Command Guide Gigabit Ethernet L3 Stackable Managed Switch with 10GbE Uplink SGS-6341 Series www.PLANET.com.
SGS-6341 Series Command Guide Contents CHAPTER 1 COMMANDS FOR BASIC SWITCH CONFIGURATION ..........................1-49 1.1 COMMANDS FOR BASIC CONFIGURATION ............................................................................................ 1-49 1.1.1 Authentication line login ........................................................................................................................ 1-49 1.1.2 banner .....................................................................................
SGS-6341 Series Command Guide 1.1.35 show version ....................................................................................................................................... 1-66 1.1.36 username ............................................................................................................................................ 1-66 1.1.37 web language......................................................................................................................................
SGS-6341 Series Command Guide 1.4.9 show snmp status ................................................................................................................................. 1-86 1.4.10 show snmp user .................................................................................................................................. 1-87 1.4.11 show snmp view .................................................................................................................................. 1-88 1.4.
SGS-6341 Series Command Guide 3.2 CLUSTER AUTO-ADD ......................................................................................................................... 3-111 3.3 CLUSTER COMMANDER ..................................................................................................................... 3-112 3.4 CLUSTER IP-POOL ............................................................................................................................ 3-112 3.5 CLUSTER KEEPALIVE INTERVAL ....
SGS-6341 Series Command Guide 5.1 ISOLATE-PORT GROUP...................................................................................................................... 5-141 5.2 ISOLATE-PORT GROUP SWITCHPORT INTERFACE ................................................................................ 5-141 5.3 ISOLATE-PORT APPLY ....................................................................................................................... 5-142 5.4 SHOW ISOLATE-PORT GROUP ..........................
SGS-6341 Series Command Guide 8.12 LLDP TRANSMIT OPTIONAL TLV............................................................................................................ 8-7 8.13 LLDP TRAP ........................................................................................................................................ 8-8 8.14 LLDP TX-INTERVAL ............................................................................................................................. 8-8 8.15 SHOW DEBUGGING LLDP.....
SGS-6341 Series Command Guide 11.17 ETHERNET-OAM ERRORED-SYMBOL-PERIOD THRESHOLD LOW ........................................................ 11-32 11.18 ETHERNET-OAM ERRORED-SYMBOL-PERIOD WINDOW..................................................................... 11-32 11.19 ETHERNET-OAM LINK-MONITOR ..................................................................................................... 11-33 11.20 ETHERNET-OAM MODE ............................................................................
SGS-6341 Series Command Guide 12.1.25 switchport access vlan .................................................................................................................... 12-63 12.1.26 switchport forbidden vlan ................................................................................................................ 12-63 12.1.27 switchport hybrid allowed vlan ........................................................................................................ 12-64 12.1.
SGS-6341 Series Command Guide 13.1.3 mac-address-table static | static-multicast | blackhole....................................................................... 13-87 13.1.4 show mac-address-table ................................................................................................................... 13-88 13.2 COMMANDS FOR M AC ADDRESS BINDING CONFIGURATION .............................................................. 13-89 13.2.1 clear port-security dynamic ................................
SGS-6341 Series Command Guide 14.1.23 spanning-tree mst priority.............................................................................................................. 14-112 14.1.24 spanning-tree mst rootguard ......................................................................................................... 14-113 14.1.25 spanning-tree portfast ................................................................................................................... 14-114 14.1.
SGS-6341 Series Command Guide 15.25 SHOW MLS QOS MAPS ................................................................................................................15-145 15.26 SHOW MLS QOS VLAN .................................................................................................................15-149 15.27 SHOW MLS QOS AGGREGATE-POLICY ..........................................................................................15-149 15.28 TRANSMIT...............................................
SGS-6341 Series Command Guide 19.2.3 debug ip icmp.................................................................................................................................. 19-172 19.2.4 debug ip packet............................................................................................................................... 19-173 19.2.5 debug ipv6 packet ........................................................................................................................... 19-173 19.2.
SGS-6341 Series Command Guide 19.3 COMMANDS FOR IP ROUTE AGGREGATION ...................................................................................19-201 19.3.1 ip fib optimize .................................................................................................................................. 19-201 19.4 COMMANDS FOR URPF ...............................................................................................................19-201 19.4.1 show urpf ................................
SGS-6341 Series Command Guide 22.1 ARP-GUARD IP ............................................................................................................................... 22-14 CHAPTER 23 COMMAND FOR ARP LOCAL PROXY ................................................23-15 23.1 IP LOCAL PROXY-ARP ..................................................................................................................... 23-15 CHAPTER 24 COMMANDS FOR GRATUITOUS ARP CONFIGURATION .................24-16 24.
SGS-6341 Series Command Guide 26.1.26 service dhcp .................................................................................................................................... 26-35 26.1.27 show ip dhcp binding ...................................................................................................................... 26-35 26.1.28 show ip dhcp conflict ....................................................................................................................... 26-36 26.1.
SGS-6341 Series Command Guide 27.29 SHOW IPV6 DHCP STATISTICS ........................................................................................................ 27-58 27.30 SHOW IPV6 GENERAL-PREFIX ....................................................................................................... 27-61 27.31 SHOW IPV6 LOCAL POOL .............................................................................................................. 27-61 CHAPTER 28 COMMANDS FOR DHCP OPTION 82 .............
SGS-6341 Series Command Guide 29.1.19 ipv6 dhcp use class ......................................................................................................................... 29-83 29.1.20 remote-id subscriber-id ................................................................................................................... 29-84 29.2 COMMANDS FOR MONITORING AND DEBUGGING ............................................................................. 29-84 29.2.1 debug ipv6 dhcp detail ..............
SGS-6341 Series Command Guide 30.31 SHOW IP DHCP SNOOPING BINDING ALL ....................................................................................... 30-110 30.32 SHOW TRUSTVIEW STATUS .......................................................................................................... 30-111 CHAPTER 31 COMMANDS FOR ROUTING POLICY ............................................... 31-112 31.1 IP PREFIX-LIST DESCRIPTION..............................................................................
SGS-6341 Series Command Guide 32.2 IP ROUTE VRF ..............................................................................................................................32-135 32.3 SHOW IP ROUTE ...........................................................................................................................32-136 32.4 SHOW IP ROUTE VRF.....................................................................................................................32-137 CHAPTER 33 COMMANDS FOR RIP.......
SGS-6341 Series Command Guide 33.36 SHOW IP PROTOCOLS RIP ...........................................................................................................33-161 33.37 SHOW IP RIP ..............................................................................................................................33-163 33.38 SHOW IP RIP DATABASE ..............................................................................................................33-163 33.39 SHOW IP RIP INTERFACE ................
SGS-6341 Series Command Guide 35.3 AREA FILTER-LIST ........................................................................................................................35-187 35.4 AREA NSSA ..................................................................................................................................35-188 35.5 AREA RANGE ...............................................................................................................................35-189 35.6 AREA STUB ...............
SGS-6341 Series Command Guide 35.42 LOG-ADJACENCY-CHANGES DETAIL ............................................................................................35-212 35.43 MAX-CONCURRENT-DD ...............................................................................................................35-213 35.44 NEIGHBOR .................................................................................................................................35-213 35.45 NETWORK AREA ...................................
SGS-6341 Series Command Guide 36.15 DEBUG IPV6 OSPF ROUTE ...........................................................................................................36-239 36.16 IPV6 OSPF COST ........................................................................................................................36-240 36.17 IPV6 OSPF DEAD-INTERVAL .........................................................................................................36-240 36.18 IPV6 OSPF DISPLAY ROUTE SINGLE-LINE .......
SGS-6341 Series Command Guide 37.14 BGP DAMPENING ........................................................................................................................37-268 37.15 BGP DEFAULT ............................................................................................................................37-268 37.16 BGP DETERMINISTIC-MED ...........................................................................................................37-269 37.17 BGP ENFORCE-FIRST-AS ................
SGS-6341 Series Command Guide 37.53 NEIGHBOR DONT-CAPABILITY-NEGOTIATE ....................................................................................37-292 37.54 NEIGHBOR EBGP-MULTIHOP ........................................................................................................37-293 37.55 NEIGHBOR ENFORCE-MULTIHOP ..................................................................................................37-294 37.56 NEIGHBOR FILTER-LIST .............................................
SGS-6341 Series Command Guide 37.92 SHOW IP BGP COMMUNITY-LIST ...................................................................................................37-320 37.93 SHOW IP BGP DAMPENING...........................................................................................................37-320 37.94 SHOW IP BGP FILTER-LIST ...........................................................................................................37-322 37.95 SHOW IP BGP INCONSISTENT-AS .......................
SGS-6341 Series Command Guide 40.1 LOAD-BALANCE ............................................................................................................................. 40-11 40.2 MAXIMUM-PATHS ............................................................................................................................ 40-11 CHAPTER 41 COMMANDS FOR BFD ..........................................................................41-1 41.1 BFD AUTHENTICATION KEY..............................................
SGS-6341 Series Command Guide 43.7 SHOW IP OSPF GRACEFUL-RESTART .................................................................................................. 43-4 CHAPTER 44 IPV4 MULTICAST PROTOCOL ..............................................................44-6 44.1 PUBLIC COMMANDS FOR MULTICAST ................................................................................................ 44-6 44.1.1 show ip mroute.................................................................................
SGS-6341 Series Command Guide 44.3.17 ip pim exclude-genid ....................................................................................................................... 44-28 44.3.18 ip pim hello-holdtime ....................................................................................................................... 44-29 44.3.19 ip pim hello-interval ......................................................................................................................... 44-30 44.3.
SGS-6341 Series Command Guide 44.4.16 debug msdp timer ........................................................................................................................... 44-52 44.4.17 default-rpf-peer ............................................................................................................................... 44-53 44.4.18 description....................................................................................................................................... 44-53 44.4.
SGS-6341 Series Command Guide 44.7.5 ip dvmrp output-report-delay ............................................................................................................. 44-78 44.7.6 ip dvmrp reject-non-pruners .............................................................................................................. 44-79 44.7.7 ip dvmrp tunnel ................................................................................................................................. 44-80 44.7.
SGS-6341 Series Command Guide 44.9.16 show ip igmp interface .................................................................................................................. 44-104 44.10 COMMANDS FOR IGMP SNOOPING .............................................................................................44-105 44.10.1 clear ip igmp snooping vlan........................................................................................................... 44-105 44.10.
SGS-6341 Series Command Guide 44.11.15 ip multicast ssm ........................................................................................................................... 44-126 44.11.16 ip pim bsr-border ......................................................................................................................... 44-127 44.11.17 show debugging igmp proxy ........................................................................................................ 44-127 44.11.
SGS-6341 Series Command Guide 45.3.12 ipv6 pim accept-register .................................................................................................................. 45-20 45.3.13 ipv6 pim bsr-border ......................................................................................................................... 45-21 45.3.14 ipv6 pim bsr-candidate .................................................................................................................... 45-21 45.3.
SGS-6341 Series Command Guide 45.5.1 ipv6 pim ssm ..................................................................................................................................... 45-46 45.6 COMMANDS FOR IPV6 DCSCM...................................................................................................... 45-47 45.6.1 ipv6 access-list(ipv6 multicast source control) .................................................................................. 45-47 45.6.
SGS-6341 Series Command Guide 45.8.5 ipv6 mld snooping vlan...................................................................................................................... 45-69 45.8.6 ipv6 mld snooping vlan immediate-leave .......................................................................................... 45-70 45.8.7 ipv6 mld snooping vlan l2-general-querier ........................................................................................ 45-71 45.8.8 ipv6 mld snooping vlan limit .....
SGS-6341 Series Command Guide 47.22 PERMIT | DENY(MAC EXTENDED) ................................................................................................... 47-22 47.23 PERMIT | DENY(MAC-IP EXTENDED) ............................................................................................... 47-24 47.24 SHOW ACCESS-LISTS ................................................................................................................... 47-26 47.25 SHOW ACCESS-GROUP ................................
SGS-6341 Series Command Guide 49.2 DEBUG IPV6 ND COUNT..................................................................................................................... 49-1 49.3 DEBUG SWITCHPORT ARP COUNT ...................................................................................................... 49-2 49.4 DEBUG SWITCHPORT MAC COUNT ..................................................................................................... 49-2 49.5 DEBUG SWITCHPORT ND COUNT ........................
SGS-6341 Series Command Guide 52.8 DEBUG AAA ERROR .......................................................................................................................... 52-5 52.9 RADIUS NAS-IPV4 ............................................................................................................................. 52-5 52.10 RADIUS NAS-IPV6 ........................................................................................................................... 52-6 52.
SGS-6341 Series Command Guide 56.3 DEBUG MAC-AUTHENTICATION-BYPASS ............................................................................................. 56-2 56.4 MAC-AUTHENTICATION-BYPASS BINDING-LIMIT................................................................................... 56-2 56.5 MAC-AUTHENTICATION-BYPASS ENABLE............................................................................................ 56-3 56.6 MAC-AUTHENTICATION-BYPASS GUEST-VLAN ...................................
SGS-6341 Series Command Guide 58.1.11 savi ipv6 mac-binding-limit ................................................................................................................ 58-7 58.1.12 savi max-dad-dalay ........................................................................................................................... 58-8 58.1.13 savi max-dad-prepare-delay ............................................................................................................. 58-8 58.1.
SGS-6341 Series Command Guide 61.4 DISABLE .......................................................................................................................................... 61-3 61.5 ENABLE ........................................................................................................................................... 61-3 61.6 PREEMPT-MODE ............................................................................................................................... 61-4 61.7 PRIORITY ..
SGS-6341 Series Command Guide 63.16 SHOW ULPP FLUSH-RECEIVE-PORT ................................................................................................. 63-9 63.17 SHOW ULPP GROUP........................................................................................................................ 63-9 63.18 ULPP CONTROL VLAN ................................................................................................................... 63-10 63.19 ULPP FLUSH DISABLE ARP .....................
SGS-6341 Series Command Guide 68.2 DEBUG SNTP.................................................................................................................................... 68-8 68.3 SNTP POLLTIME ................................................................................................................................ 68-9 68.4 SNTP SERVER .................................................................................................................................. 68-9 68.5 SHOW SNTP .......
SGS-6341 Series Command Guide 70.14 IP DNS SERVER QUEUE TIMEOUT ..................................................................................................... 70-8 CHAPTER 71 COMMANDS FOR SUMMER TIME ........................................................71-1 71.1 CLOCK SUMMER-TIME ABSOLUTE ...................................................................................................... 71-1 71.2 CLOCK SUMMER-TIME RECURRING .....................................................................
SGS-6341 Series Command Guide 73.2 RELOAD CANCEL ............................................................................................................................. 73-1 73.3 SHOW RELOAD................................................................................................................................. 73-2 CHAPTER 74 COMMANDS FOR DEBUGGING AND DIAGNOSIS FOR PACKETS RECEIVED AND SENT BY CPU ....................................................................................74-1 74.
SGS-6341 Series Command Guide 77.7 SHOW VSF CPU-DATABASE MEMBER BASIC-INFORMATION .................................................................. 77-5 77.8 SHOW VSF CPU-DATABASE MEMBER RUNNING-INFORMATION .............................................................. 77-7 77.9 SHOW VSF CPU-DATABASE MEMBER PORT-INFORMATION.................................................................... 77-8 77.10 SHOW VSF CPU-DATABASE MEMBER PORT-LINK-INFORMATION.......................................................
SGS-6341 Series Command Guide Chapter 1 Commands for Basic Switch Configuration 1.1 Commands for Basic Configuration 1.1.1 Authentication line login Command: authentication line {console | sty | web} login {local | radius | tacacs} No authentication line {console | sty | web} login Function: Configure VTY (login with Telnet and SSH), Web and Console, so as to select the priority of the authentication mode for the login user. The no form command restores the default authentication mode.
SGS-6341 Series Command Guide Switch(config)# authentication line vty login local radius Relative Command: aaa enable, radius-server authentication host, tacacs-server authentication host, tacacs-server key 1.1.2 banner Command: banner motd no banner motd Function: This command is used to configure the information displayed when the login authentication of a telnet or console user is successful, the no command configures that the information is not displayed when the authentication is successful.
SGS-6341 Series Command Guide Command Mode: Admin Mode. Default: The factory original configuration only specifies the first booting IMG file, the nos.img file in the FLASH, without the second one. Example: 1. Set flash:/nos.img as the second booting IMG file used in the next booting of the system. Switch#boot img flash:/nos.img backup 2. Set flash:/5.4.128.0_nos.img as the first booting IMG file used in the next booting of the system. Switch#boot img flash:/5.4.128.0_nos.img primary 1.1.
SGS-6341 Series Command Guide 1.1.5 clock set Command: clock set Function: Set system date and time. Parameter: is the current time, and the valid scope for HH is 0 to 23, MM and SS 0 to 59; is the current year, month and date, and the valid scope for YYYY is 1970~2038, MON meaning month, and DD between 1 to 31. Command mode: Admin Mode. Default: upon first time start-up, it is defaulted to 2006.1.1 0: 0: 0.
SGS-6341 Series Command Guide 1.1.7 debug ssh-server Command: debug ssh-server no debug ssh-server Function: Display SSH server debugging information; the “no debug ssh-server” command stops displaying SSH server debugging information. Default: This function is disabled by default. Command mode: Admin Mode. 1.1.8 disable Command: disable Function: Disable admin mode. Command mode: Admin Mode. Example: Switch#disable Switch> 1.1.
SGS-6341 Series Command Guide Example: Switch>enable Switch# 1.1.10 enable password Command: enable password [0|7] no enable password Function: Configure the password used for enter Admin Mode from the User Mode, The “no enable password” command deletes this password. Parameter: password is the password for the user. If input option 0 on password setting, the password is not encrypted; if input option 7, the password is encrypted.
SGS-6341 Series Command Guide 1.1.12 exec-timeout Command: exec-timeout [] no exec-timeout Function: Configure the timeout of exiting admin mode. The “no exec-timeout” command restores the default value. Parameters: is the time value shown in minute and ranges between 0~35791. is the time value shown in seconds and ranges between 0~59. Command mode: Global mode Default: Default timeout is 10 minutes.
SGS-6341 Series Command Guide Switch# 1.1.14 help Command: help Function: Output brief description of the command interpreter help system. Command mode: All configuration modes. Usage Guide: An instant online help provided by the switch. Help command displays information about the whole help system, including complete help and partial help. The user can type in ? any time to get online help. Example: switch(config)#help PLANETOS CLI provides advanced help feature.
SGS-6341 Series Command Guide Usage Guide: With this command, the user can set the CLI prompt of the switch according to their own requirements. Example: Set the prompt to “Test”. Switch(config)#hostname Test Test(config)# 1.1.16 ip host Command: ip host no ip host {|all} Function: Set the mapping relationship between the host and IP address; the “no ip host” parameter of this command will delete the mapping.
SGS-6341 Series Command Guide is the name of the host, containing max 15 characters; is the IPv6 address corresponding to the host name. is all the host address. Command Mode: Global Mode Usage Guide: Configure a fixed corresponding relationship between the host and the IPv6 address, applicable in commands such as “traceroute6 ”, etc.
SGS-6341 Series Command Guide Parameter: chinese for Chinese display; english for English display. Command mode: Admin and Config Mode. Default: The default setting is English display. Usage Guide: Switch provides help information in two languages, the user can select the language according to their preference. After the system restart, the help information display will revert to English. 1.1.
SGS-6341 Series Command Guide Parameter: password is the configured code. Encryption will be performed by entering 8. Command mode: Global mode Default: This password is empty by system default Usage guide: When both this password and login command are configured, users have to enter the password set by password command to enter normal user mode on console. Example: Switch(config)#password 0 test Switch(config)#login 1.1.22 reload Command: reload Function: Warm reset the switch. Command mode: Admin Mode.
SGS-6341 Series Command Guide function however encrypted passwords remain unchanged. Example: Encrypt system passwords Switch(config)#service password-encryption 1.1.24 service terminal-length Command: service terminal-length <0-512> no service terminal-length Function: Configure the columns of characters displayed in each screen on terminal (vty). The “no service terminal-length” command cancels the screen shifting operation.
SGS-6341 Series Command Guide Usage guide: The user can set the factory contact mode bases the fact instance. Example: Set the factory contact mode to test. Switch(config)#sysContact test 1.1.26 sysLocation Command: sysLocation no sysLocation Function: Set the factory address, the “no sysLocation” command reset the switch to factory settings. Parameter: is the prompt character string, range from 0 to 255 characters. Command mode: Global Mode Default: The factory settings.
SGS-6341 Series Command Guide Note: After the command, “write” command must be executed to save the operation. The switch will reset to factory settings after restart. Example: Switch#set default Are you sure? [Y/N] = y Switch#write Switch#reload 1.1.28 setup Command: setup Function: Enter the Setup Mode of the switch. Command mode: Admin Mode. Usage Guide: Switch provides a Setup Mode, in which the user can configure IP addresses, etc. 1.1.
SGS-6341 Series Command Guide 1.1.30 show cpu usage Command: show cpu usage [] Function: Show CPU usage rate. Command mode: Admin and Configuration Mode. Usage Guide: Check the current usage of CPU resource by show cpu usage command. Only the chassis switch uses slotno parameter which is used to show the CPU usage rate of the card on specified slot, if there is no parameter, the default is current card. Example: Show the current usage rate of CPU.
SGS-6341 Series Command Guide 1.1.32 show privilege Command: show privilege Function: Show privilege of the current users. Command mode: All configuration modes Example: Show privilege of the current user. Switch(Config)#show privilege Current privilege level is 15 1.1.33 show temperature Command: show temperature Function: Display the current temputerature of the switch CPU. Command mode: All mode. Usage Guide: This command is used to monitor the temperature of the switch CPU.
SGS-6341 Series Command Guide “more”. Command mode: Admin and Configuration Mode. Usage Guide: This command is used to collect the relative information when the switch operation is malfunctioned. Example: Switch#show tech-support 1.1.35 show version Command: show version Function: Display the version information of the switch. Command mode: Admin and Configuration Mode.
SGS-6341 Series Command Guide Usage Guide: There are two available choices for the preferences of the registered commands in the switch. They are 1 and 15. Preference of 1 is for the commands of the normal user configuration mode. Preference of 15 is for the commands registered in modes other than the normal user configuration modes. 16 local users at most can be configured through this command, and the maximum length of the password should be no less than 32.
SGS-6341 Series Command Guide The user can select the language according to their preference. 1.1.38 write Command: write Function: Save the currently configured parameters to the Flash memory. Command mode: Admin Mode. Usage Guide: After a set of configuration with desired functions, the setting should be saved to the Flash memory, so that the system can revert to the saved configuration automatically in the case of accidentally powered off or power failure.
SGS-6341 Series Command Guide 1.2.2 authentication ipv6 access-class Command: authentication ipv6 access-class {|} no authentication ipv6 access-class Function: Binding standard IPv6 ACL protocol to login with Telnet/SSH/Web; the no form command will cancel the binding ACL. Parameters: is the access-class number for standard numeric ACL, ranging between 500-599; is the access-class name for standard ACL, the character string length is ranging between 1-32.
SGS-6341 Series Command Guide method if it receives nothing. And AAA function RADIUS server should be configured before the RADIUS configuration method can be used. And TACACS server should be configured before the TACACS configuration method can be used. The authentication line console login command is exclusive with the “login” command. The authentication line console login command configures the switch to use the Console login method.
SGS-6341 Series Command Guide 1.2.5 authentication securityipv6 Command: authentication securityipv6 no authentication securityipv6 Function: To configure the trusted IPv6 address for Telnet and HTTP login method. The no form of this command will remove the specified configuration. Parameters: is the trusted IPv6 address which can login the switch. Default: No trusted IPv6 addresses are configured by default. Command Mode: Global Mode.
SGS-6341 Series Command Guide lower preferences will be ignored. To be mentioned, if the user receives corresponding protocol’s answer whether refuse or incept, it will not attempt the next authorization method; it will attempt the next authorization method if it receives nothing. And AAA function RADIUS server should be configured before the RADIUS configuration method can be used. And TACACS server should be configured before the TACACS configuration method can be used.
SGS-6341 Series Command Guide Function: Copy debugging messages to current display terminal; the “terminal no monitor” command restores to the default value. Command mode: Admin Mode. Usage guide: Configures whether the current debugging messages is displayed on this terminal. If this command is configured on telnet or SSH clients, debug messages will be sent to that client. The debug message is displayed on console by default. Example: Switch#terminal monitor 1.2.
SGS-6341 Series Command Guide login:123 password:*** XGS3> 1.2.10 telnet server enable Command: telnet server enable no telnet server enable Function: Enable the Telnet server function in the switch: the “no telnet server enable” command disables the Telnet function in the switch. Default: Telnet server function is enabled by default. Command mode: Global Mode Usage Guide: This command is available in Console only.
SGS-6341 Series Command Guide None. Example: Set the max connection number supported by the Telnet service as 10. Switch(config)#telnet-server max-connection 10 1.2.12 ssh-server authentication-retries Command: ssh-server authentication-retries no ssh-server authentication-retries Function: Configure the number of times for retrying SSH authentication; the “no ssh-server authentication-retries” command restores the default number of times for retrying SSH authentication.
SGS-6341 Series Command Guide Example: Enable SSH function on the switch. Switch(config)#ssh-server enable 1.2.14 ssh-server host-key create rsa Command: ssh-server host-key create rsa [modulus < modulus >] Function: Generate new RSA host key. Parameter: modulus is the modulus which is used to compute the host key; valid range is 768 to 2048. The default value is 1024. Command mode: Global Mode Default: The system uses the key generated when the ssh-server is started at the first time.
SGS-6341 Series Command Guide Default: The system default value of the max connection number is 5. Command Mode: Global Mode Usage Guide: None. Example: Set the max connection number supported by the SSH service as 10. Switch(config)#ssh-server max-connection 10 1.2.16 ssh-server timeout Command: ssh-server timeout no ssh-server timeout Function: Configure timeout value for SSH authentication; the “no ssh-server timeout” command restores the default timeout value for SSH authentication.
SGS-6341 Series Command Guide Example: Switch#show ssh-server ssh server is enabled ssh-server timeout 180s ssh-server authentication-retries 3 ssh-server max-connection number 6 ssh-server login user number 2 1.2.18 show telnet login Command: show telnet login Function: Display the information of the Telnet client which currently establishes a Telnet connection with the switch. Command mode: Admin and Configuration Mode.
SGS-6341 Series Command Guide 1.3 Commands for Configuring Switch IP 1.3.1 interface vlan Command: interface vlan no interface vlan Function: Enter the VLAN interface configuration mode; the no operation of this command will delete the existing VLAN interface. Parameters: is the VLAN ID of an existing VLAN, ranging from 1 to 4094. Command Mode: Global Configuration Mode. Usage Guide: Users should first make sure the existence of a VLAN before configuring it.
SGS-6341 Series Command Guide Usage Guide: A VLAN interface must be created first before the user can assign an IP address to the switch. Example: Set 10.1.128.1/24 as the IP address of VLAN1 interface. Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip address 10.1.128.1 255.255.255.0 Switch(Config-if-Vlan1)#exit Switch(config)# Relative Command: ip bootp-client enable, ip dhcp-client enable 1.3.
SGS-6341 Series Command Guide 1.3.4 ip bootp-client enable Command: ip bootp-client enable no ip bootp-client enable Function: Enable the switch to be a BootP Client and obtain IP address and gateway address through BootP negotiation; the “no ip bootp-client enable” command disables the BootP Client function and releases the IP address obtained in BootP. Default: BootP client function is disabled by default.
SGS-6341 Series Command Guide Command mode: VLAN Interface Mode Usage Guide: Obtaining IP address by DHCP, Manual configuration and BootP are mutually exclusive, enabling any 2 methods for obtaining an IP address is not allowed. Example: Getting an IP address through DHCP. Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip dhcp-client enable Switch(Config-if-Vlan1)#exit Switch(config)# 1.4 Commands for SNMP 1.4.
SGS-6341 Series Command Guide Usage Guide: When user encounters problems in applying SNMP, the SNMP debugging is available to locate the problem causes. Example: Switch#debug snmp kernel 1.4.3 rmon enable Command: rmon enable no rmon enable Function: Enable RMON; the “no rmon enable” command disables RMON. Command mode: Global Mode Default: RMON is disabled by default. Example: Enable RMON. Switch(config)#rmon enable Disable RMON. Switch(config)#no rmon enable 1.4.
SGS-6341 Series Command Guide 1.4.5 show snmp Command: show snmp Function: Display all SNMP counter information. Command mode: Admin and Configuration Mode.
SGS-6341 Series Command Guide number of requested variable Number of variables requested by NMS. number of altered variables Number of variables set by NMS. get-request PDUs Number of packets received by “get” requests. get-next PDUs Number of packets received by “getnext” requests. set-request PDUs Number of packets received by “set” requests. snmp packets output Total number of SNMP packet outputs. too big errors Number of “Too_ big” error SNMP packets.
SGS-6341 Series Command Guide 1.4.7 show snmp group Command: show snmp group Function: Display the group information commands. Command Mode: Admin and Configuration Mode.
SGS-6341 Series Command Guide Function: Display SNMP configuration information. Command mode: Admin and Configuration Mode. Example: Switch#show snmp status Trap enable RMON enable Community Information: V1/V2c Trap Host Information: V3 Trap Host Information: Security IP Information: Displayed information Description Community string Community string Community access Community access permission Trap-rec-address IP address which is used to receive Trap. Trap enable Enable or disable to send Trap.
SGS-6341 Series Command Guide Engine ID Engine ID Priv Protocol Employed encryption algorithm Auth Protocol Employed identification algorithm Row status User state 1.4.11 show snmp view Command: show snmp view Function: Display the view information commands. Command Mode: Admin and Configuration Mode. Example: Switch#show snmp view View Name:readview 1.3. Excluded 1. -Included active active Displayed Information Explanation View Name View name 1.and1.3.
SGS-6341 Series Command Guide Parameter: is the community string set; ro | rw is the specified access mode to MIB, ro for read-only and rw for read-write.
SGS-6341 Series Command Guide Command mode: Global mode Default: SNMP proxy server function is disabled by system default. Usage guide: To perform configuration management on the switch with network manage software, the SNMP proxy server function has to be enabled with this command. Example: Enable the SNMP proxy server function on the switch. Switch(config)#snmp-server enable 1.4.
SGS-6341 Series Command Guide 1.4.15 snmp-server engineid Command: snmp-server engineid no snmp-server engineid Function: Configure the engine ID; the “no" form of this command restores to the default engine ID. Command Mode: Global mode Parameter: is the engine ID shown in 1-32 digit hex characters. Default: Default value is the company ID plus local MAC address.
SGS-6341 Series Command Guide read-string Name of readable view which includes 1-32 characters write-string Name of writable view which includes 1-32 characters notify-string Name of trappable view which includes 1-32 characters is the access-class number for standard numeric ACL, ranging between 1-99; is the access-class name for standard ACL, the character string length is ranging between 1-32; is the access-class number for standard numeric IPv6 ACL, ranging between 500-59
SGS-6341 Series Command Guide user name at v3. Usage Guide: The Community character string configured in this command is the default community string of the RMON event group. If the RMON event group has no community character string configured, the community character string configured in this command will be applied when sending the Trap of RMON, and if the community character string is configured, its configuration will be applied when sending the RMON trap.
SGS-6341 Series Command Guide 1.4.19 snmp-server securityip Command: snmp-server securityip {enable | disable} Function: Enable/disable the safety IP address authentication on NMS manage station. Command Mode: Global Mode Default: Enable the safety IP address authentication function. Example: Disable the safety IP address authentication function. Switch(config)#snmp-server securityip disable 1.4.
SGS-6341 Series Command Guide 1.4.21 snmp-server user Command: snmp-server user [{authPriv | authNoPriv} auth {md5 | sha} ] [access {|}] [ipv6-access {|}] no snmp-server user [access {|}] [ipv6-access {|}] Function: Add a new user to an SNMP group; the "no” form of this command deletes this user. Command Mode: Global Mode.
SGS-6341 Series Command Guide 1.4.22 snmp-server view Command: snmp-server view {include | exclude} no snmp-server view [ ] Function: This command is used to create or renew the view information; the “no" form of this command deletes the view information. Command Mode: Global Mode. Parameter: view name, containing 1-32 characters. is OID number or corresponding node name, containing 1-255 characters.
SGS-6341 Series Command Guide vary depending on different locations of the files or directories. ascii indicates the ASCII standard will be adopted; binary indicates that the binary system will be adopted in the file transmission(default transmission method).
SGS-6341 Series Command Guide Relevant Command: Write 1.5.2 copy(TFTP) Command: copy [ascii | binary] Function: Download files to the TFTP client. Parameter: is the location of the source files or directories to be copied; is the destination address to which the files or directories to be copied; forms of and vary depending on different locations of the files or directories.
SGS-6341 Series Command Guide Switch#copy tftp://10.1.1.1/nos.img nos.img (3) Save images in the FLASH to the TFTP server of 2004:1:2:3::6 Switch#copy nos.img tftp:// 2004:1:2:3::6/ nos.img (4) Obtain system file nos.img from the TFTP server 2004:1:2:3::6 Switch#copy tftp:// 2004:1:2:3::6/nos.img nos.img (5) Save the running configuration files Switch#copy running-config startup-config Relevant Command: Write 1.5.3 ftp-dir Command: ftp-dir Function: Browse the file list on the FTP server.
SGS-6341 Series Command Guide Default: FTP server is not started by default. Command mode: Global Mode Usage Guide: When FTP server function is enabled, the switch can still perform ftp client functions. FTP server is not started by default. Example: enable FTP server service. Switch#config Switch(config)# ftp-server enable Relative command: ip ftp 1.5.5 ftp-server timeout Command: ftp-server timeout Function: Set data connection idle time.
SGS-6341 Series Command Guide 1.5.6 ip ftp Command: ip ftp username password [type {0 | 7}] no ip ftp username Function: Configure the username and password for logging in to the FTP; the no operation of this command will delete the configured username and password simultaneously.
SGS-6341 Series Command Guide 1.5.8 show tftp Command: show tftp Function: Display the parameter settings for the TFTP server. Default: No display by default. Command mode: Admin and Configuration Mode. Example: Switch#show tftp timeout Retry Times : 60 : 10 Displayed information Explanation Timeout Timeout time. Retry Times Retransmission times. 1.5.
SGS-6341 Series Command Guide Switch#config Switch(config)#tftp-server enable Relative Command: tftp-server timeout 1.5.10 tftp-server retransmission-number Command: tftp-server retransmission-number Function: Set the retransmission time for TFTP server. Parameter: is the time to re-transfer, the valid range is 1 to 20. Default: The default value is 5 retransmission. Command mode: Global Mode Example: Modify the retransmission to 10 times.
SGS-6341 Series Command Guide Switch(config)#tftp-server transmission-timeout 60 1-104
SGS-6341 Series Command Guide Chapter 2 File System Commands 2.1 cd Command: cd Function: Change the working directory for the storage device. Parameters: is the sub-directory name, a sequence of consecutive characters whose length ranges from 1 to 80. Command Mode: Admin Mode. Default Settings: The default working directory is Flash.
SGS-6341 Series Command Guide “ftp://username:pass@server-ip/file-name” “tftp://server-ip/file-name” 2. The prefix of the destination file URL should be in one of the following forms: starting with “flash:/” “ftp://username:pass@server-ip/file-name” “tftp://server-ip/file-name” Command Mode: Admin Mode. Usage Guide: 1. In this command, when the prefix of the source file URL is ftp:// or tftp://, that of the destination file URL should not be either of them. 2.
SGS-6341 Series Command Guide Switch#delete flash:/nos5.img Delete file flash:/nos5.img?[Y:N]y Deleted file flash:/nos.img. 2.4 dir Command: dir [WORD] Function: Display the information of the designated directory on the storage device. Parameters: is the name of the shown directory. There may be the following formats: directory name, slot-xx#directory name, flash:/directory name, cf:/directory name. Command Mode: Admin Configuration Mode.
SGS-6341 Series Command Guide Parameters: is the name of the device to be formatted. Command Mode: Admin Mode. Default Settings: None. Usage Guide: 1. After formatting, all files on the storage device will be irrecoverably lost. 2. The only acceptable file system type of Format is FAT 32, without exception. 3. This command cannot be used to format flash. 2.6 mkdir Command: mkdir Function: Create a sub-directory in the designated directory on a certain storage device .
SGS-6341 Series Command Guide Example: Display the current working directory. Switch#pwd flash:/ Switch# 2.8 rename Command: ename Function: Rename a designated file on the switch. Parameters: is the source file, in which whether specifying or not its path are both acceptable; is a filename without specifying its path. Command Mode: Admin Mode.
SGS-6341 Series Command Guide Default Settings: None. Usage Guide: The directory to be deleted should exist and be empty, that is, all files in the directory should be deleted before deleting it, or an error prompt will be displayed.
SGS-6341 Series Command Guide Chapter 3 Commands for Cluster 3.1 clear cluster nodes Command: clear cluster nodes [nodes-sn | mac-address ] Function: Clear the nodes in the candidate list found by the commander switch. Parameters: c andidate-sn-list: sn of candidate switches, ranging from 1 to 256. More than one candidate can be specified. mac-address: mac address of the switches (including all candidates, members and other switches).
SGS-6341 Series Command Guide Usage Guide: After enabling this command on a commander switch, candidate switches will be automatically added as members. Example: Enable the auto adding function in the commander switch. Switch(config)#cluster auto-add 3.3 cluster commander Command: cluster commander [] no cluster commander Function: Set the switch as a commander switch, and create a cluster. Parameter: is the cluster’s name, no longer than 32 characters.
SGS-6341 Series Command Guide commander-ip: cluster IP address pool for allocating internal IP addresses of the cluster commander-ip is the head address of the address pool, of which the valid format is 10.x.x.x, in dotted-decimal notation; the address pool should be big enough to hold 128 members, which requires the last byte of addresses to be less than 126(254 – 128 = 126). IP address pool should never be changed with commander configured.
SGS-6341 Series Command Guide received DP messages with DR messages. The no operation of this command will restore the keepalive interval in the cluster back to its default value. Example: Set the keepalive interval in the cluster to 10 seconds. Switch(config)#cluster keepalive interval 10 3.6 cluster keepalive loss-count Command: cluster keepalive loss-count no cluster keepalive loss-count Function: Configure the max number of lost keepalive messages in a cluster that can be tolerated.
SGS-6341 Series Command Guide 3.7 cluster member Command: cluster member {nodes-sn | mac-address [id ]} no cluster member {id | mac-address } Function: On a commander switch, manually add candidate switches into the cluster created by it. Parameters: nodes-sn:all cluster member switches as recorded in a chain list, each with a node sn which can be viewed by “show cluster candidates” command.
SGS-6341 Series Command Guide members to manually added ones to keep them. Command Mode: Global Mode. Usage Guide: Execute this command on a switch to change automatically added members to manually added ones. Example: change automatically added members to manually added ones. Switch(config)#cluster member auto-to-user 3.9 cluster reset member Command: cluster reset member [id | mac-address ] Function: In the commander switch, this command can be used to reset the member switch.
SGS-6341 Series Command Guide Parameter: key:all keys in one cluster should be the same, no longer than 16 characters. vid:vlan id of the cluster, whose range is 1-4094. Command mode: Global Mode Default: Cluster function is disabled by default, key: NULL(\0) vid:1. Instructions: This command enables cluster function. Cluster function has to be enabled before implementing any other cluster commands. The “no cluster run” disables cluster function.
SGS-6341 Series Command Guide Command mode: Admin Mode Usage Guide: The commander distributes the remote upgrade command to members via the TCP connections between them, causing the number to implement the remote upgrade and reboot. Trying to execute this command on a non-commander switch will return errors. If users want to upgrade more than one member, these switches should be the same type to avoid boot failure induced by mismatched IMG files.
SGS-6341 Series Command Guide Enable the debug information; the no command disables the debug switch. Parameters: DP: discovery messages. DR: responsive messages. CP: command messages. receive: receive messages. send: send messages. Command Mode: Admin Mode. Usage Guide: Enable the debug information of cluster messages. After enabling classification, all DP, DR and CP messages sent or received in the cluster will be printed. Example: Enable the debug information of receiving DP messages.
SGS-6341 Series Command Guide Number of Candidates: 3 ----in a member ---------------------------Switch#show cluster Status: Enabled Cluster VLAN: 1 Role: Member Commander Ip Address: 10.254.254.1 Internal Ip Address: 10.254.254.2 Commamder Mac Address: 00-12-cf-39-1d-90 ---- a candidate ---------------------------Switch#show cluster Status: Enabled Cluster VLAN: 1 Role: Candidate ---- disabled ---------------------------Switch#show cluster Status: Disabled 3.
SGS-6341 Series Command Guide Switch#show cluster members Member From : User config(U); Auto member (A) ID From Status Mac Hostname Description Internal IP --- - ----------- ----------------- ------------ ------------ --------------xxx x xxxxxxxxxx12 xx-xx-xx-xx-xx-xx xxxxxxxxxx12 xxxxxxxxxx12 xxx.xxx.xxx.xxx 1 U Inactive 00-01-02-03-04-05 MIS_zebra SGS-6341-24T4X 10.254.254.2 2 A Active 00-01-02-03-04-05 MIS_bison SGS-6341-24T4X 10.254.254.
SGS-6341 Series Command Guide SN Mac Description Hostname --- ----------------- ------------------------ -----------------------xxx xx-xx-xx-xx-xx-xx xxxxxxxxxxxxxxxxxxxxxx24 xxxxxxxxxxxxxxxxxxxxxx24 1 00-01-02-03-04-06 SGS-6341-24T4X 2 01-01-02-03-04-05 SGS-6341-24T4X MIS_zebra 3.17 show cluster topology Command: show cluster topology [root-sn | nodes-sn | mac-address ] Function: Display cluster topology information.
SGS-6341 Series Command Guide 6 SGS-6341-24T4X LAB_SWITCH_1 OM 01-02-03-04-05-14 eth 1/1 eth 1/3 Y ---------------------------------------------------------Switch#show cluster topology root-sn 2 Role: commander(CM);Member(M);Candidate(CA);Other commander(OC);Other member(OM) SN Description Hostname Role MAC_ADDRESS Upstream local-port Upstream remote-port node == ============ ============ == ================= ============ ============ = * 2 SGS-6341-24T4X LAB_SWITCH_2 M leaf 01-02-03-04-
SGS-6341 Series Command Guide 3.18 rcommand commander Command: rcommand commander Function: In the member switch, use this command to configure the commander switch. Command mode: Admin Mode. Instructions: This command is used to configure the commander switch remotely. Users have to telnet the commander switch by passing the authentication. The command “exit” is used to quit the configuration interface of the commander switch. This command can only be executed on member switches.
SGS-6341 Series Command Guide Chapter 4 Commands for Network Port Configuration 4.1 Commands for Ethernet Port Configuration 4.1.1 bandwidth Command: bandwidth control {transmit | receive | both} no bandwidth control Function: Enable the bandwidth limit function on the port; the no command disables this function.
SGS-6341 Series Command Guide 4.1.2 combo-forced-mode Command: combo-forced-mode { copper-forced | sfp-forced } Function: Sets to combo port mode (combo ports only). Parameters: copper-forced forces use of copper cable port; sfp-forced forces use of fiber cable port. Command mode: Port Mode. Default: The default setting for combo mode of combo ports is sfp-forced. Usage Guide: The combo mode of combo ports and the port connection condition determines the active port of the combo ports.
SGS-6341 Series Command Guide 4.1.3 clear counters interface Command: clear counters interface [{ethernet | vlan | port-channel | }] Function: Clears the statistics of the specified port. Parameters: stands for the Ethernet port number; stands for the VLAN interface number; for trunk interface number; for interface name, such as port-channel 1. Command mode: Admin Mode.
SGS-6341 Series Command Guide switch will automatically start HOL control (discarding some packets in the COS queue that may result in HOL) to prevent drastic degradation of network performance. Note: Port flow control function is not recommended unless the users need a slow speed, low performance network with low packet loss. Flow control will not work between different cards in the switch. When enable the port flow control function, speed and duplex mode of both ends should be the same.
SGS-6341 Series Command Guide Command mode: Port Mode. Default: Loopback test is disabled in Ethernet port by default. Usage Guide: Loopback test can be used to verify the Ethernet ports are working normally. After loopback has been enabled, the port will assume a connection established to itself, and all traffic sent from the port will be received at the very same port. Example: Enabling loopback test in Ethernet ports 1/0/1-8.
SGS-6341 Series Command Guide 4.1.8 name Command: name no name Function: Set name for specified port; the “no name” command cancels this configuration. Parameter: is a character string, which should not exceeds 200 characters. Command Mode: Port Mode. Default: No port name by default. Usage Guide: This command is for helping the user manage switches, such as the user assign names according to the port application, e.g.
SGS-6341 Series Command Guide Usage Guide: This command applies to 1000Base-FX interface only. The negotiation command is not available for 1000Base-TX or 100Base-TX interface. For combo port, this command applies to the 1000Base-FX port only but has no effect on the 1000Base-TX port. To change the negotiation mode, speed and duplex mode of 1000Base-TX port, use speed-duplex command instead.
SGS-6341 Series Command Guide Parameters: interrupt: the interrupt mode; poll: the poll mode. Command mode: Global Mode. Default: Poll mode. Usage Guide: There are two modes that can respond up/down event of the port. The interrupt mode means that interrupt hardware to announce the up/down change, the poll mode means that software poll can obtain the port event, the first mode is rapid.
SGS-6341 Series Command Guide Usage Guide: All ports in the switch belong to a same broadcast domain if no VLAN has been set. The switch will send the above mentioned three traffics to all ports in the broadcast domain, which may result in broadcast storm and so may greatly degrade the switch performance. Enabling Broadcast Storm Control can better protect the switch from broadcast storm. Note the difference of this command in 10Gb ports and other ports.
SGS-6341 Series Command Guide Example: Set the rate-violation of port 8-10 (GB ports) of the switch as 10000pps and the port recovery time as 1200 seconds. Switch(config)#interface ethernet 1/0/8-10 Switch(Config-Port-Range)#rate-violation 10000 recovery 1200 4.1.
SGS-6341 Series Command Guide For ethernet port, using status to show important information of all the layer 2 ports by list format.
SGS-6341 Series Command Guide Input queue 0/600, 0 drops 0 packets input, 0 bytes, 0 no buffer 0 input errors, 0 CRC, 0 frame alignment, 0 overrun 0 ignored, 0 abort, 0 length error Output packets statistics: 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 late collisions Show the information of tunnel 1: Switch#show interface tunnel 1 Tunnel1 is up, line protocol is up, dev index is 2007 Device flag 0x91(UP P2P NOARP) IPv4 address is: (NULL) 5 minute input rate 0 bytes/sec, 0 packet
SGS-6341 Series Command Guide The last 5 second input rate 0 bytes/sec, 0 packets/sec The last 5 second output rate 0 bytes/sec, 0 packets/sec Input packets statistics: 0 input packets, 0 bytes, 0 no buffer 0 unicast packets, 0 multicast packets, 0 broadcast packets 0 input errors, 0 CRC, 0 frame alignment, 0 overrun, 0 ignored 0 abort, 0 length error, 0 pause frame Output packets statistics: 0 output packets, 0 bytes, 0 underruns 0 unicast packets, 0 multicast packets, 0 broadcast packets 0 output errors,
SGS-6341 Series Command Guide 1/0/2 5m 5s 1/0/3 0 0 5m 0 0 0 0 0 5s 1/0/4 0 0 0 0 0 0 0 0 0 5m 0 0 0 0 0 0 0 0 5s … 4.1.15 shutdown Command: shutdown no shutdown Function: Shuts down the specified Ethernet port; the “no shutdown” command opens the port. Command mode: Port Mode. Default: Ethernet port is open by default.
SGS-6341 Series Command Guide Parameters: auto is the auto speed and duplex negotiation, 10 is 10Mbps speed, 100 is 100Mbps speed, 1000 is 1000Mbps speed, auto is duplex negotiation, full is full-duplex, half is half-duplex; force10-half is the forced 10Mbps at half-duplex mode; force10-full is the forced 10Mbps at full-duplex mode; force100-half is the forced 100Mbps at half-duplex mode; force100-full is the forced 100Mbps at full-duplex mode; force100-fx is the forced 100Mbps at full-duplex mode; module-t
SGS-6341 Series Command Guide Function: Test the link of the twisted pair cable connected to the Ethernet port. The response may include: well, short, open, fail. If the test information is not well, the location of the error will be displayed (how many meters it is away from the port). Command mode: Port Configuration Mode. Default: No link test. Usage Guide: The RJ-45 port connected with the twisted pair under test should be in accordance with the wiring sequence rules of IEEE802.
SGS-6341 Series Command Guide Chapter 5 Commands for Port Isolation Function 5.1 isolate-port group Command: isolate-port group no isolate-port group Function: Set a port isolation group, which is the scope of isolating ports; the no operation of this command will delete a port isolation group and remove all ports out of it. Parameters: is the name identification of the group, no longer than 32 characters. Command Mode: Global Mode.
SGS-6341 Series Command Guide another port isolation group, they will remain isolated from the ports in that group. If an Ethernet port is a member of a convergence group, it should not be added into a port isolation group, and vice versa, a member of a port isolation group should not be added into an aggregation group. But one port can be a member of one or more port isolation groups. Parameters: is the name identification of the group, no longer than 32 characters.
SGS-6341 Series Command Guide Only apply port isolation to layer-2 flows on the switch. Switch(config)#isolate-port apply l2 5.4 show isolate-port group Command: show isolate-port group [] Function: Display the configuration of port isolation, including all configured port isolation groups and Ethernet ports in each group. Parameters: the name identification of the group, no longer than 32 characters; no parameter means to display the configuration of all port isolation groups.
SGS-6341 Series Command Guide Chapter 6 Commands for Port Loopback Detection Function 6.1 debug loopback-detection Command: debug loopback-detection Function: After enabling the loopback detection debug on a port, BEBUG information will be generated when sending, receiving messages and changing states. Default: Disabled by default. Command Mode: Admin Mode. Usage Guide: Display the message sending, receiving and state changes with this command.
SGS-6341 Series Command Guide MAC address of the port. Default: Disable the function of loopback diction control. Command Mode: Port Mode. Usage Guide: If there is any loopback, the port will not recovery the state of be controlled after enabling control operation on the port. If the overtime is configured, the ports will recovery normal state when the overtime is time-out.
SGS-6341 Series Command Guide Enable automatic recovery of the loopback-detection control mode after 30s. Switch(config)# loopback-detection control-recovery timeout 30 6.4 loopback-detection interval-time Command: loopback-detection interval-time no loopback-detection interval-time Function: Set the loopback detection interval. The no operate closes the loopback detection interval function.
SGS-6341 Series Command Guide Disable the function of detecting the loopbacks through the port. Command Mode: Port Mode. Usage Guide: If a port can be a TRUNK port of multiple Vlans, the detection of loopbacks can be implemented on the basis of port+Vlan, which means the objects of the detection can be the specified Vlans on a port. If the port is an ACCESS port, only one Vlan on the port is allowed to be checked despite the fact that multiple Vlans can be configured.
SGS-6341 Series Command Guide Chapter 7 Commands for ULDP 7.1 debug uldp Command: debug uldp (hello | probe | echo | unidir | all) [receive | send] interface [ethernet] IFNAME no debug uldp (hello | probe | echo | unidir | all) [receive | send] interface [ethernet] IFNAME Function: Enable the debugging for receiving and sending the specified packets or all ULDP packets on port. After enable the debugging, show the information of the received and sent packets in terminal.
SGS-6341 Series Command Guide Usage Guide: Use this command to display the error message. Example: Display the error message. Switch#debug uldp error 7.3 debug uldp event Command: debug uldp event no debug uldp event Function: Enable the message debug function to display the event; the no form command disables this function. Command Mode: Admin Mode. Default: Disabled. Usage Guide: Use this command to display all kinds of event information. Example: Display event information. Switch# debug uldp event 7.
SGS-6341 Series Command Guide Default: Disabled by default. Usage Guide: This command can be used to display the information about state transitions of the specified interfaces. Example: Print the information about state transitions of interface ethernet 1/0/1. Switch#debug uldp fsm interface ethernet 1/0/1 7.
SGS-6341 Series Command Guide Default: Disabled. Usage Guide: Use this command to display the packet that receiving on each interface. Switch# debug uldp packet receive 7.7 uldp aggressive-mode Command: uldp aggressive-mode no uldp aggressive-mode Function: To configure ULDP to work in aggressive mode. The no form of this command will restore the normal mode. Command Mode: Global Configuration Mode and Port Configuration Mode. Default: Normal mode.
SGS-6341 Series Command Guide Usage Guide: ULDP can be configured for the ports only if ULDP is enabled globally. If ULDP is enabled globally, it will be effect for all the existing fiber ports. For copper ports and fiber ports which are available after ULDP is enabled, this command should be issued in the port configuration mode to make ULDP be effect. Example: To enable ULDP in global configuration mode. Switch(config)#uldp enable 7.
SGS-6341 Series Command Guide Parameters: : The interval for the Hello messages, with its value limited between 5 and 100 seconds, 10 seconds by default. Command Mode: Global Configuration Mode. Default: 10 seconds by default. Usage Guide: Interval for hello messages can be configured only if ULDP is enabled globally, its value limited between 5 and 100 seconds. Example: To configure the interval of Hello messages to be 12 seconds. Switch(config)# uldp hello-interval 12 7.
SGS-6341 Series Command Guide Function: To reset the port when ULDP is shutdown. Command Mode: Globally Configuration Mode and Port Configuration Mode. Usage Guide: This command can only be effect only if the specified interface is disabled by ULDP. Example: To reset all the port which are disabled by ULDP. Switch(config)# uldp reset 7.13 show uldp Command: show uldp [interface ethernet] Function: To show the global ULDP configuration and status information of interface.
Chapter 8 Commands for LLDP Function 8.1 clear lldp remote-table Command: clear lldp remote-table Function: Clear the Remote-table on the port. Default: Do not clear the entries. Command Mode: Port Configuration Mode. Usage Guide: Clear the Remote table entries on this port. Example: Clear the Remote table entries on this port. Switch(Config-Ethernet 1/0/1)# clear lldp remote-table 8.
Example: Enable the debug switch of LLDP function on the switch. Switch(config)#debug lldp 8.3 debug lldp packets Command: debug lldp packets interface ethernet no debug lldp packets interface ethernet Function: Display the message-receiving and message-sending information of LLDP on the port; the no operation of this command will disable the debug information switch. Default: Disable the debug information on the port. Command Mode: Admin Mode.
Usage Guide: If LLDP function is globally enabled, it will be enabled on every port. Example: Enable LLDP function on the switch. Switch(config)# lldp enable 8.5 lldp enable (Port) Command: lldp enable lldp disable Function: Enable the LLDP function module of ports in port configuration mode; disable command will disable the LLDP function module of port. Default: the LLDP function module of ports is enabled by default in port configuration mode. Command Mode: Port Configuration Mode.
both: Configure the LLDP function as being able to both send and receive messages. disable: Configure the LLDP function as not being able to send or receive messages. Default: The operating state of the port is “both”. Command Mode: Port Configuration Mode. Usage Guide: Choose the operating state of the lldp Agent on the port. Example: Configure the state of port ethernet 1/0/5 of the switch as “receive”. Switch(config)#in ethernet 1/0/5 Switch(Config-if-Ethernet 1/0/5)#lldp mode receive 8.
