pcie ................................................................... 5 - 47 5.15 Storage Commands ...................................................................
AT8404 Appendix C. C List of Commands .......................................................................................
AT8404 Chapter 1 Using the Command-Line Interface Page 1 - 1 AT8404 CLI Reference Manual
Using the Command-Line Interface 1. AT8404 Using the Command-Line Interface The command-line interface (CLI) is a text-based way to manage and monitor the system. You can access the CLI by using a direct serial connection or by using a remote logical connection with telnet or SSH. This chapter describes the CLI syntax, conventions, and modes. It contains the following sections: • 1.1 “Command Syntax” on page 1 - 2 • 1.2 “Command Conventions” on page 1 - 2 • 1.
AT8404 Using the Command-Line Interface The parameters for a command might include mandatory values, optional values, or keyword choices. Table 1 describes the conventions this document uses to distinguish between value types. Table 1: Parameter Conventions Symbol Example Description <> angle brackets Indicates that you must enter a value in place of the brackets and text inside them.
Using the Command-Line Interface 1.4 AT8404 Slot/Port Naming Convention FASTPATH software references physical entities such as cards and ports by using a slot/port naming convention. The FASTPATH software also uses this convention to identify certain logical entities, such as Port-Channel interfaces. The slot number has two uses. In the case of physical ports, it identifies the card containing the ports. In the case of logical and CPU ports it also identifies the type of interface or port.
AT8404 Using the Command-Line Interface modules. Additionally, for some show commands, the output fields might change based on the modules included in the FASTPATH software. The FASTPATH software suite includes the following modules: • Switching (Layer 2) • Quality of Service • Management (CLI and SNMP) Not all modules are available for all platforms or software releases. 1.7 Command Modes The CLI groups commands into modes according to the command function.
Using the Command-Line Interface AT8404 Table 5: CLI Command Modes (Continued) Command Mode Prompt Mode Description MAC Access-list Config Switch (Config-mac-access-list)# Allows you to create a MAC Access-List and to enter the mode containing MAC AccessList configuration commands. TACACS Config Switch (Tacacs)# Contains commands to configure properties for the TACACS servers. DHCP Pool Config Switch (Config dhcp-pool)# Contains the DHCP server IP address pool configuration commands.
AT8404 1.8 Using the Command-Line Interface Command Completion and Abbreviation Command completion finishes spelling the command when you type enough letters of a command to uniquely identify the command keyword. Once you have entered enough letters, press the SPACEBAR or TAB key to complete the word. Command abbreviation allows you to execute a command when you have entered there are enough letters to uniquely identify the command.
Using the Command-Line Interface AT8404 Table 8: CLI Editing Conventions (Continued) Key Sequence Description Ctrl-S Disables serial flow Ctrl-Z Return to root command prompt Tab, Command-line completion Exit Go to next lower command prompt ? List available commands, keywords, or parameters 1.11 Using CLI Help Enter a question mark (?) at the command prompt to display the commands available in the current mode.
AT8404 Using the Command-Line Interface For the initial connection, you must use a direct connection to the console port. You cannot access the system remotely until the system has an IP address, subnet mask, and default gateway. You can set the network configuration information manually, or you can configure the system to accept these settings from a BOOTP or DHCP server on your network. For more information, see 5.1 “Network Interface Commands” on page 5 - 2.
Using the Command-Line Interface AT8404 CLI Reference Manual Page 1 - 10 AT8404
AT8404 Chapter 21 Switching Commands Page 2 - 1 AT8404 CLI Reference Manual
Switching Commands 2. AT8404 Switching Commands This chapter describes the switching commands available in the FASTPATH CLI. The Switching Commands chapter includes the following sections: • 2.1 “Port Configuration Commands” on page 2 - 2 • 2.2 “Spanning Tree Protocol (STP) Commands” on page 2 - 7 • 2.3 “VLAN Commands” on page 2 - 20 • 2.4 “Double VLAN Commands” on page 2 - 30 • 2.5 “Voice VLAN Commands” on page 2 - 32 • 2.6 “Provisioning (IEEE 802.1p) Commands” on page 2 - 34 • 2.
AT8404 2.1.1 Switching Commands interface This command gives you access to the Interface Config mode, which allows you to enable or modify the operation of an interface (port). Format interface Mode Global Config 2.1.2 auto-negotiate This command enables automatic negotiation on a port. Default enabled Format auto-negotiate Mode Interface Config 2.1.2.1 no auto-negotiate This command disables automatic negotiation on a port.
Switching Commands 2.1.4.1 AT8404 no advertise speed This command resets auto-negotiation advertised speed parameters. Format no advertise speed <1000 | 100 | 10> [] Mode Interface Config 2.1.5 show advertise speed This command lists the auto-negotiation advertised speed parameters. The values are listed for a specified interface. Format show advertise speed Mode Privileged Exec 2.1.6 block This command sets a port in blocking mode.
AT8404 Switching Commands Format mtu <1518-9216> Mode Interface Config 2.1.8.1 no mtu This command sets the default MTU size (in bytes) for the interface. Format no mtu Mode Interface Config 2.1.9 shutdown This command disables a port. Note: You can use the shutdown command on physical and port-channel (LAG) interfaces, but not on VLAN routing interfaces. Default enabled Format shutdown Mode Interface Config 2.1.9.1 no shutdown This command enables a port.
Switching Commands 2.1.11 AT8404 speed This command sets the speed and duplex setting for the interface. Format speed {<100 | 10> } Mode Interface Config Acceptable Values Definition 100h 100BASE-T half duplex 100f 100BASE-T full duplex 10h 10BASE-T half duplex 10f 10BASE-T full duplex 2.1.12 speed all This command sets the speed and duplex setting for all interfaces.
AT8404 Switching Commands Term Definition Link Trap This object determines whether or not to send a trap when link status changes. The factory default is enabled. LACP Mode LACP is enabled or disabled on this port. 2.1.14 show port protocol This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated group.
Switching Commands 2.2.2 AT8404 spanning-tree bpdufilter Use this command to enable BPDU Filter on the interface. Default disabled Format spanning-tree bpdufilter Mode Interface Config 2.2.2.1 no spanning-tree bpdufilter Use this command to disable BPDU Filter on the interface. Default disabled Format no spanning-tree bpdufilter Mode Interface Config 2.2.3 spanning-tree bpdufilter default Use this command to enable BPDU Filter on all the edge port interfaces.
AT8404 2.2.5 Switching Commands spanning-tree bpduguard Use this command to enable BPDU Guard on the switch. Default disabled Format spanning-tree bpduguard Mode Global Config 2.2.5.1 no spanning-tree bpduguard Use this command to disable BPDU Guard on the switch. Default disabled Format no spanning-tree bpduguard Mode Global Config 2.2.6 spanning-tree bpdumigrationcheck Use this command to force a transmission of rapid spanning tree (RSTP) and multiple spanning tree (MSTP) BPDUs.
Switching Commands AT8404 Mode Global Config 2.2.8.1 no spanning-tree configuration revision This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using to the default value. Format no spanning-tree configuration revision Mode Global Config 2.2.9 spanning-tree edgeport This command specifies that this port is an Edge Port within the common and internal spanning tree.
AT8404 2.2.11 Switching Commands spanning-tree forward-time This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree. The forward-time value is in seconds within a range of 4 to 30, with the value being greater than or equal to “(Bridge Max Age / 2) + 1”. Default 15 Format spanning-tree forward-time <4-30> Mode Global Config 2.2.11.
Switching Commands AT8404 Format no spanning-tree max-age Mode Global Config 2.2.14 spanning-tree max-hops This command sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree. The max-hops value is a range from 1 to 127. Default 20 Format spanning-tree max-hops <1-127> Mode Global Config 2.2.14.1 no spanning-tree max-hops This command sets the Bridge Max Hops parameter for the common and internal spanning tree to the default value.
AT8404 2.2.15.1 Switching Commands no spanning-tree mst This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance, or in the common and internal spanning tree to the respective default values. If you specify an parameter that corresponds to an existing multiple spanning tree instance, you are configuring that multiple spanning tree instance.
Switching Commands AT8404 to 61440. The twelve least significant bits are masked according to the 802.1s specification. This causes the priority to be rounded down to the next lower valid priority. Default 32768 Format spanning-tree mst priority <0-61440> Mode Global Config 2.2.17.1 no spanning-tree mst priority This command sets the bridge priority for a specific multiple spanning tree instance to the default value.
AT8404 2.2.19.1 Switching Commands no spanning-tree port mode This command sets the Administrative Switch Port State for this port to disabled. Format no spanning-tree port mode Mode Interface Config 2.2.20 spanning-tree port mode all This command sets the Administrative Switch Port State for all ports to enabled. Default disabled Format spanning-tree port mode all Mode Global Config 2.2.20.
Switching Commands 2.2.23 AT8404 show spanning-tree This command displays spanning tree settings for the common and internal spanning tree. The following details are displayed. Format show spanning-tree Mode • Privileged EXEC • User EXEC Term Definition Bridge Priority Specifies the bridge priority for the Common and Internal Spanning tree (CST). The value lies between 0 and 61440. It is displayed in multiples of 4096. Bridge Identifier The bridge identifier for the CST.
AT8404 Switching Commands Term Definition Bridge Max Age Configured value. Bridge Max Hops Bridge max-hops count for the device. Bridge Hello Time Configured value. Bridge Forward Delay Configured value. Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs). 2.2.25 show spanning-tree interface This command displays the settings and parameters for a specific switch port within the common and internal spanning tree.
Switching Commands AT8404 Mode • Privileged EXEC • User EXEC Term Definition MST Instance ID The ID of the existing MST instance. Port Identifier The port identifier for the specified port within the selected MST instance. It is made up from the port priority and the interface number of the port. Port Priority The priority for a particular port within the selected MST instance. The port priority is displayed in multiples of 16. Port Forwarding State Current spanning tree state of this port.
AT8404 Switching Commands Term Definition Edge Port Status The derived value of the edge port status. True if operating as an edge port; false otherwise. Point To Point MAC Status Derived value indicating if this port is part of a point to point link. CST Regional Root The regional root identifier in use for this port. CST Port Cost The configured path cost for this port. 2.2.
Switching Commands 2.2.29 AT8404 show spanning-tree summary This command displays spanning tree settings and parameters for the switch. The following details are displayed on execution of the command. Format show spanning-tree summary Mode • Privileged EXEC • User EXEC Term Definition Spanning Tree Adminmode Enabled or disabled. Spanning Tree Version Version of 802.1 currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE 802.1d) based upon the Force Protocol Version parameter.
AT8404 2.3.2 Switching Commands network mgmt_vlan This command configures the Management VLAN ID. Default 1 Format network mgmt_vlan <1-4069> Mode Privileged EXEC 2.3.2.1 no network mgmt_vlan This command sets the Management VLAN ID to the default. Format no network mgmt_vlan Mode Privileged EXEC 2.3.3 vlan This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). VLAN range is 2-4094.
Switching Commands 2.3.5 AT8404 vlan ingressfilter This command enables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN. Default disabled Format vlan ingressfilter Mode Interface Config 2.3.5.1 no vlan ingressfilter This command disables ingress filtering.
AT8404 2.3.8 Switching Commands vlan participation This command configures the degree of participation for a specific interface in a VLAN. The ID is a valid VLAN identification number, and the interface is a valid interface number. Format vlan participation {exclude | include | auto} <1-4094> Mode Interface Config Participation options are: Participation Options Definition include The interface is always a member of this VLAN. This is equivalent to registration fixed.
Switching Commands AT8404 With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification. 2.3.10.1 no vlan port acceptframe all This command sets the frame acceptance mode for all interfaces to Admit All. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.
AT8404 2.3.13 Switching Commands vlan port tagging all This command configures the tagging behavior for all interfaces in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. Format vlan port tagging all <1-4094> Mode Global Config 2.3.13.1 no vlan port tagging all This command configures the tagging behavior for all interfaces in a VLAN to disabled.
Switching Commands 2.3.16 AT8404 vlan protocol group remove This command removes the protocol-based VLAN group that is identified by this . Format vlan protocol group remove Mode Global Config 2.3.17 protocol group This command attaches a to the protocol-based VLAN identified by . associated with one VLAN at a time, however the VLAN association can be changed. Default none Format protocol group Mode VLAN Config 2.3.17.
AT8404 Switching Commands Format protocol vlan group all Mode Global Config 2.3.19.1 no protocol vlan group all This command removes all interfaces from this protocol-based VLAN group that is identified by this . Format no protocol vlan group all Mode Global Config 2.3.20 vlan pvid This command changes the VLAN ID per interface. Default 1 Format vlan pvid <1-4094> Mode Interface Config 2.3.20.1 no vlan pvid This command sets the VLAN ID per interface to 1.
Switching Commands 2.3.22.1 AT8404 no vlan association subnet This command removes association of a specific IP-subnet to a VLAN. Format no vlan association subnet Mode VLAN Config 2.3.23 vlan association mac This command associates a MAC address to a VLAN. Format vlan association mac Mode VLAN database 2.3.23.1 no vlan association mac This command removes the association of a MAC address to a VLAN.
AT8404 Switching Commands Term Definition Configured The configured degree of participation of this port in this VLAN. The permissible values are: • Include - This port is always a member of this VLAN. This is equivalent to registration fixed in the IEEE 802.1Q standard. • Exclude - This port is never a member of this VLAN. This is equivalent to registration forbidden in the IEEE 802.1Q standard. • Autodetect - To allow the port to be dynamically registered in this VLAN via GVRP.
Switching Commands AT8404 Term Definition Ingress Filtering May be enabled or disabled. When enabled, the frame is discarded if this port is not a member of the VLAN with which this frame is associated. In a tagged frame, the VLAN is identified by the VLAN ID in the tag. In an untagged frame, the VLAN is the Port VLAN ID specified for the port that received this frame. When disabled, all frames are forwarded in accordance with the 802.1Q VLAN bridge specification. The factory default is disabled.
AT8404 Switching Commands Default vman Format dvlan-tunnel ethertype {802.1Q | vman | custom} [0-65535] Mode Global Config 2.4.2 mode dot1q-tunnel This command is used to enable Double VLAN Tunneling on the specified interface. Default disabled Format mode dot1q-tunnel Mode Interface Config 2.4.2.1 no mode dot1q-tunnel This command is used to disable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled.
Switching Commands AT8404 Mode • Privileged EXEC • User EXEC Term Definition Interface Valid slot and port number separated by a forward slash. Mode The administrative mode through which Double VLAN Tunneling can be enabled or disabled. The default value for this field is disabled. EtherType A 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. There are three different EtherType tags. The first is 802.1Q, which represents the commonly used value of 0x8100.
AT8404 Switching Commands Default disabled Format voice vlan Mode Global Config 2.5.1.1 no voice vlan (Global Config) Use this command to disable the Voice VLAN capability on the switch. Format no voice vlan Mode Global Config 2.5.2 voice vlan (Interface Config) Use this command to enable the Voice VLAN capability on the interface.
