GS-4210-Series (V2) User Manual
Table Of Contents
- Chapter 1 COMMAND LINE INTERFACE
- Chapter 2 CONSOLE CLI MANAGEMENT
- Chapter 3 TELNET CLI MANAGEMENT
- Chapter 4 Commands for CLI Configuration
- 4.1 802.1x
- 4.1.1 dot1x
- 4.1.2 dot1x authentication
- 4.1.3 dot1x reauthentication
- 4.1.4 dot1x timeout reauth-period
- 4.1.5 dot1x timeout quiet-period
- 4.1.6 dot1x timeout supp-timeout
- 4.1.7 dot1x max-req
- 4.1.8 dot1x guest-vlan
- 4.1.9 dot1x guest-vlan
- 4.1.10 show dot1x
- 4.1.11 show dot1x authenticated-hosts
- 4.1.12 show dot1x interface
- 4.1.13 show dot1x guest-vlan
- 4.2 AAA
- 4.2.1 aaa authentication
- 4.2.2 login authentication
- 4.2.3 ip http login authentication
- 4.2.4 enable authentication
- 4.2.5 show aaa authentication
- 4.2.6 show line lists
- 4.2.7 tacacs default-config
- 4.2.8 tacacs host
- 4.2.9 show tacacs default-config
- 4.2.10 show tacacs
- 4.2.11 radius default-config
- 4.2.12 radius host
- 4.2.13 show radius default-config
- 4.2.14 show radius
- 4.3 ACL
- 4.4 Administration
- 4.4.1 enable
- 4.4.2 exit
- 4.4.3 configure
- 4.4.4 interface
- 4.4.5 line
- 4.4.6 end
- 4.4.7 reboot
- 4.4.8 system name
- 4.4.9 system contact
- 4.4.10 system location
- 4.4.11 username
- 4.4.12 enable password
- 4.4.13 ip address
- 4.4.14 ip default-gateway
- 4.4.15 ip dns
- 4.4.16 ip dhcp
- 4.4.17 ipv6 autoconfig
- 4.4.18 ipv6 address
- 4.4.19 ipv6 default-gateway
- 4.4.20 ipv6 dhcp
- 4.4.21 ip service
- 4.4.22 ip session-timeout
- 4.4.23 exec-timeout
- 4.4.24 password-thresh
- 4.4.25 silent-time
- 4.4.26 history
- 4.4.27 clear service
- 4.4.28 ssl
- 4.4.29 ping
- 4.4.30 traceroute
- 4.4.31 clear arp
- 4.4.32 show version
- 4.4.33 show info
- 4.4.34 show history
- 4.4.35 show username
- 4.4.36 show ip
- 4.4.37 show ip dhcp
- 4.4.38 show ipv6
- 4.4.39 show ipv6 dhcp
- 4.4.40 show line
- 4.5 Cable Diagnostics
- 4.6 DHCP Snooping
- 4.6.1 Ip dhcp snooping
- 4.6.2 ip dhcp snooping vlan
- 4.6.3 ip dhcp snooping trust
- 4.6.4 ip dhcp snooping verify
- 4.6.5 ip dhcp snooping limit rate
- 4.6.6 clear ip dhcp snooping statistics
- 4.6.7 show ip dhcp snooping
- 4.6.8 show ip dhcp snooping interface
- 4.6.9 show ip dhcp snooping binding
- 4.6.10 ip dhcp snooping option
- 4.6.11 ip dhcp snooping option action
- 4.6.12 ip dhcp snooping option circuit-id
- 4.6.13 ip dhcp snooping option remote-id
- 4.6.14 show ip dhcp snooping option
- 4.6.15 ip dhcp snooping database
- 4.6.16 ip dhcp snooping database write-deley
- 4.6.17 ip dhcp snooping database timeout
- 4.6.18 clear ip dhcp snooping database statistics
- 4.6.19 renew ip dhcp snooping database
- 4.6.20 show ip dhcp snooping database
- 4.7 DoS
- 4.8 Dynamic ARP Inspection
- 4.9 GVRP
- 4.10 IGMP Snooping
- 4.10.1 Ip igmp snooping
- 4.10.2 ip igmp snooping report-suppression
- 4.10.3 ip igmp snooping version
- 4.10.4 ip igmp snooping unknown-multicast action
- 4.10.5 ip igmp snooping forward-method
- 4.10.6 ip igmp snooping querier
- 4.10.7 ip igmp snooping vlan
- 4.10.8 ip igmp snooping vlan parameters
- 4.10.9 ip igmp snooping static port
- 4.10.10 ip igmp snooping vlan static router port
