Ethernet Switch CLI Reference Guide Version 3.90 7/2009 Edition 6 DEFAULT LOGIN In-band IP Address http://192.168.1.1 Out-of-band IP Address http://192.168.0.1 User Name admin Password 1234 www.zyxel.
About This CLI Reference Guide About This CLI Reference Guide Intended Audience This manual is intended for people who want to configure ZyXEL Switches via Command Line Interface (CLI). The version number on the cover page refers to the latest firmware version supported by the ZyXEL Switches. This guide applies to version 3.79, 3.80 and 3.90 at the time of writing. " This guide is intended as a command reference for a series of products.
About This CLI Reference Guide Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. See http://www.zyxel.com/web/contact_us.php for contact information. Please have the following information ready when you contact an office. • • • • 4 Product model and serial number. Warranty Information. Date that you received your device.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this CLI Reference Guide. 1 " Warnings tell you about things that could harm you or your device. See your User’s Guide for product specific warnings. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Document Conventions • means press the [ENTER] key. • An arrow (-->) indicates that this line is a continuation of the previous line. Command summary tables are organized as follows: Table 1 Example: Command Summary Table COMMAND DESCRIPTION M P show vlan Displays the status of all VLANs. E 3 vlan <1-4094> Enters config-vlan mode for the specified VLAN. Creates the VLAN, if necessary. C 13 inactive Disables the specified VLAN. C 13 no inactive Enables the specified VLAN.
Document Conventions Icons Used in Figures Figures in this guide may use the following generic icons. The Switch icon is not an exact representation of your device.
Document Conventions 8 Ethernet Switch CLI Reference Guide
Contents Overview Contents Overview Introduction ............................................................................................................................ 13 How to Access and Use the CLI ................................................................................................ 15 Privilege Level and Command Mode ......................................................................................... 19 Initial Setup ................................................................
Contents Overview Loopguard Commands ............................................................................................................ 137 MAC Address Commands ....................................................................................................... 139 MAC Authentication Commands ............................................................................................. 141 MAC Filter Commands .......................................................................................
Contents Overview VRRP Commands ................................................................................................................... 247 Additional Commands ............................................................................................................. 251 Appendices and Index of Commands ................................................................................
Contents Overview 12 Ethernet Switch CLI Reference Guide
P ART I Introduction How to Access and Use the CLI (15) Privilege Level and Command Mode (19) Initial Setup (25) 13
CHAPTER 1 How to Access and Use the CLI This chapter introduces the command line interface (CLI). 1.1 Accessing the CLI Use any of the following methods to access the CLI. 1.1.1 Console Port 1 Connect your computer to the console port on the Switch using the appropriate cable.
Chapter 1 How to Access and Use the CLI 1.1.3 SSH 1 Connect your computer to one of the Ethernet ports. 2 Use a SSH client program to access the Switch. If this is your first login, use the default values in Table 3 on page 15 and Table 4 on page 16. Make sure your computer IP address is in the same subnet, unless you are accessing the Switch through one or more routers. 1.2 Logging in Use the administrator username and password. If this is your first login, use the default values.
Chapter 1 How to Access and Use the CLI 1.4 Saving Your Configuration When you run a command, the Switch saves any changes to its run-time memory. The Switch loses these changes if it is turned off or loses power. Use the write memory command in enable mode to save the current configuration permanently to non-volatile memory. sysname# write memory " You should save your changes after each CLI session. All unsaved configuration changes are lost once you restart the Switch. 1.
Chapter 1 How to Access and Use the CLI 18 Ethernet Switch CLI Reference Guide
CHAPTER 2 Privilege Level and Command Mode This chapter introduces the CLI privilege levels and command modes. • The privilege level determines whether or not a user can run a particular command. • If a user can run a particular command, the user has to run it in the correct mode. 2.1 Privilege Levels Every command has a privilege level (0-14). Users can run a command if the session’s privilege level is greater than or equal to the command’s privilege level.
Chapter 2 Privilege Level and Command Mode The admin account has a privilege level of 14, so the administrator can run every command. You cannot change the privilege level of the admin account. 2.1.3 Privilege Levels for Sessions The session’s privilege level initially comes from the privilege level of the login account the user used to log in to the Switch. After logging in, the user can use the following commands to change the session’s privilege level. 2.1.3.
Chapter 2 Privilege Level and Command Mode consists of 1-32 alphanumeric characters. For example, the following command sets the password for privilege level 13 to pswd13. See Chapter 73 on page 251 for more information about this command. sysname(config)# password pswd13 privilege 13 2.1.3.3 disable Command This command reduces the session’s privilege level to 0. It also changes the session to user mode. This command is available in enable mode. 2.1.3.
Chapter 2 Privilege Level and Command Mode Table 7 Command Modes for Privilege Levels 13-14 and the Types of Commands in Each One MODE PROMPT COMMAND FUNCTIONS IN THIS MODE config-rip sysname(config-rip)# Configure Routing Information Protocol (RIP). config-vrrp sysname(config-vrrp)# Configure Virtual Router Redundancy Protocol (VRRP). Each command is usually in one and only one mode. If a user wants to run a particular command, the user has to change to the appropriate mode.
Chapter 2 Privilege Level and Command Mode 2 Type help and press [ENTER]. A list comes up which shows all the commands available in enable mode. The example shown next has been edited for brevity’s sake. sysname# help Commands available: help logout exit history enable <0-14> enable . . traceroute [vlan ][..] traceroute help ssh <1|2> <[user@]dest-ip> ssh <1|2> <[user@]dest-ip> [command ] sysname# 3 Copy and paste the results into a text editor of your choice.
Chapter 2 Privilege Level and Command Mode 24 Ethernet Switch CLI Reference Guide
CHAPTER 3 Initial Setup This chapter identifies tasks you might want to do when you first configure the Switch. 3.1 Changing the Administrator Password " It is recommended you change the default administrator password. Use this command to change the administrator password. admin-password where may be 1-32 alphanumeric characters long. sysname# configure sysname(config)# admin-password t1g2y7i9 t1g2y7i9 3.
Chapter 3 Initial Setup 3.3 Prohibiting Concurrent Logins By default, multiple CLI sessions are allowed via the console port or Telnet. See the User’s Guide for the maximum number of concurrent sessions for your Switch. Use this command to prohibit concurrent logins. no multi-login Console port has higher priority than Telnet. See Chapter 41 on page 157 for more multilogin commands. sysname# configure sysname(config)# no multi-login 3.
Chapter 3 Initial Setup 3.6 Looking at Basic System Information Use this command to look at general system information about the Switch. show system-information This is illustrated in the following example. sysname# show system-information System Name System Contact System Location Ethernet Address ZyNOS F/W Version RomRasSize System up Time Bootbase Version ZyNOS CODE Product Model : : : : : : : : : : sysname 00:13:49:ae:fb:7a V3.80(AII.0)b0 | 04/18/2007 1746416 280:32:52 (605186d ticks) V1.
Chapter 3 Initial Setup 28 Ethernet Switch CLI Reference Guide
P ART II Reference A-G AAA Commands (31) ARP Commands (33) ARP Inspection Commands (35) Bandwidth Commands (41) Broadcast Storm Commands (45) Classifier Commands (59) Cluster Commands (63) Date and Time Commands (67) DHCP Commands (71) DHCP Snooping & DHCP VLAN Commands (75) DiffServ Commands (79) DVMRP Commands (81) Ethernet OAM Commands (83) GARP Commands (89) GVRP Commands (91) 29
CHAPTER 4 AAA Commands Use these commands to configure authentication, authorization and accounting on the Switch. 4.1 Command Summary The following section lists the commands for this feature. Table 9 aaa authentication Command Summary COMMAND DESCRIPTION M P show aaa authentication Displays what methods are used for authentication. E 3 show aaa authentication enable Displays the authentication method(s) for checking privilege level of administrators.
Chapter 4 AAA Commands Table 10 Command Summary: aaa accounting (continued) COMMAND DESCRIPTION M P no aaa accounting commands Disables accounting of command sessions on the Switch. C 13 show aaa accounting dot1x Displays accounting settings for recording IEEE 802.1x session events. E 3 aaa accounting dot1x [broadcast] Enables accounting of IEEE 802.1x authentication sessions and specifies the mode and protocol method.
CHAPTER 5 ARP Commands Use these commands to look at IP-to-MAC address mapping(s). 5.1 Command Summary The following section lists the commands for this feature. Table 12 arp Command Summary COMMAND DESCRIPTION M P show ip arp Displays the ARP table. E 3 no arp Flushes the ARP table entries. E 13 5.2 Command Examples This example shows the ARP table. sysname# show ip arp Index IP 1 172.16.37.
Chapter 5 ARP Commands 34 Ethernet Switch CLI Reference Guide
CHAPTER 6 ARP Inspection Commands Use these commands to filter unauthorized ARP packets in your network. 6.1 Command Summary The following section lists the commands for this feature. Table 14 arp inspection Command Summary COMMAND DESCRIPTION M P show arp inspection Displays ARP inspection configuration details. E 3 arp inspection Enables ARP inspection on the Switch. You still have to enable ARP inspection on specific VLAN and specify trusted ports.
Chapter 6 ARP Inspection Commands Table 16 Command Summary: arp inspection log (continued) COMMAND DESCRIPTION M P arp inspection log-buffer entries <0-1024> Specifies the maximum number (1-1024) of log messages that can be generated by ARP packets and not sent to the syslog server. If the number of log messages in the Switch exceeds this number, the Switch stops recording log messages and simply starts counting the number of entries that were dropped due to unavailable buffer.
Chapter 6 ARP Inspection Commands 6.2 Command Examples This example looks at the current list of MAC address filters that were created because the Switch identified an unauthorized ARP packet. When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet.
Chapter 6 ARP Inspection Commands The following table describes the labels in this screen. Table 20 show arp inspection log LABEL DESCRIPTION Total Log Buffer Size This field displays the maximum number (1-1024) of log messages that were generated by ARP packets and have not been sent to the syslog server yet.
Chapter 6 ARP Inspection Commands Table 21 show arp inspection interface port-channel (continued) LABEL DESCRIPTION Rate (pps) This field displays the maximum number for DHCP packets that the switch receives from each port each second. The switch discards any additional DHCP packets. Burst Interval This field displays the length of time over which the rate of ARP packets is monitored for each port.
Chapter 6 ARP Inspection Commands 40 Ethernet Switch CLI Reference Guide
CHAPTER 7 Bandwidth Commands Use these commands to configure the maximum allowable bandwidth for incoming or outgoing traffic flows on a port. " Bandwidth management implementation differs across Switch models. • Some models use a single command (bandwidth-limit ingress) to control the incoming rate of traffic on a port.
Chapter 7 Bandwidth Commands The following section lists the commands for this feature. Table 23 Command Summary: bandwidth-control & bandwidth-limit COMMAND DESCRIPTION M P show interfaces config bandwidth-control Displays the current settings for interface bandwidth control. E 3 bandwidth-control Enables bandwidth control on the Switch. C 13 no bandwidth-control Disables bandwidth control on the Switch.
Chapter 7 Bandwidth Commands This example deactivates the outgoing bandwidth limit on port 1. sysname# configure sysname(config)# interface port-channel 1 sysname(config-interface)# no bandwidth-limit egress sysname(config-interface)# exit sysname(config)# exit 7.3 Command Examples: cir & pir This example sets the guaranteed traffic bandwidth limit on port 1 to 4000 Kbps and the maximum traffic bandwidth limit to 5000 Kbps for port 1.