Switching Commands Mode AT8404 Privileged EXEC When the interface parameter is not specified, only the global mode of the Voice VLAN is displayed. Term Definition Administrative Mode The Global Voice VLAN mode. When the interface is specified: . Term Definition Voice VLAN Mode The admin mode of the Voice VLAN on the interface. Voice VLAN ID The Voice VLAN ID Voice VLAN Priority The do1p priority for the Voice VLAN on the port.
AT8404 Switching Commands If an interface is configured as a protected port, and you add that interface to a Port Channel or Link Aggregation Group (LAG), the protected port status becomes operationally disabled on the interface, and the interface follows the configuration of the LAG port. However, the protected port configuration for the interface remains unchanged. Once the interface is no longer a member of a LAG, the current configuration for that interface automatically becomes effective. 2.7.
Switching Commands 2.7.3 AT8404 show switchport protected This command displays the status of all the interfaces, including protected and unprotected interfaces. Format show switchport protected Mode • Privileged EXEC • User EXEC Term Definition Group ID The number that identifies the protected port group. Name An optional name of the protected port group. The name can be up to 32 alphanumeric characters long, including blanks. The default is blank.
AT8404 2.8.1.1 Switching Commands no set garp timer join This command sets the GVRP join time (for one or all ports and per GARP) to the default and only has an effect when GVRP is enabled. Format no set garp timer join Mode • Interface Config • Global Config 2.8.2 set garp timer leave This command sets the GVRP leave time for one port (Interface Config mode) or all ports (Global Config mode) and only has an effect when GVRP is enabled.
Switching Commands Mode • Interface Config • Global Config 2.8.4 show garp AT8404 This command displays GARP information. Format show garp Mode • Privileged EXEC • User EXEC Term Definition GMRP Admin Mode The administrative mode of GARP Multicast Registration Protocol (GMRP) for the system. GVRP Admin Mode The administrative mode of GARP VLAN Registration Protocol (GVRP) for the system. 2.
AT8404 2.9.2.1 Switching Commands no set gvrp interfacemode This command disables GVRP on a single port (Interface Config mode) or all ports (Global Config mode). If GVRP is disabled, Join Time, Leave Time and Leave All Time have no effect. Format no set gvrp interfacemode Mode • Interface Config • Global Config 2.9.3 show gvrp configuration This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces.
Switching Commands 2.10.1 AT8404 set gmrp adminmode This command enables GARP Multicast Registration Protocol (GMRP) on the system. Default disabled Format set gmrp adminmode Mode Privileged EXEC 2.10.1.1 no set gmrp adminmode This command disables GARP Multicast Registration Protocol (GMRP) on the system. Format no set gmrp adminmode Mode Privileged EXEC 2.10.
AT8404 Switching Commands Term Definition Join Timer The interval between the transmission of GARP PDUs registering (or re-registering) membership for an attribute. Current attributes are a VLAN or multicast group. There is an instance of this timer on a per-port, per-GARP participant basis. Permissible values are 10 to 100 centiseconds (0.1 to 1.0 seconds). The factory default is 20 centiseconds (0.2 seconds). The finest granularity of specification is 1 centisecond (0.01 seconds).
Switching Commands AT8404 and then the authentication methods are set in the authentication login list. The maximum number of authentication login methods is three. The possible method values are local, radius and reject. The value of local indicates that the user’s locally stored ID and password are used for authentication. The value of radius indicates that the user’s ID and password will be authenticated using the RADIUS server. The value of reject indicates the user is never authenticated.
AT8404 Switching Commands Format dot1x default-login Mode Global Config 2.11.5 dot1x guest-vlan This command configures VLAN as guest vlan on a per port basis. The command specifies an active VLAN as an IEEE 802.1x guest VLAN. The range is 1 to the maximumVLAN ID supported by the platform. Default disabled Format dot1x guest-vlan Mode Interface Config 2.11.5.1 no dot1x guest-vlan This command disables Guest VLAN on the interface.
Switching Commands 2.11.8.1 AT8404 no dot1x max-req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. Format no dot1x max-req Mode Interface Config 2.11.9 dot1x max-users Use this command to set the maximum number of clients supported on the port when MAC-based dot1x authentication is enabled on the port. The maximum users supported per port is dependent on the product.
AT8404 Switching Commands authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant, authenticator and the authentication server. Default auto Format dot1x port-control all {force-unauthorized | force-authorized | auto} Mode Global Config 2.11.11.1 no dot1x port-control all This command sets the authentication mode on all ports to the default value. Format no dot1x port-control all Mode Global Config 2.11.
Switching Commands 2.11.14.1 AT8404 no dot1x system-auth-control This command is used to disable the dot1x authentication support on the switch. Format no dot1x system-auth-control Mode Global Config 2.11.15 dot1x timeout This command sets the value, in seconds, of the timer used by the authenticator state machine on this port. Depending on the token used and the value (in seconds) passed, various timeout configurable parameters are set.
AT8404 2.11.16 Switching Commands dot1x unauthenticated-vlan Use this command to configure the unauthenticated VLAN associated with that port. The unauthenticated VLAN ID can be a valid VLAN ID from 0-Maximum supported VLAN ID. The unauthenticated VLAN must be statically configured in the VLAN database to be operational. By default, the unauthenticated VLAN is 0, i.e. invalid and not operational. Default 0 Format dot1x unauthenticated-vlan Mode Interface Config 2.11.16.
Switching Commands AT8404 Note that the login list associated with the ‘admin’ user can not be changed to prevent accidental lockout from the switch. Format users login Mode Global Config 2.11.20 show authentication This command displays the ordered authentication methods for all authentication login lists. Format show authentication Mode Privileged EXEC Term Definition Authentication Login List The authentication login listname.
AT8404 Term Switching Commands Definition VLAN Assignment Indicates whether assignment of an authorized port to a RADIUS assigned VLAN is allowed Mode (enabled) or not (disabled). If you use the optional parameter summary { | all}, the dot1x configuration for the specified port or all ports are displayed. Term Definition Interface The interface whose configuration is displayed. Control Mode The configured control mode for this port.
Switching Commands AT8404 Term Definition Reauthentication Period The timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place. The value is expressed in seconds and will be in the range of 1 and 65535. Reauthentication Enabled Indicates if reauthentication is enabled on this port. Possible values are ‘True” or “False”. Key Transmission Indicates if the key is transmitted to the supplicant for the specified port.
AT8404 Switching Commands Term Definition Logical Interface The logical port number associated with a client. Interface The physical port to which the supplicant is associated. User Name The user name used by the client to authenticate to the server. Supplicant MAC Address The supplicant device MAC address. Session Time The time since the supplicant is logged on. Filter ID Identifies the Filter ID returned by the RADIUS server when the client was authenticated.
Switching Commands 2.12 AT8404 Storm-Control Commands This section describes commands you use to configure storm-control and view storm-control configuration information. A traffic storm is a condition that occurs when incoming packets flood the LAN, which creates performance degredation in the network. The Storm-Control feature protects against this condition. FASTPATH provides broadcast, multicast, and unicast story recovery for individual interfaces.
AT8404 Switching Commands L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of broadcast traffic is limited to the configured threshold. Default 5 Format storm-control broadcast level <0-100> Mode Interface Config 2.12.2.1 no storm-control broadcast level This command sets the broadcast storm recovery threshold to the default value for an interface and disables broadcast storm recovery.
Switching Commands AT8404 Format no storm-control broadcast all Mode Global Config 2.12.5 storm-control broadcast all level This command configures the broadcast storm recovery threshold for all interfaces as a percentage of link speed and enables broadcast storm recovery. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
AT8404 Switching Commands Format storm-control multicast Mode Interface Config 2.12.7.1 no storm-control multicast This command disables multicast storm recovery mode for an interface. Format no storm-control multicast Mode Interface Config 2.12.8 storm-control multicast level This command configures the multicast storm recovery threshold for an interface as a percentage of link speed and enables multicast storm recovery mode.
Switching Commands 2.12.10 AT8404 storm-control multicast all This command enables multicast storm recovery mode for all interfaces. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold. Default disabled Format storm-control multicast all Mode Global Config 2.12.10.
AT8404 2.12.12.1 Switching Commands no storm-control multicast all rate This command sets the multicast storm recovery threshold to the default value for all interfaces and disables multicast storm recovery. Format no storm-control multicast all rate Mode Global Config 2.12.13 storm-control unicast This command enables unicast storm recovery mode for an interface.
Switching Commands 2.12.15 AT8404 storm-control unicast rate Use this command to configure the unicast storm recovery threshold for an interface in packets per second. If the mode is enabled, unicast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of unicast traffic is limited to the configured threshold.
AT8404 2.12.17.1 Switching Commands no storm-control unicast all level This command sets the unicast storm recovery threshold to the default value and disables unicast storm recovery for all interfaces. Format no storm-control unicast all level Mode Global Config 2.12.18 storm-control unicast all rate Use this command to configure the unicast storm recovery threshold for all interfaces in packets per second.
Switching Commands 2.12.20 AT8404 show storm-control This command displays switch configuration information. If you do not use any of the optional parameters, this command displays global storm control configuration parameters: • Broadcast Storm Recovery Mode may be enabled or disabled. The factory default is disabled. • 802.3x Flow Control Mode may be enabled or disabled. The factory default is disabled.
AT8404 2.13 Switching Commands Port-Channel/LAG (802.3ad) Commands This section describes the commands you use to configure port-channels, which are also known as link aggregation groups (LAGs). Link aggregation allows you to combine multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing.
Switching Commands 2.13.3 AT8404 deleteport (Interface Config) This command deletes the port from the port-channel (LAG). The interface is a logical slot/port number of a configured port-channel. Format deleteport Mode Interface Config 2.13.4 deleteport (Global Config) This command deletes all configured ports from the port-channel (LAG). The interface is a logical slot/port number of a configured port-channel. To clear the port channels, see 4.6.
AT8404 2.13.6.1 Switching Commands no lacp collector max delay Use this command to configure the default port-channel collector max delay. Format no lacp collector max delay Mode Interface Config 2.13.7 lacp actor admin Use this command to configure the LACP actor admin parameters. 2.13.8 lacp actor admin key Use this command to configure the administrative value of the LACP actor admin key. The valid range for is 0-65535.
Switching Commands 2.13.9.1 AT8404 no lacp actor admin state Use this command the configure the default administrative values of actor state as transmitted by the Actor in LACPDUs. Format no lacp actor admin state {individual|longtimeout|passive} Mode Interface Config 2.13.10 lacp actor admin state individual Use this command to set LACP actor admin state to individual. Format lacp actor admin state individual Mode Interface Config Note: This command is only applicable to physical interfaces.
AT8404 2.13.12 Switching Commands lacp actor admin state passive Use this command to set the LACP actor admin state to passive. Format lacp actor admin state passive Mode Interface Config Note: This command is only applicable to physical interfaces. 2.13.12.1 no lacp actor admin state passive Use this command to set the LACP actor admin state to active. Format no lacp actor admin state passive Mode Interface Config 2.13.
Switching Commands AT8404 Note: This command is only applicable to physical interfaces. 2.13.15.1 no lacp actor system priority Use this command to configure the priority value associated with the Actor’s SystemID. Format lacp actor system priority Mode Interface Config 2.13.16 lacp partner admin key Use this command to configure the administrative value of the Key for the protocol partner. The valid range for is 0 to 65535.
AT8404 2.13.18 Switching Commands lacp partner admin state individual Use this command to set LACP partner admin state to individual. Format lacp partner admin state individual Mode Interface Config Note: This command is only applicable to physical interfaces. 2.13.18.1 no lacp partner admin state individual Use this command to set the LACP partner admin state to aggregation. Format no lacp partner admin state individual Mode Interface Config 2.13.
Switching Commands 2.13.20.1 AT8404 no lacp partner admin state passive Use this command to set the LACP partner admin state to active. Format no lacp partner admin state passive Mode Interface Config 2.13.21 lacp partner port id Use this command to configure the LACP partner port id. The valid range for is 0 to 65535. Default 0x80 Format lacp partner port-id Mode Interface Config Note: This command is only applicable to physical interfaces. 2.13.21.
AT8404 2.13.23 Switching Commands lacp partner system-id Use this command to configure the 6-octet MAC Address value representing the administrative value of the Aggregation Port’s protocol Partner’s System ID. The valid range of is 00:00:00:00:00:00 FF:FF:FF:FF:FF. Default 00:00:00:00:00:00 Format lacp partner system-id Mode Interface Config Note: This command is only applicable to physical interfaces. 2.13.23.
Switching Commands Format port-channel static Mode Interface Config 2.13.25.1 no port-channel static AT8404 This command sets the static mode on a particular port-channel (LAG) interface to the default value. This command will be executed only for interfaces of type port-channel (LAG). Format no port-channel static Mode Interface Config 2.13.26 port lacpmode This command enables Link Aggregation Control Protocol (LACP) on a port.
AT8404 2.13.28.1 Switching Commands no port lacptimeout This command sets the timeout back to its default value on a physical interface of a particular device type (actor or partner). Format no port lacptimeout {actor | partner} Mode Interface Config 2.13.29 port lacptimeout (Global Config) This command sets the timeout for all interfaces of a particular device type (actor or partner) to either long or short timeout.
Switching Commands 2.13.31 AT8404 port-channel linktrap This command enables link trap notifications for the port-channel (LAG). The interface is a logical slot/port for a configured port-channel. The option all sets every configured port-channel with the same administrative mode setting. Default enabled Format port-channel linktrap { | all} Mode Global Config 2.13.31.1 no port-channel linktrap This command disables link trap notifications for the port-channel (LAG).
AT8404 2.13.32.1 Switching Commands no port-channel load-balance This command reverts to the default load balancing configuration. Format no port-channel load-balance { | } Mode Interface Config Global Config 2.13.33 port-channel hash multicast This command configures the multicast hash algorithm. The command allows the user to globally select the hash algorithm used for distribution of NUC (Non Unicast) traffic.
Switching Commands AT8404 The following output parameters are displayed. Parameter Description System Priority The administrative value of the Key. Actor Admin Key The administrative value of the Key. Port Priority The priority value assigned to the Aggregation Port. Admin State The administrative values of the actor state as transmitted by the Actor in LACPDUs. 2.13.37 show lacp partner Use this command to display LACP partner attributes.
AT8404 2.13.39 Switching Commands show port-channel This command displays an overview of all port-channels (LAGs) on the switch. Format show port-channel { | all} Mode • Privileged EXEC • User EXEC Term Definition Logical Interface Valid slot and port number separated by a forward slash. Port-Channel Name The name of this port-channel (LAG). You may enter any string of up to 15 alphanumeric characters. Link State Indicates whether the Link is up or down.
Switching Commands AT8404 receive the monitored traffic. Use the mode parameter to enabled the administrative mode of the session. If enabled, the probe port monitors all the traffic received and transmitted on the physical monitored port. Format monitor session {source interface [{rx | tx}] | destination interface | mode} Mode Global Config 2.14.1.
AT8404 Switching Commands Term Definition Monitor Session Mode Indicates whether the Port Mirroring feature is enabled or disabled for the session identified with . The possible values are Enabled and Disabled. Probe Port Probe port (destination port) for the session identified with . If probe port is not set then this field is blank. Source Port The port, which is configured as mirrored port (source port) for the session identified with .