- 4.10.11 ip igmp snooping static group
- 4.10.12 ip igmp profile
- 4.10.13 ip igmp filter
- 4.10.14 ip igmp max-group
- 4.10.15 clear ip igmp snooping groups
- 4.10.16 clear ip igmp snooping statistics
- 4.10.17 show ip igmp snooping counters
- 4.10.18 show ip igmp snooping groups
- 4.10.19 show ip igmp snooping router
- 4.10.20 show ip igmp snooping querier
- 4.10.21 show ip igmp snooping
- 4.10.22 show ip igmp snooping vlan
- 4.10.23 show ip igmp snooping forward-all
- 4.10.24 show ip igmp profile
- 4.10.25 show ip igmp port filter
- 4.10.26 show ip igmp port max-group
- 4.10.27 show ip igmp port max-group action
- 4.11 IP Source Guard
- 4.12 Link Aggregation
- 4.13 LLDP
- 4.13.1 lldp
- 4.13.2 lldp tx-interval
- 4.13.3 lldp reinit-delay
- 4.13.4 lldp holdtime-multiplier
- 4.13.5 lldp tx-delay
- 4.13.6 lldp tlv-select
- 4.13.7 lldp tlv-select pvid
- 4.13.8 lldp tlv-select vlan-name
- 4.13.9 lldp lldpdu
- 4.13.10 lldp tx/rx
- 4.13.11 lldp med
- 4.13.12 lldp med tlv-select
- 4.13.13 lldp med fast-start-report-count
- 4.13.14 lldp med network-policy
- 4.13.15 lldp med network-policy add | remove
- 4.13.16 lldp med network-policy auto
- 4.13.17 lldp med location
- 4.13.18 show lldp
- 4.13.19 show lldp local-device
- 4.13.20 show lldp neighbor
- 4.13.21 show lldp med
- 4.13.22 show lldp statistics
- 4.13.23 show lldp tlv-overloading
- 4.14 Logging
- 4.15 MAC Address Table
- 4.16 Mirror
- 4.17 MLD Snooping
- 4.17.1 ipv6 mld snooping
- 4.17.2 ipv6 mld snooping report-suppression
- 4.17.3 ipv6 mld snooping version
- 4.17.4 ipv6 mld snooping vlan
- 4.17.5 ipv6 mld snooping vlan parameters
- 4.17.6 ipv6 mld snooping vlan static-port
- 4.17.7 ipv6 mld snooping vlan static-router-port
- 4.17.8 ipv6 mld snooping vlan static-group
- 4.17.9 ipv6 mld profile
- 4.17.10 ipv6 mld filter
- 4.17.11 ipv6 mld max-groups
- 4.17.12 clear ipv6 mld snooping groups
- 4.17.13 clear ipv6 mld snooping statistics
- 4.17.14 show ipv6 mld snooping groups counters
- 4.17.15 show ipv6 mld snooping groups
- 4.17.16 show ipv6 mld snooping router
- 4.17.17 show ipv6 mld snooping
- 4.17.18 show ipv6 mld snooping vlan
- 4.17.19 show ipv6 mld snooping forward-all
- 4.17.20 show ipv6 mld profile
- 4.17.21 show ipv6 mld filter
- 4.17.22 show ipv6 mld max-group
- 4.17.23 show ipv6 mld max-group action
- 4.18 Port Security
- 4.19 Port Error Disable
- 4.20 Port
- 4.21 QoS
- 4.22 Rate Limit
- 4.23 RMON
- 4.24 SNMP
- 4.24.1 snmp
- 4.24.2 snmp trap
- 4.24.3 snmp view
- 4.24.4 snmp access group
- 4.24.5 snmp community
- 4.24.6 snmp user
- 4.24.7 snmp engineID
- 4.24.8 snmp host
- 4.24.9 show snmp
- 4.24.10 show snmp trap
- 4.24.11 show snmp view
- 4.24.12 show snmp group
- 4.24.13 show snmp community
- 4.24.14 show snmp host
- 4.24.15 show snmp user
- 4.24.16 show snmp engineid
- 4.25 Storm Control
- 4.26 Spanning Tree
- 4.26.1 spanning-tree
- 4.26.2 spanning-tree bpdu
- 4.26.3 spanning-tree mode
- 4.26.4 spanning-tree priority
- 4.26.5 spanning-tree hello-time
- 4.26.6 spanning-tree max-hops
- 4.26.7 spanning-tree forward-delay
- 4.26.8 spanning-tree maximum-age
- 4.26.9 spanning-tree tx-hold-count