Chapter 7 Bandwidth Commands 44 Ethernet Switch CLI Reference Guide
CHAPTER 8 Broadcast Storm Commands Use these commands to limit the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. " Broadcast storm control implementation differs across Switch models. • Some models use a single command (bmstorm-limit) to control the combined rate of broadcast, multicast and DLF packets accepted on Switch ports.
Chapter 8 Broadcast Storm Commands Table 25 Command Summary: storm-control, bmstorm-limit, and bstorm-control (continued) COMMAND DESCRIPTION M P bmstorm-limit Specifies the maximum rate at which the Switch receives broadcast, multicast, and destination lookup failure (DLF) packets on the specified port(s). Different models support different rate limiting incremental steps. See your User’s Guide for more information.
Chapter 8 Broadcast Storm Commands • 64 DLF packets per second.
Chapter 8 Broadcast Storm Commands 48 Ethernet Switch CLI Reference Guide
CHAPTER 9 CFM Commands Use these commands to configure the Connectivity Fault Management (CFM) on the Switch. 9.1 CFM Overview The route between two users may go through aggregated switches, routers and/or DSLAMs owned by independent organizations. A connectivity fault point generally takes time to discover and impacts subscribers’ network access. IEEE 802.
Chapter 9 CFM Commands • MEP port - has the ability to send pro-active connectivity check (CC) packets and get other MEP port information from neighbor switches’ CC packets within an MA. • MIP port - only forwards the CC packets. CFM provides two tests to discover connectivity faults. • Loopback test - similar to using “ping” in Microsoft DOS mode to check connectivity from your computer to a host.
Chapter 9 CFM Commands Table 26 CFM Term Definitions TERM DESCRIPTION MEP An MEP (Maintenance End Point) port has the ability to send and reply to the CCMs, LBMs and LTMs. It also gets other MEP port information from neighbor switches’ CCMs in an MA. MIP An MIP (Maintenance Intermediate Point) port forwards the CCMs, LBMs, and LTMs and replies the LBMs and LTMs by sending Loop Back Responses (LBRs) and Link Trace Responses (LTRs).
Chapter 9 CFM Commands 9.4 Command Summary The following section lists the commands for this feature. Table 28 CFM Command Summary COMMAND DESCRIPTION M P clear ethernet cfm linktrace Clears the link trace database. E 13 clear ethernet cfm mep-ccmdb Clears the MEP CCM database. E 13 clear ethernet cfm mip-ccmdb Clears the MIP CCM database. E 13 clear ethernet cfm mep-defects Clears the MEP-defects database. E 13 ethernet cfm Enables CFM on the Switch.
Chapter 9 CFM Commands Table 28 CFM Command Summary (continued) COMMAND DESCRIPTION M P mep interface portchannel direction priority <0-7> inactive Disables a specified MEP. C 13 mep interface portchannel direction priority <0-7> ccenable Enables Connectivity Check (CC) to allow an MEP sending Connectivity Check Messages (CCMs) periodically to other MEPs. C 13 no remote-mep Deletes a specified destination MEP.
Chapter 9 CFM Commands Table 28 CFM Command Summary (continued) COMMAND DESCRIPTION M P ethernet cfm linktrace mac mep ma md [mip-ccmdb][[ttl ] Specifies the destination MAC address, local MEP ID, MA index and MD index to perform a link trace test. This enables the MEP port (with the specified MEP ID) in a specified CFM domain to send the LTMs (Link Trace Messages) to a specified remote end point.
Chapter 9 CFM Commands 9.5 Command Examples This example creates MD1 (with MD index 1 and level 1) and MA2 (with MA index 2 and VLAN ID 2) under MD1 that defines a CFM domain. sysname# config sysname(config)# ethernet cfm md 1 format string name MD1 level 1 sysname(config)# ethernet cfm ma 2 format string name MA2 md 1 primaryvlan 2 sysname(config-ma)# exit sysname(config)# exit sysname# write memory " Remember to save new settings using the write memory command.
Chapter 9 CFM Commands This example lists all CFM domains. In this example, only one MD (MD1) is configured. The MA3 with the associated MEP port 1 is under this MD1.
Chapter 9 CFM Commands This example assigns a virtual MAC address to port 3 and displays the MAC addresses of the ports 2 ~ 4. The assigned virtual MAC address should be unique in both the Switch and the network to which it belongs.
Chapter 9 CFM Commands 58 Ethernet Switch CLI Reference Guide
CHAPTER 10 Classifier Commands Use these commands to classify packets into traffic flows. After classifying traffic, policy commands (Chapter 46 on page 175) can be used to ensure that a traffic flow gets the requested treatment in the network. 10.1 Command Summary The following section lists the commands for this feature. Table 30 Command Summary: classifier COMMAND DESCRIPTION M P show classifier [] Displays classifier configuration details. E 3 classifier <[packetformat <802.
Chapter 10 Classifier Commands The following table shows some other common Ethernet types and the corresponding protocol number. Table 31 Common Ethernet Types and Protocol Number ETHERNET TYPE PROTOCOL NUMBER IP ETHII 0800 X.75 Internet 0801 NBS Internet 0802 ECMA Internet 0803 Chaosnet 0804 X.25 Level 3 0805 XNS Compat 0807 Banyan Systems 0BAD BBN Simnet 5208 IBM SNA 80D5 AppleTalk AARP 80F3 In an IPv4 packet header, the “Protocol” field identifies the next level protocol.
Chapter 10 Classifier Commands This example creates a classifier (Class1) for packets which have a source MAC address of 11:22:33:45:67:89 and are received on port 1. You can then use the policy command and the name Class1 to apply policy rules to this traffic flow. See the policy example in Chapter 46 on page 175.
Chapter 10 Classifier Commands 62 Ethernet Switch CLI Reference Guide
CHAPTER 11 Cluster Commands Use these commands to configure cluster management. 11.1 Command Summary The following section lists the commands for this feature. Table 33 cluster Command Summary COMMAND DESCRIPTION M P show cluster Displays cluster management status. E 3 cluster Enables clustering in the specified VLAN group. C 13 no cluster Disables cluster management on the Switch. C 13 cluster name Sets a descriptive name for the cluster.
Chapter 11 Cluster Commands 11.2 Command Examples This example creates the cluster CManage in VLAN 1. Then, it looks at the current list of candidates for membership in this cluster and adds two switches to cluster.
Chapter 11 Cluster Commands This example logs in to the CLI of member 00:13:49:00:00:01, looks at the current firmware version on the member switch, logs out of the member’s CLI, and returns to the CLI of the manager. sysname# configure sysname(config)# cluster rcommand 00:13:49:00:00:01 Connected to 127.0.0.2 Escape character is '^]'. User name: admin Password: **** Copyright (c) 1994 - 2007 ZyXEL Communications Corp. ES-2108PWR# show version Current ZyNOS version: V3.80(ABS.
Chapter 11 Cluster Commands 66 Ethernet Switch CLI Reference Guide
CHAPTER 12 Date and Time Commands Use these commands to configure the date and time on the Switch. 12.1 Command Summary The following table describes user-input values available in multiple commands for this feature. Table 36 time User-input Values COMMAND DESCRIPTION week Possible values (daylight-saving-time commands only): first, second, third, fourth, last. day Possible values (daylight-saving-time commands only): Sunday, Monday, Tuesday, ....
Chapter 12 Date and Time Commands Table 37 time Command Summary (continued) COMMAND DESCRIPTION M P time daylight-saving-time startdate Sets the day and time when Daylight Saving Time starts. C In most parts of the United States, Daylight Saving Time starts on the second Sunday of March at 2 A.M. local time. In the European Union, Daylight Saving Time starts on the last Sunday of March at 1 A.M. GMT or UTC, so the o’clock field depends on your time zone.
Chapter 12 Date and Time Commands This example looks at the current time server settings. sysname# show timesync Time Configuration ----------------------------Time Zone :UTC -600 Time Sync Mode :USE_DAYTIME Time Server IP Address :172.16.37.10 Time Server Sync Status:CONNECTING The following table describes the labels in this screen. Table 39 show timesync LABEL DESCRIPTION Time Zone This field displays the time zone. Time Sync Mode This field displays the time server protocol the Switch uses.
Chapter 12 Date and Time Commands 70 Ethernet Switch CLI Reference Guide
CHAPTER 13 DHCP Commands Use these commands to configure DHCP features on the Switch. • Use the dhcp relay commands to configure DHCP relay for specific VLAN. • Use the dhcp smart-relay commands to configure DHCP relay for all broadcast domains. • Use the dhcp server commands to configure the Switch as a DHCP server. (This command is available on a layer 3 switch only.) 13.1 Command Summary The following section lists the commands for this feature.
Chapter 13 DHCP Commands Table 41 dhcp relay Command Summary COMMAND DESCRIPTION M P show dhcp relay Displays DHCP relay settings for the specified VLAN. E 3 dhcp relay helperaddress [] [] [option] [information] Enables DHCP relay on the specified VLAN and sets the IP address of up to 3 DHCP servers. Optionally, sets the Switch to add relay agent information and system name.
Chapter 13 DHCP Commands 13.2 Command Examples In this example, the Switch relays DHCP requests for the VLAN1 and VLAN2 domains. There is only one DHCP server for DHCP clients in both domains. Figure 3 Example: Global DHCP Relay DHCP Server: 192.168.1.100 VLAN1 VLAN2 This example shows how to configure the Switch for this configuration. DHCP relay agent information option 82 is also enabled. sysname# configure sysname(config)# dhcp smart-relay sysname(config)# dhcp smart-relay helper-address 192.168.1.
Chapter 13 DHCP Commands Figure 4 Example: DHCP Relay for Two VLANs DHCP: 192.168.1.100 VLAN 1 VLAN 2 DHCP: 172.16.10.100 This example shows how to configure these DHCP servers. The VLANs are already configured. sysname# configure sysname(config)# dhcp relay 1 helper-address 192.168.1.100 sysname(config)# dhcp relay 2 helper-address 172.16.10.100 sysname(config)# exit In this example, the Switch is a DHCP server for clients on VLAN 1 and VLAN 2.
CHAPTER 14 DHCP Snooping & DHCP VLAN Commands Use the dhcp snooping commands to configure the DHCP snooping on the Switch and the dhcp vlan commands to specify a DHCP VLAN on your network. DHCP snooping filters unauthorized DHCP packets on the network and builds the binding table dynamically. 14.1 Command Summary The following section lists the commands for this feature.
Chapter 14 DHCP Snooping & DHCP VLAN Commands Table 44 dhcp snooping Command Summary (continued) COMMAND DESCRIPTION M P dhcp snooping vlan Specifies the VLAN IDs for VLANs you want to enable DHCP snooping on. C 13 no dhcp snooping vlan Specifies the VLAN IDs for VLANs you want to disable DHCP snooping on. C 13 dhcp snooping vlan information Sets the Switch to add the system name to DHCP requests that it broadcasts to the DHCP VLAN, if specified, or VLAN.