Switching Commands 2.15.2 AT8404 macfilter adddest Use this command to add the interface to the destination filter set for the MAC filter with the given and VLAN of . The parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The parameter must identify a valid VLAN. Note: Configuring a destination port list is only valid for multicast MAC addresses. Format macfilter adddest Mode Interface Config 2.15.2.
AT8404 Switching Commands Mode Interface Config 2.15.4.1 no macfilter addsrc This command removes a port from the source filter set for the MAC filter with the MAC address of and VLAN of . The parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The parameter must identify a valid VLAN. Format no macfilter addsrc Mode Interface Config 2.15.
Switching Commands AT8404 Note: Only multicast address filters will have destination port lists. 2.15.7 show mac-address-table staticfiltering This command displays the Static Filtering entries in the Multicast Forwarding Database (MFDB) table. Format show mac-address-table staticfiltering Mode Privileged EXEC Term Definition Mac Address A unicast MAC address for which the switch has forwarding and or filtering information.
AT8404 2.16.2.1 Switching Commands no ip dhcp snooping vlan Use this command to disable DHCP Snooping on VLANs. Format no ip dhcp snooping vlan Mode Global Config 2.16.3 ip dhcp snooping verify mac-address Use this command to enable verification of the source MAC address with the client hardware address in the received DCHP message. Default enabled Format ip dhcp snooping verify mac-address Mode Global Config 2.16.3.
Switching Commands 2.16.6 AT8404 ip dhcp snooping binding Use this command to configure static DHCP Snooping binding. Format ip dhcp snooping binding vlan interface Mode Global Config 2.16.6.1 no ip dhcp snooping binding Use this command to remove the DHCP static entry from the DHCP Snooping database. Format no ip dhcp snooping binding Mode Global Config 2.16.
AT8404 2.16.9 Switching Commands ip dhcp snooping log-invalid Use this command to control the logging DHCP messages filtration by the DHCP Snooping application. Default disabled Format ip dhcp snooping log-invalid Mode Interface Config 2.16.9.1 no ip dhcp snooping log-invalid Use this command to disable the logging DHCP messages filtration by the DHCP Snooping application. Format no ip dhcp snooping log-invalid Mode Interface Config 2.16.
Switching Commands 2.16.12 AT8404 show ip dhcp snooping Use this command to display the DHCP Snooping global configurations and per port configurations. Format show ip dhcp snooping Mode • Privileged EXEC • User EXEC Term Definition Interface The interface for which data is displayed. Trusted If it is enabled, DHCP snooping considers the port as trusted. The factory default is disabled.
AT8404 Switching Commands Term Definition Type Binding type; statically configured from the CLI or dynamically learned. Lease (sec) The remaining lease time for the entry. Example: The following shows example CLI display output for the command. (switch) #show ip dhcp snooping binding Total number of bindings: 2 MAC Address -----------------00:02:B3:06:60:80 00:0F:FE:00:13:04 2.16.14 IP Address -----------210.1.1.3 210.1.1.
Switching Commands AT8404 Term Definition DHCP Server Msgs Rec’d Represents the number of DHCP server messages received on Untrusted ports. Example: The following shows example CLI display output for the command. (switch) #show ip dhcp snooping statistics Interface ----------1/0/2 1/0/3 1/0/4 1/0/5 1/0/6 1/0/7 1/0/8 1/0/9 1/0/10 1/0/11 1/0/12 1/0/13 1/0/14 1/0/15 1/0/16 1/0/17 1/0/18 1/0/19 1/0/20 2.16.
AT8404 Switching Commands Mode • Privileged EXEC • User EXEC Term Definition Interface Interface address in slot/port format. Filter Type Is one of two values: • ip-mac: User has configured MAC address filtering on this interface. • ip: Only IP address filtering on this interface. IP Address IP address of the interface MAC Address If MAC address filtering is not configured on the interface, the MAC Address field is empty.
Switching Commands 2.17 AT8404 Dynamic ARP Inspection Commands Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DAI prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors. The miscreant sends ARP requests or responses mapping another station’s IP address to its own MAC address. DAI relies on DHCP snooping.
AT8404 Switching Commands Default enabled Format ip arp inspection vlan vlan-list logging Mode Global Config 2.17.3.1 no ip arp inspection vlan logging Use this command to disable logging of invalid ARP packets on a list of comma-separated VLAN ranges. Format no ip arp inspection vlan vlan-list logging Mode Global Config 2.17.4 ip arp inspection trust Use this command to configure an interface as trusted for Dynamic ARP Inspection.
Switching Commands 2.17.6 AT8404 ip arp inspection filter Use this command to configure the ARP ACL used to filter invalid ARP packets on a list of comma-separated VLAN ranges. If the static keyword is given, packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings. Default No ARP ACL is configured on a VLAN Format ip arp inspection filter acl-name vlan vlan-list [static] Mode Global Config 2.17.6.
AT8404 2.17.9 Switching Commands show ip arp inspection Use this command to display the Dynamic ARP Inspection global configuration and configuration on all the VLANs. With the vlan-list argument (i.e. comma separated VLAN ranges), the command displays the global configuration and configuration on all the VLANs in the given VLAN list. The global configuration includes the source mac validation, destination mac validation and invalid IP validation information.
Switching Commands AT8404 Term Definition VLAN The VLAN ID for each displayed row. Forwarded The total number of valid ARP packets forwarded in this VLAN. Dropped The total number of not valid ARP packets dropped in this VLAN. DHCP Drops The number of packets dropped due to DHCP snooping binding database match failure. ACL Drops The number of packets dropped due to ARP ACL rule match failure. DHCP Permits The number of packets permitted due to DHCP snooping binding database match.
AT8404 Switching Commands Term Definition Interface The interface ID for each displayed row. Trust State Whether the interface is trusted or untrusted for DAI. Rate Limit The configured rate limit value in packets per second. Burst Interval The configured burst interval value in seconds. Example: The following shows example CLI display output for the command. (Switching) #show ip arp inspection interfaces Interface Trust State --------------0/1 0/2 2.17.
Switching Commands AT8404 enabled if you disable routing or remove port-channel (LAG) membership from an interface that has IGMP Snooping enabled. The IGMP application supports the following activities: • Validation of the IP header checksum (as well as the IGMP header checksum) and discarding of the frame upon checksum error. • Maintenance of the forwarding table entries based on the MAC address versus the IP address. • Flooding of unregistered multicast data packets to all ports in the VLAN.
AT8404 2.18.3 Switching Commands set igmp fast-leave This command enables or disables IGMP Snooping fast-leave admin mode on a selected interface or VLAN. Enabling fast-leave allows the switch to immediately remove the layer 2 LAN interface from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending out MAC-based general queries to the interface.
Switching Commands AT8404 Mode • Interface Config • Global Config Format no set igmp groupmembership-interval Mode VLAN Config 2.18.5 set igmp maxresponse This command sets the IGMP Maximum Response time for the system, or on a particular interface or VLAN. The Maximum Response time is the amount of time in seconds that a switch will wait after sending a query on an interface because it did not receive a report for a particular group in that interface.
AT8404 2.18.6.1 Switching Commands no set igmp mcrtrexpiretime This command sets the Multicast Router Present Expiration time to 0. The time is set for the system, on a particular interface or a VLAN. Format no set igmp mcrtrexpiretime Mode • Global Config • Interface Config Format no set igmp mcrtrexpiretime Mode VLAN Config 2.18.7 set igmp mrouter This command configures the VLAN ID () that has the multicast router mode enabled.
Switching Commands AT8404 When the optional arguments or are not used, the command displays the following information: Term Definition Admin Mode Indicates whether or not IGMP Snooping is active on the switch. Multicast Control Frame Count The number of multicast control frames that are processed by the CPU. Interface Enabled The list of interfaces on which IGMP Snooping is enabled. for IGMP Snooping VLANS Enabled for The list of VLANS on which IGMP Snooping is enabled.
AT8404 Switching Commands Term Definition Interface The port on which multicast router information is being displayed. Multicast Router Attached Indicates whether multicast router is statically enabled on the interface. VLAN ID The list of VLANs of which the interface is a member. 2.18.11 show igmpsnooping mrouter vlan This command displays information about statically configured ports.
Switching Commands 2.19.1 AT8404 set igmp querier Use this command to enable IGMP Snooping Querier on the system, using Global Config mode, or on a VLAN. Using this command, you can specify the IP Address that the Snooping Querier switch should use as the source address while generating periodic queries. If a VLAN has IGMP Snooping Querier enabled and IGMP Snooping is operationally disabled on it, IGMP Snooping Querier functionality is disabled on that VLAN.
AT8404 2.19.3 Switching Commands set igmp querier timer expiry Use this command to set the IGMP Querier timer expiration period. It is the time period that the switch remains in Non-Querier mode once it has discovered that there is a Multicast Querier in the network. Default 60 seconds Format set igmp querier timer expiry <60-300> Mode Global Config 2.19.3.1 no set igmp querier timer expiry Use this command to set the IGMP Querier timer expiration period to its default value.
Switching Commands 2.19.6 AT8404 show igmpsnooping querier Use this command to display IGMP Snooping Querier information. Configured information is displayed whether or not IGMP Snooping Querier is enabled. Format show igmpsnooping querier [{detail | vlan }] Mode Privileged EXEC When the optional argument is not used, the command displays the following information. Field Description Admin Mode Indicates whether or not IGMP Snooping Querier is active on the switch.
AT8404 2.20.1 Switching Commands set mld This command enables MLD Snooping on the system (Global Config Mode) or an Interface (Interface Config Mode). This command also enables MLD Snooping on a particular VLAN and enables MLD Snooping on all interfaces participating in a VLAN. If an interface has MLD Snooping enabled and you enable this interface for routing or enlist it as a member of a portchannel (LAG), MLD Snooping functionality is disabled on that interface.
Switching Commands 2.20.3 AT8404 set mld fast-leave Use this command to enable MLD Snooping fast-leave admin mode on a selected interface or VLAN. Enabling fastleave allows the switch to immediately remove the Layer 2 LAN interface from its forwarding table entry upon receiving and MLD done message for that multicast group without first sending out MAC-based general queries to the interface.
AT8404 2.20.5 Switching Commands set mld maxresponse Use this command to set the MLD Maximum Response time for the system, on a particular interface or VLAN. The Maximum Response time is the amount of time in seconds that a switch will wait after sending a query on an interface because it did not receive a report for a particular group in that interface. This value must be less than the MLD Query Interval time value. The range is 1 to 65 seconds.
Switching Commands 2.20.7.1 AT8404 no set mld mrouter Use this command to disable multicast router attached mode for a VLAN with a particular VLAN ID. Format no set mld mrouter Mode Interface Config 2.20.8 set mld mrouter interface Use this command to configure the interface as a multicast router-attached interface. When configured as a multicast router interface, the interface is treated as a multicast router-attached interface in all VLANs.
AT8404 Switching Commands Term Definition Group Membership Interval Shows the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface, which is participating in the VLAN, before deleting the interface from the entry. This value may be configured.
Switching Commands AT8404 Term Definition MAC Address A multicast MAC address for which the switch has forwarding or filtering information. The format is two-digit hexadecimal numbers that are separated by colons, for example 33:33:45:67:89:AB. In an IVL system, the MAC address is displayed as a MAC address and a VLAN ID combination of 8 bytes. Type The type of entry, which is either static (added by the user) or dynamic (added to the table as a result of a learning process or protocol.
AT8404 Switching Commands Default disabled Format set mld querier query_interval <1-18000> Mode Global Config 2.21.2.1 no set mld querier query_interval Use this command to set the MLD Querier Query Interval time to its default value. Format no set mld querier query_interval Mode Global Config 2.21.3 set mld querier timer expiry Use this command to set the MLD Querier timer expiration period.
Switching Commands 2.21.5 AT8404 show mldsnooping querier Use this command to display MLD Snooping Querier information. Configured information is displayed whether or not MLD Snooping Querier is enabled. Format show mldsnooping querier [{detail | vlan }] Mode Privileged EXEC When the optional arguments are not used, the command displays the following information. Field Description Admin Mode Indicates whether or not MLD Snooping Querier is active on the switch.
AT8404 2.22 Switching Commands Port Security Commands This section describes the command you use to configure Port Security on the switch. Port security, which is also known as port MAC locking, allows you to secure the network by locking allowable MAC addresses on a given port. Packets with a matching source MAC address are forwarded normally, and all other packets are discarded. Note: To enable the SNMP trap specific to port security, see 5.8.7 “snmp-server enable traps violation” on page 5 - 23. 2.
Switching Commands 2.22.3.1 AT8404 no port-security max-static This command sets maximum number of statically locked MAC addresses to the default value. Format no port-security max-static Mode Interface Config 2.22.4 port-security mac-address This command adds a MAC address to the list of statically locked MAC addresses. The is the VLAN ID. Format port-security mac-address Mode Interface Config 2.22.4.
AT8404 2.22.7 Switching Commands show port-security dynamic This command displays the dynamically locked MAC addresses for the port. Format show port-security dynamic Mode Privileged EXEC Term Definition MAC Address MAC Address of dynamically locked MAC. 2.22.8 show port-security static This command displays the statically locked MAC addresses for port.
Switching Commands 2.23.1.1 AT8404 no lldp transmit Use this command to return the local data transmission capability to the default. Format no lldp transmit Mode Interface Config 2.23.2 lldp receive Use this command to enable the LLDP receive capability. Default disabled Format lldp receive Mode Interface Config 2.23.2.1 no lldp receive Use this command to return the reception of LLDPDUs to the default value. Format no lldp receive Mode Interface Config 2.23.
AT8404 Switching Commands the system capabilities TLV. Use port-desc to transmit the port description TLV. To configure the port description, see 2.1.7 “description“on page 2 - 4. Default no optional TLVs are included Format lldp transmit-tlv [sys-desc] [sys-name] [sys-cap] [port-desc] Mode Interface Config 2.23.4.1 no lldp transmit-tlv Use this command to remove an optional TLV from the LLDPDUs. Use the command without parameters to remove all optional TLVs from the LLDPDU.
Switching Commands 2.23.7 AT8404 lldp notification-interval Use this command to configure how frequently the system sends remote data change notifications. The parameter is the number of seconds to wait between sending notifications. The valid interval range is 5-3600 seconds. Default 5 Format lldp notification-interval Mode Global Config 2.23.7.1 no lldp notification-interval Use this command to return the notification interval to the default value.
AT8404 2.23.11 Switching Commands show lldp interface Use this command to display a summary of the current LLDP configuration for a specific interface or for all interfaces. Format show lldp interface { | all} Mode Privileged Exec Term Definition Interface The interface in a slot/port format. Link Shows whether the link is up or down. Transmit Shows whether the interface transmits LLDPDUs. Receive Shows whether the interface receives LLDPDUs.
Switching Commands 2.23.13 AT8404 show lldp remote-device Use this command to display summary information about remote devices that transmit current LLDP data to the system. You can show information about LLDP remote data received on all ports or on a specific port. Format show lldp remote-device { | all} Mode Privileged EXEC Term Definition Local Interface The interface that received the LLDPDU from the remote device. Chassis ID The ID of the remote device.