8.8 lldp neighbors max-num Command: lldp neighbors max-num < value > no lldp neighbors max-num Function: Set the maximum number of entries can be stored in Remote MIB. Parameters: is the configured number of entries, ranging from 5 to 500. Default: The maximum number of entries can be stored in Remote MIB is 100. Command Mode: Port Configuration Mode. Usage Guide: The maximum number of entries can be stored in Remote MIB. Example: Set the Remote as 200 on port ethernet 1/0/5 of the switch.
interval whenever the Remote Table changes. Example: Set the time interval of sending Trap messages as 20 seconds. Switch(config)# lldp notification interval 20 8.10 lldp tooManyNeighbors Command: lldp tooManyNeighbors {discard|delete} Function: Set which operation will be done when the Remote Table is full. Parameters: discard: discard the current message. delete: Delete the message with the least TTL in the Remoter Table. Default: Discard. Command Mode: Port Configuration Mode.
When transmit delay is the default value and tx-interval is configured via some commands, transmit delay will become one fourth of the latter, instead of the default 2. Parameters: is the time interval, ranging from 1 to 8192 seconds. Default: The interval is 2 seconds by default. Command Mode: Global Mode. Usage Guide: When the messages are being sent continuously, a sending delay is set to prevent the Remote information from being updated repeatedly due to sending messages simultaneously.
Switch(config)#in ethernet 1/0/5 Switch(Config-if-ethernet 1/0/5)# lldp transmit optional tlv portDesc sysCap 8.13 lldp trap Command: lldp trap Function: enable: configure to enable the Trap function on the specified port; disable: configure to disable the Trap function on the specified port. Default: The Trap function is disabled on the specified port by default. Command Mode: Port Configuration Mode. Usage Guide: The function of sending Trap messages is enabled on the port.
Usage Guide: After configuring the interval of sending messages, LLDP messages can only be received after a period as long as configured. The interval should be less than or equal with half of aging time, for a too long interval will cause the state of being aged and reconstruction happen too often; while a too short interval will increase the flow of the network and decrease the bandwidth of the port.
8.16 show lldp Command: show lldp Function: Display the configuration information of global LLDP, such as the list of all the ports with LLDP enabled, the interval of sending update messages, the configuration of aging time, the interval needed by the sending module to wait for re-initialization, the interval of sending TRAP, the limitation of the number of the entries in the Remote Table. Default: Do not display the configuration information of global LLDP. Command Mode: Admin Mode, Global Mode.
Default: Do not display the configuration information of LLDP on the port. Command Mode: Admin Mode, Global Mode. Usage Guide: Users can check the configuration information of LLDP on the port by using “show lldp interface ethernet XXX”. Example: Check the configuration information of LLDP on the port after LLDP is enabled on the switch.
8.19 show lldp traffic Command: show lldp traffic Function: Display the statistics of LLDP data packets. Default: Do not display the statistics of LLDP data packets. Command Mode: Admin Mode, Global Mode. Usage Guide: Users can check the statistics of LLDP data packets by using “show lldp traffic”. Example: Check the statistics of LLDP data packets after LLDP is enabled on the switch.
Chapter 9 Commands for Port Channel 9.1 debug port-channel Command: debug port-channel {all | event | fsm | packet | timer} no debug port-channel [] Function: Open the debug switch of port-channel.
9.2 interface port-channel Command: interface port-channel Function: Enters the port channel configuration mode Command mode: Global Mode Usage Guide: On entering aggregated port mode, configuration to GVRP or spanning tree modules will apply to aggregated ports; if the aggregated port does not exist (i.e., ports have not been aggregated), an error message will be displayed and configuration will be saved and will be restored until the ports are aggregated.
Usage Guide: Use this command to modify the port priority of LACP protocol, the no command restores the default value. Example: Set the port priority of LACP protocol. Switch(Config-If-Ethernet1/0/1)# lacp port-priority 30000 9.4 lacp system-priority Command: lacp system-priority no lacp system-priority Function: Set the system priority of LACP protocol. Parameters: : The system priority of LACP protocol, ranging from 0 to 65535.
Command mode: Port Mode Default: Long. Usage Guide: Set the timeout mode of LACP protocol. Example: Set the timeout mode as short in LACP protocol. Switch(Config-If-Ethernet1/0/1)#lacp timeout short 9.6 load-balance Command: load-balance {dst-src-mac | dst-src-ip | dst-src-mac-ip} Function: Set load-balance mode for switch, it takes effect for port-group and ECMP at the same time.
9.7 port-group Command: port-group no port-group Function: Creates a port group. The no command deletes that group. Parameters: is the group number of a port channel from 1 to 128. Default: There is no port-group. Command mode: Global Mode Example: Creating a port group. Switch(config)# port-group 1 Delete a port group. Switch(config)#no port-group 1 9.
Usage Guide: If the specified port group does not exist, then print a error message. All ports in a port group must be added in the same mode, i.e., all ports use the mode used by the first port added. Adding a port in “on” mode is a “forced” action, which means the local end switch port aggregation does not rely on the information of the other end, port aggregation will succeed as long as all ports have consistent VLAN information. Adding a port in “active” or “passive” mode enables LACP.
the third is unselected ports number. ID Mode Partner ID Ports Load-balance ------------------------------------------------------------------------------------1 active 0x8000,00-12-cf-4d-e1-a1 8,1,1 dst-src-mac 10 passive 0x8000,00-12-cf-4d-e1-b2 8,2,0 dst-src-ip 20 on 8,0,0 src-ip 2. Display the detailed information of port-group 1.
Ethernet1/0/5 5 32768 1 0x8000, ,A8-F7-E0-01-02-04 {CDEF} Ethernet1/0/6 6 32768 1 0x8000, ,A8-F7-E0-01-02-04 {CDEF} Ethernet1/0/7 7 32768 1 0x8000, ,A8-F7-E0-01-02-04 {CDEF} Ethernet1/0/8 8 32768 1 0x8000, ,A8-F7-E0-01-02-04 {CDEF} Ethernet1/0/23 23 32768 1 0x8000, ,A8-F7-E0-01-02-04 {C} Switch# 9-20
Chapter 10 Commands for Jumbo 10.1 jumbo enable Command: jumbo enable [] no jumbo enable Function: Enable the Jumbo receiving function. The no command restores to the normal frame range of 64--1518。 Parameter: mtu-value: the MTU value of jumbo frame that can be received, in byte, ranging from <1500-9000>. The corresponding frame size is <1518/1522-9018/9022>. Without setting is parameter, the allowed max frame size is 9018/9022. Default: Jumbo function not enabled by default.
Chapter 11 Commands for EFM OAM 11.1 clear ethernet-oam Command: clear ethernet-oam [interface {ethernet |} ] Function: Clear the statistic information of packets and link event on specific or all ports for OAM. Parameter: , the name of the port needs to clear OAM statistic information Command Mode: Admin mode Example: Clear the statistic information of OAM packets and link event on all ports. Switch(config)#clear ethernet-oam 11.
11.3 debug ethernet-oam fsm Command: debug ethernet-oam fsm {all | Discovery | Transmit} [interface {ethernet |} ] no debug ethernet-oam fsm {all | Discovery | Transmit} [interface {ethernet |} ] Function: Enable the debugging of OAM state machine, no command disables it. Parameter: : name of the port that the debugging will be enabled or disabled Command Mode: Admin mode Example: Enable the debugging of Discovery state machine for ethernet1/0/1.
11.5 debug ethernet-oam timer Command: debug ethernet-oam timer {all | pdu_timer | local_lost_link_timer} [interface {ethernet |} ] no debug ethernet-oam timer {all | pdu_timer | local_lost_link_timer} [interface {ethernet | } ] Function: Enable the debugging of refreshing information for specific or all timers, no this command disables the debugging. Parameter: : name of the port that the debugging will be enabled or disabled Default: Disable.
11.7 ethernet-oam errored-frame threshold high Command: ethernet-oam errored-frame threshold high { | none} no ethernet-oam errored-frame threshold high Function: Configure the high threshold of errored frame event, no command restores the default value. Parameter: , the high detection threshold of errored frame event, ranging from 2 to 4294967295. none, cancel the high threshold configuration.
Usage Guide: During the specific detection period, errored frame event is induced if the number of errored frame is larger than or equal to the low threshold and the device notifies the peer by sending event notification OAMPDU. Note that the low threshold can not be larger than the high threshold. Example: Configure the low threshold of errored frame event on Ethernet 1/0/4 to 100. Switch(Config-If-Ethernet1/0/4)#ethernet-oam errored-frame threshold low 100 11.
no ethernet-oam errored-frame-period threshold high Function: Configure the high threshold of errored frame period event, no command restores the default value. Parameter: , the high detection threshold of errored frame period event, ranging from 2 to 4294967295. none, cancel the high threshold configuration.
Usage Guide: During the specific detection period, errored frame period event is induced if the number of errored frame is larger than or equal to the low threshold and the device notifies the peer by event notification OAMPDU. Note that the low threshold should not be larger than the high threshold. Example: Configure the low threshold of errored frame period event on port 1/0/4 to 100. Switch(Config-If-Ethernet1/0/4)#ethernet-oam errored-frame-period threshold low 100 11.
11.13 ethernet-oam errored-frame-seconds threshold high Command: ethernet-oam errored-frame-seconds threshold high { | none} no ethernet-oam errored-frame-seconds threshold high Function: Configure the high threshold of errored frame seconds event, no command restores the default value. Parameter: , the high detection threshold of errored frame seconds event, ranging from 2 to 65535 seconds.
Function: Configure the low threshold of errored frame seconds event, no command restores the default value. Parameter: , the low detection threshold of errored frame seconds event, ranging from 1 to 65535 seconds. Default: 1. Command Mode: Port mode Usage Guide: During the specific detection period, errored frame seconds event is induced if the number of errored frame seconds is larger than or equal to the low threshold and the device notifies the peer by sending event notification OAMPDU.
Usage Guide: Detect errored frame seconds of the port after the time of specific detection period. If the number of errored frame seconds is larger than or equal to the threshold, corresponding event is induced and the device notified the peer through OAMPDU. Example: Configure the detection period of errored frame seconds event on port 1/0/4 to 120s. Switch(Config-If-Ethernet1/0/4)#ethernet-oam errored-frame-seconds window 120 11.
11.17 ethernet-oam errored-symbol-period threshold low Command: ethernet-oam errored-symbol-period threshold low no ethernet-oam errored-symbol-period threshold low Function: Configure the low threshold of errored symbol event, no command restores the default value. Parameter: , the low threshold of errored symbol event, ranging from 1 to 18446744073709551615 symbols. none, cancel the high threshold configuration. Default: 1.
Default: 1. Command Mode: Port mode Usage Guide: Detect errored symbols of the port after the time of specific detection period. If the number of errored symbols is larger than or equal to the threshold, corresponding event is induced and the device notified the peer through OAMPDU. Example: Set the detection period of errored symbol event on port 1/0/4 to be 2s. Switch(Config-If-Ethernet1/0/4)#ethernet-oam errored-symbol-period window 2 11.
no ethernet-oam mode Function: Configure the mode of OAM function, no command restores the default value. Parameter: active, active mode passive, passive mode Default: active mode. Command Mode: Port mode Usage Guide: At least one of the two connected OAM entities should be configured to active mode. Once OAM is enabled, the working mode of OAM cannot be changed and you need to disable OAM function if you have to change the working mode.
Example: Set the transmission interval of Information OAMPDU for ethernet 1/0/4 to be 2s. Switch(Config-If-Ethernet1/0/4)# ethernet-oam period 2 11.22 ethernet-oam remote-failure Command: ethernet-oam remote-failure no ethernet-oam remote-failure Function: Enable remote failure indication of OAM, no command disables the function. Default: Enable.
Command Mode: Port mode Usage Guide: Only OAM entities working in active mode can launch remote loopback request but the ones in passive mode cannot. When remote OAM entities work in loopback mode, all packets except OAMPDU return to the local port according to the original paths (note that normal communication cannot be performed in OAM loopback mode.) and network administrators can detect link delay, jitter and throughput through remote loopback.
Normal forwarding will be suspended during the remote-loopback, are you sure to support remote-loopback? [Y/N] 11.25 ethernet-oam timeout Command: ethernet-oam timeout no ethernet-oam timeout Function: Configure the timeout of OAM connection, no command restores the default value. Parameter: , the timeout ranging from 5 to 10 seconds. Default: 5s. Command Mode: Port mode Usage Guide: OAM connection will be disconnected if no OAMPDU is received after specified timeout.
Example: Show overview information of Ethernet OAM connection. Switch#show ethernet-oam Remote-Capability codes: L - Link Monitor, U - Unidirection, R - Remote Loopback V - Variable Retrieval ----------------------------------------------------------------------------------------------------------------Interface Local-Mode Local-Capability Remote-MAC-Addr Remote-Mode Remote-Capability 1/0/1 active L R 0030.4f02.2e5d active L R 1/0/2 active L R 0030.4f19.
local_par_action=DISCARD Max_OAMPDU_Size=1518 -----------------------------------------------------------------------OAM_local_flags_field: Link Fault=0 Dying Gasp=0 Critical Events=0 -----------------------------------------------------------------------Packet statistic: Packets Send Receive OAMPDU 553 21 Information 552 21 Event Notification 1 0 Loopback Control 0 0 ------------------------------------------------------------------------ Field Description Status of Ethernet OAM: oam_s
packets except OAMPDU packets received are returned to their sources along the ways they come. Loopback Supported Whether support remote loopback: YES for support and NO for not. Whether support unidirectional transmission: YES for support and NO Unidirectional Support for not. Link Events Whether support general link events: YES for support and NO for not. Whether support severe link events (remote failure indication): YES for Remote Failure support and NO for not.
Link Fault=0 Dying Gasp=0 Critical Event=0 Field Description Remote_Mac_Address MAC address of remote OAM entity Working mode of Ethernet OAM: local _mode active, the port is set as active mode; passive, the port is set as passive mode. The way in which the local end processes Ethernet OAMPDUs: RX_INFO, the port only receives Information OAMPDUs and does not send any Ethernet OAMPDUs.
11.27 show ethernet-oam events Command: show ethernet-oam events {local | remote} [interface {ethernet |} ] Function: Shows the statistic information of link events on specified or all ports with OAM enabled, including general link events and severe link events.
event running total:75 OAM_local_errored-frame-seconds-summary-events: -----------------------------------------------------------------------------------------------------event time stamp:3520 errored frame window:60s errored frame low threshold:1 errored frame high threshold:none errored frame:1200120 errored running total:2302512542 event running total:232 OAM_local_link-fault:0 OAM_local_dying gasp:0 OAM_local_critical event:0 Field Description Statistic information of the local errored OAM_l
11.28 show ethernet-oam link-events configuration Command: show ethernet-oam link-events configuration [interface {ethernet | } ] Function: Show configuration of link events on specified or all ports with OAM enabled, including detection period and threshold of the events and so on. Parameter: , the port that the statistic information of OAM link events needs to be shown, the statistic information of OAM link events for all ports will be shown if this parameter is not specified.
11.29 show ethernet-oam loopback status Command: show ethernet-oam loopback status [interface {ethernet |} ] Function: Show OAM loopback status of specified or all ports. Parameter: , the port that OAM loopback status needs to be shown, OAM loopback status for all ports will be shown if this parameter is not specified. Command Mode: Admin mode Example: Show OAM loopback status of all ports.
Chapter 12 VLAN Configuration 12.1 Commands for VLAN Configuration 12.1.1 debug gvrp event Command: debug gvrp event interface (ethernet | port-channel |) IFNAME no debug gvrp event interface (ethernet | port-channel |) IFNAME Function: Enable/disable GVRP event debugging including the transfer of state machine and the expiration of timer. Parameter: ethernet, physical port port-channel, aggregate port IFNAME, port name Command mode: Admin Mode. Default: GVRP event debugging is disabled.
Parameter: receive, enabling the debugging of receiving GVRP packet send, enabling the debugging of sending GVRP packet ethernet, physical port port-channel, aggregate port IFNAME, port name Command mode: Admin Mode. Default: GVRP packet debugging is disabled. Usage Guide: Use this command to enable the debugging of GVRP packet. Example: Show information of sending and receiving GVRP packet.
Usage Guide: After enabling dot1q-tunnel on the port, data packets without VLAN tag (referred to as tag) will be packed with a tag when entering through the port; those with tag will be packed with an external tag. The TPID in the tag is 8100 and the VLAN ID is the VLAN ID the port belongs to. Data packets with double tags will be forwarded according to MAC address and external tag, till the external tag is removed when transmitted outside from the access port.
Switch(config)#interface ethernet 1/0/10 Switch(Config-If-Ethernet1/0/10)#switchport mode trunk Switch(Config-If-Ethernet1/0/10)#dot1q-tunnel tpid 0x9100 Switch(Config-If-Ethernet1/0/10)#exit Switch(config)# 12.1.5 garp timer join Command: garp timer join <200-500> Function: Set the value of garp join timer, note that the value of join timer must be less than half leave timer. Parameter: <200-500>, the value of timer in millisecond Command mode: Global mode Default: 200 ms.
Default: 600 ms. Usage Guide: Check whether the value satisfy the range. If so, modify the value of garp timer to the specified value, otherwise return a configuration error. Example: Set the value of garp leave timer as 600ms. Switch(config)#garp timer leave 600 12.1.7 garp timer leaveall Command: garp timer leaveall <5000-60000> Function: Set the value of garp leaveAll timer, note that the value of leaveAll timer must be larger than leave timer.
Command mode: Global mode Default: Disabled. Usage Guide: Enable GVRP function globally and only in this way GVRP module can work normally. Example: Enable GVRP function globally. Switch(config)#gvrp 12.1.9 gvrp (Port) Command: gvrp no gvrp Function: Enable/disable GVRP function on port. Notice: although GVRP can be enabled on port when GVRP is not enabled globally, it will not take effect until global GVRP is enabled. Command mode: Port mode Default: Disabled.
Parameter: join, join timer leave, leave timer leaveAll, leaveAll timer Command mode: Global mode Default: 200 | 600 | 10000 milliseconds for join | leave | leaveall timer respectively. Usage Guide: Check whether the default value satisfy the range. If so, modify the value of garp join | leave | leaveAll timer to the default value, otherwise return a configuration error. Example: Restore garp timer to the default value. Switch(config)#no garp timer leaveall 12.1.
12.1.12 private-vlan Command: private-vlan {primary | isolated | community} no private-vlan Function: Configure current VLAN to Private VLAN. The no command cancels the Private VLAN configuration. Parameter: primary set current VLAN to Primary VLAN, isolated set current VLAN to Isolated VLAN, community set current VLAN to Community VLAN. Command Mode: VLAN mode Default: Private VLAN is not configured by default. Usage Guide: There are three Private VLANs: Primary VLAN, Isolated VLAN and Community VLAN.
Note:This will remove all the ports from vlan 200 Switch(Config-Vlan200)#exit Switch(config)#vlan 300 Switch(Config-Vlan300)#private-vlan community Note:This will remove all the ports from vlan 300 Switch(Config-Vlan300)#exit 12.1.13 private-vlan association Command: private-vlan association no private-vlan association Function: Set Private VLAN association; the no command cancels Private VLAN association.
12.1.14 show dot1q-tunnel Command: show dot1q-tunnel Function: Display the information of all the ports at dot1q-tunnel state. Command Mode: Admin Mode and other configuration Mode. Usage Guide: This command is used for displaying the information of the ports at dot1q-tunnel state. Example: Display current dot1q-tunnel state. Switch#show dot1q-tunnel Interface Ethernet1/0/1: dot1q-tunnel is enable Interface Ethernet1/0/3: dot1q-tunnel is enable 12.1.
Switch#show garp timer join Garp join timer’s value is 200(ms) 12.1.16 show gvrp fsm information Command: show gvrp fsm information interface (ethernet | port-channel) IFNAME Function: Show the current state of all registered machines and request state machines on specified or all ports. Parameter: ethernet, physical port port-channel, aggregate port IFNAME, port name Command mode: Admin Mode. Default: MT for registered machine and VO for request state machine.
12.1.17 show gvrp leaveAll fsm information Command: show gvrp leaveall fsm information interface (ethernet | port-channel) IFNAME Function: Show the state of leaveAll state machine on specified or all ports. Parameter: ethernet, physical port port-channel, aggregate port IFNAME, port name Command mode: Admin Mode. Default: Passive. Usage Guide: Check the state of leaveAll state machine. Example: Show the state of leaveAll state machine on port.
Default: leavetimer is disabled. Usage Guide: Show running state and expiration time of each leave timer. Example: Show running state and expiration time of each leave timer on current port. Switch#show gvrp leavetimer running information interface ethernet 1/0/1 VLANID ------------ running state ---------- 100 UP 300 DOWN expired time --------0.2 s non 12.1.19 show gvrp port-member Command: show gvrp (active|) port-member Function: Shows all ports with GVRP enabled.
12.1.20 show gvrp port registerd vlan Command: show gvrp port (dynamic | static |) registerd vlan interface (Ethernet | port-channel |) IFNAME Function: Show the dynamic or static registration VLANs on current port. Parameter: dynamic, dynamic registration static, static registration Ethernet, physical port port-channel, aggregate port IFNAME, port name Command mode: Admin Mode. Default: No dynamic or static registration VLANs on port.
leaveall, leaveAll timer ethernet, physical port port-channel, aggregate port IFNAME, port name Command mode: Admin Mode. Default: Join timer is disabled and leaveAll timer is enabled. Usage Guide: Check running state of join|leaveAll timer on port. Example: Show running state and expiration time of each timer. Switch(config)#show gvrp timer join running information interface ethernet 1/0/1 Current port’s jointimer running state is: UP Current port’s jointimer expired time is: 0.2 s 12.1.
12.1.23 show vlan Command: show vlan [brief | summary] [id ] [name ] [internal usage [id | name ]] [private-vlan [id | name ]] Function: Display detailed information for all VLANs or specified VLAN.
VLAN VLAN number Name VLAN name Type VLAN type, statically configured or dynamically learned.
12.1.25 switchport access vlan Command: switchport access vlan no switchport access vlan Function: Add the current Access port to the specified VLAN. The “no switchport access vlan” command deletes the current port from the specified VLAN, and the port will be partitioned to VLAN1. Parameter: is the VID for the VLAN to be added the current port, valid range is 1 to 4094. Command mode: Port Mode. Default: All ports belong to VLAN1 by default.
remove WORD: Delete the specific VLAN of vlanList from the existent allow vlanList; Command mode: Port Mode. Default: Forbidden vlanList is empty Usage Guide: Tag the corresponding position for forbidden vlanList and clear allow vlanList flags in ports. A port leaves these VLANs if it joins them statically, and it sends message to GVRP module to enable corresponding registered machine of the port to enter forbidden mode.
port, traffic of VLANs not included are prohibited. The difference between tag and untag mode by setting allowed vlan: set VLAN to untag mode, the frame sent via hybrid port without VLAN tag; set VLAN to tag mode, the frame sent via hybrid port with corresponding VLAN tag. The same VLAN can not be allowed with tag and untag mode by a Hybrid port at the same time. If configure the tag (or untag) allowed VLAN to untag (or tag) allowed VLAN, the last configuration will cover the before.
12.1.29 switchport interface Command: switchport interface [ethernet | portchannel] [interface-name | interface-list] no switchport interface [ethernet | portchannel] [interface-name | interface-list] Function: Specify Ethernet port to VLAN; the no command deletes one or one set of ports from the specified VLAN. Parameter: ethernet is the Ethernet port to be added. portchannel means that the port to be added is a link-aggregation port. interface-name port name, such as e1/0/1.
Default: The port is in Access mode by default. Usage Guide: Ports in trunk mode is called Trunk ports. Trunk ports can allow traffic of multiple VLANs to pass through. VLAN in different switches can be interconnected with the Trunk ports. Ports under access mode are called Access ports. An access port can be assigned to one and only one VLAN at a time.
Command mode: Port Mode. Default: access mode. Usage Guide: Configure the port as trunk, enable it to leave all VLANs and clear allow-list. Example: Switch(config-if-ethernet1/0/1)#switchport mode trunk allow-null 12.1.32 switchport trunk allowed vlan Command: switchport trunk allowed vlan {WORD | all | add WORD | except WORD | remove WORD} no switchport trunk allowed vlan Function: Set trunk port to allow VLAN traffic; the “no switchport trunk allowed vlan” command restores the default setting.
12.1.33 switchport trunk native vlan Command: switchport trunk native vlan no switchport trunk native vlan Function: Set the PVID for Trunk port; the “no switchport trunk native vlan” command restores the default setting. Parameter: is the PVID for Trunk port. Command mode: Port Mode. Default: The default PVID of Trunk port is 1. Usage Guide: PVID concept is defined in 802.1Q. PVID in Trunk port is used to tag untagged frames.
VLANs. Parameter: WORD is the VLAN ID to be created/deleted, valid range is 1 to 4094, connect with ';' and '-'. Command mode: Global Mode. Default: Only VLAN1 is set by default. Usage Guide: VLAN1 is the default VLAN and cannot be configured or deleted by the user. The maximal VLAN number is 4094. It should be noted that dynamic VLANs learnt by GVRP cannot be deleted by this command. Example: Create VLAN100 and enter the configuration mode for VLAN 100. Switch(config)#vlan 100 Switch(Config-Vlan100)# 12.
Switch(config)#vlan 100 internal 12.1.36 vlan ingress enable Command: vlan ingress enable no vlan ingress enable Function: Enable the VLAN ingress rule for a port; the “no vlan ingress enable” command disables the ingress rule. Command mode: Port Mode. Default: Enable VLAN ingress filtering function.
Default: There is no VLAN translation relation. Usage Guide: The command is for configuring the in and out translation relation of the VLAN translation function. The data packets will be matched according to the configured translation relations, and its VLAN ID will be changed to the one in the configured item once matched, while the vlan-translation miss drop command will determine the next forwarding if not match. Example: Move the VLAN100 data entered from the port1 to VLAN2 after ingress translation.
12.1.39 vlan-translation miss drop Command: vlan-translation miss drop in no vlan-translation miss drop in Function: Set packet dropping when checking vlan-translation is failing; the no command restores to the default value. Parameter: In refers to ingress.. Command Mode: Port Mode. Default: Do not drop the packets when checking vlan-translation is failing.
12.2 Commands for Dynamic VLAN Configuration 12.2.1 dynamic-vlan mac-vlan prefer Command: dynamic-vlan mac-vlan prefer Function: Set the MAC-based VLAN preferred. Command Mode: Global Mode. Default: MAC-based VLAN is preferred by default. Usage Guide: Configure the preference of dynamic-vlan on switch. The default priority sequence is MAC-based VLAN、IP-subnet-based VLAN、Protocol-based VLAN, namely the preferred order when several dynamic VLAN is available.
dynamic VLAN is available. This command is used to set to preferring the IP-subnet-based VLAN. Example: Set the IP-subnet-based VLAN preferred. Switch#config Switch(config)#dynamic-vlan subnet-vlan prefer 12.2.3 mac-vlan Command: mac-vlan mac vlan priority no mac-vlan {mac |all} Function: Add the correspondence between MAC address and VLAN, namely specify certain MAC address to join specified VLAN.
12.2.4 mac-vlan vlan Command: mac-vlan vlan no mac-vlan vlan Function: Configure the specified VLAN to MAC VLAN; the “no mac-vlan vlan ” command cancels the MAC VLAN configuration of this VLAN. Parameter: is the number of the specified VLAN. Command Mode: Global Mode. Default: No MAC VLAN is configured by default. Usage Guide: Set specified VLAN for MAC VLAN. Example: Set VLAN100 to MAC VLAN. Switch#config Switch(config)#mac-vlan vlan 100 12.2.
ssap-id is the access point of the source service with a valid range of 0~255; snap is SNAP encapsulate format; etype-id is the type of the packet protocol, the valid range is 1536~65535; vlan-id is the ID of VLAN, the valid range is 1~4094; priority is the priority, the range is 0~7; all indicates all the encapsulate protocols. Command Mode: Global Mode. Default: No protocol joined the VLAN by default. Usage Guide: The command adds specified protocol into specified VLAN.
12.2.7 show mac-vlan Command: show mac-vlan Function: Display the configuration of MAC-based VLAN on the switch. Command Mode: Admin Mode and other configuration Mode. Usage Guide: Display the configuration of MAC-based VLAN on the switch. Example: Display the configuration of the current MAC-based VLAN. Switch#show mac-vlan MAC-Address VLAN_ID ------------------ Priority ----------- -------- 00-e0-4c-77-ab-9d 2 2 00-0a-eb-26-8d-f3 2 2 00-30-4f-11-22-33 5 5 12.2.
Ethernet1/0/5(H) Ethernet1/0/6(T) 12.2.9 show protocol-vlan Command: show portocol-vlan Function: Display the configuration of Protocol-based VLAN on the switch. Command Mode: Admin Mode and Configuration Mode Usage Guide: Display the configuration of Protocol-based VLAN on the switch. Example: Display the configuration of the current Protocol-based VLAN.
------------------ ----------------- ------- 192.168.1.165 255.255.255.0 2 202.200.121.21 255.255.0.0 2 10.0.0.1 255.248.0.0 5 12.2.11 show subnet-vlan interface Command: show subnet-vlan interface Function: Display the port at IP-subnet-based VLAN. Command Mode: Admin Mode and other Configuration Mode. Usage Guide: Display the port of enabling IP-subnet-based VLAN, the character in the bracket indicate the ports mode, A means Access port, T means Trunk port, H means Hybrid port.
vlan-id is the VLAN ID with a valid range of 1~4094;all indicates all the subnets. Command Mode: Global Mode. Default: No IP subnet joined the VLAN by default. Usage Guide: This command is used for adding specified IP subnet to specified VLAN. When packet without VLAN label and from the specified IP subnet enters through the switch port, it will be matched with specified VLAN id and enters specified VLAN. These packets will always come to the same VLAN no matter through which port did they enter.
12.2.14 switchport subnet-vlan enable Command: switchport subnet-vlan enable no switchport subnet-vlan enable Function: Enable the IP-subnet-based VLAN on the port; the “no” form of this command disables the IP-subnet-based VLAN function on the port. Command Mode: Port Mode. Default: The IP-subnet-based VLAN is enabled on the port by default. Usage Guide: After adding the IP subnet to specified VLAN, the IP-subnet-based VLAN function will be globally enabled.
Example: Display the Current Voice VLAN Configuration. Switch#show voice-vlan Voice VLAN ID:2 Ports:ethernet1/0/1;ethernet1/0/3 Voice name MAC-Address Mask ----- Priority ------------ ----- ---------------------- -------- financePhone 00-e0-4c-77-ab-9d 0xff 5 manager 00-0a-eb-26-8d-f3 0xfe 6 Mr_Lee 00-30-4f-11-22-33 0x80 5 NULL 00-30-4f-11-22-33 0x0 5 12.3.
12.3.3 voice-vlan Command: voice-vlan mac mask priority [name ] no voice-vlan {mac mask |name |all} Function: Specify certain voice equipment to join in Voice VLAN; the "no" form of this command will let the equipment leave the Voice VLAN.
Parameter: Vlan id is the number of the specified VLAN. Command Mode: Global Mode. Default: No Voice VLAN is configured by default. Usage Guide: Set specified VLAN for Voice VLAN, There can be only one Voice VLAN at the same time. The voice VLAN can not be applied concurrently with MAC-based VLAN. Example: Set VLAN100 to Voice VLAN.
Chapter 13 Commands for MAC Address Table Configuration 13.1 Commands for MAC Address Table Configuration 13.1.1 clear mac-address-table dynamic Command: clear mac-address-table dynamic [address ] [vlan ] [interface [ethernet | portchannel] ] Function: Clear the dynamic address table. Parameter: : MAC address will be deleted; the port name for forwarding the MAC packets; VLAN ID. Command Mode: Admin mode.
is the aging-time seconds, range from 10 to 1000000; 0 to disable aging. Command Mode: Global Mode. Default: Default aging-time is 300 seconds. Usage Guide: If no destination address of the packets is same with the address entry in aging-time, the address entry will get aged. The user had better set the aging-time according to the network condition, it usually use the default value. Example: Set the aging-time to 600 seconds. Switch(config)#mac-address-table aging-time 600 13.1.
When VLAN interface is configured and is up, the system will generate a static address mapping entry of which the inherent MAC address corresponds to the VLAN number. Usage Guide: In certain special applications or when the switch is unable to dynamically learn the MAC address, users can use this command to manually establish mapping relation between the MAC address and port and VLAN.
VLAN number; entry’s interface name. Command Mode: Admin and Configuration Mode. Default: MAC address table is not displayed by default. Usage Guide: This command can display various classes of MAC address entries. Users can also use show mac-address-table to display all the MAC address entries. Example: Display all the filter MAC address entries. Switch#show mac-address-table blackhole 13.2 Commands for Mac Address Binding configuration 13.2.
13.2.2 mac-address-table periodic-monitor-time Command: mac-address-table periodic-monitor-time <5-86400> Function: Set the MAC monitor interval to count the added and deleted MAC in time, and send out them with trap message. Command mode: Global Mode. Parameter: <5-86400>: the interval is 5 to 86400 seconds. Default: 60 seconds. Example: Set the MAC monitor interval as 120 seconds. Switch(Config)#mac-address-table periodic-monitor-time 120 13.2.
----------------------------------------------------------------------------------------------------Max Addresses limit in System:128 Total Addresses in System:2 Displayed information Explanation Security Port Is port enabled as a secure port. MaxSecurityAddr The maximum secure MAC address number set for the security port. CurrentAddr The current secure MAC address number of the security port. Security Action The violation mode of the port configuration.
Vlan The VLAN ID for the secure MAC Address. Mac Address Secure MAC address. Type Secure MAC address type. Ports The port that the secure MAC address belongs to. Total Addresses Current secure MAC address number in the system. 13.2.5 show port-security interface Command: show port-security interface Function: Display the configuration of secure port. Command mode: Admin Mode and other configuration Mode. Parameter: stands for the port to be displayed.
for the port. Total MAC Addresses Current secure MAC address number for the port. Configured MAC Addresses Current secure static MAC address number for the port. Lock Timer Whether locking timer (timer timeout) is enabled for the port. Mac-Learning function Whether the MAC address learning function is enabled. 13.2.
13.2.7 switchport port-security convert Command: switchport port-security convert Function: Converts dynamic secure MAC addresses learned by the port to static secure MAC addresses, and disables the MAC address learning function for the port. Command mode: Port Mode. Usage Guide: The port dynamic MAC convert command can only be executed after the secure port is locked. After this command has been executed, dynamic secure MAC addresses learned by the port will be converted to static secure MAC addresses.
13.2.9 switchport port-security mac-address Command: switchport port-security mac-address no switchport port-security mac-address Function: Add a static secure MAC address; the “no switchport port-security mac-address” command deletes a static secure MAC address. Command mode: Port Mode. Parameters: stands for the MAC address to be added or deleted. Usage Guide: The MAC address binding function must be enabled before static secure MAC address can be added.
Usage Guide: The MAC address binding function must be enabled before maximum secure MAC address number can be set. If secure static MAC address number of the port is larger than the maximum secure MAC address number set, the setting fails; extra secure static MAC addresses must be deleted, so that the secure static MAC address number is no larger than the maximum secure MAC address number for the setting to be successful. Example: Set the maximum secure MAC address number for port 1.
13.2.12 switchport port-security violation Command: switchport port-security violation {protect | shutdown} [recovery <30-3600>] no switchport port-security violation Function: Configure the port violation mode. The no restores the violation mode to protect. Command Mode: Port mode.
Chapter 14 ommands for MSTP 14.1 Commands for MSTP 14.1.1 abort Command: abort Function: Abort the current MSTP region configuration, quit MSTP region mode and return to global mode. Command mode: MSTP Region Mode. Usage Guide: This command is to quit MSTP region mode without saving the current configuration. The previous MSTP region configuration is valid. Example: Quit MSTP region mode without saving the current configuration. Switch(Config-Mstp-Region)#abort Switch(config)# 14.1.
14.1.3 instance vlan Command: instance vlan no instance [vlan ] Function: In MSTP region mode, create the instance and set the mappings between VLANs and instances; the command “no instance [vlan ]” removes the specified instance and the specified mappings between the VLANs and instances. Parameter: Normally, sets the instance number.
setting. Parameter: is the MSTP region name. The length of the name should be less than 32 characters. Command mode: MSTP Region Mode Default: Default MSTP region name is the MAC address of this bridge. Usage Guide: This command is to set MSTP region name. The bridges with same MSTP region name and same other attributes are considered in the same MSTP region. Example: Set MSTP region name to mstp-test.
14.1.6 revision-level Command: revision-level no revision-level Function: In MSTP region mode, this command is to set revision level for MSTP configuration; the command “no revision-level” restores the default setting to 0. Parameter: is revision level. The valid range is from 0 to 65535. Command mode: MSTP Region Mode Default: The default revision level is 0. Usage Guide: This command is to set revision level for MSTP configuration.
14.1.8 spanning-tree Command: spanning-tree no spanning-tree Function: Enable MSTP in global mode and in Port Mode; The command “no spanning-tree” is to disable MSTP. Command mode: Global Mode and Port Mode Default: MSTP is not enabled by default. Usage Guide: If the MSTP is enabled in global mode, the MSTP is enabled in all the ports except for the ports which are set to disable the MSTP explicitly. Example: Enable the MSTP in global mode, and disable the MSTP in the interface1/0/2.
100Mbps 200000 200000~2000000 1Gbps 20000 20000~200000 10Gbps 2000 2000~20000 For the aggregation ports, the default costs are as below: Port Type Allowed Number Of Aggregation Default Port Cost Ports 10Mbps N 2000000/N 100Mbps N 200000/N 1Gbps N 20000/N 10Gbps N 2000/N Usage Guide: By setting the port cost, users can control the cost from the current port to the root bridge in order to control the elections of port and the designated port of the instance.
all the equipment. If there are more than one equipment connected, all the connected ports should execute this command. Example: Configure the authentication string of partner port. Switch(config)#interface ethernet 1/0/2 Switch(Config-If-Ethernet1/0/2)#spanning-tree digest-snooping Switch(Config-If-Ethernet1/0/2)# 14.1.
When the AUTO format is set, and over one equipment which is not compatible with each other are connected on the port (e.g. a equipment running through a HUB or Transparent Transmission BPDU is connected with several equipments running MSTP), the format alter counts will be recorded and the port will be disabled at certain count threshold. The port can only be re-enabled by the administrator. Example: Configure port message format as the message format of IEEE.
14.1.13 spanning-tree hello-time Command: spanning-tree hello-time
Default: The link type is auto by default, The MSTP detects the link type automatically. Usage Guide: When the port is full-duplex, MSTP sets the port link type as point-to-point; When the port is half-duplex, MSTP sets the port link type as shared. Example: Force the port 1/0/7-8 as point-to-point type. Switch(config)#interface ethernet 1/0/7-8 Switch(Config-Port-Range)#spanning-tree link-type p2p force-true 14.1.
14.1.16 spanning-tree max-hop Command: spanning-tree max-hop no spanning-tree max-hop Function: Set maximum hops of BPDU in the MSTP region; the command “no spanning-tree max-hop” restores the default setting. Parameter: sets maximum hops. The valid range is from 1 to 40. Command mode: Global Mode Default: The max hop is 20 by default. Usage Guide: The MSTP uses max-age to count BPDU lifetime. In addition, MSTP also uses max-hop to count BPDU lifetime.
port receives STP messages, it changes to work in the STP mode again. This command can only be used when the switch is running in IEEE802.1s MSTP mode. If the switch is running in IEEE802.1D STP mode, this command is invalid. Example: Force the port 1/0/2 to run in the MSTP mode. Switch(Config-If-Ethernet1/0/2)#spanning-tree mcheck 14.1.
spanning-tree mst configuration” restores the attributes of the MSTP to their default values. Command mode: Global Mode Default: The default values of the attributes of the MSTP region are listed as below: Attribute of MSTP Default Value Instance There is only the instance 0. All the VLANs (1~4094) are mapped to the instance 0.
Port Type Default Path Cost Suggested Range 10Mbps 2000000 2000000~20000000 100Mbps 200000 200000~2000000 1Gbps 20000 20000~200000 10Gbps 2000 2000~20000 For the aggregation ports, the default costs are as below: Port Type Allowed Number Of Aggregation Default Port Cost Ports 10Mbps N 2000000/N 100Mbps N 200000/N 1Gbps N 20000/N 10Gbps N 2000/N Usage Guide: By setting the port cost, users can control the cost from the current port to the root bridge in order to control the ele
Example: Configure port 1/0/2 as loopguard mode for instance 0. Switch(Config)#interface ethernet 1/0/2 Switch(Config-Ethernet-1/0/2)#spanning-tree mst 0 loopguard Switch(Config-Ethernet-1/0/2)# 14.1.
priority” restores the default setting. Parameter: sets instance ID. The valid range is from 0 to 48; sets the switch priority. The valid range is from 0 to 61440. The value should be the multiples of 4096, such as 0, 4096, 8192…61440. Command mode: Global Mode Default: The default bridge priority is 32768. Usage Guide: By setting the bridge priority, users can change the bridge ID for the specified instance.
Example: Enable rootguard function for port 1/0/2 in instance 0. Switch(config)#interface ethernet 1/0/2 Switch(Config-If-Ethernet1/0/2)#spanning-tree mst 0 rootguard Switch(Config-If-Ethernet1/0/2)# 14.1.
14.1.26 spanning-tree port-priority Command: spanning-tree port-priority no spanning-tree port-priority Function: Set the port priority; the command “no spanning-tree port-priority” restores the default setting. Parameter: sets port priority. The valid range is from 0 to 240. The value should be the multiples of 16, such as 0, 16, 32, 48…240. Command mode: Port Mode Default: The default port priority is 32768. Usage Guide: By setting the port priority to designated port.
The bridge ID can be altered by changing the priority of the switch. Further, the priority information can also be used for voting of the root bridge and the specified ports. The bridge priority value of the switch is smaller, however the priority is higher. Example: Configure the priority is 4096. Switch(config)#spanning-tree priority 4096 14.1.
restores to default setting. Parameter: enable: The spanning-tree flush once the topology changes. disable: The spanning tree don’t flush when the topology changes. protect: the spanning-tree flush not more than one time every ten seconds. Command mode: Global mode Default: Enable Usage Guide: According to MSTP, when topology changes, the port that send change message clears MAC/ARP table (FLUSH). In fact it is not needed for some network environment to do FLUSH with every topology change.
Usage Guide: According to MSTP, when topology changes, the port that send change message clears MAC/ARP table (FLUSH). In fact it is not needed for some network environment to do FLUSH with every topology change. At the same time, as a method to avoid network assault, we allow the network administrator to configure FLUSH mode by the command Note: For the complicated network, especially need to switch from one spanning tree branch to another rapidly, the disable mode is not recommended.
14.2 Commands for Monitor and Debug 14.2.1 debug spanning-tree Command: debug spanning-tree no debug spanning-tree Function: Enable the MSTP debugging information; the command “no debug spanning-tree” disables the MSTP debugging information. Command mode: Admin Mode Usage Guide: This command is the general switch for all the MSTP debugging. Users should enable the detailed debugging information, then they can use this command to display the relevant debugging information.
Switch(config)#spanning-tree mst configuration Switch(Config-Mstp-Region)#show mst-pending Name switch Revision 0 Instance Vlans Mapped ---------------------------------00 1-29, 31-39, 41-4093 03 30 04 40 05 4094 ---------------------------------Switch(Config-Mstp-Region)# 14.2.3 show spanning-tree Command: show spanning-tree [mst []] [interface ] [detail] Function: Display the MSTP Information.
########################### Instance 0 ########################### Self Bridge Id Root Id : 32768 - 00: 03: 0f: 01: 0e: 30 : 16384.00: 03: 0f: 01: 0f: 52 Ext.RootPathCost : 200000 Region Root Id : this switch Int.RootPathCost : 0 Root Port ID : 128.1 Current port list in Instance 0: Ethernet1/0/1 Ethernet1/0/2 (Total 2) PortName ID ExtRPC IntRPC State Role DsgBridge DsgPort -------------- ------- --------- --------- --- ---- ------------------ ------Ethernet1/0/1 128.
-------------- ------- --------- --- ---- ------------------ ------Ethernet1/0/1 128.001 0 FWD MSTR 32768.00030f010e30 128.001 Ethernet1/0/2 128.002 0 BLK ALTR 32768.00030f010e30 128.
14.2.4 show spanning-tree mst config Command: show spanning-tree mst config Function: Display the configuration of the MSTP in the Admin mode. Command mode: Admin Mode Usage Guide: In the Admin mode, this command can show the parameters of the MSTP configuration such as MSTP name, revision, VLAN and instance mapping. Example: Display the configuration of the MSTP on the switch.
Chapter 15 Commands for QoS and PBR 15.1 accounting Command: accounting Function: Set statistic function for the classified traffic. Default: Do not set statistic function. Command mode: Policy map configuration mode Usage Guide: After enable this function, add statistic function to the traffic of the policy class map. In single bucket mode, the messages can only red or green when passing policy and printing the information. In dual bucket mode, there are three colors(green, yellow, red) of messages.
Parameters: is the class map name used by the class. insert-before insert a new configured class to the front of a existent class to improve the priority of the new class. Default: No policy class is configured by default. Command mode: Policy map configuration Mode Usage Guide: Before setting up a policy class, a policy map should be created and the policy map mode entered.
Example: Creating and then deleting a class map named “c1”. Switch(config)#class-map c1 Switch(Config-ClassMap-c1)#exit Switch(config)#no class-map c1 15.4 clear mls qos statistics Command: clear mls qos statistics [interface | vlan ] Function: Clear accounting data of the specified ports or VLAN Policy Map. If there are no parameters, clear accounting data of all policy map. Parameters: : VLAN ID : The interface name Default: Do not set action.
Default: Do not set the action. Command mode: Policy class map configuration mode Usage Guide: Drop the specified packet after configure this command. Example: Drop the packet which satisfy c1. Switch(config)#policy-map p1 Switch(Config-PolicyMap-p1)#class c1 Switch(Config-PolicyMap-p1-Class-c1)#drop Switch(Config-PolicyMap-p1-Class-c1)#exit Switch(Config-PolicyMap-p1)#exit 15.
maximum 8 VLAN IDs, the ranging is 1~4094; cos match specified CoS value, the parameter is a CoS list consisting of maximum 8 CoS, the ranging is 0~7. Default: No match standard by default Command Mode: Class-map Mode Usage Guide: Only one match standard can be configured in a class map. When configuring the match ACL, permit rule as the match option, apply Policy Map action. Deny rule as the excluding option, do not apply Policy Map action.
Parameters: policer_name: the name of aggregation policy; bits_per_second: the committed information rate - CIR , in Kbps, ranging from 1 to 10000000; normal_burst_bytes: the committed burst size – CBS, in kb, ranging from 1 to 1000000. When the configured CBS value exceeds the max limit of the chip, configure the hardware with max number supported by the chip without any CLI prompt; maximum_burst_bytes: the peak burst size - PBS, in kb, ranging from 1to 1000000.
policied-intp-transmit 15.8 mls qos cos Command: mls qos cos { } no mls qos cos Function: Configures the default CoS value of the port; the “no mls qos cos” command restores the default setting. Parameters: is the default CoS value for the port, the valid range is 0 to 7. Default: The default CoS value is 0. Command mode: Port Configuration Mode. Usage Guide: Configure the default CoS value for switch port. If the ingress packets without 802.
Default: The default intp value is 0. Command mode: Port Mode. Usage Guide: Configure the default internal priority of the port. If there is no dscp and cos fields of the trust packets, the ingress packet of the port will obtain a default internal priority. The packet's internal priority may be reset according to the configured QoS policy. Example: Configure the default intp value as 40 on ethernet 1/0/1.
the dscp output value, ranging from 0 to 63; intp-intp defines the mapping from intp of the ingress to intp of the egress, is the color(yellow or red) of the packet; stand for int-prio values, up to 8 values are supported, each value is delimited with space, ranging from 0 to 119, is the intp output value, ranging from 0 to 119; intp-queue defines the mapping from intp to the egress queue, stand for incoming int-prio values, up to 8 values are supported, each value is
INTP Value 0-7 8-15 16-23 24-31 32-39 40-47 48-55 56-63 QUEUE Value INTP Value 0 1 2 3 4 5 6 7 64-71 72-79 80-87 88-95 96-103 104-111 112-119 QUEUE Value 0 1 2 3 4 5 6 Command mode: Global Mode. Usage Guide: INTP means the chip internal priority setting.
15.12 mls qos queue weight Command: mls qos queue weight no mls qos queue weight Function: After configure this command, the queue weight is set. Parameters: defines the queue weight, for WDRR algorithm, this configuration is valid, for SP algorithm, this configuration is invalid, weight ranging from 0 to 255. The absolute value of weight is meaningless. WDRR allocates bandwidth by using 8 weight values. Default: The queue weight is 1 1 1 1 1 1 1 1.
Command mode: Port Configuration Mode. Usage Guide: trust cos mode: can set the intp value based cos-to-intp mapping. trust dscp mode: can set the intp field based dscp-to-intp mapping, it is valid for IPv4, IPv6 packets. trust cos and trust dscp can be set at the same time, trust dscp priority is higher than trust cos priority. Example: Configuring ethernet port 1/0/1 to trust cos value, i.e., classifying the packets according to cos value.
15.15 pass-through-dscp Command: pass-through-dscp no pass-through-dscp Function: Forbid the egress packets rewriting DSCP value. Default: The egress packets rewrite DSCP value. Command mode: Port Mode. Usage Guide: The egress packets can not rewrite DSCP value when configuring pass-through-dscp on the ingress. This command may associate with other commands of QoS, such as mls qos trust command. After QoS actions are valid, the egress packets save the original DSCP value.
set the corresponding action to the different color packets. The no command will delete the mode configuration. Parameters: bits_per_second: The committed information rate – CIR (Committed Information Rate), in Kbps, ranging from 1 to 10000000; normal_burst_bytes: The committed burst size – CBS (Committed Burst Size), in byte, ranging from 1 to 1000000.
Example: In the policy class table configuration mode, set the CIR as 1000, CBS as 2000 and the action when CIR is exceeded as transmitting the messages after changing intp to 40. Switch(config)#class-map cm Switch(config-classmap-cm)#match cos 0 Switch(config-classmap-cm)#exit Switch(config)#policy-map 1 Switch(config-policymap-1)#class cm Switch(config-policymap-1-class-cm)#policy 1000 2000 exceed-action set-internal-priority 40 15.
15.18 policy-map Command: policy-map no policy-map Function: Creates a policy map and enters the policy map mode; the “no policy-map ” command deletes the specified policy map. Parameters: < policy-map-name> is the policy map name. Default: No policy map is configured by default. Command mode: Global Mode Usage Guide: classification matching and remarking can be done in policy map configuration mode. Example: Creating and deleting a policy map named “p1”.
Usage Guide: Only one policy map can be applied to each direction of each port. Egress policy map is not supported yet. Example: Bind policy p1 to ingress Ethernet port1/0/1. Switch(config)#interface ethernet 1/0/1 Switch(Config-If-Ethernet1/0/1)#service-policy input p1 Bind policy p1 to ingress redirection of v1 interface. Switch(config)#interface vlan 1 Switch(Config-If-vlan1)#service-policy input p1 15.
15.21 set internal priority Command: set internal priority no set internal priority Function: Assign a new internal priority for the classified traffic, the no command cancels the new value assigned. Parameters: Set a new internal priority for the traffic that accord the matching standard. Default: Do not assign the internal priority. Command mode: Policy Class-map Mode Usage Guide: Assign a new value for the classified traffic that accord the matching standard only.
Example: Switch # show class-map Class map name:c1, used by 1 times match acl name:1 Displayed information Explanation Class map name:c1 Name of the Class map used by 1 times Used times match acl name:1 Classifying rule for the class map. 15.23 show policy-map Command: show policy-map [] Function: Displays policy map of QoS. Parameters: is the policy map name. Command mode: Admin Mode.
Class map name:c1 Name of the class map referred to policy CIR: 1000 CBS: 1000 PIR: 200 PBS: 3000 Policy implemented conform-action: transmit exceed-action: drop violate-action: drop 15.24 show mls qos interface Command: show mls qos interface [] [policy | queuing] Function: Displays QoS configuration information on a port. Parameters: is the port ID; policy is the policy setting on the port; queuing is the queue setting for the port.
Ethernet1/0/1 Port name default cos: 0 Default CoS value of the port Default int-Prio: 0 Default internal priority value of the port Trust: COS DSCP The trust state of the port Pass-through-cos: NONE Whether forbid the modification of cos value Pass-through-dscp: NONE Whether forbid the modification of dscp value Attached Policy Map for Ingress: p1 Policy name bound to port ClassMap ClassMap name classified Total data packets match this ClassMap.
c2 c3 30 NA 10 NA 10 NA 10 NA Display Information Explanation Ethernet1/0/1 Port name Attached Policy Map for Ingress: p1 Policy name bound to port ClassMap ClassMap name classified Total data packets match this ClassMap. Green Total green data packets match this ClassMap. Yellow Total yellow data packets match this ClassMap. Red Total red data packets match this ClassMap. 15.
Example: Display configuration information of the mapping table.
0: 0 1 2 1: 10 11 2: 20 3: 3 4 5 6 7 8 9 12 13 14 15 16 17 18 19 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 4: 40 41 42 43 44 45 46 47 48 49 5: 50 51 52 53 54 55 56 57 58 59 6: 60 61 62 63 64 65 66 67 68 69 7: 70 71 72 73 74 75 76 77 78 79 8: 80 81 82 83 84 85 86 87 88 89 9: 90 91 92 93 94 95 96 97 98 99 10: 100 101 102 103 104 105 106 107 108 109 11: 110 111 112 113 114 115 116 117 118 119
8: 7 7 7 7 7 7 7 7 7 7 9: 7 7 7 7 7 7 7 7 7 7 10: 7 7 7 7 7 7 7 7 7 7 11: 7 7 7 7 7 7 7 7 7 7 Egress Internal-Priority-TO-DSCP map: d1 : d2 0 1 2 3 4 5 6 7 8 9 0: 0 1 2 3 4 5 6 7 8 9 1: 10 11 12 13 14 15 16 17 18 19 2: 20 21 22 23 24 25 26 27 28 29 3: 30 31 32 33 34 35 36 37 38 39 4: 40 41 42 43 44 45 46 47 48 49 5: 50 51 52 53 54 55 56 57 58 59 6: 60 61 62 63 63 63 63 63 63 63 7: 63
15.26 show mls qos vlan Command: show mls qos vlan Parameters: v-id: the ranging from 1 to 4094. Default: None. Examples: Switch#show mls qos vlan 1 Vlan 1: Attached Policy Map for Ingress: 1 Classmap 1 classified NA in-profile out-profile (in packets) NA NA Switch(config)#show mls qos vlan 7 Vlan 7: Attached Policy Map for Ingress: 7 Classmap classified in-profile 7 0 0 out-profile (in packets) 0 15.