Chapter 14 DHCP Snooping & DHCP VLAN Commands • Enables DHCP snooping on VLANs 1,2,3,200 and 300. • Sets the Switch to add the slot number, port number and VLAN ID to DHCP requests that it broadcasts to the DHCP VLAN. • Sets ports 1 - 5 as DHCP snooping trusted ports. • Sets the maximum number of DHCP packets that can be received on ports 1 - 5 to 100 packets per second. • Configures a DHCP VLAN with a VLAN ID 300. • Displays DHCP snooping configuration details.
Chapter 14 DHCP Snooping & DHCP VLAN Commands 78 Ethernet Switch CLI Reference Guide
CHAPTER 15 DiffServ Commands Use these commands to configure Differentiated Services (DiffServ) on the Switch. 15.1 Command Summary The following section lists the commands for this feature. Table 46 diffserv Command Summary COMMAND DESCRIPTION M P show diffserv Displays general DiffServ settings. E 3 diffserv Enables DiffServ on the Switch. C 13 no diffserv Disables DiffServ on the Switch. C 13 diffserv dscp <0-63> priority <0-7> Sets the DSCP-to-IEEE 802.1q mappings.
Chapter 15 DiffServ Commands 80 Ethernet Switch CLI Reference Guide
CHAPTER 16 DVMRP Commands This chapter explains how to use commands to activate the Distance Vector Multicast Routing Protocol (DVMRP) on the Switch. 16.1 DVMRP Overview DVMRP (Distance Vector Multicast Routing Protocol) is a protocol used for routing multicast data. DVMRP is used when a router receives multicast traffic and it wants to find out if other multicast routers it is connected to need to receive the data. DVMRP sends the data to all attached routers and waits for a reply.
Chapter 16 DVMRP Commands Table 47 Command Summary: DVMRP (continued) COMMAND DESCRIPTION M P ip dvmrp Activates this routing domain in participating in DVMRP. C 13 no ip dvmrp Disables this routing domain from participating in DVMRP. C 13 16.3 Command Examples In this example, the Switch is configured to exchange DVMRP information with other DVMRP enabled routers as shown next. The Switch is a DVMRP router (C). DVMRP is activated on IP routing domains 10.10.10.1/24 and 172.16.1.
CHAPTER 17 Ethernet OAM Commands Use these commands to use the link monitoring protocol IEEE 802.3ah Link Layer Ethernet OAM (Operations, Administration and Maintenance). 17.1 IEEE 802.3ah Link Layer Ethernet OAM Implementation Link layer Ethernet OAM (Operations, Administration and Maintenance) as described in IEEE 802.3ah is a link monitoring protocol. It utilizes OAM Protocol Data Units or OAM PDU’s to transmit link status information between directly connected Ethernet devices.
Chapter 17 Ethernet OAM Commands Table 48 ethernet oam Command Summary (continued) COMMAND DESCRIPTION M P ethernet oam remote-loopback test [ []] Performs a remote-loopback test from the specified port. You can also define the allowable packet number and packet size of the loopback test frames. E 13 interface port-channel Enters config-interface mode for the specified port(s). C 13 ethernet oam Enables Ethernet OAM on the port(s).
Chapter 17 Ethernet OAM Commands This example performs Ethernet OAM discovery from port 7. sysname# show ethernet oam discovery 7 Port 7 Local client -----------OAM configurations: Mode : Active Unidirectional : Not supported Remote loopback : Not supported Link events : Not supported Variable retrieval: Not supported Max. OAMPDU size : 1518 Operational status: Link status Info.
Chapter 17 Ethernet OAM Commands Table 49 show ethernet oam discovery (continued) LABEL DESCRIPTION Info. revision This field displays the current version of local state and configuration. This two-octet value starts at zero and increments every time the local state or configuration changes. Parser state This field indicates the current state of the parser. Forward: The packet is forwarding packets normally. Loopback: The Switch is in loopback mode.
Chapter 17 Ethernet OAM Commands The following table describes the labels in this screen. Table 50 show ethernet oam statistics LABEL DESCRIPTION Information OAMPDU Tx This field displays the number of OAM PDUs sent on the port. Information OAMPDU Rx This field displays the number of OAM PDUs received on the port. Event Notification OAMPDU Tx This field displays the number of unique or duplicate OAM event notification PDUs sent on the port.
Chapter 17 Ethernet OAM Commands Table 51 show ethernet oam summary (continued) 88 LABEL DESCRIPTION OUI This field displays the OUI (first three bytes of the MAC address) of the remote device. Mode This field displays the operational state of the remote device. Config This field displays the capabilities of the Switch and remote device. THe capabilities are identified in the OAM Config section.
CHAPTER 18 GARP Commands Use these commands to configure GARP. 18.1 GARP Overview Switches join VLANs by making a declaration. A declaration is made by issuing a Join message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all registrations. GARP timers set declaration timeout values. 18.2 Command Summary The following section lists the commands for this feature.
Chapter 18 GARP Commands 18.3 Command Examples In this example, the administrator looks at the Switch’s GARP timer settings and decides to change them. The administrator sets the Join Timer to 300 milliseconds, the Leave Timer to 800 milliseconds, and the Leave All Timer to 11000 milliseconds.
CHAPTER 19 GVRP Commands Use these commands to configure GVRP. 19.1 Command Summary The following section lists the commands for this feature. Table 53 gvrp Command Summary COMMAND DESCRIPTION M P show vlan1q gvrp Displays GVRP settings. E 13 vlan1q gvrp Enables GVRP. C 13 no vlan1q gvrp Disables GVRP on the Switch. C 13 interface port-channel Enters config-interface mode for the specified port(s).
Chapter 19 GVRP Commands 92 Ethernet Switch CLI Reference Guide
P ART III Reference H-M HTTPS Server Commands (95) IEEE 802.
CHAPTER 20 HTTPS Server Commands Use these commands to configure the HTTPS server on the Switch. 20.1 Command Summary The following section lists the commands for this feature. Table 54 https Command Summary COMMAND DESCRIPTION M P show https Displays the HTTPS settings, statistics, and sessions. E 3 show https certificate Displays the HTTPS certificates. E 3 show https key Displays the HTTPS key. E 3 show https session Displays current HTTPS session(s).
Chapter 20 HTTPS Server Commands 20.2 Command Examples This example shows the current HTTPS settings, statistics, and sessions.
Chapter 20 HTTPS Server Commands Table 55 show https (continued) LABEL DESCRIPTION Connects that finished This field displays the number of HTTPS connections that have finished. Renegotiate requested This field displays the number of times the Switch requested clients to renegotiate the SSL connection parameters. Session cache items This field displays the current number of items in cache. Session cache hits This field displays the number of times the Switch used cache to satisfy a request.
Chapter 20 HTTPS Server Commands Table 56 show https session (continued) 98 LABEL DESCRIPTION Key-Arg This field displays the key argument that is used in SSLv2. Start Time This field displays the start time (in seconds, represented as an integer in standard UNIX format) of the session. Timeout This field displays the timeout for the session. If the session is idle longer than this, the Switch automatically disconnects.
CHAPTER 21 IEEE 802.1x Authentication Commands Use these commands to configure IEEE 802.1x authentication. " Do not forget to configure the authentication server. 21.1 Command Summary The following section lists the commands for this feature. Table 57 port-access-authenticator Command Summary COMMAND DESCRIPTION M P show port-access-authenticator Displays all port authentication settings.
Chapter 21 IEEE 802.1x Authentication Commands 1 Specifies RADIUS server 1 with IP address 10.10.10.1, port 1890 and the string secretKey as the password. 2 Specifies the timeout period of 30 seconds that the Switch will wait for a response from the RADIUS server. 3 Enables port authentication on the Switch. 4 Enables port authentication on ports 4 to 8. 5 Activates reauthentication on ports 4-8. 6 Specifies 1800 seconds as the interval for client reauthentication on ports 4-8.
CHAPTER 22 IGMP and Multicasting Commands This chapter explains how to use commands to configure the Internet Group Membership Protocol (IGMP) on the Switch. It also covers configuring the ports to remove the VLAN tag from outgoing multicast packets on the Switch. 22.1 IGMP Overview The Switch supports IGMP version 1 (IGMP-v1), version 2 (IGMP-v2) and IGMP version 3 (IGMP-v3). Refer to RFC 1112, RFC 2236 and RFC 3376 for information on IGMP versions 1, 2 and 3 respectively.
Chapter 22 IGMP and Multicasting Commands Table 58 IGMP Command Summary (continued) COMMAND DESCRIPTION M P ip igmp robustness-variable <2-255> Sets the IGMP robustness variable on the Switch. This variable specifies how susceptible the subnet is to lost packets. C 13 ip igmp query-interval Sets the igmp query interval on the Switch. This variable specifies the amount of time in seconds between general query messages sent by the router.
Chapter 22 IGMP and Multicasting Commands • Configures the IP interface 172.16.1.1 with subnet mask 255.255.255.0 to route IGMP version 3 packets. sysname(config)# router igmp sysname(config-igmp)# non-querier sysname(config-igmp)# unknown-multicast-frame flooding sysname(config-igmp)# exit sysname(config)# interface route-domain 172.16.1.
Chapter 22 IGMP and Multicasting Commands 104 Ethernet Switch CLI Reference Guide
CHAPTER 23 IGMP Snooping Commands Use these commands to configure IGMP snooping on the Switch. 23.1 Command Summary The following section lists the commands for this feature. Table 60 igmp-flush Command Summary COMMAND DESCRIPTION M P igmp-flush Removes all multicast group information. E 13 Table 61 igmp-snooping Command Summary COMMAND DESCRIPTION M P show igmp-snooping Displays global IGMP snooping settings.
Chapter 23 IGMP Snooping Commands Table 61 igmp-snooping Command Summary (continued) COMMAND DESCRIPTION M P igmp-snooping reserved-multicastframe Sets how to treat traffic with a reserved multicast address. Reserved multicast addresses are in the range 224.0.0.0 to 224.0.0.255. C 13 igmp-snooping unknown-multicastframe Sets how to treat traffic from unknown multicast groups. C 13 show igmp-snooping filtering profile Displays IGMP filtering profile settings.
Chapter 23 IGMP Snooping Commands Table 62 igmp-snooping vlan Command Summary COMMAND DESCRIPTION M P show igmp-snooping vlan Displays the VLANs on which IGMP snooping is enabled. E 3 igmp-snooping vlan mode Specifies how the VLANs on which the Switch snoops IGMP packets are selected. auto: The Switch learns multicast group membership on any VLAN. See the User’s Guide for the maximum number of VLANs the switch supports for IGMP snooping.
Chapter 23 IGMP Snooping Commands Table 63 interface igmp Command Summary (continued) COMMAND 108 DESCRIPTION M P igmp-snooping group-limited Enables the group limiting feature for IGMP snooping. You must enable IGMP snooping as well. C 13 igmp-snooping group-limited action Sets how the Switch deals with the IGMP reports when the maximum number of the IGMP groups a port can join is reached.
Chapter 23 IGMP Snooping Commands Table 63 interface igmp Command Summary (continued) COMMAND DESCRIPTION M P no igmp-immediate-leave Disables the immediate leave function for IGMP snooping. C 13 igmp-querier-mode Specifies whether or not and under what conditions the port(s) is (are) IGMP query port(s). The Switch forwards IGMP join or leave packets to an IGMP query port, treating the port as being connected to an IGMP multicast router (or server).