AT8404 Switching Commands Term Definition Chassis ID Subtype The type of identification used in the Chassis ID field. Chassis ID The chassis of the remote device. Port ID Subtype The type of port on the remote device. Port ID The port number that transmitted the LLDPDU. System Name The system name of the remote device. System Description Describes the remote system by identifying the system name and versions of hardware, operating system, and networking software supported in the device.
Switching Commands AT8404 Term Definition Port ID The port ID associated with this interface. Port Description The port description associated with the interface. 2.23.16 show lldp local-device detail Use this command to display detailed information about the LLDP data a specific interface transmits. Format show lldp local-device detail Mode Privileged EXEC Term Definition Interface The interface that sends the LLDPDU.
AT8404 2.24.1.1 Switching Commands no lldp med Use this command to disable MED. Format no lldp med Mode Interface Config 2.24.2 lldp med confignotification Use this command to configure all the ports to send the topology change notification. Default disabled Format lldp med confignotification Mode Interface Config 2.24.2.1 no ldp med confignotification Use this command to disable notifications. Format no lldp med confignotification Mode Interface Config 2.24.
Switching Commands 2.24.4 AT8404 lldp med all Use this command to configure LLDP-MED on all the ports. Format lldp med all Mode Global Config 2.24.5 lldp med confignotification all Use this command to configure all the ports to send the topology change notification. Format lldp med confignotification all Mode Global Config 2.24.6 lldp med faststartrepeatcount Use this command to set the value of the fast start repeat count.
AT8404 2.24.7.1 Switching Commands no lldp med transmit-tlv Use this command to remove a TLV. Format no lldp med transmit-tlv [capabilities] [network-policy] [ex-pse] [expd] [location] [inventory] Mode Global Config 2.24.8 show lldp med Use this command to display a summary of the current LLDP MED configuration. Format show lldp med Mode Privileged Exec Example: The following shows example CLI display output for the command.
Switching Commands AT8404 2- Location, 3- Extended PSE 4- Extended Pd, 5- Inventory --More-- or (q)uit (Broadcom FASTPATH Routing) #show lldp med interface 1/0/2 Interface Link configMED operMED ConfigNotify TLVsTx --------- ------ --------- -------- ------------ ----------0/2 Up Disabled Disabled Disabled 0,1 TLV Codes: 0- Capabilities, 2- Location, 4- Extended Pd, 1- Network Policy 3- Extended PSE 5- Inventory (Broadcom FASTPATH Routing) # 2.24.
AT8404 Switching Commands Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 Watts Source: primary Priority: critical Extended POE PD Required: 0.2 Watts Source: local Priority: low 2.24.11 show lldp med remote-device Use this command to display the summary information about remote devices that transmit current LLDP MED data to the system.
Switching Commands AT8404 Local Interface: 1/0/8 Remote Identifier: 18 Capabilities MED Capabilities Supported: capabilities, networkpolicy, location, extendedpse MED Capabilities Enabled: capabilities, networkpolicy Device Class: Endpoint Class I Network Policies Media Policy Application Type : voice Vlan ID: 10 Priority: 5 DSCP: 1 Unknown: False Tagged: True Media Policy Application Type : streamingvideo Vlan ID: 20 Priority: 1 DSCP: 2 Unknown: False Tagged: True Inventory Hardware Rev: xxx xxx xxx Fir
AT8404 Switching Commands • First Fragment:TCP Header size smaller then configured value. • TCP Fragment: IP Fragment Offset = 1. • TCP Flag: TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP Sequence Number = 0 or TCP Flags SYN and FIN set. • L4 Port: Source TCP/UDP Port = Destination TCP/UDP Port. • ICMP: Limiting the size of ICMP Ping packets. 2.25.
Switching Commands 2.25.3.1 AT8404 no dos-control firstfrag This command sets Minimum TCP Header Size Denial of Service protection to the default value of disabled. Format no dos-control firstfrag Mode Global Config 2.25.4 dos-control tcpfrag This command enables TCP Fragment Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack.
AT8404 2.25.6 Switching Commands dos-control l4port This command enables L4 Port Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having Source TCP/UDP Port Number equal to Destination TCP/ UDP Port Number, the packets will be dropped if the mode is enabled. Note: Some applications mirror source and destination L4 ports - RIP for example uses 520 for both.
Switching Commands AT8404 Term Definition Min TCP Hdr Size <0-255> The factory default is 20. TCP Fragment Mode May be enabled or disabled. The factory default is disabled. TCP Flag Mode May be enabled or disabled. The factory default is disabled. L4 Port Mode May be enabled or disabled. The factory default is disabled. ICMP Mode May be enabled or disabled. The factory default is disabled. Max ICMP Pkt Size The factory default is 512. <0-1023> 2.
AT8404 2.26.3 Switching Commands show mac-address-table multicast This command displays the Multicast Forwarding Database (MFDB) information. If you enter the command with no parameter, the entire table is displayed. You can display the table entry for one MAC Address by specifying the MAC address as an optional parameter.
Switching Commands 2.27.1.1 AT8404 no isdp run This command disables ISDP on the switch. Format no isdp run Mode Global Config 2.27.2 isdp holdtime This command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it. The range is given in seconds. Default 180 seconds Format isdp holdtime <10-255> Mode Global Config 2.27.
AT8404 2.27.5.1 Switching Commands no isdp enable This command disables ISDP on the interface. Format no isdp enable Mode Interface Config 2.27.6 clear isdp counters This command clears ISDP counters. Format clear isdp counters Mode Privileged EXEC 2.27.7 clear isdp table This command clears entries in the ISDP table. Format clear isdp table Mode Privileged EXEC 2.27.8 show isdp This command displays global ISDP settings.
Switching Commands 2.27.9 AT8404 show isdp interface This command displays ISDP settings for the specified interface. Format show isdp interface {all | } Mode Privileged EXEC Term Definition Mode ISDP mode enabled/disabled status for the interface(s). 2.27.10 show isdp entry This command displays ISDP entries. If the device id is specified, then only entries for that device are shown.
AT8404 Switching Commands Term Definition Device ID The device ID associated with the neighbor which advertised the information. IP Addresses The IP addresses associated with the neighbor. Capability ISDP functional capabilities advertised by the neighbor. Platform The hardware platform advertised by the neighbor. Interface The interface (slot/port) on which the neighbor's advertisement was received. Port ID The port ID of the interface from which the neighbor sent the advertisement.
Switching Commands AT8404 Term Definition ISDPv1 Packets Received Total number of ISDPv1 packets received ISDPv1 Packets Transmitted Total number of ISDPv1 packets transmtted ISDPv2 Packets Received Total number of ISDPv2 packets received ISDPv2 Packets Transmitted Total number of ISDPv2 packets transmitted ISDP Bad Header Number of packets received with a bad header ISDP Checksum Error Number of packets received with a checksum error ISDP Transmission Failure Number of packets which failed
AT8404 Switching Commands (yes/no). Format show port multicast Mode Privileged Exec 2.28.3 multicast (VLAN) This command configures the VLAN based multicast handling. The command defines the handling for VLAN based unregistered multicast addresses. The default handling in FASTPATH is that such packets are flooded (argument ‘default’). The user can change the behaviour that such packets are dropped (argument ‘none’). The flooding mode is set per VLAN, the VLAN ID range is 1-4094.
Switching Commands AT8404 2.29 Port Bridging Commands 2.29.1 L2-port-bridge This command configures layer2 port bridging. L2 port bridging is a feature that allows a packet to be transmitted in egress direction through the same port it was received on. Format L2-port-bridge Mode Interface Config 2.29.1.1 no L2-port-bridge This command resets L2 port bridging..
AT8404 Chapter 31 Quality of Service Commands Page 3 - 1 AT8404 CLI Reference Manual
Quality of Service (QoS) Commands 3. AT8404 Quality of Service (QoS) Commands This chapter describes the Quality of Service (QoS) commands available in the FASTPATH CLI. The QoS Commands chapter contains the following sections: • 3.1 “Class of Service (CoS) Commands” on page 3 - 2 • 3.2 “Differentiated Services (DiffServ) Commands” on page 3 - 8 • 3.3 “DiffServ Class Commands” on page 3 - 9 • 3.4 “DiffServ Policy Commands” on page 3 - 17 • 3.5 “DiffServ Service Commands” on page 3 - 21 • 3.
AT8404 3.1.2 Quality of Service (QoS) Commands classofservice ip-dscp-mapping This command maps an IP DSCP value to an internal traffic class. The value is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef.
Quality of Service (QoS) Commands Format cos-queue min-bandwidth … Modes • Global Config • Interface Config 3.1.4.1 no cos-queue min-bandwidth AT8404 This command restores the default for each queue's minimum bandwidth value. Format no cos-queue min-bandwidth Modes • Global Config • Interface Config 3.1.5 cos-queue strict This command activates the strict priority scheduler mode for each specified queue.
AT8404 Quality of Service (QoS) Commands service mappings. If specified, the 802.1p mapping table of the interface is displayed. If omitted, the most recent global configuration settings are displayed. For more information, see 2.5 “Voice VLAN Commands” on page 2 - 32. Format show classofservice dot1p-mapping [] Mode Privileged EXEC The following information is repeated for each user priority. Term Definition User Priority The 802.1p user priority value.
Quality of Service (QoS) Commands AT8404 Term Definition Non-IP Traffic Class The traffic class used for non-IP traffic. This is only displayed when the COS trust mode is set to trust IP Precedence or IP DSCP (on platforms that support IP DSCP). Untrusted Traffic Class The traffic class used for all untrusted traffic. This is only displayed when the COS trust mode is set to 'untrusted'. 3.1.
AT8404 Quality of Service (QoS) Commands absolute cell count or percent of the available cells (1/1000 percent). The low water mark is a number (0..75%, 1..50%, 2..25%, 3..12,5%). Format show packet-memory {cells|percent} Mode Privileged EXEC 3.1.14 packet-memory (configure) This command configures the packet-memory limits for all ports or the CPU port. The static limits must be set for all COS queues (see ‘show packet-memory’) separated by comma.
Quality of Service (QoS) Commands 3.1.17.1 AT8404 no protection-group (configure) This command deletes a protection group and/or a name associated to a group. If deleting a protection group all members of this group are deleted too. The name can be deleted by using the ‘no’ command with the parameter ‘name’ (the protection group remains active then). The length of the name is restricted to 15 characters. Format no protection-group <0..3> no protection-group <0..3> name Mode Global Config 3.1.
AT8404 Quality of Service (QoS) Commands The following rules apply when you create a DiffServ class: • Each class can contain a maximum of one referenced (nested) class • Class definitions do not support hierarchical service policies A given class definition can contain a maximum of one reference to another class. You can combine the reference with other match criteria. The referenced class is truly a reference and not a copy since additions to a referenced class affect all classes that reference it.
Quality of Service (QoS) Commands 3.3.1 AT8404 class-map This command defines a DiffServ class of type match-all. When used without any match condition, this command enters the class-map mode. The is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying an existing DiffServ class. Note: The class-map-name 'default' is reserved and must not be used.
AT8404 Quality of Service (QoS) Commands mplsmcast, mplsucast, netbios, novell, pppoe, rarp or as a custom ethertype value in the range of 0x06000xFFFF. Note: This command is not available on the Broadcom 5630x platform. Format match ethertype { | custom <0x0600-0xFFFF>} Mode Class-Map Config Ipv6-Class-Map Config 3.3.4 match any This command adds to the specified class definition a match condition whereby all packets are considered to belong to the class.
Quality of Service (QoS) Commands 3.3.5.1 AT8404 no match class-map This command removes from the specified class definition the set of match conditions defined for another class. The is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition. Format no match class-map Mode Class-Map Config Ipv6-Class-Map Config 3.3.
AT8404 Quality of Service (QoS) Commands need not be contiguous, and is formatted as six, two-digit hexadecimal numbers separated by colons (e.g., ff:07:23:ff:fe:dc). Note: This command is not available on the Broadcom 5630x platform. Default none Format match destination-address mac Mode Class-Map Config 3.3.9 match dstip This command adds to the specified class definition a match condition based on the destination IP address of a packet.
Quality of Service (QoS) Commands AT8404 The value is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef. Note: The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header, but with a slightly different user notation.
AT8404 3.3.15 Quality of Service (QoS) Commands match protocol This command adds to the specified class definition a match condition based on the value of the IP Protocol field in a packet using a single keyword notation or a numeric value notation. To specify the match condition using a single keyword notation, the value for is one of the supported protocol name keywords. The currently supported values are: icmp, igmp, ip, tcp, udp. A value of ip matches all protocol number values.
Quality of Service (QoS) Commands 3.3.18 AT8404 match srcip6 This command adds to the specified class definition a match condition based on the source IP address of a packet. Default none Format match srcip6 Mode Ipv6-Class-Map Config 3.3.19 match srcl4port This command adds to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword or numeric notation.
AT8404 Quality of Service (QoS) Commands Format match secondary-vlan <1-4095> Mode Ipv6-Class-Map Config Class-Map Config 3.4 DiffServ Policy Commands Use the DiffServ policy commands to specify traffic conditioning actions, such as policing and marking, to apply to traffic classes Use the policy commands to associate a traffic class that you define by using the class command set with one or more QoS policy attributes. Assign the class/policy association to an interface to form a service.
Quality of Service (QoS) Commands Format mirror Mode Policy-Class-Map Config Incompatibilities Drop, Redirect 3.4.4 AT8404 redirect This command specifies that all incoming packets for the associated traffic stream are redirected to a specific egress interface (physical port or port-channel). Note: This command is not available on the Broadcom 5630x platform. Format redirect Mode Policy-Class-Map Config Incompatibilities Drop, Mirror 3.4.
AT8404 Quality of Service (QoS) Commands 3.4.6.1 no class This command deletes the instance of a particular class and its defined treatment from the specified policy. is the names of an existing DiffServ class. Note: This command removes the reference to the class definition for the specified policy. Format no class Mode Policy-Map Config 3.4.
Quality of Service (QoS) Commands 3.4.9 AT8404 police-simple This command is used to establish the traffic policing style for the specified class. The simple form of the police command uses a single data rate and burst size, resulting in two outcomes: conform and violate. The conforming data rate is specified in kilobits-per-second (Kbps) and is an integer from 1 to 4294967295. The conforming burst size is specified in kilobytes (KB) and is an integer from 1 to 128.
AT8404 3.4.11 Quality of Service (QoS) Commands policy-map rename This command changes the name of a DiffServ policy. The is the name of an existing DiffServ class. The parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the policy. Format policy-map rename Mode Global Config 3.
Quality of Service (QoS) Commands Format no service-policy in Modes • Global Config • Interface Config 3.6 DiffServ Show Commands AT8404 Use the DiffServ show commands to display configuration and status information for classes, policies, and services. You can display DiffServ information in summary or detailed formats. The status information is only shown when the DiffServ administrative mode is enabled. 3.6.
AT8404 Quality of Service (QoS) Commands 3.6.2 show diffserv This command displays the DiffServ General Status Group information, which includes the current administrative mode setting as well as the current and maximum number of rows in each of the main DiffServ private MIB tables. This command takes no options. Format show diffserv Mode Privileged EXEC Term Definition DiffServ Admin mode The current value of the DiffServ administrative mode.