Not used by any Policy Map Display Information Explanation aggregate policy a2 10 10 10 exceed-action drop aggregate-policy configuration Not used by any Policy Map The time for using aggregate-policy 15.28 transmit Command: Transmit no transmit Function: Transmit data package that match the class, the no command cancels the assigned action. Parameters: the aggregate-policy name Command mode: Policy class map configuration mode.
Chapter 16 Commands for for Flow-based Redirection 16.1 access-group redirect to interface ethernet Command: access-group redirect to interface [ethernet | ] no access-group redirect Function: Specify flow-based redirection; “no access-group redirect” command is used to delete flow-based redirection.
Parameters: 1. No specified port, display the information of all the flow-based redirection in the system. 2. Specify ports in , display the information of the flow-based redirection configured in the ports listed in the interface-list. Command Mode: Admin Mode and Configuration Mode. Usage Guide: This command is used to display the information of current flow-based redirection in the system/port.
Chapter 17 Commands for Egress QoS 17.1 mls qos egress green remark Command: [no] mls qos egress green remark Function: Set Egress QoS remarking to take effect for green packets, no command does not take effect to green packets. Default: Do not modify green packets. Command Mode: Global Mode Usage Guide: QoS attribute of green packets will be modified by remark table after enable the global configuration. Example: Egress remarking takes effect for green packets.
: dscp value, its range from 0 to 63 :1 to 8 dscp values Default: default mapping: COS-TO-COS-GREEN map: COS: 0 1 2 3 4 5 6 7 ----------------------------------------COS: 0 1 2 3 4 5 6 7 COS-TO-COS-YELLOW map: COS: 0 1 2 3 4 5 6 7 ----------------------------------------COS: 0 1 2 3 4 5 6 7 COS-TO-COS-RED map: COS: 0 1 2 3 4 5 6 7 ----------------------------------------COS: 0 1 2 3 4 5 6 7 COS-TO-DSCP-GREEN map: COS: 0 1 2 3 4 5 6
2: 2 2 2 2 3 3 3 3 3 3 3: 3 3 4 4 4 4 4 4 4 4 4: 5 5 5 5 5 5 5 5 6 6 5: 6 6 6 6 6 6 7 7 7 7 6: 7 7 7 7 DSCP-TO-COS-YELLOW map: d1 : d2 0 1 2 3 4 5 6 7 8 9 0: 0 0 0 0 0 0 0 0 1 1 1: 1 1 1 1 1 1 2 2 2 2 2: 2 2 2 2 3 3 3 3 3 3 3: 3 3 4 4 4 4 4 4 4 4 4: 5 5 5 5 5 5 5 5 6 6 5: 6 6 6 6 6 6 7 7 7 7 6: 7 7 7 7 DSCP-TO-COS-RED map: d1 : d2 0 1 2 3 4 5 6 7 8 9 0: 0 0 0 0 0
0: 0 9 2 1: 10 11 2: 20 3: 3 4 5 6 7 8 9 12 13 14 15 16 17 18 19 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 4: 40 41 42 43 44 45 46 47 48 49 5: 50 51 52 53 54 55 56 57 58 59 6: 60 61 62 63 DSCP-TO-DSCP-RED map: d1 : d2 0 1 2 3 4 5 6 7 8 9 0: 0 1 2 3 4 5 6 7 8 9 1: 10 11 12 13 14 15 16 17 18 19 2: 20 21 22 23 24 25 26 27 28 29 3: 30 31 32 33 34 35 36 37 38 39 4: 40 41 42 43 4
No policy map is bound to port. Command Mode: Port Mode. Usage Guide: Only a policy map can be applied to each direction of each port. Policy may not be bound to the port if it uses the rule or action which is not supported by EFP. Example: Bind policy-map p1 to egress Ethernet 1/0/1. Switch(config)#interface ethernet 1/0/1 Switch(Config-If-Ethernet1/0/1)#service-policy output p1 17.
| s-vid | s-tpid } no set {ip dscp | ip precedence | cos | c-vid | s-vid | s-tpid} Function: Assign a new DSCP, IP Precedence for the classified traffic; no command deletes the new value. Parameters: ip dscp new DSCP value of IPv4 and IPv6 packets. ip precedence new IPv4 Precedence, only one can be selected for IPv4 Precedence and IP DSCP. cos new CoS value. c-vid new c-vid value. s-vid new s-vid value.
Example: Show whether Egress remarking mapping takes effect for green packets. Switch(config)#show mls qos egress green remark Green remarking: Disable. 17.7 show mls qos maps Command: show mls qos maps (cos-cos | cos-dscp | dscp-cos | dscp-dscp) Function: Show Egress remarking mapping.
Chapter 18 Commands for Flexible QinQ 18.1 add Command: add s-vid no add s-vid Function: Add a specified external tag or inner tag for the packet which match the class map, no command cancels the operation. Parameters: s-vid specifies VID of an external VLAN Tag. Default: Do not add the tag. Command Mode: Policy class-map configuration mode Usage Guide: Add the external tag for the packet which match the class map after this command is configured.
standard.
18.3 service-policy Command: service-policy in no service-policy in Function: Bind the specified policy of flexible QinQ to the ingress of the port, the no command cancels the binding. Parameters: service-policy : The specified policy-map name of flexible QinQ. Default: No policy map is bound to port. Command Mode: Port Mode. Usage Guide: Only one policy map can be bound to each port, the function takes effect after the policy map is bound to a port.
Usage Guide: Only assign the new value again for the classified flow that correspond the match standard. Example: Set an external VLAN Tag' VID as 3 for the packet which satisfy c2 class rule.
Chapter 19 Commands for Layer 3 Forwarding 19.1 Commands for Layer 3 Interface 19.1.1 bandwidth Command: bandwidth no bandwidth Function: Configure the bandwidth for Interface vlan. The “no bandwidth” command recovery the default value. The bandwidth of interface vlan is used to protocol account but not control the bandwidth of port. For instance, it is use the interface bandwidth(cost=10^8/bandwidth)when OSPF account the link cost, so change the bandwidth can result in OSPF link cost changed.
Function: Configure the description information of VLAN interface. The no command will cancel the description information of VLAN interface. Parameters: is the description information of VLAN interface, the length should not exceed 256 characters. Command mode: VLAN Interface Mode Default: Do not configure. Usage Guide: The description information of VLAN interface behind description and shown under the configured VLAN. Example: Configure the description information of VLAN interface as test vlan.
Switch(config)#ip vrf VRF-A Switch(config-vrf)#description associate with VRF-B VRF-C 19.1.4 interface loopback Command: interface loopback no interface loopback Function: Create a Loopback interface; the no operation of this command will delete the specified Loopback interface. Parameters: is the ID of the new created Loopback interface. Default: There is no Loopback interface in factory defaults. Command Mode: Global Configuration Mode.
Default: No Layer 3 interface is configured upon switch shipment. Command mode: Global Mode Usage Guide: When creating a VLAN interface (Layer 3 interface), VLANs should be configured first, for details, see the VLAN chapters. When VLAN interface (Layer 3 interface) is created with this command, the VLAN interface (Layer 3 interface) configuration mode will be entered. After the creation of the VLAN interface (Layer 3 interface), interface vlan command can still be used to enter Layer 3 Port Mode.
19.1.7 ip vrf forwarding vrfName Command: ip vrf forwarding no ip vrf forwarding Function: Relate the interface to the specific VRF. Parameters: : Configure the name of VPN instance, the length is less than 32 characters. Default: Bind the interface to the master VRF. Command mode: Interface configuration mode. Usage Guide: If the interface needs to access internet, this command can be configured and an interface bind a VRF only, but a VRF can bind multiple interfaces.
Example: Switch (config)#ip vrf VRF-A Switch (config-vrf)# rd 300:3 Switch (config-vrf)# 19.1.9 route-target Command: route-target {import | export | both} no route-target {import | export | both} Function: Configure the Route-Target of the specific VRF, the no command will delete this configuration. Parameters: import: Filter the route to judge whether VPN route join in this VRF.
19.1.10 show ip route vrf Command: show ip route vrf [bgp | datebase] Parameters: : VRF name is created by if vrf . bgp: Import the route through BGP. database: The database of IP route table. Command mode: Any modes. Usage Guide: Show the specific route protocol. Example: Switch#show ip route vrf vrf-a bgp Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:10 (Default for VRF DC1) *> 11.1.1.0/24 11.1.1.64 0 0 200 ? *> 20.1.1.0/24 11.1.1.64 0 0 200 ? 19.1.
Switch# show ip vrf IPI VRF IPI, FIB ID 1 Router ID: 11.1.1.1 (automatic) Interfaces: Vlan1 ! VRF IPI; (id=1); RIP enabled Interfaces: Ethernet1/0/8 Name IPI Interfaces Vlan1 Name Default RD Interfaces IPI Vlan1 19.1.12 shutdown Command: shutdown no shutdown Function: Shut down the specified VLAN interface of the switch. The no operation of the command will enable the VLAN interface. Command Mode: VLAN Interface Configuration Mode. Default: The VLAN interface is enabled by default.
19.2 Commands for IPv4/v6 configuration 19.2.1 clear ip traffic Command: clear ip traffic Function: Clear the statistic information of IP protocol. Command Mode: Admin Mode Usage Guide: Clear the statistic information of receiving and sending packets for IP kernel protocol, including the statistic of receiving packets, sending packets and dropping packets and the error information of receiving and sending packets for IP protocol, ICMP protocol, TCP protocol and UDP protocol. 19.2.
Command Mode: Admin Mode Example: Switch#debug ip icmp IP ICMP: sent, type 8, src 0.0.0.0, dst 20.1.1.1 Display Description IP ICMP: sent Send ICMP packets type 8 Type is 8(PING request) src 0.0.0.0 Source IPv4 address dst 20.1.1.1 Destination IPv4 address 19.2.4 debug ip packet Command: debug ip packet no debug ip packet Function: Enable the IP packet debug function: the “no debug IP packet” command disables this debug function.
no debug ipv6 packet Function: IPv6 data packets receive/send debug message.
Dst <2003::20a:ebff:fe26:8a49> Destination IPv6 address from Vlan1 Layer 3 port being sent 19.2.7 debug ipv6 nd Command: debug ipv6 nd [ ns | na | rs | ra | redirect ] no debug ipv6 nd [ ns | na | rs | ra | redirect ] Function: Enable the debug of receiving and sending operations for specified types of IPv6 ND messages. The ns, na, rs, ra and redirect parameters represent neighbor solicitation, neighbor advertisement, route solicitation, route advertisement and route redirect.
19.2.8 debug ipv6 tunnel packet Command: debug ipv6 tunnel packet no debug ipv6 tunnel packet Function: tunnel data packets receive/send debug message. Parameter: None Default: None Command Mode: Admin Mode Example: Switch#debug ipv6 tunnel packet IPv6 tunnel: rcvd, type <136>, src , dst IPv6 tunnel packet : rcvd src 178.1.1.1 dst 179.2.2.
There is no tunnel description by default. Usage Guide: When there is more than one tunnel in the system, configuring description will help user with identifying the purposes of different tunnels. Examples: Set the tunnel description as toCernet2. Switch(Config-if-Tunnel1)#description toCernet2 19.2.10 ipv6 proxy enable Command: ipv6 proxy enable no ipv6 proxy enable Function: This command enable the IPv6 proxy function of a chassis switch. The no operation of this command will disable IPv6 proxy function.
19.2.11 ip address Command: ip address [secondary] no ip address [ ] [secondary] Function: Set IP address and net mask of switch; the “no ip address [ ] [secondary]” command deletes the IP address configuration. Parameter: is IP address, dotted decimal notation; is subnet mask, dotted decimal notation; [secondary] indicates that the IP address is configured as secondary IP address.
length of IPv6 address, which is between 3-128, eui-64 means IPv6 address is generated automatically based on eui64 interface identifier of the interface. Command Mode: Interface Configuration Mode. Usage Guide: IPv6 address prefix can not be multicast address or any other specific IPv6 address, and different layer 3 interfaces can not configure the same address prefix. For global unicast address, the length of the prefix must be greater than or equal to 3.
the next hop IPv6 address is global aggregatable unicast address and site-local address, if no interface name of the exit is specified, it must be assured that the IP address of the next hop and the address of some interface of the switch must be in the same network segment. As for tunnel route, interface name can be directly specified.
19.2.15 ipv6 nd dad attempts Command: ipv6 nd dad attempts no ipv6 nd dad attempts Function: Set Neighbor Solicitation Message number sent in succession by interface when setting Duplicate Address Detection. Parameter: is the Neighbor Solicitation Message number sent in succession by Duplicate Address Detection, and the value of must be in 0-10, NO command restores to default value 1. Command Mode: Interface Configuration Mode Default: The default request message number is 1.
The default Request Message time interval is 1 second. Default: The value to be set will include the situation in all routing announcement on the interface. Generally, very short time interval is not recommended. Example: Set Vlan1 interface to send out Neighbor Solicitation Message time interval to be 8 seconds. Switch(Config-if-Vlan1)#ipv6 nd ns-interval 8 19.2.17 ipv6 nd suppress-ra Command: ipv6 nd suppress-ra no ipv6 nd suppress-ra Function: Prohibit router announcement.
Interface Configuration Mode Default: The number of seconds of router default announcement lifetime is 1800. Usage Guide: This command is used to configure the lifetime of the router on Layer 3 interface, seconds being 0 means this interface can not be used for default router, otherwise the value should not be smaller than the maximum time interval of sending router announcement. If no configuration is made, this value is equal to 3 times of the maximum time interval of sending routing announcement.
19.2.20 ipv6 nd max-ra-interval Command: ipv6 nd max-ra-interval no ipv6 nd max-ra-interval Function: Set the maximum time interval of sending routing message. Parameter: Parameter is number of seconds of the time interval of sending routing announcement, must be between 4-1800 seconds. Command Mode: Interface Configuration Mode Default: The default maximum time interval of sending routing announcement is 600 seconds.
link-local as unreachable. Command Mode: Interface Configuration Mode Default: The default value of valid-lifetime is 2592000 seconds (30 days), the default value of preferred-lifetime is 604800 seconds (7 days). off-link is off by default, no-autoconfig is off by default. Usage Guide: This command allows controlling the router announcement parameters of every IPv6 prefix. Note that valid lifetime and preferred lifetime must be configured simultaneously.
19.2.23 ipv6 nd ra-mtu Command: ipv6 nd ra-mtu Function: Set the mtu of sending router advertisement. Parameters: is the mtu of sending router advertisement, ranging from 0 to 1500. Command Mode: Interface Configuration Mode. Default: The default mtu of sending router advertisement is 1500. Example: Set the mtu of sending router advertisement in interface vlan 1 as 500. Switch#(Config-if-Vlan1)#ipv6 nd ra-mtu 500 19.2.
19.2.25 ipv6 nd retrans-timer Command: ipv6 nd retrans-timer Function: Set the retrans-timer of sending router advertisement. Parameters: is the retrans-timer of sending router advertisement, ranging from 0 to 4294967295 milliseconds. Command Mode: Interface Configuration Mode. Default: The default retrans-timer of sending router advertisement is 1000 milliseconds. Example: Set the reachable-time of sending router advertisement in interface vlan 1 as 10000 milliseconds.
19.2.27 ipv6 nd managed-config-flag Command: ipv6 nd managed-config-flag Function: Set the flag representing whether the address information will be obtained via DHCPv6. Command Mode: Interface Configuration Mode. Default: The address information won’t be obtained via DHCPv6. Examples: Set IPv6 address information in interface vlan 1 will be obtained via DHCPv6. Switch#(Config-if-Vlan1)#ipv6 nd managed-config-flag 19.2.
Switch(Config-if-Vlan1)#ipv6 neighbor 2001:1:2::4 00-30-4f-89-44-bc interface Ethernet 1/0/1 19.2.29 interface tunnel Command: interface tunnel no interface tunnel Function: Create/Delete tunnel. Parameter: Parameter is tunnel No. Command Mode: Interface Configuration Mode. Usage Guide: This command creates a virtual tunnel interface.
Example: Restarter#show ip interface vlan1 brief Index Interface IP-Address Protocol 3001 Vlan1 192.168.2.11 up 19.2.31 show ip traffic Command: show ip traffic Function: Display statistics for IP packets. Command mode: Admin Mode Usage Guide: Display statistics for IP, ICMP, TCP, UDP packets received/sent.
TcpCurrEstab 0, TcpEstabResets 0 TcpInErrs 0, TcpInSegs 3180 TcpMaxConn 0, TcpOutRsts 3 TcpOutSegs 0, TcpPassiveOpens 8 0, TcpRtoAlgorithm 0 TcpRetransSegs TcpRtoMax 0, TcpRtoMin 0 UDP statics: UdpInDatagrams 0, UdpInErrors 0 UdpNoPorts 0, UdpOutDatagrams 0 Displayed information Explanation IP statistics: IP packet statistics.
0 parameter, 0 timestamp, 0 timestamp replies TCP statistics: TCP packet statistics. UDP statistics: UDP packet statistics. 19.2.32 show ipv6 interface Command: show ipv6 interface {brief|} Function: Show interface IPv6 parameters. Parameter: Parameter brief is the brief summarization of IPv6 status and configuration, and parameter interface-name is Layer 3 interface name.
MTU is 1500 bytes ND DAD is enabled, number of DAD attempts is 1 ND managed_config_flag is unset ND other_config_flag is unset ND NS interval is 1 second(s) ND router advertisements is disabled ND RA min-interval is 200 second(s) ND RA max-interval is 600 second(s) ND RA hoplimit is 64 ND RA lifetime is 1800 second(s) ND RA MTU is 0 ND advertised reachable time is 0 millisecond(s) ND advertised retransmit time is 0 millisecond(s) Displayed information Explanation Vlan1 Layer 3 interface name [up/up]
show ipv6 route only shows IPv6 kernal routing table (routing table in tcpip), database shows all routers except the local router, fib local shows the local router, statistics shows router statistics information.
fe80::250:baff:fef2:a4f4, Vlan1 1024 network segment is 2002::/64, via means passing fe80::250:baff:fef2:a4f4 is the next hop, VLAN1 is the exit interface name, 1024 is router weight. 19.2.34 show ipv6 neighbors Command: show ipv6 neighbors [{vlan|ethernet|tunnel} interface-number | interface-name | address ] Function: Display neighbor table entry information. Parameter: Parameter {vlan|ethernet|tunnel} interface-number|interface-name specify the lookup based on interface.
fe80::203:fff:fefe:3045 00-30-4f-fe-30-45 Vlan2 Ethernet1/0/17 00-0c-ce-13-ea-c1 Vlan12 Ethernet1/0/20 00-50-ba-f2-a4-f4 Vlan1 Ethernet1/0/6 reachable fe80::20c:ceff:fe13:eac1 reachable fe80::250:baff:fef2:a4f4 reachable IPv6 neighbour table: 11 entries Displayed information Explanation IPv6 Addres Neighbor IPv6 address Hardware Addr Neighbor MAC address Interface Exit interface name Port Exit interface name State Neighbor status (reachable、statle、delay、probe、 permanent、incomplete、unk
Rcvd: 0 total 0 errors 0 time exceeded 0 redirects, 0 unreachable, 0 echo, 0 echo replies Displayed information Explanation IP statistics IPv6 data report statistics Rcvd: IPv6 received packets statistics 90 total, 17 local destination0 header errors, 0 address errors0 unknown protocol, 13 discards Frags: 0 reassembled, 0 timeouts IPv6 fragmenting statistics 0 fragment rcvd, 0 fragment dropped0 fragmented, 0 couldn't fragment, 0 fragment sent Sent: 110 generated, 0 forwarded IPv6 sent pack
Parameter is tunnel No. Command Mode: Admin Mode. Usage Guide: If there is not tunnel number, then information of all tunnels are shown. If there is tunnel number, then the detailed information of specified tunnel is shown. Example: Switch#show ipv6 tunnel name tunnel3 mode 6to4 source destination nexthop 178.1.1.
Example: Configure tunnel source IPv4 address 202.89.176.6. Switch(Config-if-Tunnel1)#tunnel source 202.89.176.6 19.2.39 tunnel destination Command: . tunnel destination no tunnel destination Function: Configure the IPv4/IPv6 address of the tunnel destination. Parameter: is the IPv4 address of tunnel destination, is the IPv6 address of tunnel destination. Command Mode: Tunnel Configuration Mode.
There is no IPv4 address of tunnel nexthop. Usage Guide: This command is for ISATAP tunnel, other tunnels won’t check the configuration of nexthop. Notice: IPv4 address of ISATAP tunnel nexthop and IPv4 address of tunnel source should be in same segment. Example: Configure tunnel next hop 178.99.156.8. Switch(Config-if-Tunnel1)#tunnel source 178.99.156.7 Switch(Config-if-Tunnel1)#tunnel nexthop 178.99.156.8 Switch(Config-if-Tunnel1)#tunnel mode ipv6ip isatap 19.2.
19.3 Commands for IP Route Aggregation 19.3.1 ip fib optimize Command: ip fib optimize no ip fib optimize Function: Enables the switch to use optimized IP route aggregation algorithm; the “no ip fib optimize” disables the optimized IP route aggregation algorithm. Default: Optimized IP route aggregation algorithm is disabled by default. Command mode: Global Mode.
Switch#show urpf 19.4.2 urpf enable Command: urpf enable no urpf enable Function: Enable the global URPF function. Command mode: Global Mode Default: The URPF protocol module is disabled by default. Example: Switch(config)#urpf enable 19.5 Commands for ARP Configuration 19.5.1 arp Command: arp {interface [ethernet] } no arp Function: Configures a static ARP entry; the “no arp ” command deletes a ARP entry of the specified IP address.
Static ARP entries can be configured in the switch. Example: Configuring static ARP for interface VLAN1. Switch(Config-if-Vlan1)#arp 1.1.1.1 ,A8-F7-E0-f0-12-34 interface eth 1/0/2 19.5.2 clear arp-cache Command: clear arp-cache Function: Clears ARP table. Command mode: Admin Mode Example: Switch#clear arp-cache 19.5.3 clear arp traffic Command: clear arp traffic Function: Clear the statistic information of ARP messages of the switch.
Enables the ARP debugging function; the “no debug arp {receive|send|state}” command disables this debugging function. Parameter: receive the debugging-switch of receiving ARP packets of the switch; send the debugging-switch of sending ARP packets of the switch; state the debugging-switch of APR state changing of the switch. Default: ARP debug is disabled by default. Command mode: Admin Mode. Usage Guide: Display contents for ARP packets received/sent, including type, source and destination address, etc.
segment of the interface but not the same physical network, and the proxy ARP interface has been enabled, the interface will reply to the ARP with its own MAC address and forward the actual packets received. Enabling this function allows machines to physically be separated but in the same IP segment and communicate via the proxy ARP interface as if in the same physical network.
ARP entry number matching the filter conditions and Valid attributing the legality states. Matched ARP entry number matching the filter conditions. Verifying ARP entry number at verifying again validity for ARP. InCompleted ARP entry number have ARP request sent without ARP reply. Failed ARP entry number at failed state. None ARP entry number at begin-found state. Address IP address of ARP entries. Hardware Address MAC address of ARP entries.
hardware tunnel-capacity no hardware tunnel-capacity Function: Configure the maximum value of hardware tunnel-capacity, the no command restores the default value. Parameters: is the value of hardware tunnel-capacity, its range from 0 to 1024. Default: 64 Command mode: Global mode Usage Guide: This command is used to configured the maximum number of tunnel and MPLS forwarded by hardware. Increasing capacity will reduce hardware routing number supported by switch, vice versa.
Chapter 20 Commands for ARP Scanning Prevention 20.1 anti-arpscan enable Command: anti-arpscan enable no anti-arpscan enable Function: Globally enable ARP scanning prevention function; “no anti-arpscan enable” command globally disables ARP scanning prevention function. Default Settings: Disable ARP scanning prevention function.
Parameters: rate threshold, ranging from 2 to 200. Default Settings: 10 packets /second. Command Mode: Global Configuration Mode. User Guide: the threshold of port-based ARP scanning prevention should be larger than the threshold of IP-based ARP scanning prevention, or, the IP-based ARP scanning prevention will fail. Example: Set the threshold of port-based ARP scanning prevention as 10 packets /second. Switch(config)#anti-arpscan port-based threshold 10 20.
20.4 anti-arpscan trust Command: anti-arpscan trust [port | supertrust-port] no anti-arpscan trust [port | supertrust-port] Function: Configure a port as a trusted port or a super trusted port;” no anti-arpscan trust ”command will reset the port as an untrusted port. Default Settings: By default all the ports are non- trustful.
: Configure trusted IP address; : Net mask of the IP. Default Settings: By default all the IP are non-trustful. Default mask is 255.255.255.255 Command Mode: Global configuration mode User Guide: If a port is configured as a trusted port, then the ARP scanning prevention function will not deal with this port, even if the rate of received ARP messages exceeds the set threshold, this port will not be closed.
20.7 anti-arpscan recovery time Command: anti-arpscan recovery time no anti-arpscan recovery time Function: Configure automatic recovery time; “no anti-arpscan recovery time” command resets the automatic recovery time to default value. Parameters: Automatic recovery time, in second ranging from 5 to 86400. Default Settings: 300 seconds. Command Mode: Global configuration mode User Guide: Automatic recovery function should be enabled first. Example: Set the automatic recovery time as 3600 seconds.
Example: Enable ARP scanning prevention log function of the switch. Switch(config)#anti-arpscan log enable 20.9 anti-arpscan trap enable Command: anti-arpscan trap enable no anti-arpscan trap enable Function: Enable ARP scanning prevention SNMP Trap function; ”no anti-arpscan trap enable” command disable ARP scanning prevention SNMP Trap function. Default Settings: Disable ARP scanning prevention SNMP Trap function.
User Guide: Use “show anti-arpscan trust port” if users only want to check trusted ports. The reset follow the same rule. Example: Check the operating state of ARP scanning prevention function after enabling it.
IP 1.1.1.2 shutTime(seconds) 132 Trust IP: 192.168.99.5 255.255.255.255 192.168.99.6 255.255.255.255 20.11 debug anti-arpscan Command: debug anti-arpscan [port | ip] no debug anti-arpscan [port | ip] Function: Enable the debug switch of ARP scanning prevention; ”no debug anti-arpscan [port | ip]” command disables the switch.
Chapter 21 Commands for Preventing ARP, ND Spoofing 21.1 ip arp-security updateprotect Command: ip arp-security updateprotect no ip arp-security updateprotect Function: Forbid ARP table automatic update. The "no ip arp-security updateprotect” command re-enables ARP table automatic update. Default: ARP table automatic update. Command Mode: Global Mode/ Interface configuration. User Guide: Forbid ARP table automatic update, the ARP packets conflicting with current ARP item (e.g.
Default: ND update normally. Command Mode: Global Mode/ Interface configuration User Guide: Forbid ND table automatic update, the ND packets conflicting with current ND item (e.g. with same IP but different MAC or port) will be droped, the others will be received to update aging timer or create a new item; so, the current ND item keep unchanged and the new item can still be learned. Example: Switch(Config-if-Vlan1)#ipv6 nd -security updateprotect Switch(config)#ipv6 nd -security updateprotect 21.
21.4 ipv6 nd-security learnprotect Command: ipv6 nd-security learnprotect no ipv6 nd-security learnprotect Function: Forbid ND learning function of IPv6 Version, the no command re-enables ND learning function. Default: ND learning enabled. Command Mode: Global Mode/ Interface Configuration. Usage Guide: This command is for preventing the automatic learning and updating of ND.
21.6 ipv6 nd-security convert Command: ipv6 nd-security convert Function: Change all of dynamic ND to static ND. Command Mode: Global Mode/ Interface Configuration Usage Guide: This command will convert the dynamic ND entries to static ones, which, in combination with disabling automatic learning, can prevent ND binding. Once implemented, this command will lose its effect. Example: Switch(Config-if-Vlan1)#ipv6 nd -security convert Switch(config)#ipv6 nd -security conver 21.
21.8 clear ipv6 nd dynamic Command: clear ipv6 nd dynamic Function: Clear all of dynamic ND on interface. Parameter: None Command mode: Interface Configuration Usage Guide: This command will clear dynamic entries before binding ND. Once implemented, this command will lose its effect.
Chapter 22 Command for ARP GUARD 22.1 arp-guard ip Command: arp-guard ip no arp-guard ip Function: Add a ARP GUARD address, the no command deletes ARP GUARD address. Parameters: is the protected IP address, in dotted decimal notation. Default: There is no ARP GUARD address by default. Command Mode: Port configuration mode Usage Guide: After configuring the ARP GUARD address, the ARP messages received from the ports configured ARP GUARD will be filtered.
Chapter 23 Command for ARP Local Proxy 23.1 ip local proxy-arp Command: ip local proxy-arp no ip local proxy-arp Function: Enable/disable the local ARP Proxy function of a specified interface. Default Settings: This function is disabled on all interfaces by default. Command Mode: Interface VLAN Mode.
Chapter 24 Commands for Gratuitous ARP Configuration 24.1 ip gratuitous-arp Command: ip gratuitous-arp [] no ip gratuitous-arp Function: To enabled gratuitous ARP, and specify update interval for gratuitous ARP. The no form of this command will disable the gratuitous ARP configuration. Parameters: is the update interval for gratuitous ARP with its value limited between 5 and 1200 seconds and with default value as 300 seconds.
24.2 show ip gratuitous-arp Command: show ip gratuitous-arp [interface vlan ] Function: To display configuration information about gratuitous ARP. Parameters: is the VLAN ID. The valid range for is between 1 and 4094. Command Mode: All the Configuration Modes. Usage Guide: In all the configuration modes, the command show ip gratuitous arp will display information about the gratuitous ARP configuration in global and interface configuration mode.
Chapter 25 Commands for Keepalive Gateway 25.1 keepalive gateway Command: keepalive gateway [{ | msec } [retry-count]] no keepalive gateway Function: Enable keepalive gateway, configure the interval that ARP request packet is sent and the retry-count after detection is failing, the no command disables the function.
Function: Show IPv4 running status of the specified interface. Parameters: interface-name is the specified interface name. If there is no parameter, show IPv4 running status of all interfaces. Command Mode: Policy-class-map Mode. Usage Guide: Show IPv4 running status of the interface. Example: Switch(config)#show ip interface brief Index Interface IP-Address 3001 Vlan1 1.1.1.2 9000 Loopback 127.0.0.1 Protocol up up 25.
Chapter 26 Commands for DHCP 26.1 Commands for DHCP Server Configuration 26.1.1 bootfile Command: bootfile no bootfile Function: Sets the file name for DHCP client to import on boot up; the “no bootfile “command deletes this setting. Parameters: is the name of the file to be imported, up to 255 characters are allowed. Command Mode: DHCP Address Pool Mode Usage Guide: Specify the name of the file to be imported for the client.
Command mode: Admin Mode. Usage Guide: “show ip dhcp binding” command can be used to view binding information for IP addresses and corresponding DHCP client hardware addresses. If the DHCP server is informed that a DHCP client is not using the assigned IP address for some reason before the lease period expires, the DHCP server would not remove the binding information automatically.
Related Command: ip dhcp conflict logging, show ip dhcp conflict 26.1.4 clear ip dhcp server statistics Command: clear ip dhcp server statistics Function: Deletes the statistics for DHCP server, clears the DHCP server count. Command mode: Admin Mode. Usage Guide: DHCP count statistics can be viewed with “show ip dhcp server statistics” command, all information is accumulated. You can use the “clear ip dhcp server statistics” command to clear the count for easier statistics checking.
Example: Specifying the IP address 10.1.128.160 to be bound to user with the unique id of 00-10-5a-60-af-12 in manual address binding. Switch(dhcp-1-config)#client-identifier 00-10-5a-60-af-12 Switch(dhcp-1-config)#host 10.1.128.160 24 Related Command: Host 26.1.6 debug ip dhcp client Command: debug ip dhcp client {event | packet} no debug ip dhcp server {event | packet} Function: Enable the debugging of DHCP client, no command disables the debugging of DHCP client.
no debug ip dhcp server {events | linkage | packets} Function: Enables DHCP server debug information: the “no debug ip dhcp server {events | linkage | packets}” command disables the debug information for DHCP server. Command Mode: Admin Mode. Default: Debug information is disabled by default. 26.1.
Function: Configure DNS servers for DHCP clients; the “no dns-server” command deletes the default gateway. Parameters: … are IP addresses, in decimal format. Default: No DNS server is configured for DHCP clients by default. Command Mode: DHCP Address Pool Mode Usage Guide: Up to 8 DNS server addresses can be configured. The DNS server address assigned first has the highest priority, therefore address 1 has the highest priority, and address 2 has the second, and so on. Example: Set 10.1.
26.1.12 hardware-address Command: hardware-address [{Ethernet | IEEE802|}] no hardware-address Function: Specifies the hardware address of the user when binding address manually; the “no hardware-address” command deletes the setting. Parameters: is the hardware address in Hex; Ethernet | IEEE802 is the Ethernet protocol type, should be the RFC number defined for protocol types, from 1 to 255, e.g., 0 for Ethernet and 6 for IEEE 802.
- is the IP address in decimal format; is the subnet mask in decimal format; means mask is indicated by prefix. For example, mask 255.255.255.0 in prefix is “24”, and mask 255.255.255.252 in prefix is “30”. Command Mode: DHCP Address Pool Mode Usage Guide: If no mask or prefix is configured when configuring the IP address, and no information in the IP address pool indicates anything about the mask, the system will assign a mask automatically according to the IP address class.
by the DHCP server until the conflicting records are deleted. Example: Disable logging for DHCP server. Switch(config)#no ip dhcp conflict logging Related Command: clear ip dhcp conflict 26.1.15 ip dhcp excluded-address Command: ip dhcp excluded-address [] no ip dhcp excluded-address [] Function: Specifies addresses excluding from dynamic assignment; the “no ip dhcp excluded-address []” command cancels the setting.
“command deletes the specified address pool. Parameters: is the address pool name, up to 32 characters are allowed. Command mode: Global Mode Usage Guide: This command is used to configure a DHCP address pool under Global Mode and enter the DHCP address configuration mode. Example: Defining an address pool named “1”. Switch(config)#ip dhcp pool 1 Switch(dhcp-1-config)# 26.1.
26.1.18 ip dhcp ping packets Command: ip dhcp ping packets no ip dhcp ping packets Function: Set the max number of Ping request (Echo Request) message to be sent in Ping-detection of conflict on DHCP server, whose default value is 2; the no operation of this command will restore the default value. Parameters: is the number of Ping request message to be sent in Ping-detection of conflict. Default Settings: No more than 2 Ping request messages will be sent by default.
Global Configuration Mode. Examples: Set the timeout period (in ms) of waiting for each reply message (Echo Request) in Ping-detection of conflict on DHCP server as 600ms. Switch(config)#ip dhcp conflict timeout 600 Related Command: ip dhcp conflict ping-detection enable, ip dhcp ping packets 26.1.20 lease Command: lease { [] [][] | infinite } no lease Function: Sets the lease time for addresses in the address pool; the “no lease” command restores the default setting.
Command: netbios-name-server [[…]] no netbios-name-server Function: Configures WINS servers’ address; the “no netbios-name-server” command deletes the WINS server. Parameters: … are IP addresses, in decimal format. Default: No WINS server is configured by default. Command Mode: DHCP Address Pool Mode Usage Guide: This command is used to specify WINS server for the client, up to 8 WINS server addresses can be configured.
DHCP Address Pool Mode Usage Guide: If client node type is to be specified, it is recommended to set the client node type to h-node that broadcasts after point-to-point communication. Example: Setting the node type for client of pool 1 to broadcasting node. Switch(dhcp-1-config)#netbios-node-type b-node 26.1.
Command: next-server [[…]] no next-server Function: Sets the server address for storing the client import file; the “no next-server” command cancels the setting. Parameters: … are IP addresses, in the decimal format. Command Mode: DHCP Address Pool Mode Usage Guide: This command configures the address for the server hosting client import file. This is usually used for diskless workstations that need to download configuration files from the server on boot up.
Example: Setting the WWW server address as 10.1.128.240. Switch(dhcp-1-config)#option 72 ip 10.1.128.240 26.1.26 service dhcp Command: service dhcp no service dhcp Function: Enables DHCP server; the “no service dhcp” command disables the DHCP service. Default: DHCP service is disabled by default. Command mode: Global Mode Usage Guide: Both DHCP server and DHCP relay are included in the DHCP service. When DHCP services are enabled, both DHCP server and DHCP relay are enabled.
Example: Switch# show ip dhcp binding IP address Hardware address Lease expiration 10.1.1.233 00-00-E2-3A-26-04 10.1.1.254 00-00-E2-3A-5C-D3 Infinite 60 Type Manual Automatic Displayed information Explanation IP address IP address assigned to a DHCP client Hardware address MAC address of a DHCP client Lease expiration Valid time for the DHCP client to hold the IP address Type Type of assignment: manual binding assignment. 26.1.
Show the relative configuration for DHCP relay option82. Command mode: Admin and Configuration Mode. Example: Set the admin mode timeout value to 6 minutes. Switch#show ip dhcp relay information option ip dhcp server relay information option(i.e. option 82) is enabled ip dhcp relay information option(i.e. option 82) is enabled 26.1.30 show ip dhcp server statistics Command: show ip dhcp server statistics Function: Displays statistics of all DHCP packets for a DHCP server.
DHCPOFFER 6 DHCPACK 6 DHCPNAK 0 DHCPRELAY 1907 DHCPFORWARD 0 Switch# Displayed information Explanation Address pools Number of DHCP address pools configured. Database agents Number of database agents. Automatic bindings Number of addresses assigned automatically Manual bindings Number of addresses bound manually Conflict bindings Number of conflicting addresses Expired bindings Number of addresses whose leases are expired Malformed message Number of error messages.
no ip forward-protocol udp bootps Function: Sets DHCP relay to forward UPD broadcast packets on the port; the “no ip forward-protocol udp bootps”command cancels the service. Parameter: bootps forwarding UDP port as 67 DHCP broadcast packets. Default: Not forward UPD broadcast packets by default. Command mode: Global Mode Usage Guide: The forwarding destination address is set in the “ip helper-address” command and described later. Example: Setting DHCP packets to be forwarded to 192.168.1.5.
26.2.3 show ip forward-protocol Command: show ip forward-protocol Function: Show the configured port ID of the protocol which support the forwarding of broadcast packets, it means the port ID for forwarding DHCP packets. Command mode: Admin and configuration mode Example: Switch#show ip forward-protocol Forward protocol(UDP port): 67(active) 26.2.
Chapter 27 Commands for DHCPv6 27.1 clear ipv6 dhcp binding Command: clear ipv6 dhcp binding [] [pd ] Function: To clear one specified DHCPv6 assigned address binding record or all the IPv6 address binding records. Parameter: is the specified IPv6 address with binding record; is the specified IPv6 prefix with binding record; To clear all IPv6 address binding record if there is no specified record.
- is the specified address with the conflict record, no specified address will clear all conflict records. Command Mode: Admin Mode Usage Guide: With show ipv6 dhcp conflict command, the user can check the conflict in which IP addresses. With this command, the user can clears the conflict record of an address. If no specified address will clear the conflict record of all addresses in log. After the conflict records are cleared in log, these addresses can be used by DHCPv6 server again.
Function: To enable the debugging messages for protocol packets of DHCPv6 prefix delegation client, the no form of this command will disable the debugging information. Default: Disabled. Command Mode: Admin Mode. Example: Switch# debug ipv6 dhcp client packet 27.5 debug ipv6 dhcp detail Command: debug ipv6 dhcp detail no debug ipv6 dhcp detail Function: To display the debug information of all kinds of packets received or sent by DHCPv6, the no form of this command disabled this function. Default: Disabled.
Command Mode: Admin Mode. Example: Switch# debug ipv6 dhcp relay packet 27.7 debug ipv6 dhcp server Command: debug ipv6 dhcp server { event | packet } no debug ipv6 dhcp server { event | packet } Function: To enable the debugging information of DHCPv6 server, the no form of this command will disable the debugging. Parameter: event is to enable debugging messages for DHCPv6 server events, such as address allocation; packet is for debugging messages of protocol packets of DHCPv6 server. Default: Disabled.
Command Mode: DHCPv6 Address Pool Configuration Mode. Usage Guide: For each address pool, at most three DNS server can be configured, and the addresses of the DNS server must be valid IPv6 addresses. Example: To configure the DNS Server address of DHCPv6 client as 2001:da8::1. Switch(dhcp-1-config)#dns-server 2001:da8::1 27.
To configure the specified IPv6 address to be excluded from the address pool, the excluded address will not be allocated to any hosts; the no form of this command will remove the configuration. Parameter: is the IPv6 address to be excluded from being allocated to hosts in the address pool. Default: Disabled Command Mode: DHCPv6 address pool configuration mode. Usage Guide: This command is used to preserve the specified address from DHCPv6 address allocation.
disabled. Only one can be configured for one prefix name. Example: If the prefix name my-prefix designates 2001:da8:221::/48, then the following command will add the address 2001:da8:221:2008::2008 to interface VLAN1. Switch(Config-if-Vlan1)# ipv6 address my-prefix 0:0:0:2008::2008/64 27.12 ipv6 dhcp client pd Command: ipv6 dhcp client pd [rapid-commit] no ipv6 dhcp client pd Function: To configure DHCPv6 prefix delegation client for the specified interface.
27.13 ipv6 dhcp client pd hint Command: ipv6 dhcp client pd hint no ipv6 dhcp client pd hint Function: Designate the prefix demanded by the client and its length. The no operation of this command will delete that prefix and its length from the specified interface. Parameters: means the prefix demanded by the client and its length. Command Mode: Interface Configure Mode.
Default: Any DHCPv6 address pool are not configured by default. Command Mode: Global Mode. Usage Guide: This command should be launched in global configuration mode, and falls in DHCPv6 address pool configuration mode if launched successfully. To remove a configured address pool, interface bindings related to the address pool, as well as the related address bindings will be removed. Example: To define an address pool, named 1. Switch(config)#ipv6 dhcp pool 1 27.
should be the address of another DHCPv6 relay or the address DHCPv6 server. At most three relay addresses can be configured for an interface. To be mentioned, the DHCPv6 relay stops working only if all the relay destination address configurations have been removed. This command is mutually exclusive to “ipv6 dhcp server” and “ipv6 dhcp client pd” commands. Example: Switch(Config-if-Vlan1)#ipv6 dhcp relay destination 2001:da8::1 27.
27.17 ipv6 general-prefix Command: ipv6 general-prefix no ipv6 general-prefix Function: To define an IPv6 general prefix. The no form of this command will delete the configuration. Parameter: is a character string less than 32 characters, to use as IPv6 general prefix name. is defined as IPv6 general prefix. Command Mode: Global Mode. Default: IPv6 general prefix is not configured by default.
is the name for the IPv6 address pool of the prefix delegation, the length name string should be less than 32. is the address prefix and its length of the prefix delegation. is the length of the prefix in the address pool which can be retrieved by the client, the assigned prefix length should be no less than the value of Command Mode: Global Mode. Default: No IPv6 prefix delegation address pool is configured by default.
27.20 network-address Command: network-address { | } [eui-64] no network-address Function: To configure the DHCPv6 address pool; the no form of this command will remove the address pool configuration.
27.21 prefix-delegation Command: prefix-delegation [iaid ] [lifetime { | infinity} { | infinity}] no prefix-delegation [iaid ] Function: To configure dedicated prefix delegation for the specified user. The no form of this command will remove the dedicated prefix delegation. Parameters: is the length of the prefix to be allocated to the client.
prefix-delegation pool [lifetime { | infinity} { | infinity}] no prefix-delegation pool Function: o configure prefix delegation name used by DHCPv6 address pool. The no form of this command deletes the configuration. Parameters: is the name of the address prefix pool, the length name string should be less than 32.
Global Mode. Usage Guide: The DHCPv6 services include DHCPv6 server function, DHCPv6 relay function, DHCPv6 prefix delegation function. All of the above services are configured on ports. Only when DHCPv6 server function is enabled, the IP address assignment of DHCPv6 client, DHCPv6 relay and DHCPv6 prefix delegation functions enabled can be configured on ports. Examp: To enable DHCPv6 server. Switch(config)#service dhcpv6 27.
is the specified IPv6 address; count show the number of DHCPv6 address bindings. Command Mode: Admin and Configuration Mode. Usage Guide: To show all the address and prefix binding information of DHCPv6, include type, DUID, IAID, prefix, valid time and so on.
is the name and number of interface, if the parameter is not provided, then all the DHCPv6 interface information will be shown. Command Mode: Admin and Configuration Mode. Usage Guide: To show the information for DHCPv6 interface, include Port Mode (Prefix delegation client、 DHCPv6 server、DHCPv6 relay) , and the relative conformation information under all kinds of mode.
Command Mode: Admin and Configuration Mode.
Show information Explanation Address pools To configure the number of DHCPv6 address pools; Active bindings The number of auto assign addresses; Expiried bindings The number of expiried bindings; Malformed message The number of malformed messages; Message The statistic of received DHCPv6 packets. Recieved DHCP6SOLICIT The number of DHCPv6 SOLICIT packets. DHCP6ADVERTISE The number of DHCPv6 ADVERTISE packets. DHCPv6REQUEST The number of DHCPv6 REQUEST packets.
27.30 show ipv6 general-prefix Command: show ipv6 general-prefix Function: To show the IPv6 general prefix pool information. Command Mode: Admin and Configuration Mode. Usage Guide: To show the IPv6 general prefix pool information, include the prefix number in general prefix pool, the name of every prefix, the interface of prefix obtained, and the prefix value. Example: Switch#show ipv6 general-prefix 27.
Chapter 28 Commands for DHCP Option 82 28.1 debug ip dhcp relay packet Command: debug ip dhcp relay packet Function: This command is used to display the information of data packets processing in DHCP Relay Agent, including the “add” and “peel” action of option 82. Command Mode: Admin Mode. Usage Guide: Use this command during the operation to display the procedure of data packets processing of the server and to display the corresponding option82 operation information.
message, and let the server to process it. Before enabling this function, users should make sure that the DHCP service is enabled and the Relay Agent will transmit the udp broadcast messages whose destination port is 67. Example: Enable the option82 function of the Relay Agent. Switch(config)#service dhcp Switch(config)# ip forward-protocol udp bootps Switch(config)# ip dhcp relay information option 28.
are received by the interface). The no command sets the additive suboption2 (remote ID option) format of option 82 as standard. Parameters: standard means the default VLAN MAC format. means the remote-id content of option 82 specified by users, its length can not exceed 64 characters. Command Mode: Global Mode Default Settings: Use standard format to set remote-id of option 82.
MAC means VLAN MAC address. The compatible remote-id format with HP manufacturer defined as below: Remote option Length type 2 4 1 byte 1 byte IP 4 byte IP means the primary IP address of layer 3 interface where DHCP packets from. Example: Set remote-id of Relay Agent option82 as the compatible format with HP manufacturer. Switch(config)#ip dhcp relay information option remote-id format vs-hp 28.
respectively for option82. Switch(config)#ip dhcp relay information option self-defined remote-id hostname string abc 28.7 ip dhcp relay information option self-defined remote-id format Command: ip dhcp relay information option self-defined remote-id format [ascii | hex] Function: Set self-defined format of remote-id for relay option82. Command Mode: Global Mode User Guide: self-defined format use ip dhcp relay information option type self-defined remote-id to create remote-id format.
Using standard method. User Guide: After configure this command, if users do not configure circuit-id on interface, it will create circuit-id suboption for option82 according to self-defined method. Self-defined format of circuit-id: if self-defined format is ascii, the filled format of vlan such as “Vlan2”, the format of port such as “Ethernet1/0/1”, the format of mac and remote-mac such as “00-02-d1-2e-3a-0d”.
28.
Command Mode: Global Mode Default: ascii. User Guide: VLAN and port information with ASCII format, such as “Vlan1+Ethernet1/0/11”, VLAN and port information with hexadecimal format defined as below: Suboption type Length Circuit ID type Length 1 8 0 6 VLAN Slot Module Port 1 byte 1 byte 1 byte 1 byte 2 byte 1 byte 1 byte 2 byte VLAN field fills in VLAN ID.
the system will replace the option 82 segment in the existing message with its own option 82, and forward the message to the server to process. The “no ip dhcp relay information policy” will set the retransmitting policy of the option 82 DCHP message as “replace”. Command Mode: Interface configuration mode. Default: The system uses replace mode to replace the option 82 segment in the existing message with its own option 82.
28.14 show ip dhcp relay information option Command: show ip dhcp relay information option Function: This command will display the state information of the DHCP option 82 in the system, including option82 enabling switch, the interface retransmitting policy, the circuit ID mode and the switch DHCP server option82 enabling switch. Command Mode: Admin and Global Configuration Mode. User Guide: Use this command to check the state information of Relay Agent option82 during operation.
Chapter 29 Commands for DHCPv6 option37, 38 29.1 Commands for DHCPv6 option37, 38 29.1.1 address range Command: address range no address range Function: This command is used to set address range for a DHCPv6 class in DHCPv6 address pool configuration mode, the no command is used to remove the address range. The prefix/plen form is not supported.
Command: class no class Function: This command associates class to address pool in DHCPv6 address pool configuration mode and enters class configuration mode in address pool. Use the no command to remove the link. Parameters: class-name, the name of DHCPv6 class. Command Mode: DHCPv6 address pool configuration mode Usage Guide: It is recommended to define this class first using global command of IPv6 DHCP class.
29.1.4 ipv6 dhcp relay remote-id Command: ipv6 dhcp relay remote-id no ipv6 dhcp relay remote-id Function: This command is used to set the form of adding option 37 in received DHCPv6 request packets, of which is the remote-id in user-defined option 37 and it is a string with a length of less than 128. The no operation of this command restores remote-id in option 37 to enterprise-number together with vlan MAC address. Parameters: remote-id, user-defined content of option 37.
Usage Guide: Only after this command is configured, DHCPv6 relay agent can add option 37 in DHCPv6 request packets before sending it to server or next relay agent. Make sure that DHCPv6 service has been enabled before execute this command. Example: Enable the switch relay to support option 37. Switch(Config)#service dhcpv6 Switch(Config)#ipv6 dhcp relay remote-id option 29.1.
Command: ipv6 dhcp relay subscriber-id option no ipv6 dhcp relay subscriber-id option Function: This command enables switch relay to support the option 38, the no form of this command disables it. Default: Disable the relay option 38. Command Mode: Global configuration mode Usage Guide: Only after this command is configured, DHCPv6 relay agent can add option 38 in DHCPv6 request packets before sending it to server or next relay agent.
The command has no effect on ports with self-defined subscriber-id. If user redefines the subscriber-id of the port after using the command, the user-defined one prevails. This configuration is null by default. Example: Switch(config)# ipv6 dhcp relay subscriber-id select sp delimiter # 29.1.
Selecting option 37 and option 38 of the original packets. Command Mode: Interface configuration mode Usage Guide: Make sure that the server has been enabled to support option 37 and option 38 before use this command. The system selects option 37 and option 38 of the original packets by default. Example: Configure that the vlan1 interface of DHCPv6 server selects option 37 and option 38 of relay-forw in the innermost layer. Switch(Config-if-vlan1)# ipv6 dhcp server select relay-forw 29.1.
This command is used to set the form of adding option 37 in received DHCPv6 request packets, of which is the content of remote-id in user-defined option 37 and it is a string with a length of less than 128. The no form of this command restores remote-id in option 37 to enterprise-number together with vlan MAC address. Parameters: remote-id, user-defined content of option 37. Default: Using vlan MAC address as remote-id content by default such as “00-01-ac-12-23” with ‘-’ hyphen.
Switch(Config)#ipv6 dhcp snooping enable Switch(Config)#ipv6 dhcp snooping remote-id option 29.1.
a length of less than 128. The no operation of this command restores subscriber-id in option 38 to vlan name together with port name such as "Vlan2+Ethernet1/0/2". Parameters: subscriber-id, user-defined content of option 38 Default: Set subscriber-id in option 38 to vlan name together with port name.
29.1.
(sp | sv | pv | spv), a selection from combinations of slot, port and vlan, among which sp represents slot and port, sv represents slot and vlan, pv represents port and vlan, and spv represents slot, port and vlan. WORD, the delimiter between slot, port and vlan which ranges among (#|.|,|;|:|/|space). Note that there're two delimiter WORDs here, of which the former is the delimiter between slot and port while the latter is that between port and vlan.
29.1.20 remote-id subscriber-id Command: {remote-id [*] [*] | subscriber-id [*] [*]} no {remote-id [*] [*] | subscriber-id [*] < subscriber-id> [*]} Function: This command configures option 37 and option 38 that match the class in IPv6 DHCP class configuration mode. Parameters: , a string with a length ranging from 1 to 128 bytes is used to match remote-id in option 37.
server side as well as the relay side. Command Mode: Admin mode Usage Guide: Enable/disable the display of detailed debug about packets sent and received by DHCPv6.
Example: Switch# debug ip dhcpv6 relay packet %May 19 16:45:34 2010 DHCPv6 RELAY PACKET: received msg0 from on %May 19 16:45:34 2010 DHCPv6 RELAY PACKET: add subscriber-id option “Vlan8+Ethernet1/0/12” 29.2.3 debug ipv6 dhcp snooping packet Command: debug ipv6 dhcp snooping packet Function: Debug the packets of DHCPv6 SNOOPING. Corresponding information will also be displayed when adding or deleting option 37 and option 38.
29.2.4 show ipv6 dhcp relay option Command: show ipv6 dhcp relay option Function: Display the configuration of system relay agent, including the enable switch for option 37 and option 38. Command Mode: Admin mode Usage Guide: Use this command to check relay agents’ configuration status for option 37 and option 38. Example: Switch#show ipv6 dhcp relay option remote-id option enable subscriber-id option enable Interface Vlan 1: remote-id option configure “abc” 29.2.
Chapter 30 Commands for DHCP Snooping 30.1 debug ip dhcp snooping binding Command: debug ip dhcp snooping binding no debug ip dhcp snooping binding Function: This command is use to enable the DHCP SNOOPING debug switch to debug the state of binding data of DHCP SNOOPING. Command Mode: Admin mode Usage Guide: This command is mainly used to debug the state of DHCP SNOOPING task when it adds ARP list entries, dot1x users and trusted user list entries according to binding data. 30.
30.3 debug ip dhcp snooping packet Command: debug ip dhcp snooping packet no debug ip dhcp snooping packet Function: This command is used to enable the DHCP SNOOPING debug switch to debug the message-processing procedure of DHCP SNOOPING. Command Mode: Admin Mode.
Function: This command is use to enable the DHCP snooping debug switch to debug the communication information between DHCP snooping and helper server. Command Mode: Admin Mode. Usage Guide: Debug the information of communication messages received and sent by DHCP snooping and helper server. 30.
30.7 ip dhcp snooping Command: ip dhcp snooping enable no ip dhcp snooping enable Function: Enable the DHCP Snooping function. Command Mode: Globe mode. Default Settings: DHCP Snooping is disabled by default. Usage Guide: When this function is enabled, it will monitor all the DHCP Server packets of non-trusted ports. Example: Enable the DHCP Snooping function. switch(config)#ip dhcp snooping enable 30.
Usage Guide: Only when DHCP Snooping is globally enabled, can this command be set. Trusted port will not detect fake DHCP Server, so, will never trigger the corresponding defense action. When a port turns into a trusted port from a non-trusted port, the original defense action of the port will be automatically deleted. Example: Set the DHCP Snooping defense action of port ethernet1/0/1 as setting blackhole, and the recovery time is 30 seconds.
30.10 ip dhcp snooping binding Command: ip dhcp snooping binding enable no ip dhcp snooping binding enable Function: Enable the DHCP Snooping binding funciton Command Mode: Globe mode Default Settings: DHCP Snooping binding is disabled by default. Usage Guide: When the function is enabled, it will record the binding information allocated by DHCP Server of all trusted ports. Only after the DHCP SNOOPING function is enabled, the binding function can be enabled.
added to the NEIGHBOUR list directly. The priority of binding ARP list entries is lower than the static ARP list entries set by administrator, so can be overwritten by static ARP list entries; but, when static ARP list entries are deleted, the binding ARP list entries can not be recovered untill the DHCP SNOOPING recapture the biding inforamtion. Adding binding ARP list entries is used to prevent these list entried from being attacked by ARP cheating.
ip dhcp snooping binding user-control 30.13 ip dhcp snooping binding user Command: ip dhcp snooping binding user address vlan interface [Ethernet] no ip dhcp snooping binding user interface [Ethernet] Function: Configure the information of static binding users Parameters: : The MAC address of the static binding user, whic is the only index of the binding user. : The IP address and mask of the static binding user.
no ip dhcp snooping binding user-control Function: Enable the binding user funtion. Command Mode: Port Mode. Default Settings: By default, the binding user funciton is disabled on all ports. Usage Guide: When this function is enabled, DHCP SNOOPING will treat the captured binding information as trusted users allowed to access all resources. This command is mutually exclusive to“ ip dhcp snooping binding dot1x“ command.
Considering the limited hardware resources of the switch, the actual number of trust users distributed depends on the resource amount. If a bigger max number of users is set using this command, DHCP Snooping will distribute the binding informaiton of untrust users to hardware to be trust users as long as there is enough available resources. Otherwise, DHCP Snooping will change the distributed binging informaiton accordint to the new smaller max user number.
Switch(config)#ip dhcp snooping enable Switch(config)# ip dhcp snooping binding enable Switch(config)# ip dhcp snooping information enable 30.17 ip dhcp snooping information option allow-untrusted Command: ip dhcp snooping information option allow-untrusted no ip dhcp snooping information option allow-untrusted Function: This command is used to set that allow untrusted ports of DHCP snooping to receive DHCP packets with option82 option.
slash (“/”). Command Mode: Global mode Usage Guide: Divide parameters with the configured delimiters after users have defined them which are used to create suboption (remote-id, circuit-id) of option82 in global mode. Example: Set the parameter delimiters as dot (“.”) for suboption of option82. Switch(config)# ip dhcp snooping information option delimiter dot 30.
30.20 ip dhcp snooping information option self-defined remote-id Command: ip dhcp snooping information option self-defined remote-id {hostname | mac | string WORD} no ip dhcp snooping information option self-defined remote-id Function: Set creation method for option82, users can define the parameters of remote-id suboption by themselves. Parameters: WORD the defined character string of remote-id by themselves, the maximum length is 64. Command Mode: Global Mode Default: Using standard method.
Global Mode Default: ascii. Usage Guide: self-defined format use ip dhcp snooping information option type self-defined remote-id to create remote-id format. Example: Set self-defined format of remote-id as hex for snooping option82. Switch(config)# ip dhcp snooping information option self-defined remote-id format hex 30.
with delimiter (delimiter is ip dhcp snooping information option delimiter configuration). Example: Set self-defined method of circuit-id suboption as vlan, port, mac and remote-mac for option82. Switch(config)#ip dhcp snooping information option self-defined subscriber-id vlan port id remote-mac 30.
Parameters: standard means the standard format of VLAN name and physical port name, such as Vlan2+Ethernet1/0/12. means the circuit-id content of option 82 specified by users, its length can not exceed 64 characters. Command Mode: Port Mode Default: Use standard format to set circuit-id. Usage Guide: The additive option 82 needs to associate with third-party DHCP server, it is used to specify the circuit-id content by user when the standard circuit-id format can not satisfy server’s request.
Suboption type Length Circuit ID type Length 1 8 0 6 VLAN Slot Module Port 1 byte 1 byte 1 byte 1 byte 2 byte 1 byte 1 byte 2 byte VLAN field fill in VLAN ID. For chassis switch, Slot means slot number, for box switch, Slot is 1; default Module is 0; Port means port number which begins from 1. The compatible subscriber-id format with HP manufacturer defined as below: Suboption Length type 1 2 Port 1 byte 1 byte 2 byte Port means port number which begins from 1.
current load and so on. SGS-6341 Series switch message rate limit is 100pps. Example: Set the message transmission rate as 50pps. switch(config)#ip dhcp snooping limit-rate 50 30.27 ip dhcp snooping trust Command: ip dhcp snooping trust no ip dhcp snooping trust Function: Set or delete the DHCP Snooping trust attributes of a port. Command Mode: Port mode Default Settings: By default, all ports are non-trusted ports Usage Guide: Only when DHCP Snooping is globally enabled, can this command be set.
value is 9119. src_addr: The local management IP address of the switch, in dotted-decimal notation. sencondary: Whether it is a secondary SERVER address. Command Mode: Global mode Default Settings: There is no HELPER SERVER address by default. Usage Guide: DHCP SNOOPING will send the monitored binding information to HELPER SERVER to save it. If the switch starts abnormally, it can recover the binding data from HELPER SERVER. The HELPER SERVER function usually is integrated into server packet.
Default: The switch choose private packet version one to communicate with DCBI. Usage Guide: If the DCBI access control system is applied, the switch should be configured to use private protocol of version one to communicate with the DCBI server. However, if TrustView is applied, version two should be applied. Example: To configure the switch choose private packet version two to communicate with security management background system. switch(config)#ip user private packet version two 30.
interface trust action recovery alarm num bind num --------------- --------- --------- ---------- --------- ---------Ethernet1/0/1 trust none 0second 0 0 Ethernet1/0/2 untrust none 0second 0 0 Ethernet1/0/3 untrust none 0second 0 0 Ethernet1/0/4 untrust none 0second 0 1 Ethernet1/0/5 untrust none 0second 2 0 Ethernet1/0/6 untrust none 0second 0 0 Ethernet1/0/7 untrust none 0second 0 0 Ethernet1/0/8 untrust none 0second 0 1 Ethernet1/0/9 untrust none 0
communication failure within the system. If the CPU of the switch is too busy to schedule the DHCP SNOOPING task and thus can not handle the received DHCP messages, such situation might happen. DHCP Snooping alarm count: The number of alarm information. binding count The number of binding information. expired binding The number of binding information which is already expired but has not been deleted.
interface The name of port trust attribute The truest attributes of the port action The automatic defense action of the port recovery interval The automatic recovery time of the port maxnum of alarm info The max number of automatic defense actions that can be recorded by the port binding dot1x Whether the binding dot1x function is enabled on the port binding user Whether the binding user function is enabled on the port. Alarm info The number of alarm information.
00-00-00-00-00-13 192.168.40.13 Ethernet1/0/4 1 SU 00-00-00-00-00-14 192.168.40.14 Ethernet1/0/4 1 SU 00-00-00-00-00-15 192.168.40.15 Ethernet1/0/5 1 SL 00-00-00-00-00-16 192.168.40.
TrustView inform user binding data successed TrustView version2 message encrypt/digest enabled Key: 08:02:33:34:35:36:37:38 Rcvd 106 encrypted messages, in which MD5-error 0 messages, DES-error 0 messages Sent 106 encrypted messages Free resource is 200.101.0.9/255.255.255.255 Web redirect address for unauthencated users is Rcvd 0 force log-off packets Rcvd 19 force accounting update packets Using version two private packet Chapter 31 Commands for Routing Policy 31.
31.2 ip prefix-list seq Command: ip prefix-list [seq ] < any | ip_addr/mask_length [ge ] [le ]> no ip prefix-list [seq ] [ < any | ip_addr/mask_length [ge ] [le ]>] Function: Configure the prefix-list.
31.3 ip prefix-list sequence-number Command: ip prefix-list sequence-number no ip prefix-list sequence-number Function: Enable the sequence-number auto-creation function, the “no ip prefix-list sequence-number” command close the prefix-list sequence-number. Default: Sequence-number auto-creation enabled. Command Mode: Global Mode Usage Guide: The command can be used to close the prefix-list sequence-number. Example: Switch(config)#no ip prefix-list sequence-number 31.
Switch(config-route-map)#match as-path 60 31.5 match community Command: match community [exact-match] no match community [ [exact-match]] Function: Configure the community attributes of BGP routing messages. The “no match community [ [exact-match]]” command deletes this configuration.
Parameter: ““is the name of the interface. Command Mode: route-map mode Usage Guide: This command matches according to the next-hop messages in the route. If the matching succeeded, then the “permit” or “deny” action in the route-map is performed. This command is only used in RIP and OSPF protocols. Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#match interface vlan1 31.
31.8 match ipv6 address Command: match ipv6 address no match ipv6 address [] Function: Configure the prefix for ipv6 routing. If the no form command is enaled, the configuration will be removed. Parameters: address is the routing prefix to be matched. is the name of ipv6 access list. Or when the prefix-list is configured. list-name will be the list name to be matched.
Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)# match ipv6 next-hop 2000::1 31.10 match metric Command: match metric no match metric [] Function: Match the metric value in the routing message. The “no match metric []” deletes the configuration. Parameter: is the metric value, ranging between 0~4294967295. Command Mode: route-map mode Usage Guide: This command matches according to metric value in the route.
from the internal gateway protocols, incomplete means the route origin is uncertain. Command Mode: route-map mode Usage Guide: This command matches according to origin message in the BGP route. If the matching succeeded, then the “permit” or “deny” action in the route-map is performed. Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#match origin egp 31.
31.13 match tag Command: match tag no match tag [] Function: Configure to matching with the tag domain of the OSPF routing message. The “no match tag []” deletes this configuration. Parameter: is the tag value, ranging between 0~4294967295. Command Mode: route-map mode Usage Guide: This command matches according to the tag value in the OSPF route. If the matching succeeded, then the “permit” or “deny” action in the route-map is performed.
among nodes is identified by sequence-number. “permit” means the node filter will be passed if all match subs are obtained by current route and then further all the set sub of this node will be executed without entering the check in the next node; if the match subs can not be met, the proceed to the check in next node. Relation among different node should be “or”, namely one node check passed then the route filter is passed when the switch checks each node in turn in the route-map.
31.16 set as-path Command: set as-path prepend no set as-path prepend [] Function: Add AS numbers in the AS path domain of the BGP routing message. The “no set as-path prepend []” command deletes this configuration. Parameter: is the AS number, circulating inputting several numbers is available. Command Mode: route-map mode Usage Guide: To add AS number in the As domain of the BGP, the AS path length should be lengthened so to affect the best neighbor path option.
Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set atomic-aggregate 31.18 set comm-list Command: set comm-list delete no set comm-list delete Function: Configure to delete the community attributes from the inbound or outbound routing messages. The “no set comm-list delete” command deletes the configuration.
route do not announce outside the local AS (but can announce among the sub AS within the confederation), [no-advertise] means this route do not send to any neighbor, [no-export] means this route do not send to EBGP neighbors, [none] means delete the community attributes from the prefix of this route, [additive] means add following existing community attributes. Command Mode: route-map mode Usage Guide: To use this command, one match clause should at first be defined.
Switch(config)#route-map r1 permit 10 Switch(config-route-map)#set extcommunity soo 200.200:10 31.21 set ip next-hop Command: set ip next-hop no set ip next-hop [] Function: Configure the next-hop of the route. The “no set ip next-hop []” command deletes the configuration. Parameter: is the ip address of next-hop shown with dotted decimal notation.
local priority validates only within this AS and will not be transported to EBGP neighbors. To use this command, one match clause should at first be defined. Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set local-preference 60 31.23 set metric Command: set metric < metric_val> no set metric [< metric_val>] Function: Configure the metric value of the route. The “no set metric [< metric_val>]” command deletes the configuration.
Function: Configure the metric type of the OSPF routing message. The “no set metric-type []” command deletes this configuration. Parameter: type-1 means matches the OSPF type 1 external route, type-2 means matches the OSPF type 2 external route. Command Mode: route-map mode Usage Guide: To use this command, one match clause should at first be defined. Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set metric-type type-1 31.
31.26 set originator-id Command: set originator-id no set originator-id [] Function: Configure the origin ip address of the BGP routing message. The “no set originator-id []” command deletes the configuration. Parameter: is the ip address of the route source shown by dotted decimal notation. Command Mode: route-map mode Usage Guide: To use this command, one match clause should at first be defined.
Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set tag 60 31.28 set vpnv4 next-hop Command: set vpnv4 next-hop no set vpnv4 next-hop [] Function: Configure the next-hop of BGP VPNv4 routing message. The “no set vpnv4 next-hop []” command deletes the configuration. Parameter: is the next-hop ip address of VPNv4 route shown by dotted decimal notation.
Weight value is adopted to facilitate the best path option and validates only within the local switch. While there are several route to the same destination the one with higher priority is more preferred. To use this command, one match clause should at first be defined. Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set weight 60 31.
seq 5 deny 1.1.1.1/8 (hit count: 0, recount: 0) Show the prefix-list contents sequence numbered 5. hit count: 0 means being hit 0 time, recount: 0 means referred 0 time. 31.31 show ip prefix-list Command: show ip prefix-list [ [] ] Function: Display the contents of the prefix list. Parameters: When detail is enabled, detail of prefix-list will be displayed. For summary, it is similar but a summary will be displayed. is the name of the prefix list.
count:0 means the rule has been matched for zero times. And refcount:0 means the rule is referenced for zero times. 31.32 show route-map Command: show route-map Function: Show the content of route-map.
Command Mode: Admin and Configuration Mode Example: 1: Switch#show router-id Router ID: 20.1.1.1 (automatic) 2: Switch#show router-id Router ID: 20.1.1.
Chapter 32 Commands for Static Route 32.1 ip route Command: ip route { | /} { | } [] no ip route { | /} [ | ] [] Function: Configure the static route. The “no ip route { | /} [ | ] []” command deletes the static route.
Example 1. Add a static route Switch(config)#ip route 1.1.1.0 255.255.255.0 2.1.1.1 Example 2. Add default route Switch(config)#ip route 0.0.0.0 0.0.0.0 2.2.2.1 32.2 ip route vrf Command: ip route vrf { |} {|null0} [<1-255>] no ip route vrf { |} {|null0} [<1-255>] Function: Configure the static route for the specific VRF.
32.3 show ip route Command: show ip route [|||connected | static | rip| ospf | bgp | isis| kernel| statistics| database [connected | static | rip| ospf | bgp | isis| kernel] |fib[statistics]] Function: Show the route table.
connected with the layer 3 switch S –static Static route, the route manually configured by users R - RIP derived RIP route, acquired by layer 3 switch through the RIP protocol. O - OSPF derived OSPF route, acquired by layer 3 switch through the OSPF protocol A- OSPF ASE Route introduced by OSPF B- BGP derived BGP route, acquired by the BGP protocol.
32-138
Chapter 33 Commands for RIP 33.1 accept-lifetime Command: accept-lifetime {| duration| infinite} no accept-lifetime Function: Use this command to specify a key accept on the key chain as a valid time period. The “no accept-lifetime” command deletes this configuration.
Related Command: key key-string key chain send-lifetime 33.2 address-family ipv4 Command: address-family ipv4 vrf no address-family ipv4 vrf Function: Configure this command to enable the routing message switching among VRF and enter the address-family mode. The “no address-family ipv4 vrf ” command deletes the RIP instances related to this VPN routing/forwarding instance. Parameter: specifies the name of VPN routing/forwarding instances.
Clear the routes which match the destination address from the RIP route table.
detail shows the messages of received or sent data packets Default: Debug switch closed. Command Mode: Admin mode and global mode Example: Switch# debug rip packet Switch#1970/01/01 01:01:43 IMI: SEND[Vlan1]: Send to 224.0.0.9:520 1970/01/01 01:01:43 IMI: SEND[Vlan1]: Send to 224.0.0.9:520 1970/01/01 01:01:47 IMI: RECV[Vlan1]: Receive from 20.1.1.2:520 33.
Default: Close the debug by default. Command Mode: Admin Mode. Example: Switch#debug rip redistribute route receive Switch#no debug rip redistribute route receive 33.7 default-information originate Command: default-information originate no default-information originate Function: Allow the network 0.0.0.0 to be redistributed into the RIP. The “no default-information originate” disable this function.
Default: Default route metric value is 1. Command Mode: Router mode and address-family mode Usage Guide: default-metric command is used for setting the default route metric value of the routes from other routing protocols when distributed into the RIP routes. When using the redistribute commands for introducing routes from other protocols, the default route metric value specified by default-metric will be adopted if no specific route metric value is set.
Switch# config terminal Switch(config)# router rip Switch(config-router)# distance 8 10.0.0.0/8 mylist 33.10 distribute-list Command: distribute-list { |prefix} {in|out} [] no distribute-list { |prefix} {in|out} [] Function: This command uses access-list or prefix-list to filter the route update packets sent and received.
Exit address-family mode Command Mode: address-family mode Example: Switch(config)# router rip Switch(config-router)# address-family ipv4 vrf IPI Switch(config-router-af)# exit-address-family Switch(config-router)# 33.12 ip rip aggregate-address Command: ip rip aggregate-address A.B.C.D/M no ip rip aggregate-address A.B.C.D/M Function: To configure RIP aggregation route. The no form of this command will delete this configuration. Parameter: A.B.C.D/M:IPv4 address and mask length.
no ip rip authentication key-chain Function: Use this command to enable RIPV2 authentication on an interface and further configures the adopted key chain. The “no ip rip authentication key-chain” command cancels the authentication. Parameter: is the name of the adopted key chain. There may be spaces in the string. The input ends with an enter and the string should not be longer than 256 bytes. Command Mode: Interface Configuration Mode.
RIP-I do not support authentication which the RIP-II supports two authentication modes: text authentication (i.e. Simple authentication) and data packet authentication (i.e. MD5 authentication). This command should be used associating the ip rip authentication key or ip rip authentication string. Independently configuration will not lead to authentication process.
ip rip authentication mode 33.16 ip rip authentication cisco-compatible Command: ip rip authentication cisco-compatible no ip rip authentication cisco-compatible Function: After configured this command, the cisco RIP packets will be receivable by configuring the plaintext authentication or MD5 authentication.
Interface Configuration Mode. Example: Switch# config terminal Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)# ip rip receive-packet Related Command: ip rip send-packet 33.18 ip rip receive version Command: ip rip receive version { 1 | 2|1 2 } no ip rip receive version Function: Set the version information of the RIP packets the interface receives. The default version is 2; the “no ip rip receive version” command restores the value set by using the version command.
Function: Set the Interface to be able to receive the RIP packets; the “no ip rip send-packet” set the interface to be unable to receive the RIP packets. Default: Interface sends RIP packets. Command Mode: Interface Configuration Mode. Example: Switch# config terminal Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)# ip rip send-packet Related Command: ip rip receive-packet 33.
33.21 ip rip split-horizon Command: ip rip split-horizon [poisoned] no ip rip split-horizon Function: Enable split horizon. The “no ip rip split-horizon” disables the split horizon. Parameter: [poisoned] means configure the split horizon with poison reverse. Default: Split Horizon with poison reverse by default. Command Mode: Interface Configuration Mode.
keys. Example: Switch# config terminal Switch(config)# key chain mychain Switch(config-keychain)# key 1 Switch(config-keychain-key)# Relevant Commands: key chain, key-string, accept-lifetime, send-lifetime 33.23 key chain Command: key chain no key chain < name-of-chain > Function: This command is for entering a keychain manage mode and configure a keychain. The “no key chain < name-of-chain >“deletes one keychain.
Parameter: is a character string without length limit. However when referred by RIP authentication only the first 16 characters will be used. Command Mode: Keychain-key mode Usage Guide: This command is for configure different passwords for keys with different ID. Example: Switch# config terminal Switch(config)# key chain mychain Switch(config-keychain)# key 1 Switch(config-keychain-key)# key-string prime Related Command: key, key chain, accept-lifetime, send-lifetime 33.
Switch# config terminal Switch(config)# router rip Switch(config-router)# maximum-prefix 150 33.26 neighbor Command: neighbor no neighbor Function: Specify the destination address requires targeted-peer sending. The “no neighbor “command cancels the specified address and restores all gateways to trustable. Parameter: is the specified destination address for the sending, shown in dotted decimal notation.
Parameter: is the IP address prefix and its length in the network. is the name of a interface. Default: Not running RIP protocol Command Mode: Router mode and address-family mode Usage Guide: Use this command to configure the network for sending or receiving RIP update packets. If the network is not configured, all interfaces of the network will not be able to send or receive data packets. Example: Switch# config terminal Switch(config)# router rip Switch(config-router)# network 10.0.
Switch# config terminal Switch(config)# router rip Switch(config-router)# offset-list 1 in 5 vlan 1 Related Command: access-list 33.29 passive-interface Command: passive-interface no passive-interface Function: Set the RIP layer 3 switch blocks RIP broadcast on specified interface, on which the RIP data packets will only be sent to layer 3 switches configured with neighbor. Parameter: is the name of specific interface.
Parameter: is the buffer zone size in bytes, ranging between 8192-2147483647. Default: 8192 bytes. Command Mode: Router mode Example: Switch# config terminal Switch(config)# router rip Switch(config-router)# recv-buffer-size 23456789 33.
Switch# config terminal Switch(config)# router rip Switch(config-router)# redistribute kernel route-map ipi To redistribute OSPFv2 routing information to RIP. Switch(config)# router rip Switch(config-router)# redistribute ospf 2 33.32 route Command: route no route Function: This command configures a static RIP route. The “no route “command deletes this route. Parameter: Specifies this destination IP address prefix and its length.
RIP routing protocol. Default: Not running RIP route. Command Mode: Global mode Usage Guide: This command is the switch for starting the RIP routing protocol which is required to be open before configuring other RIP protocol commands. Example: Enable the RIP protocol mode Switch(config)#router rip Switch(config-router)# 33.
Command Mode: Keychain-key mode Example: The example below shows the send-lifetime configuration on the keychain named mychain for key 1. Switch# config terminal Switch(config)# key chain mychain Switch(config-keychain)# key 1 Switch(config-keychain-key)# send-lifetime 03:03:01 Dec 3 2004 04:04:02 Oct 6 2006 Related Command: key, key-string, key chain, accept-lifetime 33.35 show debugging rip Command: show debugging rip Function: Show RIP event debugging, RIP packet debugging and RIP nsm debugging status.
Example: show ip protocols rip Routing Protocol is "rip" Sending updates every 30 seconds with +/-50%, next due in 8 seconds Timeout after 180 seconds, garbage collect after 120 seconds Outgoing update filter list for all interface is not set Incoming update filter list for all interface is not set Default redistribution metric is 1 Redistributing: static Default version control: send version 2, receive version 2 Interface Vlan1 Send Recv 2 Key-chain 2 Routing for Networks: Vlan1 Vlan2 Routing Informati
Routing for Networks: The segment running RIP is the Vlan1 Vlan 1 and Vlan 2 Vlan2 Routing Information Sources: Routing information sources Gateway Distance Last Update Bad Packets Bad Routes The badpacketand bad routes from 20.1.1.1 120 00:00:31 0 0 the gateway 20.1.1.1 are all 0. 31 seconds have passed since the last route update. The manage distance is 120 Distance: (default is 120) Default manage distance is 120 33.
Show the routes in the RIP route database. Command Mode: Admin mode Example: Switch# show ip rip database Codes: R - RIP, K - Kernel, C - Connected, S - Static, O - OSPF, I - IS-IS, B –BGP Network Next Hop Metric From If R 10.1.1.0/24 1 Vlan1 R 20.1.1.0/24 1 Vlan2 Command: show ip rip 33.39 show ip rip interface Command: show ip rip interface [] Function: Show the RIP related messages. Parameter: is the name of the interface to show the messages.
33.40 show ip rip aggregate Command: show ip rip aggregate Function: To display the information of IPv4 aggregation route. Command Mode: Admin and Configuration Mode. Usage Guide: This command is used to display which interface the aggregation route be configured, Metric, Count, Suppress and so on. If configured under global mode, then the interface display “----”, “Metric” is metric. “Count” is the number of learned aggregation routes. “Suppress” is the times of aggregation.
Function: Adjust the RIP timer update, timeout, and garbage collecting time. The “no timers basic” command restores each parameters to their default values.
Sent and received data packet is version 2 by default. Command Mode: Router mode and address-family mode Usage Guide: 1. refers to that each interface of the layer 3 switch only sends/receives the RIP-I data packets. 2. refers to that each interface of the layer 3 switch only sends/receives the RIP-II data packets. The RIP-II data packet is the default version. Example: Configure the version of all RIP data packets sent/received by router interfaces to version 2.
Chapter 34 Commands for RIPng 34.1 clear ipv6 route Command: clear ipv6 rip route {| kernel |static | connected |rip |ospf |isis | bgp |all } Function: Clear specific route from the RIPng route table. Parameter: Clears the route exactly match with the destination address from the RIP route table. is the destination address shown in hex notation with prefix length.
Permit redistributing the network 0:: into RIPng. The “no default-information originate” disables this function. Default: Disabled Command Mode: Router mode Example: Switch#config terminal Switch(config)#router ipv6 rip Switch(config-router)#default-information originate 34.3 default-metric Command: default-metric no default-metric Function: Set the default metric route value of the introduced route; the “no default-metric” restores the default value.
34.4 distance Command: distance [] [] no distance [] Function: Set the managing distance with this command. The “no distance [ ]” command restores the default value to 120. Parameter: specifies the distance value, ranging between 1-255. is the local link address or its prefix. specifies the access-list number or name applied.
Parameter: is the name or access-list number to be applied. is the name of the prefix-list to be applied. specifies the name of interface to be applied with route filtering. Default: Function disabled by RIPng by default. Command Mode: Router mode Usage Guide: The filter will be applied to all interfaces if no specific interface is set.
Switch#debug ipv6 rip packet Switch#1970/01/01 21:15:08 IMI: SEND[Ethernet1/0/10]: Send to [ff02::9]:521 1970/01/01 21:15:08 IMI: SEND[Ethernet1/0/2]: Send to [ff02::9]:521 1970/01/01 21:15:09 IMI: RECV[Ethernet1/0/10]: Receive from [fe80::20b:46ff:fe57:8e60]:521 1970/01/01 21:15:09 IMI: RECV[Ethernet1/0/10]: 3000:1:1::/64 is filtered by access-list dclist 1970/01/01 21:15:09 IMI: RECV[Ethernet1/0/10]: 3ffe:1:1::/64 is filtered by access-list dclist 1970/01/01 21:15:15 IMI: RECV[Ethernet1/0/2]: Receive from
Close the debug by default. Command Mode: Admin Mode. Example: Switch#debug ipv6 rip redistribute route receive Switch# no debug ipv6 rip redistribute route receive 34.9 ipv6 rip aggregate-address Command: ipv6 rip aggregate-address X:X::X:X/M no ipv6 rip aggregate-address X:X::X:X/M Function: To configure IPv6 aggregation route. The no form of this command deletes the IPv6 aggregation route. Parameter: X:X::X:X/M: IPv6 address and prefix length. Command Mode: Router Mode or Interface Configuration Mode.
Function: Permit the split horizon. The “no ipv6 rip split-horizon” disables the split horizon. Parameter: [poisoned] configures split horizon with poison reverse. Default: Split horizon with poison reverse. Command Mode: Interface Configuration Mode. Usage Guide: The split horizon is for preventing the routing loops, namely preventing the layer 3 switch from broadcasting a route at the interface from which the very route is learnt.
34.12 neighbor Command: neighbor { vlan } no neighbor { vlan } Function: Specify the destination address for fixed sending. The “no neighbor vlan “cancels the specified address defined and restores all trusted gateways. Parameter: is the IPv6 Link-local address specified for sending and shown in colon hex notation without the prefix length. is the name of interface.
command disables this function. Parameter: is the access-list or name to be applied. is the additional offset value, ranging between 0-16; is the name of specific interface. Default: The default offset value is the metric value of the interface defined by the system. Command Mode: Router mode Example: Switch#config terminal Switch(config)#router ipv6 rip Switch(config-router)#offset-list 1 in 5 Vlan1 Related Command: access-list 34.
34.15 redistribute Command: redistribute {kernel |connected| static| ospf| isis| bgp} [metric] [route-map] no redistribute {kernel |connected| static| ospf| isis| bgp} [metric] [route-map] Function: Introduce the routes learnt from other routing protocols into RIPng.
route-map is the pointer to the introduced routing map. Default: Not redistributed by default. Command Mode: RIPng Configuration Mode. Example: To redistribute OSPFv3 ABC routing ro RIPng. Switch(config)#router ipv6 rip Switch (config-router)#redistribute ospf abc 34.17 route Command: route no route Function: This command configures a static RIPng route. The “no route “ command deletes this route.
no router ipv6 rip Function: Enable RIPng routing process and entering RIPng mode; the “no router ipv6 rip” of this command disables the RIPng routing protocol. Default: RIPng routing not running. Command Mode: Global mode Usage Guide: This command is for enabling the RIPng routing protocol, this command should be enabled before performing other global configuration of the RIPng protocol. Example: Enable the RIPng protocol mode. Switch(config)#router ipv6 rip 34.
Function: Make sure the interface and line protocols is up.
Example: Switch#show ipv6 rip redistribute 34.22 show ipv6 protocols rip Command: show ipv6 protocols rip Function: Show the RIPng process parameters and statistic messages.
interface is not set Default redistribution metric is 1 Default redistribution metric is 1 Redistributing: static Redistricting the static route into the RIP routes Interface The interfaces running RIP is Vlan Vlan10 10 and Vlan 2 Vlan2 34.23 show ipv6 rip Command: show ipv6 rip Function: Show RIPng Routing.
show ipv6 rip database Function: Show messages related to RIPng database. Command Mode: Admin mode Example: Switch#show ipv6 rip database Equal Command: show ipv6 rip 34.25 show ipv6 rip aggregate Command: show ipv6 rip aggregate Function: To display the information of IPv6 aggregation route. Command Mode: Admin and Configuration Mode.
Aggregated To configure the interface name of the aggregation route. If the route Ifname aggregated globally, then display “---”. Metric Metric of aggregation route. Count The number of learned aggregation routes. Suppress The times of aggregated for aggregation route. 34.26 show ipv6 rip redistribute Command: show ipv6 rip redistribute Function: Show the configuration information of redistributed other out routing to RIPng. Default: Not shown by default.
defaulted at 30; defaulted at 180; defaulted at120 Command Mode: Router mode Usage Guide: The system is defaulted broadcasting RIPng update packets every 30 seconds; and the route is considered invalid after 180 seconds but still exists for another 120 seconds before it is deleted from the routing table. Example: Set the RIP update time to 20 seconds and the timeout period to 80 second, the garbage collecting time to 60 seconds.
Chapter 35 Commands for OSPF 35.1 area authentication Command: area authentication [message-digest] no area authentication Function: Configure the authentication mode of the OSPF area; the “no area authentication” command restores the default value. Parameter: is the area number which could be shown in digit, ranging between 0 to 4294967295, or in IP address. message-digest is proved by MD5 authentication, or be proved by simple plaintext authentication if not choose this parameter.
Configure the cost of sending to the default summary route in stub or NSSA area; the “no area default-cost” command restores the default value. Parameter: is the area number which could be shown as digits 0~4294967295, or as an IP address; ranges between <0-16777215>. Default: Default OSPF cost is 1. Command Mode: OSPF protocol mode Usage Guide: The command is only adaptive to the ABR router connected to the stub area or NSSA area. Example: Set the default-cost of area 1 to 10.
Switch(config)#access-list 1 deny 172.22.0.0 0.0.0.255 Switch(config)#access-list 1 permit any Switch(config)#router ospf 100 Switch(config-router)#area 1 filter-list access 1 in 35.4 area nssa Command: area nssa [TRANSLATOR| no-redistribution |DEFAULT-ORIGINATE | no-summary] no area nssa [TRANSLATOR| no-redistribution | DEFAULT-ORIGINATE | no-summary] Function: Set the area to Not-So-Stubby-Area (NSSA) area.
Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#area 0.0.0.51 nssa Switch(config-router)#area 3 nssa default-information-originate metric 34 metric-type 2 translator-role candidate no-redistribution 35.5 area range Command: area range [advertise| not-advertise| substitute] no area range Function: Aggregate OSPF route on the area border. The “no area range “cancels this function.
35.6 area stub Command: area stub [no-summary] no area stub [no-summary] Function: Define a area to a stub area. The “no area stub [no-summary]” command cancels this function. Parameter: is the area number which could be digits ranging between 0~4294967295, and also as an IP address. no-summary: The area border routes stop sending link summary announcement to the stub area. Default: Not defined.
removes this virtual-link. Parameter: is the area number which could be digits ranging between 0~4294967295, and also as an IP address. AUTHENTICATION = authentication [message-digest[message-digest-key <1-255> md5 ] |null|AUTH_KEY]. authentication : Enable authentication on this virtual link. message-digest: Authentication with MD-5. null : Overwrite password or packet summary with null authentication. AUTH_KEY= authentication-key . : A password consists of less than 8 characters.
35.8 auto-cost reference-bandwidth Command: auto-cost reference-bandwidth no auto-cost reference-bandwidth Function: This command sets the way in which OSPF calculate the default metric value. The “no auto-cost reference-bandwidth” command only configures the cost to the interface by types. Parameter: reference bandwidth in Mbps, ranging between 1~4294967. Default: Default bandwidth is 100Mbps.
OSPF protocol mode Example: Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#compatible rfc1583 35.10 clear ip ospf process Command: clear ip ospf [] process Function: Use this command to clear and restart OSPF routing processes. One certain OSPF process will be cleared by specifying the process ID, or else all OSPF processes will be cleared. Default: No default configuration. Command Mode: Admin mode Example: Switch#clear ip ospf process 35.
35.12 debug ospf ifsm Command: debug ospf ifsm [status|events|timers] no debug ospf ifsm [status|events|timers] Function: Open debugging switches showing the OSPF interface states; the “no debug ospf ifsm [status|events|timers]” command closes this debugging switches. Default: Closed Command Mode: Admin mode and global mode Example: Switch#debug ospf ifsm events 35.
no debug ospf nfsm [status|events|timers] Function: Open debugging switches showing OSPF neighbor state machine; the “no debug ospf nfsm [status|events|timers]”command closes this debugging switch. Default: Closed Command Mode: Admin mode and global mode Example: Switch#debug ospf nfsm events 35.
Default: Closed Command Mode: Admin mode and global mode Example: Switch#debug ospf packet hello 35.17 debug ospf route Command: debug ospf route [ase|ia|install|spf] no debug ospf route [ase|ia|install|spf] Function: Open debugging switches showing OSPF related routes; the “no debug ospf route [ase|ia|install|spf]” command closes this debugging switch. Default: Closed Command Mode: Admin mode and global mode Example: Switch#debug ospf route spf 35.
Example: To enable debugging of sending command from OSPF process redistributed to other OSPF process routing. Switch#debug ospf redistribute message send 35.19 debug ospf redistribute route receive Command: debug ospf redistribute route receive no debug ospf redistribute route receive Function: To enable/disable debugging switch of received routing message from NSM for OSPF process. Parameter: None. Default: Disabled. Command Mode: Admin Mode. Usage Guide: None.
between 0~16777214, default metric value is 0. METRICTYPE = metric-type {1|2} set the OSPF external link type of default route. 1 Set the OSPF external type 1 metric value. 2 Set the OSPF external type 2 metric value. ROUTEMAP = route-map . specifies the route map name to be applied. Default: Default metric value is 10, default OSPF external link type is 2.
goes through. If the metric value can not be translated, the default value provides alternative option to carry the route introducing on. This command will result in that all introduced route will use the same metric value. This command should be used associating redistribute. Example: Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#default-metric 100 35.
Switch(config-router)#distance ospf inter-area 20 intra-area 10 external 40 35.23 distribute-list Command: distribute-list out {kernel |connected| static| rip| isis| bgp} no distribute-list out {kernel |connected| static| rip| isis| bgp} Function: Filter network in the routing update. The “no distribute-list out {kernel |connected| static| rip| isis| bgp}” command disables this function. Parameter: < access-list-name> is the access-list name to be applied.
35.24 filter-policy Command: filter-policy no filter-policy Function: Use access list to filter the route obtained by OSPF, the no command cancels the route filtering. Parameter: : Access list name will be applied, it can use numeric standard IP access list and naming standard IP access list to configure. Default: There is no default configuration. Command Mode: OSPF protocol mode Usage Guide: This command is used to filter the route obtained by OSPF.
area ID shown in dotted decimal notation or integer ranging between 0~4294967295. specifies the entire cost, which is a integer ranging between 0~65535 and defaulted at 0. Default: No entire set. Command Mode: OSPF protocol mode Usage Guide: With this command you can advertise certain specific host route out as stub link. Since the stub host belongs to special router in which setting host is not important.
35.27 ip ospf authentication-key Command: ip ospf [] authentication-key no ip ospf [] authentication Function: Specify the authentication key required in sending and receiving OSPF packet on the interface; the “no ip ospf [] authentication” cancels the authentication key. Parameter: is the interface IP address shown in dotted decimal notation; specifies the key required in the plaintext authentication.
Example: Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf cost 3 35.29 ip ospf database-filter Command: ip ospf [] database-filter all out no ip ospf [] database-filter Function: The command opens LSA database filter switch on specific interface; the “no ip ospf [] database-filter” command closes the filter switch. Parameter: is the interface IP address shown in dotted decimal notation; all: All LSAs. out: Sent LSAs.
is the interface IP address shown in dotted decimal notation;
35.32 ip ospf hello-interval Command: ip ospf [] hello-interval
message-digest-key “restores the default value. Parameter: is the interface IP address show in dotted decimal notation; ranges between 1-255; is the OSPF key. Default: MD5 key not configured. Command Mode: Interface Configuration Mode. Usage Guide: MD5 key encrypted authentication is used for ensure the safety between the OSPF routers on the network.
Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf mtu 1480 35.35 ip ospf mtu-ignore Command: ip ospf mtu-ignore no ip ospf mtu-ignore Function: Use this command so that the mtu size is not checked when switching DD; the “no ip ospf mtu-ignore” will ensure the mtu size check when performing DD switch. Parameter: is the interface IP address show in dotted decimal notation. Default: Check mtu size in DD switch.
point-to-multipoint: Set the OSPF network type to point-to-multipoint. Default: The default OSPF network type is broadcast. Command Mode: Interface Configuration Mode. Example: The configuration below set the OSPF network type of the interface vlan 1 to point-to-point. Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf network point-to-point 35.
Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf priority 0 35.38 ip ospf retransmit-interval Command: ip ospf [] retransmit-interval
no ip ospf [] transmit-delay Function: Set the transmit delay value of LSA transmitting; the “no ip ospf [] transmit-delay” restores the default value. Parameter: is the interface IP address show in dotted decimal notation.
Switch#config terminal Switch(config)#key chain mychain Switch(config-keychain)#key 1 Switch(config-keychain-key)# Relevant Commands: key chain, key-string, accept-lifetime, send-lifetime 35.41 key chain Command: key chain no key chain < name-of-chain > Function: This command is for entering a keychain manage mode and configure a keychain. The “no key chain < name-of-chain >” command deletes one keychain.
Usage Guide: When this command is configured, the OSPF adjacency changes information will be recorded into a log. Example: Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#log-adjacency-changes detail 35.43 max-concurrent-dd Command: max-concurrent-dd no max-concurrent-dd Function: This command set the maximum concurrent number of dd in the OSPF process; the “no max-concurrent-dd” command restores the default.
no neighbor A.B.C.D [| priority | poll-interval ] Function: This command configures the OSPF router connecting NBMA network. The “no neighbor A.B.C.D [| priority | poll-interval ]” command removes this configuration.
demcial integer, it ranges between 0~4294967295. Default: No default. Command Mode: OSPF protocol mode Usage Guide: When certain segment belongs to certain area, interface the segment belongs will be in this area, starting hello and database interaction with the connected neighbor. Example: Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#network 10.1.1.0/24 area 1 35.
Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#ospf abr-type standard 35.47 ospf router-id Command: ospf router-id
no ospf router-id Function: Specify a router ID for the OSPF process. The “no ospf router-id” command cancels the ID number. Parameter: , IPv4 address format of router-id. Default: No default configuration. Command Mode: OSPF protocol mode Usage Guide: The new router-id takes effect immediately. Example: Configure router-id of ospf 100 to 2.3.4.Not configured. Parameter: < maxdbsize >Max LSA numbers, ranging between 0~4294967294. soft: Soft limit, warns when border exceeded. hard: Hard limit, directly close ospf instance when border exceeded. If there is not soft or hard configured, the configuration is taken as hard limit. Command Mode: OSPF Protocol Mode. Example: Switch#config terminal Switch(config)#router ospf Switch(config-router)#overflow database 10000 soft 35.
35.50 passive-interface Command: passive-interface [] no passive-interface [] Function: Configure that the hello group not sent on specific interfaces. The “no passive-interface []“command cancels this function. Parameter: is the specific name of interface. IP address of the interface in dotted decimal format. Default: Not configured.
metric is the introduced metric value, ranging between 0-16777214. metric-type {1|2} is the metric value type of the introduced external route, which can be 1 or 2, and it is 2 by default. route-map point to the probe of the route map for introducing route. tag external identification number of the external route, ranging between 0~4294967295, defaulted at 0. Command Mode: OSPF Protocol Mode.
Switch(config-router)#redistribute ospf 35.53 router ospf Command: router ospf no router ospf Function: This command is for relating the OSPF process and one VPN, after the configuration succeeded, all configuration conmmands of this OSPF are relating with the VPN. The no command deletes the OSPF instance with VPN routing/ forward instance. Parameter: specifies the ID of the OSPF process to be created, the ranging from 1 to 65535.
Admin and configuration mode Example: Switch#show ip ospf Routing Process "ospf 0" with ID 192.168.1.1 Process bound to VRF default Process uptime is 2 days 0 hour 30 minutes Conforms to RFC2328, and RFC1583Compatibility flag is disabled Supports only single TOS(TOS0) routes Supports opaque LSA SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Refresh timer 10 secs Number of external LSA 0. Checksum Sum 0x000000 Number of opaque AS LSA 0.
Number of LSA received 0 Number of areas attached to this router: 1 Area 0 (BACKBONE) (Inactive) Number of interfaces in this area is 0(0) Number of fully adjacent neighbors in this area is 0 Area has no authentication SPF algorithm executed 0 times Number of LSA 0. Checksum Sum 0x000000 35.55 show ip ospf border-routers Command: show ip ospf [] border-routers Function: Display the intra-domain route entries for the switch to reach ABR and ASBR of all instances.
[{| self-originate |adv-router }] | opaque-area [{| self-originate |adv-router }] opaque-as [{| self-originate |adv-router }]|opaque-link [{| self-originate |adv-router }] | router [{| self-originate |adv-router }]| summary [{| self-originate |adv-router }] |self-originate | max-age }] Function: Display the OSPF
22.1.1.0 192.168.1.2 308 0x8000000c 0xc8f0 22.1.1.0/24 ASBR-Summary Link States (Area 0.0.0.2) Link ID ADV Router 192.168.1.1 192.168.1.2 Age Seq# CkSum 1702 0x8000002a 0x89c7 AS External Link States Link ID ADV Router Age Seq# CkSum Route 2.2.2.0 192.168.1.1 1499 0x80000056 0x3a63 E2 2.2.2.0/24 [0x0] 2.2.3.0 192.168.1.1 1103 0x8000002b 0x0ec3 E2 2.2.3.0/24 [0x0] 35.57 show ip ospf interface Command: show ip ospf interface Function: Display the OSPF interface messages.
Hello due in 00:00:16 Neighbor Count is 0, Adjacent neighbor count is 0 35.58 show ip ospf neighbor Command: show ip ospf [] neighbor [{ |all |detail [all] |interface }] Function: Display the OSPF adjacent point messages.
35.59 show ip ospf redistribute Command: show ip ospf [] redistribute Function: To display the routing message redistributed from external process of OSPF. Parameter: is the process ID ranging between 0~65535. Command Mode: Admin Mode and Configuration Mode.
Parameter: . is the process ID ranging between 0~65535 Default: Not displayed Command Mode: Admin and configuration mode Example: Switch#show ip ospf route O 10.1.1.0/24 [10] is directly connected, Vlan1, Area 0.0.0.0 O 10.1.1.4/32 [10] via 10.1.1.4, Vlan1, Area 0.0.0.0 IA 11.1.1.0/24 [20] via 10.1.1.1, Vlan1, Area 0.0.0.0 IA 11.1.1.2/32 [20] via 10.1.1.1, Vlan1, Area 0.0.0.0 IA 12.1.1.0/24 [20] via 10.1.1.2, Vlan1, Area 0.0.0.0 IA 12.1.1.2/32 [20] via 10.1.1.2, Vlan1, Area 0.0.0.0 O 13.
Virtual Link VLINK0 to router 10.10.0.9 is up Transit area 0.0.0.1 via interface Vlan1 Transmit Delay is 1 sec, State Point-To-Point, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:02 Adjacency state Full Virtual Link VLINK1 to router 10.10.0.123 is down Transit area 0.0.0.1 via interface Vlan1 Transmit Delay is 1 sec, State Down, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in inactive Adjacency state Down 35.
C *> 127.0.0.0/8 is directly connected, Loopback O 192.168.2.0/24 [110/10] is directly connected, Vlan2, 00:06:13, process 12 C *> 192.168.2.0/24 is directly connected, Vlan2 35.63 show ip protocols Command: show ip protocols Function: Display the running routing protocol messages.
Neighbor(s): Address FiltIn FiltOut DistIn DistOut Weight RouteMap Incoming Route Filter: 35.64 summary-address Command: summary-address [{not-advertise|tag}] Function: Summarize or restrain external route with specific address scope. Parameter: address scope, shown in dotted decimal notation IPv4 address plus mask length. not-advertised restrain the external routes.
Parameter: 5 seconds by default. 10 seconds by default. Command Mode: OSPF protocol mode. Usage Guide: This command configures the delay time between receiving topology change and SPF calculation, further configured the hold item between two discontinuous SPF calculation.
Chapter 36 Commands for OSPFv3 36.1 area default cost Command: area default-cost no area default-cost Function: Configure the cost of sending to the default summary route in stub or NSSA area; the “no area default-cost” command restores the default value. Parameter: is the area number which could be shown as digits 0~4294967295, or as an IP address; ranges between <0-16777215> Default: Default OSPFv3 cost is 1.
advertise: Advertise this area not-advertise : Not advertise this area If both are not set, this area is defaulted for advertising Default: Function not configured. Command Mode: OSPFv3 protocol mode Usage Guide: Use this command to aggregate routes inside an area. If the network IDs in this area are not configured continuously, a summary route can be advertised by configuring this command on ABR. This route consists of all single networks belong to specific range.
introducing cost is defined with area default-cost command. Example: Switch # config terminal Switch (config)# router ipv6 ospf Switch (config-router)# area 1 stub Relevant Commands: area default-cost 36.4 area virtual-link Command: area virtual-link A.B.C.D [instance-id | INTERVAL ] no area virtual-link A.B.C.D [instance-id | INTERVAL] Function: Configure a logical link between two backbone areas physically divided by non-backbone area.
any two backbone areas routers connected with the public non-backbone area. The protocol treat routers connected by virtual links as a point-to-point network. Example: Switch#config terminal Switch(config) #router ipv6 ospf Switch(config-router) #area 1 virtual-link 10.10.11.50 hello 5 dead 20 Switch(config-router) #area 1 virtual-link 10.10.11.50 instance-id 1 36.5 abr-type Command: abr-type {cisco|ibm| standard} no abr-type [cisco|ibm| standard] Function: Configure an OSPF ABR type with this command.
no default-metric Function: The command set the default metric value of OSPF routing protocol; the “no default-metric” returns to the default state. Parameter: , metric value, ranging between 1~16777214. Default: Built-in, metric value auto translating. Command Mode: OSPF protocol mode Usage Guide: When the default metric value makes the metric value not compatible, the route introducing still goes through.
36.8 debug ipv6 ospf ifsm Command: [no] debug ipv6 ospf ifsm [status|events|timers] Function: Open debugging switches showing the OSPF interface states; the “[no] debug ospf ifsm [status|events|timers]” command closes this debugging switches. Default: Closed. Command Mode: Admin mode Example: Switch#debug ipv6 ospf ifsm 1970/01/01 01:11:44 IMI: IFSM[Vlan1]: Hello timer expire 1970/01/01 01:11:44 IMI: IFSM[Vlan2]: Hello timer expire 36.
Default: Closed. Command Mode: Admin mode Example: Switch#debug ipv6 ospf nfsm 1970/01/01 01:14:07 IMI: NFSM[192.168.2.3-000007d4]: LS update timer expire 1970/01/01 01:14:07 IMI: NFSM[192.168.2.1-000007d3]: LS update timer expire 1970/01/01 01:14:08 IMI: NFSM[192.168.2.1-000007d3]: Full (HelloReceived) 1970/01/01 01:14:08 IMI: NFSM[192.168.2.1-000007d3]: nfsm_ignore called 1970/01/01 01:14:08 IMI: NFSM[192.168.2.1-000007d3]: Full (2-WayReceived) 36.
36.13 debug ipv6 ospf redistribute message send Command: debug ipv6 ospf redistribute message send no debug ipv6 ospf redistribute message send Function: To enable/disable debugging of sending command from IPv6 OSPF process redistributed to other IPv6 OSPF process routing. Default: Disabled. Command Mode: Admin Mode. Example: Switch#debug ipv6 ospf redistribute message send 36.
Function: Open debugging switches showing OSPF related routes; the “[no]debug ipv6 ospf route [ase|ia|install|spf]” command closes this debugging switch. Default: Closed. Command Mode: Admin mode 36.16 ipv6 ospf cost Command: ipv6 ospf cost [instance-id ] no ipv6 ospf [instance-id ] Function: Specify the cost required in running OSPF protocol on the interface; the “no ipv6 ospf cost [instance-id ]” command restores the default value.
Specify the dead interval for neighboring layer 3 switch; the “no ipv6 ospf dead-interval [instance-id ]” command restores the default value. Parameter: is the interface instance ID, ranging between 0~255, defaulted at 0
Switch#config terminal Switch(config)#ipv6 ospf display route single-line 36.19 ipv6 ospf hello-interval Command: ipv6 ospf hello-interval
36.20 ipv6 ospf priority Command: ipv6 ospf priority [instance-id ] no ipv6 ospf priority[instance-id ] Function: Configure the priority when electing “Defined layer 3 switch” at the interface. The “no ipv6 ospf [] priority” command restores the default value. Parameter: is the interface instance ID, ranging between 0~255, and defaulted at 0 is the priority of which the valid value ranges between 0~255. Default: The default priority when electing DR is 1.
Specify the retransmit interval of link state announcements between the interface and adjacent layer 3 switches. The “no ipv6 ospf retransmit-interval [instance-id ]” command restores the default value. Parameter: is the interface instance ID, ranging between 0~255, defaulted at 0
Command Mode: Interface Configuration Mode. Usage Guide: The LSA ages by time in the layer 3 switches but not in the transmission process. So by increasing the transmit-delay before sending LSA so that it will be sent out. The command can configure on IPv6 tunnel interface, but it is successful configuration to only configure tunnel carefully. Example: Set the interface vlan 1 LSA sending delay to 3 seconds.
configuration to only configure tunnel carefully. Example: Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ipv6 router ospf area 1 tag IPI instance-id 1 36.24 max-concurrent-dd Command: max-concurrent-dd no max-concurrent-dd Function: Configure with this command the current dd max concurrent number in the OSPF processing. The “no max-concurrent-dd” command restores the default.
Parameter: is the specific name of interface. Default: Not configured Command Mode: OSPFv3 protocol mode Example: Switch#config terminal Switch(config)#router ipv6 ospf Switch(config-router)#passive-interface vlan1 36.26 redistribute Command: [no] redistribute {kernel |connected| static| rip| isis| bgp} [metric] [metric-type {1|2}][route-map] Function: Introduce route learnt from other routing protocols into OSPFv3.
Switch(config-router)#redistribute bgp metric 12 metric-type 1 36.27 redistribute ospf Command: redistribute ospf [] [metric] [metric-type {1|2}] [route-map] no redistribute ospf [] [metric] [metric-type {1|2}][route-map] Function: To redistribute routing information form process-tag to this command. The no form of command cancels the redistribution of process-tag routing to this process.
Configure router ID for ospfv3 process. The “no router-id”restores ID to 0.0.0.0. Parameter: > is the router ID shown in IPv4 format. Default: 0.0.0.0 by default. Usage Guide: If the router-id is 0.0.0.0, the ospfv3 process can not be normally enabled. It is required to configure a router-id for ospfv3. Command Mode: OSPFv3 protocol mode Example: Switch#config terminal Switch(config)#router ipv6 ospf Switch(config-router)#router-id 192.168.2.1 36.
36.30 show ipv6 ospf Command: show ipv6 ospf [] Function: Display OSPF global and area messages. Parameter: is the process tag which is a character string. Default: Not displayed. Command Mode: All modes Example: Switch#show ipv6 ospf Routing Process "OSPFv3 (*null*)" with ID 192.168.2.2 SPF schedule delay 5 secs, Hold time between SPFs 10 secs Minimum LSA interval 5 secs, Minimum LSA arrival 1 secs Number of external LSA 0.
Display the OSPF link state data base message. Parameter: is the process tag which is a character string. is the ID of Advertising router, shown in IPv4 address format Default: Not displayed Command Mode: All modes Usage Guide: According to the output messages of this command, we can view the OSPF link state database messages.
Displayed information’s Explanations Link-LSA (Interface Vlan1) Link LSA messages of interface Vlan1 Router-LSA (Area 0.0.0.0) Router LSA messages in Area 0 Network-LSA (Area 0.0.0.0) Network LSA in Area 0 Intra-Area-Prefix-LSA (Area 0.0.0.0) Intra-domain Prefix LSA in Area 0 36.32 show ipv6 ospf interface Command: show ipv6 ospf interface |vlan Function: Display the OSPF interface messages. Parameter: is the name of the interface.
Interface Address fe80::203:fff:fe01:d28 Timer interval configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:10 Neighbor Count is 1, Adjacent neighbor count is 1 Vlan2 is up, line protocol is up Interface ID 2004 IPv6 Prefixes fe80::203:fff:fe01:257c/64 (Link-Local Address) 2000:1:1::1/64 OSPFv3 Process (*null*), Area 0.0.0.0, Instance ID 0 Router ID 192.168.2.2, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State Backup, Priority 1 Designated Router (ID) 192.168.2.
Hello due in 00:00:10 retransmission. Neighbor Count is 1, Adjacent neighbor count is 1 Numbers of the adjacent layer 3 switch; number of the layer 3 switches established with neighbor relation 36.33 show ipv6 ospf neighbor Command: show ipv6 ospf [] neighbor [ | detail | detail ] Function: Show OSPF adjacent point messages.
36.34 show ipv6 ospf route Command: show ipv6 ospf [] route Function: Show the OSPF route table messages. Parameter: is the processes tag, which is a character string. Default: Not displayed Command Mode: All modes Example: Destination Metric Next-hop O 2000:1:1::/64 10 directly connected, Vlan2 O 2001:1:1::/64 10 directly connected, Vlan1 O 3000:1:1::/64 20 via fe80::203:fff:fe01:429e, Vlan2 O 3003:1:1::/64 20 via fe80::203:fff:fe01:d28, Vlan1 36.
Switch#show ipv6 ospf redistribute ospf process abc redistribute information: ospf process def bgp ospf process def redistribute information: ospf process abc Switch#show ipv6 ospf abc redistribute ospf process abc redistribute information: ospf process def bgp 36.36 show ipv6 ospf topology Command: show ipv6 ospf [] topology [area ] Function: Show messages of OSPF topology. Parameter: is the processes tag, which is a character string.
36.37 show ipv6 ospf virtual-links Command: show ipv6 ospf [] virtual-links Function: Show OSPF virtual link messages. Parameter: is the processes tag, which is a character string. Default: Not displayed. Command Mode: All modes Example: Switch#show ipv6 ospf virtual-links Virtual Link VLINK1 to router 5.6.7.8 is up Transit area 0.0.0.
IPv6 Routing Table Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP > - selected route, * - FIB route, p - stale info Timers: Uptime C*> ::1/128 via ::, Loopback, 00:29:53 O 2001::/64 [110/10] via ::, Vlan1, 00:01:07 ,process aaa C*> 2001::/64 via ::, Vlan1, 00:02:54 O*> 2006::/64 [110/10] via ::, Vlan1, 00:01:07, process aaa O*> 2008::/64 [110/20] via fe80::203:fff:fe01:2542, Vlan1, 00:00:54, process bbb 36.
Chapter 37 Commands for BGP and MBGP4+ 37.1 address-family Command: address-family Function: Enter address-family mode. Parameter: address-family, such as IPv4、IPv6、VPNv4, etc ; : sub address-family, such as unicast、multicast Command Mode: BGP routing mode Usage Guide: Since the BGP-4 supports multi-protocol, it is available to get different configuration for each address-family.
Switch(config-vrf)#exit Switch(config)#router bgp 100 Switch(config-router)#address-family ipv4 vrf DC1 Switch(config-router-af)# 3) Enter BGP VPNv4 address-family mode. Switch(config)#router bgp 100 Switch(config-router)#address-family vpnv4 Switch(config-router-af)# 37.2 aggregate-address Command: aggregate-address [summary-only] [as-set] no aggregate-address [summary-only] [as-set] Function: Configure the aggregate-address.
37.3 bgp aggregate-nexthop-check Command: bgp aggregate-nexthop-check no bgp aggregate-nexthop-check Function: Configures whether BGP checks all the route next-hop in aggregating. The “no bgp aggregate-nexthop-check” command cancels this configuration, namely not check the next-hop accordance of aggregate route. Default: No nexthop checked during aggregating.
MED of routes from different AS source will also be compared. Example: The AS (200) receives the same route prefix form the two AS (100 and 300) carrying different MED, configure the MED comparison is always performed. Switch(config-router)#bgp always-compare-med 37.5 bgp asnotation asdot Command: bgp asnotation asdot no bgp asnotation asdot Function: Show AS number and match the regular expression with ASDOT method. The no command cancels this method. Default: ASPLAIN method.
Not set. Command Mode: BGP route mode Usage Guide: Length of AS-PATH will be compared in BGP pathing, and its length can be ignored by using this configuration. Example: Set to ignore the AS-PATH length: Switch(config)#router bgp 200 Switch(config-router)#bgp bestpath as-path ignore Related Command: bgp bestpath compare-confed-aspath, bgp bestpath compare-routerid, bgp bestpath med, no bgp bestpath compare-confed-aspath, no bgp bestpath compare-routerid, no bgp bestpath med 37.
37.8 bgp bestpath compare-routerid Command: bgp bestpath compare-routerid no bgp bestpath compare-routerid Function: Compare route ID; the “no bgp bestpath compare-routerid” command cancels this configuration. Default: Not configured. Command Mode: BGP route mode Usage Guide: Normally the first arrived route from the same AS (with other conditions equal) will be chosen as the best route. By using this command, source router ID will also be compared. Example: Device (10.1.1.
Not configured. Command Mode: BGP route mode Usage Guide: Choose whether MED is compared among confederations by this command. If MED is missing, it is considered max when missing-is-worst or else 0. Example: Configure to compare the MED attributes in the confederation path and to consider the value is the largest when MED is unavailable.
37.11 bgp cluster-id Command: bgp cluster-id {|<01-4294967295>} no bgp cluster-id {[]|<0-4294967295>} Function: Configure the route reflection ID during the route reflection. The “no bgp cluster-id {[]|<0-4294967295>}” command cancels this configuration. Parameter: |<1-4294967295>: cluster-id which is shown in dotted decimal notation or a 32 digit number. Default: Not configured.
decimal notation (such as 6553700) or delimiter method (such as 100.100). Default: No confederation. Command Mode: BGP route mode Usage Guide: Confederation is for divide large AS into several smaller AS, while still identified as the large AS. Create large AS number with this command. Example: Switch(config-router)# bgp confederation identifier 600 Related Command: bgp confederation peers, no bgp confederation peers 37.13 bgp confederation peers Command: bgp confederation peers [..
37.14 bgp dampening Command: bgp dampening [<1-45>] [<1-20000> <1-20000> <1-255>] [<1-45>] no bgp dampening Function: Configure the route dampening.The “no bgp dampening” command cancels the route dampening function. Parameter: <1-45>: Respectively the penalty half-lives of accessible and inaccessible route, namely the penalty value is reduced to half of the previous value, in minutes. <1-20000>: Respectively the penalty reuse border and restrain border. <1-255>: Maximum restrain route time, in minutes.
command cancels this configuration. Parameter: ipv4-unicast: Configure the default using IPv4-unicast to set up neighbor connection. local-preference<0-4294967295>: Configure the default local priority. Default: The IPv4 unicast is default enabled when BGP is enabled. The default priority is 100. Command Mode: BGP route mode. Usage Guide: IPv4 unicast address-family is default enabled in BGP. Cancel this setting with no bgp default ipv4-unicast command so to not enable this address-family in default.
Switch(config-router)#bgp deterministic-med 37.17 bgp enforce-first-as Command: bgp enforce-first-as no bgp enforce-first-as Function: Enforces the first AS position of the route AS-PATH contain the neighbor AS number or else disconnect this peer when the BGP is reviving the external routes. The “no bgp enforce-first-as” command cancels this configuration. Default: Not configured. Command Mode: BGP route mode Usage Guide: This command is usually for avoiding unsafe or unauthenticated routes.
Example: Switch(config-router)# bgp fast-external-failover 37.19 bgp inbound-route-filter Command: bgp inbound-route-filter no bgp inbound-route-filter Function: The bgp do not install the RD routing message which does not exist locally. The no command means the RD will be installed with no regard to the local existence of the RD. Command Mode: BGP mode.
Limit the number of routers learnt by the bgp process from its neighbors with this command. Example: The following configuration will limit max number of routers that the bgp process receives from its neighbors as 20000. Switch(config-router)# bgp inbound-max-route-num 20000 37.21 bgp log-neighbor-changes Command: bgp log-neighbor-changes no bgp log-neighbor-changes Function: Output log message when BGP neighbor changes. The “no bgp log-neighbor-changes” command cancels this configuration.
Usage Guide: Checking the IGP accessibility of the route advertised by BGP is to check the existence of next-hop and its IGP accessibility. Example: Set to check the IGP accessibility of BGP network route. Switch(config-router)# bgp network import-check 37.
Not following rfc 1771 restrictions. Command Mode: Global mode Usage Guide: With this attribute set, generation types of routes from protocols such as RIP, OSPF, ISIS, etc will be regarded as IGP (internal generated), or else as incomplete. Example: Configure to stricly follow the rfc1771 restrictions. Switch(config)#bgp rfc1771-strict 37.25 bgp router-id Command: bgp router-id no bgp router-id [] Function: Configure the router ID manually. The no operation cancels this configuration.
Set the time interval of the periodical next-hop validation; the “no bgp scan-time [<0-60>]” command restores to the default value. Parameter: <0-60>: Validation time interval. Default: Default interval is 60s. Command Mode: BGP route mode Usage Guide: Validate the next-hop of BGP route, this command is for configuring the interval of this check. Set the parameter to 0 if you don’t want to check. Example: Set the time interval of periodical next-hop validation to be 30s.
37.28 clear ip bgp dampening Command: clear ip bgp [] dampening [|] Function: Used for resetting BGP routing dampening. Parameter: : address-family, such as “ipv4 unicast”. : IP address. : IP address and mask. Command Mode: Admin mode Usage Guide: It is possible to clear BGP routing dampening messages and state by different parameters (such as address-family or IPv4 address).
Example: Clear the BGP dampening statistic messages of IPv4 unicast cluster. Switch#clear ip bgp ipv4 unicast flap-statistics 37.30 debug bgp Command: debug bgp [|all] no debug bgp [|all] Function: For BGP debugging. The “no debug bgp [|all]” command closes the BGP debugging messages Parameter: : BGP module names, including dampening、events、filters、fsm、keepalives、nsm、 updates, etc.
Admin Mode. Example: Switch# debug bgp redistribute message send Switch# no debug bgp redistribute message send 37.32 debug bgp redistribute route receive Command: debug bgp redistribute route receive no debug bgp redistribute route receive Function: To enable debugging switch of received messages from NSM for BGP. The no form of this command will disable debugging switch of received messages from NSM for BGP. Default: Close the debug by default. Command Mode: Admin Mode.
Example: Switch# debug ipv6 bgp redistribute message send 37.34 debug ipv6 bgp redistribute route receive Command: debug ipv6 bgp redistribute route receive no debug ipv6 bgp redistribute route receive Function: To enable debugging switch of received messages from NSM for MBGP4+. The no form of this command will disable debugging switch of received messages from NSM for MBGP4+. Default: Close the debug by default. Command Mode: Admin Mode.
Usage Guide: Set the manage distance for specified BGP route as the path selecting basis. Example: Set the manage distance for route 90 10.1.1.64/32 to be 90. Switch(config-router)# distance 90 10.1.1.64/32 37.36 distance bgp Command: distance bgp <1-255> <1-255> <1-255> no distance bgp [<1-255> <1-255> <1-255>] Function: Set the BGP protocol management distance. The “no distance bgp [<1-255> <1-255> <1-255>]” command restores the manage distance to default value.
Usage Guide: Use this command to exit the mode so to end the address-family configuration when configuring address-family under BGP. Example: Switch(config)#router bgp 100 Switch(config-router)#address-family ipv4 unicast Switch(config-router-af)# exit-address-family Switch(config-router)# Related Command: address-family 37.38 import map Command: import map no import map Function: Use this command to configure the route-map regulations when introducing routes into VRF.
Switch(config-af)#import map map1 Switch#show ip bgp vpn all Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:10 (Default for VRF DC1) *> 11.1.1.0/24 11.1.1.64 0 0 200 ? *>i15.1.1.0/24 10.1.1.68 0 *> 20.1.1.0/24 11.1.1.64 0 *>i100.1.1.0/24 10.1.1.68 0 100 655 300 ? 100 655 300 ? 0 200 ? Route Distinguisher: 100:10 *>i15.1.1.0/24 10.1.1.68 0 100 0 300 ? *>i100.1.1.0/24 10.1.1.
37.40 ip community-list Command: ip community-list { | <1-199> | [expanded ] | [standard ]} {deny | permit} <.COMMUNITY> no ip community-list { | <1-199> | [expanded ] | [standard ]} [{deny | permit} <.COMMUNITY>] Function: Configure the community-list. The “no ip community-list {|<1-199>|[expanded ]|[standard ]} [{deny|permit} <.COMMUNITY>]” command deletes the community list. Parameter: : name of community list.
{|<1-199>|[expanded ]|[standard ]} {deny|permit} <.COMMUNITY>“ command is for deleting the extended community list. Parameter: : name of community-list. <1-199>: Standard or extended community number. : Standard or extended community number. <.COMMUNITY >: Members of the community list, which may be the combination of aa:nn, or internet, local-AS, no-advertise, and no-export. It can be shown in regular expressions under extended conditions.
enabled, the address-family route will not be acquired by the partner even if the corresponding address family routes acquired before will be cancelled after this option is disabled. Example: Configure to exchange the unicast route with neighbor 2002::2. Switch(config-router)#neighbor 2002::2 activate Switch(config-router)#address-family ipv4 Switch(config-router-af)#no neighbor 2002::2 activate Switch(config-router-af)# 37.
no neighbor {|} allowas-in Function: Configure the counts same AS is allowed to appear in the neighbor route AS table. The “no neighbor {|} allowas-in” restores to not allow any repeat. Parameter: : IP address of the neighbor. : Name of the peer group. <1-10>: Allowed count of same AS number. Default: In default conditions AS is not allowed repeating in the same route, and when set the repeat count it is defaulted at 3 when <1-10> parameters not set.
Usage Guide: After configure this command, the route from the neighbor will cover the existed AS number. Example: Switch (config)#router bgp 100 Switch (config-router)#address-family ipv4 vrf VRF-A Switch(config-router-af)#neighbor 3.0.0.1 remote-as 65001 Switch(config-router-af)# neighbor 3.0.0.1 as-override Switch(config-router-af)# 37.
37.47 neighbor capability Command: neighbor {|} capability {dynamic | route-refresh} no neighbor {|} capability {dynamic | route-refresh} Function: Configure dynamic update between neighbors and the route refresh capability negotiation. The “no neighbor {|} capability {dynamic | route-refresh}” command do not enable the specific capability negotiation. Parameter: : Neighbor IP address. : Name of peer group.
{|} capability orf prefix-list {||}” command set to not perform the negotiation. Parameter: : Neighbor IP address. : Name of peer group. Default: ORF capability not configured. Command Mode: BGP route mode and address-family mode Usage Guide: This is an extended BGP capability.
route mode and address family mode Usage Guide: This command is for settling the problem that multi-connection among peers due to TCP connection collision. Connections created with this option on will always be check even at established state. And it will be checked if local side IP is larger than partner IP when collides.
Switch(config-router)# Then the default route from BGP will appear in partner route list. Relevant Commands: route-map 37.51 neighbor description Command: neighbor {|} description <.LINE> no neighbor {|} description Function: Configure the description string of the peer or peer group. The “no neighbor {|} description” command deletes the configurations of this string. Parameter: : Neighbor IP address. : Name of peer group. <.
Configure the policy applied in partner route update transmission. The “no neighbor {|} distribute-list {<1-199>|<1300-2699>|} {in|out}” command cancels the policy configuration. Parameter: : Neighbor IP address. : Name of peer group. <1-199>|<1300-2699>|: Number or name of the access-list. Default: Policy not applied.
Command Mode: BGP route mode and address-family mode Usage Guide: As the negotiation is the default, it can be disabled with this configuration when it is known that the partner BGP version is old which don’t support capability negotiation. Example: Last addition capability negotiation will not be realized in the connection by configuring as follows. Switch(config-router)#neighbor 10.1.1.64 dont-capability-negotiate 37.
Switch(config-router)#neighbor 11.1.1.120 ebgp-multihop on 11.1.1.120 Switch(config-router)#neighbor 10.1.1.64 ebgp-multihop After this, switches in different segments will be able to create BGP neighbor relationship. 37.55 neighbor enforce-multihop Command: neighbor {|} enforce-multihop no neighbor {|} enforce-multihop Function: Enforce the multihop connection to the neighbor. The “no neighbor {|} enforce-multihop” command cancels this configuration.
Function: Access-list control for AS-PATH. The “no neighbor {|} filter-list <.LINE> {|}” cancels the AS-PATH access-list control. Parameter: : Neighbor IP address. : Name of peer group. : AS-PATH access-list name configured through ip as-pathaccess-list<.LINE>. Default: Not configured. Command Mode: BGP route mode and address list mode.
Default: Not configured. Command Mode: BGP route mode and address-family mode Usage Guide: Specifies the exit interface to the neighbor with this command. Interface destination accessibility should be ensured. Example: Set the interface to neighbor 10.1.1.64 as interface vlan 2。 Switch(config-router)# neighbor 10.1.1.64 interface Vlan2 37.
Configure the maximum number of route prefix from neighbor 10.1.1.64 is 12, and it warns when the number of route prefix reaches 6, and the connection will be cut when the number hit 13. Switch(config-router)#neighbor 10.1.1.64 maximum-prefix 12 50 37.59 neighbor next-hop-self Command: neighbor {|} next-hop-self no neighbor {|} next-hop-self Function: Ask the neighbor to point the route nexthop sent by the local side to local side.
Parameter: : Neighbor IP address. : Name of the peer group. Default: Disabled. Command Mode: BGP route mode Usage Guide: With this attribute, error notify due to unsupported capability negotiation the neighbors required will not be sent. Example: Switch(config-router)#neighbor 10.1.1.64 override-capability Related Command: neighbor capability 37.
Switch(config-router)#neighbor 10.1.1.64 passive After configured with this attribute and reestablishing the connection , the local side do not attempt to create connection but stays in ACTIVE state waiting for the TCP connection request from the partner. 37.62 neighbor peer-group (Creating) Command: neighbor < TAG> peer-group no neighbor < TAG> peer-group Function: Create/delete a peer group. The “no neighbor < TAG> peer-group” command deletes a peer group.
no neighbor peer-group Function: Assign/delete peers in the group. The “no neighbor peer-group “command deletes the peers from the peer group. Parameter: : Neighbor IP address. : Name of peer group. Default: No peer group. Command Mode: BGP route mode and address-family mode Usage Guide: By configuring the peer group, a group of peers with the same attributes will be configured at the same time so to reduce the configuration staff labor.
Switch(config-router)#neighbor 10.1.1.64 port 1023 37.65 neighbor prefix-list Command: neighbor {|} prefix-list {} no neighbor {|} prefix-list {|} Function: Configure the prefix restrictions applied in sending or receiving routes from specified neighbors.The “no neighbor {|} prefix-list {|}” command cancels this configuration. Parameter: : Neighbor IP address.
Configure the BGP neighbor. The no command is used for deleting BGP neighbors. Parameter: : Neighbor IP address : Name of peer group : Neighbor AS number, ranging from 1 to 4294967295, it can be shown in decimal notation (such as 6553700) or delimiter method (such as 100.100). Default: No neighbors Command Mode: BGP route mode and address-family mode Usage Guide: The BGP neighbors are completely generated through command configurations.
Configure this attribute to avoid assigning the internal AS number to the external AS sometimes. The internal AS number ranges between 64512-65535, which the AS number could not be sent to the INTERNET since it is not a valid external AS number. What removed here is private AS numbers of the totally private AS routes. Those who have private AS numbers while also have public AS numbers are not processed. Example: Switch(config-router)#neighbor 10.1.1.64 remove-private-AS 37.
37.69 neighbor route-reflector-client Command: neighbor {|} route-reflector-client no neighbor {|} route-reflector-client Function: Configure the route reflector client. The “no neighbor {|} route-reflector-client” command cancels this configuration Parameter: : Neighbor IP address : Name of peer group Default: Not configured.
Function: Configure the route server client. The “no neighbor {|} route-server-client” command cancels this configuration. Parameter: : Neighbor IP address : Name of peer group Default: Not configured Command Mode: BGP route mode and address-family mode Usage Guide: The route service is for reducing the peers when the router between AS is too much under EBGP environment.
Sending the community attributes. Command Mode: BGP route mode and address-family mode Usage Guide: The community attributes can be sent to the outside or not. By default of our company we set to sending while the default in standard protocol is not sending. By configuring this attribute community attributes will be carried when sending routing information’s to the neighbors, or else not. Omission of the following choice will be equal to standard. Example: Switch(config-router)#no neighbor 10.1.1.
neighbor {|} soft-reconfiguration inbound no neighbor {|} soft-reconfiguration inbound Function: Configures whether perform inbound soft reconfiguration; the “no neighbor {|} soft-reconfiguration inbound” command set to not perform the inbound soft reconfiguration. Parameter: : Neighbor IP address : Name of peer group Default: Not perform inbound soft reconfiguration.
Switch (config)#router bgp 100 Switch(config-router)#address-family ipv4 vrf DC1 Switch(config-router-af)# neighbor 11.1.1.64 remote 200 Switch(config-router-af)# neighbor 11.1.1.64 soo 100.100:10 After this attribute set, the switch will no longer spreads the route with 100.100:10 rt attribute to 11.1.1.64.
37.76 neighbor timers Command: neighbor {|} timers <0-65535> <0-65535> no neighbor {|} timers <0-65535> <0-65535> Function: Configure the KEEPALIVE interval and hold time; the “no neighbor {|} timers <0-65535> <0-65535>” command restores the defaults. Parameter: Neighbor IP address : Name of peer group <0-65535>: Respectively the KEEPALIVE and HOLD TIME Default: Default KEEPALIVE time is 60s, while HOLD TIME is 240s.
<0-65535>: Retry interval Default: 120s. Command Mode: BGP route mode and address-family mode Usage Guide: Configure the connecting time interval when connecting a peer. The NO form restores the default value. Example: Switch(config-router)#neighbor 10.1.1.64 timers connect 100 Related Command: neighbor timers 37.
Switch(config-route-map)#match ip next-hop 10 Route with nexthop as 10.1.1.100 will not be restrained. 37.79 neighbor update-source Command: neighbor {|} update-source no neighbor {|} update-source Function: Configure the update source.
Parameter: : Neighbor IP address : Name of the peer group 4: Allowed BGP version, 4 only Default: 4. Command Mode: BGP route mode Usage Guide: Only version 4 is supported so far, so whatever the configuration is the version remains at 4. Example: Switch(config-router)#neighbor 10.1.1.66 version 4 Switch(config-router)# 37.
Example: Switch(config-router)#neighbor 10.1.1.66 weight 500 37.82 network (BGP) Command: network [route-map ] [backdoor] no network [route-map ] [backdoor] Function: Configure the BGP managed network, the route map specified in network application, or set the “back door” for the network. The “no network [route-map ] [backdoor]” command cancels this configuration.
: Route source or protocol, including: connected, ISIS, kernel, OSPF, RIP, static, etc. : Name of route map. Command Mode: BGP Route Mode. Usage Guide: Route from other ways will be distributed into the BGP route table with this command and transmitted to the neighbors. Example: The static route is introduced into BGP with this configuration and advertised to the neighbors. Example: Switch(config-router)# redistribute static 37.
37.85 redistribute ospf (MBGP4+) Command: redistribute ospf [] [route-map] no redistribute ospf [] Function: To redistribute routing information form OSPFv3 to MBGP4+. The no form of this command will remove the configuration. Parameters: process-id is the process character string of the OSPFv3, the length is less than 15. If no process id is specified, the default process will be used. route-map is the pointer to the introduced routing map.
Global mode Usage Guide: Enable BGP by specified AS, and then enter the config-router state, the protocol can be configured at this prompt. Example: Enable BGP, AS number is 4294967295 in decimal notation. Switch(config)#router bgp 4294967295 Switch(config-router)#exit Enable BGP, AS number is 4294967295 in delimiter method. Switch(config)#router bgp 65535.65535 Switch(config-router)#exit 37.
Switch(config-router)#neighbor 10.1.1.68 route-map map1 in Switch(config-router)#address-family vpnv4 unicast Switch(config-router-af)#neighbor 10.1.1.68 activate Switch(config-router-af)#exit-address-family View the route message after refresh: Switch#show ip bgp vpnv4 all Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:10 (Default for VRF DC1) *> 11.1.1.0/24 11.1.1.64 0 0 200 ? *>i15.1.1.0/24 10.1.1.250 0 *> 20.1.1.0/24 11.1.1.64 0 *>i100.1.1.0/24 10.1.1.
Example: Switch#show ip bgp BGP table version is 147, local router ID is 10.1.1.64 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 12.0.0.0 10.1.1.121 0 32768 ? *> 100.1.1.0/24 10.1.1.200 0 32768 ? *> 100.1.2.0/24 10.1.1.200 0 32768 ? *> 172.0.0.0/8 0.0.0.0 32768 i Total number of prefixes 4 37.
show ip bgp [] community [exact-match] Function: For displaying route permitted by BGP with community information. Parameter: : Address-family, such as “ipv4 unicast” : Community attributes number show in AA:NN form or combination of local-AS, no-advertise, and no-export. Command Mode: Admin and configuration mode Usage Guide: We can choose several communities at a time, exact-match shows only the perfect match entries will be displayed.
Address Refcnt Community [0x3312558] (3) 100:50 37.92 show ip bgp community-list Command: show ip bgp [] community-list [exact-match] Function: For displaying the routes containing the community list messages and permitted by BGP Parameter: : Address-family such as “ipv4 unicast” : Community list Command Mode: Admin and configuration mode Usage Guide: Configure the community list with ip community-list command and the contained community as well.
{||} Function: Display the routes permitted by BGP and relevant to the route dampening. Parameter: : Address-family, such as “ipv4 unicast”. Command Mode: Admin and configuration mode Usage Guide: Only the surged routes will be displayed. The Parameters shows the display configuration other than specific routes. The other two options will respectively show the restrained route and the dampening (recently recovered from invalid) routing messages.
Un-reach ability Half-Life time : 15 min Max penalty (ceil) : 11999 Min penalty (floor) : 375 Total number of prefixes 1 Related Command: bgp dampening 37.94 show ip bgp filter-list Command: show ip bgp [] filter-list [] Function: For displaying the routes in BGP meeting the specific AS filter list.
37.95 show ip bgp inconsistent-as Command: show ip bgp [] inconsistent-as Function: For displaying routes with inconsistent BGP AS. Parameter: : address family such as “ipv4 unicast”. Command Mode: Admin and configuration mode Usage Guide: If same prefix comes from different origin AS, the AS will be regarded as inconsistent. This command is for displaying this kind of routes. Example: Switch#sh ip bgp inconsistent-as BGP table version is 2, local router ID is 11.1.1.
Admin and configuration mode Usage Guide: Display detailed messages of all neighbors by this command without parameters. Specifying IP address will show the detailed information of the neighbors with specified IP address. The advertised-routes 、received prefix-filter、received routes、routes parameters will respectively displays the routes broadcast on local side, the received prefix filter, received routes (soft reconfiguration enabled) and the routing message from specific neighbor.
: Address-family such as “ipv4 unicast”. Command Mode: Admin and configuration mode Usage Guide: Display the BGP path message includes the utilization state. Example: Switch#sh ip bgp paths Address Refcnt Path [0x331dad0:0] (1) [0x331d850:93] (1) 600 [0x331d8d8:249] (2) 200 300 37.98 show ip bgp prefix-list Command: show ip bgp [] prefix-list [] Function: For displaying the route meet the specific prefix-list in BGP.
*> 10.1.1.100 0 32768 ? Total number of prefixes 1 37.99 show ip bgp quote-regexp Command: show ip bgp [] quote-regexp [] Function: For displaying the BGP route meets the specific AS related regular expression. Parameter: : >: address-family such as “ipv4 unicast” : Regular expression Command Mode: Admin and configuration mode Usage Guide: Selecting the required route through regular expressions.
37.100 show ip bgp regexp Command: show ip bgp [] regexp [] Function: For displaying the BGP routes meets specific AS related normal expressions. Parameter: : >: address-family such as “ipv4 unicast” : Regular expression Command Mode: Admin and configuration mode Usage Guide: We can select BGP route of the required AS with normal expression. Example: Switch#sh ip bgp regexp 100 BGP table version is 2, local router ID is 11.1.1.
process routes with route map. The command will display the routes meet specific route map. Example: Switch#sh ip bgp route-map rmp BGP table version is 2, local router ID is 11.1.1.100 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network * 100.1.1.0/24 *> Next Hop Metric LocPrf Weight Path 10.1.1.64 0 10.1.1.68 0 0 500 100 600 ? 0 300 ? Total number of prefixes 1 37.
show ip bgp [] summary Function: For displaying the BGP summary information. Parameter: : Address-family such as “ipv4 unicast”. Command Mode: Admin and configuration mode Usage Guide: Display some basic summary information of BGP. Example: Switch#show ip bgp summary BGP router identifier 10.1.1.66, local AS number 200 BGP table version is 1 1 BGP AS-PATH entries 0 BGP community entries Neighbor V 10.1.1.
37.104 show ip bgp view Command: show ip bgp view [] [ | | [] summary] Function: For displaying the messages of specified BGP instance. Parameter: : Name of BGP instance : IP address : IP address and mask : Address-family such as “ipv4 unicast” Command Mode: Admin and configuration mode Usage Guide: Display messages of specified BGP instance. Example: Switch#show ip bgp view as300 100.1.1.
37.106 show ip bgp vrf Command: show ip bgp vrf [NAME] {summary | A.B.C.D | A.B.C.D/M} Function: For displaying the routing messages and the neighbors permitted by BGP. Parameter: : The name of the VRF instance summary: Display the summary information of the BGP neighbor A.B.C.D: IP address A.B.C.
V Neighbor runs BGP AS Neighbor belongs to AS MsgRcvd The information number received from the neighbor MsgSent The information number is sent to the neighbor TblVer Route table version Up/Down If the state is established with the neighbor, display the dialog time, or display the current state State/PfxRcd If the state is established with the neighbor, display the prefix number of the received route, or display the current state 2) Display the BGP route information: S2#show ip bgp vrf 1 BGP
Origin incomplete, metric 6, localpref 100, valid, external, best Last update: 00:41:47 37.107 show ip bgp vpnv4 Command: show ip bgp vpnv4 {all | rd | vrf } Function: Display all VRF route messages or the specific VRF route message. Parameter: all: All VPNv4 peers; rd-val: is the route identification label which is normally the (AS number or IP address): digits, such as 100:10; rf-name: is the name of VRF, created through if vrf command.
Example: Switch#show ipv6 bgp redistribute 37.109 timers bgp Command: timers bgp <0-65535> <0-65535> no timers bgp [<0-65535> <0-65535>] Function: Configure all neighbor time in BGP. The “no timers bgp [<0-65535> <0-65535>]” command restores these times to default value. Parameter: <0-65535> Respectively the KEEPALIVE interval and the hold time. Default: KEEPALIVE is 60s, HOLD TIME is 240s. Command Mode: Admin and Configuration Mode.
Chapter 38 Commands for Black Hole Routing 38.1 ip route null0 Command: ip route { ||} null0 [] no ip route { ||} null0 Function: To configure routing destined to the specified network to the interface of null0.
output interface for the black hole routing. is the route weight, ranging between 1 to 255 and 1 by default. Command Mode: Global Configuration Mode. Usage Guide: When configuring IPv6 Black Hole Routing, it is much like configuring normal static routing, but using null0 as the output interface. Example: To configure a route to 2001:2:3:4::/64 as a Black Hole Routing. Switch(config)#ipv6 route 2001:2:3:4::/64 null0 Chapter 39 Commands for GRE Tunnel Configuration 39.
GRE Tunnel PACKET: recv, src <1.1.1.2>, dst <1.1.1.1>, size <140>, proto <0x0800>, from 39.2 ip address Command: ip address no ip address Function: Configure the IPv4 address of GRE tunnel interface. Parameter: is IPv4 address, is the sub-net mask. Command mode: Tunnel interface configuration mode.
Command mode: Global mode. Usage Guide: Configure the output interface of IPv4 static route as GRE tunnel. Example: Configure the output interface of IPv4 static route as GRE tunnel. Switch(config)# interface tunnel 1 Switch(config)#ip route 101.0.0.0/24 tunnel 1 39.4 ipv6 address Command: ipv6 address no ipv6 address Function: Configure the IPv6 address for the GRE tunnel interface. Parameter: is the IPv6 address, is prefix length.
ipv6 route tunnel no ipv6 route tunnel Function: Configure the output interface of IPv6 static route as GRE tunnel. Parameter: is the IPv6 address, is the prefix length, is the GRE tunnel ID. Command mode: Global mode. Usage Guide: Configure the output interface of IPv6 static route as GRE tunnel. Example: Configure the output interface of IPv6 static route as GRE tunnel.
loopback-group no loopback-group Function: Join layer 2 Ethernet port in the specified loopback-group. Parameter: is the loopback-group ID, the ranging from 1 to 128. Command mode: Port Mode. Usage Guide: There is no configuration for a specified port before join it in a loopback-group. Example: Join port 1/0/1 in loopback-group 1. Switch (config-if-ethernet1/0/1)#loopback-group 1 39.
39.9 show gre tunnel Command: show gre tunnel {<1-50 |>} Function: Display the configuration information of GRE tunnel. Parameter: <1-50>: The tunnel ID. Command mode: Admin mode and configuration mode. Example: Display the configuration information of GRE tunnel. Switch# show gre tunnel name Tunnel1 Tunnel2 mode source gre ip gre ipv6 destination 192.168.1.1 2001::1 192.168.1.
Switch# show interface tunnel 1 Tunnel1 is up, line protocol is up, dev index is 8001 Device flag 0x81(UP NOARP) IPv4 address is: (NULL) VRF Bind: Not Bind 39.11 tunnel destination Command: tunnel destination { | } no tunnel destination Function: Configure the destination address (IPv6 or IPv4 address) for GRE tunnel. Parameter: is the IPv6 address, is the IPv4 address. Command mode: Tunnel interface configuration mode.
Usage Guide: Configure the GREv4 tunnel mode, the data packets are encapsulated with GREv4 to be forwarded. Example: Configure the data packets to process the encapsulation of the GREv4 to be forwarded. Switch(config)# interface tunnel 1 Switch(config-if-tunnel1)# tunnel mode gre ip 39.13 tunnel mode gre ipv6 Command: tunnel mode gre ipv6 no tunnel mode Function: Configure the tunnel mode as GREv6 tunnel, after the GRE data packets are encapsulated, it has an IPv6 packet head, and pass the IPv6 network.
Usage Guide: Configure the source address (IPv6 or IPv4 address) for GRE tunnel. Example: Configure the source IPv6 address for GRE tunnel.
Chapter 40 Commands for ECMP 40.1 load-balance Command: load-balance {dst-src-mac | dst-src-ip | dst-src-mac-ip} Function: Set load-balance mode for switch, it takes effect for port-group and ECMP at the same time.
equal to disable ECMP function. Command mode: Global Mode. Default: The default number is 4. Example: Configure the maximum-paths of the equivalence multi-paths as 8.
Chapter 41 Commands for BFD 41.1 bfd authentication key Command: bfd authentication key <1-255> no bfd authentication key Function: Enable BFD authentication and configure key for interface, no command disables BFD authentication. Parameter: <1-255>- key ID. Default: Do not enable BFD authentication for interface. Command Mode: interface configuration mode Usage Guide: Configure key ID of BFD interface, different interfaces can use different way to encrypt and authenticate.
Command Mode: Global configuration mode Usage Guide: Configure md5 mode and authentication character string for BFD authentication, BFD authentication will be processed by optional fields of packets after this command is configured. BFD will establish neighbor in case that keys in two peers are same. Example: Use md5 to encrypt, key ID is 1, authentication character string is 123456. s5(config)#in vlan 50 s5(config)#bfd authentication key 1 md5 123456 41.
41.4 bfd echo Command: bfd echo no bfd echo Function: Enable bfd echo, no command deletes bfd echo. Default: echo is disabled on interface. Command Mode: Interface configuration mode Usage Guide: Enable bfd echo, session in up mode sends echo packets to reduce frequency of control packets. Example: Enable echo on interface. s5(config)#in vlan 50 s5(config-if-vlan50)#bfd echo 41.
destination address of packets is an interface address to ensure that packets can be returned along the original paths. There is no special request for UDP data. Example: Configure source address of bfd echo packets to 192.168.1.1. s5(config)#bfd echo-source-ip 192.168.1.1 41.6 bfd echo-source-ipv6 Command: bfd echo-source-ipv6 no bfd echo-source-ipv6 Function: Detect link fault by configuring source address of echo packets, no command deletes the configured source address of echo packets.
Function: Enable BFD for VRRP(v3) protocol and enable BFD detection on the group, no command disables BFD for VRRP(v3) protocol. Default: BFD is not enabled for VRRP(v3). Command Mode: VRRP(v3) group configuration mode Usage Guide: After enable BFD detection on the group, if the group receives hello packets when processing backup, it will inform BFD to establish the relevant session. Local ip and remote ip are IP of the interfaces at two peers. Example: Enable BFD on VRRP group1.
-minimum receiving interval, unit is ms, range from 200 to 1000, it may be different for different devices. - multiplier of session detection, range from 3 to 50. Default: minimum transmission interval is 400ms, minimum receiving interval is 400ms, detection multiplier is 5. Command Mode: Interface configuration mode Usage Guide: Configure the minimum transmission interval and the multiplier of session detection for BFD control packets.
Configure the minimum receiving interval is 800ms for bfd echo packets. s5(config)#in vlan 50 s5(config-if-vlan50)#bfd min-echo-recv-interval 800 41.10 bfd mode Command: bfd mode {active | passive} no bfd mode Function: Configure BFD working mode before the session is established, the default mode is active mode. No command restores active mode. Parameter: active-active mode, passive-passive mode.
fsm:Enable the display of state machine for BFD error: Enable the display of error events for BFD timer: Enable the display of timeout events for BFD Command Mode: Admin mode Usage Guide: Enable the relevant debugging of BFD. Example: Enable the debugging of BFD. s5#debug bfd all 41.12 ip ospf bfd enable Command: ip ospf bfd enable no ip ospf bfd enable Function: Enable BFD for OSPF protocol on the specific interface, no command disables BFD for OSPF protocol. Default: BFD is not enabled for OSPF protocol.
Function: Configure BFD for the static route, no command cancels the configuration. Parameter: is vrf name, is destination address, mask is the subnet mask, nexthop is nexthop address Command Mode: Global mode Default: BFD is not configured for the static route. Usage Guide: Configure BFD for the route and specify the detection mode. Example: Configure BFD for the static route. s3(config)#ip route 10.1.1.0/24 20.1.1.2 bfd 41.
41.15 ipv6 ospf bfd enable instance-id Command: ipv6 ospf bfd enable instance-id <0-255> no ipv6 ospf bfd enable Function: Configure BFD for OSPFv3 instance on the specific interface, no command cancels the configuration. Default: BFD is no enabled for OSPFv3 instance. Command Mode: Interface configuration mode Usage Guide: Configure BFD for OSPFv3 instance on the specific interface which enable OSPFv3 protocol, BFD will inform OSPFv3 after detect link fault and OSPFv3 will deal with it in best times.
41.17 ipv6 route bfd Command: ipv6 route {vrf | } prefix bfd no ipv6 route {vrf |} prefix bfd Function: Configure BFD for the static IPv6 route, no command cancels the configuration. Parameter: is vrf name, is destination address, prefix is prefix length, vlanid is output interface, nexthop is nexthop address. Default: BFD is not configured for the static IPv6 route.
Usage Guide: Enable link detection offered by BFD on the peer neighbor of BGP(4+), BFD will inform BGP(4+) protocol after detect the neighbor’s link fault. Example: Enable link detection offered by BFD on the peer neighbor of BGP. s5(config)#router bgp 1 s5(config-router)#neighbor 1.1.1.1 bfd Enable link detection offered by BFD on the peer neighbor of BGP4+. s5(config-router)#router bgp 1 s5(config-router)#neighbor 2001::2 remote-as 200 s5(config-router)#neighbor 2001::2 bfd 41.
show bfd neighbor [[| specifies the shown neighbor shown of IPv6 addres, specifies the shown neighbor of IPv4 address, IP address refers to remote IP address, details shows the detail information of neighbor. Command Mode: Admin mode and configuration mode Usage Guide: Show BFD neighbor in switch. Example: Check the relevant information of BFD neighbor. s5#show bfd neighbor 50.1.1.
Commands for Routing Protocol Chapter 12 Commands for BGP GR Chapter 42 Commands for BGP GR 42.1 bgp graceful-restart Command: bgp graceful-restart no bgp graceful-restart Function: Enable BGP to support GR and set restart-time and stale-path-time as the default value, no command disables GR. Command Mode: BGP router configuration mode Default: Do not enable BGP to support GR. Example: Configure GR. Switch(config-router)# bgp graceful-restart 42.
Commands for Routing Protocol Chapter 12 Commands for BGP GR Example: Configure restart-time as 60s for BGP GR Switch(config-router)# bgp graceful-restart restart-time 60 42.3 bgp graceful-restart stale-path-time Command: bgp graceful-restart stale-path-time <1-3600> no bgp graceful-restart stale-path-time <1-3600> Function: Configure stale-path-time for BGP GR. Specify the longest waiting time that delete stale route from the received OPEN messages to the received EOR for Receiving Speaker.
Commands for Routing Protocol Chapter 12 Commands for BGP GR Command Mode: BGP route configuration mode Default: selection-deferral-time uses the default value of 120s. Example: Configure selection-deferral-time as 240s for BGP GR. Switch(config-router)# bgp selection-deferral-time 240 42.5 neighbor capability graceful-restart Command: neighbor (A.B.C.D | X:X::X:X | WORD) capability graceful-restart no neighbor (A.B.C.
Commands for Routing Protocol Chapter 12 Commands for BGP GR Command Mode: BGP protocol unicast address family mode and VRF address family mode. Default: The default restart-time is 120s for neighbor. Example: Configure restart-time as 60s for neighbor 1.1.1.1.
Chapter 43 Commands for OSPF GR 43.1 capability restart graceful Command: capability restart graceful no capability restart Function: Enable GR of specified OSPF process, no command disables this function. Command mode: OSPF protocol configuration mode Default: Enable OSRF GR function. Usage Guide: When a switch is using OSPF GR, it will quit GR directly if disable GR. Example: Enable OSPF GR function. Switch(config)#router ospf Switch(config-router)#capability restart graceful 43.
43.3 ospf graceful-restart grace-period Command: ospf graceful-restart grace-period no ospf restart grace-period Function: Configure grace period of GR restarter, no command restores grace period to default value. Parameter: : value of grace period, unit is second and ranging from 1 to 1800. Command mode: Global configuration mode Default: 60s. Usage Guide: Configure grace period of GR restarter (The switch processes switchover or restart protocol).
Usage Guide: If grace period set by GR restarter is bigger than max-grace period configured by helper, helper will not help restarter to complete GR. The no command deletes all helper policies. Example: Configure the maximum grace period allowed by GR helper to 100s. Switch(config)#ospf graceful-restart helper max-grace-period 100 43.5 ospf graceful-restart helper never Command: ospf graceful-restart helper never no ospf graceful-restart helper Function: One of GR helper policies.
all processes when there is no parameter configured. Command Mode: Admin mode Example: Show main OSPF information of all processes. Switch#show ip ospf Routing Process "ospf 0" with ID 192.168.40.
Parameter: : Process ID, ranging from 0 to 65535. It means that GR state of all processes shown when there is no parameter configured. Command Mode: Admin mode Example: Show GR state of all processes on GR restarter. Switch#show ip ospf graceful-restart OSPF process 0 graceful-restart information: GR status :GR in progress GR remaining time : 50 Display Description OSPF process 0 graceful-restart information OSPF GR state in process 0.
Chapter 44 IPv4 Multicast Protocol 44.1 Public Commands for Multicast 44.1.1 show ip mroute Command: show ip mroute [ []] Function: show IPv4 software multicast route table. Parameter: GroupAddr: show the multicast entries relative to this Group address. SourceAddr: show the multicast route entries relative to this source address. Command Mode: Admin mode and global mode Example: show all entries of multicast route table.
Iif ingress interface of the entries Wrong packets received from the wrong interface Oif egress interface of the entries TTL the value of TTL 44.2 Commands for PIM-DM 44.2.1 debug pim timer sat Command: debug pim timer sat no debug pim timer sat Function: Enable debug switch of PIM-DM source activity timer information in detail; the “no debug pim timer sat” command disenables the debug switch. Default: Disabled. Command Mode: Admin Mode.
Default: Disabled. Command Mode: Admin Mode. Usage Guide: Enable the switch, and display PIM-DM state-refresh timer information in detail. Example: Switch #debug ip pim timer srt Remark: Other debug switches in PIM-DM are common in PIM-SM, including debug pim event, debug pim packet, debug pim nexthop, debug pim nsm, debug pim mfc, debug pim timer, debug pim state, refer to PIM-SM manual section. 44.2.3 ip mroute Command: ip mroute <.ifname> no ip mroute
44.2.4 ip pim bsr-border Command: ip pim bsr-border no ip pim bsr-border Function: To configure or delete PIM BSR-BORDER interface. Default: Non-BSR-BORDER. Command Mode: Interface Configuration Mode. Usage Guide: To configure the interface as the BSR-BORDER. If configured, BSR related messages will not receive from or sent to the specified interface. All the networks connected to the interface will be considered as directly connected. Example: Switch(Config-if-Vlan1)#no ip pim bsr-border 44.2.
Enable PIM-DM protocol on interface vlan1. Switch (config)#ip pim multicast-routing Switch (config)#interface vlan 1 Switch(Config-if-Vlan1)#ip pim dense-mode 44.2.6 ip pim dr-priority Command: ip pim dr-priority no ip pim dr-priority Function: Configure, disable or change the interface’s DR priority. The neighboring nodes in the same net segment select the DR in their net segment according to hello packets. The “no ip pim dr-priority” command restores the default value.
Default: The Hello packets include GenId option. Command Mode: Interface Configuration Mode Usage Guide: This command is used to interact with older Cisco IOS version. Example: Configure the Hello packets sent by the switch do not include GenId option. Switch (Config-if-Vlan1)#ip pim exclude-genid Switch (Config-if-Vlan1)# 44.2.
Switch (Config -if-Vlan1)#ip pim hello-holdtime 10 Switch (Config -if-Vlan1)# 44.2.9 ip pim hello-interval Command: ip pim hello-interval < interval> no ip pim hello-interval Function: Configure interface PIM-DM hello message interval; the “no ip pim hello-interval” restores default value. Parameter: < interval> is interval of periodically transmitted PIM-DM hello message, value range from 1s to 18724s. Default: Default interval of periodically transmitted PIM-DM hello message as 30s.
Disabled PIM-SM Command Mode: Global Mode Usage Guide: Enable PIM-SM globally. The interface must enable PIM-SM to have PIM-SM work Example: Enable PIM-SM globally. Switch (config)#ip pim multicast-routing 44.2.11 ip pim neighbor-filter Command: ip pim neighbor-filter no ip pim neighbor-filter Function: Configure the neighbore access-list. If filtered by the lists and connections with neighbors are created, this connections are cut off immediately.
Switch (config)#show ip pim neighbor Switch (config)# 44.2.12 ip pim scope-border Command: ip pim scope-border [<1-99 >|] no ip pim scope-border Function: To configure or delete management border of PIM. Parameters: <1-99 >: is the ACL number for the management border. : is the ACL name for the management border. Default: Not management border. If no ACL is specified, the default management border will be used. Command Mode: Interface Configuration Mode.
Global Mode Usage Guide: The first-hop router periodically transmits stat-refresh messages to maintain PIM-DM list items of all the downstream routers. The command can modify origination interval of state-refresh messages. Usually do not modify relevant timer interval. Example: Configure transmission interval of state-refresh message to 90s. Switch (config)#ip pim state-refresh origination-interval 90 44.2.
Command: show ip pim mroute dense-mode [group ] [source ] Function: Display PIM-DM message forwarding items. Parameter: group : displays forwarding items relevant to this multicast address. source : displays forwarding items relevant to this source. Default: Do not display (Off). Command Mode: Admin Mode Usage Guide: The command shows PIM-DM multicast forwarding items, namely forwarding items of forward multicast packet in system FIB table.
(*,226.0.0.1) (*,G) Forwaridng item (192.168.1.12, 226.0.0.1) (S,G) Forwarding item RPF nbr Backward path neighbor, upstream neighbor of source direction in DM, 0.0.0.0 expresses the switch is the first hop.
Address Priority/Mode 10.1.6.1 Vlan1 00:00:10/00:01:35 v2 1/ 10.1.6.2 Vlan1 00:00:13/00:01:32 v2 1/ 10.1.4.2 Vlan3 00:00:18/00:01:30 v2 1/ 10.1.4.3 Vlan3 00:00:17/00:01:29 v2 1/ Displayed Information Explanations Neighbor Address Neighbor address Interface Neighbor interface Uptime/Expires Running time /overtime Ver Pim version ,v2 usually DR Priority/Mode DR priority in the hello messages from the neighbor and if the neighbor is the interface’s DP. 44.2.
Nexthop Num Nexthop number Nexthop Addr Nexthop address Nexthop Ifindex Nexthop interface index Nexthop Name Nexthop name Metric Metric Metric to nexthop Pref Preference Route preference Refcnt Reference count 44.3 Commands for PIM-SM 44.3.1 clear ip pim bsr rp-set Command: clear ip pim bsr rp-set * Function: Clear all RP. Command Mode: Admin Configuration Mode Usage Guide: Clear all RP rapidly. Example: Clear all RP.
Admin Mode. Usage Guide: Enable pim event debug switch and display events information about pim operation. Example: Switch# debug ip pim event Switch# 44.3.3 debug pim mfc Command: debug pim mfc no debug pim mfc Function: Enable or Disable pim mfc debug switch Default: Disabled Command Mode: Admin Mode. Usage Guide: Enable pim mfc debug switch and display generated and transmitted multicast id’s information. Example: Switch# debug ip pim mfc 44.3.
extension. Example: Switch# debug ip pim mib 44.3.5 debug pim nexthop Command: debug pim nexthop no debug pim nexthop Function: Enable or Disable pim nexthop debug switch Default: Disabled Command Mode: Admin Mode. Usage Guide: Inspect PIM NEXTHOP changing information by the pim nexthop switch. Example: Switch# debug ip pim nexthop 44.3.
44.3.7 debug pim packet Command: debug pim packet debug pim packet in debug pim packet out no debug pim packet no debug pim packet in no debug pim packet out Function: Enable or Disable pim debug switch Parameter: in display only received pim packets out display only transmitted pim packets none display both Default: Disabled Command Mode: Admin Mode. Usage Guide: Inspect the received and transmitted pim packets by this switch. Example: Switch# debug ip pim packet in 44.3.
Example: Switch# debug ip pim state 44.3.
no debug pim timer joinprune jt no debug pim timer joinprune kat no debug pim timer joinprune ot no debug pim timer joinprune plt no debug pim timer joinprune ppt no debug pim timer joinprune pt no debug pim timer joinprune no debug pim timer register rst no debug pim timer register Function: Enable or Disable each pim timer Default: Disabled Command Mode: Admin Mode. Usage Guide: Enable the specified timer’s debug information. Example: Switch# debug pim timer assert Switch# 44.3.
The should be valid VLAN interfaces. The multicast data flow will not be forwarded unless PIM is configured on the egress interface and the interface is UP. If the state of the interface is not UP, or PIM is not configured, or RPF is not valid, the multicast data flow will not be fordwarded. To removed the specified multicast routing entry. If all the egress interfaces are specified, or no interfaces are specified, the specified multicast routing entry will be removed.
Default: Permit the multicast registers from any sources to any groups. Command Mode: Global Mode Usage Guide: This command is used to configure the access-list filtering the PIM REGISTER packets.The addresses of the access-list respectively indicate the filtered multicast sources and multicast groups’ information. For the source-group combinations that match DENY, PIM sends REGISTER-STOP immediately and does not create group records when receiving REGISTER packets.
ip pim bsr-candidate {vlan | } [hash-mask-length] [priority] no ip pim bsr-candidate Function: This command is the candidate BSR configure command in global mode and is used to configure PIM-SM information about candidate BSR in order to compete with other candidate BSRs for the BSR router. The command “no ip pim bsr-candidate” disables the candidate BSR. Parameter: Ifname is the specified interface’s name; [hash-mask-length] is the specified hash mask length.
Global Mode Usage Guide: This command is used to interact with older Cisco IOS version. Example: Configure the register packet’s checksum of the group specified by myfilter to use the whole packet’s length. Switch (config)#ip pim cisco-register-checksum group-list 23 44.3.16 ip pim dr-priority Command: ip pim dr-priority no ip pim dr-priority Function: Configure, disable or change the interface’s DR priority.
Function: This command makes the Hello packets sent by PIM SM do not include GenId option. The “no ipv6 pim exclude-genid” command restores the default value Default: The Hello packets include GenId option. Command Mode: Interface Configuration Mode Usage Guide: This command is used to interact with older Cisco IOS version. Example: Configure the Hello packets sent by the switch do not include GenId option. Switch (Config-if-Vlan1)#ip pim exclude-genid Switch (Config-if-Vlan1)# 44.3.
Example: Configure vlan1’s Hello Holdtime Switch (config)# interface vlan1 Switch (Config -if-Vlan1)#ip pim hello-holdtime 10 Switch (Config -if-Vlan1)# 44.3.19 ip pim hello-interval Command: ip pim hello-interval no ip pim hello-interval Function: Configure the interface’s hello_interval of pim hello packets. The “no ip pim hello-interval” command restores the default value. Parameter: is the hello_interval of periodically transmitted pim hello packets’, ranges from 1 to 18724s.
ip pim ignore-rp-set-priority no ip pim ignore-rp-set-priority Function: When RP selection is carried out, this command configures the switch to enable Hashing regulation and ignore RP priority. This command is used to interact with older Cisco IOS versions. Default: Disabled Command Mode: Global Mode Usage Guide: When selecting RP, Pim usually will select according to RP priority. When this command is configured, pim will not select according to RP priority.
44.3.22 ip pim multicast-routing Command: ip pim multicast-routing no ip pim multicast-routing Function: Enable PIM-SM globally. The “no ip pim multicast-routing” command disables PIM-SM globally. Default: Disabled PIM-SM Command Mode: Global Mode Usage Guide: Enable PIM-SM globally. The interface must enable PIM-SM to have PIM-SM work Example: Enable PIM-SM globally. Switch (config)#ip pim multicast-routing Switch (config)# 44.3.