Chapter 23 IGMP Snooping Commands The following table describes the labels in this screen. Table 64 show multicast LABEL DESCRIPTION Index This field displays an entry number for the VLAN. VID This field displays the multicast VLAN ID. Port This field displays the port number that belongs to the multicast group. Multicast Group This field displays the IP multicast group addresses. Timeout This field displays how long the port will belong to the multicast group.
CHAPTER 24 IGMP Filtering Commands Use these commands to configure IGMP filters and IGMP filtering on the Switch. 24.1 Command Summary The following section lists the commands for this feature. Table 65 igmp-filtering Command Summary COMMAND DESCRIPTION M P show igmp-filtering profile Displays IGMP filtering profile settings. E 3 igmp-filtering Enables IGMP filtering on the Switch. Ports can only join multicast groups specified in their IGMP filtering profile.
Chapter 24 IGMP Filtering Commands 24.2 Command Examples This example restricts ports 1-4 to multicast IP addresses 224.255.255.0 through 225.255.255.255. sysname# configure sysname(config)# igmp-filtering sysname(config)# igmp-filtering profile example1 start-address --> 224.255.255.0 end-address 225.255.255.
CHAPTER 25 Interface Commands Use these commands to configure basic port settings. 25.1 Command Summary The following section lists the commands for this feature. Table 66 interface Command Summary COMMAND DESCRIPTION M P clear interface Clears all statistics for the specified port. E 13 show interfaces Displays the current interface status for the specified port(s). E 3 no interface Resets the port counters for the specified port(s).
Chapter 25 Interface Commands Table 66 interface Command Summary (continued) COMMAND DESCRIPTION M P intrusion-lock Enables intrusion lock on the port(s) and a port cannot be connected again after you disconnected the cable. C 13 no intrusion-lock Disables intrusion-lock on a port so that a port can be connected again after you disconnected the cable. C 13 25.2 Command Examples This example looks at the current status of port 1. sysname# show interfaces 1 Port Info Port NO.
Chapter 25 Interface Commands Table 67 show interfaces (continued) LABEL DESCRIPTION Link This field displays the speed (either 10M for 10 Mbps, 100M for 100 Mbps or 1000M for 1000 Mbps) and the duplex (F for full duplex or H for half duplex). It also shows the cable type (Copper or Fiber). This field displays Down if the port is not connected to any device. Status If STP (Spanning Tree Protocol) is enabled, this field displays the STP state of the port.
Chapter 25 Interface Commands Table 67 show interfaces (continued) LABEL DESCRIPTION Distribution 64 This field shows the number of packets (including bad packets) received that were 64 octets in length. 65-127 This field shows the number of packets (including bad packets) received that were between 65 and 127 octets in length. 128-255 This field shows the number of packets (including bad packets) received that were between 128 and 255 octets in length.
CHAPTER 26 Interface Route-domain Mode In order to configure layer 3 routing features on the Switch, you must enter the interface routing domain mode in the CLI. 26.1 Command Summary The following section lists the commands for this feature. Table 68 Interface Route Domain Command Summary: COMMAND DESCRIPTION M P interface route-domain / Enters the configuration mode for this routing domain. The mask-bits are defined as the number of bits in the subnet mask.
Chapter 26 Interface Route-domain Mode 118 Ethernet Switch CLI Reference Guide
CHAPTER 27 IP Commands Use these commands to configure the management port IP address, default domain name server and to look at IP domains. " See Chapter 59 on page 209 for static route commands. " See Chapter 28 on page 123 for IP source binding commands. 27.1 Command Summary The following section lists the commands for this feature. Table 69 ip Command Summary COMMAND DESCRIPTION M P show ip Displays current IP interfaces.
Chapter 27 IP Commands Table 70 tcp and udp Command Summary (continued) COMMAND DESCRIPTION M P show ip udp Displays IP UDP information. E 3 kick tcp Disconnects the specified TCP session. session id: Display the session id by running the show ip tcp command. See Section 27.2 on page 120 for an example. E 13 27.2 Command Examples This example shows the TCP statistics and listener ports. See RFC 1213 for more information.
Chapter 27 IP Commands Table 71 show ip tcp (continued) LABEL DESCRIPTION tcpMaxConn This field displays the maximum number of TCP connections the Switch can support. If the maximum number is dynamic, this field displays -1. tcpActiveOpens This field displays the number of times TCP connections have made a direct transition to the SYN-SENT state from the CLOSED state.
Chapter 27 IP Commands Table 71 show ip tcp (continued) LABEL DESCRIPTION Remote socket This field displays the remote IP address and port number in this TCP connection. State This field displays the state of this TCP connection. The only value which may be set by a management station is deleteTCB(12). Accordingly, it is appropriate for an agent to return a `badValue' response if a management station attempts to set this object to any other value.
CHAPTER 28 IP Source Binding Commands Use these commands to manage the bindings table for IP source guard. 28.1 Command Summary The following section lists the commands for this feature. Table 73 ip source binding Command Summary COMMAND DESCRIPTION M P show ip source binding [] [...] Displays the bindings configured on the Switch, optionally based on the specified parameters. E 3 show ip source binding help Provides more information about the specified command.
Chapter 28 IP Source Binding Commands Table 74 show ip source binding (continued) 124 LABEL DESCRIPTION Type This field displays how the switch learned the binding. static: This binding was learned from information provided manually by an administrator. VLAN This field displays the source VLAN ID in the binding. Port This field displays the port number in the binding. If this field is blank, the binding applies to all ports.
CHAPTER 29 Layer 2 Protocol Tunnel (L2PT) Commands 29.1 Command Summary The following section lists the commands for this feature. Table 75 l2pt Command Summary COMMAND DESCRIPTION M P clear l2protocol-tunnel Removes all layer 2 protocol tunneling counters. E 13 interface port-channel Enters config-interface mode for configuring the specified port(s).
Chapter 29 Layer 2 Protocol Tunnel (L2PT) Commands Table 75 l2pt Command Summary (continued) COMMAND DESCRIPTION M P l2protocol-tunnel point-topoint Enables point-to-point layer 2 protocol tunneling for LACP (Link Aggregation Control Protocol), PAgP (Port Aggregation Protocol) and UDLD (UniDirectional Link Detection) packets on the specified port(s). C 13 l2protocol-tunnel point-topoint lacp Enables point-to-point layer 2 protocol tunneling for LACP packets on the specified port(s).
Chapter 29 Layer 2 Protocol Tunnel (L2PT) Commands 29.2 Command Examples This example enables L2PT on the Switch and sets the destination MAC address for encapsulating layer 2 protocol packets received on an access port. sysname# configure sysname(config)# l2protocol-tunnel sysname(config)# l2protocol-tunnel mac 00:10:23:45:67:8e sysname(config)# This example enables L2PT for STP, CDP and VTP packets on port 3. It also sets L2PT mode to access for this port.
Chapter 29 Layer 2 Protocol Tunnel (L2PT) Commands 128 Ethernet Switch CLI Reference Guide
CHAPTER 30 Link Layer Discovery Protocol (LLDP) Commands 30.1 LLDP Overview The LLDP (Link Layer Discovery Protocol) is a layer 2 protocol. It allows a network device to advertise its identity and capabilities on the local network. It also allows the device to maintain and store information from adjacent devices which are directly connected to the network device. This helps an administrator discover network changes and perform necessary network reconfiguration and management.
Chapter 30 Link Layer Discovery Protocol (LLDP) Commands 30.2 Command Summary The following section lists the commands for this feature. Table 76 lldp Command Summary COMMAND DESCRIPTION M P interface port-channel Enters config-interface mode for configuring the specified port(s). C 13 lldp admin-status Sets LLDP operating mode. tx-only: the port(s) can only send LLDP packets. rx-only: the port(s) can only receive LLDP packets.
Chapter 30 Link Layer Discovery Protocol (LLDP) Commands Table 76 lldp Command Summary (continued) COMMAND DESCRIPTION M P no lldp basic-tlv system-name Disables the sending of System Name TLVs on the port(s). C 13 no lldp notification Disables the sending of LLDP traps. C 13 no lldp org-specific-tlv dot1 port-protocol-vlan-id Disables the sending of IEEE 802.1 Port and Protocol VLAN ID TLVs on the port(s). C 13 no lldp org-specific-tlv dot1 port-vlan-id Disables the sending of IEEE 802.
Chapter 30 Link Layer Discovery Protocol (LLDP) Commands Table 76 lldp Command Summary (continued) COMMAND DESCRIPTION M P show lldp statistic Displays LLDP statistics on the Switch. E 13 show lldp statistic interface portchannel Displays LLDP statistics of the specified port(s). E 13 clear lldp statistic Resets the LLDP statistics counters to zero. E 13 clear lldp remote_info Deletes all device information from the neighboring devices.
CHAPTER 31 Logging Commands Use these commands to manage system logs. 31.1 Command Summary The following section lists the commands for this feature. Table 77 logging Command Summary COMMAND DESCRIPTION M P show logging Displays system logs. E 3 no logging Clears system logs. E 13 31.2 Command Examples This example displays the system logs.
Chapter 31 Logging Commands 134 Ethernet Switch CLI Reference Guide
CHAPTER 32 Login Account Commands Use these commands to configure login accounts on the Switch. 32.1 Command Summary The following section lists the commands for this feature. Table 78 logins Command Summary COMMAND DESCRIPTION M P show logins Displays login account information. E 3 logins username password Creates account with the specified user name and sets the password.
Chapter 32 Login Account Commands 136 Ethernet Switch CLI Reference Guide
CHAPTER 33 Loopguard Commands Use these commands to configure the Switch to guard against loops on the edge of your network. The Switch shuts down a port if the Switch detects that packets sent out on the port loop back to the Switch. 33.1 Command Summary The following section lists the commands for this feature. Table 79 loopguard Command Summary COMMAND DESCRIPTION M P show loopguard Displays which ports have loopguard enabled as well as their status.
Chapter 33 Loopguard Commands 33.2 Command Examples This example enables loopguard on ports 1-3.
CHAPTER 34 MAC Address Commands Use these commands to look at the MAC address table and to configure MAC address learning. The Switch uses the MAC address table to determine how to forward frames. 34.1 Command Summary The following section lists the commands for this feature. Table 81 mac, mac-aging-time, and mac-flush Command Summary COMMAND DESCRIPTION M P show mac-aging-time Displays MAC learning aging time. E 3 mac-aging-time <10-3000> Sets learned MAC aging time in seconds.
Chapter 34 MAC Address Commands Table 81 mac, mac-aging-time, and mac-flush Command Summary (continued) COMMAND DESCRIPTION M P mac-transfer dynamic-to-forward interface port-channel Displays and changes all MAC addresses dynamically learned on the specified port(s) into static MAC addresses. E 13 mac-transfer dynamic-to-forward vlan Displays and changes all dynamically learned MAC addresses in the specified VLAN(s) into static MAC addresses. E 13 34.
CHAPTER 35 MAC Authentication Commands Use these commands to configure MAC authentication on the Switch. 35.1 MAC Authentication Overview MAC authentication allows you to validate access to a port based on the MAC address and password of the client. " You also need to configure a RADIUS server (see Chapter 51 on page 189). See also Chapter 21 on page 99 for IEEE 802.1x port authentication commands and Chapter 47 on page 179 for port security commands. 35.