Quality of Service (QoS) Commands AT8404 The following information is repeated for each class associated with this policy (only those policy attributes actually configured are displayed): Term Definition Assign Queue Directs traffic stream to the specified QoS queue. This allows a traffic classifier to specify which one of the supported hardware queues are used for handling packets belonging to the class. Class Name The name of this class.
AT8404 3.6.4 Quality of Service (QoS) Commands show diffserv service This command displays policy service information for the specified interface and direction. The parameter specifies a valid slot/port number for the system. Format show diffserv service in Mode Privileged EXEC Term Definition DiffServ Admin Mode The current setting of the DiffServ administrative mode. An attached policy is only in effect on an interface while DiffServ is in an enabled mode.
Quality of Service (QoS) Commands Format show policy-map interface [in] Mode Privileged EXEC Term Definition Interface Valid slot and port number separated by a forward slash. Direction The traffic direction of this interface service. AT8404 Operational Status The current operational status of this DiffServ service interface. Policy Name The name of the policy attached to the interface in the indicated direction.
AT8404 3.7.1 Quality of Service (QoS) Commands mac access-list extended This command creates a MAC Access Control List (ACL) identified by , consisting of classification fields defined for the Layer 2 header of an Ethernet frame. The parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list. If a MAC ACL by this name already exists, this command enters Mac-Access-List config mode to allow updating the existing MAC ACL.
Quality of Service (QoS) Commands AT8404 A rule may either deny or permit traffic according to the specified classification fields. At a minimum, the source and destination MAC value must be specified, each of which may be substituted using the keyword any to indicate a match on any value in that field. The remaining command parameters are all optional, but the most frequently used parameters appear in the same relative order as shown in the command format.
AT8404 3.7.4 Quality of Service (QoS) Commands mac access-group This command either attaches a specific MAC Access Control List (ACL) identified by to an interface, or associates it with a VLAN ID, in a given direction. The parameter must be the name of an existing MAC ACL. An optional sequence number may be specified to indicate the order of this mac access list relative to other mac access lists already assigned to this interface and direction.
Quality of Service (QoS) Commands AT8404 Term Definition Assign Queue The queue identifier to which packets matching this rule are assigned. Mirror Interface On Broadcom 5650x platforms, the slot/port to which packets matching this rule are copied. Redirect Interface On Broadcom 5650x platforms, the slot/port to which packets matching this rule are forwarded. 3.8 IP Access Control List (ACL) Commands This section describes the commands you use to configure IP ACL settings.
AT8404 Quality of Service (QoS) Commands Table 2: ACL Command Parameters Parameter Description <1-99> or <100-199> Range 1 to 99 is the access list number for an IP standard ACL. Range 100 to 199 is the access list number for an IP extended ACL. {deny | permit} Specifies whether the IP ACL rule permits or denies an action. Note: For 5630x and 5650x-based systems, assign-queue, redirect, and mirror attributes are configurable for a deny rule, but they have no operational effect.
Quality of Service (QoS) Commands Format ip access-list Mode Global Config 3.8.2.1 no ip access-list AT8404 This command deletes the IP ACL identified by from the system. Format no ip access-list Mode Global Config 3.8.3 ip access-list rename This command changes the name of an IP Access Control List (ACL). The parameter is the names of an existing IP ACL.
AT8404 Quality of Service (QoS) Commands Format {deny | permit} {every | {{icmp | igmp | ip | tcp | udp | } [{eq { | <0-65535>} [{eq {| <0-65535>}] [precedence | tos | dscp ] [log] [assign-queue ] [{mirror | redirect} ] Mode Ipv4-Access-List Config 3.8.
Quality of Service (QoS) Commands 3.8.7 AT8404 show acl-traptimer This command displays the time interval for generating ACL traps. A trap is generated if a ACL rule applies for an incoming packet. Format show acl-traptimer Mode Privileged EXEC 3.8.8 acl-traptimer This command sets the time interval for generating ACL traps. An ACL trap is generated if ACL trap generation is enabled and an ACL rule applies for an incoming packet. The generation is checked for a specified time interval.
AT8404 Quality of Service (QoS) Commands Term Definition Destination IP Mask The destination IP Mask for this rule. Destination L4 Port The destination port for this rule. Keyword IP DSCP The value specified for IP DSCP. IP Precedence The value specified IP Precedence. IP TOS The value specified for IP TOS. Log Displays when you enable logging for the rule. Assign Queue The queue identifier to which packets matching this rule are assigned.
Quality of Service (QoS) Commands AT8404 If an IPv6 ACL by this name already exists, this command enters IPv6-Access-List config mode to allow updating the existing IPv6 ACL. Note: The CLI mode changes to IPv6-Access-List Config mode when you successfully execute this command. Format ipv6 access-list Mode Global Config 3.9.1.1 no ipv6 access-list This command deletes the IPv6 ACL identified by from the system. Format no ipv6 access-list Mode Global Config 3.9.
AT8404 Quality of Service (QoS) Commands For the Broadcom 5650x platform, the mirror parameter allows the traffic matching this rule to be copied to the specified , while the redirect parameter allows the traffic matching this rule to be forwarded to the specified . The assign-queue and redirect parameters are only valid for a permit rule. Note: The mirror and redirect parameters are not available on the Broadcom 5630x platform.
Quality of Service (QoS) Commands AT8404 Term Definition Rule Number The ordered rule number identifier defined within the IPv6 ACL. Action The action associated with each rule. The possible values are Permit or Deny. Match All Indicates whether this access list applies to every packet. Possible values are True or False. Protocol The protocol to filter for this rule. Source IP Address The source IP address for this rule. Source L4 Port Keyword The source port for this rule.
AT8404 3.10.2 Quality of Service (QoS) Commands auto-voip Use this command to enable VoIP Profile on the interface. Default disabled Format auto-voip Mode Interface Config 3.10.2.1 no auto-voip Use this command to disable VoIP Profile on the interface. Format no auto-voip all Mode Interface Config 3.10.3 show auto-voip Use this command to display the VoIP Profile settings on the interface or interfaces of the switch.
Quality of Service (QoS) Commands AT8404 CLI Reference Manual Page 3 - 40 AT8404
AT8404 Chapter 41 Utility Commands Page 4 - 1 AT8404 CLI Reference Manual
Utility Commands 4. AT8404 Utility Commands This chapter describes the utility commands available in the FASTPATH CLI. The Utility Commands chapter includes the following sections: • 4.1 “Commands for update and startup Configuration“ on page 4 - 2 • 4.2 “Dual Image Commands“ on page 4 - 3 • 4.3 “ATCA commands“ on page 4 - 3 • 4.4 “System Information and Statistics Commands“ on page 4 - 5 • 4.5 “Logging Commands“ on page 4 - 20 • 4.6 “System Utility and Clear Commands“ on page 4 - 25 • 4.
AT8404 Utility Commands Mode Priviledged EXEC 4.2 Dual Image Commands FASTPATH software supports a dual image feature that allows the switch to have two software images in the permanent storage. You can specify which image is the active image to be loaded in subsequent reboots. This feature allows reduced down-time when you upgrade or downgrade the software. 4.2.1 delete This command deletes the supplied image file from the permanent storage. The image to be deleted must be a backup image.
Utility Commands AT8404 Value-types are: Value-type Description lower-non-critical Set lower non-critical threshold value lower-critical Set lower critical threshold value lower-non-recover Set lower non-recoverable threshold value upper-non-critical Set upper non-critical threshold value upper-critical Set upper critical threshold value upper-non-recover Set upper non-recoverable threshold value 4.3.2 set board device-id This command sets the device ID for the board.
AT8404 4.3.5.1 Utility Commands no ekeying all (configure) This command disables the ekeying for all ports for which ekeying is possible. Format no ekeying all Mode Global Config 4.4 System Information and Statistics Commands This section describes the commands you use to view information about system features, components, and configurations. 4.4.1 show arp switch This command displays the contents of the IP stack’s Address Resolution Protocol (ARP) table.
Utility Commands 4.4.3 AT8404 show hardware This command displays inventory information for the switch. Note: The show version command and the show hardware command display the same information. In future releases of the software, the show hardware command will not be available. For a description of the command output, see the command 4.4.4 “show version“ on page 4 - 6. Format show hardware Mode Privileged EXEC 4.4.4 show version This command displays inventory information for the switch.
AT8404 Utility Commands The display parameters, when the argument is , are as follows: Parameters Definition Packets Received The total number of packets (including broadcast packets and multicast packets) received by Without Error the processor. Packets Received The number of inbound packets that contained errors preventing them from being deliverable With Error to a higher-layer protocol. Broadcast Packets The total number of packets received that were directed to the broadcast address.
Utility Commands AT8404 When you specify a value for , the command displays the following information.
AT8404 Term Utility Commands Definition Packets Received • Total Packets Received (Octets) - The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including Frame Check Sequence (FCS) octets). This object can be used as a reasonable estimate of Ethernet utilization. If greater precision is desired, the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval.
Utility Commands Term AT8404 Definition Packets Received • Total Packets Received Without Error - The total number of packets received that were Successfully without errors. • Unicast Packets Received - The number of subnetwork-unicast packets delivered to a higher-layer protocol. • Multicast Packets Received - The total number of good packets received that were directed to a multicast address. Note that this number does not include packets directed to the broadcast address.
AT8404 Term Utility Commands Definition Packets • Total Bytes - The total number of octets of data (including those in bad packets) received Transmitted Octets on the network (excluding framing bits but including FCS octets). This object can be used as a reasonable estimate of Ethernet utilization. If greater precision is desired, the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval.
Utility Commands Term AT8404 Definition Protocol Statistics • 802.3x Pause Frames Transmitted - A count of MAC Control frames transmitted on this interface with an opcode indicating the PAUSE operation. This counter does not increment when the interface is operating in half-duplex mode. • GVRP PDUs Received - The count of GVRP PDUs received in the GARP layer. • GVRP PDUs Transmitted - The count of GVRP PDUs transmitted from the GARP layer.
AT8404 Utility Commands Term Definition Multicast Packets The total number of packets that higher-level protocols requested be transmitted to a Multicast Transmitted address, including those that were discarded or not sent. Broadcast Packets The total number of packets that higher-level protocols requested be transmitted to the Transmitted Broadcast address, including those that were discarded or not sent.
Utility Commands AT8404 Term Definition Status The status of this entry. The meanings of the values are: • Static—The value of the corresponding instance was added by the system or a user when a static MAC filter was defined. It cannot be relearned. • Learned—The value of the corresponding instance was learned by observing the source MAC addresses of incoming traffic, and is currently in use.
AT8404 PID 409 298 315 297 345 351 380 301 357 361 369 389 295 348 310 367 363 311 332 360 4.4.9 USER root root root root root root root root root root root root root root root root root root root root Utility Commands STATUS R S S S S S S S S S S S S S S R S S S S RSS 704 28M 28M 28M 28M 28M 28M 28M 28M 28M 28M 28M 28M 28M 28M 28M 28M 28M 28M 28M PPID %CPU %MEM COMMAND 408 15.2 0.5 exe 1 5.0 22.8 switchdrvr 1 2.5 22.8 switchdrvr 1 0.8 22.8 switchdrvr 1 0.8 22.8 switchdrvr 1 0.0 22.8 switchdrvr 1 0.
Utility Commands AT8404 Format show running-config [all | ] Mode Privileged EXEC 4.4.10 show sysinfo This command displays switch information. Format show sysinfo Mode Privileged EXEC Term Definition Switch Description Text used to identify this switch. System Name Name used to identify the switch.The factory default is blank. To configure the system name, see 5.8.1 “snmp-server“ on page 5 - 21. System Location Text used to identify the location of the switch.
AT8404 Utility Commands the next set of <5-48> lines. The command terminal length 0 disables pagination and, as a result, the output of the show running-config command is displayed immediately. Default 24 lines per page Format terminal length <0|5-48> Mode Privileged EXEC 4.4.12.1 no terminal length Use this command to set the terminal length to the default value. 4.4.13 show terminal length Use this command to display the value of the user-configured terminal length size.
Utility Commands 4.4.17 AT8404 show boardinfo update-status This command displays the status of the firmware update process for the IPMI controller. Format show boardinfo update-status Mode Priviledged EXEC 4.4.18 show boardinfo version This command displays hardware and software revision information. This includes serial-numbers, software and hardware revisions as applicable.
AT8404 4.4.21 Utility Commands show boardinfo ipmidev This command displays the IPMI device information. This consists of Firmware Revision, IPMI version, Manufacturer and Product ID. Format show boardinfo ipmidev Mode Priviledged EXEC 4.4.22 show boardinfo amc connection This command displays the connections to the AMC, to the CPU0-2 and to the RTM. Format show boardinfo amc connection {all | amcb1 | amcb2 | amcb3 | amcb4 | rtm} Mode Priviledged EXEC 4.4.
Utility Commands 4.4.27 AT8404 show boardinfo memory-usage This command displays the memory usage. It shows malloc and kernel statistics. Format show boardinfo memory-usage Mode Priviledged EXEC 4.5 Logging Commands This section describes the commands you use to configure system logging, and to view logs and the logging settings. 4.5.1 logging buffered This command enables logging to an in-memory log that keeps up to 128 logs.
AT8404 Utility Commands Format logging cli-command Mode Global Config 4.5.3.1 no logging cli-command This command disables the CLI command Logging feature. Format no logging cli-command Mode Global Config 4.5.4 logging console This command enables logging to the console.
Utility Commands 4.5.7 AT8404 logging port This command sets the local port number of the LOG client for logging messages. The can be in the range from 1 to 65535. Default 514 Format logging port Mode Global Config 4.5.7.1 no logging port This command resets the local logging port to the default. Format no logging port Mode Global Config 4.5.8 logging syslog This command enables syslog logging. The parameter is an integer with a range of 1-65535.
AT8404 Utility Commands Term Definition Log Messages Received Number of messages received by the log process. This includes messages that are dropped or ignored. Log Messages Dropped Number of messages that could not be processed due to error or lack of resources. Log Messages Relayed Number of messages sent to the collector/relay. 4.5.10 show logging buffered This command displays buffered logging (system startup and system operation logs).
Utility Commands AT8404 Term Definition Number of Traps Since Last Reset The number of traps since the last boot. Trap Log Capacity The number of traps the system can retain. Number of Traps Since Log Last Viewed The number of new traps since the command was last executed. Log The log number. System Time Up How long the system had been running at the time the trap was sent. Trap The text of the trap message. 4.5.
AT8404 4.6 Utility Commands System Utility and Clear Commands This section describes the commands you use to help troubleshoot connectivity issues and to restore various configurations to their factory defaults. 4.6.1 traceroute Use the traceroute command to discover the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. Traceroute continues to provide a synchronous response when initiated from the CLI.