Configure VLAN’s filtering rules of pim neighbors. Switch #show ip pim neighbor Neighbor Interface Uptime/Expires Ver Address 10.1.4.10 DR Priority/Mode Vlan1 02:30:30/00:01:41 v2 4294967294 / DR Switch (Config-if-Vlan1)#ip pim neighbor-filter 2 Switch (config)#access-list 2 deny 10.1.4.10 0.0.0.255 Switch (config)#access-list 2 permit any Switch (config)#show ip pim neighbor 44.3.
ip pim register-rp-reachability no ip pim register-rp-reachability Function: This command makes DR check the RP reachability in the process of registration. Default: Do not check Command Mode: Global Mode Usage Guide: This command configures DR whether or not to check the RP reachability. Example: Configure DR to check the RP reachability. Switch (config)#ip pim register-rp-reachability Switch (config)# 44.3.26 ip pim register-source Command: ip pim register-source {
Configure the source address sent by DR. Switch (config)#ip pim register-source 10.1.1.1 44.3.27 ip pim register-suppression Command: ip pim register-suppression no ip pim register-suppression Function: This command is to configure the value of register suppression timer, the unit is second. The “no ip pim register-suppression” command restores the default value. Parameter: is the timer’s value; it ranges from 10 to 65535s.
is the RP address the scope of the specified RP address is all the range Default: This switch is not a RP static router. Command Mode: Global Mode Usage Guide: This command is to configure static RP globally or in a multicast address range and configure PIM-SM static RP information. Attention, when computing rp, BSR RP is selected first. If it doesn’t succeed, static RP is selected. Example: Configure vlan1 as candidate RP announcing sending interface globally.
candidate RP information in order to compete RP router with other candidate RPs.Only this command is configured, this switch is the RP candidate router. Example: Configure vlan1 as the sending interface of candidate RP announcing sending messages Switch (config)# ip pim rp-candidate vlan1 100 44.3.30 ip pim rp-register-kat Command: ip pim rp-register-kat no ip pim rp-register-kat Function: This command is to configure the KAT (KeepAlive Timer) value of the RP (S, G) items, the unit is second.
Parameters: <1-99 >: is the ACL number for the management border. : is the ACL name for the management border. Default: Not management border. If no ACL is specified, the default management border will be used. Command Mode: Interface Configuration Mode. Usage Guide: To configure the management border and the ACL for the PIM protocol. The multicast data flow will not be forwarded to the SCOPE-BORDER. Example: Switch(Config-if-Vlan2)#ip pim scope-border 3 44.3.
44.3.33 show ip pim bsr-router Command: show ip pim bsr-router Function: Display BSR address Command Mode: Admin Mode. Usage Guide: Display the BSR information maintained by the PIM. Example: Switch# show ip pim bsr-router PIMv2 Bootstrap information This system is the Bootstrap Router (BSR) BSR address: 10.1.4.3 (?) Uptime: 00:06:07, BSR Priority: 0, Hash mask length: 10 Next bootstrap message in 00:00:00 Role: Candidate BSR State: Elected BSR Next Cand_RP_advertisement in 00:00:58 RP: 10.1.4.
Usage Guide: Display PIM interface information Example: testS2(config)#show ip pim interface Address Interface VIFindex Ver/ Mode Nbr DR Count Prior DR 10.1.4.3 Vlan1 0 v2/S 1 1 10.1.4.3 10.1.7.1 Vlan2 2 v2/S 0 1 10.1.7.
(*,G) Entries: 1 (S,G) Entries: 0 (S,G,rpt) Entries: 0 (*, 239.192.1.10) RP: 10.1.6.1 RPF nbr: 10.1.4.10 RPF idx: Vlan1 Upstream State: JOINED Local ..l............................. Joined ................................ Asserted ................................ Outgoing ..o............................. Displayed Information Explanations Entries The counts of each item RP Share tree’s RP address RPF nbr RP direction or upneighbor of source direction.
Command: show ip pim neighbor Function: Display router neighbors Command Mode: Admin Mode and Global Mode Usage Guide: Display multicast router neighbors maintained by the PIM Example: Switch (config)#show ip pim neighbor Neighbor Interface Uptime/Expires Ver DR Address Priority/Mode 10.1.6.1 Vlan1 00:00:10/00:01:35 v2 1/ 10.1.6.2 Vlan1 00:00:13/00:01:32 v2 1/ 10.1.4.2 Vlan3 00:00:18/00:01:30 v2 1/ 10.1.4.
Switch(config)#show ip pim nexthop Flags: N = New, R = RP, S = Source, U = Unreachable Destination Type Nexthop Num Nexthop Nexthop Nexthop Metric Pref Addr Ifindex Refcnt Name ____ 192.168.1.1 N... 1 0.0.0.0 2006 0 0 1 192.168.1.9 ..S. 1 0.0.0.0 2006 0 0 1 Displayed Information Explanations Destination Destination of next item Type N: created nexthop, RP direction and S direction are not determined .
Info source: 10.1.6.1, via bootstrap Displayed Information Explanations RP Queried group’sRP Info source The source of Bootstrap information 44.3.39 show ip pim rp mapping Command: show ip pim rp mapping Function: Display Group-to-RP Mapping and RP. Command Mode: Admin Mode and Global Mode Usage Guide: Display the current RP and mapping relationship. Example: Switch (Config-if-Vlan1)#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.0.0.0/4 RP: 10.1.6.1 Info source: 10.1.6.
no cache-sa-holdtime Function: To configure the longest holdtime of SA table within MSDP Cache. Parameter: seconds: the units are seconds, range between 150 to 3600. Command Mode: MSDP Configuration Mode. Default: 150 seconds by default. Usage Guide: To configure the aging time of (S, G) table for MSDP cache as requirement. Example: Switch(config)#router msdp Switch(router-msdp)#cache-sa-holdtime 350 44.4.
Switch(router-msdp)#cache-sa-maximum50000 Switch(router-msdp)#peer 20.1.1.1 Switch(router-msdp-peer)# cache-sa-maximum 22000 44.4.3 cache-sa-state Command: cache-sa-state no cache-sa-state Function: To configure the SA cache state of route. Command Mode: MSDP Configuration Mode and MSDP Peer Configuration Mode. Default: Enabled. Usage Guide: To configure the SA cache state.
Usage Guide: If this command is issued with peer-address, the TCP connection to the specified MSDP Peer will be removed. And all the statistics about the peer will be cleared. If no peer-address is appended, all the MSDP connections as long as relative statistics about peers will be removed. Example: Switch#clear msdp peer * 44.4.5 clear msdp sa-cache Command: clear msdp sa-cache {group A.B.C.
Example: Switch#clear msdp statistics * 44.4.7 connect-source Command: connect-source no connect-source Function: To configure the interface address, which used for all the MSDP Peers to set up correspond connection between MSDP Peer and MSDP. Parameter: : Interface type and interface number. Command Mode: MSDP Configuration Mode and MSDP Peer Configuration Mode.
To enable all the debugging information about MSDP; the no command disable all the debugging information. Command Mode: Admin Configuration Mode. Default: Disabled. Usage Guide: Enable the debugging switch of MSDP, display the protocol packet send/receive information of MSDP Peer---packet, keepalive packet send/receive information---keepalive, event information---event, NSM mutual information---nsm, timer information---timer, protocol state information---fsm, filter policy information---filter.
Function: Enable/disable debug switch of MSDP filter policy information. Default: Close the switch. Command Mode: Admin Mode. Usage Guide: The filter information of MSDP receiving/sending message can be monitored after enable this switch. Example: Switch#debug msdp filter 44.4.11 debug msdp fsm Command: debug msdp fsm no debug msdp fsm Function: Enable/disable debug switch of MSDP fsm. Default: Close the switch. Command Mode: Admin Mode.
close the switch. Command Mode: Admin Mode. Usage Guide: The information of receiving/sending keepalive message for MSDP protocol can be monitored after enables this switch. Example: Switch#debug msdp keepalive 44.4.13 debug msdp nsm Command: debug msdp nsm no debug msdp nsm Function: Enable/disable the switch of msdp nsm debug. Default: Close the switch. Command Mode: Admin Mode.
Admin Mode. Usage Guide: The receiving/sending messages of MSDP protocol can be monitored after enable this switch. Example: Switch#debug msdp packet send 44.4.15 debug msdp peer Command: debug msdp peer A.B.C.D no debug msdp peer Function: Enable/disable all the debug information switch of specified MSDP Peer. Default: Close the switch. Command Mode: Admin Mode.
Enable dubug information for the specified timer as requirement. Example: Switch#debug msdp timer 44.4.17 default-rpf-peer Command: default-rpf-peer [rp-policy |] no default-rpf-peer Function: To configure static RPF peer. Parameter: : the IP address of the MSDP peer. : the ACL number, only support standard ACL from 1 to 99. : the standard ACL name. Command Mode: MSDP Configuration Mode.
Command: description no description Function: Add description information of specified MSDP Peer. Parameter: text: Description text, range between 1 to 80 bytes. Command Mode: MSDP Peer Configuration Mode. Default: There is no specified by default. Usage Guide: To add description for the specified MSDP Peer in order to identify the different MSDP configuration. The no form of this command will remove the description. Example: Switch(config)#router msdp Switch(router-msdp)#peer 20.1.1.
Command: mesh-group no mesh-group Function: To configure MSDP Peer as specified mesh group number, if set the same MSDP Peer to many mesh groups, then the last mesh group is available. Parameter: name: Mesh-group name. Command Mode: MSDP Peer Configuration Mode. Default: MSDP Peer doesn’t belong to any mesh group by default. Usage Guide: Mesh group can reduce SA message flooding and predigest Peer-RPF checking. Example: Switch(config)#router msdp Switch(router-msdp)#peer 20.1.1.
messages for other RP will not be advertised either. Hence, it is required that the interface should be working when being configured. Example: Switch(config)#router msdp Switch(router-msdp)#originating-rp vlan 20 44.4.22 peer Command: peer no peer Function: To configure MSDP Peer, enter MSDP Peer mode; the no form command delete the configured MSDP Peer. Command Mode: MSDP Configuration Mode. Default: There is no MSDP Peer configured by default.
no redistribute Function: To configure the redistribute of SA messages. Parameter: acl-number: specified advanced ACL number (100-199). acl-name: specified ACL name. Command Mode: MSDP Configuration Mode. Default: When set up SA message, announce all the source within fired, but not confine the (S, G) item. Usage Guide: If ACL list number is specified, only the (S, G) entries which have passed the ACL check will be advertised in the SA messages.
Switch(router-msdp-peer)# remote-as 20 44.4.25 router msdp Command: router msdp no router msdp Function: Enable the MSDP protocol of the switch, enter MSDP mode; the no form command disable MSDP protocol. Command Mode: Global Mode. Default: Disabled. Usage Guide: Enable MSDP on global mode, but even configured PIM SM at the same time, then the MSDP can be work. Example: Enable MSDP on global mode. Switch(config)#router msdp 44.4.
If the parameter isn’t specified, the entire SA messages which include (S, G) item will be filtered. Command Mode: MSDP Configuration Mode and MSDP Peer Configuration Mode. Default: All the SA messages receiving or transmitting will not be filtered. Usage Guide: Configuration in the peer mode will override that in the MSDP configuration mode. The distribution of SA messages can be controlled through this command or the redistribute command.
Switch(config)#router msdp Switch(router-msdp)#peer 20.1.1.1 Switch(router-msdp-peer)# sa-request 44.4.28 sa-request-filter Command: sa-request-filter [list ] no sa-request-filter [list ] Function: All the SA request messages from MSDP Peer will be filtered. Parameter: access-list-number: The ACL number, it only supported standard ACL from 1 to 99. access-list-name: ACL name. Command Mode: MSDP Configuration Mode.
Example: Switch#show msdp global Multicast Source Discovery Protocol (MSDP): SA-Cached, Originator: Vlan2, Connect-Source: Vlan2 MAX External SA Entry: 200000 MAX Peer External SA Entry: 20000 TTL Threshold: 0 SA Entry Hold Time: 350 Filters: Redistribute_filter: Not set SA-filter: [IN]: RP-list: None, SG-list: None [OUT]: Not Configured SA-Request-Filter: Not Configured Default Peer: Not Configured Mesh Group: PLANET-1 The introduction of showed items: Field Explaination SA-Cached MSDP SA-Cached
show msdp local-sa-cache Function: Display the information for local-sa-cache. Command Mode: Admin Mode and Configuration Mode. Usage Guide: Display the information for local-sa-cache. Example: Switch#show msdp local-sa-cache MSDP Flags: E - set MRIB E flag, L - domain local source is active, EA - externally active source, PI - PIM is interested in the group, DE - SAs have been denied. Cache SA Entry: Source Address Group Address RP Address TTL 5.5.5.9 225.0.0.1 11.1.1.1 64 5.5.5.9 225.0.0.2 11.
Connection status: State: Established, Resets: 0, Connection Source: Not set, Connect address: 31.1.1.
Function: Display the configuration information for cache-exterior source under MSDP. Parameter: source-address: Source address; group-address: Group address; as-number: autonomous-system-number autonomous system number; peer-address: Peer address; rp-address: RP address. Command Mode: Admin and Configuration Mode. Usage Guide: Show the configuration information for cache-exterior source under MSDP. Example: Switch#show msdp sa-cache 30.30.30.
44.4.33 show msdp sa-cache summary Command: show msdp sa-cache summary Function: Show the summary of MSDP Cache. Command Mode: Admin and Configuration Mode. Usage Guide: Show the summary of MSDP Cache. Example: Switch#show msdp sa-cache summary MSDP Flags: E - set MRIB E flag, L - domain local source is active, EA - externally active source, PI - PIM is interested in the group, DE - SAs have been denied.
Total number of RPs Total number of different RP in the cache. Originator-RP Originated RP address. SA total Total number of received SA message from RP. RPF peer The RPF Peer address of corresponding RP. AS-num Autonomous system number. 44.4.34 show msdp statistics Command: show msdp statistics peer [Peer-address] Function: Show all the statistics of specified Peer or receiving/sending messages from all the Peers. Parameter: Peer-address: Show the statistics of messages from specified Peer.
44.4.35 show msdp summary Command: show msdp summary Function: Show the summary of MSDP. Command Mode: Admin and Configuration Mode. Usage Guide: Show the summary of MSDP. Example: Switch#show msdp summary Maximum External SA's Global : 20000 MSDP Peer Status Summary Peer Address AS State Uptime/ Count Reset Name 00:00:00 Peer SA Active Cfg.Max Cnt Ext.SAs 10 0 TLV recv/sent 2.2.2.
Command Mode: MSDP Peer Configuration Mode. Default: Enabled. Usage Guide: When configuring a MSDP Peer with multiple commands, sometimes it is required that these commands should be effect together but not one by one. The shutdown command can be used to disable the peer before configuration and the no shutdown used after configuration in order to make the peer configuration effect together. The shutdown command will remove all the TCP sessions with the specified MSDP Peer as well as the statistics.
44.5 Commands for ANYCAST RP v4 44.5.1 debug pim anycast-rp Command: debug pim anycast-rp no debug pim anycast-rp Function: Enable the debug switch of ANYCAST RP function; the no operation of this command will disable this debug switch. Command Mode: Admin Mode. Default: The debug switch of ANYCAST RP is disabled by default.
Enable ANYCAST RP in global configuration mode. Switch(config)#ip pim anycast-rp 44.5.3 ip pim anycast-rp Command: ip pim anycast-rp no ip pim anycast-rp Function: Configure ANYCAST RP address (ARA) and the unicast addresses of other RP communicating with this router (as a RP). The no operation of this command will cancel the unicast address of another RP in accordance with the configured RP address.
44.5.4 ip pim anycast-rp self-rp-address Command: ip pim anycast-rp self-rp-address no ip pim anycast-rp self-rp-address Function: Configure the self-rp-address of this router (as a RP). This address will be used to exclusively identify this router from other RP, and to communicate with other RP. The no operation of this command will cancel the configured unicast address used by this router (as a RP) to communicate with other RP.
Add a Loopback interface as a RP candidate interface based on the original PIM-SM command; the no operation of this command is to cancel the Loopback interface as a RP candidate interface. Parameters: index: Loopback interface index, whose range is <1-1024>. vlan-id: the VLAN ID. ifname: the specified name of the interface. A.B.C.D/M: the ip prefix and mask. : the priority of RP election, ranging from 0 to 255, the default value is 192, the smaller the value is the higher the priority is.
44.5.7 show ip pim anycast-rp first-hop Command: show ip pim anycast-rp first-hop Command Mode: Admin and Configuration Mode. Usage Guide: Display the state information of ANYCAST RP, and display the mrt node information generated in the first hop RP which is currently maintained by the protocol. Example: Switch(config)#show ip pim anycast-rp first-hop IP Multicast Routing Table (*,G) Entries: 0 (S,G) Entries: 1 (E,G) Entries: 0 INCLUDE (192.168.1.136, 224.1.1.1) Local .l..............................
Switch(config)#show ip pim anycast-rp non-first-hop IP Multicast Routing Table (*,G) Entries: 0 (S,G) Entries: 1 (E,G) Entries: 0 INCLUDE (192.168.10.120, 225.1.1.1) Local .l.............................. Display Explanation Entries The number of all kinds of entries. INCLUDE The mrt information created in the first hop RP. 44.5.9 show ip pim anycast-rp status Command: show ip pim anycast-rp status Command Mode: Admin and Configuration Mode.
other rp unicast rp address: 192.168.2.1 -------------------------------- Display Explanation anycast-rp: Whether the ANYCAST RP switch is globally enabled. self-rp-address: The configured self-rp-address. anycast-rp address: The configured anycast-rp-address. The configured other RP communication addresses in addresses in addresses in other rp unicast rp address: accordance with the above anycast-rp-address.
work with DVMRP. 3. Access-list can’t used the lists created by ip access-list, but the lists created by access-list. 4. Users can execute this command first and then configure the corresponding acl; or delete corresponding acl in the bondage. After the bondage, only command no ip pim ssm can release the bondage. 5. If ssm is needed, this command should be configured at the related edge route.
Admin Mode Usage Guide: Enable this switch, and display DVMRP protocol executed relevant messages. 44.7.2 ip dvmrp enable Command: ip dvmrp enable no ip dvmrp Function: Configure to enable DVMRP protocol on interface; the “no ip dvmrp” command disenables DVMRP protocol. Default: Disable DVMRP Protocol Command Mode: Interface Configuration Mode Usage Guide: The interface processes DVMRP protocol messages, only executing DVMRP protocol on interface. Example: Enable DVMRP Protocol on interface vlan1.
Interface Configuration Mode Usage Guide: The routing information in DVMRP report messages includes a groupsource network and metric list. After configuring interface DVMRP report message metric value, it makes all received routing entriy from the interface adding configured interface metric value as new metric value of the routing. The metric value applies to calculate posion reverse, namely ensuring up-downstream relations.
no ip dvmrp output-report-delay Function: Configure the delay of DVMRP report message transmitted on interface and transmitted message quantity every time, the “no ip dvmrp output-report-delay” command restores default value. Parameter: is the delay of periodically transmitted DVMRP report message, value range from 1s to 5s.
44.7.7 ip dvmrp tunnel Command: ip dvmrp tunnel no ip dvmrp tunnel { | } Function: Configure a DVMRP tunnel; the “no ip dvmrp tunnel { | }” command deletes a DVMRP tunnel. Parameter: is source IP address, is remote neighbor IP address, is tunnel index number, value range from 1 to 65535. Default: Do not Configure DVMRP tunnel.
Usage Guide: The command applies to display some total statistic information of DVMRP protocol Example: Switch#show ip dvmrp DVMRP Daemon Start Time: MON JAN 01 00:00:09 2001 DVMRP Daemon Uptime: 17:37:03 DVMRP Number of Route Entries: 2 DVMRP Number of Reachable Route Entries: 2 DVMRP Number of Prune Entries: 1 DVMRP Route Report Timer: Running DVMRP Route Report Timer Last Update: 00:00:56 DVMRP Route Report Timer Next Update: 00:00:04 DVMRP Flash Route Update Timer: Not Running 44.7.
Interface Interface corresponding physical interface name Vif Index Virtual interface index Ver Interface supporting version Nbr Cnt Neighbor count Type Interface type Remote Address Remote address 44.7.10 show ip dvmrp neighbor Command: show ip dvmrp neighbor [{ [detail]}| { [detail]}|detail] Function: Display DVMRP neighbor. Parameter: is interface name, namely displaying neighbor information of specified interface. Default: Do not display (Off).
Command: show ip dvmrp prune [{group [detail]}|{source group [detail]}|{source [detail] }|detail] Function: Display DVMRP message forwarding item. Default: Do not display Command Mode: Any Configuration Mode Usage Guide: This command applies to display DVMRP multicast forwarding item, namely multicast forwarding table calculated by dvmrp protocol.
Any Configuration Mode Usage Guide: The command applies to display DVMRP routing table item; DVMRP maintains individual unicast routing table to check RPF. Example: Display DVMRP routiing. Switch #show ip dvmrp route Flags: N = New, D = DirectlyConnected, H = Holddown Network Flags Nexthop Nexthop Xface Metric Uptime Exptime Neighbor 10.1.35.0/24 .D. Vlan2 Directly Connected 1 13.1.1.0/24 .D.
}|{host-destination }|any-destination}” command deletes the access-list. Parameter: <6000-7999>: destination control access-list number. {deny|permit}: deny or permit. : multicast source address. : multicast source address wildcard character.. : multicast source host address. : multicast destination address. : multicast destination address wildcard character.
deletes the access-list. Parameter: <5000-5099>: source control access-list number. {deny|permit}: deny or permit. : multicast source address.. : multicast source address wildcard character. : multicast source host address. : multicast destination address. : multicast destination address wildcard character. : multicast destination host address.
match configured access-list, such as matching: permit, the interface can be added, otherwise do not be added. Example: Switch(config)#intere Switch(Config-If-Ethernet)#ip multicast destination-control access-group 6000 Switch (Config-If-Ethernet )# 44.8.
44.8.5 ip multicast destination-control access-group (vmac) Command: ip multicast destination-control <1-4094> access-group <6000-7999> no ip multicast destination-control <1-4094> access-group <6000-7999> Function: Configure multicast destination-control access-list used on specified vlan-mac, the “no ip multicast destination-control <1-4094> access-group <6000-7999>”command deletes this configuration.
: specified priority, range from 0 to 7 Command Mode: Global Mode Usage Guide: The command configuration modifies to a specified value through the switch matching priority of specified range multicast data packet, and the TOS is specified to the same value simultaneously.Carefully, the packet transmitted in UNTAG mode does not modify its priority. Example: Switch(config)#ip multicast policy 10.1.1.0/24 225.1.1.0/24 cos 7 44.8.
Function: Configure multicast source control access-list used on interface, the “no ip multicast source-control access-group <5000-5099>” command deletes the configuration. Parameter: <5000-5099>: Source control access-list number. Command Mode: Interface Configuration Mode Usage Guide: The command configures with only enabling global multicast source control.
Example: switch(config)# multicast destination-control 44.8.10 show ip multicast destination-control Command: show ip multicast destination-control [detail] show ip multicast destination-control interface [detail] show ip multicast destination-control host-address [detail] show ip multicast destination-control [detail] Function: Display multicast destination control Parameter: detail: expresses if it display information in detail or not..
Function: Display destination control multicast access-list of configuration. Parameter: <6000-7999>: access-list number. Command Mode: Admin Mode and Global Mode Usage Guide: The command displays destination control multicast access-list of configuration. Example: Example: Switch# sh ip multicast destination-control acc access-list 6000 deny ip any any-destination access-list 6000 deny ip any host-destination 224.1.1.1 access-list 6000 deny ip host 2.1.1.1 any-destination access-list 6001 deny ip host 2.1.
show ip multicast source-control interface [detail] Function: Display multicast source control configuration Parameter: detail: expresses if it displays information in detail. : interface name, such as Ethernet or ethernet . Command Mode: Admin Mode and Global Mode Usage Guide: The command displays multicast source control rules of configuration, including detail option, and access-list information applied in detail.
44.9 Commands for IGMP 44.9.1 clear ip igmp group Command: clear ip igmp group [A.B.C.D | IFNAME] Function: Delete the group record of the specific group or interface. Parameters: A.B.C.D the specific group address; IFNAME the specific interface. Command Mode: Admin Configuration Mode Usage Guide: Use show command to check the deleted group record. Example: Delete all groups. Switch#clear ip igmp group Relative Command: show ip igmp group 44.9.
igmp event debug is on Switch# 01:04:30:56: IGMP: Group 224.1.1.1 on interface vlan1 timed out 44.9.3 debug igmp packet Command: debug igmp packet no debug igmp packet Function: Enable debugging switch of IGMP message information; the “no debug igmp packet” command disenables the debugging switch Default: Disabled Command Mode: Admin Mode Usage Guide: Enable the debugging switch if querying IGMP message information.
{} is SN or name of access-list, value range of acl_num is from 1 to 99. Default: Default no filter condition Command Mode: Interface Configuration Mode Usage Guide: Configure interface to filter groups, permit or deny some group joining. Example: Configure interface vlan1 to permit group 224.1.1.1, deny group 224.1.1.2. Switch (config)#access-list 1 permit 224.1.1.1 0.0.0.0 Switch (config)#access-list 1 deny 224.1.1.2 0.0.0.
44.9.6 ip igmp join-group Command: ip igmp join-group no ip igmp join-group Function: Configure interface to join some IGMP group; the “no ip igmp join-group” command cancels this join Parameter: : is group address Default: Do not join Command Mode: Interface Configuration Mode Usage Guide: When the switch is the HOST, the command configures HOST to join some group; that is, if configuring the interface join-group 224.1.1.
1000ms Command Mode: Interface Configuration Mode Example: Configure interface vlan1 IGMP last-member-query-interval to 2000. Switch (config)#int vlan 1 Switch (Config-if-vlan1)#ip igmp last-member-query-interval 2000 44.9.8 ip igmp limit Command: ip igmp limit no ip igmp limit Function: Configure limit IGMP state-count on interface; the “no ip igmp limit” command cancels the value of user manual configuration, and restores default value.
Command: ip igmp query-interval no ip igmp query-interval Function: Configure interval of periodically transmitted IGMP query information; the “no ip igmp query-interval” command restores default value. Parameter: is interval of periodically transmitted IGMP query information, value range from 1s to 65535s. Default: Default interval of periodically transmitted IGMP query information to 125s.
multicast group, the value of timer is selected random from 0 to maximum response time, the host will transmit member report message of the multicast group. Reasonable configuring maximum response time, it can make host quickly response query message. The router can also quickly grasp the status of multicast group member. Example: configure the maximum period responding to the IGMP query messages to 20s Switch (config)#interface vlan 1 Switch(Config-if-Vlan1)#ip igmp query- max-response-time 20 44.9.
ip igmp robust-variable no ip igmp robust-variable Function: Configure the robust variable value,the “no ip igmp robust-variable” command restores default value. Parameter: value: range from 2 to 7. Command Mode: Interface Configuration Mode Default: 2. Usage Guide: It is recommended using the default value. Example: Switch (config-if-vlan1)#ip igmp robust-variable 3 44.9.13 ip igmp static-group Command: ip igmp static-group [source ] no ip igmp static -group
Example: Configure static-group 224.1.1.1 on interface vlan1. Switch (config)#interface vlan 1 Switch(Config-if-Vlan1)#ip igmp static-group 224.1.1.1 44.9.14 ip igmp version Command: ip igmp version no ip igmp version Function: Configure IGMP version on interface; the “no ip igmp version” command restores default value. Parameter: is IGMP version of configuration, currently supporting version 1, 2 and 3. Default: version 2.
is group address, namely querying specified group information; Detail expresses group information in detail Default: Do not display Command Mode: Admin Mode Example: Switch (config)#show ip igmp groups IGMP Connected Group Membership (2 group(s) joined) Group Address Interface 226.0.0.1 Vlan1 239.255.255.250 Vlan1 Uptime Expires Last Reporter 00:00:01 00:04:19 1.1.1.1 00:00:10 00:04:10 10.1.1.
Displayed Information Explanations Group Mutlicast group IP address Interface Interface affiliated with Mutlicast group Flags Group property flag Uptime Mutlicast group uptime Group Mode Group mode, including INCLUDE and EXCLUDE. Group V3 will be available, group V1 and group V2 are regards as EXCLUDE mode.
IGMP max query response time is 10 seconds Last member query response interval is 1000 ms Group Membership interval is 260 seconds IGMP is enabled on interface 44.10 Commands for IGMP Snooping 44.10.1 clear ip igmp snooping vlan Command: clear ip igmp snooping vlan <1-4094> groups [A.B.C.D] Function: Delete the group record of the specific VLAN. Parameters: <1-4094> the specific VLAN ID; A.B.C.D the specific group address.
Admin Configuration Mode Usage Guide: Use show command to check the deleted mrouter port of the specific VLAN. Example: Delete mrouter port in vlan 1. Switch# clear ip igmp snooping vlan 1 mrouter-port Relative Command: show ip igmp snooping mrouter-port 44.10.
Global Mode Default: IGMP Snooping is disabled by default. Usage Guide: Use this command to enable IGMP Snooping, that is permission every VLAN config the function of IGMP snooping. The “no ip igmp snooping” command disables this function. Example: Enable IGMP Snooping. Switch(config)#ip igmp snooping 44.10.5 ip igmp snooping proxy Command: ip igmp snooping proxy no ip igmp snooping proxy Function: Enable IGMP Snooping proxy function, the no command disables the function.
Default: IGMP Snooping is disabled by default. Usage Guide: To configure IGMP Snooping on specified VLAN, the global IGMP Snooping should be first enabled. Disable IGMP Snooping on specified VLAN with the “no ip igmp snooping vlan ” command. Example: Enable IGMP Snooping for VLAN 100 in Global Mode. Switch(config)#ip igmp snooping vlan 100 44.10.
Function: Set this VLAN to layer 2 general querier. Parameter: vlan-id: is ID number of the VLAN, ranging is <1-4094>. Command Mode: Global mode Default: VLAN is not as the IGMP Snooping layer 2 general querier. Usage Guide: It is recommended to configure a layer 2 general querier on a segment. IGMP Snooping function will be enabled by this command if not enabled on this VLAN before configuring this command, IGMP Snooping function will not be disabled when disabling the layer 2 general querier function.
query source address configuration does not function. The client will stop sending requesting datagrams after one is sent. And after a while, it can not receive multicast datagrams. Example: Switch(config)#ip igmp snooping vlan 2 L2-general-query-source 192.168.1.2 44.10.10 ip igmp snooping vlan l2-general-querier-version Command: ip igmp snooping vlan L2-general-query-version Function: Configure igmp snooping. Parameters: vlan-id is the id of the VLAN, limited to <1-4094>.
g_limit:<1-65535>, max number of groups joined. s_limit:<1-65535>, max number of source entries in each group, consisting of include source and exclude source. Command mode: Global Mode. Default: Maximum 50 groups by default, with each group capable with 40 source entries. Usage Guide: When number of joined group reaches the limit, new group requesting for joining in will be rejected for preventing hostile attacks. To use this command, IGMP snooping must be enabled on VLAN.
mrouter port. Deleting static mrouter port can only be realized by the no command. Example: Switch(config)#ip igmp snooping vlan 2 mrouter-port interface ethernet1/0/13 44.10.13 ip igmp snooping vlan mrouter-port learnpim Command: ip igmp snooping vlan mrouter-port learnpim no ip igmp snooping vlan mrouter-port learnpim Function: Enable the function that the specified VLAN learns mrouter-port (according to pim packets), the no command will disable the function.
Global mode Default: 255s Usage Guide: This command validates on dynamic mrouter ports but not on mrouter port. To use this command, IGMP Snooping of this VLAN should be enabled previously. Example: Switch(config)#ip igmp snooping vlan 2 mrpt 100 44.10.15 ip igmp snooping vlan query-interval Command: ip igmp snooping vlan query-interval no ip igmp snooping vlan query-interval Function: Configure this query interval.
query-mrsp” command restores to the default value. Parameter: vlan-id: VLAN ID, ranging between <1-4094> value: ranging between <1-25> seconds Command Mode: Global mode Default: 10s Usage Guide: It is recommended to use the default settings. Please keep this configure in accordance with IGMP configuration as possible if layer 3 IGMP is running. Example: Switch(config)#ip igmp snooping vlan 2 query-mrsp 18 44.10.
44.10.18 ip igmp snooping vlan report source-address Command: ip igmp snooping vlan report source-address no ip igmp snooping vlan report source-address Function: Configure forward report source-address for IGMP, the “no ip igmp snooping vlan report source-address” command restores the default setting. Parameter: vlan-id: VLAN ID range<1-4094>; A.B.C.D: IP address, can be 0.0.0.0. Command Mode: Global Mode. Default: Disabled.
Default: Enable the function. Usage Guide: After enable vlan snooping in global mode, input this command to configure the maximum query response time of the specific group. Example: Configure/cancel the specific-query-mrsp of vlan3 as 2s. Swith(config)#ip igmp snooping vlan 3 specific-query-mrsp 2 Swith(config)#no ip igmp snooping vlan 3 specific-query-mrspt 44.10.20 ip igmp snooping vlan static-group Command: ip igmp snooping vlan static-group [source
44.10.21 ip igmp snooping vlan suppression-query-time Command: ip igmp snooping vlan suppression-query-time no ip igmp snooping vlan suppression-query-time Function: Configure the suppression query time. The “no ip igmp snooping vlan suppression-query-time” command restores to the default value.
1.
whether the querier state is could-query or suppressed Igmp snooping query-interval Query interval of the VLAN Igmp snooping max reponse time Max response time of the VLAN Igmp snooping robustness IGMP Snooping robustness configured on the VLAN Igmp snooping mrouter port keep-alive time of dynamic mrouter of the VLAN keep-alive time Igmp snooping query-suppression Suppression timeout of VLAN when as l2-general-querier time IGMP Snooping Connect Group Group membership of this VLAN, namely th
Enable all the debugging switches of IGMP Proxy; the “no debug igmp proxy all” command disenables all the debugging switches. Command Mode: Admin Mode. Default: Disabled. Usage Guide: Use to enable debugging switches of IGMP Proxy, it can display IGMP packet, event, timer, mfc, which disposed in the switch. Example: Switch# debug igmp proxy all 44.11.3 debug igmp proxy event Command: debug igmp proxy event no debug igmp proxy event Function: Enable/Disable debug switch of IGMP Proxy event.
Disabled. Command Mode: Admin Mode and Global Mode. Usage Guide: Enable IGMP Proxy mfc debug switch and display multicast information created and distributed. Example: Switch# debug igmp proxy mfc 44.11.5 debug igmp proxy packet Command: debug igmp proxy packet no debug igmp proxy packet Function: Enable/Disable debug switch of IGMP Proxy. Default: Disabled. Command Mode: Admin Mode and Global Mode. Usage Guide: Enable the debugging switch, you can monitor the packets receiving/sending of IGMP Proxy.
The command is used for enable the IGMP Proxy timer debugging switch which appointed. Example: Switch# debug ip igmp proxy timer 44.11.7 ip igmp proxy Command: ip igmp proxy no ip igmp proxy Function: Enable the IGMP Proxy function; the “no ip igmp proxy” command disables this function. Command Mode: Global Mode. Default: The switch disables IGMP Proxy by default.
the multicast dataflow. Example: Switch(config)#ip igmp proxy aggregate 44.11.9 ip igmp proxy downstream Command: ip igmp proxy downstream no ip igmp proxy downstream Function: Enable the appointed IGMP Proxy downstream port function; the “no ip igmp proxy upstream” disables this function. Command Mode: Interface Configuration Mode. Default: Disabled. Usage Guide: To configure the interface to function as the downstream port of IGMP Proxy.
s_limit: <1-500>, the source number limitation. Command Mode: Global Mode. Default: Most 50 groups in default, and most 40 sources in one group. Usage Guide: If the group number limitation is exceeded, new group membership request will be rejected. This command is used to prevent malicious group membership requests. Example: Switch(config)#ip igmp proxy limit group 30 source 20 44.11.
Command: ip igmp proxy unsolicited-report interval no ip igmp proxy unsolicited-report interval Function: To configure how often the upstream ports send out unsolicited report. Parameter: The interval is between 1 to 5 seconds for the upstream ports send out unsolicited report. Command Mode: Global Mode. Default: The interval is 1 second for the upstream ports send out unsolicited report in default.
Command: ip igmp proxy upstream no ip igmp proxy upstream Function: Enable the appointed IGMP Proxy upstream port function. The “no ip igmp proxy upstream” disables this function. Command Mode: Interface Configuration Mode. Default: Disabled. Usage Guide: To configure the interface to function as the upstream port of IGMP Proxy. In order to make IGMP Proxy work, at least one downstream interface should be configured. The “no ip igmp proxy upstream” command will disable the configuration.
PROXY and PIM configuration. To be mentioned, this command cannot be applied with DVMRP configuration. Example: To enable SSM configuration on the switch, and specify the address in access-list 23 as the filter address for SSM. Switch(config)# access-list 23 permit host-source 224.1.1.1 Switch(config)#ip multicast ssm range 23 44.11.
Command Mode: Admin Mode. Usage Guide: The debuging switch status of IGMP Proxy. Example: Switch(config)#show debugging igmp proxy IGMP PROXY debugging status: IGMP PROXY event debugging is on IGMP PROXY packet debugging is on IGMP PROXY timer debugging is on IGMP PROXY mfc debugging is on 44.11.18 show ip igmp proxy Command: show ip igmp Proxy Function: Display the IGMP Proxy configuration information. Command Mode: Admin Mode.
Show Information Explanation IGMP PROXY MRT running Whether the protocol is running Total active interface number Number of active upstream and downstream ports Global igmp proxy configured Whether global igmp proxy is enabled Upstream Interface configured Whether upstream port is configured Upstream Interface Vlan The VLAN which the upstream port belongs to Upstream Interface configured Whether downstream port is configured Downstream Interface Vlan The VLAN which the downstream port belongs
Show Information Explanation Entries The counts of each item Local_include_olist index for local include olist Local_exclude_olist index for local exclude olist Outgoing Final outgoing index of multicast data(S, G) 44.11.20 show ip igmp proxy upstream groups Command: show ip igmp proxy upstream groups {A.B.C.D} Command Mode: Admin Mode. Usage Guide: To show the group membership information of the upstream port.
Chapter 45 IPv6 Multicast Protocol 45.1 Public Commands for Multicast 45.1.1 show ipv6 mroute Command: show ipv6 mroute [ []] Function: show IPv6 software multicast route table. Parameter: GroupAddr: show the multicast entries relative to this Group address. SourceAddr: show the multicast route entries relative to this source address.
(multicast forwarding cache) entries unresolved ipmr entries unresolved ip multicast route entries Group the destination address of the entries Origin the source address of the entries Iif ingress interface of the entries Wrong packets received from the wrong interface 45.2 Commands for PIM-DM6 Explain: Part SHOW and DEBUG commands is same to PIM-SM, please reference the PIM-SM command. 45.2.
Function: Enable debug switch of PIM-DM state-refresh timer information in detail; the “no debug ipv6 pim timer srt” command disenables the debug switch. Default: Disabled Command Mode: Admin Mode Usage Guide: Enable the switch, and display PIM-DM state-refresh timer information in detail Example: Switch # debug ipv6 pim timer srt Remark: Other debug switches in PIM-DM are common in PIM-SM. 45.2.3 ipv6 mroute Command: ipv6 mroute <.
45.2.4 ipv6 pim bsr-border Command: ipv6 pim bsr-border no ipv6 pim bsr-border Function: To configure or delete PIM6 BSR-BORDER interface. Default: Non-BSR-BORDER. Command Mode: Interface Configuration Mode. Usage Guide: To configure the interface as the BSR-BORDER. If configured, BSR related messages will not receive from or sent to the specified interface. All the networks connected to the interface will be considered as directly connected. Example: Switch(Config-if-Vlan1)#ipv6 pim bsr-border 45.2.
Switch (config)#ipv6 pim multicast-routing Switch (config)#interface vlan 1 Switch(Config-if-Vlan1)#ipv6 pim dense-mode 45.2.6 ipv6 pim dr-priority Command: ipv6 pim dr-priority no ipv6 pim dr-priority Function: Configure, cancel and change priority value of interface DR. The same net segment border nodes vote specified router DR in this net segment through hello messages, the “no ipv6 pim dr-priority” restores default value.
Hello message includes Genid option Command Mode: Interface Configuration Mode Usage Guide: The command is used to interactive with old Cisco IOS Version.The command can configure on IPv6 tunnel interface, but it is successful configuration to only configure tunnel carefully. Example: Configure hello messages transmitted by switch to exclude Genid option. Switch(Config-if-Vlan1)#ipv6 pim exclude-genid 45.2.
Switch (Config -if-Vlan1)#ipv6 pim hello-holdtime 10 45.2.9 ipv6 pim hello-interval Command: ipv6 pim hello-interval < interval> no ipv6 pim hello-interval Function: Configure interface PIM-DM hello message interval; the “no ipv6 pim hello-interval” command restores default value. Parameter: is interval of periodically transmitted PIM-DM hello message, value range from 1s to 18724s. Default: Default interval of periodically transmitted PIM-DM hello message as 30s.
Default: Disable PIM-DM protocol Command Mode: Global Mode Usage Guide: Ipv6 pim can enable only after executing this command. Example: Globally enable PIM-DM protocol Switch (config)#ipv6 pim multicast-routing 45.2.11 ipv6 pim neighbor-filter Command: ipv6 pim neighbor-filter no ipv6 pim neighbor-filter Function: Configure neighbor access-list. If filtered by list and connected the neighbor, the connection immediately was broken.
45.2.12 ipv6 pim scope-border Command: ipv6 pim scope-border [<500-599>|] no ipv6 pim scope-border Function: To configure or delete management border of PIM6. Parameters: <500-599> is the ACL number for the management border. is the ACL name for the management border. Default: Not management border. If no ACL is specified, the default management border will be used. Command Mode: Interface Configuration Mode. Usage Guide: To configure the management border and the ACL for the IPV6 PIM.
Example: Configure transmission interval of state-refresh message on interface vlan1 to 90s. Example: Switch (Config-if-Vlan1)#ipv6 pim state-refresh origination-interval 90 45.2.14 show ipv6 pim interface Command: show ipv6 pim interface [detail] Function: Display PIM interface information.
45.2.15 show ipv6 pim mroute dense-mode Command: show ipv6 pim mroute dense-mode [group ] [source ] Function: Display PIM-DM message forwarding items. Parameter: group : displays forwarding items relevant to this multicast address Source < X:X::X:X >: displays forwarding items relevant to this source.
Displayed Information Explanations (*, ff1e::15) (*,G) Forwaridng item (2000:10:1:12::11, ff1e::15) (S,G) Forwarding item RPF nbr Backward path neighbor, upstream neighbor of source direction in DM, 0.0.0.0 expresses the switch is the first hop.
Neighbor Interface Uptime/Expires Ver Address DR Priority/Mode Fe80::203:fff:fee3:1244 Vlan1 00:00:10/00:01:35 v2 1 /DR fe80::20e:cff:fe01:facc Vlan1 00:00:13/00:01:32 v2 1/ Displayed Information Explanations Neighbor Address Neighbor address Interface Neighbor interface Uptime/Expires Running time /overtime Ver Pim version ,v2 usually DR Priority/Mode DR priority in the hello messages from the neighbor and if the neighbor is the interface’s DR 45.2.
Nexthop Addr Nexthop address Nexthop Ifindex Nexthop interface index Nexthop Name Nexthop name Metric Metric Metric to nexthop Pref Preference Route preference Refcnt Reference count 45.3 Commands for PIM-SM6 45.3.1 clear ipv6 pim bsr rp-set Command: clear ipv6 pim bsr rp-set * Function: Clear all RP. Command Mode: Admin Configuration Mode Usage Guide: Clear all RP rapidly. Example: Clear all RP. Switch# clear ipv6 pim bsr rp-set * Relative Command: show ipv6 pim bsr-router 45.3.
Usage Guide: Enable “pim events debug” switch and display events information about pim operation. Example: Switch# debug ipv6 pim events 45.3.3 debug ipv6 pim mfc Command: debug ipv6 pim mfc(in|out|) no debug ipv6 pim mfc(in|out|) Function: Enable or Disable pim mfc debug switch. Default: Disabled Command Mode: Admin Mode. Usage Guide: Enable pim mfc debug switch and display generated and transmitted multicast id’s information. Example: Switch# debug ipv6 pim mfc in 45.3.
Switch# debug ipv6 pim mib 45.3.5 debug ipv6 pim nexthop Command: debug ipv6 pim nexthop no debug ipv6 pim nexthop Function: Enable or Disable pim nexthop debug switch. Default: Disabled Command Mode: Admin Mode. Usage Guide: Inspect PIM NEXTHOP changing information by the pim nexthop switch. Example: Switch# debug ipv6 pim nexthop 45.3.6 debug ipv6 pim nsm Command: debug ipv6 pim nsm no debug ipv6 pim nsm Function: Enable or Disable pim debug switch communicating with Network Services.
45.3.7 debug ipv6 pim packet Command: debug ipv6 pim packet [in|out|] no debug ipv6 pim packet [in|out|] Function: Enable or Disable PIM debug switch. Parameter: in display only received PIM packets out display only transmitted PIM packets none display both Default: Disabled Command Mode: Admin Mode. Usage Guide: Inspect the received and transmitted PIM packets by this switch. Example: Switch# debug ipv6 pim packet in 45.3.
45.3.
no debug ipv6 pim timer joinprune ot no debug ipv6 pim timer joinprune plt no debug ipv6 pim timer joinprune ppt no debug ipv6 pim timer joinprune pt no debug ipv6 pim timer joinprune no debug ipv6 pim timer register rst no debug ipv6 pim timer register no debug ipv6 pim timer Function: Enable or Disable each PIM timer. Default: Disabled Command Mode: Admin Mode. Usage Guide: Enable the specified timer’s debug information. Example: Switch# debug ipv6 pim timer assert 45.3.
interfaces are specified, the specified multicast routing entry will be removed. Otherwise the multicast routing entry for the specified egress interface will be removed. Example: Switch(config)#ipv6 mroute 2001::1 ff1e::1 v10 v20 v30 45.3.11 ipv6 multicast unresolved-cache aging-time Command: ipv6 multicast unresolved-cache aging-time no ipv6 multicast unresolved-cache aging-time Function: Configure the cache time of kernel multicast route, the no command restores the default value.
Usage Guide: This command is used to configure the access-list filtering the PIM REGISTER packets. The addresses of the access-list respectively indicate the filtered multicast sources and multicast groups’ information. For the source-group combinations that match DENY, PIM sends REGISTER-STOP immediately and does not create group records when receiving REGISTER packets. Unlike other access-list, when the access-list is configured, the default value is PERMIT.
[] [] Function: This command is the candidate BSR configure command in global mode and is used to configure PIM-SM information about candidate BSR in order to compete the BSR router with other candidate BSRs. The command “no ipv6 pim bsr-candidate {vlan | tunnel |} [] []” command disables the candidate BSR.
is the applying simple access-list. Command Mode: Global Mode Usage Guide: This command is used to interact with older Cisco IOS version. Example: Configure the register packet’s checksum of the group specified by myfilter to use the whole packet’s length. Switch(config)#ipv6 pim cisco-register-checksum group-list myfilter Switch(config)#ipv6 access-list standard myfilter Switch(config_IPv6_Std-Nacl-myfilter)#permit ff1e::10/128 45.3.
Command: ipv6 pim exclude-genid no ipv6 pim exclude-genid Function: This command makes the Hello packets sent by PIM SM do not include GenId option, the “no ipv6 pim exclude-genid” command restores the default value. Default: The Hello packets include GenId option. Command Mode: Interface Configuration Mode Usage Guide: This command is used to interact with older Cisco IOS version. The command can configure on IPv6 tunnel interface, but it is successful configuration to only configure tunnel carefully.
configured or hello_holdtime is configured but less than current hello_interval, hello_holdtime is modified to 3.5*hello_interval, otherwise the configured value is maintained. The command can configure on IPv6 tunnel interface, but it is successful configuration to only configure tunnel carefully. Example: Configure vlan1’s Hello Holdtime to 10s Switch (config)# interface vlan1 Switch (Config -if-Vlan1)#ipv6 pim hello-holdtime 10 45.3.
45.3.20 ipv6 pim ignore-rp-set-priority Command: ipv6 pim ignore-rp-set-priority no ipv6 pim ignore-rp-set-priority Function: When RP selection is carried out, this command configures the switch to enable Hashing regulation and ignore RP priority. This command is used to interact with older Cisco IOS versions. Command Mode: Global Mode Usage Guide: When selecting RP, PIM usually will select according to RP priority. When this command is configured, PIM will not select according to RP priority.
45.3.22 ipv6 pim multicast-routing Command: ipv6 pim multicast-routing no ipv6 pim multicast-routing Function: Enable PIM-SM globally. The “no ipv6 pim multicast-routing” command disables PIM-SM globally. Default: Disabled PIM-SM protocol Command Mode: Global Mode Usage Guide: Inspect the changing information about pim state by this switch.. Example: Enable PIM-SM globally. Switch (config)#ipv6 pim multicast-routing 45.3.
tunnel carefully. Example: Configure VLAN’s pim neighbor access-list. Switch (Config-if-Vlan1)#ipv6 pim neighbor-filter myfilter Switch(config)#ipv6 access-list standard myfilter Switch(config_IPv6_Std-Nacl-myfilter)#deny fe80:20e:cff:fe01:facc Switch(config)#ipv6 access-list standard myfilter Switch(config_IPv6_Std-Nacl-myfilter)#permit any 45.3.
This command makes DR check the RP reachability in the process of registration. Default: Do not check. Command Mode: Global Mode. Usage Guide: This command configures DR whether or not to check the RP reachability. Example: Configure the router to check the RP reachability before sending register packets. Switch(config)# ipv6 pim Register-rp-reachability 45.3.
45.3.27 ipv6 pim register-suppression Command: ipv6 pim register-suppression no ipv6 pim register-suppression Function: This command is to configure the value of register suppression timer, the unit is second. Parameter: is the timer’s value, it ranges from 10 to 65535s.
Global Mode Usage Guide: This command is to configure static RP globally or in a multicast address range. Example: Configure 2000:112::8 as RP address globally. Switch (config)# ipv6 pim rp-address 2000:112::8 ff1e::/64 45.3.
45.3.30 ipv6 pim rp-register-kat Command: ipv6 pim rp-register-kat no ipv6 pim rp-register-kat Function: This command is to configure the KAT (KeepAlive Timer) value of the RP (S, G) items, the unit is second. The “no ipv6 pim rp-register-kat” command restores the default value. Parameter: is the timer value, ranges from 1 to 65535s Default: 185s Command Mode: Global Mode Usage Guide: Configure rp-register-kat interval to 30s. Example: Switch(config)# ipv6 pim rp-register-kat 30 45.3.
Switch(Config-if-Vlan2)#ipv6 pim scope-border 503 45.3.32 ipv6 pim sparse-mode Command: ipv6 pim sparse-mode [passive] no ipv6 pim sparse-mode [passive] Function: Enable PIM-SM on the interface. no ipv6 pim sparse-mode [passive] disables PIM-SM. Parameter: [passive] means to disable PIM-SM (that’s PIM-SM doesn’t receive any packets) and only enable MLD(reveice and transmit MLD packets). Default: Disabled PIM-SM Command Mode: Interface Configuration Mode Usage Guide: Enable PIM-SM on the interface.
BSR address: 2000:1:111::100 (?) Uptime: 00:16:00, BSR Priority: 0, Hash mask length: 126 Next bootstrap message in 00:00:10 Role: Candidate BSR State: Elected BSR Next Cand_RP_advertisement in 00:00:10 RP: 2000:1:111::100(Vlan2) Displayed Information Explanations BSR address Bsr-router Address Priority Bsr-router Priority Hash mask length Bsr-router hash mask length State The current state of this candidate BSR, Elected BSR is selected BSR 45.3.
Displayed Information Explanations Address Interface address Interface Interface name VIF index Interface index Ver/Mode Pim version and mode, usually v2,sparse mode displays S,dense mode displays D Nbr Count The interface’s neighbor count DR Prior Dr priority DR The interface’s DR address 45.3.35 show ipv6 pim mroute sparse-mode Command: show ipv6 pim mroute sparse-mode Function: Display the multicast route table of PIM-SM.
(2000:1:111::11, ff1e::15) RPF nbr: :: RPF idx: None SPT bit: 1 Upstream State: JOINED Local ................................ Joined ................................ Asserted ................................ Outgoing ..o............................. (2000:1:111::11, ff1e::15, rpt) RP: 2000:1:111::100 RPF nbr: :: RPF idx: None Upstream State: NOT PRUNED Pruned ................................ Outgoing ..o.............................
45.3.36 show ipv6 pim neighbor Command: show ipv6 pim neighbor [detail|] Function: Display router neighbors. Command Mode: Any Mode Usage Guide: Display multicast router neighbors maintained by the PIM.
Flags: N = New, R = RP, S = Source, U = Unreachable Destination Type Nexthop Nexthop Num 2000:1:111::11 2000:1:111::100 …. ..Nexthop Nexthop Metric Pref Addr Ifindex Refcnt Name ..S. 1 2004 0 .RS. 1 2004 0 0 2 0 2 Displayed Information Explanations Destination Destination of next item Type N: created nexthop,RP direction and S direction are not determined .
Displayed Information Explanations RP Queried group’sRP Info source The source of Bootstrap information 45.3.39 show ipv6 pim rp mapping Command: show ipv6 pim rp mapping Function: Display Group-to-RP Mapping and RP. Command Mode: Any Mode Usage Guide: Display the current RP and mapping relationship.
debug ipv6 pim anycast-rp no debug ipv6 pim anycast-rp Function: Enable the debug switch of ANYCAST RP function; the no operation of this command will disable this debug switch. Command Mode: Admin Mode. Default: The debug switch of ANYCAST RP is disabled by default. Usage Guide: This command is used to enable the debug switch of ANYCAST RP of the router, it can display the information of handling PIM register packet of the switch——packet, and the information of events——event.
Command: ipv6 pim anycast-rp no ipv6 pim anycast-rp Function: Configure ANYCAST RP address(ARA)and the unicast addresses of other RP communicating with this router(as a RP). The no operation of this command will cancel the unicast address of another RP in accordance with the configured RP address. Parameters: anycast-rp-addr: RP address, the current absence of the candidate interface in accordance with the address is allowed.
Function: Configure the self-rp-address of this router (as a RP). This address will be used to exclusively identify this router from other RP, and to communicate with other RP. The no operation of this command will cancel the configured unicast address used by this router (as a RP) to communicate with other RP. Parameters: self-rp-addr: The unicast address used by this router (as a RP) to communicate with other RP. Command Mode: Global Configuration Mode.
ifname: the specified name of the interface. A:B::C:D/M: the ip prefix and mask. : the priority of RP election, ranging from 0 to 255, the default value is 192, the smaller the value is the higher the priority is. Command Mode: Global Configuration Mode. Default Setting: No RP interface is configured by default.