Chapter 35 MAC Authentication Commands Table 83 mac-authentication Command Summary (continued) COMMAND DESCRIPTION M P no mac-authentication timeout Sets the MAC address entries learned via MAC authentication to never age out. C 13 interface port-channel Enables a port or a list of ports for configuration. C 13 mac-authentication Enables MAC authentication via a RADIUS server on the port(s).
CHAPTER 36 MAC Filter Commands Use these commands to filter traffic going through the Switch based on the MAC addresses and VLAN group (ID). " " Use the running configuration commands to look at the current MAC filter settings. See Chapter 54 on page 195. MAC filtering implementation differs across Switch models. • Some models allow you to specify a filter rule and discard all packets with the specified MAC address (source or destination) and VID.
Chapter 36 MAC Filter Commands 36.2 Command Example This example creates a MAC filter called “filter1” that drops packets coming from or going to the MAC address 00:12:00:12:00:12 on VLAN 1. sysname(config)# mac-filter name filter1 mac 00:12:00:12:00:12 vlan 1 36.3 Command Example: Filter Source The next example is for Switches that support the filtering of frames based on the source or destination MAC address only.
CHAPTER 37 MAC Forward Commands Use these commands to configure static MAC address forwarding. " Use the mac commands to look at the current mac-forward settings. See Chapter 34 on page 139. 37.1 Command Summary The following table describes user-input values available in multiple commands for this feature. Table 85 mac-forward User-input Values COMMAND DESCRIPTION name 1-32 alphanumeric characters The following section lists the commands for this feature.
Chapter 37 MAC Forward Commands 146 Ethernet Switch CLI Reference Guide
CHAPTER 38 Mirror Commands Use these commands to copy a traffic flow for one or more ports to a monitor port (the port you copy the traffic to) so that you can examine the traffic on the monitor port without interference. " " Use the running configuration commands to look at the current mirror settings. See Chapter 54 on page 195. mirror-filter commands are not supported on all Switch models. 38.1 Command Summary The following section lists the commands for this feature.
Chapter 38 Mirror Commands Table 87 mirror Command Summary (continued) COMMAND DESCRIPTION M P mirror dir Enables port mirroring for incoming (ingress), outgoing (egress) or both incoming and outgoing (both) traffic. C 13 no mirror Disables port mirroring on the port(s).
Chapter 38 Mirror Commands This example displays the mirror settings of the Switch after you configured in the example above.
Chapter 38 Mirror Commands 150 Ethernet Switch CLI Reference Guide
CHAPTER 39 MRSTP Commands Use these commands to configure MRSTP on the Switch. 39.1 MRSTP Overview The Switch allows you to configure multiple instances of Rapid Spanning Tree Protocol (RSTP) as defined in the following standard. • IEEE 802.1w Rapid Spanning Tree Protocol See Chapter 56 on page 201 for information on RSTP commands and Chapter 40 on page 153 for information on MSTP commands. 39.2 Command Summary The following section lists the commands for this feature.
Chapter 39 MRSTP Commands Table 89 Command Summary: mrstp COMMAND DESCRIPTION M P mrstp interface priority <0-255> Sets the priority value to the specified ports for RSTP. C 13 mrstp interface tree-index Assigns the specified port list to a specific RSTP configuration. C 13 no mrstp Disables the specified RSTP configuration. C 13 no mrstp interface Disables the STP assignment from the specified port(s). C 13 39.
CHAPTER 40 MSTP Commands Use these commands to configure Multiple Spanning Tree Protocol (MSTP) as defined in IEEE 802.1s. 40.1 Command Summary The following section lists the commands for this feature. Table 90 mstp Command Summary COMMAND DESCRIPTION M P show mstp Displays MSTP configuration for the Switch. E 3 spanning-tree mode Specifies the STP mode you want to implement on the Switch. C 13 mstp Activates MSTP on the Switch.
Chapter 40 MSTP Commands Table 91 mstp instance Command Summary (continued) COMMAND DESCRIPTION no mstp instance vlan <1-4094> Disables the assignment of specific VLANs from an MST instance. M P C 13 mstp instance interface portchannel Specifies the ports you want to participate in this MST instance. C 13 no mstp instance interface port-channel Disables the assignment of specific ports from an MST instance.
Chapter 40 MSTP Commands Table 92 show mstp (continued) LABEL DESCRIPTION TransmissionLimit This field displays the maximum number of BPDUs that can be transmitted in the interval specified by BridgeHelloTime. ForceVersion This field indicates whether BPDUs are RSTP (a value less than 3) or MSTP (a value greater than or equal to 3). MST Configuration ID Format Selector This field displays zero, which indicates the use of the fields below.
Chapter 40 MSTP Commands Table 93 show mstp instance (continued) LABEL DESCRIPTION TopoChange This field indicates whether or not the current topology is stable. 0: The current topology is stable. 1: The current topology is changing. DesignatedRoot This field displays the unique identifier for the root bridge, consisting of bridge priority plus MAC address. RootPathCost This field displays the path cost from the root port on this Switch to the root switch.
CHAPTER 41 Multiple Login Commands Use these commands to configure multiple administrator logins on the Switch. 41.1 Command Summary The following section lists the commands for this feature. Table 94 multi-login Command Summary COMMAND DESCRIPTION M P show multi-login Displays multi-login information. E 3 multi-login Enables multi-login. C 14 no multi-login Disables another administrator from logging into Telnet or SSH. C 14 41.
Chapter 41 Multiple Login Commands 158 Ethernet Switch CLI Reference Guide
CHAPTER 42 MVR Commands Use these commands to configure Multicast VLAN Registration (MVR). 42.1 Command Summary The following section lists the commands for this feature. Table 96 mvr Command Summary COMMAND DESCRIPTION M P show mvr Shows the MVR status. E 3 show mvr Shows the detailed MVR status and MVR group configuration for a VLAN. E 3 mvr Enters config-mvr mode for the specified MVR (multicast VLAN registration). Creates the MVR, if necessary.
Chapter 42 MVR Commands 42.2 Command Examples This example configures MVR in the following ways: 1 Enters MVR mode. This creates a multicast VLAN with the name multivlan and the VLAN ID of 3. 2 Specifies source ports 2, 3, 5 for the multicast group. 3 Specifies receiver ports 6-8 for the multicast group. 4 Specifies dynamic mode for the multicast group. 5 Configures MVR multicast group addresses 224.0.0.1 through 224.0.0.255 by the name of ipgroup. 6 Exits MVR mode.
P ART IV Reference N-S OSPF Commands (163) Password Commands (169) PoE Commands (171) Policy Commands (175) Port Security Commands (179) Port-based VLAN Commands (181) Protocol-based VLAN Commands (183) Queuing Commands (185) RADIUS Commands (189) Remote Management Commands (191) RIP Commands (193) Running Configuration Commands (195) SNMP Server Commands (197) STP and RSTP Commands (201) SSH Commands (205) Static Multicast Commands (207) Static Route Commands (209) Subnet-based VLAN Commands (213) Syslog C
CHAPTER 43 OSPF Commands This chapter explains how to use commands to configure the Open Shortest Path First (OSPF) routing protocol on the Switch. 43.1 OSPF Overview OSPF (Open Shortest Path First) is a link-state protocol designed to distribute routing information within an autonomous system (AS). An autonomous system is a collection of networks using a common routing protocol to exchange routing information. 43.2 Command Summary The following section lists the commands for this feature.
Chapter 43 OSPF Commands Table 97 OSPF Command Summary (continued) COMMAND DESCRIPTION M P no ip ospf authentication-same-aa Sets the routing domain not to use the same OSPF authentication settings as the area. C 13 no ip ospf authentication-same-as-area Sets the routing domain not to use the same OSPF authentication settings as the area. C 13 ip ospf cost <1-65535> Sets the OSPF cost in this routing domain.
Chapter 43 OSPF Commands Table 97 OSPF Command Summary (continued) COMMAND DESCRIPTION M P area virtual-link authentication-same-as-area Sets the virtual link to use the same authentication method as the area. C 13 no area virtual-link authentication-same-as-area Resets the authentication settings on this virtual area.
Chapter 43 OSPF Commands Table 97 OSPF Command Summary (continued) COMMAND show router ospf summary-address no router ospf DESCRIPTION M P Displays all summary addresses on the Switch. E 3 Disables OSPF on the Switch. C 13 43.3 Command Examples In this example, the Switch (A) is an Area Border Router (ABR) in an OSPF network. Figure 7 OSPF Network Example Area 1 Area 0 Backbone A IP: 172.16.1.1 This example enables OSPF on the Switch, sets the router ID to 172.16.1.
Chapter 43 OSPF Commands This example configures an OSPF interface for the 172.16.1.1/24 network and specifies to use simple authentication with the key 1234abcd. The priority for the Switch is also set to 1, as this router should participate in router elections. sysname(config)# interface route-domain 172.16.1.1/24 sysname(config-if)# ip ospf authentication-key abcd1234 sysname(config-if)# ip ospf priority 1 sysname# show ip ospf interface swif2 is up, line protocol is up Internet Address 172.16.1.
Chapter 43 OSPF Commands This example shows you how to enable the redistribution for RIP protocol and then show all redistribution entries. sysname# config sysname(config)# router ospf 172.16.1.1 sysname(config-ospf)# redistribute rip metric-type 1 metric 123 sysname(config-ospf)# exit sysname(config)# exit sysname# show ip ospf database OSPF Router with ID (172.16.1.1) (Omit not external part °K) AS External Link States Link ID 192.168.8.0 192.168.9.0 192.168.10.0 192.168.11.0 ADV Router 192.168.2.2 192.
CHAPTER 44 Password Commands Use these commands to configure passwords for specific privilege levels on the Switch. 44.1 Command Summary The following section lists the commands for this feature. Table 98 password Command Summary COMMAND DESCRIPTION M P admin-password Changes the administrator password.
Chapter 44 Password Commands 170 Ethernet Switch CLI Reference Guide
CHAPTER 45 PoE Commands Use these commands to configure Power over Ethernet (PoE). These are applicable for PoE models only. 45.1 Command Summary The following section lists the commands for this feature. Table 99 pwr Command Summary COMMAND DESCRIPTION M P show pwr Displays information about port power consumption and Power over Ethernet (PoE). Only available on models with the PoE feature. E 3 show poe-status This command is available for PoE models only.
Chapter 45 PoE Commands 45.2 Command Examples This example enables Power over Ethernet (PoE) on ports 1-4 and enables traps when the power usage reaches 25%. sysname# configure sysname(config)# pwr interface 1-4 sysname(config)# pwr usagethreshold 25 sysname(config)# pwr mibtrap sysname(config)# exit This example shows the current status and configuration of Power over Ethernet. sysname# show pwr Averaged Junction Temperature: 35 (c), 95 (f).
Chapter 45 PoE Commands Table 100 show pwr (continued) LABEL DESCRIPTION Priority When the total power requested by the PDs exceeds the total PoE power budget on the Switch, the Switch uses the PD priority to provide power to ports with higher priority. Consumption (mW) This field displays the amount of power the Switch is currently supplying to the PoE-enabled devices connected to this port.
Chapter 45 PoE Commands 174 Ethernet Switch CLI Reference Guide
CHAPTER 46 Policy Commands Use these commands to configure policies based on the classification of traffic flows. A classifier distinguishes traffic into flows based on the configured criteria. A policy rule defines the treatment of a traffic flow. " Configure classifiers before you configure policies. See Chapter 10 on page 59 for more information on classifiers. 46.1 Command Summary The following section lists the commands for this feature.