- 4.26.10 spanning-tree pathcost method
- 4.26.11 spanning-tree port-priority
- 4.26.12 spanning-tree cost
- 4.26.13 spanning-tree edge
- 4.26.14 spanning-tree bpdu-filter
- 4.26.15 spanning-tree bpdu-guard
- 4.26.16 spanning-tree link-type
- 4.26.17 spanning-tree mst configuration
- 4.26.18 spanning-tree mst priority
- 4.26.19 spanning-tree mst cost
- 4.26.20 spanning-tree mst port-priority
- 4.27 System File
- 4.28 Time
- 4.29 VLAN
- 4.29.1 vlan
- 4.29.2 vlan name
- 4.29.3 switchport mode
- 4.29.4 switchport hybrid pvid
- 4.29.5 switchport hybrid ingress-filtering
- 4.29.6 switchport hybrid acceptable-frame-type
- 4.29.7 switchport hybrid allowed vlan add
- 4.29.8 switchport hybrid allowed vlan remove
- 4.29.9 switchport access vlan
- 4.29.10 switchport tunnel vlan
- 4.29.11 switchport trunk native vlan
- 4.29.12 switchport trunk allowed vlan
- 4.29.13 switchport default-vlan tagged
- 4.29.14 switchport forbidden default-vlan
- 4.29.15 switchport forbidden vlan
- 4.29.16 management-vlan
- 4.29.17 show management-vlan
- 4.29.18 protocol-vlan group
- 4.29.19 protocol vlan binding
- 4.29.20 show protocol vlan group
- 4.29.21 show protocol vlan interfaces
- 4.30 Voice VLAN
- 4.1 802.1x
Command Guide of GS-4210 Series
58
icmp-type
Specify ICMP message type for filtering ICMP packet. Enter a type name of list or a
number of ICMP message type.
icmp-code
Specify ICMP message code for filtering ICMP packet.
igmp-type
Specify IGMP type for filtering IGMP packet. Enter a type name of list or a number of
IGMP type.
l4-source-port
Specify TCP/UDP source port of for filtering TCP/UDP packet. Enter a port name of list
or a number of TCP/UDP port.
l4-destination-port
Specify TCP/UDP destination port of for filtering TCP/UDP packet. Enter a port name of
list or a number of TCP/UDP port.
match-all
Specify tcp flag for TCP packet. If a flag should be set it is prefixed by \"+\".If a flag
should be unset it is prefixed by \"-\". Available options are +urg, +ack, +psh, +rst, +syn,
+fin, -urg, -ack, -psh, -rst, -syn and -fin.To define more than 1 flag - enter additional
flags one after another without a space (example +syn-ack).
[shutdown]
(Optional) Shutdown interface while ACE hit
Mode:
IP ACL Configuration
Usage Guide:
Use the deny command to add deny conditions for an IP ACE that drop those packets hit the ACE. The “sequence”
also represents hit priority when ACL bind to an interface. An ACE not specifies “sequence” index would assign a
sequence index which is the largest existed index plus 20. If packet content can match more than one ACE, the
lowest sequence ACE is hit. An ACE can not be added if has the same conditions as existed ACE. Use “shutdown”
to shutdown interface while ACE hit.
Example:
The example shows how to add an ACE that denies packets with source IP address 192.168.1.80. You can verify
settings by the following show acl command
Switch(config)# ip acl iptest
Switch(ip-al)# deny ip 192.168.1.80/255.255.255.255 any
Switch(ip-al)# show acl
IP access list iptest
sequence 1 deny ip 192.168.1.80/255.255.255.255 any
4.3.7 ipv6 acl
Command: