User Manual
Table Of Contents
- Contents
- Introduction
- How to read the command reference
- How to use the commands
- Configuration
- Maintenance and operation functions
- 4.1 Passwords
- 4.2 User account maintenance
- 4.3 Configuration management
- 4.4 Manage boot information
- 4.5 Show unit information
- 4.6 System self-diagnostics
- 4.7 Cable diagnostics
- 4.8 Time management
- 4.8.1 Set clock manually
- 4.8.2 Set time zone
- 4.8.3 Configuring daylight saving time (recurring)
- 4.8.4 Configuring daylight saving time (by date)
- 4.8.5 Show current time
- 4.8.6 Set NTP server
- 4.8.7 Synchronize time from NTP server (one-shot update)
- 4.8.8 Synchronize time from NTP server (update interval)
- 4.8.9 Show NTP server time synchronization settings
- 4.9 Terminal settings
- 4.10 Management
- 4.11 SYSLOG
- 4.11.1 Set log notification destination (SYSLOG server)
- 4.11.2 Setting the notification format of the log
- 4.11.3 Setting the log facility value
- 4.11.4 Set log output level (debug)
- 4.11.5 Set log output level (informational)
- 4.11.6 Set log output level (error)
- 4.11.7 Set log console output
- 4.11.8 Back up log
- 4.11.9 Clear log
- 4.11.10 Show log
- 4.12 SNMP
- 4.12.1 Set host that receives SNMP notifications
- 4.12.2 Setting the time to wait before sending a notification message at system boot
- 4.12.3 Set notification type to transmit
- 4.12.4 Set system contact
- 4.12.5 Set system location
- 4.12.6 Set SNMP community
- 4.12.7 Set SNMP view
- 4.12.8 Set SNMP group
- 4.12.9 Set SNMP user
- 4.12.10 IP address restrictions for clients that can access the SNMP server
- 4.12.11 Show SNMP community information
- 4.12.12 Show SNMP view settings
- 4.12.13 Show SNMP group settings
- 4.12.14 Show SNMP user settings
- 4.13 RMON
- 4.13.1 Set RMON function
- 4.13.2 Set RMON Ethernet statistical information group
- 4.13.3 Set RMON history group
- 4.13.4 Set RMON event group
- 4.13.5 Set RMON alarm group
- 4.13.6 Show RMON function status
- 4.13.7 Show RMON Ethernet statistical information group status
- 4.13.8 Show RMON history group status
- 4.13.9 Show RMON event group status
- 4.13.10 Show RMON alarm group status
- 4.13.11 Clear counters of the RMON Ethernet statistical information group
- 4.14 Telnet server
- 4.15 Telnet client
- 4.16 TFTP server
- 4.17 HTTP server
- 4.17.1 Start HTTP server and change listening port number
- 4.17.2 Start secure HTTP server and change listening port number
- 4.17.3 Show HTTP server settings
- 4.17.4 Set hosts that can access the HTTP server
- 4.17.5 Restrict access to the HTTP server according to the IP address of the client
- 4.17.6 Web GUI display language
- 4.17.7 Set log-in timeout time for HTTP server
- 4.18 SSH server
- 4.18.1 Start SSH server and change listening port number
- 4.18.2 Show SSH server settings
- 4.18.3 Set host that can access the SSH server
- 4.18.4 Set client that can access the SSH server
- 4.18.5 Generate SSH server host key
- 4.18.6 Clear SSH server host key
- 4.18.7 Show SSH server public key
- 4.18.8 Set SSH client alive checking
- 4.19 SSH client
- 4.20 E-mail notification
- 4.20.1 SMTP e-mail server settings
- 4.20.2 SMTP e-mail server name settings
- 4.20.3 E-mail notification trigger settings
- 4.20.4 E-mail transmission template settings mode
- 4.20.5 E-mail transmission server ID settings
- 4.20.6 E-mail transmission source address setting
- 4.20.7 Destination e-mail address setting for e-mail transmission
- 4.20.8 Setting for subject used when sending e-mails
- 4.20.9 Wait time settings for e-mail transmission
- 4.20.10 E-mail settings when sending certificates
- 4.20.11 E-mail settings for certificate notification
- 4.20.12 Notification timing settings for expired certificates
- 4.20.13 Show e-mail transmission information
- 4.21 LLDP
- 4.21.1 Enable LLDP function
- 4.21.2 Set system description
- 4.21.3 Set system name
- 4.21.4 Create LLDP agent
- 4.21.5 Set automatic setting function by LLDP
- 4.21.6 Set LLDP transmission/reception mode
- 4.21.7 Set type of management address
- 4.21.8 Set basic management TLVs
- 4.21.9 Set IEEE-802.1 TLV
- 4.21.10 Set IEEE-802.3 TLV