Chapter 46 Policy Commands Table 101 policy Command Summary COMMAND DESCRIPTION M P policy classifier <[vlan ][egress-port ][priority <0-7>][dscp <063>][tos <0-7>][bandwidth ][egress-mask ][outgoing-packet-format ][out-ofprofile-dscp <0-63>][forwardaction ][queu e-action ][diffserv-action ][outgoingmirror][outgoingepor
Chapter 46 Policy Commands Table 101 policy Command Summary COMMAND DESCRIPTION M P policy classifier <[vlan ] [egress-port ] [priority <0-7>] [bandwidth ] [forward-action ] [queue-action ] [outgoing-eport] [outgoing-set-vlan] [rate-limit ] [inactive]> Configures a policy with the specified name. name: 32 alphanumeric characters C 13 Specifies which classifiers this policy applies to.
Chapter 46 Policy Commands This example creates a policy (Policy1) for the traffic flow identified via classifier Class1 (see the classifier example in Chapter 10 on page 59). This policy forwards Class1 packets to port 8.
CHAPTER 47 Port Security Commands Use these commands to allow only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. For maximum port security, enable port security, disable MAC address learning and configure static MAC address(es) for a port. " It is not recommended you disable both port security and MAC address learning because this will result in many broadcasts. 47.
Chapter 47 Port Security Commands Table 102 port-security Command Summary (continued) COMMAND DESCRIPTION M P no port-security vlan address-limit Removes the specified VLAN MAC address limit. C 13 port-security vlan address-limit inactive Disables the specified VLAN MAC address limit. C 13 no port-security vlan address-limit inactive Enables the specified VLAN MAC address limit. C 13 47.
CHAPTER 48 Port-based VLAN Commands Use these commands to configure port-based VLAN. " These commands have no effect unless port-based VLAN is enabled. 48.1 Command Summary The following section lists the commands for this feature. Table 103 egress Command Summary COMMAND DESCRIPTION M P show interfaces config egress Displays outgoing port information. E 3 vlan-type <802.1q|port-based> Specifies the VLAN type.
Chapter 48 Port-based VLAN Commands 182 Ethernet Switch CLI Reference Guide
CHAPTER 49 Protocol-based VLAN Commands Use these commands to configure protocol based VLANs on the Switch. 49.1 Protocol-based VLAN Overview Protocol-based VLANs allow you to group traffic based on the Ethernet protocol you specify. This allows you to assign priority to traffic of the same protocol. See also Chapter 60 on page 213 for subnet-based VLAN commands and Chapter 66 on page 229 for VLAN commands. 49.2 Command Summary The following section lists the commands for this feature.
Chapter 49 Protocol-based VLAN Commands Table 104 protocol-based-vlan Command Summary (continued) COMMAND protocol-based-vlan name ethernet-type vlan priority <0-7> DESCRIPTION M P Creates a protocol based VLAN with the specified parameters. name - Use up to 32 alphanumeric characters.
CHAPTER 50 Queuing Commands Use queuing commands to help solve performance degradation when there is network congestion. " Queuing method configuration differs across Switch models. • Some models allow you to select a queuing method on a port-by-port basis. For example, port 1 can use Strictly Priority Queuing and ports 2-8 can use Weighted Round Robin. • Other models allow you to specify one queuing method for all the ports at once. 50.
Chapter 50 Queuing Commands • Weighted Fair Queuing (WFQ)- guarantees each queue's minimum bandwidth based on its bandwidth weight (portion) when there is traffic congestion. WFQ is activated only when a port has more traffic than it can handle. Queues with larger weights get more guaranteed bandwidth than queues with smaller weights. This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues.
Chapter 50 Queuing Commands Table 105 Queuing Command Summary (continued) COMMAND DESCRIPTION M P ge-spq Enables SPQ starting with the specified queue and subsequent higher queues on the Gigabit ports. C 13 hybrid-spq lowest-queue Enables SPQ starting with the specified queue and subsequent higher queues on the ports. C 13 hybrid-spq Enables SPQ starting with the specified queue and subsequent higher queues on the ports.
Chapter 50 Queuing Commands 50.4 Command Summary: System-Wide Configuration The following section lists the commands for this feature. Table 106 Queueing Command Summary COMMAND DESCRIPTION M P queue priority <0-7> level <0-7> Sets the IEEE 802.1p priority level-to-physical queue mapping. priority <0-7>: IEEE 802.1p defines up to eight separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service.
CHAPTER 51 RADIUS Commands Use these commands to configure external RADIUS (Remote Authentication Dial-In User Service) servers. 51.1 Command Summary The following section lists the commands for this feature. Table 107 radius-server Command Summary COMMAND DESCRIPTION M P show radius-server Displays RADIUS server settings. E 3 radius-server mode Specifies how the Switch decides which RADIUS server to select if you configure multiple servers.
Chapter 51 RADIUS Commands Table 108 radius-accounting Command Summary (continued) COMMAND DESCRIPTION M P radius-accounting host [acct-port ] [key ] Specifies the IP address of the RADIUS accounting server. Optionally, sets the port number and key of the external RADIUS accounting server. index: 1 or 2. key-string: 1-32 alphanumeric characters. C 13 no radius-accounting Resets the specified RADIUS accounting server to its default values. C 13 51.
CHAPTER 52 Remote Management Commands Use these commands to specify a group of one or more “trusted computers” from which an administrator may use one or more services to manage the Switch and to decide what services you may use to access the Switch. 52.1 Command Summary The following table describes user-input values available in multiple commands for this feature. Table 109 remote-management User-input Values COMMAND DESCRIPTION index 1-4 The following section lists the commands for this feature.
Chapter 52 Remote Management Commands Table 111 service-control Command Summary (continued) COMMAND DESCRIPTION M P service-control http Allows HTTP access on the specified service port and defines the timeout period (in minutes). timeout: 1-255 C 13 no service-control http Disables HTTPS access to the Switch. C 13 service-control https Allows HTTPS access on the specified service port.
CHAPTER 53 RIP Commands This chapter explains how to use commands to configure the Routing Information Protocol (RIP) on the Switch. 53.1 RIP Overview RIP is a protocol used for exchanging routing information between routers on a network. Information is exchanged by routers periodically advertising a routing table.
Chapter 53 RIP Commands • Sets the RIP direction in this routing domain to Both and the version to 2 with subnet broadcasting (v2b); the Switch will send and receive RIP packets in this routing domain. sysname(config)# router rip sysname(config-rip)# exit sysname(config)# interface route-domain 172.16.1.
CHAPTER 54 Running Configuration Commands Use these commands to back up and restore configuration and firmware. 54.1 Switch Configuration File When you configure the Switch using either the CLI (Command Line Interface) or web configurator, the settings are saved as a series of commands in a configuration file on the Switch called running-config. You can perform the following with a configuration file: • Back up Switch configuration once the Switch is set up to work in your network.
Chapter 54 Running Configuration Commands The following section lists the commands for this feature. Table 114 running-config Command Summary COMMAND DESCRIPTION M P show running-config [interface port-channel [ [<...>]]] Displays the current configuration file. This file contains the commands that change the Switch's configuration from the default settings to the current configuration. Optionally, displays current configuration on a port-by-port basis.
CHAPTER 55 SNMP Server Commands Use these commands to configure SNMP on the Switch. 55.1 Command Summary The following table describes user-input values available in multiple commands for this feature. Table 115 snmp-server User-input Values COMMAND DESCRIPTION property 1-32 alphanumeric characters options aaa: authentication, accounting. interface: linkup, linkdown, autonegotiation. ip: ping, traceroute. switch: stp, mactable, rmon.
Chapter 55 SNMP Server Commands Table 116 snmp-server Command Summary (continued) COMMAND DESCRIPTION M P snmp-server trap-community Sets the trap community. Only for SNMPv2c or lower. C 13 snmp-server trap-destination [udp-port ] [version ] [username ] Sets the IP addresses of up to four SNMP managers (stations to send your SNMP traps to). You can configure up to four managers.
Chapter 55 SNMP Server Commands Table 117 snmp-server trap-destination enable traps Command Summary (continued) COMMAND DESCRIPTION M P no snmp-server trap-destination enable traps interface Prevents the Switch from sending the specified interface traps to the specified manager. C 13 snmp-server trap-destination enable traps ip Sends all IP traps to the specified manager.
Chapter 55 SNMP Server Commands 200 Ethernet Switch CLI Reference Guide
CHAPTER 56 STP and RSTP Commands Use these commands to configure Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) as defined in the following standards. • IEEE 802.1D Spanning Tree Protocol • IEEE 802.1w Rapid Spanning Tree Protocol See Chapter 39 on page 151 and Chapter 40 on page 153 for more information on MRSTP and MSTP commands respectively. See also Chapter 33 on page 137 for information on loopguard commands. 56.
Chapter 56 STP and RSTP Commands Table 118 spanning-tree Command Summary (continued) COMMAND DESCRIPTION M P spanning-tree priority <0-255> Sets the priority for the specified ports. Priority decides which port should be disabled when more than one port forms a loop in a Switch. Ports with a higher priority numeric value are disabled first. C 13 spanning-tree help Provides more information about the specified command. C 13 56.
Chapter 56 STP and RSTP Commands The following table describes the labels in this screen. Table 119 show spanning-tree config LABEL DESCRIPTION BridgeID This field displays the unique identifier for this bridge, consisting of bridge priority plus MAC address. TimeSinceTopoChange This field displays the time since the spanning tree was last reconfigured. TopoChangeCount This field displays the number of times the spanning tree has been reconfigured.
Chapter 56 STP and RSTP Commands 204 Ethernet Switch CLI Reference Guide
CHAPTER 57 SSH Commands Use these commands to configure SSH on the Switch. 57.1 Command Summary The following section lists the commands for this feature. Table 120 ssh Command Summary COMMAND DESCRIPTION M P show ssh Displays general SSH settings. E 3 show ssh session Displays current SSH session(s). E 3 show ssh known-hosts Displays known SSH hosts information.
Chapter 57 SSH Commands This example shows the general SSH settings. sysname# show ssh Configuration Version : SSH-1 & SSH-2 (server & client), SFTP (server) Server : Enabled Port : 22 Host key bits : 1024 Server key bits : 768 Support authentication: Password Support ciphers : AES, 3DES, RC4, Blowfish, CAST Support MACs : MD5, SHA1 Compression levels : 1~9 Sessions: Proto Serv Remote IP Bytes Out Port Local IP Port Bytes In The following table describes the labels in this screen.
CHAPTER 58 Static Multicast Commands Use these commands to tell the Switch how to forward specific multicast frames to specific port(s). You can also configure which to do with unknown multicast frames using the router igmp unknown-multicast-frame command (see Table 58 on page 101). 58.1 Command Summary The following section lists the commands for this feature. Table 122 ip route Command Summary COMMAND DESCRIPTION show mac address-table multicast Displays the multicast MAC address table.
Chapter 58 Static Multicast Commands 58.2 Command Examples This example shows the current multicast table. The Type field displays User for rules that were manually added through static multicast forwarding or displays System for rules the Switch has automatically learned through IGMP snooping.
CHAPTER 59 Static Route Commands Use these commands to tell the Switch how to forward IP traffic. IP static routes are used by layer-2 Switches to ensure they can respond to management stations not reachable via the default gateway and to proactively send traffic, for example when sending SNMP traps or conducting IP connectivity tests using ping. Layer-3 Switches use static routes to forward traffic via gateways other than those defined as the default gateway. 59.