Utility Commands AT8404 Hop Count = 1 Last TTL = 2 Test attempt = 6 Test Success = 6 Example: traceroute Failure: (Broadcom FASTPATH Routing) # traceroute 10.40.1.1 initTtl 1 maxFail 0 interval 1 count 3 port 33434 size 43 Traceroute to 10.40.1.1 ,30 hops max 43 byte packets: 1 10.240.4.1 19 msec 18 msec 9 msec 2 10.240.1.252 0 msec 0 msec 1 msec 3 172.31.0.9 277 msec 276 msec 277 msec 4 10.254.1.1 289 msec 327 msec 282 msec 5 10.254.21.2 287 msec 293 msec 296 msec 6 192.168.76.
AT8404 4.6.6 Utility Commands clear port-channel This command clears all port-channels (LAGs). Format clear port-channel Mode Privileged EXEC 4.6.7 clear traplog This command clears the trap log. Format clear traplog Mode Privileged EXEC 4.6.8 clear vlan This command resets VLAN configuration parameters to the factory defaults. Format clear vlan Mode Privileged EXEC 4.6.9 enable passwd This command prompts you to change the Privileged EXEC password.
Utility Commands 4.6.12 AT8404 ping Use this command to determine whether another computer is on the network. Ping provides a synchronous response when initiated from the CLI and Web interfaces. Default Format Modes • The default count is 1. • The default interval is 3 seconds. • The default size is 0 bytes.
AT8404 Utility Commands (Broadcom FASTPATH Routing) # ping 1.1.1.1 count 1 interval 3 Pinging 1.1.1.1 with 0 bytes of data: ----1.1.1.1 PING statistics---1 packets transmitted,0 packets received, 100% packet loss round-trip (msec) min/avg/max = 0/0/0 4.6.13 quit This command closes the current telnet connection or resets the current serial connection. The system asks you whether to save configuration changes before quitting. Format quit Modes • Privileged EXEC • User EXEC 4.6.
Utility Commands AT8404 For TFTP, SFTP and SCP, the parameter is the IP address or host name of the server, is the path to the file, and is the name of the file you want to upload or download. For SFTP and SCP, the parameter is the username for logging into the remote server via SSH. Note: is also a valid parameter for routing packages that support IPv6. Caution! Remember to upload the existing fastpath.
AT8404 Utility Commands Table 1: Copy Parameters (Continued) Source Destination Description nvram:script Downloads a configuration script file to the system. During the download of a configuration script, the copy command validates the script. In case of any error, the command lists all the lines at the end of the validation process and prompts you to confirm before copying the script file. nvram:sshkey-dsa Downloads an SSH key file. For more information, see 5.
Utility Commands 4.7 AT8404 Simple Network Time Protocol (SNTP) Commands This section describes the commands you use to automatically configure the system time and date by using SNTP. 4.7.1 sntp broadcast client poll-interval This command sets the poll interval for SNTP broadcast clients in seconds as a power of two where can be a value from 6 to 16. Default 6 Format sntp broadcast client poll-interval Mode Global Config 4.7.1.
AT8404 Utility Commands Mode Global Config 4.7.4 sntp unicast client poll-interval This command sets the poll interval for SNTP unicast clients in seconds as a power of two where can be a value from 6 to 16. Default 6 Format sntp unicast client poll-interval Mode Global Config 4.7.4.1 no sntp unicast client poll-interval This command resets the poll interval for SNTP unicast clients to its default value.
Utility Commands 4.7.7 AT8404 sntp server This command configures an SNTP server (a maximum of three). The optional priority can be a value of 1-3, the version a value of 1-4, and the port id a value of 1-65535. Format sntp server [ [ []]] Mode Global Config 4.7.7.1 no sntp server This command deletes an server from the configured SNTP servers. Format no sntp server remove Mode Global Config 4.7.
AT8404 4.7.10 Utility Commands show sntp server This command is used to display SNTP server settings and configured servers. Format show sntp server Mode Privileged EXEC Term Definition Server IP Address / IP address or hostname of configured SNTP Server. Hostname Server Type Address Type of Server. Server Stratum Claimed stratum of the server for the last received valid packet. Server Reference ID Reference clock identifier of the server for the last received valid packet.
Utility Commands 4.8.1.1 AT8404 no ip dhcp pool This command removes the DHCP address pool. The name should be previously configured pool name. Format no ip dhcp pool Mode Global Config 4.8.2 client-identifier This command specifies the unique identifier for a DHCP client. Unique-identifier is a valid notation in hexadecimal format. In some systems, such as Microsoft DHCP clients, the client identifier is required instead of hardware addresses.
AT8404 4.8.4.1 Utility Commands no default-router This command removes the default router list. Format no default-router Mode DHCP Pool Config 4.8.5 dns-server This command specifies the IP servers available to a DHCP client. Address parameters are valid IP addresses; each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Default none Format dns-server [....] Mode DHCP Pool Config 4.8.5.
Utility Commands 4.8.7.1 AT8404 no host This command removes the IP address of the DHCP client. Format no host Mode DHCP Pool Config 4.8.8 lease This command configures the duration of the lease for an IP address that is assigned from a DHCP server to a DHCP client. The overall lease time should be between 1-86400 minutes. If you specify infinite, the lease is set for 60 days. You can also specify a lease duration. Days is an integer from 0 to 59. Hours is an integer from 0 to 23.
AT8404 4.8.10.1 Utility Commands no bootfile This command deletes the boot image name. Format no bootfile Mode DHCP Pool Config 4.8.11 domain-name This command specifies the domain name for a DHCP client. The specifies the domain name string of the client. Default none Format domain-name Mode DHCP Pool Config 4.8.11.1 no domain-name This command removes the domain name. Format no domain-name Mode DHCP Pool Config 4.8.
Utility Commands • AT8404 h-node—Hybrid (recommended) Default none Format netbios-node-type Mode DHCP Pool Config 4.8.13.1 no netbios-node-type This command removes the NetBIOS node Type. Format no netbios-node-type Mode DHCP Pool Config 4.8.14 next-server This command configures the next server in the boot process of a DHCP client.The parameter is the IP address of the next server in the boot process, which is typically a TFTP server.
AT8404 4.8.16 Utility Commands ip dhcp excluded-address This command specifies the IP addresses that a DHCP server should not assign to DHCP clients. Low-address and high-address are valid IP addresses; each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Default none Format ip dhcp excluded-address [highaddress] Mode Global Config 4.8.16.1 no ip dhcp excluded-address This command removes the excluded IP addresses for a DHCP client.
Utility Commands 4.8.19 AT8404 ip dhcp bootp automatic This command enables the allocation of the addresses to the bootp client. The addresses are from the automatic address pool. Default disabled Format ip dhcp bootp automatic Mode Global Config 4.8.19.1 no ip dhcp bootp automatic This command disables the allocation of the addresses to the bootp client. The address are from the automatic address pool. Format no ip dhcp bootp automatic Mode Global Config 4.8.
AT8404 Utility Commands 4.8.23 clear ip dhcp conflict The command is used to clear an address conflict from the DHCP Server database. The server detects conflicts using a ping. DHCP server clears all conflicts If the asterisk (*) character is used as the address parameter. Default none Format clear ip dhcp conflict {
| *} Mode Privileged EXEC 4.8.24 show ip dhcp binding This command displays address bindings for the specific IP address on the DHCP server.Utility Commands AT8404 Field Definition Pool Name The name of the configured pool. Pool Type The pool type. Lease Time The lease expiration time of the IP address assigned to the client. DNS Servers The list of DNS servers available to the DHCP client . Default Routers The list of the default routers available to the DHCP client The following additional field is displayed for Dynamic pool type: Field Definition Network The network number and the mask for the DHCP address pool.
AT8404 Utility Commands Message Sent: Message Definition DHCP OFFER The number of DHCPOFFER messages the server sent. DHCP ACK The number of DHCPACK messages the server sent. DHCP NACK The number of DHCPNACK messages the server sent. 4.8.28 show ip dhcp conflict This command displays address conflicts logged by the DHCP Server. If no IP address is specified, all the conflicting addresses are displayed.
Utility Commands 4.9.2 AT8404 ip dhcp filtering trust This command configures an interface as trusted. Default untrusted Format ip dhcp filtering trust Mode Interface Config 4.9.2.1 no ip dhcp filtering trust This command returns an interface to the default value for DHCP filtering. Format no ip dhcp filtering trust Mode Interface Config 4.9.3 show ip dhcp filtering This command displays the DHCP filtering configuration.
AT8404 4.10.2 Utility Commands ip domain name Use this command to define a default domain name that FASTPATH software uses to complete unqualified host names (names with a domain name). By default, no default domain name is configured in the system. may not be longer than 255 characters and should not include an initial period. This should be used only when the default domain name list, configured using the ip domain list command, is empty.
Utility Commands 4.10.4.1 AT8404 no ip name server Use this command to remove a name server. Format no ip name-server [server-address1...server-address8] Mode Global Config 4.10.5 ip host Use this command to define static host name-to-address mapping in the host cache. is host name. is the IP address of the host. Default none Format ip host Mode Global Config 4.10.5.1 no ip host Use this command to remove the name-to-address mapping.
AT8404 4.10.7.1 Utility Commands no ip domain timeout Use this command to return to the default setting. Format no ip domain timeout Mode Global Config 4.10.8 clear host Use this command to delete entries from the host name-to-address cache. This command clears the entries from the DNS cache maintained by the software. Format clear host { | all} Mode Privileged EXEC Field Description name A particular host entry to remove. ranges from 1-255 characters.
Utility Commands AT8404 Configured host name-to-address mapping: Host Addresses ------------------------------ -----------------------------accounting.gm.com 176.16.8.8 Host Total Elapsed --------------- -------- -----www.stanford.edu 72 3 4.11 Type -------IP Addresses -------------171.64.14.203 Serviceability Packet Tracing Commands These commands improve the capability of network engineers to diagnose conditions affecting their FASTPATH product.
AT8404 4.11.3 Utility Commands debug clear This command disables all previously enabled “debug” traces. Default disabled Format debug clear Mode Privileged EXEC 4.11.4 debug console This command enables the display of “debug” trace output on the login session in which it is executed. Debug console display must be enabled in order to view any trace output. The output of debug trace commands will appear on all login sessions for which debug console has been enabled.
Utility Commands 4.11.6.1 AT8404 no debug igmpsnooping packet This command disables tracing of IGMP Snooping packets. Format no debug igmpsnooping packet Mode Privileged EXEC 4.11.7 debug igmpsnooping packet transmit This command enables tracing of IGMP Snooping packets transmitted by the switch. Snooping should be enabled on the device and the interface in order to monitor packets for a particular interface.
AT8404 4.11.8 Utility Commands debug igmpsnooping packet receive This command enables tracing of IGMP Snooping packets received by the switch. Snooping should be enabled on the device and the interface in order to monitor packets for a particular interface. Default disabled Format debug igmpsnooping packet receive Mode Privileged EXEC A sample output of the trace message is shown below. <15> JAN 01 02:45:06 192.168.17.29-1 IGMPSNOOP[185429992]: igmp_snooping_debug.
Utility Commands 4.11.9.1 AT8404 no debug ip acl Use this command to disable debug of IP Protocol packets matching the ACL criteria. Format no debug ip acl Mode Privileged EXEC 4.11.10 debug ip igmp packet Use this command to trace IGMP packet reception and transmission. receive traces only received IGMP packets and transmit traces only transmitted IGMP packets. When neither keyword is used in the command, then all IGMP packet traces are dumped.
AT8404 Utility Commands Format debug lacp packet Mode Privileged EXEC A sample output of the trace message is shown below. <15> JAN 01 14:04:51 10.254.24.31-1 DOT3AD[183697744]: dot3ad_debug.c(385) 58 %% Pkt TX - Intf: 1/0/1(1), Type: LACP, Sys: 00:11:88:14:62:e1, State: 0x47, Key: 0x36 4.11.12.1 no debug lacp packet This command disables tracing of LACP packets. Format no debug lacp packet Mode Privileged EXEC 4.11.
Utility Commands AT8404 The following parameters are displayed in the trace message: Parameter Definition TX/RX TX refers to a packet transmitted by the device. RX refers to packets received by the device. Intf The interface that the packet came in or went out on. Format used is unit/slot/port (internal interface number). Unit is always shown as 1 for interfaces on a non-stacking device. SRC_IP The source IP address in the IP header in the packet.
AT8404 4.11.17 Utility Commands debug spanning-tree bpdu receive This command enables tracing of spanning tree BPDUs received by the switch. Spanning tree should be enabled on the device and on the interface in order to monitor packets for a particular interface. Default disabled Format debug spanning-tree bpdu receive Mode Privileged EXEC A sample output of the trace message is shown below. <15> JAN 01 01:02:04 192.168.17.29-1 DOT1S[191096896]: dot1s_debug.
Utility Commands AT8404 The following parameters are displayed in the trace message: Parameter Definition TX A packet transmitted by the device. Intf The interface that the packet went out on. Format used is unit/port/slot (internal interface number). Unit is always shown as 1 for interfaces on a non-stacking device. Source_Mac Source MAC address of the packet. Version Spanning tree protocol version (0-3). 0 refers to STP, 2 RSTP and 3 MSTP. Root_Mac MAC address of the CIST root bridge.
AT8404 Utility Commands Format cablestatus Mode Privileged EXEC Field Description Cable Status One of the following statuses is returned: • Normal: The cable is working correctly. • Open: The cable is disconnected or there is a faulty connector. • Short: There is an electrical short in the cable. • Cable Test Failed: The cable status could not be determined. The cable may in fact be working.
Utility Commands 4.13.1.1 AT8404 no sflow receiver Use this command to set the sFlow collector parameters back to the defaults. Format no sflow receiver {ip | maxdatagram | owner timeout | port <14-port>} Mode Global Config 4.13.2 sflow sampler A data source configured to collect flow samples is called a poller. Use this command to configure a new sFlow sampler instance for this data source if is valid.
AT8404 Utility Commands Field Description Poll Interval Enter the sFlow instance polling interval. A poll interval of zero (0) disables counter sampling. When set to zero (0), all the poller parameters are set to their corresponding default value. The range is 0-86400. The default is 0. A value of N means once in N seconds a counter sample is generated. 4.13.3.1 no sflow poller Use this command to reset the sFlow poller instance to the default settings.
Utility Commands 4.13.5 AT8404 show sflow receivers Use this command to display configuration information related to the sFlow receivers. Format show sflow receivers [] Mode Privileged EXEC Field Description Receiver Index The sFlow Receiver associated with the sampler/poller. Owner String The identity string for receiver, the entity making use of this sFlowRcvrTable entry.
AT8404 Chapter 51 Management Commands Page 5 - 1 AT8404 CLI Reference Manual
Management Commands 5. AT8404 Management Commands This chapter describes the management commands available in the FASTPATH CLI. The Management Commands chapter contains the following sections: • 5.1 “Network Interface Commands” on page 5 - 2. • 5.2 “Console Port Access Commands” on page 5 - 5. • 5.3 “Telnet Commands” on page 5 - 7. • 5.4 “Secure Shell (SSH) Commands” on page 5 - 11. • 5.5 “Management Security Commands” on page 5 - 13. • 5.6 “Access Commands” on page 5 - 14. • 5.