- 4.21.11 Set LLDP-MED TLV
- 4.21.12 Set LLDP frame transmission interval
- 4.21.13 Set LLDP frame transmission interval for high speed transmission period
- 4.21.14 Set time from LLDP frame transmission stop until re-initialization
- 4.21.15 Set multiplier for calculating time to live (TTL) of device information
- 4.21.16 Set number of LLDP frames transmitted during the high speed transmission period
- 4.21.17 Set maximum number of connected devices manageable by a port
- 4.21.18 Global interface setting for LLDP function
- 4.21.19 Show interface status
- 4.21.20 Show information for connected devices of all interfaces
- 4.21.21 Clear LLDP frame counters
- 4.22 L2MS (Layer 2 management service) settings
- 4.23 Snapshot
- 4.24 Firmware update
- 4.25 Schedule
- 4.26 General maintenance and operation functions
- Interface control
- 5.1 Interface basic settings
- 5.1.1 Set description
- 5.1.2 Shutdown
- 5.1.3 Set speed and duplex mode
- 5.1.4 Set MRU
- 5.1.5 Set cross/straight automatic detection
- 5.1.6 Set EEE
- 5.1.7 Show EEE capabilities
- 5.1.8 Show EEE status
- 5.1.9 Set port mirroring
- 5.1.10 Show port mirroring status
- 5.1.11 Show interface status
- 5.1.12 Show brief interface status
- 5.1.13 Resetting an interface
- 5.1.14 Show frame counter
- 5.1.15 Clear frame counters
- 5.1.16 Show SFP+ module status
- 5.1.17 Set SFP+ module optical reception level monitoring
- 5.1.18 Configuring transmission queue usage rate monitoring (system)
- 5.1.19 Configuring transmission queue usage rate monitoring (interface)
- 5.1.20 Display configuration for transmission queue usage rate monitoring
- 5.2 Link aggregation
- 5.2.1 Set static logical interface
- 5.2.2 Show static logical interface status
- 5.2.3 Set LACP logical interface
- 5.2.4 Show LACP logical interface status
- 5.2.5 Set LACP system priority order
- 5.2.6 Show LACP system priority
- 5.2.7 LACP different-speed link aggregation settings
- 5.2.8 Set LACP timeout
- 5.2.9 Clear LACP frame counters
- 5.2.10 Show LACP frame counter
- 5.2.11 Set load balance function rules
- 5.2.12 Show protocol status of LACP logical interface
- 5.2.13 Set LACP port priority order
- 5.3 Port authentication
- 5.3.1 Configuring the IEEE 802.1X authentication function for the entire system
- 5.3.2 Configuring the MAC authentication function for the entire system
- 5.3.3 Configuring the Web authentication function for the entire system
- 5.3.4 Set operation mode for the IEEE 802.1X authentication function
- 5.3.5 Set for forwarding control on an unauthenticated port for IEEE 802.1X authentication
- 5.3.6 Set the EAPOL packet transmission count
- 5.3.7 Set the MAC authentication function
- 5.3.8 Set MAC address format during MAC authentication
- 5.3.9 Configuring static registration for MAC authentication
- 5.3.10 Set the Web authentication function
- 5.3.11 Set host mode
- 5.3.12 Configuring the authentication order
- 5.3.13 Set re-authentication
- 5.3.14 Set dynamic VLAN
- 5.3.15 Set the guest VLAN
- 5.3.16 Suppression period settings following failed authentication
- 5.3.17 Set reauthentication interval
- 5.3.18 Set the reply wait time for the RADIUS server overall
- 5.3.19 Set supplicant reply wait time
- 5.3.20 Set RADIUS server host
- 5.3.21 Set the reply wait time for each RADIUS server
- 5.3.22 Set number of times to resend requests to RADIUS server
- 5.3.23 Set RADIUS server shared password
- 5.3.24 Set time of RADIUS server usage prevention
- 5.3.25 Set NAS-Identifier attribute sent to RADIUS server
- 5.3.26 Show port authentication information
- 5.3.27 Show supplicant information
- 5.3.28 Show statistical information
- 5.3.29 Clear statistical information
- 5.3.30 Show RADIUS server setting information
- 5.3.31 Settings for redirect destination URL following successful Web authentication
- 5.3.32 Clear the authentication state
- 5.3.33 Setting the time for clearing the authentication state (system)
- 5.3.34 Setting the time for clearing the authentication state (interface)
- 5.3.35 Set EAP pass through
- 5.4 Port security
- 5.5 Error detection function
- 5.1 Interface basic settings