Chapter 59 Static Route Commands 59.2 Command Examples This example shows the current routing table. sysname# show ip route Dest FF Len Device Gateway Route table in VPS00 172.16.37.0 00 24 127.0.0.0 00 16 0.0.0.0 00 0 172.16.37.206 127.0.0.1 172.16.37.254 swp00 swp00 swp00 Metric stat Timer 1 1 1 041b 0 041b 0 801b 0 Use 1494 0 12411 Original Global Route table The following table describes the labels in this screen.
Chapter 59 Static Route Commands You can create an active static route that routes traffic for 192.168.10.1/24 to 172.16.37.254. sysname# configure sysname(config)# ip route 192.168.10.1 255.255.255.0 172.16.37.254 sysname(config)# exit sysname# show ip route static Idx Active Name Dest. Addr. Subnet Mask Gateway Addr. Metric 01 Y static 192.168.10.1 255.255.255.0 172.16.37.
Chapter 59 Static Route Commands 212 Ethernet Switch CLI Reference Guide
CHAPTER 60 Subnet-based VLAN Commands Use these commands to configure subnet-based VLANs on the Switch. 60.1 Subnet-based VLAN Overview Subnet-based VLANs allow you to group traffic based on the source IP subnet you specify. This allows you to assign priority to traffic from the same IP subnet. See also Chapter 49 on page 183 for protocol-based VLAN commands and Chapter 66 on page 229 for VLAN commands. 60.2 Command Summary The following section lists the commands for this feature.
Chapter 60 Subnet-based VLAN Commands Table 125 subnet-based-vlan Command Summary (continued) COMMAND DESCRIPTION M P no subnet-based-vlan source-ip mask-bits Removes the specified subnet from the subnet-based VLAN configuration. C 13 no subnet-based-vlan dhcp-vlanoverride Disables the DHCP VLAN override setting for subnet-based VLAN(s). C 13 60.
CHAPTER 61 Syslog Commands Use these commands to configure the device’s system logging settings and to configure the external syslog servers. 61.1 Command Summary The following table describes user-input values available in multiple commands for this feature. Table 126 syslog User-input Values COMMAND DESCRIPTION type Possible values: system, interface, switch, aaa, ip. The following section lists the commands for this feature.
Chapter 61 Syslog Commands 216 Ethernet Switch CLI Reference Guide
P ART V Reference T-Z TACACS+ Commands (219) TFTP Commands (221) Trunk Commands (223) trTCM Commands (227) VLAN Commands (229) VLAN IP Commands (235) VLAN Mapping Commands (237) VLAN Port Isolation Commands (239) VLAN Stacking Commands (241) VLAN Trunking Commands (245) VRRP Commands (247) Additional Commands (251) 217
CHAPTER 62 TACACS+ Commands Use these commands to configure external TACACS+ (Terminal Access Controller AccessControl System Plus) servers. 62.1 Command Summary The following section lists the commands for this feature. Table 130 tacacs-server Command Summary COMMAND DESCRIPTION M P show tacacs-server Displays TACACS+ server settings. E 3 tacacs-server timeout <1-1000> Specifies the TACACS+ server timeout value.
Chapter 62 TACACS+ Commands 220 Ethernet Switch CLI Reference Guide
CHAPTER 63 TFTP Commands Use these commands to back up and restore configuration and firmware via TFTP. 63.1 Command Summary The following section lists the commands for this feature. Table 132 tftp Command Summary COMMAND DESCRIPTION M P copy tftp flash [] Restores firmware via TFTP. E 13 copy tftp config Restores configuration with the specified filename from the specified TFTP server to the specified configuration file on the Switch.
Chapter 63 TFTP Commands 222 Ethernet Switch CLI Reference Guide
CHAPTER 64 Trunk Commands Use these commands to logically aggregate physical links to form one logical, higherbandwidth link. The Switch adheres to the IEEE 802.3ad standard for static and dynamic (Link Aggregate Control Protocol, LACP) port trunking. " Different models support different numbers of trunks (T1, T2, ...). This chapter uses a model that supports six trunks (from T1 to T6). 64.1 Command Summary The following section lists the commands for this feature.
Chapter 64 Trunk Commands Table 134 lacp Command Summary COMMAND DESCRIPTION M P show lacp Displays LACP (Link Aggregation Control Protocol) settings. E 3 lacp Enables Link Aggregation Control Protocol (LACP). C 13 no lacp Disables the link aggregation control protocol (dynamic trunking) on the Switch. C 13 lacp system-priority <1-65535> Sets the priority of an active port using LACP. C 13 64.
Chapter 64 Trunk Commands Table 135 show trunk (continued) LABEL DESCRIPTION Member Number This field shows the number of ports in the trunk. Member This field is displayed if there are ports in the trunk. This field displays the member port(s) in the trunk. This example shows the current LACP settings.
Chapter 64 Trunk Commands 226 Ethernet Switch CLI Reference Guide
CHAPTER 65 trTCM Commands This chapter explains how to use commands to configure the Two Rate Three Color Marker (trTCM) feature on the Switch. 65.1 trTCM Overview Two Rate Three Color Marker (trTCM, defined in RFC 2698) is a type of traffic policing that identifies packets by comparing them to two user-defined rates: the Committed Information Rate (CIR) and the Peak Information Rate (PIR).
Chapter 65 trTCM Commands Table 137 trtcm Command Summary (continued) COMMAND DESCRIPTION M P trtcm dscp yellow <0-63> Specifies the DSCP value to use for packets with medium packet loss priority. C 13 trtcm dscp red <0-63> Specifies the DSCP value to use for packets with high packet loss priority. C 13 65.3 Command Examples This example activates trTCM on the Switch with the following settings: • • • • • Sets the Switch to inspect the DSCP value of the packets (color-aware mode).
CHAPTER 66 VLAN Commands Use these commands to configure IEEE 802.1Q VLAN. " See Chapter 67 on page 235 for VLAN IP commands. 66.1 VLAN Overview A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Devices on a logical network belong to one group. A device can belong to more than one group. With VLAN, a device cannot directly talk to or hear from devices that are not in the same group(s); the traffic must first go through a router.
Chapter 66 VLAN Commands " See Chapter 25 on page 113 for interface port-channel commands. 66.3 Command Summary The following section lists the commands for this feature. Table 138 vlan Command Summary COMMAND DESCRIPTION show vlan Displays the status of all VLANs. E 3 show vlan Displays the status of the specified VLAN.
Chapter 66 VLAN Commands • Other models enable or disable VLAN ingress checking on each port individually via the ingress-check command in the config-interface mode. Table 139 vlan1q ingress-check Command Summary COMMAND DESCRIPTION M P show vlan1q ingress-check Displays ingress check settings on the Switch. E 3 vlan1q ingress-check Enables ingress checking on the Switch. The Switch discards incoming frames on a port for VLANs that do not include this port in its member set.
Chapter 66 VLAN Commands The following table describes the labels in this screen. Table 141 show vlan LABEL DESCRIPTION The Number of VLAN This field displays the number of VLANs on the Switch. Idx. This field displays an entry number for each VLAN. VID This field displays the VLAN identification number. Status This field displays how this VLAN was added to the Switch. Dynamic: The VLAN was added via GVRP.
Chapter 66 VLAN Commands This example displays concurrent incoming packet statistics for VLAN 1. MGS-3712# show vlan 1 counters -------- Press ESC to finish ------System up time: 0:59:02 Vlan Info Vlan Id. Packet KBs/s Packets Multicast Broadcast Tagged Distribution 64 65 to 127 128 to 255 256 to 511 512 to 1023 1024 to 1518 Giant :1 :0.0 :2 :0 :2 :0 :2 :0 :0 :0 :0 :0 :0 -------- Press ESC to finish ------System up time: 0:59:12 Vlan Info Vlan Id.
Chapter 66 VLAN Commands Table 142 show vlan counters (continued) LABEL 234 DESCRIPTION 64 This field shows the number of packets (including bad packets) received that were 64 octets in length. 65-127 This field shows the number of packets (including bad packets) received that were between 65 and 127 octets in length. 128-255 This field shows the number of packets (including bad packets) received that were between 128 and 255 octets in length.
CHAPTER 67 VLAN IP Commands Use these commands to configure the default gateway device and add IP domains for VLAN. 67.1 IP Interfaces Overview The Switch needs an IP address for it to be managed over the network. The factory default IP address is 192.168.1.1. The subnet mask specifies the network number portion of an IP address. The factory default subnet mask is 255.255.255.0. 67.2 Command Summary The following section lists the commands for this feature.
Chapter 67 VLAN IP Commands Table 143 vlan ip address Command Summary (continued) COMMAND DESCRIPTION M P ip address default-gateway Sets a default gateway IP address for this VLAN. C 13 no ip address defaultgateway Deletes the default gateway from this VLAN. C 13 67.3 Command Examples See Section 3.4 on page 26 for an example of how to configure a VLAN management IP address.
CHAPTER 68 VLAN Mapping Commands Use these commands to configure VLAN mapping on the Switch. With VLAN mapping enabled, the Switch can map the VLAN ID and priority level of packets received from a private network to those used in the service provider’s network. The Switch discards the tagged packets that do not match an entry in the VLAN mapping table. " You can not enable VLAN mapping and VLAN stacking at the same time. 68.1 Command Summary The following section lists the commands for this feature.
Chapter 68 VLAN Mapping Commands 68.2 Command Examples This example enables VLAN mapping on the Switch and creates a VLAN mapping rule to translate the VLAN ID from 123 to 234 in the packets received on port 4. sysname# configure sysname(config)# vlan-mapping sysname(config)# vlan-mapping name test interface port-channel 4 vlan 123 translated-vlan 234 priority 3 sysname(config)# This example enables VLAN mapping on port 4.
CHAPTER 69 VLAN Port Isolation Commands Use these commands to configure VLAN port isolation on the Switch. VLAN port isolation allows each port to communicate only with the CPU management port and the uplink ports, but not to communicate with each other. 69.1 Command Summary The following section lists the commands for this feature. Table 145 vlan1q port-isolation Command Summary COMMAND DESCRIPTION M P show vlan1q port-isolation Displays port isolation settings.
Chapter 69 VLAN Port Isolation Commands 240 Ethernet Switch CLI Reference Guide
CHAPTER 70 VLAN Stacking Commands Use these commands to add an outer VLAN tag to the inner IEEE 802.1Q tagged frames that enter your network. 70.1 Command Summary The following section lists the commands for this feature. Table 146 vlan-stacking Command Summary COMMAND DESCRIPTION M P interface port-channel Enters config-interface mode for the specified port(s).
Chapter 70 VLAN Stacking Commands Table 146 vlan-stacking Command Summary (continued) COMMAND DESCRIPTION M P vlan-stacking Sets the SP TPID (Service Provider Tag Protocol Identifier). SP TPID is a standard Ethernet type code identifying the frame and indicating whether the frame carries IEEE 802.1Q tag information. Enter a four-digit hexadecimal number from 0000 to FFFF.
Chapter 70 VLAN Stacking Commands This example shows how to configure ports 1 and 2 on the Switch to tag incoming frames with the service provider’s VID of 37 (ports are connected to customer A network). This example also shows how to set the priority for ports 1 and 2 to 3.