AT8404 Management Commands Mode Privileged EXEC 5.1.3 serviceport protocol This command specifies the network management port configuration protocol. If you modify this value, the change is effective immediately. If you use the bootp parameter, the switch periodically sends requests to a BootP server until a response is received. If you use the dhcp parameter, the switch periodically sends requests to a DHCP server until a response is received.
Management Commands 5.1.7 AT8404 network mac-type This command specifies whether the switch uses the burned in MAC address or the locally-administered MAC address. Default burnedin Format network mac-type {local | burnedin} Mode Privileged EXEC 5.1.7.1 no network mac-type This command resets the value of MAC address to its default. Format no network mac-type Mode Privileged EXEC 5.1.8 show network This command displays configuration settings associated with the switch's network interface.
AT8404 Management Commands Term Definition Network Configuration Protocol Current The network protocol being used. The options are bootp | dhcp | none. Example: The following shows example CLI display output for the network port. (Ethernet Fabric) #show network Interface Status............................... IP Address..................................... Subnet Mask.................................... Default Gateway................................ Burned In MAC Address..........................
Management Commands 5.2.1 AT8404 configuration This command gives you access to the Global Config mode. From the Global Config mode, you can configure a variety of system settings, including user accounts. From the Global Config mode, you can enter other command modes, including Line Config mode. Format configuration Mode Privileged EXEC 5.2.2 lineconfig This command gives you access to the Line Config mode, which allows you to configure various Telnet settings and the console port.
AT8404 Management Commands 5.2.5 show serial This command displays serial communication settings for the switch. Format show serial Modes • Privileged EXEC • User EXEC Term Definition Serial Port Login The time, in minutes, of inactivity on a Serial port connection, after which the Switch will close Timeout (minutes) the connection. Any numeric value between 0 and 160 is allowed, the factory default is 5. A value of 0 disables the timeout.
Management Commands AT8404 sets the outbound Telnet operational mode as ‘linemode’ where, by default, the operational mode is ‘character mode’. The noecho option disables local echo. Format telnet [debug] [line] [noecho] Modes • Privileged EXEC • User EXEC 5.3.3 transport input telnet This command regulates new Telnet sessions. If enabled, new Telnet sessions can be established until there are no more sessions available.
AT8404 5.3.5 Management Commands session-limit This command specifies the maximum number of simultaneous outbound Telnet sessions. A value of 0 indicates that no outbound Telnet session can be established. Default 5 Format session-limit <0-5> Mode Line Config 5.3.5.1 no session-limit This command sets the maximum number of simultaneous outbound Telnet sessions to the default value. Format no session-limit Mode Line Config 5.3.
Management Commands 5.3.8 AT8404 telnetcon timeout This command sets the Telnet connection session timeout value, in minutes. A session is active as long as the session has not been idle for the value set. The time is a decimal value from 1 to 160. Note: When you change the timeout value, the new value is applied to all active and inactive sessions immediately. Any sessions that have been idle longer than the new timeout value are disconnected immediately.
AT8404 Management Commands Term Definition Remote This object indicates the number of minutes a remote connection session is allowed to remain Connection Login inactive before being logged off. May be specified as a number from 1 to 160. The factory Timeout (minutes) default is 5. Maximum Number This object indicates the number of simultaneous remote connection sessions allowed. The of Remote factory default is 5. Connection Sessions Allow New Telnet Sessions 5.
Management Commands Mode Privileged EXEC 5.4.4 sshcon maxsessions AT8404 This command specifies the maximum number of SSH connection sessions that can be established. A value of 0 indicates that no ssh connection can be established. The range is 0 to 5. Default 5 Format sshcon maxsessions <0-5> Mode Privileged EXEC 5.4.4.1 no sshcon maxsessions This command sets the maximum number of allowed SSH connection sessions to the default value. Format no sshcon maxsessions Mode Privileged EXEC 5.
AT8404 Management Commands Term Definition Administrative Mode This field indicates whether the administrative mode of SSH is enabled or disabled. Protocol Level The protocol level may have the values of version 1, version 2 or both versions 1 and version 2. SSH Sessions Currently Active The number of SSH sessions currently active. Max SSH Sessions The maximum number of SSH sessions allowed. Allowed SSH Timeout The SSH timeout value in minutes.
Management Commands 5.5.3 AT8404 crypto key generate dsa Use this command to generate a DSA key pair for SSH. The new key files will overwrite any existing generated or downloaded DSA key files. Format crypto key generate dsa Mode Global Config 5.5.3.1 no crypto key generate dsa Use this command to delete the DSA key files from the device. Format no crypto key generate dsa Mode Global Config 5.
AT8404 5.7 Management Commands User Account Commands This section describes the commands you use to add, manage, and delete system users. FASTPATH software has two default users: admin and guest. The admin user can view and configure system settings, and the guest user can view settings. Note: You cannot delete the admin user. There is only one user allowed with read/write privileges. You can configure up to five read-only users on the system. 5.7.
Management Commands AT8404 there is no password, press enter. You must enter the in the same case you used when you added the user. To see the case of the , enter the show users command. Note: To specify a blank password in the configuration script, you must specify it as a space within quotes, for example, “ ”. For more information about creating configuration scripts, see 5.11 “Configuration Scripting Commands” on page 5 - 45.
AT8404 5.7.6 Management Commands users snmpv3 authentication This command specifies the authentication protocol to be used for the specified user. The valid authentication protocols are none, md5 or sha. If you specify md5 or sha, the login password is also used as the snmpv3 authentication password and therefore must be at least eight characters in length. The is the user name associated with the authentication protocol.
Management Commands 5.7.8 AT8404 show users This command displays the configured user names and their settings. This command is only available for users with Read/Write privileges. The SNMPv3 fields will only be displayed if SNMP is available on the system. Format show users Mode Privileged EXEC Term Definition User Name The name the user enters to login using the serial port, Telnet or Web.
AT8404 5.7.11 Management Commands passwords min-length Use this command to enforce a minimum password length for local users. The value also applies to the enable password. The valid range is 8-64. Default 8 Format passwords min-length <8-64> Mode Global Config 5.7.11.1 no passwords min-length Use this command to set the minimum password length to the default value. Format no passwords min-length Mode Global Config 5.7.
Management Commands 5.7.14 AT8404 passwords lock-out Use this command to strengthen the security of the switch by locking user accounts that have failed login due to wrong passwords. When a lockout count is configured, a user that is logged in must enter the correct password within that count. Otherwise the user will be locked out from further switch access. Only a user with read/write access can re-activate a locked user account. Password lockout does not apply to logins from the serial console.
AT8404 5.8.1 Management Commands snmp-server This command sets the name and the physical location of the switch, and the organization responsible for the network. The range for , and is from 1 to 31 alphanumeric characters. Default none Format snmp-server {sysname | location | contact } Mode Global Config 5.8.2 snmp-server community This command adds (and names) a new SNMP community.
Management Commands 5.8.4 AT8404 snmp-server community ipmask This command sets a client IP mask for an SNMP community. The address is the associated community SNMP packet sending address and is used along with the client IP address value to denote a range of IP addresses from which SNMP clients may use that community to access the device. A value of 255.255.255.255 will allow access from only one station, and will use that machine's IP address for the client IP address. A value of 0.0.0.
AT8404 Management Commands snmp-server community rw This command restricts access to switch information. The access mode is read/write (also called private). Format snmp-server community rw Mode Global Config 5.8.7 snmp-server enable traps violation This command enables the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port. Note: For other port security commands, see 2.7 “Protected Ports Commands” on page 2 - 34.
Management Commands 5.8.9 AT8404 snmp-server enable traps linkmode Note: This command may not be available on all platforms. This command enables Link Up/Down traps for the entire switch. When enabled, link traps are sent only if the Link Trap flag setting associated with the port is enabled. See “snmp trap link-status” on page 5 - 26. Default enabled Format snmp-server enable traps linkmode Mode Global Config 5.8.9.
AT8404 5.8.12 Management Commands snmp-server enable traps stpmode This command enables the sending of new root traps and topology change notification traps. Default enabled Format snmp-server enable traps stpmode Mode Global Config 5.8.12.1 no snmp-server enable traps stpmode This command disables the sending of new root traps and topology change notification traps. Format no snmp-server enable traps stpmode Mode Global Config 5.8.13 snmptrap This command adds an SNMP trap receiver.
Management Commands 5.8.14 AT8404 snmptrap snmpversion This command modifies the SNMP version of a trap. The maximum length of is 16 case-sensitive alphanumeric characters. The parameter options are snmpv1 or snmpv2. Note: This command does not support a “no” form. Default snmpv2 Format snmptrap snmpversion Mode Global Config 5.8.15 snmptrap ipaddr This command assigns an IP address to a specified community name.
AT8404 5.8.17.1 Management Commands no snmp trap link-status This command disables link status traps by interface. Note: This command is valid only when the Link Up/Down Flag is enabled. Format no snmp trap link-status Mode Interface Config 5.8.18 snmp trap link-status all This command enables link status traps for all interfaces. Note: This command is valid only when the Link Up/Down Flag is enabled. See “snmp-server enable traps linkmode” on page 5 - 24.
Management Commands AT8404 Term Definition Client IP Address An IP address (or portion thereof) from which this device will accept SNMP packets with the associated community. The requesting entity's IP address is ANDed with the Subnet Mask before being compared to the IP address. Note: If the Subnet Mask is set to 0.0.0.0, an IP address of 0.0.0.0 matches all IP addresses. The default value is 0.0.0.0.
AT8404 Term Management Commands Definition Link Up/Down Flag Can be enabled or disabled. The factory default is enabled. Indicates whether link status traps will be sent. Multiple Users Flag Can be enabled or disabled. The factory default is enabled. Indicates whether a trap will be sent when the same user ID is logged into the switch more than once at the same time (either through Telnet or the serial port). Spanning Tree Flag Can be enabled or disabled. The factory default is enabled.
Management Commands Mode Privileged Exec 5.8.25.1 no set board snmp site AT8404 This command resets the sites used to monitor IPMI information via SNMP. Format no set board snmp site {local | } Mode Privileged Exec 5.8.26 show boardinfo snmp site This command displays the sites used to monitor IPMI information via SNMP. The sites are indicated by ‘local’ for the local site and by the IPMB address for remote sites.. Format show boardinfo snmp site Mode Privileged Exec 5.8.
AT8404 5.8.30 Management Commands enable (filter) This command enables the filter rule.. Format enable Mode IPMI-filter Exec 5.8.31 disable (filter) This command disables the filter rule. The rule is not deleted. The rule is disabled by default if a new rule is generated.. Format disable Mode IPMI-filter Exec 5.8.32 ipmb (filter) This command specifies the site for which a trap should be sent.
Management Commands 5.8.36 AT8404 show boardinfo snmp ipmi-trap This command displays the settings for generation of IPMI traps. It displayes the general setting as well as all filter rules.. Format show boardinfo snmp ipmi-trap Mode Privileged Exec 5.9 RADIUS Commands This section describes the commands you use to configure the switch to use a Remote Authentication Dial-In User Service (RADIUS) server on your network for authentication and accounting. 5.9.
AT8404 Management Commands Format radius server attribute <4> [] Mode Global Config Term Definition 4 NAS-IP-Address attribute to be used in RADIUS requests. ipaddr The IP address of the server. 5.9.3.1 no radius server attribute The no version of this command disables the NAS-IP-Address attribute global parameter for RADIUS client. When this parameter is disabled, the RADIUS client does not send the NAS-IP-Address attribute in RADIUS requests.
Management Commands AT8404 Format radius server host {auth | acct} {} [name ] [port <0-65535>] Mode Global Config Field Description ipaddr The IP address of the server. dnsname The DNS name of the server. 0-65535 The port number to use to connect to the specified RADIUS server. servername The alias name to identify the server. 5.9.4.
AT8404 Mode Management Commands Global Config Field Description ipaddr The IP address of the server. dnsname The DNS name of the server. password The password in encrypted format. Example: The following shows an example of the CLI command. radius server key acct 10.240.4.10 encrypted 5.9.6 radius server msgauth This command enables the message authenticator attribute to be used for the specified RADIUS Authenticating server.
Management Commands 5.9.8 AT8404 radius server retransmit This command configures the global parameter for the RADIUS client that specifies the number of transmissions of the messages to be made before attempting the fall back server upon unsuccessful communication with the current RADIUS authenticating server. When the maximum number of retries are exhausted for the RADIUS accounting server and no response is received, the client does not communicate with any other server.
AT8404 Mode Management Commands Privileged EXEC Term Definition Number of Configured Authentication Servers The number of RADIUS Authentication servers that have been configured. Number of Configured Accounting Servers The number of RADIUS Accounting servers that have been configured. Number of Named The number of configured named RADIUS server groups. Authentication Server Groups Number of Named Accounting The number of configured named RADIUS server groups.
Management Commands AT8404 Field Description Server Name The name of the authenticating server. Port The port used for communication with the authenticating server. Type Specifies whether this server is a primary or secondary type. Current Host Address The IP address of the currently active authenticating server. Secret Configured Yes or No Boolean value that indicates whether this server is configured with a secret.
AT8404 Management Commands Secret Configured...................... Message Authenticator ................. Number of Retransmits.................. Time Duration.......................... RADIUS Accounting Mode................. RADIUS Attribute 4 Mode................ RADIUS Attribute 4 Value .............. 5.9.12 No Enable 4 10 Disable Enable 192.168.37.60 show radius accounting This command displays a summary of configured RADIUS accounting servers.
Management Commands 5.9.13 AT8404 show radius accounting statistics This command displays a summary of statistics for the configured RADIUS accounting servers. Format show radius accounting statistics { | name } Mode Privileged EXEC Term Definition ipaddr The IP address of the server. dnsname The DNS name of the server. servername The alias name to identify the server. The name of the accounting server.
AT8404 Management Commands (Switch) #show radius accounting statistics name Default_RADIUS_Server RADIUS Accounting Server Name................. Host Address.................................. Round Trip Time............................... Requests...................................... Retransmissions............................... Responses..................................... Malformed Responses........................... Bad Authenticators............................ Pending Requests....................
Management Commands AT8404 Term Definition Packets Dropped The number of RADIUS packets received from this server on the authentication port and dropped for some other reason. Example: The following shows example CLI display output for the command. (Switch) #show radius statistics 192.168.37.200 RADIUS Server Name............................ Server Host Address........................... Access Requests............................... Access Retransmissions........................ Access Accepts.......
AT8404 Management Commands Mode Global Config 5.10.1.1 no tacacs-server host Use the no tacacs-server host command to delete the specified hostname or IP address. The parameter is the IP address of the TACACS+ server. Format no tacacs-server host Mode Global Config 5.10.2 tacacs-server key Use the tacacs-server key command to set the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon.
Management Commands 5.10.4 AT8404 key Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all TACACS communications between the device and the TACACS server. This key must match the key used on the TACACS daemon. The parameter specifies the key name. For an empty string use “ ”. (Range: 0 - 128 characters). Text-based configuration supports TACACS server’s secrets in encrypted and non-encrypted format.
AT8404 Management Commands Term Definition IP address or Hostname The IP address or hostname of the configured TACACS+ server. Port The configured TACACS+ server port number. TimeOut The timeout in seconds for establishing a TCP connection. Priority The preference order in which TACACS+ servers are contacted. If a server connection fails, the next highest priority server is contacted. 5.