Admin and Configuration Mode. Usage Guide: Display the state information of ANYCAST RP, and display the mrt node information generated in the first hop RP which is currently maintained by the protocol. Example: Switch(config)#show ipv6 pim anycast-rp first-hop IP Multicast Routing Table (*,G) Entries: 0 (S,G) Entries: 1 (E,G) Entries: 0 INCLUDE (2000:1:111::2, ffle::1) Local .l.............................. Display Explanation Entries The number of all kinds of entries.
(E,G) Entries: 0 INCLUDE (2002:1:111::2, ffle::2) Local .l.............................. Display Explanation Entries The number of all kinds of entries. INCLUDE The mrt information created in the first hop RP. 45.4.9 show ipv6 pim anycast-rp status Command: show ipv6 pim anycast-rp status Command Mode: Admin and Configuration Mode.
self-rp-address: The configured self-rp-address. anycast-rp address: The configured anycast-rp-address. other rp unicast rp address: The configured other RP communication addresses in addresses in addresses in accordance with the above anycast-rp-address. other rp unicast rp address: The configured other RP communication accordance with the above anycast-rp-address. anycast-rp address: The configured anycast-rp-address*.
Example: Configure the switch to enable PIM-SSM, the group’s range is what is specified by access-list 23. Switch (config)#ipv6 pim ssm range 23 Switch(config)#ipv6 access-list standard myfilter Switch(config_IPv6_Std-Nacl-myfilter)#permit ff1e::/48 45.6 Commands for IPv6 DCSCM 45.6.
Switch(config)#ipv6 access-list 8000 permit fe80::203:228a/64 ff1e::1/64 45.6.
ipv6 multicast destination-control access-group <9000-10999> no ipv6 multicast destination-control access-group <9000-10999> Function: Configure the IPv6 multicast destination control access list used by the port, the no operation of the command will delete this configuration. Parameters: <9000-10999>: The destination control access list number. Default: Not configured. Command Mode: Port Configuration Mode.
Usage Guide: The command is only working under global IPv6 multicast destination-control enabled, after configuring the command, if MLD-SPOOPING or MLD is enabled, for adding the members to multicast group. If configuring multicast destination-control on specified net segment of transmitted MLD-REPORT, and match configured access-list, such as matching permit, the interface can be added, otherwise do not be added.
45.6.6 ipv6 multicast policy Command: ipv6 multicast policy cos no ipv6 multicast policy cos Function: Configure IPv6 policy multicast, the no operation of this command is to cancel the policy multicast of IPv6. Parameters: : The source address and the length of the mask of IPv6 multicast.
Global Configuration Mode. Usage Guide: Only when the IPv6 multicast source control is enabled globally, the source control access list can be applied to ports. After configuring this command, the IPv6 multicast data received by all the ports will be dropped by the switch if there is no matched multicast source control entry, that it only the multicast data matched as PERMIT can be received and forwarded. Example: Switch(config)#ipv6 multicast source-control 45.6.
multicast destination-control no multicast destination-control Function: Configure to globally enable IPv4 and IPv6 multicast destination control, after configuring this command, IPv4 and IPv6 multicast destination control will take effect at the same time. The no operation of this command is to recover and disable the IPv4 and IPv6 multicast destination control globally. Default: Disabled. Command Mode: Global Configuration Mode.
Usage Guide: Use this command to display the configured multicast destination control rules, if including the detail option, it will also display the details of the access-list in use.
Command: show ipv6 multicast policy Function: Display the configured IPv6 multicast policy. Command Mode: Admin Mode. Usage Guide: Use this command to display the configured IPv6 multicast policy. Example: switch#show ipv6 multicast policy ipv6 multicast-policy 2003::2/64 ff1e::3/64 cos 5 45.6.
Command: show ipv6 multicast source-control access-list show ipv6 multicast source-control access-list <8000-8099> Function: Display the configured IPv6 source control multicast access list. Parameters: <8000-8099>: Access list number. Command Mode: Admin Mode. Usage Guide: Use this command to display the configured source control multicast access list.
45.7.2 debug ipv6 mld events Command: debug ipv6 mld events no debug ipv6 mld events Function: Enable the debug switch that displays MLD events. The “no debug ipv6 mld events” command disables the debug switch. Default: Disabled. Command Mode: Admin Mode. Usage Guide: This switch can be enabled to get MLD events information.
1970/01/01 07:33:12 IMI: Type: Listener Report (131) 1970/01/01 07:33:12 IMI: Code: 0 1970/01/01 07:33:12 IMI: Checksum: 3b7a 1970/01/01 07:33:12 IMI: Max Resp Delay: 0 1970/01/01 07:33:12 IMI: Reserved: 0 1970/01/01 07:33:12 IMI: Multicast Address: ff1e::1:3 1970/01/01 07:33:12 IMI: MLD Report recv: src fe80::203:fff:fe12:3457 for ff1e::1:3 1970/01/01 07:33:12 IMI: Processing Report comes from Vlan1, ifindex 2003 1970/01/01 07:33:12 IMI: MLD(Querier) ff1e::1:3 (Vlan1): Listeners Present --> Lis
Command: ipv6 mld immediate-leave group-list {} no ipv6 mld immediate-leave Function: Configure MLD to work in the immediate leave mode, that’s when the host sends a membership qualification report that equals to leave a group, the router doesn’t send query and consider there is no this group’s member in the subnet. The “no ipv6 mld immediate-leave” command cancels the immediate leave mode.
Example: Join the interface vlan2 in multicast group with multicast address of ff1e::1:3. Switch(config)#interface vlan 2 Switch(Config-if-Vlan2)#ipv6 mld join-group ff1e::1:3 45.7.7 ipv6 mld join-group mode source Command: ipv6 mld join-group mode source <.X:X::X:X> no ipv6 mld join-group source <.X:X::X:X> Function: Configure the sources of certain multicast group which the interface join in.
Command: ipv6 mld last-member-query-interval no ipv6 mld last-member-query-interval Function: Configure the interface’s sending interval of querying specific group. The “no ipv6 mld last-member-query-interval” command cancels the manually configured value and restores the default value. Parameter: is the interval of querying specific group, it ranges from 1000 to 25500ms. It’s the integer times of 1000ms.
report received will be ignored. If some MLD group state has already been saved before this command configured, the original states will be removed and the MLD general query will be sent to collect group member qualification reports no more than the max state-count. Example: Set the MLD state-count limit of the interface vlan2 to 4000. Switch(config)#interface vlan2 Switch(Config-if-Vlan2)#ipv6 mld limit 4000 45.7.
Configure the maximum of the response time of MLD queries; the “no ipv6 mld querymax-response-time” command restores the default value. Parameter: is the maximum of the response time of MLD queries, it ranges from 1 to 25s. Default: 10s. Command Mode: Interface Configuration Mode Usage Guide: When the switch receives a query message, the host will set a timer to each multicast group. The timer’s value is between 0 to the maximum response time.
Example: Configure the interface’s timeout of MLD queries to 100s. Switch (config)#interface vlan 1 Switch(Config-if-Vlan1)#ipv6 mld query-timeout 100 45.7.13 ipv6 mld static-group Command: ipv6 mld static-group [source ] no ipv6 mld static-group [source ] Function: Configure certain static group or static source on the interface. The “no” form of this command cancels certain previously configured static group or static source.
Command: ipv6 mld version no ipv6 mld version Function: Configure the version of the MLD protocol running on the interface; the “no ipv6 mld version” command restores the manually configured version to the default one. Parameter: is the version number of the MLD protocol, with a valid range of 1-2.
ff1e::1:3 Vlan1 00:00:16 00:03:14 Switch# Displayed Information Explanations Group Address Multicast group IP address Interface The interface of multicast group Uptime The existing time of the multicast group Expires The left time to overtime 45.7.16 show ipv6 mld interface Command: show ipv6 mld interface [] Function: Display the relevant MLD information of an interface. Parameter: is the name of the interface. Display the MLD information of a specific interface.
Command: show ipv6 mld join-group show ipv6 mld join-group interface {vlan |} Function: Display the join-group messages on the interfaces. Parameters: is the name of the interface, which means to display MLD information on the specified interface. Default: Do not display Command Mode: Admin and Configuration Mode. Example: Display the MLD information on Ethernet interfaces in vlan2.
Usage Guide: Use show command to check the deleted group record. Example: Delete all groups. Switch#clear ipv6 mld snooping vlan 1 groups Relative Command: show ipv6 mld snooping vlan <1-4094> 45.8.2 clear ipv6 mld snooping vlan <1-4094> mrouter-port Command: clear ipv6 mld snooping vlan <1-4094> mrouter-port [ethernet IFNAME|IFNAME] Function: Delete the mrouter port of the specific VLAN. Parameters: <1-4094> the specific VLAN ID; ethernet the Ethernet port name; IFNAME the port name.
Command Mode: Admin Mode Default: The MLD Snooping Debugging of the switch is disabled by default Usage Guide: This command is used for enabling the switch MLD Snooping debugging, which displays the MLD data packet message processed by the switch——packet, event messages——event, timer messages——timer,messages of down streamed hardware entry——mfc,all debug messages——all. 45.8.
Enable MLD Snooping on specified VLAN; the “no” form of this command disables MLD Snooping on specified VLAN. Parameter: is the id number of the VLAN, with a valid range of <1-4094>. Command Mode: Global Mode Default: MLD Snooping disabled on VLAN by default Usage Guide: To configure MLD snooping on certain VLAN, the global MLD snooping should be first enabled.
45.8.7 ipv6 mld snooping vlan l2-general-querier Command: ipv6 mld snooping vlan < vlan-id > l2-general-querier no ipv6 mld snooping vlan < vlan-id > l2-general-querier Function: Set the VLAN to Level 2 general querier. Parameter: vlan-id: is the id number of the VLAN, with a valid range of <1-4094> Command Mode: Global Mode Default: VLAN is not a MLD Snooping L2 general querier by default. Usage Guide: It is recommended to configure an L2 general querier on a segment.
vlan-id: VLAN ID, the valid range is <1-4094> g_limit: <1-65535>, max number of groups joined s_limit: <1-65535>, max number of source entries in each group, consisting of include source and exclude source Command Mode: Global Mode Default: Maximum 50 groups by default, with each group capable with 40 source entries. Usage Guide: When number of joined group reaches the limit, new group requesting for joining in will be rejected for preventing hostile attacks.
command. Example: Switch(config)#ipv6 mld snooping vlan 2 mrouter-port interface ethernet1/0/13 45.8.10 ipv6 mld snooping vlan mrouter-port learnpim6 Command: ipv6 mld snooping vlan mrouter-port learnpim6 no ipv6 mld snooping vlan mrouter-port learnpim6 Function: Enable the function that the specified VLAN learns mrouter-port (according to pimv6 packets), the no command will disable the function. Parameter: : The specified VLAN ID, ranging from 1 to 4094.
Global Mode Default: 255s Usage Guide: This configuration is applicable on dynamic mrouter port, but not on static mrouter port. To use this command, MLD snooping must be enabled on the VLAN. Example: Switch(config)#ipv6 mld snooping vlan 2 mrpt 100 45.8.12 ipv6 mld snooping vlan query-interval Command: ipv6 mld snooping vlan query-interval no ipv6 mld snooping vlan query-interval Function: Configure the query interval.
value. Parameter: vlan-id: VLAN ID, the valid range is<1-4094> value: the valid range is <1-25> secs . Command Mode: Global Mode Default: 10s Usage Guide: It is recommended to use default value and if layer 3 MLD is in operation, please make this configuration in accordance with the MLD configuration as possible. Example: Switch(config)#ipv6 mld snooping vlan 2 query-mrsp 18 45.8.
ipv6 mld snooping vlan static-group [source< X:X::X:X>] interface [ethernet | port-channel] no ipv6 mld snooping vlan static-group [source< X:X::X:X>] interface [ethernet | port-channel] Function: Configure static-group on specified port of the VLAN. The no form of the command cancels this configuration. Parameter: vlan-id: ranging between <1-4094> X:X::X:X:The address of group or source.
Global Mode Default: 255s Usage Guide: This command can only be configured on L2 general querier. The Suppression-query-time represents the period the suppression state maintains when general querier receives queries from layer 3 MLD within the segment. To use this command, the query-intervals in different switches within the same segment must be in accordance. It is recommended to use the default value. Example: Switch(config)#ipv6 mld snooping vlan 2 suppression-query-time 270 45.8.
switch. Mld snooping is turned on for vlan On which VLAN of the switch is enabled MLD Snooping, if the 1(querier) VLAN are l2-general-querier. 2.
Mld snooping vlan 1 mrouter port Mrouter port of the VLAN, including both static and dynamic.
Chapter 46 Commands for Multicast VLAN 46.1 multicast-vlan Command: multicast-vlan no multicast-vlan Function: Enable multicast VLAN function on a VLAN; the “no” form of this command disables the multicast VLAN function. Command Mode: VLAN Configuration Mode. Default: Multicast VLAN function not enabled by default. Usage Guide: The multicast VLAN function can not be enabled on Private VLAN.
with one multicast VLAN and the association will only succeed when every VLAN listed in the VLAN ID table exists. Command Mode: VLAN Mode. Default: The multicast VLAN is not associated with any VLAN by default. Usage Guide: After a VLAN is associated with the multicast VLAN, when there comes the multicast order in the port of this VLAN, then the multicast data will be sent from the multicast VLAN to this port, so to reduce the data traffic.
Saturday (Saturday) Sunday (Sunday) Thursday (Thursday) Tuesday (Tuesday) Wednesday (Wednesday) daily weekdays (Every day of the week) (Monday thru Friday) weekend start_time end_time (Saturday thru Sunday) start time ,HH:MM:SS (hour: minute: second) end time,HH:MM:SS (hour: minute: second) Remark: time-range polling is one minute per time, so the time error shall be <= one minute. Command Mode: time-range mode Default: No time-range configuration. Usage Guide: Periodic time and date.
Parameters: start_time : start time, HH:MM:SS (hour: minute: second) end_time : end time, HH:MM:SS (hour: minute: second) start_data : start data, the format is, YYYY.MM.DD(year.month.day) end_data : end data, the format is, YYYY.MM.DD(year.month.day) Remark: time-range is one minute per time, so the time error shall be <= one minute. Command Mode: Time-range mode Default: No time-range configuration.
}} [s-port { | range ] {{ } | any-destination | {host-destination }} [d-port { | range }] [precedence ] [tos ][time-range ] access-list {deny | permit} {eigrp | gre | igrp | ipinip | ip | ospf | } {{ } | any-source | {host-source }} {{ } | any-destination | {host-destination }} [precedence ] [tos
20(0x14): PIM V1 packet Particular notice: The packet types included here are not the types excluding IP OPTION. Normally, IGMP packet contains OPTION fields, and such configuration is of no use for this type of packet. If you want to configure the packets containing OPTION, please directly use the manner where OFFSET is configured. Examples: Create the numeric extended access-list whose serial No. is 110. deny icmp packet to pass, and permit udp packet with destination address 192. 168. 0.
47.
When the user assign specific for the first time, ACL of the serial number is created, then the lists are added into this ACL. Examples: Permit tagged-eth2 with any source MAC addresses and any destination MAC addresses and the packets whose 17th and 18th byte is 0x08, 0x0 to pass. Switch(config)#access-list 1100 permit any-source-mac any-destination-mac tagged-eth2 16 2 0800 47.
{{ }|any-destination| {host-destination }}[d-port{ | range }] [precedence ] [tos ][time-range ] access-list {deny|permit}{any-source-mac| {host-source-mac }|{ }} {any-destination-mac|{host-destination-mac }|{ }} {eigrp|gre|igrp|ip|ipinip|ospf|{ }} {{ }|any-source|{host-source
enabled to form a match when in connection; precedence (optional) packets can be filtered by priority which is a number from 0-7; tos (optional) packets can be filtered by service type which ia number from 0-15; icmp-type (optional) ICMP packets can be filtered by packet type which is a number from 0-255; icmp-code (optional) ICMP packets can be filtered by packet code which is a number from 0-255; igmp-type (optional) ICMP packets can be filtered by IGMP packet name or packet type which is a number fro
Default Configuration: No access-list configured. Usage Guide: When the user assign specific for the first time, ACL of the serial number is created, then the lists are added into this ACL. Examples: Permit the passage of packets with source MAC address 00-00-XX-XX-00-01, and deny passage of packets with source MAC address 00-00-00-XX-00-ab. Switch(config)# access-list 700 permit 00-00-00-00-00-01 00-00-FF-FF-00-00 Switch(config)# access-list 700 deny 00-00-00-00-00-ab 00-00-00-FF-00-00 47.
It is no use if default is firewall. Command Mode: Global mode Usage Guide: Whether enabling or disabling firewall, access rules can be configured. But only when the firewall is enabled, the rules can be used in specific orientations of specific ports. When disabling the firewall, all ACL tied to ports will be deleted. Examples: Enable firewall. Switch(config)#firewall enable 47.
47.11 ip access standard Command: ip access standard no ip access standard Function: Create a named standard access list. The no prefix will remove the named standard access list including all the rules in the list. Parameters: is the name of the access list. The name can be formed by non-all-digit characters of length of 1 to 32. Command Mode: Global Mode. Default: No access list is configured by default.
{host-source }} [s-port { | range }] {{ } | any-destination | {host-destination }} [dPort { | range }] [dscp ] [flow-label ][time-range ] ipv6 access-list {deny | permit} { | any-source | {host-source }} { | any-destination | {host-destination }} [dscp ] [flow
Switch (config)#ipv6 access-list 520 permit 2003:1:2:3::1/64 Switch (config)#ipv6 access-list 520 deny 2003:1:2:::1/48 47.13 ipv6 access standard Command: ipv6 access-list standard no ipv6 access-list standard Function: Create a name-based standard IPv6 access list; the “no ipv6 access-list standard”command deletes the name-based standard IPv6 access list (including all entries). Parameter: is the name for access list, the character string length is from 1 to 32.
Global Mode. Default: No IP address is configured by default. Usage Guide: When this command is run for the first time, only an empty access list with no entry will be created. Example: Create an extensive IPv6 access list named tcpFlow. Switch (config)#ipv6 access-list extended tcpFlow 47.
3. IP ACL that match flowlabel can not be bound There are four kinds of packet head field based on concerned: MAC ACL, IP ACL, MAC-IP ACL and IPv6 ACL; to some extent, ACL filter behavior (permit, deny) has a conflict when a data packet matches multi types of four ACLs. The strict priorities are specified for each ACL based on outcome veracity. It can determine final behavior of packet filter through priority when the filter behavior has a conflict.
Examples: Create an MAC ACL named mac_acl. Switch(config)# mac-access-list extended mac_acl Switch(Config-Mac-Ext-Nacl-mac_acl)# 47.17 mac-ip access extended Command: mac-ip-access-list extended no mac-ip-access-list extended Functions: Define a name-manner MAC-IP ACL or enter access-list configuration mode, “no mac-ip-access-list extended ” command deletes this ACL.
{{ } | any-destination | {host-destination }} [] [precedence ] [tos ][time-range] [no] {deny | permit} tcp {{ } | any-source | {host-source }} [s-port { | range }] {{ } | any-destination | {host-destination }} [d-port { | range }] [ack+fin+psh+rst+urg+syn] [precedence ] [tos ][time-range ] [no] {deny
47.19 permit | deny(ip standard) Command: {deny | permit} {{ } | any-source | {host-source }} no {deny | permit} {{ } | any-source | {host-source }} Functions: Create a name standard IP access rule, and “no {deny | permit} {{ } | any-source | {host-source }}” action of this command deletes this name standard IP access rule.
[no] {deny | permit} udp { | any-source | {host-source }} [s-port { | range }] { | any-destination | {host-destination }} [d-port { | range }] [dscp ] [flow-label ][time-range ] [no] {deny | permit} { | any-source | {host-source }} { | any-destination | {host-destination
47.21 permit | deny(ipv6 standard) Command: [no] {deny | permit} {{} | any-source | {host-source }} Function: Create a standard nomenclature IPv6 access control rule; the no form of this command deletes the nomenclature standard IPv6 access control rule. Parameter: is the prefix of the source IPv6 address, is the length of the IPv6 address prefix, the valid range is 1~128. is the source IPv6 address.
}} [untagged-eth2 [ethertype [protocol-mask]]] [no]{deny|permit}{any-source-mac|{host-source-mac }|{ }} {any-destination-mac|{host-destination-mac }|{ }} [untagged-802-3] [no]{deny|permit} {any-source-mac|{host-source-mac }|{ }} {any-destination-mac|{host-destination-mac }|{ }} [tagged-eth2 [cos [ ]] [vlanId [ ]] [et
any-destination-mac untagged-802-3 Switch(Config-Mac-Ext-Nacl-macExt)#deny 00-12-11-23-00-00 00-00-00-00-ff-ff any tagged-802 47.
{{}|any-source|{host-source}} {{}|any-destination|{host-destination }} [precedence ] [tos ][time-range] Functions: Define an extended name MAC-IP ACL rule, no form deletes one extended numeric MAC-IP ACL access-list rule. Parameters: num access-list serial No. this is a decimal’s No.
Command Mode: Name extended MAC-IP access-list configuration mode Default: No access-list configured. Examples: Deny the passage of UDP packets with any source MAC address and destination MAC address, any source IP address and destination IP address, and source port 100 and destination port 40000. Switch(config)# mac-ip-access-list extended macIpExt Switch(Config-MacIp-Ext-Nacl-macIpExt)# deny any-source-mac any-destination-mac udp any-source s-port 100 any-destination d-port 40000 47.
access-list 3100 deny any-source-mac any-destination-mac udp any-source s-port 100 any-destination d-port 40000 Displayed information Explanation access-list 10(used 1 time(s)) Number ACL10, 0 time to be used access-list 10 deny any-source Deny any IP packets to pass access-list 100(used 1 time(s)) Nnumber ACL10, 1 time to be used access-list 100 deny ip any-source any-destination access-list 100 destination address to pass deny tcp any-source any-destination access-list 1100 Deny IP pa
IP Ingress access-list used is 100, traffic-statistics Disable. interface name: Ethernet1/0/2 IP Ingress access-list used is 1, packet(s) number is 11110. Displayed information Explanation interface name: Ethernet 1/0/1 Tying situation on port Ethernet1/0/1 IP Ingress access-list used is 100 No. 100 numeric expansion ACL tied to entrance of port Ethernet1/0/1 packet(s) number is 11110 Number of packets matching this ACL rule 47.
Command Mode: Admin and Configuration Mode. Usage Guide: When no access control list is specified, all the access control lists will be displayed; in used x time (s) is shown the times the ACL had been quoted.
47.29 time-range Command: [no] time-range Functions: Create the name of time-range as time range name, enter the time-range mode at the same time. Parameters: time_range_name, time range name must start with letter, and the length cannot exceed 16 characters long. Command Mode: Global mode Default: No time-range configuration. Examples: Create a time-range named admin_timer.
Chapter 48 Commands for 802.1x 48.1 debug dot1x detail Command: debug dot1x detail {pkt-send | pkt-receive | internal | all | userbased | webbased} interface [ethernet] no debug dot1x detail { pkt-send | pkt-receive | internal | all | userbased | webbased} interface [ethernet] Function: Enable the debug information of dot1x details; the no operation of this command will disable that debug information.
Enable the debug information of dot1x about errors; the no operation of this command will disable that debug information. Command Mode: Admin Mode. Usage Guide: By enabling the debug information of dot1x about errors, users can check the information of errors that occur in the processes of the Radius protocol operation, which might help diagnose the cause of faults if there is any. Example: Enable the debug information of dot1x about errors. Switch#debug dot1x error 48.
48.4 debug dot1x packet Command: debug dot1x packet {all | receive | send} interface no debug dot1x packet {all | receive | send} interface Function: Enable the debug information of dot1x about messages; the no operation of this command will disable that debug information. Command Mode: Admin Mode.
Global Mode. Usage Guide: The dot1x address filter function is implemented according to the MAC address filter table, dot1x address filter table is manually added or deleted by the user. When a port is specified in adding a dot1x address filter table entry, that entry applies to the port only; when no port is specified, the entry applies to all ports in the switch. When dot1x address filter function is enabled, the switch will filter the authentication user by the MAC address.
48.7 dot1x enable Command: dot1x enable no dot1x enable Function: Enables the 802.1x function in the switch and ports: the "no dot1x enable" command disables the 802.1x function. Command mode: Global Mode and Port Mode. Default: 802.1x function is not enabled in global mode by default; if 802.1x is enabled under Global Mode, 802.1x will not be enabled for the ports by default. Usage Guide: The 802.1x authentication for the switch must be enabled first to enable 802.
Default Settings: There is no 802.1x guest-vlan function on the port. User Guide: The access device will add the port into Guest VLAN if there is no supplicant getting authenticated successfully in a certain stretch of time because of lacking exclusive authentication supplicant system or the version of the supplicant system being too low. In Guest VLAN, users can get 802.
Default: dot1x address filter is disabled by default. Usage Guide: When dot1x address filter function is enabled, the switch will filter the authentication user by the MAC address. Only the authentication request initialed by the users in the dot1x address filter table will be accepted. Example: Enabling dot1x address filter function for the switch. Switch(config)#dot1x macfilter enable 48.
Function: To configure 802.1x free resource; the no form command closes this function. Parameter: is the segment for limited resource, in dotted decimal format; is the mask for limited resource, in dotted decimal format. Command Mode: Global Mode. Default: There is no free resource by default. Usage Guide: This command is available only if user based access control is applied.
authenticated exceeds the number of allowed user, additional users will not be able to access the network. Example: Setting port 1/0/3 to allow 5 users. Switch(Config-If-Ethernet1/0/3)#dot1x max-user macbased 5 48.13 dot1x max-user userbased Command: dot1x max-user userbased no dot1x max-user userbased Function: Set the upper limit of the number of users allowed access the specified port when using user-based access control mode; the no command is used to reset the default value.
setting. Parameters: auto enable 802.1x authentication, the port authorization status is determined by the authentication information between the switch and the supplicant; force-authorized sets port to authorized status, unauthenticated data is allowed to pass through the port; force-unauthorized will set the port to non-authorized mode, the switch will not provide authentication for the supplicant and prohibit data from passing through the port. Command mode: Port configuration Mode Default: When 802.
This command is used to configure the dot1x authentication method for the specified port. When port based authentication is applied, only one host can authenticate itself through one port. And after authentication, the host will be able to access all the resources. When MAC based authentication is applied, multiple host which are connected to one port can access all the network resources after authentication.
To force the authentication client to use private 802.1x authentication protocol. Switch(config)#dot1x privateclient enable 48.17 dot1x privateclient protect enable Command: dot1x privateclient protect enable no dot1x privateclient protect enable Function: Enable the privateclient protect function of the switch, the no command disables the protect function. Command mode: Global Mode Default: Disable the privateclient protect function.
authentication. Example: Enabling real-time re-authentication on port1/0/8. Switch(config)#dot1x re-authenticate interface ethernet 1/0/8 48.19 dot1x re-authentication Command: dot1x re-authentication no dot1x re-authentication Function: Enables periodical supplicant authentication; the “no dot1x re-authentication” command disables this function. Command mode: Global Mode. Default: Periodical re-authentication is disabled by default.
Global Mode. Default: The default value is 10 seconds. Usage Guide: Default value is recommended. Example: Setting the silent time to 120 seconds. Switch(config)#dot1x timeout quiet-period 120 48.21 dot1x timeout re-authperiod Command: dot1x timeout re-authperiod no dot1x timeout re-authperiod Function: Sets the supplicant re-authentication interval; the “no dot1x timeout re-authperiod” command restores the default setting.
no dot1x timeout tx-period Function: Sets the interval for the supplicant to re-transmit EAP request/identity frame; the “no dot1x timeout tx-period” command restores the default setting. Parameters: is the interval for re-transmission of EAP request frames, in seconds; the valid range is 1 to 65535. Command mode: Global Mode. Default: The default value is 30 seconds. Usage Guide: Default value is recommended. Example: Setting the EAP request frame re-transmission interval to 1200 seconds.
Switch(config)#interface ethernet 1/0/1 Switch(Config-If-Ethernet1/0/1)#dot1x enable 48.24 show dot1x Command: show dot1x [interface ] Function: Displays dot1x parameter related information, if parameter information is added, corresponding dot1x status for corresponding port is displayed. Parameters: is the port list. If no parameter is specified, information for all ports is displayed. Command mode: Admin and Configuration Mode.
Status Authorized Port-control Auto Supplicant ,A8-F7-E0-FE-2E-D3 Authenticator State Machine State Authenticated Backend State Machine State Idle Reauthentication State Machine State Stop Displayed information Explanation Global 802.1x Parameters Global 802.
Function: Set the global max number of IPv4 controlled/trusted users. Command Mode: Global Configuration Mode. Default Settings: The max IPv4 user number supported by the switch is 128. Usage Guide: This command is for setting the max IPv4 user number supported by the switch, ranging from 1 to 700. This number limit is the sum of dot1x user number and the trusted user number added by ip dhcp snooping binding user-control. Example: Set the max IPv4 user number globally.
Chapter 49 Commands for the Number Limitation Function of MAC and IP in Port, VLAN 49.1 debug ip arp count Command: debug ip arp count no debug ip arp count Function: When the number limitation function debug of ARP in the VLAN, if the number of dynamic ARP and the number of ARP in the VLAN is larger than the max number allowed, users will see debug information. ”no debug ip arp count” command is used to disable the number limitation function debug of ARP in the VLAN. Command Mode: Admin Mode.
Command Mode: Admin Mode. Usage Guide: Display the debug information of the number of dynamic neighbor in the VLAN. Examples: Switch#debug vlan mac count %Jun 14 16:04:40 2007 Current neighbor count 21 is more than or equal to the maximum limit in vlan 1!! 49.
When the number limitation function debug of MAC on the port, if the number of dynamic MAC and the number of MAC on the port is larger than the max number allowed, users will see debug information. ”no debug switchport mac count” command is used to disable the number limitation function debug of MAC on the port. Command Mode: Admin Mode Usage Guide: Display the debug information of the number of dynamic MAC on the port.
49.6 debug vlan mac count Command: debug vlan mac count no debug vlan mac count Function: When the number limitation function debug of MAC in the VLAN, if the number of dynamic MAC and the number of MAC in the VLAN is larger than the max number allowed, users will see debug information. ”no debug vlan mac count” command is used to disable the number limitation function debug of MAC in the VLAN. Command Mode: Admin Mode. Usage Guide: Display the debug information of the number of dynamic MAC in the VLAN.
When configuring the max number of dynamic ARP allowed in the VLAN, if the number of dynamically learnt ARP in the VLAN is already larger than the max number to be set, the extra dynamic ARP will be deleted. Examples: Enable the number limitation function of dynamic ARP in VLAN 1, the max number to be set is 50. Switch(config)#interface ethernet Switch(Config-if-Vlan1)# ip arp dynamic maximum 50 Disable the number limitation function of dynamic ARP in VLAN 1.
Switch(Config-if-Vlan1)#no ipv6 nd dynamic maximum 49.9 mac-address query timeout Command: mac-address query timeout Function: Set the timeout value of querying dynamic MAC. Parameter: is timeout value, in second, ranging from 30 to 300. Default Settings: Default value is 60 seconds. Command Mode: Global mode Usage Guide: After enabling the number limitation of MAC, users can use this command to configure the timeout value of querying dynamic MAC.
Examples: Display the number of dynamic ARP of the port and VLAN which are configured with number limitation function of ARP.
Vlan MaxCount CurrentCount ----------------------------------------------------------------------------------------------------1 55 15 ----------------------------------------------------------------------------------------------------- 49.12 show nd-dynamic count Command: show nd-dynamic count {(vlan <1-4096>)| interface ethernet } Function: Display the number of dynamic ND of corresponding port and VLAN. Parameters: is play the specified vlan ID.
no switchport arp dynamic maximum Function: Set the max number of dynamic ARP allowed by the port, and, at the same time, enable the number limitation function of dynamic ARP on the port; “no switchport arp dynamic maximum” command is used to disable the number limitation function of dynamic ARP on the port. Parameters: upper limit of the number of dynamic ARP of the port, ranging from 1 to 4096. Default Settings: The number limitation function of dynamic ARP on the port is disabled.
Command Mode: Port mode. Usage Guide: When configuring the max number of dynamic MAC address allowed by the port, if the number of dynamically learnt MAC address on the port is already larger than the max number of dynamic MAC address to be set, the extra dynamic MAC addresses will be deleted. This function is mutually exclusive to functions such as dot1x, MAC binding, if the functions of dot1x, MAC binding or TRUNK are enabled on the port, this function will not be allowed.
shutdown, the port will be disabled when the MAC address number exceeds the upper limit of secure MAC, and the user can enable the port by configuring no shutdown command manually or the automatic recovery timeout. Example: Set the violation mode as shutdown, the recovery time as 60s for port1. Switch(config)#interface Ethernet 1/0/1 Switch(Config-If-Ethernet1/0/1)#switchport mac-address violation shutdown recovery 60 49.
49.17 vlan mac-address dynamic maximum Command: vlan mac-address dynamic maximum no vlan mac-address dynamic maximum Function: Set the max number of dynamic MAC address allowed in the VLAN, and, at the same time, enable the number limitation function of dynamic MAC address in the VLAN; “no ip mac-address dynamic maximum” command is used to disable the number limitation function of dynamic MAC address in the VLAN.
Chapter 50 Commands for AM Configuration 50.1 am enable Command: am enable no am enable Function: Globally enable/disable AM function. Default: AM function is disabled by default. Command Mode: Global Mode. Example: Switch(config)#am enable Disable AM function on the switch. Switch(config)#no am enable 50.2 am port Command: am iport no am port Function: Enable/disable AM function on port. Default: AM function is disabled on all port. Command Mode: Port Mode.
Switch(Config-If-Ethernet 1/0/3)#no am port 50.3 am ip-pool Command: am ip-pool no am ip-pool Function: Set the AM IP segment of the interface, allow/deny the IP messages or APR messages from a source IP within that segment to be forwarded via the interface. Parameters: the starting address of an address segment in the IP address pool; is the number of consecutive addresses following ip-address, less than or equal with 32.
Command Mode: Port Mode. Example: Configure that the interface 1/0/3 of the switch will allow data packets with a source MAC address of 11-22-22-11-11-11 and a source IP address of 10.10.10.1 to be forwarded. Switch(Config-If-Ethernet1/0/3)#am mac-ip-pool 11-22-22-11-11-11 10.10.10.1 50.5 no am all Command: no am all [ip-pool | mac-ip-pool] Function: Delete MAC-IP address pool or IP address pool or both pools configured by all users.
Example: Display all configured AM entries. Switch#show am AM is enabled Interface Ethernet1/0/3 am interface am ip-pool 30.10.10.1 20 Interface Ethernet1/0/5 am interface am ip-pool 50.10.10.1 30 am mac-ip-pool 00-02-04-06-08-09 20.10.10.5 am ip-pool 50.20.10.1 20 Interface Ethernet1/0/6 am interface Interface Ethernet1/0/1 am interface am ip-pool 10.10.10.1 20 am ip-pool 10.20.10.1 20 Display the AM configuration entries of ehternet1/0/5 of the switch.
Chapter 51 Commands for TACACS+ 51.1 tacacs-server authentication host Command: tacacs-server authentication host [port ] [timeout ] [key ] [primary] no tacacs-server authentication host Function: Configure the IP address, listening port number, the value of timeout timer and the key string of the TACACS+ server; the no form of this command deletes TACACS+ authentication server.
51.2 tacacs-server key Command: tacacs-server key no tacacs-server key Function: Configure the key of TACACS+ authentication server; the “no tacacs-server key” command deletes the TACACS+ server key. Parameter: is the character string of the TACACS+ server key, containing maximum 16 characters. Command Mode: Global Mode Usage Guide: The key is used on encrypted packet communication between the switch and the TACACS+ server.
Global Mode Usage Guide: The source IP address must belongs to one of the IP interface of the switch, otherwise an failure message of binding IP address will be returned when the switch send TACACS+ packet. We suggest using the IP address of loopback interface as source IP address, it avoids that the packets from TACACS+ server are dropped when the interface link-down. Example: Configure the source ip address of TACACS+ packet as 192.168.2.254. Switch#tacacs-server nas-ipv4 192.168.2.254 51.
51.5 debug tacacs-server Command: debug tacacs-server no debug tacacs-server Function: Open the debug message of the TACACS+; the “no debug tacacs-server” command closes the TACACS+ debugging messages. Command Mode: Admin Mode Usage Guide: Enable the TACACS+ debugging messages to check the negotiation process of the TACACS+ protocol which can help detecting the failure. Example: Enable the debugging messages of the TACACS+ protocol.
Chapter 52 Commands for RADIUS 52.1 aaa enable Command: aaa enable no aaa enable Function: Enables the AAA authentication function in the switch; the "no AAA enable" command disables the AAA authentication function. Command mode: Global Mode. Default: AAA authentication is not enabled by default. Usage Guide: The AAA authentication for the switch must be enabled first to enable IEEE 802.1x authentication for the switch. Example: Enabling AAA function for the switch. Switch(config)#aaa enable 52.
online time for port the authenticated user is using. The switch will send an “accounting started” message to the RADIUS accounting server on starting the accounting, and an accounting packet for the online user to the RADIUS accounting server every five seconds, and an “accounting stopped” message is sent to the RADIUS accounting server on accounting end.
Enable the debug information of AAA about receiving and sending packets; the no operation of this command will disable such debug information. Parameters: send: Enable the debug information of AAA about sending packets. receive: Enable the debug information of AAA about receiving packets. all: Enable the debug information of AAA about both sending and receiving packets. : the number of interface. : the name of interface. Command Mode: Admin Mode.
Switch#debug detail attribute interface Ethernet 1/0/1 52.6 debug aaa detail connection Command: debug aaa detail connection no debug aaa detail connection Function: Enable the debug information of aaa about connection details; the no operation of this command will disable that debug information. Command Mode: Admin Mode. Usage Guide: By enabling the debug information of aaa about connection details, users can check connection details of aaa, which might help diagnose the cause of faults if there is any.
Switch#debug aaa detail event 52.8 debug aaa error Command: debug aaa error no debug error Function: Enable the debug information of aaa about errors; the no operation of this command will disable that debug information. Command Mode: Admin Mode. Usage Guide: By enabling the debug information of aaa about errors, users can check the information of all kinds of errors that occurs in the operation process of Radius protocol, which might help diagnose the cause of faults if there is any.
Global Mode. Usage guide: The source IP address must belongs to one of the IP interface of the switch, otherwise an failure message of binding IP address will be returned when the switch send RADIUS packet. We suggest using the IP address of loopback interface as source IP address, it avoids that the packets from RADIUS server are dropped when the interface link-down. Example: Configure the source ip address of RADIUS packet as 192.168.2.254. Switch#radius nas-ipv4 192.168.2.254 52.
52.11 radius-server accounting host Command: radius-server accounting host { | } [port ] [key ] [primary] no radius-server accounting host { | } Function: Specifies the IPv4/IPv6 address and the port number, whether be primary server for RADIUS accounting server; the no command deletes the RADIUS accounting server.
52.12 radius-server authentication host Command: radius-server authentication host { | } [port ] [key ] [primary] [access-mode {dot1x | telnet}] no radius-server authentication host { | } Function: Specifies the IPv4 address or IPv6 address and listening port number, cipher key, whether be primary server or not and access mode for the RADIUS server; the no command deletes the RADIUS authentication server.
option and all services can use current RADIUS server by default. Example: Setting the RADIUS authentication server address as 2004:1:2:3::2. Switch(config)#radius-server authentication host 2004:1:2:3::2 52.13 radius-server dead-time Command: radius-server dead-time no radius-server dead-time Function: Configures the restore time when RADIUS server is down; the “no radius-server dead-time” command restores the default setting.
command deletes the key for RADIUS server. Parameters: is a key string for RADIUS server, up to 16 characters are allowed. Command mode: Global Mode Usage Guide: The key is used in the encrypted communication between the switch and the specified RADIUS server. The key set must be the same as the RADIUS server set, otherwise, proper RADIUS authentication and accounting will not perform properly. Example: Setting the RADIUS authentication key to be “test”. Switch(config)#radius-server key test 52.
Switch(config)#radius-server retransmit 5 52.16 radius-server timeout Command: radius-server timeout no radius-server timeout Function: Configures the timeout timer for RADIUS server; the “no radius-server timeout” command restores the default setting. Parameters: is the timer value (second) for RADIUS server timeout, the valid range is 1 to 1000. Command mode: Global Mode Default: The default value is 3 seconds.
to 3600. Command Mode: Global Mode. Default: The default interval of sending fee-counting update messages is 300 seconds. User Guide: This command set the interval at which NAS sends fee-counting update messages. In order to realize the real time fee-counting of users, from the moment the user becomes online, NAS will send a fee-counting update message of this user to the RADIUS server at the configured interval.
Usually the administrator concerns only information about the online user, the other information displayed is used for troubleshooting by technical support. Example: Switch#show aaa authenticated-user ------------------------- authenticated users ------------------------------UserName Retry RadID Port EapID ChapID OnTime UserIP MAC ----------------------------------------------------------------------------- --------------- total: 0 --------------- 52.
Function: Displays the configured commands for the switch as a RADIUS client. Command mode: Admin and Configuration Mode. Usage Guide: Displays whether aaa authentication, accounting are enabled and information for key, authentication and accounting server specified.
Dead Time = 5min :The tautology interval of the dead server Account Time Interval = 0min :The account time interval 52.21 show radius authenticated-user count Command: show radius authenticated-user count Function: Show the number of on-line users who have already passed the authentication. Command mode: Admin and configuration mode Example: Switch#show radius authenticated-user count The authenticated online user num is: 105 52.
authenticated-user displays the authenticated users online; authenticating-user displays the authenticating users. Command mode: Admin and Configuration Mode. Usage Guide: The statistics for RADIUS authentication users can be displayed with the “show radius count” command. Example: 1. Display the statistics for RADIUS authenticated users. Switch#show radius authenticated-user count The authenticated online user num is: 0 2. Display the statistics for RADIUS authenticated users and others.
Chapter 53 Commands for SSL Configuration 53.1 ip http secure-server Command: ip http secure-server no ip http secure-server Function: Enable/disable SSL function. Command Mode: Global Mode. Default: Disabled. Usage Guide: This command is used for enable and disable SSL function. After enable SSL function, the users visit the switch through https client, switch and client use SSL connect, can form safety SSL connect channel.
Default: Not configure. Usage Guide: If this command is used to configure the port number, then the configured port number is used to monitor. If the port number for https is changed, when users try to use https to connect, must use the changed one. For example: https://device:port_number. SSL function must reboot after every change. Example: Configure the port number is 1028. Switch(config)#ip http secure-port 1028 53.
53.4 show ip http secure-server status Command: show ip http secure-server status Function: Show the status for the configured SSL. Command Mode: Admin and Configuration Mode. Example: Switch# show ip http secure-server status HTTP secure server status: Enabled HTTP secure server port: 1028 HTTP secure server ciphersuite: rc4-128-sha 53.5 debug ssl Command: debug ssl no debug ssl Function: Show the configured SSL information, the no command closes the DEBUG. Command Mode: Admin Mode.
Chapter 54 Commands for IPv6 Security RA 54.1 ipv6 security-ra enable Command: ipv6 security-ra enable no ipv6 security-ra enable Function: Globally enable IPv6 security RA function, all the RA advertisement messages will not be forwarded through hardware, but only sent to CPU to handle. The no operation of this command will globally disable IPv6 security RA function. Command Mode: Global Configuration Mode. Default: The IPv6 security RA function is disabled by default.
Port Configuration Mode. Default: IPv6 security RA function is disabled by default. Usage Guide: Only after globally enabling the security RA function, can the security RA on a port be enabled. Globally disabling security RA will clear all the configured security RA ports. Example: Enable IPv6 security RA on a port. Switch(Config-If-Ethernet1/0/2)#ipv6 security-ra enable 54.
Function: Enable the debug information of IPv6 security RA; the no operation of this command will disable the debug information of IPv6 security RA. Command Mode: Admin Mode. Usage Guide: Users can check the proceeds of message handling of IPv6 security RA, which will help investigate the causes to problems if there is any. Example: Enable the debug information of IPv6 security RA.
Chapter 55 Commands for VLAN-ACL 55.1 clear vacl statistic vlan Command: clear vacl [in | out] statistic vlan [<1-4094>] Function: This command can clear the statistic information of VACL. Parameter: in | out: Clear the traffic statistic of the ingress/egress. vlan <1-4094>: The VLAN which needs to clear the VACL statistic information. If do not input VLAN ID, then clear all VLAN statistic information. Command mode: Admin Mode. Example: Clear VACL statistic information of Vlan1.
[aeiou] match any letter in “aeiou” \ Escape Character is used to match the intervocalic character, for example, \$ will match the $ character, but it is not match the end of the character string \w match the letter, the number or the underline \b match the beginning or the end of the words \W match any characters which are not alphabet letter, number and underline \B match the locations which are not the begin or end of the word [^x] match any characters except x [^aeiou] match any characters except incl
55.3 vacl ip access-group Command: vacl ip access-group {<1-299> | WORD} {in | out} [traffic-statistic] vlan WORD no vacl ip access-group {<1-299> | WORD} {in | out} vlan WORD Function: This command configure VACL of IP type on the specific VLAN. Parameter: <1-299> | WORD: Configure the numeric IP ACL (include: standard ACL rule <1-99>, extended ACL rule <100-299>) or the named ACL. in | out: Filter the ingress/egress traffic. traffic-statistic: Enable the statistic of matched packets number.
Command mode: Global Mode. Usage Guide: Use “;” or “-” to input the VLAN or multi-VLANs, but do not exceed 128, and CLI length can not exceed 80 characters. At present, IPv6 ACL that match flowlabel can not be bound to VLAN Egress direction. Example: Configure the numeric IPv6 ACL for Vlan 5. Switch(config)#vacl ipv6 access-group 600 in traffic-statistic vlan 5 55.
vacl mac-ip access-group {<3100-3299> | WORD} {in | out} [traffic-statistic] vlan WORD no vacl mac-ip access-group {<3100-3299> | WORD} {in | out} vlan WORD Function: This command configure VACL of MAC-IP type on the specific VLAN. Parameter: <3100-3299> | WORD: Configure the numeric IP ACL or the named ACL. in | out: Filter the ingress/egress traffic. traffic-statistic: Enable the statistic of matched packets number. vlan WORD: The VLAN will be bound to VACL. Command mode: Global Mode.
Chapter 56 Commands for MAB 56.1 authentication mab Command: authentication mab {radius | none} no authentication mab Function: Configure the authentication mode and priority of MAC address authentication, the no command restores the default authentication mode. Parameters: radius means RADIUS authentication mode, none means the authentication is needless. Default: Using RADIUS authentication mode.
Command Mode: Admin Mode Example: Delete all MAB binding. Switch#clear mac-authentication-bypass binding all 56.3 debug mac-authentication-bypass Command: debug mac-authentication-bypass {packet | event | binding} Function: Enable the debugging of the packet information, event information or binding information for MAB authentication. Parameters: packet: Enable the debugging of the packet information for MAB authentication. event: Enable the debugging of the event information for MAB authentication.
The max binding number of MAB is 3. Usage Guide: Set the max binding number of MAB. When the binding number reaches to the max value, the port will stop binding, if the max binding number is less than the current binding number of the port, the setting will be unsuccessful. Example: Configure the max binding number as 10. Switch(Config)#interface ethernet 1/0/1 Switch(Config-If-Ethernet1/0/1)#mac-authentication-bypass binding-limit 10 56.
Function: Set guest vlan of MAB authentication. The no command deletes guest vlan. Parameters: <1-4094>: guest vlan ID, ranging from 1 to 4094. Command Mode: Port Mode Usage Guide: Set guest vlan of MAB authentication, only Hybrid port use this command, it is not take effect on access port. After MAB authentication is failing, if the existent guest vlan is configured by the port connecting to the MAB user, the MAB user can join and access guest vlan.
56.8 mac-authentication-bypass timeout linkup-period Command: mac-authentication-bypass timeout linkup-period <0-30> no mac-authentication-bypass timeout linkup-period Function: Set the interval between down and up when VLAN binding in a port is changing to assure the user can obtain IP again. Parameters: <0-30>: After the port is shutdown automatically, the interval before it up again, the unit is second, 0 means there is no down/up operation. Command Mode: Global Mode Default: The interval is 0.
offline-detect time is 180s. Usage Guide: When offline-detect time is 0, the switch does not detect MAB binding, when offline-detect time is 60s to 7200s, the switch timely detects the flow corresponding to the MAB binding. If there is no flow in the period of offline-detect time, it will delete this binding and forbid the flow to pass. Example: Configure offline-detect time as 200s. Switch(Config)#mac-authentication-bypass timeout offline-detect 200 56.
no mac-authentication-bypass timeout reauth-period Function: Set the reauthentication interval at failing authentication state. The no command restores the default value. Parameters: <1-3600>: reauthentication interval, ranging from 1 to 3600s. Command Mode: Global Mode Default: reauthentication interval is 30s.
Switch(Config)#mac-authentication-bypass timeout stale-period 40 56.13 mac-authentication-bypass username-format Command: mac-authentication-bypass username-format {mac-address | {fixed username WORD password WORD}} Function: Set the authenticate method of MAB authentication. Parameters: mac-address: Use MAC address of MAB user as username and password to authenticate.
Command Mode: Admin Mode Example: Show the binding information of all MAB users.
Client MAC: 00-0a-eb-6a-7f-8e Binding State: MAB_AUTHENTICATED Binding State Lease: 164 seconds left Displayed information Explanation MAB enable MAB function enabled or not Binding info The MAB binding number of the specified port MAB Binding built at The time when the user binding was created VID The VLAN that MAB user belongs Port The binding port Client MAC MAC address Binding State Authentication state Binding State Lease Remain time before the binding release 56-10
Chapter 57 Commands for PPPoE Intermediate Agent 57.1 debug pppoe intermediate agent packet {receive | send} interface ethernet Command: debug pppoe intermediate agent packet (receive | send|) interface ethernet no debug pppoe intermediate agent packet (receive | send|) interface ethernet Function: Enable PPPoE packet debug for the specified port, the no command disables it. Parameter: receive: Enable the debug that receive PPPoE packet.
Enable global PPPoE intermediate agent function. The no command disables global PPPoE intermediate agent function. Command Mode: Global mode. Default: Disable global PPPoE intermediate agent function. Usage Guide: After enable global PPPoE IA function, process the packet of PPPoE discovery stage according to the related configuration. Example: Enable global PPPoE intermediate agent function. Switch(config)#pppoe intermediate agent 57.
57.4 pppoe intermediate-agent access-node-id Command: pppoe intermediate-agent access-node-id no pppoe intermediate-agent access-node-id Function: Configure access-node-id field value of circuit ID in the added vendor tag. Parameter: : access-node-id, the max character number is 47 bytes. Command Mode: Global mode Default: access-node-id as MAC address of the switch Usage Guide: Use this configuration to create access-node-id of circuit ID in vendor tag.
Port mode Default: This configuration is null. Usage Guide: This command configures circuit-id alone for each port, the priority is higher than pppoe intermediate-agent identifier-string command. Example: Configure circuit-id as abcd/efgh on port ethernet1/0/3 of vlan3. Switch(config-if-ethernet1/0/3)#pppoe intermediate-agent circuit-id abcd/efgh After port ethernet1/0/3 of vlan3 receives PPPoE packet, circuit-id value of the added vendor tag as ”abcd/efgh”. 57.
+ e + t + h + space, occupy 5 bytes, Slot ID occupies 2 bytes, Port Index occupies 3 bytes, Vlan ID occupies 4 bytes, delimiter occupies 1 byte. Example: Configure access-node-id as xyz, use spv combination mode, delimiter of Slot ID and Port ID as “#”, delimiter of Port ID and Vlan ID as “/”.
57.8 pppoe intermediate-agent trust Command: pppoe intermediate-agent trust no pppoe intermediate-agent trust Function: Configure the port as trust port, the no command configures the port as untrust port. Command Mode: Port mode Default: Untrust port. Usage Guide: The port which connect to server must be configured as trust port. Note: At least one trust port is connected to PPPoE server. Example: Configure port ethernet1/0/1 as trust port.
Switch(config-if-ethernet1/0/1)#pppoe intermediate-agent trust Switch(config-if-ethernet1/0/1)#pppoe intermediate-agent vendor-tag strip 57.10 show pppoe intermediate-agent access-node-id Command: show pppoe intermediate-agent access-node-id Function: Show the configured access node ID. Command Mode: Admin mode Default: The configuration information is null. Usage Guide: This command is used to show access-node-id configured by user. Example: Show access-node-id configuration information.
Show the configuration information for pppoe intermediate-agent identifier-string. Switch#pppoe intermediate-agent identifier-string abcd option spv delimiter # delimiter / Switch# show pppoe intermediate-agent identifier-string option delimiter config identifier string is : abcd config option is : slot , port and vlan the first delimiter is : "# " the second delimiter is : "/ " 57.
Chapter 58 Commands for SAVI 58.1 Commands for SAVI 58.1.1 ipv6 cps prefix Command: ipv6 cps prefix vlan no ipv6 cps prefix Function: Configure IPv6 address prefix of the link manually, no command deletes IPv6 address prefix. Parameter: ipv6-address: the address prefix of link, like 2001::/64; vid: vlan ID of the current link. Command Mode: Global Mode.
Usage Guide: After enable the prefix check function, if the IPv6 address prefix of the packets does not accord with the link prefix, then do not establish the corresponding IPv6 address binding. If users enable the matched address prefix of the link, configure the local address prefix of fe80::/64 first to accept the packets with the source address as local link address. Disable address prefix check function by default. Example: Enable SAVI address prefix check function.
Configure the port as slaac trust and RA trust port, this port will not establish dynamic slaac binding any more and forwards RA packets. The no command deletes the port trust function. Command Mode: Port Mode. Default: Disable port trust function. Usage Guide: If the port disables ipv6 nd snooping trust function, it is considered to untrust RA packets port and discards all RA packets.
Example: Configure the conflict binding check mode to probe mode. Switch(config)#savi check binding probe mode 58.1.6 savi enable Command: savi enable no savi enable Function: Enable the global SAVI function, the no command disables this global function. Command Mode: Global Mode. Default: Disable the global SAVI function. Usage Guide: Command configuration can be processed for SAVI function after enabling the global SAVI function.
65535. Usage Guide: The configured binding number only include the dynamic binding type of slaac, dhcp. If the binding sum exceeds the configured number, this port does not create new dynamic binding any more, if the configured number is 0, this port does not create any dynamic binding. Example: Configure the binding number to be 100 for port ethernet1/0/1. Switch(config)#interface ethernet1/0/1 Switch(config-if-ethernet1/0/1)# savi ipv6 binding num 100 58.1.
ethernet1/0/1 type slaac lifetime 2010 Configure the static binding for SAVI manually. Switch(config)#savi ipv6 check source binding ip 2001::20 mac 00-25-64-BB-8F-04 Interface ethernet1/0/1 type static 58.1.9 savi ipv6 check source ip-address mac-address Command: savi ipv6 check source [ip-address mac-address | ip-address | mac-address] no savi ipv6 check source Function: Enable the control authentication function for the packets of the port, no command disables this function. Command Mode: Port Mode.
slaac-only: slaac-only application scene dhcp-slaac: combination application scene of dhcp-only and slaac-only Command Mode: Global Mode. Default: Disable SAVI application scene. Usage Guide: dhcp-only application scene only detects DHCPv6 packets and DAD NS packets of link-local ipv6 address to be IPv6 address with target field, it does not detect DAD NS packets of non-link-local address. slaac-only application scene detects DAD NS packets of all types.