- Layer 2 functions
- 6.1 FDB (Forwarding Data Base)
- 6.2 VLAN
- 6.2.1 Move to VLAN mode
- 6.2.2 Set VLAN interface
- 6.2.3 Set private VLAN
- 6.2.4 Set secondary VLAN for primary VLAN
- 6.2.5 Set access port (untagged port)
- 6.2.6 Set associated VLAN of an access port (untagged port)
- 6.2.7 Set trunk port (tagged port)
- 6.2.8 Set associated VLAN for trunk port (tagged port)
- 6.2.9 Set native VLAN for trunk port (tagged port)
- 6.2.10 Set private VLAN port type
- 6.2.11 Set private VLAN host port
- 6.2.12 Set promiscuous port for private VLAN
- 6.2.13 Set voice VLAN
- 6.2.14 Set CoS value for voice VLAN
- 6.2.15 Set DSCP value for voice VLAN
- 6.2.16 Set multiple VALN group
- 6.2.17 Set name of multiple VLAN group
- 6.2.18 Configuring the YMPI frame transmission when multiple VLANs are configured
- 6.2.19 Show VLAN information
- 6.2.20 Show private VLAN information
- 6.2.21 Show multiple VLAN group setting information
- 6.3 STP (Spanning Tree Protocol)
- 6.3.1 Set spanning tree for the system
- 6.3.2 Set forward delay time
- 6.3.3 Set maximum aging time
- 6.3.4 Set bridge priority
- 6.3.5 Set spanning tree for an interface
- 6.3.6 Set spanning tree link type
- 6.3.7 Set interface BPDU filtering
- 6.3.8 Set interface BPDU guard
- 6.3.9 Set interface path cost
- 6.3.10 Set interface priority
- 6.3.11 Set edge port for interface
- 6.3.12 Show spanning tree status
- 6.3.13 Show spanning tree BPDU statistics
- 6.3.14 Clear protocol compatibility mode
- 6.3.15 Move to MST mode
- 6.3.16 Generate MST instance
- 6.3.17 Set VLAN for MST instance
- 6.3.18 Set priority of MST instance
- 6.3.19 Set MST region name
- 6.3.20 Set revision number of MST region
- 6.3.21 Set MST instance for interface
- 6.3.22 Set interface priority for MST instance
- 6.3.23 Set interface path cost for MST instance
- 6.3.24 Show MST region information
- 6.3.25 Show MSTP information
- 6.3.26 Show MST instance information
- 6.4 Loop detection
- Layer 3 functions
- IP multicast control
- 8.1 IP multicast basic settings
- 8.2 IGMP snooping
- 8.2.1 Set enable/disable IGMP snooping
- 8.2.2 Set IGMP snooping fast-leave
- 8.2.3 Set multicast router connection destination
- 8.2.4 Set query transmission function
- 8.2.5 Set IGMP query transmission interval
- 8.2.6 Set TTL value verification function for IGMP packets
- 8.2.7 Set IGMP version
- 8.2.8 Settings for IGMP Report Suppression
- 8.2.9 Settings for Suppression of Data Transmission to Multicast Router Ports
- 8.2.10 Show multicast router connection port information
- 8.2.11 Show IGMP group membership information
- 8.2.12 Show an interface's IGMP-related information
- 8.2.13 Clear IGMP group membership entries
- 8.3 MLD snooping
- 8.3.1 Enable/disable MLD snooping
- 8.3.2 Set MLD snooping fast-leave
- 8.3.3 Set multicast router connection destination
- 8.3.4 Set query transmission function
- 8.3.5 Set MLD query transmission interval
- 8.3.6 Set MLD version
- 8.3.7 Show multicast router connection port information
- 8.3.8 Show MLD group membership information
- 8.3.9 Show an interface's MLD-related information
- 8.3.10 Clear MLD group membership entries
- Traffic control
- 9.1 ACL
- 9.1.1 Generate IPv4 access list
- 9.1.2 Adding a description for IPv4 access list
- 9.1.3 Apply IPv4 access list
- 9.1.4 Generate IPv6 access list
- 9.1.5 Adding a description for IPv6 access list
- 9.1.6 Apply IPv6 access list
- 9.1.7 Generate MAC access list
- 9.1.8 Adding a description for MAC access lists
- 9.1.9 Apply MAC access list
- 9.1.10 Show generated access list
- 9.1.11 Clear counters
- 9.1.12 Show access list applied to interface
- 9.1.13 Set VLAN access map and move to VLAN access map mode
- 9.1.14 Set access list for VLAN access map
- 9.1.15 Set VLAN access map filter
- 9.1.16 Show VLAN access map
- 9.1.17 Show VLAN access map filter
- 9.2 QoS (Quality of Service)
- 9.2.1 Enable/disable QoS
- 9.2.2 Set default CoS
- 9.2.3 Set trust mode
- 9.2.4 Show status of QoS function setting
- 9.2.5 Show QoS information for interface
- 9.2.6 Show egress queue usage ratio
- 9.2.7 Set CoS - egress queue ID conversion table