Management Commands 5.11.1 AT8404 script apply This command applies the commands in the script to the switch. The parameter is the name of the script to apply. Format script apply Mode Privileged EXEC 5.11.2 script delete This command deletes a specified script where the parameter is the name of the script to delete. The option deletes all the scripts present on the switch. Format script delete { | all} Mode Privileged EXEC 5.11.
AT8404 5.12 Management Commands Pre-login Banner and System Prompt Commands This section describes the commands you use to configure the pre-login banner and the system prompt. The prelogin banner is the text that displays before you login at the User: prompt. 5.12.1 copy (pre-login banner) The copy command includes the option to upload or download the CLI Banner to or from the switch. You can specify local URLs by using TFTP, Xmodem, Ymodem, or Zmodem.
Management Commands • AT8404 the kind of clock Format show boardinfo pcie Mode Priviledged EXEC 5.15 Storage Commands 5.15.1 set board storage connect This command sets the connection from an AMC to a storage modul. Possible connections are from AMC-B4 to AMC-B2 (port 2) or AMC-B1 (port 3). Format set board storage connect amcb4 {amcb1|amcb2} Mode Priviledged EXEC 5.15.2 show boardinfo storage This command displays the the connection from an AMC to a storage modul.
AT8404 Management Commands Format Format set set set set set Mode Priviledged EXEC 5.16.3 show boardinfo pll status board board board board board pll pll pll pll pll tie {normal|adjust} mode {normal|freerun} oor {40_52_ppm|64_83_ppm} reset {normal|reset} source {none|clk1|clk2|clk3} This command shows the PLL status. Format show boardinfo pll status Mode Priviledged EXEC 5.16.4 show boardinfo pll config This command shows the PLL configuration.
Management Commands Mode AT8404 Priviledged EXEC = {clk1a|clk1b|clk2a|clk2b|clk3a|clk3b} 5.16.8 set board clock override The command overrides the clock ekeying for an AMC clock. A correct MUX setting (set board clock mux-amc) must be done before. If the source for an AMC clock is set to PLL, the clock frequence must be specified too, otherwise the related parameter is not used.
AT8404 5.16.12 Management Commands show boardinfo clock amc This command shows the configuration of the AMC clocks. The AMC clocks are displayed with the source (from carrier or AMC), state (enabled/disabled) and (if enabled) the internal clock index with clock configuration attributes. If the source is the AMC, it is checked whether a AMC is present (otherwise state is set to ‘not present’).
Management Commands AT8404 CLI Reference Manual AT8404 Page 5 - 52
AT8404 Getting Help Appendix A Getting Help Page A - 1 AT8404 CLI Reference Manual
AT8404 A. Getting Help Getting Help If at any time you encounter difficulties with your application or with any of our products, or if you simply need guidance on system setups and capabilities, contact our Technical Support at: North America EMEA Tel.: (450) 437-5682 Tel.: +49 (0) 8341 803 xxx Fax: (450) 437-8053 Fax: +49 (0) 8341 803 xxx If you have any questions about Kontron, our products, or services, visit our Web site at: www.kontron.
AT8404 Getting Help RETURNING DEFECTIVE MERCHANDISE Before returning any merchandise please do one of the following if your product malfunctions: • Call 1. Call our Technical Support department in North America at (450) 437-5682 and in EMEA at +49 (0) 8341 803 xxx. Make sure you have the following on hand: our Invoice #, your Purchase Order #, and the Serial Number of the defective unit. 2.
AT8404 Getting Help WHEN RETURNING A UNIT • In the box, you have to include the name and telephone number of a person whom we can contact for further explanations if necessary when returning goods. Where applicable, always include all duty papers and invoice(s) associated with the item(s) in question. • Ensure that the unit is properly packed. Pack it in a rigid cardboard box. • Clearly write or mark the RMA number on the outside of the package you are returning. • Ship prepaid.
AT8404 Getting Help Return to Manufacturer Authorization Request Contact Name: __________________________________________________________ Company Name: __________________________________________________________ Street Address: __________________________________________________________ City: ________________________ Province/State: Country: ________________________ Postal/Zip Code: _______________________ Phone Number: ________________________ Extension: _______________________ Fax Number:
AT8404 FASTPATH log messages Appendix B FASTPATH log messages Page B - 1 AT8404 CLI Reference Manual
FASTPATH log messages B. AT8404 FASTPATH Log Messages This chapter lists common log messages that are provided by FASTPATH, along with information regarding the cause of each message. There is no specific action that can be taken per message. When there is a problem being diagnosed, a set of these messages in the event log, along with an understanding of the system configuration and details of the problem) will assist Broadcom in determining the root cause of such a problem.
AT8404 FASTPATH log messages Table 2: NIM Log Messages (Continued) Component Message Cause NIM NIM: Attempted event (x), on USP x.x.
FASTPATH log messages AT8404 Table 5: DHCP Filtering Log Messages Component Message Cause DHCP Filtering Unable to create r/w lock for DHCP Filtering Unable to create semaphore used for dhcp filtering configuration structure . DHCP Filtering Failed to register with nv Store.
AT8404 FASTPATH log messages Table 7: RADIUS Log Messages (Continued) Component Message Cause RADIUS RADIUS: Access-Challenge failed to validate, The RADIUS Client received an invalid id=xxx message from the server. RADIUS RADIUS: Failed to validate MessageAuthenticator, id=xxx The RADIUS Client received an invalid message from the server. RADIUS RADIUS: Access-Accpet failed to validate, id=xxx The RADIUS Client received an invalid message from the server.
FASTPATH log messages AT8404 Table 12: EmWeb Log Messages Component Message Cause EmWeb EMWEB (Telnet): Max number of Telnet login A user attempted to connect via telnet when sessions exceeded the maximum number of telnet sessions were already active. EmWeb EMWEB (SSH): Max number of SSH login sessions exceeded A user attempted to connect via SSH when the maximum number of SSH sessions were already active.
AT8404 FASTPATH log messages Table 15: SSLT Log Messages Component Message Cause SSLT SSLT: Exceeded maximum, ssltConnectionTask Exceeded maximum allowed SSLT connections. SSLT SSLT: Error creating Secure server socket6 Failed to create secure server socket for IPV6. SSLT SSLT: Can't connect to unsecure server at XXXX, result = YYYY, errno = ZZZZ Failed to open connection to unsecure server. XXXX is the unsecure server socket address.
FASTPATH log messages AT8404 Table 17: Protected Ports Log Messages (Continued) Component Message Cause Protected Ports Cannot add intIfNum xxx to group yyy This appears when an interface could not be added to a particular group.
AT8404 FASTPATH log messages Table 19: Mac-based VLANs Log Messages Component Message Cause Mac based VLANS vlanMacVlanChangeCallback: Failed to add an entry This appears when a dtl fails to add an entry for a vlan add notify event. Mac based VLANS vlanMacVlanChangeCallback: Failed to delete an entry This appears when a dtl fails to delete an entry for an vlan delete notify event. Table 20: 802.1x Log Messages Component Message Cause 802.1X function: Failed calling dot1xIssueCmd 802.
FASTPATH log messages AT8404 Table 22: GARP/GVRP/GMRP Log Messages Component Message Cause GARP/GVRP/ GMRP The garpQueue is full, logs specifics of the garpSpanState, garpIfStateChange, GarpIssueCmd, garpDot1sChangeCallBack, message content like internal interface number, type of message etc.
AT8404 FASTPATH log messages Table 26: IPv6 Provisioning Log Message Component Message Cause IPV6 Provisioning ipv6ProvIntfIsConfigurable: Error accessing A default configuration does not exist for this IPv6 Provisioning config data for interface %d interface. Typically a case when a new interface is created and has no preconfiguration. Table 27: MFDB Log Message Component Message Cause MFDB mfdbTreeEntryUpdate: entry does not exist Trying to update a non existing entry Table 28: 802.
FASTPATH log messages AT8404 Table 30: Port Mac Locking Log Message Component Message Cause Port Mac Locking pmlMapIntfIsConfigurable: Error accessing PML config data for interface %d in pmlMapIntfIsConfigurable. A default configuration does not exist for this interface. Typically a case when a new interface is created and has no preconfiguration.
AT8404 FASTPATH log messages Table 34: DiffServ Log Messages Component Message DiffServ diffserv.c 165: diffServRestore Failed to reset While attempting to clear the running DiffServ. Recommend resetting device configuration an error was encountered in removing the current settings. This may lead to an inconsistent state in the system and resetting is advised. DiffServ Policy invalid for service intf: "policy name, intIfNum x, direction y B.
FASTPATH log messages AT8404 Table 35: Broadcom Error Messages (Continued) Component Message Broadcom USL: A Trunk being destroyed doesn't exist in Possible synchronization issue between the USL application, hardware, and sync layer. Broadcom USL: A Trunk being set doesn't exist in USL Possible synchronization issue between the application, hardware, and sync layer.
AT8404 FASTPATH log messages Table 36: Linux BSP Log Message Component Message Cause Linux BSP rc = 10 Second message logged at bootup, right after “Starting code…”. Always logged. Table 37: OSAPI Linux Log Messages Component Message Cause OSAPI Linux osapiNetLinkNeighDump: could not open socket! - or – ipstkNdpFlush: could not open socket! – or – osapiNetlinkDumpOpen: unable to bind socket! errno = XX Couldn’t open a “netlink” socket.
FASTPATH log messages AT8404 Table 37: OSAPI Linux Log Messages (Continued) Component Message Cause OSAPI Linux Failed to Set Interface IP Address – or – IP Netmask – or – Broadcast Address – or – Flags – or – Hardware Address – or – Failed to Retrieve Interface Flags Trouble adding VRRP IP or MAC address(es) to a Linux network interface.
AT8404 Appendix C List of Commands AT8404 CLI Reference Manual
List of Commands C. AT8404 List of Commands {deny | permit} (IP ACL) ................................................................................................ 3 - 32 {deny | permit} (IPv6) ..................................................................................................... 3 - 36 {deny | permit} (MAC ACL) .......................................................................................... 3 - 27 access-list ...................................................................
AT8404 List of Commands clear pass .........................................................................................................................4 - 26 clear port-channel ............................................................................................................4 - 27 clear radius statistics ........................................................................................................2 - 42 clear traplog ................................................................
List of Commands AT8404 domain-name ................................................................................................................... 4 - 39 dos-control all ................................................................................................................. 2 - 127 dos-control firstfrag ........................................................................................................ 2 - 127 dos-control icmp .............................................................
AT8404 List of Commands ip dhcp conflict logging ...................................................................................................4 - 42 ip dhcp excluded-address ................................................................................................4 - 41 ip dhcp filtering ...............................................................................................................4 - 45 ip dhcp filtering trust ...................................................................
List of Commands AT8404 lacp actor port priority .................................................................................................... 2 - 65 lacp actor system priority ................................................................................................ 2 - 65 lacp admin key ................................................................................................................ 2 - 62 lacp collector max-delay ..............................................................
AT8404 List of Commands macfilter addsrc all ..........................................................................................................2 - 79 mark cos ...........................................................................................................................3 - 19 mark ip-precedence .........................................................................................................3 - 19 match any ........................................................................
List of Commands AT8404 no auto-negotiate.............................................................................................................. 2 - 3 no auto-voip all ................................................................................................................ 3 - 38 no auto-voip ..................................................................................................................... 3 - 39 no block.....................................................................
AT8404 List of Commands no dos-control tcpfrag.......................................................................................................2 - 128 no dot1x guest-vlan ..........................................................................................................2 - 43 no dot1x max-req..............................................................................................................2 - 44 no dot1x max-users.....................................................................
List of Commands AT8404 no ip telnet server enable ................................................................................................. 5 - 7 no ip verify binding.......................................................................................................... 2 - 82 no ip verify source ........................................................................................................... 2 - 83 no ipv6 access-list ..................................................................
AT8404 List of Commands no logging syslog..............................................................................................................4 - 22 no mac access-group.........................................................................................................3 - 29 no mac access-list extended..............................................................................................3 - 27 no macfilter adddest all ....................................................................
List of Commands AT8404 no radius accounting mode .............................................................................................. 5 - 32 no radius server attribute.................................................................................................. 5 - 33 no radius server host ........................................................................................................ 5 - 34 no radius server msgauth ...................................................................
AT8404 List of Commands no set mld querier .............................................................................................................2 - 108 no set mld .........................................................................................................................2 - 103 no sflow poller ..................................................................................................................4 - 61 no sflow receiver .......................................................
List of Commands AT8404 no spanning-tree rootguard .............................................................................................. 2 - 15 no spanning-tree............................................................................................................... 2 - 7 no sshcon maxsessions..................................................................................................... 5 - 12 no sshcon timeout ...........................................................................
AT8404 List of Commands no vlan port pvid all..........................................................................................................2 - 24 no vlan port tagging all.....................................................................................................2 - 25 no vlan protocol group add protocol ................................................................................2 - 25 no vlan pvid ....................................................................................
List of Commands AT8404 radius accounting mode .................................................................................................. 5 - 32 radius server attribute ...................................................................................................... 5 - 32 radius server host ............................................................................................................ 5 - 33 radius server key ......................................................................
AT8404 List of Commands set gvrp interfacemode ....................................................................................................2 - 38 set igmp ...........................................................................................................................2 - 93 set igmp fast-leave ...........................................................................................................2 - 95 set igmp groupmembership-interval .................................................
List of Commands AT8404 show boardinfo cpu-load ................................................................................................. 4 - 19 show boardinfo event-log ............................................................................................... 4 - 17 show boardinfo fru .......................................................................................................... 4 - 18 show boardinfo ipmidev .........................................................................
AT8404 List of Commands show interfaces switchport ..............................................................................................2 - 36 show ip access-lists ..........................................................................................................3 - 34 show ip arp inspection .....................................................................................................2 - 91 show ip arp inspection interfaces ...........................................................
List of Commands AT8404 show loginsession ........................................................................................................... 5 - 14 show mac access-lists ..................................................................................................... 3 - 29 show mac-address-table gmrp ......................................................................................... 2 - 41 show mac-address-table igmpsnooping .............................................................
AT8404 List of Commands show snmp-engine-id .......................................................................................................5 - 29 show snmptrap .................................................................................................................5 - 28 show sntp .........................................................................................................................4 - 34 show sntp client ...................................................................
List of Commands AT8404 snmp-server enable traps pll ........................................................................................... 5 - 24 snmp-server enable traps stpmode .................................................................................. 5 - 25 snmp-server enable traps violation ................................................................................. 5 - 23 snmp-server engine-id .........................................................................................
AT8404 List of Commands storm-control broadcast all rate .......................................................................................2 - 54 storm-control broadcast level ..........................................................................................2 - 52 storm-control broadcast rate ............................................................................................2 - 53 storm-control flowcontrol ..............................................................................
List of Commands AT8404 vlan makestatic ................................................................................................................ 2 - 22 vlan name ........................................................................................................................ 2 - 22 vlan participation ............................................................................................................ 2 - 23 vlan participation all ......................................................