58.1.12 savi max-dad-dalay Command: savi max-dad-delay no savi max-dad-delay Function: Configure the dynamic binding at DETECTION state and send lifetime period of DAD NS packet detection, no command restores the default value. Parameter: max-dad-delay: set the ranging between 1 and 65535 seconds, its default value is 1 second. Command Mode: Port Mode. Default: 1 second. Usage Guide: It is recommended to use the default value. Example: Set the detection lifetime as 2 seconds.
Example: Set the redetection lifetime as 2 seconds. Switch(config)#savi max-dad-prepare-delay 2 58.1.14 savi max-slaac-life Command: savi max-slaac-life no savi max-slaac-life Function: Configure lifetime period of slaac dynamic binding at BOUND state, no command restores the default value. Parameter: max-slaac-life: set the ranging between 1 and 31536000 seconds, its default value is 4 hours. Command Mode: Global Mode. Default: 4 hours.
Usage Guide: After the configured lifetime period is overtime, the port is still at down state, the binding of this port will be deleted. If the port state is changed from down to up state during the configured lifetime period, the binding of the port will reset it as lifetime period of BOUND state. If the configured parameter is 0 second, all binding of the port will be deleted immediately. Example: Set bind-protect lifetime period to be 20 seconds. Example: Switch(config)#savi timeout bind-protect 20 58.
Function: Enable event debug of dhcp type for SAVI, no command disables the debug. Command Mode: Admin Mode. Usage Guide: After enable event debug, the relative event information of dhcp type will be print for misarranging. The no command disables this function. Example: Enable binding event debug of dhcp type. Switch#debug ipv6 dhcp snooping event 58.2.1.
Usage Guide: After enable binding debug, the relative binding of slaac type will create the print information for misarranging. The no command disables this function. Example: Enable binding debug of slaac type. Switch#debug ipv6 nd snooping binding 58.2.1.5 debug ipv6 nd snooping event Command: debug ipv6 nd snooping event no debug ipv6 nd snooping event Function: Enable the event debug of slaac type for SAVI, no command disables the event debug. Command Mode: Admin Mode.
Enable ND packets debug. Switch#debug ipv6 nd snooping packet 58.2.1.7 show savi ipv6 check source binding Command: show savi ipv6 check source binding [interface] Function: Show the global SAVI binding entry list. Parameter: if-name: port name such as interface ethernet 1/0/1. Command Mode: Admin Mode.
-------------------------------------------------------------------------------------------------------------- 58-14
Chapter 59 Commands for Web Portal Configuration 59.1 clear webportal binding Command: clear webportal binding {mac WORD | interface |} Function: Clear the binding information of web portal authentication. Parameter: mac: Clear the binding of the specific MAC address. IFNAME: Port ID list, divide the ports with “;”. If the parameter is null, delete all web portal binding. Command Mode: Admin Mode.
Admin Mode. Default: There is no limitation. Usage Guide: Enable the binding debugging of web portal authentication, the no command disables the binding debugging. Example: Enable the binding debugging of web portal authentication. switch#debug webportal binding 0 packet binding debug is on 59.3 debug webportal error Command: debug webportal error no debug webportal error Function: Enable/ disable the error debugging of web portal authentication. Command Mode: Admin Mode.
Function: Enable/ disable the event debugging of web portal authentication. Command Mode: Admin Mode. Default: There is no limitation. Usage Guide: Enable the event debugging of web portal authentication, the no command disables the event debugging. Example: Enable the event debugging of web portal authentication. switch#debug webportal event 0 event event debug is on 59.
switch#debug webportal packet ? all Send and receive packet information receive Receive package information send Send package information switch#debug webportal packet all interface ethernet 1/0/1 Ethernet1/0/1 0 packet rx debug is on Ethernet1/0/1 0 packet tx debug is on 59.6 ip dhcp snooping binding webportal Command: ip dhcp snooping binding webportal no ip dhcp snooping binding webportal Function: Enable/disable dhcp snooping binding web portal function. Command Mode: Port Mode.
Command Mode: Admin Mode. Default: There is no limitation. Usage Guide: Show the parameter and enable information of web portal authentication according to the condition. Example: Show the parameter and enable information of web portal authentication. switch#show webportal interface ethernet 1/0/1 webportal enable webportal binding-limit 128 59.
Binding info: 0 -------------------------------------------------------- IP MAC Interface Vlan ID ---------------------------------------------------------------------------------------------------------- 59.9 webportal binding-limit Command: webportal binding-limit <1-256> no webportal binding-limit Function: Configure the max webportal binding number allowed by the port.
no webportal enable Function: Enable/disable the global web portal authentication. Command Mode: Global Mode. Default: Do not enable the global web portal authentication. Usage Guide: Enable the global web portal authentication. The no command disables the web portal authentication globally. Example: Enable/disable web portal authentication. Switch(config)# webportal enable show running-config shows the global webportal authentication which is enabled successfully. 59.
59.12 webportal nas-ip Command: webportal nas-ip no webportal nas-ip Function: Configure IP source address for communicating between accessing device and portal server. Parameter: : IP source address for communicating between accessing device and portal server in dotted decimal notation, it must be the legal unicast address. Command Mode: Global Mode.
Global Mode. Default: There is no redirection address. Usage Guide: Enable web portal authentication globally before configuring its HTTP redirection address. The no command cancels the configured redirection address. Example: Configure the redirection address of web portal authentication as 173.16.1.211. switch(config)#webportal redirect 173.16.1.211 Example: Chapter 60 Commands for VRRP 60.
members in the same Standby cluster, this property should be set to a same value. To Backup, the value of master_down_interval is three times that of adver_interval. Extraordinary large traffic or timer setting differences between routers (or L3 Ethernet switches) may result in master_down_interval and invoke instant status changes. Such situations can be avoided through extending adver_interval interval and setting longer preemptive delay time.
60.3 debug vrrp Commands: debug vrrp [ all | event | packet [recv | send]] no debug vrrp [ all | event | packet [recv | send]] Function: Displays information for VRRP standby cluster status and packet transmission; the “no debug vrrp” command disables the debug information. Default: Debugging information is disabled by default.
Deactivates a Virtual Router. VRRP configuration can only be modified when VRRP is deactivated. Example: Deactivating a Virtual Router numbered as 10. Switch(config)# router vrrp 10 Switch(Config-Router-Vrrp)#disable 60.5 enable Commands: enable Function: Activates VRRP. Default: Not configured by default. Command mode: VRRP protocol configuration mode Usage Guide: Activates the appropriate Virtual Router.
Default: Not configured by default. Command mode: VRRP protocol configuration mode Usage Guide: This command adds a layer 3 interface to an existing Standby cluster. The "no interface" command removes the L3 interface from the specified Standby cluster. Example: Configuring the interface as "interface vlan 1". Example: Switch(config-router)#router vrrp 10 Switch(Config-router)#interface vlan 1 60.7 preempt-mode Commands: preempt-mode {true | false} Function: Configures the preemptive mode for VRRP.
Configures VRRP priority. Parameters: < value> is the priority value, ranging from 1 to 254. Default: The priority of all backup routers (or L3 Ethernet switch) in a Standby cluster is 100. Command mode: VRRP protocol configuration mode Usage Guide: Priority determines the ranking of a router (or L3 Ethernet switch) in a Standby cluster, the higher priority the more likely to become the Master.
Switch(config)# router vrrp 10 60.10 show vrrp Commands: show vrrp [] Function: Displays status and configuration information for the VRRP standby cluster. Parameters: < vrid > is the Virtual Router number ranging from 1 to 255. Command mode: Admin and Configuration Mode. Usage Guide: This command is used to display the Virtual Router configuration and current state. If not specified the Virtual Router number, then display all Virtual Router information.
Virtual IP Dummy IP address Interface Interface Name Priority Priority Advertisement interval Timer interval Preempt Preemptive mode Circuit failover interface Interface Monitor information 60.11 virtual-ip Commands: virtual-ip no virtual-ip Function: Configures the VRRP dummy IP address. Parameters: is the IP address in decimal format. Default: Not configured by default.
Chapter 61 Commands for IPv6 VRRPv3 Configuration 61.1 advertisement-interval Command: advertisement-interval Function: Configure the advertisement interval of VRRPv3. Parameters: is the interval of sending VRRPv3 advertisement messages, in centiseconds, ranging from 100 to 1000, and has to be a multiple of 100. Command Mode: VRRPv3 Protocol Mode. Default: is 100 centiseconds (1 second) by default.
61.2 circuit-failover Commands: circuit-failover {vlan| IFNAME} no circuit-failover Function: Configures the VRRPv3 monitor interface. Parameters: {vlan| IFNAME} is the name for the interface to be monitored. stands for the amount of priority decreased, the range value is from 1 to 253. Command mode: VRRPv3 Protocol Configuration Mode. Default: Not configured by default.
operation of this command will disable the display of DEBUG. Command Mode: Admin Mode. Example: Switch#debug ipv6 vrrp Jan 01 01:03:13 2006 NSM: VRRP6 SEND[Hello]: Advertisement sent for vrid=[1], virtual-ip=[fe80::2] Jan 01 01:03:14 2006 NSM: VRRP6 SEND[Hello]: Advertisement sent for vrid=[1], virtual-ip=[fe80::2] Jan 01 01:03:15 2006 NSM: VRRP6 SEND[Hello]: Advertisement sent for vrid=[1], virtual-ip=[fe80::2] 61.4 disable Command: disable Function: Disable VRRPv3 virtual router.
enable Function: Enable VRRPv3 virtual router. Command Mode: VRRPv3 Protocol Mode. Default: There is no configuration by default. Usage Guide: Start the corresponding virtual router session. Only the interface of the enabled router (or the layer-three switch) can actually join the backup group. Before enabling the virtual router, the virtual IPv6 address and interface of VRRPv3 should be configured. Example: Enable the VRRPv3 virtual router whose ID is 10.
61.7 priority Command: priority Function: Configure the priority of VRRPv3. Parameters: is the priority, whose range is from 1 to 254. Command Mode: VRRPv3 Protocol Mode. Default: Backup routers (or layer-three switches) all have a priority of 100, the priority of IP address owners are all 255 in the backup group they belong to. Usage Guide: Priority decides the state of a router (or a layer-three Ethernet switch) in a backup group.
Default: There is no configuration by default. Usage Guide: This command is used to create or delete a VRRPv3 virtual router. The virtual router is uniquely specified by the virtual router ID and the related virtual IPv6 address. Only after creating a virtual router, relative configuration can be set on it. Considering the stability, the number of configurable virtual routers should not be more than 64. Example: Configure a virtual router whose ID is10. Switch(config)# router ipv6 vrrp 10 61.
Priority is 100 Advertisement interval is 300 centisec Preempt mode is TRUE Circuit failover interface Vlan2, Priority Delta 10, Status UP Display Explanation State State. Virtual IPv6 Virtual IPv6 address. Interface Interface name. Priority Priority. Advertisement interval The interval of VRRPv3 advertisement messages. Preempt Preempt mode. Circuit failover interface Monitor interface information. 61.
Example: Configure the virtual IPv6 address of the backup group as fe80::2, the interface is VLAN1.
Chapter 62 Commands for MRPP 62.1 control-vlan Command: control-vlan no control-vlan Function: Configure control VLAN ID of MRPP ring; the “no control-vlan” command deletes control VLAN ID. Parameter: expresses control VLAN ID, the valid range is from 1 to 4094. Command Mode: MRPP ring mode Usage Guide: The command specifies Virtual VLAN ID of MRPP ring, currently it can be any value in 1-4094.
Command Mode: Admin Mode. Example: Clear statistic information of MRPP ring 4000 of switch. Switch#clear mrpp statistics 4000 62.3 debug mrpp Command: debug mrpp no debug mrpp Function: Open MRPP debug information; “no description” command disables MRPP debug information. Command Mode: Admin Mode Usage Guide: Enable MRPP debug information, and check message process of MRPP protocol and receive data packet process, it is helpful to monitor debug. Example: Enable debug information of MRPP protocol.
the MRPP ring is enabled. Example: Configure MRPP ring 4000 of switch to primary node, and enable the MRPP ring.
Example: Configure fail timer of MRPP ring 4000 to 10s. Switch(config)# mrpp ring 4000 Switch(mrpp-ring-4000)#fail-timer 10 62.6 hello-timer Command: hello-timer no hello-timer Function: Configure timer interval of Hello packet from primary node of MRPP ring, the “no hello-timer” command restores timer interval of default. Parameter: valid range is from 1 to 100s. Command Mode: MRPP ring mode Default: Default configuration timer interval is 1s.
Command Mode: Global Mode. Default: The system doesn’t enable MRPP protocol module. Usage Guide: If it needs to configure MRPP ring, it enables MRPP protocol. Executing “no mrpp enable” command, it ensures to disable the switch enabled MRPP ring. Example: Globally enable MRPP. Switch(config)#mrpp enable 62.8 mrpp poll-time Command: mrpp poll-time <20-2000> Function: Configure the query interval of MRPP. Command mode: Global mode.
Command Mode: Global Mode Usage Guide: If this MRPP ring doesn’t exist it create new MRPP ring when executing the command, and then it enter MRPP ring mode. It needs to ensure disable this MRPP ring when executing the “no mrpp ring” command. Example: Switch(config)#mrpp ring 100 62.10 mrpp ring primary-port Command: mrpp ring primary-port no mrpp ring primary-port Function: Specify MRPP ring primary-port. Parameter: is the ID of MRPP ring; range is <1-4096>.
mrpp ring < ring-id > secondary-port no mrpp ring < ring-id > secondary-port Function: Specify secondary of MRPP ring. Parameter: is the ID of MRPP ring; range is <1-4096>. Command Mode: Port mode Usage Guide: The command specifies secondary port of MRPP ring. The primary node uses secondary port to receive Hello packet from primary node. There are no difference on function between primary port and secondary of secondary node.
62.13 show mrpp Command: show mrpp [] Function: Display MRPP ring configuration. Parameter: is MRPP ring ID, the valid range is from 1 to 4096, if not specified ID, it display all of MRPP ring configuration. Command Mode: Admin and Configuration Mode. Example: Display configuration of MRPP ring 4000 of switch Switch# show mrpp 4000 62.
Chapter 63 Commands for ULPP 63.1 clear ulpp flush counter interface Command: clear ulpp flush counter interface Function: Clear the statistic information of the flush packets. Parameter: is the name of the port. Command mode: Admin mode. Example: Clear the statistic information of the flush packets for the port1/0/1. Switch#clear ulpp flush counter interface e1/0/1 ULPP flush counter has been reset. 63.
Configure the sending control VLAN of ULPP group as 10. Switch(config)# ulpp group 20 Switch(ulpp-group-20)# control vlan 10 63.3 debug ulpp error Command: debug ulpp error no debug ulpp error Function: Show the error information of ULPP. The no operation disables showing the error information of ULPP. Default: Do not display. Command mode: Admin mode. Example: Show the error information of ULPP. Switch# debug ulpp error Unrecognized Flush packet received. 63.
Example: Switch# debug ulpp event ULPP group 1 state changes: Master port ethernet 1/0/1 in ULPP group 1 changed state to Forwading. Slave port ethernet 1/0/2 in ULPP group 1 changed state to Standby 63.5 debug ulpp flush content interface Command: debug ulpp flush content interface no debug ulpp flush content interface Function: Show the contents of the receiving flush packets. The no operation disables the shown contents. Parameter: is the name of the port. Default: Do not display.
63.6 debug ulpp flush {send | receive} interface Command: debug ulpp flush {send | receive} interface no debug ulpp flush {send | receive} interface Function: Show the information of the receiving/sending flush packets, it only shows the receiving packets, but do not show the detailed contents of the packets. The no operation disables the shown information. Parameter: is the name of the port. Default: Do not display. Command mode: Admin mode.
63.8 flush disable arp Command: flush disable arp Function: Disable sending the flush packets of deleting ARP. Default: By default, enable the sending function of the flush packets which are deleted by ARP. Command mode: ULPP group configuration mode. Usage Guide: If configure this command, when the link is switched, it will not actively send the flush packets to notify the upstream device to delete the entries of ARP. Example: Disable sending the flush packets of deleting ARP.
63.10 flush enable arp Command: flush enable arp Function: Enable sending the flush packets of deleting ARP. Default: By default, enable sending the flush packets of deleting ARP. Command mode: ULPP group configuration mode. Usage Guide: If enable this function, when the link is switched, it will actively send the flush packets to notify the upstream device, so as to delete the list entries of ARP. Example: Enable sending the flush packets of deleting ARP.
63.12 preemption delay Command: preemption delay no preemption delay Function: Configure the preemption delay, the no command configures the preemption delay as the default value. Parameter: : the preemption delay, range from 1 to 600, in second. Default: The default preemption delay is 30. Command mode: ULPP group configuration mode.
master port is in the standby state, the master port will turn into the forwarding state and the slave port turn into the standby state after the preemption delay. Example: Configure the preemption mode of ULPP group. Switch(config)# ulpp group 20 Switch(ulpp-group-20)# preemption mode 63.
show ulpp flush counter interface {ethernet | } Function: Show the statistic information of the flush packets. Parameter: is the name of the ports. Command mode: Admin mode. Usage Guide: Show the statistic information of the flush packets, such as: the information of the flush packets number which has been received, the time information that receive the flush packets finally. Example: Show the statistic information of the flush packets for ULPP group1.
show ulpp group [group-id] Function: Show the configuration information of the ULPP groups which have been configured. Parameter: [group-id]: Show the information of the specific ULPP group. Default: By default, show the information of all ULPP groups which have been configured. Command mode: Admin mode. Usage Guide: Show the configuration information of ULPP groups which have been configured, such as: the state of the master port and the slave port, the preemption mode, the preemption delay, etc.
Default: The default is VLAN 1. Command mode: Port mode. Usage Guide: Configure the receiving control VLAN for the port. This VLAN must correspond the existent VLAN, after it is configured, this VLAN can’t be deleted. Example: Configure the receiving control VLAN as 10. Switch(config)# interface ethernet 1/0/1 Switch(config-If-Ethernet1/0/1)# ulpp control vlan 10 63.19 ulpp flush disable arp Command: ulpp flush disable arp Function: Disable receiving the flush packets of deleting ARP.
Default: By default, disable receiving the flush packets of updating MAC address. Command mode: Port mode. Usage Guide: If this command is configured, then it will not receive the flush packets of updating MAC address. Example: Disable receiving the flush packets of updating MAC address. Switch(config)# interface ethernet 1/0/1 Switch(config-If-Ethernet1/0/1)# ulpp flush disable mac 63.21 ulpp flush enable arp Command: ulpp flush enable arp Function: Enable receiving the flush packets of deleting ARP.
By default, disable receiving the flush packets of updating MAC address. Command mode: Port mode. Usage Guide: Enable receiving the flush packets of updating MAC address table. Example: Enable receiving the flush packets of updating the MAC address. Switch(config)# interface ethernet 1/0/1 Switch(config-If-Ethernet1/0/1)# ulpp flush enable mac 63.23 ulpp group Command: ulpp group no ulpp group Function: Create a ULPP group.
Configure the master port of ULPP group, the no command deletes the master port. Parameter: is the ID of ULPP group, range from 1 to 48. Default: There is no master port configured by default. Command mode: Port mode. Usage Guide: There is no sequence requirement for the master and slave port configuration in a group, but the protective VLANs must be configured before the member ports. Each group has only one master port, if the master port exists, then the configuration fail.
Switch(config)# interface ethernet 1/0/2 Switch(config-If-Ethernet1/0/2)# ulpp group 20 slave 63-15
Chapter 64 Commands for ULSM 64.1 debug ulsm event Command: debug ulsm event no debug ulsm event Function: Show the event information of ULSM. The no operation disables showing ULSM events. Command mode: Admin Mode. Example: Show the event information of ULSM. Switch# debug ulsm event Downlink synchoronized with ULSM group, change state to Down. 64.2 show ulsm group Command: show ulsm group [group-id] Function: Show the configuration information of ULSM group. Parameter: [group-id]: the ID of ULSM group.
--------------------------------------------------------------------------------------------ethernet1/0/1 UpLINK Down ethernet1/0/2 DownLINK Down Yes 64.3 ulsm group Command: ulsm group no ulsm group Function: Create a ULSM group. The no command deletes the ULSM group. Parameter: is the ID of ULSM group, range from 1 to 32. Default: There is no ULSM group configured by default. Command mode: Global Mode. Example: Create ULSM group 10.
Command mode: Port Mode. Usage Guide: Configure the uplink/downlink ports of ULSM group. Each ULSM group can configure 8 uplink ports and 16 downlink ports at most. Example: Configure port1/0/3 as the uplink port of ULSM group10.
Chapter 65 Commands for Mirroring Configuration 65.1 monitor session source interface Command: monitor session source {interface } {rx| tx| both} no monitor session source {interface } Function: Specify the source interface for the mirror. The no form command will disable this configuration. Parameters: is the session number for the mirror. Currently 1 to 7 is supported.
Specify the access control for the source of the mirror. The no form command will disable this configuration. Parameters: is the session number for the mirror. Currently 1 to 7 is supported. is the list of source interfaces of the mirror which can be separated by '-' and ';'. is the number of the access list. rx means to filter the datagram received by the interface. tx for the datagram sent out, and both means both of income and outcome datagram. Command Mode: Global Mode.
throughput of the interfaces to be mirrored. If the destination of a session is removed, the mirror path configured in the session will be removed at the same time. And if the destination interface is reconfigured, the interface path will be recovered. To be mentioned, the flow mirror can only be recovered after the destination of the interface is re-configured. Example: Configure interface 1/0/7 as the destination of the mirror. Switch(config)#monitor session 1 destination interface ethernet 1/0/7 65.
Chapter 66 Commands for RSPAN Configuration 66.1 remote-span Command: remote-span no remote-span Function: To configure VLAN to RSPAN VLAN. The no form of this command will delete the RSPAN VLAN. Command Mode: VLAN Configuration Mode. Default: Not configured. Usage Guide: This command is used to configure the existing VLAN as RSPAN VLAN. Dedicated RSPAN VLAN should be configured before RSPAN can function.
: session ID, range between 1~7. : The id of RSPAN VLAN. Command Mode: Global Mode. Default: Not configured. Usage Guide: To configure local mirror session to RSPAN. The VLAN id is the RSPAN VLAN. The mirrored data grams will be attached with RSPAN tags. Example: Switch(config)#monitor session 1 remote vlan 5 66.
Chapter 67 Commands for sFlow 67.1 sflow agent-address Command: sflow agent-address no sflow agent-address Function: Configure the sFlow sample proxy address. The “no” form of this command deletes the proxy address. Parameter: is the sample proxy IP address which is shown in dotted decimal notation. Command Mode: Global Mode. Default: None default value. Usage Guide: The proxy address is used to mark the sample proxy which is similar to OSPF or the Router ID in the BGP.
Do not configure Usage Guide: Configure this command when using sFlowTrend. Example: Switch(config)#sflow analyzer sflowtrend 67.3 sflow counter-interval Command: sflow counter-interval no sflow counter-interval Function: Configure the max interval of the sFlow statistic sampling; the “no” form of this command deletes the statistic sampling interval value. Parameter: is the value of the interval with a valid range of 20~120 and shown in second.
Parameter: is the value of the length with a value range of 500-1470. Command Mode: Port Mode. Default: The value is 1400 by default. Usage Guide: When combining several samples to a sFlow group to be sent, the length of the group excluding the MAC head and IP head parts should not exceed the configured value. Example: Configure the max length of the sFlow packet data to 1000. switch (Config-If-Ethernet1/0/2)#sflow data-len 1000 67.
Configure the analyzer address and port at global mode. switch (config)#sflow destination 192.168.1.200 1025 67.6 sflow header-len Command: sflow header-len no sflow header-len Function: Configure the length of the head data packet copied in the sFlow data sampling. The “no” form of this command restores the default value. Parameter: is the value of the length with a valid range of 32-256. Command Mode: Port Mode. Default: 128 by default.
Command Mode: Global Mode. Default: The default value is 0. Usage Guide: When sample packet is sent to the CPU, it is recommended not to assign high priority for the packet so that regular receiving and sending of other protocol packet will not be interfered. The higher the priority value is set, the higher its priority will be. Example: Configure the priority when sFlow receives packet from the hardware at global mode. switch (config)#sflow priority 1 67.
67.9 show sflow Command: show sflow Function: Display the sFlow configuration state. Command Mode: All Modes. Usage Guide: This command is used to acknowledge the operation state of sFlow. Switch#show sflow Sflow version 1.2 Agent address is 172.16.1.100 Collector address have not configured Collector port is 6343 Sampler priority is 2 Sflow DataSource: type 2, index 194(Ethernet1/0/2) Collector address is 192.168.1.
Collector port is 6343 Default value of the port on E1/0/1 interface sampling proxy is 6343. Counter interval is 20 The statistic sampling interval on e1/0/1 interface is 20 seconds Sample rate is input 10000, output 0 The ingress traffic rate of e1/0/1 interface sampling proxy is 10000 and no egress traffic sampling will be performed Sample packet max len is 1400 The length of the sFlow group data sent by the e1/0/1 interface should not exceed 1400 bytes.
Chapter 68 Commands for SNTP 68.1 clock timezone Command: clock timezone WORD {add | subtract} <0-23> [<0-59>] no clock timezone WORD Function: This command configures timezone in global mode, the no command deletes the configured timezone.
Example: Displaying debugging information for SNTP packet. Switch#debug sntp packet 68.3 sntp polltime Command: sntp polltime no sntp polltime Function: Sets the interval for SNTP clients to send requests to NTP/SNTP; the “no sntp polltime” command cancels the polltime sets and restores the default setting. Parameters: is the interval value from 16 to 16284. Default: The default polltime is 64 seconds.
ip-address: IPv4 address of time server ipv6-address: IPv6 address of time server source: Specify the interface of the source address vlan: Configure the virtual LAN vlan no: Virtual LAN number, ranging from 1 to 4094 loopback: Configure loopback interface loopback no: Loopback identifier, ranging from 1 to 1024 version: Configure the version for the server version_no: Version number, ranging from 1 to 4, the default is 4 Default: Do not configure the time server.
Chapter 69 Commands for NTP 69.1 clock timezone Command: clock timezone WORD {add | subtract} <0-23> [<0-59>] no clock timezone WORD Function: This command configures timezone in global mode, the no command deletes the configured timezone.
Example: To enable the debug switch of displaying local time adjust information. Switch# debug ntp adjust 69.3 debug ntp authentication Command: debug ntp authentication no debug ntp authentication Function: To display NTP authentication information, the no form command disabled the switch of displaying NTP authentication information. Default: Disabled. Command Mode: Admin Mode.
Usage Guide: To enable debug switch of displaying NTP event, after that, if some server changed from available to unavailable or from unavailable to available, the received illegal packet events will be printed. Example: To enable debug switch of displaying NTP event information. Switch# debug ntp events 69.5 debug ntp packet Command: debug ntp packet [send | receive] no debug ntp packet [send | receive] Function: To enable/disable the debug switch of displaying NTP packet information.
Disabled. Command Mode: Admin Mode. Example: To enable debug switch of displaying local time synchronization information. Switch# debug ntp sync 69.7 ntp access-group Command: ntp access-group server no ntp access-group server Function: To configure/cancel the access control list of NTP Server. Parameter: : ACL number, range is from 1 to 99. Default: Not configure the access control of NTP Server. Command Mode: Global Mode. Example: To configure access control list 2 on the switch.
Example: To enable NTP authentication function. Switch(config)#ntp authenticate 69.9 ntp authentication-key Command: ntp authentication-key md5 no ntp authentication-key Function: To enable/cancel NTP authentication function, and defined NTP authentication key. Parameter: key-id: The id of key, range is from 1 to 4294967295. value: The value of key, range between 1 to 16 of ascii code. Default: The authentication key of NTP authentication is not configured by default.
Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)#ntp broadcast client 69.11 ntp broadcast server count Command: ntp broadcast server count no ntp broadcast server count Function: Set the max number of broadcast or multicast servers supported by the NTP client. The no operation will cancel the configuration and restore the default value. Parameters: number:1-100, the max number of broadcast servers. Default: The default max number of broadcast servers is 50. Command Mode: Global Mode.
Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)#ntp disable 69.13 ntp enable Command: ntp enable ntp disable Function: To enable/disable NTP function globally. Default: Disabled. Command Mode: Global Mode. Example: To enable NTP function. Switch(config)#ntp enable 69.
69.15 ntp multicast client Command: ntp multicast client no ntp multicast client Function: Configure the specified interface to receive NTP multicast packets, the no command will cancels the specified interface to receive NTP multicast packets. Command mode: Interface mode Default: Interface does not receive NTP multicast packets. Example: Enable the function for receiving NTP multicast packets on vlan1 interface. Switch(Config)# interface vlan 1 Switch(Config-if-Vlan1)#ntp multicast client 69.
Example: To configure time server address as 1.1.1.1 on switch. Switch(config)#ntp server 1.1.1.1 69.17 ntp trusted-key Command: ntp trusted-key no ntp trusted-key Function: To configure the trusted key. The no command cancels the trusted key. Parameter: key-id: The id of key, range is from 1 to 4294967295. Default: Trusted key is not configured by default. Command Mode: Global Mode. Example: To configure the specified key 20 to trusted key. Switch(config)# ntp trusted-key 20 69.
Reference clock server: 1.1.1.2 Clock offset: 0.010 s Root delay: 0.012 ms Root dispersion: 0.000 ms Reference time: TUE JAN 03 01:27:24 2006 69.19 show ntp session Command: show ntp session [ | ] Function: To display the information of all NTP session or one specific session, include server ID, server layer, and the local offset according to server.
Chapter 70 Commands for DNSv4/v6 70.1 clear dynamic-host Command: clear dynamic-host { | | all} Function: To delete the domain entry of specified address or all address in dynamic cache. Parameter: is the IP address, in dotted decimal notation; is the IPv6 address; all is to delete the domain entry of all address in dynamic cache. Command Mode: Admin Mode. Default: Disabled.
Switch# ping host www.sina.com.cn %Jan 01 00:03:13 2006 domain name www.sina.com.cn is to be parsed! %Jan 01 00:03:13 2006 Dns query type is A! %Jan 01 00:03:13 2006 Connect dns server 10.1.120.241 ...... ping www.sina.com.cn [202.108.33.32] Type ^c to abort. Sending 5 56-byte ICMP Echos to 202.108.33.32, timeout is 2 seconds. %Jan 01 00:03:15 2006 Host:www.sina.com.cn Address:202.108.33.32 ..... Success rate is 0 percent (0/5), round-trip min/avg/max = 0/0/0 ms 70.
Example: To configure the priority of DNS server as 200, the server’s address is 10.1.120.241. Switch(config)# dns-server 10.1.120.241 priority 200 70.4 dns lookup Command: dns lookup {ipv4 | ipv6} Function: To enable DNS dynamic domain name resolution. Parameter: {ipv4 | ipv6} means the IPv4 or IPv6 address look up, is the resolute dynamic host name, less than 63 characters. Command Mode: Global Mode. Default: Disabled.
Switch# show dns name-server DNS NAME SERVER: Address Priority 10.1.120.231 100 10.1.180.85 80 2001::1 20 70.6 show dns domain-list Command: show dns domain-list Function: To display the suffix information of configured DNS domain name. Command Mode: Admin and Configuration Mode. Example: Switch# show dns domain-list DNS DOMAIN LIST: com.tw edu.tw 70.7 show dns hosts Command: show dns hosts Function: To display the dynamic domain name information of resolute by switch.
www.ipv6.org 2001:6b0:1: 168060 70.8 show dns config Command: show dns config Function: Display the configured global DNS information on the switch. Command Mode: Admin and Configuration Mode. Example: Switch(config)#show dns config ip dns server enable ip domain-lookup enable the maximum of dns client in cache is 3000, timeout is 5 dns client number in cache is 0 dns dynamic host in cache is 0 dns name server number is 1 dns domain-list number is 0 70.
70.10 ip domain-lookup Command: ip domain-lookup no ip domain-lookup Function: To enable/disable DNS function, whether the switch will send dynamic DNS domain queries to the real DNS server or not. Command Mode: Global Mode. Usage Guide: This command is used to enable or disable the switch DNS dynamic query function. If DNS dynamic query function is enabled, the DNS server will resolve the host name and domain name to the IPv4 or IPv6 address for requests from the clients.
name is not integrity (such as sina), the switch can add suffix automatically, after that, address mapping can run, the domain name suffix can be configured no more than 6. The first configured domain name suffix will be added first. Example: To configure domain name suffix of com. Switch(config)# ip domain-list com 70.12 ip dns server Command: ip dns server no ip dns server Function: Enable/disable DNS SERVER function. Command Mode: Global Mode. Default: Disabled by default.
Global Mode. Default: The default client number is 3000. Usage Guide: When receiving a DNS Request from a client, the switch will cache the client’s information. But the number of client information in the queue should not exceed the configured maximum number; otherwise the client’s request won’t be handled. Example: Set the max number of client information in the switch queue as 2000. Switch(config)#ip dns server queue maximum 2000 70.
Chapter 71 Commands for Summer Time 71.1 clock summer-time absolute Command: clock summer-time absolute [] no clock summer-time Function: Configure summer time range, the time in this range is summer time. The no command deletes the configuration. Parameter: is the time zone name of summer time; is the start time, the format is hour (from 0 to 23):minute (from 0 to 59);
71.2 clock summer-time recurring Command: clock summer-time recurring [] no clock summer-time Function: Configure the recurrent summer time range, the time in this range is summer time. Parameter: is the time zone name of summer time; is the start time, the format is hour (from 0 to 23):minute (from 0 to 59); is the start date, the format is month(from 1 to 12).
no clock summer-time Function: Configure the recurrent summer time range, the time in this range is summer time.
clear history all-users Function: Clear the command history of all users saved by the switch. Command Mode: Admin mode Usage Guide: Using this command can clear the command history of all users. Example: Switch#clear history all-users 72.2 clear logging Command: clear logging {sdram | nvram} Function: This command is used to clear all the information in the log buffer zone.
: the command history number can be saved, ranging from 100 to 1000 Command Mode: Global mode Usage Guide: The system can save 100 recent command history of all users at best by default, using this command can set the max command history number. Example: Switch(config)#history all-users max-length 500 72.
Switch(config)# logging 100.100.100.5 facility local1 level warnings Example 2: Send the log information with a severity level equal to or higher than informational to the log server with an IPv6 address of 3ffe:506:1:2::3, and save to the log recording equipment local5. Switch(config)# logging 3ffe:506:1:2::3 facility local1 level informational 72.5 logging executed-commands Command: logging executed-commands {enable | disable} Function: Enable or disable the logging executed-commands.
Port mode Default: Do not include the sequence-number. Usage Guide: Use logging command to configure the loghost before this command is set. Example: Open the loghost sequence-number. Switch(config)# logging loghost sequence-number 72.7 ping Command: ping [[src ] { | host }] Function: Issue ICMP request to remote devices, check whether the remote device can be reached by the switch.
Success rate is 40 percent (2/5), round-trip min/avg/max = 0/0/0 ms In the example above, the switch is made to ping the device at 10.1.128.160. The command did not receive ICMP reply packets for the first three ICMP echo requests within default 2 seconds timeout. The ping failed for the first three tries. However, the last two ping succeeded. So the success rate is 40%. It is denoted on the switch “.” for ping failure which means unreachable link, while “!” for ping success, which means reachable link.
empty. Target IP address: The IP address of the target device. Use source address option[n] Whether or not to use ping with source address. Source IP address To specify the source IP address for ping. Repeat count [5] Number of ping requests to be sent. The default value is 5. Datagram size in byte [56] The size of the ICMP echo requests, with default as 56 bytes. Timeout in milli-seconds [2000]: Timeout in milli-seconds, with default as 2 seconds.
Type ^c to abort. Sending 5 56-byte ICMP Echos to 2001:1:2::4, timeout is 2 seconds. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/320/1600 ms (2) To issue the ping6 command with source IPv6 address specified. switch>ping6 src 2001:1:2::3 2001:1:2::4 Type ^c to abort. Sending 5 56-byte ICMP Echos to 2001:1:2::4, using src address 2001:1:2::3, timeout is 2 seconds.
by default. Source IPv6 address Source IPv6 address. Repeat count[5] Number of the ping packets. Datagram size in byte[56] Packet size of the ping command. 56 byte by default. Timeout in milli-seconds[2000] Timeout for ping command. 2 seconds by default. Extended commands[n] Extended configuration. Disabled by default. ! The network is reachable. . The network is unreachable.
OSPF all NSM debugging is on OSPF all events debugging is on OSPF all route calculation debugging is on Switch# Relative command: Debug 72.10 show flash Command: show flash Function: Show the size of the files which are reserved in the system flash memory. Command Mode: Admin Mode and Configuration Mode. Example: To list the files and their size in the flash. Switch#show flash boot.rom 329, 828 1900-01-01 00:00:00 --SH boot.conf 94 1900-01-01 00:00:00 --SH nos.
Example: Switch#show history enable config interface ethernet 1/0/3 enable dir show ftp 72.12 show history all-users Command: show history all-users [detail] Function: Show the recent command history of all users. Parameter: [detail] shows user name of the executing command. IP address of the user will be shown when logging in the executing command through Telnet or SSH.
72.13 show logging buffered Command: show logging buffered [level {critical | warnings} | range ] Function: This command displays the detailed information in the log buffer channel. This command is not supported on low end switches. Parameter: level {critical | warnings} means the level of critical information. is the index start value of the log message, the valid range is 1-65535, is the index end value of the log message, and the valid range is 1-65535.
Admin mode. Usage Guide: Use this command to display the state (enable or disable). Example: Example: Switch#show logging executed-commands state Logging executed command state is enable 72.15 show logging source Command: show logging source mstp Function: Show the log information source of MSTP module. Command mode: Admin and configuration mode. Usage Guide: Check the log information source (include information channel, the information severity level) by show logging mstp command.
Parameter: usage means memory use information. Command mode: Admin Mode Usage Guide: This command is used for switch debug purposes. The command will interactively prompt the user to enter start address of the desired information in the memory and output word number. The displayed information consists of three parts: address, Hex view of the information and character view. Example: Example: Switch#show memory start address : 0x2100 number of words[64]: 002100: 0000 0000 0000 0000 0000 0000 0000 0000 *..
When the user finishes a set of configuration and needs to verify the configuration, show running-config command can be used to display the current active parameters. Example: Switch#show running-config 72.18 show startup-config Command: show startup-config Function: Display the switch parameter configurations written into the Flash memory at the current operation; those are usually also the configuration files used for the next power-up.
Admin mode Example: Show VLAN messages of port ethernet 1/0/1. Switch#show switchport interface ethernet 1/0/1 Ethernet1/0/1 Type :Universal Mac addr num : No limit Mode :Trunk Port VID :1 Trunk allowed Vlan :ALL Displayed Information Description Ethernet1/0/1 Corresponding interface number of the Ethernet. Type Current interface type. Mac addr num Numbers of interfaces with MAC address learning ability. Mode: Trunk Current interface VLAN mode.
LocalPort Local pot number of the TCP connection. ForeignAddress Remote address of the TCP connection. ForeignPort Remote port number of the TCP connection. State Current status of the TCP connection. 72.21 show tcp ipv6 Command: show tcp ipv6 Function: Show the current TCP connection. Command mode: Admin and configuration mode.
Command Mode: Admin Mode and Configuration Mode. Usage Guide: This command used to list the information of currently available telnet clients which are connected to the switch. Example: Switch#show telnet login Authenticate login by local. Login user: aa 72.23 show temperature Command: show temperature Function: Show the temperature of the CPU. Command Mode: Any modes Usage Guide: This command can be used to monitor the CPU temperature of the switch. Example: Show the temperature of the CPU of the switch.
Command Mode: Admin mode and configuration mode Usage Guide: When failure occurred on the switch, this command can be used to get related information, in order to diagnose the problems. Example: Switch#show tech-support 72.25 show udp Command: show udp Function: Display the current UDP connection status established to the switch. Command mode: Admin Mode Example: Switch#show udp LocalAddress LocalPort ForeignAddress ForeignPort State 0.0.0.0 161 0.0.0.0 0 CLOSED 0.0.0.0 123 0.0.0.
Function: Show the current UDP connection. Command mode: Admin and configuration mode. Example: LocalAddress LocalPort RemoteAddress RemotePort State :: 69 :: 0 CLOSED :: 1208 :: 0 CLOSED Displayed Information Explanation LocalAddress Local IPv6 address of UDP connection LocalPort Local port of UDP connection RemoteAddress Remote IPv6 address of UDP connection RemotePort Remote Port of UDP connection State The current state of UDP connection 72.
Function: This command is tests the gateway passed in the route of a packet from the source device to the target device. This can be used to test connectivity and locate a failed sector. Parameter: is the assigned source host IPv4 address in dot decimal format. is the target host IP address in dot decimal format. is the hostname for the remote host. is the maximum gateway number allowed by Traceroute command.
Traceroute6 is normally used to locate destination network inaccessible failures.
Chapter 73 Commands for Reload Switch after Specified Time 73.1 reload after Command: reload after {[] [days ]} Function: Reload the switch after a specified period of time. Parameters: the specified time, HH (hours) ranges from 0 to 23, MM (minutes) and SS (seconds) range from 0 to 59. the specified days, unit is day, range from 1 to 30. time and day may be configured at the same time or configured solely.
Function: Cancel the specified time period to reload the switch. Command Mode: Admin mode. Usage Guide: With this command, users can cancel the specified time period to reload the switch, that is, to cancel the configuration of command “reload after”. This command will not be reserved. Example: Prevent the switch to automatically reboot after the specified time. Switch#reload cancel Reload cancel successful. Related Commands: reload, reload after, show reload 73.
Chapter 74 Commands for Debugging and Diagnosis for Packets Received and Sent by CPU 74.1 clear cpu-rx-stat protocol Command: clear cpu-rx-stat protocol [ ] Function: Clear the statistics of the CPU received packets of the protocol type.
ssh, bgp, bgp4plus, rip, ripng, ospf, ospfv3, pim, pimv6, unknown-mcast, unknow-mcast6, mld; is the max rate of CPU receiving packets of the protocol type, its range is 1-2000 pps. Command Mode: Global Mode Default: A different default rate is set for the different type of protocol. Usage Guide: The rate limit set by this command have an effect on CPU receiving packets, so it is supposed to be used with the help of the technical support. Example: Set the rate of the ARP packets to 500pps.
74.4 debug driver Command: debug driver {receive | send} [interface { | all}] [protocol { | discard | all}] [detail] no debug driver {receive | send} Function: Turn on the on-off of showing the information of the CPU receiving or sending packets, the “no debug driver {receive | send}” command turns off the on-off.
Admin and configuration mode Usage Guide: This command is used to debug, it is supposed to be used with the help of the technical support. Example: Show the statistics of CPU receiving ARP packets. Switch#show cpu-rx protocol arp Type Rate-limit arp 500 TotPkts 3 CurState allowed Chapter 75 Commands for Basic VSF Configuration 75.
Switch#config Switch(config)#switch convert mode vsf 75.2 write Command: write Function: When the device is under the independent operation mode, write command can save the current running-config and it can also write the current relevant VSF configuration into vsf.cfg. if the device is under the VSF mode, write command will save the current running-config into vsf_startup.cfg and save the current relevant VSF configuration into vsf.cfg. Parameters: None.
Function: Configure the logic VSF port. The no command deletes the VSF port. Parameters: : the number of logic VSF port, value is 1 to 2. Default: Do not configure. Command Mode: Global Mode. Operation Mode: Independent Operation Mode, VSF Operation Mode. VSF Role: VSF Master. Usage Guide: Configure the logic VSF port. Only two vsf port-group can be configured on the same device, they are vsf port-group1 and vsf port-group2. Example: Configure the logic VSF port.
Usage Guide: One vsf port-group can bind 8 physical ports at most, the mode of port in vsf port-group is on. When there are more than 8 ports binding to it, it will prompt the user cannot bind. It supports spread binding of the physical port. Currently, it only supports 10G port and logic VSF port to bind. Example: Create the logic VSF port and enter in the VSF port configuration mode. Bind the physical port 1/0/1 to the logic VSF port.
judgement of domain numbers conflict. The default domain number is 1. 75.6 vsf member Command: vsf member no vsf member Function: Configure the number of VSF members. The no command deletes the number. Parameters: : member number. The range is 1 to 16. Default: There is no member number of the device. Command Mode: Global Mode. Operation Mode: Independent Operation Mode. Usage Guide: The member number marks every device.
Operation Mode: VSF Operation Mode. Usage Guide: After configured this command, if the vsf link status has changed, the system will receive and confirm the vsf link status immediately, and detect the vsf topology’s change. This command will be effective immediately after configured. We suggest using this command when the physical vsf link is stable. 75.8 vsf priority Command: vsf priority no vsf priority Function: Configure the priority of the VSF members in the VSF group.
75.9 vsf auto-merge enable Command: vsf auto-merge enable no vsf auto-merge enable Function: Enable the automatic merger function of VSF groups. The no command cancels this function. Parameters: None. Default: Disable. Command Mode: Global Mode. Operation Mode: VSF Operation Mode. VSF Role: VSF Master.
Global Mode. Operation Mode: VSF Operation Mode. VSF Role: VSF Master. Usage Guide: Under the VSF operation mode, adding message is more easy for management. Foe example, in one network that exist of more than one VSF, or they are separate, using this method can more easy to separate them. 75.
vsf mac-address persistent no vsf mac-address persistent Function: Configure VSF split group MAC address retention time. No command deletes the MAC address retention time. Parameters: :Configure VSF bridge MAC retains time as 6 minutes. It means that after the master leave the VSF, the VSF bridge MAC address will remain unchang for 6 minutes.
Chapter 76 Commands for Configuration and Debugging of VSF Conflict Detection 76.1 vsf mad lacp enable Command: vsf mad lacp enable no vsf mad lacp enable Function: Open the particular port-channel to support the LACP MAD detection function.No command will close the LACP MAD function on the port-channel LACP MAD Parameters: None. Default: Disable. Command Mode: port-channelPort Mode. Operation Mode: VSF Operation Mode. VSF Role: VSF Master.
Default: Disable. Command Mode: Interface Configuration Mode. Operation Mode: VSF Operation Mode. VSF Role: VSF Master. Usage Guide: This command can only be used at VSF operation mode; configure particular port to support the BFD MAD detection function. 76.
vsf mad exclude no vsf mad exclude Function: When the facilities ente into the recovery status, the port that configure this command can avoid closing and continuous transmitting. No command is delete the MAD retention port configuration. Parameters: None. Default: MAD retention port is not configured. Command Mode: Port Mode. Operation Mode: VSF Operation Mode. VSF Role: VSF Master. Usage Guide: VSF split off, the network will present of 2 global configuration entirety the same facilities.
Usage Guide: VSF link broken will have Active collision, the original VSF willsplit into 2 Active VSF. In order to prevent the collision in the network, VSF system will through multi Active detection machinism, putting one of the VSF status as Active (continuous for work), other VSFs just amend as Recovery status (which cannot tackle with the operation messages).
Chapter 77 Commands for VSF Debugging 77.1 show running-config Command: show running-config Function: Check the entire current configuration message. Parameters: None. Default: None. Command Mode: Admin and Configuration Mode. Operation Mode: Independent Operation Mode.VSF Operation Mode. VSF Role: VSF Master. Usage Guide: After the VSF function, this command will put the VSF related configuration message together and place in the top for display. 77.
None. Command Mode: Admin and Configuration Mode. Operation Mode: VSF Operation Mode. VSF Role: VSF Master. Usage Guide: This command can only be used under the VSF mode, through the VSF protocol to obtain the role election message. Throughout the reading of each configuration document vsf.cfg to obtain the configuration message, bridge MAC, CPU-MAC etc message display.
VSF Role: VSF Master. Usage Guide: VSF merge or leave of the member in the VSF, all of this will touch off protocol operation and calculate the new topology structure. Throughout this command, it can obtain current topology information. Example: Switch# show vsf topology Switch VSF-Port1 Neighbor VSF-Port2 2 Ethernet2/7/3(inactive) -- -- Neighbor -- 77.
77.5 show mad config Command: show mad config Function: Checking the current VSF mad detection configuration. Parameters: None. Default: None. Command Mode: Admin and Configuration Mode. Operation Mode: VSF Operation Mode. VSF Role: VSF Master. Usage Guide: This command can only be use under the VSF operation mode. Displays whether LACP, BFD are opened and obtins which port has open these functions.
MAD lacp enabled aggregation port Enable LACP MAD aggregate port MAD BFD enabled interface Enable BFD MAD port 77.6 show vsf cpu-database all-member brief-information Command: show vsf cpu-database all-member brief-information Function: Display all members’ brief message in CPU database. Parameters: None. Default: None. Command Mode: Admin and Configuration Mode. Operation Mode: VSF Operation Mode. VSF Role: VSF Master. Usage Guide: Display all members’ brief message in CPU database.
< member >: VSF member, <1-16>: VSF member member id. Default: None. Command Mode: Admin and Configuration Mode. Operation Mode: VSF Operation Mode. VSF Role: VSF Master.
77.8 show vsf cpu-database member running-information Command: show vsf cpu-database [member <1-16>| running-information] Function: Display CPU database operation information. Parameters: < member >: VSF member, <1-16>: VSF member member id. Default: None. Command Mode: Admin and Configuration Mode. Operation Mode: VSF Operation Mode. VSF Role: VSF Master. Usage Guide: Display entire or particular member operation information in CPU database.
Rx port-group: 0 77.9 show vsf cpu-database member port-information Command: show vsf cpu-database [member <1-16>| port-information] Function: Display CPU database VSF basic information. Parameters: < member >: VSF member, <1-16>: VSF member member id. Default: None. Command Mode: Admin and Configuration Mode. Operation Mode: VSF Operation Mode. VSF Role: VSF Master. Usage Guide: Show the VSF basic information of the entire or the appointed VSF member in CPU database.
Function: Display CPU database VSF port connection message. Parameters: < member >: VSF member, <1-16>: VSF member member id. Default: None. Command Mode: Admin and Configuration Mode. Operation Mode: VSF Operation Mode. VSF Role: VSF Master. Usage Guide: None.
is the member device number under the VSF mode, range is 1 to 16; is the number of the slot the chip resides, all the slots are 1 for the cassette devices. Default: All chip information will be listed by default if mem-id and slot-id are not specified Command Mode: Admin Mode. Example: Switch#show member 13 slot 1 --------------------member :13-------------------Inserted : YES Module type : Switch Work mode : STANDBY MASTER Work state : RUNNING Software package version : 7.0.3.0(R0075.
VSF member detection packets, it is used to detect the connection information of all the VSF ports; :VSF member information spreading packets, the information includes: local VSF port information, the modid information needed, number of chips information, Master election priority, CPUDB status information and the chip number and port number information which reach this CPU; :Topology analysis packets, the task in the stage of topology analysis is that Master calculates the network without loo
77.14 debug vsf event Command: debug vsf event no debug vsf event Function: Open the switch of VSF event debug information. No command is closing this debug function Parameters: None. Default: Disable. Command Mode: Admin Mode. VSF Role: VSF Master, Member and Slave. Usage Guide: After open the on-off of VSF event debug information, the VSF operates to the defined events in all stages, it can provide corresponding feedback to the user. 77.
Chapter 78 Commands for PoE 78.1 Commands for PoE Configuration 78.1.1 power inline enable (Global) Command: power inline enable no power inline enable Function: Enable /disable global PoE. Parameters: None. Command Mode: Global Mode. Default: Disable. Usage Guide: With PoE globally disabled, there would be no power output no matter what the power state of a specified port is. Example: Globally disable PoE. Switch(Config)#no power inline enable 78.1.
Usage Guide: Enabled: Automatically detect PD. In such a state, PSE will automatically detect and classify a PD, and provide power supply for it according to the classification. If a PD connection is detected, its specified output power will be satisfied as long as there is enough available power, after which the corresponding LED indicator will be updated. Otherwise, the power distribution rules will decide whether or not to implement this power supply.
Enable the allowed high-inrush current when nonstandard PD is powered instantaneously. Switch(config)#power inline high-inrush enable 78.1.4 power inline legacy Command: power inline legacy enable no power inline legacy enable Function: Set whether or not to provide power supply for non-standard IEEE PD. Parameters: None. Command Mode: Global Mode. Default: Do not provide power supply for non-standard IEEE PD.
Setting a global max output power can guarantee a secure power supply and an effective method to control the power consumed by connected subordinate devices. Example: Set the global max output power to 50W. Switch(Config)#power inline max 50 78.1.6 power inline max (Port) Command: power inline max no power inline max Function: Set the max output power of a specified port. Parameters: max-wattage: the value of the max output power, in mW, ranging from 1 to 15400mW (802.3af)/1 to 3000mW (802.
None. Command Mode: Global Mode. Default: The power priority management policy mode is disabled. Usage Guide: Decide whether to use priority policy in power management policy. The “enable” command will make priority policy in effect, while “no” command will recover the first-come-first-served policy. With priority policy enabled, port priority can be configured individually.
Switch(Config-Ethernet1/0/2)#power inline priority critical 78.2 Commands for PoE Monitoring and Debugging 78.2.1 Monitoring and Debugging Information 78.2.1.1 show power inline Command: show power inline Function: Display global PoE configurations and status. Parameters: None. Command Mode: Admin Mode. Default: None.
Examples: Display the current global PoE status Switch#show power inline Power Inline Status: On Power Available: 370 W Power Used: 0 W Power Remaining: 370 W Min Voltage: 44 V Max Voltage: 57 V Police: Off Legacy: Off Disconnect: Ac Mode: Signal HW Version: 30 SW Version: 05.0.5 78.2.1.2 show power inline interface ethernet Command: show power inline interface [ethernet | ] Function: Display the PoE configuration and status on specified ports.
faulty: PD detection failed deny: not enough available power or the required power is over the limit Power The power used by the port currently Max The max power allowed to be distributed to the port Current The present current of the port Volt The present voltage of the port Priority The Power supply priority Critical: the highest-level priority High: the high-level priority Low: the low-level priority Class Class Usage PD Input Power (W) 0 Default 0.44~12.95 1 Optional 0.44~3.
Parameters: None. Command Mode: Admin Mode. Default: None. Usage Guide: With debugging enabled, relative information will be printed in the key processes while implementing commands, for further debugging reference whenever an error occurs. The “no” command will disable the debugging. Examples: Enable PoE debugging.