Chapter 70 VLAN Stacking Commands 244 Ethernet Switch CLI Reference Guide
CHAPTER 71 VLAN Trunking Commands Use these commands to decide what the Switch should do with frames that belong to unknown VLAN groups. 71.1 Command Summary The following section lists the commands for this feature. Table 147 vlan-trunking Command Summary COMMAND DESCRIPTION M P interface port-channel Enters config-interface mode for the specified port(s).
Chapter 71 VLAN Trunking Commands 246 Ethernet Switch CLI Reference Guide
CHAPTER 72 VRRP Commands This chapter explains how to use commands to configure the Virtual Router Redundancy Protocol (VRRP) on the Switch. 72.1 VRRP Overview VRRP is a protocol that allows you to configure redundant router connections. The protocol reduces downtime in case of a single link failure. Multiple routers are connected and one is elected as the master router. If the master router fails, then one of the backup routers takes over the routing function within a routing domain. 72.
Chapter 72 VRRP Commands Table 148 VRRP Command Summary (continued) COMMAND DESCRIPTION M P no preempt Disables VRRP preemption mode. C 13 preempt Enables preemption mode. C 13 exit Exits from the VRRP command mode. C 13 no router vrrp network / vr-id <1~7> Deletes VRRP settings. C 13 interface route-domain / ip vrrp authentication-key Sets the VRRP authentication key. key: Up to 8 alphanumeric characters.
Chapter 72 VRRP Commands This example shows how to create the IP routing domains and configure the Switch to act as router A in the topology shown in Figure 10 on page 248. sysname# config sysname(config)# vlan 100 sysname(config-vlan)# fixed 1-4 sysname(config-vlan)# untagged 1-4 sysname(config-vlan)# ip address 10.10.1.252 255.255.255.
Chapter 72 VRRP Commands This example shows how to create the IP routing domains and configure the Switch to act as router B in the topology shown in Figure 10 on page 248. sysname# config sysname(config)# vlan 100 sysname(config-vlan)# fixed 1-4 sysname(config-vlan)# untagged 1-4 sysname(config-vlan)# ip address 10.10.1.253 255.255.255.
CHAPTER 73 Additional Commands Use these commands to configure or perform additional features on the Switch. 73.1 Command Summary The following section lists the commands for this feature. Table 149 Command Summary: Changing Modes or Privileges COMMAND DESCRIPTION M P enable Changes the session’s privilege level to 14 and puts the session in enable mode (if necessary). The user has to provide the enable password. See Section 2.1.3.1 on page 20.
Chapter 73 Additional Commands Table 150 Command Summary: Additional Enable Mode (continued) COMMAND boot image <1|2> cable-diagnostics DESCRIPTION M P The Switch supports dual firmware images, ras-0 and ras-1. Run this command, where is 1 (ras-0) or 2 (ras-1) to specify which image is updated when firmware is loaded using the web configurator and to specify which image is loaded when the Switch starts up.
Chapter 73 Additional Commands Table 150 Command Summary: Additional Enable Mode (continued) COMMAND DESCRIPTION M P traceroute [vlan ] [ttl <1-255>] [wait <1-60>] [queries <1-10>] Determines the path a packet takes to the specified Ethernet device. vlan : Specifies the VLAN ID to which the Ethernet device belongs. ttl <1-255>: Specifies the Time To Live (TTL) period. wait <1-60>: Specifies the time period to wait.
Chapter 73 Additional Commands This example sends Ping requests to an Ethernet device with IP address 172.16.37.254. sysname# ping 172.16.37.254 Resolving 172.16.37.254... 172.16.37.254 sent rcvd rate rtt avg mdev 1 1 100 0 0 0 2 2 100 0 0 0 3 3 100 10 1 3 max 0 0 10 min 0 0 0 reply from 172.16.37.254 172.16.37.254 172.16.37.254 The following table describes the labels in this screen. Table 152 ping LABEL DESCRIPTION sent This field displays the sequence number of the ICMP request the Switch sent.
Chapter 73 Additional Commands Table 153 show alarm-status (continued) LABEL DESCRIPTION suppressAlarm This field displays whether or not the alarm is inactive. alarmLED This field displays whether or not the LED for this alarm is on. This example shows the current and recent CPU utilization. sysname# show cpu-utilization CPU usage status: baseline 1715384 ticks sec ticks util sec ticks util --- ------- ------ --- ------0 657543 61.67 1 255118 63.85 4 195580 88.60 5 791000 70.
Chapter 73 Additional Commands This example looks at the current sensor readings from various places in the hardware. sysname# show hardware-monitor C Temperature Unit : (C) Temperature(%c) Current --------------- ------CPU 33.0 MAC 31.0 LOCAL 33.0 FAN Speed(RPM) -------------FAN1 FAN2 FAN3 Voltage(V) ---------1.25VIN 1.8VIN 3.3VIN 2.5VIN Current ------7356 6087 6157 Current ------1.243 1.869 3.372 2.593 Max ----35.0 33.0 34.0 Max ---7769 6279 6301 Max ----1.256 1.880 3.398 2.593 Min ----28.0 27.0 28.
Chapter 73 Additional Commands Table 155 show hardware-monitor (continued) LABEL DESCRIPTION Current This field displays the current voltage at this power supply. Max This field displays the maximum voltage measured at this power supply. Min This field displays the minimum voltage measured at this power supply. Threshold This field displays the percentage tolerance within which the Switch still works. Status Normal: The current voltage is within tolerance.
Chapter 73 Additional Commands Table 157 show poe-status (continued) LABEL DESCRIPTION Allocated Power This field displays the total amount of power the Switch has reserved for PoE after negotiating with the PoE device(s). Remaining Power This field displays the amount of power the Switch can still provide for PoE. Note: The Switch must have at least 16 W of remaining power in order to supply power to a PoE device, even if the PoE device requested less than 16 W.
Chapter 73 Additional Commands This example displays run-time SFP (Small Form Facter Pluggable) parameters on ports 9 (the first SFP port 0, with an SFP transceiver installed) and 10 (the second SFP port 1, no SFP transceiver installed) on the Switch. You can also see the alarm and warning threasholds for temperature, voltage, transmission bias, transmission and receiving power as shown. sysname# show sfp 9-10 SFP : 0 Part Number : SFP-SX-DDM Series Number : S081113001132 Revision : V1.
Chapter 73 Additional Commands 260 Ethernet Switch CLI Reference Guide
P ART VI Appendices and Index of Commands Default Values (263) Legal Information (265) Index of Commands (269) 261
APPENDIX A Default Values Some commands, particularly no commands, reset settings to their default values. The following table identifies the default values for these settings.
Appendix A Default Values 264 Ethernet Switch CLI Reference Guide
APPENDIX B Legal Information Copyright Copyright © 2009 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix B Legal Information FCC Warning This device has been tested and found to comply with the limits for a Class A digital switch, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This device generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
Appendix B Legal Information condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions. Note Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser.
Appendix B Legal Information 268 MES-3728 User’s Guide
Index of Commands Index of Commands 1 Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable. 8021p-priority <0-7> ............................................................. 159 aaa accounting commands stop-only tacacs+ [broadcast] ................. 31 aaa accounting dot1x [broadcast] .......... 32 aaa accounting exec [broadcast] ...........
Index of Commands boot image <1|2> ................................................................. 252 broadcast-limit ........................................................... 46 broadcast-limit ................................................................... 46 cable-diagnostics .................................................... 252 cc-interval <100ms|1s|10s|1min|10min> ............................................. 52 classifier <[packet- format <802.3untag|802.
Index of Commands dhcp snooping limit rate .................................................... 76 dhcp snooping trust ............................................................... 76 dhcp snooping vlan information ........................................ 76 dhcp snooping vlan option ............................................. 76 dhcp snooping vlan .................................................... 76 dhcp snooping ............................................
Index of Commands hybrid-spq lowest-queue ......................................... 187 hybrid-spq ........................................................ 187 id-permission < none | chassis | management | chassis-management> ................. 52 igmp-filtering profile start-address end-address ................ 111 igmp-filtering profile .................................................... 111 igmp-filtering ...........................................
Index of Commands interface route-domain / .................................. 117 interface route-domain / .................................. 163 interface route-domain / .................................. 193 interface route-domain / ................................... 81 interval <1~255> ................................................................. 247 intrusion-lock ...........................................
Index of Commands lldp org-specific-tlv dot3 power-via-mdi ......................................... 130 lldp reinitialize-delay <1-10> ................................................... 131 lldp transmit-delay <1-8192> ..................................................... 131 lldp transmit-hold <2-10> ........................................................ 131 lldp transmit-interval <5-32768> ................................................. 131 lldp .....................................................
Index of Commands mstp instance interface port-channel path-cost <1-65535> .... 154 mstp instance interface port-channel priority <1-255> ....... 154 mstp instance interface port-channel ........................ 154 mstp instance priority <0-61440> ........................................ 153 mstp instance vlan .......................................... 153 mstp max-hop <1-255> .....................................
Index of Commands no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no 276 bmstorm-limit .................................................................. 46 broadcast-limit ................................................................ 46 classifier inactive ..................................................... 59 classifier ........................................
Index of Commands no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no igmp-snooping ................................................................. 105 inactive ...................................................................... 113 inactive ...................................................................... 159 inactive ......................................................
Index of Commands no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no 278 mep cc-enable ......................................................... 53 mep inactive .......................................................... 53 mep ................................................................... 53 mirror ......................................................
Index of Commands no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no no service-control ssh ........................................................... 192 service-control telnet ........................................................ 192 shutdown slot ..................................................... 253 snmp-server trap-destination enable traps aaa ..................
Index of Commands policy classifier <[vlan ] [egress-port ] [priority <0-7>] [bandwidth ] [forward-action ] [queue-action ] [outgoing-eport] [outgoing-set-vlan] [rate-limit ] [inactive]> 177 policy classifier <[vlan ][egress-port ][priority <0-7>][dscp <0-63>][tos <0-7>][bandwidth ][egress-mask ][outgoing-packet-format ][out-of-profile-dscp <063>][forward-
Index of Commands secondary-virtual-ip ................................................ 247 service-control ftp .............................................. 191 service-control http ................................... 192 service-control https ............................................ 192 service-control icmp ............................................................. 192 service-control snmp .....................................
Index of Commands show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show 282 https certificate ............................................................ 95 https key .......................................................... 95 https session ..............
Index of Commands show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show show lldp config interface port-channel .............................. 131 lldp config .................................................................
Index of Commands show slot ........................................................................ 252 show snmp-server ................................................................. 197 show spanning-tree config ........................................................ 201 show ssh key ...................................................... 205 show ssh known-hosts ............................................................. 205 show ssh session .........................................
Index of Commands ssh <1|2> <[user@]dest-ip> [command ] ......................................... 205 storm-control ..................................................................... 45 subnet-based-vlan dhcp-vlan-override ............................................. 213 subnet-based-vlan name source-ip mask-bits source-port vlan priority <0-7> .............................................
Index of Commands 4094> priority <0-7> inactive ............................................. 237 vlan-mapping name interface port-channel vlan <1-4094> translated-vlan <14094> priority <0-7> ...................................................... 237 vlan-mapping ..................................................................... 237 vlan-stacking priority <0-7> ..................................................... 241 vlan-stacking role ..............................