- 9.2.8 Set DSCP - egress queue ID conversion tabl
- 9.2.9 Set port priority order
- 9.2.10 Specify egress queue of frames transmitted from the switch itself
- 9.2.11 Generate class map (traffic category conditions)
- 9.2.12 Associate class map
- 9.2.13 Set traffic classification conditions (access-list)
- 9.2.14 Set traffic classification conditions (CoS)
- 9.2.15 Set traffic classification conditions (TOS precedence)
- 9.2.16 Set traffic classification conditions (DSCP)
- 9.2.17 Set traffic classification conditions (Ethernet Type)
- 9.2.18 13.2.22 Set traffic classification conditions (VLAN ID)
- 9.2.19 Set traffic classification conditions (VLAN ID range)
- 9.2.20 Show class map information
- 9.2.21 Generate policy map for received frames
- 9.2.22 Apply policy map for received frames
- 9.2.23 Set pre-marking (CoS)
- 9.2.24 Set pre-marking (TOS precedence)
- 9.2.25 Set pre-marking (DSCP)
- 9.2.26 Set individual policers (single rate)
- 9.2.27 Set individual policers (twin rate)
- 9.2.28 Set remarking of individual policers
- 9.2.29 Generate aggregate policer
- 9.2.30 Set aggregate policer (single rate)
- 9.2.31 Set aggregate policer (twin rate)
- 9.2.32 Set remarking of aggregate policers
- 9.2.33 Show aggregate policers
- 9.2.34 Apply aggregate policer
- 9.2.35 Show metering counters
- 9.2.36 Clear metering counters
- 9.2.37 Set egress queue (CoS-Queue)
- 9.2.38 Set egress queue (DSCP-Queue)
- 9.2.39 Show policy map information
- 9.2.40 Show map status
- 9.2.41 Set egress queue scheduling
- 9.2.42 Set traffic shaping (individual port)
- 9.2.43 Set traffic-shaping (queue units)
- 9.3 Flow control
- 9.4 Storm control
- 9.1 ACL
- Application
- 10.1 Local RADIUS server
- 10.1.1 Local RADIUS server function settings
- 10.1.2 Set access interface
- 10.1.3 Generate a route certificate authority
- 10.1.4 RADIUS configuration mode
- 10.1.5 Authentication method settings
- 10.1.6 RADIUS client (NAS) settings
- 10.1.7 Authenticated user settings
- 10.1.8 Reauthentication interval setting
- 10.1.9 Apply setting data to local RADIUS server
- 10.1.10 Issuing a client certificate
- 10.1.11 Aborting the issue of a client certificate
- 10.1.12 Revoking client certificates
- 10.1.13 Exporting of client certificates (sending via e-mail)
- 10.1.14 Show RADIUS client (NAS) status
- 10.1.15 Show authenticated user information
- 10.1.16 Client certificate issuance status display
- 10.1.17 Client certificate list display
- 10.1.18 Revoked client certificate list display
- 10.1 Local RADIUS server
- Index
[Example]
Create access list #1 that denies communication from the source segment 192.168.1.0/24 to the destination 172.16.1.1.
SWP2(config)#access-list 1 deny any 192.168.1.0 0.0.0.255 host 172.16.1.1
Delete IPv4 access list #1.
SWP2(config)#no access-list 1
9.1.2 Adding a description for IPv4 access list
[Syntax]
access-list ipv4-acl-id description line
no access-list ipv4-acl-id description
[Parameter]
ipv4-acl-id : <1-2000>
ID of the IPv4 access list to which to add a description
line : Description to add. Can be up to 32 ASCII characters
[Initial value]
none
[Input mode]
global configuration mode
[Description]
Add a description to the generated IPv4 access list.
If this command is executed with the "no" syntax, the IPv4 description is cleared.
[Note]
A description can be added with this command even after applying an access list to LAN/SFP+ port and logical interface. (The
later description will overwrite it)
[Example]
Create IPv4 access list #1 that denies communication from the 192.168.1.0/24 sending source segment to 172.16.1.1, and add
the description of "Test".
SWP2(config)#access-list 1 deny any 192.168.1.0 0.0.0.255 host 172.16.1.1
SWP2(config)#access-list 1 description Test
9.1.3 Apply IPv4 access list
[Syntax]
access-group ipv4-acl-id direction
no access-group ipv4-acl-id direction
[Parameter]
ipv4-acl-id : <1-2000>
ID of IPv4 access list to apply
direction : Specifies the direction of applicable frames
Setting value Description
in Apply to received frames
out Apply to transmitted frames
[Initial value]
none
Command Reference | Traffic control | 247